From 26f9dd665cf513b0d71c8e39a035fde696549322 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Oct 2017 10:15:14 -0400 Subject: [PATCH 0001/1008] Add missing include In filesystem free build, we weren't including any definition of std::istream. GH #1238 --- src/lib/utils/data_src.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/utils/data_src.cpp b/src/lib/utils/data_src.cpp index f4645bb853..d99f9c97f7 100644 --- a/src/lib/utils/data_src.cpp +++ b/src/lib/utils/data_src.cpp @@ -9,6 +9,7 @@ #include #include #include +#include #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) #include From 16c8da287cc2cb62f5edfc945f8663a47baec09c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Oct 2017 10:20:00 -0400 Subject: [PATCH 0002/1008] Add missing `override` Redundant with `final` but GCC -Wsuggest-override complains. (This is already a bug filed for this in GCC upstream.) --- src/lib/rng/rng.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/rng/rng.h b/src/lib/rng/rng.h index 34f62d1ff2..f6fa80df06 100644 --- a/src/lib/rng/rng.h +++ b/src/lib/rng/rng.h @@ -179,7 +179,7 @@ typedef RandomNumberGenerator RNG; class BOTAN_PUBLIC_API(2,0) Hardware_RNG : public RandomNumberGenerator { public: - virtual void clear() final { /* no way to clear state of hardware RNG */ } + virtual void clear() final override { /* no way to clear state of hardware RNG */ } }; /** From 0cf2e5491e8f7297face6d011752969100e725ab Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Oct 2017 10:28:33 -0400 Subject: [PATCH 0003/1008] Mark some functions of MDx_HashFunction final The class itself can't be final but we can final the overrides from HashFunction, which helps the compiler devirtualize. --- src/lib/hash/mdx_hash/mdx_hash.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/hash/mdx_hash/mdx_hash.h b/src/lib/hash/mdx_hash/mdx_hash.h index 5b5aef7b08..f958e9fb75 100644 --- a/src/lib/hash/mdx_hash/mdx_hash.h +++ b/src/lib/hash/mdx_hash/mdx_hash.h @@ -29,10 +29,10 @@ class BOTAN_PUBLIC_API(2,0) MDx_HashFunction : public HashFunction bool big_bit_endian, size_t counter_size = 8); - size_t hash_block_size() const override { return m_buffer.size(); } + size_t hash_block_size() const override final { return m_buffer.size(); } protected: - void add_data(const uint8_t input[], size_t length) override; - void final_result(uint8_t output[]) override; + void add_data(const uint8_t input[], size_t length) override final; + void final_result(uint8_t output[]) override final; /** * Run the hash's compression function over a set of blocks From 91430f402a1ccd23f5c8fea6ee25b12628dc3700 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Oct 2017 11:27:28 -0400 Subject: [PATCH 0004/1008] Correct the SHA-3 PKCSv1.5 IDs Thanks to @noloader for pointing me at draft-jivsov-openpgp-sha3-01 which has the correct values. Adds a test so this can't happen again. --- news.rst | 3 + src/build-data/oids.txt | 2 + src/lib/asn1/oids.cpp | 4 +- src/lib/pk_pad/hash_id/hash_id.cpp | 14 +++-- src/tests/test_hash_id.cpp | 94 ++++++++++++++++++++++++++++++ 5 files changed, 112 insertions(+), 5 deletions(-) create mode 100644 src/tests/test_hash_id.cpp diff --git a/news.rst b/news.rst index 3001a390d0..dc4b045189 100644 --- a/news.rst +++ b/news.rst @@ -4,6 +4,9 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. + They have been changed to use the correct encoding, and a test added + to ensure such errors do not recur. Version 2.3.0, 2017-10-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt index c4b3672265..4ac5862401 100644 --- a/src/build-data/oids.txt +++ b/src/build-data/oids.txt @@ -68,6 +68,8 @@ 1.3.14.3.2.26 = SHA-160 +1.3.36.3.2.1 = RIPEMD-160 + # From NIST: 2.16.840.1.101.3.4.2.1 = SHA-256 2.16.840.1.101.3.4.2.2 = SHA-384 diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index 396670ede0..ae9b2eb364 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by ./src/scripts/oids.py on 2017-07-05 +* This file was automatically generated by ./src/scripts/oids.py on 2017-10-05 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -93,6 +93,7 @@ std::string lookup(const OID& oid) if(oid_str == "1.3.132.1.12") return "ECDH"; if(oid_str == "1.3.14.3.2.26") return "SHA-160"; if(oid_str == "1.3.14.3.2.7") return "DES/CBC"; + if(oid_str == "1.3.36.3.2.1") return "RIPEMD-160"; if(oid_str == "1.3.36.3.3.1.2") return "RSA/EMSA3(RIPEMD-160)"; if(oid_str == "1.3.36.3.3.2.5.2.1") return "ECGDSA"; if(oid_str == "1.3.36.3.3.2.5.4.1") return "ECGDSA/EMSA1(RIPEMD-160)"; @@ -308,6 +309,7 @@ OID lookup(const std::string& name) if(name == "PKIX.TimeStamping") return OID("1.3.6.1.5.5.7.3.8"); if(name == "PKIX.XMPPAddr") return OID("1.3.6.1.5.5.7.8.5"); if(name == "RC2/CBC") return OID("1.2.840.113549.3.2"); + if(name == "RIPEMD-160") return OID("1.3.36.3.2.1"); if(name == "RSA") return OID("1.2.840.113549.1.1.1"); if(name == "RSA/EMSA3(MD5)") return OID("1.2.840.113549.1.1.4"); if(name == "RSA/EMSA3(RIPEMD-160)") return OID("1.3.36.3.3.1.2"); diff --git a/src/lib/pk_pad/hash_id/hash_id.cpp b/src/lib/pk_pad/hash_id/hash_id.cpp index ce92ad5e93..ec317f9692 100644 --- a/src/lib/pk_pad/hash_id/hash_id.cpp +++ b/src/lib/pk_pad/hash_id/hash_id.cpp @@ -45,16 +45,20 @@ const uint8_t SHA_512_256_PKCS_ID[] = { 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00, 0x04, 0x20 }; const uint8_t SHA3_224_PKCS_ID[] = { -0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0D }; +0x30, 0x2D, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, +0x03, 0x04, 0x02, 0x07, 0x05, 0x00, 0x04, 0x1C }; const uint8_t SHA3_256_PKCS_ID[] = { -0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0E }; +0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, +0x03, 0x04, 0x02, 0x08, 0x05, 0x00, 0x04, 0x20 }; const uint8_t SHA3_384_PKCS_ID[] = { -0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0F }; +0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, +0x03, 0x04, 0x02, 0x09, 0x05, 0x00, 0x04, 0x30 }; const uint8_t SHA3_512_PKCS_ID[] = { -0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x10 }; +0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, +0x03, 0x04, 0x02, 0x0A, 0x05, 0x00, 0x04, 0x40 }; const uint8_t SM3_PKCS_ID[] = { 0x30, 0x30, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, @@ -76,6 +80,8 @@ std::vector pkcs_hash_id(const std::string& name) if(name == "Parallel(MD5,SHA-160)") return std::vector(); + // If you add a value to this function, also update test_hash_id.cpp + if(name == "MD5") return std::vector(MD5_PKCS_ID, MD5_PKCS_ID + sizeof(MD5_PKCS_ID)); diff --git a/src/tests/test_hash_id.cpp b/src/tests/test_hash_id.cpp new file mode 100644 index 0000000000..9a8565a16a --- /dev/null +++ b/src/tests/test_hash_id.cpp @@ -0,0 +1,94 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_HASH_ID) && defined(BOTAN_HAS_ASN1) + #include + #include + #include + #include +#endif + +namespace Botan_Tests { + +#if defined(BOTAN_HAS_HASH_ID) && defined(BOTAN_HAS_ASN1) + +class PKCS_HashID_Test : public Test + { + public: + std::vector run() override + { + const std::vector> hash_id_fns = { + {"MD5", 16}, + {"RIPEMD-160", 20}, + {"SHA-160", 20}, + {"SHA-224", 28}, + {"SHA-256", 32}, + {"SHA-384", 48}, + {"SHA-512", 64}, + {"SHA-512-256", 32}, + {"SHA-3(224)", 28}, + {"SHA-3(256)", 32}, + {"SHA-3(384)", 48}, + {"SHA-3(512)", 64}, + {"SM3", 32}, + {"Tiger(24,3)", 24} + }; + + std::vector results; + + for(auto hash_info : hash_id_fns) + { + const std::string hash_fn = hash_info.first; + const size_t hash_len = hash_info.second; + + Test::Result result("PKCS hash id for " + hash_fn); + + try + { + const std::vector pkcs_id = Botan::pkcs_hash_id(hash_fn); + + const Botan::OID oid = Botan::OIDS::lookup(hash_fn); + const Botan::AlgorithmIdentifier alg(oid, Botan::AlgorithmIdentifier::USE_NULL_PARAM); + const std::vector dummy_hash(hash_len); + + Botan::DER_Encoder der; + der.start_cons(Botan::SEQUENCE).encode(alg).encode(dummy_hash, Botan::OCTET_STRING).end_cons(); + const std::vector bits = der.get_contents_unlocked(); + + result.test_eq("Dummy hash is expected size", bits.size() - pkcs_id.size(), dummy_hash.size()); + + for(size_t i = pkcs_id.size(); i != bits.size(); ++i) + { + if(bits[i] != 0) + { + result.test_failure("Dummy hash had nonzero value"); + break; + } + } + + std::vector encoded_id(bits.begin(), bits.begin() + pkcs_id.size()); + + result.test_eq("Encoded ID matches hardcoded", encoded_id, pkcs_id); + + } + catch(Botan::Exception& e) + { + result.test_failure(e.what()); + } + + results.push_back(result); + } + + return results; + } + }; + +BOTAN_REGISTER_TEST("pkcs_hash_id", PKCS_HashID_Test); +#endif + +} From 645b3d14a372fdcbeacb076ba3152f9f8ac4c761 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 20:57:16 -0400 Subject: [PATCH 0005/1008] Update news to mention RIPEMD-160 OID --- news.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news.rst b/news.rst index dc4b045189..6ff334c307 100644 --- a/news.rst +++ b/news.rst @@ -8,6 +8,8 @@ Version 2.4.0, Not Yet Released They have been changed to use the correct encoding, and a test added to ensure such errors do not recur. +* Add an OID for RIPEMD-160 + Version 2.3.0, 2017-10-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 1b09b194fa94522be56c6f8cce69b6fb166c842c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 20:57:31 -0400 Subject: [PATCH 0006/1008] Restart state in Text_Based_Test after test is over This allows --test-runs= to work as expected --- src/tests/tests.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index eb192a05c3..7c4e8a2588 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -1047,6 +1047,8 @@ std::vector Text_Based_Test::run() "run_final_tests exception " + std::string(e.what()))); } + m_first = true; + return results; } From 1c539719f170df9c8acc6977da3c331c7e78cbf2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 20:58:03 -0400 Subject: [PATCH 0007/1008] Add mod_inverse cmdlet I needed it ;) --- src/cli/math.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/cli/math.cpp b/src/cli/math.cpp index ee1c2b1a99..f01d9a1bda 100644 --- a/src/cli/math.cpp +++ b/src/cli/math.cpp @@ -14,6 +14,22 @@ namespace Botan_CLI { +class Modular_Inverse final : public Command + { + public: + Modular_Inverse() : Command("mod_inverse n mod") {} + + void go() override + { + const Botan::BigInt n(get_arg("n")); + const Botan::BigInt mod(get_arg("mod")); + + output() << Botan::inverse_mod(n, mod) << "\n"; + } + }; + +BOTAN_REGISTER_COMMAND("mod_inverse", Modular_Inverse); + class Gen_Prime final : public Command { public: From aff93b716eda9d10be9f02e4b436b672510ab179 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 21:07:25 -0400 Subject: [PATCH 0008/1008] Address various GCC warnings Things like -Wconversion and -Wuseless-cast that are noisy and not on by default. --- src/lib/block/camellia/camellia.cpp | 16 ++++++++-------- src/lib/pubkey/pkcs8.cpp | 2 +- src/lib/tls/tls_seq_numbers.h | 8 ++++---- src/lib/tls/tls_version.h | 2 +- src/lib/utils/ct_utils.h | 12 +++++++----- src/lib/utils/http_util/socket.h | 2 +- src/lib/utils/loadstor.h | 4 ++-- src/lib/x509/x509path.cpp | 4 ++-- 8 files changed, 26 insertions(+), 24 deletions(-) diff --git a/src/lib/block/camellia/camellia.cpp b/src/lib/block/camellia/camellia.cpp index c737a0928b..ea84fa313b 100644 --- a/src/lib/block/camellia/camellia.cpp +++ b/src/lib/block/camellia/camellia.cpp @@ -613,11 +613,11 @@ inline uint64_t F(uint64_t v, uint64_t K) inline uint64_t FL(uint64_t v, uint64_t K) { - uint32_t x1 = (v >> 32); - uint32_t x2 = (v & 0xFFFFFFFF); + uint32_t x1 = static_cast(v >> 32); + uint32_t x2 = static_cast(v & 0xFFFFFFFF); - const uint32_t k1 = (K >> 32); - const uint32_t k2 = (K & 0xFFFFFFFF); + const uint32_t k1 = static_cast(K >> 32); + const uint32_t k2 = static_cast(K & 0xFFFFFFFF); x2 ^= rotate_left(x1 & k1, 1); x1 ^= (x2 | k2); @@ -627,11 +627,11 @@ inline uint64_t FL(uint64_t v, uint64_t K) inline uint64_t FLINV(uint64_t v, uint64_t K) { - uint32_t x1 = (v >> 32); - uint32_t x2 = (v & 0xFFFFFFFF); + uint32_t x1 = static_cast(v >> 32); + uint32_t x2 = static_cast(v & 0xFFFFFFFF); - const uint32_t k1 = (K >> 32); - const uint32_t k2 = (K & 0xFFFFFFFF); + const uint32_t k1 = static_cast(K >> 32); + const uint32_t k2 = static_cast(K & 0xFFFFFFFF); x1 ^= (x2 | k2); x2 ^= rotate_left(x1 & k1, 1); diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 59f0c9fa90..fe2470275b 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -303,7 +303,7 @@ load_key(DataSource& source, throw PKCS8_Exception("Unknown algorithm OID: " + alg_id.oid.as_string()); - return std::unique_ptr(load_private_key(alg_id, pkcs8_key)); + return load_private_key(alg_id, pkcs8_key); } } diff --git a/src/lib/tls/tls_seq_numbers.h b/src/lib/tls/tls_seq_numbers.h index 817b5b6edc..1be280453b 100644 --- a/src/lib/tls/tls_seq_numbers.h +++ b/src/lib/tls/tls_seq_numbers.h @@ -36,8 +36,8 @@ class Connection_Sequence_Numbers class Stream_Sequence_Numbers final : public Connection_Sequence_Numbers { public: - void new_read_cipher_state() override { m_read_seq_no = 0; m_read_epoch += 1; } - void new_write_cipher_state() override { m_write_seq_no = 0; m_write_epoch += 1; } + void new_read_cipher_state() override { m_read_seq_no = 0; m_read_epoch++; } + void new_write_cipher_state() override { m_write_seq_no = 0; m_write_epoch++; } uint16_t current_read_epoch() const override { return m_read_epoch; } uint16_t current_write_epoch() const override { return m_write_epoch; } @@ -59,11 +59,11 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers public: Datagram_Sequence_Numbers() { m_write_seqs[0] = 0; } - void new_read_cipher_state() override { m_read_epoch += 1; } + void new_read_cipher_state() override { m_read_epoch++; } void new_write_cipher_state() override { - m_write_epoch += 1; + m_write_epoch++; m_write_seqs[m_write_epoch] = 0; } diff --git a/src/lib/tls/tls_version.h b/src/lib/tls/tls_version.h index dd1d09530d..569030085f 100644 --- a/src/lib/tls/tls_version.h +++ b/src/lib/tls/tls_version.h @@ -59,7 +59,7 @@ class BOTAN_PUBLIC_API(2,0) Protocol_Version final * @param minor the minor version */ Protocol_Version(uint8_t major, uint8_t minor) : - m_version((static_cast(major) << 8) | minor) {} + m_version(static_cast((static_cast(major) << 8) | minor)) {} /** * @return true if this is a valid protocol version diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h index 5d97cb869e..0356f9b39f 100644 --- a/src/lib/utils/ct_utils.h +++ b/src/lib/utils/ct_utils.h @@ -88,9 +88,11 @@ inline T expand_mask(T x) T r = x; // First fold r down to a single bit for(size_t i = 1; i != sizeof(T)*8; i *= 2) - r |= r >> i; + { + r = r | static_cast(r >> i); + } r &= 1; - r = ~(r - 1); + r = static_cast(~(r - 1)); return r; } @@ -103,7 +105,7 @@ inline T expand_top_bit(T a) template inline T select(T mask, T from0, T from1) { - return (from0 & mask) | (from1 & ~mask); + return static_cast((from0 & mask) | (from1 & ~mask)); } template @@ -115,7 +117,7 @@ inline ValT val_or_zero(PredT pred_val, ValT val) template inline T is_zero(T x) { - return ~expand_mask(x); + return static_cast(~expand_mask(x)); } template @@ -173,7 +175,7 @@ inline secure_vector strip_leading_zeros(const uint8_t in[], size_t len for(size_t i = 0; i != length; ++i) { - only_zeros &= CT::is_zero(in[i]); + only_zeros = only_zeros & CT::is_zero(in[i]); leading_zeros += CT::select(only_zeros, 1, 0); } diff --git a/src/lib/utils/http_util/socket.h b/src/lib/utils/http_util/socket.h index 78c29f1478..4961738ae3 100644 --- a/src/lib/utils/http_util/socket.h +++ b/src/lib/utils/http_util/socket.h @@ -33,7 +33,7 @@ class BOTAN_TEST_API Socket /** * The socket will be closed upon destruction */ - virtual ~Socket() {}; + virtual ~Socket() = default; /** * Write to the socket. Blocks until all bytes sent. diff --git a/src/lib/utils/loadstor.h b/src/lib/utils/loadstor.h index affbb9ab65..ca75969fab 100644 --- a/src/lib/utils/loadstor.h +++ b/src/lib/utils/loadstor.h @@ -59,7 +59,7 @@ template inline uint8_t get_byte(size_t byte_num, T input) */ inline uint16_t make_uint16(uint8_t i0, uint8_t i1) { - return ((static_cast(i0) << 8) | i1); + return static_cast((static_cast(i0) << 8) | i1); } /** @@ -115,7 +115,7 @@ inline T load_be(const uint8_t in[], size_t off) in += off * sizeof(T); T out = 0; for(size_t i = 0; i != sizeof(T); ++i) - out = (out << 8) | in[i]; + out = static_cast((out << 8) | in[i]); return out; } diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index f34fc0a119..fcc5bf0ba5 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -217,10 +217,10 @@ PKIX::check_crl(const std::vector>& cert if(!ca->allowed_usage(CRL_SIGN)) status.insert(Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER); - if(validation_time < X509_Time(crls[i]->this_update())) + if(validation_time < crls[i]->this_update()) status.insert(Certificate_Status_Code::CRL_NOT_YET_VALID); - if(validation_time > X509_Time(crls[i]->next_update())) + if(validation_time > crls[i]->next_update()) status.insert(Certificate_Status_Code::CRL_HAS_EXPIRED); if(crls[i]->check_signature(ca->subject_public_key()) == false) From 9e3dca25c7197c39a815ce39da670a4232212a45 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 21:09:01 -0400 Subject: [PATCH 0009/1008] Address some bool/int conversion warnings from Sonar Nothing major but probably good to clean these up. --- src/lib/asn1/der_enc.cpp | 2 +- src/lib/block/idea/idea.cpp | 3 ++- src/lib/codec/hex/hex.cpp | 5 ++++- src/lib/utils/donna128.h | 7 +++++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/lib/asn1/der_enc.cpp b/src/lib/asn1/der_enc.cpp index e791bce8c2..28a9bbc9ae 100644 --- a/src/lib/asn1/der_enc.cpp +++ b/src/lib/asn1/der_enc.cpp @@ -290,7 +290,7 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, if(n == 0) return add_object(type_tag, class_tag, 0); - bool extra_zero = (n.bits() % 8 == 0); + const size_t extra_zero = (n.bits() % 8 == 0) ? 1 : 0; secure_vector contents(extra_zero + n.bytes()); BigInt::encode(&contents[extra_zero], n); if(n < 0) diff --git a/src/lib/block/idea/idea.cpp b/src/lib/block/idea/idea.cpp index 4795a126a0..c0364b3251 100644 --- a/src/lib/block/idea/idea.cpp +++ b/src/lib/block/idea/idea.cpp @@ -26,7 +26,8 @@ inline uint16_t mul(uint16_t x, uint16_t y) const uint32_t P_hi = P >> 16; const uint32_t P_lo = P & 0xFFFF; - const uint16_t r_1 = static_cast((P_lo - P_hi) + (P_lo < P_hi)); + const uint16_t carry = (P_lo < P_hi); + const uint16_t r_1 = static_cast((P_lo - P_hi) + carry); const uint16_t r_2 = 1 - x - y; return CT::select(Z_mask, r_1, r_2); diff --git a/src/lib/codec/hex/hex.cpp b/src/lib/codec/hex/hex.cpp index 8d8d3ff499..6bbd7c28e2 100644 --- a/src/lib/codec/hex/hex.cpp +++ b/src/lib/codec/hex/hex.cpp @@ -114,7 +114,10 @@ size_t hex_decode(uint8_t output[], bad_char + "'"); } - *out_ptr |= bin << (top_nibble*4); + if(top_nibble) + *out_ptr |= bin << 4; + else + *out_ptr |= bin; top_nibble = !top_nibble; if(top_nibble) diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h index 5d5b18695f..53e0a085bf 100644 --- a/src/lib/utils/donna128.h +++ b/src/lib/utils/donna128.h @@ -59,15 +59,18 @@ class donna128 final donna128& operator+=(const donna128& x) { l += x.l; - h += (l < x.l); h += x.h; + + const uint64_t carry = (l < x.l); + h += carry; return *this; } donna128& operator+=(uint64_t x) { l += x; - h += (l < x); + const uint64_t carry = (l < x); + h += carry; return *this; } From e822475e1edd6d7abd564e1310044794275eba48 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 21:11:55 -0400 Subject: [PATCH 0010/1008] Remove needless variable --- src/lib/math/bigint/big_ops2.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 48d547af03..c203f363ad 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -116,8 +116,6 @@ BigInt& BigInt::operator*=(const BigInt& y) else { grow_to(size() + y.size()); - - secure_vector z(data(), data() + x_sw); secure_vector workspace(size()); bigint_mul(*this, BigInt(*this), y, workspace.data()); } From 95185297aa91edf34c68fd56f7f095df16a7197f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Oct 2017 21:12:04 -0400 Subject: [PATCH 0011/1008] Forward declare BigInt in mp_core.h Only needed in one source file here. --- src/lib/math/mp/mp_core.h | 3 ++- src/lib/math/mp/mp_karat.cpp | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index 15b71d03fc..06f87015f3 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -10,11 +10,12 @@ #ifndef BOTAN_MP_CORE_OPS_H_ #define BOTAN_MP_CORE_OPS_H_ -#include #include namespace Botan { +class BigInt; + /* * The size of the word type, in bits */ diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 60924fb867..8348025d91 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -8,6 +8,7 @@ #include #include +#include #include namespace Botan { From 7f39c5ccf0c5c93aa1f7b4ea266d9015a20886ff Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Sun, 8 Oct 2017 14:59:45 +0200 Subject: [PATCH 0012/1008] Make it possible to disable SSE4.1 and SSE4.2 --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 402faa6ce1..8c6471fe8d 100755 --- a/configure.py +++ b/configure.py @@ -344,7 +344,7 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--without-os-features', action='append', metavar='FEAT', help='specify OS features to disable') - for isa_extn_name in ['SSE2', 'SSSE3', 'AVX2', 'AES-NI', 'AltiVec', 'NEON']: + for isa_extn_name in ['SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', 'AES-NI', 'AltiVec', 'NEON']: isa_extn = isa_extn_name.lower() target_group.add_option('--disable-%s' % (isa_extn), From 03292e638bede9b386f07e02e8bbdefd0fef53dd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Oct 2017 10:29:29 -0400 Subject: [PATCH 0013/1008] Add a special Compat_Callbacks constructor to silence deprecation warnings. That way we avoid the warning internally even in amalgamation mode. GH #1243 --- src/lib/tls/tls_blocking.cpp | 7 +------ src/lib/tls/tls_callbacks.h | 20 ++++++++++++++++++++ src/lib/tls/tls_channel.cpp | 4 +++- 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index 5e3713d4a5..75f7154a46 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -6,12 +6,6 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -/* -This API is itself deprecated, so we don't care that it relies on -other deprecated things -*/ -#define BOTAN_NO_DEPRECATED_WARNINGS - #include namespace Botan { @@ -31,6 +25,7 @@ Blocking_Client::Blocking_Client(read_fn reader, const std::vector& next) : m_read(reader), m_callbacks(new TLS::Compat_Callbacks( + TLS::Compat_Callbacks::SILENCE_DEPRECATION_WARNING::PLEASE, writer, std::bind(&Blocking_Client::data_cb, this, _1, _2), std::function(std::bind(&Blocking_Client::alert_cb, this, _1)), diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index d89fbf22d3..50077c4a9d 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -238,6 +238,26 @@ class BOTAN_PUBLIC_API(2,0) Compat_Callbacks final : public Callbacks m_alert_cb(alert_cb), m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} + enum class SILENCE_DEPRECATION_WARNING { PLEASE = 0 }; + Compat_Callbacks(SILENCE_DEPRECATION_WARNING, + output_fn output_fn, data_cb app_data_cb, + std::function alert_cb, + handshake_cb hs_cb, + handshake_msg_cb hs_msg_cb = nullptr, + next_protocol_fn next_proto = nullptr) + : m_output_function(output_fn), m_app_data_cb(app_data_cb), + m_alert_cb(alert_cb), + m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} + + Compat_Callbacks(SILENCE_DEPRECATION_WARNING, + output_fn output_fn, data_cb app_data_cb, alert_cb alert_cb, + handshake_cb hs_cb, handshake_msg_cb hs_msg_cb = nullptr, + next_protocol_fn next_proto = nullptr) + : m_output_function(output_fn), m_app_data_cb(app_data_cb), + m_alert_cb(std::bind(alert_cb, std::placeholders::_1, nullptr, 0)), + m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} + + void tls_emit_data(const uint8_t data[], size_t size) override { BOTAN_ASSERT(m_output_function != nullptr, diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 78f6817652..143453ba32 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -49,7 +49,9 @@ Channel::Channel(output_fn out, bool is_datagram, size_t io_buf_sz) : m_is_datagram(is_datagram), - m_compat_callbacks(new Compat_Callbacks(out, app_data_cb, alert_cb, hs_cb, hs_msg_cb)), + m_compat_callbacks(new Compat_Callbacks( + Compat_Callbacks::SILENCE_DEPRECATION_WARNING::PLEASE, + out, app_data_cb, alert_cb, hs_cb, hs_msg_cb)), m_callbacks(*m_compat_callbacks.get()), m_session_manager(session_manager), m_policy(policy), From c62a6d43ca9bc9481d741cfe3c319210eaf231b8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Oct 2017 10:50:45 -0400 Subject: [PATCH 0014/1008] Add comments explaining why its ok to rely on deprecated features here. [ci skip] --- src/lib/tls/tls_blocking.cpp | 4 ++++ src/lib/tls/tls_channel.cpp | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index 75f7154a46..d89c11a2cb 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -25,6 +25,10 @@ Blocking_Client::Blocking_Client(read_fn reader, const std::vector& next) : m_read(reader), m_callbacks(new TLS::Compat_Callbacks( + /* + we are ok using deprecated features here because the whole Blocking_Client class + is also deprecated, so just silence the warning. + */ TLS::Compat_Callbacks::SILENCE_DEPRECATION_WARNING::PLEASE, writer, std::bind(&Blocking_Client::data_cb, this, _1, _2), diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 143453ba32..2f8e722283 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -50,6 +50,10 @@ Channel::Channel(output_fn out, size_t io_buf_sz) : m_is_datagram(is_datagram), m_compat_callbacks(new Compat_Callbacks( + /* + this Channel constructor is also deprecated so its ok that it + relies on a deprecated API + */ Compat_Callbacks::SILENCE_DEPRECATION_WARNING::PLEASE, out, app_data_cb, alert_cb, hs_cb, hs_msg_cb)), m_callbacks(*m_compat_callbacks.get()), From b7754a7e7da855969e9360ca27d0a4939dd61014 Mon Sep 17 00:00:00 2001 From: Hubert Bugaj Date: Mon, 9 Oct 2017 19:51:20 +0200 Subject: [PATCH 0015/1008] #1220 - fixed signed overflow warnings --- src/lib/utils/barrier.cpp | 5 +++-- src/lib/utils/semaphore.cpp | 17 +++++++++-------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/lib/utils/barrier.cpp b/src/lib/utils/barrier.cpp index 3c721d905e..b8b87d889f 100644 --- a/src/lib/utils/barrier.cpp +++ b/src/lib/utils/barrier.cpp @@ -20,9 +20,10 @@ void Barrier::wait(size_t delta) void Barrier::sync() { std::unique_lock lock(m_mutex); - --m_value; - if(m_value > 0) + + if(m_value >= 1) { + --m_value; const size_t current_syncs = m_syncs; m_cond.wait(lock, [this, ¤t_syncs] { return m_syncs != current_syncs; }); } diff --git a/src/lib/utils/semaphore.cpp b/src/lib/utils/semaphore.cpp index 62c31d3e38..a442148f84 100644 --- a/src/lib/utils/semaphore.cpp +++ b/src/lib/utils/semaphore.cpp @@ -19,25 +19,26 @@ void Semaphore::release(size_t n) { lock_guard_type lock(m_mutex); - ++m_value; - - if(m_value <= 0) + if(m_value < 0) { ++m_wakeups; m_cond.notify_one(); } + + ++m_value; } } void Semaphore::acquire() { std::unique_lock lock(m_mutex); + if(m_value <= 0) + { + m_cond.wait(lock, [this] { return m_wakeups > 0; }); + --m_wakeups; + } + --m_value; - if(m_value < 0) - { - m_cond.wait(lock, [this] { return m_wakeups > 0; }); - --m_wakeups; - } } } From 522a3efbeaafb029ec836d0d38f75b4dc3ecd088 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Mon, 9 Oct 2017 21:10:32 +0200 Subject: [PATCH 0016/1008] Include cstdlib to make os_utils compile with clang. --- src/lib/utils/os_utils.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index ebfd7fa886..a8d23e2148 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -10,7 +10,9 @@ #include #include #include + #include +#include #if defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) #include From fb3076f04336418d2daa5d278f2895d0174dedb9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Oct 2017 16:18:09 -0400 Subject: [PATCH 0017/1008] getenv is in standard C++ --- src/lib/utils/os_utils.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index a8d23e2148..833afecc69 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -211,7 +211,7 @@ size_t OS::get_memory_locking_limit() /* * Allow override via env variable */ - if(const char* env = ::getenv("BOTAN_MLOCK_POOL_SIZE")) + if(const char* env = std::getenv("BOTAN_MLOCK_POOL_SIZE")) { try { From 2e24a69581709366084d40348232cca1a5758438 Mon Sep 17 00:00:00 2001 From: Hubert Bugaj Date: Tue, 10 Oct 2017 00:19:08 +0200 Subject: [PATCH 0018/1008] #1220 - fixed fixes of integer overflow --- src/lib/utils/barrier.cpp | 2 +- src/lib/utils/semaphore.cpp | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/lib/utils/barrier.cpp b/src/lib/utils/barrier.cpp index b8b87d889f..ed3878d18e 100644 --- a/src/lib/utils/barrier.cpp +++ b/src/lib/utils/barrier.cpp @@ -21,7 +21,7 @@ void Barrier::sync() { std::unique_lock lock(m_mutex); - if(m_value >= 1) + if(m_value > 1) { --m_value; const size_t current_syncs = m_syncs; diff --git a/src/lib/utils/semaphore.cpp b/src/lib/utils/semaphore.cpp index a442148f84..e990ded414 100644 --- a/src/lib/utils/semaphore.cpp +++ b/src/lib/utils/semaphore.cpp @@ -19,26 +19,22 @@ void Semaphore::release(size_t n) { lock_guard_type lock(m_mutex); - if(m_value < 0) + if(m_value++ < 0) { ++m_wakeups; m_cond.notify_one(); } - - ++m_value; } } void Semaphore::acquire() { std::unique_lock lock(m_mutex); - if(m_value <= 0) + if(m_value-- <= 0) { m_cond.wait(lock, [this] { return m_wakeups > 0; }); --m_wakeups; } - - --m_value; } } From cae84616d987f3e29d21c367ee6b188cb0d85500 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 10 Oct 2017 09:27:42 -0400 Subject: [PATCH 0019/1008] Unroll SM3 compression function --- src/lib/hash/sm3/sm3.cpp | 150 ++++++++++++++++++++++++--------------- 1 file changed, 94 insertions(+), 56 deletions(-) diff --git a/src/lib/hash/sm3/sm3.cpp b/src/lib/hash/sm3/sm3.cpp index e18783de11..aeb8f2e47e 100644 --- a/src/lib/hash/sm3/sm3.cpp +++ b/src/lib/hash/sm3/sm3.cpp @@ -21,21 +21,6 @@ const uint32_t SM3_IV[] = { 0xa96f30bcUL, 0x163138aaUL, 0xe38dee4dUL, 0xb0fb0e4eUL }; -const uint32_t SM3_TJ[64] = { - 0x79CC4519, 0xF3988A32, 0xE7311465, 0xCE6228CB, 0x9CC45197, - 0x3988A32F, 0x7311465E, 0xE6228CBC, 0xCC451979, 0x988A32F3, - 0x311465E7, 0x6228CBCE, 0xC451979C, 0x88A32F39, 0x11465E73, - 0x228CBCE6, 0x9D8A7A87, 0x3B14F50F, 0x7629EA1E, 0xEC53D43C, - 0xD8A7A879, 0xB14F50F3, 0x629EA1E7, 0xC53D43CE, 0x8A7A879D, - 0x14F50F3B, 0x29EA1E76, 0x53D43CEC, 0xA7A879D8, 0x4F50F3B1, - 0x9EA1E762, 0x3D43CEC5, 0x7A879D8A, 0xF50F3B14, 0xEA1E7629, - 0xD43CEC53, 0xA879D8A7, 0x50F3B14F, 0xA1E7629E, 0x43CEC53D, - 0x879D8A7A, 0x0F3B14F5, 0x1E7629EA, 0x3CEC53D4, 0x79D8A7A8, - 0xF3B14F50, 0xE7629EA1, 0xCEC53D43, 0x9D8A7A87, 0x3B14F50F, - 0x7629EA1E, 0xEC53D43C, 0xD8A7A879, 0xB14F50F3, 0x629EA1E7, - 0xC53D43CE, 0x8A7A879D, 0x14F50F3B, 0x29EA1E76, 0x53D43CEC, - 0xA7A879D8, 0x4F50F3B1, 0x9EA1E762, 0x3D43CEC5 }; - inline uint32_t P0(uint32_t X) { return X ^ rotate_left(X, 9) ^ rotate_left(X, 17); @@ -46,24 +31,46 @@ inline uint32_t P1(uint32_t X) return X ^ rotate_left(X, 15) ^ rotate_left(X, 23); } -inline uint32_t FF0(uint32_t X, uint32_t Y, uint32_t Z) +inline uint32_t FF1(uint32_t X, uint32_t Y, uint32_t Z) { - return X ^ Y ^ Z; + return (X & Y) | ((X | Y) & Z); + //return (X & Y) | (X & Z) | (Y & Z); } -inline uint32_t FF1(uint32_t X, uint32_t Y, uint32_t Z) +inline uint32_t GG1(uint32_t X, uint32_t Y, uint32_t Z) { - return (X & Y) | (X & Z) | (Y & Z); + //return (X & Y) | (~X & Z); + return ((Z ^ (X & (Y ^ Z)))); } -inline uint32_t GG0(uint32_t X, uint32_t Y, uint32_t Z) +inline void R1(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D, + uint32_t E, uint32_t& F, uint32_t G, uint32_t& H, + uint32_t TJ, uint32_t Wi, uint32_t Wj) { - return X ^ Y ^ Z; + const uint32_t A12 = rotate_left(A, 12); + const uint32_t SS1 = rotate_left(A12 + E + TJ, 7); + const uint32_t TT1 = (A ^ B ^ C) + D + (SS1 ^ A12) + Wj; + const uint32_t TT2 = (E ^ F ^ G) + H + SS1 + Wi; + + B = rotate_left(B, 9); + D = TT1; + F = rotate_left(F, 19); + H = P0(TT2); } -inline uint32_t GG1(uint32_t X, uint32_t Y, uint32_t Z) +inline void R2(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D, + uint32_t E, uint32_t& F, uint32_t G, uint32_t& H, + uint32_t TJ, uint32_t Wi, uint32_t Wj) { - return (X & Y) | (~X & Z); + const uint32_t A12 = rotate_left(A, 12); + const uint32_t SS1 = rotate_left(A12 + E + TJ, 7); + const uint32_t TT1 = FF1(A, B, C) + D + (SS1 ^ A12) + Wj; + const uint32_t TT2 = GG1(E, F, G) + H + SS1 + Wi; + + B = rotate_left(B, 9); + D = TT1; + F = rotate_left(F, 19); + H = P0(TT2); } } @@ -151,39 +158,70 @@ void SM3::compress_n(const uint8_t input[], size_t blocks) W[66] = P1(W[50] ^ W[57] ^ rotate_left(W[63], 15)) ^ rotate_left(W[53], 7) ^ W[60]; W[67] = P1(W[51] ^ W[58] ^ rotate_left(W[64], 15)) ^ rotate_left(W[54], 7) ^ W[61]; - for (size_t j = 0; j < 16; j++) - { - const uint32_t A12 = rotate_left(A, 12); - const uint32_t SS1 = rotate_left(A12 + E + SM3_TJ[j], 7); - const uint32_t SS2 = SS1 ^ A12; - const uint32_t TT1 = FF0(A, B, C) + D + SS2 + (W[j] ^ W[j+4]); - const uint32_t TT2 = GG0(E, F, G) + H + SS1 + W[j]; - D = C; - C = rotate_left(B, 9); - B = A; - A = TT1; - H = G; - G = rotate_left(F, 19); - F = E; - E = P0(TT2); - } - - for (size_t j = 16; j < 64; j++) - { - const uint32_t A12 = rotate_left(A, 12); - const uint32_t SS1 = rotate_left(A12 + E + SM3_TJ[j], 7); - const uint32_t SS2 = SS1 ^ A12; - const uint32_t TT1 = FF1(A, B, C) + D + SS2 + (W[j] ^ W[j+4]); - const uint32_t TT2 = GG1(E, F, G) + H + SS1 + W[j]; - D = C; - C = rotate_left(B, 9); - B = A; - A = TT1; - H = G; - G = rotate_left(F, 19); - F = E; - E = P0(TT2); - } + R1(A, B, C, D, E, F, G, H, 0x79CC4519, W[ 0], W[ 0] ^ W[ 4]); + R1(D, A, B, C, H, E, F, G, 0xF3988A32, W[ 1], W[ 1] ^ W[ 5]); + R1(C, D, A, B, G, H, E, F, 0xE7311465, W[ 2], W[ 2] ^ W[ 6]); + R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W[ 3], W[ 3] ^ W[ 7]); + R1(A, B, C, D, E, F, G, H, 0x9CC45197, W[ 4], W[ 4] ^ W[ 8]); + R1(D, A, B, C, H, E, F, G, 0x3988A32F, W[ 5], W[ 5] ^ W[ 9]); + R1(C, D, A, B, G, H, E, F, 0x7311465E, W[ 6], W[ 6] ^ W[10]); + R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W[ 7], W[ 7] ^ W[11]); + R1(A, B, C, D, E, F, G, H, 0xCC451979, W[ 8], W[ 8] ^ W[12]); + R1(D, A, B, C, H, E, F, G, 0x988A32F3, W[ 9], W[ 9] ^ W[13]); + R1(C, D, A, B, G, H, E, F, 0x311465E7, W[10], W[10] ^ W[14]); + R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W[11], W[11] ^ W[15]); + R1(A, B, C, D, E, F, G, H, 0xC451979C, W[12], W[12] ^ W[16]); + R1(D, A, B, C, H, E, F, G, 0x88A32F39, W[13], W[13] ^ W[17]); + R1(C, D, A, B, G, H, E, F, 0x11465E73, W[14], W[14] ^ W[18]); + R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W[15], W[15] ^ W[19]); + R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[16], W[16] ^ W[20]); + R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[17], W[17] ^ W[21]); + R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[18], W[18] ^ W[22]); + R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[19], W[19] ^ W[23]); + R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[20], W[20] ^ W[24]); + R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[21], W[21] ^ W[25]); + R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[22], W[22] ^ W[26]); + R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[23], W[23] ^ W[27]); + R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[24], W[24] ^ W[28]); + R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[25], W[25] ^ W[29]); + R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[26], W[26] ^ W[30]); + R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[27], W[27] ^ W[31]); + R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[28], W[28] ^ W[32]); + R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[29], W[29] ^ W[33]); + R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[30], W[30] ^ W[34]); + R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[31], W[31] ^ W[35]); + R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W[32], W[32] ^ W[36]); + R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W[33], W[33] ^ W[37]); + R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W[34], W[34] ^ W[38]); + R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W[35], W[35] ^ W[39]); + R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W[36], W[36] ^ W[40]); + R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W[37], W[37] ^ W[41]); + R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W[38], W[38] ^ W[42]); + R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W[39], W[39] ^ W[43]); + R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W[40], W[40] ^ W[44]); + R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W[41], W[41] ^ W[45]); + R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W[42], W[42] ^ W[46]); + R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W[43], W[43] ^ W[47]); + R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W[44], W[44] ^ W[48]); + R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W[45], W[45] ^ W[49]); + R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W[46], W[46] ^ W[50]); + R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W[47], W[47] ^ W[51]); + R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[48], W[48] ^ W[52]); + R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[49], W[49] ^ W[53]); + R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[50], W[50] ^ W[54]); + R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[51], W[51] ^ W[55]); + R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[52], W[52] ^ W[56]); + R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[53], W[53] ^ W[57]); + R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[54], W[54] ^ W[58]); + R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[55], W[55] ^ W[59]); + R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[56], W[56] ^ W[60]); + R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[57], W[57] ^ W[61]); + R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[58], W[58] ^ W[62]); + R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[59], W[59] ^ W[63]); + R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[60], W[60] ^ W[64]); + R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[61], W[61] ^ W[65]); + R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[62], W[62] ^ W[66]); + R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[63], W[63] ^ W[67]); A = (m_digest[0] ^= A); B = (m_digest[1] ^= B); From b0261e349f4a7bafa10c1b4a95189b9b89eb27c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Wed, 11 Oct 2017 17:05:22 +0200 Subject: [PATCH 0020/1008] Add Eclipse code formatting template [ci skip] --- src/configs/eclipse.xml | 167 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 src/configs/eclipse.xml diff --git a/src/configs/eclipse.xml b/src/configs/eclipse.xml new file mode 100644 index 0000000000..3fff4b0968 --- /dev/null +++ b/src/configs/eclipse.xml @@ -0,0 +1,167 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From e831b200214ec611c3bd98f3a2df78e04dfc3536 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:02:38 -0400 Subject: [PATCH 0021/1008] Simplify ffi call overhead Notable reductions in code size, stack size and function call overhead. --- src/lib/ffi/ffi.h | 1 + src/lib/ffi/ffi_kdf.cpp | 5 ++-- src/lib/ffi/ffi_mp.cpp | 3 ++- src/lib/ffi/ffi_rng.cpp | 3 ++- src/lib/ffi/ffi_util.h | 55 +++++++++++------------------------------ 5 files changed, 22 insertions(+), 45 deletions(-) diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 43bb9b61a8..1a6014f714 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -147,6 +147,7 @@ doesn't exactly work well either! #define BOTAN_FFI_ERROR_NULL_POINTER (-31) #define BOTAN_FFI_ERROR_BAD_PARAMETER (-32) #define BOTAN_FFI_ERROR_NOT_IMPLEMENTED (-40) +#define BOTAN_FFI_ERROR_INVALID_OBJECT (-50) #define BOTAN_FFI_ERROR_UNKNOWN_ERROR (-100) diff --git a/src/lib/ffi/ffi_kdf.cpp b/src/lib/ffi/ffi_kdf.cpp index 7aaf2dbe8e..cff76237fa 100644 --- a/src/lib/ffi/ffi_kdf.cpp +++ b/src/lib/ffi/ffi_kdf.cpp @@ -65,9 +65,8 @@ int botan_bcrypt_generate(uint8_t* out, size_t* out_len, { #if defined(BOTAN_HAS_BCRYPT) return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { - BOTAN_ASSERT_ARG_NON_NULL(out); - BOTAN_ASSERT_ARG_NON_NULL(out_len); - BOTAN_ASSERT_ARG_NON_NULL(pass); + if(out == nullptr || out_len == nullptr || pass == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; if(flags != 0) return BOTAN_FFI_ERROR_BAD_FLAG; diff --git a/src/lib/ffi/ffi_mp.cpp b/src/lib/ffi/ffi_mp.cpp index 0b55c1d697..87e455ccdb 100644 --- a/src/lib/ffi/ffi_mp.cpp +++ b/src/lib/ffi/ffi_mp.cpp @@ -20,7 +20,8 @@ using namespace Botan_FFI; int botan_mp_init(botan_mp_t* mp_out) { return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { - BOTAN_ASSERT_ARG_NON_NULL(mp_out); + if(mp_out == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; *mp_out = new botan_mp_struct(new Botan::BigInt); return BOTAN_FFI_SUCCESS; diff --git a/src/lib/ffi/ffi_rng.cpp b/src/lib/ffi/ffi_rng.cpp index 68b4aaf644..88c522dfdf 100644 --- a/src/lib/ffi/ffi_rng.cpp +++ b/src/lib/ffi/ffi_rng.cpp @@ -17,7 +17,8 @@ using namespace Botan_FFI; int botan_rng_init(botan_rng_t* rng_out, const char* rng_type) { return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { - BOTAN_ASSERT_ARG_NON_NULL(rng_out); + if(rng_out == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; const std::string rng_type_s(rng_type ? rng_type : "system"); diff --git a/src/lib/ffi/ffi_util.h b/src/lib/ffi/ffi_util.h index b52c319fe7..e49002e62f 100644 --- a/src/lib/ffi/ffi_util.h +++ b/src/lib/ffi/ffi_util.h @@ -15,9 +15,6 @@ namespace Botan_FFI { -#define BOTAN_ASSERT_ARG_NON_NULL(p) \ - do { if(!p) throw Botan::Invalid_Argument("Argument " #p " is null"); } while(0) - class FFI_Error final : public Botan::Exception { public: @@ -33,11 +30,8 @@ struct botan_struct bool magic_ok() const { return (m_magic == MAGIC); } - T* get() const + T* unsafe_get() const { - if(magic_ok() == false) - throw FFI_Error("Bad magic " + std::to_string(m_magic) + - " in ffi object expected " + std::to_string(MAGIC)); return m_obj.get(); } private: @@ -56,19 +50,14 @@ T& safe_get(botan_struct* p) { if(!p) throw FFI_Error("Null pointer argument"); - if(T* t = p->get()) - return *t; - throw FFI_Error("Invalid object pointer"); - } + if(p->magic_ok() == false) + throw FFI_Error("Bad magic in ffi object"); -template -const T& safe_get(const botan_struct* p) - { - if(!p) - throw FFI_Error("Null pointer argument"); - if(const T* t = p->get()) + T* t = p->unsafe_get(); + if(t) return *t; - throw FFI_Error("Invalid object pointer"); + else + throw FFI_Error("Invalid object pointer"); } template @@ -78,7 +67,7 @@ int ffi_guard_thunk(const char* func_name, Thunk thunk) { return thunk(); } - catch(std::bad_alloc) + catch(std::bad_alloc&) { return ffi_error_exception_thrown(func_name, "bad_alloc"); } @@ -97,27 +86,13 @@ int ffi_guard_thunk(const char* func_name, Thunk thunk) template int apply_fn(botan_struct* o, const char* func_name, F func) { - try - { - if(!o) - throw FFI_Error("Null object to " + std::string(func_name)); - if(T* t = o->get()) - return func(*t); - } - catch(std::bad_alloc) - { - return ffi_error_exception_thrown(func_name, "bad_alloc"); - } - catch(std::exception& e) - { - return ffi_error_exception_thrown(func_name, e.what()); - } - catch(...) - { - return ffi_error_exception_thrown(func_name, "unknown exception"); - } + if(!o) + return BOTAN_FFI_ERROR_NULL_POINTER; - return BOTAN_FFI_ERROR_UNKNOWN_ERROR; + if(o->magic_ok() == false) + return BOTAN_FFI_ERROR_INVALID_OBJECT; + + return ffi_guard_thunk(func_name, [&]() { return func(*o->unsafe_get()); }); } #define BOTAN_FFI_DO(T, obj, param, block) \ @@ -133,7 +108,7 @@ int ffi_delete_object(botan_struct* obj, const char* func_name) return BOTAN_FFI_SUCCESS; // ignore delete of null objects if(obj->magic_ok() == false) - return BOTAN_FFI_ERROR_INVALID_INPUT; + return BOTAN_FFI_ERROR_INVALID_OBJECT; delete obj; return BOTAN_FFI_SUCCESS; From fc11f339e11af4aa9bd20d8777e68f7a63187c8f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:03:10 -0400 Subject: [PATCH 0022/1008] Deprecate anon DH/ECDH TLS ciphersuites --- doc/deprecated.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/deprecated.txt b/doc/deprecated.txt index aafa8af306..82505566fc 100644 --- a/doc/deprecated.txt +++ b/doc/deprecated.txt @@ -17,6 +17,8 @@ in the source. - 3DES and SEED ciphersuites in TLS +- Anonymous DH/ECDH ciphersuites in TLS + - DSA ciphersuites/certs in TLS - Block ciphers CAST-256, Kasumi, MISTY1, and DESX. From 112888582b5ae93ef221fd87b97ab6df2a8a8838 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:03:33 -0400 Subject: [PATCH 0023/1008] Add missing header Error under filesystem-free builds --- src/lib/filters/data_snk.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/filters/data_snk.cpp b/src/lib/filters/data_snk.cpp index cdde5ffa13..9f0ddff96d 100644 --- a/src/lib/filters/data_snk.cpp +++ b/src/lib/filters/data_snk.cpp @@ -9,6 +9,7 @@ #include #include +#include #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) #include From 6c76d855175460fe6887375c9f87f5adc058eda2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:03:53 -0400 Subject: [PATCH 0024/1008] Optimize CFB mode Still slower but notably faster at least with AES-NI --- src/lib/modes/cfb/cfb.cpp | 114 ++++++++++++++++++++++++++++---------- src/lib/modes/cfb/cfb.h | 22 +++++--- 2 files changed, 97 insertions(+), 39 deletions(-) diff --git a/src/lib/modes/cfb/cfb.cpp b/src/lib/modes/cfb/cfb.cpp index 63904ed27f..45f787e7db 100644 --- a/src/lib/modes/cfb/cfb.cpp +++ b/src/lib/modes/cfb/cfb.cpp @@ -12,7 +12,8 @@ namespace Botan { CFB_Mode::CFB_Mode(BlockCipher* cipher, size_t feedback_bits) : m_cipher(cipher), - m_feedback_bytes(feedback_bits ? feedback_bits / 8 : cipher->block_size()) + m_block_size(m_cipher->block_size()), + m_feedback_bytes(feedback_bits ? feedback_bits / 8 : m_block_size) { if(feedback_bits % 8 || feedback() > cipher->block_size()) throw Invalid_Argument(name() + ": feedback bits " + @@ -61,12 +62,12 @@ Key_Length_Specification CFB_Mode::key_spec() const size_t CFB_Mode::default_nonce_length() const { - return cipher().block_size(); + return block_size(); } bool CFB_Mode::valid_nonce_length(size_t n) const { - return (n == 0 || n == cipher().block_size()); + return (n == 0 || n == block_size()); } void CFB_Mode::key_schedule(const uint8_t key[], size_t length) @@ -96,31 +97,60 @@ void CFB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) } } -size_t CFB_Encryption::process(uint8_t buf[], size_t sz) +void CFB_Mode::shift_register() { - const size_t BS = cipher().block_size(); + const size_t shift = feedback(); + const size_t carryover = block_size() - shift; + if(carryover > 0) + { + copy_mem(m_state.data(), &m_state[shift], carryover); + } + copy_mem(&m_state[carryover], m_keystream.data(), shift); + cipher().encrypt(m_state, m_keystream); + m_keystream_pos = 0; + } + +size_t CFB_Encryption::process(uint8_t buf[], size_t sz) + { const size_t shift = feedback(); - const size_t carryover = BS - shift; - for(size_t i = 0; i != sz; ++i) + size_t left = sz; + + if(m_keystream_pos != 0) { - buf[i] = (m_keystream[m_keystream_pos] ^= buf[i]); + const size_t take = std::min(left, shift - m_keystream_pos); - m_keystream_pos++; + xor_buf(m_keystream.data() + m_keystream_pos, buf, take); + copy_mem(buf, m_keystream.data() + m_keystream_pos, take); + + m_keystream_pos += take; + left -= take; + buf += take; if(m_keystream_pos == shift) { - if(carryover > 0) - { - copy_mem(m_state.data(), &m_state[shift], carryover); - } - copy_mem(&m_state[carryover], m_keystream.data(), shift); - cipher().encrypt(m_state, m_keystream); - m_keystream_pos = 0; + shift_register(); } } + while(left >= shift) + { + xor_buf(m_keystream.data(), buf, shift); + copy_mem(buf, m_keystream.data(), shift); + + left -= shift; + buf += shift; + shift_register(); + } + + if(left > 0) + { + xor_buf(m_keystream.data(), buf, left); + copy_mem(buf, m_keystream.data(), left); + m_keystream_pos += left; + } + return sz; } @@ -129,32 +159,56 @@ void CFB_Encryption::finish(secure_vector& buffer, size_t offset) update(buffer, offset); } +namespace { + +inline void xor_copy(uint8_t buf[], uint8_t key_buf[], size_t len) + { + for(size_t i = 0; i != len; ++i) + { + uint8_t k = key_buf[i]; + key_buf[i] = buf[i]; + buf[i] ^= k; + } + } + +} + size_t CFB_Decryption::process(uint8_t buf[], size_t sz) { - const size_t BS = cipher().block_size(); const size_t shift = feedback(); - const size_t carryover = BS - shift; - for(size_t i = 0; i != sz; ++i) + size_t left = sz; + + if(m_keystream_pos != 0) { - uint8_t k = m_keystream[m_keystream_pos]; - m_keystream[m_keystream_pos] = buf[i]; - buf[i] ^= k; + const size_t take = std::min(left, shift - m_keystream_pos); + + xor_copy(buf, m_keystream.data() + m_keystream_pos, take); - m_keystream_pos++; + m_keystream_pos += take; + left -= take; + buf += take; if(m_keystream_pos == shift) { - if(carryover > 0) - { - copy_mem(m_state.data(), &m_state[shift], carryover); - } - copy_mem(&m_state[carryover], m_keystream.data(), shift); - cipher().encrypt(m_state, m_keystream); - m_keystream_pos = 0; + shift_register(); } } + while(left >= shift) + { + xor_copy(buf, m_keystream.data(), shift); + left -= shift; + buf += shift; + shift_register(); + } + + if(left > 0) + { + xor_copy(buf, m_keystream.data(), left); + m_keystream_pos += left; + } + return sz; } diff --git a/src/lib/modes/cfb/cfb.h b/src/lib/modes/cfb/cfb.h index bb6d350b89..eddc2a1210 100644 --- a/src/lib/modes/cfb/cfb.h +++ b/src/lib/modes/cfb/cfb.h @@ -20,28 +20,31 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) CFB_Mode : public Cipher_Mode { public: - std::string name() const override; + std::string name() const override final; - size_t update_granularity() const override; + size_t update_granularity() const override final; - size_t minimum_final_size() const override; + size_t minimum_final_size() const override final; - Key_Length_Specification key_spec() const override; + Key_Length_Specification key_spec() const override final; - size_t output_length(size_t input_length) const override; + size_t output_length(size_t input_length) const override final; - size_t default_nonce_length() const override; + size_t default_nonce_length() const override final; - bool valid_nonce_length(size_t n) const override; + bool valid_nonce_length(size_t n) const override final; - void clear() override; + void clear() override final; - void reset() override; + void reset() override final; protected: CFB_Mode(BlockCipher* cipher, size_t feedback_bits); + void shift_register(); + size_t feedback() const { return m_feedback_bytes; } const BlockCipher& cipher() const { return *m_cipher; } + size_t block_size() const { return m_block_size; } secure_vector m_state; secure_vector m_keystream; @@ -52,6 +55,7 @@ class BOTAN_PUBLIC_API(2,0) CFB_Mode : public Cipher_Mode void key_schedule(const uint8_t key[], size_t length) override; std::unique_ptr m_cipher; + const size_t m_block_size; const size_t m_feedback_bytes; }; From b50ba203e789182327a7fde453d9bf7b85277042 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:04:20 -0400 Subject: [PATCH 0025/1008] Remove SSE2 bswap_4 It was disabled anyway (bad macro check) and with recent GCC turned out to be slower than just using bswap. --- src/lib/utils/bswap.h | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/src/lib/utils/bswap.h b/src/lib/utils/bswap.h index c97666b3fa..23b3113ce4 100644 --- a/src/lib/utils/bswap.h +++ b/src/lib/utils/bswap.h @@ -12,10 +12,6 @@ #include #include -#if defined(BOTAN_TARGET_CPU_HAS_SSE2) && !defined(BOTAN_NO_SSE_INTRINSICS) - #include -#endif - namespace Botan { /** @@ -117,26 +113,6 @@ inline void bswap_4(T x[4]) x[3] = reverse_bytes(x[3]); } -#if defined(BOTAN_TARGET_CPU_HAS_SSE2) && !defined(BOTAN_NO_SSE_INTRINSICS) - -/** -* Swap 4 uint32_ts in an array using SSE2 shuffle instructions -*/ -template<> -inline void bswap_4(uint32_t x[4]) - { - __m128i T = _mm_loadu_si128(reinterpret_cast(x)); - - T = _mm_shufflehi_epi16(T, _MM_SHUFFLE(2, 3, 0, 1)); - T = _mm_shufflelo_epi16(T, _MM_SHUFFLE(2, 3, 0, 1)); - - T = _mm_or_si128(_mm_srli_epi16(T, 8), _mm_slli_epi16(T, 8)); - - _mm_storeu_si128(reinterpret_cast<__m128i*>(x), T); - } - -#endif - } #endif From 4a2168a0e54cf6ee57e1f7e99646e23eeb6c10ff Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:05:01 -0400 Subject: [PATCH 0026/1008] Update test for new error return --- src/tests/test_ffi.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 224d634b45..d1879ff937 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -701,7 +701,7 @@ class FFI_Unit_Tests final : public Test // Confirm that botan_x_destroy checks the argument type botan_mp_t mp; botan_mp_init(&mp); - TEST_FFI_RC(BOTAN_FFI_ERROR_INVALID_INPUT, botan_hash_destroy, (reinterpret_cast(mp))); + TEST_FFI_RC(BOTAN_FFI_ERROR_INVALID_OBJECT, botan_hash_destroy, (reinterpret_cast(mp))); TEST_FFI_RC(0, botan_mp_destroy, (mp)); return result; From 02cf0c8e5793447a907e2e44ee5976a46d181abd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:05:42 -0400 Subject: [PATCH 0027/1008] Helpful comment --- src/lib/modes/aead/siv/siv.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/modes/aead/siv/siv.cpp b/src/lib/modes/aead/siv/siv.cpp index a3de8f35c0..df9a0ef378 100644 --- a/src/lib/modes/aead/siv/siv.cpp +++ b/src/lib/modes/aead/siv/siv.cpp @@ -20,7 +20,8 @@ SIV_Mode::SIV_Mode(BlockCipher* cipher) : m_mac(new CMAC(cipher)), m_bs(cipher->block_size()) { - if(cipher->block_size() != 16) + // Not really true but only 128 bit allowed at the moment + if(m_bs != 16) throw Invalid_Argument("SIV requires a 128 bit block cipher"); } From 6ad726acbab81eca2ac5dab6a0b6da1cfb1131d6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:06:31 -0400 Subject: [PATCH 0028/1008] Avoid Not needed here --- src/tests/test_os_utils.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/tests/test_os_utils.cpp b/src/tests/test_os_utils.cpp index d06f5dbb1b..6707e89609 100644 --- a/src/tests/test_os_utils.cpp +++ b/src/tests/test_os_utils.cpp @@ -7,7 +7,6 @@ #include "tests.h" #include -#include // For __ud2 intrinsic #if defined(BOTAN_TARGET_COMPILER_IS_MSVC) @@ -73,7 +72,12 @@ class OS_Utils_Tests final : public Test const uint64_t proc_ts1 = Botan::OS::get_processor_timestamp(); // do something that consumes a little time - std::this_thread::sleep_for(std::chrono::milliseconds(50)); + volatile int x = 11; + while(x < 65535) + { + x *= 2; + x -= 10; + } uint64_t proc_ts2 = Botan::OS::get_processor_timestamp(); From 40b3f979723b2b3dfb5c44047d7f786a73fd7f6f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Oct 2017 23:40:44 -0400 Subject: [PATCH 0029/1008] Use rol/ror x86 instructions on GCC/Clang Neither is very good at recognizing rotate sequences. For cases where the rotation value is a constant they do fine, but for variable rotations they do horribly. Using inline asm here improved performance of both CAST-128 and CAST-256 by ~20% on my system with both GCC and Clang. --- src/lib/utils/rotate.h | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/lib/utils/rotate.h b/src/lib/utils/rotate.h index cb92daf96b..6aeb631b39 100644 --- a/src/lib/utils/rotate.h +++ b/src/lib/utils/rotate.h @@ -18,7 +18,7 @@ namespace Botan { * @param rot the number of bits to rotate * @return input rotated left by rot bits */ -template inline T rotate_left(T input, size_t rot) +template inline T rotate_left(T input, uint8_t rot) { rot %= 8 * sizeof(T); return (rot == 0) ? input : static_cast((input << rot) | (input >> (8*sizeof(T)-rot)));; @@ -30,12 +30,34 @@ template inline T rotate_left(T input, size_t rot) * @param rot the number of bits to rotate * @return input rotated right by rot bits */ -template inline T rotate_right(T input, size_t rot) +template inline T rotate_right(T input, uint8_t rot) { rot %= 8 * sizeof(T); return (rot == 0) ? input : static_cast((input >> rot) | (input << (8*sizeof(T)-rot))); } +#if BOTAN_USE_GCC_INLINE_ASM + +#if defined(BOTAN_TARGET_ARCH_IS_X86_64) || defined(BOTAN_TARGET_ARCH_IS_X86_32) + +template<> +inline uint32_t rotate_left(uint32_t input, uint8_t rot) + { + asm("roll %1,%0" : "+r" (input) : "c" (rot)); + return input; + } + +template<> +inline uint32_t rotate_right(uint32_t input, uint8_t rot) + { + asm("rorl %1,%0" : "+r" (input) : "c" (rot)); + return input; + } + +#endif + +#endif + } #endif From 175f09ffd806f2f19cd509017a67ae1384f29ae1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:02:20 -0400 Subject: [PATCH 0030/1008] Add compile-time rotation functions The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for. --- src/lib/block/aes/aes.cpp | 60 ++--- src/lib/block/aria/aria.cpp | 12 +- src/lib/block/camellia/camellia.cpp | 16 +- src/lib/block/cast/cast128.cpp | 6 +- src/lib/block/cast/cast256.cpp | 24 +- src/lib/block/des/des.cpp | 24 +- src/lib/block/gost_28147/gost_28147.cpp | 25 +- src/lib/block/gost_28147/gost_28147.h | 6 + src/lib/block/kasumi/kasumi.cpp | 26 +- src/lib/block/noekeon/noekeon.cpp | 44 ++-- .../noekeon/noekeon_simd/noekeon_simd.cpp | 38 ++- src/lib/block/serpent/serpent.cpp | 22 +- .../serpent/serpent_simd/serpent_simd.cpp | 24 +- src/lib/block/shacal2/shacal2.cpp | 12 +- .../shacal2/shacal2_simd/shacal2_simd.cpp | 8 +- src/lib/block/sm4/sm4.cpp | 4 +- src/lib/block/threefish/threefish.cpp | 16 +- src/lib/block/twofish/twofish.cpp | 28 +-- src/lib/hash/blake2/blake2b.cpp | 8 +- src/lib/hash/md4/md4.cpp | 120 +++++---- src/lib/hash/md4/md4.h | 7 +- src/lib/hash/md5/md5.cpp | 102 ++++---- src/lib/hash/rmd160/rmd160.cpp | 229 +++++++++--------- src/lib/hash/sha1/sha160.cpp | 32 +-- src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp | 16 +- src/lib/hash/sha2_32/sha2_32.cpp | 8 +- src/lib/hash/sha2_64/sha2_64.cpp | 47 ++-- src/lib/hash/sha3/sha3.cpp | 58 ++--- src/lib/hash/sm3/sm3.cpp | 124 +++++----- src/lib/mac/siphash/siphash.cpp | 12 +- src/lib/stream/chacha/chacha.cpp | 12 +- src/lib/stream/salsa20/salsa20.cpp | 20 +- src/lib/utils/bswap.h | 6 +- src/lib/utils/rotate.h | 78 +++--- src/lib/utils/simd/simd_32.h | 87 +++---- src/tests/test_simd.cpp | 32 ++- 36 files changed, 716 insertions(+), 677 deletions(-) diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 71a8c6a448..1893ab4a06 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -114,9 +114,9 @@ const std::vector& AES_TE() const uint32_t x = make_uint32(xtime(s), s, s, xtime3(s)); TE[i] = x; - TE[i+256] = rotate_right(x, 8); - TE[i+512] = rotate_right(x, 16); - TE[i+768] = rotate_right(x, 24); + TE[i+256] = rotr< 8>(x); + TE[i+512] = rotr<16>(x); + TE[i+768] = rotr<24>(x); } return TE; }; @@ -135,9 +135,9 @@ const std::vector& AES_TD() const uint32_t x = make_uint32(xtime14(s), xtime9(s), xtime13(s), xtime11(s)); TD[i] = x; - TD[i+256] = rotate_right(x, 8); - TD[i+512] = rotate_right(x, 16); - TD[i+768] = rotate_right(x, 24); + TD[i+256] = rotr< 8>(x); + TD[i+512] = rotr<16>(x); + TD[i+768] = rotr<24>(x); } return TD; }; @@ -188,24 +188,24 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], */ uint32_t B0 = TE[get_byte(0, T0)] ^ - rotate_right(TE[get_byte(1, T1)], 8) ^ - rotate_right(TE[get_byte(2, T2)], 16) ^ - rotate_right(TE[get_byte(3, T3)], 24) ^ EK[4]; + rotr< 8>(TE[get_byte(1, T1)]) ^ + rotr<16>(TE[get_byte(2, T2)]) ^ + rotr<24>(TE[get_byte(3, T3)]) ^ EK[4]; uint32_t B1 = TE[get_byte(0, T1)] ^ - rotate_right(TE[get_byte(1, T2)], 8) ^ - rotate_right(TE[get_byte(2, T3)], 16) ^ - rotate_right(TE[get_byte(3, T0)], 24) ^ EK[5]; + rotr< 8>(TE[get_byte(1, T2)]) ^ + rotr<16>(TE[get_byte(2, T3)]) ^ + rotr<24>(TE[get_byte(3, T0)]) ^ EK[5]; uint32_t B2 = TE[get_byte(0, T2)] ^ - rotate_right(TE[get_byte(1, T3)], 8) ^ - rotate_right(TE[get_byte(2, T0)], 16) ^ - rotate_right(TE[get_byte(3, T1)], 24) ^ EK[6]; + rotr< 8>(TE[get_byte(1, T3)]) ^ + rotr<16>(TE[get_byte(2, T0)]) ^ + rotr<24>(TE[get_byte(3, T1)]) ^ EK[6]; uint32_t B3 = TE[get_byte(0, T3)] ^ - rotate_right(TE[get_byte(1, T0)], 8) ^ - rotate_right(TE[get_byte(2, T1)], 16) ^ - rotate_right(TE[get_byte(3, T2)], 24) ^ EK[7]; + rotr< 8>(TE[get_byte(1, T0)]) ^ + rotr<16>(TE[get_byte(2, T1)]) ^ + rotr<24>(TE[get_byte(3, T2)]) ^ EK[7]; for(size_t r = 2*4; r < EK.size(); r += 2*4) { @@ -276,24 +276,24 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, T0 ^= Z; uint32_t B0 = TD[get_byte(0, T0)] ^ - rotate_right(TD[get_byte(1, T3)], 8) ^ - rotate_right(TD[get_byte(2, T2)], 16) ^ - rotate_right(TD[get_byte(3, T1)], 24) ^ DK[4]; + rotr< 8>(TD[get_byte(1, T3)]) ^ + rotr<16>(TD[get_byte(2, T2)]) ^ + rotr<24>(TD[get_byte(3, T1)]) ^ DK[4]; uint32_t B1 = TD[get_byte(0, T1)] ^ - rotate_right(TD[get_byte(1, T0)], 8) ^ - rotate_right(TD[get_byte(2, T3)], 16) ^ - rotate_right(TD[get_byte(3, T2)], 24) ^ DK[5]; + rotr< 8>(TD[get_byte(1, T0)]) ^ + rotr<16>(TD[get_byte(2, T3)]) ^ + rotr<24>(TD[get_byte(3, T2)]) ^ DK[5]; uint32_t B2 = TD[get_byte(0, T2)] ^ - rotate_right(TD[get_byte(1, T1)], 8) ^ - rotate_right(TD[get_byte(2, T0)], 16) ^ - rotate_right(TD[get_byte(3, T3)], 24) ^ DK[6]; + rotr< 8>(TD[get_byte(1, T1)]) ^ + rotr<16>(TD[get_byte(2, T0)]) ^ + rotr<24>(TD[get_byte(3, T3)]) ^ DK[6]; uint32_t B3 = TD[get_byte(0, T3)] ^ - rotate_right(TD[get_byte(1, T2)], 8) ^ - rotate_right(TD[get_byte(2, T1)], 16) ^ - rotate_right(TD[get_byte(3, T0)], 24) ^ DK[7]; + rotr< 8>(TD[get_byte(1, T2)]) ^ + rotr<16>(TD[get_byte(2, T1)]) ^ + rotr<24>(TD[get_byte(3, T0)]) ^ DK[7]; for(size_t r = 2*4; r < DK.size(); r += 2*4) { diff --git a/src/lib/block/aria/aria.cpp b/src/lib/block/aria/aria.cpp index 5b449722ac..1583dd7d34 100644 --- a/src/lib/block/aria/aria.cpp +++ b/src/lib/block/aria/aria.cpp @@ -183,7 +183,7 @@ inline void ARIA_FO(uint32_t& T0, uint32_t& T1, uint32_t& T2, uint32_t& T3) T1 ^= T2; T1 = ((T1 << 8) & 0xFF00FF00) | ((T1 >> 8) & 0x00FF00FF); - T2 = rotate_right(T2, 16); + T2 = rotr<16>(T2); T3 = reverse_bytes(T3); T1 ^= T2; @@ -205,7 +205,7 @@ inline void ARIA_FE(uint32_t& T0, uint32_t& T1, uint32_t& T2, uint32_t& T3) T1 ^= T2; T3 = ((T3 << 8) & 0xFF00FF00) | ((T3 >> 8) & 0x00FF00FF); - T0 = rotate_right(T0, 16); + T0 = rotr<16>(T0); T1 = reverse_bytes(T1); T1 ^= T2; @@ -411,9 +411,9 @@ void key_schedule(secure_vector& ERK, { for(size_t j = 0; j != 4; ++j) { - DRK[i+j] = rotate_right(DRK[i+j], 8) ^ - rotate_right(DRK[i+j], 16) ^ - rotate_right(DRK[i+j], 24); + DRK[i+j] = rotr<8>(DRK[i+j]) ^ + rotr<16>(DRK[i+j]) ^ + rotr<24>(DRK[i+j]); } DRK[i+1] ^= DRK[i+2]; DRK[i+2] ^= DRK[i+3]; @@ -421,7 +421,7 @@ void key_schedule(secure_vector& ERK, DRK[i+2] ^= DRK[i+0]; DRK[i+1] ^= DRK[i+2]; DRK[i+1] = ((DRK[i+1] << 8) & 0xFF00FF00) | ((DRK[i+1] >> 8) & 0x00FF00FF); - DRK[i+2] = rotate_right(DRK[i+2], 16); + DRK[i+2] = rotr<16>(DRK[i+2]); DRK[i+3] = reverse_bytes(DRK[i+3]); DRK[i+1] ^= DRK[i+2]; DRK[i+2] ^= DRK[i+3]; diff --git a/src/lib/block/camellia/camellia.cpp b/src/lib/block/camellia/camellia.cpp index ea84fa313b..89db6f8b9c 100644 --- a/src/lib/block/camellia/camellia.cpp +++ b/src/lib/block/camellia/camellia.cpp @@ -577,12 +577,12 @@ uint64_t F_SLOW(uint64_t v, uint64_t K) const uint64_t x = v ^ K; const uint8_t t1 = SBOX[get_byte(0, x)]; - const uint8_t t2 = rotate_left(SBOX[get_byte(1, x)], 1); - const uint8_t t3 = rotate_left(SBOX[get_byte(2, x)], 7); - const uint8_t t4 = SBOX[rotate_left(get_byte(3, x), 1)]; - const uint8_t t5 = rotate_left(SBOX[get_byte(4, x)], 1); - const uint8_t t6 = rotate_left(SBOX[get_byte(5, x)], 7); - const uint8_t t7 = SBOX[rotate_left(get_byte(6, x), 1)]; + const uint8_t t2 = rotl<1>(SBOX[get_byte(1, x)]); + const uint8_t t3 = rotl<7>(SBOX[get_byte(2, x)]); + const uint8_t t4 = SBOX[rotl<1>(get_byte(3, x))]; + const uint8_t t5 = rotl<1>(SBOX[get_byte(4, x)]); + const uint8_t t6 = rotl<7>(SBOX[get_byte(5, x)]); + const uint8_t t7 = SBOX[rotl<1>(get_byte(6, x))]; const uint8_t t8 = SBOX[get_byte(7, x)]; const uint8_t y1 = t1 ^ t3 ^ t4 ^ t6 ^ t7 ^ t8; @@ -619,7 +619,7 @@ inline uint64_t FL(uint64_t v, uint64_t K) const uint32_t k1 = static_cast(K >> 32); const uint32_t k2 = static_cast(K & 0xFFFFFFFF); - x2 ^= rotate_left(x1 & k1, 1); + x2 ^= rotl<1>(x1 & k1); x1 ^= (x2 | k2); return ((static_cast(x1) << 32) | x2); @@ -634,7 +634,7 @@ inline uint64_t FLINV(uint64_t v, uint64_t K) const uint32_t k2 = static_cast(K & 0xFFFFFFFF); x1 ^= (x2 | k2); - x2 ^= rotate_left(x1 & k1, 1); + x2 ^= rotl<1>(x1 & k1); return ((static_cast(x1) << 32) | x2); } diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index d6ded8cd2b..d54d0614ed 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -18,7 +18,7 @@ namespace { */ inline uint32_t R1(uint32_t R, uint32_t MK, uint8_t RK) { - uint32_t T = rotate_left(MK + R, RK); + const uint32_t T = rotl_var(MK + R, RK); return (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - CAST_SBOX3[get_byte(2, T)] + CAST_SBOX4[get_byte(3, T)]; } @@ -28,7 +28,7 @@ inline uint32_t R1(uint32_t R, uint32_t MK, uint8_t RK) */ inline uint32_t R2(uint32_t R, uint32_t MK, uint8_t RK) { - uint32_t T = rotate_left(MK ^ R, RK); + const uint32_t T = rotl_var(MK ^ R, RK); return (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + CAST_SBOX3[get_byte(2, T)]) ^ CAST_SBOX4[get_byte(3, T)]; } @@ -38,7 +38,7 @@ inline uint32_t R2(uint32_t R, uint32_t MK, uint8_t RK) */ inline uint32_t R3(uint32_t R, uint32_t MK, uint8_t RK) { - uint32_t T = rotate_left(MK - R, RK); + const uint32_t T = rotl_var(MK - R, RK); return ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ CAST_SBOX3[get_byte(2, T)]) - CAST_SBOX4[get_byte(3, T)]; } diff --git a/src/lib/block/cast/cast256.cpp b/src/lib/block/cast/cast256.cpp index a4a7dbd365..b4aa491661 100644 --- a/src/lib/block/cast/cast256.cpp +++ b/src/lib/block/cast/cast256.cpp @@ -16,31 +16,31 @@ namespace { /* * CAST-256 Round Type 1 */ -void round1(uint32_t& out, uint32_t in, uint32_t mask, uint32_t rot) +void round1(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) { - uint32_t temp = rotate_left(mask + in, rot); - out ^= (CAST_SBOX1[get_byte(0, temp)] ^ CAST_SBOX2[get_byte(1, temp)]) - - CAST_SBOX3[get_byte(2, temp)] + CAST_SBOX4[get_byte(3, temp)]; + const uint32_t T = rotl_var(MK + in, RK); + out ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - + CAST_SBOX3[get_byte(2, T)] + CAST_SBOX4[get_byte(3, T)]; } /* * CAST-256 Round Type 2 */ -void round2(uint32_t& out, uint32_t in, uint32_t mask, uint32_t rot) +void round2(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) { - uint32_t temp = rotate_left(mask ^ in, rot); - out ^= (CAST_SBOX1[get_byte(0, temp)] - CAST_SBOX2[get_byte(1, temp)] + - CAST_SBOX3[get_byte(2, temp)]) ^ CAST_SBOX4[get_byte(3, temp)]; + const uint32_t T = rotl_var(MK ^ in, RK); + out ^= (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + + CAST_SBOX3[get_byte(2, T)]) ^ CAST_SBOX4[get_byte(3, T)]; } /* * CAST-256 Round Type 3 */ -void round3(uint32_t& out, uint32_t in, uint32_t mask, uint32_t rot) +void round3(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) { - uint32_t temp = rotate_left(mask - in, rot); - out ^= ((CAST_SBOX1[get_byte(0, temp)] + CAST_SBOX2[get_byte(1, temp)]) ^ - CAST_SBOX3[get_byte(2, temp)]) - CAST_SBOX4[get_byte(3, temp)]; + const uint32_t T = rotl_var(MK - in, RK); + out ^= ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ + CAST_SBOX3[get_byte(2, T)]) - CAST_SBOX4[get_byte(3, T)]; } } diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp index 44f3150472..15c2adb66e 100644 --- a/src/lib/block/des/des.cpp +++ b/src/lib/block/des/des.cpp @@ -91,16 +91,16 @@ void des_encrypt(uint32_t& L, uint32_t& R, { uint32_t T0, T1; - T0 = rotate_right(R, 4) ^ round_key[2*i]; - T1 = R ^ round_key[2*i + 1]; + T0 = rotr<4>(R) ^ round_key[2*i]; + T1 = R ^ round_key[2*i + 1]; L ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ DES_SPBOX5[get_byte(2, T0)] ^ DES_SPBOX6[get_byte(2, T1)] ^ DES_SPBOX7[get_byte(3, T0)] ^ DES_SPBOX8[get_byte(3, T1)]; - T0 = rotate_right(L, 4) ^ round_key[2*i + 2]; - T1 = L ^ round_key[2*i + 3]; + T0 = rotr<4>(L) ^ round_key[2*i + 2]; + T1 = L ^ round_key[2*i + 3]; R ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ @@ -119,16 +119,16 @@ void des_decrypt(uint32_t& L, uint32_t& R, { uint32_t T0, T1; - T0 = rotate_right(R, 4) ^ round_key[2*i - 2]; - T1 = R ^ round_key[2*i - 1]; + T0 = rotr<4>(R) ^ round_key[2*i - 2]; + T1 = R ^ round_key[2*i - 1]; L ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ DES_SPBOX5[get_byte(2, T0)] ^ DES_SPBOX6[get_byte(2, T1)] ^ DES_SPBOX7[get_byte(3, T0)] ^ DES_SPBOX8[get_byte(3, T1)]; - T0 = rotate_right(L, 4) ^ round_key[2*i - 4]; - T1 = L ^ round_key[2*i - 3]; + T0 = rotr<4>(L) ^ round_key[2*i - 4]; + T1 = L ^ round_key[2*i - 3]; R ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ @@ -160,7 +160,7 @@ void DES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const (DES_FPTAB1[get_byte(2, L)] << 1) | (DES_FPTAB2[get_byte(3, L)] << 1) | (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out + 8*i); } @@ -188,7 +188,7 @@ void DES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out + BLOCK_SIZE*i); } @@ -232,7 +232,7 @@ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out); @@ -265,7 +265,7 @@ void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out); diff --git a/src/lib/block/gost_28147/gost_28147.cpp b/src/lib/block/gost_28147/gost_28147.cpp index f73ac5910c..ffe9b5d661 100644 --- a/src/lib/block/gost_28147/gost_28147.cpp +++ b/src/lib/block/gost_28147/gost_28147.cpp @@ -12,11 +12,17 @@ namespace Botan { uint8_t GOST_28147_89_Params::sbox_entry(size_t row, size_t col) const { - uint8_t x = m_sboxes[4 * col + (row / 2)]; - + const uint8_t x = m_sboxes[4 * col + (row / 2)]; return (row % 2 == 0) ? (x >> 4) : (x & 0x0F); } +uint8_t GOST_28147_89_Params::sbox_pair(size_t row, size_t col) const + { + const uint8_t x = m_sboxes[4 * (col % 16) + row]; + const uint8_t y = m_sboxes[4 * (col / 16) + row]; + return (x >> 4) | (y << 4); + } + GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : m_name(n) { // Encoded in the packed fromat from RFC 4357 @@ -53,13 +59,14 @@ GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : m_name(n) GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : m_SBOX(1024) { // Convert the parallel 4x4 sboxes into larger word-based sboxes - for(size_t i = 0; i != 4; ++i) - for(size_t j = 0; j != 256; ++j) - { - const uint32_t T = (param.sbox_entry(2*i , j % 16)) | - (param.sbox_entry(2*i+1, j / 16) << 4); - m_SBOX[256*i+j] = rotate_left(T, (11+8*i) % 32); - } + + for(size_t i = 0; i != 256; ++i) + { + m_SBOX[i ] = rotl<11, uint32_t>(param.sbox_pair(0, i)); + m_SBOX[i+256] = rotl<19, uint32_t>(param.sbox_pair(1, i)); + m_SBOX[i+512] = rotl<27, uint32_t>(param.sbox_pair(2, i)); + m_SBOX[i+768] = rotl< 3, uint32_t>(param.sbox_pair(3, i)); + } } std::string GOST_28147_89::name() const diff --git a/src/lib/block/gost_28147/gost_28147.h b/src/lib/block/gost_28147/gost_28147.h index 09581191eb..34e45779bf 100644 --- a/src/lib/block/gost_28147/gost_28147.h +++ b/src/lib/block/gost_28147/gost_28147.h @@ -33,6 +33,12 @@ class BOTAN_PUBLIC_API(2,0) GOST_28147_89_Params final */ std::string param_name() const { return m_name; } + /** + * Return a representation used for building larger tables + * For internal use + */ + uint8_t sbox_pair(size_t row, size_t col) const; + /** * Default GOST parameters are the ones given in GOST R 34.11 for * testing purposes; these sboxes are also used by Crypto++, and, diff --git a/src/lib/block/kasumi/kasumi.cpp b/src/lib/block/kasumi/kasumi.cpp index ed2524e0bf..a9b5d82742 100644 --- a/src/lib/block/kasumi/kasumi.cpp +++ b/src/lib/block/kasumi/kasumi.cpp @@ -121,8 +121,8 @@ void KASUMI::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { const uint16_t* K = &m_EK[8*j]; - uint16_t R = B1 ^ (rotate_left(B0, 1) & K[0]); - uint16_t L = B0 ^ (rotate_left(R, 1) | K[1]); + uint16_t R = B1 ^ (rotl<1>(B0) & K[0]); + uint16_t L = B0 ^ (rotl<1>(R) | K[1]); L = FI(L ^ K[ 2], K[ 3]) ^ R; R = FI(R ^ K[ 4], K[ 5]) ^ L; @@ -135,8 +135,8 @@ void KASUMI::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const L = FI(L ^ K[12], K[13]) ^ R; R = FI(R ^ K[14], K[15]) ^ L; - R ^= (rotate_left(L, 1) & K[8]); - L ^= (rotate_left(R, 1) | K[9]); + R ^= (rotl<1>(L) & K[8]); + L ^= (rotl<1>(R) | K[9]); B0 ^= L; B1 ^= R; @@ -171,14 +171,14 @@ void KASUMI::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const R = FI(R ^ K[12], K[13]) ^ L; L = FI(L ^ K[14], K[15]) ^ R; - L ^= (rotate_left(R, 1) & K[8]); - R ^= (rotate_left(L, 1) | K[9]); + L ^= (rotl<1>(R) & K[8]); + R ^= (rotl<1>(L) | K[9]); R = B0 ^= R; L = B1 ^= L; - L ^= (rotate_left(R, 1) & K[0]); - R ^= (rotate_left(L, 1) | K[1]); + L ^= (rotl<1>(R) & K[0]); + R ^= (rotl<1>(L) | K[1]); R = FI(R ^ K[2], K[3]) ^ L; L = FI(L ^ K[4], K[5]) ^ R; @@ -214,13 +214,13 @@ void KASUMI::key_schedule(const uint8_t key[], size_t) for(size_t i = 0; i != 8; ++i) { - m_EK[8*i ] = rotate_left(K[(i+0) % 8 ], 2); - m_EK[8*i+1] = rotate_left(K[(i+2) % 8 + 8], 1); - m_EK[8*i+2] = rotate_left(K[(i+1) % 8 ], 5); + m_EK[8*i ] = rotl<2>(K[(i+0) % 8]); + m_EK[8*i+1] = rotl<1>(K[(i+2) % 8 + 8]); + m_EK[8*i+2] = rotl<5>(K[(i+1) % 8]); m_EK[8*i+3] = K[(i+4) % 8 + 8]; - m_EK[8*i+4] = rotate_left(K[(i+5) % 8 ], 8); + m_EK[8*i+4] = rotl<8>(K[(i+5) % 8]); m_EK[8*i+5] = K[(i+3) % 8 + 8]; - m_EK[8*i+6] = rotate_left(K[(i+6) % 8 ], 13); + m_EK[8*i+6] = rotl<13>(K[(i+6) % 8]); m_EK[8*i+7] = K[(i+7) % 8 + 8]; } } diff --git a/src/lib/block/noekeon/noekeon.cpp b/src/lib/block/noekeon/noekeon.cpp index c82badd4c7..a7f60a0fd4 100644 --- a/src/lib/block/noekeon/noekeon.cpp +++ b/src/lib/block/noekeon/noekeon.cpp @@ -21,7 +21,7 @@ inline void theta(uint32_t& A0, uint32_t& A1, const uint32_t EK[4]) { uint32_t T = A0 ^ A2; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A1 ^= T; A3 ^= T; @@ -31,7 +31,7 @@ inline void theta(uint32_t& A0, uint32_t& A1, A3 ^= EK[3]; T = A1 ^ A3; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A0 ^= T; A2 ^= T; } @@ -43,12 +43,12 @@ inline void theta(uint32_t& A0, uint32_t& A1, uint32_t& A2, uint32_t& A3) { uint32_t T = A0 ^ A2; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A1 ^= T; A3 ^= T; T = A1 ^ A3; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A0 ^= T; A2 ^= T; } @@ -135,15 +135,15 @@ void Noekeon::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const A0 ^= RC[j]; theta(A0, A1, A2, A3, m_EK.data()); - A1 = rotate_left(A1, 1); - A2 = rotate_left(A2, 5); - A3 = rotate_left(A3, 2); + A1 = rotl<1>(A1); + A2 = rotl<5>(A2); + A3 = rotl<2>(A3); gamma(A0, A1, A2, A3); - A1 = rotate_right(A1, 1); - A2 = rotate_right(A2, 5); - A3 = rotate_right(A3, 2); + A1 = rotr<1>(A1); + A2 = rotr<5>(A2); + A3 = rotr<2>(A3); } A0 ^= RC[16]; @@ -186,15 +186,15 @@ void Noekeon::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const theta(A0, A1, A2, A3, m_DK.data()); A0 ^= RC[j]; - A1 = rotate_left(A1, 1); - A2 = rotate_left(A2, 5); - A3 = rotate_left(A3, 2); + A1 = rotl<1>(A1); + A2 = rotl<5>(A2); + A3 = rotl<2>(A3); gamma(A0, A1, A2, A3); - A1 = rotate_right(A1, 1); - A2 = rotate_right(A2, 5); - A3 = rotate_right(A3, 2); + A1 = rotr<1>(A1); + A2 = rotr<5>(A2); + A3 = rotr<2>(A3); } theta(A0, A1, A2, A3, m_DK.data()); @@ -222,15 +222,15 @@ void Noekeon::key_schedule(const uint8_t key[], size_t) A0 ^= RC[i]; theta(A0, A1, A2, A3); - A1 = rotate_left(A1, 1); - A2 = rotate_left(A2, 5); - A3 = rotate_left(A3, 2); + A1 = rotl<1>(A1); + A2 = rotl<5>(A2); + A3 = rotl<2>(A3); gamma(A0, A1, A2, A3); - A1 = rotate_right(A1, 1); - A2 = rotate_right(A2, 5); - A3 = rotate_right(A3, 2); + A1 = rotr<1>(A1); + A2 = rotr<5>(A2); + A3 = rotr<2>(A3); } A0 ^= RC[16]; diff --git a/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp b/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp index a77ba7b8c6..f9a696d29d 100644 --- a/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp +++ b/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp @@ -16,12 +16,7 @@ namespace Botan { #define NOK_SIMD_THETA(A0, A1, A2, A3, K0, K1, K2, K3) \ do { \ SIMD_32 T = A0 ^ A2; \ - SIMD_32 T_l8 = T; \ - SIMD_32 T_r8 = T; \ - T_l8.rotate_left(8); \ - T_r8.rotate_right(8); \ - T ^= T_l8; \ - T ^= T_r8; \ + T ^= T.rotl<8>() ^ T.rotr<8>(); \ A1 ^= T; \ A3 ^= T; \ \ @@ -31,12 +26,7 @@ namespace Botan { A3 ^= K3; \ \ T = A1 ^ A3; \ - T_l8 = T; \ - T_r8 = T; \ - T_l8.rotate_left(8); \ - T_r8.rotate_right(8); \ - T ^= T_l8; \ - T ^= T_r8; \ + T ^= T.rotl<8>() ^ T.rotr<8>(); \ A0 ^= T; \ A2 ^= T; \ } while(0) @@ -83,15 +73,15 @@ void Noekeon::simd_encrypt_4(const uint8_t in[], uint8_t out[]) const NOK_SIMD_THETA(A0, A1, A2, A3, K0, K1, K2, K3); - A1.rotate_left(1); - A2.rotate_left(5); - A3.rotate_left(2); + A1 = A1.rotl<1>(); + A2 = A2.rotl<5>(); + A3 = A3.rotl<2>(); NOK_SIMD_GAMMA(A0, A1, A2, A3); - A1.rotate_right(1); - A2.rotate_right(5); - A3.rotate_right(2); + A1 = A1.rotr<1>(); + A2 = A2.rotr<5>(); + A3 = A3.rotr<2>(); } A0 ^= SIMD_32::splat(RC[16]); @@ -128,15 +118,15 @@ void Noekeon::simd_decrypt_4(const uint8_t in[], uint8_t out[]) const A0 ^= SIMD_32::splat(RC[16-i]); - A1.rotate_left(1); - A2.rotate_left(5); - A3.rotate_left(2); + A1 = A1.rotl<1>(); + A2 = A2.rotl<5>(); + A3 = A3.rotl<2>(); NOK_SIMD_GAMMA(A0, A1, A2, A3); - A1.rotate_right(1); - A2.rotate_right(5); - A3.rotate_right(2); + A1 = A1.rotr<1>(); + A2 = A2.rotr<5>(); + A3 = A3.rotr<2>(); } NOK_SIMD_THETA(A0, A1, A2, A3, K0, K1, K2, K3); diff --git a/src/lib/block/serpent/serpent.cpp b/src/lib/block/serpent/serpent.cpp index 93af812318..6e1d797661 100644 --- a/src/lib/block/serpent/serpent.cpp +++ b/src/lib/block/serpent/serpent.cpp @@ -22,11 +22,11 @@ namespace { */ inline void transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) { - B0 = rotate_left(B0, 13); B2 = rotate_left(B2, 3); - B1 ^= B0 ^ B2; B3 ^= B2 ^ (B0 << 3); - B1 = rotate_left(B1, 1); B3 = rotate_left(B3, 7); - B0 ^= B1 ^ B3; B2 ^= B3 ^ (B1 << 7); - B0 = rotate_left(B0, 5); B2 = rotate_left(B2, 22); + B0 = rotl<13>(B0); B2 = rotl<3>(B2); + B1 ^= B0 ^ B2; B3 ^= B2 ^ (B0 << 3); + B1 = rotl<1>(B1); B3 = rotl<7>(B3); + B0 ^= B1 ^ B3; B2 ^= B3 ^ (B1 << 7); + B0 = rotl<5>(B0); B2 = rotl<22>(B2); } /* @@ -34,11 +34,11 @@ inline void transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) */ inline void i_transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) { - B2 = rotate_right(B2, 22); B0 = rotate_right(B0, 5); - B2 ^= B3 ^ (B1 << 7); B0 ^= B1 ^ B3; - B3 = rotate_right(B3, 7); B1 = rotate_right(B1, 1); - B3 ^= B2 ^ (B0 << 3); B1 ^= B0 ^ B2; - B2 = rotate_right(B2, 3); B0 = rotate_right(B0, 13); + B2 = rotr<22>(B2); B0 = rotr<5>(B0); + B2 ^= B3 ^ (B1 << 7); B0 ^= B1 ^ B3; + B3 = rotr<7>(B3); B1 = rotr<1>(B1); + B3 ^= B2 ^ (B0 << 3); B1 ^= B0 ^ B2; + B2 = rotr<3>(B2); B0 = rotr<13>(B0); } } @@ -192,7 +192,7 @@ void Serpent::key_schedule(const uint8_t key[], size_t length) for(size_t i = 8; i != 140; ++i) { uint32_t wi = W[i-8] ^ W[i-5] ^ W[i-3] ^ W[i-1] ^ PHI ^ uint32_t(i-8); - W[i] = rotate_left(wi, 11); + W[i] = rotl<11>(wi); } SBoxE1(W[ 20],W[ 21],W[ 22],W[ 23]); diff --git a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp index 94b3cf9add..b184b0d4af 100644 --- a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp +++ b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp @@ -24,30 +24,30 @@ namespace Botan { */ #define transform(B0, B1, B2, B3) \ do { \ - B0.rotate_left(13); \ - B2.rotate_left(3); \ + B0 = B0.rotl<13>(); \ + B2 = B2.rotl<3>(); \ B1 ^= B0 ^ B2; \ B3 ^= B2 ^ (B0 << 3); \ - B1.rotate_left(1); \ - B3.rotate_left(7); \ + B1 = B1.rotl<1>(); \ + B3 = B3.rotl<7>(); \ B0 ^= B1 ^ B3; \ B2 ^= B3 ^ (B1 << 7); \ - B0.rotate_left(5); \ - B2.rotate_left(22); \ + B0 = B0.rotl<5>(); \ + B2 = B2.rotl<22>(); \ } while(0); #define i_transform(B0, B1, B2, B3) \ do { \ - B2.rotate_right(22); \ - B0.rotate_right(5); \ + B2 = B2.rotr<22>(); \ + B0 = B0.rotr<5>(); \ B2 ^= B3 ^ (B1 << 7); \ B0 ^= B1 ^ B3; \ - B3.rotate_right(7); \ - B1.rotate_right(1); \ + B3 = B3.rotr<7>(); \ + B1 = B1.rotr<1>(); \ B3 ^= B2 ^ (B0 << 3); \ B1 ^= B0 ^ B2; \ - B2.rotate_right(3); \ - B0.rotate_right(13); \ + B2 = B2.rotr<3>(); \ + B0 = B0.rotr<13>(); \ } while(0); /* diff --git a/src/lib/block/shacal2/shacal2.cpp b/src/lib/block/shacal2/shacal2.cpp index 30ad711db5..12c87c426a 100644 --- a/src/lib/block/shacal2/shacal2.cpp +++ b/src/lib/block/shacal2/shacal2.cpp @@ -17,8 +17,8 @@ inline void SHACAL2_Fwd(uint32_t A, uint32_t B, uint32_t C, uint32_t& D, uint32_t E, uint32_t F, uint32_t G, uint32_t& H, uint32_t RK) { - const uint32_t A_rho = rotate_right(A, 2) ^ rotate_right(A, 13) ^ rotate_right(A, 22); - const uint32_t E_rho = rotate_right(E, 6) ^ rotate_right(E, 11) ^ rotate_right(E, 25); + const uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); + const uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); H += E_rho + ((E & F) ^ (~E & G)) + RK; D += H; @@ -29,8 +29,8 @@ inline void SHACAL2_Rev(uint32_t A, uint32_t B, uint32_t C, uint32_t& D, uint32_t E, uint32_t F, uint32_t G, uint32_t& H, uint32_t RK) { - const uint32_t A_rho = rotate_right(A, 2) ^ rotate_right(A, 13) ^ rotate_right(A, 22); - const uint32_t E_rho = rotate_right(E, 6) ^ rotate_right(E, 11) ^ rotate_right(E, 25); + const uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); + const uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); H -= A_rho + ((A & B) | ((A | B) & C)); D -= H; @@ -175,8 +175,8 @@ void SHACAL2::key_schedule(const uint8_t key[], size_t len) for(size_t i = 16; i != 64; ++i) { - const uint32_t sigma0_15 = rotate_right(m_RK[i-15], 7) ^ rotate_right(m_RK[i-15], 18) ^ (m_RK[i-15] >> 3); - const uint32_t sigma1_2 = rotate_right(m_RK[i-2], 17) ^ rotate_right(m_RK[i-2], 19) ^ (m_RK[i-2] >> 10); + const uint32_t sigma0_15 = rotr<7>(m_RK[i-15]) ^ rotr<18>(m_RK[i-15]) ^ (m_RK[i-15] >> 3); + const uint32_t sigma1_2 = rotr<17>(m_RK[i-2]) ^ rotr<19>(m_RK[i-2]) ^ (m_RK[i-2] >> 10); m_RK[i] = m_RK[i-16] + sigma0_15 + m_RK[i-7] + sigma1_2; } diff --git a/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp b/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp index a4324c8fba..bdcac1482d 100644 --- a/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp +++ b/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp @@ -17,9 +17,9 @@ void SHACAL2_Fwd(const SIMD_32& A, const SIMD_32& B, const SIMD_32& C, SIMD_32& const SIMD_32& E, const SIMD_32& F, const SIMD_32& G, SIMD_32& H, uint32_t RK) { - H += E.rho(6,11,25) + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); + H += E.rho<6,11,25>() + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); D += H; - H += A.rho(2,13,22) + ((A & B) | ((A | B) & C)); + H += A.rho<2,13,22>() + ((A & B) | ((A | B) & C)); } inline @@ -27,9 +27,9 @@ void SHACAL2_Rev(const SIMD_32& A, const SIMD_32& B, const SIMD_32& C, SIMD_32& const SIMD_32& E, const SIMD_32& F, const SIMD_32& G, SIMD_32& H, uint32_t RK) { - H -= A.rho(2,13,22) + ((A & B) | ((A | B) & C)); + H -= A.rho<2,13,22>() + ((A & B) | ((A | B) & C)); D -= H; - H -= E.rho(6,11,25) + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); + H -= E.rho<6,11,25>() + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); } } diff --git a/src/lib/block/sm4/sm4.cpp b/src/lib/block/sm4/sm4.cpp index 9794915667..42c865faf8 100644 --- a/src/lib/block/sm4/sm4.cpp +++ b/src/lib/block/sm4/sm4.cpp @@ -46,7 +46,7 @@ inline uint32_t T(uint32_t b) const uint32_t t = make_uint32(SBOX[b0], SBOX[b1], SBOX[b2], SBOX[b3]); // L linear transform - return t ^ rotate_left(t, 2) ^ rotate_left(t, 10) ^ rotate_left(t, 18) ^ rotate_left(t, 24); + return t ^ rotl<2>(t) ^ rotl<10>(t) ^ rotl<18>(t) ^ rotl<24>(t); } // Variant of T for key schedule @@ -59,7 +59,7 @@ inline uint32_t Tp(uint32_t b) const uint32_t t = make_uint32(SBOX[b0], SBOX[b1], SBOX[b2], SBOX[b3]); // L' linear transform - return t ^ rotate_left(t, 13) ^ rotate_left(t, 23); + return t ^ rotl<13>(t) ^ rotl<23>(t); } } diff --git a/src/lib/block/threefish/threefish.cpp b/src/lib/block/threefish/threefish.cpp index 99ce135d50..937a673fde 100644 --- a/src/lib/block/threefish/threefish.cpp +++ b/src/lib/block/threefish/threefish.cpp @@ -17,10 +17,10 @@ namespace Botan { X1 += X5; \ X2 += X6; \ X3 += X7; \ - X4 = rotate_left(X4, ROT1); \ - X5 = rotate_left(X5, ROT2); \ - X6 = rotate_left(X6, ROT3); \ - X7 = rotate_left(X7, ROT4); \ + X4 = rotl(X4); \ + X5 = rotl(X5); \ + X6 = rotl(X6); \ + X7 = rotl(X7); \ X4 ^= X0; \ X5 ^= X1; \ X6 ^= X2; \ @@ -177,10 +177,10 @@ void Threefish_512::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) X5 ^= X1; \ X6 ^= X2; \ X7 ^= X3; \ - X4 = rotate_right(X4, ROT1); \ - X5 = rotate_right(X5, ROT2); \ - X6 = rotate_right(X6, ROT3); \ - X7 = rotate_right(X7, ROT4); \ + X4 = rotr(X4); \ + X5 = rotr(X5); \ + X6 = rotr(X6); \ + X7 = rotr(X7); \ X0 -= X4; \ X1 -= X5; \ X2 -= X6; \ diff --git a/src/lib/block/twofish/twofish.cpp b/src/lib/block/twofish/twofish.cpp index 51ef01ea9c..3a09af8daa 100644 --- a/src/lib/block/twofish/twofish.cpp +++ b/src/lib/block/twofish/twofish.cpp @@ -41,8 +41,8 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[2*j + 9]; X += m_RK[2*j + 8]; - C = rotate_right(C ^ X, 1); - D = rotate_left(D, 1) ^ Y; + C = rotr<1>(C ^ X); + D = rotl<1>(D) ^ Y; X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; @@ -52,8 +52,8 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[2*j + 11]; X += m_RK[2*j + 10]; - A = rotate_right(A ^ X, 1); - B = rotate_left(B, 1) ^ Y; + A = rotr<1>(A ^ X); + B = rotl<1>(B) ^ Y; } C ^= m_RK[4]; @@ -92,8 +92,8 @@ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[39 - 2*j]; X += m_RK[38 - 2*j]; - C = rotate_left(C, 1) ^ X; - D = rotate_right(D ^ Y, 1); + C = rotl<1>(C) ^ X; + D = rotr<1>(D ^ Y); X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; @@ -103,8 +103,8 @@ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[37 - 2*j]; X += m_RK[36 - 2*j]; - A = rotate_left(A, 1) ^ X; - B = rotate_right(B ^ Y, 1); + A = rotl<1>(A) ^ X; + B = rotr<1>(B ^ Y); } C ^= m_RK[0]; @@ -167,11 +167,11 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) MDS1[Q0[Q1[i+1]^key[13]]^key[ 5]] ^ MDS2[Q1[Q0[i+1]^key[14]]^key[ 6]] ^ MDS3[Q1[Q1[i+1]^key[15]]^key[ 7]]; - Y = rotate_left(Y, 8); + Y = rotl<8>(Y); X += Y; Y += X; m_RK[i] = X; - m_RK[i+1] = rotate_left(Y, 9); + m_RK[i+1] = rotl<9>(Y); } } else if(length == 24) @@ -194,11 +194,11 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) MDS1[Q0[Q1[Q1[i+1]^key[21]]^key[13]]^key[ 5]] ^ MDS2[Q1[Q0[Q0[i+1]^key[22]]^key[14]]^key[ 6]] ^ MDS3[Q1[Q1[Q0[i+1]^key[23]]^key[15]]^key[ 7]]; - Y = rotate_left(Y, 8); + Y = rotl<8>(Y); X += Y; Y += X; m_RK[i] = X; - m_RK[i+1] = rotate_left(Y, 9); + m_RK[i+1] = rotl<9>(Y); } } else if(length == 32) @@ -221,11 +221,11 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) MDS1[Q0[Q1[Q1[Q0[i+1]^key[29]]^key[21]]^key[13]]^key[ 5]] ^ MDS2[Q1[Q0[Q0[Q0[i+1]^key[30]]^key[22]]^key[14]]^key[ 6]] ^ MDS3[Q1[Q1[Q0[Q1[i+1]^key[31]]^key[23]]^key[15]]^key[ 7]]; - Y = rotate_left(Y, 8); + Y = rotl<8>(Y); X += Y; Y += X; m_RK[i] = X; - m_RK[i+1] = rotate_left(Y, 9); + m_RK[i+1] = rotl<9>(Y); } } } diff --git a/src/lib/hash/blake2/blake2b.cpp b/src/lib/hash/blake2/blake2b.cpp index 85171b16b4..79a30de3db 100644 --- a/src/lib/hash/blake2/blake2b.cpp +++ b/src/lib/hash/blake2/blake2b.cpp @@ -93,13 +93,13 @@ void Blake2b::compress(bool lastblock) #define G(r, i, a, b, c, d) \ do { \ a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ - d = rotate_right(d ^ a, 32); \ + d = rotr<32>(d ^ a); \ c = c + d; \ - b = rotate_right(b ^ c, 24); \ + b = rotr<24>(b ^ c); \ a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ - d = rotate_right(d ^ a, 16); \ + d = rotr<16>(d ^ a); \ c = c + d; \ - b = rotate_right(b ^ c, 63); \ + b = rotr<63>(b ^ c); \ } while(0) #define ROUND(r) \ diff --git a/src/lib/hash/md4/md4.cpp b/src/lib/hash/md4/md4.cpp index 79f3a2d133..1c048a6b3b 100644 --- a/src/lib/hash/md4/md4.cpp +++ b/src/lib/hash/md4/md4.cpp @@ -16,31 +16,55 @@ std::unique_ptr MD4::copy_state() const namespace { -/* -* MD4 FF Function -*/ -inline void FF(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M, uint8_t S) +inline void FF4(uint32_t& A, uint32_t& B, uint32_t& C, uint32_t& D, + uint32_t M0, uint32_t M1, uint32_t M2, uint32_t M3) + { - A += (D ^ (B & (C ^ D))) + M; - A = rotate_left(A, S); + A += (D ^ (B & (C ^ D))) + M0; + A = rotl<3>(A); + + D += (C ^ (A & (B ^ C))) + M1; + D = rotl<7>(D); + + C += (B ^ (D & (A ^ B))) + M2; + C = rotl<11>(C); + + B += (A ^ (C & (D ^ A))) + M3; + B = rotl<19>(B); } -/* -* MD4 GG Function -*/ -inline void GG(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M, uint8_t S) +inline void GG4(uint32_t& A, uint32_t& B, uint32_t& C, uint32_t& D, + uint32_t M0, uint32_t M1, uint32_t M2, uint32_t M3) + { - A += ((B & C) | (D & (B | C))) + M + 0x5A827999; - A = rotate_left(A, S); + A += ((B & C) | (D & (B | C))) + M0 + 0x5A827999; + A = rotl<3>(A); + + D += ((A & B) | (C & (A | B))) + M1 + 0x5A827999; + D = rotl<5>(D); + + C += ((D & A) | (B & (D | A))) + M2 + 0x5A827999; + C = rotl<9>(C); + + B += ((C & D) | (A & (C | D))) + M3 + 0x5A827999; + B = rotl<13>(B); } -/* -* MD4 HH Function -*/ -inline void HH(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M, uint8_t S) +inline void HH4(uint32_t& A, uint32_t& B, uint32_t& C, uint32_t& D, + uint32_t M0, uint32_t M1, uint32_t M2, uint32_t M3) + { - A += (B ^ C ^ D) + M + 0x6ED9EBA1; - A = rotate_left(A, S); + A += (B ^ C ^ D) + M0 + 0x6ED9EBA1; + A = rotl<3>(A); + + D += (A ^ B ^ C) + M1 + 0x6ED9EBA1; + D = rotl<9>(D); + + C += (A ^ B ^ D) + M2 + 0x6ED9EBA1; + C = rotl<11>(C); + + B += (A ^ C ^ D) + M3 + 0x6ED9EBA1; + B = rotl<15>(B); } } @@ -54,34 +78,37 @@ void MD4::compress_n(const uint8_t input[], size_t blocks) for(size_t i = 0; i != blocks; ++i) { - load_le(m_M.data(), input, m_M.size()); - - FF(A,B,C,D,m_M[ 0], 3); FF(D,A,B,C,m_M[ 1], 7); - FF(C,D,A,B,m_M[ 2],11); FF(B,C,D,A,m_M[ 3],19); - FF(A,B,C,D,m_M[ 4], 3); FF(D,A,B,C,m_M[ 5], 7); - FF(C,D,A,B,m_M[ 6],11); FF(B,C,D,A,m_M[ 7],19); - FF(A,B,C,D,m_M[ 8], 3); FF(D,A,B,C,m_M[ 9], 7); - FF(C,D,A,B,m_M[10],11); FF(B,C,D,A,m_M[11],19); - FF(A,B,C,D,m_M[12], 3); FF(D,A,B,C,m_M[13], 7); - FF(C,D,A,B,m_M[14],11); FF(B,C,D,A,m_M[15],19); - - GG(A,B,C,D,m_M[ 0], 3); GG(D,A,B,C,m_M[ 4], 5); - GG(C,D,A,B,m_M[ 8], 9); GG(B,C,D,A,m_M[12],13); - GG(A,B,C,D,m_M[ 1], 3); GG(D,A,B,C,m_M[ 5], 5); - GG(C,D,A,B,m_M[ 9], 9); GG(B,C,D,A,m_M[13],13); - GG(A,B,C,D,m_M[ 2], 3); GG(D,A,B,C,m_M[ 6], 5); - GG(C,D,A,B,m_M[10], 9); GG(B,C,D,A,m_M[14],13); - GG(A,B,C,D,m_M[ 3], 3); GG(D,A,B,C,m_M[ 7], 5); - GG(C,D,A,B,m_M[11], 9); GG(B,C,D,A,m_M[15],13); - - HH(A,B,C,D,m_M[ 0], 3); HH(D,A,B,C,m_M[ 8], 9); - HH(C,D,A,B,m_M[ 4],11); HH(B,C,D,A,m_M[12],15); - HH(A,B,C,D,m_M[ 2], 3); HH(D,A,B,C,m_M[10], 9); - HH(C,D,A,B,m_M[ 6],11); HH(B,C,D,A,m_M[14],15); - HH(A,B,C,D,m_M[ 1], 3); HH(D,A,B,C,m_M[ 9], 9); - HH(C,D,A,B,m_M[ 5],11); HH(B,C,D,A,m_M[13],15); - HH(A,B,C,D,m_M[ 3], 3); HH(D,A,B,C,m_M[11], 9); - HH(C,D,A,B,m_M[ 7],11); HH(B,C,D,A,m_M[15],15); + uint32_t M00 = load_le(input, 0); + uint32_t M01 = load_le(input, 1); + uint32_t M02 = load_le(input, 2); + uint32_t M03 = load_le(input, 3); + uint32_t M04 = load_le(input, 4); + uint32_t M05 = load_le(input, 5); + uint32_t M06 = load_le(input, 6); + uint32_t M07 = load_le(input, 7); + uint32_t M08 = load_le(input, 8); + uint32_t M09 = load_le(input, 9); + uint32_t M10 = load_le(input, 10); + uint32_t M11 = load_le(input, 11); + uint32_t M12 = load_le(input, 12); + uint32_t M13 = load_le(input, 13); + uint32_t M14 = load_le(input, 14); + uint32_t M15 = load_le(input, 15); + + FF4(A, B, C, D, M00, M01, M02, M03); + FF4(A, B, C, D, M04, M05, M06, M07); + FF4(A, B, C, D, M08, M09, M10, M11); + FF4(A, B, C, D, M12, M13, M14, M15); + + GG4(A, B, C, D, M00, M04, M08, M12); + GG4(A, B, C, D, M01, M05, M09, M13); + GG4(A, B, C, D, M02, M06, M10, M14); + GG4(A, B, C, D, M03, M07, M11, M15); + + HH4(A, B, C, D, M00, M08, M04, M12); + HH4(A, B, C, D, M02, M10, M06, M14); + HH4(A, B, C, D, M01, M09, M05, M13); + HH4(A, B, C, D, M03, M11, M07, M15); A = (m_digest[0] += A); B = (m_digest[1] += B); @@ -106,7 +133,6 @@ void MD4::copy_out(uint8_t output[]) void MD4::clear() { MDx_HashFunction::clear(); - zeroise(m_M); m_digest[0] = 0x67452301; m_digest[1] = 0xEFCDAB89; m_digest[2] = 0x98BADCFE; diff --git a/src/lib/hash/md4/md4.h b/src/lib/hash/md4/md4.h index c51cb16820..1dd857bce6 100644 --- a/src/lib/hash/md4/md4.h +++ b/src/lib/hash/md4/md4.h @@ -25,18 +25,13 @@ class BOTAN_PUBLIC_API(2,0) MD4 final : public MDx_HashFunction void clear() override; - MD4() : MDx_HashFunction(64, false, true), m_M(16), m_digest(4) + MD4() : MDx_HashFunction(64, false, true), m_digest(4) { clear(); } private: void compress_n(const uint8_t input[], size_t blocks) override; void copy_out(uint8_t[]) override; - /** - * The message buffer - */ - secure_vector m_M; - /** * The digest value */ diff --git a/src/lib/hash/md5/md5.cpp b/src/lib/hash/md5/md5.cpp index 174443a67a..de75ab2d1c 100644 --- a/src/lib/hash/md5/md5.cpp +++ b/src/lib/hash/md5/md5.cpp @@ -19,41 +19,41 @@ namespace { /* * MD5 FF Function */ -inline void FF(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t msg, - uint8_t S, uint32_t magic) +template +inline void FF(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M) { - A += (D ^ (B & (C ^ D))) + msg + magic; - A = rotate_left(A, S) + B; + A += (D ^ (B & (C ^ D))) + M; + A = rotl(A) + B; } /* * MD5 GG Function */ -inline void GG(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t msg, - uint8_t S, uint32_t magic) +template +inline void GG(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M) { - A += (C ^ (D & (B ^ C))) + msg + magic; - A = rotate_left(A, S) + B; + A += (C ^ (D & (B ^ C))) + M; + A = rotl(A) + B; } /* * MD5 HH Function */ -inline void HH(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t msg, - uint8_t S, uint32_t magic) +template +inline void HH(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M) { - A += (B ^ C ^ D) + msg + magic; - A = rotate_left(A, S) + B; + A += (B ^ C ^ D) + M; + A = rotl(A) + B; } /* * MD5 II Function */ -inline void II(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t msg, - uint8_t S, uint32_t magic) +template +inline void II(uint32_t& A, uint32_t B, uint32_t C, uint32_t D, uint32_t M) { - A += (C ^ (B | ~D)) + msg + magic; - A = rotate_left(A, S) + B; + A += (C ^ (B | ~D)) + M; + A = rotl(A) + B; } } @@ -69,41 +69,41 @@ void MD5::compress_n(const uint8_t input[], size_t blocks) { load_le(m_M.data(), input, m_M.size()); - FF(A,B,C,D,m_M[ 0], 7,0xD76AA478); FF(D,A,B,C,m_M[ 1],12,0xE8C7B756); - FF(C,D,A,B,m_M[ 2],17,0x242070DB); FF(B,C,D,A,m_M[ 3],22,0xC1BDCEEE); - FF(A,B,C,D,m_M[ 4], 7,0xF57C0FAF); FF(D,A,B,C,m_M[ 5],12,0x4787C62A); - FF(C,D,A,B,m_M[ 6],17,0xA8304613); FF(B,C,D,A,m_M[ 7],22,0xFD469501); - FF(A,B,C,D,m_M[ 8], 7,0x698098D8); FF(D,A,B,C,m_M[ 9],12,0x8B44F7AF); - FF(C,D,A,B,m_M[10],17,0xFFFF5BB1); FF(B,C,D,A,m_M[11],22,0x895CD7BE); - FF(A,B,C,D,m_M[12], 7,0x6B901122); FF(D,A,B,C,m_M[13],12,0xFD987193); - FF(C,D,A,B,m_M[14],17,0xA679438E); FF(B,C,D,A,m_M[15],22,0x49B40821); - - GG(A,B,C,D,m_M[ 1], 5,0xF61E2562); GG(D,A,B,C,m_M[ 6], 9,0xC040B340); - GG(C,D,A,B,m_M[11],14,0x265E5A51); GG(B,C,D,A,m_M[ 0],20,0xE9B6C7AA); - GG(A,B,C,D,m_M[ 5], 5,0xD62F105D); GG(D,A,B,C,m_M[10], 9,0x02441453); - GG(C,D,A,B,m_M[15],14,0xD8A1E681); GG(B,C,D,A,m_M[ 4],20,0xE7D3FBC8); - GG(A,B,C,D,m_M[ 9], 5,0x21E1CDE6); GG(D,A,B,C,m_M[14], 9,0xC33707D6); - GG(C,D,A,B,m_M[ 3],14,0xF4D50D87); GG(B,C,D,A,m_M[ 8],20,0x455A14ED); - GG(A,B,C,D,m_M[13], 5,0xA9E3E905); GG(D,A,B,C,m_M[ 2], 9,0xFCEFA3F8); - GG(C,D,A,B,m_M[ 7],14,0x676F02D9); GG(B,C,D,A,m_M[12],20,0x8D2A4C8A); - - HH(A,B,C,D,m_M[ 5], 4,0xFFFA3942); HH(D,A,B,C,m_M[ 8],11,0x8771F681); - HH(C,D,A,B,m_M[11],16,0x6D9D6122); HH(B,C,D,A,m_M[14],23,0xFDE5380C); - HH(A,B,C,D,m_M[ 1], 4,0xA4BEEA44); HH(D,A,B,C,m_M[ 4],11,0x4BDECFA9); - HH(C,D,A,B,m_M[ 7],16,0xF6BB4B60); HH(B,C,D,A,m_M[10],23,0xBEBFBC70); - HH(A,B,C,D,m_M[13], 4,0x289B7EC6); HH(D,A,B,C,m_M[ 0],11,0xEAA127FA); - HH(C,D,A,B,m_M[ 3],16,0xD4EF3085); HH(B,C,D,A,m_M[ 6],23,0x04881D05); - HH(A,B,C,D,m_M[ 9], 4,0xD9D4D039); HH(D,A,B,C,m_M[12],11,0xE6DB99E5); - HH(C,D,A,B,m_M[15],16,0x1FA27CF8); HH(B,C,D,A,m_M[ 2],23,0xC4AC5665); - - II(A,B,C,D,m_M[ 0], 6,0xF4292244); II(D,A,B,C,m_M[ 7],10,0x432AFF97); - II(C,D,A,B,m_M[14],15,0xAB9423A7); II(B,C,D,A,m_M[ 5],21,0xFC93A039); - II(A,B,C,D,m_M[12], 6,0x655B59C3); II(D,A,B,C,m_M[ 3],10,0x8F0CCC92); - II(C,D,A,B,m_M[10],15,0xFFEFF47D); II(B,C,D,A,m_M[ 1],21,0x85845DD1); - II(A,B,C,D,m_M[ 8], 6,0x6FA87E4F); II(D,A,B,C,m_M[15],10,0xFE2CE6E0); - II(C,D,A,B,m_M[ 6],15,0xA3014314); II(B,C,D,A,m_M[13],21,0x4E0811A1); - II(A,B,C,D,m_M[ 4], 6,0xF7537E82); II(D,A,B,C,m_M[11],10,0xBD3AF235); - II(C,D,A,B,m_M[ 2],15,0x2AD7D2BB); II(B,C,D,A,m_M[ 9],21,0xEB86D391); + FF< 7>(A,B,C,D,m_M[ 0]+0xD76AA478); FF<12>(D,A,B,C,m_M[ 1]+0xE8C7B756); + FF<17>(C,D,A,B,m_M[ 2]+0x242070DB); FF<22>(B,C,D,A,m_M[ 3]+0xC1BDCEEE); + FF< 7>(A,B,C,D,m_M[ 4]+0xF57C0FAF); FF<12>(D,A,B,C,m_M[ 5]+0x4787C62A); + FF<17>(C,D,A,B,m_M[ 6]+0xA8304613); FF<22>(B,C,D,A,m_M[ 7]+0xFD469501); + FF< 7>(A,B,C,D,m_M[ 8]+0x698098D8); FF<12>(D,A,B,C,m_M[ 9]+0x8B44F7AF); + FF<17>(C,D,A,B,m_M[10]+0xFFFF5BB1); FF<22>(B,C,D,A,m_M[11]+0x895CD7BE); + FF< 7>(A,B,C,D,m_M[12]+0x6B901122); FF<12>(D,A,B,C,m_M[13]+0xFD987193); + FF<17>(C,D,A,B,m_M[14]+0xA679438E); FF<22>(B,C,D,A,m_M[15]+0x49B40821); + + GG< 5>(A,B,C,D,m_M[ 1]+0xF61E2562); GG< 9>(D,A,B,C,m_M[ 6]+0xC040B340); + GG<14>(C,D,A,B,m_M[11]+0x265E5A51); GG<20>(B,C,D,A,m_M[ 0]+0xE9B6C7AA); + GG< 5>(A,B,C,D,m_M[ 5]+0xD62F105D); GG< 9>(D,A,B,C,m_M[10]+0x02441453); + GG<14>(C,D,A,B,m_M[15]+0xD8A1E681); GG<20>(B,C,D,A,m_M[ 4]+0xE7D3FBC8); + GG< 5>(A,B,C,D,m_M[ 9]+0x21E1CDE6); GG< 9>(D,A,B,C,m_M[14]+0xC33707D6); + GG<14>(C,D,A,B,m_M[ 3]+0xF4D50D87); GG<20>(B,C,D,A,m_M[ 8]+0x455A14ED); + GG< 5>(A,B,C,D,m_M[13]+0xA9E3E905); GG< 9>(D,A,B,C,m_M[ 2]+0xFCEFA3F8); + GG<14>(C,D,A,B,m_M[ 7]+0x676F02D9); GG<20>(B,C,D,A,m_M[12]+0x8D2A4C8A); + + HH< 4>(A,B,C,D,m_M[ 5]+0xFFFA3942); HH<11>(D,A,B,C,m_M[ 8]+0x8771F681); + HH<16>(C,D,A,B,m_M[11]+0x6D9D6122); HH<23>(B,C,D,A,m_M[14]+0xFDE5380C); + HH< 4>(A,B,C,D,m_M[ 1]+0xA4BEEA44); HH<11>(D,A,B,C,m_M[ 4]+0x4BDECFA9); + HH<16>(C,D,A,B,m_M[ 7]+0xF6BB4B60); HH<23>(B,C,D,A,m_M[10]+0xBEBFBC70); + HH< 4>(A,B,C,D,m_M[13]+0x289B7EC6); HH<11>(D,A,B,C,m_M[ 0]+0xEAA127FA); + HH<16>(C,D,A,B,m_M[ 3]+0xD4EF3085); HH<23>(B,C,D,A,m_M[ 6]+0x04881D05); + HH< 4>(A,B,C,D,m_M[ 9]+0xD9D4D039); HH<11>(D,A,B,C,m_M[12]+0xE6DB99E5); + HH<16>(C,D,A,B,m_M[15]+0x1FA27CF8); HH<23>(B,C,D,A,m_M[ 2]+0xC4AC5665); + + II< 6>(A,B,C,D,m_M[ 0]+0xF4292244); II<10>(D,A,B,C,m_M[ 7]+0x432AFF97); + II<15>(C,D,A,B,m_M[14]+0xAB9423A7); II<21>(B,C,D,A,m_M[ 5]+0xFC93A039); + II< 6>(A,B,C,D,m_M[12]+0x655B59C3); II<10>(D,A,B,C,m_M[ 3]+0x8F0CCC92); + II<15>(C,D,A,B,m_M[10]+0xFFEFF47D); II<21>(B,C,D,A,m_M[ 1]+0x85845DD1); + II< 6>(A,B,C,D,m_M[ 8]+0x6FA87E4F); II<10>(D,A,B,C,m_M[15]+0xFE2CE6E0); + II<15>(C,D,A,B,m_M[ 6]+0xA3014314); II<21>(B,C,D,A,m_M[13]+0x4E0811A1); + II< 6>(A,B,C,D,m_M[ 4]+0xF7537E82); II<10>(D,A,B,C,m_M[11]+0xBD3AF235); + II<15>(C,D,A,B,m_M[ 2]+0x2AD7D2BB); II<21>(B,C,D,A,m_M[ 9]+0xEB86D391); A = (m_digest[0] += A); B = (m_digest[1] += B); diff --git a/src/lib/hash/rmd160/rmd160.cpp b/src/lib/hash/rmd160/rmd160.cpp index 95f96c2816..4c84ff4224 100644 --- a/src/lib/hash/rmd160/rmd160.cpp +++ b/src/lib/hash/rmd160/rmd160.cpp @@ -19,56 +19,61 @@ namespace { /* * RIPEMD-160 F1 Function */ +template inline void F1(uint32_t& A, uint32_t B, uint32_t& C, uint32_t D, uint32_t E, - uint32_t msg, uint32_t shift) + uint32_t M) { - A += (B ^ C ^ D) + msg; - A = rotate_left(A, shift) + E; - C = rotate_left(C, 10); + A += (B ^ C ^ D) + M; + A = rotl(A) + E; + C = rotl<10>(C); } /* * RIPEMD-160 F2 Function */ +template inline void F2(uint32_t& A, uint32_t B, uint32_t& C, uint32_t D, uint32_t E, - uint32_t msg, uint32_t shift, uint32_t magic) + uint32_t M) { - A += (D ^ (B & (C ^ D))) + msg + magic; - A = rotate_left(A, shift) + E; - C = rotate_left(C, 10); + A += (D ^ (B & (C ^ D))) + M; + A = rotl(A) + E; + C = rotl<10>(C); } /* * RIPEMD-160 F3 Function */ +template inline void F3(uint32_t& A, uint32_t B, uint32_t& C, uint32_t D, uint32_t E, - uint32_t msg, uint32_t shift, uint32_t magic) + uint32_t M) { - A += (D ^ (B | ~C)) + msg + magic; - A = rotate_left(A, shift) + E; - C = rotate_left(C, 10); + A += (D ^ (B | ~C)) + M; + A = rotl(A) + E; + C = rotl<10>(C); } /* * RIPEMD-160 F4 Function */ +template inline void F4(uint32_t& A, uint32_t B, uint32_t& C, uint32_t D, uint32_t E, - uint32_t msg, uint32_t shift, uint32_t magic) + uint32_t M) { - A += (C ^ (D & (B ^ C))) + msg + magic; - A = rotate_left(A, shift) + E; - C = rotate_left(C, 10); + A += (C ^ (D & (B ^ C))) + M; + A = rotl(A) + E; + C = rotl<10>(C); } /* * RIPEMD-160 F5 Function */ +template inline void F5(uint32_t& A, uint32_t B, uint32_t& C, uint32_t D, uint32_t E, - uint32_t msg, uint32_t shift, uint32_t magic) + uint32_t M) { - A += (B ^ (C | ~D)) + msg + magic; - A = rotate_left(A, shift) + E; - C = rotate_left(C, 10); + A += (B ^ (C | ~D)) + M; + A = rotl(A) + E; + C = rotl<10>(C); } } @@ -79,102 +84,104 @@ inline void F5(uint32_t& A, uint32_t B, uint32_t& C, uint32_t D, uint32_t E, void RIPEMD_160::compress_n(const uint8_t input[], size_t blocks) { const uint32_t MAGIC2 = 0x5A827999, MAGIC3 = 0x6ED9EBA1, - MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0xA953FD4E, - MAGIC6 = 0x50A28BE6, MAGIC7 = 0x5C4DD124, - MAGIC8 = 0x6D703EF3, MAGIC9 = 0x7A6D76E9; + MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0xA953FD4E, + MAGIC6 = 0x50A28BE6, MAGIC7 = 0x5C4DD124, + MAGIC8 = 0x6D703EF3, MAGIC9 = 0x7A6D76E9; for(size_t i = 0; i != blocks; ++i) { load_le(m_M.data(), input, m_M.size()); - uint32_t A1 = m_digest[0], A2 = A1, B1 = m_digest[1], B2 = B1, - C1 = m_digest[2], C2 = C1, D1 = m_digest[3], D2 = D1, - E1 = m_digest[4], E2 = E1; - - F1(A1,B1,C1,D1,E1,m_M[ 0],11 ); F5(A2,B2,C2,D2,E2,m_M[ 5], 8,MAGIC6); - F1(E1,A1,B1,C1,D1,m_M[ 1],14 ); F5(E2,A2,B2,C2,D2,m_M[14], 9,MAGIC6); - F1(D1,E1,A1,B1,C1,m_M[ 2],15 ); F5(D2,E2,A2,B2,C2,m_M[ 7], 9,MAGIC6); - F1(C1,D1,E1,A1,B1,m_M[ 3],12 ); F5(C2,D2,E2,A2,B2,m_M[ 0],11,MAGIC6); - F1(B1,C1,D1,E1,A1,m_M[ 4], 5 ); F5(B2,C2,D2,E2,A2,m_M[ 9],13,MAGIC6); - F1(A1,B1,C1,D1,E1,m_M[ 5], 8 ); F5(A2,B2,C2,D2,E2,m_M[ 2],15,MAGIC6); - F1(E1,A1,B1,C1,D1,m_M[ 6], 7 ); F5(E2,A2,B2,C2,D2,m_M[11],15,MAGIC6); - F1(D1,E1,A1,B1,C1,m_M[ 7], 9 ); F5(D2,E2,A2,B2,C2,m_M[ 4], 5,MAGIC6); - F1(C1,D1,E1,A1,B1,m_M[ 8],11 ); F5(C2,D2,E2,A2,B2,m_M[13], 7,MAGIC6); - F1(B1,C1,D1,E1,A1,m_M[ 9],13 ); F5(B2,C2,D2,E2,A2,m_M[ 6], 7,MAGIC6); - F1(A1,B1,C1,D1,E1,m_M[10],14 ); F5(A2,B2,C2,D2,E2,m_M[15], 8,MAGIC6); - F1(E1,A1,B1,C1,D1,m_M[11],15 ); F5(E2,A2,B2,C2,D2,m_M[ 8],11,MAGIC6); - F1(D1,E1,A1,B1,C1,m_M[12], 6 ); F5(D2,E2,A2,B2,C2,m_M[ 1],14,MAGIC6); - F1(C1,D1,E1,A1,B1,m_M[13], 7 ); F5(C2,D2,E2,A2,B2,m_M[10],14,MAGIC6); - F1(B1,C1,D1,E1,A1,m_M[14], 9 ); F5(B2,C2,D2,E2,A2,m_M[ 3],12,MAGIC6); - F1(A1,B1,C1,D1,E1,m_M[15], 8 ); F5(A2,B2,C2,D2,E2,m_M[12], 6,MAGIC6); - - F2(E1,A1,B1,C1,D1,m_M[ 7], 7,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 6], 9,MAGIC7); - F2(D1,E1,A1,B1,C1,m_M[ 4], 6,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[11],13,MAGIC7); - F2(C1,D1,E1,A1,B1,m_M[13], 8,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[ 3],15,MAGIC7); - F2(B1,C1,D1,E1,A1,m_M[ 1],13,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[ 7], 7,MAGIC7); - F2(A1,B1,C1,D1,E1,m_M[10],11,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[ 0],12,MAGIC7); - F2(E1,A1,B1,C1,D1,m_M[ 6], 9,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[13], 8,MAGIC7); - F2(D1,E1,A1,B1,C1,m_M[15], 7,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[ 5], 9,MAGIC7); - F2(C1,D1,E1,A1,B1,m_M[ 3],15,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[10],11,MAGIC7); - F2(B1,C1,D1,E1,A1,m_M[12], 7,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[14], 7,MAGIC7); - F2(A1,B1,C1,D1,E1,m_M[ 0],12,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[15], 7,MAGIC7); - F2(E1,A1,B1,C1,D1,m_M[ 9],15,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 8],12,MAGIC7); - F2(D1,E1,A1,B1,C1,m_M[ 5], 9,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[12], 7,MAGIC7); - F2(C1,D1,E1,A1,B1,m_M[ 2],11,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[ 4], 6,MAGIC7); - F2(B1,C1,D1,E1,A1,m_M[14], 7,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[ 9],15,MAGIC7); - F2(A1,B1,C1,D1,E1,m_M[11],13,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[ 1],13,MAGIC7); - F2(E1,A1,B1,C1,D1,m_M[ 8],12,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 2],11,MAGIC7); - - F3(D1,E1,A1,B1,C1,m_M[ 3],11,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[15], 9,MAGIC8); - F3(C1,D1,E1,A1,B1,m_M[10],13,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 5], 7,MAGIC8); - F3(B1,C1,D1,E1,A1,m_M[14], 6,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[ 1],15,MAGIC8); - F3(A1,B1,C1,D1,E1,m_M[ 4], 7,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[ 3],11,MAGIC8); - F3(E1,A1,B1,C1,D1,m_M[ 9],14,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 7], 8,MAGIC8); - F3(D1,E1,A1,B1,C1,m_M[15], 9,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[14], 6,MAGIC8); - F3(C1,D1,E1,A1,B1,m_M[ 8],13,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 6], 6,MAGIC8); - F3(B1,C1,D1,E1,A1,m_M[ 1],15,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[ 9],14,MAGIC8); - F3(A1,B1,C1,D1,E1,m_M[ 2],14,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[11],12,MAGIC8); - F3(E1,A1,B1,C1,D1,m_M[ 7], 8,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 8],13,MAGIC8); - F3(D1,E1,A1,B1,C1,m_M[ 0],13,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[12], 5,MAGIC8); - F3(C1,D1,E1,A1,B1,m_M[ 6], 6,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 2],14,MAGIC8); - F3(B1,C1,D1,E1,A1,m_M[13], 5,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[10],13,MAGIC8); - F3(A1,B1,C1,D1,E1,m_M[11],12,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[ 0],13,MAGIC8); - F3(E1,A1,B1,C1,D1,m_M[ 5], 7,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 4], 7,MAGIC8); - F3(D1,E1,A1,B1,C1,m_M[12], 5,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[13], 5,MAGIC8); - - F4(C1,D1,E1,A1,B1,m_M[ 1],11,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[ 8],15,MAGIC9); - F4(B1,C1,D1,E1,A1,m_M[ 9],12,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[ 6], 5,MAGIC9); - F4(A1,B1,C1,D1,E1,m_M[11],14,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 4], 8,MAGIC9); - F4(E1,A1,B1,C1,D1,m_M[10],15,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 1],11,MAGIC9); - F4(D1,E1,A1,B1,C1,m_M[ 0],14,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[ 3],14,MAGIC9); - F4(C1,D1,E1,A1,B1,m_M[ 8],15,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[11],14,MAGIC9); - F4(B1,C1,D1,E1,A1,m_M[12], 9,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[15], 6,MAGIC9); - F4(A1,B1,C1,D1,E1,m_M[ 4], 8,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 0],14,MAGIC9); - F4(E1,A1,B1,C1,D1,m_M[13], 9,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 5], 6,MAGIC9); - F4(D1,E1,A1,B1,C1,m_M[ 3],14,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[12], 9,MAGIC9); - F4(C1,D1,E1,A1,B1,m_M[ 7], 5,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[ 2],12,MAGIC9); - F4(B1,C1,D1,E1,A1,m_M[15], 6,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[13], 9,MAGIC9); - F4(A1,B1,C1,D1,E1,m_M[14], 8,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 9],12,MAGIC9); - F4(E1,A1,B1,C1,D1,m_M[ 5], 6,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 7], 5,MAGIC9); - F4(D1,E1,A1,B1,C1,m_M[ 6], 5,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[10],15,MAGIC9); - F4(C1,D1,E1,A1,B1,m_M[ 2],12,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[14], 8,MAGIC9); - - F5(B1,C1,D1,E1,A1,m_M[ 4], 9,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[12], 8 ); - F5(A1,B1,C1,D1,E1,m_M[ 0],15,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[15], 5 ); - F5(E1,A1,B1,C1,D1,m_M[ 5], 5,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[10],12 ); - F5(D1,E1,A1,B1,C1,m_M[ 9],11,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 4], 9 ); - F5(C1,D1,E1,A1,B1,m_M[ 7], 6,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 1],12 ); - F5(B1,C1,D1,E1,A1,m_M[12], 8,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[ 5], 5 ); - F5(A1,B1,C1,D1,E1,m_M[ 2],13,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[ 8],14 ); - F5(E1,A1,B1,C1,D1,m_M[10],12,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[ 7], 6 ); - F5(D1,E1,A1,B1,C1,m_M[14], 5,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 6], 8 ); - F5(C1,D1,E1,A1,B1,m_M[ 1],12,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 2],13 ); - F5(B1,C1,D1,E1,A1,m_M[ 3],13,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[13], 6 ); - F5(A1,B1,C1,D1,E1,m_M[ 8],14,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[14], 5 ); - F5(E1,A1,B1,C1,D1,m_M[11],11,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[ 0],15 ); - F5(D1,E1,A1,B1,C1,m_M[ 6], 8,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 3],13 ); - F5(C1,D1,E1,A1,B1,m_M[15], 5,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 9],11 ); - F5(B1,C1,D1,E1,A1,m_M[13], 6,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[11],11 ); + uint32_t A1 = m_digest[0], A2 = A1, + B1 = m_digest[1], B2 = B1, + C1 = m_digest[2], C2 = C1, + D1 = m_digest[3], D2 = D1, + E1 = m_digest[4], E2 = E1; + + F1<11>(A1,B1,C1,D1,E1,m_M[ 0] ); F5< 8>(A2,B2,C2,D2,E2,m_M[ 5]+MAGIC6); + F1<14>(E1,A1,B1,C1,D1,m_M[ 1] ); F5< 9>(E2,A2,B2,C2,D2,m_M[14]+MAGIC6); + F1<15>(D1,E1,A1,B1,C1,m_M[ 2] ); F5< 9>(D2,E2,A2,B2,C2,m_M[ 7]+MAGIC6); + F1<12>(C1,D1,E1,A1,B1,m_M[ 3] ); F5<11>(C2,D2,E2,A2,B2,m_M[ 0]+MAGIC6); + F1< 5>(B1,C1,D1,E1,A1,m_M[ 4] ); F5<13>(B2,C2,D2,E2,A2,m_M[ 9]+MAGIC6); + F1< 8>(A1,B1,C1,D1,E1,m_M[ 5] ); F5<15>(A2,B2,C2,D2,E2,m_M[ 2]+MAGIC6); + F1< 7>(E1,A1,B1,C1,D1,m_M[ 6] ); F5<15>(E2,A2,B2,C2,D2,m_M[11]+MAGIC6); + F1< 9>(D1,E1,A1,B1,C1,m_M[ 7] ); F5< 5>(D2,E2,A2,B2,C2,m_M[ 4]+MAGIC6); + F1<11>(C1,D1,E1,A1,B1,m_M[ 8] ); F5< 7>(C2,D2,E2,A2,B2,m_M[13]+MAGIC6); + F1<13>(B1,C1,D1,E1,A1,m_M[ 9] ); F5< 7>(B2,C2,D2,E2,A2,m_M[ 6]+MAGIC6); + F1<14>(A1,B1,C1,D1,E1,m_M[10] ); F5< 8>(A2,B2,C2,D2,E2,m_M[15]+MAGIC6); + F1<15>(E1,A1,B1,C1,D1,m_M[11] ); F5<11>(E2,A2,B2,C2,D2,m_M[ 8]+MAGIC6); + F1< 6>(D1,E1,A1,B1,C1,m_M[12] ); F5<14>(D2,E2,A2,B2,C2,m_M[ 1]+MAGIC6); + F1< 7>(C1,D1,E1,A1,B1,m_M[13] ); F5<14>(C2,D2,E2,A2,B2,m_M[10]+MAGIC6); + F1< 9>(B1,C1,D1,E1,A1,m_M[14] ); F5<12>(B2,C2,D2,E2,A2,m_M[ 3]+MAGIC6); + F1< 8>(A1,B1,C1,D1,E1,m_M[15] ); F5< 6>(A2,B2,C2,D2,E2,m_M[12]+MAGIC6); + + F2< 7>(E1,A1,B1,C1,D1,m_M[ 7]+MAGIC2); F4< 9>(E2,A2,B2,C2,D2,m_M[ 6]+MAGIC7); + F2< 6>(D1,E1,A1,B1,C1,m_M[ 4]+MAGIC2); F4<13>(D2,E2,A2,B2,C2,m_M[11]+MAGIC7); + F2< 8>(C1,D1,E1,A1,B1,m_M[13]+MAGIC2); F4<15>(C2,D2,E2,A2,B2,m_M[ 3]+MAGIC7); + F2<13>(B1,C1,D1,E1,A1,m_M[ 1]+MAGIC2); F4< 7>(B2,C2,D2,E2,A2,m_M[ 7]+MAGIC7); + F2<11>(A1,B1,C1,D1,E1,m_M[10]+MAGIC2); F4<12>(A2,B2,C2,D2,E2,m_M[ 0]+MAGIC7); + F2< 9>(E1,A1,B1,C1,D1,m_M[ 6]+MAGIC2); F4< 8>(E2,A2,B2,C2,D2,m_M[13]+MAGIC7); + F2< 7>(D1,E1,A1,B1,C1,m_M[15]+MAGIC2); F4< 9>(D2,E2,A2,B2,C2,m_M[ 5]+MAGIC7); + F2<15>(C1,D1,E1,A1,B1,m_M[ 3]+MAGIC2); F4<11>(C2,D2,E2,A2,B2,m_M[10]+MAGIC7); + F2< 7>(B1,C1,D1,E1,A1,m_M[12]+MAGIC2); F4< 7>(B2,C2,D2,E2,A2,m_M[14]+MAGIC7); + F2<12>(A1,B1,C1,D1,E1,m_M[ 0]+MAGIC2); F4< 7>(A2,B2,C2,D2,E2,m_M[15]+MAGIC7); + F2<15>(E1,A1,B1,C1,D1,m_M[ 9]+MAGIC2); F4<12>(E2,A2,B2,C2,D2,m_M[ 8]+MAGIC7); + F2< 9>(D1,E1,A1,B1,C1,m_M[ 5]+MAGIC2); F4< 7>(D2,E2,A2,B2,C2,m_M[12]+MAGIC7); + F2<11>(C1,D1,E1,A1,B1,m_M[ 2]+MAGIC2); F4< 6>(C2,D2,E2,A2,B2,m_M[ 4]+MAGIC7); + F2< 7>(B1,C1,D1,E1,A1,m_M[14]+MAGIC2); F4<15>(B2,C2,D2,E2,A2,m_M[ 9]+MAGIC7); + F2<13>(A1,B1,C1,D1,E1,m_M[11]+MAGIC2); F4<13>(A2,B2,C2,D2,E2,m_M[ 1]+MAGIC7); + F2<12>(E1,A1,B1,C1,D1,m_M[ 8]+MAGIC2); F4<11>(E2,A2,B2,C2,D2,m_M[ 2]+MAGIC7); + + F3<11>(D1,E1,A1,B1,C1,m_M[ 3]+MAGIC3); F3< 9>(D2,E2,A2,B2,C2,m_M[15]+MAGIC8); + F3<13>(C1,D1,E1,A1,B1,m_M[10]+MAGIC3); F3< 7>(C2,D2,E2,A2,B2,m_M[ 5]+MAGIC8); + F3< 6>(B1,C1,D1,E1,A1,m_M[14]+MAGIC3); F3<15>(B2,C2,D2,E2,A2,m_M[ 1]+MAGIC8); + F3< 7>(A1,B1,C1,D1,E1,m_M[ 4]+MAGIC3); F3<11>(A2,B2,C2,D2,E2,m_M[ 3]+MAGIC8); + F3<14>(E1,A1,B1,C1,D1,m_M[ 9]+MAGIC3); F3< 8>(E2,A2,B2,C2,D2,m_M[ 7]+MAGIC8); + F3< 9>(D1,E1,A1,B1,C1,m_M[15]+MAGIC3); F3< 6>(D2,E2,A2,B2,C2,m_M[14]+MAGIC8); + F3<13>(C1,D1,E1,A1,B1,m_M[ 8]+MAGIC3); F3< 6>(C2,D2,E2,A2,B2,m_M[ 6]+MAGIC8); + F3<15>(B1,C1,D1,E1,A1,m_M[ 1]+MAGIC3); F3<14>(B2,C2,D2,E2,A2,m_M[ 9]+MAGIC8); + F3<14>(A1,B1,C1,D1,E1,m_M[ 2]+MAGIC3); F3<12>(A2,B2,C2,D2,E2,m_M[11]+MAGIC8); + F3< 8>(E1,A1,B1,C1,D1,m_M[ 7]+MAGIC3); F3<13>(E2,A2,B2,C2,D2,m_M[ 8]+MAGIC8); + F3<13>(D1,E1,A1,B1,C1,m_M[ 0]+MAGIC3); F3< 5>(D2,E2,A2,B2,C2,m_M[12]+MAGIC8); + F3< 6>(C1,D1,E1,A1,B1,m_M[ 6]+MAGIC3); F3<14>(C2,D2,E2,A2,B2,m_M[ 2]+MAGIC8); + F3< 5>(B1,C1,D1,E1,A1,m_M[13]+MAGIC3); F3<13>(B2,C2,D2,E2,A2,m_M[10]+MAGIC8); + F3<12>(A1,B1,C1,D1,E1,m_M[11]+MAGIC3); F3<13>(A2,B2,C2,D2,E2,m_M[ 0]+MAGIC8); + F3< 7>(E1,A1,B1,C1,D1,m_M[ 5]+MAGIC3); F3< 7>(E2,A2,B2,C2,D2,m_M[ 4]+MAGIC8); + F3< 5>(D1,E1,A1,B1,C1,m_M[12]+MAGIC3); F3< 5>(D2,E2,A2,B2,C2,m_M[13]+MAGIC8); + + F4<11>(C1,D1,E1,A1,B1,m_M[ 1]+MAGIC4); F2<15>(C2,D2,E2,A2,B2,m_M[ 8]+MAGIC9); + F4<12>(B1,C1,D1,E1,A1,m_M[ 9]+MAGIC4); F2< 5>(B2,C2,D2,E2,A2,m_M[ 6]+MAGIC9); + F4<14>(A1,B1,C1,D1,E1,m_M[11]+MAGIC4); F2< 8>(A2,B2,C2,D2,E2,m_M[ 4]+MAGIC9); + F4<15>(E1,A1,B1,C1,D1,m_M[10]+MAGIC4); F2<11>(E2,A2,B2,C2,D2,m_M[ 1]+MAGIC9); + F4<14>(D1,E1,A1,B1,C1,m_M[ 0]+MAGIC4); F2<14>(D2,E2,A2,B2,C2,m_M[ 3]+MAGIC9); + F4<15>(C1,D1,E1,A1,B1,m_M[ 8]+MAGIC4); F2<14>(C2,D2,E2,A2,B2,m_M[11]+MAGIC9); + F4< 9>(B1,C1,D1,E1,A1,m_M[12]+MAGIC4); F2< 6>(B2,C2,D2,E2,A2,m_M[15]+MAGIC9); + F4< 8>(A1,B1,C1,D1,E1,m_M[ 4]+MAGIC4); F2<14>(A2,B2,C2,D2,E2,m_M[ 0]+MAGIC9); + F4< 9>(E1,A1,B1,C1,D1,m_M[13]+MAGIC4); F2< 6>(E2,A2,B2,C2,D2,m_M[ 5]+MAGIC9); + F4<14>(D1,E1,A1,B1,C1,m_M[ 3]+MAGIC4); F2< 9>(D2,E2,A2,B2,C2,m_M[12]+MAGIC9); + F4< 5>(C1,D1,E1,A1,B1,m_M[ 7]+MAGIC4); F2<12>(C2,D2,E2,A2,B2,m_M[ 2]+MAGIC9); + F4< 6>(B1,C1,D1,E1,A1,m_M[15]+MAGIC4); F2< 9>(B2,C2,D2,E2,A2,m_M[13]+MAGIC9); + F4< 8>(A1,B1,C1,D1,E1,m_M[14]+MAGIC4); F2<12>(A2,B2,C2,D2,E2,m_M[ 9]+MAGIC9); + F4< 6>(E1,A1,B1,C1,D1,m_M[ 5]+MAGIC4); F2< 5>(E2,A2,B2,C2,D2,m_M[ 7]+MAGIC9); + F4< 5>(D1,E1,A1,B1,C1,m_M[ 6]+MAGIC4); F2<15>(D2,E2,A2,B2,C2,m_M[10]+MAGIC9); + F4<12>(C1,D1,E1,A1,B1,m_M[ 2]+MAGIC4); F2< 8>(C2,D2,E2,A2,B2,m_M[14]+MAGIC9); + + F5< 9>(B1,C1,D1,E1,A1,m_M[ 4]+MAGIC5); F1< 8>(B2,C2,D2,E2,A2,m_M[12] ); + F5<15>(A1,B1,C1,D1,E1,m_M[ 0]+MAGIC5); F1< 5>(A2,B2,C2,D2,E2,m_M[15] ); + F5< 5>(E1,A1,B1,C1,D1,m_M[ 5]+MAGIC5); F1<12>(E2,A2,B2,C2,D2,m_M[10] ); + F5<11>(D1,E1,A1,B1,C1,m_M[ 9]+MAGIC5); F1< 9>(D2,E2,A2,B2,C2,m_M[ 4] ); + F5< 6>(C1,D1,E1,A1,B1,m_M[ 7]+MAGIC5); F1<12>(C2,D2,E2,A2,B2,m_M[ 1] ); + F5< 8>(B1,C1,D1,E1,A1,m_M[12]+MAGIC5); F1< 5>(B2,C2,D2,E2,A2,m_M[ 5] ); + F5<13>(A1,B1,C1,D1,E1,m_M[ 2]+MAGIC5); F1<14>(A2,B2,C2,D2,E2,m_M[ 8] ); + F5<12>(E1,A1,B1,C1,D1,m_M[10]+MAGIC5); F1< 6>(E2,A2,B2,C2,D2,m_M[ 7] ); + F5< 5>(D1,E1,A1,B1,C1,m_M[14]+MAGIC5); F1< 8>(D2,E2,A2,B2,C2,m_M[ 6] ); + F5<12>(C1,D1,E1,A1,B1,m_M[ 1]+MAGIC5); F1<13>(C2,D2,E2,A2,B2,m_M[ 2] ); + F5<13>(B1,C1,D1,E1,A1,m_M[ 3]+MAGIC5); F1< 6>(B2,C2,D2,E2,A2,m_M[13] ); + F5<14>(A1,B1,C1,D1,E1,m_M[ 8]+MAGIC5); F1< 5>(A2,B2,C2,D2,E2,m_M[14] ); + F5<11>(E1,A1,B1,C1,D1,m_M[11]+MAGIC5); F1<15>(E2,A2,B2,C2,D2,m_M[ 0] ); + F5< 8>(D1,E1,A1,B1,C1,m_M[ 6]+MAGIC5); F1<13>(D2,E2,A2,B2,C2,m_M[ 3] ); + F5< 5>(C1,D1,E1,A1,B1,m_M[15]+MAGIC5); F1<11>(C2,D2,E2,A2,B2,m_M[ 9] ); + F5< 6>(B1,C1,D1,E1,A1,m_M[13]+MAGIC5); F1<11>(B2,C2,D2,E2,A2,m_M[11] ); C1 = m_digest[1] + C1 + D2; m_digest[1] = m_digest[2] + D1 + E2; diff --git a/src/lib/hash/sha1/sha160.cpp b/src/lib/hash/sha1/sha160.cpp index fcca673414..8c12a4f042 100644 --- a/src/lib/hash/sha1/sha160.cpp +++ b/src/lib/hash/sha1/sha160.cpp @@ -24,8 +24,8 @@ namespace { */ inline void F1(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += (D ^ (B & (C ^ D))) + msg + 0x5A827999 + rotate_left(A, 5); - B = rotate_left(B, 30); + E += (D ^ (B & (C ^ D))) + msg + 0x5A827999 + rotl<5>(A); + B = rotl<30>(B); } /* @@ -33,8 +33,8 @@ inline void F1(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uin */ inline void F2(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += (B ^ C ^ D) + msg + 0x6ED9EBA1 + rotate_left(A, 5); - B = rotate_left(B, 30); + E += (B ^ C ^ D) + msg + 0x6ED9EBA1 + rotl<5>(A); + B = rotl<30>(B); } /* @@ -42,8 +42,8 @@ inline void F2(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uin */ inline void F3(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += ((B & C) | ((B | C) & D)) + msg + 0x8F1BBCDC + rotate_left(A, 5); - B = rotate_left(B, 30); + E += ((B & C) | ((B | C) & D)) + msg + 0x8F1BBCDC + rotl<5>(A); + B = rotl<30>(B); } /* @@ -51,8 +51,8 @@ inline void F3(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uin */ inline void F4(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += (B ^ C ^ D) + msg + 0xCA62C1D6 + rotate_left(A, 5); - B = rotate_left(B, 30); + E += (B ^ C ^ D) + msg + 0xCA62C1D6 + rotl<5>(A); + B = rotl<30>(B); } } @@ -99,14 +99,14 @@ void SHA_160::compress_n(const uint8_t input[], size_t blocks) for(size_t j = 16; j != 80; j += 8) { - m_W[j ] = rotate_left((m_W[j-3] ^ m_W[j-8] ^ m_W[j-14] ^ m_W[j-16]), 1); - m_W[j+1] = rotate_left((m_W[j-2] ^ m_W[j-7] ^ m_W[j-13] ^ m_W[j-15]), 1); - m_W[j+2] = rotate_left((m_W[j-1] ^ m_W[j-6] ^ m_W[j-12] ^ m_W[j-14]), 1); - m_W[j+3] = rotate_left((m_W[j ] ^ m_W[j-5] ^ m_W[j-11] ^ m_W[j-13]), 1); - m_W[j+4] = rotate_left((m_W[j+1] ^ m_W[j-4] ^ m_W[j-10] ^ m_W[j-12]), 1); - m_W[j+5] = rotate_left((m_W[j+2] ^ m_W[j-3] ^ m_W[j- 9] ^ m_W[j-11]), 1); - m_W[j+6] = rotate_left((m_W[j+3] ^ m_W[j-2] ^ m_W[j- 8] ^ m_W[j-10]), 1); - m_W[j+7] = rotate_left((m_W[j+4] ^ m_W[j-1] ^ m_W[j- 7] ^ m_W[j- 9]), 1); + m_W[j ] = rotl<1>(m_W[j-3] ^ m_W[j-8] ^ m_W[j-14] ^ m_W[j-16]); + m_W[j+1] = rotl<1>(m_W[j-2] ^ m_W[j-7] ^ m_W[j-13] ^ m_W[j-15]); + m_W[j+2] = rotl<1>(m_W[j-1] ^ m_W[j-6] ^ m_W[j-12] ^ m_W[j-14]); + m_W[j+3] = rotl<1>(m_W[j ] ^ m_W[j-5] ^ m_W[j-11] ^ m_W[j-13]); + m_W[j+4] = rotl<1>(m_W[j+1] ^ m_W[j-4] ^ m_W[j-10] ^ m_W[j-12]); + m_W[j+5] = rotl<1>(m_W[j+2] ^ m_W[j-3] ^ m_W[j- 9] ^ m_W[j-11]); + m_W[j+6] = rotl<1>(m_W[j+3] ^ m_W[j-2] ^ m_W[j- 8] ^ m_W[j-10]); + m_W[j+7] = rotl<1>(m_W[j+4] ^ m_W[j-1] ^ m_W[j- 7] ^ m_W[j- 9]); } F1(A, B, C, D, E, m_W[ 0]); F1(E, A, B, C, D, m_W[ 1]); diff --git a/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp b/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp index 8c77850511..0b7f8f8379 100644 --- a/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp +++ b/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp @@ -113,8 +113,8 @@ W0 = W[t]..W[t+3] */ inline void F1(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += (D ^ (B & (C ^ D))) + msg + rotate_left(A, 5); - B = rotate_left(B, 30); + E += (D ^ (B & (C ^ D))) + msg + rotl<5>(A); + B = rotl<30>(B); } /* @@ -122,8 +122,8 @@ inline void F1(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uin */ inline void F2(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += (B ^ C ^ D) + msg + rotate_left(A, 5); - B = rotate_left(B, 30); + E += (B ^ C ^ D) + msg + rotl<5>(A); + B = rotl<30>(B); } /* @@ -131,8 +131,8 @@ inline void F2(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uin */ inline void F3(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += ((B & C) | ((B | C) & D)) + msg + rotate_left(A, 5); - B = rotate_left(B, 30); + E += ((B & C) | ((B | C) & D)) + msg + rotl<5>(A); + B = rotl<30>(B); } /* @@ -140,8 +140,8 @@ inline void F3(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uin */ inline void F4(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) { - E += (B ^ C ^ D) + msg + rotate_left(A, 5); - B = rotate_left(B, 30); + E += (B ^ C ^ D) + msg + rotl<5>(A); + B = rotl<30>(B); } } diff --git a/src/lib/hash/sha2_32/sha2_32.cpp b/src/lib/hash/sha2_32/sha2_32.cpp index 281e6ed2b6..0710747d0e 100644 --- a/src/lib/hash/sha2_32/sha2_32.cpp +++ b/src/lib/hash/sha2_32/sha2_32.cpp @@ -28,10 +28,10 @@ std::unique_ptr SHA_256::copy_state() const * even though it is much faster if inlined. */ #define SHA2_32_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic) do { \ - uint32_t A_rho = rotate_right(A, 2) ^ rotate_right(A, 13) ^ rotate_right(A, 22); \ - uint32_t E_rho = rotate_right(E, 6) ^ rotate_right(E, 11) ^ rotate_right(E, 25); \ - uint32_t M2_sigma = rotate_right(M2, 17) ^ rotate_right(M2, 19) ^ (M2 >> 10); \ - uint32_t M4_sigma = rotate_right(M4, 7) ^ rotate_right(M4, 18) ^ (M4 >> 3); \ + uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); \ + uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); \ + uint32_t M2_sigma = rotr<17>(M2) ^ rotr<19>(M2) ^ (M2 >> 10); \ + uint32_t M4_sigma = rotr<7>(M4) ^ rotr<18>(M4) ^ (M4 >> 3); \ H += magic + E_rho + ((E & F) ^ (~E & G)) + M1; \ D += H; \ H += A_rho + ((A & B) | ((A | B) & C)); \ diff --git a/src/lib/hash/sha2_64/sha2_64.cpp b/src/lib/hash/sha2_64/sha2_64.cpp index 8e01b6b4d2..45992e9968 100644 --- a/src/lib/hash/sha2_64/sha2_64.cpp +++ b/src/lib/hash/sha2_64/sha2_64.cpp @@ -26,44 +26,29 @@ std::unique_ptr SHA_512_256::copy_state() const namespace { -namespace SHA2_64 { - -/* -* SHA-{384,512} Rho Function -*/ -inline uint64_t rho(uint64_t X, uint32_t rot1, uint32_t rot2, uint32_t rot3) - { - return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ - rotate_right(X, rot3)); - } - -/* -* SHA-{384,512} Sigma Function -*/ -inline uint64_t sigma(uint64_t X, uint32_t rot1, uint32_t rot2, uint32_t shift) - { - return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ (X >> shift)); - } - /* * SHA-512 F1 Function * * Use a macro as many compilers won't inline a function this big, * even though it is much faster if inlined. */ -#define SHA2_64_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic) \ - do { \ - H += magic + rho(E, 14, 18, 41) + ((E & F) ^ (~E & G)) + M1; \ - D += H; \ - H += rho(A, 28, 34, 39) + ((A & B) | ((A | B) & C)); \ - M1 += sigma(M2, 19, 61, 6) + M3 + sigma(M4, 1, 8, 7); \ +#define SHA2_64_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic) \ + do { \ + const uint64_t E_rho = rotr<14>(E) ^ rotr<18>(E) ^ rotr<41>(E); \ + const uint64_t A_rho = rotr<28>(A) ^ rotr<34>(A) ^ rotr<39>(A); \ + const uint64_t M2_sigma = rotr<19>(M2) ^ rotr<61>(M2) ^ (M2 >> 6); \ + const uint64_t M4_sigma = rotr<1>(M4) ^ rotr<8>(M4) ^ (M4 >> 7); \ + H += magic + E_rho + ((E & F) ^ (~E & G)) + M1; \ + D += H; \ + H += A_rho + ((A & B) | ((A | B) & C)); \ + M1 += M2_sigma + M3 + M4_sigma; \ } while(0); /* * SHA-{384,512} Compression Function */ -void compress(secure_vector& digest, - const uint8_t input[], size_t blocks) +void SHA64_compress(secure_vector& digest, + const uint8_t input[], size_t blocks) { uint64_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], @@ -184,21 +169,19 @@ void compress(secure_vector& digest, } -} - void SHA_512_256::compress_n(const uint8_t input[], size_t blocks) { - SHA2_64::compress(m_digest, input, blocks); + SHA64_compress(m_digest, input, blocks); } void SHA_384::compress_n(const uint8_t input[], size_t blocks) { - SHA2_64::compress(m_digest, input, blocks); + SHA64_compress(m_digest, input, blocks); } void SHA_512::compress_n(const uint8_t input[], size_t blocks) { - SHA2_64::compress(m_digest, input, blocks); + SHA64_compress(m_digest, input, blocks); } void SHA_512_256::copy_out(uint8_t output[]) diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index e829c3f700..1556e54986 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -37,37 +37,37 @@ void SHA_3::permute(uint64_t A[25]) const uint64_t C3 = A[3] ^ A[8] ^ A[13] ^ A[18] ^ A[23]; const uint64_t C4 = A[4] ^ A[9] ^ A[14] ^ A[19] ^ A[24]; - const uint64_t D0 = rotate_left(C0, 1) ^ C3; - const uint64_t D1 = rotate_left(C1, 1) ^ C4; - const uint64_t D2 = rotate_left(C2, 1) ^ C0; - const uint64_t D3 = rotate_left(C3, 1) ^ C1; - const uint64_t D4 = rotate_left(C4, 1) ^ C2; + const uint64_t D0 = rotl<1>(C0) ^ C3; + const uint64_t D1 = rotl<1>(C1) ^ C4; + const uint64_t D2 = rotl<1>(C2) ^ C0; + const uint64_t D3 = rotl<1>(C3) ^ C1; + const uint64_t D4 = rotl<1>(C4) ^ C2; const uint64_t B00 = A[ 0] ^ D1; - const uint64_t B10 = rotate_left(A[ 1] ^ D2, 1); - const uint64_t B20 = rotate_left(A[ 2] ^ D3, 62); - const uint64_t B05 = rotate_left(A[ 3] ^ D4, 28); - const uint64_t B15 = rotate_left(A[ 4] ^ D0, 27); - const uint64_t B16 = rotate_left(A[ 5] ^ D1, 36); - const uint64_t B01 = rotate_left(A[ 6] ^ D2, 44); - const uint64_t B11 = rotate_left(A[ 7] ^ D3, 6); - const uint64_t B21 = rotate_left(A[ 8] ^ D4, 55); - const uint64_t B06 = rotate_left(A[ 9] ^ D0, 20); - const uint64_t B07 = rotate_left(A[10] ^ D1, 3); - const uint64_t B17 = rotate_left(A[11] ^ D2, 10); - const uint64_t B02 = rotate_left(A[12] ^ D3, 43); - const uint64_t B12 = rotate_left(A[13] ^ D4, 25); - const uint64_t B22 = rotate_left(A[14] ^ D0, 39); - const uint64_t B23 = rotate_left(A[15] ^ D1, 41); - const uint64_t B08 = rotate_left(A[16] ^ D2, 45); - const uint64_t B18 = rotate_left(A[17] ^ D3, 15); - const uint64_t B03 = rotate_left(A[18] ^ D4, 21); - const uint64_t B13 = rotate_left(A[19] ^ D0, 8); - const uint64_t B14 = rotate_left(A[20] ^ D1, 18); - const uint64_t B24 = rotate_left(A[21] ^ D2, 2); - const uint64_t B09 = rotate_left(A[22] ^ D3, 61); - const uint64_t B19 = rotate_left(A[23] ^ D4, 56); - const uint64_t B04 = rotate_left(A[24] ^ D0, 14); + const uint64_t B10 = rotl<1>(A[ 1] ^ D2); + const uint64_t B20 = rotl<62>(A[ 2] ^ D3); + const uint64_t B05 = rotl<28>(A[ 3] ^ D4); + const uint64_t B15 = rotl<27>(A[ 4] ^ D0); + const uint64_t B16 = rotl<36>(A[ 5] ^ D1); + const uint64_t B01 = rotl<44>(A[ 6] ^ D2); + const uint64_t B11 = rotl<6>(A[ 7] ^ D3); + const uint64_t B21 = rotl<55>(A[ 8] ^ D4); + const uint64_t B06 = rotl<20>(A[ 9] ^ D0); + const uint64_t B07 = rotl<3>(A[10] ^ D1); + const uint64_t B17 = rotl<10>(A[11] ^ D2); + const uint64_t B02 = rotl<43>(A[12] ^ D3); + const uint64_t B12 = rotl<25>(A[13] ^ D4); + const uint64_t B22 = rotl<39>(A[14] ^ D0); + const uint64_t B23 = rotl<41>(A[15] ^ D1); + const uint64_t B08 = rotl<45>(A[16] ^ D2); + const uint64_t B18 = rotl<15>(A[17] ^ D3); + const uint64_t B03 = rotl<21>(A[18] ^ D4); + const uint64_t B13 = rotl<8>(A[19] ^ D0); + const uint64_t B14 = rotl<18>(A[20] ^ D1); + const uint64_t B24 = rotl<2>(A[21] ^ D2); + const uint64_t B09 = rotl<61>(A[22] ^ D3); + const uint64_t B19 = rotl<56>(A[23] ^ D4); + const uint64_t B04 = rotl<14>(A[24] ^ D0); A[ 0] = B00 ^ (~B01 & B02); A[ 1] = B01 ^ (~B02 & B03); diff --git a/src/lib/hash/sm3/sm3.cpp b/src/lib/hash/sm3/sm3.cpp index aeb8f2e47e..c3220d243e 100644 --- a/src/lib/hash/sm3/sm3.cpp +++ b/src/lib/hash/sm3/sm3.cpp @@ -23,12 +23,12 @@ const uint32_t SM3_IV[] = { inline uint32_t P0(uint32_t X) { - return X ^ rotate_left(X, 9) ^ rotate_left(X, 17); + return X ^ rotl<9>(X) ^ rotl<17>(X); } inline uint32_t P1(uint32_t X) { - return X ^ rotate_left(X, 15) ^ rotate_left(X, 23); + return X ^ rotl<15>(X) ^ rotl<23>(X); } inline uint32_t FF1(uint32_t X, uint32_t Y, uint32_t Z) @@ -47,14 +47,14 @@ inline void R1(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D, uint32_t E, uint32_t& F, uint32_t G, uint32_t& H, uint32_t TJ, uint32_t Wi, uint32_t Wj) { - const uint32_t A12 = rotate_left(A, 12); - const uint32_t SS1 = rotate_left(A12 + E + TJ, 7); + const uint32_t A12 = rotl<12>(A); + const uint32_t SS1 = rotl<7>(A12 + E + TJ); const uint32_t TT1 = (A ^ B ^ C) + D + (SS1 ^ A12) + Wj; const uint32_t TT2 = (E ^ F ^ G) + H + SS1 + Wi; - B = rotate_left(B, 9); + B = rotl<9>(B); D = TT1; - F = rotate_left(F, 19); + F = rotl<19>(F); H = P0(TT2); } @@ -62,14 +62,14 @@ inline void R2(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D, uint32_t E, uint32_t& F, uint32_t G, uint32_t& H, uint32_t TJ, uint32_t Wi, uint32_t Wj) { - const uint32_t A12 = rotate_left(A, 12); - const uint32_t SS1 = rotate_left(A12 + E + TJ, 7); + const uint32_t A12 = rotl<12>(A); + const uint32_t SS1 = rotl<7>(A12 + E + TJ); const uint32_t TT1 = FF1(A, B, C) + D + (SS1 ^ A12) + Wj; const uint32_t TT2 = GG1(E, F, G) + H + SS1 + Wi; - B = rotate_left(B, 9); + B = rotl<9>(B); D = TT1; - F = rotate_left(F, 19); + F = rotl<19>(F); H = P0(TT2); } @@ -105,58 +105,58 @@ void SM3::compress_n(const uint8_t input[], size_t blocks) W[15] = load_be(input, 15); // Message Extension (b) - W[16] = P1(W[ 0] ^ W[ 7] ^ rotate_left(W[13], 15)) ^ rotate_left(W[ 3], 7) ^ W[10]; - W[17] = P1(W[ 1] ^ W[ 8] ^ rotate_left(W[14], 15)) ^ rotate_left(W[ 4], 7) ^ W[11]; - W[18] = P1(W[ 2] ^ W[ 9] ^ rotate_left(W[15], 15)) ^ rotate_left(W[ 5], 7) ^ W[12]; - W[19] = P1(W[ 3] ^ W[10] ^ rotate_left(W[16], 15)) ^ rotate_left(W[ 6], 7) ^ W[13]; - W[20] = P1(W[ 4] ^ W[11] ^ rotate_left(W[17], 15)) ^ rotate_left(W[ 7], 7) ^ W[14]; - W[21] = P1(W[ 5] ^ W[12] ^ rotate_left(W[18], 15)) ^ rotate_left(W[ 8], 7) ^ W[15]; - W[22] = P1(W[ 6] ^ W[13] ^ rotate_left(W[19], 15)) ^ rotate_left(W[ 9], 7) ^ W[16]; - W[23] = P1(W[ 7] ^ W[14] ^ rotate_left(W[20], 15)) ^ rotate_left(W[10], 7) ^ W[17]; - W[24] = P1(W[ 8] ^ W[15] ^ rotate_left(W[21], 15)) ^ rotate_left(W[11], 7) ^ W[18]; - W[25] = P1(W[ 9] ^ W[16] ^ rotate_left(W[22], 15)) ^ rotate_left(W[12], 7) ^ W[19]; - W[26] = P1(W[10] ^ W[17] ^ rotate_left(W[23], 15)) ^ rotate_left(W[13], 7) ^ W[20]; - W[27] = P1(W[11] ^ W[18] ^ rotate_left(W[24], 15)) ^ rotate_left(W[14], 7) ^ W[21]; - W[28] = P1(W[12] ^ W[19] ^ rotate_left(W[25], 15)) ^ rotate_left(W[15], 7) ^ W[22]; - W[29] = P1(W[13] ^ W[20] ^ rotate_left(W[26], 15)) ^ rotate_left(W[16], 7) ^ W[23]; - W[30] = P1(W[14] ^ W[21] ^ rotate_left(W[27], 15)) ^ rotate_left(W[17], 7) ^ W[24]; - W[31] = P1(W[15] ^ W[22] ^ rotate_left(W[28], 15)) ^ rotate_left(W[18], 7) ^ W[25]; - W[32] = P1(W[16] ^ W[23] ^ rotate_left(W[29], 15)) ^ rotate_left(W[19], 7) ^ W[26]; - W[33] = P1(W[17] ^ W[24] ^ rotate_left(W[30], 15)) ^ rotate_left(W[20], 7) ^ W[27]; - W[34] = P1(W[18] ^ W[25] ^ rotate_left(W[31], 15)) ^ rotate_left(W[21], 7) ^ W[28]; - W[35] = P1(W[19] ^ W[26] ^ rotate_left(W[32], 15)) ^ rotate_left(W[22], 7) ^ W[29]; - W[36] = P1(W[20] ^ W[27] ^ rotate_left(W[33], 15)) ^ rotate_left(W[23], 7) ^ W[30]; - W[37] = P1(W[21] ^ W[28] ^ rotate_left(W[34], 15)) ^ rotate_left(W[24], 7) ^ W[31]; - W[38] = P1(W[22] ^ W[29] ^ rotate_left(W[35], 15)) ^ rotate_left(W[25], 7) ^ W[32]; - W[39] = P1(W[23] ^ W[30] ^ rotate_left(W[36], 15)) ^ rotate_left(W[26], 7) ^ W[33]; - W[40] = P1(W[24] ^ W[31] ^ rotate_left(W[37], 15)) ^ rotate_left(W[27], 7) ^ W[34]; - W[41] = P1(W[25] ^ W[32] ^ rotate_left(W[38], 15)) ^ rotate_left(W[28], 7) ^ W[35]; - W[42] = P1(W[26] ^ W[33] ^ rotate_left(W[39], 15)) ^ rotate_left(W[29], 7) ^ W[36]; - W[43] = P1(W[27] ^ W[34] ^ rotate_left(W[40], 15)) ^ rotate_left(W[30], 7) ^ W[37]; - W[44] = P1(W[28] ^ W[35] ^ rotate_left(W[41], 15)) ^ rotate_left(W[31], 7) ^ W[38]; - W[45] = P1(W[29] ^ W[36] ^ rotate_left(W[42], 15)) ^ rotate_left(W[32], 7) ^ W[39]; - W[46] = P1(W[30] ^ W[37] ^ rotate_left(W[43], 15)) ^ rotate_left(W[33], 7) ^ W[40]; - W[47] = P1(W[31] ^ W[38] ^ rotate_left(W[44], 15)) ^ rotate_left(W[34], 7) ^ W[41]; - W[48] = P1(W[32] ^ W[39] ^ rotate_left(W[45], 15)) ^ rotate_left(W[35], 7) ^ W[42]; - W[49] = P1(W[33] ^ W[40] ^ rotate_left(W[46], 15)) ^ rotate_left(W[36], 7) ^ W[43]; - W[50] = P1(W[34] ^ W[41] ^ rotate_left(W[47], 15)) ^ rotate_left(W[37], 7) ^ W[44]; - W[51] = P1(W[35] ^ W[42] ^ rotate_left(W[48], 15)) ^ rotate_left(W[38], 7) ^ W[45]; - W[52] = P1(W[36] ^ W[43] ^ rotate_left(W[49], 15)) ^ rotate_left(W[39], 7) ^ W[46]; - W[53] = P1(W[37] ^ W[44] ^ rotate_left(W[50], 15)) ^ rotate_left(W[40], 7) ^ W[47]; - W[54] = P1(W[38] ^ W[45] ^ rotate_left(W[51], 15)) ^ rotate_left(W[41], 7) ^ W[48]; - W[55] = P1(W[39] ^ W[46] ^ rotate_left(W[52], 15)) ^ rotate_left(W[42], 7) ^ W[49]; - W[56] = P1(W[40] ^ W[47] ^ rotate_left(W[53], 15)) ^ rotate_left(W[43], 7) ^ W[50]; - W[57] = P1(W[41] ^ W[48] ^ rotate_left(W[54], 15)) ^ rotate_left(W[44], 7) ^ W[51]; - W[58] = P1(W[42] ^ W[49] ^ rotate_left(W[55], 15)) ^ rotate_left(W[45], 7) ^ W[52]; - W[59] = P1(W[43] ^ W[50] ^ rotate_left(W[56], 15)) ^ rotate_left(W[46], 7) ^ W[53]; - W[60] = P1(W[44] ^ W[51] ^ rotate_left(W[57], 15)) ^ rotate_left(W[47], 7) ^ W[54]; - W[61] = P1(W[45] ^ W[52] ^ rotate_left(W[58], 15)) ^ rotate_left(W[48], 7) ^ W[55]; - W[62] = P1(W[46] ^ W[53] ^ rotate_left(W[59], 15)) ^ rotate_left(W[49], 7) ^ W[56]; - W[63] = P1(W[47] ^ W[54] ^ rotate_left(W[60], 15)) ^ rotate_left(W[50], 7) ^ W[57]; - W[64] = P1(W[48] ^ W[55] ^ rotate_left(W[61], 15)) ^ rotate_left(W[51], 7) ^ W[58]; - W[65] = P1(W[49] ^ W[56] ^ rotate_left(W[62], 15)) ^ rotate_left(W[52], 7) ^ W[59]; - W[66] = P1(W[50] ^ W[57] ^ rotate_left(W[63], 15)) ^ rotate_left(W[53], 7) ^ W[60]; - W[67] = P1(W[51] ^ W[58] ^ rotate_left(W[64], 15)) ^ rotate_left(W[54], 7) ^ W[61]; + W[16] = P1(W[ 0] ^ W[ 7] ^ rotl<15>(W[13])) ^ rotl<7>(W[ 3]) ^ W[10]; + W[17] = P1(W[ 1] ^ W[ 8] ^ rotl<15>(W[14])) ^ rotl<7>(W[ 4]) ^ W[11]; + W[18] = P1(W[ 2] ^ W[ 9] ^ rotl<15>(W[15])) ^ rotl<7>(W[ 5]) ^ W[12]; + W[19] = P1(W[ 3] ^ W[10] ^ rotl<15>(W[16])) ^ rotl<7>(W[ 6]) ^ W[13]; + W[20] = P1(W[ 4] ^ W[11] ^ rotl<15>(W[17])) ^ rotl<7>(W[ 7]) ^ W[14]; + W[21] = P1(W[ 5] ^ W[12] ^ rotl<15>(W[18])) ^ rotl<7>(W[ 8]) ^ W[15]; + W[22] = P1(W[ 6] ^ W[13] ^ rotl<15>(W[19])) ^ rotl<7>(W[ 9]) ^ W[16]; + W[23] = P1(W[ 7] ^ W[14] ^ rotl<15>(W[20])) ^ rotl<7>(W[10]) ^ W[17]; + W[24] = P1(W[ 8] ^ W[15] ^ rotl<15>(W[21])) ^ rotl<7>(W[11]) ^ W[18]; + W[25] = P1(W[ 9] ^ W[16] ^ rotl<15>(W[22])) ^ rotl<7>(W[12]) ^ W[19]; + W[26] = P1(W[10] ^ W[17] ^ rotl<15>(W[23])) ^ rotl<7>(W[13]) ^ W[20]; + W[27] = P1(W[11] ^ W[18] ^ rotl<15>(W[24])) ^ rotl<7>(W[14]) ^ W[21]; + W[28] = P1(W[12] ^ W[19] ^ rotl<15>(W[25])) ^ rotl<7>(W[15]) ^ W[22]; + W[29] = P1(W[13] ^ W[20] ^ rotl<15>(W[26])) ^ rotl<7>(W[16]) ^ W[23]; + W[30] = P1(W[14] ^ W[21] ^ rotl<15>(W[27])) ^ rotl<7>(W[17]) ^ W[24]; + W[31] = P1(W[15] ^ W[22] ^ rotl<15>(W[28])) ^ rotl<7>(W[18]) ^ W[25]; + W[32] = P1(W[16] ^ W[23] ^ rotl<15>(W[29])) ^ rotl<7>(W[19]) ^ W[26]; + W[33] = P1(W[17] ^ W[24] ^ rotl<15>(W[30])) ^ rotl<7>(W[20]) ^ W[27]; + W[34] = P1(W[18] ^ W[25] ^ rotl<15>(W[31])) ^ rotl<7>(W[21]) ^ W[28]; + W[35] = P1(W[19] ^ W[26] ^ rotl<15>(W[32])) ^ rotl<7>(W[22]) ^ W[29]; + W[36] = P1(W[20] ^ W[27] ^ rotl<15>(W[33])) ^ rotl<7>(W[23]) ^ W[30]; + W[37] = P1(W[21] ^ W[28] ^ rotl<15>(W[34])) ^ rotl<7>(W[24]) ^ W[31]; + W[38] = P1(W[22] ^ W[29] ^ rotl<15>(W[35])) ^ rotl<7>(W[25]) ^ W[32]; + W[39] = P1(W[23] ^ W[30] ^ rotl<15>(W[36])) ^ rotl<7>(W[26]) ^ W[33]; + W[40] = P1(W[24] ^ W[31] ^ rotl<15>(W[37])) ^ rotl<7>(W[27]) ^ W[34]; + W[41] = P1(W[25] ^ W[32] ^ rotl<15>(W[38])) ^ rotl<7>(W[28]) ^ W[35]; + W[42] = P1(W[26] ^ W[33] ^ rotl<15>(W[39])) ^ rotl<7>(W[29]) ^ W[36]; + W[43] = P1(W[27] ^ W[34] ^ rotl<15>(W[40])) ^ rotl<7>(W[30]) ^ W[37]; + W[44] = P1(W[28] ^ W[35] ^ rotl<15>(W[41])) ^ rotl<7>(W[31]) ^ W[38]; + W[45] = P1(W[29] ^ W[36] ^ rotl<15>(W[42])) ^ rotl<7>(W[32]) ^ W[39]; + W[46] = P1(W[30] ^ W[37] ^ rotl<15>(W[43])) ^ rotl<7>(W[33]) ^ W[40]; + W[47] = P1(W[31] ^ W[38] ^ rotl<15>(W[44])) ^ rotl<7>(W[34]) ^ W[41]; + W[48] = P1(W[32] ^ W[39] ^ rotl<15>(W[45])) ^ rotl<7>(W[35]) ^ W[42]; + W[49] = P1(W[33] ^ W[40] ^ rotl<15>(W[46])) ^ rotl<7>(W[36]) ^ W[43]; + W[50] = P1(W[34] ^ W[41] ^ rotl<15>(W[47])) ^ rotl<7>(W[37]) ^ W[44]; + W[51] = P1(W[35] ^ W[42] ^ rotl<15>(W[48])) ^ rotl<7>(W[38]) ^ W[45]; + W[52] = P1(W[36] ^ W[43] ^ rotl<15>(W[49])) ^ rotl<7>(W[39]) ^ W[46]; + W[53] = P1(W[37] ^ W[44] ^ rotl<15>(W[50])) ^ rotl<7>(W[40]) ^ W[47]; + W[54] = P1(W[38] ^ W[45] ^ rotl<15>(W[51])) ^ rotl<7>(W[41]) ^ W[48]; + W[55] = P1(W[39] ^ W[46] ^ rotl<15>(W[52])) ^ rotl<7>(W[42]) ^ W[49]; + W[56] = P1(W[40] ^ W[47] ^ rotl<15>(W[53])) ^ rotl<7>(W[43]) ^ W[50]; + W[57] = P1(W[41] ^ W[48] ^ rotl<15>(W[54])) ^ rotl<7>(W[44]) ^ W[51]; + W[58] = P1(W[42] ^ W[49] ^ rotl<15>(W[55])) ^ rotl<7>(W[45]) ^ W[52]; + W[59] = P1(W[43] ^ W[50] ^ rotl<15>(W[56])) ^ rotl<7>(W[46]) ^ W[53]; + W[60] = P1(W[44] ^ W[51] ^ rotl<15>(W[57])) ^ rotl<7>(W[47]) ^ W[54]; + W[61] = P1(W[45] ^ W[52] ^ rotl<15>(W[58])) ^ rotl<7>(W[48]) ^ W[55]; + W[62] = P1(W[46] ^ W[53] ^ rotl<15>(W[59])) ^ rotl<7>(W[49]) ^ W[56]; + W[63] = P1(W[47] ^ W[54] ^ rotl<15>(W[60])) ^ rotl<7>(W[50]) ^ W[57]; + W[64] = P1(W[48] ^ W[55] ^ rotl<15>(W[61])) ^ rotl<7>(W[51]) ^ W[58]; + W[65] = P1(W[49] ^ W[56] ^ rotl<15>(W[62])) ^ rotl<7>(W[52]) ^ W[59]; + W[66] = P1(W[50] ^ W[57] ^ rotl<15>(W[63])) ^ rotl<7>(W[53]) ^ W[60]; + W[67] = P1(W[51] ^ W[58] ^ rotl<15>(W[64])) ^ rotl<7>(W[54]) ^ W[61]; R1(A, B, C, D, E, F, G, H, 0x79CC4519, W[ 0], W[ 0] ^ W[ 4]); R1(D, A, B, C, H, E, F, G, 0xF3988A32, W[ 1], W[ 1] ^ W[ 5]); diff --git a/src/lib/mac/siphash/siphash.cpp b/src/lib/mac/siphash/siphash.cpp index 54adcd5a5d..255a35493b 100644 --- a/src/lib/mac/siphash/siphash.cpp +++ b/src/lib/mac/siphash/siphash.cpp @@ -19,16 +19,16 @@ void SipRounds(uint64_t M, secure_vector& V, size_t r) for(size_t i = 0; i != r; ++i) { V0 += V1; V2 += V3; - V1 = rotate_left(V1, 13); - V3 = rotate_left(V3, 16); + V1 = rotl<13>(V1); + V3 = rotl<16>(V3); V1 ^= V0; V3 ^= V2; - V0 = rotate_left(V0, 32); + V0 = rotl<32>(V0); V2 += V1; V0 += V3; - V1 = rotate_left(V1, 17); - V3 = rotate_left(V3, 21); + V1 = rotl<17>(V1); + V3 = rotl<21>(V3); V1 ^= V2; V3 ^= V0; - V2 = rotate_left(V2, 32); + V2 = rotl<32>(V2); } V0 ^= M; diff --git a/src/lib/stream/chacha/chacha.cpp b/src/lib/stream/chacha/chacha.cpp index d56f9e60a7..0bbb47bcbf 100644 --- a/src/lib/stream/chacha/chacha.cpp +++ b/src/lib/stream/chacha/chacha.cpp @@ -49,12 +49,12 @@ void ChaCha::chacha_x4(uint8_t output[64*4], uint32_t input[16], size_t rounds) x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11], x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15]; -#define CHACHA_QUARTER_ROUND(a, b, c, d) \ - do { \ - a += b; d ^= a; d = rotate_left(d, 16); \ - c += d; b ^= c; b = rotate_left(b, 12); \ - a += b; d ^= a; d = rotate_left(d, 8); \ - c += d; b ^= c; b = rotate_left(b, 7); \ +#define CHACHA_QUARTER_ROUND(a, b, c, d) \ + do { \ + a += b; d ^= a; d = rotl<16>(d); \ + c += d; b ^= c; b = rotl<12>(b); \ + a += b; d ^= a; d = rotl<8>(d); \ + c += d; b ^= c; b = rotl<7>(b); \ } while(0) for(size_t r = 0; r != rounds / 2; ++r) diff --git a/src/lib/stream/salsa20/salsa20.cpp b/src/lib/stream/salsa20/salsa20.cpp index 1c88461836..e27b2d2bbf 100644 --- a/src/lib/stream/salsa20/salsa20.cpp +++ b/src/lib/stream/salsa20/salsa20.cpp @@ -14,10 +14,10 @@ namespace { #define SALSA20_QUARTER_ROUND(x1, x2, x3, x4) \ do { \ - x2 ^= rotate_left(x1 + x4, 7); \ - x3 ^= rotate_left(x2 + x1, 9); \ - x4 ^= rotate_left(x3 + x2, 13); \ - x1 ^= rotate_left(x4 + x3, 18); \ + x2 ^= rotl<7>(x1 + x4); \ + x3 ^= rotl<9>(x2 + x1); \ + x4 ^= rotl<13>(x3 + x2); \ + x1 ^= rotl<18>(x4 + x3); \ } while(0) /* @@ -26,9 +26,9 @@ namespace { void hsalsa20(uint32_t output[8], const uint32_t input[16]) { uint32_t x00 = input[ 0], x01 = input[ 1], x02 = input[ 2], x03 = input[ 3], - x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7], - x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11], - x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15]; + x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7], + x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11], + x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15]; for(size_t i = 0; i != 10; ++i) { @@ -59,9 +59,9 @@ void hsalsa20(uint32_t output[8], const uint32_t input[16]) void salsa20(uint8_t output[64], const uint32_t input[16]) { uint32_t x00 = input[ 0], x01 = input[ 1], x02 = input[ 2], x03 = input[ 3], - x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7], - x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11], - x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15]; + x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7], + x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11], + x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15]; for(size_t i = 0; i != 10; ++i) { diff --git a/src/lib/utils/bswap.h b/src/lib/utils/bswap.h index 23b3113ce4..c1aa8b5943 100644 --- a/src/lib/utils/bswap.h +++ b/src/lib/utils/bswap.h @@ -19,7 +19,7 @@ namespace Botan { */ inline uint16_t reverse_bytes(uint16_t val) { - return rotate_left(val, 8); + return rotl<8>(val); } /** @@ -64,8 +64,8 @@ inline uint32_t reverse_bytes(uint32_t val) #else // Generic implementation - return (rotate_right(val, 8) & 0xFF00FF00) | - (rotate_left (val, 8) & 0x00FF00FF); + return (rotr<8>(val) & 0xFF00FF00) | + (rotl<8>(val) & 0x00FF00FF); #endif } diff --git a/src/lib/utils/rotate.h b/src/lib/utils/rotate.h index 6aeb631b39..adc620febf 100644 --- a/src/lib/utils/rotate.h +++ b/src/lib/utils/rotate.h @@ -1,6 +1,6 @@ /* * Word Rotation Operations -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2008,2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -13,50 +13,74 @@ namespace Botan { /** -* Bit rotation left +* Bit rotation left by a compile-time constant amount * @param input the input word -* @param rot the number of bits to rotate -* @return input rotated left by rot bits +* @return input rotated left by ROT bits */ -template inline T rotate_left(T input, uint8_t rot) +template +inline T rotl(T input) { - rot %= 8 * sizeof(T); - return (rot == 0) ? input : static_cast((input << rot) | (input >> (8*sizeof(T)-rot)));; + static_assert(ROT > 0 && ROT < 8*sizeof(T), "Invalid rotation constant"); + return static_cast((input << ROT) | (input >> (8*sizeof(T) - ROT))); } /** -* Bit rotation right +* Bit rotation right by a compile-time constant amount * @param input the input word -* @param rot the number of bits to rotate -* @return input rotated right by rot bits +* @return input rotated right by ROT bits */ -template inline T rotate_right(T input, uint8_t rot) +template +inline T rotr(T input) { - rot %= 8 * sizeof(T); - return (rot == 0) ? input : static_cast((input >> rot) | (input << (8*sizeof(T)-rot))); + static_assert(ROT > 0 && ROT < 8*sizeof(T), "Invalid rotation constant"); + return static_cast((input >> ROT) | (input << (8*sizeof(T) - ROT))); } -#if BOTAN_USE_GCC_INLINE_ASM - -#if defined(BOTAN_TARGET_ARCH_IS_X86_64) || defined(BOTAN_TARGET_ARCH_IS_X86_32) - -template<> -inline uint32_t rotate_left(uint32_t input, uint8_t rot) +/** +* Bit rotation left, variable rotation amount +* @param input the input word +* @param rot the number of bits to rotate, must be between 0 and sizeof(T)*8-1 +* @return input rotated left by rot bits +*/ +template +inline T rotl_var(T input, size_t rot) { - asm("roll %1,%0" : "+r" (input) : "c" (rot)); - return input; + /* + * This is a strange way of expressing the rotation operation but it + * so happens that both GCC and Clang will recognize it and turn it + * into a rotation, which cannot be said for many other forms. See + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82498 + */ + return static_cast((input << rot) | (input >> (-rot % (8*sizeof(T))))); } -template<> -inline uint32_t rotate_right(uint32_t input, uint8_t rot) +/** +* Bit rotation right, variable rotation amount +* @param input the input word +* @param rot the number of bits to rotate, must be between 0 and sizeof(T)*8-1 +* @return input rotated right by rot bits +*/ +template +inline T rotr_var(T input, size_t rot) { - asm("rorl %1,%0" : "+r" (input) : "c" (rot)); - return input; + return static_cast((input >> rot) | (input << (-rot % (8*sizeof(T))))); } -#endif +template +BOTAN_DEPRECATED("Use rotl or rotl_var") +inline T rotate_left(T input, size_t rot) + { + // rotl_var does not reduce + return rotl_var(input, rot % (8 * sizeof(T))); + } -#endif +template +BOTAN_DEPRECATED("Use rotr or rotr_var") +inline T rotate_right(T input, size_t rot) + { + // rotr_var does not reduce + return rotr_var(input, rot % (8 * sizeof(T))); + } } diff --git a/src/lib/utils/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index 2a177b3882..aca7a8e9a7 100644 --- a/src/lib/utils/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h @@ -281,56 +281,57 @@ class SIMD_4x32 final /* - Return rotate_right(x, rot1) ^ rotate_right(x, rot2) ^ rotate_right(x, rot3) + * This is used for SHA-2/SHACAL2 + * Return rotr(ROT1) ^ rotr(ROT2) ^ rotr(ROT3) */ - SIMD_4x32 rho(size_t rot1, size_t rot2, size_t rot3) const + template + SIMD_4x32 rho() const { SIMD_4x32 res; #if defined(BOTAN_SIMD_USE_SSE2) - res.m_sse = _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(32-rot1)), - _mm_srli_epi32(m_sse, static_cast(rot1))); + res.m_sse = _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(32-ROT1)), + _mm_srli_epi32(m_sse, static_cast(ROT1))); res.m_sse = _mm_xor_si128( res.m_sse, - _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(32-rot2)), - _mm_srli_epi32(m_sse, static_cast(rot2)))); + _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(32-ROT2)), + _mm_srli_epi32(m_sse, static_cast(ROT2)))); res.m_sse = _mm_xor_si128( res.m_sse, - _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(32-rot3)), - _mm_srli_epi32(m_sse, static_cast(rot3)))); + _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(32-ROT3)), + _mm_srli_epi32(m_sse, static_cast(ROT3)))); #elif defined(BOTAN_SIMD_USE_ALTIVEC) - const unsigned int r1 = static_cast(32-rot1); - const unsigned int r2 = static_cast(32-rot2); - const unsigned int r3 = static_cast(32-rot3); + const unsigned int r1 = static_cast(32-ROT1); + const unsigned int r2 = static_cast(32-ROT2); + const unsigned int r3 = static_cast(32-ROT3); res.m_vmx = vec_rl(m_vmx, (__vector unsigned int){r1, r1, r1, r1}); res.m_vmx = vec_xor(res.m_vmx, vec_rl(m_vmx, (__vector unsigned int){r2, r2, r2, r2})); res.m_vmx = vec_xor(res.m_vmx, vec_rl(m_vmx, (__vector unsigned int){r3, r3, r3, r3})); #elif defined(BOTAN_SIMD_USE_NEON) - res.m_neon = vorrq_u32(vshlq_n_u32(m_neon, static_cast(32-rot1)), - vshrq_n_u32(m_neon, static_cast(rot1))); + res.m_neon = vorrq_u32(vshlq_n_u32(m_neon, static_cast(32-ROT1)), + vshrq_n_u32(m_neon, static_cast(ROT1))); res.m_neon = veorq_u32( res.m_neon, - vorrq_u32(vshlq_n_u32(m_neon, static_cast(32-rot2)), - vshrq_n_u32(m_neon, static_cast(rot2)))); + vorrq_u32(vshlq_n_u32(m_neon, static_cast(32-ROT2)), + vshrq_n_u32(m_neon, static_cast(ROT2)))); res.m_neon = veorq_u32( res.m_neon, - vorrq_u32(vshlq_n_u32(m_neon, static_cast(32-rot3)), - vshrq_n_u32(m_neon, static_cast(rot3)))); + vorrq_u32(vshlq_n_u32(m_neon, static_cast(32-ROT3)), + vshrq_n_u32(m_neon, static_cast(ROT3)))); #else for(size_t i = 0; i != 4; ++i) { - res.m_scalar[i] = - Botan::rotate_right(m_scalar[i], rot1) ^ - Botan::rotate_right(m_scalar[i], rot2) ^ - Botan::rotate_right(m_scalar[i], rot3); + res.m_scalar[i] = Botan::rotr(m_scalar[i]) ^ + Botan::rotr(m_scalar[i]) ^ + Botan::rotr(m_scalar[i]); } #endif @@ -338,38 +339,42 @@ class SIMD_4x32 final } /** - * Rotate each element of SIMD register n bits left + * Left rotation by a compile time constant */ - void rotate_left(size_t rot) + template + SIMD_4x32 rotl() const { + static_assert(ROT > 0 && ROT < 32, "Invalid rotation constant"); + #if defined(BOTAN_SIMD_USE_SSE2) - m_sse = _mm_or_si128(_mm_slli_epi32(m_sse, static_cast(rot)), - _mm_srli_epi32(m_sse, static_cast(32-rot))); + return SIMD_4x32(_mm_or_si128(_mm_slli_epi32(m_sse, static_cast(ROT)), + _mm_srli_epi32(m_sse, static_cast(32-ROT)))); #elif defined(BOTAN_SIMD_USE_ALTIVEC) - const unsigned int r = static_cast(rot); - m_vmx = vec_rl(m_vmx, (__vector unsigned int){r, r, r, r}); + const unsigned int r = static_cast(ROT); + return SIMD_4x32(vec_rl(m_vmx, (__vector unsigned int){r, r, r, r})); #elif defined(BOTAN_SIMD_USE_NEON) - m_neon = vorrq_u32(vshlq_n_u32(m_neon, static_cast(rot)), - vshrq_n_u32(m_neon, static_cast(32-rot))); + return SIMD_4x32(vorrq_u32(vshlq_n_u32(m_neon, static_cast(ROT)), + vshrq_n_u32(m_neon, static_cast(32-ROT)))); #else - m_scalar[0] = Botan::rotate_left(m_scalar[0], rot); - m_scalar[1] = Botan::rotate_left(m_scalar[1], rot); - m_scalar[2] = Botan::rotate_left(m_scalar[2], rot); - m_scalar[3] = Botan::rotate_left(m_scalar[3], rot); + return SIMD_4x32(Botan::rotl(m_scalar[0]), + Botan::rotl(m_scalar[1]), + Botan::rotl(m_scalar[2]), + Botan::rotl(m_scalar[3])); #endif } /** - * Rotate each element of SIMD register n bits right + * Right rotation by a compile time constant */ - void rotate_right(size_t rot) + template + SIMD_4x32 rotr() const { - rotate_left(32 - rot); + return this->rotl<32-ROT>(); } /** @@ -596,13 +601,11 @@ class SIMD_4x32 final //return SIMD_4x32(vrev64q_u32(m_neon)); // FIXME this is really slow - SIMD_4x32 ror8(m_neon); - ror8.rotate_right(8); - SIMD_4x32 rol8(m_neon); - rol8.rotate_left(8); + SIMD_4x32 ror8 = this->rotr<8>(); + SIMD_4x32 rol8 = this->rotl<8>(); - SIMD_4x32 mask1 = SIMD_4x32::splat(0xFF00FF00); - SIMD_4x32 mask2 = SIMD_4x32::splat(0x00FF00FF); + const SIMD_4x32 mask1 = SIMD_4x32::splat(0xFF00FF00); + const SIMD_4x32 mask2 = SIMD_4x32::splat(0x00FF00FF); return (ror8 & mask1) | (rol8 & mask2); #else // scalar diff --git a/src/tests/test_simd.cpp b/src/tests/test_simd.cpp index 6da7435140..1f192c6b66 100644 --- a/src/tests/test_simd.cpp +++ b/src/tests/test_simd.cpp @@ -42,23 +42,21 @@ class SIMD_32_Tests final : public Test const Botan::SIMD_4x32 input(pat1, pat2, pat3, pat4); - Botan::SIMD_4x32 rol = input; - rol.rotate_left(3); - - test_eq(result, "rotate_left", rol, - Botan::rotate_left(pat1, 3), - Botan::rotate_left(pat2, 3), - Botan::rotate_left(pat3, 3), - Botan::rotate_left(pat4, 3)); - - Botan::SIMD_4x32 ror = input; - ror.rotate_right(9); - - test_eq(result, "rotate_right", ror, - Botan::rotate_right(pat1, 9), - Botan::rotate_right(pat2, 9), - Botan::rotate_right(pat3, 9), - Botan::rotate_right(pat4, 9)); + Botan::SIMD_4x32 rol = input.rotl<3>(); + + test_eq(result, "rotl", rol, + Botan::rotl<3>(pat1), + Botan::rotl<3>(pat2), + Botan::rotl<3>(pat3), + Botan::rotl<3>(pat4)); + + Botan::SIMD_4x32 ror = input.rotr<9>(); + + test_eq(result, "rotr", ror, + Botan::rotr<9>(pat1), + Botan::rotr<9>(pat2), + Botan::rotr<9>(pat3), + Botan::rotr<9>(pat4)); Botan::SIMD_4x32 add = input + splat; test_eq(result, "add +", add, pat1 + pat1, pat2 + pat1, pat3 + pat1, pat4 + pat1); From d11f369b6a72f584499a883e0ee7cbb63723dc93 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 21:48:53 -0400 Subject: [PATCH 0031/1008] Ugh, the GCC/Clang trick triggers C4146 under MSVC And rotate.h is a visible header. Blerg. Inline asm it is. --- src/lib/utils/rotate.h | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/src/lib/utils/rotate.h b/src/lib/utils/rotate.h index adc620febf..4bb76c9ed4 100644 --- a/src/lib/utils/rotate.h +++ b/src/lib/utils/rotate.h @@ -45,13 +45,7 @@ inline T rotr(T input) template inline T rotl_var(T input, size_t rot) { - /* - * This is a strange way of expressing the rotation operation but it - * so happens that both GCC and Clang will recognize it and turn it - * into a rotation, which cannot be said for many other forms. See - * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82498 - */ - return static_cast((input << rot) | (input >> (-rot % (8*sizeof(T))))); + return rot ? static_cast((input << rot) | (input >> (sizeof(T)*8 - rot))) : input; } /** @@ -63,9 +57,32 @@ inline T rotl_var(T input, size_t rot) template inline T rotr_var(T input, size_t rot) { - return static_cast((input >> rot) | (input << (-rot % (8*sizeof(T))))); + return rot ? static_cast((input >> rot) | (input << (sizeof(T)*8 - rot))) : input; } +#if BOTAN_USE_GCC_INLINE_ASM + +#if defined(BOTAN_TARGET_ARCH_IS_X86_64) || defined(BOTAN_TARGET_ARCH_IS_X86_32) + +template<> +inline uint32_t rotl_var(uint32_t input, size_t rot) + { + asm("roll %1,%0" : "+r" (input) : "c" (static_cast(rot))); + return input; + } + +template<> +inline uint32_t rotr_var(uint32_t input, size_t rot) + { + asm("rorl %1,%0" : "+r" (input) : "c" (static_cast(rot))); + return input; + } + +#endif + +#endif + + template BOTAN_DEPRECATED("Use rotl or rotl_var") inline T rotate_left(T input, size_t rot) From 55f12c897a71c8636df8bc019e09108212048722 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 11:53:32 -0400 Subject: [PATCH 0032/1008] Avoid std::count to skip a signed overflow warning Couldn't figure out a way to silence this otherwise. Deprecate replace_char, erase_chars, replace_chars --- src/lib/utils/parsing.cpp | 10 ++++++++-- src/lib/utils/parsing.h | 6 +++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/lib/utils/parsing.cpp b/src/lib/utils/parsing.cpp index e0173443f2..9517cc6734 100644 --- a/src/lib/utils/parsing.cpp +++ b/src/lib/utils/parsing.cpp @@ -13,7 +13,6 @@ #include #include #include -#include namespace Botan { @@ -346,7 +345,14 @@ bool host_wildcard_match(const std::string& issued, const std::string& host) return true; } - if(std::count(issued.begin(), issued.end(), '*') > 1) + size_t stars = 0; + for(char c : issued) + { + if(c == '*') + stars += 1; + } + + if(stars > 1) { return false; } diff --git a/src/lib/utils/parsing.h b/src/lib/utils/parsing.h index dbf5d426a1..1cba23bc3f 100644 --- a/src/lib/utils/parsing.h +++ b/src/lib/utils/parsing.h @@ -48,7 +48,9 @@ split_on_pred(const std::string& str, /** * Erase characters from a string */ -BOTAN_PUBLIC_API(2,0) std::string erase_chars(const std::string& str, const std::set& chars); +BOTAN_PUBLIC_API(2,0) +BOTAN_DEPRECATED("Unused") +std::string erase_chars(const std::string& str, const std::set& chars); /** * Replace a character in a string @@ -58,6 +60,7 @@ BOTAN_PUBLIC_API(2,0) std::string erase_chars(const std::string& str, const std: * @return str with all instances of from_char replaced by to_char */ BOTAN_PUBLIC_API(2,0) +BOTAN_DEPRECATED("Unused") std::string replace_char(const std::string& str, char from_char, char to_char); @@ -70,6 +73,7 @@ std::string replace_char(const std::string& str, * @return str with all instances of from_chars replaced by to_char */ BOTAN_PUBLIC_API(2,0) +BOTAN_DEPRECATED("Unused") std::string replace_chars(const std::string& str, const std::set& from_chars, char to_char); From 16ba9cbe351e4491cc021745a71a47eccc61d19f Mon Sep 17 00:00:00 2001 From: Frank Schoenmann Date: Thu, 12 Oct 2017 18:18:50 +0200 Subject: [PATCH 0033/1008] Repair generation of CMakeLists.txt after some files have been moved. --- configure.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 8c6471fe8d..e69da63b96 100755 --- a/configure.py +++ b/configure.py @@ -1625,7 +1625,7 @@ def _write_header(fd): def _write_footer(self, fd, library_link, cli_link, tests_link): fd.write('\n') - fd.write('option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warinig policy will be used" OFF)\n') + fd.write('option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warning policy will be used" OFF)\n') fd.write('option(ENABLED_LTO "If enabled link time optimization will be used" OFF)\n\n') fd.write('set(COMPILER_FEATURES_RELEASE %s %s)\n' @@ -1679,12 +1679,13 @@ def _write_footer(self, fd, library_link, cli_link, tests_link): % tests_link) fd.write('set_target_properties(${PROJECT_NAME}_tests PROPERTIES OUTPUT_NAME botan-test)\n\n') - fd.write('set(CONFIGURATION_FILES configure.py .gitignore .astylerc authors.txt news.rst readme.rst)\n') + fd.write('set(GLOBAL_CONFIGURATION_FILES configure.py .gitignore news.rst readme.rst)\n') + fd.write('file(GLOB_RECURSE CONFIGURATION_FILES src/configs/* )\n') fd.write('file(GLOB_RECURSE DOCUMENTATION_FILES doc/* )\n') fd.write('file(GLOB_RECURSE HEADER_FILES src/*.h )\n') fd.write('file(GLOB_RECURSE INFO_FILES src/lib/*info.txt )\n') fd.write('add_custom_target(CONFIGURATION_DUMMY SOURCES ' + - '${CONFIGURATION_FILES} ${DOCUMENTATION_FILES} ${INFO_FILES} ${HEADER_FILES})\n') + '${GLOBAL_CONFIGURATION_FILES} ${CONFIGURATION_FILES} ${DOCUMENTATION_FILES} ${INFO_FILES} ${HEADER_FILES})\n') def generate(self): library_target_configuration = self._create_target_rules(self._build_paths.lib_sources) From 3bf6c364aa9b12916c83ce9cf9db20b7cd4145a1 Mon Sep 17 00:00:00 2001 From: Frank Schoenmann Date: Thu, 12 Oct 2017 19:19:34 +0200 Subject: [PATCH 0034/1008] Prevent a lint complaint. --- configure.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index e69da63b96..a4d2eadf0c 100755 --- a/configure.py +++ b/configure.py @@ -1685,7 +1685,8 @@ def _write_footer(self, fd, library_link, cli_link, tests_link): fd.write('file(GLOB_RECURSE HEADER_FILES src/*.h )\n') fd.write('file(GLOB_RECURSE INFO_FILES src/lib/*info.txt )\n') fd.write('add_custom_target(CONFIGURATION_DUMMY SOURCES ' + - '${GLOBAL_CONFIGURATION_FILES} ${CONFIGURATION_FILES} ${DOCUMENTATION_FILES} ${INFO_FILES} ${HEADER_FILES})\n') + '${GLOBAL_CONFIGURATION_FILES} ${CONFIGURATION_FILES} ' + + '${DOCUMENTATION_FILES} ${INFO_FILES} ${HEADER_FILES})\n') def generate(self): library_target_configuration = self._create_target_rules(self._build_paths.lib_sources) From ebf147bcf6b84249cf289009ba81c3f3611ea2de Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 19:43:35 -0400 Subject: [PATCH 0035/1008] OCB optimizations From ~5 cbp to ~2.5 cbp on Skylake --- src/lib/block/block_cipher.h | 39 ++++++++++++++ src/lib/modes/aead/ocb/ocb.cpp | 92 +++++++++++++++++----------------- src/lib/modes/aead/ocb/ocb.h | 8 ++- src/lib/modes/xts/xts.cpp | 10 +--- src/lib/utils/bit_ops.h | 11 ++++ src/lib/utils/mem_ops.cpp | 61 ---------------------- src/lib/utils/mem_ops.h | 66 +++++++++++++++++++++--- 7 files changed, 163 insertions(+), 124 deletions(-) diff --git a/src/lib/block/block_cipher.h b/src/lib/block/block_cipher.h index 03e8a55124..f8c6e47b89 100644 --- a/src/lib/block/block_cipher.h +++ b/src/lib/block/block_cipher.h @@ -168,6 +168,26 @@ class BOTAN_PUBLIC_API(2,0) BlockCipher : public SymmetricAlgorithm virtual void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const = 0; + virtual void encrypt_n_xex(uint8_t data[], + const uint8_t mask[], + size_t blocks) const + { + const size_t BS = block_size(); + xor_buf(data, mask, blocks * BS); + decrypt_n(data, data, blocks); + xor_buf(data, mask, blocks * BS); + } + + virtual void decrypt_n_xex(uint8_t data[], + const uint8_t mask[], + size_t blocks) const + { + const size_t BS = block_size(); + xor_buf(data, mask, blocks * BS); + encrypt_n(data, data, blocks); + xor_buf(data, mask, blocks * BS); + } + /** * @return new object representing the same algorithm as *this */ @@ -186,6 +206,25 @@ class Block_Cipher_Fixed_Params : public BlockCipher enum { BLOCK_SIZE = BS }; size_t block_size() const override { return BS; } + // override to take advantage of compile time constant block size + void encrypt_n_xex(uint8_t data[], + const uint8_t mask[], + size_t blocks) const override + { + xor_buf(data, mask, blocks * BS); + encrypt_n(data, data, blocks); + xor_buf(data, mask, blocks * BS); + } + + void decrypt_n_xex(uint8_t data[], + const uint8_t mask[], + size_t blocks) const override + { + xor_buf(data, mask, blocks * BS); + decrypt_n(data, data, blocks); + xor_buf(data, mask, blocks * BS); + } + Key_Length_Specification key_spec() const override { return Key_Length_Specification(KMIN, KMAX, KMOD); diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 9a74481612..3e134a642b 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -23,13 +23,22 @@ class L_computer final cipher.encrypt(m_L_star); m_L_dollar = poly_double(star()); m_L.push_back(poly_double(dollar())); + + while(m_L.size() < 8) + m_L.push_back(poly_double(m_L.back())); } const secure_vector& star() const { return m_L_star; } const secure_vector& dollar() const { return m_L_dollar; } - const secure_vector& operator()(size_t i) const { return get(i); } + const secure_vector& get(size_t i) const + { + while(m_L.size() <= i) + m_L.push_back(poly_double(m_L.back())); + + return m_L[i]; + } const secure_vector& compute_offsets(secure_vector& offset, @@ -37,11 +46,12 @@ class L_computer final size_t blocks, size_t BS) const { - m_offset_buf.resize(blocks * BS); + if(m_offset_buf.size() < blocks * BS) + m_offset_buf.resize(blocks * BS); for(size_t i = 0; i != blocks; ++i) { // could be done in parallel - offset ^= get(ctz(block_index + 1 + i)); + offset ^= get(ctz(block_index + 1 + i)); copy_mem(&m_offset_buf[BS*i], offset.data(), BS); } @@ -49,14 +59,6 @@ class L_computer final } private: - const secure_vector& get(size_t i) const - { - while(m_L.size() <= i) - m_L.push_back(poly_double(m_L.back())); - - return m_L.at(i); - } - secure_vector poly_double(const secure_vector& in) const { secure_vector out(in.size()); @@ -90,7 +92,7 @@ secure_vector ocb_hash(const L_computer& L, for(size_t i = 0; i != ad_blocks; ++i) { // this loop could run in parallel - offset ^= L(ctz(i+1)); + offset ^= L.get(ctz(i+1)); buf = offset; xor_buf(buf.data(), &ad[BS*i], BS); @@ -106,7 +108,7 @@ secure_vector ocb_hash(const L_computer& L, buf = offset; xor_buf(buf.data(), &ad[BS*ad_blocks], ad_remainder); - buf[ad_len % BS] ^= 0x80; + buf[ad_remainder] ^= 0x80; cipher.encrypt(buf); @@ -123,9 +125,11 @@ OCB_Mode::OCB_Mode(BlockCipher* cipher, size_t tag_size) : m_checksum(m_cipher->parallel_bytes()), m_offset(m_cipher->block_size()), m_ad_hash(m_cipher->block_size()), - m_tag_size(tag_size) + m_tag_size(tag_size), + m_block_size(m_cipher->block_size()), + m_par_blocks(m_cipher->parallel_bytes() / m_block_size) { - const size_t BS = m_cipher->block_size(); + const size_t BS = block_size(); /* * draft-krovetz-ocb-wide-d1 specifies OCB for several other block @@ -162,10 +166,10 @@ bool OCB_Mode::valid_nonce_length(size_t length) const { if(length == 0) return false; - if(m_cipher->block_size() == 16) + if(block_size() == 16) return length < 16; else - return length < (m_cipher->block_size() - 1); + return length < (block_size() - 1); } std::string OCB_Mode::name() const @@ -198,7 +202,7 @@ void OCB_Mode::set_associated_data(const uint8_t ad[], size_t ad_len) secure_vector OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) { - const size_t BS = m_cipher->block_size(); + const size_t BS = block_size(); BOTAN_ASSERT(BS == 16 || BS == 24 || BS == 32 || BS == 64, "OCB block size is supported"); @@ -300,23 +304,20 @@ void OCB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) void OCB_Encryption::encrypt(uint8_t buffer[], size_t blocks) { - const size_t BS = m_cipher->block_size(); - const size_t par_blocks = m_checksum.size() / BS; + const size_t BS = block_size(); + + BOTAN_ASSERT(m_L, "A key was set"); while(blocks) { - const size_t proc_blocks = std::min(blocks, par_blocks); + const size_t proc_blocks = std::min(blocks, par_blocks()); const size_t proc_bytes = proc_blocks * BS; - BOTAN_ASSERT(m_L, "A key was set"); - const auto& offsets = m_L->compute_offsets(m_offset, m_block_index, proc_blocks, BS); xor_buf(m_checksum.data(), buffer, proc_bytes); - xor_buf(buffer, offsets.data(), proc_bytes); - m_cipher->encrypt_n(buffer, buffer, proc_blocks); - xor_buf(buffer, offsets.data(), proc_bytes); + m_cipher->encrypt_n_xex(buffer, offsets.data(), proc_blocks); buffer += proc_bytes; blocks -= proc_blocks; @@ -326,7 +327,7 @@ void OCB_Encryption::encrypt(uint8_t buffer[], size_t blocks) size_t OCB_Encryption::process(uint8_t buf[], size_t sz) { - const size_t BS = m_cipher->block_size(); + const size_t BS = block_size(); BOTAN_ASSERT(sz % BS == 0, "Invalid OCB input size"); encrypt(buf, sz / BS); return sz; @@ -334,7 +335,7 @@ size_t OCB_Encryption::process(uint8_t buf[], size_t sz) void OCB_Encryption::finish(secure_vector& buffer, size_t offset) { - const size_t BS = m_cipher->block_size(); + const size_t BS = block_size(); BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); const size_t sz = buffer.size() - offset; @@ -357,17 +358,19 @@ void OCB_Encryption::finish(secure_vector& buffer, size_t offset) m_offset ^= m_L->star(); // Offset_* - secure_vector zeros(BS); - m_cipher->encrypt(m_offset, zeros); - xor_buf(remainder, zeros.data(), remainder_bytes); + secure_vector pad(BS); + m_cipher->encrypt(m_offset, pad); + xor_buf(remainder, pad.data(), remainder_bytes); } } secure_vector checksum(BS); // fold checksum - for(size_t i = 0; i != m_checksum.size(); ++i) - checksum[i % checksum.size()] ^= m_checksum[i]; + for(size_t i = 0; i != m_checksum.size(); i += BS) + { + xor_buf(checksum.data(), m_checksum.data() + i, BS); + } // now compute the tag secure_vector mac = m_offset; @@ -385,23 +388,16 @@ void OCB_Encryption::finish(secure_vector& buffer, size_t offset) void OCB_Decryption::decrypt(uint8_t buffer[], size_t blocks) { - const size_t BS = m_cipher->block_size(); - const size_t par_bytes = m_cipher->parallel_bytes(); - - BOTAN_ASSERT(par_bytes % BS == 0, "Cipher is parallel in full blocks"); - - const size_t par_blocks = par_bytes / BS; + const size_t BS = block_size(); while(blocks) { - const size_t proc_blocks = std::min(blocks, par_blocks); + const size_t proc_blocks = std::min(blocks, par_blocks()); const size_t proc_bytes = proc_blocks * BS; const auto& offsets = m_L->compute_offsets(m_offset, m_block_index, proc_blocks, BS); - xor_buf(buffer, offsets.data(), proc_bytes); - m_cipher->decrypt_n(buffer, buffer, proc_blocks); - xor_buf(buffer, offsets.data(), proc_bytes); + m_cipher->decrypt_n_xex(buffer, offsets.data(), proc_blocks); xor_buf(m_checksum.data(), buffer, proc_bytes); @@ -413,7 +409,7 @@ void OCB_Decryption::decrypt(uint8_t buffer[], size_t blocks) size_t OCB_Decryption::process(uint8_t buf[], size_t sz) { - const size_t BS = m_cipher->block_size(); + const size_t BS = block_size(); BOTAN_ASSERT(sz % BS == 0, "Invalid OCB input size"); decrypt(buf, sz / BS); return sz; @@ -421,7 +417,7 @@ size_t OCB_Decryption::process(uint8_t buf[], size_t sz) void OCB_Decryption::finish(secure_vector& buffer, size_t offset) { - const size_t BS = m_cipher->block_size(); + const size_t BS = block_size(); BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); const size_t sz = buffer.size() - offset; @@ -459,8 +455,10 @@ void OCB_Decryption::finish(secure_vector& buffer, size_t offset) secure_vector checksum(BS); // fold checksum - for(size_t i = 0; i != m_checksum.size(); ++i) - checksum[i % checksum.size()] ^= m_checksum[i]; + for(size_t i = 0; i != m_checksum.size(); i += BS) + { + xor_buf(checksum.data(), m_checksum.data() + i, BS); + } // compute the mac secure_vector mac = m_offset; diff --git a/src/lib/modes/aead/ocb/ocb.h b/src/lib/modes/aead/ocb/ocb.h index 4188e8574c..f4a54ee30b 100644 --- a/src/lib/modes/aead/ocb/ocb.h +++ b/src/lib/modes/aead/ocb/ocb.h @@ -55,6 +55,10 @@ class BOTAN_PUBLIC_API(2,0) OCB_Mode : public AEAD_Mode */ OCB_Mode(BlockCipher* cipher, size_t tag_size); + size_t block_size() const { return m_block_size; } + size_t par_blocks() const { return m_par_blocks; } + size_t par_bytes() const { return m_checksum.size(); } + // fixme make these private std::unique_ptr m_cipher; std::unique_ptr m_L; @@ -71,7 +75,9 @@ class BOTAN_PUBLIC_API(2,0) OCB_Mode : public AEAD_Mode secure_vector update_nonce(const uint8_t nonce[], size_t nonce_len); - const size_t m_tag_size = 0; + const size_t m_tag_size; + const size_t m_block_size; + const size_t m_par_blocks; secure_vector m_last_nonce; secure_vector m_stretch; }; diff --git a/src/lib/modes/xts/xts.cpp b/src/lib/modes/xts/xts.cpp index 53e9592583..496b71c5fb 100644 --- a/src/lib/modes/xts/xts.cpp +++ b/src/lib/modes/xts/xts.cpp @@ -119,11 +119,8 @@ size_t XTS_Encryption::process(uint8_t buf[], size_t sz) while(blocks) { const size_t to_proc = std::min(blocks, blocks_in_tweak); - const size_t to_proc_bytes = to_proc * BS; - xor_buf(buf, tweak(), to_proc_bytes); - cipher().encrypt_n(buf, buf, to_proc); - xor_buf(buf, tweak(), to_proc_bytes); + cipher().encrypt_n_xex(buf, tweak(), to_proc); buf += to_proc * BS; blocks -= to_proc; @@ -195,11 +192,8 @@ size_t XTS_Decryption::process(uint8_t buf[], size_t sz) while(blocks) { const size_t to_proc = std::min(blocks, blocks_in_tweak); - const size_t to_proc_bytes = to_proc * BS; - xor_buf(buf, tweak(), to_proc_bytes); - cipher().decrypt_n(buf, buf, to_proc); - xor_buf(buf, tweak(), to_proc_bytes); + cipher().decrypt_n_xex(buf, tweak(), to_proc); buf += to_proc * BS; blocks -= to_proc; diff --git a/src/lib/utils/bit_ops.h b/src/lib/utils/bit_ops.h index a59404c756..2da0e55fbc 100644 --- a/src/lib/utils/bit_ops.h +++ b/src/lib/utils/bit_ops.h @@ -102,6 +102,17 @@ inline size_t ctz(T n) return 8*sizeof(T); } +#if defined(BOTAN_BUILD_COMPILER_IS_GCC) + +template<> +inline size_t ctz(uint32_t n) + { + return __builtin_ctz(n); + } + +#endif + + template size_t ceil_log2(T x) { diff --git a/src/lib/utils/mem_ops.cpp b/src/lib/utils/mem_ops.cpp index 29c93eb153..3fd4631956 100644 --- a/src/lib/utils/mem_ops.cpp +++ b/src/lib/utils/mem_ops.cpp @@ -53,65 +53,4 @@ bool constant_time_compare(const uint8_t x[], return difference == 0; } -void xor_buf(uint8_t x[], - const uint8_t y[], - size_t len) - { - while(len >= 16) - { - x[0] ^= y[0]; - x[1] ^= y[1]; - x[2] ^= y[2]; - x[3] ^= y[3]; - x[4] ^= y[4]; - x[5] ^= y[5]; - x[6] ^= y[6]; - x[7] ^= y[7]; - x[8] ^= y[8]; - x[9] ^= y[9]; - x[10] ^= y[10]; - x[11] ^= y[11]; - x[12] ^= y[12]; - x[13] ^= y[13]; - x[14] ^= y[14]; - x[15] ^= y[15]; - x += 16; y += 16; len -= 16; - } - - for(size_t i = 0; i != len; ++i) - { - x[i] ^= y[i]; - } - } - -void xor_buf(uint8_t out[], - const uint8_t in[], - const uint8_t in2[], - size_t length) - { - while(length >= 16) - { - out[0] = in[0] ^ in2[0]; - out[1] = in[1] ^ in2[1]; - out[2] = in[2] ^ in2[2]; - out[3] = in[3] ^ in2[3]; - out[4] = in[4] ^ in2[4]; - out[5] = in[5] ^ in2[5]; - out[6] = in[6] ^ in2[6]; - out[7] = in[7] ^ in2[7]; - out[8] = in[8] ^ in2[8]; - out[9] = in[9] ^ in2[9]; - out[10] = in[10] ^ in2[10]; - out[11] = in[11] ^ in2[11]; - out[12] = in[12] ^ in2[12]; - out[13] = in[13] ^ in2[13]; - out[14] = in[14] ^ in2[14]; - out[15] = in[15] ^ in2[15]; - in += 16; in2 += 16; out += 16; length -= 16; - } - - for(size_t i = 0; i != length; ++i) - out[i] = in[i] ^ in2[i]; - } - } diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index ed4d6cb27d..175f38e2ff 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -160,9 +160,36 @@ template inline bool same_mem(const T* p1, const T* p2, size_t n) * @param in the read-only input buffer * @param length the length of the buffers */ -BOTAN_PUBLIC_API(2,3) void xor_buf(uint8_t out[], - const uint8_t in[], - size_t length); +inline void xor_buf(uint8_t out[], + const uint8_t in[], + size_t length) + { + while(length >= 16) + { + out[0] ^= in[0]; + out[1] ^= in[1]; + out[2] ^= in[2]; + out[3] ^= in[3]; + out[4] ^= in[4]; + out[5] ^= in[5]; + out[6] ^= in[6]; + out[7] ^= in[7]; + out[8] ^= in[8]; + out[9] ^= in[9]; + out[10] ^= in[10]; + out[11] ^= in[11]; + out[12] ^= in[12]; + out[13] ^= in[13]; + out[14] ^= in[14]; + out[15] ^= in[15]; + out += 16; in += 16; length -= 16; + } + + for(size_t i = 0; i != length; ++i) + { + out[i] ^= in[i]; + } + } /** * XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length @@ -171,10 +198,35 @@ BOTAN_PUBLIC_API(2,3) void xor_buf(uint8_t out[], * @param in2 the second output buffer * @param length the length of the three buffers */ -BOTAN_PUBLIC_API(2,3) void xor_buf(uint8_t out[], - const uint8_t in[], - const uint8_t in2[], - size_t length); +inline void xor_buf(uint8_t out[], + const uint8_t in[], + const uint8_t in2[], + size_t length) + { + while(length >= 16) + { + out[0] = in[0] ^ in2[0]; + out[1] = in[1] ^ in2[1]; + out[2] = in[2] ^ in2[2]; + out[3] = in[3] ^ in2[3]; + out[4] = in[4] ^ in2[4]; + out[5] = in[5] ^ in2[5]; + out[6] = in[6] ^ in2[6]; + out[7] = in[7] ^ in2[7]; + out[8] = in[8] ^ in2[8]; + out[9] = in[9] ^ in2[9]; + out[10] = in[10] ^ in2[10]; + out[11] = in[11] ^ in2[11]; + out[12] = in[12] ^ in2[12]; + out[13] = in[13] ^ in2[13]; + out[14] = in[14] ^ in2[14]; + out[15] = in[15] ^ in2[15]; + in += 16; in2 += 16; out += 16; length -= 16; + } + + for(size_t i = 0; i != length; ++i) + out[i] = in[i] ^ in2[i]; + } template void xor_buf(std::vector& out, From f42cb6cf37c7e8c24aac726fb450f46fa2a3569e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 19:44:26 -0400 Subject: [PATCH 0036/1008] Use SIMD for in Threefish GCC 7 can actually vectorize this for AVX2 --- src/lib/block/threefish/threefish.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/block/threefish/threefish.cpp b/src/lib/block/threefish/threefish.cpp index 937a673fde..804d6003a2 100644 --- a/src/lib/block/threefish/threefish.cpp +++ b/src/lib/block/threefish/threefish.cpp @@ -134,7 +134,7 @@ void Threefish_512::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) } #endif - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + BOTAN_PARALLEL_SIMD_FOR(size_t i = 0; i < blocks; ++i) { uint64_t X0, X1, X2, X3, X4, X5, X6, X7; load_le(in + BLOCK_SIZE*i, X0, X1, X2, X3, X4, X5, X6, X7); @@ -214,7 +214,7 @@ void Threefish_512::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) THREEFISH_INJECT_KEY(R2); \ } while(0) - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + BOTAN_PARALLEL_SIMD_FOR(size_t i = 0; i < blocks; ++i) { uint64_t X0, X1, X2, X3, X4, X5, X6, X7; load_le(in + BLOCK_SIZE*i, X0, X1, X2, X3, X4, X5, X6, X7); From b3ca60a273b8b5b5e16c070ae655167b7180e911 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 19:45:37 -0400 Subject: [PATCH 0037/1008] Interleave SM3 message expansion Reduces stack usage and a bit faster --- src/lib/hash/sm3/sm3.cpp | 283 ++++++++++++++++++++------------------- 1 file changed, 142 insertions(+), 141 deletions(-) diff --git a/src/lib/hash/sm3/sm3.cpp b/src/lib/hash/sm3/sm3.cpp index c3220d243e..83a390008a 100644 --- a/src/lib/hash/sm3/sm3.cpp +++ b/src/lib/hash/sm3/sm3.cpp @@ -26,11 +26,6 @@ inline uint32_t P0(uint32_t X) return X ^ rotl<9>(X) ^ rotl<17>(X); } -inline uint32_t P1(uint32_t X) - { - return X ^ rotl<15>(X) ^ rotl<23>(X); - } - inline uint32_t FF1(uint32_t X, uint32_t Y, uint32_t Z) { return (X & Y) | ((X | Y) & Z); @@ -73,6 +68,16 @@ inline void R2(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D, H = P0(TT2); } +inline uint32_t P1(uint32_t X) + { + return X ^ rotl<15>(X) ^ rotl<23>(X); + } + +inline uint32_t SM3_E(uint32_t W0, uint32_t W7, uint32_t W13, uint32_t W3, uint32_t W10) + { + return P1(W0 ^ W7 ^ rotl<15>(W13)) ^ rotl<7>(W3) ^ W10; + } + } /* @@ -82,146 +87,142 @@ void SM3::compress_n(const uint8_t input[], size_t blocks) { uint32_t A = m_digest[0], B = m_digest[1], C = m_digest[2], D = m_digest[3], E = m_digest[4], F = m_digest[5], G = m_digest[6], H = m_digest[7]; - uint32_t W[68]; for(size_t i = 0; i != blocks; ++i) { - // Message Extension (a) - W[ 0] = load_be(input, 0); - W[ 1] = load_be(input, 1); - W[ 2] = load_be(input, 2); - W[ 3] = load_be(input, 3); - W[ 4] = load_be(input, 4); - W[ 5] = load_be(input, 5); - W[ 6] = load_be(input, 6); - W[ 7] = load_be(input, 7); - W[ 8] = load_be(input, 8); - W[ 9] = load_be(input, 9); - W[10] = load_be(input, 10); - W[11] = load_be(input, 11); - W[12] = load_be(input, 12); - W[13] = load_be(input, 13); - W[14] = load_be(input, 14); - W[15] = load_be(input, 15); - - // Message Extension (b) - W[16] = P1(W[ 0] ^ W[ 7] ^ rotl<15>(W[13])) ^ rotl<7>(W[ 3]) ^ W[10]; - W[17] = P1(W[ 1] ^ W[ 8] ^ rotl<15>(W[14])) ^ rotl<7>(W[ 4]) ^ W[11]; - W[18] = P1(W[ 2] ^ W[ 9] ^ rotl<15>(W[15])) ^ rotl<7>(W[ 5]) ^ W[12]; - W[19] = P1(W[ 3] ^ W[10] ^ rotl<15>(W[16])) ^ rotl<7>(W[ 6]) ^ W[13]; - W[20] = P1(W[ 4] ^ W[11] ^ rotl<15>(W[17])) ^ rotl<7>(W[ 7]) ^ W[14]; - W[21] = P1(W[ 5] ^ W[12] ^ rotl<15>(W[18])) ^ rotl<7>(W[ 8]) ^ W[15]; - W[22] = P1(W[ 6] ^ W[13] ^ rotl<15>(W[19])) ^ rotl<7>(W[ 9]) ^ W[16]; - W[23] = P1(W[ 7] ^ W[14] ^ rotl<15>(W[20])) ^ rotl<7>(W[10]) ^ W[17]; - W[24] = P1(W[ 8] ^ W[15] ^ rotl<15>(W[21])) ^ rotl<7>(W[11]) ^ W[18]; - W[25] = P1(W[ 9] ^ W[16] ^ rotl<15>(W[22])) ^ rotl<7>(W[12]) ^ W[19]; - W[26] = P1(W[10] ^ W[17] ^ rotl<15>(W[23])) ^ rotl<7>(W[13]) ^ W[20]; - W[27] = P1(W[11] ^ W[18] ^ rotl<15>(W[24])) ^ rotl<7>(W[14]) ^ W[21]; - W[28] = P1(W[12] ^ W[19] ^ rotl<15>(W[25])) ^ rotl<7>(W[15]) ^ W[22]; - W[29] = P1(W[13] ^ W[20] ^ rotl<15>(W[26])) ^ rotl<7>(W[16]) ^ W[23]; - W[30] = P1(W[14] ^ W[21] ^ rotl<15>(W[27])) ^ rotl<7>(W[17]) ^ W[24]; - W[31] = P1(W[15] ^ W[22] ^ rotl<15>(W[28])) ^ rotl<7>(W[18]) ^ W[25]; - W[32] = P1(W[16] ^ W[23] ^ rotl<15>(W[29])) ^ rotl<7>(W[19]) ^ W[26]; - W[33] = P1(W[17] ^ W[24] ^ rotl<15>(W[30])) ^ rotl<7>(W[20]) ^ W[27]; - W[34] = P1(W[18] ^ W[25] ^ rotl<15>(W[31])) ^ rotl<7>(W[21]) ^ W[28]; - W[35] = P1(W[19] ^ W[26] ^ rotl<15>(W[32])) ^ rotl<7>(W[22]) ^ W[29]; - W[36] = P1(W[20] ^ W[27] ^ rotl<15>(W[33])) ^ rotl<7>(W[23]) ^ W[30]; - W[37] = P1(W[21] ^ W[28] ^ rotl<15>(W[34])) ^ rotl<7>(W[24]) ^ W[31]; - W[38] = P1(W[22] ^ W[29] ^ rotl<15>(W[35])) ^ rotl<7>(W[25]) ^ W[32]; - W[39] = P1(W[23] ^ W[30] ^ rotl<15>(W[36])) ^ rotl<7>(W[26]) ^ W[33]; - W[40] = P1(W[24] ^ W[31] ^ rotl<15>(W[37])) ^ rotl<7>(W[27]) ^ W[34]; - W[41] = P1(W[25] ^ W[32] ^ rotl<15>(W[38])) ^ rotl<7>(W[28]) ^ W[35]; - W[42] = P1(W[26] ^ W[33] ^ rotl<15>(W[39])) ^ rotl<7>(W[29]) ^ W[36]; - W[43] = P1(W[27] ^ W[34] ^ rotl<15>(W[40])) ^ rotl<7>(W[30]) ^ W[37]; - W[44] = P1(W[28] ^ W[35] ^ rotl<15>(W[41])) ^ rotl<7>(W[31]) ^ W[38]; - W[45] = P1(W[29] ^ W[36] ^ rotl<15>(W[42])) ^ rotl<7>(W[32]) ^ W[39]; - W[46] = P1(W[30] ^ W[37] ^ rotl<15>(W[43])) ^ rotl<7>(W[33]) ^ W[40]; - W[47] = P1(W[31] ^ W[38] ^ rotl<15>(W[44])) ^ rotl<7>(W[34]) ^ W[41]; - W[48] = P1(W[32] ^ W[39] ^ rotl<15>(W[45])) ^ rotl<7>(W[35]) ^ W[42]; - W[49] = P1(W[33] ^ W[40] ^ rotl<15>(W[46])) ^ rotl<7>(W[36]) ^ W[43]; - W[50] = P1(W[34] ^ W[41] ^ rotl<15>(W[47])) ^ rotl<7>(W[37]) ^ W[44]; - W[51] = P1(W[35] ^ W[42] ^ rotl<15>(W[48])) ^ rotl<7>(W[38]) ^ W[45]; - W[52] = P1(W[36] ^ W[43] ^ rotl<15>(W[49])) ^ rotl<7>(W[39]) ^ W[46]; - W[53] = P1(W[37] ^ W[44] ^ rotl<15>(W[50])) ^ rotl<7>(W[40]) ^ W[47]; - W[54] = P1(W[38] ^ W[45] ^ rotl<15>(W[51])) ^ rotl<7>(W[41]) ^ W[48]; - W[55] = P1(W[39] ^ W[46] ^ rotl<15>(W[52])) ^ rotl<7>(W[42]) ^ W[49]; - W[56] = P1(W[40] ^ W[47] ^ rotl<15>(W[53])) ^ rotl<7>(W[43]) ^ W[50]; - W[57] = P1(W[41] ^ W[48] ^ rotl<15>(W[54])) ^ rotl<7>(W[44]) ^ W[51]; - W[58] = P1(W[42] ^ W[49] ^ rotl<15>(W[55])) ^ rotl<7>(W[45]) ^ W[52]; - W[59] = P1(W[43] ^ W[50] ^ rotl<15>(W[56])) ^ rotl<7>(W[46]) ^ W[53]; - W[60] = P1(W[44] ^ W[51] ^ rotl<15>(W[57])) ^ rotl<7>(W[47]) ^ W[54]; - W[61] = P1(W[45] ^ W[52] ^ rotl<15>(W[58])) ^ rotl<7>(W[48]) ^ W[55]; - W[62] = P1(W[46] ^ W[53] ^ rotl<15>(W[59])) ^ rotl<7>(W[49]) ^ W[56]; - W[63] = P1(W[47] ^ W[54] ^ rotl<15>(W[60])) ^ rotl<7>(W[50]) ^ W[57]; - W[64] = P1(W[48] ^ W[55] ^ rotl<15>(W[61])) ^ rotl<7>(W[51]) ^ W[58]; - W[65] = P1(W[49] ^ W[56] ^ rotl<15>(W[62])) ^ rotl<7>(W[52]) ^ W[59]; - W[66] = P1(W[50] ^ W[57] ^ rotl<15>(W[63])) ^ rotl<7>(W[53]) ^ W[60]; - W[67] = P1(W[51] ^ W[58] ^ rotl<15>(W[64])) ^ rotl<7>(W[54]) ^ W[61]; + uint32_t W00 = load_be(input, 0); + uint32_t W01 = load_be(input, 1); + uint32_t W02 = load_be(input, 2); + uint32_t W03 = load_be(input, 3); + uint32_t W04 = load_be(input, 4); + uint32_t W05 = load_be(input, 5); + uint32_t W06 = load_be(input, 6); + uint32_t W07 = load_be(input, 7); + uint32_t W08 = load_be(input, 8); + uint32_t W09 = load_be(input, 9); + uint32_t W10 = load_be(input, 10); + uint32_t W11 = load_be(input, 11); + uint32_t W12 = load_be(input, 12); + uint32_t W13 = load_be(input, 13); + uint32_t W14 = load_be(input, 14); + uint32_t W15 = load_be(input, 15); - R1(A, B, C, D, E, F, G, H, 0x79CC4519, W[ 0], W[ 0] ^ W[ 4]); - R1(D, A, B, C, H, E, F, G, 0xF3988A32, W[ 1], W[ 1] ^ W[ 5]); - R1(C, D, A, B, G, H, E, F, 0xE7311465, W[ 2], W[ 2] ^ W[ 6]); - R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W[ 3], W[ 3] ^ W[ 7]); - R1(A, B, C, D, E, F, G, H, 0x9CC45197, W[ 4], W[ 4] ^ W[ 8]); - R1(D, A, B, C, H, E, F, G, 0x3988A32F, W[ 5], W[ 5] ^ W[ 9]); - R1(C, D, A, B, G, H, E, F, 0x7311465E, W[ 6], W[ 6] ^ W[10]); - R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W[ 7], W[ 7] ^ W[11]); - R1(A, B, C, D, E, F, G, H, 0xCC451979, W[ 8], W[ 8] ^ W[12]); - R1(D, A, B, C, H, E, F, G, 0x988A32F3, W[ 9], W[ 9] ^ W[13]); - R1(C, D, A, B, G, H, E, F, 0x311465E7, W[10], W[10] ^ W[14]); - R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W[11], W[11] ^ W[15]); - R1(A, B, C, D, E, F, G, H, 0xC451979C, W[12], W[12] ^ W[16]); - R1(D, A, B, C, H, E, F, G, 0x88A32F39, W[13], W[13] ^ W[17]); - R1(C, D, A, B, G, H, E, F, 0x11465E73, W[14], W[14] ^ W[18]); - R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W[15], W[15] ^ W[19]); - R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[16], W[16] ^ W[20]); - R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[17], W[17] ^ W[21]); - R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[18], W[18] ^ W[22]); - R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[19], W[19] ^ W[23]); - R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[20], W[20] ^ W[24]); - R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[21], W[21] ^ W[25]); - R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[22], W[22] ^ W[26]); - R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[23], W[23] ^ W[27]); - R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[24], W[24] ^ W[28]); - R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[25], W[25] ^ W[29]); - R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[26], W[26] ^ W[30]); - R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[27], W[27] ^ W[31]); - R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[28], W[28] ^ W[32]); - R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[29], W[29] ^ W[33]); - R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[30], W[30] ^ W[34]); - R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[31], W[31] ^ W[35]); - R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W[32], W[32] ^ W[36]); - R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W[33], W[33] ^ W[37]); - R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W[34], W[34] ^ W[38]); - R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W[35], W[35] ^ W[39]); - R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W[36], W[36] ^ W[40]); - R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W[37], W[37] ^ W[41]); - R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W[38], W[38] ^ W[42]); - R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W[39], W[39] ^ W[43]); - R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W[40], W[40] ^ W[44]); - R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W[41], W[41] ^ W[45]); - R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W[42], W[42] ^ W[46]); - R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W[43], W[43] ^ W[47]); - R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W[44], W[44] ^ W[48]); - R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W[45], W[45] ^ W[49]); - R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W[46], W[46] ^ W[50]); - R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W[47], W[47] ^ W[51]); - R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W[48], W[48] ^ W[52]); - R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W[49], W[49] ^ W[53]); - R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W[50], W[50] ^ W[54]); - R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W[51], W[51] ^ W[55]); - R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W[52], W[52] ^ W[56]); - R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W[53], W[53] ^ W[57]); - R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W[54], W[54] ^ W[58]); - R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W[55], W[55] ^ W[59]); - R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W[56], W[56] ^ W[60]); - R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W[57], W[57] ^ W[61]); - R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W[58], W[58] ^ W[62]); - R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W[59], W[59] ^ W[63]); - R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W[60], W[60] ^ W[64]); - R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W[61], W[61] ^ W[65]); - R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W[62], W[62] ^ W[66]); - R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W[63], W[63] ^ W[67]); + R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04); + W00 = SM3_E(W00, W07, W13, W03, W10); + R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05); + W01 = SM3_E(W01, W08, W14, W04, W11); + R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06); + W02 = SM3_E(W02, W09, W15, W05, W12); + R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07); + W03 = SM3_E(W03, W10, W00, W06, W13); + R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08); + W04 = SM3_E(W04, W11, W01, W07, W14); + R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09); + W05 = SM3_E(W05, W12, W02, W08, W15); + R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10); + W06 = SM3_E(W06, W13, W03, W09, W00); + R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11); + W07 = SM3_E(W07, W14, W04, W10, W01); + R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12); + W08 = SM3_E(W08, W15, W05, W11, W02); + R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13); + W09 = SM3_E(W09, W00, W06, W12, W03); + R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14); + W10 = SM3_E(W10, W01, W07, W13, W04); + R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15); + W11 = SM3_E(W11, W02, W08, W14, W05); + R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00); + W12 = SM3_E(W12, W03, W09, W15, W06); + R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01); + W13 = SM3_E(W13, W04, W10, W00, W07); + R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02); + W14 = SM3_E(W14, W05, W11, W01, W08); + R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03); + W15 = SM3_E(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04); + W00 = SM3_E(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05); + W01 = SM3_E(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06); + W02 = SM3_E(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07); + W03 = SM3_E(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08); + W04 = SM3_E(W04, W11, W01, W07, W14); + R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09); + W05 = SM3_E(W05, W12, W02, W08, W15); + R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10); + W06 = SM3_E(W06, W13, W03, W09, W00); + R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11); + W07 = SM3_E(W07, W14, W04, W10, W01); + R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12); + W08 = SM3_E(W08, W15, W05, W11, W02); + R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13); + W09 = SM3_E(W09, W00, W06, W12, W03); + R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14); + W10 = SM3_E(W10, W01, W07, W13, W04); + R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15); + W11 = SM3_E(W11, W02, W08, W14, W05); + R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00); + W12 = SM3_E(W12, W03, W09, W15, W06); + R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01); + W13 = SM3_E(W13, W04, W10, W00, W07); + R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02); + W14 = SM3_E(W14, W05, W11, W01, W08); + R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03); + W15 = SM3_E(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04); + W00 = SM3_E(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05); + W01 = SM3_E(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06); + W02 = SM3_E(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07); + W03 = SM3_E(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08); + W04 = SM3_E(W04, W11, W01, W07, W14); + R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09); + W05 = SM3_E(W05, W12, W02, W08, W15); + R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10); + W06 = SM3_E(W06, W13, W03, W09, W00); + R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11); + W07 = SM3_E(W07, W14, W04, W10, W01); + R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12); + W08 = SM3_E(W08, W15, W05, W11, W02); + R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13); + W09 = SM3_E(W09, W00, W06, W12, W03); + R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14); + W10 = SM3_E(W10, W01, W07, W13, W04); + R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15); + W11 = SM3_E(W11, W02, W08, W14, W05); + R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00); + W12 = SM3_E(W12, W03, W09, W15, W06); + R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01); + W13 = SM3_E(W13, W04, W10, W00, W07); + R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02); + W14 = SM3_E(W14, W05, W11, W01, W08); + R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03); + W15 = SM3_E(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04); + W00 = SM3_E(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05); + W01 = SM3_E(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06); + W02 = SM3_E(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07); + W03 = SM3_E(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08); + R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09); + R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10); + R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11); + R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12); + R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13); + R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14); + R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15); + R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00); + R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01); + R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02); + R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03); A = (m_digest[0] ^= A); B = (m_digest[1] ^= B); From 202419773cb8adb0cb39b9294dba87b8652e0d78 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 21:26:36 -0400 Subject: [PATCH 0038/1008] Add some additional CPU aliases for x86-64 --- src/build-data/arch/x86_64.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt index d70eaae39c..b162d0ab41 100644 --- a/src/build-data/arch/x86_64.txt +++ b/src/build-data/arch/x86_64.txt @@ -17,10 +17,15 @@ k8 barcelona atom nocona -core2 -corei7 +core2 # conroe +nehalem +westmere sandybridge ivybridge +haswell +broadwell +skylake +znver1 @@ -28,13 +33,11 @@ core2duo -> core2 intelcore2 -> core2 intelcore2duo -> core2 -nehalem -> corei7 -westmere -> corei7 - sledgehammer -> k8 opteron -> k8 amdopteron -> k8 athlon64 -> k8 +zen -> znver1 From 6331768a707ff3055b3c4898e1666e267fe27840 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 21:43:27 -0400 Subject: [PATCH 0039/1008] Swapped encrypt and decrypt in BlockCipher _xex functions Missed by everything but the OCB wide tests because most ciphers have fixed width and get the override. --- src/lib/block/block_cipher.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/block/block_cipher.h b/src/lib/block/block_cipher.h index f8c6e47b89..9961182faf 100644 --- a/src/lib/block/block_cipher.h +++ b/src/lib/block/block_cipher.h @@ -174,7 +174,7 @@ class BOTAN_PUBLIC_API(2,0) BlockCipher : public SymmetricAlgorithm { const size_t BS = block_size(); xor_buf(data, mask, blocks * BS); - decrypt_n(data, data, blocks); + encrypt_n(data, data, blocks); xor_buf(data, mask, blocks * BS); } @@ -184,7 +184,7 @@ class BOTAN_PUBLIC_API(2,0) BlockCipher : public SymmetricAlgorithm { const size_t BS = block_size(); xor_buf(data, mask, blocks * BS); - encrypt_n(data, data, blocks); + decrypt_n(data, data, blocks); xor_buf(data, mask, blocks * BS); } From 388cb52bc6a6c818e0a2051b7be5f8f4a3d87beb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 23:29:39 -0400 Subject: [PATCH 0040/1008] Remove needless mutable [ci skip] --- src/lib/prov/openssl/openssl_block.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/prov/openssl/openssl_block.cpp b/src/lib/prov/openssl/openssl_block.cpp index 83e0e960d5..33cd9b8cc6 100644 --- a/src/lib/prov/openssl/openssl_block.cpp +++ b/src/lib/prov/openssl/openssl_block.cpp @@ -53,8 +53,8 @@ class OpenSSL_BlockCipher final : public BlockCipher size_t m_block_sz; Key_Length_Specification m_cipher_key_spec; std::string m_cipher_name; - mutable EVP_CIPHER_CTX *m_encrypt; - mutable EVP_CIPHER_CTX *m_decrypt; + EVP_CIPHER_CTX *m_encrypt; + EVP_CIPHER_CTX *m_decrypt; }; OpenSSL_BlockCipher::OpenSSL_BlockCipher(const std::string& algo_name, From a085c32f3bb81f0f1606b5b558bf472bdd02f29e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 12 Oct 2017 23:30:51 -0400 Subject: [PATCH 0041/1008] Somewhat faster xor_buf Avoids the cast alignment problems of yesteryear --- src/lib/utils/mem_ops.h | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index 175f38e2ff..55d5726182 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -166,28 +166,25 @@ inline void xor_buf(uint8_t out[], { while(length >= 16) { - out[0] ^= in[0]; - out[1] ^= in[1]; - out[2] ^= in[2]; - out[3] ^= in[3]; - out[4] ^= in[4]; - out[5] ^= in[5]; - out[6] ^= in[6]; - out[7] ^= in[7]; - out[8] ^= in[8]; - out[9] ^= in[9]; - out[10] ^= in[10]; - out[11] ^= in[11]; - out[12] ^= in[12]; - out[13] ^= in[13]; - out[14] ^= in[14]; - out[15] ^= in[15]; + uint64_t x0, x1, y0, y1; + memcpy(&x0, in, 8); + memcpy(&x1, in + 8, 8); + memcpy(&y0, out, 8); + memcpy(&y1, out + 8, 8); + + y0 ^= x0; + y1 ^= x1; + memcpy(out, &y0, 8); + memcpy(out + 8, &y1, 8); out += 16; in += 16; length -= 16; } - for(size_t i = 0; i != length; ++i) + while(length > 0) { - out[i] ^= in[i]; + out[0] ^= in[0]; + out += 1; + in += 1; + length -= 1; } } From 444eeb5ebcb65de8f063e90a31a4709214dfe78f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 00:30:51 -0400 Subject: [PATCH 0042/1008] OCB optimizations With fast AES-NI, gets down to about 2 cycles per byte which is pretty good compared to the ~5.5 cpb of 2.3, still a long way off the best stiched impls which run at ~0.6 cpb. --- src/lib/modes/aead/ocb/ocb.cpp | 147 ++++++++++++++++++++------------- src/lib/modes/aead/ocb/ocb.h | 1 - 2 files changed, 90 insertions(+), 58 deletions(-) diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 3e134a642b..23af75e8f8 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -17,20 +17,29 @@ namespace Botan { class L_computer final { public: - explicit L_computer(const BlockCipher& cipher) + explicit L_computer(const BlockCipher& cipher) : + m_BS(cipher.block_size()), + m_max_blocks(cipher.parallel_bytes() / m_BS) { - m_L_star.resize(cipher.block_size()); + m_L_star.resize(m_BS); cipher.encrypt(m_L_star); m_L_dollar = poly_double(star()); m_L.push_back(poly_double(dollar())); while(m_L.size() < 8) m_L.push_back(poly_double(m_L.back())); + + m_offset_buf.resize(m_BS * m_max_blocks); } - const secure_vector& star() const { return m_L_star; } + void init(const secure_vector& offset) + { + m_offset = offset; + } + const secure_vector& star() const { return m_L_star; } const secure_vector& dollar() const { return m_L_dollar; } + const secure_vector& offset() const { return m_offset; } const secure_vector& get(size_t i) const { @@ -40,22 +49,53 @@ class L_computer final return m_L[i]; } - const secure_vector& - compute_offsets(secure_vector& offset, - size_t block_index, - size_t blocks, - size_t BS) const + const uint8_t* + compute_offsets(size_t block_index, size_t blocks) { - if(m_offset_buf.size() < blocks * BS) - m_offset_buf.resize(blocks * BS); + BOTAN_ASSERT(blocks <= m_max_blocks, "OCB offsets"); + + uint8_t* offsets = m_offset_buf.data(); + + if(block_index % 4 == 0) + { + const secure_vector& L0 = get(0); + const secure_vector& L1 = get(1); + + while(blocks >= 4) + { + // ntz(4*i+1) == 0 + // ntz(4*i+2) == 1 + // ntz(4*i+3) == 0 + block_index += 4; + const size_t ntz4 = ctz(block_index); + + xor_buf(offsets, m_offset.data(), L0.data(), m_BS); + offsets += m_BS; + + xor_buf(offsets, offsets - m_BS, L1.data(), m_BS); + offsets += m_BS; + + xor_buf(m_offset.data(), L1.data(), m_BS); + copy_mem(offsets, m_offset.data(), m_BS); + offsets += m_BS; + + xor_buf(m_offset.data(), get(ntz4).data(), m_BS); + copy_mem(offsets, m_offset.data(), m_BS); + offsets += m_BS; + + blocks -= 4; + } + } for(size_t i = 0; i != blocks; ++i) { // could be done in parallel - offset ^= get(ctz(block_index + 1 + i)); - copy_mem(&m_offset_buf[BS*i], offset.data(), BS); + const size_t ntz = ctz(block_index + i + 1); + xor_buf(m_offset.data(), get(ntz).data(), m_BS); + copy_mem(offsets, m_offset.data(), m_BS); + offsets += m_BS; } - return m_offset_buf; + return m_offset_buf.data(); } private: @@ -66,9 +106,11 @@ class L_computer final return out; } + const size_t m_BS, m_max_blocks; secure_vector m_L_dollar, m_L_star; + secure_vector m_offset; mutable std::vector> m_L; - mutable secure_vector m_offset_buf; + secure_vector m_offset_buf; }; namespace { @@ -92,26 +134,20 @@ secure_vector ocb_hash(const L_computer& L, for(size_t i = 0; i != ad_blocks; ++i) { // this loop could run in parallel - offset ^= L.get(ctz(i+1)); - + offset ^= L.get(ctz(i+1)); buf = offset; xor_buf(buf.data(), &ad[BS*i], BS); - cipher.encrypt(buf); - sum ^= buf; } if(ad_remainder) { offset ^= L.star(); - buf = offset; xor_buf(buf.data(), &ad[BS*ad_blocks], ad_remainder); buf[ad_remainder] ^= 0x80; - cipher.encrypt(buf); - sum ^= buf; } @@ -123,7 +159,6 @@ secure_vector ocb_hash(const L_computer& L, OCB_Mode::OCB_Mode(BlockCipher* cipher, size_t tag_size) : m_cipher(cipher), m_checksum(m_cipher->parallel_bytes()), - m_offset(m_cipher->block_size()), m_ad_hash(m_cipher->block_size()), m_tag_size(tag_size), m_block_size(m_cipher->block_size()), @@ -156,7 +191,6 @@ void OCB_Mode::reset() { m_block_index = 0; zeroise(m_ad_hash); - zeroise(m_offset); zeroise(m_checksum); m_last_nonce.clear(); m_stretch.clear(); @@ -179,7 +213,7 @@ std::string OCB_Mode::name() const size_t OCB_Mode::update_granularity() const { - return m_cipher->parallel_bytes(); + return (m_par_blocks * block_size()); } Key_Length_Specification OCB_Mode::key_spec() const @@ -297,7 +331,7 @@ void OCB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) BOTAN_ASSERT(m_L, "A key was set"); - m_offset = update_nonce(nonce, nonce_len); + m_L->init(update_nonce(nonce, nonce_len)); zeroise(m_checksum); m_block_index = 0; } @@ -313,11 +347,11 @@ void OCB_Encryption::encrypt(uint8_t buffer[], size_t blocks) const size_t proc_blocks = std::min(blocks, par_blocks()); const size_t proc_bytes = proc_blocks * BS; - const auto& offsets = m_L->compute_offsets(m_offset, m_block_index, proc_blocks, BS); + const uint8_t* offsets = m_L->compute_offsets(m_block_index, proc_blocks); xor_buf(m_checksum.data(), buffer, proc_bytes); - m_cipher->encrypt_n_xex(buffer, offsets.data(), proc_blocks); + m_cipher->encrypt_n_xex(buffer, offsets, proc_blocks); buffer += proc_bytes; blocks -= proc_blocks; @@ -327,9 +361,8 @@ void OCB_Encryption::encrypt(uint8_t buffer[], size_t blocks) size_t OCB_Encryption::process(uint8_t buf[], size_t sz) { - const size_t BS = block_size(); - BOTAN_ASSERT(sz % BS == 0, "Invalid OCB input size"); - encrypt(buf, sz / BS); + BOTAN_ASSERT(sz % update_granularity() == 0, "Invalid OCB input size"); + encrypt(buf, sz / block_size()); return sz; } @@ -341,12 +374,15 @@ void OCB_Encryption::finish(secure_vector& buffer, size_t offset) const size_t sz = buffer.size() - offset; uint8_t* buf = buffer.data() + offset; + secure_vector mac(BS); + if(sz) { const size_t final_full_blocks = sz / BS; const size_t remainder_bytes = sz - (final_full_blocks * BS); encrypt(buf, final_full_blocks); + mac = m_L->offset(); if(remainder_bytes) { @@ -356,33 +392,34 @@ void OCB_Encryption::finish(secure_vector& buffer, size_t offset) xor_buf(m_checksum.data(), remainder, remainder_bytes); m_checksum[remainder_bytes] ^= 0x80; - m_offset ^= m_L->star(); // Offset_* + // Offset_* + mac ^= m_L->star(); secure_vector pad(BS); - m_cipher->encrypt(m_offset, pad); + m_cipher->encrypt(mac, pad); xor_buf(remainder, pad.data(), remainder_bytes); } } + else + { + mac = m_L->offset(); + } - secure_vector checksum(BS); + // now compute the tag // fold checksum for(size_t i = 0; i != m_checksum.size(); i += BS) { - xor_buf(checksum.data(), m_checksum.data() + i, BS); + xor_buf(mac.data(), m_checksum.data() + i, BS); } - // now compute the tag - secure_vector mac = m_offset; - mac ^= checksum; - mac ^= m_L->dollar(); + xor_buf(mac.data(), m_L->dollar().data(), BS); m_cipher->encrypt(mac); - mac ^= m_ad_hash; + xor_buf(mac.data(), m_ad_hash.data(), BS); buffer += std::make_pair(mac.data(), tag_size()); zeroise(m_checksum); - zeroise(m_offset); m_block_index = 0; } @@ -395,9 +432,9 @@ void OCB_Decryption::decrypt(uint8_t buffer[], size_t blocks) const size_t proc_blocks = std::min(blocks, par_blocks()); const size_t proc_bytes = proc_blocks * BS; - const auto& offsets = m_L->compute_offsets(m_offset, m_block_index, proc_blocks, BS); + const uint8_t* offsets = m_L->compute_offsets(m_block_index, proc_blocks); - m_cipher->decrypt_n_xex(buffer, offsets.data(), proc_blocks); + m_cipher->decrypt_n_xex(buffer, offsets, proc_blocks); xor_buf(m_checksum.data(), buffer, proc_bytes); @@ -409,9 +446,8 @@ void OCB_Decryption::decrypt(uint8_t buffer[], size_t blocks) size_t OCB_Decryption::process(uint8_t buf[], size_t sz) { - const size_t BS = block_size(); - BOTAN_ASSERT(sz % BS == 0, "Invalid OCB input size"); - decrypt(buf, sz / BS); + BOTAN_ASSERT(sz % update_granularity() == 0, "Invalid OCB input size"); + decrypt(buf, sz / block_size()); return sz; } @@ -427,12 +463,15 @@ void OCB_Decryption::finish(secure_vector& buffer, size_t offset) const size_t remaining = sz - tag_size(); + secure_vector mac(BS); + if(remaining) { const size_t final_full_blocks = remaining / BS; const size_t final_bytes = remaining - (final_full_blocks * BS); decrypt(buf, final_full_blocks); + mac ^= m_L->offset(); if(final_bytes) { @@ -440,38 +479,32 @@ void OCB_Decryption::finish(secure_vector& buffer, size_t offset) uint8_t* remainder = &buf[remaining - final_bytes]; - m_offset ^= m_L->star(); // Offset_* - + mac ^= m_L->star(); secure_vector pad(BS); - m_cipher->encrypt(m_offset, pad); // P_* - + m_cipher->encrypt(mac, pad); // P_* xor_buf(remainder, pad.data(), final_bytes); xor_buf(m_checksum.data(), remainder, final_bytes); m_checksum[final_bytes] ^= 0x80; } } + else + mac = m_L->offset(); - secure_vector checksum(BS); + // compute the mac // fold checksum for(size_t i = 0; i != m_checksum.size(); i += BS) { - xor_buf(checksum.data(), m_checksum.data() + i, BS); + xor_buf(mac.data(), m_checksum.data() + i, BS); } - // compute the mac - secure_vector mac = m_offset; - mac ^= checksum; mac ^= m_L->dollar(); - m_cipher->encrypt(mac); - mac ^= m_ad_hash; // reset state zeroise(m_checksum); - zeroise(m_offset); m_block_index = 0; // compare mac diff --git a/src/lib/modes/aead/ocb/ocb.h b/src/lib/modes/aead/ocb/ocb.h index f4a54ee30b..173af3704d 100644 --- a/src/lib/modes/aead/ocb/ocb.h +++ b/src/lib/modes/aead/ocb/ocb.h @@ -66,7 +66,6 @@ class BOTAN_PUBLIC_API(2,0) OCB_Mode : public AEAD_Mode size_t m_block_index = 0; secure_vector m_checksum; - secure_vector m_offset; secure_vector m_ad_hash; private: void start_msg(const uint8_t nonce[], size_t nonce_len) override; From 742420b4b631d6d9139fe5f63ca5650f4fb56b9d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 01:36:30 -0400 Subject: [PATCH 0043/1008] Update news [ci skip] --- news.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/news.rst b/news.rst index 6ff334c307..0696833a4b 100644 --- a/news.rst +++ b/news.rst @@ -4,6 +4,10 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Optimizations for OCB, CFB, SM3, CAST-128, CAST-256 + +* Reduce the overhead of ffi calls. + * The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. They have been changed to use the correct encoding, and a test added to ensure such errors do not recur. From 577828a93755549f0e9d8413488e3e4485c67263 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 12:08:30 -0400 Subject: [PATCH 0044/1008] Optimize GCM By allowing multiple blocks for clmul, slight speedup there though still far behind optimum. Precompute a table of multiples of H, 3-4x faster on systems without clmul (and still no secret indexes). Refactor GMAC to not derive from GHASH --- src/cli/speed.cpp | 1 + src/lib/mac/gmac/gmac.cpp | 46 +++++----- src/lib/mac/gmac/gmac.h | 4 +- src/lib/modes/aead/gcm/clmul/clmul.cpp | 113 +++++++++++++------------ src/lib/modes/aead/gcm/clmul/clmul.h | 3 +- src/lib/modes/aead/gcm/gcm.cpp | 111 +++++++++++++++--------- src/lib/modes/aead/gcm/gcm.h | 27 +++--- src/lib/modes/aead/gcm/pmull/pmull.cpp | 109 +++++++++++++----------- src/lib/modes/aead/gcm/pmull/pmull.h | 3 +- src/tests/test_mac.cpp | 2 + 10 files changed, 245 insertions(+), 174 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 83bb29efa9..01a84d7c9f 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1024,6 +1024,7 @@ class Speed final : public Command const Botan::SymmetricKey key(rng(), mac.maximum_keylength()); mac.set_key(key); + mac.start(nullptr, 0); Timer timer(mac.name(), provider, "mac", buffer.size(), buf_size); timer.run_until_elapsed(runtime, [&]() { mac.update(buffer); }); diff --git a/src/lib/mac/gmac/gmac.cpp b/src/lib/mac/gmac/gmac.cpp index 7ce546ad59..af5d245ba3 100644 --- a/src/lib/mac/gmac/gmac.cpp +++ b/src/lib/mac/gmac/gmac.cpp @@ -1,6 +1,7 @@ /* * GMAC * (C) 2016 Matthias Gierlings, René Korthaus + * (C) 2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -9,20 +10,17 @@ namespace Botan { -GMAC::GMAC(BlockCipher* cipher) - : GHASH(), - m_aad_buf(), - m_cipher(cipher), - m_initialized(false) +GMAC::GMAC(BlockCipher* cipher) : + m_aad_buf(), + m_cipher(cipher), + m_ghash(new GHASH), + m_initialized(false) {} void GMAC::clear() { - GHASH::clear(); - m_H.resize(GCM_BS); - m_H_ad.resize(GCM_BS); - m_ghash.resize(GCM_BS); m_cipher->clear(); + m_ghash->clear(); m_aad_buf.clear(); m_initialized = false; } @@ -39,7 +37,10 @@ size_t GMAC::output_length() const void GMAC::add_data(const uint8_t input[], size_t size) { - m_ad_len += size; + /* + FIXME this could be much more efficient, and only buffer leftovers + as needed, instead of inserting everything into the buffer + */ // buffer partial blocks till we received a full input block // or final is called. @@ -47,9 +48,8 @@ void GMAC::add_data(const uint8_t input[], size_t size) if(m_aad_buf.size() >= GCM_BS) { // process all complete input blocks. - ghash_update(m_ghash, - m_aad_buf.data(), - m_aad_buf.size() - (m_aad_buf.size() % GCM_BS)); + m_ghash->update_associated_data(m_aad_buf.data(), + m_aad_buf.size() - (m_aad_buf.size() % GCM_BS)); // remove all processed blocks from buffer. m_aad_buf.erase(m_aad_buf.begin(), @@ -61,7 +61,10 @@ void GMAC::key_schedule(const uint8_t key[], size_t size) { clear(); m_cipher->set_key(key, size); - m_cipher->encrypt(m_H_ad.data(), m_H.data()); + + secure_vector H(GCM_BS); + m_cipher->encrypt(H); + m_ghash->set_key(H); } void GMAC::start_msg(const uint8_t nonce[], size_t nonce_len) @@ -75,13 +78,13 @@ void GMAC::start_msg(const uint8_t nonce[], size_t nonce_len) } else { - ghash_update(y0, nonce, nonce_len); - add_final_block(y0, 0, nonce_len); + m_ghash->ghash_update(y0, nonce, nonce_len); + m_ghash->add_final_block(y0, 0, nonce_len); } secure_vector m_enc_y0(GCM_BS); m_cipher->encrypt(y0.data(), m_enc_y0.data()); - GHASH::start(m_enc_y0.data(), m_enc_y0.size()); + m_ghash->start(m_enc_y0.data(), m_enc_y0.size()); m_initialized = true; } @@ -90,17 +93,16 @@ void GMAC::final_result(uint8_t mac[]) // This ensures the GMAC computation has been initialized with a fresh // nonce. The aim of this check is to prevent developers from re-using // nonces (and potential nonce-reuse attacks). - BOTAN_ASSERT(m_initialized, "GMAC was used with a fresh nonce"); + if(m_initialized == false) + throw Invalid_State("GMAC was not used with a fresh nonce"); // process the rest of the aad buffer. Even if it is a partial block only // ghash_update will process it properly. if(m_aad_buf.size() > 0) { - ghash_update(m_ghash, - m_aad_buf.data(), - m_aad_buf.size()); + m_ghash->update_associated_data(m_aad_buf.data(), m_aad_buf.size()); } - secure_vector result = GHASH::final(); + secure_vector result = m_ghash->final(); copy_mem(mac, result.data(), result.size()); clear(); } diff --git a/src/lib/mac/gmac/gmac.h b/src/lib/mac/gmac/gmac.h index 970f9c0471..bab1702528 100644 --- a/src/lib/mac/gmac/gmac.h +++ b/src/lib/mac/gmac/gmac.h @@ -1,6 +1,7 @@ /* * GMAC * (C) 2016 Matthias Gierlings, René Korthaus + * (C) 2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -20,7 +21,7 @@ namespace Botan { * GMAC requires a unique initialization vector be used for each message. * This must be provided via the MessageAuthenticationCode::start() API */ -class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode, public GHASH +class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode { public: void clear() override; @@ -52,6 +53,7 @@ class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode, publi static const size_t GCM_BS = 16; secure_vector m_aad_buf; std::unique_ptr m_cipher; + std::unique_ptr m_ghash; bool m_initialized; }; diff --git a/src/lib/modes/aead/gcm/clmul/clmul.cpp b/src/lib/modes/aead/gcm/clmul/clmul.cpp index ed3473b4e5..33378d833e 100644 --- a/src/lib/modes/aead/gcm/clmul/clmul.cpp +++ b/src/lib/modes/aead/gcm/clmul/clmul.cpp @@ -12,67 +12,76 @@ namespace Botan { BOTAN_FUNC_ISA("pclmul,ssse3") -void gcm_multiply_clmul(uint8_t x[16], const uint8_t H[16]) +void gcm_multiply_clmul(uint8_t x[16], const uint8_t H[16], + const uint8_t input[], size_t blocks) { /* * Algorithms 1 and 5 from Intel's CLMUL guide */ const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + const __m128i b = _mm_shuffle_epi8(_mm_loadu_si128(reinterpret_cast(H)), BSWAP_MASK); + __m128i a = _mm_loadu_si128(reinterpret_cast(x)); - __m128i b = _mm_loadu_si128(reinterpret_cast(H)); + a = _mm_shuffle_epi8(a, BSWAP_MASK); + + for(size_t i = 0; i != blocks; ++i) + { + __m128i m = _mm_loadu_si128(reinterpret_cast(input) + i); + m = _mm_shuffle_epi8(m, BSWAP_MASK); + + a = _mm_xor_si128(a, m); + + __m128i T0, T1, T2, T3, T4, T5; + + T0 = _mm_clmulepi64_si128(a, b, 0x00); + T1 = _mm_clmulepi64_si128(a, b, 0x01); + T2 = _mm_clmulepi64_si128(a, b, 0x10); + T3 = _mm_clmulepi64_si128(a, b, 0x11); + + T1 = _mm_xor_si128(T1, T2); + T2 = _mm_slli_si128(T1, 8); + T1 = _mm_srli_si128(T1, 8); + T0 = _mm_xor_si128(T0, T2); + T3 = _mm_xor_si128(T3, T1); + + T4 = _mm_srli_epi32(T0, 31); + T0 = _mm_slli_epi32(T0, 1); + + T5 = _mm_srli_epi32(T3, 31); + T3 = _mm_slli_epi32(T3, 1); + + T2 = _mm_srli_si128(T4, 12); + T5 = _mm_slli_si128(T5, 4); + T4 = _mm_slli_si128(T4, 4); + T0 = _mm_or_si128(T0, T4); + T3 = _mm_or_si128(T3, T5); + T3 = _mm_or_si128(T3, T2); + + T4 = _mm_slli_epi32(T0, 31); + T5 = _mm_slli_epi32(T0, 30); + T2 = _mm_slli_epi32(T0, 25); + + T4 = _mm_xor_si128(T4, T5); + T4 = _mm_xor_si128(T4, T2); + T5 = _mm_srli_si128(T4, 4); + T3 = _mm_xor_si128(T3, T5); + T4 = _mm_slli_si128(T4, 12); + T0 = _mm_xor_si128(T0, T4); + T3 = _mm_xor_si128(T3, T0); + + T4 = _mm_srli_epi32(T0, 1); + T1 = _mm_srli_epi32(T0, 2); + T2 = _mm_srli_epi32(T0, 7); + T3 = _mm_xor_si128(T3, T1); + T3 = _mm_xor_si128(T3, T2); + T3 = _mm_xor_si128(T3, T4); + + a = T3; + } a = _mm_shuffle_epi8(a, BSWAP_MASK); - b = _mm_shuffle_epi8(b, BSWAP_MASK); - - __m128i T0, T1, T2, T3, T4, T5; - - T0 = _mm_clmulepi64_si128(a, b, 0x00); - T1 = _mm_clmulepi64_si128(a, b, 0x01); - T2 = _mm_clmulepi64_si128(a, b, 0x10); - T3 = _mm_clmulepi64_si128(a, b, 0x11); - - T1 = _mm_xor_si128(T1, T2); - T2 = _mm_slli_si128(T1, 8); - T1 = _mm_srli_si128(T1, 8); - T0 = _mm_xor_si128(T0, T2); - T3 = _mm_xor_si128(T3, T1); - - T4 = _mm_srli_epi32(T0, 31); - T0 = _mm_slli_epi32(T0, 1); - - T5 = _mm_srli_epi32(T3, 31); - T3 = _mm_slli_epi32(T3, 1); - - T2 = _mm_srli_si128(T4, 12); - T5 = _mm_slli_si128(T5, 4); - T4 = _mm_slli_si128(T4, 4); - T0 = _mm_or_si128(T0, T4); - T3 = _mm_or_si128(T3, T5); - T3 = _mm_or_si128(T3, T2); - - T4 = _mm_slli_epi32(T0, 31); - T5 = _mm_slli_epi32(T0, 30); - T2 = _mm_slli_epi32(T0, 25); - - T4 = _mm_xor_si128(T4, T5); - T4 = _mm_xor_si128(T4, T2); - T5 = _mm_srli_si128(T4, 4); - T3 = _mm_xor_si128(T3, T5); - T4 = _mm_slli_si128(T4, 12); - T0 = _mm_xor_si128(T0, T4); - T3 = _mm_xor_si128(T3, T0); - - T4 = _mm_srli_epi32(T0, 1); - T1 = _mm_srli_epi32(T0, 2); - T2 = _mm_srli_epi32(T0, 7); - T3 = _mm_xor_si128(T3, T1); - T3 = _mm_xor_si128(T3, T2); - T3 = _mm_xor_si128(T3, T4); - - T3 = _mm_shuffle_epi8(T3, BSWAP_MASK); - - _mm_storeu_si128(reinterpret_cast<__m128i*>(x), T3); + _mm_storeu_si128(reinterpret_cast<__m128i*>(x), a); } } diff --git a/src/lib/modes/aead/gcm/clmul/clmul.h b/src/lib/modes/aead/gcm/clmul/clmul.h index b47c73f273..d68e021d2d 100644 --- a/src/lib/modes/aead/gcm/clmul/clmul.h +++ b/src/lib/modes/aead/gcm/clmul/clmul.h @@ -12,7 +12,8 @@ namespace Botan { -void gcm_multiply_clmul(uint8_t x[16], const uint8_t H[16]); +void gcm_multiply_clmul(uint8_t x[16], const uint8_t H[16], + const uint8_t input[], size_t blocks); } diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index bb832245ee..9079aa0390 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -24,52 +24,52 @@ namespace Botan { static const size_t GCM_BS = 16; -void GHASH::gcm_multiply(secure_vector& x) const +void GHASH::gcm_multiply(secure_vector& x, + const uint8_t input[], + size_t blocks) { + if(blocks == 0) + return; + #if defined(BOTAN_HAS_GCM_CLMUL) if(CPUID::has_clmul()) - return gcm_multiply_clmul(x.data(), m_H.data()); + return gcm_multiply_clmul(x.data(), m_H.data(), input, blocks); #elif defined(BOTAN_HAS_GCM_PMULL) if(CPUID::has_arm_pmull()) - return gcm_multiply_pmull(x.data(), m_H.data()); + return gcm_multiply_pmull(x.data(), m_H.data(), input, blocks); #endif - static const uint64_t R = 0xE100000000000000; - - uint64_t H[2] = { - load_be(m_H.data(), 0), - load_be(m_H.data(), 1) - }; - - uint64_t Z[2] = { 0, 0 }; - - CT::poison(H, 2); - CT::poison(Z, 2); CT::poison(x.data(), x.size()); // SSE2 might be useful here - for(size_t i = 0; i != 2; ++i) - { - const uint64_t X = load_be(x.data(), i); + const uint64_t ones = 0xFFFFFFFFFFFFFFFF; - uint64_t mask = 0x8000000000000000; - for(size_t j = 0; j != 64; ++j) - { - const uint64_t XMASK = CT::expand_mask(X & mask); - mask >>= 1; - Z[0] ^= H[0] & XMASK; - Z[1] ^= H[1] & XMASK; + uint64_t X0 = load_be(x.data(), 0); + uint64_t X1 = load_be(x.data(), 1); - // GCM's bit ops are reversed so we carry out of the bottom - const uint64_t carry = R & CT::expand_mask(H[1] & 1); + for(size_t b = 0; b != blocks; ++b) + { + X0 ^= load_be(input, 2*b); + X1 ^= load_be(input, 2*b+1); + + uint64_t Z[2] = { 0, 0 }; - H[1] = (H[1] >> 1) | (H[0] << 63); - H[0] = (H[0] >> 1) ^ carry; + for(size_t i = 0; i != 64; ++i) + { + const uint64_t X0MASK = ones * ((X0 >> (63-i)) & 1); + const uint64_t X1MASK = ones * ((X1 >> (63-i)) & 1); + Z[0] ^= m_HM[4*i ] & X0MASK; + Z[1] ^= m_HM[4*i+1] & X0MASK; + Z[0] ^= m_HM[4*i+2] & X1MASK; + Z[1] ^= m_HM[4*i+3] & X1MASK; } + + X0 = Z[0]; + X1 = Z[1]; } - store_be(x.data(), Z[0], Z[1]); + store_be(x.data(), X0, X1); CT::unpoison(x.data(), x.size()); } @@ -80,16 +80,20 @@ void GHASH::ghash_update(secure_vector& ghash, This assumes if less than block size input then we're just on the final block and should pad with zeros */ - while(length) - { - const size_t to_proc = std::min(length, GCM_BS); - xor_buf(ghash.data(), input, to_proc); + const size_t full_blocks = length / GCM_BS; + const size_t final_bytes = length - (full_blocks * GCM_BS); - gcm_multiply(ghash); + if(full_blocks > 0) + { + gcm_multiply(ghash, input, full_blocks); + } - input += to_proc; - length -= to_proc; + if(final_bytes) + { + secure_vector last_block(GCM_BS); + copy_mem(last_block.data(), input + full_blocks * GCM_BS, final_bytes); + gcm_multiply(ghash, last_block.data(), 1); } } @@ -99,6 +103,32 @@ void GHASH::key_schedule(const uint8_t key[], size_t length) m_H_ad.resize(GCM_BS); m_ad_len = 0; m_text_len = 0; + + uint64_t H0 = load_be(m_H.data(), 0); + uint64_t H1 = load_be(m_H.data(), 1); + + const uint64_t R = 0xE100000000000000; + + m_HM.resize(256); + + // precompute the multiples of H + for(size_t i = 0; i != 2; ++i) + { + for(size_t j = 0; j != 64; ++j) + { + /* + we interleave H^1, H^65, H^2, H^66, ... + to make indexing nicer in the multiplication code + */ + m_HM[4*j+2*i] = H0; + m_HM[4*j+2*i+1] = H1; + + // GCM's bit ops are reversed so we carry out of the bottom + const uint64_t carry = R * (H1 & 1); + H1 = (H1 >> 1) | (H0 << 63); + H0 = (H0 >> 1) ^ carry; + } + } } void GHASH::start(const uint8_t nonce[], size_t len) @@ -115,12 +145,17 @@ void GHASH::set_associated_data(const uint8_t input[], size_t length) m_ad_len = length; } -void GHASH::update(const uint8_t input[], size_t length) +void GHASH::update_associated_data(const uint8_t ad[], size_t length) { BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); + m_ad_len += length; + ghash_update(m_ghash, ad, length); + } +void GHASH::update(const uint8_t input[], size_t length) + { + BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); m_text_len += length; - ghash_update(m_ghash, input, length); } diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h index deedfdadef..eac2add93b 100644 --- a/src/lib/modes/aead/gcm/gcm.h +++ b/src/lib/modes/aead/gcm/gcm.h @@ -111,9 +111,10 @@ class BOTAN_PUBLIC_API(2,0) GCM_Decryption final : public GCM_Mode /** * GCM's GHASH -* Maybe a Transform? +* This is not intended for general use, but is exposed to allow +* shared code between GCM and GMAC */ -class BOTAN_PUBLIC_API(2,0) GHASH : public SymmetricAlgorithm +class BOTAN_PUBLIC_API(2,0) GHASH final : public SymmetricAlgorithm { public: void set_associated_data(const uint8_t ad[], size_t ad_len); @@ -127,6 +128,11 @@ class BOTAN_PUBLIC_API(2,0) GHASH : public SymmetricAlgorithm */ void update(const uint8_t in[], size_t len); + /* + * Incremental update of associated data + */ + void update_associated_data(const uint8_t ad[], size_t len); + secure_vector final(); Key_Length_Specification key_spec() const override @@ -137,24 +143,25 @@ class BOTAN_PUBLIC_API(2,0) GHASH : public SymmetricAlgorithm void reset(); std::string name() const override { return "GHASH"; } - protected: + void ghash_update(secure_vector& x, const uint8_t input[], size_t input_len); void add_final_block(secure_vector& x, size_t ad_len, size_t pt_len); - - secure_vector m_H; - secure_vector m_H_ad; - secure_vector m_ghash; - size_t m_ad_len = 0; - private: void key_schedule(const uint8_t key[], size_t key_len) override; - void gcm_multiply(secure_vector& x) const; + void gcm_multiply(secure_vector& x, + const uint8_t input[], + size_t blocks); + secure_vector m_H; + secure_vector m_H_ad; + secure_vector m_ghash; secure_vector m_nonce; + secure_vector m_HM; + size_t m_ad_len = 0; size_t m_text_len = 0; }; diff --git a/src/lib/modes/aead/gcm/pmull/pmull.cpp b/src/lib/modes/aead/gcm/pmull/pmull.cpp index 54e8416503..12d6ff7d1a 100644 --- a/src/lib/modes/aead/gcm/pmull/pmull.cpp +++ b/src/lib/modes/aead/gcm/pmull/pmull.cpp @@ -10,62 +10,73 @@ namespace Botan { BOTAN_FUNC_ISA("+crypto") -void gcm_multiply_pmull(uint8_t x[16], const uint8_t H[16]) +void gcm_multiply_pmull(uint8_t x[16], const uint8_t H[16], + const uint8_t input[], size_t blocks) { /* * Implementing GCM on ARMv8, http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf */ - const uint64x2_t a64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(x+8)), vrev64_u8(vld1_u8(x)))); + uint64x2_t a64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(x+8)), vrev64_u8(vld1_u8(x)))); const uint64x2_t b64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(H+8)), vrev64_u8(vld1_u8(H)))); - uint64x2_t T0, T1, T2, T3, T4, T5; - - T0 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 0), vgetq_lane_u64(b64, 0)); - T1 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 1), vgetq_lane_u64(b64, 0)); - T2 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 0), vgetq_lane_u64(b64, 1)); - T3 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 1), vgetq_lane_u64(b64, 1)); - - T1 = veorq_u64(T1, T2); - T2 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T1), 8)); - T1 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T1), vdupq_n_u8(0), 8)); - T0 = veorq_u64(T0, T2); - T3 = veorq_u64(T3, T1); - - T4 = vshrq_n_u64(T0, 31); - T0 = vshlq_n_u64(T0, 1); - - T5 = vshrq_n_u64(T3, 31); - T3 = vshlq_n_u64(T3, 1); - - T2 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T4), vdupq_n_u8(0), 12)); - T5 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T5), 12)); - T4 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T4), 12)); - T0 = vorrq_u64(T0, T4); - T3 = vorrq_u64(T3, T5); - T3 = vorrq_u64(T3, T2); - - T4 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 31)); - T5 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 30)); - T2 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 25)); - - T4 = veorq_u64(T4, T5); - T4 = veorq_u64(T4, T2); - T5 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T4), vdupq_n_u8(0), 4)); - T3 = veorq_u64(T3, T5); - T4 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T4), 4)); - T0 = veorq_u64(T0, T4); - T3 = veorq_u64(T3, T0); - - T4 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 1)); - T1 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 2)); - T2 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 7)); - T3 = veorq_u64(T3, T1); - T3 = veorq_u64(T3, T2); - T3 = veorq_u64(T3, T4); - - vst1_u8(x+0, vrev64_u8(vreinterpret_u8_u64(vget_high_u64(T3)))); - vst1_u8(x+8, vrev64_u8(vreinterpret_u8_u64(vget_low_u64(T3)))); + for(size_t i = 0; i != blocks; ++i) + { + const uint64x2_t m64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(input+8)), vrev64_u8(vld1_u8(input)))); + input += 16; + + a64 = veorq_u64(a64, m64); + + uint64x2_t T0, T1, T2, T3, T4, T5; + + T0 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 0), vgetq_lane_u64(b64, 0)); + T1 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 1), vgetq_lane_u64(b64, 0)); + T2 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 0), vgetq_lane_u64(b64, 1)); + T3 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 1), vgetq_lane_u64(b64, 1)); + + T1 = veorq_u64(T1, T2); + T2 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T1), 8)); + T1 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T1), vdupq_n_u8(0), 8)); + T0 = veorq_u64(T0, T2); + T3 = veorq_u64(T3, T1); + + T4 = vshrq_n_u64(T0, 31); + T0 = vshlq_n_u64(T0, 1); + + T5 = vshrq_n_u64(T3, 31); + T3 = vshlq_n_u64(T3, 1); + + T2 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T4), vdupq_n_u8(0), 12)); + T5 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T5), 12)); + T4 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T4), 12)); + T0 = vorrq_u64(T0, T4); + T3 = vorrq_u64(T3, T5); + T3 = vorrq_u64(T3, T2); + + T4 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 31)); + T5 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 30)); + T2 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 25)); + + T4 = veorq_u64(T4, T5); + T4 = veorq_u64(T4, T2); + T5 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T4), vdupq_n_u8(0), 4)); + T3 = veorq_u64(T3, T5); + T4 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T4), 4)); + T0 = veorq_u64(T0, T4); + T3 = veorq_u64(T3, T0); + + T4 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 1)); + T1 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 2)); + T2 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 7)); + T3 = veorq_u64(T3, T1); + T3 = veorq_u64(T3, T2); + T3 = veorq_u64(T3, T4); + + a64 = T3; + } + + vst1_u8(x+0, vrev64_u8(vreinterpret_u8_u64(vget_high_u64(a64)))); + vst1_u8(x+8, vrev64_u8(vreinterpret_u8_u64(vget_low_u64(a64)))); } } diff --git a/src/lib/modes/aead/gcm/pmull/pmull.h b/src/lib/modes/aead/gcm/pmull/pmull.h index 4ddcc8f27d..638b845cd8 100644 --- a/src/lib/modes/aead/gcm/pmull/pmull.h +++ b/src/lib/modes/aead/gcm/pmull/pmull.h @@ -12,7 +12,8 @@ namespace Botan { -void gcm_multiply_pmull(uint8_t x[16], const uint8_t H[16]); +void gcm_multiply_pmull(uint8_t x[16], const uint8_t H[16], + const uint8_t input[], size_t blocks); } diff --git a/src/tests/test_mac.cpp b/src/tests/test_mac.cpp index 471a15fedf..2792aeb3ee 100644 --- a/src/tests/test_mac.cpp +++ b/src/tests/test_mac.cpp @@ -68,6 +68,7 @@ class Message_Auth_Tests final : public Text_Based_Test // Test to make sure clear() resets what we need it to mac->set_key(key); + mac->start(iv); mac->update("some discarded input"); mac->clear(); @@ -81,6 +82,7 @@ class Message_Auth_Tests final : public Text_Based_Test result.confirm("Clone has different pointer", mac.get() != clone.get()); result.test_eq("Clone has same name", mac->name(), clone->name()); clone->set_key(key); + clone->start(iv); clone->update(Test::rng().random_vec(32)); result.test_eq(provider + " correct mac", mac->verify_mac(expected.data(), expected.size()), true); From f044441c5511ced259bbfaae6a0d6ffefd3c3515 Mon Sep 17 00:00:00 2001 From: Alon Bar-Lev Date: Fri, 13 Oct 2017 19:34:25 +0300 Subject: [PATCH 0045/1008] Add limits.h header for INT_MAX Gentoo-Bug: https://bugs.gentoo.org/633468 Signed-off-by: Alon Bar-Lev --- src/lib/prov/openssl/openssl_rsa.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index b3fbf1a480..e6d58c74d3 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -23,6 +23,7 @@ #include #include #include +#include namespace Botan { From 0c2464c328c5c945e1cd2771283f7788f36696ec Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 13:04:58 -0400 Subject: [PATCH 0046/1008] Use memcpy trick in 3-arg xor_buf also --- src/lib/utils/mem_ops.h | 40 +++++++++++++++++----------------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index 55d5726182..be75da6552 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -167,15 +167,15 @@ inline void xor_buf(uint8_t out[], while(length >= 16) { uint64_t x0, x1, y0, y1; - memcpy(&x0, in, 8); - memcpy(&x1, in + 8, 8); - memcpy(&y0, out, 8); - memcpy(&y1, out + 8, 8); + std::memcpy(&x0, in, 8); + std::memcpy(&x1, in + 8, 8); + std::memcpy(&y0, out, 8); + std::memcpy(&y1, out + 8, 8); y0 ^= x0; y1 ^= x1; - memcpy(out, &y0, 8); - memcpy(out + 8, &y1, 8); + std::memcpy(out, &y0, 8); + std::memcpy(out + 8, &y1, 8); out += 16; in += 16; length -= 16; } @@ -202,23 +202,17 @@ inline void xor_buf(uint8_t out[], { while(length >= 16) { - out[0] = in[0] ^ in2[0]; - out[1] = in[1] ^ in2[1]; - out[2] = in[2] ^ in2[2]; - out[3] = in[3] ^ in2[3]; - out[4] = in[4] ^ in2[4]; - out[5] = in[5] ^ in2[5]; - out[6] = in[6] ^ in2[6]; - out[7] = in[7] ^ in2[7]; - out[8] = in[8] ^ in2[8]; - out[9] = in[9] ^ in2[9]; - out[10] = in[10] ^ in2[10]; - out[11] = in[11] ^ in2[11]; - out[12] = in[12] ^ in2[12]; - out[13] = in[13] ^ in2[13]; - out[14] = in[14] ^ in2[14]; - out[15] = in[15] ^ in2[15]; - in += 16; in2 += 16; out += 16; length -= 16; + uint64_t x0, x1, y0, y1; + std::memcpy(&x0, in, 8); + std::memcpy(&x1, in + 8, 8); + std::memcpy(&y0, in2, 8); + std::memcpy(&y1, in2 + 8, 8); + + x0 ^= y0; + x1 ^= y1; + std::memcpy(out, &x0, 8); + std::memcpy(out + 8, &x1, 8); + out += 16; in += 16; in2 += 16; length -= 16; } for(size_t i = 0; i != length; ++i) From 41b6584c6b635374a919986f3741835a7405a529 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 17:24:26 -0400 Subject: [PATCH 0047/1008] Further GCM optimizations Went from 27 to 20 cycles per byte on Skylake (with clmul disabled) --- news.rst | 2 +- src/lib/modes/aead/gcm/gcm.cpp | 44 +++++++++++++++++++++------------- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/news.rst b/news.rst index 0696833a4b..496edba466 100644 --- a/news.rst +++ b/news.rst @@ -4,7 +4,7 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Optimizations for OCB, CFB, SM3, CAST-128, CAST-256 +* Optimizations for OCB, GCM (#1253), CFB, SM3, CAST-128/CAST-256 (#1247) * Reduce the overhead of ffi calls. diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index 9079aa0390..57272f2acc 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -11,13 +11,14 @@ #include #include #include +#include #if defined(BOTAN_HAS_GCM_CLMUL) #include - #include -#elif defined(BOTAN_HAS_GCM_PMULL) +#endif + +#if defined(BOTAN_HAS_GCM_PMULL) #include - #include #endif namespace Botan { @@ -28,48 +29,57 @@ void GHASH::gcm_multiply(secure_vector& x, const uint8_t input[], size_t blocks) { - if(blocks == 0) - return; - #if defined(BOTAN_HAS_GCM_CLMUL) if(CPUID::has_clmul()) + { return gcm_multiply_clmul(x.data(), m_H.data(), input, blocks); -#elif defined(BOTAN_HAS_GCM_PMULL) + } +#endif + +#if defined(BOTAN_HAS_GCM_PMULL) if(CPUID::has_arm_pmull()) + { return gcm_multiply_pmull(x.data(), m_H.data(), input, blocks); + } #endif CT::poison(x.data(), x.size()); // SSE2 might be useful here - const uint64_t ones = 0xFFFFFFFFFFFFFFFF; + const uint64_t ALL_BITS = 0xFFFFFFFFFFFFFFFF; - uint64_t X0 = load_be(x.data(), 0); - uint64_t X1 = load_be(x.data(), 1); + uint64_t X[2] = { + load_be(x.data(), 0), + load_be(x.data(), 1) + }; for(size_t b = 0; b != blocks; ++b) { - X0 ^= load_be(input, 2*b); - X1 ^= load_be(input, 2*b+1); + X[0] ^= load_be(input, 2*b); + X[1] ^= load_be(input, 2*b+1); uint64_t Z[2] = { 0, 0 }; for(size_t i = 0; i != 64; ++i) { - const uint64_t X0MASK = ones * ((X0 >> (63-i)) & 1); - const uint64_t X1MASK = ones * ((X1 >> (63-i)) & 1); + const uint64_t X0MASK = (ALL_BITS + (X[0] >> 63)) ^ ALL_BITS; + const uint64_t X1MASK = (ALL_BITS + (X[1] >> 63)) ^ ALL_BITS; + + X[0] <<= 1; + X[1] <<= 1; + Z[0] ^= m_HM[4*i ] & X0MASK; Z[1] ^= m_HM[4*i+1] & X0MASK; Z[0] ^= m_HM[4*i+2] & X1MASK; Z[1] ^= m_HM[4*i+3] & X1MASK; } - X0 = Z[0]; - X1 = Z[1]; + X[0] = Z[0]; + X[1] = Z[1]; } - store_be(x.data(), X0, X1); + store_be(x.data(), X[0], X[1]); CT::unpoison(x.data(), x.size()); } From eb08509db031d49e5f045ae8d05e26a7773e13c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 17:51:36 -0400 Subject: [PATCH 0048/1008] Accept SHA-1, SHA1, or SHA-160 equally Fixes #1235 [ci skip] --- src/lib/misc/tss/tss.cpp | 2 +- src/lib/prov/bearssl/bearssl_hash.cpp | 2 +- src/lib/prov/openssl/openssl_hash.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/misc/tss/tss.cpp b/src/lib/misc/tss/tss.cpp index 6d4ea4eafa..8830a2953e 100644 --- a/src/lib/misc/tss/tss.cpp +++ b/src/lib/misc/tss/tss.cpp @@ -82,7 +82,7 @@ uint8_t gfp_mul(uint8_t x, uint8_t y) uint8_t rtss_hash_id(const std::string& hash_name) { - if(hash_name == "SHA-160") + if(hash_name == "SHA-160" || hash_name == "SHA-1" || hash_name == "SHA1") return 1; else if(hash_name == "SHA-256") return 2; diff --git a/src/lib/prov/bearssl/bearssl_hash.cpp b/src/lib/prov/bearssl/bearssl_hash.cpp index a0eb845f15..5649356244 100644 --- a/src/lib/prov/bearssl/bearssl_hash.cpp +++ b/src/lib/prov/bearssl/bearssl_hash.cpp @@ -100,7 +100,7 @@ make_bearssl_hash(const std::string& name) #endif #if defined(BOTAN_HAS_SHA1) - if(name == "SHA-160" || name == "SHA-1") + if(name == "SHA-160" || name == "SHA-1" || name == "SHA1") return MAKE_BEARSSL_HASH(&br_sha1_vtable); #endif diff --git a/src/lib/prov/openssl/openssl_hash.cpp b/src/lib/prov/openssl/openssl_hash.cpp index 1b7bbb19b5..08352b1ac0 100644 --- a/src/lib/prov/openssl/openssl_hash.cpp +++ b/src/lib/prov/openssl/openssl_hash.cpp @@ -121,7 +121,7 @@ make_openssl_hash(const std::string& name) #endif #if defined(BOTAN_HAS_SHA1) && !defined(OPENSSL_NO_SHA) - if(name == "SHA-160") + if(name == "SHA-160" || name == "SHA-1" || name == "SHA1") return MAKE_OPENSSL_HASH(EVP_sha1); #endif From d717356bb4dd5d2ab1bf62bbdf9c26a7c223554c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 19:53:44 -0400 Subject: [PATCH 0049/1008] Update list of block ciphers in speed cli [ci skip] --- src/cli/speed.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 01a84d7c9f..9e14306683 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -388,17 +388,28 @@ std::vector default_benchmark_list() "AES-128", "AES-192", "AES-256", + "ARIA-128", + "ARIA-192", + "ARIA-256", "Blowfish", "CAST-128", "CAST-256", + "Camellia-128", + "Camellia-192", + "Camellia-256", "DES", "TripleDES", + "GOST-28147-89", "IDEA", "KASUMI", + "MISTY1", "Noekeon", + "SHACAL2", + "SM4", "Serpent", "Threefish-512", "Twofish", + "XTEA", /* Cipher modes */ "AES-128/CBC", From 69706d9a4cbca0f502d6a810e1e1cbda280367a7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 20:12:03 -0400 Subject: [PATCH 0050/1008] Optimizations for SM4 Using a larger table helps quite a bit. Using 4 tables (ala AES T-tables) didn't seem to help much at all, it's only slightly faster than a single table with rotations. Continue to use the 8 bit table in the first and last rounds as a countermeasure against cache attacks. --- news.rst | 2 +- src/lib/block/sm4/sm4.cpp | 129 +++++++++++++++++++++++++++----------- 2 files changed, 95 insertions(+), 36 deletions(-) diff --git a/news.rst b/news.rst index 496edba466..1f8aaf41ee 100644 --- a/news.rst +++ b/news.rst @@ -4,7 +4,7 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Optimizations for OCB, GCM (#1253), CFB, SM3, CAST-128/CAST-256 (#1247) +* Optimizations for OCB, CFB, SM3, SM4, GCM (#1253), CAST-128/CAST-256 (#1247) * Reduce the overhead of ffi calls. diff --git a/src/lib/block/sm4/sm4.cpp b/src/lib/block/sm4/sm4.cpp index 42c865faf8..2902d514c2 100644 --- a/src/lib/block/sm4/sm4.cpp +++ b/src/lib/block/sm4/sm4.cpp @@ -10,9 +10,9 @@ namespace Botan { -namespace SM4_F { +namespace { -const uint8_t SBOX[256] = { +const uint8_t SM4_SBOX[256] = { 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4, 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, @@ -31,37 +31,92 @@ const uint8_t SBOX[256] = { 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, 0xD7, 0xCB, 0x39, 0x48 }; -inline uint32_t T(uint32_t b) +/* +* SM4_SBOX_T[j] == L(SM4_SBOX[j]). +*/ +const uint32_t SM4_SBOX_T[256] = { + 0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787, + 0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B, + 0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D, + 0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F, + 0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A, + 0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3, + 0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151, + 0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989, + 0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020, + 0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB, + 0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C, + 0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA, + 0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616, + 0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA, + 0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF, + 0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4, + 0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161, + 0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC, + 0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000, + 0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949, + 0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313, + 0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B, + 0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF, + 0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686, + 0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0, + 0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0, + 0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB, + 0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181, + 0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D, + 0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515, + 0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF, + 0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545, + 0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777, + 0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505, + 0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707, + 0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6, + 0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797, + 0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929, + 0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6, + 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212, + 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373, + 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8, + 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 }; + +inline uint32_t SM4_T_slow(uint32_t b) { - /* - TODO: could convert this to 4 8->32 bit tables combined with xor. - It was about 66% faster (110 MiB->181 MiB) on an i7-6700k, but the - large tables will be likely vulnerable to AES style cache attacks. - */ - - const uint8_t b0 = get_byte(0, b); - const uint8_t b1 = get_byte(1, b); - const uint8_t b2 = get_byte(2, b); - const uint8_t b3 = get_byte(3, b); - const uint32_t t = make_uint32(SBOX[b0], SBOX[b1], SBOX[b2], SBOX[b3]); + const uint32_t t = make_uint32(SM4_SBOX[get_byte(0,b)], + SM4_SBOX[get_byte(1,b)], + SM4_SBOX[get_byte(2,b)], + SM4_SBOX[get_byte(3,b)]); // L linear transform return t ^ rotl<2>(t) ^ rotl<10>(t) ^ rotl<18>(t) ^ rotl<24>(t); } +inline uint32_t SM4_T(uint32_t b) + { + return SM4_SBOX_T[get_byte(0,b)] ^ + rotr< 8>(SM4_SBOX_T[get_byte(1,b)]) ^ + rotr<16>(SM4_SBOX_T[get_byte(2,b)]) ^ + rotr<24>(SM4_SBOX_T[get_byte(3,b)]); + } + // Variant of T for key schedule -inline uint32_t Tp(uint32_t b) +inline uint32_t SM4_Tp(uint32_t b) { - const uint8_t b0 = get_byte(0, b); - const uint8_t b1 = get_byte(1, b); - const uint8_t b2 = get_byte(2, b); - const uint8_t b3 = get_byte(3, b); - const uint32_t t = make_uint32(SBOX[b0], SBOX[b1], SBOX[b2], SBOX[b3]); + const uint32_t t = make_uint32(SM4_SBOX[get_byte(0,b)], + SM4_SBOX[get_byte(1,b)], + SM4_SBOX[get_byte(2,b)], + SM4_SBOX[get_byte(3,b)]); // L' linear transform return t ^ rotl<13>(t) ^ rotl<23>(t); } +#define SM4_RNDS(k0,k1,k2,k3,F) do { \ + B0 ^= F(B1 ^ B2 ^ B3 ^ m_RK[k0]); \ + B1 ^= F(B0 ^ B2 ^ B3 ^ m_RK[k1]); \ + B2 ^= F(B0 ^ B1 ^ B3 ^ m_RK[k2]); \ + B3 ^= F(B0 ^ B1 ^ B2 ^ m_RK[k3]); \ + } while(0) + } /* @@ -76,13 +131,14 @@ void SM4::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint32_t B2 = load_be(in, 2); uint32_t B3 = load_be(in, 3); - for(size_t r = 0; r != 32; r += 4) - { - B0 ^= SM4_F::T(B1 ^ B2 ^ B3 ^ m_RK[r + 0]); - B1 ^= SM4_F::T(B0 ^ B2 ^ B3 ^ m_RK[r + 1]); - B2 ^= SM4_F::T(B0 ^ B1 ^ B3 ^ m_RK[r + 2]); - B3 ^= SM4_F::T(B0 ^ B1 ^ B2 ^ m_RK[r + 3]); - } + SM4_RNDS( 0, 1, 2, 3, SM4_T_slow); + SM4_RNDS( 4, 5, 6, 7, SM4_T); + SM4_RNDS( 8, 9, 10, 11, SM4_T); + SM4_RNDS(12, 13, 14, 15, SM4_T); + SM4_RNDS(16, 17, 18, 19, SM4_T); + SM4_RNDS(20, 21, 22, 23, SM4_T); + SM4_RNDS(24, 25, 26, 27, SM4_T); + SM4_RNDS(28, 29, 30, 31, SM4_T_slow); store_be(out, B3, B2, B1, B0); @@ -103,13 +159,14 @@ void SM4::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint32_t B2 = load_be(in, 2); uint32_t B3 = load_be(in, 3); - for(size_t r = 0; r != 32; r += 4) - { - B0 ^= SM4_F::T(B1 ^ B2 ^ B3 ^ m_RK[31 - (r + 0)]); - B1 ^= SM4_F::T(B0 ^ B2 ^ B3 ^ m_RK[31 - (r + 1)]); - B2 ^= SM4_F::T(B0 ^ B1 ^ B3 ^ m_RK[31 - (r + 2)]); - B3 ^= SM4_F::T(B0 ^ B1 ^ B2 ^ m_RK[31 - (r + 3)]); - } + SM4_RNDS(31, 30, 29, 28, SM4_T_slow); + SM4_RNDS(27, 26, 25, 24, SM4_T); + SM4_RNDS(23, 22, 21, 20, SM4_T); + SM4_RNDS(19, 18, 17, 16, SM4_T); + SM4_RNDS(15, 14, 13, 12, SM4_T); + SM4_RNDS(11, 10, 9, 8, SM4_T); + SM4_RNDS( 7, 6, 5, 4, SM4_T); + SM4_RNDS( 3, 2, 1, 0, SM4_T_slow); store_be(out, B3, B2, B1, B0); @@ -118,6 +175,8 @@ void SM4::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } } +#undef SM4_RNDS + /* * SM4 Key Schedule */ @@ -146,7 +205,7 @@ void SM4::key_schedule(const uint8_t key[], size_t) m_RK.resize(32); for(size_t i = 0; i != 32; ++i) { - K[i % 4] ^= SM4_F::Tp(K[(i+1)%4] ^ K[(i+2)%4] ^ K[(i+3)%4] ^ CK[i]); + K[i % 4] ^= SM4_Tp(K[(i+1)%4] ^ K[(i+2)%4] ^ K[(i+3)%4] ^ CK[i]); m_RK[i] = K[i % 4]; } } From 93a902e65466957bdb4210cf84d7f704658ed16f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 13 Oct 2017 21:08:31 -0400 Subject: [PATCH 0051/1008] Reduce AES to using a single T-table Should have significantly better cache characteristics, though it would be nice to verify this. It reduces performance somewhat but less than I expected, at least on Skylake. I need to check this across more platforms to make sure t won't hurt too badly. --- src/lib/block/aes/aes.cpp | 205 +++++++++++++++----------------------- 1 file changed, 78 insertions(+), 127 deletions(-) diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 1893ab4a06..0c78852d41 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -1,6 +1,6 @@ /* * AES -* (C) 1999-2010,2015 Jack Lloyd +* (C) 1999-2010,2015,2017 Jack Lloyd * * Based on the public domain reference implementation by Paulo Baretto * @@ -16,7 +16,9 @@ * vulnerable to timing and cache based side channel attacks. Some * countermeasures are used which may be helpful in some situations: * -* - Small tables are used in the first and last rounds. +* - Only a single 256-word T-table is used, with rotations applied. +* Most implementations use 4 T-tables which leaks much more +* information via cache usage. * * - The TE and TD tables are computed at runtime to avoid flush+reload * attacks using clflush. As different processes will not share the @@ -104,19 +106,22 @@ inline uint8_t xtime11(uint8_t s) { return xtime8(s) ^ xtime(s) ^ s; } inline uint8_t xtime13(uint8_t s) { return xtime8(s) ^ xtime4(s) ^ s; } inline uint8_t xtime14(uint8_t s) { return xtime8(s) ^ xtime4(s) ^ xtime(s); } +inline uint32_t SE_word(uint32_t x) + { + return make_uint32(SE[get_byte(0, x)], + SE[get_byte(1, x)], + SE[get_byte(2, x)], + SE[get_byte(3, x)]); + } + const std::vector& AES_TE() { auto compute_TE = []() -> std::vector { - std::vector TE(1024); + std::vector TE(256); for(size_t i = 0; i != 256; ++i) { const uint8_t s = SE[i]; - const uint32_t x = make_uint32(xtime(s), s, s, xtime3(s)); - - TE[i] = x; - TE[i+256] = rotr< 8>(x); - TE[i+512] = rotr<16>(x); - TE[i+768] = rotr<24>(x); + TE[i] = make_uint32(xtime(s), s, s, xtime3(s)); } return TE; }; @@ -128,16 +133,11 @@ const std::vector& AES_TE() const std::vector& AES_TD() { auto compute_TD = []() -> std::vector { - std::vector TD(1024); + std::vector TD(256); for(size_t i = 0; i != 256; ++i) { const uint8_t s = SD[i]; - const uint32_t x = make_uint32(xtime14(s), xtime9(s), xtime13(s), xtime11(s)); - - TD[i] = x; - TD[i+256] = rotr< 8>(x); - TD[i+512] = rotr<16>(x); - TD[i+768] = rotr<24>(x); + TD[i] = make_uint32(xtime14(s), xtime9(s), xtime13(s), xtime11(s)); } return TD; }; @@ -145,6 +145,12 @@ const std::vector& AES_TD() return TD; } +#define AES_T(T, K, V0, V1, V2, V3) \ + (K ^ T[get_byte(0, V0)] ^ \ + rotr< 8>(T[get_byte(1, V1)]) ^ \ + rotr<16>(T[get_byte(2, V2)]) ^ \ + rotr<24>(T[get_byte(3, V3)])) + /* * AES Encryption */ @@ -160,7 +166,7 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], const std::vector& TE = AES_TE(); // Hit every cache line of TE - uint32_t Z = 0; + volatile uint32_t Z = 0; for(size_t i = 0; i < TE.size(); i += cache_line_size / sizeof(uint32_t)) { Z |= TE[i]; @@ -179,71 +185,44 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], T0 ^= Z; - /* Use only the first 256 entries of the TE table and do the - * rotations directly in the code. This reduces the number of - * cache lines potentially used in the first round from 64 to 16 - * (assuming a typical 64 byte cache line), which makes timing - * attacks a little harder; the first round is particularly - * vulnerable. - */ - - uint32_t B0 = TE[get_byte(0, T0)] ^ - rotr< 8>(TE[get_byte(1, T1)]) ^ - rotr<16>(TE[get_byte(2, T2)]) ^ - rotr<24>(TE[get_byte(3, T3)]) ^ EK[4]; - - uint32_t B1 = TE[get_byte(0, T1)] ^ - rotr< 8>(TE[get_byte(1, T2)]) ^ - rotr<16>(TE[get_byte(2, T3)]) ^ - rotr<24>(TE[get_byte(3, T0)]) ^ EK[5]; - - uint32_t B2 = TE[get_byte(0, T2)] ^ - rotr< 8>(TE[get_byte(1, T3)]) ^ - rotr<16>(TE[get_byte(2, T0)]) ^ - rotr<24>(TE[get_byte(3, T1)]) ^ EK[6]; - - uint32_t B3 = TE[get_byte(0, T3)] ^ - rotr< 8>(TE[get_byte(1, T0)]) ^ - rotr<16>(TE[get_byte(2, T1)]) ^ - rotr<24>(TE[get_byte(3, T2)]) ^ EK[7]; + uint32_t B0 = AES_T(TE, EK[4], T0, T1, T2, T3); + uint32_t B1 = AES_T(TE, EK[5], T1, T2, T3, T0); + uint32_t B2 = AES_T(TE, EK[6], T2, T3, T0, T1); + uint32_t B3 = AES_T(TE, EK[7], T3, T0, T1, T2); for(size_t r = 2*4; r < EK.size(); r += 2*4) { - T0 = EK[r ] ^ TE[get_byte(0, B0) ] ^ TE[get_byte(1, B1) + 256] ^ - TE[get_byte(2, B2) + 512] ^ TE[get_byte(3, B3) + 768]; - T1 = EK[r+1] ^ TE[get_byte(0, B1) ] ^ TE[get_byte(1, B2) + 256] ^ - TE[get_byte(2, B3) + 512] ^ TE[get_byte(3, B0) + 768]; - T2 = EK[r+2] ^ TE[get_byte(0, B2) ] ^ TE[get_byte(1, B3) + 256] ^ - TE[get_byte(2, B0) + 512] ^ TE[get_byte(3, B1) + 768]; - T3 = EK[r+3] ^ TE[get_byte(0, B3) ] ^ TE[get_byte(1, B0) + 256] ^ - TE[get_byte(2, B1) + 512] ^ TE[get_byte(3, B2) + 768]; - - B0 = EK[r+4] ^ TE[get_byte(0, T0) ] ^ TE[get_byte(1, T1) + 256] ^ - TE[get_byte(2, T2) + 512] ^ TE[get_byte(3, T3) + 768]; - B1 = EK[r+5] ^ TE[get_byte(0, T1) ] ^ TE[get_byte(1, T2) + 256] ^ - TE[get_byte(2, T3) + 512] ^ TE[get_byte(3, T0) + 768]; - B2 = EK[r+6] ^ TE[get_byte(0, T2) ] ^ TE[get_byte(1, T3) + 256] ^ - TE[get_byte(2, T0) + 512] ^ TE[get_byte(3, T1) + 768]; - B3 = EK[r+7] ^ TE[get_byte(0, T3) ] ^ TE[get_byte(1, T0) + 256] ^ - TE[get_byte(2, T1) + 512] ^ TE[get_byte(3, T2) + 768]; + T0 = AES_T(TE, EK[r ], B0, B1, B2, B3); + T1 = AES_T(TE, EK[r+1], B1, B2, B3, B0); + T2 = AES_T(TE, EK[r+2], B2, B3, B0, B1); + T3 = AES_T(TE, EK[r+3], B3, B0, B1, B2); + + B0 = AES_T(TE, EK[r+4], T0, T1, T2, T3); + B1 = AES_T(TE, EK[r+5], T1, T2, T3, T0); + B2 = AES_T(TE, EK[r+6], T2, T3, T0, T1); + B3 = AES_T(TE, EK[r+7], T3, T0, T1, T2); } - out[16*i+ 0] = SE[get_byte(0, B0)] ^ ME[0]; - out[16*i+ 1] = SE[get_byte(1, B1)] ^ ME[1]; - out[16*i+ 2] = SE[get_byte(2, B2)] ^ ME[2]; - out[16*i+ 3] = SE[get_byte(3, B3)] ^ ME[3]; - out[16*i+ 4] = SE[get_byte(0, B1)] ^ ME[4]; - out[16*i+ 5] = SE[get_byte(1, B2)] ^ ME[5]; - out[16*i+ 6] = SE[get_byte(2, B3)] ^ ME[6]; - out[16*i+ 7] = SE[get_byte(3, B0)] ^ ME[7]; - out[16*i+ 8] = SE[get_byte(0, B2)] ^ ME[8]; - out[16*i+ 9] = SE[get_byte(1, B3)] ^ ME[9]; - out[16*i+10] = SE[get_byte(2, B0)] ^ ME[10]; - out[16*i+11] = SE[get_byte(3, B1)] ^ ME[11]; - out[16*i+12] = SE[get_byte(0, B3)] ^ ME[12]; - out[16*i+13] = SE[get_byte(1, B0)] ^ ME[13]; - out[16*i+14] = SE[get_byte(2, B1)] ^ ME[14]; - out[16*i+15] = SE[get_byte(3, B2)] ^ ME[15]; + /* + * Use TE[x] >> 8 instead of SE[] so encryption only references a single + * lookup table. + */ + out[16*i+ 0] = static_cast(TE[get_byte(0, B0)] >> 8) ^ ME[0]; + out[16*i+ 1] = static_cast(TE[get_byte(1, B1)] >> 8) ^ ME[1]; + out[16*i+ 2] = static_cast(TE[get_byte(2, B2)] >> 8) ^ ME[2]; + out[16*i+ 3] = static_cast(TE[get_byte(3, B3)] >> 8) ^ ME[3]; + out[16*i+ 4] = static_cast(TE[get_byte(0, B1)] >> 8) ^ ME[4]; + out[16*i+ 5] = static_cast(TE[get_byte(1, B2)] >> 8) ^ ME[5]; + out[16*i+ 6] = static_cast(TE[get_byte(2, B3)] >> 8) ^ ME[6]; + out[16*i+ 7] = static_cast(TE[get_byte(3, B0)] >> 8) ^ ME[7]; + out[16*i+ 8] = static_cast(TE[get_byte(0, B2)] >> 8) ^ ME[8]; + out[16*i+ 9] = static_cast(TE[get_byte(1, B3)] >> 8) ^ ME[9]; + out[16*i+10] = static_cast(TE[get_byte(2, B0)] >> 8) ^ ME[10]; + out[16*i+11] = static_cast(TE[get_byte(3, B1)] >> 8) ^ ME[11]; + out[16*i+12] = static_cast(TE[get_byte(0, B3)] >> 8) ^ ME[12]; + out[16*i+13] = static_cast(TE[get_byte(1, B0)] >> 8) ^ ME[13]; + out[16*i+14] = static_cast(TE[get_byte(2, B1)] >> 8) ^ ME[14]; + out[16*i+15] = static_cast(TE[get_byte(3, B2)] >> 8) ^ ME[15]; } } @@ -259,7 +238,7 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const size_t cache_line_size = CPUID::cache_line_size(); const std::vector& TD = AES_TD(); - uint32_t Z = 0; + volatile uint32_t Z = 0; for(size_t i = 0; i < TD.size(); i += cache_line_size / sizeof(uint32_t)) { Z |= TD[i]; @@ -275,45 +254,22 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, T0 ^= Z; - uint32_t B0 = TD[get_byte(0, T0)] ^ - rotr< 8>(TD[get_byte(1, T3)]) ^ - rotr<16>(TD[get_byte(2, T2)]) ^ - rotr<24>(TD[get_byte(3, T1)]) ^ DK[4]; - - uint32_t B1 = TD[get_byte(0, T1)] ^ - rotr< 8>(TD[get_byte(1, T0)]) ^ - rotr<16>(TD[get_byte(2, T3)]) ^ - rotr<24>(TD[get_byte(3, T2)]) ^ DK[5]; - - uint32_t B2 = TD[get_byte(0, T2)] ^ - rotr< 8>(TD[get_byte(1, T1)]) ^ - rotr<16>(TD[get_byte(2, T0)]) ^ - rotr<24>(TD[get_byte(3, T3)]) ^ DK[6]; - - uint32_t B3 = TD[get_byte(0, T3)] ^ - rotr< 8>(TD[get_byte(1, T2)]) ^ - rotr<16>(TD[get_byte(2, T1)]) ^ - rotr<24>(TD[get_byte(3, T0)]) ^ DK[7]; + uint32_t B0 = AES_T(TD, DK[4], T0, T3, T2, T1); + uint32_t B1 = AES_T(TD, DK[5], T1, T0, T3, T2); + uint32_t B2 = AES_T(TD, DK[6], T2, T1, T0, T3); + uint32_t B3 = AES_T(TD, DK[7], T3, T2, T1, T0); for(size_t r = 2*4; r < DK.size(); r += 2*4) { - T0 = DK[r ] ^ TD[get_byte(0, B0) ] ^ TD[get_byte(1, B3) + 256] ^ - TD[get_byte(2, B2) + 512] ^ TD[get_byte(3, B1) + 768]; - T1 = DK[r+1] ^ TD[get_byte(0, B1) ] ^ TD[get_byte(1, B0) + 256] ^ - TD[get_byte(2, B3) + 512] ^ TD[get_byte(3, B2) + 768]; - T2 = DK[r+2] ^ TD[get_byte(0, B2) ] ^ TD[get_byte(1, B1) + 256] ^ - TD[get_byte(2, B0) + 512] ^ TD[get_byte(3, B3) + 768]; - T3 = DK[r+3] ^ TD[get_byte(0, B3) ] ^ TD[get_byte(1, B2) + 256] ^ - TD[get_byte(2, B1) + 512] ^ TD[get_byte(3, B0) + 768]; - - B0 = DK[r+4] ^ TD[get_byte(0, T0) ] ^ TD[get_byte(1, T3) + 256] ^ - TD[get_byte(2, T2) + 512] ^ TD[get_byte(3, T1) + 768]; - B1 = DK[r+5] ^ TD[get_byte(0, T1) ] ^ TD[get_byte(1, T0) + 256] ^ - TD[get_byte(2, T3) + 512] ^ TD[get_byte(3, T2) + 768]; - B2 = DK[r+6] ^ TD[get_byte(0, T2) ] ^ TD[get_byte(1, T1) + 256] ^ - TD[get_byte(2, T0) + 512] ^ TD[get_byte(3, T3) + 768]; - B3 = DK[r+7] ^ TD[get_byte(0, T3) ] ^ TD[get_byte(1, T2) + 256] ^ - TD[get_byte(2, T1) + 512] ^ TD[get_byte(3, T0) + 768]; + T0 = AES_T(TD, DK[r ], B0, B3, B2, B1); + T1 = AES_T(TD, DK[r+1], B1, B0, B3, B2); + T2 = AES_T(TD, DK[r+2], B2, B1, B0, B3); + T3 = AES_T(TD, DK[r+3], B3, B2, B1, B0); + + B0 = AES_T(TD, DK[r+4], T0, T3, T2, T1); + B1 = AES_T(TD, DK[r+5], T1, T0, T3, T2); + B2 = AES_T(TD, DK[r+6], T2, T1, T0, T3); + B3 = AES_T(TD, DK[r+7], T3, T2, T1, T0); } out[ 0] = SD[get_byte(0, B0)] ^ MD[0]; @@ -363,21 +319,14 @@ void aes_key_schedule(const uint8_t key[], size_t length, for(size_t i = X; i < 4*(rounds+1); i += X) { - XEK[i] = XEK[i-X] ^ RC[(i-X)/X] ^ - make_uint32(SE[get_byte(1, XEK[i-1])], - SE[get_byte(2, XEK[i-1])], - SE[get_byte(3, XEK[i-1])], - SE[get_byte(0, XEK[i-1])]); + XEK[i] = XEK[i-X] ^ RC[(i-X)/X] ^ SE_word(rotl<8>(XEK[i-1])); for(size_t j = 1; j != X; ++j) { XEK[i+j] = XEK[i+j-X]; if(X == 8 && j == 4) - XEK[i+j] ^= make_uint32(SE[get_byte(0, XEK[i+j-1])], - SE[get_byte(1, XEK[i+j-1])], - SE[get_byte(2, XEK[i+j-1])], - SE[get_byte(3, XEK[i+j-1])]); + XEK[i+j] ^= SE_word(XEK[i+j-1]); else XEK[i+j] ^= XEK[i+j-1]; } @@ -394,10 +343,10 @@ void aes_key_schedule(const uint8_t key[], size_t length, } for(size_t i = 4; i != length + 24; ++i) - XDK[i] = TD[SE[get_byte(0, XDK[i])] + 0] ^ - TD[SE[get_byte(1, XDK[i])] + 256] ^ - TD[SE[get_byte(2, XDK[i])] + 512] ^ - TD[SE[get_byte(3, XDK[i])] + 768]; + { + XDK[i] = SE_word(XDK[i]); + XDK[i] = AES_T(TD, 0, XDK[i], XDK[i], XDK[i], XDK[i]); + } ME.resize(16); MD.resize(16); @@ -427,6 +376,8 @@ void aes_key_schedule(const uint8_t key[], size_t length, } +#undef AES_T + size_t aes_parallelism() { #if defined(BOTAN_HAS_AES_NI) From 07c154df84c6940e8d10bc4e8cd28c8eac6f587e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 14 Oct 2017 15:40:02 -0400 Subject: [PATCH 0052/1008] Use overaligned storage for AES T-Table This improves performance by ~ .5 cycle/byte. Also it ensures that our cache reading countermeasure works as expected. --- src/lib/block/aes/aes.cpp | 88 +++++++++++++++++++++++++-------------- 1 file changed, 56 insertions(+), 32 deletions(-) diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 0c78852d41..268e0804d8 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -10,6 +10,7 @@ #include #include #include +#include /* * This implementation is based on table lookups which are known to be @@ -48,6 +49,7 @@ namespace Botan { namespace { +BOTAN_ALIGNAS(64) const uint8_t SE[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, @@ -72,6 +74,7 @@ const uint8_t SE[256] = { 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; +BOTAN_ALIGNAS(64) const uint8_t SD[256] = { 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, @@ -114,35 +117,58 @@ inline uint32_t SE_word(uint32_t x) SE[get_byte(3, x)]); } -const std::vector& AES_TE() +const uint32_t* AES_TE() { - auto compute_TE = []() -> std::vector { - std::vector TE(256); - for(size_t i = 0; i != 256; ++i) - { - const uint8_t s = SE[i]; - TE[i] = make_uint32(xtime(s), s, s, xtime3(s)); - } - return TE; - }; - - static const std::vector TE = compute_TE(); - return TE; + class TE_Table + { + public: + TE_Table() + { + uint32_t* p = reinterpret_cast(data); + for(size_t i = 0; i != 256; ++i) + { + const uint8_t s = SE[i]; + p[i] = make_uint32(xtime(s), s, s, xtime3(s)); + } + } + + const uint32_t* ptr() const + { + return reinterpret_cast(data); + } + private: + std::aligned_storage::type data[256]; + }; + + static TE_Table table; + return table.ptr(); } -const std::vector& AES_TD() +const uint32_t* AES_TD() { - auto compute_TD = []() -> std::vector { - std::vector TD(256); - for(size_t i = 0; i != 256; ++i) - { - const uint8_t s = SD[i]; - TD[i] = make_uint32(xtime14(s), xtime9(s), xtime13(s), xtime11(s)); - } - return TD; - }; - static const std::vector TD = compute_TD(); - return TD; + class TD_Table + { + public: + TD_Table() + { + uint32_t* p = reinterpret_cast(data); + for(size_t i = 0; i != 256; ++i) + { + const uint8_t s = SD[i]; + p[i] = make_uint32(xtime14(s), xtime9(s), xtime13(s), xtime11(s)); + } + } + + const uint32_t* ptr() const + { + return reinterpret_cast(data); + } + private: + std::aligned_storage::type data[256]; + }; + + static TD_Table table; + return table.ptr(); } #define AES_T(T, K, V0, V1, V2, V3) \ @@ -163,11 +189,11 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], const size_t cache_line_size = CPUID::cache_line_size(); - const std::vector& TE = AES_TE(); + const uint32_t* TE = AES_TE(); // Hit every cache line of TE volatile uint32_t Z = 0; - for(size_t i = 0; i < TE.size(); i += cache_line_size / sizeof(uint32_t)) + for(size_t i = 0; i < 256; i += cache_line_size / sizeof(uint32_t)) { Z |= TE[i]; } @@ -236,10 +262,10 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, BOTAN_ASSERT(DK.size() && MD.size() == 16, "Key was set"); const size_t cache_line_size = CPUID::cache_line_size(); - const std::vector& TD = AES_TD(); + const uint32_t* TD = AES_TD(); volatile uint32_t Z = 0; - for(size_t i = 0; i < TD.size(); i += cache_line_size / sizeof(uint32_t)) + for(size_t i = 0; i < 256; i += cache_line_size / sizeof(uint32_t)) { Z |= TD[i]; } @@ -332,8 +358,6 @@ void aes_key_schedule(const uint8_t key[], size_t length, } } - const std::vector& TD = AES_TD(); - for(size_t i = 0; i != 4*(rounds+1); i += 4) { XDK[i ] = XEK[4*rounds-i ]; @@ -345,7 +369,7 @@ void aes_key_schedule(const uint8_t key[], size_t length, for(size_t i = 4; i != length + 24; ++i) { XDK[i] = SE_word(XDK[i]); - XDK[i] = AES_T(TD, 0, XDK[i], XDK[i], XDK[i], XDK[i]); + XDK[i] = AES_T(AES_TD(), 0, XDK[i], XDK[i], XDK[i], XDK[i]); } ME.resize(16); From 500a812741b92a02d79d0aa571dfc8474adda88e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 15 Oct 2017 03:11:21 -0400 Subject: [PATCH 0053/1008] De-inline bodies of exception classes This leads to a rather shocking decrease in binary sizes, especially the static library (~1.5 MB reduction). Saves 60KB in the shared lib. Since throwing or catching an exception is relatively expensive these not being inlined is not a problem in that sense. It had simply not occured to me that it would take up so much extra space in the binary. --- src/lib/utils/exceptn.cpp | 99 ++++++++++++++++++++++++++++++++++++++ src/lib/utils/exceptn.h | 91 +++++++++-------------------------- src/lib/utils/filesystem.h | 10 ++++ 3 files changed, 133 insertions(+), 67 deletions(-) create mode 100644 src/lib/utils/exceptn.cpp diff --git a/src/lib/utils/exceptn.cpp b/src/lib/utils/exceptn.cpp new file mode 100644 index 0000000000..08fbd40e1f --- /dev/null +++ b/src/lib/utils/exceptn.cpp @@ -0,0 +1,99 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include + +namespace Botan { + +Exception::Exception(const std::string& msg) : m_msg(msg) + {} + +Exception::Exception(const char* prefix, const std::string& msg) : + m_msg(std::string(prefix) + " " + msg) + {} + +Invalid_Argument::Invalid_Argument(const std::string& msg) : + Exception("Invalid argument", msg) + {} + +Invalid_Argument::Invalid_Argument(const std::string& msg, const std::string& where) : + Exception("Invalid argument", msg + " in " + where) + {} + +Lookup_Error::Lookup_Error(const std::string& type, + const std::string& algo, + const std::string& provider) : + Exception("Unavailable " + type + " " + algo + + (provider.empty() ? std::string("") : (" for provider " + provider))) + {} + +Internal_Error::Internal_Error(const std::string& err) : + Exception("Internal error: " + err) + {} + +Invalid_Key_Length::Invalid_Key_Length(const std::string& name, size_t length) : + Invalid_Argument(name + " cannot accept a key of length " + + std::to_string(length)) + {} + +Invalid_IV_Length::Invalid_IV_Length(const std::string& mode, size_t bad_len) : + Invalid_Argument("IV length " + std::to_string(bad_len) + + " is invalid for " + mode) + {} + +PRNG_Unseeded::PRNG_Unseeded(const std::string& algo) : + Invalid_State("PRNG not seeded: " + algo) + {} + +Policy_Violation::Policy_Violation(const std::string& err) : + Invalid_State("Policy violation: " + err) + {} + +Algorithm_Not_Found::Algorithm_Not_Found(const std::string& name) : + Lookup_Error("Could not find any algorithm named \"" + name + "\"") + {} + +No_Provider_Found::No_Provider_Found(const std::string& name) : + Exception("Could not find any provider for algorithm named \"" + name + "\"") + {} + +Provider_Not_Found::Provider_Not_Found(const std::string& algo, const std::string& provider) : + Lookup_Error("Could not find provider '" + provider + "' for " + algo) + {} + +Invalid_Algorithm_Name::Invalid_Algorithm_Name(const std::string& name): + Invalid_Argument("Invalid algorithm name: " + name) + {} + +Encoding_Error::Encoding_Error(const std::string& name) : + Invalid_Argument("Encoding error: " + name) + {} + +Decoding_Error::Decoding_Error(const std::string& name) : + Invalid_Argument("Decoding error: " + name) + {} + +Integrity_Failure::Integrity_Failure(const std::string& msg) : + Exception("Integrity failure: " + msg) + {} + +Invalid_OID::Invalid_OID(const std::string& oid) : + Decoding_Error("Invalid ASN.1 OID: " + oid) + {} + +Stream_IO_Error::Stream_IO_Error(const std::string& err) : + Exception("I/O error: " + err) + {} + +Self_Test_Failure::Self_Test_Failure(const std::string& err) : + Internal_Error("Self test failed: " + err) + {} + +Not_Implemented::Not_Implemented(const std::string& err) : + Exception("Not implemented", err) + {} + +} diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index e5432e43b4..5af6b01cc2 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -20,8 +20,8 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) Exception : public std::exception { public: - explicit Exception(const std::string& msg) : m_msg(msg) {} - Exception(const char* prefix, const std::string& msg) : m_msg(std::string(prefix) + " " + msg) {} + Exception(const char* prefix, const std::string& msg); + explicit Exception(const std::string& msg); const char* what() const BOTAN_NOEXCEPT override { return m_msg.c_str(); } private: std::string m_msg; @@ -33,11 +33,9 @@ class BOTAN_PUBLIC_API(2,0) Exception : public std::exception class BOTAN_PUBLIC_API(2,0) Invalid_Argument : public Exception { public: - explicit Invalid_Argument(const std::string& msg) : - Exception("Invalid argument", msg) {} + explicit Invalid_Argument(const std::string& msg); - explicit Invalid_Argument(const std::string& msg, const std::string& where) : - Exception("Invalid argument", msg + " in " + where) {} + explicit Invalid_Argument(const std::string& msg, const std::string& where); }; #define BOTAN_ARG_CHECK(expr) \ @@ -74,10 +72,7 @@ class BOTAN_PUBLIC_API(2,0) Lookup_Error : public Exception Lookup_Error(const std::string& type, const std::string& algo, - const std::string& provider) : - Exception("Unavailable " + type + " " + algo + - (provider.empty() ? std::string("") : (" for provider " + provider))) - {} + const std::string& provider); }; /** @@ -86,9 +81,7 @@ class BOTAN_PUBLIC_API(2,0) Lookup_Error : public Exception class BOTAN_PUBLIC_API(2,0) Internal_Error : public Exception { public: - explicit Internal_Error(const std::string& err) : - Exception("Internal error: " + err) - {} + explicit Internal_Error(const std::string& err); }; /** @@ -97,10 +90,7 @@ class BOTAN_PUBLIC_API(2,0) Internal_Error : public Exception class BOTAN_PUBLIC_API(2,0) Invalid_Key_Length final : public Invalid_Argument { public: - Invalid_Key_Length(const std::string& name, size_t length) : - Invalid_Argument(name + " cannot accept a key of length " + - std::to_string(length)) - {} + Invalid_Key_Length(const std::string& name, size_t length); }; /** @@ -109,10 +99,7 @@ class BOTAN_PUBLIC_API(2,0) Invalid_Key_Length final : public Invalid_Argument class BOTAN_PUBLIC_API(2,0) Invalid_IV_Length final : public Invalid_Argument { public: - Invalid_IV_Length(const std::string& mode, size_t bad_len) : - Invalid_Argument("IV length " + std::to_string(bad_len) + - " is invalid for " + mode) - {} + Invalid_IV_Length(const std::string& mode, size_t bad_len); }; /** @@ -121,20 +108,16 @@ class BOTAN_PUBLIC_API(2,0) Invalid_IV_Length final : public Invalid_Argument class BOTAN_PUBLIC_API(2,0) PRNG_Unseeded final : public Invalid_State { public: - explicit PRNG_Unseeded(const std::string& algo) : - Invalid_State("PRNG not seeded: " + algo) - {} + explicit PRNG_Unseeded(const std::string& algo); }; /** * Policy_Violation Exception */ -class BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State +class BOTAN_DEPRECATED("unused") BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State { public: - explicit Policy_Violation(const std::string& err) : - Invalid_State("Policy violation: " + err) - {} + explicit Policy_Violation(const std::string& err); }; /** @@ -143,20 +126,16 @@ class BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State class BOTAN_PUBLIC_API(2,0) Algorithm_Not_Found final : public Lookup_Error { public: - explicit Algorithm_Not_Found(const std::string& name) : - Lookup_Error("Could not find any algorithm named \"" + name + "\"") - {} + explicit Algorithm_Not_Found(const std::string& name); }; /** * No_Provider_Found Exception */ -class BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception +class BOTAN_DEPRECATED("unused") BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception { public: - explicit No_Provider_Found(const std::string& name) : - Exception("Could not find any provider for algorithm named \"" + name + "\"") - {} + explicit No_Provider_Found(const std::string& name); }; /** @@ -166,8 +145,7 @@ class BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception class BOTAN_PUBLIC_API(2,0) Provider_Not_Found final : public Lookup_Error { public: - Provider_Not_Found(const std::string& algo, const std::string& provider) : - Lookup_Error("Could not find provider '" + provider + "' for " + algo) {} + Provider_Not_Found(const std::string& algo, const std::string& provider); }; /** @@ -176,9 +154,7 @@ class BOTAN_PUBLIC_API(2,0) Provider_Not_Found final : public Lookup_Error class BOTAN_PUBLIC_API(2,0) Invalid_Algorithm_Name final : public Invalid_Argument { public: - explicit Invalid_Algorithm_Name(const std::string& name): - Invalid_Argument("Invalid algorithm name: " + name) - {} + explicit Invalid_Algorithm_Name(const std::string& name); }; /** @@ -187,8 +163,7 @@ class BOTAN_PUBLIC_API(2,0) Invalid_Algorithm_Name final : public Invalid_Argume class BOTAN_PUBLIC_API(2,0) Encoding_Error final : public Invalid_Argument { public: - explicit Encoding_Error(const std::string& name) : - Invalid_Argument("Encoding error: " + name) {} + explicit Encoding_Error(const std::string& name); }; /** @@ -197,8 +172,7 @@ class BOTAN_PUBLIC_API(2,0) Encoding_Error final : public Invalid_Argument class BOTAN_PUBLIC_API(2,0) Decoding_Error : public Invalid_Argument { public: - explicit Decoding_Error(const std::string& name) : - Invalid_Argument("Decoding error: " + name) {} + explicit Decoding_Error(const std::string& name); }; /** @@ -207,8 +181,7 @@ class BOTAN_PUBLIC_API(2,0) Decoding_Error : public Invalid_Argument class BOTAN_PUBLIC_API(2,0) Integrity_Failure final : public Exception { public: - explicit Integrity_Failure(const std::string& msg) : - Exception("Integrity failure: " + msg) {} + explicit Integrity_Failure(const std::string& msg); }; /** @@ -217,8 +190,7 @@ class BOTAN_PUBLIC_API(2,0) Integrity_Failure final : public Exception class BOTAN_PUBLIC_API(2,0) Invalid_OID final : public Decoding_Error { public: - explicit Invalid_OID(const std::string& oid) : - Decoding_Error("Invalid ASN.1 OID: " + oid) {} + explicit Invalid_OID(const std::string& oid); }; /** @@ -227,29 +199,16 @@ class BOTAN_PUBLIC_API(2,0) Invalid_OID final : public Decoding_Error class BOTAN_PUBLIC_API(2,0) Stream_IO_Error final : public Exception { public: - explicit Stream_IO_Error(const std::string& err) : - Exception("I/O error: " + err) - {} - }; - -/** -* No_Filesystem_Access Exception -*/ -class BOTAN_PUBLIC_API(2,0) No_Filesystem_Access final : public Exception - { - public: - No_Filesystem_Access() : Exception("No filesystem access enabled.") {} + explicit Stream_IO_Error(const std::string& err); }; /** * Self Test Failure Exception */ -class BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error +class BOTAN_DEPRECATED("unused") BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error { public: - explicit Self_Test_Failure(const std::string& err) : - Internal_Error("Self test failed: " + err) - {} + explicit Self_Test_Failure(const std::string& err); }; /** @@ -258,9 +217,7 @@ class BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error class BOTAN_PUBLIC_API(2,0) Not_Implemented final : public Exception { public: - explicit Not_Implemented(const std::string& err) : - Exception("Not implemented", err) - {} + explicit Not_Implemented(const std::string& err); }; } diff --git a/src/lib/utils/filesystem.h b/src/lib/utils/filesystem.h index 4d6e2fe40e..f105c7aeb4 100644 --- a/src/lib/utils/filesystem.h +++ b/src/lib/utils/filesystem.h @@ -14,6 +14,16 @@ namespace Botan { +/** +* No_Filesystem_Access Exception +*/ +class BOTAN_PUBLIC_API(2,0) No_Filesystem_Access final : public Exception + { + public: + No_Filesystem_Access() : Exception("No filesystem access enabled.") + {} + }; + BOTAN_TEST_API std::vector get_files_recursive(const std::string& dir); } From d52dece3876df6d19681fb16cb607325aee01052 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 15 Oct 2017 04:02:35 -0400 Subject: [PATCH 0054/1008] GMAC optimization Avoid copying inputs needlessly, on Skylake doubles performance (from 1 GB/s -> 2 GB/s) --- news.rst | 3 ++- src/lib/mac/gmac/gmac.cpp | 50 +++++++++++++++++++++++---------------- src/lib/mac/gmac/gmac.h | 3 ++- 3 files changed, 34 insertions(+), 22 deletions(-) diff --git a/news.rst b/news.rst index 1f8aaf41ee..e1f6242684 100644 --- a/news.rst +++ b/news.rst @@ -4,7 +4,8 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Optimizations for OCB, CFB, SM3, SM4, GCM (#1253), CAST-128/CAST-256 (#1247) +* Optimizations for OCB, CFB, SM3, SM4, GMAC, GCM (#1253), + CAST-128/CAST-256 (#1247). * Reduce the overhead of ffi calls. diff --git a/src/lib/mac/gmac/gmac.cpp b/src/lib/mac/gmac/gmac.cpp index af5d245ba3..be27aba4aa 100644 --- a/src/lib/mac/gmac/gmac.cpp +++ b/src/lib/mac/gmac/gmac.cpp @@ -11,17 +11,20 @@ namespace Botan { GMAC::GMAC(BlockCipher* cipher) : - m_aad_buf(), m_cipher(cipher), m_ghash(new GHASH), + m_aad_buf(GCM_BS), + m_aad_buf_pos(0), m_initialized(false) - {} + { + } void GMAC::clear() { m_cipher->clear(); m_ghash->clear(); - m_aad_buf.clear(); + zeroise(m_aad_buf); + m_aad_buf_pos = 0; m_initialized = false; } @@ -37,23 +40,30 @@ size_t GMAC::output_length() const void GMAC::add_data(const uint8_t input[], size_t size) { - /* - FIXME this could be much more efficient, and only buffer leftovers - as needed, instead of inserting everything into the buffer - */ - - // buffer partial blocks till we received a full input block - // or final is called. - m_aad_buf.insert(m_aad_buf.end(), input, input + size); - if(m_aad_buf.size() >= GCM_BS) + if(m_aad_buf_pos > 0) { - // process all complete input blocks. - m_ghash->update_associated_data(m_aad_buf.data(), - m_aad_buf.size() - (m_aad_buf.size() % GCM_BS)); + const size_t taking = std::min(GCM_BS - m_aad_buf_pos, size); + copy_mem(&m_aad_buf[m_aad_buf_pos], input, taking); + m_aad_buf_pos += taking; + input += taking; + size -= taking; + + if(m_aad_buf_pos == GCM_BS) + { + m_ghash->update_associated_data(m_aad_buf.data(), GCM_BS); + m_aad_buf_pos = 0; + } + } - // remove all processed blocks from buffer. - m_aad_buf.erase(m_aad_buf.begin(), - m_aad_buf.end() - (m_aad_buf.size() % GCM_BS)); + const size_t left_over = size % GCM_BS; + const size_t full_blocks = size - left_over; + m_ghash->update_associated_data(input, full_blocks); + input += full_blocks; + + if(left_over > 0) + { + copy_mem(&m_aad_buf[m_aad_buf_pos], input, left_over); + m_aad_buf_pos += left_over; } } @@ -98,9 +108,9 @@ void GMAC::final_result(uint8_t mac[]) // process the rest of the aad buffer. Even if it is a partial block only // ghash_update will process it properly. - if(m_aad_buf.size() > 0) + if(m_aad_buf_pos > 0) { - m_ghash->update_associated_data(m_aad_buf.data(), m_aad_buf.size()); + m_ghash->update_associated_data(m_aad_buf.data(), m_aad_buf_pos); } secure_vector result = m_ghash->final(); copy_mem(mac, result.data(), result.size()); diff --git a/src/lib/mac/gmac/gmac.h b/src/lib/mac/gmac/gmac.h index bab1702528..ef54a42bf8 100644 --- a/src/lib/mac/gmac/gmac.h +++ b/src/lib/mac/gmac/gmac.h @@ -51,9 +51,10 @@ class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode void key_schedule(const uint8_t key[], size_t size) override; static const size_t GCM_BS = 16; - secure_vector m_aad_buf; std::unique_ptr m_cipher; std::unique_ptr m_ghash; + secure_vector m_aad_buf; + size_t m_aad_buf_pos; bool m_initialized; }; From 96ed1bf7f001e8302bdaa42ab37555ee5c0f9edb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 15 Oct 2017 11:28:06 -0400 Subject: [PATCH 0055/1008] Additional final annotations --- src/cli/cli.h | 2 +- src/cli/encryption.cpp | 2 +- src/cli/speed.cpp | 10 +++++----- src/cli/timing_tests.cpp | 10 +++++----- src/cli/tls_proxy.cpp | 5 +++-- src/cli/tls_utils.cpp | 2 +- src/lib/asn1/der_enc.h | 2 +- src/lib/block/aes/aes.cpp | 6 +++--- src/lib/block/cast/cast128.cpp | 2 +- src/lib/math/numbertheory/dsa_gen.cpp | 2 +- src/lib/pubkey/mce/code_based_key_gen.cpp | 2 +- src/lib/pubkey/newhope/newhope.h | 2 +- src/lib/pubkey/xmss/atomic.h | 2 +- src/lib/pubkey/xmss/xmss_address.h | 2 +- src/lib/pubkey/xmss/xmss_hash.h | 2 +- src/lib/pubkey/xmss/xmss_index_registry.h | 2 +- src/lib/pubkey/xmss/xmss_signature.h | 2 +- src/lib/pubkey/xmss/xmss_tools.h | 2 +- src/lib/pubkey/xmss/xmss_verification_operation.h | 5 ++--- src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h | 6 +++--- src/lib/pubkey/xmss/xmss_wots_parameters.h | 2 +- src/lib/pubkey/xmss/xmss_wots_publickey.h | 2 +- src/lib/tls/tls_messages.h | 4 ++-- src/lib/utils/http_util/http_util.h | 2 +- src/lib/utils/mutex.h | 4 ++-- src/tests/test_hash_id.cpp | 2 +- src/tests/test_tls_cbc.cpp | 2 +- 27 files changed, 44 insertions(+), 44 deletions(-) diff --git a/src/cli/cli.h b/src/cli/cli.h index fc27e1d832..1e81c2ff62 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -554,7 +554,7 @@ class Command return r; } - class Registration + class Registration final { public: Registration(const std::string& name, cmd_maker_fn maker_fn) diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index 9c9279901f..e8d5622c24 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -74,7 +74,7 @@ secure_vector do_crypt(const std::string &cipher, } -class Encryption : public Command +class Encryption final : public Command { public: Encryption() : Command("encryption --buf-size=4096 --decrypt --mode= --key= --iv= --ad=") {} diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 9e14306683..3bb4f9279b 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -132,7 +132,7 @@ namespace Botan_CLI { namespace { -class Timer +class Timer final { public: Timer(const std::string& name, @@ -211,7 +211,7 @@ class Timer return (milliseconds() < msec.count()); } - class Timer_Scope + class Timer_Scope final { public: explicit Timer_Scope(Timer& timer) @@ -465,7 +465,7 @@ std::vector default_benchmark_list() } -class Summary +class Summary final { public: Summary() {} @@ -591,7 +591,7 @@ class Summary } private: - class EntryBps + class EntryBps final { public: EntryBps(const std::string& algo @@ -618,7 +618,7 @@ class Summary std::map m_bps; }; - class EntryOps + class EntryOps final { public: EntryOps(const std::string& algo diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 9600f2a5ed..2587808454 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -89,7 +89,7 @@ class Timing_Test #if defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EME_PKCS1v15) && defined(BOTAN_HAS_EME_RAW) -class Bleichenbacker_Timing_Test : public Timing_Test +class Bleichenbacker_Timing_Test final : public Timing_Test { public: Bleichenbacker_Timing_Test(size_t keysize) @@ -133,7 +133,7 @@ class Bleichenbacker_Timing_Test : public Timing_Test * Padding (OAEP) as Standardized in PKCS #1 v2.0" James Manger * http://archiv.infsec.ethz.ch/education/fs08/secsem/Manger01.pdf */ -class Manger_Timing_Test : public Timing_Test +class Manger_Timing_Test final : public Timing_Test { public: Manger_Timing_Test(size_t keysize) @@ -181,7 +181,7 @@ class Manger_Timing_Test : public Timing_Test /* * Test handling of countermeasure to the Lucky13 attack */ -class Lucky13_Timing_Test : public Timing_Test +class Lucky13_Timing_Test final : public Timing_Test { public: Lucky13_Timing_Test(const std::string& mac_name, size_t mac_keylen) @@ -240,7 +240,7 @@ ticks Lucky13_Timing_Test::measure_critical_function(std::vector input) #if defined(BOTAN_HAS_ECDSA) -class ECDSA_Timing_Test : public Timing_Test +class ECDSA_Timing_Test final : public Timing_Test { public: ECDSA_Timing_Test(std::string ecgroup); @@ -337,7 +337,7 @@ std::vector> Timing_Test::execute_evaluation( return all_results; } -class Timing_Test_Command : public Command +class Timing_Test_Command final : public Command { public: Timing_Test_Command() diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index 25ffabdb82..2c5f6889d4 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -60,7 +60,8 @@ void log_text_message(const char* where, const uint8_t buf[], size_t buf_len) //std::cout << where << ' ' << std::string(c, c + buf_len) << std::endl; } -class tls_proxy_session : public boost::enable_shared_from_this, public Botan::TLS::Callbacks +class tls_proxy_session final : public boost::enable_shared_from_this, + public Botan::TLS::Callbacks { public: enum { readbuf_size = 4 * 1024 }; @@ -337,7 +338,7 @@ class tls_proxy_session : public boost::enable_shared_from_this m_p2s_pending; }; -class tls_proxy_server +class tls_proxy_server final { public: typedef tls_proxy_session session; diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index 96be073dbf..f62781af9e 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -16,7 +16,7 @@ namespace Botan_CLI { -class TLS_All_Policy : public Botan::TLS::Policy +class TLS_All_Policy final : public Botan::TLS::Policy { public: std::vector allowed_ciphers() const override diff --git a/src/lib/asn1/der_enc.h b/src/lib/asn1/der_enc.h index 7ffa824e6d..f1e85101c4 100644 --- a/src/lib/asn1/der_enc.h +++ b/src/lib/asn1/der_enc.h @@ -115,7 +115,7 @@ class BOTAN_PUBLIC_API(2,0) DER_Encoder final uint8_t val); private: - class DER_Sequence + class DER_Sequence final { public: ASN1_Tag tag_of() const; diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 268e0804d8..6afa5133a5 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -119,7 +119,7 @@ inline uint32_t SE_word(uint32_t x) const uint32_t* AES_TE() { - class TE_Table + class TE_Table final { public: TE_Table() @@ -137,7 +137,7 @@ const uint32_t* AES_TE() return reinterpret_cast(data); } private: - std::aligned_storage::type data[256]; + std::aligned_storage<256*sizeof(uint32_t), 64>::type data[256]; }; static TE_Table table; @@ -146,7 +146,7 @@ const uint32_t* AES_TE() const uint32_t* AES_TD() { - class TD_Table + class TD_Table final { public: TD_Table() diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index d54d0614ed..5ad732eb30 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -320,7 +320,7 @@ void CAST_128::cast_ks(secure_vector& K, 0xA466BB1E, 0xF8DA0A82, 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D, 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E }; - class ByteReader + class ByteReader final { public: uint8_t operator()(size_t i) const diff --git a/src/lib/math/numbertheory/dsa_gen.cpp b/src/lib/math/numbertheory/dsa_gen.cpp index 55190d60bf..30be0eaabb 100644 --- a/src/lib/math/numbertheory/dsa_gen.cpp +++ b/src/lib/math/numbertheory/dsa_gen.cpp @@ -56,7 +56,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, const size_t HASH_SIZE = hash->output_length(); - class Seed + class Seed final { public: explicit Seed(const std::vector& s) : m_seed(s) {} diff --git a/src/lib/pubkey/mce/code_based_key_gen.cpp b/src/lib/pubkey/mce/code_based_key_gen.cpp index 01650af266..b655b543b2 100644 --- a/src/lib/pubkey/mce/code_based_key_gen.cpp +++ b/src/lib/pubkey/mce/code_based_key_gen.cpp @@ -19,7 +19,7 @@ namespace Botan { namespace { -class binary_matrix +class binary_matrix final { public: binary_matrix(uint32_t m_rown, uint32_t m_coln); diff --git a/src/lib/pubkey/newhope/newhope.h b/src/lib/pubkey/newhope/newhope.h index 070652db9e..3b6df1c210 100644 --- a/src/lib/pubkey/newhope/newhope.h +++ b/src/lib/pubkey/newhope/newhope.h @@ -25,7 +25,7 @@ class RandomNumberGenerator; */ // TODO: change to just a secure_vector -class newhope_poly +class newhope_poly final { public: uint16_t coeffs[1024]; diff --git a/src/lib/pubkey/xmss/atomic.h b/src/lib/pubkey/xmss/atomic.h index 760ffddc37..d2e65c1042 100644 --- a/src/lib/pubkey/xmss/atomic.h +++ b/src/lib/pubkey/xmss/atomic.h @@ -20,7 +20,7 @@ template * std::vector. The construction of instances of this wrapper is NOT atomic * and needs to be properly guarded. **/ -class Atomic +class Atomic final { public: Atomic() = default; diff --git a/src/lib/pubkey/xmss/xmss_address.h b/src/lib/pubkey/xmss/xmss_address.h index 3838ed48fa..f00343ca3a 100644 --- a/src/lib/pubkey/xmss/xmss_address.h +++ b/src/lib/pubkey/xmss/xmss_address.h @@ -18,7 +18,7 @@ namespace Botan { * OTS-Hash-Address can be called depending on the type currently * assigned to the XMSS address using set_type(). **/ -class XMSS_Address +class XMSS_Address final { public: /** diff --git a/src/lib/pubkey/xmss/xmss_hash.h b/src/lib/pubkey/xmss/xmss_hash.h index 7dcfb8465a..16380f8f19 100644 --- a/src/lib/pubkey/xmss/xmss_hash.h +++ b/src/lib/pubkey/xmss/xmss_hash.h @@ -16,7 +16,7 @@ namespace Botan { * A collection of pseudorandom hash functions required for XMSS and WOTS * computations. **/ -class XMSS_Hash +class XMSS_Hash final { public: XMSS_Hash(const std::string& h_func_name); diff --git a/src/lib/pubkey/xmss/xmss_index_registry.h b/src/lib/pubkey/xmss/xmss_index_registry.h index d7448693a5..27a68631a9 100644 --- a/src/lib/pubkey/xmss/xmss_index_registry.h +++ b/src/lib/pubkey/xmss/xmss_index_registry.h @@ -18,7 +18,7 @@ namespace Botan { * A registry for XMSS private keys, keeps track of the leaf index for * independend copies of the same key. **/ -class XMSS_Index_Registry +class XMSS_Index_Registry final { public: XMSS_Index_Registry(const XMSS_Index_Registry&) = delete; diff --git a/src/lib/pubkey/xmss/xmss_signature.h b/src/lib/pubkey/xmss/xmss_signature.h index 493697d512..838aae2e87 100644 --- a/src/lib/pubkey/xmss/xmss_signature.h +++ b/src/lib/pubkey/xmss/xmss_signature.h @@ -17,7 +17,7 @@ namespace Botan { -class XMSS_Signature +class XMSS_Signature final { public: /** diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index 564a40c520..3065981875 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -19,7 +19,7 @@ namespace Botan { * Helper tools for low level byte operations required * for the XMSS implementation. **/ - class XMSS_Tools + class XMSS_Tools final { public: XMSS_Tools(const XMSS_Tools&) = delete; diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.h b/src/lib/pubkey/xmss/xmss_verification_operation.h index 1b42bb1588..6e8469392c 100644 --- a/src/lib/pubkey/xmss/xmss_verification_operation.h +++ b/src/lib/pubkey/xmss/xmss_verification_operation.h @@ -24,9 +24,8 @@ namespace Botan { * Provides signature verification capabilities for Extended Hash-Based * Signatures (XMSS). **/ - class XMSS_Verification_Operation - final : public virtual PK_Ops::Verification, - public XMSS_Common_Ops + class XMSS_Verification_Operation final : public virtual PK_Ops::Verification, + public XMSS_Common_Ops { public: XMSS_Verification_Operation( diff --git a/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h index e18c69699a..62beaaece1 100644 --- a/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h @@ -21,9 +21,9 @@ namespace Botan { * needs to be stored together with the key and passed to the * XMSS_WOTS_Signature_Operation() on creation. **/ -class XMSS_WOTS_Addressed_PrivateKey - final : public virtual XMSS_WOTS_Addressed_PublicKey, - public virtual Private_Key +class XMSS_WOTS_Addressed_PrivateKey final : + public virtual XMSS_WOTS_Addressed_PublicKey, + public virtual Private_Key { public: XMSS_WOTS_Addressed_PrivateKey(const XMSS_WOTS_PrivateKey& private_key) diff --git a/src/lib/pubkey/xmss/xmss_wots_parameters.h b/src/lib/pubkey/xmss/xmss_wots_parameters.h index 0e16b900b9..0c28250177 100644 --- a/src/lib/pubkey/xmss/xmss_wots_parameters.h +++ b/src/lib/pubkey/xmss/xmss_wots_parameters.h @@ -24,7 +24,7 @@ namespace Botan { * https://datatracker.ietf.org/doc/ * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 **/ -class XMSS_WOTS_Parameters +class XMSS_WOTS_Parameters final { public: enum ots_algorithm_t diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.h b/src/lib/pubkey/xmss/xmss_wots_publickey.h index aa30bd3041..1c7366f0bc 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.h @@ -32,7 +32,7 @@ typedef std::vector> wots_keysig_t; class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PublicKey : virtual public Public_Key { public: - class TreeSignature + class TreeSignature final { public: TreeSignature() = default; diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 4370f6fe26..ac6c1e1ad6 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -68,7 +68,7 @@ class BOTAN_UNSTABLE_API Hello_Verify_Request final : public Handshake_Message class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message { public: - class Settings + class Settings final { public: Settings(const Protocol_Version version, @@ -182,7 +182,7 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message { public: - class Settings + class Settings final { public: Settings(const std::vector new_session_id, diff --git a/src/lib/utils/http_util/http_util.h b/src/lib/utils/http_util/http_util.h index 528a4fae82..ea6122c07e 100644 --- a/src/lib/utils/http_util/http_util.h +++ b/src/lib/utils/http_util/http_util.h @@ -19,7 +19,7 @@ namespace Botan { namespace HTTP { -class Response +class Response final { public: Response() : m_status_code(0), m_status_message("Uninitialized") {} diff --git a/src/lib/utils/mutex.h b/src/lib/utils/mutex.h index 46a652bbaf..6e24815bb0 100644 --- a/src/lib/utils/mutex.h +++ b/src/lib/utils/mutex.h @@ -27,7 +27,7 @@ typedef std::mutex mutex_type; namespace Botan { template -class lock_guard +class lock_guard final { public: explicit lock_guard(Mutex& m) : m_mutex(m) @@ -41,7 +41,7 @@ class lock_guard Mutex& m_mutex; }; -class noop_mutex +class noop_mutex final { public: void lock() {} diff --git a/src/tests/test_hash_id.cpp b/src/tests/test_hash_id.cpp index 9a8565a16a..e58c0a5e73 100644 --- a/src/tests/test_hash_id.cpp +++ b/src/tests/test_hash_id.cpp @@ -17,7 +17,7 @@ namespace Botan_Tests { #if defined(BOTAN_HAS_HASH_ID) && defined(BOTAN_HAS_ASN1) -class PKCS_HashID_Test : public Test +class PKCS_HashID_Test final : public Test { public: std::vector run() override diff --git a/src/tests/test_tls_cbc.cpp b/src/tests/test_tls_cbc.cpp index b26f399ac7..b8359d4838 100644 --- a/src/tests/test_tls_cbc.cpp +++ b/src/tests/test_tls_cbc.cpp @@ -14,7 +14,7 @@ namespace Botan_Tests { #if defined(BOTAN_HAS_TLS_CBC) -class TLS_CBC_Padding_Tests : public Text_Based_Test +class TLS_CBC_Padding_Tests final : public Text_Based_Test { public: TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc.vec", "Record,Output") {} From 51d7b7a96ccb01e0c5ccdec4ceab92db844792f1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 15 Oct 2017 11:32:46 -0400 Subject: [PATCH 0056/1008] Correct usage of std::aligned_storage This ended up allocating 256 KiB! --- src/lib/block/aes/aes.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 6afa5133a5..8a82ad9429 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -124,7 +124,7 @@ const uint32_t* AES_TE() public: TE_Table() { - uint32_t* p = reinterpret_cast(data); + uint32_t* p = reinterpret_cast(&data); for(size_t i = 0; i != 256; ++i) { const uint8_t s = SE[i]; @@ -134,10 +134,10 @@ const uint32_t* AES_TE() const uint32_t* ptr() const { - return reinterpret_cast(data); + return reinterpret_cast(&data); } private: - std::aligned_storage<256*sizeof(uint32_t), 64>::type data[256]; + std::aligned_storage<256*sizeof(uint32_t), 64>::type data; }; static TE_Table table; @@ -151,7 +151,7 @@ const uint32_t* AES_TD() public: TD_Table() { - uint32_t* p = reinterpret_cast(data); + uint32_t* p = reinterpret_cast(&data); for(size_t i = 0; i != 256; ++i) { const uint8_t s = SD[i]; @@ -161,10 +161,10 @@ const uint32_t* AES_TD() const uint32_t* ptr() const { - return reinterpret_cast(data); + return reinterpret_cast(&data); } private: - std::aligned_storage::type data[256]; + std::aligned_storage<256*sizeof(uint32_t), 64>::type data; }; static TD_Table table; From f01f37d142ef230b03ca6af46f1e1a0615e4879a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 15 Oct 2017 11:10:35 -0400 Subject: [PATCH 0057/1008] Simplify speed cmdlet, make summary optional, add JSON output --- src/cli/speed.cpp | 956 ++++++++++++++++++++++------------------------ 1 file changed, 455 insertions(+), 501 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 3bb4f9279b..ffb8c6a0f1 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -14,6 +14,7 @@ #include #include #include +#include // Always available: #include @@ -140,17 +141,18 @@ class Timer final const std::string& doing = "", const std::string& provider = "", size_t buf_size = 0) - : m_name(name + (provider.empty() ? provider : " [" + provider + "]")) + : m_name(name + ((provider.empty() || provider == "base") ? "" : " [" + provider + "]")) , m_doing(doing) + , m_buf_size(buf_size) , m_event_mult(event_mult) - , m_buf_size(buf_size) {} + {} Timer(const std::string& name, const std::string& provider, - const std::string& doing, - uint64_t event_mult = 1, - size_t buf_size = 0) - : Timer(name, event_mult, doing, provider, buf_size) {} + const std::string& doing) + : Timer(name, 1, doing, provider, 0) {} + + Timer(const Timer& other) = default; static uint64_t get_system_timestamp_ns() { @@ -169,42 +171,7 @@ class Timer final m_cpu_cycles_start = Timer::get_cpu_cycle_counter(); } - void stop() - { - if(m_timer_start) - { - const uint64_t now = Timer::get_system_timestamp_ns(); - - if(now > m_timer_start) - { - uint64_t dur = now - m_timer_start; - - m_time_used += dur; - - if(m_cpu_cycles_start != 0) - { - uint64_t cycles_taken = Timer::get_cpu_cycle_counter() - m_cpu_cycles_start; - if(cycles_taken > 0) - { - m_cpu_cycles_used += cycles_taken; - } - } - - if(m_event_count == 0) - { - m_min_time = m_max_time = dur; - } - else - { - m_max_time = std::max(m_max_time, dur); - m_min_time = std::min(m_min_time, dur); - } - } - - m_timer_start = 0; - ++m_event_count; - } - } + void stop(); bool under(std::chrono::milliseconds msec) { @@ -247,10 +214,12 @@ class Timer final { return m_time_used; } + double seconds() const { return milliseconds() / 1000.0; } + double milliseconds() const { return value() / 1000000.0; @@ -270,10 +239,12 @@ class Timer final { return m_event_count * m_event_mult; } + const std::string& get_name() const { return m_name; } + const std::string& doing() const { return m_doing; @@ -299,395 +270,438 @@ class Timer final return events() > 0 ? seconds() / events() : 0.0; } - static std::string result_string_bps(const Timer& t); - static std::string result_string_ops(const Timer& t); + void set_custom_msg(const std::string& s) + { + m_custom_msg = s; + } + + bool operator<(const Timer& other) const + { + if(this->doing() != other.doing()) + return (this->doing() < other.doing()); + + return (this->get_name() < other.get_name()); + } + + std::string to_string() const + { + if(m_custom_msg.size() > 0) + { + return m_custom_msg; + } + else if(this->buf_size() == 0) + { + return result_string_ops(); + } + else + { + return result_string_bps(); + } + } + private: + std::string result_string_bps() const; + std::string result_string_ops() const; + + // const data std::string m_name, m_doing; + size_t m_buf_size; + uint64_t m_event_mult; + + // set at runtime + std::string m_custom_msg; uint64_t m_time_used = 0, m_timer_start = 0; - uint64_t m_event_count = 0, m_event_mult = 0; - size_t m_buf_size = 0; + uint64_t m_event_count = 0; uint64_t m_max_time = 0, m_min_time = 0; uint64_t m_cpu_cycles_start = 0, m_cpu_cycles_used = 0; }; -std::string Timer::result_string_bps(const Timer& timer) +void Timer::stop() + { + if(m_timer_start) + { + const uint64_t now = Timer::get_system_timestamp_ns(); + + if(now > m_timer_start) + { + uint64_t dur = now - m_timer_start; + + m_time_used += dur; + + if(m_cpu_cycles_start != 0) + { + uint64_t cycles_taken = Timer::get_cpu_cycle_counter() - m_cpu_cycles_start; + if(cycles_taken > 0) + { + m_cpu_cycles_used += cycles_taken; + } + } + + if(m_event_count == 0) + { + m_min_time = m_max_time = dur; + } + else + { + m_max_time = std::max(m_max_time, dur); + m_min_time = std::min(m_min_time, dur); + } + } + + m_timer_start = 0; + ++m_event_count; + } + } + +std::string Timer::result_string_bps() const { const size_t MiB = 1024 * 1024; - const double MiB_total = static_cast(timer.events()) / MiB; - const double MiB_per_sec = MiB_total / timer.seconds(); + const double MiB_total = static_cast(events()) / MiB; + const double MiB_per_sec = MiB_total / seconds(); std::ostringstream oss; - oss << timer.get_name(); + oss << get_name(); - if(!timer.doing().empty()) + if(!doing().empty()) { - oss << " " << timer.doing(); + oss << " " << doing(); } - if(timer.buf_size() > 0) + if(buf_size() > 0) { - oss << " buffer size " << timer.buf_size() << " bytes:"; + oss << " buffer size " << buf_size() << " bytes:"; } - oss << " " << std::fixed << std::setprecision(3) << MiB_per_sec << " MiB/sec"; + if(events() == 0) + oss << " " << "N/A"; + else + oss << " " << std::fixed << std::setprecision(3) << MiB_per_sec << " MiB/sec"; - if(timer.cycles_consumed() != 0) + if(cycles_consumed() != 0) { - const double cycles_per_byte = static_cast(timer.cycles_consumed()) / timer.events(); + const double cycles_per_byte = static_cast(cycles_consumed()) / events(); oss << " " << std::fixed << std::setprecision(2) << cycles_per_byte << " cycles/byte"; } - oss << " (" << MiB_total << " MiB in " << timer.milliseconds() << " ms)\n"; + oss << " (" << MiB_total << " MiB in " << milliseconds() << " ms)\n"; return oss.str(); } -std::string Timer::result_string_ops(const Timer& timer) +std::string Timer::result_string_ops() const { std::ostringstream oss; - oss << timer.get_name() << " "; + oss << get_name() << " "; - if(timer.events() == 0) + if(events() == 0) { oss << "no events\n"; } else { - oss << static_cast(timer.events_per_second()) - << ' ' << timer.doing() << "/sec; " + oss << static_cast(events_per_second()) + << ' ' << doing() << "/sec; " << std::setprecision(2) << std::fixed - << timer.ms_per_event() << " ms/op"; + << ms_per_event() << " ms/op"; - if(timer.cycles_consumed() != 0) + if(cycles_consumed() != 0) { - const double cycles_per_op = static_cast(timer.cycles_consumed()) / timer.events(); + const double cycles_per_op = static_cast(cycles_consumed()) / events(); const size_t precision = (cycles_per_op < 10000) ? 2 : 0; oss << " " << std::fixed << std::setprecision(precision) << cycles_per_op << " cycles/op"; } - oss << " (" << timer.events() << " " << (timer.events() == 1 ? "op" : "ops") - << " in " << timer.milliseconds() << " ms)\n"; + oss << " (" << events() << " " << (events() == 1 ? "op" : "ops") + << " in " << milliseconds() << " ms)\n"; } return oss.str(); } -std::vector default_benchmark_list() +class JSON_Output final { - /* - This is not intended to be exhaustive: it just hits the high - points of the most interesting or widely used algorithms. - */ + public: + void add(const Timer& timer) { m_results.push_back(timer); } - return - { - /* Block ciphers */ - "AES-128", - "AES-192", - "AES-256", - "ARIA-128", - "ARIA-192", - "ARIA-256", - "Blowfish", - "CAST-128", - "CAST-256", - "Camellia-128", - "Camellia-192", - "Camellia-256", - "DES", - "TripleDES", - "GOST-28147-89", - "IDEA", - "KASUMI", - "MISTY1", - "Noekeon", - "SHACAL2", - "SM4", - "Serpent", - "Threefish-512", - "Twofish", - "XTEA", - - /* Cipher modes */ - "AES-128/CBC", - "AES-128/CTR-BE", - "AES-128/EAX", - "AES-128/OCB", - "AES-128/GCM", - "AES-128/XTS", - - "Serpent/CBC", - "Serpent/CTR-BE", - "Serpent/EAX", - "Serpent/OCB", - "Serpent/GCM", - "Serpent/XTS", - - "ChaCha20Poly1305", - - /* Stream ciphers */ - "RC4", - "Salsa20", - - /* Hashes */ - "Tiger", - "RIPEMD-160", - "SHA-160", - "SHA-256", - "SHA-512", - "Skein-512", - "Keccak-1600(512)", - "Whirlpool", - - /* MACs */ - "CMAC(AES-128)", - "HMAC(SHA-256)", - - /* Misc */ - "random_prime" - - /* pubkey */ - "RSA", - "DH", - "ECDH", - "ECDSA", - "ECKCDSA", - "ECGDSA", - "Ed25519", - "Curve25519", - "NEWHOPE", - "McEliece", - }; - } + std::string print() const + { + std::ostringstream out; -} + out << "[\n"; + for(const Timer& t : m_results) + { + //out << t.format_json(); + + out << '{'; + out << "\"algo\": \"" << t.get_name() << "\", "; + out << "\"op\": \"" << t.doing() << "\", "; + + out << "\"events\": " << t.events() << ", "; + if(t.cycles_consumed() > 0) + out << "\"cycles\": " << t.cycles_consumed() << ", "; + if(t.buf_size() > 0) + out << "\"buf_size\": " << t.buf_size() << ", "; + + out << "\"nanos\": " << t.value(); + + out << "},\n"; + } + out << "]\n"; + + return out.str(); + } + private: + std::vector m_results; + }; class Summary final { public: Summary() {} - void add_bps_entry(const std::string& algo, const std::string& operation, - size_t buf_size, double bps) + void add(const Timer& t) { - // find existing entry - auto bps_entrie_it = std::find_if(m_bps_entries.begin(), m_bps_entries.end(), - [=](EntryBps entry) - { - return entry.algo() == algo && - entry.operation() == operation; - } - ); - - // add new entry or update existing - if(bps_entrie_it != m_bps_entries.end()) - { - bps_entrie_it->add_bps(buf_size, bps); - } - else - { - m_bps_entries.emplace_back(EntryBps(algo, operation, buf_size, bps)); - } + if(t.buf_size() == 0) + { + m_ops_entries.push_back(t); + } + else + { + m_bps_entries[std::make_pair(t.doing(), t.get_name())].push_back(t); + } } - void add_ops_entry(const std::string& algo, const std::string& operation, - double time_op, double ops) + std::string print() { - m_ops_entries.emplace_back(EntryOps(algo, operation, time_op, ops)); - } + const size_t name_padding = 35; + const size_t op_name_padding = 16; + const size_t op_padding = 16; - const std::string print() - { - std::stringstream result_ss; - result_ss << std::fixed; + std::ostringstream result_ss; + result_ss << std::fixed; - if(!m_bps_entries.empty()) + if(m_bps_entries.size() > 0) { - result_ss << "\n"; + result_ss << "\n"; - // sort entries - std::sort(m_bps_entries.begin(), m_bps_entries.end(), - [](const EntryBps& a, const EntryBps& b) - { - if(a.operation() != b.operation()) - { - return a.operation() < b.operation(); - } - else - { - return a.algo() < b.algo(); - } - } - ); + // add table header + result_ss << std::setw(name_padding) << std::left << "algo" + << std::setw(op_name_padding) << std::left << "operation"; - // add table header - result_ss << std::setw(30) << std::left << "algo" - << std::setw(11) << std::left << "operation"; + for(const Timer& t : m_bps_entries.begin()->second) + { + result_ss << std::setw(op_padding) << std::right << (std::to_string(t.buf_size()) + " bytes"); + } + result_ss << "\n"; - for(const auto& buf_size : ( *m_bps_entries.begin() ).bps() ) - { - result_ss << std::setw(15) << std::left << std::to_string(buf_size.first) + " bytes"; - } - result_ss << "\n"; + // add table entries + for(const auto& entry : m_bps_entries) + { + if(entry.second.empty()) + continue; + + result_ss << std::setw(name_padding) << std::left << (entry.first.second) + << std::setw(op_name_padding) << std::left << (entry.first.first); - // add table entries - for(const auto& entry : m_bps_entries) + for(const Timer& t : entry.second) { - result_ss << std::setw(30) << std::left << entry.algo() - << std::setw(11) << std::left << entry.operation(); - for(const auto& bps : entry.bps()) + if(t.events() == 0) { - result_ss << std::setw(15) << std::left << std::setprecision(2) << bps.second / 1000.0; + result_ss << std::setw(op_padding) << std::right << "N/A"; + } + else + { + result_ss << std::setw(op_padding) << std::right + << std::setprecision(2) << (t.bytes_per_second() / 1000.0); } - - result_ss << "\n"; } - result_ss << "[results are the number of 1000s bytes processed per second]\n"; + result_ss << "\n"; + } + + result_ss << "\n[results are the number of 1000s bytes processed per second]\n"; } - if(!m_ops_entries.empty()) + if(m_ops_entries.size() > 0) { - result_ss << std::setprecision(6) << "\n"; + result_ss << std::setprecision(6) << "\n"; - // sort entries - std::sort(m_ops_entries.begin(), m_ops_entries.end(), - [](const EntryOps& a, const EntryOps& b) - { - if(a.operation() != b.operation()) - { - return a.operation() < b.operation(); - } - else - { - return a.algo() < b.algo(); - } - } - ); + // sort entries + std::sort(m_ops_entries.begin(), m_ops_entries.end()); - // add table header - result_ss << std::setw(35) << std::left << "algo" - << std::setw(11) << std::left << "operation" - << std::setw(18) << std::left << "sec/op" - << std::setw(18) << std::left << "op/sec" - << "\n"; + // add table header + result_ss << std::setw(name_padding) << std::left << "algo" + << std::setw(op_name_padding) << std::left << "operation" + << std::setw(op_padding) << std::right << "sec/op" + << std::setw(op_padding) << std::right << "op/sec" + << "\n"; - // add table entries - for(const auto& entry : m_ops_entries) - { - result_ss << std::setw(35) << std::left << entry.algo() - << std::setw(11) << std::left << entry.operation() - << std::setw(18) << std::left << entry.time_op() - << std::setw(18) << std::left << entry.ops() - << "\n"; - } + // add table entries + for(const Timer& entry : m_ops_entries) + { + result_ss << std::setw(name_padding) << std::left << entry.get_name() + << std::setw(op_name_padding) << std::left << entry.doing() + << std::setw(op_padding) << std::right << entry.seconds_per_event() + << std::setw(op_padding) << std::right << entry.events_per_second() + << "\n"; + } } - return result_ss.str(); + return result_ss.str(); } private: - class EntryBps final - { - public: - EntryBps(const std::string& algo - , const std::string& operation - , size_t buf_size - , double bps) - : m_algo(algo) - , m_operation(operation) - { - m_bps[buf_size] = bps; - } - - const std::string& algo() const { return m_algo; } - const std::string& operation() const { return m_operation; } - const std::map& bps() const { return m_bps; } - - void add_bps(size_t buf_size, double bps) - { - m_bps[buf_size] = bps; - } + std::map, std::vector> m_bps_entries; + std::vector m_ops_entries; + }; - private: - std::string m_algo = "", m_operation = ""; - std::map m_bps; - }; +std::vector unique_buffer_sizes(const std::string& cmdline_arg) + { + std::set buf; + for(std::string size_str : Botan::split_on(cmdline_arg, ',')) + { + size_t x = 0; + try + { + size_t converted = 0; + x = static_cast(std::stoul(size_str, &converted, 0)); - class EntryOps final + if(converted != size_str.size()) + throw CLI_Usage_Error("Invalid integer"); + } + catch(std::exception& e) { - public: - EntryOps(const std::string& algo - , const std::string& operation - , double time_op - , double ops) - : m_algo(algo) - , m_operation(operation) - , m_time_op(time_op) - , m_ops(ops) {} - - const std::string& algo() const { return m_algo; } - const std::string& operation() const { return m_operation; } - double time_op() const { return m_time_op; } - double ops() const { return m_ops; } + throw CLI_Usage_Error("Invalid integer value '" + size_str + "' for option buf-size"); + } - private: - std::string m_algo = "", m_operation = ""; - double m_time_op = 0.0, m_ops = 0.0; - }; + if(x == 0 || x > 16*1024*1024) + throw CLI_Usage_Error("Invalid integer value '" + size_str + "' for option buf-size"); - std::vector m_bps_entries; - std::vector m_ops_entries; - }; + buf.insert(x); + } + return std::vector(buf.begin(), buf.end()); + } + +} class Speed final : public Command { public: Speed() - : Command("speed --msec=300 --provider= --buf-size=4096 --clear-cpuid= --ecc-groups= *algos") {} + : Command("speed --msec=100 --format=default --provider= --buf-size=1024 --clear-cpuid= --ecc-groups= *algos") {} + + std::vector default_benchmark_list() + { + /* + This is not intended to be exhaustive: it just hits the high + points of the most interesting or widely used algorithms. + */ + + return { + /* Block ciphers */ + "AES-128", + "AES-192", + "AES-256", + "ARIA-128", + "ARIA-192", + "ARIA-256", + "Blowfish", + "CAST-128", + "CAST-256", + "Camellia-128", + "Camellia-192", + "Camellia-256", + "DES", + "TripleDES", + "GOST-28147-89", + "IDEA", + "KASUMI", + "MISTY1", + "Noekeon", + "SHACAL2", + "SM4", + "Serpent", + "Threefish-512", + "Twofish", + "XTEA", + + /* Cipher modes */ + "AES-128/CBC", + "AES-128/CTR-BE", + "AES-128/EAX", + "AES-128/OCB", + "AES-128/GCM", + "AES-128/XTS", + + "Serpent/CBC", + "Serpent/CTR-BE", + "Serpent/EAX", + "Serpent/OCB", + "Serpent/GCM", + "Serpent/XTS", + + "ChaCha20Poly1305", + + /* Stream ciphers */ + "RC4", + "Salsa20", + + /* Hashes */ + "Tiger", + "RIPEMD-160", + "SHA-160", + "SHA-256", + "SHA-512", + "Skein-512", + "Keccak-1600(512)", + "Whirlpool", + + /* MACs */ + "CMAC(AES-128)", + "HMAC(SHA-256)", + + /* Misc */ + "random_prime" + + /* pubkey */ + "RSA", + "DH", + "ECDH", + "ECDSA", + "ECKCDSA", + "ECGDSA", + "Ed25519", + "Curve25519", + "NEWHOPE", + "McEliece", + }; + } void go() override { std::chrono::milliseconds msec(get_arg_sz("msec")); const std::string provider = get_arg("provider"); std::vector ecc_groups = Botan::split_on(get_arg("ecc-groups"), ','); + const std::string format = get_arg("format"); + + if(format == "table") + m_summary.reset(new Summary); + else if(format == "json") + m_json.reset(new JSON_Output); + else if(format != "default") + throw CLI_Usage_Error("Unknown --format type '" + format + "'"); if(ecc_groups.empty()) ecc_groups = { "secp256r1", "secp384r1", "secp521r1" }; std::vector algos = get_arg_list("algos"); - std::vector buf_sizes; - for(auto size_str : Botan::split_on(get_arg("buf-size"), ',')) - { - try - { - auto new_buf_size = static_cast(std::stoul(size_str)); - - auto it = std::find_if(buf_sizes.begin(), buf_sizes.end(), - [new_buf_size](size_t buf_size) - { - return buf_size == new_buf_size; - } - ); - - if(it == buf_sizes.end()) - { - buf_sizes.insert(buf_sizes.end(), new_buf_size); - } - } - catch(std::exception&) - { - throw CLI_Usage_Error("Invalid integer value '" + size_str + "' for option buf-size"); - } - } - - std::sort(buf_sizes.begin(), buf_sizes.end()); + const std::vector buf_sizes = unique_buffer_sizes(get_arg("buf-size")); Botan::CPUID::initialize(); @@ -888,7 +902,7 @@ class Speed final : public Command } else { - output() << "Skipping simd perf test, CPUID indicates SIMD not supported"; + error_output() << "Skipping simd perf test, CPUID indicates SIMD not supported"; } } #endif @@ -905,13 +919,36 @@ class Speed final : public Command } } - output() << m_summary.print() << "\n"; - output() << Botan::version_string() << "\n"; + if(m_json) + { + output() << m_json->print(); + } + if(m_summary) + { + output() << m_summary->print() << "\n" + << Botan::version_string() << "\n" + << "CPUID: " << Botan::CPUID::to_string() << "\n"; + } } private: - Summary m_summary; + std::unique_ptr m_summary; + std::unique_ptr m_json; + + void record_result(const Timer& t) + { + if(m_json) + { + m_json->add(t); + } + else + { + output() << t.to_string(); + if(m_summary) + m_summary->add(t); + } + } template using bench_fn = std::function buffer(buf_size * cipher.block_size()); - Timer encrypt_timer(cipher.name(), provider, "encrypt", buffer.size(), buf_size); - Timer decrypt_timer(cipher.name(), provider, "decrypt", buffer.size(), buf_size); + Timer encrypt_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); + Timer decrypt_timer(cipher.name(), buffer.size(), "decrypt", provider, buf_size); encrypt_timer.run_until_elapsed(runtime, [&]() { cipher.encrypt(buffer); }); - output() << Timer::result_string_bps(encrypt_timer); + record_result(encrypt_timer); decrypt_timer.run_until_elapsed(runtime, [&]() { cipher.decrypt(buffer); }); - output() << Timer::result_string_bps(decrypt_timer); - - m_summary.add_bps_entry(encrypt_timer.get_name(), encrypt_timer.doing(), buf_size, - encrypt_timer.bytes_per_second()); - m_summary.add_bps_entry(decrypt_timer.get_name(), decrypt_timer.doing(), buf_size, - decrypt_timer.bytes_per_second()); + record_result(decrypt_timer); } } @@ -981,7 +1013,7 @@ class Speed final : public Command { Botan::secure_vector buffer = rng().random_vec(buf_size); - Timer encrypt_timer(cipher.name(), provider, "encrypt", buffer.size(), buf_size); + Timer encrypt_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); const Botan::SymmetricKey key(rng(), cipher.maximum_keylength()); cipher.set_key(key); @@ -997,10 +1029,7 @@ class Speed final : public Command encrypt_timer.run([&]() { cipher.encipher(buffer); }); } - output() << Timer::result_string_bps(encrypt_timer); - - m_summary.add_bps_entry(encrypt_timer.get_name(), encrypt_timer.doing(), buf_size, - encrypt_timer.bytes_per_second()); + record_result(encrypt_timer); } } @@ -1014,12 +1043,9 @@ class Speed final : public Command { Botan::secure_vector buffer = rng().random_vec(buf_size); - Timer timer(hash.name(), provider, "hash", buffer.size(), buf_size); + Timer timer(hash.name(), buffer.size(), "hash", provider, buf_size); timer.run_until_elapsed(runtime, [&]() { hash.update(buffer); }); - output() << Timer::result_string_bps(timer); - - m_summary.add_bps_entry(timer.get_name(), timer.doing(), buf_size, - timer.bytes_per_second()); + record_result(timer); } } @@ -1037,12 +1063,9 @@ class Speed final : public Command mac.set_key(key); mac.start(nullptr, 0); - Timer timer(mac.name(), provider, "mac", buffer.size(), buf_size); + Timer timer(mac.name(), buffer.size(), "mac", provider, buf_size); timer.run_until_elapsed(runtime, [&]() { mac.update(buffer); }); - output() << Timer::result_string_bps(timer); - - m_summary.add_bps_entry(timer.get_name(), timer.doing(), buf_size, - timer.bytes_per_second()); + record_result(timer); } } @@ -1059,42 +1082,44 @@ class Speed final : public Command ks_timer.run([&]() { enc.set_key(key); }); ks_timer.run([&]() { dec.set_key(key); }); - output() << Timer::result_string_ops(ks_timer); + record_result(ks_timer); + + Timer iv_timer(enc.name(), enc.provider(), "iv setup"); for(auto buf_size : buf_sizes) { Botan::secure_vector buffer = rng().random_vec(buf_size); - Timer encrypt_timer(enc.name(), enc.provider(), "encrypt", buffer.size(), buf_size); - Timer decrypt_timer(enc.name(), enc.provider(), "decrypt", buffer.size(), buf_size); - Timer iv_timer(enc.name(), enc.provider(), "iv setup"); + Timer encrypt_timer(enc.name(), buffer.size(), "encrypt", enc.provider(), buf_size); + Timer decrypt_timer(dec.name(), buffer.size(), "decrypt", dec.provider(), buf_size); Botan::secure_vector iv = rng().random_vec(enc.default_nonce_length()); - while(encrypt_timer.under(runtime) && decrypt_timer.under(runtime)) + iv_timer.run([&]() { enc.start(iv); }); + iv_timer.run([&]() { dec.start(iv); }); + + if(buf_size >= enc.minimum_final_size()) { - // Must run in this order, or AEADs will reject the ciphertext - iv_timer.run([&]() { enc.start(iv); }); - encrypt_timer.run([&]() { enc.finish(buffer); }); + while(encrypt_timer.under(runtime) && decrypt_timer.under(runtime)) + { + // Must run in this order, or AEADs will reject the ciphertext + encrypt_timer.run([&]() { enc.finish(buffer); }); - iv_timer.run([&]() { dec.start(iv); }); - decrypt_timer.run([&]() { dec.finish(buffer); }); + decrypt_timer.run([&]() { dec.finish(buffer); }); - if(iv.size() > 0) - { - iv[0] += 1; + if(iv.size() > 0) + { + iv[0] += 1; + iv_timer.run([&]() { enc.start(iv); }); + iv_timer.run([&]() { dec.start(iv); }); + } } } - output() << Timer::result_string_ops(iv_timer); - output() << Timer::result_string_bps(encrypt_timer); - output() << Timer::result_string_bps(decrypt_timer); - - m_summary.add_bps_entry(encrypt_timer.get_name(), encrypt_timer.doing(), buf_size, - encrypt_timer.bytes_per_second()); - m_summary.add_bps_entry(decrypt_timer.get_name(), decrypt_timer.doing(), buf_size, - decrypt_timer.bytes_per_second()); + record_result(encrypt_timer); + record_result(decrypt_timer); } + record_result(iv_timer); } void bench_rng( @@ -1111,12 +1136,9 @@ class Speed final : public Command rng.reseed_from_rng(Botan::system_rng(), 256); #endif - Timer timer(rng_name, "", "generate", buffer.size(), buf_size); + Timer timer(rng_name, buffer.size(), "generate", "", buf_size); timer.run_until_elapsed(runtime, [&]() { rng.randomize(buffer.data(), buffer.size()); }); - output() << Timer::result_string_bps(timer); - - m_summary.add_bps_entry(timer.get_name(), timer.doing(), buf_size, - timer.bytes_per_second()); + record_result(timer); } } @@ -1207,28 +1229,13 @@ class Speed final : public Command total_time.stop(); } - output() << Timer::result_string_ops(add_op); - output() << Timer::result_string_ops(sub_op); - output() << Timer::result_string_ops(xor_op); - output() << Timer::result_string_ops(bswap_op); - output() << Timer::result_string_ops(load_le_op); - output() << Timer::result_string_ops(load_be_op); - output() << Timer::result_string_ops(transpose_op); - - m_summary.add_ops_entry(add_op.get_name(), add_op.doing(), - add_op.seconds_per_event(), add_op.events_per_second()); - m_summary.add_ops_entry(sub_op.get_name(), sub_op.doing(), - sub_op.seconds_per_event(), sub_op.events_per_second()); - m_summary.add_ops_entry(xor_op.get_name(), xor_op.doing(), - xor_op.seconds_per_event(), xor_op.events_per_second()); - m_summary.add_ops_entry(bswap_op.get_name(), bswap_op.doing(), - bswap_op.seconds_per_event(), bswap_op.events_per_second()); - m_summary.add_ops_entry(load_le_op.get_name(), load_le_op.doing(), - load_le_op.seconds_per_event(), load_le_op.events_per_second()); - m_summary.add_ops_entry(load_be_op.get_name(), load_be_op.doing(), - load_be_op.seconds_per_event(), load_be_op.events_per_second()); - m_summary.add_ops_entry(transpose_op.get_name(), transpose_op.doing(), - transpose_op.seconds_per_event(), transpose_op.events_per_second()); + record_result(add_op); + record_result(sub_op); + record_result(xor_op); + record_result(bswap_op); + record_result(load_le_op); + record_result(load_be_op); + record_result(transpose_op); } #endif @@ -1244,33 +1251,37 @@ class Speed final : public Command Timer timer(src, "", "bytes"); timer.run([&]() { entropy_bits = srcs.poll_just(rng, src); }); -#if defined(BOTAN_HAS_COMPRESSION) + size_t compressed_size = 0; + +#if defined(BOTAN_HAS_ZLIB) std::unique_ptr comp(Botan::make_compressor("zlib")); - Botan::secure_vector compressed; if(comp) { + Botan::secure_vector compressed; compressed.assign(rng.seed_material().begin(), rng.seed_material().end()); comp->start(9); comp->finish(compressed); + + compressed_size = compressed.size(); } #endif - output() << "Entropy source " << src << " output " << rng.seed_material().size() << " bytes" - << " estimated entropy " << entropy_bits - << " in " << timer.milliseconds() << " ms"; + std::ostringstream msg; -#if defined(BOTAN_HAS_COMPRESSION) - if(compressed.size() > 0) + msg << "Entropy source " << src << " output " << rng.seed_material().size() << " bytes" + << " estimated entropy " << entropy_bits << " in " << timer.milliseconds() << " ms"; + + if(compressed_size > 0) { - output() << " output compressed to " << compressed.size() << " bytes"; + msg << " output compressed to " << compressed_size << " bytes"; } -#endif - output() << " total samples " << rng.samples() << "\n"; + msg << " total samples " << rng.samples() << "\n"; + + timer.set_custom_msg(msg.str()); - m_summary.add_ops_entry(timer.get_name(), timer.doing(), - timer.seconds_per_event(), timer.events_per_second()); + record_result(timer); } } @@ -1298,13 +1309,8 @@ class Speed final : public Command BOTAN_ASSERT_EQUAL(r1, r2, "Same point computed by both methods"); } - output() << Timer::result_string_ops(mult_timer); - output() << Timer::result_string_ops(blinded_mult_timer); - - m_summary.add_ops_entry(mult_timer.get_name(), mult_timer.doing(), - mult_timer.seconds_per_event(), mult_timer.seconds_per_event()); - m_summary.add_ops_entry(blinded_mult_timer.get_name(), blinded_mult_timer.doing(), - blinded_mult_timer.seconds_per_event(), blinded_mult_timer.events_per_second()); + record_result(mult_timer); + record_result(blinded_mult_timer); } } @@ -1329,13 +1335,8 @@ class Speed final : public Command cmp_timer.run([&]() { OS2ECP(os_cmp, curve); }); } - output() << Timer::result_string_ops(uncmp_timer); - output() << Timer::result_string_ops(cmp_timer); - - m_summary.add_ops_entry(uncmp_timer.get_name(), uncmp_timer.doing(), - uncmp_timer.seconds_per_event(), uncmp_timer.events_per_second()); - m_summary.add_ops_entry(cmp_timer.get_name(), cmp_timer.doing(), - cmp_timer.seconds_per_event(), cmp_timer.events_per_second()); + record_result(uncmp_timer); + record_result(cmp_timer); } } @@ -1371,13 +1372,8 @@ class Speed final : public Command BOTAN_ASSERT(x == 1, "FPE works"); - output() << Timer::result_string_ops(enc_timer); - output() << Timer::result_string_ops(dec_timer); - - m_summary.add_ops_entry(enc_timer.get_name(), enc_timer.doing(), - enc_timer.seconds_per_event(), enc_timer.events_per_second()); - m_summary.add_ops_entry(dec_timer.get_name(), dec_timer.doing(), - dec_timer.seconds_per_event(), dec_timer.events_per_second()); + record_result(enc_timer); + record_result(dec_timer); } #endif @@ -1405,13 +1401,8 @@ class Speed final : public Command f_timer.run([&]() { Botan::power_mod(group.get_g(), random_f, group.get_p()); }); } - output() << Timer::result_string_ops(e_timer); - output() << Timer::result_string_ops(f_timer); - - m_summary.add_ops_entry(e_timer.get_name(), e_timer.doing(), - e_timer.seconds_per_event(), e_timer.events_per_second()); - m_summary.add_ops_entry(f_timer.get_name(), f_timer.doing(), - f_timer.seconds_per_event(), f_timer.events_per_second()); + record_result(e_timer); + record_result(f_timer); } } #endif @@ -1459,19 +1450,10 @@ class Speed final : public Command BOTAN_ASSERT_EQUAL(x_inv1, x_inv4, "Same result"); } - output() << Timer::result_string_ops(invmod_timer); - output() << Timer::result_string_ops(monty_timer); - output() << Timer::result_string_ops(ct_invmod_timer); - output() << Timer::result_string_ops(powm_timer); - - m_summary.add_ops_entry(invmod_timer.get_name(), invmod_timer.doing(), - invmod_timer.seconds_per_event(), invmod_timer.events_per_second()); - m_summary.add_ops_entry(monty_timer.get_name(), monty_timer.doing(), - monty_timer.seconds_per_event(), monty_timer.events_per_second()); - m_summary.add_ops_entry(ct_invmod_timer.get_name(), ct_invmod_timer.doing(), - ct_invmod_timer.seconds_per_event(), ct_invmod_timer.events_per_second()); - m_summary.add_ops_entry(powm_timer.get_name(), powm_timer.doing(), - powm_timer.seconds_per_event(), powm_timer.events_per_second()); + record_result(invmod_timer); + record_result(monty_timer); + record_result(ct_invmod_timer); + record_result(powm_timer); } void bench_random_prime(const std::chrono::milliseconds runtime) @@ -1508,13 +1490,8 @@ class Speed final : public Command } } - output() << Timer::result_string_ops(genprime_timer); - output() << Timer::result_string_ops(is_prime_timer); - - m_summary.add_ops_entry(genprime_timer.get_name(), genprime_timer.doing(), - genprime_timer.seconds_per_event(), genprime_timer.events_per_second()); - m_summary.add_ops_entry(is_prime_timer.get_name(), is_prime_timer.doing(), - is_prime_timer.seconds_per_event(), is_prime_timer.events_per_second()); + record_result(genprime_timer); + record_result(is_prime_timer); } } #endif @@ -1555,13 +1532,8 @@ class Speed final : public Command } } - output() << Timer::result_string_ops(enc_timer); - output() << Timer::result_string_ops(dec_timer); - - m_summary.add_ops_entry(enc_timer.get_name(), enc_timer.doing(), - enc_timer.seconds_per_event(), enc_timer.events_per_second()); - m_summary.add_ops_entry(dec_timer.get_name(), dec_timer.doing(), - dec_timer.seconds_per_event(), dec_timer.events_per_second()); + record_result(enc_timer); + record_result(dec_timer); } void bench_pk_ka(const Botan::PK_Key_Agreement_Key& key1, @@ -1590,10 +1562,7 @@ class Speed final : public Command } } - output() << Timer::result_string_ops(ka_timer); - - m_summary.add_ops_entry(ka_timer.get_name(), ka_timer.doing(), - ka_timer.seconds_per_event(), ka_timer.events_per_second()); + record_result(ka_timer); } void bench_pk_kem(const Botan::Private_Key& key, @@ -1627,13 +1596,8 @@ class Speed final : public Command } } - output() << Timer::result_string_ops(kem_enc_timer); - output() << Timer::result_string_ops(kem_dec_timer); - - m_summary.add_ops_entry(kem_enc_timer.get_name(), kem_enc_timer.doing(), - kem_enc_timer.seconds_per_event(), kem_enc_timer.events_per_second()); - m_summary.add_ops_entry(kem_dec_timer.get_name(), kem_dec_timer.doing(), - kem_dec_timer.seconds_per_event(), kem_dec_timer.events_per_second()); + record_result(kem_enc_timer); + record_result(kem_dec_timer); } void bench_pk_sig(const Botan::Private_Key& key, @@ -1690,13 +1654,8 @@ class Speed final : public Command } } - output() << Timer::result_string_ops(sig_timer); - output() << Timer::result_string_ops(ver_timer); - - m_summary.add_ops_entry(sig_timer.get_name(), sig_timer.doing(), - sig_timer.seconds_per_event(), sig_timer.events_per_second()); - m_summary.add_ops_entry(ver_timer.get_name(), ver_timer.doing(), - ver_timer.seconds_per_event(), ver_timer.events_per_second()); + record_result(sig_timer); + record_result(ver_timer); } #endif @@ -1715,7 +1674,7 @@ class Speed final : public Command return new Botan::RSA_PrivateKey(rng(), keylen); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); // Using PKCS #1 padding so OpenSSL provider can play along bench_pk_enc(*key, nm, provider, "EME-PKCS1-v1_5", msec); @@ -1743,7 +1702,7 @@ class Speed final : public Command return new Botan::ECDSA_PrivateKey(rng(), Botan::EC_Group(grp)); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); } } @@ -1765,7 +1724,7 @@ class Speed final : public Command return new Botan::ECKCDSA_PrivateKey(rng(), Botan::EC_Group(grp)); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); } } @@ -1787,7 +1746,7 @@ class Speed final : public Command return new Botan::SM2_Signature_PrivateKey(rng(), Botan::EC_Group(grp)); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_sig(*key, nm, provider, "SM3", msec); } } @@ -1809,7 +1768,7 @@ class Speed final : public Command return new Botan::ECGDSA_PrivateKey(rng(), Botan::EC_Group(grp)); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); } } @@ -1828,7 +1787,7 @@ class Speed final : public Command return new Botan::Ed25519_PrivateKey(rng()); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_sig(*key, nm, provider, "Pure", msec); } #endif @@ -1853,7 +1812,7 @@ class Speed final : public Command return new Botan::DH_PrivateKey(rng(), Botan::DL_Group(grp)); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_ka(*key1, *key2, nm, provider, "KDF2(SHA-256)", msec); } } @@ -1879,7 +1838,7 @@ class Speed final : public Command return new Botan::ECDH_PrivateKey(rng(), Botan::EC_Group(grp)); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_ka(*key1, *key2, nm, provider, "KDF2(SHA-256)", msec); } } @@ -1902,7 +1861,7 @@ class Speed final : public Command return new Botan::Curve25519_PrivateKey(rng()); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_ka(*key1, *key2, nm, provider, "KDF2(SHA-256)", msec); } #endif @@ -1949,7 +1908,7 @@ class Speed final : public Command return new Botan::McEliece_PrivateKey(rng(), n, t); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_kem(*key, nm, provider, "KDF2(SHA-256)", msec); } } @@ -1977,7 +1936,7 @@ class Speed final : public Command return new Botan::XMSS_PrivateKey(Botan::XMSS_Parameters::xmss_id_from_string(params), rng()); })); - output() << Timer::result_string_ops(keygen_timer); + record_result(keygen_timer); bench_pk_sig(*key, params, provider, "", msec); } } @@ -2018,14 +1977,9 @@ class Speed final : public Command BOTAN_ASSERT(shared_a == shared_b, "Same derived key"); } - output() << Timer::result_string_ops(keygen_timer); - output() << Timer::result_string_ops(shareda_timer); - output() << Timer::result_string_ops(sharedb_timer); - - m_summary.add_ops_entry(shareda_timer.get_name(), shareda_timer.doing(), - shareda_timer.seconds_per_event(), shareda_timer.events_per_second()); - m_summary.add_ops_entry(sharedb_timer.get_name(), sharedb_timer.doing(), - sharedb_timer.seconds_per_event(), sharedb_timer.events_per_second()); + record_result(keygen_timer); + record_result(shareda_timer); + record_result(sharedb_timer); } #endif From 824b2e56ca886585cc2dfd363bb1913c6d416904 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Tue, 17 Oct 2017 16:22:07 +0200 Subject: [PATCH 0058/1008] Add supported groups TLS extension (RFC 7919) --- src/lib/pubkey/dl_group/dl_named.cpp | 146 +++++++++++++++++++++++++++ src/lib/tls/msg_client_hello.cpp | 16 ++- src/lib/tls/msg_client_kex.cpp | 29 ++++++ src/lib/tls/msg_server_kex.cpp | 5 +- src/lib/tls/tls_extensions.cpp | 81 +++++++++++++-- src/lib/tls/tls_extensions.h | 20 ++-- src/lib/tls/tls_messages.h | 2 + src/lib/tls/tls_policy.cpp | 51 +++++++++- src/lib/tls/tls_policy.h | 18 ++++ src/lib/tls/tls_server.cpp | 7 ++ src/lib/tls/tls_text_policy.cpp | 5 + src/tests/data/tls-policy/bsi.txt | 1 + src/tests/data/tls-policy/suiteb.txt | 1 + src/tests/data/tls/client_hello.vec | 8 +- src/tests/test_dl_group.cpp | 6 ++ src/tests/unit_tls.cpp | 11 +- 16 files changed, 372 insertions(+), 35 deletions(-) diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index 4df9732be8..fc5cf4fd29 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -354,6 +354,152 @@ std::string DL_Group::PEM_for_named_group(const std::string& name) "eMFVkc39EVZP+I/zi3IdQjkv2kcyEtz9jS2IqXagCv/m//tDCjWeZMorNRyiQSOU" "-----END DSA PARAMETERS-----"; + if(name == "ffdhe/ietf/2048") + return + "-----BEGIN DSA PARAMETERS-----" + "MIICDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" + "ssbzSibBsu/6iGtCOGEoXJf//////////wKCAQB//////////9b8KixRXaVNV+4r" + "EBOennjsXOLB5xabStTwmyCKMhn95knO5xJNn3y+l/GxsYY67HtA2QFXYjC9ae+P" + "aur+srCSGfqPr4M3aEKxsqqe9o152quJrz+r5JrMJ4Y4cHNFu/FTRO159/Q5Dvis" + "UJtW85qYVmUnpB08vV4FWMFZkn2w6IRUpdlkcf3ctW1bsGv6NA6noVHvHKb6Vyt2" + "87G5XYyFg9PkdwU2uE8BfnDm+/F2YBoCZpQaF7DIuX9OdMLB/8cniRl3eUDB4f8d" + "jaY31rmd2v5eF2EQAuLHeMG+i0HZY3mlE2DZd/1ENaEcMJQuS///////////AgEC" + "-----END DSA PARAMETERS-----"; + + if(name == "ffdhe/ietf/3072") + return + "-----BEGIN DSA PARAMETERS-----" + "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" + "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" + "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu" + "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" + "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" + "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" + "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" + "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" + "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" + "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" + "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" + "lbNjFxv//////////wIBAg==" + "-----END DSA PARAMETERS-----"; + + if(name == "ffdhe/ietf/4096") + return + "-----BEGIN DSA PARAMETERS-----" + "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" + "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" + "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu" + "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" + "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" + "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" + "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" + "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" + "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" + "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" + "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" + "lbNjFxv//////////wIBAg==" + "-----END DSA PARAMETERS-----"; + + if(name == "ffdhe/ietf/6144") + return + "-----BEGIN DSA PARAMETERS-----" + "MIIGDAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" + "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" + "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" + "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" + "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" + "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq" + "OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE" + "HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj" + "w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8" + "vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70" + "A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO" + "Zf//////////AoIDAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" + "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" + "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" + "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" + "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" + "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" + "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" + "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" + "lbNPD3i3N6lhiyb6fbyYdPJyxCvbVj6voWtPtow7seeOqoGgAkP6rdK/GOY9OJrk" + "Q3faGMV2tQ8Als80GVSDsAVIwJhiNuO8fLjWgBwElMzRmeXFvQ0O3J64oAAeFSdn" + "VPzGhWYFQUjm52S+58dk2q0/xFI1ptrUKPogwXDjRQA/LwbsgQX+slsigbY9JzO+" + "lhwplR0R3SIhZXqfUx3aKhlNuxJkSL3usljgfqZZx0YZpjgOHWbWgyv+Z/Y4zY+u" + "HycjAg+cQKP9pn7aO9KSOPvU1LSIXCqZF22xoGxQB3hJGoKI8YVfYP/88dE3P9lP" + "xgwYEeGsPxxtADvs2jsfJyXKWV3gymMyjzvlfMl3VWARlRQN+1nTnOCRMItBBXRt" + "rCPTPl985ISNoxapxmuVgbo1c7+vMRSWGIqxVCMoLuQW3CoZxXJPqRrkrciLxmeW" + "6uVnegH2TowIYxOVgi2duPzuNcBrH+6lR01tjzSxU0qTahiw4NIOq4a8nG1qUgcZ" + "TmhyBzL//////////wIBAg==" + "-----END DSA PARAMETERS-----"; + + if(name == "ffdhe/ietf/8192") + return + "-----BEGIN DSA PARAMETERS-----" + "MIIIDAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" + "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" + "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" + "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" + "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" + "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq" + "OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE" + "HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj" + "w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8" + "vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70" + "A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq" + "qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI" + "KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C" + "UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh" + "e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm" + "bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh" + "TgEeKpSDj/iM1oyLt8XGQkz//////////wKCBAB//////////9b8KixRXaVNV+4r" + "EBOennjsXOLB5xabStTwmyCKMhn95knO5xJNn3y+l/GxsYY67HtA2QFXYjC9ae+P" + "aur+srCSGfqPr4M3aEKxsqqe9o152quJrz+r5JrMJ4Y4cHNFu/FTRO159/Q5Dvis" + "UJtW85qYVmUnpB08vV4FWMFZkn2w6IRUpdlkcf3ctW1bsGv6NA6noVHvHKb6Vyt2" + "87G5XYyFg9PkdwU2uE8BfnDm+/F2YBoCZpQaF7DIuX9OdMLB/8cniRl3eUDB4f8d" + "jaY31rmd2v5eF2EQAuLHeMG+i0HZY3mlE2DZd/1ENaEcMI/n7m8arZ2yjIGt3hp6" + "b3zOARww2jfk63Nkg71sjpNI+/v3LMZYfWDDbI5XfwmEwonJOFoJhkneIbyien6i" + "KXFrpumyeXEPOPql/65XQVXOTvtPdDaV4pEbHQbV4pDLzYb1bQ7fzSFq4iQnBV5o" + "Nf0p7veeDZB3H+rOvhLyDpWzTw94tzepYYsm+n28mHTycsQr21Y+r6FrT7aMO7Hn" + "jqqBoAJD+q3SvxjmPTia5EN32hjFdrUPAJbPNBlUg7AFSMCYYjbjvHy41oAcBJTM" + "0Znlxb0NDtyeuKAAHhUnZ1T8xoVmBUFI5udkvufHZNqtP8RSNaba1Cj6IMFw40UA" + "Py8G7IEF/rJbIoG2PSczvpYcKZUdEd0iIWV6n1Md2ioZTbsSZEi97rJY4H6mWcdG" + "GaY4Dh1m1oMr/mf2OM2Prh8nIwIPnECj/aZ+2jvSkjj71NS0iFwqmRdtsaBsUAd4" + "SRqCiPGFX2D//PHRNz/ZT8YMGBHhrD8cbQA77No7Hyclylld4MpjMo875XzJd1Vg" + "EZUUDftZ05zgkTCLQQV0bawj0z5ffOSEjaMWqcZrlYG6NXO/rzEUlhiKsVQjKC7k" + "FtwqGcVyT6ka5K3Ii8ZnlurlZ3oB9k6MCGMTlYItnbj87jXAax/upUdNbY80sVNK" + "k2oYsODSDquGvJxtalIHGU5n+jVVG1aAJnsAZBwPIS0Y7KjXMn7ZH+dkqE6htD/1" + "tPbo5i8FxmHe+yWId8NbGKFR1cQUqq2Xuj5JkzLllgeOYA3rgRScRBzpV4LyKigl" + "Y8W6wUEUI2BdGuGvriyLBmAjfsEoqg/jRk5DWBFduEzDtSMHOijUVJiEuB/3DhC/" + "NhwTcpYo1TSPByEefkz08YsoYJC9sSQLZtbNSvzq3ADKRGzgUFD/GDrSu/EYwfwO" + "pR+X0iuPfkZwXUUn9FtCrv85WFM3b2l91f3yxRh9fV8OLrjUPxe6D3xg/0N/U13+" + "8pgzv4bL6I6k+9QiHoQRcoNU+jCnAI8VSkHH/EZrRkXb4uMhJn//////////AgEC" + "-----END DSA PARAMETERS-----"; + return ""; } diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index bb7d84df85..e804a0cf00 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -121,9 +121,10 @@ Client_Hello::Client_Hello(Handshake_IO& io, } #endif - m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); + Supported_Groups* supported_groups = new Supported_Groups(policy.allowed_groups()); + m_extensions.add(supported_groups); - if(!policy.allowed_ecc_curves().empty()) + if(!supported_groups->curves().empty()) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } @@ -324,8 +325,15 @@ std::set Client_Hello::supported_sig_algos() const std::vector Client_Hello::supported_ecc_curves() const { - if(Supported_Elliptic_Curves* ecc = m_extensions.get()) - return ecc->curves(); + if(Supported_Groups* groups = m_extensions.get()) + return groups->curves(); + return std::vector(); + } + +std::vector Client_Hello::supported_dh_groups() const + { + if(Supported_Groups* groups = m_extensions.get()) + return groups->dh_groups(); return std::vector(); } diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 3291b6eb5a..1c3950a035 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -100,6 +100,35 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, if(reader.remaining_bytes()) throw Decoding_Error("Bad params size for DH key exchange"); + /* + * If we offer ffdhe groups in the client hello, + * p and g must match one of these groups. + */ + std::vector allowed_groups = policy.allowed_groups(); + bool server_sent_requested_group = false; + + if(!allowed_groups.empty()) + { + for(const auto& allowed_group : allowed_groups) + { + if(Supported_Groups::is_dh_group(allowed_group)) + { + DL_Group client_group(allowed_group); + if(client_group.get_p() == p && client_group.get_g() == g) + { + server_sent_requested_group = true; + break; + } + } + } + } + + if(!server_sent_requested_group) + { + throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, + "Server sent unexpected DH key for DHE exchange"); + } + /* * A basic check for key validity. As we do not know q here we * cannot check that Y is in the right subgroup. However since diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 97ac4ac8f8..0765e1bdc9 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -56,7 +56,10 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::unique_ptr dh(new DH_PrivateKey(rng, DL_Group(policy.dh_group()))); + const std::vector& dh_groups = + state.client_hello()->supported_dh_groups(); + + std::unique_ptr dh(new DH_PrivateKey(rng, DL_Group(policy.choose_dh_group(dh_groups)))); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 317d96b8d8..8f13b2c6d8 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -275,7 +275,23 @@ std::vector Application_Layer_Protocol_Notification::serialize() const return buf; } -std::string Supported_Elliptic_Curves::curve_id_to_name(uint16_t id) +Supported_Groups::Supported_Groups(const std::vector& groups) : + m_groups(groups) + { + for(const auto& group : m_groups) + { + if(is_dh_group(group)) + { + m_dh_groups.push_back(group); + } + else + { + m_curves.push_back(group); + } + } + } + +std::string Supported_Groups::curve_id_to_name(uint16_t id) { switch(id) { @@ -302,12 +318,23 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(uint16_t id) return BOTAN_HOUSE_ECC_CURVE_NAME; #endif + case 256: + return "ffdhe/ietf/2048"; + case 257: + return "ffdhe/ietf/3072"; + case 258: + return "ffdhe/ietf/4096"; + case 259: + return "ffdhe/ietf/6144"; + case 260: + return "ffdhe/ietf/8192"; + default: return ""; // something we don't know or support } } -uint16_t Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) +uint16_t Supported_Groups::name_to_curve_id(const std::string& name) { if(name == "secp256r1") return 23; @@ -332,17 +359,39 @@ uint16_t Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) return BOTAN_HOUSE_ECC_CURVE_TLS_ID; #endif - // Unknown/unavailable EC curves are ignored + if(name == "ffdhe/ietf/2048") + return 256; + if(name == "ffdhe/ietf/3072") + return 257; + if(name == "ffdhe/ietf/4096") + return 258; + if(name == "ffdhe/ietf/6144") + return 259; + if(name == "ffdhe/ietf/8192") + return 260; + + // Unknown/unavailable DH groups/EC curves are ignored return 0; } -std::vector Supported_Elliptic_Curves::serialize() const +bool Supported_Groups::is_dh_group( const std::string& group_name ) + { + if(group_name == "ffdhe/ietf/2048" || group_name == "ffdhe/ietf/3072" + || group_name == "ffdhe/ietf/4096" || group_name == "ffdhe/ietf/6144" + || group_name == "ffdhe/ietf/8192") + { + return true; + } + return false; + } + +std::vector Supported_Groups::serialize() const { std::vector buf(2); - for(size_t i = 0; i != m_curves.size(); ++i) + for(size_t i = 0; i != m_groups.size(); ++i) { - const uint16_t id = name_to_curve_id(m_curves[i]); + const uint16_t id = name_to_curve_id(m_groups[i]); if(id > 0) { @@ -357,16 +406,16 @@ std::vector Supported_Elliptic_Curves::serialize() const return buf; } -Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, - uint16_t extension_size) +Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, + uint16_t extension_size) { uint16_t len = reader.get_uint16_t(); if(len + 2 != extension_size) - throw Decoding_Error("Inconsistent length field in elliptic curve list"); + throw Decoding_Error("Inconsistent length field in supported groups list"); if(len % 2 == 1) - throw Decoding_Error("Elliptic curve list of strange size"); + throw Decoding_Error("Supported groups list of strange size"); len /= 2; @@ -376,7 +425,17 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, const std::string name = curve_id_to_name(id); if(!name.empty()) - m_curves.push_back(name); + { + m_groups.push_back(name); + if(is_dh_group(name)) + { + m_dh_groups.push_back(name); + } + else + { + m_curves.push_back(name); + } + } } } diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index ee33105635..221d8b46f1 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -225,10 +225,11 @@ class Session_Ticket final : public Extension std::vector m_ticket; }; + /** -* Supported Elliptic Curves Extension (RFC 4492) +* Supported Groups Extension (RFC 7919) */ -class Supported_Elliptic_Curves final : public Extension +class Supported_Groups final : public Extension { public: static Handshake_Extension_Type static_type() @@ -239,21 +240,28 @@ class Supported_Elliptic_Curves final : public Extension static std::string curve_id_to_name(uint16_t id); static uint16_t name_to_curve_id(const std::string& name); + static bool is_dh_group( const std::string& group_name ); + const std::vector& curves() const { return m_curves; } + const std::vector& dh_groups() const { return m_dh_groups; } std::vector serialize() const override; - explicit Supported_Elliptic_Curves(const std::vector& curves) : - m_curves(curves) {} + explicit Supported_Groups(const std::vector& groups); - Supported_Elliptic_Curves(TLS_Data_Reader& reader, + Supported_Groups(TLS_Data_Reader& reader, uint16_t extension_size); - bool empty() const override { return m_curves.empty(); } + bool empty() const override { return m_groups.empty(); } private: + std::vector m_groups; std::vector m_curves; + std::vector m_dh_groups; }; +// previously Supported Elliptic Curves Extension (RFC 4492) +using Supported_Elliptic_Curves = Supported_Groups; + /** * Supported Point Formats Extension (RFC 4492) */ diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index ac6c1e1ad6..767635830a 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -110,6 +110,8 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message std::vector supported_ecc_curves() const; + std::vector supported_dh_groups() const; + bool prefers_compressed_ec_points() const; std::string sni_hostname() const; diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 43926e3146..0a7e78e659 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -117,7 +118,11 @@ std::vector Policy::allowed_ecc_curves() const bool Policy::allowed_ecc_curve(const std::string& curve) const { - return value_exists(allowed_ecc_curves(), curve); + if(!allowed_ecc_curves().empty()) + { + return value_exists(allowed_ecc_curves(), curve); + } + return value_exists(allowed_groups(), curve); } bool Policy::use_ecc_point_compression() const @@ -130,21 +135,56 @@ bool Policy::use_ecc_point_compression() const */ std::string Policy::choose_curve(const std::vector& curve_names) const { - const std::vector our_curves = allowed_ecc_curves(); + const std::vector our_groups = allowed_groups(); - for(size_t i = 0; i != our_curves.size(); ++i) - if(value_exists(curve_names, our_curves[i])) - return our_curves[i]; + for(size_t i = 0; i != our_groups.size(); ++i) + if(!Supported_Groups::is_dh_group(our_groups[i]) + && value_exists(curve_names, our_groups[i])) + return our_groups[i]; return ""; // no shared curve } +/* +* Choose an FFDHE group to use +*/ +std::string Policy::choose_dh_group(const std::vector& dh_groups) const + { + const std::vector our_groups = allowed_groups(); + + for(size_t i = 0; i != our_groups.size(); ++i) + if(Supported_Groups::is_dh_group(our_groups[i]) + && value_exists(dh_groups, our_groups[i])) + return our_groups[i]; + + return ""; // no shared ffdhe group + } + std::string Policy::dh_group() const { // We offer 2048 bit DH because we can return "modp/ietf/2048"; } +std::vector Policy::allowed_groups() const + { + // Default list is ordered by performance + return { + "x25519", + "secp256r1", + "secp521r1", + "secp384r1", + "brainpool256r1", + "brainpool384r1", + "brainpool512r1", + "ffdhe/ietf/2048", + "ffdhe/ietf/3072", + "ffdhe/ietf/4096", + "ffdhe/ietf/6144", + "ffdhe/ietf/8192" + }; + } + size_t Policy::minimum_dh_group_size() const { return 2048; @@ -502,6 +542,7 @@ void Policy::print(std::ostream& o) const print_vec(o, "signature_methods", allowed_signature_methods()); print_vec(o, "key_exchange_methods", allowed_key_exchange_methods()); print_vec(o, "ecc_curves", allowed_ecc_curves()); + print_vec(o, "groups", allowed_groups()); print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation()); print_bool(o, "include_time_in_hello_random", include_time_in_hello_random()); diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 333cf0ee1a..2d90de5c08 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -102,6 +102,11 @@ class BOTAN_PUBLIC_API(2,0) Policy */ virtual std::string choose_curve(const std::vector& curve_names) const; + /** + * Choose an FFHDE group to use + */ + virtual std::string choose_dh_group(const std::vector& dh_group_names) const; + /** * Allow renegotiation even if the counterparty doesn't * support the secure renegotiation extension. @@ -156,6 +161,8 @@ class BOTAN_PUBLIC_API(2,0) Policy virtual std::string dh_group() const; + virtual std::vector allowed_groups() const; + /** * Return the minimum DH group size we're willing to use * Default is currently 1024 (insecure), should be 2048 @@ -330,6 +337,9 @@ class BOTAN_PUBLIC_API(2,0) NSA_Suite_B_128 final : public Policy std::vector allowed_ecc_curves() const override { return std::vector({"secp256r1"}); } + std::vector allowed_groups() const override + { return allowed_ecc_curves(); } + size_t minimum_signature_strength() const override { return 128; } bool allow_tls10() const override { return false; } @@ -375,6 +385,12 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 final : public Policy return std::vector({"brainpool512r1", "brainpool384r1", "brainpool256r1", "secp384r1", "secp256r1"}); } + std::vector allowed_groups() const override + { + return std::vector({"brainpool512r1", "brainpool384r1", "brainpool256r1", "secp384r1", + "secp256r1", "ffdhe/ietf/8192", "ffdhe/ietf/6144", "ffdhe/ietf/4096", "ffdhe/ietf/3072", "ffdhe/ietf/2048"}); + } + bool allow_insecure_renegotiation() const override { return false; } bool allow_server_initiated_renegotiation() const override { return true; } bool server_uses_own_ciphersuite_preferences() const override { return true; } @@ -451,6 +467,8 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy std::vector allowed_ecc_curves() const override; + std::vector allowed_groups() const override; + bool use_ecc_point_compression() const override; bool allow_tls10() const override; diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index c0e853a805..fb8317a1ca 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -168,6 +168,9 @@ uint16_t choose_ciphersuite( const bool have_shared_ecc_curve = (policy.choose_curve(client_hello.supported_ecc_curves()) != ""); + const bool have_shared_dh_group = + (policy.choose_dh_group(client_hello.supported_dh_groups()) != ""); + /* Walk down one list in preference order */ @@ -190,9 +193,13 @@ uint16_t choose_ciphersuite( if(suite.valid() == false) continue; + // TODO supported groups SHOULD have preference over ciphersuite list if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false) continue; + if(suite.kex_algo() == "DH" && have_shared_dh_group == false) + continue; + // For non-anon ciphersuites if(suite.sig_algo() != "") { diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index ef5799339f..345e6005f6 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -108,6 +108,11 @@ std::string Text_Policy::dh_group() const return get_str("dh_group", Policy::dh_group()); } +std::vector Text_Policy::allowed_groups() const + { + return get_list("groups", Policy::allowed_groups()); + } + size_t Text_Policy::minimum_ecdh_group_size() const { return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size()); diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index 763c052192..9879b87f57 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -10,6 +10,7 @@ macs=AEAD SHA-384 SHA-256 key_exchange_methods=ECDH DH PSK ECDHE_PSK DHE_PSK signature_methods=ECDSA RSA DSA ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 +groups=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 minimum_dh_group_size=2000 minimum_dsa_group_size=2000 minimum_ecdh_group_size=250 diff --git a/src/tests/data/tls-policy/suiteb.txt b/src/tests/data/tls-policy/suiteb.txt index 51d8fec125..7c0b3e7d8e 100644 --- a/src/tests/data/tls-policy/suiteb.txt +++ b/src/tests/data/tls-policy/suiteb.txt @@ -17,6 +17,7 @@ server_uses_own_ciphersuite_preferences = true negotiate_encrypt_then_mac = true session_ticket_lifetime = 86400 dh_group = modp/ietf/2048 +groups = secp256r1 minimum_dh_group_size = 2048 minimum_ecdh_group_size = 255 minimum_rsa_bits = 2048 diff --git a/src/tests/data/tls/client_hello.vec b/src/tests/data/tls/client_hello.vec index aa8c032583..827f2ea4d5 100644 --- a/src/tests/data/tls/client_hello.vec +++ b/src/tests/data/tls/client_hello.vec @@ -47,15 +47,15 @@ Buffer = 030320f3dc33f90be6509e6133a1819f2b80fe6ccc6268d9195ca4ead7504ffe7e2a000 Protocol = 0303 Exception = Invalid argument Decoding error: Bad extension size -#invalid length of the elliptic curve extension (0xf01c instead of 0x001c) +#invalid length of the supported groups extension (0xf01c instead of 0x001c) Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000af01c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 Protocol = 0303 -Exception = Invalid argument Decoding error: Inconsistent length field in elliptic curve list +Exception = Invalid argument Decoding error: Inconsistent length field in supported groups list -#invalid length of the elliptic curve extension (0xf01a instead of 0x001a) +#invalid length of the supported groups extension (0xf01a instead of 0x001a) Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001cf01a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 Protocol = 0303 -Exception = Invalid argument Decoding error: Inconsistent length field in elliptic curve list +Exception = Invalid argument Decoding error: Inconsistent length field in supported groups list #invalid length of the session ticket extension Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a002300ff000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index baa2fdc9d1..d402931c50 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -133,6 +133,12 @@ class DL_Group_Tests final : public Test "dsa/jce/1024", "dsa/botan/2048", "dsa/botan/3072", + + "ffdhe/ietf/2048", + "ffdhe/ietf/3072", + "ffdhe/ietf/4096", + "ffdhe/ietf/6144", + "ffdhe/ietf/8192", }; Test::Result result("DL_Group named"); diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 6f25d6903e..c181e5c92e 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1346,15 +1346,18 @@ class TLS_Unit_Tests final : public Test test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", { { "use_ecc_point_compression", "true" } }); test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-256/GCM", "AEAD", - { { "ecc_curves", "secp521r1" } }); + { { "groups", "secp521r1" } }); test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "ecc_curves", "brainpool256r1" } }); + { { "groups", "brainpool256r1" } }); #if defined(BOTAN_HAS_CURVE_25519) test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "ecc_curves", "x25519" } }); + { { "groups", "x25519" } }); #endif + test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD", + { { "groups", "ffdhe/ietf/2048" } }); + std::unique_ptr creds_with_client_cert(create_creds(rng, true)); test_modern_versions(results, *client_ses, *server_ses, *creds_with_client_cert, "ECDH", "AES-256/GCM"); @@ -1388,7 +1391,7 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HOUSE_ECC_CURVE_NAME) test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "ecc_curves", BOTAN_HOUSE_ECC_CURVE_NAME } }); + { { "groups", BOTAN_HOUSE_ECC_CURVE_NAME } }); #endif return results; From 54eea9aba98c90d34b55b46b08a72bb8b88342b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Wed, 18 Oct 2017 14:31:19 +0200 Subject: [PATCH 0059/1008] Add allowed values for allowed groups --- src/lib/tls/tls_policy.h | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 2d90de5c08..499ae91ba2 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -77,12 +77,24 @@ class BOTAN_PUBLIC_API(2,0) Policy bool allowed_signature_hash(const std::string& hash) const; /** - * Return list of ECC curves we are willing to use in order of preference + * Return list of ECC curves we are willing to use in order of preference. + * Allowed values: x25519, secp256r1, secp384r1, secp521r1, + * brainpool256r1, brainpool384r1, brainpool512r1 */ virtual std::vector allowed_ecc_curves() const; bool allowed_ecc_curve(const std::string& curve) const; + /** + * Return list of ECC curves and FFDHE groups + * we are willing to use in order of preference. + * Allowed values: x25519, secp256r1, secp384r1, secp521r1, + * brainpool256r1, brainpool384r1, brainpool512r1, + * ffdhe/ietf/2048, ffdhe/ietf/3072, ffdhe/ietf/4096, + * ffdhe/ietf/6144, ffdhe/ietf/8192 + */ + virtual std::vector allowed_groups() const; + /** * Request that ECC curve points are sent compressed */ @@ -161,8 +173,6 @@ class BOTAN_PUBLIC_API(2,0) Policy virtual std::string dh_group() const; - virtual std::vector allowed_groups() const; - /** * Return the minimum DH group size we're willing to use * Default is currently 1024 (insecure), should be 2048 From eab327defc290e21b36591a09d93609d6deca940 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 17 Oct 2017 18:30:40 -0400 Subject: [PATCH 0060/1008] GCM and CTR optimizations In CTR, special case for counter widths of special interest. In GHASH, uses a 4x reduction technique suggested by Intel. Split out GHASH to its own source file and header. With these changes GCM is over twice as fast on Skylake and about 50% faster on Westmere. --- src/lib/mac/gmac/gmac.cpp | 9 + src/lib/mac/gmac/gmac.h | 12 +- src/lib/mac/mac.cpp | 2 + src/lib/modes/aead/gcm/clmul/clmul.cpp | 234 ++++++++++++++++++------ src/lib/modes/aead/gcm/clmul/clmul.h | 5 +- src/lib/modes/aead/gcm/gcm.cpp | 210 +-------------------- src/lib/modes/aead/gcm/gcm.h | 58 +----- src/lib/modes/aead/gcm/ghash.cpp | 242 +++++++++++++++++++++++++ src/lib/modes/aead/gcm/ghash.h | 78 ++++++++ src/lib/stream/ctr/ctr.cpp | 138 +++++++++----- src/lib/stream/ctr/ctr.h | 8 +- 11 files changed, 624 insertions(+), 372 deletions(-) create mode 100644 src/lib/modes/aead/gcm/ghash.cpp create mode 100644 src/lib/modes/aead/gcm/ghash.h diff --git a/src/lib/mac/gmac/gmac.cpp b/src/lib/mac/gmac/gmac.cpp index be27aba4aa..a4e84f57b6 100644 --- a/src/lib/mac/gmac/gmac.cpp +++ b/src/lib/mac/gmac/gmac.cpp @@ -7,6 +7,8 @@ */ #include +#include +#include namespace Botan { @@ -28,6 +30,13 @@ void GMAC::clear() m_initialized = false; } +GMAC::~GMAC() { /* for unique_ptr */ } + +Key_Length_Specification GMAC::key_spec() const + { + return m_cipher->key_spec(); + } + std::string GMAC::name() const { return "GMAC(" + m_cipher->name() + ")"; diff --git a/src/lib/mac/gmac/gmac.h b/src/lib/mac/gmac/gmac.h index ef54a42bf8..83094a5bc5 100644 --- a/src/lib/mac/gmac/gmac.h +++ b/src/lib/mac/gmac/gmac.h @@ -10,11 +10,12 @@ #define BOTAN_GMAC_H_ #include -#include -#include namespace Botan { +class BlockCipher; +class GHASH; + /** * GMAC * @@ -29,10 +30,7 @@ class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode size_t output_length() const override; MessageAuthenticationCode* clone() const override; - Key_Length_Specification key_spec() const override - { - return m_cipher->key_spec(); - } + Key_Length_Specification key_spec() const override; /** * Creates a new GMAC instance. @@ -44,6 +42,8 @@ class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode GMAC(const GMAC&) = delete; GMAC& operator=(const GMAC&) = delete; + virtual ~GMAC(); + private: void add_data(const uint8_t[], size_t) override; void final_result(uint8_t[]) override; diff --git a/src/lib/mac/mac.cpp b/src/lib/mac/mac.cpp index 053e36b6f6..65107470bc 100644 --- a/src/lib/mac/mac.cpp +++ b/src/lib/mac/mac.cpp @@ -19,10 +19,12 @@ #if defined(BOTAN_HAS_GMAC) #include + #include #endif #if defined(BOTAN_HAS_HMAC) #include + #include #endif #if defined(BOTAN_HAS_POLY1305) diff --git a/src/lib/modes/aead/gcm/clmul/clmul.cpp b/src/lib/modes/aead/gcm/clmul/clmul.cpp index 33378d833e..0f07c27639 100644 --- a/src/lib/modes/aead/gcm/clmul/clmul.cpp +++ b/src/lib/modes/aead/gcm/clmul/clmul.cpp @@ -1,6 +1,6 @@ /* * CLMUL hook -* (C) 2013 Jack Lloyd +* (C) 2013,2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -11,73 +11,201 @@ namespace Botan { +namespace { + BOTAN_FUNC_ISA("pclmul,ssse3") -void gcm_multiply_clmul(uint8_t x[16], const uint8_t H[16], - const uint8_t input[], size_t blocks) +inline __m128i gcm_multiply(const __m128i& x, const __m128i& H) + { + __m128i T0, T1, T2, T3, T4, T5; + + T0 = _mm_clmulepi64_si128(x, H, 0x00); + T1 = _mm_clmulepi64_si128(x, H, 0x01); + T2 = _mm_clmulepi64_si128(x, H, 0x10); + T3 = _mm_clmulepi64_si128(x, H, 0x11); + + T1 = _mm_xor_si128(T1, T2); + T2 = _mm_slli_si128(T1, 8); + T1 = _mm_srli_si128(T1, 8); + T0 = _mm_xor_si128(T0, T2); + T3 = _mm_xor_si128(T3, T1); + + T4 = _mm_srli_epi32(T0, 31); + T0 = _mm_slli_epi32(T0, 1); + + T5 = _mm_srli_epi32(T3, 31); + T3 = _mm_slli_epi32(T3, 1); + + T2 = _mm_srli_si128(T4, 12); + T5 = _mm_slli_si128(T5, 4); + T4 = _mm_slli_si128(T4, 4); + T0 = _mm_or_si128(T0, T4); + T3 = _mm_or_si128(T3, T5); + T3 = _mm_or_si128(T3, T2); + + T4 = _mm_slli_epi32(T0, 31); + T5 = _mm_slli_epi32(T0, 30); + T2 = _mm_slli_epi32(T0, 25); + + T4 = _mm_xor_si128(T4, T5); + T4 = _mm_xor_si128(T4, T2); + T5 = _mm_srli_si128(T4, 4); + T3 = _mm_xor_si128(T3, T5); + T4 = _mm_slli_si128(T4, 12); + T0 = _mm_xor_si128(T0, T4); + T3 = _mm_xor_si128(T3, T0); + + T4 = _mm_srli_epi32(T0, 1); + T1 = _mm_srli_epi32(T0, 2); + T2 = _mm_srli_epi32(T0, 7); + T3 = _mm_xor_si128(T3, T1); + T3 = _mm_xor_si128(T3, T2); + T3 = _mm_xor_si128(T3, T4); + + return T3; + } + +BOTAN_FUNC_ISA("pclmul,ssse3") +inline __m128i gcm_multiply_x4(const __m128i& H1, const __m128i& H2, const __m128i& H3, const __m128i& H4, + const __m128i& X1, const __m128i& X2, const __m128i& X3, const __m128i& X4) + { + /* + * Mutiply with delayed reduction, algorithm by Krzysztof Jankowski + * and Pierre Laurent of Intel + */ + + const __m128i H1_X1_lo = _mm_clmulepi64_si128(H1, X1, 0x00); + const __m128i H2_X2_lo = _mm_clmulepi64_si128(H2, X2, 0x00); + const __m128i H3_X3_lo = _mm_clmulepi64_si128(H3, X3, 0x00); + const __m128i H4_X4_lo = _mm_clmulepi64_si128(H4, X4, 0x00); + + const __m128i lo = _mm_xor_si128( + _mm_xor_si128(H1_X1_lo, H2_X2_lo), + _mm_xor_si128(H3_X3_lo, H4_X4_lo)); + + const __m128i H1_X1_hi = _mm_clmulepi64_si128(H1, X1, 0x11); + const __m128i H2_X2_hi = _mm_clmulepi64_si128(H2, X2, 0x11); + const __m128i H3_X3_hi = _mm_clmulepi64_si128(H3, X3, 0x11); + const __m128i H4_X4_hi = _mm_clmulepi64_si128(H4, X4, 0x11); + + const __m128i hi = _mm_xor_si128( + _mm_xor_si128(H1_X1_hi, H2_X2_hi), + _mm_xor_si128(H3_X3_hi, H4_X4_hi)); + + __m128i T0 = _mm_xor_si128(lo, hi); + __m128i T1, T2, T3, T4, T5; + + T1 = _mm_xor_si128(_mm_srli_si128(H1, 8), H1); + T2 = _mm_xor_si128(_mm_srli_si128(X1, 8), X1); + T3 = _mm_xor_si128(_mm_srli_si128(H2, 8), H2); + T4 = _mm_xor_si128(_mm_srli_si128(X2, 8), X2); + T0 = _mm_xor_si128(T0, _mm_clmulepi64_si128(T1, T2, 0x00)); + T0 = _mm_xor_si128(T0, _mm_clmulepi64_si128(T3, T4, 0x00)); + + T1 = _mm_xor_si128(_mm_srli_si128(H3, 8), H3); + T2 = _mm_xor_si128(_mm_srli_si128(X3, 8), X3); + T3 = _mm_xor_si128(_mm_srli_si128(H4, 8), H4); + T4 = _mm_xor_si128(_mm_srli_si128(X4, 8), X4); + T0 = _mm_xor_si128(T0, _mm_clmulepi64_si128(T1, T2, 0x00)); + T0 = _mm_xor_si128(T0, _mm_clmulepi64_si128(T3, T4, 0x00)); + + T3 = _mm_xor_si128(_mm_slli_si128(T0, 8), lo); + T1 = _mm_xor_si128(_mm_srli_si128(T0, 8), hi); + + T0 = _mm_srli_epi32(T3, 31); + T4 = _mm_srli_epi32(T1, 31); + T3 = _mm_slli_epi32(T3, 1); + T1 = _mm_slli_epi32(T1, 1); + + T1 = _mm_or_si128(T1, _mm_srli_si128(T0, 12)); + T1 = _mm_or_si128(T1, _mm_slli_si128(T4, 4)); + T3 = _mm_or_si128(T3, _mm_slli_si128(T0, 4)); + + T0 = _mm_slli_epi32(T3, 31); + T0 = _mm_xor_si128(T0, _mm_slli_epi32(T3, 30)); + T0 = _mm_xor_si128(T0, _mm_slli_epi32(T3, 25)); + + T5 = _mm_srli_si128(T0, 4); + T3 = _mm_xor_si128(T3, _mm_slli_si128(T0, 12)); + T2 = _mm_srli_epi32(T3, 1); + T4 = _mm_srli_epi32(T3, 2); + T0 = _mm_srli_epi32(T3, 7); + + // combine results: T0 ^ T1 ^ T2 ^ T3 ^ T4 ^ T5 + T0 = _mm_xor_si128(T0, T1); + T2 = _mm_xor_si128(T2, T3); + T4 = _mm_xor_si128(T4, T5); + + T0 = _mm_xor_si128(T0, T2); + T0 = _mm_xor_si128(T0, T4); + return T0; + } + +} + +BOTAN_FUNC_ISA("ssse3") +void gcm_clmul_precompute(const uint8_t H_bytes[16], uint64_t H_pow[4*2]) + { + const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + + const __m128i H = _mm_shuffle_epi8(_mm_loadu_si128(reinterpret_cast(H_bytes)), BSWAP_MASK); + const __m128i H2 = gcm_multiply(H, H); + const __m128i H3 = gcm_multiply(H, H2); + const __m128i H4 = gcm_multiply(H, H3); + + __m128i* H_pow_mm = reinterpret_cast<__m128i*>(H_pow); + + _mm_storeu_si128(H_pow_mm+0, H); + _mm_storeu_si128(H_pow_mm+1, H2); + _mm_storeu_si128(H_pow_mm+2, H3); + _mm_storeu_si128(H_pow_mm+3, H4); + } + +BOTAN_FUNC_ISA("ssse3") +void gcm_multiply_clmul(uint8_t x[16], + const uint64_t H_pow[8], + const uint8_t input_bytes[], size_t blocks) { /* * Algorithms 1 and 5 from Intel's CLMUL guide */ const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); - const __m128i b = _mm_shuffle_epi8(_mm_loadu_si128(reinterpret_cast(H)), BSWAP_MASK); + const __m128i* input = reinterpret_cast(input_bytes); + + const __m128i* H_pow_mm = reinterpret_cast(H_pow); + + const __m128i H = _mm_loadu_si128(H_pow_mm); __m128i a = _mm_loadu_si128(reinterpret_cast(x)); a = _mm_shuffle_epi8(a, BSWAP_MASK); + if(blocks >= 4) + { + const __m128i H2 = _mm_loadu_si128(H_pow_mm + 1); + const __m128i H3 = _mm_loadu_si128(H_pow_mm + 2); + const __m128i H4 = _mm_loadu_si128(H_pow_mm + 3); + + while(blocks >= 4) + { + const __m128i m0 = _mm_shuffle_epi8(_mm_loadu_si128(input + 0), BSWAP_MASK); + const __m128i m1 = _mm_shuffle_epi8(_mm_loadu_si128(input + 1), BSWAP_MASK); + const __m128i m2 = _mm_shuffle_epi8(_mm_loadu_si128(input + 2), BSWAP_MASK); + const __m128i m3 = _mm_shuffle_epi8(_mm_loadu_si128(input + 3), BSWAP_MASK); + + a = _mm_xor_si128(a, m0); + a = gcm_multiply_x4(H, H2, H3, H4, m3, m2, m1, a); + + input += 4; + blocks -= 4; + } + } + for(size_t i = 0; i != blocks; ++i) { - __m128i m = _mm_loadu_si128(reinterpret_cast(input) + i); - m = _mm_shuffle_epi8(m, BSWAP_MASK); + const __m128i m = _mm_shuffle_epi8(_mm_loadu_si128(input + i), BSWAP_MASK); a = _mm_xor_si128(a, m); - - __m128i T0, T1, T2, T3, T4, T5; - - T0 = _mm_clmulepi64_si128(a, b, 0x00); - T1 = _mm_clmulepi64_si128(a, b, 0x01); - T2 = _mm_clmulepi64_si128(a, b, 0x10); - T3 = _mm_clmulepi64_si128(a, b, 0x11); - - T1 = _mm_xor_si128(T1, T2); - T2 = _mm_slli_si128(T1, 8); - T1 = _mm_srli_si128(T1, 8); - T0 = _mm_xor_si128(T0, T2); - T3 = _mm_xor_si128(T3, T1); - - T4 = _mm_srli_epi32(T0, 31); - T0 = _mm_slli_epi32(T0, 1); - - T5 = _mm_srli_epi32(T3, 31); - T3 = _mm_slli_epi32(T3, 1); - - T2 = _mm_srli_si128(T4, 12); - T5 = _mm_slli_si128(T5, 4); - T4 = _mm_slli_si128(T4, 4); - T0 = _mm_or_si128(T0, T4); - T3 = _mm_or_si128(T3, T5); - T3 = _mm_or_si128(T3, T2); - - T4 = _mm_slli_epi32(T0, 31); - T5 = _mm_slli_epi32(T0, 30); - T2 = _mm_slli_epi32(T0, 25); - - T4 = _mm_xor_si128(T4, T5); - T4 = _mm_xor_si128(T4, T2); - T5 = _mm_srli_si128(T4, 4); - T3 = _mm_xor_si128(T3, T5); - T4 = _mm_slli_si128(T4, 12); - T0 = _mm_xor_si128(T0, T4); - T3 = _mm_xor_si128(T3, T0); - - T4 = _mm_srli_epi32(T0, 1); - T1 = _mm_srli_epi32(T0, 2); - T2 = _mm_srli_epi32(T0, 7); - T3 = _mm_xor_si128(T3, T1); - T3 = _mm_xor_si128(T3, T2); - T3 = _mm_xor_si128(T3, T4); - - a = T3; + a = gcm_multiply(a, H); } a = _mm_shuffle_epi8(a, BSWAP_MASK); diff --git a/src/lib/modes/aead/gcm/clmul/clmul.h b/src/lib/modes/aead/gcm/clmul/clmul.h index d68e021d2d..25cdfbd962 100644 --- a/src/lib/modes/aead/gcm/clmul/clmul.h +++ b/src/lib/modes/aead/gcm/clmul/clmul.h @@ -12,7 +12,10 @@ namespace Botan { -void gcm_multiply_clmul(uint8_t x[16], const uint8_t H[16], +void gcm_clmul_precompute(const uint8_t H[16], uint64_t H_pow[4*2]); + +void gcm_multiply_clmul(uint8_t x[16], + const uint64_t H_pow[4*2], const uint8_t input[], size_t blocks); } diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index 57272f2acc..4abf8b5f6c 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -7,213 +7,12 @@ */ #include +#include #include -#include -#include #include -#include - -#if defined(BOTAN_HAS_GCM_CLMUL) - #include -#endif - -#if defined(BOTAN_HAS_GCM_PMULL) - #include -#endif namespace Botan { -static const size_t GCM_BS = 16; - -void GHASH::gcm_multiply(secure_vector& x, - const uint8_t input[], - size_t blocks) - { -#if defined(BOTAN_HAS_GCM_CLMUL) - if(CPUID::has_clmul()) - { - return gcm_multiply_clmul(x.data(), m_H.data(), input, blocks); - } -#endif - -#if defined(BOTAN_HAS_GCM_PMULL) - if(CPUID::has_arm_pmull()) - { - return gcm_multiply_pmull(x.data(), m_H.data(), input, blocks); - } -#endif - - CT::poison(x.data(), x.size()); - - // SSE2 might be useful here - - const uint64_t ALL_BITS = 0xFFFFFFFFFFFFFFFF; - - uint64_t X[2] = { - load_be(x.data(), 0), - load_be(x.data(), 1) - }; - - for(size_t b = 0; b != blocks; ++b) - { - X[0] ^= load_be(input, 2*b); - X[1] ^= load_be(input, 2*b+1); - - uint64_t Z[2] = { 0, 0 }; - - for(size_t i = 0; i != 64; ++i) - { - const uint64_t X0MASK = (ALL_BITS + (X[0] >> 63)) ^ ALL_BITS; - const uint64_t X1MASK = (ALL_BITS + (X[1] >> 63)) ^ ALL_BITS; - - X[0] <<= 1; - X[1] <<= 1; - - Z[0] ^= m_HM[4*i ] & X0MASK; - Z[1] ^= m_HM[4*i+1] & X0MASK; - Z[0] ^= m_HM[4*i+2] & X1MASK; - Z[1] ^= m_HM[4*i+3] & X1MASK; - } - - X[0] = Z[0]; - X[1] = Z[1]; - } - - store_be(x.data(), X[0], X[1]); - CT::unpoison(x.data(), x.size()); - } - -void GHASH::ghash_update(secure_vector& ghash, - const uint8_t input[], size_t length) - { - /* - This assumes if less than block size input then we're just on the - final block and should pad with zeros - */ - - const size_t full_blocks = length / GCM_BS; - const size_t final_bytes = length - (full_blocks * GCM_BS); - - if(full_blocks > 0) - { - gcm_multiply(ghash, input, full_blocks); - } - - if(final_bytes) - { - secure_vector last_block(GCM_BS); - copy_mem(last_block.data(), input + full_blocks * GCM_BS, final_bytes); - gcm_multiply(ghash, last_block.data(), 1); - } - } - -void GHASH::key_schedule(const uint8_t key[], size_t length) - { - m_H.assign(key, key+length); - m_H_ad.resize(GCM_BS); - m_ad_len = 0; - m_text_len = 0; - - uint64_t H0 = load_be(m_H.data(), 0); - uint64_t H1 = load_be(m_H.data(), 1); - - const uint64_t R = 0xE100000000000000; - - m_HM.resize(256); - - // precompute the multiples of H - for(size_t i = 0; i != 2; ++i) - { - for(size_t j = 0; j != 64; ++j) - { - /* - we interleave H^1, H^65, H^2, H^66, ... - to make indexing nicer in the multiplication code - */ - m_HM[4*j+2*i] = H0; - m_HM[4*j+2*i+1] = H1; - - // GCM's bit ops are reversed so we carry out of the bottom - const uint64_t carry = R * (H1 & 1); - H1 = (H1 >> 1) | (H0 << 63); - H0 = (H0 >> 1) ^ carry; - } - } - } - -void GHASH::start(const uint8_t nonce[], size_t len) - { - m_nonce.assign(nonce, nonce + len); - m_ghash = m_H_ad; - } - -void GHASH::set_associated_data(const uint8_t input[], size_t length) - { - zeroise(m_H_ad); - - ghash_update(m_H_ad, input, length); - m_ad_len = length; - } - -void GHASH::update_associated_data(const uint8_t ad[], size_t length) - { - BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); - m_ad_len += length; - ghash_update(m_ghash, ad, length); - } - -void GHASH::update(const uint8_t input[], size_t length) - { - BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); - m_text_len += length; - ghash_update(m_ghash, input, length); - } - -void GHASH::add_final_block(secure_vector& hash, - size_t ad_len, size_t text_len) - { - secure_vector final_block(GCM_BS); - store_be(final_block.data(), 8*ad_len, 8*text_len); - ghash_update(hash, final_block.data(), final_block.size()); - } - -secure_vector GHASH::final() - { - add_final_block(m_ghash, m_ad_len, m_text_len); - - secure_vector mac; - mac.swap(m_ghash); - - mac ^= m_nonce; - m_text_len = 0; - return mac; - } - -secure_vector GHASH::nonce_hash(const uint8_t nonce[], size_t nonce_len) - { - BOTAN_ASSERT(m_ghash.size() == 0, "nonce_hash called during wrong time"); - secure_vector y0(GCM_BS); - - ghash_update(y0, nonce, nonce_len); - add_final_block(y0, 0, nonce_len); - - return y0; - } - -void GHASH::clear() - { - zeroise(m_H); - reset(); - } - -void GHASH::reset() - { - zeroise(m_H_ad); - m_ghash.clear(); - m_nonce.clear(); - m_text_len = m_ad_len = 0; - } - /* * GCM_Mode Constructor */ @@ -255,12 +54,7 @@ std::string GCM_Mode::name() const std::string GCM_Mode::provider() const { -#if defined(BOTAN_HAS_GCM_CLMUL) - if(CPUID::has_clmul()) - return "clmul"; -#endif - - return "base"; + return m_ghash->provider(); } size_t GCM_Mode::update_granularity() const diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h index eac2add93b..de7c1ea9a9 100644 --- a/src/lib/modes/aead/gcm/gcm.h +++ b/src/lib/modes/aead/gcm/gcm.h @@ -47,7 +47,7 @@ class BOTAN_PUBLIC_API(2,0) GCM_Mode : public AEAD_Mode ~GCM_Mode(); - const size_t m_BS = 16; + static const size_t GCM_BS = 16; const size_t m_tag_size; const std::string m_cipher_name; @@ -109,62 +109,6 @@ class BOTAN_PUBLIC_API(2,0) GCM_Decryption final : public GCM_Mode void finish(secure_vector& final_block, size_t offset = 0) override; }; -/** -* GCM's GHASH -* This is not intended for general use, but is exposed to allow -* shared code between GCM and GMAC -*/ -class BOTAN_PUBLIC_API(2,0) GHASH final : public SymmetricAlgorithm - { - public: - void set_associated_data(const uint8_t ad[], size_t ad_len); - - secure_vector nonce_hash(const uint8_t nonce[], size_t len); - - void start(const uint8_t nonce[], size_t len); - - /* - * Assumes input len is multiple of 16 - */ - void update(const uint8_t in[], size_t len); - - /* - * Incremental update of associated data - */ - void update_associated_data(const uint8_t ad[], size_t len); - - secure_vector final(); - - Key_Length_Specification key_spec() const override - { return Key_Length_Specification(16); } - - void clear() override; - - void reset(); - - std::string name() const override { return "GHASH"; } - - void ghash_update(secure_vector& x, - const uint8_t input[], size_t input_len); - - void add_final_block(secure_vector& x, - size_t ad_len, size_t pt_len); - private: - void key_schedule(const uint8_t key[], size_t key_len) override; - - void gcm_multiply(secure_vector& x, - const uint8_t input[], - size_t blocks); - - secure_vector m_H; - secure_vector m_H_ad; - secure_vector m_ghash; - secure_vector m_nonce; - secure_vector m_HM; - size_t m_ad_len = 0; - size_t m_text_len = 0; - }; - } #endif diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp new file mode 100644 index 0000000000..509f069507 --- /dev/null +++ b/src/lib/modes/aead/gcm/ghash.cpp @@ -0,0 +1,242 @@ +/* +* GCM GHASH +* (C) 2013,2015,2017 Jack Lloyd +* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include + +#if defined(BOTAN_HAS_GCM_CLMUL) + #include +#endif + +#if defined(BOTAN_HAS_GCM_PMULL) + #include +#endif + +namespace Botan { + +std::string GHASH::provider() const + { +#if defined(BOTAN_HAS_GCM_CLMUL) + if(CPUID::has_clmul()) + return "clmul"; +#endif + +#if defined(BOTAN_HAS_GCM_PMULL) + if(CPUID::has_arm_pmull()) + return "pmull"; +#endif + + return "base"; + } + +void GHASH::gcm_multiply(secure_vector& x, + const uint8_t input[], + size_t blocks) + { +#if defined(BOTAN_HAS_GCM_CLMUL) + if(CPUID::has_clmul()) + { + return gcm_multiply_clmul(x.data(), m_H_pow.data(), input, blocks); + } +#endif + +#if defined(BOTAN_HAS_GCM_PMULL) + if(CPUID::has_arm_pmull()) + { + return gcm_multiply_pmull(x.data(), m_H.data(), input, blocks); + } +#endif + + CT::poison(x.data(), x.size()); + + // SSE2 might be useful here + + const uint64_t ALL_BITS = 0xFFFFFFFFFFFFFFFF; + + uint64_t X[2] = { + load_be(x.data(), 0), + load_be(x.data(), 1) + }; + + for(size_t b = 0; b != blocks; ++b) + { + X[0] ^= load_be(input, 2*b); + X[1] ^= load_be(input, 2*b+1); + + uint64_t Z[2] = { 0, 0 }; + + for(size_t i = 0; i != 64; ++i) + { + const uint64_t X0MASK = (ALL_BITS + (X[0] >> 63)) ^ ALL_BITS; + const uint64_t X1MASK = (ALL_BITS + (X[1] >> 63)) ^ ALL_BITS; + + X[0] <<= 1; + X[1] <<= 1; + + Z[0] ^= m_HM[4*i ] & X0MASK; + Z[1] ^= m_HM[4*i+1] & X0MASK; + Z[0] ^= m_HM[4*i+2] & X1MASK; + Z[1] ^= m_HM[4*i+3] & X1MASK; + } + + X[0] = Z[0]; + X[1] = Z[1]; + } + + store_be(x.data(), X[0], X[1]); + CT::unpoison(x.data(), x.size()); + } + +void GHASH::ghash_update(secure_vector& ghash, + const uint8_t input[], size_t length) + { + /* + This assumes if less than block size input then we're just on the + final block and should pad with zeros + */ + + const size_t full_blocks = length / GCM_BS; + const size_t final_bytes = length - (full_blocks * GCM_BS); + + if(full_blocks > 0) + { + gcm_multiply(ghash, input, full_blocks); + } + + if(final_bytes) + { + secure_vector last_block(GCM_BS); + copy_mem(last_block.data(), input + full_blocks * GCM_BS, final_bytes); + gcm_multiply(ghash, last_block.data(), 1); + } + } + +void GHASH::key_schedule(const uint8_t key[], size_t length) + { + m_H.assign(key, key+length); + m_H_ad.resize(GCM_BS); + m_ad_len = 0; + m_text_len = 0; + + uint64_t H0 = load_be(m_H.data(), 0); + uint64_t H1 = load_be(m_H.data(), 1); + + const uint64_t R = 0xE100000000000000; + + m_HM.resize(256); + + // precompute the multiples of H + for(size_t i = 0; i != 2; ++i) + { + for(size_t j = 0; j != 64; ++j) + { + /* + we interleave H^1, H^65, H^2, H^66, H3, H67, H4, H68 + to make indexing nicer in the multiplication code + */ + m_HM[4*j+2*i] = H0; + m_HM[4*j+2*i+1] = H1; + + // GCM's bit ops are reversed so we carry out of the bottom + const uint64_t carry = R * (H1 & 1); + H1 = (H1 >> 1) | (H0 << 63); + H0 = (H0 >> 1) ^ carry; + } + } + +#if defined(BOTAN_HAS_GCM_CLMUL) + if(CPUID::has_clmul()) + { + m_H_pow.resize(8); + gcm_clmul_precompute(m_H.data(), m_H_pow.data()); + } +#endif + + } + +void GHASH::start(const uint8_t nonce[], size_t len) + { + m_nonce.assign(nonce, nonce + len); + m_ghash = m_H_ad; + } + +void GHASH::set_associated_data(const uint8_t input[], size_t length) + { + zeroise(m_H_ad); + + ghash_update(m_H_ad, input, length); + m_ad_len = length; + } + +void GHASH::update_associated_data(const uint8_t ad[], size_t length) + { + BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); + m_ad_len += length; + ghash_update(m_ghash, ad, length); + } + +void GHASH::update(const uint8_t input[], size_t length) + { + BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); + m_text_len += length; + ghash_update(m_ghash, input, length); + } + +void GHASH::add_final_block(secure_vector& hash, + size_t ad_len, size_t text_len) + { + /* + * stack buffer is fine here since the text len is public + * and the length of the AD is probably not sensitive either. + */ + uint8_t final_block[GCM_BS]; + store_be(final_block, 8*ad_len, 8*text_len); + ghash_update(hash, final_block, GCM_BS); + } + +secure_vector GHASH::final() + { + add_final_block(m_ghash, m_ad_len, m_text_len); + + secure_vector mac; + mac.swap(m_ghash); + + mac ^= m_nonce; + m_text_len = 0; + return mac; + } + +secure_vector GHASH::nonce_hash(const uint8_t nonce[], size_t nonce_len) + { + BOTAN_ASSERT(m_ghash.size() == 0, "nonce_hash called during wrong time"); + secure_vector y0(GCM_BS); + + ghash_update(y0, nonce, nonce_len); + add_final_block(y0, 0, nonce_len); + + return y0; + } + +void GHASH::clear() + { + zeroise(m_H); + zeroise(m_HM); + reset(); + } + +void GHASH::reset() + { + zeroise(m_H_ad); + m_ghash.clear(); + m_nonce.clear(); + m_text_len = m_ad_len = 0; + } + +} diff --git a/src/lib/modes/aead/gcm/ghash.h b/src/lib/modes/aead/gcm/ghash.h new file mode 100644 index 0000000000..7fcf7cfaa2 --- /dev/null +++ b/src/lib/modes/aead/gcm/ghash.h @@ -0,0 +1,78 @@ +/* +* (C) 2013 Jack Lloyd +* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_GCM_GHASH_H_ +#define BOTAN_GCM_GHASH_H_ + +#include + +namespace Botan { + +/** +* GCM's GHASH +* This is not intended for general use, but is exposed to allow +* shared code between GCM and GMAC +*/ +class BOTAN_PUBLIC_API(2,0) GHASH final : public SymmetricAlgorithm + { + public: + void set_associated_data(const uint8_t ad[], size_t ad_len); + + secure_vector nonce_hash(const uint8_t nonce[], size_t len); + + void start(const uint8_t nonce[], size_t len); + + /* + * Assumes input len is multiple of 16 + */ + void update(const uint8_t in[], size_t len); + + /* + * Incremental update of associated data + */ + void update_associated_data(const uint8_t ad[], size_t len); + + secure_vector final(); + + Key_Length_Specification key_spec() const override + { return Key_Length_Specification(16); } + + void clear() override; + + void reset(); + + std::string name() const override { return "GHASH"; } + + std::string provider() const; + + void ghash_update(secure_vector& x, + const uint8_t input[], size_t input_len); + + void add_final_block(secure_vector& x, + size_t ad_len, size_t pt_len); + private: + void key_schedule(const uint8_t key[], size_t key_len) override; + + void gcm_multiply(secure_vector& x, + const uint8_t input[], + size_t blocks); + + static const size_t GCM_BS = 16; + + secure_vector m_H; + secure_vector m_H_ad; + secure_vector m_ghash; + secure_vector m_nonce; + secure_vector m_HM; + secure_vector m_H_pow; + size_t m_ad_len = 0; + size_t m_text_len = 0; + }; + +} + +#endif diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index e81373a829..cc2825ee6f 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -6,27 +6,30 @@ */ #include +#include namespace Botan { CTR_BE::CTR_BE(BlockCipher* ciph) : m_cipher(ciph), + m_block_size(m_cipher->block_size()), + m_ctr_size(m_block_size), + m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size), m_counter(m_cipher->parallel_bytes()), m_pad(m_counter.size()), m_iv(m_cipher->block_size()), - m_block_size(m_cipher->block_size()), - m_ctr_size(m_block_size), m_pad_pos(0) { } CTR_BE::CTR_BE(BlockCipher* cipher, size_t ctr_size) : m_cipher(cipher), + m_block_size(m_cipher->block_size()), + m_ctr_size(ctr_size), + m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size), m_counter(m_cipher->parallel_bytes()), m_pad(m_counter.size()), m_iv(m_cipher->block_size()), - m_block_size(m_cipher->block_size()), - m_ctr_size(ctr_size), m_pad_pos(0) { if(m_ctr_size == 0 || m_ctr_size > m_block_size) @@ -57,15 +60,36 @@ std::string CTR_BE::name() const void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length) { - while(length >= m_pad.size() - m_pad_pos) + if(m_pad_pos > 0) + { + const size_t avail = m_pad.size() - m_pad_pos; + const size_t take = std::min(length, avail); + xor_buf(out, in, &m_pad[m_pad_pos], take); + length -= take; + in += take; + out += take; + m_pad_pos += take; + + if(take == avail) + { + add_counter(m_ctr_blocks); + m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); + m_pad_pos = 0; + } + } + + while(length >= m_pad.size()) { - xor_buf(out, in, &m_pad[m_pad_pos], m_pad.size() - m_pad_pos); - length -= (m_pad.size() - m_pad_pos); - in += (m_pad.size() - m_pad_pos); - out += (m_pad.size() - m_pad_pos); - increment_counter(); + xor_buf(out, in, &m_pad[0], m_pad.size()); + length -= m_pad.size(); + in += m_pad.size(); + out += m_pad.size(); + + add_counter(m_ctr_blocks); + m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); } - xor_buf(out, in, &m_pad[m_pad_pos], length); + + xor_buf(out, in, &m_pad[0], length); m_pad_pos += length; } @@ -80,63 +104,89 @@ void CTR_BE::set_iv(const uint8_t iv[], size_t iv_len) seek(0); } -/* -* Increment the counter and update the buffer -*/ -void CTR_BE::increment_counter() - { - const size_t n_wide = m_counter.size() / m_block_size; - - add_counter(n_wide); - - m_cipher->encrypt_n(m_counter.data(), m_pad.data(), n_wide); - m_pad_pos = 0; - } - void CTR_BE::add_counter(const uint64_t counter) { - const size_t n_wide = m_counter.size() / m_block_size; + const size_t ctr_size = m_ctr_size; + const size_t ctr_blocks = m_ctr_blocks; + const size_t BS = m_block_size; - for(size_t i = 0; i != n_wide; ++i) + if(ctr_size == 4) + { + size_t off = (BS - 4); + for(size_t i = 0; i != ctr_blocks; ++i) + { + uint32_t low32 = load_be(&m_counter[off], 0); + low32 += counter; + store_be(low32, &m_counter[off]); + off += BS; + } + } + else if(ctr_size == 8) { - uint64_t local_counter = counter; - uint16_t carry = static_cast(local_counter); - for(size_t j = 0; (carry || local_counter) && j != m_ctr_size; ++j) + size_t off = (BS - 8); + for(size_t i = 0; i != ctr_blocks; ++i) { - const size_t off = i*m_block_size + (m_block_size-1-j); - const uint16_t cnt = static_cast(m_counter[off]) + carry; - m_counter[off] = static_cast(cnt); - local_counter = (local_counter >> 8); - carry = (cnt >> 8) + static_cast(local_counter); + uint64_t low64 = load_be(&m_counter[off], 0); + low64 += counter; + store_be(low64, &m_counter[off]); + off += BS; + } + } + else if(ctr_size == 16) + { + size_t off = (BS - 16); + for(size_t i = 0; i != ctr_blocks; ++i) + { + uint64_t b0 = load_be(&m_counter[off], 0); + uint64_t b1 = load_be(&m_counter[off], 1); + b1 += counter; + b1 += (b1 < counter); // carry + store_be(b0, &m_counter[off]); + store_be(b1, &m_counter[off+8]); + off += BS; + } + } + else + { + for(size_t i = 0; i != ctr_blocks; ++i) + { + uint64_t local_counter = counter; + uint16_t carry = static_cast(local_counter); + for(size_t j = 0; (carry || local_counter) && j != ctr_size; ++j) + { + const size_t off = i*BS + (BS-1-j); + const uint16_t cnt = static_cast(m_counter[off]) + carry; + m_counter[off] = static_cast(cnt); + local_counter = (local_counter >> 8); + carry = (cnt >> 8) + static_cast(local_counter); + } } } } void CTR_BE::seek(uint64_t offset) { - const size_t n_wide = m_counter.size() / m_block_size; - const uint64_t base_counter = n_wide * (offset / m_counter.size()); + const uint64_t base_counter = m_ctr_blocks * (offset / m_counter.size()); zeroise(m_counter); buffer_insert(m_counter, 0, m_iv); + const size_t BS = m_block_size; + // Set m_counter blocks to IV, IV + 1, ... IV + n - for(size_t i = 1; i != n_wide; ++i) + for(size_t i = 1; i != m_ctr_blocks; ++i) { - buffer_insert(m_counter, - i*m_block_size, - &m_counter[(i-1)*m_block_size], - m_block_size); + buffer_insert(m_counter, i*BS, &m_counter[(i-1)*BS], BS); for(size_t j = 0; j != m_ctr_size; ++j) - if(++m_counter[i*m_block_size + (m_block_size - 1 - j)]) + if(++m_counter[i*BS + (BS - 1 - j)]) break; } - if (base_counter > 0) + if(base_counter > 0) add_counter(base_counter); - m_cipher->encrypt_n(m_counter.data(), m_pad.data(), n_wide); + m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); m_pad_pos = offset % m_counter.size(); } } diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h index e174848b86..3ff63b8e58 100644 --- a/src/lib/stream/ctr/ctr.h +++ b/src/lib/stream/ctr/ctr.h @@ -48,14 +48,16 @@ class BOTAN_PUBLIC_API(2,0) CTR_BE final : public StreamCipher void seek(uint64_t offset) override; private: void key_schedule(const uint8_t key[], size_t key_len) override; - void increment_counter(); void add_counter(const uint64_t counter); std::unique_ptr m_cipher; + + const size_t m_block_size; + const size_t m_ctr_size; + const size_t m_ctr_blocks; + secure_vector m_counter, m_pad; std::vector m_iv; - const size_t m_block_size; - size_t m_ctr_size; size_t m_pad_pos; }; From a01d850353a310dfca3cca5ffe630b654a8f5a23 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 18 Oct 2017 12:59:30 -0400 Subject: [PATCH 0061/1008] Further optimizations, and split out GHASH reduction code --- src/lib/modes/aead/gcm/clmul/clmul.cpp | 119 +++++++++---------------- src/lib/modes/aead/gcm/gcm.cpp | 6 +- src/lib/stream/ctr/ctr.cpp | 19 ++-- 3 files changed, 57 insertions(+), 87 deletions(-) diff --git a/src/lib/modes/aead/gcm/clmul/clmul.cpp b/src/lib/modes/aead/gcm/clmul/clmul.cpp index 0f07c27639..632de6d339 100644 --- a/src/lib/modes/aead/gcm/clmul/clmul.cpp +++ b/src/lib/modes/aead/gcm/clmul/clmul.cpp @@ -13,58 +13,51 @@ namespace Botan { namespace { -BOTAN_FUNC_ISA("pclmul,ssse3") -inline __m128i gcm_multiply(const __m128i& x, const __m128i& H) +BOTAN_FUNC_ISA("sse2") +inline __m128i gcm_reduce(const __m128i& B0, const __m128i& B1) { - __m128i T0, T1, T2, T3, T4, T5; + __m128i T0, T1, T2, T3; - T0 = _mm_clmulepi64_si128(x, H, 0x00); - T1 = _mm_clmulepi64_si128(x, H, 0x01); - T2 = _mm_clmulepi64_si128(x, H, 0x10); - T3 = _mm_clmulepi64_si128(x, H, 0x11); + T0 = _mm_srli_epi32(B1, 31); + T1 = _mm_slli_epi32(B1, 1); + T2 = _mm_srli_epi32(B0, 31); + T3 = _mm_slli_epi32(B0, 1); + + T3 = _mm_or_si128(T3, _mm_srli_si128(T0, 12)); + T3 = _mm_or_si128(T3, _mm_slli_si128(T2, 4)); + T1 = _mm_or_si128(T1, _mm_slli_si128(T0, 4)); + + T0 = _mm_xor_si128(_mm_slli_epi32(T1, 31), _mm_slli_epi32(T1, 30)); + T0 = _mm_xor_si128(T0, _mm_slli_epi32(T1, 25)); + + T1 = _mm_xor_si128(T1, _mm_slli_si128(T0, 12)); + + T0 = _mm_xor_si128(T3, _mm_srli_si128(T0, 4)); + T0 = _mm_xor_si128(T0, T1); + T0 = _mm_xor_si128(T0, _mm_srli_epi32(T1, 7)); + T0 = _mm_xor_si128(T0, _mm_srli_epi32(T1, 1)); + T0 = _mm_xor_si128(T0, _mm_srli_epi32(T1, 2)); + return T0; + } + +BOTAN_FUNC_ISA("pclmul,sse2") +inline __m128i gcm_multiply(const __m128i& H, const __m128i& x) + { + __m128i T0, T1, T2, T3, T4; + + T0 = _mm_clmulepi64_si128(x, H, 0x11); + T1 = _mm_clmulepi64_si128(x, H, 0x10); + T2 = _mm_clmulepi64_si128(x, H, 0x01); + T3 = _mm_clmulepi64_si128(x, H, 0x00); T1 = _mm_xor_si128(T1, T2); - T2 = _mm_slli_si128(T1, 8); - T1 = _mm_srli_si128(T1, 8); - T0 = _mm_xor_si128(T0, T2); - T3 = _mm_xor_si128(T3, T1); - - T4 = _mm_srli_epi32(T0, 31); - T0 = _mm_slli_epi32(T0, 1); - - T5 = _mm_srli_epi32(T3, 31); - T3 = _mm_slli_epi32(T3, 1); - - T2 = _mm_srli_si128(T4, 12); - T5 = _mm_slli_si128(T5, 4); - T4 = _mm_slli_si128(T4, 4); - T0 = _mm_or_si128(T0, T4); - T3 = _mm_or_si128(T3, T5); - T3 = _mm_or_si128(T3, T2); - - T4 = _mm_slli_epi32(T0, 31); - T5 = _mm_slli_epi32(T0, 30); - T2 = _mm_slli_epi32(T0, 25); - - T4 = _mm_xor_si128(T4, T5); - T4 = _mm_xor_si128(T4, T2); - T5 = _mm_srli_si128(T4, 4); - T3 = _mm_xor_si128(T3, T5); - T4 = _mm_slli_si128(T4, 12); - T0 = _mm_xor_si128(T0, T4); - T3 = _mm_xor_si128(T3, T0); - - T4 = _mm_srli_epi32(T0, 1); - T1 = _mm_srli_epi32(T0, 2); - T2 = _mm_srli_epi32(T0, 7); - T3 = _mm_xor_si128(T3, T1); - T3 = _mm_xor_si128(T3, T2); - T3 = _mm_xor_si128(T3, T4); - - return T3; + T0 = _mm_xor_si128(T0, _mm_srli_si128(T1, 8)); + T3 = _mm_xor_si128(T3, _mm_slli_si128(T1, 8)); + + return gcm_reduce(T0, T3); } -BOTAN_FUNC_ISA("pclmul,ssse3") +BOTAN_FUNC_ISA("pclmul,sse2") inline __m128i gcm_multiply_x4(const __m128i& H1, const __m128i& H2, const __m128i& H3, const __m128i& H4, const __m128i& X1, const __m128i& X2, const __m128i& X3, const __m128i& X4) { @@ -92,7 +85,7 @@ inline __m128i gcm_multiply_x4(const __m128i& H1, const __m128i& H2, const __m12 _mm_xor_si128(H3_X3_hi, H4_X4_hi)); __m128i T0 = _mm_xor_si128(lo, hi); - __m128i T1, T2, T3, T4, T5; + __m128i T1, T2, T3, T4; T1 = _mm_xor_si128(_mm_srli_si128(H1, 8), H1); T2 = _mm_xor_si128(_mm_srli_si128(X1, 8), X1); @@ -108,36 +101,10 @@ inline __m128i gcm_multiply_x4(const __m128i& H1, const __m128i& H2, const __m12 T0 = _mm_xor_si128(T0, _mm_clmulepi64_si128(T1, T2, 0x00)); T0 = _mm_xor_si128(T0, _mm_clmulepi64_si128(T3, T4, 0x00)); - T3 = _mm_xor_si128(_mm_slli_si128(T0, 8), lo); T1 = _mm_xor_si128(_mm_srli_si128(T0, 8), hi); + T2 = _mm_xor_si128(_mm_slli_si128(T0, 8), lo); - T0 = _mm_srli_epi32(T3, 31); - T4 = _mm_srli_epi32(T1, 31); - T3 = _mm_slli_epi32(T3, 1); - T1 = _mm_slli_epi32(T1, 1); - - T1 = _mm_or_si128(T1, _mm_srli_si128(T0, 12)); - T1 = _mm_or_si128(T1, _mm_slli_si128(T4, 4)); - T3 = _mm_or_si128(T3, _mm_slli_si128(T0, 4)); - - T0 = _mm_slli_epi32(T3, 31); - T0 = _mm_xor_si128(T0, _mm_slli_epi32(T3, 30)); - T0 = _mm_xor_si128(T0, _mm_slli_epi32(T3, 25)); - - T5 = _mm_srli_si128(T0, 4); - T3 = _mm_xor_si128(T3, _mm_slli_si128(T0, 12)); - T2 = _mm_srli_epi32(T3, 1); - T4 = _mm_srli_epi32(T3, 2); - T0 = _mm_srli_epi32(T3, 7); - - // combine results: T0 ^ T1 ^ T2 ^ T3 ^ T4 ^ T5 - T0 = _mm_xor_si128(T0, T1); - T2 = _mm_xor_si128(T2, T3); - T4 = _mm_xor_si128(T4, T5); - - T0 = _mm_xor_si128(T0, T2); - T0 = _mm_xor_si128(T0, T4); - return T0; + return gcm_reduce(T1, T2); } } @@ -205,7 +172,7 @@ void gcm_multiply_clmul(uint8_t x[16], const __m128i m = _mm_shuffle_epi8(_mm_loadu_si128(input + i), BSWAP_MASK); a = _mm_xor_si128(a, m); - a = gcm_multiply(a, H); + a = gcm_multiply(H, a); } a = _mm_shuffle_epi8(a, BSWAP_MASK); diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index 4abf8b5f6c..dfaffedb73 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -103,10 +103,10 @@ void GCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) m_ctr->set_iv(y0.data(), y0.size()); - secure_vector m_enc_y0(GCM_BS); - m_ctr->encipher(m_enc_y0); + zeroise(y0); + m_ctr->encipher(y0); - m_ghash->start(m_enc_y0.data(), m_enc_y0.size()); + m_ghash->start(y0.data(), y0.size()); } size_t GCM_Encryption::process(uint8_t buf[], size_t sz) diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index cc2825ee6f..b4c931980a 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -60,11 +60,14 @@ std::string CTR_BE::name() const void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length) { + const uint8_t* pad_bits = &m_pad[0]; + const size_t pad_size = m_pad.size(); + if(m_pad_pos > 0) { - const size_t avail = m_pad.size() - m_pad_pos; + const size_t avail = pad_size - m_pad_pos; const size_t take = std::min(length, avail); - xor_buf(out, in, &m_pad[m_pad_pos], take); + xor_buf(out, in, pad_bits + m_pad_pos, take); length -= take; in += take; out += take; @@ -78,18 +81,18 @@ void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length) } } - while(length >= m_pad.size()) + while(length >= pad_size) { - xor_buf(out, in, &m_pad[0], m_pad.size()); - length -= m_pad.size(); - in += m_pad.size(); - out += m_pad.size(); + xor_buf(out, in, pad_bits, pad_size); + length -= pad_size; + in += pad_size; + out += pad_size; add_counter(m_ctr_blocks); m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); } - xor_buf(out, in, &m_pad[0], length); + xor_buf(out, in, pad_bits, length); m_pad_pos += length; } From 8258550225d198a3f1f9791d5fc5ce8511dfeb3e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 18 Oct 2017 17:33:29 -0400 Subject: [PATCH 0062/1008] GMAC test fixes [ci skip] --- src/tests/data/mac/gmac.vec | 2 +- src/tests/test_mac.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/data/mac/gmac.vec b/src/tests/data/mac/gmac.vec index f01b42d1d4..b6299137d8 100644 --- a/src/tests/data/mac/gmac.vec +++ b/src/tests/data/mac/gmac.vec @@ -1,4 +1,4 @@ -#test cpuid aesni ssse3 clmul +#test cpuid aesni ssse3 clmul pmull # Testvectors in this file have been generated using the Bouncy Castle Crypto # API version 1.54 (https://www.bouncycastle.org) diff --git a/src/tests/test_mac.cpp b/src/tests/test_mac.cpp index 2792aeb3ee..f4e3e4268a 100644 --- a/src/tests/test_mac.cpp +++ b/src/tests/test_mac.cpp @@ -85,7 +85,7 @@ class Message_Auth_Tests final : public Text_Based_Test clone->start(iv); clone->update(Test::rng().random_vec(32)); - result.test_eq(provider + " correct mac", mac->verify_mac(expected.data(), expected.size()), true); + result.test_eq(provider + " verify mac", mac->verify_mac(expected.data(), expected.size()), true); if(input.size() > 2) { From 8805f1535fa75523903995f05348ffcc7a7d2e86 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 18 Oct 2017 16:47:05 -0400 Subject: [PATCH 0063/1008] PMULL optimizations --- src/lib/modes/aead/gcm/ghash.cpp | 10 +- src/lib/modes/aead/gcm/pmull/pmull.cpp | 238 +++++++++++++++++++------ src/lib/modes/aead/gcm/pmull/pmull.h | 5 +- 3 files changed, 192 insertions(+), 61 deletions(-) diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp index 509f069507..c3c2453e89 100644 --- a/src/lib/modes/aead/gcm/ghash.cpp +++ b/src/lib/modes/aead/gcm/ghash.cpp @@ -50,7 +50,7 @@ void GHASH::gcm_multiply(secure_vector& x, #if defined(BOTAN_HAS_GCM_PMULL) if(CPUID::has_arm_pmull()) { - return gcm_multiply_pmull(x.data(), m_H.data(), input, blocks); + return gcm_multiply_pmull(x.data(), m_H_pow.data(), input, blocks); } #endif @@ -159,6 +159,14 @@ void GHASH::key_schedule(const uint8_t key[], size_t length) } #endif +#if defined(BOTAN_HAS_GCM_PMULL) + if(CPUID::has_arm_pmull()) + { + m_H_pow.resize(8); + gcm_pmull_precompute(m_H.data(), m_H_pow.data()); + } +#endif + } void GHASH::start(const uint8_t nonce[], size_t len) diff --git a/src/lib/modes/aead/gcm/pmull/pmull.cpp b/src/lib/modes/aead/gcm/pmull/pmull.cpp index 12d6ff7d1a..77eb1909f2 100644 --- a/src/lib/modes/aead/gcm/pmull/pmull.cpp +++ b/src/lib/modes/aead/gcm/pmull/pmull.cpp @@ -1,6 +1,9 @@ /* * Contributed by Jeffrey Walton * +* Further changes +* (C) 2017 Jack Lloyd +* * Botan is released under the Simplified BSD License (see license.txt) */ @@ -9,74 +12,191 @@ namespace Botan { +/* +This follows the same pattern as the clmul implementation. + +See also http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf +*/ + +namespace { + +BOTAN_FUNC_ISA("+simd") +inline uint64x2_t gcm_reduce(uint32x4_t B0, uint32x4_t B1) + { + const uint32x4_t zero = vdupq_n_u32(0); + + uint32x4_t T0, T1, T2, T3, T4, T5; + + T4 = vshrq_n_u32(B0, 31); + T0 = vshlq_n_u32(B0, 1); + T5 = vshrq_n_u32(B1, 31); + T3 = vshlq_n_u32(B1, 1); + + T2 = vextq_u32(T4, zero, 3); + T5 = vextq_u32(zero, T5, 3); + T4 = vextq_u32(zero, T4, 3); + T0 = vorrq_u32(T0, T4); + T3 = vorrq_u32(T3, T5); + T3 = vorrq_u32(T3, T2); + + T4 = vshlq_n_u32(T0, 31); + T5 = vshlq_n_u32(T0, 30); + T2 = vshlq_n_u32(T0, 25); + + T4 = veorq_u32(T4, T5); + T4 = veorq_u32(T4, T2); + T5 = vextq_u32(T4, zero, 1); + T3 = veorq_u32(T3, T5); + T4 = vextq_u32(zero, T4, 1); + T0 = veorq_u32(T0, T4); + T3 = veorq_u32(T3, T0); + + T4 = vshrq_n_u32(T0, 1); + T1 = vshrq_n_u32(T0, 2); + T2 = vshrq_n_u32(T0, 7); + T3 = veorq_u32(T3, T1); + T3 = veorq_u32(T3, T2); + T3 = veorq_u32(T3, T4); + + return vreinterpretq_u64_u32(T3); + } + +BOTAN_FUNC_ISA("+crypto") +inline uint64x2_t gcm_multiply(uint64x2_t H, uint64x2_t x) + { + const uint32x4_t zero = vdupq_n_u32(0); + + const uint64_t x_hi = vgetq_lane_u64(x, 0); + const uint64_t x_lo = vgetq_lane_u64(x, 1); + const uint64_t H_hi = vgetq_lane_u64(H, 0); + const uint64_t H_lo = vgetq_lane_u64(H, 1); + + uint32x4_t T0 = (uint32x4_t)vmull_p64(x_hi, H_hi); + uint32x4_t T1 = (uint32x4_t)vmull_p64(x_lo, H_hi); + uint32x4_t T2 = (uint32x4_t)vmull_p64(x_hi, H_lo); + uint32x4_t T3 = (uint32x4_t)vmull_p64(x_lo, H_lo); + + T1 = veorq_u32(T1, T2); + T0 = veorq_u32(T0, vextq_u32(zero, T1, 2)); + T3 = veorq_u32(T3, vextq_u32(T1, zero, 2)); + + return gcm_reduce(T0, T3); + } + BOTAN_FUNC_ISA("+crypto") -void gcm_multiply_pmull(uint8_t x[16], const uint8_t H[16], +inline uint64x2_t gcm_multiply_x4(uint64x2_t H1, uint64x2_t H2, uint64x2_t H3, uint64x2_t H4, + uint64x2_t X1, uint64x2_t X2, uint64x2_t X3, uint64x2_t X4) + { + const uint64_t H1_hi = vgetq_lane_u64(H1, 0); + const uint64_t H1_lo = vgetq_lane_u64(H1, 1); + const uint64_t H2_hi = vgetq_lane_u64(H2, 0); + const uint64_t H2_lo = vgetq_lane_u64(H2, 1); + const uint64_t H3_hi = vgetq_lane_u64(H3, 0); + const uint64_t H3_lo = vgetq_lane_u64(H3, 1); + const uint64_t H4_hi = vgetq_lane_u64(H4, 0); + const uint64_t H4_lo = vgetq_lane_u64(H4, 1); + + const uint64_t X1_hi = vgetq_lane_u64(X1, 0); + const uint64_t X1_lo = vgetq_lane_u64(X1, 1); + const uint64_t X2_hi = vgetq_lane_u64(X2, 0); + const uint64_t X2_lo = vgetq_lane_u64(X2, 1); + const uint64_t X3_hi = vgetq_lane_u64(X3, 0); + const uint64_t X3_lo = vgetq_lane_u64(X3, 1); + const uint64_t X4_hi = vgetq_lane_u64(X4, 0); + const uint64_t X4_lo = vgetq_lane_u64(X4, 1); + + const uint32x4_t H1_X1_lo = (uint32x4_t)vmull_p64(X1_lo, H1_lo); + const uint32x4_t H2_X2_lo = (uint32x4_t)vmull_p64(X2_lo, H2_lo); + const uint32x4_t H3_X3_lo = (uint32x4_t)vmull_p64(X3_lo, H3_lo); + const uint32x4_t H4_X4_lo = (uint32x4_t)vmull_p64(X4_lo, H4_lo); + + const uint32x4_t lo = veorq_u32( + veorq_u32(H1_X1_lo, H2_X2_lo), + veorq_u32(H3_X3_lo, H4_X4_lo)); + + const uint32x4_t H1_X1_hi = (uint32x4_t)vmull_p64(X1_hi, H1_hi); + const uint32x4_t H2_X2_hi = (uint32x4_t)vmull_p64(X2_hi, H2_hi); + const uint32x4_t H3_X3_hi = (uint32x4_t)vmull_p64(X3_hi, H3_hi); + const uint32x4_t H4_X4_hi = (uint32x4_t)vmull_p64(X4_hi, H4_hi); + + const uint32x4_t hi = veorq_u32( + veorq_u32(H1_X1_hi, H2_X2_hi), + veorq_u32(H3_X3_hi, H4_X4_hi)); + + uint32x4_t T0 = veorq_u32(lo, hi); + + T0 = veorq_u32(T0, (uint32x4_t)vmull_p64(X1_hi ^ X1_lo, H1_hi ^ H1_lo)); + T0 = veorq_u32(T0, (uint32x4_t)vmull_p64(X2_hi ^ X2_lo, H2_hi ^ H2_lo)); + T0 = veorq_u32(T0, (uint32x4_t)vmull_p64(X3_hi ^ X3_lo, H3_hi ^ H3_lo)); + T0 = veorq_u32(T0, (uint32x4_t)vmull_p64(X4_hi ^ X4_lo, H4_hi ^ H4_lo)); + + const uint32x4_t zero = vdupq_n_u32(0); + uint32x4_t B0 = veorq_u32(vextq_u32(zero, T0, 2), hi); + uint32x4_t B1 = veorq_u32(vextq_u32(T0, zero, 2), lo); + return gcm_reduce(B0, B1); + } + +BOTAN_FUNC_ISA("+simd") +inline uint8x16_t bswap_vec(uint8x16_t v) + { + const uint8_t maskb[16] = { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + const uint8x16_t mask = vld1q_u8(maskb); + return vqtbl1q_u8(v, mask); + } + +} + +BOTAN_FUNC_ISA("+simd") +void gcm_pmull_precompute(const uint8_t H_bytes[16], uint64_t H_pow[4*2]) + { + const uint64x2_t H = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(H_bytes))); + const uint64x2_t H2 = gcm_multiply(H, H); + const uint64x2_t H3 = gcm_multiply(H, H2); + const uint64x2_t H4 = gcm_multiply(H, H3); + + vst1q_u64(H_pow , H); + vst1q_u64(H_pow+2, H2); + vst1q_u64(H_pow+4, H3); + vst1q_u64(H_pow+6, H4); + } + +BOTAN_FUNC_ISA("+simd") +void gcm_multiply_pmull(uint8_t x[16], + const uint64_t H64[8], const uint8_t input[], size_t blocks) { - /* - * Implementing GCM on ARMv8, http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf - */ + const uint64x2_t H = vld1q_u64(H64); + uint64x2_t a = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(x))); - uint64x2_t a64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(x+8)), vrev64_u8(vld1_u8(x)))); - const uint64x2_t b64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(H+8)), vrev64_u8(vld1_u8(H)))); + if(blocks >= 4) + { + const uint64x2_t H2 = vld1q_u64(H64 + 2); + const uint64x2_t H3 = vld1q_u64(H64 + 4); + const uint64x2_t H4 = vld1q_u64(H64 + 6); + + while(blocks >= 4) + { + const uint64x2_t m0 = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(input))); + const uint64x2_t m1 = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(input + 16))); + const uint64x2_t m2 = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(input + 32))); + const uint64x2_t m3 = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(input + 48))); + + a = veorq_u64(a, m0); + a = gcm_multiply_x4(H, H2, H3, H4, m3, m2, m1, a); + + input += 64; + blocks -= 4; + } + } for(size_t i = 0; i != blocks; ++i) { - const uint64x2_t m64 = vreinterpretq_u64_u8(vcombine_u8(vrev64_u8(vld1_u8(input+8)), vrev64_u8(vld1_u8(input)))); - input += 16; - - a64 = veorq_u64(a64, m64); - - uint64x2_t T0, T1, T2, T3, T4, T5; - - T0 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 0), vgetq_lane_u64(b64, 0)); - T1 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 1), vgetq_lane_u64(b64, 0)); - T2 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 0), vgetq_lane_u64(b64, 1)); - T3 = (uint64x2_t)vmull_p64(vgetq_lane_u64(a64, 1), vgetq_lane_u64(b64, 1)); - - T1 = veorq_u64(T1, T2); - T2 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T1), 8)); - T1 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T1), vdupq_n_u8(0), 8)); - T0 = veorq_u64(T0, T2); - T3 = veorq_u64(T3, T1); - - T4 = vshrq_n_u64(T0, 31); - T0 = vshlq_n_u64(T0, 1); - - T5 = vshrq_n_u64(T3, 31); - T3 = vshlq_n_u64(T3, 1); - - T2 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T4), vdupq_n_u8(0), 12)); - T5 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T5), 12)); - T4 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T4), 12)); - T0 = vorrq_u64(T0, T4); - T3 = vorrq_u64(T3, T5); - T3 = vorrq_u64(T3, T2); - - T4 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 31)); - T5 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 30)); - T2 = vreinterpretq_u64_u32(vshlq_n_u32(vreinterpretq_u32_u64(T0), 25)); - - T4 = veorq_u64(T4, T5); - T4 = veorq_u64(T4, T2); - T5 = vreinterpretq_u64_u8(vextq_u8(vreinterpretq_u8_u64(T4), vdupq_n_u8(0), 4)); - T3 = veorq_u64(T3, T5); - T4 = vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(T4), 4)); - T0 = veorq_u64(T0, T4); - T3 = veorq_u64(T3, T0); - - T4 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 1)); - T1 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 2)); - T2 = vreinterpretq_u64_u32(vshrq_n_u32(vreinterpretq_u32_u64(T0), 7)); - T3 = veorq_u64(T3, T1); - T3 = veorq_u64(T3, T2); - T3 = veorq_u64(T3, T4); - - a64 = T3; + const uint64x2_t m = vreinterpretq_u64_u8(bswap_vec(vld1q_u8(input + 16*i))); + a = veorq_u64(a, m); + a = gcm_multiply(H, a); } - vst1_u8(x+0, vrev64_u8(vreinterpret_u8_u64(vget_high_u64(a64)))); - vst1_u8(x+8, vrev64_u8(vreinterpret_u8_u64(vget_low_u64(a64)))); + vst1q_u8(x, bswap_vec(vreinterpretq_u8_u64(a))); } } diff --git a/src/lib/modes/aead/gcm/pmull/pmull.h b/src/lib/modes/aead/gcm/pmull/pmull.h index 638b845cd8..17e61097f9 100644 --- a/src/lib/modes/aead/gcm/pmull/pmull.h +++ b/src/lib/modes/aead/gcm/pmull/pmull.h @@ -12,7 +12,10 @@ namespace Botan { -void gcm_multiply_pmull(uint8_t x[16], const uint8_t H[16], +void gcm_pmull_precompute(const uint8_t H[16], uint64_t H_pow[4*2]); + +void gcm_multiply_pmull(uint8_t x[16], + const uint64_t H[8], const uint8_t input[], size_t blocks); } From c4ba92a457825276340eb448528d6d5a09e18009 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 19 Oct 2017 09:41:21 +0200 Subject: [PATCH 0064/1008] Use __file__ to detect project root otherwise the module "configure" cannot be imported by the tests anymore --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index a4d2eadf0c..e7d900e33b 100755 --- a/configure.py +++ b/configure.py @@ -83,7 +83,7 @@ class Version(object): @staticmethod def get_data(): if not Version.data: - root_dir = os.path.dirname(sys.argv[0]) + root_dir = os.path.dirname(os.path.realpath(__file__)) Version.data = parse_version_file(os.path.join(root_dir, 'version.txt')) return Version.data From 5b3696864396ab24c2da47106721cf25721a4468 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 19 Oct 2017 10:18:52 +0200 Subject: [PATCH 0065/1008] Rename method to AmalgamationHelper.is_unconditional_std_include and test --- configure.py | 19 ++++++++++-------- src/scripts/python_unittests.py | 34 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/configure.py b/configure.py index e7d900e33b..902a77312e 100755 --- a/configure.py +++ b/configure.py @@ -2440,13 +2440,16 @@ def portable_symlink(file_path, target_dir, method): class AmalgamationHelper(object): - _any_include_matcher = re.compile(r'#include <(.*)>$') - _botan_include_matcher = re.compile(r'#include ') - _std_include_matcher = re.compile(r'^#include <([^/\.]+|stddef.h)>$') + _any_include = re.compile(r'#include <(.*)>$') + _botan_include = re.compile(r'#include $') + + # Only matches at the beginning of the line. By convention, this means that the include + # is not wrapped by condition macros + _unconditional_std_include = re.compile(r'^#include <([^/\.]+|stddef.h)>$') @staticmethod def is_any_include(cpp_source_line): - match = AmalgamationHelper._any_include_matcher.search(cpp_source_line) + match = AmalgamationHelper._any_include.search(cpp_source_line) if match: return match.group(1) else: @@ -2454,15 +2457,15 @@ def is_any_include(cpp_source_line): @staticmethod def is_botan_include(cpp_source_line): - match = AmalgamationHelper._botan_include_matcher.search(cpp_source_line) + match = AmalgamationHelper._botan_include.search(cpp_source_line) if match: return match.group(1) else: return None @staticmethod - def is_std_include(cpp_source_line): - match = AmalgamationHelper._std_include_matcher.search(cpp_source_line) + def is_unconditional_std_include(cpp_source_line): + match = AmalgamationHelper._unconditional_std_include.search(cpp_source_line) if match: return match.group(1) else: @@ -2518,7 +2521,7 @@ def header_contents(self, name): for c in self.header_contents(header): yield c else: - std_header = AmalgamationHelper.is_std_include(line) + std_header = AmalgamationHelper.is_unconditional_std_include(line) if std_header: self.all_std_includes.add(std_header) diff --git a/src/scripts/python_unittests.py b/src/scripts/python_unittests.py index 37068ed1cf..37fa257214 100755 --- a/src/scripts/python_unittests.py +++ b/src/scripts/python_unittests.py @@ -14,9 +14,43 @@ import unittest sys.path.append("../..") # Botan repo root +from configure import AmalgamationHelper # pylint: disable=wrong-import-position from configure import CompilerDetector # pylint: disable=wrong-import-position from configure import ModulesChooser # pylint: disable=wrong-import-position +class AmalgamationHelperTests(unittest.TestCase): + def test_matcher_std_includes(self): + self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include "), "string") + + self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include "), None) + self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include "), None) + self.assertEqual(AmalgamationHelper.is_unconditional_std_include(" #include "), None) + + def test_matcher_botan_include(self): + self.assertEqual(AmalgamationHelper.is_botan_include("#include "), + "oids.h") + self.assertEqual(AmalgamationHelper.is_botan_include("#include "), + "internal/socket.h") + self.assertEqual(AmalgamationHelper.is_botan_include(" #include "), + "oids.h") + self.assertEqual(AmalgamationHelper.is_botan_include(" #include "), + "internal/socket.h") + + self.assertEqual(AmalgamationHelper.is_botan_include("#include "), None) + self.assertEqual(AmalgamationHelper.is_botan_include("#include "), None) + self.assertEqual(AmalgamationHelper.is_botan_include("#include "), None) + + def test_matcher_any_includes(self): + self.assertEqual(AmalgamationHelper.is_any_include("#include "), "string") + self.assertEqual(AmalgamationHelper.is_any_include("#include "), "myfile.h") + self.assertEqual(AmalgamationHelper.is_any_include("#include "), "unistd.h") + self.assertEqual(AmalgamationHelper.is_any_include("#include "), + "botan/oids.h") + self.assertEqual(AmalgamationHelper.is_any_include(" #include "), "string") + self.assertEqual(AmalgamationHelper.is_any_include(" #include "), "myfile.h") + self.assertEqual(AmalgamationHelper.is_any_include(" #include "), "unistd.h") + self.assertEqual(AmalgamationHelper.is_any_include(" #include "), + "botan/oids.h") class CompilerDetection(unittest.TestCase): From 4a5b134633a94f11a83afa7feeded90392315790 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 19 Oct 2017 10:24:30 +0200 Subject: [PATCH 0066/1008] Allow trailing comments for include matchers --- configure.py | 7 ++++--- src/scripts/python_unittests.py | 10 ++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 902a77312e..5bebd78d14 100755 --- a/configure.py +++ b/configure.py @@ -2440,12 +2440,13 @@ def portable_symlink(file_path, target_dir, method): class AmalgamationHelper(object): - _any_include = re.compile(r'#include <(.*)>$') - _botan_include = re.compile(r'#include $') + # All include types may have trailing comment like e.g. '#include // IWYU pragma: export' + _any_include = re.compile(r'#include <(.*)>') + _botan_include = re.compile(r'#include ') # Only matches at the beginning of the line. By convention, this means that the include # is not wrapped by condition macros - _unconditional_std_include = re.compile(r'^#include <([^/\.]+|stddef.h)>$') + _unconditional_std_include = re.compile(r'^#include <([^/\.]+|stddef.h)>') @staticmethod def is_any_include(cpp_source_line): diff --git a/src/scripts/python_unittests.py b/src/scripts/python_unittests.py index 37fa257214..337f5369e1 100755 --- a/src/scripts/python_unittests.py +++ b/src/scripts/python_unittests.py @@ -21,6 +21,7 @@ class AmalgamationHelperTests(unittest.TestCase): def test_matcher_std_includes(self): self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include "), "string") + self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include // comment"), "string") self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include "), None) self.assertEqual(AmalgamationHelper.is_unconditional_std_include("#include "), None) @@ -31,6 +32,10 @@ def test_matcher_botan_include(self): "oids.h") self.assertEqual(AmalgamationHelper.is_botan_include("#include "), "internal/socket.h") + self.assertEqual(AmalgamationHelper.is_botan_include("#include // comment"), + "oids.h") + self.assertEqual(AmalgamationHelper.is_botan_include("#include // comment"), + "internal/socket.h") self.assertEqual(AmalgamationHelper.is_botan_include(" #include "), "oids.h") self.assertEqual(AmalgamationHelper.is_botan_include(" #include "), @@ -51,6 +56,11 @@ def test_matcher_any_includes(self): self.assertEqual(AmalgamationHelper.is_any_include(" #include "), "unistd.h") self.assertEqual(AmalgamationHelper.is_any_include(" #include "), "botan/oids.h") + self.assertEqual(AmalgamationHelper.is_any_include("#include // comment"), "string") + self.assertEqual(AmalgamationHelper.is_any_include("#include // comment"), "myfile.h") + self.assertEqual(AmalgamationHelper.is_any_include("#include // comment"), "unistd.h") + self.assertEqual(AmalgamationHelper.is_any_include("#include // comment"), + "botan/oids.h") class CompilerDetection(unittest.TestCase): From 0bd88aee775cd65cd13e7d2936c36e393235a955 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 19 Oct 2017 10:36:15 +0200 Subject: [PATCH 0067/1008] Only skip includes that have been incuded unconditionally before --- configure.py | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/configure.py b/configure.py index 5bebd78d14..88a21a6c7d 100755 --- a/configure.py +++ b/configure.py @@ -2446,6 +2446,7 @@ class AmalgamationHelper(object): # Only matches at the beginning of the line. By convention, this means that the include # is not wrapped by condition macros + _unconditional_any_include = re.compile(r'^#include <(.*)>') _unconditional_std_include = re.compile(r'^#include <([^/\.]+|stddef.h)>') @staticmethod @@ -2464,6 +2465,14 @@ def is_botan_include(cpp_source_line): else: return None + @staticmethod + def is_unconditional_any_include(cpp_source_line): + match = AmalgamationHelper._unconditional_any_include.search(cpp_source_line) + if match: + return match.group(1) + else: + return None + @staticmethod def is_unconditional_std_include(cpp_source_line): match = AmalgamationHelper._unconditional_std_include.search(cpp_source_line) @@ -2673,9 +2682,9 @@ def _generate_sources(self, amalgamation_headers, included_in_headers): #pylint: f.write('#endif\n') # target to include header map - headers_written = {} + unconditional_headers_written = {} for target, _ in amalgamation_sources.items(): - headers_written[target] = included_in_headers.copy() + unconditional_headers_written[target] = included_in_headers.copy() for mod in sorted(self._modules, key=lambda module: module.basename): tgt = self._target_for_module(mod) @@ -2683,17 +2692,17 @@ def _generate_sources(self, amalgamation_headers, included_in_headers): #pylint: with open(src, 'r', **encoding_kwords) as f: for line in f: if AmalgamationHelper.is_botan_include(line): + # Botan headers are inlined in amalgamation headers continue - header = AmalgamationHelper.is_any_include(line) - if header: - if header in headers_written[tgt]: - continue + if AmalgamationHelper.is_any_include(line) in unconditional_headers_written[tgt]: + # This include (conditional or unconditional) was unconditionally added before + continue - amalgamation_files[tgt].write(line) - headers_written[tgt].add(header) - else: - amalgamation_files[tgt].write(line) + amalgamation_files[tgt].write(line) + unconditional_header = AmalgamationHelper.is_unconditional_any_include(line) + if unconditional_header: + unconditional_headers_written[tgt].add(unconditional_header) for f in amalgamation_files.values(): f.close() From 416f4c0c62e5f1e03a09ae7e34c0fd70e996b25d Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 19 Oct 2017 10:38:21 +0200 Subject: [PATCH 0068/1008] Use conditional include in demaphore.h --- src/lib/utils/semaphore.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/semaphore.h b/src/lib/utils/semaphore.h index 84478a8df9..431680cb3e 100644 --- a/src/lib/utils/semaphore.h +++ b/src/lib/utils/semaphore.h @@ -11,7 +11,7 @@ #include #if defined(BOTAN_TARGET_OS_HAS_THREADS) -#include + #include #endif namespace Botan { From b084770543409555bfc928cdafe66d9475a55baf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 10:49:24 -0400 Subject: [PATCH 0069/1008] Ignore BOTAN_DEPRECATED in Doxygen config Fixes #1266 --- src/build-data/botan.doxy.in | 1 + 1 file changed, 1 insertion(+) diff --git a/src/build-data/botan.doxy.in b/src/build-data/botan.doxy.in index d3d4944e24..4065ad7a1c 100644 --- a/src/build-data/botan.doxy.in +++ b/src/build-data/botan.doxy.in @@ -160,6 +160,7 @@ PREDEFINED = BOTAN_HAS_AES_SSSE3 \ BOTAN_HAS_CHACHA_SSE2 \ BOTAN_HAS_SHACAL2_SIMD \ BOTAN_HAS_SHACAL2_X86 \ + BOTAN_DEPRECATED(msg)= \ BOTAN_PUBLIC_API(maj,min)= From 2e491b4ddbb63543d027a8a84a9fb523383ff3f0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 12:39:21 -0400 Subject: [PATCH 0070/1008] Add a destructor to Policy_Violation MSVC produces a deranged warning that the compiler generated destructor is deprecated, try to shut it up. --- src/lib/utils/exceptn.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 5af6b01cc2..89b047e1af 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -114,10 +114,11 @@ class BOTAN_PUBLIC_API(2,0) PRNG_Unseeded final : public Invalid_State /** * Policy_Violation Exception */ -class BOTAN_DEPRECATED("unused") BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State +class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State { public: explicit Policy_Violation(const std::string& err); + ~Policy_Violation() { /* avoid strange MSVC warning */ } }; /** @@ -132,7 +133,7 @@ class BOTAN_PUBLIC_API(2,0) Algorithm_Not_Found final : public Lookup_Error /** * No_Provider_Found Exception */ -class BOTAN_DEPRECATED("unused") BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception +class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception { public: explicit No_Provider_Found(const std::string& name); @@ -205,7 +206,7 @@ class BOTAN_PUBLIC_API(2,0) Stream_IO_Error final : public Exception /** * Self Test Failure Exception */ -class BOTAN_DEPRECATED("unused") BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error +class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error { public: explicit Self_Test_Failure(const std::string& err); From 9be977646f9373ff596e8fdd5ebd73f3281cde49 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 12:43:15 -0400 Subject: [PATCH 0071/1008] Appease Sonar --- src/lib/stream/ctr/ctr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index b4c931980a..d0b44589b9 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -143,7 +143,7 @@ void CTR_BE::add_counter(const uint64_t counter) uint64_t b0 = load_be(&m_counter[off], 0); uint64_t b1 = load_be(&m_counter[off], 1); b1 += counter; - b1 += (b1 < counter); // carry + b1 += (b1 < counter) ? 1 : 0; // carry store_be(b0, &m_counter[off]); store_be(b1, &m_counter[off+8]); off += BS; From 843a982c3a019e18975aef0277af44a3731f8caa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 15:12:35 -0400 Subject: [PATCH 0072/1008] Another attempt at silencing MSVC warning --- src/lib/utils/exceptn.cpp | 4 ---- src/lib/utils/exceptn.h | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/lib/utils/exceptn.cpp b/src/lib/utils/exceptn.cpp index 08fbd40e1f..caae15a33e 100644 --- a/src/lib/utils/exceptn.cpp +++ b/src/lib/utils/exceptn.cpp @@ -48,10 +48,6 @@ PRNG_Unseeded::PRNG_Unseeded(const std::string& algo) : Invalid_State("PRNG not seeded: " + algo) {} -Policy_Violation::Policy_Violation(const std::string& err) : - Invalid_State("Policy violation: " + err) - {} - Algorithm_Not_Found::Algorithm_Not_Found(const std::string& name) : Lookup_Error("Could not find any algorithm named \"" + name + "\"") {} diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 89b047e1af..4349290e9c 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -117,8 +117,8 @@ class BOTAN_PUBLIC_API(2,0) PRNG_Unseeded final : public Invalid_State class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State { public: - explicit Policy_Violation(const std::string& err); - ~Policy_Violation() { /* avoid strange MSVC warning */ } + explicit Policy_Violation(const std::string& err) : + Invalid_State("Policy violation: " + err) {} }; /** From 53a7136759a38f5cd7b1dfcd79868ffe89d61c35 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 16:18:14 -0400 Subject: [PATCH 0073/1008] Undeprecate these exceptions Cannot figure out how to get MSVC to shut up --- src/lib/utils/exceptn.cpp | 3 +++ src/lib/utils/exceptn.h | 9 ++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/lib/utils/exceptn.cpp b/src/lib/utils/exceptn.cpp index caae15a33e..240742602c 100644 --- a/src/lib/utils/exceptn.cpp +++ b/src/lib/utils/exceptn.cpp @@ -44,6 +44,9 @@ Invalid_IV_Length::Invalid_IV_Length(const std::string& mode, size_t bad_len) : " is invalid for " + mode) {} +Policy_Violation::Policy_Violation(const std::string& err) : + Invalid_State("Policy violation: " + err) {} + PRNG_Unseeded::PRNG_Unseeded(const std::string& algo) : Invalid_State("PRNG not seeded: " + algo) {} diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 4349290e9c..1ed41aeb34 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -114,11 +114,10 @@ class BOTAN_PUBLIC_API(2,0) PRNG_Unseeded final : public Invalid_State /** * Policy_Violation Exception */ -class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State +class BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State { public: - explicit Policy_Violation(const std::string& err) : - Invalid_State("Policy violation: " + err) {} + explicit Policy_Violation(const std::string& err); }; /** @@ -133,7 +132,7 @@ class BOTAN_PUBLIC_API(2,0) Algorithm_Not_Found final : public Lookup_Error /** * No_Provider_Found Exception */ -class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception +class BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception { public: explicit No_Provider_Found(const std::string& name); @@ -206,7 +205,7 @@ class BOTAN_PUBLIC_API(2,0) Stream_IO_Error final : public Exception /** * Self Test Failure Exception */ -class BOTAN_DEPRECATED("deprecated") BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error +class BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error { public: explicit Self_Test_Failure(const std::string& err); From 7de7aad3be6f97b65e9ec7b69f0c093ad3a52394 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 16:18:33 -0400 Subject: [PATCH 0074/1008] In speed flush the output stream after each result --- src/cli/speed.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index ffb8c6a0f1..518adb8577 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -944,7 +944,7 @@ class Speed final : public Command } else { - output() << t.to_string(); + output() << t.to_string() << std::flush; if(m_summary) m_summary->add(t); } From 03d4bceef5caeab584e03a7cf0e3ac3a3fb0d420 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 16:18:48 -0400 Subject: [PATCH 0075/1008] Remove unused variable --- src/lib/modes/aead/gcm/clmul/clmul.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/modes/aead/gcm/clmul/clmul.cpp b/src/lib/modes/aead/gcm/clmul/clmul.cpp index 632de6d339..6f968866df 100644 --- a/src/lib/modes/aead/gcm/clmul/clmul.cpp +++ b/src/lib/modes/aead/gcm/clmul/clmul.cpp @@ -43,7 +43,7 @@ inline __m128i gcm_reduce(const __m128i& B0, const __m128i& B1) BOTAN_FUNC_ISA("pclmul,sse2") inline __m128i gcm_multiply(const __m128i& H, const __m128i& x) { - __m128i T0, T1, T2, T3, T4; + __m128i T0, T1, T2, T3; T0 = _mm_clmulepi64_si128(x, H, 0x11); T1 = _mm_clmulepi64_si128(x, H, 0x10); From d3c5dab077aff20a78bd582a3fd9c1591dc826a7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 19 Oct 2017 19:00:53 -0400 Subject: [PATCH 0076/1008] Use base CBC modes to implement TLS CBC ciphersuites This reduces code and also lets TLS make use of parallel decryption which it was not doing before. --- src/lib/tls/tls_cbc/info.txt | 5 +++ src/lib/tls/tls_cbc/tls_cbc.cpp | 61 ++++++++++++--------------------- src/lib/tls/tls_cbc/tls_cbc.h | 19 +++++----- 3 files changed, 36 insertions(+), 49 deletions(-) diff --git a/src/lib/tls/tls_cbc/info.txt b/src/lib/tls/tls_cbc/info.txt index 3212366969..a1d2b18cce 100644 --- a/src/lib/tls/tls_cbc/info.txt +++ b/src/lib/tls/tls_cbc/info.txt @@ -5,3 +5,8 @@ TLS_CBC -> 20161008 tls_cbc.h + + +cbc +hmac + diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index a0b2384987..f38419ba7b 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -9,6 +9,8 @@ */ #include +#include + #include #include #include @@ -21,7 +23,8 @@ namespace TLS { /* * TLS_CBC_HMAC_AEAD_Mode Constructor */ -TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode(const std::string& cipher_name, +TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir dir, + const std::string& cipher_name, size_t cipher_keylen, const std::string& mac_name, size_t mac_keylen, @@ -33,18 +36,23 @@ TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode(const std::string& cipher_name, m_mac_keylen(mac_keylen), m_use_encrypt_then_mac(use_encrypt_then_mac) { - m_cipher = BlockCipher::create_or_throw(m_cipher_name); m_mac = MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_name + ")"); + std::unique_ptr cipher = BlockCipher::create_or_throw(m_cipher_name); m_tag_size = m_mac->output_length(); - m_block_size = m_cipher->block_size(); + m_block_size = cipher->block_size(); m_iv_size = use_explicit_iv ? m_block_size : 0; + + if(dir == ENCRYPTION) + m_cbc.reset(new CBC_Encryption(cipher.release(), new Null_Padding)); + else + m_cbc.reset(new CBC_Decryption(cipher.release(), new Null_Padding)); } void TLS_CBC_HMAC_AEAD_Mode::clear() { - cipher().clear(); + cbc().clear(); mac().clear(); reset(); } @@ -85,7 +93,7 @@ void TLS_CBC_HMAC_AEAD_Mode::key_schedule(const uint8_t key[], size_t keylen) if(keylen != m_cipher_keylen + m_mac_keylen) throw Invalid_Key_Length(name(), keylen); - cipher().set_key(&key[0], m_cipher_keylen); + cbc().set_key(&key[0], m_cipher_keylen); mac().set_key(&key[m_cipher_keylen], m_mac_keylen); } @@ -145,17 +153,10 @@ void TLS_CBC_HMAC_AEAD_Encryption::cbc_encrypt_record(uint8_t buf[], size_t buf_ const size_t blocks = buf_size / block_size(); BOTAN_ASSERT(buf_size % block_size() == 0, "Valid CBC input"); - xor_buf(buf, cbc_state().data(), block_size()); - cipher().encrypt(buf); + cbc().start(cbc_state()); + cbc().process(buf, buf_size); - for(size_t i = 1; i < blocks; ++i) - { - xor_buf(&buf[block_size()*i], &buf[block_size()*(i-1)], block_size()); - cipher().encrypt(&buf[block_size()*i]); - } - - cbc_state().assign(&buf[block_size()*(blocks-1)], - &buf[block_size()*blocks]); + cbc_state().assign(buf + buf_size - block_size(), buf + buf_size); } size_t TLS_CBC_HMAC_AEAD_Encryption::output_length(size_t input_length) const @@ -253,32 +254,14 @@ uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len) void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(uint8_t record_contents[], size_t record_len) { - if(record_len % block_size() != 0) - throw Decoding_Error("Input CBC ciphertext is not a multiple of block size"); - - const size_t blocks = record_len / block_size(); + if(record_len == 0 || record_len % block_size() != 0) + throw Decoding_Error("Received TLS CBC ciphertext with invalid length"); - BOTAN_ASSERT(blocks >= 1, "At least one ciphertext block"); - - uint8_t* buf = record_contents; - - secure_vector last_ciphertext(block_size()); - copy_mem(last_ciphertext.data(), buf, block_size()); - - cipher().decrypt(buf); - xor_buf(buf, cbc_state().data(), block_size()); - - secure_vector last_ciphertext2; - - for(size_t i = 1; i < blocks; ++i) - { - last_ciphertext2.assign(&buf[block_size()*i], &buf[block_size()*(i+1)]); - cipher().decrypt(&buf[block_size()*i]); - xor_buf(&buf[block_size()*i], last_ciphertext.data(), block_size()); - std::swap(last_ciphertext, last_ciphertext2); - } + cbc().start(cbc_state()); + cbc_state().assign(record_contents + record_len - block_size(), + record_contents + record_len); - cbc_state().assign(last_ciphertext.begin(), last_ciphertext.end()); + cbc().process(record_contents, record_len); } size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t) const diff --git a/src/lib/tls/tls_cbc/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index f09e0ad395..012b9e51f1 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h @@ -45,7 +45,8 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode void reset() override final; protected: - TLS_CBC_HMAC_AEAD_Mode(const std::string& cipher_name, + TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction, + const std::string& cipher_name, size_t cipher_keylen, const std::string& mac_name, size_t mac_keylen, @@ -59,11 +60,7 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; } - BlockCipher& cipher() const - { - BOTAN_ASSERT_NONNULL(m_cipher); - return *m_cipher; - } + Cipher_Mode& cbc() const { return *m_cbc; } MessageAuthenticationCode& mac() const { @@ -91,7 +88,7 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode size_t m_block_size; bool m_use_encrypt_then_mac; - std::unique_ptr m_cipher; + std::unique_ptr m_cbc; std::unique_ptr m_mac; secure_vector m_cbc_state; @@ -113,7 +110,8 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AE const size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac) : - TLS_CBC_HMAC_AEAD_Mode(cipher_algo, + TLS_CBC_HMAC_AEAD_Mode(ENCRYPTION, + cipher_algo, cipher_keylen, mac_algo, mac_keylen, @@ -146,7 +144,8 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AE const size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac) : - TLS_CBC_HMAC_AEAD_Mode(cipher_algo, + TLS_CBC_HMAC_AEAD_Mode(DECRYPTION, + cipher_algo, cipher_keylen, mac_algo, mac_keylen, @@ -162,7 +161,7 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AE private: void cbc_decrypt_record(uint8_t record_contents[], size_t record_len); - + void perform_additional_compressions(size_t plen, size_t padlen); }; From efa5004354ead93d8c5a3b32f430ccfb1c46e072 Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Thu, 19 Oct 2017 17:14:00 +0200 Subject: [PATCH 0077/1008] X.509 RSA-PSS verification --- src/build-data/oids.txt | 8 + src/lib/asn1/oids.cpp | 12 +- src/lib/pubkey/pk_algs.cpp | 4 +- src/lib/x509/x509_obj.cpp | 94 +- src/lib/x509/x509cert.cpp | 47 + src/lib/x509/x509path.h | 4 +- src/tests/data/pss_x509/01/README.txt | 1 + src/tests/data/pss_x509/01/end.crt | 28 + src/tests/data/pss_x509/01/root.crt | 31 + src/tests/data/pss_x509/02/README.txt | 1 + src/tests/data/pss_x509/02/end.crt | 26 + src/tests/data/pss_x509/02/root.crt | 29 + src/tests/data/pss_x509/03/end.crt | 53 + src/tests/data/pss_x509/03/root.crt | 26 + src/tests/data/pss_x509/04/end.crt | 54 + src/tests/data/pss_x509/04/root.crt | 26 + src/tests/data/pss_x509/05/end.crt | 36 + src/tests/data/pss_x509/05/root.crt | 40 + src/tests/data/pss_x509/06/end.crt | 36 + src/tests/data/pss_x509/06/root.crt | 40 + src/tests/data/pss_x509/07/end.crt | 36 + src/tests/data/pss_x509/07/root.crt | 40 + src/tests/data/pss_x509/08/end.crt | 36 + src/tests/data/pss_x509/08/root.crt | 40 + src/tests/data/pss_x509/09/end.crt | 36 + src/tests/data/pss_x509/09/root.crt | 40 + src/tests/data/pss_x509/10/end.crt | 36 + src/tests/data/pss_x509/10/root.crt | 40 + src/tests/data/pss_x509/100/end.crt | 19 + src/tests/data/pss_x509/100/root.crt | 21 + src/tests/data/pss_x509/101/end.crt | 20 + src/tests/data/pss_x509/101/root.crt | 21 + src/tests/data/pss_x509/102/end.crt | 20 + src/tests/data/pss_x509/102/root.crt | 21 + src/tests/data/pss_x509/103/end.crt | 20 + src/tests/data/pss_x509/103/root.crt | 21 + src/tests/data/pss_x509/104/end.crt | 20 + src/tests/data/pss_x509/104/root.crt | 21 + src/tests/data/pss_x509/105/end.crt | 19 + src/tests/data/pss_x509/105/root.crt | 21 + src/tests/data/pss_x509/106/end.crt | 19 + src/tests/data/pss_x509/106/root.crt | 21 + src/tests/data/pss_x509/107/end.crt | 22 + .../data/pss_x509/108/crl-rsa-pss-sha1.crl | 14 + src/tests/data/pss_x509/108/end.crt | 20 + src/tests/data/pss_x509/108/root.crt | 21 + src/tests/data/pss_x509/109/README.txt | 1 + .../pss_x509/109/crl-rsa-pss-sha1-badsign.crl | 14 + src/tests/data/pss_x509/109/end.crt | 20 + src/tests/data/pss_x509/109/root.crt | 21 + src/tests/data/pss_x509/11/end.crt | 29 + src/tests/data/pss_x509/11/root.crt | 34 + .../data/pss_x509/110/crl-rsa-pss-sha224.crl | 16 + src/tests/data/pss_x509/110/end.crt | 20 + src/tests/data/pss_x509/110/root.crt | 21 + .../data/pss_x509/111/crl-rsa-pss-sha256.crl | 16 + src/tests/data/pss_x509/111/end.crt | 20 + src/tests/data/pss_x509/111/root.crt | 21 + .../data/pss_x509/112/crl-rsa-pss-sha384.crl | 16 + src/tests/data/pss_x509/112/end.crt | 20 + src/tests/data/pss_x509/112/root.crt | 21 + .../data/pss_x509/113/crl-rsa-pss-sha512.crl | 16 + src/tests/data/pss_x509/113/end.crt | 20 + src/tests/data/pss_x509/113/root.crt | 21 + .../data/pss_x509/114/server9.req.sha1.csr | 11 + .../data/pss_x509/115/server9.req.sha224.csr | 12 + .../data/pss_x509/116/server9.req.sha256.csr | 12 + .../data/pss_x509/117/server9.req.sha384.csr | 12 + .../data/pss_x509/118/server9.req.sha512.csr | 12 + src/tests/data/pss_x509/12/end.crt | 29 + src/tests/data/pss_x509/12/root.crt | 34 + src/tests/data/pss_x509/13/end.crt | 29 + src/tests/data/pss_x509/13/root.crt | 34 + src/tests/data/pss_x509/14/end.crt | 29 + src/tests/data/pss_x509/14/root.crt | 34 + src/tests/data/pss_x509/15/end.crt | 29 + src/tests/data/pss_x509/15/root.crt | 34 + src/tests/data/pss_x509/16/end.crt | 33 + src/tests/data/pss_x509/16/root.crt | 36 + src/tests/data/pss_x509/17/end.crt | 33 + src/tests/data/pss_x509/17/root.crt | 36 + src/tests/data/pss_x509/18/end.crt | 33 + src/tests/data/pss_x509/18/root.crt | 36 + src/tests/data/pss_x509/19/end.crt | 33 + src/tests/data/pss_x509/19/root.crt | 36 + src/tests/data/pss_x509/20/end.crt | 33 + src/tests/data/pss_x509/20/root.crt | 36 + src/tests/data/pss_x509/21/end.crt | 30 + src/tests/data/pss_x509/21/root.crt | 35 + src/tests/data/pss_x509/22/end.crt | 30 + src/tests/data/pss_x509/22/root.crt | 35 + src/tests/data/pss_x509/23/end.crt | 30 + src/tests/data/pss_x509/23/root.crt | 35 + src/tests/data/pss_x509/24/end.crt | 30 + src/tests/data/pss_x509/24/root.crt | 35 + src/tests/data/pss_x509/25/end.crt | 30 + src/tests/data/pss_x509/25/root.crt | 35 + src/tests/data/pss_x509/26/end.crt | 33 + src/tests/data/pss_x509/26/root.crt | 36 + src/tests/data/pss_x509/27/end.crt | 33 + src/tests/data/pss_x509/27/root.crt | 36 + src/tests/data/pss_x509/28/end.crt | 33 + src/tests/data/pss_x509/28/root.crt | 36 + src/tests/data/pss_x509/29/end.crt | 33 + src/tests/data/pss_x509/29/root.crt | 36 + src/tests/data/pss_x509/30/end.crt | 33 + src/tests/data/pss_x509/30/root.crt | 36 + src/tests/data/pss_x509/31/end.crt | 25 + src/tests/data/pss_x509/31/root.crt | 28 + src/tests/data/pss_x509/32/end.crt | 25 + src/tests/data/pss_x509/32/root.crt | 28 + src/tests/data/pss_x509/33/end.crt | 25 + src/tests/data/pss_x509/33/root.crt | 28 + src/tests/data/pss_x509/34/end.crt | 25 + src/tests/data/pss_x509/34/root.crt | 28 + src/tests/data/pss_x509/35/end.crt | 25 + src/tests/data/pss_x509/35/root.crt | 28 + src/tests/data/pss_x509/36/end.crt | 32 + src/tests/data/pss_x509/36/root.crt | 37 + src/tests/data/pss_x509/37/end.crt | 32 + src/tests/data/pss_x509/37/root.crt | 37 + src/tests/data/pss_x509/38/end.crt | 32 + src/tests/data/pss_x509/38/root.crt | 37 + src/tests/data/pss_x509/39/end.crt | 32 + src/tests/data/pss_x509/39/root.crt | 37 + src/tests/data/pss_x509/40/end.crt | 32 + src/tests/data/pss_x509/40/root.crt | 37 + src/tests/data/pss_x509/41/end.crt | 36 + src/tests/data/pss_x509/41/root.crt | 40 + src/tests/data/pss_x509/42/end.crt | 36 + src/tests/data/pss_x509/42/root.crt | 40 + src/tests/data/pss_x509/43/end.crt | 36 + src/tests/data/pss_x509/43/root.crt | 40 + src/tests/data/pss_x509/44/end.crt | 36 + src/tests/data/pss_x509/44/root.crt | 40 + src/tests/data/pss_x509/45/end.crt | 36 + src/tests/data/pss_x509/45/root.crt | 40 + src/tests/data/pss_x509/46/end.crt | 25 + src/tests/data/pss_x509/46/root.crt | 28 + src/tests/data/pss_x509/47/end.crt | 26 + src/tests/data/pss_x509/47/root.crt | 28 + src/tests/data/pss_x509/48/end.crt | 26 + src/tests/data/pss_x509/48/root.crt | 28 + src/tests/data/pss_x509/49/end.crt | 26 + src/tests/data/pss_x509/49/root.crt | 28 + src/tests/data/pss_x509/50/end.crt | 26 + src/tests/data/pss_x509/50/root.crt | 28 + src/tests/data/pss_x509/51/end.crt | 30 + src/tests/data/pss_x509/51/root.crt | 35 + src/tests/data/pss_x509/52/end.crt | 30 + src/tests/data/pss_x509/52/root.crt | 35 + src/tests/data/pss_x509/53/end.crt | 30 + src/tests/data/pss_x509/53/root.crt | 35 + src/tests/data/pss_x509/54/end.crt | 30 + src/tests/data/pss_x509/54/root.crt | 35 + src/tests/data/pss_x509/55/end.crt | 30 + src/tests/data/pss_x509/55/root.crt | 35 + src/tests/data/pss_x509/56/end.crt | 33 + src/tests/data/pss_x509/56/root.crt | 36 + src/tests/data/pss_x509/57/end.crt | 33 + src/tests/data/pss_x509/57/root.crt | 36 + src/tests/data/pss_x509/58/end.crt | 33 + src/tests/data/pss_x509/58/root.crt | 36 + src/tests/data/pss_x509/59/end.crt | 33 + src/tests/data/pss_x509/59/root.crt | 36 + src/tests/data/pss_x509/60/end.crt | 33 + src/tests/data/pss_x509/60/root.crt | 36 + src/tests/data/pss_x509/61/end.crt | 30 + src/tests/data/pss_x509/61/root.crt | 32 + src/tests/data/pss_x509/62/end.crt | 30 + src/tests/data/pss_x509/62/root.crt | 32 + src/tests/data/pss_x509/63/end.crt | 30 + src/tests/data/pss_x509/63/root.crt | 32 + src/tests/data/pss_x509/64/end.crt | 29 + src/tests/data/pss_x509/64/root.crt | 32 + src/tests/data/pss_x509/65/end.crt | 30 + src/tests/data/pss_x509/65/root.crt | 32 + src/tests/data/pss_x509/66/end.crt | 30 + src/tests/data/pss_x509/66/root.crt | 32 + src/tests/data/pss_x509/67/end.crt | 30 + src/tests/data/pss_x509/67/root.crt | 32 + src/tests/data/pss_x509/68/end.crt | 30 + src/tests/data/pss_x509/68/root.crt | 32 + src/tests/data/pss_x509/69/end.crt | 30 + src/tests/data/pss_x509/69/root.crt | 32 + src/tests/data/pss_x509/70/end.crt | 30 + src/tests/data/pss_x509/70/root.crt | 32 + src/tests/data/pss_x509/71/end.crt | 33 + src/tests/data/pss_x509/71/root.crt | 36 + src/tests/data/pss_x509/72/end.crt | 33 + src/tests/data/pss_x509/72/root.crt | 36 + src/tests/data/pss_x509/73/end.crt | 33 + src/tests/data/pss_x509/73/root.crt | 36 + src/tests/data/pss_x509/74/end.crt | 33 + src/tests/data/pss_x509/74/root.crt | 36 + src/tests/data/pss_x509/75/end.crt | 33 + src/tests/data/pss_x509/75/root.crt | 36 + src/tests/data/pss_x509/76/end.crt | 26 + src/tests/data/pss_x509/76/root.crt | 29 + src/tests/data/pss_x509/77/end.crt | 26 + src/tests/data/pss_x509/77/root.crt | 29 + src/tests/data/pss_x509/78/end.crt | 26 + src/tests/data/pss_x509/78/root.crt | 29 + src/tests/data/pss_x509/79/end.crt | 26 + src/tests/data/pss_x509/79/root.crt | 29 + src/tests/data/pss_x509/80/end.crt | 26 + src/tests/data/pss_x509/80/root.crt | 29 + src/tests/data/pss_x509/81/end.crt | 32 + src/tests/data/pss_x509/81/root.crt | 36 + src/tests/data/pss_x509/82/end.crt | 40 + src/tests/data/pss_x509/83/end.crt | 24 + src/tests/data/pss_x509/84/end.crt | 42 + src/tests/data/pss_x509/85/end.crt | 29 + src/tests/data/pss_x509/86/end.crt | 33 + src/tests/data/pss_x509/87/end.crt | 29 + src/tests/data/pss_x509/88/end.crt | 35 + src/tests/data/pss_x509/89/end.crt | 37 + src/tests/data/pss_x509/90/end.crt | 36 + src/tests/data/pss_x509/91/end.crt | 42 + src/tests/data/pss_x509/92/end.crt | 29 + src/tests/data/pss_x509/93/end.crt | 41 + src/tests/data/pss_x509/94/end.crt | 36 + src/tests/data/pss_x509/95/end.crt | 29 + src/tests/data/pss_x509/96/end.crt | Bin 0 -> 1270 bytes src/tests/data/pss_x509/97/README.txt | 1 + src/tests/data/pss_x509/97/end.crt | 20 + src/tests/data/pss_x509/97/root.crt | 21 + src/tests/data/pss_x509/98/README.txt | 1 + src/tests/data/pss_x509/98/end.crt | 20 + src/tests/data/pss_x509/98/root.crt | 21 + src/tests/data/pss_x509/99/README.txt | 1 + src/tests/data/pss_x509/99/end.crt | 19 + src/tests/data/pss_x509/99/root.crt | 21 + src/tests/data/pss_x509/Sources.txt | 6 + src/tests/data/pss_x509/expected.txt | 118 ++ src/tests/data/pss_x509/validation_times.txt | 118 ++ src/tests/data/pubkey/rsa_invalid.vec | 1356 +++++++++++++++++ src/tests/data/pubkey/rsa_verify.vec | 639 ++++++++ src/tests/test_x509_path.cpp | 126 ++ 239 files changed, 9130 insertions(+), 10 deletions(-) create mode 100644 src/tests/data/pss_x509/01/README.txt create mode 100644 src/tests/data/pss_x509/01/end.crt create mode 100644 src/tests/data/pss_x509/01/root.crt create mode 100644 src/tests/data/pss_x509/02/README.txt create mode 100644 src/tests/data/pss_x509/02/end.crt create mode 100644 src/tests/data/pss_x509/02/root.crt create mode 100644 src/tests/data/pss_x509/03/end.crt create mode 100644 src/tests/data/pss_x509/03/root.crt create mode 100644 src/tests/data/pss_x509/04/end.crt create mode 100644 src/tests/data/pss_x509/04/root.crt create mode 100644 src/tests/data/pss_x509/05/end.crt create mode 100644 src/tests/data/pss_x509/05/root.crt create mode 100644 src/tests/data/pss_x509/06/end.crt create mode 100644 src/tests/data/pss_x509/06/root.crt create mode 100644 src/tests/data/pss_x509/07/end.crt create mode 100644 src/tests/data/pss_x509/07/root.crt create mode 100644 src/tests/data/pss_x509/08/end.crt create mode 100644 src/tests/data/pss_x509/08/root.crt create mode 100644 src/tests/data/pss_x509/09/end.crt create mode 100644 src/tests/data/pss_x509/09/root.crt create mode 100644 src/tests/data/pss_x509/10/end.crt create mode 100644 src/tests/data/pss_x509/10/root.crt create mode 100644 src/tests/data/pss_x509/100/end.crt create mode 100644 src/tests/data/pss_x509/100/root.crt create mode 100644 src/tests/data/pss_x509/101/end.crt create mode 100644 src/tests/data/pss_x509/101/root.crt create mode 100644 src/tests/data/pss_x509/102/end.crt create mode 100644 src/tests/data/pss_x509/102/root.crt create mode 100644 src/tests/data/pss_x509/103/end.crt create mode 100644 src/tests/data/pss_x509/103/root.crt create mode 100644 src/tests/data/pss_x509/104/end.crt create mode 100644 src/tests/data/pss_x509/104/root.crt create mode 100644 src/tests/data/pss_x509/105/end.crt create mode 100644 src/tests/data/pss_x509/105/root.crt create mode 100644 src/tests/data/pss_x509/106/end.crt create mode 100644 src/tests/data/pss_x509/106/root.crt create mode 100644 src/tests/data/pss_x509/107/end.crt create mode 100644 src/tests/data/pss_x509/108/crl-rsa-pss-sha1.crl create mode 100644 src/tests/data/pss_x509/108/end.crt create mode 100644 src/tests/data/pss_x509/108/root.crt create mode 100644 src/tests/data/pss_x509/109/README.txt create mode 100644 src/tests/data/pss_x509/109/crl-rsa-pss-sha1-badsign.crl create mode 100644 src/tests/data/pss_x509/109/end.crt create mode 100644 src/tests/data/pss_x509/109/root.crt create mode 100644 src/tests/data/pss_x509/11/end.crt create mode 100644 src/tests/data/pss_x509/11/root.crt create mode 100644 src/tests/data/pss_x509/110/crl-rsa-pss-sha224.crl create mode 100644 src/tests/data/pss_x509/110/end.crt create mode 100644 src/tests/data/pss_x509/110/root.crt create mode 100644 src/tests/data/pss_x509/111/crl-rsa-pss-sha256.crl create mode 100644 src/tests/data/pss_x509/111/end.crt create mode 100644 src/tests/data/pss_x509/111/root.crt create mode 100644 src/tests/data/pss_x509/112/crl-rsa-pss-sha384.crl create mode 100644 src/tests/data/pss_x509/112/end.crt create mode 100644 src/tests/data/pss_x509/112/root.crt create mode 100644 src/tests/data/pss_x509/113/crl-rsa-pss-sha512.crl create mode 100644 src/tests/data/pss_x509/113/end.crt create mode 100644 src/tests/data/pss_x509/113/root.crt create mode 100644 src/tests/data/pss_x509/114/server9.req.sha1.csr create mode 100644 src/tests/data/pss_x509/115/server9.req.sha224.csr create mode 100644 src/tests/data/pss_x509/116/server9.req.sha256.csr create mode 100644 src/tests/data/pss_x509/117/server9.req.sha384.csr create mode 100644 src/tests/data/pss_x509/118/server9.req.sha512.csr create mode 100644 src/tests/data/pss_x509/12/end.crt create mode 100644 src/tests/data/pss_x509/12/root.crt create mode 100644 src/tests/data/pss_x509/13/end.crt create mode 100644 src/tests/data/pss_x509/13/root.crt create mode 100644 src/tests/data/pss_x509/14/end.crt create mode 100644 src/tests/data/pss_x509/14/root.crt create mode 100644 src/tests/data/pss_x509/15/end.crt create mode 100644 src/tests/data/pss_x509/15/root.crt create mode 100644 src/tests/data/pss_x509/16/end.crt create mode 100644 src/tests/data/pss_x509/16/root.crt create mode 100644 src/tests/data/pss_x509/17/end.crt create mode 100644 src/tests/data/pss_x509/17/root.crt create mode 100644 src/tests/data/pss_x509/18/end.crt create mode 100644 src/tests/data/pss_x509/18/root.crt create mode 100644 src/tests/data/pss_x509/19/end.crt create mode 100644 src/tests/data/pss_x509/19/root.crt create mode 100644 src/tests/data/pss_x509/20/end.crt create mode 100644 src/tests/data/pss_x509/20/root.crt create mode 100644 src/tests/data/pss_x509/21/end.crt create mode 100644 src/tests/data/pss_x509/21/root.crt create mode 100644 src/tests/data/pss_x509/22/end.crt create mode 100644 src/tests/data/pss_x509/22/root.crt create mode 100644 src/tests/data/pss_x509/23/end.crt create mode 100644 src/tests/data/pss_x509/23/root.crt create mode 100644 src/tests/data/pss_x509/24/end.crt create mode 100644 src/tests/data/pss_x509/24/root.crt create mode 100644 src/tests/data/pss_x509/25/end.crt create mode 100644 src/tests/data/pss_x509/25/root.crt create mode 100644 src/tests/data/pss_x509/26/end.crt create mode 100644 src/tests/data/pss_x509/26/root.crt create mode 100644 src/tests/data/pss_x509/27/end.crt create mode 100644 src/tests/data/pss_x509/27/root.crt create mode 100644 src/tests/data/pss_x509/28/end.crt create mode 100644 src/tests/data/pss_x509/28/root.crt create mode 100644 src/tests/data/pss_x509/29/end.crt create mode 100644 src/tests/data/pss_x509/29/root.crt create mode 100644 src/tests/data/pss_x509/30/end.crt create mode 100644 src/tests/data/pss_x509/30/root.crt create mode 100644 src/tests/data/pss_x509/31/end.crt create mode 100644 src/tests/data/pss_x509/31/root.crt create mode 100644 src/tests/data/pss_x509/32/end.crt create mode 100644 src/tests/data/pss_x509/32/root.crt create mode 100644 src/tests/data/pss_x509/33/end.crt create mode 100644 src/tests/data/pss_x509/33/root.crt create mode 100644 src/tests/data/pss_x509/34/end.crt create mode 100644 src/tests/data/pss_x509/34/root.crt create mode 100644 src/tests/data/pss_x509/35/end.crt create mode 100644 src/tests/data/pss_x509/35/root.crt create mode 100644 src/tests/data/pss_x509/36/end.crt create mode 100644 src/tests/data/pss_x509/36/root.crt create mode 100644 src/tests/data/pss_x509/37/end.crt create mode 100644 src/tests/data/pss_x509/37/root.crt create mode 100644 src/tests/data/pss_x509/38/end.crt create mode 100644 src/tests/data/pss_x509/38/root.crt create mode 100644 src/tests/data/pss_x509/39/end.crt create mode 100644 src/tests/data/pss_x509/39/root.crt create mode 100644 src/tests/data/pss_x509/40/end.crt create mode 100644 src/tests/data/pss_x509/40/root.crt create mode 100644 src/tests/data/pss_x509/41/end.crt create mode 100644 src/tests/data/pss_x509/41/root.crt create mode 100644 src/tests/data/pss_x509/42/end.crt create mode 100644 src/tests/data/pss_x509/42/root.crt create mode 100644 src/tests/data/pss_x509/43/end.crt create mode 100644 src/tests/data/pss_x509/43/root.crt create mode 100644 src/tests/data/pss_x509/44/end.crt create mode 100644 src/tests/data/pss_x509/44/root.crt create mode 100644 src/tests/data/pss_x509/45/end.crt create mode 100644 src/tests/data/pss_x509/45/root.crt create mode 100644 src/tests/data/pss_x509/46/end.crt create mode 100644 src/tests/data/pss_x509/46/root.crt create mode 100644 src/tests/data/pss_x509/47/end.crt create mode 100644 src/tests/data/pss_x509/47/root.crt create mode 100644 src/tests/data/pss_x509/48/end.crt create mode 100644 src/tests/data/pss_x509/48/root.crt create mode 100644 src/tests/data/pss_x509/49/end.crt create mode 100644 src/tests/data/pss_x509/49/root.crt create mode 100644 src/tests/data/pss_x509/50/end.crt create mode 100644 src/tests/data/pss_x509/50/root.crt create mode 100644 src/tests/data/pss_x509/51/end.crt create mode 100644 src/tests/data/pss_x509/51/root.crt create mode 100644 src/tests/data/pss_x509/52/end.crt create mode 100644 src/tests/data/pss_x509/52/root.crt create mode 100644 src/tests/data/pss_x509/53/end.crt create mode 100644 src/tests/data/pss_x509/53/root.crt create mode 100644 src/tests/data/pss_x509/54/end.crt create mode 100644 src/tests/data/pss_x509/54/root.crt create mode 100644 src/tests/data/pss_x509/55/end.crt create mode 100644 src/tests/data/pss_x509/55/root.crt create mode 100644 src/tests/data/pss_x509/56/end.crt create mode 100644 src/tests/data/pss_x509/56/root.crt create mode 100644 src/tests/data/pss_x509/57/end.crt create mode 100644 src/tests/data/pss_x509/57/root.crt create mode 100644 src/tests/data/pss_x509/58/end.crt create mode 100644 src/tests/data/pss_x509/58/root.crt create mode 100644 src/tests/data/pss_x509/59/end.crt create mode 100644 src/tests/data/pss_x509/59/root.crt create mode 100644 src/tests/data/pss_x509/60/end.crt create mode 100644 src/tests/data/pss_x509/60/root.crt create mode 100644 src/tests/data/pss_x509/61/end.crt create mode 100644 src/tests/data/pss_x509/61/root.crt create mode 100644 src/tests/data/pss_x509/62/end.crt create mode 100644 src/tests/data/pss_x509/62/root.crt create mode 100644 src/tests/data/pss_x509/63/end.crt create mode 100644 src/tests/data/pss_x509/63/root.crt create mode 100644 src/tests/data/pss_x509/64/end.crt create mode 100644 src/tests/data/pss_x509/64/root.crt create mode 100644 src/tests/data/pss_x509/65/end.crt create mode 100644 src/tests/data/pss_x509/65/root.crt create mode 100644 src/tests/data/pss_x509/66/end.crt create mode 100644 src/tests/data/pss_x509/66/root.crt create mode 100644 src/tests/data/pss_x509/67/end.crt create mode 100644 src/tests/data/pss_x509/67/root.crt create mode 100644 src/tests/data/pss_x509/68/end.crt create mode 100644 src/tests/data/pss_x509/68/root.crt create mode 100644 src/tests/data/pss_x509/69/end.crt create mode 100644 src/tests/data/pss_x509/69/root.crt create mode 100644 src/tests/data/pss_x509/70/end.crt create mode 100644 src/tests/data/pss_x509/70/root.crt create mode 100644 src/tests/data/pss_x509/71/end.crt create mode 100644 src/tests/data/pss_x509/71/root.crt create mode 100644 src/tests/data/pss_x509/72/end.crt create mode 100644 src/tests/data/pss_x509/72/root.crt create mode 100644 src/tests/data/pss_x509/73/end.crt create mode 100644 src/tests/data/pss_x509/73/root.crt create mode 100644 src/tests/data/pss_x509/74/end.crt create mode 100644 src/tests/data/pss_x509/74/root.crt create mode 100644 src/tests/data/pss_x509/75/end.crt create mode 100644 src/tests/data/pss_x509/75/root.crt create mode 100644 src/tests/data/pss_x509/76/end.crt create mode 100644 src/tests/data/pss_x509/76/root.crt create mode 100644 src/tests/data/pss_x509/77/end.crt create mode 100644 src/tests/data/pss_x509/77/root.crt create mode 100644 src/tests/data/pss_x509/78/end.crt create mode 100644 src/tests/data/pss_x509/78/root.crt create mode 100644 src/tests/data/pss_x509/79/end.crt create mode 100644 src/tests/data/pss_x509/79/root.crt create mode 100644 src/tests/data/pss_x509/80/end.crt create mode 100644 src/tests/data/pss_x509/80/root.crt create mode 100644 src/tests/data/pss_x509/81/end.crt create mode 100644 src/tests/data/pss_x509/81/root.crt create mode 100644 src/tests/data/pss_x509/82/end.crt create mode 100644 src/tests/data/pss_x509/83/end.crt create mode 100644 src/tests/data/pss_x509/84/end.crt create mode 100644 src/tests/data/pss_x509/85/end.crt create mode 100644 src/tests/data/pss_x509/86/end.crt create mode 100644 src/tests/data/pss_x509/87/end.crt create mode 100644 src/tests/data/pss_x509/88/end.crt create mode 100644 src/tests/data/pss_x509/89/end.crt create mode 100644 src/tests/data/pss_x509/90/end.crt create mode 100644 src/tests/data/pss_x509/91/end.crt create mode 100644 src/tests/data/pss_x509/92/end.crt create mode 100644 src/tests/data/pss_x509/93/end.crt create mode 100644 src/tests/data/pss_x509/94/end.crt create mode 100644 src/tests/data/pss_x509/95/end.crt create mode 100644 src/tests/data/pss_x509/96/end.crt create mode 100644 src/tests/data/pss_x509/97/README.txt create mode 100644 src/tests/data/pss_x509/97/end.crt create mode 100644 src/tests/data/pss_x509/97/root.crt create mode 100644 src/tests/data/pss_x509/98/README.txt create mode 100644 src/tests/data/pss_x509/98/end.crt create mode 100644 src/tests/data/pss_x509/98/root.crt create mode 100644 src/tests/data/pss_x509/99/README.txt create mode 100644 src/tests/data/pss_x509/99/end.crt create mode 100644 src/tests/data/pss_x509/99/root.crt create mode 100644 src/tests/data/pss_x509/Sources.txt create mode 100644 src/tests/data/pss_x509/expected.txt create mode 100644 src/tests/data/pss_x509/validation_times.txt diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt index 4ac5862401..e07800279f 100644 --- a/src/build-data/oids.txt +++ b/src/build-data/oids.txt @@ -110,9 +110,13 @@ [signature] 1.2.840.113549.1.1.4 = RSA/EMSA3(MD5) 1.2.840.113549.1.1.5 = RSA/EMSA3(SHA-160) +1.2.840.113549.1.1.8 = MGF1 +1.2.840.113549.1.1.10 = RSA/EMSA4 1.2.840.113549.1.1.11 = RSA/EMSA3(SHA-256) 1.2.840.113549.1.1.12 = RSA/EMSA3(SHA-384) 1.2.840.113549.1.1.13 = RSA/EMSA3(SHA-512) +1.2.840.113549.1.1.14 = RSA/EMSA3(SHA-224) +1.2.840.113549.1.1.16 = RSA/EMSA3(SHA-512-256) 1.3.36.3.3.1.2 = RSA/EMSA3(RIPEMD-160) 1.2.156.10197.1.504 = RSA/EMSA3(SM3) @@ -158,6 +162,10 @@ 1.3.6.1.4.1.25258.1.6.1 = GOST-34.10/EMSA1(SHA-256) +# Encryption algos +[encryption] +1.2.840.113549.1.1.7 = RSA/OAEP + # DN [dn] 2.5.4.3 = X520.CommonName diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index ae9b2eb364..3e5d02a7b7 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by ./src/scripts/oids.py on 2017-10-05 +* This file was automatically generated by .\src\scripts\oids.py on 2017-10-19 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -55,11 +55,16 @@ std::string lookup(const OID& oid) if(oid_str == "1.2.840.113533.7.66.10") return "CAST-128/CBC"; if(oid_str == "1.2.840.113533.7.66.15") return "KeyWrap.CAST-128"; if(oid_str == "1.2.840.113549.1.1.1") return "RSA"; + if(oid_str == "1.2.840.113549.1.1.10") return "RSA/EMSA4"; if(oid_str == "1.2.840.113549.1.1.11") return "RSA/EMSA3(SHA-256)"; if(oid_str == "1.2.840.113549.1.1.12") return "RSA/EMSA3(SHA-384)"; if(oid_str == "1.2.840.113549.1.1.13") return "RSA/EMSA3(SHA-512)"; + if(oid_str == "1.2.840.113549.1.1.14") return "RSA/EMSA3(SHA-224)"; + if(oid_str == "1.2.840.113549.1.1.16") return "RSA/EMSA3(SHA-512-256)"; if(oid_str == "1.2.840.113549.1.1.4") return "RSA/EMSA3(MD5)"; if(oid_str == "1.2.840.113549.1.1.5") return "RSA/EMSA3(SHA-160)"; + if(oid_str == "1.2.840.113549.1.1.7") return "RSA/OAEP"; + if(oid_str == "1.2.840.113549.1.1.8") return "MGF1"; if(oid_str == "1.2.840.113549.1.5.12") return "PKCS5.PBKDF2"; if(oid_str == "1.2.840.113549.1.5.13") return "PBE-PKCS5v20"; if(oid_str == "1.2.840.113549.1.9.1") return "PKCS9.EmailAddress"; @@ -285,6 +290,7 @@ OID lookup(const std::string& name) if(name == "KeyWrap.RC2") return OID("1.2.840.113549.1.9.16.3.7"); if(name == "KeyWrap.TripleDES") return OID("1.2.840.113549.1.9.16.3.6"); if(name == "MD5") return OID("1.2.840.113549.2.5"); + if(name == "MGF1") return OID("1.2.840.113549.1.1.8"); if(name == "McEliece") return OID("1.3.6.1.4.1.25258.1.3"); if(name == "Microsoft SmartcardLogon") return OID("1.3.6.1.4.1.311.20.2.2"); if(name == "PBE-PKCS5v20") return OID("1.2.840.113549.1.5.13"); @@ -314,6 +320,7 @@ OID lookup(const std::string& name) if(name == "RSA/EMSA3(MD5)") return OID("1.2.840.113549.1.1.4"); if(name == "RSA/EMSA3(RIPEMD-160)") return OID("1.3.36.3.3.1.2"); if(name == "RSA/EMSA3(SHA-160)") return OID("1.2.840.113549.1.1.5"); + if(name == "RSA/EMSA3(SHA-224)") return OID("1.2.840.113549.1.1.14"); if(name == "RSA/EMSA3(SHA-256)") return OID("1.2.840.113549.1.1.11"); if(name == "RSA/EMSA3(SHA-3(224))") return OID("2.16.840.1.101.3.4.3.13"); if(name == "RSA/EMSA3(SHA-3(256))") return OID("2.16.840.1.101.3.4.3.14"); @@ -321,7 +328,10 @@ OID lookup(const std::string& name) if(name == "RSA/EMSA3(SHA-3(512))") return OID("2.16.840.1.101.3.4.3.16"); if(name == "RSA/EMSA3(SHA-384)") return OID("1.2.840.113549.1.1.12"); if(name == "RSA/EMSA3(SHA-512)") return OID("1.2.840.113549.1.1.13"); + if(name == "RSA/EMSA3(SHA-512-256)") return OID("1.2.840.113549.1.1.16"); if(name == "RSA/EMSA3(SM3)") return OID("1.2.156.10197.1.504"); + if(name == "RSA/EMSA4") return OID("1.2.840.113549.1.1.10"); + if(name == "RSA/OAEP") return OID("1.2.840.113549.1.1.7"); if(name == "SEED/CBC") return OID("1.2.410.200004.1.4"); if(name == "SHA-160") return OID("1.3.14.3.2.26"); if(name == "SHA-224") return OID("2.16.840.1.101.3.4.2.4"); diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index e821e78466..0af264f329 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -84,7 +84,9 @@ std::unique_ptr load_public_key(const AlgorithmIdentifier& alg_id, const std::vector& key_bits) { - const std::string alg_name = OIDS::lookup(alg_id.oid); + const std::vector alg_info = split_on(OIDS::lookup(alg_id.oid), '/'); + const std::string alg_name = alg_info[0]; + if(alg_name == "") throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string()); diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 3f2aa55188..dd097f123c 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -16,6 +16,36 @@ namespace Botan { +namespace { +struct Pss_params + { + AlgorithmIdentifier hash_algo; + AlgorithmIdentifier mask_gen_algo; + AlgorithmIdentifier mask_gen_hash; // redundant: decoded mask_gen_algo.parameters + size_t salt_len; + size_t trailer_field; + }; + +Pss_params decode_pss_params(const std::vector& encoded_pss_params) + { + Pss_params pss_parameter; + BER_Decoder(encoded_pss_params) + .start_cons(SEQUENCE) + .decode_optional(pss_parameter.hash_algo, ASN1_Tag(0), PRIVATE, AlgorithmIdentifier("SHA-160", + AlgorithmIdentifier::USE_NULL_PARAM)) + .decode_optional(pss_parameter.mask_gen_algo, ASN1_Tag(1), PRIVATE, + AlgorithmIdentifier("MGF1", DER_Encoder().encode(AlgorithmIdentifier("SHA-160", + AlgorithmIdentifier::USE_NULL_PARAM)).get_contents_unlocked())) + .decode_optional(pss_parameter.salt_len, ASN1_Tag(2), PRIVATE, size_t(20)) + .decode_optional(pss_parameter.trailer_field, ASN1_Tag(3), PRIVATE, size_t(1)) + .end_cons(); + + BER_Decoder(pss_parameter.mask_gen_algo.parameters).decode(pss_parameter.mask_gen_hash); + + return pss_parameter; + } +} + /* * Create a generic X.509 object */ @@ -145,13 +175,22 @@ std::string X509_Object::hash_used_for_signature() const throw Internal_Error("Invalid name format found for " + oid.as_string()); - std::vector pad_and_hash = - parse_algorithm_name(sig_info[1]); + if(sig_info[1] == "EMSA4") + { + return OIDS::lookup(decode_pss_params(signature_algorithm().parameters).hash_algo.oid); + } + else + { + std::vector pad_and_hash = + parse_algorithm_name(sig_info[1]); - if(pad_and_hash.size() != 2) - throw Internal_Error("Invalid name format " + sig_info[1]); + if(pad_and_hash.size() != 2) + { + throw Internal_Error("Invalid name format " + sig_info[1]); + } - return pad_and_hash[1]; + return pad_and_hash[1]; + } } /* @@ -163,7 +202,7 @@ bool X509_Object::check_signature(const Public_Key* pub_key) const throw Exception("No key provided for " + m_PEM_label_pref + " signature check"); std::unique_ptr key(pub_key); return check_signature(*key); -} + } /* * Check the signature on an object @@ -181,6 +220,49 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; + if(padding == "EMSA4") + { + // "MUST contain RSASSA-PSS-params" + if(signature_algorithm().parameters.empty()) + { + return false; + } + + Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); + + // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 + std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); + if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && hash_algo != "SHA-384" + && hash_algo != "SHA-512") + { + return false; + } + + std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); + if(mgf_algo != "MGF1") + { + return false; + } + + // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm + // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 + std::string mgf_hash_algo = OIDS::lookup(pss_parameter.mask_gen_hash.oid); + if(mgf_hash_algo != hash_algo) + { + return false; + } + + if(pss_parameter.trailer_field != 1) + { + return false; + } + + padding += "(" + hash_algo; + padding += "," + mgf_algo; + padding += "," + std::to_string(pss_parameter.salt_len) + + ")"; // salt_len is actually not used for verification. Length is inferred from the signature + } + PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(tbs_data(), signature()); diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index c81f74cba8..c20224abae 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -112,6 +112,53 @@ void X509_Certificate::force_decode() throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); + AlgorithmIdentifier public_key_alg_id; + BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining(); + + std::vector sig_info = + split_on(OIDS::lookup(public_key_alg_id.oid), '/'); + + if(sig_info[0] == "RSA") + { + // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP + if(sig_info.size() >= 2) + { + if(sig_info[1] == "EMSA4") + { + /* + When the RSA private key owner wishes to limit the use of the public + key exclusively to RSASSA-PSS, then the id-RSASSA-PSS object + identifier MUST be used in the algorithm field within the subject + public key information, and, if present, the parameters field MUST + contain RSASSA-PSS-params. + + All parameters in the signature structure algorithm identifier MUST + match the parameters in the key structure algorithm identifier + except the saltLength field. The saltLength field in the signature parameters + MUST be greater or equal to that in the key parameters field. + + ToDo: Allow salt length to be greater + */ + if(public_key_alg_id != signature_algorithm()) + { + throw Decoding_Error("Algorithm identifier mismatch"); + } + } + if(sig_info[1] == "OAEP") + { + throw Decoding_Error("Currently unsupported"); + } + } + else + { + // oid = rsaEncryption -> parameters field MUST contain NULL + if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.oid, AlgorithmIdentifier::USE_NULL_PARAM)) + { + throw Decoding_Error("Parameters field MUST contain NULL"); + } + } + } + std::vector v2_issuer_key_id, v2_subject_key_id; tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 2bddd62b16..17932c8715 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -329,7 +329,7 @@ BOTAN_PUBLIC_API(2,0) check_ocsp(const std::vector{F{yo?N5rcpFkJE~ zQD&^4^~dAV z8<$P83t4UY_T9$`;$LnnK2Mza^Y*UjPcnC}2pCH?Mi@_sov-k$@zA@RiN9>B{q5D` zDqAOUZuPi6`R59qc#;2&!i#scxCg2%nD3=1q`%+~|Kt<~ctTWPEoS_jEw(TSb#~D4VadJ$`x3I4FnDN*?6@Yy|+s+0zv1g znKcGNAUR=>S`Gs?AjQPUK!w}^OgN1U?wU(B9ltD~5?OZ8u;A7;87<4{r$TRugct`) z=ZfA9JM6zt@V26pZbCx!t=DgLyKCY$%e_$b__o|DTWi_(TWbIFC;kj+&|IZ?;L-9gEq0HzeVJW7E>1X} z)Bmz$!cy0{d^Y^dE+l`|aJ4^GwpRuXd+sq=E&=Ar$-^Y+#E zyoSC~PnW$^&hu?_as2UgVGY-5_8UiMRc1|Ja+AU6W<8&6j_2wJi|3ZhEZNqOCdR$v z-xKkom%I^jHt$qi_Bfwc*mvN&>%QokW!s`u-!ExuS=1=`CMx5CscL@TMwtxriRrNh zi6qUPtHi?Bm0u&<_zb30(6`% zY~H_eUk00&jW1VwQdQBuxlNlsU#d1f*8b0=U7E{hKif(h$7lI&&8t?H9=LGi+|+G5 QFSq-v8<};@{d!du0KAysRR910 literal 0 HcmV?d00001 diff --git a/src/tests/data/pss_x509/97/README.txt b/src/tests/data/pss_x509/97/README.txt new file mode 100644 index 0000000000..5d745e9004 --- /dev/null +++ b/src/tests/data/pss_x509/97/README.txt @@ -0,0 +1 @@ +SigHash != MGF Hash \ No newline at end of file diff --git a/src/tests/data/pss_x509/97/end.crt b/src/tests/data/pss_x509/97/end.crt new file mode 100644 index 0000000000..34ef69e031 --- /dev/null +++ b/src/tests/data/pss_x509/97/end.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4wOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X +DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP +BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C +uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI +i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV +AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy +36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ +BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg +VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4DggEBAIfliohNjz4CLGbHWgWRBFQ3 +Difn027ZnULTvokT67ii1sJzESzqaIakyyu8GRwfoFRNh/rbGfe4C6e9SkwKbnDg +WE9SWbK6ukIQbMy69C+CVqFlRUHbONw/dmcneAWyZYGx/2Sf4D5kkpIWNDBeKuaV +H69XPZCeN3QAACmdAfo4NYW0I69a1OSaUrTyGT1nBOrzQ8Y0aJBnCJAte49bhQEW +KJv0kMj+8ZG1X0RoSdklf3GqdLUbsfJ2txu14GGAxy4C1gl2JWzoBHN5LMLf0cZ9 +uEYui7N/5bkSv8KXdbGvSzgn6zZ0MiCJMiiGEf0L1FxBiBCVsK4C2idpiZH+e28= +-----END CERTIFICATE----- diff --git a/src/tests/data/pss_x509/97/root.crt b/src/tests/data/pss_x509/97/root.crt new file mode 100644 index 0000000000..c2c9a6300c --- /dev/null +++ b/src/tests/data/pss_x509/97/root.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/pss_x509/98/README.txt b/src/tests/data/pss_x509/98/README.txt new file mode 100644 index 0000000000..546043b7fd --- /dev/null +++ b/src/tests/data/pss_x509/98/README.txt @@ -0,0 +1 @@ +bad salt length \ No newline at end of file diff --git a/src/tests/data/pss_x509/98/end.crt b/src/tests/data/pss_x509/98/end.crt new file mode 100644 index 0000000000..f4da8832ff --- /dev/null +++ b/src/tests/data/pss_x509/98/end.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X +DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP +BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C +uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI +i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV +AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy +36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ +BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg +VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAE7T54cyUf0ByNr34JaojFam +hV0T9QSc4wJ17sX67rxYIorXU8MynaneJzFxD9utOD3dq2TON18VswhT2McDgefl +XMwivCC0nWod8Pk638QaHxbaqC7XSq0QRBfOMXwV7knLNxI8smc9UJaco39VEcGD +yCkq4By/VCWTpvJ+1hx4zZ8WoXpFJFM5m5y9oEz4lgNv/6Wu7ILztyOk2yJiSR8r +YooC4zVeUOZuDO6At/NXZuSvmKmr+tfFrFA1AA/7yR5odQbqFVNSJ+u0x1Jv8Ra6 +JXA4cXsnaDaRe+Wm0L0p+2PtQWXE5npXYIbFHAA9EOC3Ab8oaP9M/F6yQMa/2is= +-----END CERTIFICATE----- diff --git a/src/tests/data/pss_x509/98/root.crt b/src/tests/data/pss_x509/98/root.crt new file mode 100644 index 0000000000..c2c9a6300c --- /dev/null +++ b/src/tests/data/pss_x509/98/root.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/pss_x509/99/README.txt b/src/tests/data/pss_x509/99/README.txt new file mode 100644 index 0000000000..8b2fba01fa --- /dev/null +++ b/src/tests/data/pss_x509/99/README.txt @@ -0,0 +1 @@ +bad signature \ No newline at end of file diff --git a/src/tests/data/pss_x509/99/end.crt b/src/tests/data/pss_x509/99/end.crt new file mode 100644 index 0000000000..9e565419ee --- /dev/null +++ b/src/tests/data/pss_x509/99/end.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG +EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg +Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g +HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo +r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0 +qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ +wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w +OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh +clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR +vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6 +te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW +Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj +88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw +JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1 +o4Hl/lqjwCFG +-----END CERTIFICATE----- diff --git a/src/tests/data/pss_x509/99/root.crt b/src/tests/data/pss_x509/99/root.crt new file mode 100644 index 0000000000..c2c9a6300c --- /dev/null +++ b/src/tests/data/pss_x509/99/root.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/pss_x509/Sources.txt b/src/tests/data/pss_x509/Sources.txt new file mode 100644 index 0000000000..1c5a535a9b --- /dev/null +++ b/src/tests/data/pss_x509/Sources.txt @@ -0,0 +1,6 @@ +01-02: http://www.kaiser.cx/x509Pss.html +03-04: R&S Cybersecurity GmbH (Daniel Neus) +05-96: golang/go - GitHub User @lwithers - https://github.com/golang/go/issues/15958 +97-106: mbed TLS / PolarSSL GitHub Repo +107: unknown +108-118: mbed TLS / PolarSSL GitHub Repo diff --git a/src/tests/data/pss_x509/expected.txt b/src/tests/data/pss_x509/expected.txt new file mode 100644 index 0000000000..45fffd4336 --- /dev/null +++ b/src/tests/data/pss_x509/expected.txt @@ -0,0 +1,118 @@ +01:Verified +02:Verified +03:Verified +04:Verified +05:Verified +06:Verified +07:Verified +08:Verified +09:Verified +10:Verified +11:Verified +12:Verified +13:Verified +14:Verified +15:Verified +16:Verified +17:Verified +18:Verified +19:Verified +20:Verified +21:Verified +22:Verified +23:Verified +24:Verified +25:Verified +26:Verified +27:Verified +28:Verified +29:Verified +30:Verified +31:Verified +32:Verified +33:Verified +34:Verified +35:Verified +36:Verified +37:Verified +38:Verified +39:Verified +40:Verified +41:Verified +42:Verified +43:Verified +44:Verified +45:Verified +46:Verified +47:Verified +48:Verified +49:Verified +50:Verified +51:Verified +52:Verified +53:Verified +54:Verified +55:Verified +56:Verified +57:Verified +58:Verified +59:Verified +60:Verified +61:Verified +62:Verified +63:Verified +64:Verified +65:Verified +66:Verified +67:Verified +68:Verified +69:Verified +70:Verified +71:Verified +72:Verified +73:Verified +74:Verified +75:Verified +76:Verified +77:Verified +78:Verified +79:Verified +80:Verified +81:Verified +82:1 +83:1 +84:1 +85:1 +86:1 +87:1 +88:1 +89:1 +90:1 +91:1 +92:1 +93:1 +94:1 +95:1 +96:1 +97:Signature error +98:Verified +99:Signature error +100:Verified +101:Verified +102:Verified +103:Verified +104:Verified +105:Verified +106:Verified +107:1 +108:Verified +109:CRL bad signature +110:Verified +111:Verified +112:Verified +113:Verified +114:1 +115:1 +116:1 +117:1 +118:1 \ No newline at end of file diff --git a/src/tests/data/pss_x509/validation_times.txt b/src/tests/data/pss_x509/validation_times.txt new file mode 100644 index 0000000000..99fbbfda44 --- /dev/null +++ b/src/tests/data/pss_x509/validation_times.txt @@ -0,0 +1,118 @@ +01:2016 +02:2016 +03:2017 +04:2017 +05:2017 +06:2017 +07:2017 +08:2017 +09:2017 +10:2017 +11:2016 +12:2015 +13:2015 +14:2015 +15:2016 +16:2017 +17:2017 +18:2017 +19:2017 +20:2017 +21:2017 +22:2017 +23:2017 +24:2017 +25:2017 +26:2017 +27:2017 +28:2017 +29:2017 +30:2017 +31:2017 +32:2017 +33:2017 +34:2017 +35:2017 +36:2017 +37:2017 +38:2017 +39:2017 +40:2017 +41:2017 +42:2016 +43:2017 +44:2017 +45:2015 +46:2017 +47:2017 +48:2017 +49:2017 +50:2017 +51:2017 +52:2017 +53:2017 +54:2017 +55:2017 +56:2017 +57:2017 +58:2017 +59:2017 +60:2017 +61:2017 +62:2017 +63:2017 +64:2017 +65:2017 +66:2016 +67:2015 +68:2015 +69:2017 +70:2017 +71:2017 +72:2017 +73:2017 +74:2017 +75:2017 +76:2017 +77:2017 +78:2017 +79:2017 +80:2017 +81:2017 +82:2017 +83:2017 +84:2017 +85:2017 +86:2017 +87:2017 +88:2017 +89:2017 +90:2017 +91:2017 +92:2017 +93:2017 +94:2017 +95:2017 +96:2017 +97:2017 +98:2017 +99:2017 +100:2017 +101:2017 +102:2017 +103:2017 +104:2017 +105:2017 +106:2017 +107:2017 +108:2017 +109:2017 +110:2017 +111:2017 +112:2017 +113:2017 +114:2017 +115:2017 +116:2017 +117:2017 +118:2017 \ No newline at end of file diff --git a/src/tests/data/pubkey/rsa_invalid.vec b/src/tests/data/pubkey/rsa_invalid.vec index a66779b29c..8963a18be3 100644 --- a/src/tests/data/pubkey/rsa_invalid.vec +++ b/src/tests/data/pubkey/rsa_invalid.vec @@ -148,3 +148,1359 @@ InvalidSignature = 1acce04e348a5c8377c54d8ddd8ec2d8c5cb9b195863c32eb716745f3462b InvalidSignature = 61a4066d0b64964100ecf583325cad10b53912aba1bf3606720d2bdd8e21120bb0b5e4323987d96039819ccce0e5e90854bc0e5c239ab198f75b00355a04e4eb1f855f76697cd65732820575306eb9323954bc5913568a7278fcdeff8e8acad4481e3559f8c44a0be3bc02bae437c3146e4516632b3fe788c3a0e44171155728 InvalidSignature = 979a313677883b0980997f1cb525f43401739945860149dcad80f602df8abed4fd85bcd6e174d9183a5a44008fd77b5a5abcffbcfd4f47ccd2dabef963d9b228310d99000ed0cebbf61438cbe586985bcffb3923a8467a97ae791d0b04925c0894b5a41583d6de72d4369f481f66abce41a577fb128fc0b0aeec746ec089d834 InvalidSignature = ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a2300000 + +# Based on SigVerPSS_186-3.rsp +# CAVS 11.1 +# "FIPS186-3 - SigVer RSA PKCS#1 RSASSA-PSS" information for "rsa2_check" +# Combinations selected:Mod Size 1024 with SHA-1(Salt len: 20); SHA-224(Salt len: 20); SHA-256(Salt len: 20); SHA-384(Salt len: 20); SHA-512(Salt len: 20);; Mod Size 2048 with SHA-1(Salt len: 20); SHA-224(Salt len: 28); SHA-256(Salt len: 32); SHA-384(Salt len: 48); SHA-512(Salt len: 64);; Mod Size 3072 with SHA-1(Salt len: 0); SHA-224(Salt len: 0); SHA-256(Salt len: 0); SHA-384(Salt len: 24); SHA-512(Salt len: 0); +# Generated on Wed May 18 13:42:19 2011 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd +Msg = f0b83b8facf6698d564bad334fe494aba3eea42f3cfc378455a989c4317e0f610c160a67527f5d010fe49b3fa6696516c757f3a99b79f0c641c68bb47e3fcb2cb01b22a5042246d5e9573c74c5d9b543e60b9e4dbbf3f36c44e0d410c750da3cc510abd12ca5cc0fceebb75912fc2e38e953cea30432e77e45408b607377e599 +InvalidSignature = 7973359908f1cb2f7eb31e19f7655e8117261e17c43c8ce5b12bb861b541fea168e077b41cf11a95ef7a80edf5f5903987e59d4b9f115cdb3b6394eb0dcb6f5869be0f896087bec612093965ba020449eca36ea74acffe1eb9f42e4ef03247cccbf99557073ad99a144172669e49296980c9aeb5fc7fa64660a680c320edb20d + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd +Msg = a4ceb81c341237facdf5c8dab1f5fdd725985939df0b623cbb08f714affce42d016ab4b7b78ac7625037a466b1088fc762bc5fd7fadb8afcd89a82b314ff44d5b5472d1a258510dbe28b871c750d86c9a8043640f451001039a3e700b29a1c54272dcc4b64493decebba1902e64f0a665f39867cb3b5ed0044ebd1036f159430 +InvalidSignature = c12ad0a80b116cd65a8c81aadd81f05bde5d6adc60e4deffa3d7c68ed8df5314c98b70979c4ce5f9e1c3f0e52fab15725c4f22dc0c4b182a1d7cd81dc24f54e768dd2518a6cee3952922e653b8feaa32745f92ea01907aa4ff2c5f64ed9bad461e2825eafdc31158fafd38afb39fa10f5f833faca076c8771cabe406be6df648 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd +Msg = ada7d6e417da2c55aba768f60df46b73496cc07866c7d2193f4c5c728e94228a4a90df7e33ce7edbabf78c4bc79dee74a633cf1d015ddd92046bb54a5c1f9bc892b76fbf9727dc79a0a7d379336d386082bcdb0df91da90813ed2421711710542d236ff06c70b0f932bd24ca7beeb1fe870dca9175909e4313da903df504e8f7 +InvalidSignature = dd45ac85aa560159b2b9890cd61b8c082bb02b55529afec05e7f3fc1d73e30a09e0a7a422c20c074bd25c1271924a94d7576d99125d9200e0190979dd4238db8bdd286eba5d3e46a48fa2b18e43d7926aca3312eaa93970797c20c7e12a64c47858d1deabe5260620f01ee528d63e073f90f5044ea92804f3c1500cc2b958289 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c35377 +N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd +Msg = 68a53131f6499d299801d88d6dc311a138934f1f58a5057efac2e6738decfab97645f20e052db97ea8ab4be35f0ecaad70d4cfdf5ccafe5a1175dd5e61b1e64eb398dab3f9a55984e219b0a5509ef2ad0c2b4aecb9278fad06d119b828dfd31b8865922ab8f9a5c5ac15aed927bdb0297361684f5504e1fd409e4389c9bfeba9 +InvalidSignature = e955264d644003b69f39f955150a7f42b629081b5c13787c7a9e2c988089b5e550ad4bc14e7e71c441ddb69afad39c56f811327e25270443cc0976adc9ff392a9e1dbff48fd9adbf6263be6e78d7b95feffbaa2879ba8b75e67a97aaad39d9211e5610ee369777d3f8ffe373f9d7d2984d209a9399cc1e105ffff0baaadbdd25 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd +Msg = 340eff60922f2d65152cde96f5729fddc554434d9aa32b596f7fc543c86c53d796a9ee585bbdcabb8e52bb134146f84d0100201dfe007a386cba81c428a5a00c9f8f3a79ec33edbe400d1852876d9a2348cbdd89cd5a147885dfc0fba6c479dd1668eba98cba1fd6f306fc3b0f0f0dc9625d847851d87f8283968bd08af266b1 +InvalidSignature = 4d744a1aad0c4d76512902eef63753ec58ec3f5e23f91889fd6705bb111db9c688587c320b52e65939c69f2296d9a4c01bc450513486f86a861e706abe25b40a8e3f517ab58e99ffaf6b8c4efbf44ddfa9150349baf5daf0af17cecbbd99d0f5af871ed8b10095b4a0d14d3c8c4ecdf9e52d361d21694dbd9bae7fa395714d9a + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = f0b83b8facf6698d564bad334fe494aba3eea42f3cfc378455a989c4317e0f610c160a67527f5d010fe49b3fa6696516c757f3a99b79f0c641c68bb47e3fcb2cb01b22a5042246d5e9573c74c5d9b543e60b9e4dbbf3f36c44e0d410c750da3cc510abd12ca5cc0fceebb75912fc2e38e953cea30432e77e45408b607377e599 +InvalidSignature = 6b5a094e74c5c34ceffaa51dbb15f02689e1c45b620e926f85882800dd4662c9412f1e6a54388b51a58a7d3791c6ca6acdf03ecece746e5e3189ebdf5c958ec0233758f126e4455957b7f6450f65f61f1202f569e1c95e36207916b7bd22f530debc965dd5ee543d80e14b19341221b294d2f4acf846a63705a9479b49fde460 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = a4ceb81c341237facdf5c8dab1f5fdd725985939df0b623cbb08f714affce42d016ab4b7b78ac7625037a466b1088fc762bc5fd7fadb8afcd89a82b314ff44d5b5472d1a258510dbe28b871c750d86c9a8043640f451001039a3e700b29a1c54272dcc4b64493decebba1902e64f0a665f39867cb3b5ed0044ebd1036f159430 +InvalidSignature = 1db247c271a11b2d41205d1abafd433be26e273563f636a3a46191fefe2aceac656a9e91cd58df247a4feda14b006e6871896f1f3fd84a4c91e85a82d88314011b85b3e0432c07fc5f16b0d10fc56e2823bee8746f1ad6cf4cc4603bf1046c98e36cd373d7955ec37d86916bb4cb5ed4d43a5a12720ab9ab7f18a17ce927a286 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = ada7d6e417da2c55aba768f60df46b73496cc07866c7d2193f4c5c728e94228a4a90df7e33ce7edbabf78c4bc79dee74a633cf1d015ddd92046bb54a5c1f9bc892b76fbf9727dc79a0a7d379336d386082bcdb0df91da90813ed2421711710542d236ff06c70b0f932bd24ca7beeb1fe870dca9175909e4313da903df504e8f7 +InvalidSignature = 468a0a4d9887dc8de86672bf5888ab473fc58cd681de1dd4b9fc46eeb32b184cf25877be736696aaa86e9707e6afe57ea1f9ea493e5f72473d7c5e77710e15e325eeac1a1c0a82199fb14f3f090703e9f14d0b0acd556bb4c242eccbec203664d8c903bb90210aab8f61c1de2391cb77f93c8cf6f5e3d1fb621c4109d5d089d4 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e887c5 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = 68a53131f6499d299801d88d6dc311a138934f1f58a5057efac2e6738decfab97645f20e052db97ea8ab4be35f0ecaad70d4cfdf5ccafe5a1175dd5e61b1e64eb398dab3f9a55984e219b0a5509ef2ad0c2b4aecb9278fad06d119b828dfd31b8865922ab8f9a5c5ac15aed927bdb0297361684f5504e1fd409e4389c9bfeba9 +InvalidSignature = 03999476730932d46eaa5205f422de58c5d517a2d15fd449404c52ce7f0a3636a323aa681d79bffac60e8d9fbd6e62e299368cf8dedc3c1631d347cdd518e0a18b7e146ff913f191c0e772fc3e50a4424845d23d7e10e038f9fcee9e9a2fe4907ee597e3c589000644d65cfee60115dbafd9a8348df03435224e1f99d04ceafb + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = b3e512b4ff753fcf01b6e6d830915f93cb99fbdfca3697f3140371e8f2743a78c4bc6c05f3eedddc266295bcb95adc926be598875604d63c250ca754814b2d34cceef506122287043c7a3cf3879150ed35f0386483323664da662a1849b4ab90334456c1455b66ceabc78686847ee32d9382847f3707def29dd8a33c34f7dc15 +InvalidSignature = 5432923b53dc8ad5df6a5db2b04506b42afbf29e31086fb3aa7b7b7a041940466a6535da54329c1aa5cfd328d4cb622398bb572354eabb3c1a59953c7881d1b1603a3f0c5ce845dda3bcf509c9c7b7f61fb310ae50101d08062eb2b894d12602ec28e7533251c0987e4a290e5affd0083b2216f26a55a732432268bcd1982ef6 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = 14ccaca3e4e313a960023ce1ea1335a9b29b47bdd7463466cfc7bdef08de6759cfba7f5072825c5da12fe45c1a9c523186e036b79ddbbcf9910f32a5aab1c5bd2d008b9083d6c7e9977d688680c3d2cb6051e1b88c382b19edcd86fca6b7cb68f646d94c6007dcb60a95cf4564b13fe1099552a9ea86092da9a9c2de431701c3 +InvalidSignature = 93e0eab6ad774d35fbf94f2226072c7b6dd9edb54377ab7d8c8f8c1f125b62536334d953d3c610ff9aaf04b1962cf30ec213a6022ddbdbdad67084db957853a4d35eb644e1dcf8ff82b26a74738271b2394b5a063de453ae5c0968034dc7ca12f9d1c11ac213e801794a00eec5d3ca9469a47ba7b932259be0aaf13d41302c05 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067109f +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = e5494be79aa11936c226d26f260c2a8baa36c7a4d2a9eb068640528812a15e1d716f71a6cbc29a0a3cd47589d7fd4c4debe1824284e8322835ee13e7153c9f2208b7740e4058fa8503dc4656aebd3ee0fa60fedf7e907b85752b66cdc21b540c31881bc8004c7fce9ea80e7fb235486b5f1d0321c68a0e44cd5f15e21f27c402 +InvalidSignature = 983e58dd64d1dc369a71485a497f9242a527bb285e5039e88f997a30fbdd32f3022c453218e22f0180c3f753bc0d6e3d695ebde88e8963571adb68510c1e40d84ac83785cea9ef84bdd3957e98d718c7a97b22f692dfa9d1273a97ce9446794fd193ec3d9354caad1b7bfcddf82505f8a963f7759d108b7a67a57aa7cce3c84b + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = 3620220deb2101077555298267995366d834f856ac0cb687151af5d3581bca09d5881c8842c9050c37a67ac7effe2fb44dbbb5281d05e5aa9db682043b0e1a9aa1a92dfbefad92b64748156f8f5a6531726e2e06a8ef82c578997d2c7b2d292ea2699f8e7a376fadaf2542a1d015be865135aa19d6325383afa92e729edfbe6e +InvalidSignature = 3e9d528a7bdbb9d1083384e67441712645c2aade8ca32c8c5632ec2708b6b9877dc4cf4803b6cbe533fc58db7ab01019ae879cf746dbca08ef39affbd600562ae99613d76183554e712e90fdd4b37a0092a3ddb3bf2835e6fc6ee12e7b355ac006e8e5725d8773d856360bbef7a896fc66594b1a4f7ecbd13ed2c02b76511feb + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = 75d462568edb867e996ef0197de4685fe3528225985d2053364c38970162d85b0f6a67f5ac932d1efc7e16a6e296b26621a08175c1926e9fb5a99912bab6595b82b9829112b0e3d069b113e962376e58dbba5a771782cff161bc1678f2ced0bb15e83b9289dbb17c272f714cc46fa21f59c8959162d34b3183ae373271514463 +InvalidSignature = 97828f3a8b864a95c19b617aaa5744cb09c3c37758349e398169e2e8344eba663f9dc871f744b52b3f15d07875ae8706e7bb849e0828e6c9228cf43e742fd2c233f2b31a67365a12f0ebc2d9d3369232c6939cb9e6e80b18443820773ff796d2d77d633f1e240a2e62625ca6e85e85105a9b9beff0c6d86a112f1e9aaa551c88 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = 372c9d4b73d3d7527d991817dac22792b1a2926824a8a30fe09b9033f324f259df8d78c3ecc8dd93c2b31733369ad2f365fd1cf4ff946246e6919b4df825c36928458bd5d4ae4fd0532748fbcd0603034ff5117f1ef6011c4ca58bf78abd0e4a3dde3d4bd48e1451587d1239440da2089811dad129d567da3b60c8fa51f5bb45 +InvalidSignature = 7ea27bfe422507d9f40f5200ba8b68d92147611c63825aa1aecb3268893388be452de5c3f9c6d224d5633913d5f27a33b669550c5653315fdefb6032ca50f781e789f148f2642aa479aac4f85454425e570cb0cba2a1a8586178a48127897003be424eb86d87a2c5c95627dc4407f4800536567337d88d1df3b369b176a21c6e + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = 78b8e34e3d1026e88148aff5a05d5b6ff747113148cf47665fa1c842f6a2b4f0d783c8cb4097dfd08be1b9530e72fcf241f278c81e7cafe3ceaf95f7810194539e57d3151cd3b89a2fedac3928c61e3196b8cadfb2323b35fac38e671b747ae7145b8d94996db82fb5940e0eb402c91440c48ee0ca9af2452c063cfa8ca36c93 +InvalidSignature = 697f7422aa7bb453c6b7e5c3c1f5a44d4631ceb0b9a9e77a0ffffdadcbd50d8f69a2fe23ef495191dbc4df75605198af429807393efce5d0742c6cd65ea4f6e60fb9de39faf141f6b9f2339bfdd95677de6ac7856b183ca7c2e19fcfefa916858e7e41de93257e8771e361d056d5c96557c655e1da2d4906798cc4b93509b0af + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = 8ae68ad40631981d0cb68428c642fabc658ddffc1761e4a436fe5c90bfbe4b7e07f5bf14a91b6325c32d5130625028293ab85e7c9bc8d850a07ab808aa0277100cae33d608114a16fb60275bd41c5cc3caf1f1024fdffca93f9772a95e283d1201da8f210b5a757a1b18afb204eebf107e0240951bed79397c1d3278c477c60d +InvalidSignature = 7c17bf8aaeafb9c97966d905205b1f007a1379e5fea9418bd6decab846bc4d430de0315c5b2195ea62900b34b7d37cd6dde7e37d9361073942976215e7183e4dc876d69e1eca9cc3786d2e9922b71333ae3f0cacbe173a6346c152273556b6bdd1afb7fe01fcda772362fe20be34bd4c8ed9b16cbcd3db910a0d89a1859a2539 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = 5ec0479f0010f6f12a707ab52bc4ba883f29ea19617d02d660216fc535fd08af94c54384c17ba9fba53687792121e734a2c6be98f68d67ea5e7f502be450f43fee9d094e1472fa6b2f0f9773b2ec0c383efa0fdf702c5e87fe36692c02954bca95cfffc5a0fcd188ef85126c872c10dc3a4c46b87862cff668cd218f37d2f799 +InvalidSignature = 7202f1ed02d85d82b574b06fa3de38a0d19b80a612f470f22b4eb8a032c15be565bcfc7e9780d35f1aa11a312339554ec51e690287ad57acff359fdbe7cdfabf9770e9b33343cd8aeb8b2ddaaffd1d2308ec9fa28e5dc26abfee5c5e8470adf13380e7aefef727a78dffaf32bee251ca8bab4dd375d2a9e6c470943bdb58028e + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = 3de862f4efd8bda0f2f8254f730e5a8d5baeab4382a6c5371f99c9d684e9a13208da934744f5168282abe584723b53231fd6deb122000681153960a84bdde601be499174493f2a77188c5dd45ce70fad431df1be276b55e3062b41da32b4c249497b8303687e9e879ce2b2ca99da3636afcc0df2f9af5a64d8b895f49f35df13 +InvalidSignature = 26068d35b77ed46848c6006fa718c92ea035464018403019929daa2fb8af505ea81e7b0c1ffeebd614d006fc6c445febc27a562ac6bae807a52d2268690d26b1510c9c1bcafb16626212832b1c5f8a24630c16849e6c5dae23d2af780f34095ebc298a0cdfc3dab0a853148b74b676baa2b23bbac4c64b7354c3f0e5c901fc09 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c78d0b +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = bf087ce3582a9462c3706a2eb7cafae1b9b79c0185138977af309b428a29546c4973223d64b5e1b03edaa2230464ab52d803bf862f669f0a7751d0dffef09fb00f6b63085eba02c3a5bbb6c3908111e4d7ef3f31a9868c58517c255b140e23895817c5ad0ce0fd85433a2f7522ca357dfda5a669bd1d584785da231e952ce8dd +InvalidSignature = 17cbcaab779fdd6aeac8f0b90fbfe96b6d7231fdb550f2caea85eb9911121d7a0e956cf11414bb111d1d0b05b1404d480d6eccc65c0d301207ebc1b150247809f4cba9ee3b5f759c59602b1e63594ccd374d509a7c135a68c6013ed73ddf68cba5ea31087af451832411dca910fbc2aaab286b3a9c95b1655ab872e8c2766d0a + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = ca69f73a1e17310789a65561639b2b054aaed69622c4fb345b1d255172cf68c0bb73450f5d1ece179e930ad161b69b6cec449e9cefc2d334c2b3fef7ef0e8dabf0ef7a703a8d73507a6c39171ed446651781b201dd9c5770b4ea34c72f440fbdf2475e04bb4c68daa49aa8dba2db721952cdd96ef53acf11b82a8e683a57371d +InvalidSignature = b8459c62f5dc848a47e73837c3fb1b5b96c6cedc1cd0e08d5bccb8a0fe4e43ee03180a9457a8db53c16ab994e959bc59d29d3b15749a8e9cf43cbe81d13c3b2e0d55198e0776ddd2915e25f59b17e914888e10809016afa90fe24d6bf9aef635f291f6df2a80b777db31783ffd7148d078ee82ff15b4b83298c728fcfe80f58b + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = aaa280f51dfd88d1e7c7f08834ca69d75e4743996295858e950b3c5c922013d377d1247551430e36d4aa48805069b57ae07b788ae5110919b27c8896894e52bdc7bcd3195b479bc77c9cb37e9cb831cc974f0aa2316f2813bf61bc5924d0d619ff2c33e82351550d4864d98800fe0654ec8da2ea2ff70906238080ad4bedc66f +InvalidSignature = 570c0eecf611c34433df2f79b602ab96459bfd22a27b4acd07584dad4957af8c322ae98c376312c6b9330e50546a148734219636dd44de74106663e576ea85f8e02d9d03818f42134fc90c78fe94f06c4367e5a6c11357bc3abfd313c40a25986c083210a066985da3653eaf4581912f5396e5bd15eedc2d7fb9bb076ef85c14 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = 512dcdc30e9ae2b6e44a773eaffe62b10050dd2a12de22d100aa385d36c10cd7251bc3a03cc34fb513374032e912dd1550e874452772eed3c9eba67f84b97c7e4d50257ab154c5db0ffdbf4505c0cb61282c4ae1f812d7be13e81fc4a86ff2512f949a5a57946bae40649b7feb50541eefe208066d05051c456a49358a2b97d9 +InvalidSignature = b19f58f4374cc02135eb3aae5303dfd5e54b68ca90daf44e2ffb4dcb65ad49eba624688b7c18987177573ad4299c8cae53fd2ce2aae3515d033673155f1e5849b874f6bb28f691a0b920aadc7cfd5218fa2bbe60513df35f50bf8afa968c7f3a821ed9f185f23d020598d745be5dfa74b4ab25029bd47000637a2868438a6cb6 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = aae7e01a6e1a1070fb04dbaf97684bd0252aff01eb0715f899844d8887246a723fdedc7d3bce9dc9f02b59600b79d10efa008173ae7c80569f16a93c1193f83996cc3607d55ed95589a22661cde098c996bf859f8100ffbbcf6cf955ad0baad3b99737dfc3308cbdd0518adb650368aa025153adecfb58d02f6f84fae4f44ae5 +InvalidSignature = 2935b15fc9d8f8dacf912f828cad15c50e66745e08107bb23c419d7b177940716c04774898be1db3b175daa1cd1014900e7ec64705a1a145789bc3a7a5d2bb5a5956cf66a55b258913193aa44d29a731c33f1b7f04cb9dbc55f351a12ad77796502876fdfe47330d501c52fc87c5fc9d114756ba496a3742d5eb38f8835367c9 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054128d +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = 0c5f5fa28397254fc62d7e2cb124b769873cdfe37f66713d7f7a3432272c6029113d020a57eea15156ba2261b244e91a9b8f41ad4e6dfeafde3a616d34c93b80549f55a1e35f10bee686494dcd587fe0b01b38f9d882a020816c7434decf1eff5eee220c2ed3b8bdfff9ba980949c1e250478c6f268ea1b8f17a362e2e2451ce +InvalidSignature = 2596aabc2978bd62da57c486172a2cf433eb145835059fc035bd42886500156eca00554a989d19b6bcc4f640eb7cb5cb634dae38f59b015a01ffea0504847c643d525b910f61c2718f4cbb076e8af82183661d6c7e06dddfe1579ca2d6dc7e3e056b0ff6e6806fdf419e984018e2a1126820fbe966c52f9d8295a2a9cc9d0e0e + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = a4dd2d68a6ccaa4d2218c34c89fa1b8b37ea9a61fa121269d10222d5f3a55b051374a259e3e9d543d737b2a02b38f44827a7bee3a28f3dffc5038a601110cd97a3f0a8d7b780d3036cf5030bc7ca1179f9fc5847e57a5ff4ddd7b8d7ac4327b2dab9078a2b7aeab669b980376398ba4736532e34cbbbbe6fa1e774e0cd26b17d +InvalidSignature = 97a9b907731d605e40d7df6a8c813e3ff319a02074a966782fc2ef7937d0e9710e4473cf0703c23de5a1d238aaf38f6c5882725fa386a92f50c213b25385bd1d6b481708959677f7263bb8766049c3a24022180ac7db049edc37f19c1cf1e613a6d295190fa86b8f52b52e989507ea1368637cf6147de89eb9d840d5a2fc23e4 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = 8e1451587d1239440da2089811dad129d567da3b60c8fa51f5bb4544e0f5ec936f165efa3edcb346b7974b67daddb2c73a7ec7da48ba1ef7d4b2a266d11d7fba593c3f60f11032790dca14e5d783eaa02c2d2d52e7ca2a2163dca9ca3b1ccdf0546e3bb41e157e851623ab399034405db35c52cac55ee879a91fa299a55a9ede +InvalidSignature = 9003fc803fabb16ea2318a36e3e00b8a0d91c882b3cf11ac778e445cb5189b920e7689b865f1a323fb28bdeca4effd085de9611021ae95558db37bde3ce4326a1c931a60afdf03c3cb5a43465242f82a6b27352e1fa75af4e7bc1a93e81b2f3fc07a4312174b8888e4fbaafbb204880f3188e3e739223a57bc9583e6f125f597 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = 6bc3cf22b29b88757a39072df815b59e7a4f01079344a7c8786032cfaa33bf54d5c605c6f82f9205c76357d14e4c6783d61bfcfa0ce0bbd9605739f0ac05bdf716844882371cd2317d93d727cd4512be6d77897922e8c93b95a973b6fb2ff725f5a7a03eb589d16263708e18bf293db90709ae6d1b845a55dffce80ae1d7f647 +InvalidSignature = 1a73d7d3cd4dff2de010d2ab176ee64db3adf4b1fd07cf37caf19bd223d6c343e7ef75b14603ad9e0a52b853516cb43f262552d2e25f72c2c3119f0ff5b516dc8dab8417f4aa2a85b812e8600b7cfbdd217db95e9f889cb648e865215289d88813af6c562b48ab0a2a12c18c7ff927d020329cd53635ac5e7c1c7fb6a9139566 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = 63215755a54b4a68ef26d1cc120c6b5a963cebe706dd6e6c8f409065ca66e076d5c29154a83f72e3a685209c7378793206025575ff1371763ae6aceca48576d64d8f8562bf39c90e8f93a30d310d52ec1039ae75ded218d429feb1f830d0ca3cf4119c4792403930cfd7c3e6f5d0dcd0de685db04e234bcd86100751154ec4f0 +InvalidSignature = 3cdefbd51d9d74dcb34cdd5dcb6aa2329c38b72bef3fc30c5559e564fea7df8edde691f7793fb37e4ee8e363884493e21010e67c2b1310297a967dc852f94f1121456c6d83afc935586927cf1b5a1a927a221a05b133dbf775797c112dcece11232566b64e27bbaaddef31ad704f8b12d0e41571671de1e0fdea873a02cae156 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cb82f3 +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = 361f28f34dbee24034e03367b6b8d34df3738ca3a86b9ebcb09e639bcb5e2f519f4a7a86fc7c41556404a95dcb95e6149b7f5b5ffbdd026051100f8f056cd00d8930d83596bc5c73b8fedd590c2e07ef48bbda4bfd850762194c9d1eb068e4b1fcbb8928a2e5fc4336b6178402e90086030f509035c9756a113a556f53bc33e4 +InvalidSignature = 5b594ac8b973c6fb485d17268619b26c9948ff142284487a2ba1ab3e65d12af9e589f8fc0f583bc1136a2744be1f325f43e0b604a20c229996471ac2ab69860439a57adf60257945f4197e57b7c6711057a695f13d4b44f04d7c2bb87bd492fb0c03006c184628bade5c168fcaaba94fcfbe0911cf7e0b514aa975922e4a93a0 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = bc8e2a0b7a699afd26236facc6780b4ccfde98a8f30b86c23bb73ab955a304f02fda526dc537247f3727c0a41eb0a7a920b3c713c26ef2be7e448fc416c190a027d9a4940170ad48b62074b371369b3e09fdd427d6405124c40a7c4aa5b0e72ccc118647d71d1c9ecc94f3a16810d053b34626acd8898a3c34906712ad78f3dc +InvalidSignature = 70c2b47c69e68df4ea95dcb48bb3609b98805340d4336d544fa5d628af72583ae86a28c043c5aeab389cd7c23f2e164ea32ea83b5557cdf1421e4ed72d27ebc6e645e4743771dca252726cc6015ed165182c90e972f6c6be11c81c1f68083f58ea100ffa61aa0d7aa83fb4bc7df237dff22dc03093b65d78eba1e57d4344798d + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c9c009 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = 370bc75902d814961b5d55a3ca12334f31df07648182a82c6d308033df7fe64fea83a8de0137e64f661f27e4e42ca6b5c1e0edf9efb2a58182b4ad85677369a3521f5d25f8ecfa837fb7b72832ed64797aa9bb14091c395559322c1f55720cd956270eb650bdf73a4e6d2efa1b1d16a342819a3d39870ab1daf22589124477f8 +InvalidSignature = 3e18333b801bea1045458e538142886d338017f2d8e35147382668c8a68596bc2ac5bd7f781ac756e5cad5114b4373bee0758fb1b3a9a5d59d6e5345187797b9b08a9ca87cb039b36923e8be48f6839c00a165836f761c4afaef61da4b4f64c426c78ce22be51774ffe67cc1609160e0369cb894f036642be789875b8e8e33cb + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = 5d85ba30feae44c6de674c4ea2495d3cbe892394f46f18fe1a0a601d1d23f01d466ff68bbc08756a4b1e308363eacafc64e42b2c183626ae817058b4d67d539ec8d6fccc09f531b00f0daf2716f833096471e0fed083e19485414f8f04b855816822929aee5dbec0b49b91e2c15ae08a46970ab2233e92d9ade60d56afbb3feb +InvalidSignature = 1b5f06f3c6969fdec39025d409faf8a800ac771d5bb821cb8ebe5343dfeb93dd741ebd881dbd02d029cc5e76381b451aa6e2effd2a1eb0291f002e3cc4909cd78ec5356b11756cdd06db3f74eaf18ba49f93f7fbf56880123eabf41bc1f9695675a491b140944b737df538bd7da904f72f469c890d05d858d145d59ba152aa19 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = 70bab1b9866237e8f5609aebad3662f5a64677221a3aeffff2a3254d7ee00b026842c191eb6e666b40022ec6597bb49dd25692f82575306d1dc5d9e78d1e14a6416a3187350a228605758c81a5221e3f52a922b0c8255176b6dceca56f2208c7e27a2a24ccff13402c02dda4f8f547e10e874ed36d11fd23a531850f8cb4906e +InvalidSignature = 1e43dc1fbe0363e626d5448f3670a100ba199095d3d8a81944ec33c269ca5e2df4256dc5749b2add1accaaca0c3bef0a901fe895baca9eaf1e521ea015dc4c2bbd334a0d86a5ad65789adeda378a34d25b11d731f3950581f99a9aa385f2d6391cd7402406ae72962fa438cf12d9aeec557cd8aa34ef483ee3aedc1737d748a6 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = 5623af60bc0fd288d83dff1c0a212b5182b5b7134a6e949c876fac46fcfe7d9dcf3407b990f8e9cb772ec7f5ed2bee5f4e6c3b87ee8839d85a64897fe0a6877a516c2af1053d2cca20406b7814ab9013677feeaeb773ade5fb2d27b50bb892916333e0b123c6e3ae5bdbb54c868a579654549831ad1538eaf2344e91861de70a +InvalidSignature = b1705a416781943f623d7e766fe1824bbabf15760f3288280d36208d6eea1fe8d638a9a5a7095845cd1870459a7f05023950756d01b630b1dae3818383c5f5a78b264f191bdb28735f350839ae58490b5fc13ba6794a9500b956782fb013c28726bccb0b19489e7244eef84b9262c603851be1b885c63c4d1b012e1a87aa30cc + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004065a7 +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = 9299311456fe2ddffb3d231e14afdb0e3c906ff1fc554f04ef3f87b023314504c3bf9563f387707afcc4f575a920f673f1cab637d5c9f1208c901d5bded2f057ce9722797b90741248a7f18e3bdb74eea34b6a78fe90d9ac1950a27b791003b4fa4a5fbfb6c0428d280fa0cf92875d669b3a121b3d530f91deaa9c77bd958502 +InvalidSignature = 70d2c3138dd7a07fe22e8e3d2335e0a2c0cef949373f53d4d242e4027c154574f6d18014252cc10ab02ec1ccdcd3dc6f7c3d131346e76edf38ad66f36fec73e93df7f548ed7ba1759fced7b15c8cef2875822a6ea5b215a5cca0009fdb64f622eb1d9e27df411c3a1b916511dfd51da873d14a15b6d87553a2546ee15327ffe1 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = ca2932d61c66292bb02e7e64a1c6b40438e4fb91af640ceb3a3c55dc48b256ef05cd4b8624090b27dd4e30173123782a75206bd90ea13e957ac2f85b9087d389085ae5f03dbbff2a3233d62dd38960217e39816fc222e71b677f3353ae185948d9ba493ceee4cfdcb9c3b7d1106036925b19857c534ecf24095c4dec2acfb0d4 +InvalidSignature = ac59e4b969236d714c59cc4218a7cc02cb31d86aa24741ebab2b02deeafc350c9d533c8eb3d9a5f53317a634eeeb05e0d6d292fc52aa3b5469168b8cc79b2ddcfe9be2c42adf62dcbc568387422851f334a20b2994b47fa43615cf5eec6eed3a9954d7716526bd96d26118aa85e23c6c82278539874324822b5975c1370a70d5 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = 1d4b556abc81b293c22fadd2b48f26da8699c9f56c8184a6ed813e8d39d8c68cbc130928f38b89327f2f0aa678838ed303e984bc27203dbfdc0a9f7465b21dd8e08de7ab1c005d16aa23ca9137c54f0419b01d2c272de741cecb98d6615d4100b14255badee918886c93555b995b4fb5ee74fb0d15b36c75ea4d8f7ad4e1184c +InvalidSignature = 425e7ab27d14c8e05f82c9dbc8e660e0f0622db0426a741ef7876b749ff467f0e58043f1664de21881f63c0809527abf401038ca92000ca0c0f6d22d630c995fab4d2661258fd506cd77189d88c4541278cb5a3e0ac54e7dfa431c4700f99157da16e4f87b925368f537362dbffa9dbaec7524de3a1b1d9824ce339788779a15 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = 99331af1b3c7f0f9426b4e3d9b30d371f7762e171c02e13b39514561112bcfbc5b7b91a0695d043a0979047fa9901c62be54044a667d68c34b19eb73cb236c5157588811194660e2daa69c5c22ebb0b4a11b5d33cdde7be6cdd5f796962c18fa5473062c0ba98c5a7e9a1dbe506c15d0697442ba9b4ea30c852c6fb1b86e5922 +InvalidSignature = 04dc5d566e302f6f1fbc45e4fd136449c399519bc02a212e1df8778d8fbf166a72314260ced82b30950a342b1cfb81574ce652bb781f6c0119a1ae2021cad521887916378c848dbc573c3c7b8cb4f9421d4d79cbf3fe69cf78a0da68c7e704c19b8b9716e415e2c3f8c8533abe3590c3d25f2ee7a5cc46e0bab7492d52db0d4e + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = 6be1036d728dea34e224ad9218dbbd012cb9175b25f819576cae945081ad2249eda7ba2f7896815d9b5ae36638a4e30e8914af99579e78496c3280224a9c75f01da9fd8bef8b925a1b7e901604ac8cd0064ee836ad15a41225c87713f22e1fd0e12ef50a3f35c43148d8db2ae2bb61508cb1e9b9912446ba81b8a1ade12bc9f1 +InvalidSignature = c93724236f58ae9eb0f9c6b4d9326bb17cb53b2433c2b13d8402ec0b4455d7e1ca8d5ffde7d57bf5d7152de6abe3336ddf781b849fa821ec8079d9ef7c9272c91ff24908f79a9a62e88d8fdafe3aa67dcb1759ef54cab03f5644fda4debf537ce6c14cb2d35cc276c9dee09adb0ef29c3ed15189295de153bb20b08c80e7d348 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000053722d +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = 40d5b6a7c87573de1cd1960a16abed930b5591fffe17bc7114d1da7048e1e3ea6047e7792007ebe4bdcff3e995da603a1c147cc51a7f543814d5c6c5076fda235d6556d519f78cae552c7795eeb806867e23b8d98a2869c7fd5c6c2ad510d9841d7728431b0cff43ca2e49958b0d887f17ca6cc3b8daa424b9acf4271a8b8817 +InvalidSignature = 09e22f6503b81ee8e29e0b6c969b0ab7dbde242245d806ff55891541429a85fe05ca8d21be824bb985ec0aa98d9263d83f8f3ce35f5fb67969e0e77014d9b20936c37348b337fff3433bab7fafcbc429a341371048138bc0726a19b7a4e3c765e89660400e2cd7e1154039fdd8c7d8f0b897f442e5c9bd04d49e1116937a2045 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = 628acb4da4fb0c0b2a632800b3d4f47bdfbb3ceee7c211f48af460924b22c9bdd986ad1dcfa789119d7c83f3c6d4439d4df6042c6984eb0480a597145362f95b775166aa0471eaac9156e0255f86bf77d422376a2bc97d2c6bb9e3979537abb322321d7cac23d7e5ec37651ce4b011105d88fc3194586e7631796ba5786987cf +InvalidSignature = 5b9cf3df0c0717027ad0acf508fc0ff4d11ffed402e355675431b8fd44e308944ace9cd66a790ea66f25ddcaa43a65b50304da9d83b7702fd3e9e65d8ec2d73c9669ddbad51814a01a0a306442ae736ffa87fa8bc38cd1484dce14c5474b578ea26d98b47da09efe294f1664c9d9a41f23d8be9aaf3c68c475d793b6c6f8a311 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = 1d39ede43551c1527056d10ad3c7ecac54574d9a989e7b4f010d6df2e827f22a27ee5035db9c2b346894a9c9bd98d4e4d93c40da8d9bedb884486ed682884bafe9bea5ef812618ce78c6e69da8a2519e19304819c70b46aca5eb78e3e1d51e096a8f333db05750c8abd4cead1e4d2b821d19ae7fcd574ed56bdfd1408f7831e0 +InvalidSignature = 8a547641db63e40de38a4a9aea327ee84d158e974329a15ce2478d2792fdcdac0d0abb6b61ac8f9bec9acb780298be56975c476ceb125e394b3d16562b03e92fa5f392c72ffcc0b3ebfd67a4c6b80f5652a59bcfc170a7f46c214c099ff287de1cdbbb3e410ac8d27d72c2c5357005a8262f322308bed50c3b67960e5fe0d980 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = 26f567e1af866ce7a2dc22e0a2596df4c60d343f4a91b5d485321b021b5252d6740c1ae06d175a3a4dedb7c7fa2c66b96d3c3e56633212fb55f43d61ab9e7e1f2d250770ba3bd0373c723140dba3b0c9719118413ecacb4fdece5816777350b837885618feb976e557b2b8d4ad88f42cbc54e788452187d8060894aae99970a8 +InvalidSignature = b7a051f79fee95c69277cf8eadc867497f28bd9f66df38de5bfee5828de89d9b5bc3ac72579c86abc405b36f5d7ea26b4fdb88dbfbcdc8b756c80b8d0ccadd8e33ea5b5e4bbb9e8a45ce61b4dbc61f855f864d46a2599e1ec5d45901f0e273907a220c00863ee69c74cd8e07f29dda0ed6d519af8c926c2b2b648ea1e9ea06b3 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = ea567b6c6c27320893fb1b63817714739f7169e43e069bc47de660806cf3ea0f710b6c6deb21db4b1693f2052fb778d4d8b7c545bda083e978b5b24eb209ee2f8b4df5e83ce6642cfb43c1fa206dbecd85dfbc1432998fe13a7081e5e0a8999cfec41dc5a89d55150cb2922c9cbf6fc870915739e51847158bbed52c3ef772be +InvalidSignature = 0b9e0437a57b4a927e26bddb19a0736ce67ecb210e79f2467a00113bbb773be9da3a1071c0837dcce41abcebc59f5387adf9402e50ed6cf884ad007c12c16e7a97323c150d7acd7a456348fa803d4fdbaa4c9648724d2e68afd18f9b0d4247502b71578afa6d25335565a47b9780687d1997e30ab5ca2e60cb00de5b4a6b757e + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = 541b21710c8956949458f4daac99d96f59886119deb5ee78e861c88c092b287767ec8f84b6df5c6963059ec912c727fd4bdee21470706618f37bca93c577bb521237cd692b110f78c43ee22c5f830b080811066543ab9db74306ba135c757aeebbc68228556696491dcc680a7a15ad17f8ec76133eadbedc40ca3f11b56d8bd2 +InvalidSignature = 286dafd4c04495f875456be6adcc9109def4903bdf2972abdef455aac0f814bd71144a0cdc87406d4b08de70aeed47073b70b8cc9332b7965d586af2ac4112bc07680aa9641beaea7f5e1e7e6cda80e5958ce7487e388aad7d3027e769ac6be260deb48f7eaea1f30e411088c684d5291618421212ba18461f87371fd171b25b + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = de1bc34f15b473167a95e1d754f43d94e8109d9c9fc341ba64561bac4e9a8ed67f3477384c396a9e9efb3e169722cba779fef240c41bdeef9f168a5379b08354f021f011f2afcf1a227e81e07daa896a3d939149fd78adcd1f48e4796bb4edb5f88936c3503d2bf4cfc7b41c4cb4ff43fc78819d920237bdab9332056acf5261 +InvalidSignature = 1c6399bf074dab80478afd8cd35b217b9f4f7d10f871dcace4bc47c7afdd37da23b9475c7990f883e95db6e4d0254306ba9e95ca847ef6dec86c6084ae78440c2308f2061a8111bc4df3ee133fcc00dedcf8a30bf5adc7979d37dacba566c22996c06ab107f2bc7a0c05bda7eef7742b4abaebb442c11eb41a9f32f57f1698ff + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = 810fcfc108d1c958f62f7a243aaa72420befba69dbfb68278682716dd092bf4e0e74830423d3cd34ae1f5a738234ac08573760f3bfc1bd2f5b4089354e9a20c1f213c7d8ca703d0ab85c93f5700c3e0a2d1f6b94a3c892f5342e4e3366136cb495b44146e5f141637baeceb2ed794ed0f66d80516f5610027a1669710147cab0 +InvalidSignature = 525206937a5a77259ef4249350f89d92c1c63137e4b191812a35b53a7cb5cca52b5f697fd302e39a9024b009ff6357d998b2416993cb72c5c836b5ba7de736bc8d07020cf9360f7655443a0282c93beb40bb46a4f5ef7b76590433dbde9914d9b9c455f9353da45cd4192feb8cdce2cd46741682162955ac6db834a42d2f92b5 + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = 44faf422f16b794a9763181c52dbf3066e43ca91d724142ed0044e33e88a93212ae26d289563ebedcc6ff38a0e9bdad6671032e82832e3d6967f7ec2dfb9cd185247af11ced9227c7b4ba2bdb9ccb216563fb82504e10dae0a2c559b39fc0c4122f162e58614497f0ebdccbd3cb4a24ba2960352527aba3f95d57cc5e09b7825 +InvalidSignature = 13db3ff9ab38305903f54095045fd95e687a79e764311af09b3c6a265176099c3547187832a0b0d318b0ce9c58b20b67fbf0a8fdb05a656edb46128aa45e1caff3c60a920c2a500ea0c8cf5eb4bcd9a0fcb5acf7ee33268d351aec6551a73b9f9b10f3c9c0214ab549a71a7e248840b09257be2fe15dcbf5766d13f2ef762c97 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007afd43 +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = 83c53e873e548de19a44fa2d46d1db3377b21c0196fb92eb35428cd14800aba0923bf41b5d6224dc6e79439538757c9c50ea2ca721e339d4e111a5ecc42963e86f8769b4af1706346b757685d753b485eb1c8f9514d6009d294dbb51a06e04b302f1c4d99c3bdcf17882b9828b3228f5308f6c53d59c8f50f43cf5894698370a +InvalidSignature = 3c0a78c3f98cf8ec68834879eef97b990a69c670b3cf987d2836263e0b5c33d9207e7521c6794258500a586e309aeadd641ff98f4c55a8d9c925e4bdffce15a31c31a0751db6f99c8945beebb259207e4ddcea646e96c57f565f08e87cf83a6e7c1e54dfb4eba57193b8c066a2c5085874446df40e401def7cbab9390c130c52 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = 541b21710c8956949458f4daac99d96f59886119deb5ee78e861c88c092b287767ec8f84b6df5c6963059ec912c727fd4bdee21470706618f37bca93c577bb521237cd692b110f78c43ee22c5f830b080811066543ab9db74306ba135c757aeebbc68228556696491dcc680a7a15ad17f8ec76133eadbedc40ca3f11b56d8bd2 +InvalidSignature = 80e1846ad50ec6ac9937be11c1d589041fc970344d5997ac3d9f6ed5735392bd5dc3dc626f5b6e49842d79c9cce21527808d8c3bd30048e1f07567c84eed704a8f201ce840efb08e3c860d15db421ab4998f4acb43280e8445ed25b32b6e62ef7b47270e94cfeff31603e609a99814369d2eefeeb88c5bc5a4a8121ecbf37900 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = de1bc34f15b473167a95e1d754f43d94e8109d9c9fc341ba64561bac4e9a8ed67f3477384c396a9e9efb3e169722cba779fef240c41bdeef9f168a5379b08354f021f011f2afcf1a227e81e07daa896a3d939149fd78adcd1f48e4796bb4edb5f88936c3503d2bf4cfc7b41c4cb4ff43fc78819d920237bdab9332056acf5261 +InvalidSignature = 06e5620bd595f0e1a70aa5d73bafea42eac2a131120919903ad4259d9b2a744d71d22fc2ab36dc1c6cb0d7e9e77335a433b5c4ea285180cd551214022be3d4a145b371f3760c0d0135972b95eb593e283e04c7578d1dd9f38f3f0aed08bcb60f80593aef3b14155ac0eb98d54705f24ba75958215e308949b62f4545e48ed938 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = 810fcfc108d1c958f62f7a243aaa72420befba69dbfb68278682716dd092bf4e0e74830423d3cd34ae1f5a738234ac08573760f3bfc1bd2f5b4089354e9a20c1f213c7d8ca703d0ab85c93f5700c3e0a2d1f6b94a3c892f5342e4e3366136cb495b44146e5f141637baeceb2ed794ed0f66d80516f5610027a1669710147cab0 +InvalidSignature = 0c18050560c400fe3bc390fff314aecfc926d45d5dc310d1a80ecdcd237d2e97a2a3283c99bc49baaa147bbb82f0e4834f2da7d9ca29bc36fe43033adc0e56bdd1756664241b16664a52d6383cf545f3ecd25be6d450bf82330c1fc020d4f89945186e5347f657aa8cb364bddad0c33f7d94b652197432108dedaa186338d290 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = de225e04afc5701bc2c40ac3a9b972fcf04db86353a08db32dec588c346587736463231b39c2a8e22189139f31cb3c9b17cb66dd506315ab9ba7204dadc506142630859bc4fd694dd68da327f46c9abfee79c68602477a4a52c401ff9518edbe0cd0ac0eb73c5c63ca15e0e45b6334715d9efde5d11465983b8a25295326e37a +InvalidSignature = 0a2d99a4416e30969e2e6c5cf94603dc1f94936974753ef5513df8e5dc6ae6768ff5b2ba3231e51b45da4dd90233fd136d59e56a2a96c886b1edafbae485c9b6084c88fd09d691c2ebb157f4f71b2f3cbf9290123acf50e4d697bba9b0022f618627a2646ead3b93067ccba82a4b43f8755a5393e5433a00398df0837d5457ae + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bbb2f9 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = d4fac2af4fa7a3934afc123e9f3dd0be328c0cd6ca67d6a31f72d67f34773e26e6abfd18c533363e24e6f0cf6c550f75b60883ac980bbf6b3eaa6c07bd785f54a596c90dd531ae76944d993fddc18dacf9833ef3542681e689a102d1bf5235a638438f5727abf584c2b87556998b34ab2685a773a5c1065926e1fea7e00ea763 +InvalidSignature = 5782dbf7e801d74532c088c294b69811a6e37e1d2969fadb7b7b18073bcd59172a1a2b4d19eea6c2abbeaddaa80d88a4b21be6abebd040151bd0f258c11ee06bd81db342170f7b68f0716cd1eeedcaee764fff9023d1fa6a8371946b789673c7debbfe9ce63fde4f233f476e80ecbf95920ef19bb22bdb006e4fc9bdb556aede + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed +Msg = 0aa54f40506682881b5ecb5301199929f9fcce361428134b6ba26e2655b016f3de8686137521d01be574342087c2f132b54b5b26812a2e99a77e2231c1c8bf26ba947301855ce2a40fa97d8b727b56516beb32760e0fe05fb81eca9e46d4ca7484183f94e8dd5f2a8146cf1c2a0d719003257dae229ed3a785ca8ff64b9edee6 +InvalidSignature = c8e2f3ae12071b49736553ef634fee2fcd61e4018fdb452d663c3b07432cf1f00e3e59b016663052d92b6311c2ccd3aee1ad5993b2d4660fa79ba5e8bc5df304e1abc9bf06848c487b81e7536e5f13e1db8125941a168fec73fa3c3e8551da2444cb0bfeee2ab9ede128eab718f373e56348500dd4cee900f9ac561b03d5248e + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed +Msg = 17e9517428239fcf87fa7f461e833d45b9282a255daa9451dc67f5a8a6d96b23e26068b8bd41ab7e02ee6f11ec88e23838a2d8c57d48c1bdc03fd8b9438f9e8c9f3f87261260f3b91a4d5f1a4330dd693dc8c1f4316a9e59554671ebbfec1b57770f1588cf885fc7f79db927cc841620f1234e7a211a136cc3032606bff8cacc +InvalidSignature = bd83d910364d07022f775c679110bfbfff38f00f29f984b9f951b440ae9c09477128dcfb0dc6da7c0f214e4c79a73314d7fddcef277781a70ceefd81bab2f9ded7baef76308cdbfa0d2a0244cfefb7c90d61c1f8fa557ebcecfd481a8e7faca060df6af93486acec7608474514b39ae002eb7f2e4a95ba1799ca4700cf92461f + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed +Msg = 6335ac2fe053d75f7e288705ae77431bcf2e0e29973de9bbb5a89a12b4dbac1a233fb79cf30ae1b5205ba5879486d32e48acd8f5ac9040ca49a579f0a46cdaf466fce3e2bbe2c7b8f82c271b80c12149e8f4894f5958767c36d50115fffb494a7697bb69008490524dc4962b3bcf3455f82ba89e673d94b8c65fb9ea8d330205 +InvalidSignature = 8324e0f771e2425b09a6be4945bafcc30f21f6c85cb105ff76009c7c79a8cf6908de6952fa9226123e145186df7c57ca40819a5ef42556bf521771979a5d32f743772693d0c6ee9055f3f613f79f91f46ef8a0817f39bf75d89fde5a62c377d0da29c6418641591c37abd0314bd8ed8f25d4cea6ee00802ab5efd0f683a85f50 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b4c049 +N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed +Msg = bd550157371c4ec71c10cc7cb467ae6b6ee3759c82efb9ded6ea26b91fc3c5a448c67c7817b5d9250e1b0ba38fdd312c4412d8a9be14be6a5cd7dc196f7aa4f19b1c882b81f1bbb99a953b3766a00f1fc77acd3ca7716061e108085a5f92a22380002a58bcf87eed8a27651f81d7cfaabec45f3d872b262b2d25b263373347a2 +InvalidSignature = 9cad4b858d9670d68592544e11e6ffe849051f7d5a5732aa20c2b3d6f8c9648e52a45aa02fc27a4f3614c27d1f9eda37477d2e9f5a323e3ca10998f13d56ca0b46b0a4214ab31f124f81e6448f790d027895b401a11a7f75a82cc06f5417eb82511f5674a36187b2bc3d122f992fa2a85ec2bcf91bcb386e5320dd502e3c9dcd + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed +Msg = 36337dcd88c66f37c4e3e8a05123aa0e2c65afe538cb190ad6066c49b6d4fbf4edc6a0cd4747b026deda2e47eba33f10dd29dee0a85ad1b560d0dc940652342ba29e36b59165591e219862675be2d74d2076b525780a650b2623ed3b809464bf7d41a84b10295365b4a4eac848e8580b1ed29b7e4fe4be55518a0708cba171f9 +InvalidSignature = 148a9f6732c77152223c8f38ead0016ec9cff52302fcca9b4b99ce1f1f093276ac2235a82a6197301ef73f63989600a160cbaaf830a2e4cbd0872bdfd2fbedc2f0afa66c5cdf9cae8062f31d97b4b6647f59bf04a9f1bfe2c55ac4e49142659a3529550be59fffd8669cfdca9e58895caea6676edb17a709e5ba4f01b4343fde + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = 91b07ffc7a0f56dfd81fe53414f6fc57ae6538492f218cf75f2021bfb746603019414d11bfb216a5728deb2efcc211b0df1d32f7476af8db3ededac31fb235684d119edc243477ca30ccc0ff9da03029ef7784dff43818e2f650b4a33454a80594e71b6392dfa0d57ca30aafe1d7824b473cd6091cd11493ef3f5866e073e28e +InvalidSignature = 59811c0f93c7407546a19bf0dccf244b1529c1db5b8a6feb9e4182f4c2974810a97dc85f621a4ae43e45dab7af4fba76412dddfe380785edb2e24493670aaaa9a782f5effb7124bc60f254fd25b11b125584952d32e1db39567e82bd34eeb1eafd3ceac1554b368f61d77762ae3e672c053d20a3af591b9bd27441e7977c0fef + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e7fdf +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = b1913763b5afa5045396ec7a4dd1fc472e92ced0dbf79abc6b8d499d38132dd23680f0ac8447cacf41d9f7dba16b694c40faba9fb68d64b76bbb347ead6cfccfffe48994b4fdd42bbdb37c0fc0e674b46a5cf9b20506c8264d848d557fea9e93b4c5e9646d592ce06f2d645cd1ca874653bf7551f1e82cd2b8f03c6ad9157ce6 +InvalidSignature = 411df9bc426d5bf6ca6e12c564ffaa52b1770cc96bc670e9726759b1bef233a7b6ad24d79545eb78f3a1318881bf65e886563918521350e125b957eabea89d0e487f7b963767bf1725c6a4c6544c734600669699ec2b7fae5a01433dae3c148d5824031209c754fcfb0a2d9702bbcf17bf35cf9f07b73ea6a732c3531a229471 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = 58b262cd0a0859381541e24340169e9bd8b3dddd52c5644e31d56ecb2bd4f00387f721e3c9c53a52916e7a1fc15e6e37de126f1cb92a6c924ec0ea9cecf948a696d94804aa5ccb9bc0c2dcded52af0fda9626c5865fe683a81a7b3c4e5b617274e02de17f4f5947c6ae60f6ac5a2ad53004cdd7b9f68e1ad9332d22d5e34e4ed +InvalidSignature = 56ea3c128c5d3c6342c45a8eb5275a518ba00aa2a6e177fd855abbf35386835773299af0809c049c48ab18b50ede9cf2d84650dc33b75d11e6e607c5e05d3052c0cb513ab62114cf9d850a1117ae655a3e5b54149b7089aea33d38bf673d04868ee314e858d981a31967178471ed93d350590fafa337deff21c0468aefa4bca2 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = 45b73d8ab4f335e03c0154e92e467bd390f817285b83f64de72b594fa3f34ade09be2f9ad1b5a08e65e876fa963824568d744b9304c288a4b641913d13ec80db39c26e04202444d0147ecea86929114e6a90df1d9292a893ff28930c2348cdd0bd0921500707caad3109857a0fe1eac30f94fb4e6dbbfe20aa2988433acedbc7 +InvalidSignature = 66090f92daa94f0d03bc2cee8b21140d5eec31bf90d096ff8e3f23bb29662cc36925e1db46e9c91de5bccb209f9dd9d7ec8e3f0496dcc72191238327eeedd19c40325f74e04636457485c6bab62d1a75c78dc8e841d1f2dc33afffa9acb7a44ad4bd5a0038ee2fec8c5d2e060fff412e88f4dd25bb90e2a3f46a6e378be209d4 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = 61bd546bc549b962a8868d7ec803b95674a812b4593cd33e98294a561b84d13e2848008036e2218d00f3e4a4d95155f53f4f0a07b23ea157c7336a42780b6024bead5ec2628f8fe50f7c2748ad9450b4ea94676a195769c1409da8106c0cc3ce4874d4f8ee57ebb3fda9bc33ecd494db9eff92a6369013c52cef6e8aa18de284 +InvalidSignature = 1ca0b712162c8f1ef2c443d7caab390e844e0859d337dfa4c42f17afff26fea832ab4d7bf1154ccbb88f7220bc0fb6980506d39b8f8126acb1cb56369f799164ac9ab702074677abf3d6eea003072b49f70f3a9d11bf3cdbf5f4b6adae5c5b6cb4b75af5e1a8865fc1bd9b09ea35a5274c4e3d62afa575bf85bdb4d87725ee84 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = a5e2ce04a27a898b29d3f51c2cdfcfda59674975a94f4796361ccd7e4cb3b8eac263ad398b2650d08824b6bea0791c9c1338d9b70bb0917275eeace50e8306cac187e89a30dd38f391b9ec3dbb60c48d802f39c93edfb10eb107f44e0be2e33e4753686fba26a9baeb9981e2a41b3075495351f369640d3293708f016b5bb70c +InvalidSignature = bef3928d30828d0f473d1bcadb04c4bc636362f82bfed5a3f5caf3fa1d50fcff15ceaabfde593f997315b1163c03f80c5f668e32edf24cb4b9f0ea069f9cba9ee4c234cb3044222310046bdb4cdf003033de6a483ffd36f01b1bf205fd79b58394f477d4eb88f6e4e2b2d3aaf56a9a44c1f5a377ecd755dc71812e205e0cbbb5 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059c0d7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = a8a186db7f996a09a652fa6c82eae8be7886d7e75ef46dc2308faa240563781b419283730bf74a7f020877162b016bdb2e3f1ec1c3e926cf67d6152153ab0830ae447d5302566585ed527b68198cd38a6d9cb6e78504adb06014dc4b590b919b597f1d814affe3a3cff6ae6c32d248549e6648618e8d2bed8511a6ab00cb3be5 +InvalidSignature = a5f4ea68ef0aeb4b95f166f500ad95ed68e876743add1cd884c92e8c1e5dff02e3c5631e244efd8708150e1bc1f848d338bccd7d3c74099bc4e88618349fc3e51b50c311eeece26f21b63fb3d20ac52f4f20889f148bafe24ffb5a5e913b83849445e163c4b0777e78cb1420848936953a58b73d61a74ff9e195fe9c8a989f79 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = b47e91f13b8cbabb48637ddbf28ad8a44c9c823df2932403e146c6298c3187a12c759240571f4d1dd4add43aaecfa566876a9d612fe223427599a3163db33ecad31dbf4b7fcdd1eb5a4b70075f709ee6c56d57e58d10c6d15743b99579d65315527e0059dc1daeee81433b8930f529eeafae991033a4777a2e4cf2ed68202f4b +InvalidSignature = 6cb1e5a178a8f5331e7b93ade2ec62e75613f5b93b1c82a3c13f0d950ed14f1f679cdb0c3d11d431005f4152e7f19347f0daa308652aff6d7d2c162b6486cbe8588ee1e8d3a6e8a5cef12ac61c1f69ef88ca70c8c600820075fe844a6e4d003e722586684566b17b51438df5e9ee2a5272add516430beac83704ccfe9f3e32c7 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = f5ab2af81fa31cd0c85348d948475b195bd3a5b26c4b7ab71376d83edc4149b74ab10b7c1b1b6fa9ce977f2d63b2e321626306591e4174393bf287ca6ee7420d84467d90a628423edb05787bce6cbe71d2f89aa4237fd3cd6e8c1be59410f180ac54c65c47325f3af7857aec12deb4b0b379aabc026f5f1ab52cdeb6d72420b6 +InvalidSignature = e1c4ae4f01ae882268b35f11cec2b112816063506ef8d1934ed7f3ad76b7a12a663fb965321886fe7eaf05abeba8bb57e44c9937ecf0515862246f737abaa80a127ba32e78e650d236653d36426589e728387f1adb8001b9f69007d5b2d504ef5c534526a60f6b53d006c7ed0230a7ec9c09d80eb22a7bdb07f354a0292c0e22 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = 31aea9d1beb7bc4f5fc7f5a49f8968654fdf7c2d32c84199fa87039773021fe1ff6815c44216df261ebc81c7e2bbe2c7bed2da697bfa8c16688ef6a598afc6d94ae76f2ba90c7dcab66825e182162118a0afbb5dda2727e423f1156ccd6a87c5fc74e08f5b613e440d140a79e762ce60dcbe4692b816b90b12f889767bf90aac +InvalidSignature = 103aa0873b0d2045b0867c084fa7e253c0119c91ad3c8144156b61f36fcda4a5578f515bf70167a1aca05b8fd168287bba88558932d54b218e822bb8c657067955c78ef3f97f3fc73d1c9ad93c31123cd519a17a82c4afd2bf915907433be789b302a9cb7cef11e93c07d35961ad827971221a0a3b26eb74445e6ea0db338b8e + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 537427fc226d46bebf3264621d7aa97b5686a277ee579f745c1e5955c6f4d8150dcb945c09a4db50160372aecfa07f191960a6b2648373e82d1ff892c7cdb73b5ca2c2bc2f61201123ee73658106d86ff62e0f01dbe9dcdeb92eaccd0d197ceb48e1f7451a0adea6f0dcadaebc137c24f4d8238dddf0a1fe0934bf2e1e41f0cf +InvalidSignature = 4ac98f889b20bec85506523c1f6603ef0acea62d294e4f769b3a4be02091c246b186d23e5f22cfee7c3864f19f414c2760b30a725de04ed2bcc93cf871adfc94ac9a1282cca0d3670ea27a7ebc146d3981c6a705fbc7738f96adadf5411b44eb1c41ac19fac996a35a79ad34ec1d6d10ab062bb59d92bd9cdad7500864c6721c + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 3151fcca24364d0fe8733e86e2a6806c6c935a3c27249dcf92aedac8dc76d22ff7742e5cee57711778c92afdcdf36e26b8448504ee6ee48e9eb25b9e495e9098d494ac4ddc4c541f499cdb652638b611b0353090ac125ff1fef8564a78419c57f038dd65951fe06e8377b986947b407579eec1a60a16f540db0931921027deb4 +InvalidSignature = 9875f7bb194c63b53a38a06524b2d1300f1b3db33bcbbc6fafed33ed7f49ab2bfb0a4a085bd4e43e43515519aec4f05578bfd9639eeed5c57f4eff0f0fcb4bc1d21ff0d18a671b39808b72b26651c93515ce97358b850840a7fe4c513a05476ee447e464183793f92aeb1a34b8560f590e541c7ebb504f6fa839db5b59a92faf + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 390fb4adb6b1b14c59872d1584b5d1e2378fae4a3efe1923a725b9457944de91a3dc14323314f923c85b4bf14a4f45c3d8dd2c9702aa25ce39b249eb8330fb9874bd79ea59bbb2e5b6f45843f37f357152e4c2db247ff6693d2a5c49a51668f090fa0b5b9070859b0a9b7b90e70e49f58be9999c0b4535fb9ad319e845bfcda1 +InvalidSignature = 5df6894b07078bda9a4b3da89c7e92d98d66d3e67381adfb8e1a2ce8cf572069a42d1ebd39cef5bceb399c8e0823d25b594dfaa8bcb270a9281384b62341e91bcd9b25252dec25aee0c71085fc21cad423f65e144eec0d3e9a700b8bf7e92ac06e33ccc70f2bbec5f7e355fe444abb0acef58cf978e10a4a953a6ef0d48214c5 + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c1ddcd +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 83d4b9b338fda00d34270963c6f35c854ed58ea8fcc7ffb8da3fa3f00d5e61a7586ab86de17ea8563880d0969554d44e614f01a6f8ef341caec9f71c10c2eed06c82723993267b7fdd35c3856ed628c1b840524b41719733a6231b18e1fc3cf6c7052d40d45de02f2b2f2a59d9e122855a8ecabe5eb7f1a6cd35570d087213c2 +InvalidSignature = 02908246b1501dba9daf82750fddb095f66ef66e8b26fea97ccdb120a7c9f5ae0faec977b37d2a7c3c4873fe98139d85e2daa02bc9df1213f78c5417552cddf3844952a4295a6babd59822a824fd3404296532a2e8dd004244bf95ad2282319ac07e31afabc092c25bebd23d29d748e60cd6f8c5fc0f365390169b3a8da1e38e + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 3150fcd0fee48e6e623e34a588a99cb5c202bd0ad8bfc863a0305b33ce05f8470e11b7aa504d37c66320dacbc6dd3255bb8eb6499cf0baff72be9ea7c43245e5adcac8bf31486cb9d1fcd23e5d456e420a563a26c536acdcc60ae54b67972bf5370399d74adb1590d45b83c6f6e938c6d8e2b26af8998640c29d99e8603b93be +InvalidSignature = 73e59071308a443d194c43ba89bc5700e0932699b8923a2a8491db20433d90c80289265cfce1cf419b83873bc5adadf42dd26d367819ddfd5110c31e7c1fc7b86f94e782c55023e21694cf05eb08eee9838cb35081847c7472840ece7252c2404d66f173f6c6c74db5f9d247d93f1ed077f37e574804a7dce99c03f393149fb4 + +Padding = EMSA4(SHA-1) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000645c29 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 6c0e15a99f9948d41980d7a37a327eb280c70a6b7b9f6bce01460b6ee29b5ebc5e32bb8896f66ac54113fe8da013e465b4463dc1ae68e9cba77ee4609101d65b6e3ee517c0fdce2f40613488d20f3892b99249ca07ff3d8458d4a1e7c0264e3902fc3d5d03f69d997e32229df86f9fc1f773d78f6fab91817d12ea0b5753efdc +InvalidSignature = 573cbed450f945f56497273fc3c1731d6198067ffa30047e38d1e6afe0aa643ae051b6a19ed64ec81a7621045492cfe8ad18c98e58b6238bc77c24186290dd990926a9fa6ce06eb0891db942c07b44fd00457cf277b12dafd0d636766456254b02087d0e05253f1fec4cdcfd65885340b6c6ee46bea267aab3895cca4ac8dddf15ce1157603f272551c47d792709e94a894b236bebda73af22d840c34d59e5ebfac5ab3f52cfa43398dc14113f45f5ea5c1f1539dbb7cf70bd632931fac73c26bd28b9301338a22aec43b8f7564736543af56198f962fc30369b50caef1eda10806fa70dae5c072f7f4ed1fc21e89d7986aeda084b5c4b8e51a2d9275ecb38b1 + +Padding = EMSA4(SHA-1) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 064206831cd415425cdaeb49ee727dc90e74917f55a723883a340877d85ad1a5f264f2c834d824c7bbf207cdd8500c9d11ef922569564f55e211f2313f6106250e321a99e64d1fc6eecf11c89edadaf4ca8a736bdc2b4cef61a9eef6c747dffd6494c51fbb9ccfe6fb5b5161c977ae773f2e7b7a358ce100bfe243eef67521d5 +InvalidSignature = 385b551fca5e32d9e3ddb5dca31464b14cc4303688c173a43e13a8f036a9c9184d5573122398ccfc5f5eef01c3a0b29d25aca8e388f6cb84720bd6bdf32da681d431b6de9feadb4631ae7fb1e2aec9a30b99f82e620246357c4588b0b975c0a3f6797b71dfa741dd0150f9b614685accbb7609a5c511be4d522631c3f9c84e308c6e7034fdfd78da43eac1d45983c653eb57677d71309588cd18b6223024c2289c8ff5bc62cc7143de19c446e56c0e95245e84899972832beeaea36e5010e9bd7df8ca0bf464bdfea13ac4ea1e57ffe8f7f65a5e66bdccba127f08fbb808d4b9a7288b7f3f2a42233de496833cec587f360e135a7051a0a9fd24d9bbdf0fa10c + +Padding = EMSA4(SHA-1) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 624ef431a1c81e279c7f3e37609ee57c27c44333ceaa3e7a8905c658d6ae62feaf000f4c04814b9768c56daa0b90370ae83bae7f3f5929cf469aa9cd1cef6892feeeb50bbd79feb46f9a2fa265b23bc75ed3f772fa6a2f157221f44b85033319b6e18c74b4f560041ac62c28584b163af153c614e82577d374634edbfb34ea1b +InvalidSignature = 3162cc1bb742edb6bb18211dc80a5fb1ab196487117080580c2f28059c64fb5aeddf40d98b2cf95024f8dd9c1698f06572f7f1682b67868749d33bcb678a3dffb9e4bde290d256c7090212844ff279906291002bff161b30e256b7e57a65f5c89273956a0a92e1482a90dc8fb2707cb3b64497c6ed40bf89c5b73de759a8a40e2f95943aaf6ba80946704f9171eec6d68c11f4158bc29141bc1b31d8ccfc62e9f4221dcc4451fb4c1619765aa230cb3c487bc9a055f61360e9c42e938f16e38fa4257443b0939c7d5506c4652c750f22788f6db34b0df54c8bb1ed75650f7434779041abe1b70c403933beefb3d22892849e00206d01ed74fe1376128a41e19e + +Padding = EMSA4(SHA-1) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 6305a7c4512d7d903eae65dc8e629c81060da681eaef9240659a7ff12a025f4e5cd3fb8cac07388ec1b79859dc3103c8bc4cc880bff8df274b1971d16c9699bbbeac6d3c8e8938f83c160a57e31473363c6a8bdcc0bd352f0d42a5278bd020844f3a03bc40db07387872c3bfed3173335010f77b35671fc075bc25dcd0d97b0f +InvalidSignature = 40e1afa3895d938a9738791578a343c96095db0e72025dc2f80fc94a64143425abd96b9a3b5d039a5645c2fc6e70bef64a3deafd9eb6dec041c49e04f86d038a61719364d4f3599f13a8ba047c2f88a9638c75176ec15b26b3b37530441a120e8431ceca4c63c592789a1db9bab49959d593b273823bbab46b5178a8d1a79e7f93c03bb0468d5f64e5a0f5c607f38d4106022e4eeddb34ed457dca40a4f25fd9cb68d497b42d961091e4a06e6ad70a2b76caa8e267d54f8ea9aee85d4f8fa510b5ea8ac9b458eb0556566e8a71145a733897e0098dcb540dc4247a0f5f8b1e9735a636a4561e96141e33d3beb629eb90613c0d23f8330d3ceefb11e19518d219 + +Padding = EMSA4(SHA-1) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 1c9c81544661aab0ec7f6296572cd608cca51f55b4c47c48fad5df9fb5a6acbe07ddbda5448ea920570d463d62016c03a5bafc61a1c521657dbdd6afa863a924c0f1bee7b3ac168524b9116f103132aeb17823d2a2caf92b4516b83c62101a6d10828c00d9e27a46192acc13a7e4b16fb7849b8efffb8b0319898e3029d38701 +InvalidSignature = 7a5da603b9e8af2fe8787abf9496c27324fe31e2967cc6451898587da67c337cf03cea8a528465649f76da77ed4b23b956be317ae3929aeb0664ad06a6bd83a9228c7a31f14fe54b879b8019e4622af59d31c7e4924ebe0d6260ff83013f2f684dd34671cdbbb9b9937f5d8cbc13d222e3809a757d4168d7210039fc4edde9fb23e27363848664ba10a750a7c3f3e06559303762acff5c1524b369f5fc8b0768c4c465a88720cdbba36ab49cbd6a95d4cf15c45084a84d7f88ab61d1546cbe1d56ffb29e9ef80115f67c8a962a31c6d4ca742ace4b53667ff9bf44f7a1da87648153e26080560bfe82204bdee00a7db0b14be0c00eb29a4e9311f620cb81e314 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = c9a121fa15bffefb864fe3cfc2b1bf775886be3ff5151c40daee3c288dccf43ecfc02ba0cf8ca7cf9d4d206ee15e9947cd78f08f501eb36b8d3835b38bfee1f52e17cfbd66029513a6b66046988543e80f46ce1a3db3e30a2610c5b9540e7202ccee33d842e971cf89d0cadd4df0646204388167229e54238cbe14c450c44e6c +InvalidSignature = 7d081b0e38d73256476358c013908f3497810ac4bd5d76252f3ef440c5742ea552ef5348eccf6ef13afdf616288dbbf05a5b25e66a8745d9ddf66639ca89366e28062529e80b655b0268e922c8d77eb8ceee830fa14c15238dc1442dfdaffbf92436c794c24f6104374bf131616bcf4cca12608cee203e7eb0eba04556a0a0ac3dea9fa39dac8082e39f9a739955e036d0636008f5c3c4f823a5e6e5229fde6b94f986520de9b9a77ca34ccc0236762c77e33e105a9346553dc0e4469d3929ec38e8813a551af26b0f7d9dbb12d40b7d9fe195948e1ea1245362b01faeb4157605a9ab5158a7bc4df644f12121b03ee22e9f23fa5f40067b333b865bf3e41244 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eaf989 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = cd69ac8d1c46f54d46cc9aff98e078521357a36177b91392a0459abe15351993df43f437976bc32ec3f34b7e63a9ac11c66cdb5aa2ed533c64b70827c56d9d849e53d653fd10501278b370e1c1f399e57bbba2ea4ce6874c34475e171dec8d6db3a33b2875be04c10c14f171dc48a795da4ede579d2a158bb7fb84d745395317 +InvalidSignature = 5725c1ac60b2d610977fae6c52a94155d687d575aa2f5cee817dbf77e1ed692266c0ff14a2105b343dcbb075c43ee6a839a64bd1d151d3801e62f9d76c8d94787c29d1e88ca2ea7f23d7ffe1aac3d5072f556a8087516df5dff9fcde5b0e849d08f1b42707d2cda2eac462bc8810737e03d47dc8240db73c3ccf7106886f8ae9c4c36473493cb5242e2d70bd5c36be35ce1e5aa5286d6439b247fb64ba06af222b133f05d39e6a44a1ad6ad567b9e0b5655486af0b9cfef1d714f311dfcd983bd90674f964f64243be02feb3a202cd5f945505826fda112bba3e5b837bdcb9e974953ee7b1ad7a6e21a0a64268d52eaba083c6719632c21e6615fe4395ce3f53 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = 23708e055e891826f8011b1f48a1c7ad24b5d008f9c91ec31ab1c5f358cc3793d389b927102913a04bc78c800e96153e026bc5ec067b85177e650defed730fa7c71cb11f80ce41c1e9eb24a9bc121008759f7cca6475547601fbf0567f6447d9a4346035d7ff0a507b74cde17b9b20d2265bdcea3e3ff1a84b7a5872352849ef +InvalidSignature = a8cbf34ffefba916abf4961a6a1032c01bc4aeb8278ba42a18f4f67fdfeab49ebb05cc289aba475a9667649c6ecf6a8ca17ad81f17d5109807c2b260ac440e134e55ee429213cb8e8a2314e7049019fe95ba36e3ec1ed1e77108e4fd84abee28423996e3fbba3d38b285a055d6390d3d8f5b21415e6874ab37423efea5726d47bbfed125494a2164eab12394f89843f8d8a5bd3bf05b31b598e4caa0ad2a8cad4826d238e4ab8d005379f100f97398d896684b08753c89863c224d65a475443d51a91ed668cac691ea7030aa737c3eeeb9db33cff17ce9a8e399bb2b3cdcf2444567398db196fc86ba76114dbd13096cabd692b083fea1c7a94e6564c2e8c093 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = 0af6365d6065dfc44795d87a8119fb44cb8223e0fb26e1eb4b207102f598ec280045be67592f5bba25ba2e2b56e0d2397cbe857cde52da8cca83ae1e29615c7056af35e8319f2af86fdccc4434cd7707e319c9b2356659d78867a6467a154e76b73c81260f3ab443cc039a0d42695076a79bd8ca25ebc8952ed443c2103b2900 +InvalidSignature = 3b32dab565d2f0a5ac267ba8fd4c381f5b0c40f20c19f0dc7b236232a8bdb55c1c33f13f4f74266d7628767763582bb0fb526263e2a4521e09a3207ee5fd7cfdcdac85ccffe3e1048f590dadc19035bf2f3b5b954e8c783f6bd3e99d98930aea8eced5e3119331be1d606410d16d0e5ef069179cd6b513b94b36c1cfe6ad64ad285e818b58c4c89bf9330c4bcec96d08ba21a35cd4851da1f405d928df3fcfeb85108171bb4ae5b0310193bd8b5b861983b7a2483ba6bccfbf2d6e15bac1e2f2f8363c6154546744e301fd2661ebb3a29030d269c8954ace992b075c63ac12a992eed4956cb2a48495d82c47fa68e66740d38a80caa69190b19730ed7d72835b + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = 4cde2a6d9ecfdefa3c631c95aa9933634ae12668db8b53a03f80524b8130208816cb7d2563b492b68033d7e43c6a3408618a67f93946a521508884d77c6318e91b4a5c779c7fd40841cd71d7227ab56e767817760edba9ce2290f8da504b341ee2c1910b5018ec18059bb21566b3febc1112018a6232a7cd3cfe77fd06cfbc4f +InvalidSignature = 4151dbee3d483d20b57b51d80bd2d382fc85575fa031582a88a135b2615c0a079bb08c2cb7ba6020c35706aadfb6bc35d69ce4df0b2e5fca1ea62a807e9765501571d6d123ae114afc19b26ba4b5db1b0522859d2269117059651053b9d72cc253c90285652a7e3094dce3eb5c9ef5fbf35eb268e3b8fe693c2bfc4bbb8682d709a12f3038fd04629bc48ae13ee91112741dab717c58856cc4215eedaeedd57edb2926085ebc05d15038f0deba90b00e18e710e64d31ff563a1ac88ecf9cadca2845babe9dd26771f0a629976fe13ba14f7c9ca37b98bb3a9d96ca9d72273da78ff3b17f6d7aa2645c42e3251e9161c958bd6f10d20f08fe2437aa79d73f9081 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = 7518c85b67e7aef7f26bf006899faef76e076f0c6c946e5dc9c83521771a6d298a9cf5adefdb314b5a07a54d8054c22b879fff50ba552c218291033c918401fd611a7447dddad4815e0f56ded825bfe256557622a385de4b4a69e265c1efd259e2da6db19aac3fa0e5ca2d42fadb4e24c271fc078feb2be10b9afa256f228844 +InvalidSignature = 992d48b21bb3d2219b44e8fcc8633cf3aeb591de90f4386496ac7ecd284cb63d7dff81a50b8c4fed9f2ef737692ea6be05248ca138947b49b4e7f3cce6640e049ac2154c40f57e22fa14f97e7a9507e1dc98b206ce6ea0e180039199d1be0a15d1f5093a459e5101aaca2a23cb1f59cad2f1fb99dc956b9d4344bad2c1121d63b915004acbfc7ac60ac9a7b0b1c6812b30bfe087f7f0c7d1625f9c4f458515e11478e3604aa39d14d08bea30b01fcd6189e6f9b701d360e4714d45556b29815c8d8fa8e46e10749ba5e8d445a4c0f487e70ab5890b7ccc1651282a54e87e7db4bb2f7d4a671e71c43c55cf6486416f171d1955037474d06a71dd078767848e5d + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = a3bf44cae8aa8347fd07d84a33eec5dbbdd7b6431368887c988c4be779c5473dd8c33ec82a35f1d3dddfe55f3eed67179b87ce86a4a50088172538fe9d1b06c6ef6897eb3c8e3618cfc21353ed4343e7fceb09a2eb035441cd5c8829c79b81582dd5d69ae85c5a001bd8e98e069961342a2bee00ad2b8b91015ac5cfc1f0c2d9 +InvalidSignature = 877f20eed60f8ce286108a5dde9b6828b37e3fbdb08fe153e591513897440f21f81214598fba08ea077394ba8c2a44aa4f0d8f3a5fbaec3dc69b3bddfbe28397c90adf35d08ea771c7aaa31eb06413c1c62b77618af940f4c71859fa4384d29b48e5cfc941d69bf0a3804d2008e758742b8ed68754bc71d231623d181347c36833a7d7160f742a37ce7d432d748e514aa7d8156b50c532151390d086cdcf9d59f122c6d97f4ccb737289f7b00a237cb6b4aae6ba79d41ff73d019a26b59ade04c967356e2aad52f115357ffb7676f190db38dcfc98666e5b258559c8c85fa32942cbcb99d757e8847e56a1687b3302415698708191b136d923349b02fe38b6be + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = e1c46c309b6366fb4d56ac08c9393cee9a7c95bbe7b7c0e79a3d9187c0f42bc33364c28a770da585e3fe7b4901a3ccd037dfc42aa65a3470521ddafa835ce2d16c92ac670bd4d086505e608781736dc4dd64cc5080ee19e586c8fd1d737dade5d378b32f1d5df1e8dda0e32a125024b2d53334943c18782d7e69825a580093e7 +InvalidSignature = 8ed1f28fd16d45d416a21554e104c006fd7868e5895e8b99831ae0938135b543610df64a8c3574d08118bfe396f9a5609a8dbda21b9a8530ff0ba90e629d6abe30d2c1b590600db971fcda80e6eaa84017e209b9bd3b641f3c81d5d27f842bec8019790ed99a0e5db4aedc1c070b047c19410cbc56e9a0ff12d8f6e5d7371b1011ecfecf7be7a74f94403590a52f95238dd69e0b5f4c1fcde97ecfdb1acc3803e59ad8b3088b2bc509e3dd12d40d875625dc8362c579176799c75e4fadcdb392c68f401f68d854e46377f084c081f9d83743039f6934722e30ef3f0226bc841d79a4eb68c5cccbb6ae0e9200444e50ff0d0953047ef955d2d39a70c3b837c5f4 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = 925d59f953cb3ffb6d5a3a55c079cb1083997536e33d7c8aed50ed76aebcde459938f79229613200c70dde2ceddceae08c10608aab9e30ec51842f14a65e5f8f553471da3497881927ec400b4207ef3e2dfc2b7fcd318c9520b8b22f69dc8a1a8efaceb7be93cbad569e67db062362913005dcff902018ed22937fad405fe84e +InvalidSignature = 62b07f6d1b8f13651d7f22ce2ce01061090029db5af7dcecfeafef20621dd9e254a0fb914f76a3d79662257489cb8122708583d30778791a77da83c7bea81140c61e4d0484806e20fb85f24d1bbf774ef2ed38809c9b14f2a58c6e8649b760baa901544522ed94bd405c77201d07c8d12864a8d1e97a4d322c29994b214fc83c2ecd5c955b9bdec424e7ca5a1325ec0aae4ab0c202b980a2187f096aaaaa5e85550ebd325799f4f30ef2ead07e79c7a475667f5965e6b50269513659ab5962a391c43cbc3a3da34c0fdd1546c40ea7e2eb5352ce6a06ce6a6385ca0ddd5d162c137836df9ea1f89cfa00c3eb1671a43bd625526f3b6ba8e48a7a2d56fb4f01c6 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c6cd1 +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = 08d3ac24a595da811cc9bba78828f1452ff390ae653f22d1ad91ef6b22aa7b7b15a44ff7f83efcbd7a755eccf4541eb4040c7a4b774749a26dba3937b7f95c6c8490e3383d4f291dade5f35a65b1f6615fd4998be18bfd0ba4bc3a2136ceec909dbeef513d6f6689fc4202b9a3e78134877374d76ab246f49cbe7a8f65d034cd +InvalidSignature = 72ea7d669ac699a149c13aa168eb3e148f590bbc0424951f1c3144c541915573ecf05cabb5275488c98d0ebe55b1f1af49ef8cc72cf00e849897c6afa53833caf9ffc00eb84cfe55b8277e93a6ac3e04b111c9d07ad62082ca32854c40de1e0956a18f8460438484403abb91e6fad12b28f114157f1b6ef563d2fa438ccb8a16aa3afe6ec5e98365c30d9a355e7e14b039bbdecf59f91248d0f1e317d2e3c819096ed68cf98361d7f9310b354f4f45e2f7c4dfb82c218cd438f3174a6f017f0f148a71c40ad5b7e2c8081ddbaeaa764d601bb2e075eb3618aabaa4b5060022c6d23ef072643686a759227daef0331b28ee76da4ab3b5ad5dda8991b9937d1a59 + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbb343 +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = 329b4257ece34ecc0185031b0bc665c9c87ac66ec01a8c69281734d2076e97b0977d6c6cee140f86ddd0818719a4af3798b9f70f3e78e8f1b9e54917aa2e5d4a05836654ba2968b795ca2f9f621093165672fb77aa4d20258936147c2c8f8208445837f59848e1c7ef1c174c30309acec84cdb8c4cc0bd6c5fb39bead7b88d54 +InvalidSignature = bc7b0631f92c7dfb0e3e8694650bdc73623d0356ad2897aad8eca32ef4531263f3219e0af3ef2fa3b8a3eb878b3f9c293c634263bab59b1dbdee04afc3fe39dd8bcf22a0052e6a081d3b68399294c8c6aab199beefc49706eb3436d95bd3e655d21cbb0fb3488052df8819594ab0f9138fc5ad4e9e3521425e375684d94dd74b9a3a7a858aa1023e967502a38b67ed3b8b8f6086427e8c8b4ca608c4b394fc8dfb818daaec3d4f10e77f51d80c0a103569dc28814a80eca64100d9fce5d6b9081f871bf8aae624f1786151290c86dfac7643b21c74f4f5313bf8b7693dabe4c816d7d309ce27f4b08b59d6a26795a9c2278ffa2185a1af12257a5a6de57c1a41 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = 3cbc49d73addbe2875dde779689a363e42cf88b3e13ab520fcfe655ba246268fe32bbc3dcdd8b8809aeb4d95271f5e9aa828db969bdf4ebafa9fb1e7b5ef83705f611b2027ba3b7f0b52e85148be796015adef7b901084bff97e87151ed666fc16260d8932cb6eab31da61b4b3bfaf15f1246969aa157fb661618defc543f8bd +InvalidSignature = 37c9ca333ade423c46419ea16c5d79f56165a03bd5c674fa0127500a1bd7f5c2d21547d7bb45f558b3b986624c8eaef4db101e4092dda2b4fe48811ef7fa694c1384f460087f81cac1861425e44b86bc2fd825eea94b645afa4afca29f632edce048aea9e1365185a60821e4385de7d7435ec00d307d477b2e6a6e3cde0f340c71d2c59624a7ac8cfb838f68b436c403ab3b45f9a19a0a14ea8f47407b7e25e51a498a902ed8eefe9c493421421695a6d17a9cd5b76efad7b39b8d584cc2902c03422f06af528c6bc65bcebd8876b5f4d1ebb68ce22af5de05105837c15f5ff5c4d41ed8019d6a0448c94675e192a51d5eade91d2237ed57773cf3b37ba3da71 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = 59632917bcef9eaa6edb1bb6013bef9e5d285fe212c49b44ed78f129ca804141a8aab16a035aa1d25ed2e25c1fb022469fb8ab0882d44e7f4459994a158c5175e7651c54c5937db266bf052c0215c8d764010f2941364c16c8f553797a8cc6b63c1dd19daaa01892af2beeeb5271c89ad38af10cf7f27f51a0d3857ca0878a4d +InvalidSignature = 77a69f4fbd9456eb8cb973e2623d8ea83df850f3c7bc7c8f976728f11b2daa6204ec45e15cd36dcdba5d88bcdeca490bf488a32d12be8c93d9fc63d2a91fcbd79b4bed113dd98bf5b93673a1c143828f47935aeeada7938c65717fb8b370cf649134f6fde56602ba7d6f890ba166d3fe1c51e7471c98b661a6022d7d1d0caa5be5d140e94e70cd1478b9b33622ad69559e27cd6878925cf07f37f5dbd1ae457eea785053d06e2e4d010fd885b897f743ec09c2b06f774407123ac30cd91f81080845f885062fa4be9da31f4e6f626c61a7fefbc123e8b7b80978682b773b5537b2366d1118f506464d27db3991fc2af283abbed6d0c552120f82f906c38c2e0b + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = b9403622a632794f7cd74fbba93aaa64c8d91b63144fe7ba23305c4cd135652d7a995d1c6cc2214e9b24696e976358e1bcb7514ea8950d5ef38ceac01a6d8671bbae8d3a0810cf7a76809625b53b360de536e56007bdcd72b15a60bd06f8ec27e6486f836264ac5973b37eeaeb0c6d6fab1e7fa2170f507fc763654c7f20bed7 +InvalidSignature = 81511a0c2eb37d5c6fe2c214c55d6b0e5fcea17242d5a5a9eb4568ac1f0af9b8912498ead877ca43cf9e19c743c3d8ea6f4e67301de53ebb81a1a3eaff67d72e450ffc6646b6b45ce8826957b9afbb13f571c38852c3eb384f6a595538ebf467414f3522471147f2ccb347284d0873018bf6329f33e0b49f4e86338b423a1027a6c4718187d19281aa896a286b6c89622e4cbf4cc6cf4c3ad4443516aec8708006dcbca5f42c9b943fc8cdcee23d9099edf61185635b53ad4d8853d8a511cdc50e189cc8929dfd32f9dcdcf2754adcc19b855f41d25620b65090180ece407427e9ab602a38f1f289eaf3299db856cc5bbda17de17a74bace89913813d147d9ac + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = a95ece434121269f4bf036395e54718c9b3b247de3534fe147b7b540bfcd2fd81f6e45e54848ff209b81f986b49db65a54a2366d9e7acb9d8798289c88dfbbf395bf3d4653a187d98685a753c8e933c281eddde013b6489555101abc4357532af497ddecccf263d1f242672904008fcb0a65405da9ce6ecf9a65b3295afe9e87 +InvalidSignature = c878b4b14526efdfdb99f7287c0e871ef6c0aa7b4d2ee29299a782c8391ecdbbb60b8aeaab5343dffe7ade8af07156c45b16842775cab5201b3403dbd6bf0769ab5533d4c40deddb1eecfd8a46b933627d0d25893f0338e6dabb2a778649ebb2193a9d7c99d069c6c209b4436eda411184d99be0f80e3b293b5ede00f58ec4922fe8e1c6de04e58fd443d1cd96fcc9ca4bfc23343532a3eb840fd5c197e7795f2e3982a928e602b1e8f5cca7ea20da049eda313b1ee8d4b1a8e7960e4cfb5b16082ba73060f73c02716324658d3f00a3ff0a78dcbae103d5048e75669053645156f6640d4f6d1645d02e772dd8e70fe8866cad5ec2878ea6fc5c47530bf9eaf0 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eac839 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 9c3d5d23d2746d15d616bebf3cf720c6e6012a71cae22002f5021a47d0b8636ca3bd201357e132a680fc5dec9b28a9db932d08ae8b3d3a37d7e2ee754b342a69b94fec26b50412289bcf77e6d4095faa545f15a16783d22eae21e18464150174e6db0b837347d440307655d56f0409db307f9773e81cb19282a93c9ca4c3b135 +InvalidSignature = 98657fd8163967fa7d263bd45bb890035adbcdd1645fd48b28febfb9b4e15172540e38b7c2f673c40a205fd40b08b60b4b81ed6e236cdf08f0d6b11f50dc74c60dc466ac372e0f467883aa9a398f4aeef87b040e14a51502dd467e8e8dd89812dfaf6b1dc1c2f6c28448af084590c05aec499dd3b148e66f3d71cf75e239db6d21f4074b8bd9a6bde5ca668634bd47953276ff2d0ebbe01afcfe0e381903736d6a6c672a45fba4ee326e342dc5925169517c5f57e9290724576a225ba89cb4dd091f4e6513be10dd4181855bb4045d6ef6437c16d3b5589ef9d6836682711c7d66025ae37b525580f0dfcf3db7fe57d7c6b15777cc41600307e58a1721b6f7bc + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 7759420c8d1a39ba0e3e1681d9b757fcf30cb40d844f4a71224ff998520e0bb44c761611ff4723a455540fe6b8ef32e3d5a23f8da0206b57987ad2ff4c9616ab1ede493847350dcf1b2ff9b98e813f74f8b68c0615243091501f7f28416c77e174f8a32b6cca3e62e7379ca16455c6d8e3b2651eec45e148d2a4c9ba3978767d +InvalidSignature = 91ce8e921f85de845b9bf7503dc65a328224d15b23e8ea65dc3da6d804fbef196c305e0fba059a7d842c8c0f580860cce77652d4dc779073d6a3b0a92bf2dd3ec6c0618da1485036fd594bd962f7b5a1c61d53f1626912c7e312aa83eb4326288a52437c7387916bcb11084a40c219c84cab2ff66e83143f858647f2dc914da0c7858ba39aa8ad8147ea5c9c52069eb2b2ca941d8a5023748dc401e7664500846c85cadf0287e39b8b8b46794a82bfffa752960ab3b9eaa02530b5903c24aefa108f10aee35b6a8a3cdf8795a182e5c04ed36bb68c18785623b42f0979fff319112e1514cee51db437ee32289f61ded61186c6ed44ad722d18d556821f888221 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 864f4f5890a03653d08daa83d9e2992fab3393b7ee152d6f7b8ea3ad1ec9c1219a0e0365eef2fbd5d7cbf3a19667d421f3fe46688264191b2583e484d209ebe2975e4603dbd94015e633febaa43c615aa5cc2cbd69fd6ad9db970ae81bcccdbe8026625adebdcfbb04ad12f589c70883c9878fdf2a46e750a4b15f03807a2d5e +InvalidSignature = 245fda2e66d2bab102d0da4098d751650f5ef4738d14dabe866c782009ead9d6d05d43ac0a3014a382d62ac971ee19798f3b8ef49f9bc247fa07b368ac2d0e8a4fb210af5acd87b6b512e135861b30103403304732a10b75c9a149552d1ccf0f9912968c6431398b7d48dff48cc7cb7184e76a0ab94ac9a6b0035b91b3eeb2d1326ebddfc13250224538c143fc0dfa3995926415a658db8e6691504050a1a30e34b21af8d12707bc4454f174385cd84c729e2ddfc5cc9178812059b5da4a1a605a2a81642ccc1bc5cf953965f705673b12c5b46ac8c1a03c1001ae4df1c39cc83cb54b10cb7d33cd5108033c268ceeebba6c6ada92882f46562dc658d3525574 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 71abf895e56ba8f6ae8d0e9e6690c09c759270a73db8c1aa95d05980793537fbfff3472c8d2c34de4abb7e64d216cc952e798314034197d50996a2dcbf4c33485e0b68910baebf0e50ea29bacd3060372bd47b13526ec04bdc81b90dc95a8ac2743b814cc5b9ef8ca9633628bfa4248b55eb7f2d9208e114f4dac69bfe27e472 +InvalidSignature = 243c570cd1bd85522e64817361cbb949c83876d7a3609513aebf506fc06750ba38e820232c98acbe00ffa50b36c538560069fd13992ca0df7d9f6d956b883334f1c3af8a74adeed5be15b033d85b207be2fe600a9902d699ccef1f4a8d588672c446401eb390d174d572b918f9b349e2e704775300023850a534cd14e0046e385181d345a01dbd230c7965fffd71d4e9f9bd274d2ef46c556c7332121362e71706c39f08919efa3a4f2f142150c8cef4b30ef788f6fffc2ed2aca0262eba873a251795845da526b78e2b24d66f21d40d5fcbe5542a7553a9178be5a9805bb53579bd108cff733b37640789318db620a6a94444e9203923ae325500b676b14798 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 4b648de2e390677ce1727191498b76d2d2438d0ceddf3db502ade5c5fd815bc70965d42f9b8d04eeb38986445fbe7dd580177c00d0f8a36c24740be3efbf656408e6dd73adbd45b4c7196fb86f40da17b29e91bf91ba518b4c68ea18e13fe7d4cf4d71571f0a71f7a58bf59684f8d5bff04096f2380b8e3b03f14909d9e92c3e +InvalidSignature = 277fe81a1540341c9c04fb5d3c8f70c1e72f87fa7d04b93ee54d56d1184c141ec4e125e2e5cfd0acff1055c76697a1c3079c371cce0bd84ee4437bfa1806aa76df2955935331915fff879d87c7372e75e5e8fecc906f9d34a5adc0b75409a87fb6411e2990cd237ac8223f7223444f5d527a115c85b9ba10287f3e825e1dc58eb37c8a9ca055155ff6a5aaa6565690dceef6f647729d071cdd9f0688c7fee8f9293abe658d0e1ef855c86a28d8d0f8f82f72173186353080b84f142f965907377178fc1ea00819d81afc2474becf79e1e3b70c7c2a8407d50795c3131bb6df78720c31b2f8c43f705464d8982043c45f04e339aa1c6f4e26aa7092b3e6261299 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = db14289f5550b770ac30ad0aa53124753741e4a49c7f1f54a8435f375a5ebc52b1a352a3c0a6f20805c3185cf7621de3de7aaee8e7547da478923662c16fb5e1944876fa765c4d82f6d057723df63045e7ce66a211cd2e3bb3de56f531a77b492c0d7cea9efa2ea8265d5294a073c465f946f51a41739ae1022fa638d18c7652 +InvalidSignature = aa194ead943a93e90f29a3e853f0a4d44b4dce8b55d7fdb1de01d2d47bcb18b6e6e81996c5bbb94c66cb276cf3f3b35494cdc229278ce444a001f61669b57a59755b88142e50337a8653e2a413a7aa1602d6dbd56d989c2195ffe82e91fe0b081ac9157a0cec6bfaf770c10c971a76d11940c889eb9e959f14f41d0b765babc655480b3f32d4ce3d660a134a2b34bfae2f40968ce313db34e0138bee57c01652a90f91fbf6f0052db494c514df087d76acc769a3e220c394763468194bdcc7262103a8a73ab621b0562d2d164c8ee1a00f0cc4f784042c144e3d36b8c300c74a1b368f569057da0f77b33daed667c1154119f68672000d25517046947a8fe644 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fba25 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = 0709dcc9ffda89add8fc52fa355e059f570a0ca433f02c10c8e5730bafeb6b40f4b39485246011bea78ea2fe5093d2f033047276b77c458fec98fd7e1e466629aa40e2bf10d3159d4ae5e1735c3695a22de661e995380e41b795eb0591d40b56d1b8adbeeabafc136809f99f80d0b57decb7c346f6acedeed2e326e8301bc091 +InvalidSignature = 15b86cc61cca52c9dddf9d8ec4efb7dbb8a7f02a4012d896fc127cb1fc383c304c8859cdb07478719d3554e65b306166924d11c1a14d85699ae60a33f601f7a24b4e518c406de3cbf92bde58926d9d93b21c76e1dbff98d5677562769e6514efa4bbc40e12d191f54a33dc1c9361eb1ff03613555e873fcf40fe6349e10d188d0d1d043078e02ff8f1c736cd7090961fde243c15694c0d76b0cd1e6633538c265f21b41cd11708613b62b11808d1f74d927c351a63c8c4f18f5930f39fca55850a787301b2e4eab0f94f5734cba5e0eb76bce60d673fad4c513012b4e57a8b2c2837e0b6355a9a5c15774b0db8636a7b8ab28c36c05832a42ce697ec58447ab7 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = 95529308ed9bec98a8719b3fdd942ae81c6646210efc7dcc59754617c48a42af9c67c13156b988e27509d29faf4894174bab0537cdb95ee6d5a2def345d2124ba2c65370bd1e902692f44e70706decba5a8d2c58ae50ef2f04f640b2599e94116d1650ac69f28ccec5db1798692abb3b12b6c26bf8e9b810ae1a733e49165167 +InvalidSignature = 93c5b49a3055f234442d6e4562c99d2233a8198291adc95e65bb76d320203a1a4d7921393cfa03aeaa9c31e6272b5192e3058e54dc5cdc7f467af1b073e6d492f614448368a0cb0338f8e37088e080eb2f6684a1f5cdc24ed7b4e8c62ce9e62e06361c21ad07fb78d853d16b6ecb84c6a158bf6c24bc484d6aa5abd48fb7eb2264faa361caeaeec78a2cdfcdc6011487dcf3682c5e07f0640d1d88e09baf838a5671719032aa1772fd0ec75d61047477015548aa7896e60a297a27a627976050fa6c7978e582b3be3afd708bfcde276b2b3f9c188f4b36d3eca90707fef76c367483aea08b6dda88d1b85bef098d191b1a687d322edcb1fb5cd860749f69d8eb + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = d42084ee99cec1a57097b804c48e454b6390dbf2796f18eabf509d26f0521c5a7d71b20381a978a7f75e555e2bfb16916edac0020e64240c8579b52df11297c1c424f810bdc8a38b179ad253005e44fb4cea908f6b40b9d598fa02d254eb04901303fd1f35736bda3712daeb2bfffa126588f4a2784bfecc619b2e1f01268b50 +InvalidSignature = 493d0c02c087149d5f597e97709c55f6aa70defbbb862055b31dfef2cd3fb1debe9fa9dea81d7986ec7e5073092c93afd19ea34a268f9e3c4fc8114c4215c8092d60eedf26620e2a79c70de5caf85a7a256d4903e4f224b602758cddb457357b14136b5b3d7583d0d6c9e426161852df57ef547b286797e1f2f7f6666f6d333d46ec59a7bd17adc444b66369f4be27400c4142cd53eef28b6d9fecacea6b2f2d5741a68d89d8de8e56cbfce25d228b6861c641250a264c182b61025b5840aebb92e694d4e5c14f009ebe856d274872390212a1f672f74d2462678f5a416de1cafc3df240d667397870f2da461bdc4c7f2aa10cec20e207de1fbbb9b52429518c + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = 978a26632c48c15a2cd0c7aa5b3122630eb304c228037a6b489144f34137e4a1cb1bf57678d6be6ae9d607f941002bdeda9a6f1f376992493a16a6fd97d71eab894b279ec4a53c39aa0cf480c1421fda65841214bab23faae5b009427c0cd67a3ae165e3f8fb624dd83b3746c43d26dd173994ac9927a815b12715cbd61f3494 +InvalidSignature = 3075ce37cae7c511a64b3bc91e2146dd2fef25f4955f36848a18a93a0fe5a16a2d1d6d793c832198ca457dc53ea65757775437efa9b7a05cb1f5cab3c800474639a333d22930aad70a3435d2446a4e3cc38d61167004b8b1426a2810e698153dbc4847e45aa98425746ab43a24f919ee841842893dceacd96f705aeda8f8591f27f0108ab4e36a570054a0498ce2c2ade3d457733890e280c236a4931fa8fb708cf2c8ab202b0ef09e35ad425073d2c0ba6970c5c45912d0c2b12011a9d9fb131a4d7c35d17bf7fbb232f4fe69cef8779a2031aa428ce4e2a93479e318573fba4326719dc8ac3a86412d4cd8ee4fa58282d4f6acc3581198eb7284da3f5bfb92 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = dc0d4efdc94cbf64aba6f146d6ed0498804ff9a6d32167fa41db6f7f1863f1e6568e0049bee4940e2ba37f0f2507a3f7b2c961ef6ee5557bdea1409e02cb4545294259e309b8f5580fb50d17f4df4688917a64abf42b01ffb30185a280b552b9fe313f12d4504808ffe584a76cfe5711c66ae8208d78d54d680226d1bcaa800a +InvalidSignature = 8ca41de999fad3704a730c9541430332719127a589218401dcbf2e5a8c863027d4cf3533cd633dc8c394c5b9915b5483c351e3ed2622babb66458afab9f102366cc7e0b34dcad351431571df42b6ef28b05c5a575a813f9e44b49e8aca9d1b129711a1fe318788bb1c349c8bb6fdcd5a6c0e97e1085118b28c2c9d06b35aa833855e181e41d726935d587390d816e377718aef9d05e5db52e0ed50dd3963cfac3996d660ea2f150f0a1aa1731e7ab91d0a6c0fb9d5f15103483a313ae765c09fd6758ff796d4c0ee197b3cdbf35ef71b60b33faa4400657b2bf910010afef34b080c29cd9f579d86f5895823d8e353da50b64c68acfdca4ab279393588c6b5ad + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = 17fcb20e72096d78a07c5d090a29dc437bbcaf6584948be11fd5d71092b8b42596263b60b986058401d3f18ad2f121971141462c8a731e9c8f9b3bc4e28705f6d6500236b03055a95393854a1d7180df0cdae02c25d36c661660e2ea1ae2f42f1da390f921b064d0e0e7a2b1b2500003b2b104cc1c5c7e25fa4c56ec007087b8 +InvalidSignature = 63b99f6a1c8956f79494c9dd30fd1b0a6b7d761226c2f1ec44bb23a3e225a7780ffd19f99f951799145cf429a78e99a9f9444d3f56c5d3bba3489840cce156a12056fedf211e8a5ca2f60f27dae0888d06328773956e87c36731c094aec645eb8934b0f6bdba17ab1b5cfe3e6ca66628b018574fc0ee4c8bc7a257266f7b53a0a152dc9ec640c844c0580685b3f0d54884e0c3cfdf4056fad1e279dc219ff1429b8dfa436069b6b3d3f600544b80144cc3fc062b3e9c15d864a6e91ecab424d320d39ae7544f34b8a69b1ca4e3688870c6d1d2593997b6f00baf7268c76d10ab4d2ff013ef3d65a9e8c28e199bc1a402a0aa71cdc03f72e70f64b967411e997a + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = 2aea505ee5eafc92db8ebe83a69a9a320d433ea7cee6e5409bfa7b48624402cbd14934a91a096aeaf3eabc51e1f36a34b73a7b8b59a0a346c6bb6ae456148b4140939aaf5e37ea49350aae8430555e072c105dbd399cd8289fb5f1f820a21ddc7daeca983cdc4658a7d7dc431828405474ab2d65f6444c8d2ece58ac49548044 +InvalidSignature = 7a3c88d70e8b6b4e219d36092d2be71a3c552e4ebe60b97550ae55f4e31086e9bc952c21f1744ddb889269eb68eaa32af69c493b40d48ec87e458dd1a23837b2588441ad74f34906cdecaf8307a236b03cdd26bd6e3b90646807c4aa184701a259356c62aeab3c32a51b8cc7b1721db8b591e945aeec05aca5c45b054f0658cb3102eedb7919c657554e2a2ea7a074bbe0d2ec7aa7782f9d4dcd1346c36bc7a2c7ce5682fc98b27f03121a5f72e91b7f5816bba8dd0dd271a1881ce4445be719f11e8bcdb56363c001895039064593742c6e52bacf993c07509f9d1b32956757098ef3f7974e6546f9cceb9b83256c01134639afc7f69012fb997123a5342d5d + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = ada0410f05b7cf29a83853cf604d9aaa0500d631feae43c104b90bef287e681d1887084b9e01b5306970358910a16fb254e0d073a66ced1ce9286ad478931a2e6bfa67fd16edf56ad3ef8243027111964d02477f31c0153eb912978c8d993c302c6328cd7662d6fe6d1d02a43ca6c67f79cc03fca791024effdf5bc07076164a +InvalidSignature = 65523c77ea6db320cd0a7446cdbfbe998d603db4ab460f1725c494ea7bebca929cf6cd7e450f606249afe326ae09e6b0f5249cfd9d73eee00739d969cf35a2eade7f31c541bbd4b6632fef95f1a1ca0d90fdb0c4870bb97c2fb92d1ae09cb700ceb2e633c6e08a7c43e7f5ffe77a2293e959b280d9d6b37716e85e214f8d0f3cd719a3ebe652d62d9fbec1a5dbce479119e4028f68d26122d2eb44d9546f5a71df22dd03e3f9db6c470c8d9b96b460cdf9ac2c948d7ec1999a9b6d965e4e8b5ce40f643ed3124f2fc6501b2c7dd4802df3a18245fdef253d27fcda8f8cdace6af41d4d4fc314ef336881047ce5abe0ab699a9f1c89533baf45bc7bf9b2eff6e4 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b62585 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = 8ec0381566ab63122b5c86430e98681f333d7a27aa6e6625a1f0eab6d8d4e7065557b5db5806bad591263bf49152715a7f66e0520c9ce492a8f58dbdf7dbac2c7e042eeea399a90dd498351306777dcd610a164f39a60f384187c938fb6f08cf73904b572dac59445c7b1dab544db30142f0c3261bd40ea1d26d462eced92376 +InvalidSignature = 46f71aafa2017f6103d036ca3b4adfb81eb25fee2ccebff2f49dd9ec7f7a3bf75b927819b68452a2e8c2a08e960c44d695b1e443babb4a271699319f2ae805e1bcb721482e004f2a281015682638673f5759f6bbde92171fe5f1017e6e9d06403bfda82d63d2f31f597d2bf8ce512a0e6c9cb3afcc7ab658bdc238da5980d175b2a7616aac43b317272ce3779a56da46ae1ca73666843e06b7d2108e3b3dab6a19d1486227abe853573effcec8cf4a7bf9ce07b6c617017877b5c839618d595227af594649b408a42399bb80f4f7e872c2ebd394d105ab64ae6047180ef16a6db3b2226c48947ba2e029a3da43f2af4d35aaad42f7909d11017edf506e066a07 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f +Msg = c3232d8060a3e3f8687dc05d8879004bf5c3a7030336bacaf4d9ae8c0daa21c5f09bc8a225dba963fa568a038d7fa91b274dad04cb83dd3b0f35900a2b88e46550b9b3133b61c30e09f73d2b4d9661fd600077f7f8e409d2fc5c4f2e97baeb7c8c84d71bc9bd9bc13e66c31def4590bb48e5ee27b1dea6556356d5407ac89dd2 +InvalidSignature = 21bfdd610a56fb8b3fba9f3841e7ab9cb2b91d16c7bc3ebacc266271e05eadb6d209a043a29d542b57ad832a3ed03933088abd7b56b86fcc295a95fa66e27f5b9b2c919b82d4165e2bc42b9e46eebdc7cddb29888281250e6954190f8e13b6d9ed6906e8d603520deeeb5cfe4f7e932c88ec1ee2dc9b971a0288bd71a45ce6037d8d7ef2325ecaa573c57ec753916fbb6335e9ab5cb695ec0579b511074a6cac3b21584e5e4532621451641a4a09491c77555972a5d42a627f50ffd490c79e32c855aef0e2859c933321341731e796b2ed4c6c50a98a3f3c6995bb6bd53e52c531b15d042061186677f9158eeaabcf302626c8ee639685c832cf3bc4357cbca7 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f +Msg = 0d8235883f37654b35d3566174cf731b5b22a54ac15718f9d8e2415c57b42003d80dc2537e920b37dc9fb21312de8dfa39190f20024c0f9299ffca24d0d22cab795a4b6d132b35d6aa36eb6df856ad06d0257838bd14ce11e6bbb509346d0235b710d7bd462b6b90664109566e5e5ca7e8efe97a39d6dde085be09f2cdac2b07 +InvalidSignature = 6530d456e14269bf37a95ab7b2ca4f534a47135052665a2b64e9eff970a9566ff0304029d2844d5649e643212aaa7f1f9103bd5288b1bebb7797cd8df3393373852cfc7001a4257499fbc92444609e0afea095927ebb773b7b666962faf0686a8b173f446fa562e82be1467111ecc38697103cdc1e700890b60104eb35575d25b9565098544a2e26003b3150c9a579c534a44bd0c1569b58d871d6a5af51b5ecf3cb2b0650793ac95a44596f86723c31ce4b3b1365dd61d2bbadf394b16f734608dddf991595acfd0aba42a12095966bc005c67b60776ba104c9681efd38d2e91fd3995588d9ce244c6bdfffb8e0086837946c35627a09a2f83b325af71f474b + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000baa86b +N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f +Msg = 84b1e3cd7c5d6011c581302e03489fd37aefc841bad659fc81d796c6ddd6a1cd9199f824bada3f70b29b40e435ba306fc2c53333440f233af2048d6474b9fda447c87c6c625a56661a85216543d9fa9b9835120c5ddf6a4242d4da438b5d58c06ee3778fbc042e5cc4e7db9b75cc87c0c2e76cb34b6eb47e39f1844969ea3989 +InvalidSignature = 1864eb619e358d7e0340b582288e3290d5f8caf1b6831bfe5978f4ea56d15762247bfcec56e2a44fe11507e5eb6fda0706b7287b09ea770d577cdf660c523a76e2e70952177f0260cdba51efca71148e069ae6540f5c4722a4b4db6336168eea86612b6b4ecf8b5b2e1adf3d4f79c3894c617ae0ba56a930c658f0f55c0e5f2719b4b52b7785c30489ca13c9799ded9144404409f284c41530fe35967c2d844dcb1d2d80c10a985164466ced3a4d74573b175ce7288418b39962d4a34cfbdd43ba5a6b73af0f9ef55946b61bc7d5c0af9ab0e99bc0842edfedfc91e213f021842ccc785cd73a5f85d8aa8371c80151b836651020e71c524f92d3c654fef0b37a + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f +Msg = fcef065e293ecd29ab52046c68c6e940aa0e2d5fce5d4a2b40c516f2a7a198705c301b95218282891098dbeed1c73765105db8532e87ebe53772585115b1585f03df272944853a1e143dd34ddf18d2e1b13ecee7eed464584323cf53dcf6b9aad74351a0f90e9ef1a08b1313f98363bc73f897a4740c5d8c4a1fa37f64386458 +InvalidSignature = 00acfc93e41faf5004cbcc252da290b9cf66b56a6a4849c572461d3212cc4cf1021eb96e8651475fac7dc87faf3a5b52923123378c18cb83906d1ee6e53502bf0e89ce66f3cf5a4b7cafa13f2d97f99498c0052fcd640570e5e1dacdc66e24c2a54f02bed338a26748fd17c07bfee5492c4dbe4dfe111932e3153394721b0556a440788a2bcefaa2765ade916653f4aac20d5ea587fde0fdc255dc32c5aa52b05e3ac2db4d7c3a8b02ee1733fd300801d1bb8e8613386f3deef8dd497bfe803523491ab88553db60b03d29c55ff52e71c546873cb1b52bea1853c8f0070d1776545557becb6a11310acfe1be060deb53d16f0dcbc396c1d30e03c4c069c3ad48 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f +Msg = 79220b8d86942a13861560882a66fb4c5c926a661b74ad2586790a0636a802d9d1df8320dc5f5fb8d18afdbb72ec4fa45c7903b4df15fe950d5a063e1195be16c311d85c799986c61f3831688a436ed809992e903d2a34932bb6cd5490d7bbd374427209024a878697a66559197342308a7d51c0ddba39670817c7105a77df58 +InvalidSignature = 54835466397784e6229228ea1e462b37d77757ba17a6624fbd3279408e89fddab2234f5ee20b56cc7095dcee3cf033e4b04cebb9771997e3b9f50ddea290080888fb406cf1af4b2d14c12be788cbbc6454c52276bf64ac3b3158049cc78986e38413bb09d408f04e8234228a9403eb901d6f2fb21887996fb228c292a2aa99fe8456172145939606eba9cfaae694e5fe824ffc3a5547195e24af5039aa1f1dcac9a9cf54c51099f82cb1a5aacd8c9419d1c7ce880366f1276fae7b9e1848e9ceaa7ef7244e5cb788f524bb50231ef4d81e14d59d3f884dbff575e953a145fc45f7661025e1f6fd95874eba803de03b5fb0a8f5eabdc739fbb91c45ad1c29128f + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cfdb6f +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = d5f5d567512a899c0168240b319e6abcd8b92a8d6e20b9d3ff80a0447ecf92155b8ba15f5743b1c798592c5ef806f7c6a39ea597e116eb0030c354b2966436f93563e52c205826486dcfe7d88c4b2d18d78b4d59690b5fa734cef0aa4e5bf7ca8c060a965270d267a951bd409275f2f99b058a9daf08fd103229daf54ebbbcce +InvalidSignature = 672403ce06f1ab0ea42fd043666e4623299fcefead6cd204599102fc8d543d3bc93342fcaa1262d52e6ff344febda6faa57119ee7418cb78a893aeb245f618c072214e9740abfab998a0896a1c9066a823dd62b5ddf9e9fbd7bd6b68437eef595e90e725180b3cb12301a989cb78ea2dd48730521caf4b2754679c4df2d8e2c12b8c8e55f1327fc6624d85555558fad198db6973ab155deb56cbcfcd44d8a61f90400dd3760b19aaba4dc167742bfe1da0d9ce20036c284729e16b8aff5b6ac3121fbae8cd55fc0779fd0ef7b382c85db88b2ae79270b1110875923b2d72d8ed7d37e2bdf5396b158a89fd1ae95c146737db028ad6cbeb0ed43edd421197d23a + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = 6ba3f34bde03e48259723bd599464274df4de2b6f3bfc3b06970b507234a4f0217fbd5e352eb5f783d7138ed204685e4e43a27c71d25e25d4821be9c50f6adbf58d66f98b44bb326386d7f6ab658d177c2dd87c9b8787cd70182f4eb91a83a32b49c870f0b0a26b5d1ced6f56364705400a0c961cd9fda461cfd1e9ced483c84 +InvalidSignature = 236f23de25bb3694f5ad9f09224f5ec1e78cd7f371ec50097327026fa53b1689a95eaf54738cb75e5abba87a964d32817fd5071febd84d60c7b11d95e33a7f90f22259bcafb9425cc1a79305a00a1b8ecfc3bfab326b6463ee57d1e435db91f45cf4edad0f9ee50dbe42130cfd1bc424906deab4906571688d1a514d98dd074139d57304c0c2d8a87ef5f8766486da8df827f9e0c81fe3465ea52d1984d738b9fe9368a0d05384e9cb298330671f65fe52062a0d3c4af210ad471bd5ddf9d72787f40ede3b77297c1d3a5b29ccadc574e9001bef89e4ac093986bbdf048d7b63bcc072a3cde800eda63bfa8e068fff4cb9f15b5f98c255fcde6d46f139e4d30b + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = 599d4ceb774e4906332eaa216b2fe8e1fa52506f381baa87c34319cc80ac425fdc9ab0af581f779344d71896cad6a5912fdf268056d63a8e867802726c4a3afe64cfa9f5f4febc1e99f36e96c7e56a6a2b58746533940527d05535777bc4dedb76a6ff6554d45ecfbbeb72cb69447f94752703c9d73b517b2b417c85b202761b +InvalidSignature = 0745457af52fca56abd808f094951d3eecab89ec10b74dd49d51a9241c3b85972755a1f80bda2cc96cda7cfd549eec820bd2f99920ebef1d10722918adca8d408c3c883d7c257b117842420afbce88159c7ac4f4bf27f039c24c19dd275643d0ead111d5f04912571cd3a7d40e3f83c32b44762eb6d2e2de22ac006643c498ce55f6116463336cfcfd0ccdab250e9931fde68c9796e05b012adfb76359491f26f69ca9d06b43843a4976f2b017643e6cb80b8dba2a01f1b01231ace075ab31d40319b30ad738f62d2b8a1f43ff1bf67f83330fad67f94a39c2c51db23aa775aa43b708ef25c9c62eb565606e4f5002ab15b00dfa829c99e3dd96b454c7448174 + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = 73a125e5705e14e15f2446fe326f563785bcde93d2ee46abe4efd9668e9a1e089cd9656b0a0aa08b74a87449ce279068551f3edcc5ad3744cd17bcb5c0aee2b98df92e97f10f61d5eb4595fc7109899b610e3a8ebaaab3800c7c25af2d513aef2e48a7f28d3501c6ac44d19f82dfead791d1fa3318ab606889663dde3d4bceb3 +InvalidSignature = 7a7a4e5b349a06dfdbc9ab958d5fb70b650b1eb2f7eb43cfdd7508062efc9ada3ec0739ad95b2066009f760c8c5030e909189f36b0f7756a67a69a38d2db57d0708a4a2e295b165411b2ebce13723bdd9194afb288452d49c585cfaa3148f5f5464145d2d673cb1803b6ade6003a9f25bf27325f8bc4b883ec7cad37eeecde9ea1a62d0b30da841e2446706e72ac2588948b15fd9ce09ecaf105bee8bea71622e2c58ffb9eae9bce35e9caea8ccc7e0c8593128a6656267ed088bc26347b7b249ac45e06f68034b6d39a4e2eba8c6f5c878450654bf36e5e73468413510e7b50d0e63de67cd7ba35d4f2afca5b460cc7277f04faf2fb03fd7c8995c2fc9b7e6c + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = 86843b3170034a9f8ea79a39657a5e7460c50ef75c800dad690c8818cf25a1e85012cdccad1e7a886c4cf648d7478c334898f044a41bdd5526b4fc7d5e3e089c79c43034c2f4bc7b69d0f4ae83a73da7534486b2c865e29d466f760eaa5f961988042b12b66c58a00f9c5d137183bbf8083199eacf4566ab53a4c073bb719487 +InvalidSignature = 45dd07f00a1727f2e992cf0fdaff0c233e6a6866128416456fcd2db6030a4f3cd216db9c4cc2bc7440e06081595e9c51f3c81af68166f6b9cfc0ba4491bf1835b1c946d69d0a6b8c39e1eca84a3bf91f7a299cecc1d98e6fa2ec56cd01ffa04d37423933d746295ce669cd8974caed44f45b88cd7eaffbfcbc70353a3b45c53895edb4e6b19a65564ea3ed404506a4b8dced831c2174995b4455797dd2fa3430f575c6ee80b7d74149746b415ffa6613fc8404ae9e5625e1b8e2b74125b341bd1cd8ce2e87c06114f162fe464d299aee6ed0fe70cb4de523c5b0e10f1f8996f3fdfc9379c3267c268cf29823af84fa756b99ee42f4e0ab8b691e5145f43e38e2 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = bdd8719841159aba3f353440ef98efa92cc503da8d00745bd12094c3809bc971cfe3907dc4f5c2ee9c2e172e6a61e8bb0028391e1277f62199777d3d76915d5258c85d9bdf4dc1e0024dc8edae0e7944af3a9f0fd47b13584e47397c5afecddd2032e0d8da451df7383a516703c52bac02a440931a325168b83ad16a7409a27c +InvalidSignature = 2e7b28803bbf9d58be8219ace68c020a42a4b42e59c2c2e0faf56ca17f7c6f3a427688f124481308e249e4d579f576dae5743bae68b349f4d04bfc21d60a969b965827a67025bd8220603763cde90a42b4308f2c84bc2c4c8fd5de0efda349e9cad1f47140d01fd27021ddfe16873067213636ad961cc85d79a87231e1019ac4bedf9630e2c31f4b413d98ffeee53fd46ca6d62449e86fe7692b59feb18bd9296291d1bda77bb9c7cbf15bce21aff1c6f1ed9cc95a87378b13eed54d7b54835160f88f7ec710c87eec07c2239b7001bcd4a8428a1a274d1c78d89c2153c46f4ec997df9a19838813cef1381dcaf97bccac39739a3142aad21a966da1be5c471c + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = 3858011a054c52e3b659066f55f219dd58464bfb22b8c55dcc90ffac24f0e141f60929f28b8e0c2c7069204378ae790504cd1295820b6f77343381e73388ca6fb3ffc2b888ab78a1ea797c8e751dfd02734c2f715e2cef4fa109aa6d9f497b85f6a29314058ade67acefe4f95229edfc2d2d6836bd038d0e9a7a42e7701a3bac +InvalidSignature = 311e1025e0a8820a5ddc4f632628bac218baa94fb32c709ff70db3ecb3a1957e31513fdbcf15d83927f5840584af5ed90b350833f50cbeb718b12c56fc260b41ef627776bf1c0a67f39be26cb0045e6c2b60216338a085cd867bc5d9e744a27ff77baea199eeb669a2e0096256d081b2313f3b79ed180712ef56a0b549eb299b96029fd93e4f68bee5a0e6c8ee44ddbb06b8843fd4365cbabb229d2f8f2a9881974adb406e6ffb39eba8f20da38b558d0069f45f91c85debf6872a4ff36d5a79284050faf42b78b1770b176c88b7fabaca9111e511dc73a2bacb30abc3a841bb5b0f0b844e756dbfd3f5db458c47861df00b085a06e07ab4e788a080483ccbe4 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = 6883a018b48af70d2875a7f5cbb5a303d7338b6d76f988c3cd2f787f394a4bddd880aced4c7fe4e6bb5efcbd1ad422f6aca84fbbc568262bd45e1ef4a0c0e324d227fa3cb442a48638cc06a93cbb867b0cbb781629dafa2e49851ca29eb345505b60d22e753dff97a6a60be2b8d49739005450a829b7cd75338cbab0ba8b370a +InvalidSignature = 15be3fb200858d24ddb7586470ffe706eb299da157880a68aae79ff20aa92eca298eec75ac4ada285ecabb10479fa593ee72c585aba707f45599de0dc792c6e3390da5729ae5506100b31c617ee12445093a7593bbcd0e5a155fb9a41cf332c9d65b0d8f077fb417f027eaf728c5c326bddd7be7bf3e69a165c57759337105b94623ee203641ed2bf58f1907e3413b00e08d54a10bb645175449f02da9366b11952364c0328fff018723c30625836a0cdc7a13c220428d03efd625fce63f022b59508fc68ed4d16294111fc391052705ec115da4ead8caf5c50af586ba4dbe1b29d04452f947b5fe9e16a798f5d00094dfe2ba910e6449bd52d3f938c045ca9b + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034ddb5 +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = 20075fe0b26832c234a861a77078a8e9a42be3862ac4d0d058541566a68385620e6c9fd4b9ae5770d7bf1a83cf840c2c981f94c866091aae8a600f1d93822e72bada029e7dfaa9d889ead78fddc01ea32d716cd484e7d57b2e549278d5c54a6beafa91274775af6312d1a2b3e45566b72ac97392cc88889e0dd7a75fb37560b5 +InvalidSignature = 9166e91b18c8518760131ea0eeecc443023b61148a1d42030ed09d509d4c02cd0068142fdbc6e56073a68f5a942c0c93a7f90882f160522ea005f4afd34453c8c1b1d3a4e5204d0f9b797bc00b84d0dd96e311394f089567e45ecd0c795be010e7fb24e46a2842e8c7dae9d2c760fa09e20a29a623e6c53e3c436d809032b99ac4a81e63ba95a356f86a62dd6abbb0aac1d0759e44ccbfe225f5d206aba8dc7261daa9451ee1ba04de1172ad80c08f0709d2012ad8ffc8c5152508bc1e18ab53cde79ca50da9eee9b3b5229d38015f7e18f03612ad6270727be16fec06a5d9230ece777ff6936a3ae8f3a631e3e13f930256c3903d963ece49c5a10b5a6da47a + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = 46c4bea2eae66ba40f3a6223a28a9756d7c980ea6e4976e2342e5fa1cc238a45af4bda37727a270048a6e15fc798f698efe7f60e682776140b5eb201a4b77682f67b3e35003c9c737f54da6db48ee07a672259af2ce712b1e5c4a2c788675033233a31c31d9391a3be2c9475f1d21da34961eff443ef135ecb48791c019be200 +InvalidSignature = 85f33d22d92f3e4f31c5fc0f17df916ec770903445f73536bef61966918efd0b380b9933d2864dfa10f5613d8a232412e5b3db44717eb576fc180891800c5d11597d2d09e477d0392740d700408f3482da6f8d9bac4da6faa220ca3cfd2287f5ed8654bb8dc8ac45e09e52e93bc78d8cb4e08d76e15cfa78c51852c93d31d64417c29aa7e22411746c280e3e275f71c4742faa0cece8e540d1b8bc393db120fc14244a2577650b514c73dd1e5391da76aaad375f56a3cb4e0ca942bbbb542213b5a38445cde0dd9eed4f7515c6c58251dc94c25f7dd929d714b2060da252584af84b82013f924fa91700d92523d69c96e0b0f68203a977affa92574cb241c0c4 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000089e29d +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = 70b6c465d2899b32b736c17af293c562a096d03c5dbe7e08b8aeec3be41c13c0b0e9543db8915397ddc609b8f4581590bb585359117db02066c63d81706182b21fcc14c3d43a6a23ce38ec67e4904d477a6e1be9aec19463d2e4bc7b1f7eacb0a7a72d7f8c4c85df70d4910e2c03148fc51f4f749c52d2d9e45091b159393ac5 +InvalidSignature = a231e220538d59cdaf54f6eae7c96f83a3d95b55be54989c1a20ce18f7ffa760ba26879120a2e617b560bd083662d9e95636f1a639f7db31f4dd74ddd891ee6365d5ead006a746a90457cbd4a1b7e9c5df710c81454f68bfe8421cf4468facd85413fc3db970a7a0682ff1377e942c5e5ed4b6b31de3f63a05a8a26f365a355f021380684179aa99996de99e7cc22a5a370c3fff56647f33d1bd1b2948cac297bd622289c1797f2de3be4598593ca4748eb8f74d0b7199a763eb1801d60d09f28bad1ca1b6a3244a7bbf9a1270eceaed2324f604134f404b6caf3c969daabef4e294fcf1603e0813fe20b88aa36b534ad6e79d1967ab2ff4e70b672c642fce46 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = 47091ec16155b1e4aaac582b5f255e06483ed8844621dcb92c26ee62cf98bbcc61bc0af1fa0fefe478d0417089be4ffc0623cfb2831117e124ec909fb22867b2ed5485b12458c26604fb5577aea88f450c71ca1564549c6e2dbd50c1224d965096da794807b79230f5357b87f46987a90130b0f31271d127f1a21612498eb06c +InvalidSignature = b31a3134c6ff700b8c9390f1ede010a1404d0f297ff5d322dbc3e3e9be541f1aa4667aab8eb59138bdcd1d4e064e9a284c503db86bde9d270d417d3c98d1bfe67cbbbbf7af4021879e02609573070f6c5d5930e65d871d72197e57acc9fb69d09b9d41324959c291cf49c581f49681c3ce6e3d22f0c27aa5b1ca3979c930587280415ac38ca66ba295ab5b8b78b4cdf719c81c8b762935be3845124a5506815adf7d289ad030962a4b16cd53376888a266e35deb0012612731b8c284cff2e71c8d09b2c7b2294881d4b7df459608778dd31af8eb74dd587c687c1a3548c0aaa003867db053add678f6c1500f9f9a5132c410f77219b1cfb7302365eb6fc194e3 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = 36af136c05bbc41ee57e94a1be10cc6e33555225797e1c2d6ad3ea9bd5b0355619ce6278f2c43cf792cea184f4cc7bb36d8ef35d844ee143037e86f34ec57df0f444ef0d841d071aa236a5c2593a57b4b3e185018772ebc593864c0aca0e65e9ef9721f263cd0bcf3c3e0823966146b82ed770da2df024fe4171a6a8f295d68b +InvalidSignature = 7f3715dba789c233996dabefac36c3d860c9dbe64e58f940d5d3eaafc668cf9761e2341d9bf28a3c3ad67071fa2d875a440df5faa250a89cd9c9eaa5cbde311589d4a443c4148909d6cf69ca0b150d7ce46e7e50128b942d896f9fd536e311e569415b40e405c3d36c89464006305842f9e9ac24bc9a543ebc693cdc99dc1ea4d88b3387ac8ec899a8b7471259bf1d62fb1f15e6fb29a08b30696c4d07e27517bca5bfd22c3b1c7c37d0b5b24b4a796ef4d6589f9b8a0a481db4fc66b44adba4d83bf1cff377ead44109476d71f34a8ac63303b3bfeea171aadac84c0ccd59addb5aa923213422d58d914b65a1705fb884e56ef51472aed15050bee268720c55 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = f5353bc971efc542fe9df930db581a158f541d68c465153b58c2ef1bb20a5f3852841ac6acab46a237ea2e39c1a43ba60577201a7fc254817f64c5627dc7cb07ac1e5adfd1ea7d2056c3ffb09a556b468ca938cd78a63d0921d76b7c0f6eba8b2a8964dd88b5520484b0d35f1074943e4c70cd485719b81a64a147311106160a +InvalidSignature = 5f9603f7e564519597548787a74e66635267d3cbf5c26dd9df7ac1069a712bae0c1ddc1523d1751610ae85b1f59192674a46bd727bbf0af902f204c7eba4c6fdae5f84c0d16ed0b8c000517b446473fbdc07c74af0ac6a66ac648c1397c42bb9a74db27dc5605c62e40e5eee1c9021eaa30a76523a35e6ecf513379c0e6e2dd2fa38611e91007f82a3b37d84a6fbaf936286f195e8064e172e8bbbc22d4c15548d0e39b1eff14d1b0ba75c4e1d0acd16fb8566742091ddeb637aa2767e5bd859f145c135cd60257a8c84ef587dafca0d97425a1016d6dc8c3f7eaaaf8d74fe42fbb64958bd00adf03db43920d9831ac49dec2cf534d3cce2dcae9a102a608c5f + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = 1bb027c0e5d654997de7dc160b71e063582c0819ec8ec76d779ae1a86ff92bd7fb4b92c310bf5f23d9e1ba115db46cbb5c01e95b79ee8d699fd2260e9d48b3dd13836bbe92e1012affc2279e389a5149fa45bb08039bad957345fefc78cfd74e2afdb998b463c116b5302ba5e64b1677fca1860ad0bdaf5bbd99715749b31f92 +InvalidSignature = 9d406f9da2fd0e203c0943427dfe1074258b288266dd3d85b1ac5f104d50f303f3442cad82b9de40188e972a0895d91db3d5a8b9588da7f63bfa99d79f98a03a3bab502a7c269a9b85d9d57cff86908e7d04f5ac2757e6492cdb3f76ea9e5fd8c9b38bf0828ace69ec8ebc796f0cb9df24714a1603fccc04195512194705ce2144f636ef56600df40d6f472570ccdd57bbe0b550c1378202185c871d03fe22dc0b265910f63cb89bc34b4d71eb4379ff32c6e8aec0079315b896cf015eff9799fcd285cafc50d15b8b35b0216c535df9b5b39067273037444fb4ce65967ade4df30d3aedcdee30a7497013055bf63b6271d30b10566d2a767f3574f9c2446ecf + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = 2e90050655247289b29aa75e121c7c129ec0fc935dff0b42fa684c49c895412f035fb4aa594e56b4a853a7e00aba15ef0f5a689e490f5dc30e6a919879a6a157b2de90076f7e6995bbf82526f7b8ceac1e59e5b74d19028f828aba7fa38bc573c37760c6a29cf15572efead8e1fdef7253253b866f0540cdde328da54f2cf5ac +InvalidSignature = bbf53543a9dc4a94401880f3906d0c33a64337feee11dfdec2ef8d2e6eacad082438f9bb7549a9fd26c53231a6ed6dcaa88cf1e5ec87305425ffb3ca103e825546b53b379d8ef5a1f36b998620ef909a6306ed091fa28fed1ca6459a5884cafa1ab74086f7589d7476f8cfa2b4b91368301357110e48863a2b452b6d76b3073253ea495dd6c9978bec851e4c635a37e6dcf714d09d3836e87193405e60db2612d4502a685e6671eb03fe43b12993e8ae1c965a1f2559d3566e6d69cdec42ccd5a3046fd106e156de5f68adba7d664af89728775b9ac9ec89e8ec1185ea282f8f97d72ca8cb0dd739386d0cf6caa06a4c074a270863baafa918526aa54c11cd67 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = 1ffbddc2a2c8bb9fe7a45e4d5532711f07eb17f5676425a8fecf8ea88ac51fe351436ce9b6f20a4e0aabfe50a43a76ba3462b709542257cc6037ac5188e2847d23eb16fc46e6399b96b5d4f15a4e9645d5bfe7acd26f1e7280a6f4bb804f386a3dfdc5427c2db24b34cbc8789ff7398691088e2709d1e26005244e309b95a472 +InvalidSignature = 82fbd5a6d937fa94eff1c0d9abccd9223bc63a600023b18c3be059d1e73fa62f1538ddf45643dff89a2d8f0410c10761933cb2d8d702a4b6582fe349481dfd185f79a36f52a7ce776de58dad1edaf032edfeb7c16540eca64bc5df622c05dd629be3404b9b4d263ecf706c364b0bc7b14dd0346b8d2515f81b1f50ef8871ac11ed33973b992deeb601b2f34af381e1d74091b6ac5d7b209d728bbe17046f21692af8948b3bb194349dcafb2a580a5ec120af999a3eced9c1edd2e81ce75cee9f1636351a04028a5d615cd992c467b607c1d929db0c884f1fd0688107bfec2428adc9d3b40b13d9f4f240893a5477f1de626130fbac9af3ba9207bc857fd206c2 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = ebcc2ba94d3b4e302a8ce315cee44fb966cdbf2820d06a4c8c461660486bdda6dcb4315de3631eee6c58cf669f2a5428a476a2e4c077dbc3c1d7d0e49dc5c50c5648749920d354b8c6191ad84a22805fcc9f469bac7b77fbf3b2ee7fef66186d1e30fc464eb478f80178cd5516f65ec4a6efb4362d03c65cea7f771888766131 +InvalidSignature = a2a119edb1f0e2c961fb423717be75cb4f9a944316ce35cc7eadde725add5022ee9e09ab57a784c13bb6f9a42ee82379ffac286cb44ef43576b69ed532a67c3a32f256acad415278fb3a9b331695915a70e7ed56b428cb1328cbeb2ac6a7ad62ba529bc8e4211676b77b882897261fb61c0356b3f12b2583a0e90009185c48466ce5363ea3b011b3f5bf5e5f48099d376e5b3f9184847b2d6fe737fbfb7a9aff128dae37d4bdd133eef084f9dc964655583be8595515268c5d8e91198ef9464093b8c156173fd19ee0a28661bcbdb5c163e1be9064c925813a7d18e43c6eb8a3dedefc82df4544663780c580572a08e607f21235d327f989847df98d1715c1cc + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f71807 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = ecaff1782bac0b38041634cc60fec76f9a24158791bd0f88fc734616feae166afb121df6a949f24c6a02143cd939213ca2b9490e98e0019c01a3fc2734d157a0679c1456c255c9d2b87799ff96e7648f5c7a3b99cdb81787c2e0ca2fc32c3540d855bce09d5af793957eaa5fc08ff82e706ed37358ccb710e6329878d3441910 +InvalidSignature = 14d88e528c39ffa8e3e1d60e24159bf03e6e768740442360d19070b036448264496ae1fabf81b37042cad4420e495cc74b8fe4b28c09d07df1bd55cf88aa24262ec49f9f9285c02a33c64d86bdeca15843c9c65a6745f6bf7a8216295642232c305b183eb5d6b0ac0e37309481f194c66828ee14f6a626daa91c6f628ea134d27ba7e96c4146dbcac99b34fa708a82c51c1d669f93dadfe926cff24c25775567d94f06c61110676a651655e67f3fd8d20ef0884e112638113f06002454e3b88971758e74e56d70bdd6b3884aa633968a45bf1750fcc203623f59b01460f350f2bfd36d9280c1b9eb99b7655ec2fbcafc1ac568361ab3de1c18cf99aa6ba3032a + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = a3069d04fc7ee84fd9eec56da26a0ca4130e7a8fefe1051ff3ff6ddf09f8147cbf730f84f7177d6ee0ab17db257b091b64fe01f3e1b7859d7c598911e02e4183feb9342dba9b924ee3b3c773698950f5caedcdc3cedb586174a216312c450bf246223386abd1cef8cb4ffbbdd65c883a2f2109871e162773c5233bc855061cd0 +InvalidSignature = 1bdb6149e68a7cd3a03c9c8157eaec117dda194131006faf90e3e52f9ba4fd5181740fb59343ebafd2792ab4c04ffb3221548b203b8173afc77e59922734960e2e8986c598a872bd47312435001cc8d2d9123b010e09420a28fc66ef6957c319fcfb0d770bb155ab2ff3b13b634b91a9c0bdc183a639ecfbc2f326865e4ecbd0a15ec595e2c15ee96cee8154c96e0c5f4296c5d16821e79da890c0bab335424c7c5e856381194279266d0f13a4c608792f2e42ede2e1aa05b71862570a39780a490b4e66011f10a27176699c169b2878d7e97b416647dd798ac885c614d925549731be52e059e194a2384e9686d0f372a6cf338bdf13fd4525f4d56068a8fca8 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = ba85e1f4f9203ba8d3eef645d7923e10c614080149cc5ec6e282f70b23d30bf91ed665fc1c00baca924539a1508063cffc151d78bfd504943e220037cc531c15dd5a9545bea330458440d13f43444a8a806c7174e805753f42097269a28c4231df56975648d246229327e6a716a49a493a612b7c2c235acfd581742a0d452653 +InvalidSignature = 90bb73e761dafdac0b38e4ada5deb5f713ffcbe119ee7af2152ffb3664ed8b7dc11815fdd39f398050ef8d901f836945a89dd0c71ace4b60979ca7e426f676ef3653d7f5045afbf7f38af3eefea2bb2a34ebad8ba029874995d24e98926faffcc79f110ba8f9de35b48829197634f0d842a8ef0dedda72807df0676e08c6b8f76124ae2994151c0379c21dcf3ee33297d8b13eaa74511ec7edf8058dea5d5ee4a6d6701d0700aed62ebe6d69dea7d0b79d01fb5fedb4e291542592e977fd13ad1d49d3c9cea4abaaf003764ad0d3cfd75cae41fdd740e6c17b36831a8f88fd8f9432f45d2bd529291c58215c221d546d71e78a4a4787630af5692a43e1c83af7 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = 284748185ce9e8eb0f872623d43950277e53f59b362f9b40ca2db01548f7c3c3cc0af4379672a9915fd4833dedb2915fe6ebc375e281a138c39f3cc249db65f6e1b81e1dbe6f4ecd2befb90f20222ec013720238108cbe2a0c6315cb77781937105aae10fd683e681bdeaee193109112aef09c2dead65adf4d812178f959454c +InvalidSignature = 49193eb45d4d355537d9bdf3bd2bf0fad9d7e33241172d231dea6ca7c9d7bd2bc3ed85285bf01bf379da0db4fc04cb7e53cbbb38695fd689bb73f818bd4e3fbc042013f8e002beb92847dd0d5fee9867cfa3fcf76f3f648cc36f4a67e295aff914f796cc0cabfd4396fc6cf171f468361ad6ecef2023b0a23884880a17ada5372c7cda32cc1e3b986451219d7a171e6c6d5608c3dbe55403b4b42f6eb3f87948d0d72f51de963ed80033b42b5e7ba76c6fc5f74b9a5249b60bb507dc86ad53f5b9b710652a2486a3cded83e447a4c114c4dccabddc51787c19687548c4ff157d887c7886b19ff85543c7f8340a6fee320ba49e02c463c8bbe10d45805c67cb6b + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005bb217 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = a3c2ec4c47f444bec34c15ff25f2f811fa94f9a5bf05a5de982a6458451609695174a8a68c25a7a9bc2b181290c646ccd5dc8e92ec9e71b17c69e70f64eaf56cf48681e85cf966c5643dc46f5ead99b9596a966a98fe2bf8433fe5935b76f965f3c121199eb6a69a2449be1d79f01961ef05b735aa6bfc3c547406ed13023edd +InvalidSignature = 039c1de64720207c408ea9889471fda297c7b3828e46831ca5ee60a938ba13a7ac524cc394d5ea12d89c2cecfb06ddcc6d86994ebfaf84eb91f39ec470898d89cbc55a12dc47e7be7e0f389dd12c5e59a32d5ca6a37a3e6456fbb8c8c8101725cc3d529f5d1be12de765750e5ee632e43031656442ab0e49f9471cae87dec5751130a2622ecaeba85ef337fa31c472d6a9696231123db350f5a390c8d7ce1f1a839a4c674aee4e7af60ef62e689117fe645e4c322f20373b9fd75dc8606e70d659094f2d2c98108c6c32576adda57ac0b30c47dff442b0901448c68aa1afee4879eddd84d9f2f954971249d87811219e433f3d0d5adff57133d0e9c12f82deec + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = a14e35290344465d6d2f43688a663ee418f80f13e1dbee22ed4641aff65bb28a1c0985b8da3128be39070c1c43bcb417bb5a0cbb0beffb217eed3beeafd1691c420358fdd1fdab7c29b0a3a7b723356a3d5e609dc986bd42e8495807177dbe137a0357fed1f2f621a7f1af11cce5e96606cdb3c104e95c0d93223d0415a6daf5 +InvalidSignature = 93775fe8676f4e6ed580f3db99e0697e15f8e0ad168a9321cfd004e6d0bd555bda6483f51b1df63ad78f28a3638e70d230c5e654eb4c86c2c1889a06e28e2a640210523b90fe14019d03d0a3b14c7608614fd88a84ba2c68f7c0e01f9502269382367a07f2d90ee53e15abcd584c56de4602f7573f493e41670026fefaa6e12c615d19d1b2ba25cd0f48b6ab20a8bf809dd15ad9172bc8823302993b51f0ae5f89e5c05ee0dfd91f8926abe7fc64c7694613a996be5728ba3c6a4d2387331c5d3b21377f9734b587fba180577aa6cbba1f4a2483e4e46a5d7c355b4088063d32a10c99bc654677eb08a9b57ad40d88d378a8111678e8dc60be3c789a0639c056 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = 555400784d0566105b91dca7f4f0849d832d51f0a3c7d3b9925651fae271199672d014a19dae9ddab1719376a38dad2001a60e3d27f51a74b6ec876e421db7da4b5845b56f13dec8dd0f52720d39eaa7afcffd39e1c3be56a4645853913b3da7c833ba3b2afed0e1c8b33f219abce33c75ef436b37fb68684506eb2f37945206 +InvalidSignature = 6dbc3049603abc4677bfce12929bcca60bff5350809ce3f98259ddb72967faa076bf02206c9bfcecdae3421c66f2eaf846b4effbb5e6d774e000c1f1f7c1cf409b98f5e0ca13cb2dbc5b1692c6bf7e54a743e4b24c53451387f277aa66e16da87246d3ab7ba1fc5ab1a9029546098d12d1a45293860e2c8f4838148c89921467285b0f6c916f3b0bcab98dd01120055ad1acf9ce18a2f276eb15aa6f9a0fe05652aec728f831063fe6c7985ce3be11377703f76b4904d292598abac7be35bd1409dd7096fdc851abd2b20a1883f4f915309ecf507ce76dc9a75b36394c6f1fa6685857538ff3b847affb483a670969ff59c8de0391ce73bf1e85601d6bce92c1 + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a26a2b +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = fbf1f99265060ab82e3cf1a3cb86ea71748f05c4d69e79c209bd3b61c11acfe1c8ad5f9aac1b0af7b5db7ec31997c9a373d56ce472d6b177cebe3f3a81f6ec7a33cfd2b5f668a5a433d14478e4708d6504a4765d44a9591e00bc906e717f42a5249e7c6dabb384c692676a4d95dadfbd0f464ab6b6df19bd86fd5585fb7c7a6c +InvalidSignature = 89e152374ee953c4d9e69e29c3100f0168eb71d0f5ad31f6eeb52ab6caa465ac028b81478947fe08765d77dc9d4e75bbe2cfd14f25124e42f7bcff6512193cfe3ef9dffbf07020cc5e4ab0b0c44fcc4b2bc8285f16fe08be89b432fde26b0498c9ad46be8bca8e1354c39b571a8e30f07aec84a1fc9d1a8e239d79223a6af22b4abfe36ac108291503a4f557a7bae28b25ceed47fd5b81182cf391ea409de7ba1eb2b404d4468eb2b47c2930845e2e9199fff4f0c838e3bd5f3a0bc798fd6fa4be5e962070cb45d01a84170638fe2234e8df928777213a87be0adee56b8ae514cc05c5d52f872416b1ea2112e76c364ce82ca33027e0fd1f8c0424276659c08c + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = f2280564177a0b97e8089b77d7d0cc8ed54849a90d44a7dcd319f5c6d70394169fc4494e348e90c81b2333f6863b1cedcc26672517b2bc7a5c4fdc77917179d41a364b3d844960567506b4fbe3df01cc85fed8e9872bf1fa82f1c073abfc48164bc634b96f732449e0f9450f55832432e818c47dc777ee632c46c8408f6ca9e2 +InvalidSignature = 7f65da249423b1406aebe4ca1253075588b101d47207acc5dfb7198dd45548ee71ffbc1bce87e7befd256ae20250208c451bb3a4dabe87c0dd67601ce21a49b1fe723b224d02c7304876e5b2f6804f76d1d57fea8edb951b536c372929863cca988380373af61402e746f71103a9d012d0db121c4e2f636e44b6457d16d12e8b493bdec5d05fd311b502e56ae99071d9bc62dcae68b27f8db50d030963e2dab44e4215be69694a55bb113a8c43d3c2412af0ba055ca740ca628a6254add0e0cc51593cd9a283cc70303caaf8e543ac71bae196f208cd4c9373e2810c94029da46b78b421d6aa8bb00bd83c474534bbaf9629f53bd2df3346200631f7cb9ed4a6 + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = 55c50839aa7d0321a6a85cc3f55ba7f6643bc6a18a8faf73ae9a70d4e527701b7b65f70194f5f0551342eef2bb116eef94595c159154d8966fd639fbe0de525fe96af5db8990b6419bcbf10dfd930f98f230048fc5cf1ca4b0d6f883fb75d308687d0bafcf76dc4c06ec6efc0309125b4569c8f7702906053741b4537e147b7e +InvalidSignature = 0b853828fa2089ce0d1955d52b20424748a4b227b56c557ad63782471cd0462295cadd808c5250ed2f11e7d2754c8734fa9d13c8b96496eefa515f3f127869bf42fc8c6bd0ea0247863b9c56747d15b16da322064f7cb723e2eacb4457c241b3f84a63b7bc307dbdd63b4d755b9b4a6c0b7590e5c1c7c5dbf9ba61eabfc29a21944ca6166e56e01a42a94b5d8b898c0fd073b03ea998f35e26289454012e62bb58222fe9a03c9b0a562b9b16602c7794ba835245a1401b8e3ae28e00541cb7a9aa8335de46d063739e8c71999b65f7c8fec3701a46bf3c60139b5b780bdd08c679117e14136c84c93fe403efbf346213ef4c85bcf3e2dfd44a6b616009ff47b4 + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = 71ff5c8bd950fa414c774075da8ef7a1a58165bf4fb7670cb1f5c00cd07fb1ce0c80ca719babffe73623fef91298c08b12b35e223bb527a3685bef5e3f04a94a63153992eb9d83511435c89a322b32bceddfadc4a96cf943468bfd510ab55fd1db8851f7b26cae084c764561238d75bb9ccbfaad82250672b34f93ed19daf8ea +InvalidSignature = 77b82998fac61f387b1a3264bd695ea3fff605bdcaf4c2d3a57f87f3f425134b16711c7812ef1a6c7a5d191fed835b90769883da3e7dbc81e141e3a477cee00b1283e80dca67998835ef33480caeb10f5eb02374cc38129156197e81ffdf36a09e4c22ba30adf9760c441b9691925a2233138f93bb0283be4affec35094f9866e1de3ba4a7c3ebacf88abdd8a1034e968d104235a805c372daeb7b7844ff292bf1e02f3fe8912a28d92e0724f285410161f4fc8c9ff8e0ae91feafb890de775f874de9c8fd990fe77c21525d55f882c432060da56561811cb7fa2a7ba4ad907faa5453d1c2a8834eeeb7400f17445d59a3344fa64db8ee9e97020c5158def04a + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = cb254c69cb296eae328fafd8354396594c74e8f9ee4783289bcc8a922031c2f517353c2fade0359ca8713a9ea899907dace6d272d982dcfe771de8803d28f707ce44736583fa12856bacfdfe90cb32e77c4b26eefc54afa4243b221b93b0b8b3f9393731d6dfce118426401e7743453fc48a2d94e026c6c1aa0c808aac32cfa1 +InvalidSignature = bab31e3b71988cd3f2a772cd0e33b9db6d7aea6b6b99f631a0259ddfe9489bc662d9c6c9e03916592f212bd4e9619148dcea0b58b475c72dff8815aa3f274ad19d19126d67dc6d120e985ce16a3aeb64aadd785657fc0370c701ffebf71d83260ccdd9da04a8f29a69a01c3a9a6d2bd942c44d5cb91fcb44af60a2b8e2c94cabc23ca04ec6d3005a82cbe06546c38d4fedfc56d549c785a2e23b04ae0135b03a17d63ea504c51a0d129c172ba2ecea5dc6b8db4cec7b7a4d021da03ebe8cf6cce67b8e032b4ce780136afb144e5d8019e7916932ba87c7d9c963c0f51d62c873af41396d87877ca5ae888ea7d322faa79345080fb9d2e6dd98b7b219b6662114 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = e74ded82964ff874c9e10540c9f1dedaccb376b882e61f33eb5afd316bafbb01205f7c8673ff1598edc179a74d3e74a1d7729d16ee08869be5d8356c13afd855254eb4d2b8b55f7528a12f88a253f2f48193df61d7f5cd9f495ba34421bb10979e227cad8ef93ed21f880f2bf3b8be99721d26df64335e08bfe82f03bd5bcb91 +InvalidSignature = 23cfae518dad78ff6540e64f54ecb571ae4fa33fcc57732d8555cd25b44b46f46eeb109f91af7d08c89e16f4cf6aa119cd9633515c55ab3fad64c8932417ca945be3e26028b752bca8851567da6408e211df8fa215a8ec07fb6faac5cff26d174a1b5b7fec9ab12c128489c4ccaea60c1347b8451bce07ccc9c21e90c2e5dcbea4a292c16d60ba66ca4e5ffd6c9cc3b8ce4ebe39df418573e0e9f42ae09875a11050a434538790c5c700b5adbbf700db2a93f3e5ac4c570f8543f0a1c1d664f29d161b064a0892db495b68da2454eb983db0fb3defb0f688b67c8506c20dc7997e0bb51854a85af613a3b9a0ca3e746f3d8393b62106c58f8ececb502824c478 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = d122c9b539021a26f4e66a823f29791780a879da291b1858dea5baf0daa906408fe0a5dd8ca84647a49fe61c4d714e8b46eedd0c7d60874e2f1b1e715155d0762f38f2f45336fc0ca89dd49edf6b4fbd1263f561a760045c78eab8903007ca5ef85336625453425d4707bc72bebe83962c2e494271c4966a003910b34166fbe1 +InvalidSignature = 57619bb864865b005fae1cb334fc5e60a23cb148e722a781b1da7e822b849b93fc502927ce9d72bf8d2f809ca6afaaf268133a7820ccb1e6c5e8a7252f67f41c8c67f97d19c718b15c32a2fd4a98c69ea535b37d6a1c884409603c80e1aac8ca32c48ad5481ab56a02526a8f37b884f15585a4989f0a7c7f3afb20718f143c4d49fdafdd33944445d39bf857f8c03e4132b1a00d52064f60172b44b67919610f2b69fdb7a51b69087915f76a2a0896fe53103c81c27d00b8c805b42d2adbd31b21d1773bc1f96b3d5f9352f224cf1ab93c18cef97134fb3cafbda7b8e4c301981ac4027486d74d1308c234f84a13cdf0e505d02c3f1f2b8e9984d6b2fdbe0400 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = fa0e2ee8d953ee3589be814638512966d3d5e1b4ca874079170f9fb87db17e070dc7249eef6f86ae5f816af4f6c4cc8d2b61810c19971aca83b10b7d15350d0cec5fc0a259cd9502e27ceb1a8af378da53beeb46001ecfca1fffb3ce472a888b9fbc4a1d9fd7e3d91b974ce07d48f5f452d6678b08842822f5e1ded49cf9b82b +InvalidSignature = 2fba3258af60a9c026bacaaba33076b21789358f63d709e4b2374c7e010a3f13d77d71aa6a70a116eda22a652706ede6234e71bb688c32697087a0c12c422e98cd6ea530ad7adf9e293c5eda311578cf0cd6b2cb32c9342f5e2e2f3fd8b27fd8b9bd7beffac03adf6148e72d9775c27ef90aa232f49bed02af05a0d1567817116a9abc0b81ffb02816ec6bac841e559fbdd7c2e41df9e4b66f76729fefc844d6dd6a879441fb212d4c065ebe6af9365fb2ff053433aca778d3a667c901dfd7dc35bc2518640a79aaeca1270646464ca55b872017a51cff49b56b53f70324168da72b0b5a297b790c89b1f71fa7937eb1e514d77f33284765b66608010c324013 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = e25750b83c69e4e14cd31a1f366d7f97134201535b3601fe9deca9e874e68051b6ee3be3eeb5d7800dbbe43e5c6e24b0b5965468f3f04ab9a71940c20dae70a73eb2e122a630803bb9217253e28fa967bcfbb59385fdddd5d02a6f14793a5461de6be77c4c20089ab8ce6b65b01836459139ccdef9a3e3da7fe5dde8a2d25504 +InvalidSignature = 5c3ff26414d2af68f316f7646fe4740d571d7d08a4553c250b6abf0187c2ccf16ede3ba33acf57e28b20ecfcd0c77815d280c08ef4bc76aeba9012939bb53a5c932ccada6323d8de5b00439032b0fb57c77e64423a50d480d9364356e0b3b841cc8a61bbff8f235aa8247c4df7ac1a31faa85a855c76109cc0a8baff6b46feffa65ad576eb2ecf1713baef88cbf8a9d939558f95677e749045a06b8da3fddca07b8c6e25499c8d2dc6f2e152b75a9a85af85db7c84152291bb03a6ecd65a1a0209d8291cca9db5648acebeae1faeaf488c49183b0433d74833812ddd35ca6b483a9f24845f10c11a18152c9d3c8ce5209ec4d8c10c5960cc5889950428e557e3 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd7a0b +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = 2288961b2d0b66e75dfe4079804a7f99cd9735db1bb50721513a3f611e6d1ca8ea636c5f0c685dce3da191de4cef70231415c219ac1e7daeddf9db01d967b06a2917fbbae80ebbc42f4d041cd0ae511e47101c32edb3ac4f6fe52fbe7fdf0821c9ea6ab329c626d11b4bc1ba7351ca934ece6aae483e3d0bef48601f789eccd5 +InvalidSignature = 394ecbdd1159193f00fcabfe13f1ebad7d74c0fa954dfe2fcea5203b54c93e02960490f51c155da452cb451aa012f15f27c9ed603014eb88b714cd3232b0b08caad1e18f80cfb81345a18c4419b88a429a4f69c72149e96acb7f4463deca7105938d51f2a9169297e2462dcf4eac45208bc509cc3e85feac0e51b3bb32974ee82fbd23b3e2dc06da6e7f64f917d00befb181b264101de55cd90a86e0fdb27b3e9e8ffb458b39b1718e20da779408de3abc05f98e196f5f92f4dc22b34a39c28aaed5d44ba5fc8a50fbcc355bbeada239bb664f2d8e32fd53a0f8a0ca081276c32cb61c74fa9523b1d3f6a795dacab8363680ef62a2a964f66e3f5c0ef5d663d0 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = 348d8253c3fd1e0175f263081c025ed1d2f48d7498d39f733d417ca7820e857a7b091d573816685fa581525eaf92d4fda8627339edec0913c667c7898dd47bc613d30f963fba521cf8e8fcc74557ec82b371b32bf8255647d53950f441e2d71ec39260f6201165a036cf662c28792ec8bbca573400a41076345f1ecee46121ec +InvalidSignature = 7247182f6a34684402028eb1f0ff8ad0f16343265ee6c6f7cc8b18f2ef9d30e778c9ae49bdaaee7fa1d4dc17ea4a1a11a63d29ef17035fa41215fda41d36edc7a0a672649c3b05ca07d09644503abf99df6c7c31f516369044322029c7ba5d7220be8fe46a0a03068b7a8f1a145d0aa0aaccc4405fabadef36354ee749f59c26a0f7e0bcafeca1ecc272c2c83738b63f8ba2c6d1553b1b326de49dfeaab0f50c344ba311c5842f093ef8b906fd5e163180484e9517c363217e9057a933f5c21029c00bb1a93698e417d33b19583d3dc4774f381e434e4a2c35dbd3f3829f4da9c0d18a702f54d73f201dfae3c298007ee87bd2d017b8aa9411c2081ec04ba3bde24cde89cf743fa7f627c7420e4a212662bb160fa5cbc93b7b7585c53a4d93dd18124851b95bf00db240a0850a89bb1d291944947c0d8206d6c509b7b27d8f38a339eccd3641b291dd569bbd3bed6cc18f57890113ca5f3aea7af7b35880fdc0e157f941946e742ab61b5a9de3e18a5575680a869fdee02bec97a726d99d0703 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = 07dd79fa6d610e1c9f3c64a2b92d1254b066531136df0ac3ddf003927e1f7c58dc37e455859ae225f9d799ee0e7f2bde93357bd53405385e9df717e4e3e35f231f86abdc5cd6ebcdb393ade0b41f9ba3088f44f855021f0e6231cc8f7c489e1b18f557f6b9be32fd149727df72b46a89579c35e2617fc7b972c9adfb12f7402a +InvalidSignature = bafbff970e29b56aded354a1403ca86d9dca586afe5f7e268dd12a1915803714b37b5b329fb262df320b7e4ff2a078947eb7e114408bc432b41c899f9f7aa45927763c969b819321cb6a048520a3ce64d66e63c81ef4a48ed269f4108d392a1429877252a589ca0fb22f70088a23d01ef81a65e0dad9e7ae9dfa09c42e2843e7551aaac914e1fd436b811a28b78803f1ba34c7ea254d1d37a33217413a0890856297f81a6172bd6f147f3c6ad818324e5d6e36370c2a52301180b8a3a8b7141119ca6e8b5bd71a77d11c513de82ae3e4186757cfed3ddf17b345e6af808e3b0a6338782c253185c51ed855fb9a03c1c1895ba444fcb691e6578a54fb927b20564e328f175bf593663e38ea5b92ec8f856dca9c42c3ed11e93fae960dc2b0384007292ac2385d12ea05dea3c2a60d5fe3e6de6e8886b1b1258c35be13ff1ddd7e3734923d05eb93bd9035c8b936df2b8c3688a045829d4203bcd178fe1cc9a5724368b9148841f173805b88e505cb5d516946bbb17385607e14347dc5fd98d172 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = b61eabe9eb62740c500b32e9b049a0652b4a87317e68289f85a1dab5fe47f4818ff8edab0bd1c251f1df980e35d6a35c4306461d428a7c7495c376d9a805866de98f3b8a14c1ce9fb489bc3be71fb56761f2b539b3e271a6cdaff498c2b18a40cccaddae909a5e9fa3f1e6964c8a9d2e8cf61cae5bd6cede354d9c19d5b5c9a4 +InvalidSignature = 09b573ed2be213b3e1ad49ab1fcebc2be8cbd30556a3c9ac4eafdffacee20b7c5b19fe84c66cdf57c0ff081643484d5e5ec904de4ed87d7cbdd8e9897ffcade1b0a260f7cec47212e1dd29cbda97c195d0f47ad0e7f8e836c9f870f2e77d8648f517bfe15f1885084a28ae1bb2ac7377274d2be8748b28fff31140887a317ba4983e0b3c94d4c0360e658161c011f18751ca061be384bf09d3f6b8da459d432081fdb22db78483e69df8f37813faaf31a9c766e16fcb8f4a77d18f8a1ee8de88180b9f15d0894ff2a8b2a5f6f9438c605e181fb5807f9dc635dbb34aa5380feb004e16f49b3b9abf5e9e241d66c5e4dd2dcd4c67ff3340e4b1dcf20e070c18bc9f4972b7cc7f8543564fde3b3598ae177e7a97e3371aeff0df98b1852330befe8ef5473f8e5210360922a5431a2914448e2c7db973d6289515eb3c6053a77aa3276c71f8e2692bb2ff86f48fee9db1960203fbbd7259eec3230ba46d4e3caf2c1178fb4f62e516d86af4e92036f7d08a8e512d933221d0fbf520bb904c7c5b64 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = e594d640dc2fb4d4d9523ea171c95dfc7aa2348ccce403a1487e4bc7197e339c3a832ade3875cec83a730c9f3e0d8988a5b4419cf26e6f3ecfcfacac51245ad57cf1436b0a9e7e38686d93b502afded9c038392fd010d52ba76b69be42db8f28b2c56a0ed7128dcc6c26180c43162498d215626cef30fe10d83cca24760c983c +InvalidSignature = 8565680f9957f0dcb540c1cb61bb07f58bcdef54265047d60e438e01f4bd2b589cc067a40515949808b31e9c22042bbfd369610a45850d15d52670666377dcac674a959f1ab50c5f980d8886c062f553450768041af741e3ff8a151dcc37ede167d69fbda25cd17ee649b72e5a0812dc696cb1ec996b0ea9d1cd59680fa9560c3e80851544d8b970e0f638e162e2385f7f4acd701d528e62842611c1ba68d0b5c4ff273976d36787c837d65f355c186417b6c15934ab6e8f9e7d030add664c191ef81852d85bdf1552c267e40cdc2dd6136851024babdb701428a8ce79aeab9d4332a1e1699731f9d43799b5365536bad860eb5b756f2aed6fe6aad16cf4270f76eb631e1b1dd6bc100111a909da6700ce7f917385bba5d9974987728d6bdede768876e241d2bf23de0f3028d52848f15abe06a93dd616ba95724347043a300c09902bca9fdede9a7d29f25afbc9b0e9077b508164792713278eee448000629b1158d2cc65c6ff06ea9a2e95c2874e2c7e2bf872f319c2627e538f9f7434f6ce + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c9c31 +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = eaf989927d18e789a4c2c889fcf5c21df332e46e2182a365dcb7171006f468472a6f838fc776113eecb0a9e005a644daf581f24d6515cc3d5b1f2af30ecb169ff97a00422ec1b3cbedb587807566d8a01aa9b847981be191a762ed02cfb6ca267ea168745802b478ce58ca32f23d66b989319c236299caa9e707ca07f2bc6c22 +InvalidSignature = a5db83aa5318aaa5ed79b8e2f70652e8a7f03edb1280efd24abcdbda7f794f592ba71db3494c2013463a235358c468d0b722b797b51b05ef6d1463203c882be3f2f25bf4918a04049e2a52d6930208839cf3de4b2072671da8ce0d288c9b19ac91b436da8c7d4ce87ca560f16cb759fadfafcf4bface1fcf2d0930ec120b3fef647b1772d3af810a67e3c359f977d9b16ebdd2786d411910c8eb72458eb94017904cc8da37d0dc56b8c7468e7dc88721e66c3a5cbfd729c4506dfcf2bff3206907562b9f8e7536b3ce6d9d607062fdcb06dae044691d40f51758fc0db46fcc07f1a4ced544396698256da55d6aece5b64b72a77d41fa0ee34f998ea3bfc5f79348f46b1b3ced4d35daa3a4ef656d3f039da9d312f36ec8976e5ec1ea2945938232fcf6c47ce1d8683cd49f2b736f6976158c65061326f868fdf87afde1ec7e0fbdaa7c2788acefcbc85d3644e2f9636e470f00afbd86054807d956df0890ca3ac1897cff7f68decc11b975ec4fbf470d30d14f0a88bd1b4f1638596fc54ec9ef + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = c94473f37b3e8fbb10fb2cb105ced77e753b9c4eea71797673151359f641a88cc8cd45387bcd39c0f75ac9a4cc9625a6c7ea9b2bc4920be3c25c9bac3dacabb4b8c40cde99426c6839ea15ca3ca6d8e11ecb434c0f9e1b1701170696ffe58794c0b12fae7ca712f9fe3379ebfb08d678a267fd7b749e905856cfbbdfe4f22274 +InvalidSignature = 7b2ba5d847b87118e2c09ad023e2cc5e6f4e0170ba9e02d3c068adf1fd00976b6288f316171d776349dc3570ec1a6950e47094331449a79e74d8699a5397941261d98d6bd5e1f4ee631361b0aaa5e01d25ef71e47d740865592eee53f290a6c419a2153fb7cb373cdaf22cbe638d49492c2cb267be0762995b9756e32dd43675a8029f19f237960334fed8de1bcab36cd091c202bd391c753b7fbd8062b31ba8ddf360f3420d0c99a746fb1bee1ae0ce033794c22c32d8ea8136022647cc90f99a895baa362cbebf294866f3d942a53c789919ff4b846fa1c1d48202c7689f1efaa52036921df7ec58e0b6cb9a5225d89eda78545d6b117fdbc1c726850f73e735d57b8a7355ba6d6ff3c8efeb49a29b85c92d95edddb04914b1c1550e38614804105313660e94c5decc0a5627e0071e13843b7d63a4544a1330a377effc531fdb12d3e9951c4d2c229a1240628d17fb3a7cb410d1b01c827e6672f4fc34b650c3a0f42a1c0d743a1797623c2778a49482d52f37a70d81de36eb6dd9e23b2576 + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4bd05 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = bd1449b44548889ecd191d0a43cdffa7e4bbfd95a51946d5d20f2efef50f2f31f9692e4e8f1a0068d1e52d7725a6f44d65e28fcc3da2b855d4826b83ae05ee1ad12b0f3a2646add923097970a7e2fef3258adf0705da607047e028c86a3246778c8271dfd27394d70aab8a5b8f2925816dd976afc666480c7550ee34f03e3f30 +InvalidSignature = 22c2fb8742e325e8e59f449ad6fb8b531e05efa5d87cae928a030924bf34029cd25d2794c42c987520d521a2def57c62d5a00b9540b792fd04088b82053fd5fc7d76d3b912086ac718cc9b19b03e27c3311aaadbc19602a5b4c1321b4f7217c5717bb48de800872ad322c9948682794f25a89b3a7600c36f9d460f0bb2186b5a9a049b04c38e9259a9bf8566ccfe462211607a81cad72f3aa2468909b723c67bd5af913fcea3717c33ee8ab529154dc549ba12506227c957b80788a0d7b630e7d735deaa847ab5dc9de4dd90ce57645d1dfc147d5c2c051597fec2697508bac577aff5dc1a43eec3c7b014f027a1640047d42b4ab59709722bf5bc703566abe2e2aad6e9cf9e850247ed40563ad54296ffe84cb2f8ba31386e8b821a2ac29347ce710ac31939bf01ebd3b7b12b107caec9ee01d78cc80721fa75143cae00b7854e64953580213c46900d9837b523fb204cde1048d02e08dd00ba0e505151840f02cccca387440d007a5452ab6bb741bebafc0bf3c78eb1b895e25da60533bbc2 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = 105741337cb19262c78a1bcbc04349775ec4f32f55c18fe1eb3ca645084c85bf8d1c3688e736ae09e4024887c5897205947fa666b8819dd3c69bbf5c9a0ddde2a74f22348b524778e60907cd6d28d32e3a2cc699669bdb71da8d5e22626ba00304f7ef808f8cc57876a740e4dfa7d2baf8d13a118a97b385d01a6bdd89ed36eb +InvalidSignature = 96ed1422c5acf21998993a4d30cee4897d490c8de002f6fbbc3bad70e6c44cfd2232841becbf2cfae42df1f1d91fcfba8b81f19d3fa3364b569e444f6f18dd860beb641920b7c565217ce181b637709bf9a6121feccd49f59675cad5d7b27956f142aed71c962cd23865281622d22429f288338b095524b397030353f590dc11a4cb9810cc247a0c8a816b41683a64651b1c60be462d80e5cbcf025fd0181cf61c2d9a63eacc2de0dd5637193598120b8c6d60b6c6f1228735fd18a4fe3f8f63ecdb33924eb7b809bb66c458d4b73106b6a23a7fc685df3978ba9cc1e2371288f0195b6d73239fbde260bd92ab838f0bb80735665a68ca5e426678fa6ba2f29a9374dd7bed51f3413fa074965e56f3687db310c0b3c69e3f37386ad5e6de25f3faae6212b3549d87e39a6cc9dccee9ea1c8469704f79e88089b3c1d3232adeb99bc0c0a2b34094ddb3006cfadf826e1e2a6aa2a3cbee334bc4f5fd019fcf8eb61b0db6e38e611744515c58619d46a39afde9677189066f55e4f78c39debf7e59 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = 6ac31acfb46bc42fbd13c38fc2cf6751b2a6333d3e4f8f6a3338bd6207cd0e81b1f6569ebee19deea20317244c5957ddfdf4bf3c59b43bd1bf542fc0d6a6ad1f6820ec9f7498f56f7e4ca05d2a25bf3f093d9991b39e9a5f164d48660d877976354ac31afc17357bfaf7448285bc083d7f89a984739414dce02bf29bd5f5da4d +InvalidSignature = 122cadf51e1f0984907c382090aaa972b6dfcee9559e01d96a212a716f23a10163903441d4ba5004b42e26fb31ca4814212c0936cd3c1100f2e5fdff1fbe177ce0ef0f8cc522b85d5871415fe255917944d20618c4bcbe2cd53b9c46f84e3f18b50aa697bbd8b7282107516af44b9661a86efbae960749514fb39ad06329011ffb94c8e2a1e63a4b49280f3b92cf3add5f1ded63e1b436cb2dfda4bb6b3831c9f352544bd7988495362ba5cc7a9c6059f11d0f7ba99b537974a0d24b8bb6014a98a6122d8f2b6979f91d3f0bec9bfd7c0d10f8b25e432557feb9f955cbb5fca7f63b8157e0f1be7604a0efdde294289fb46a732f636b2b0b33f5be9bce3f2f76b186c5a177458ebbb8a46314e37e2841eb53759d3b4636d91e9d1c814b06d761d4e483a55e5c54507d3f03063c53ccaf57c73f1ef98bc60b7c25b015f6a3bfe81a36b32bcc2ae828da985dd869af8cba37444cc79eb3c80f6e81bcf793c2d08bcdd3e8191002278d23153a8ce90c10e825d545a249dbae6013fa3470eca9b13f + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = 979e87fd762d8f044553a56d47d7c262d04789024fed71fb8bff265b2d162da37fe1c71d731b1970e7ba8972276a6b3db439dd854494ef290972080736cf8515c05ca2ae61759e29e3531ab09b83c34f3496304cae1b0db7a5ca7a41d702ae52e176e05549236757c18520d0aa0a10c0d8c74afe956913cde86f45b11797f181 +InvalidSignature = 5a48fe3dbcfdf6b995f849d775ac51e56cde0f0b41c9aca3b035350f3aec027021b3337e4e21653448027ccbd6c83f6036dbfb028212afed26ca99c729081ce742005aee6cc22046f75a6674a4f1f3c1403553c4027137fb27b3804c0c72320d3ef0ef3afe783582947eec01f57a0131cef6781529758e332b162226ff6e347771a4d0a6f8a7244955deb552b976408730153d9008468c13d824111a1f162450c25c365e923ed055b30f747997e49bb5b8af283448b05e1e265366b94de3f55d135c063d45b4a9261fd1b77e295791b8c77ff5feaa146d7c474ef25257b7ce2413a4c0fc422d7f9395f6af256a3c6f5dfbe902ef5f4411034c1e5482d399bb6d462d8e42668715067ead9ad9b6609517ba64c70b3362e2a82abc61710b01132adf39c1a76726d667ac5553baeae28fd36026da0c04fdcd19104b968cf56492229a760509eb615b36a5d0bebddce3071b8dec3a0cc30d887202eedcd12327c798bfa92a0366664e01580840e58a63664c3878afc8fd101f010d8333c725a91cc0 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe3079 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = e49f585eeccf2bf7265641fb8c0f94c717e2ff1d9045aecaa302d285353b991bf7ac5dc93b311ce9078828d268571ff909711e5c04553220f8f80f785cc405ca13e02f0d40b2ee765ba295538521663718eabe5783888c345519077a9751a1285fc236f2a25a8ae44a2df247887451c86cd646d7b3e7a44ee0ef23538eec557f +InvalidSignature = 4e85f68a5b06b06a17d0f3f27b3a5a119e7db02abc2d9b4afc698220da11524a885f33cd7a10ae89c98b027b69224acef4713a1463f168c8bef551ef8fedb219b6ad0b3e99d6216643e58a51bb2ae93bbef769614914eab137c1993b149171b8633f4a318f69772996ef7dc3f7748f3756d58ecdc3937632717fb40cb7ed6e5c72e172ac58ec01f4e32fffc445b60f98a628fc1b0fa4cfb6686deb125950b862f347e9eb8120fb2b5aa23d6d86eaf1edebeb133793541c4dbea0f14a9f74733da4ed11d1274d464e09a5780843d6750bace0e97029308287dd396efa0f32628171fc5ec20d3c82619b784e4cdb66cbdb28cdd263a46a3ec63e1cad7659dc3b33801432d2b5b5e10a770083b933a805a9c76cc26c912f952cec5fd8413a8c1adaee80149fa19855315075825292db24de325fa6bf3b4c06652fc8320def4236c088dd5ae43315e03672fb999c354ef61ac380b1b1c96d711fc777e345ccb94536355a321466eedcf2355dd51f688023d6b599390f3aff6201369d8103af926c83 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = 4621b17cd9f5b623fe73b5fe280ce9ac840805608acd6e41d55ea71132220c0df7e7c4159626f10d71882983f0aa2a92d11dc906c0b22cc028f4395d48f54e12894e33da0f614dd48ee114e65f95c7a7d3585e7cc765c00178d136aa99591faaa35ee6136d2e323ffc855c709c5426b32fc0aa0ac66e90c96efe84414dd5e79c +InvalidSignature = b60a4dd629d6030fe6522f6b754f0e751de4b2552c607efccb2f90da91787583b6fc51bcb60ab21938a48ca6ab3ef8ab75b56abb9df1faa4dbd84b412066f3f92bff778a89f7df4f55317cbc40a780fb87f0c844c2d64e232474a3e931c168b330866579685c51a5937a2e80ea2c6ed00fe123f14bbef55c9774bd620e1e821e0128cf49dab6f8853c08801c8a00919a6c013c3a83f999c66a5cb49c91865df60db8be813bc3d8b35d85d79cf01abed2f60f60edc97153780c0c12fe45e5e487fd959393079dbee5af46c0a7c4214fab75c5b5ddd6f0288669e0a9be33f4b5782524e838315cc031d97beb1596026f129a21e961dde6bc34c492f3026af7f503b8ff87b7775619f8d1e17f972c85940affbb64d3310fb9f74d9d16aeb077b8b997b18020eb992ab61322847fe6cb62f73d0abd81633ac5c5be6519ddbc9334bb56449bdf96930d65d8061db8911d4ed6a59ae8d2276d04596a388e752cf99cbd395b837e7c5aee278a7c4b43c78d3d74c88f49cbc8d816f53cca156927fb92d4 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = 7867b65ed982ed6cdd2d061157be90f85bcd580350f1253145cba5c58946a8a5751c8c008d9df833c8acceee2b0a5a929cd7d0def655f5cb59f01cb4c47b54bae5bde0672f2ce7922ef86d82174b8256a4d0b9a31e72dc60bb66deff2b6b11dd6e5099dce8b7214eb71acd16440b6f0918c0fd9bf2ce43b71635d5eee79d48d4 +InvalidSignature = 0a617081dd9794c937e4c7163e2865439558d41e688b230c20a1ea71846643b8321d77cad582ec9a70f40d7a8ed9f722c5b9012f436c7a617ded2ad18643457b6fd33035fc2a2cbd52f3da4158015e01fab55b4e26e2de9602101ddb86e8d2aeb89bf4006933a11b5fbce2bd09e31fda18a82ec405910dd3d1cf1e465c176872da3db1c2b3089b48e768ef155ad5f56417497a648ed0427d45ecdd038d3cc8c87ce99a92f08c7641f7fa39ceb4ec83ece0994ac6848bb6efb4e79327145e5396b10faa1ac3a63ecd4a4a2c9cba946b0e5f185b2cd1a04293ee46393d374db8be0a849377eb11067ead3b76e514551d484d5c51544a1d0da96c17b5b2ef953dcdc1c6d592030e468eb8186a5bf660b71da5d982bc5424cf1a4f8ce952bc763b4eaadb2a3f787c8af01df2f43db5e0ad711824acece2d99d5bf9fdee0fdf1fdd370ec791a946a4b6af20b277479a838776e9c09230c36325b8c8ef84db282fe89ced24b0d7869b5d246fb3c60fcb261309897714e870195b9beed0b265800fc6e6 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = 4d36eb2c3ad233436923e580faddb45ad35967108be8d99a876745df6213c028929f07d549847b4f9a996a3ddde390fb54aede470fdc7a3e0c7e0688a3a125cf216a3b75b4667586871b0aeb2de3c0e143fab1aa51d54f82f2b5a6d5357de1af42c01074411f28d177d24bf2b2844af6e86469a01b79624f7f35ac30df4efcb2 +InvalidSignature = 8138922fd1a87333f1316e207e5851af65f27d9f5cda0f7b7cab0054a2deab0a5c246f1834b8fa0a9ae755b6add3b6dd93c694fa49bea28a5635e56d9841d283320e7a6f9812c102a60fc2505a081ee3849f815191b9d7a6c41db67aa1a053f22d1514226aad3922cb0b5be7dc86d6cd5daf28bada179fbeda50372bcee5fd8b567ca1826b081cc0e6cf58cd7ed935c6922b924bedd7e4f3d48f1995a56bb1d8aff5505ea97c56cdcbaa8e93254e8c6a39db1276c6f53a6551f162f403182b4bca892a6cf527c4f96296b2ce17ffdfa0347d5290940d81ed99a3e8b00e859dc0bcb83e90e9cd9a5b64cb9db1f3f01d26d08835ffdfe4053d9c7920963b07fb199e5c01d44d4182586104850213f8ca60c0081e62b5fecbad7eced93c35a1374d27b67150ddfb44ac68f6aa00b55e38e681b456e60655261d8dae047d67a4ee2c55ecf213571da1df549a4889ea3a285b5b2fe0707d74d470c7ece3a21526f5d4af7085dd11e6af405152a05110fcd6aa06ce93f1d2baba3ed5db73293f977ef1 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = e2a92b143c8a006cee8afebb663119745d26f4ffacaa535c6165d30a1265d9277164c8d8214977ebc8f2e2bb66311f54e51494d8f16a6822098237a8d6360aa6bc288679b04c634849a720ea1956f5043dd10a723371e6e9ec302ada22b17f99ec80cdbe909aaecc9830221028a884cc8ee5bc951bc8b7fa31f614669edc2048 +InvalidSignature = c81ac394f82cb27d75950759224b1787f87225ae5549be13dc1f74326eb668e5e09d03e03ecf039fd08dc301e70bd07992b20a2757b5766bf622052d69fbfbfaca964da33af71c8787eba9ed5caf1bf86e48587d26b21f9f1be601246e1d9cdcea9af7796ae30dd6bcbf1b25734f89e86ae9051c7a2cf3730914406f1541beed812ac6c9e18cfd5bf265523360018860141bcfc51c89ef879636ae2d7f7e41e31337f7afc3e201c6805a76af89dc9ea77413be1f1338e845e9d16cf86e5e04a52d8b579421296fa702ad07ecbfa0237ac996ee2e91eeac8ef48902a76c947b501e265c4b3fbd0c516a0416ea13c79b7e5d5b9435aef3f371d38ff9df8fdded2f265b27da5a84fe5443635e260807db9a1551387e6c9c596498d280d9170daa62954ed32b14d044980eca76a8db63483d8c4cbfa669ec140e7c4a304cc15e468d96fff34d77692581b10e7d25ef075d652758f50e9ac4cf9848466388051518cf93e183f910a4f503fbeb654f4b9424dbadf61d2d50f60f8f02b4ea0e7bc3b398 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb +Msg = 643e40f3636d706e1337bcce6818c10a104fcf06ed87f859c8b667534446f43f1073f5e561f45653a0ddecdd5fc40663922245d2fcfdaeede7c4fe4e187b3da70217964e3a2c66f92bc593c60b931f7e0e4bfd1ad94923863979e0a615777097a1f5ce37d55ec9e71eb85a8f53cf35e3ea909ee56cb37eab269db6632284b394 +InvalidSignature = 4b1264459b5d4066370a09c8e2047911d542e800c0ffc3276bb2d88c74cd16591c0c1c85ac44e08c74849c2d8fc287f5e4c33ebc7bf781fa0e89b4d7ad8e0a0e4e450c02e48cea826f19a96a9873407d131375e99fa2ad744ddb3972f3ef5e3a5bc7a6dc8701c93821bfb31adca2e6cc8f9fd375290b991e5519efba5fcaeec5eea24b671a6c23b6ae4e203c0d0d27553946d1b2fe55b43fba5d321f0ddc07ec9cf72aa8633f8f666428a637fb2b10e7fe9bb81f24c5b5750036d6898d18ebc358a63803ec2b67f516b36321b343f960a1b8db943ac0440c006391dd64e09f6bc3c1d2e2e2cba781a161f0aad3415a5b03addf637060cf0211a02094a1f7b07d443a7ec958abfe74436330a2a8c7c7ec86f91bffa9c35e1e8d3683307e33f226f9645ea66ab59ece99a0496698ecb8926e4772b307110f64f8fc02ba7076d288d4fc1481259ccbb7eb35afce0269f279f68433017622130f62e91851d14bb7e6bb648c00be485fea37bce55ed78575fe12ac3137df34722c0f2e992628c525a1 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb +Msg = dcf645e2201c3144ccded7cdf843326481ff3105019a5308fdcf74a66033e7b92817c4c360ae83324e73cae2edc584e49ed4337e1ac18772ab012f839c03ef36ed12f3d64c7c63ba41f437cba9354d4065e8b8ac53c85c3b7d04b83891e402d392b07922cccef7650d2ac58e12dbb4014003699895f6f9eadd9fb6cd29204819 +InvalidSignature = 0e7a238a1eeb14ed0aeef74bc58feed30afaabd466b13d91b72283a694b785d9a31552b60217d9721197409318097335961d234c9cb6a86bdcb72d6da21951c70461858907336f52e82e7d44074980373a5bacd08768ab9665624c8df9f09363daa823948b4b6887a69ab7eb15d4afcffaf8a1499ab12de74fabbc7c93ec60f66b783d8395fdf95fc3b417222882c91b40d249165f5b60b29da2320d2cc3af8a1c148af334c404d9fc248034888fcde6ac99411995f6ee8a1479def7857307b0b40498a56e64929c81d14a7a91477935a37311e30600d418dc07d6af4cd200ae88d5ba69b2e96bcf993d105a18a1f7e8a56b372961ebd729a76c15e4297ae4bcdb5ef2e7242e30ab9dc13442440310de6bdca48b98d67bbb2ab07822b3a9d5345b4509bb3a82c387f354f4cb19bfda50cb88149f0cf4d8a668458309676c4c7a1ae950ef5a5830b4c1d0592ccc875a46828e617608023f1db249e9cc13e8c0a28b0395465e5870b96d68ef2e254393b04bfea234ea3fa46c6d53d3c5d51640d1 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb +Msg = f5e7010e4829c855dd6c3c84f57a50cfbe5b3c9fd4c9229e07e4f10d5f278a5e5d9b21ff844ae67418f7e5a8260c2b85c4d42bc29aea60fca1f233092b861e89247312bd9726169d7361322490338befed26cf063cbad3faa0127b30b5eedb7cd1d99bf189a4a0f87712e8a03bd5b635c0b9f014c120c5bd8bae922a04450760 +InvalidSignature = 5f231b5b8e5804698ac2931b612c7087462f296502f7cfb95d8547c813004ddc1c01de04ab900a2606db31f98bad9d43d6ce858d7413f6ca48df1214c348725507d86b19314aad2be754a91ba551e156707a991e93f4e49e66fc82ad34d1f36ceaba9b781df4b277f62f5072652ae60a6525f6b28a77e144edcd4f596dffc9cfc6ab235ac406c7d5fe3d364e6c4df5e2e50c0e9931f3ab47fb41bbd0ae196f938168f52f3ca4c6290968306044c236792953a2e84e2a2738f296c032d7a0699849177cc6495b27258820f8476c4b09e85e30515bb9bfb2eea6bb04d90f6561f5bc5123df8e6d276feae3f66367c4481b1f72b38f51529972d9259dbbdbb2f04b028d439520c72abda8f04d7b277831591d2d6b6398fe15fc5cfd0b854f4effa0a77e39c1e596a466e2b184c499e2b15aacc5f6bd4c74a58e346bf6f5aed5343c300c8f71545d95d2276d54de2b6e23aeb8f5247fa6713e0e528e35cea82148ac4c72a654380dff36e4ff0f2b0a14dc271e87fa711e915855efed24eec15700fb + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ea299 +N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb +Msg = 961d11d02fea2179ead83fa51684e5f4a2b804a898e2a3b6e8c4c91c676c9e761767cdcca9322caf40f19f8478633a1fa716a59463d7c549446d9850ea8761f442f20692060fb6ab8385ce369f33fe3b1a69a89d14578838d0c59a2bb7053877a02683ca4e6b05953afb956493da7a6f8418d36cb54936a814359756d5d06b27 +InvalidSignature = 28e4ee2583d359cc91cf56aacc9a9fc560ee09842fc4fd66433f383b67f4356167c799e6446ec0939691a78947c072c1b071ab15c4c4de6d124550139d6b61c0c8370b725a9a06704592975d57fd3d8b3d1867d5d69a0b5580316f211f10ec4bab68a2dfd99cfc31cd3c5c2b87eac54ec482a60ad2b0cb1fe62676e5405459a6c010c1b9e81caba0a82043423adca1cce0037e444572b092c5eb060b020937948ac798b41c55a183af7ff1c118ed778a140acf7f17894ec6d39de22871ee0bf2fc97071a9662663e62609b184b9e78841f0df34963b228b4b13e5a059ed1f113f14ab65fb95d79a904f4d9c47d619a37b2170ab2d41daf64c39117ae5cfc94a79d055b63485c7681eb4aa4e3c044e98b95fcdebb9bc24c907635c77333acda3d5c1fb9c79ef99910b889a1c7eed7953c07ae9d234c3fa53d627b7fd89b5321c2e8c3f9038fa8391095ddaff9b9ca533e42554c83abf026974a82c95c6d55c842b2a39df9c5faf50d29fef5d148017c42bf41e7de2073dcd5d8a6f7029a19dddc + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb +Msg = 00d76dc429af281012cb92d5f7c2fafcaa73ce043fecfa01088b70e5c46208ff13e08bc12dae0ac6d4d87514872d699ef9e8480dc1908fbf531c64102f5b6fd95893eb370869fd8ea20044cde865b1f36e2b99d24e5208121e6e597a1f04036bb738b6ad22a5a76f648d288882327b03f183e8db4ffb0d0351c776a9fd276dbc +InvalidSignature = 619652bcc22cac5046e8eac8694e0ccda00a7ff1afbab00ef5e971a700499b64eabe6f80102687861e7b8466ca32eaaa87e9a0d143f75dd7fde50b0195a035d4db443045416caa3d51410c66137ecc63e6d0568f76769045ecd66a3512b246dfd296397aa41623f4ff67a67b42b9ff692dd4b9e4595aafe2e7166eb02fb3d13be0f22f5b6c716ee0bffc8ec3567e14775f98ef1f0a6b96fe092be0a6d243ff668045d42a72173c702fd0e19c23093497ccee3ecd7c1f9afc876906b498f85c3b3c0a88dd5988a9e6186d3fe635fd7313bde1aeba873901f10f30ccc2d6f91dcaf64a6d9a95028b1236e9b5af2404f4c224388ef39801eb4b50902925741d3ee50a4d309f920f1e823bebac39312243f66a3f0648db6411612e6c881b4e44920c7f19d7fe5970e1508f2d6cf662d313560a5219973e66bc54bbdc7e05ae3b46fa7c70e5af4d4e379a34fb6794b7d83c3edabf36a080b3020beceeeeeb948d36d157b3e2d27e79f8a9b2dfd413655fb71e68080924a7fe8401538a3e90fb1cdd83 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = 4d44665e0e2987cf7dd1e9d6200151f500ea3b85a24f72fb38e5dd6919ff9c486f6a54742f96c6784ff7a70c33ababdc685de48b94694af8ad419bc06a0f6504f79c606ced70026b813b4ec5fc73ed4f6b3f7ff697943303379d959e6561a8904fa0354d2ffd62317d63860a62a13cd77157b7cf921655a53ec3760bf23c8e75 +InvalidSignature = 4f48e51a041e40a029d586cb7afd7ec11031f86d7bee58fc13a9227dd209f1d7becf3209cd43055e93165f04f23276d46b0b64669b88c2ba54ad6bcb5e9da81810014e140ed0a14234b1fc0fa4cfa4f258a7b5cf73a336534f37580a3830875f3119092e4854fa80d87833f7e9627ab51e056a8deff3a451e8aad78335816b53ae0d899b0607403bf08e8c32e1cf0baa8fe0d78d1b8d72f85f17c1c5b8870cec499497b42de982408fbadbe3b45a13b4b5371ce2a4d9600b7d14011625cbe73a79313954f4f3ec0b3bf6dc945297325e3aaf5bc89a27670f5b2536a54caea3bc6641ae628a9a4da61de749661a93b6ae68722d10d7902b391f9e9ebf3ab9c186017b52eac6fd442a256fe7c9500165e3c7a402aa0174e6b6f35e4e12e35a9d429b21f6cc98eba73c80ed8ac33acd79488e620b274923e78ce5d91a6196ca59054fa77cd67e0d3fc04d71b94b0cda5478f1b3d69150f40927c1ab392036583609d8efda3fe48643ef2f75f1164ea7f25589b5bbb560c9a042408f85944ca08f92 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = 1abca8d81cc98a5d5020e95080b5fce59ffe70dcff544802c49de7fa99286b3da1d83d60b085e696bc9f25758e143efdbd7494d6dd547ad9f4f047d22d14a884d13c3bee72fa59cd6a98336284fe2075f8d7359a9df017b35ae00db6ddee59b1902fc90bc9ef890c42523b9fc83b4957376d7ab1a5f1c499deb7622f118026ca +InvalidSignature = 85e15765a401c10d86acf3a05fab14e05487b793569ae680f77d20c25b1763d184634fa0b01d979dce9d803670d7f9f6adcd59476fb1c8c3aae512f94a9ccf6e573aee6a28c0dcfd2dae8522685f03ecec8c045036d1cb054a086454a28326d5319bc7004bc87c7566a56852558f583a38a4e7e7be7981dcf3ec41c12345f845409792ed87b3f1b8fc89c288a2968e73273a36f2b67258fc67e888608566a23a6a5645328f1edd8c105993b486eb3335232212a1dcfd5da40fb3902fd2cfa86e8588eb3c40df8d9edf3c41934ce91b50c0d5ca1a3840ca40e3c841b39520cb5e5654af3961ec9408d22edb345027eea7119dd552656342e316c60c5f5da028308b031bacc74d1fdd6907bc6944fb856082cb14f12cb509ca4efb516ed0c60896771b478442026913e61a32611dde1a8807f2e1cb76d0c0c69c705beb8fe713e848cc03b1ef8965267cfc3ebd43f0001b33b9e9ad418ee0d592f184d202331d4b51a96a17b014d47138f28caa39d9dfbda60894956d0c043e4292877f044b55a2 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = 2085e8b946d2059752f8f0fee528e7c4cc0ac1fa24532c1ec29a3a92d2681c4dbd8e2dd151bb325d1c4ddf6318689e3c8e458d1b34cdc5409867e26ec20ec09e15a682f57790d9f4b27c83ef197e11c06e65eebc03489de620614263a51e642ef076f10d017a82c4dc2ce1882f93c9b6350fecc5daeb3a7a2031615ac1c29065 +InvalidSignature = 65bd57d4a37495d54eec7f6321f7101a4643d9432a2afc8eaa147fb29e7ab1106eb31a6ea7ae3b48e40de63cc368e7a6df4c998259c59ce40b8ac2f8763bee9192417d2020cbe179bba8aee9be8971466f5e53b3f82004ab6aa529d08545bd894435d8dceeb3a8e905916bbdb015bff65e9e792a88e1c8449f411edacba504cd0730605dc83fee64f8dd17f577075694402f1862790d9629f9fa8ac3ab4ee341dd3979eb1715c4f742fbd89ba3b90565ea4587438562493f611d5ac9989fd405a01d23b13469a2a7a85b0047483a665ce3899a412107cacc11087cb2607ba9d04091c418247242cd8d819ae17e49a21bc4f966ac3d37d2a61a8bfeede0f2ef2da3aa32bc38abb6a16a4475e9672c4aaa31d2e8277f3dd9663f3960f16c01998d50a99bcc681ea02b137555af2cdd28ea43281588066bc55c8f7aab45dedfa2f6befb5b13911cb9cec2b3fb07bc00b2dacaff8237201d3ebeac575083011624b4be018379514dec97209faa29b1f93fda75f0770f3c73e700a2e48453067c909e + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a45b6b +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = a589c8788c959961fef98694bbfeffce5d69071899ad969ac25f3cb48eea084b1d84a8613761d1e9d626e2d9e4a0c48045b6141a189c84a23a4a7ee70c2d0be2771cf4472d8d275a31095b0499ddf7269313302da6a072e73adf02955b3ee141ba38f351f483605d178a3b3e631d62674d67a579ca212a11c9060fe40187520f +InvalidSignature = 062418750845d3291e633e47406480e32fa2980275f2e4ac79d284ad83ed11190e7b85bfd6ed9bcff63345582fccd88a578941abb987d2dcb549a0ac2ed5fe7ce8257bb1e6288155fff3dc9bc1140f2777a84575986360d076605e655c9d73f9bf010a437eb7b280d6108374ce8da4c702f66a9d1d01b141c6a698729d0fcdb0631b21578dded721ef5c490812266cf6f01270a8c6c2f08466c9b3c626c0f1edeb5b4fb32e958a4a388c6c6e73b53a506137354358bd00bbd2058c9c12790410a45f4348754844b357c4e17fb38c8cac87a6be3cd06a08943db0e8b867d473e7d3581ed2a32d25d7b45eecf8fea10d0ade1c888591c71fc86abd1446fadca2881de87a6d05566c5000c1e075b0c1c5481ffb6e982a3f8f44fa8ad0b6a92f1cdedd9c38d326a6efad9d0359a69af42034b7a4ac388f9c7d356edf4d6e4550addecc7192242b3b1fc4164602919d3411ed43e2b394867bf840ea61750bac4f1b72d28af35eb0b3aaf6eed654d1de883240c0e2234ea2ddf6f8934cdcacea802e26 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = 70a4a898028568699ccd8a53288a747851884db2971ab17aa116a909d422dabc242efcbd2a428ee0777ac8cb294fd25abc17334222cf8cf4151986c4ac81094a2c04af0821d3784eae54bf5b226a6cc5cbf66c1b0f9e5ec8b8cd8f3a90fa29442e2ea7c10fc08c7be963554b3b64ac81292cde85870c8fbf343aadb5a916a273 +InvalidSignature = 078843b04c9855e60b0965970e3485a8517033efb57b773150483e7d79a549d217159fc194c78d1d7eb872ade231d1c95dafcb7d5292d7b113a99567f492cd846f88cdc1d035a04ae6a5ef28a8673387a2479c3e0c5a1204bf13602b49097fd4bec16284566c36e45ea3963567f36daee1ee86697137cb258258b5c318926fed505cd6784ccc95de4edc2034e64521276f9055824479b4abd51a7315e81e204dc00f4b077f26ea0a7256bcfb0edf88624c4e3a059914b75ddfcf945c5620eb6b06b3011e4babc26857bdd9bb065dfde515c37eaa6ad83590537566680ad1d776067827288c80497b76c489cb39762dc1997faa41086b1e377d3c9cb29e4599dea3b123d850463ed20087fa744a5481a4537a6252aea0bc18b2bc962deb589ae53a88239eac7e7906f4b16e68c0e7de2478c4e4da869008a65455c691547b16a9d964fe0faaac4abb22309e0753408e22a8668c0e96681f0fedf3adebd7c3c6ea0b452e07a6d94d9437e8b03e7b26203aff7c1706b58a20568642a8719b9838f0 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = c6542c0b67da9dee6338cdc0ff704346fa13de2c65be53a4b5e5dd5017cf2f6203e2ae021421ddf017f3186a622686506733498688c4f79a2d734ea614d52378e9b79cf117a79fabddb78adea47d2585905ed5bc550d126d4c4e1a2bc600e75ea05a5fa11775cc68de0a8be66e7e082e9e1bea9873a18a6639fdaaa7d258645c +InvalidSignature = 4bbed79b3dfd054836d6b9af30b0cb202eea9d5a038c5a2ce9dd68bd22ad74050bf6f95634c28955b539a3dfbe80a4444ae2aba1cfc4f337abfabf55b65a89ba6a5fcbef5b62a4bae5b4c51a22953e89b71f4eb8469966e51f1b2d232e4de3d0ede3d929ce1e90abf16a4f89cd4b102c48afae0e039ef8f36c0c20513f0a79c209f29747757aae8380993cc1d427c8902507e038cc5c2496102b2d1ff0b7f717dd8f083cf313b82f9a4415dd03603b73d926c677f1cab07dfac0f8305d53eea8a8cb789da3dd34230f592334619f487d7ee85b099f98d4f557dbcf1f23944e73e9a3b762c82e1f45477c91507cfa8ee11a944c7de8dd0c0e786daeff11275085c8e2d2f4fcb9973a62c5b9de61368b517b029164d0f6c2e07a3fdefbc082275f5e726ccb1bf084650e46157caf8130fcc902f49926c36c8cce92db6a3072ec7a4fc7acb16bd7703b936f9ba1db295ea70efe3c5b9aa0515e7dcc2f4a02a96d69591f3cc3c64267e4926e094b84f800155d1fff6b686a71ed9abf5295bccc8783 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = c6cec990476cd20d445e83a5ba7ce48e1b4215baa2d13efbe436c86ba9efce0bf9abceaa7a52a509f945ba3c46e77953455c033a429123de857c859126a522b023e5ff83b06d1764ce0b95241fa947aaf91750ddb90a1dc55a649aec46b5a50b6b02c3e292c61168ec377e24eeca38db5ff9646bb04412f78b767044ae293d63 +InvalidSignature = 363c8a8e3f251f7c86cf53a34e9da296b478bdd9ff3bcf36921ae36bdaafbd73cc22013fae7d3b0ab840db28cddcf0c122eca5610b1640a5d4658672c2323ceea32609196be2ffcf40488576065cd022c0e2cc22e6103cf93610df661657c3ccbc0357d0ceebb85d8a2b28c6a45b5eed1703a14e1dd28e244882a8101da1e5b9ebd9d10df36ec4576a1cdefa89bd5390957a0d9d72873a9fdf46b67b4f2773f5971052170c71b9aa409e75ca5cc2f0cbc97a8918817be164a820f90a618acf0c5aea19e23c6e5d78465f60ee706c8bf78d38ce3ce4b204db5e3ee35c4dc3cf5d6cfc1d0b17b65b97bf227937540aca0c0b5d2ee7f5fa2ae4fc0a592d9b97f524a7468910e7c1d843b8fecfc48f7e2b5355cdfc7d5359ddf065031730915e41126b7dca03161b45493d641d50276cc1ab05c2f2abef4761e0a99b7f34f35d5621f2cbf8490c61d035af3c40d473192977dd7bce01bda6fab5d363afc5d2e2cdccd6721a6469d68e5523b7d6c30a9b91363dd2e90ef7c51c001f956d7dab72ac5a + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004f19b7 +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = d5054ab2c2e4fbef568b1f7d08a38770ea0b6bb589276900157bcb06c27809ed6d958e0083a2bfa81f593a9772375b47688a05a388ca9f041d2c5c5e9375c0bc230c60e9b354e970f73863c7dd08b7c828836f605a35be8bd803c080490402283f9245d519a17f312850237510bea2db711f3255c70fce7f8f257ed2acccd81b +InvalidSignature = 093d399dd290391ef02593ae52e54d5533006b650730fba61170c31fc6d0e2c53751faa31d904f4a96348ad8f36ffe8892b846eecdcc85ac1a739978707fb2b4ffa98106fa2e55953911140fcdf41ddb1450ced819ecc4d723b842a88b4fd9b5a506d8a0f5bd6b629d1a2871766556889326d1c9222c98062ef6903427f13d5c55066b5693e85d749961c53304895e2343fe953fd30d4e8e93c952438c2a83b8590f3242fe561ccc2d4dc393d2442bb57c54276813cbc3317a6e93141c32a240572e52c6eb400e8869005148f66c7b04391e285605133cf8ea5e809777ba22323506ae5ece5f9a55d812766ff3c9d784a979eea3391d47fa97304b719ab7210f1b1be7ca9846cba4b3fdfbbef0127efc2b1f6acb0827b0bf48058cd26d21344ef9a3d34f62484db350e9268048fa096415f833e97114590c7f1f073b562be552cfc2168a186e941b70e8f3fce84dd437fca3cfb191ffc174194d1f448c9270b846f253923c00f73932a038bf97fb47c3ea8bfa39bb2070fdd50a13649f06ad0a + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = 02abc5271d55129fdbf1fddf59f4b99d904915bae196adb2f0c06237b6b10919d259606920f246de8d892b772abac5627fbb041d219c49db87ccd32919e079d18a909fff680263a2f14c17152934f4ff29390c78bad8816d2208f5453e0741c4d1586a301c0dd1b3af42a9017eeaae3a37ce1412d3d2be2f6c7ab1d34eaec8ba +InvalidSignature = 70a50b8a4349e57d7c23f990d33d0b1cc5074aaf462529102a1010575dc25fe90a34414ad4f3bf8e203af8fbfb68a8d10db1bd240052c23a4015fb2ed9760f8aa1bf13a0765f907c51037095b2537fa0e72901b76a945fb6094aeb316554218505c53b4aafec448eefb53d0dc4b8175a07f241d64e31d848cc3526e7ff6421971995d143fd3b201f2933e323ba7a1ce81a49c94e45c6ddf3f5cccc2473edd7511d5cec51aad62c4ca0366b487c8691bf2aed919611e7792fbb8013f4a11d15508890a7f1bec10a182d23f187e3f5642868f7a4d237d944eeb0ec3e8a045812fd31625978eb7052df5f1a26d885049b2fc74064ac9486e2f40179d6ea6c0a68a49ad384fde8a37f98a37f96b494651f136d2addc2a3d73ea694436762c02189953f9365a19a488b79458884079e8a94d09250fe8fea7ecba1777cf44289b38fd2e556958ff7170d36b04f7cb76053a73c78cfefaec345728ab66aaf62e7467101ff66b643db74a10d9844dbb3475f280d0a85302c459c67d9879ad44649101304 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = 6c0b6d2266a246feda6fa5cee22c2f33ed9d643c1f6824d9f327719225bc7678cfe4c85cd210ed4077701b0b5650418177a74c71b8eda3306e2ef3474f5d326990eadea84a9686e822878c932997298e01f2b16c42e019e21bdfb67b3df5478df444366c97df1bdd23dc82ce23abee44d3a61e9484e88ed642634197b52dbece +InvalidSignature = 06eb0d95a988e9433b48167603df82c4f951740ce47671cc3374f97a1f168fe834c3bb88874f06800e9094578f472b99fad53282ea8964d2a890e50d1ab4c61d91be1a2c734845cc47e637c89d8e9de430bf3872561a91183edf79740ce9abbdd3c91d418f86dd560fed0cee7b6042faa0d8bbca105cbde474f091ff3688be6cc76ce7b4add80fd7aca06b77de4d0412f78245c422906fb36e2afd7f1cc66729483262e4f459dcdafe2e217bf07ac96c0b33dc98c6f2e20231454bd261692a06ca2204a1bf67b39fb6c8a7f86dfdfbbb1448af119419d12a9e95d237a8abe0513aeb7e157a4d884ce29a37c97f07fc38b14b12101dde27d416df512cd6ff2c7c10a4e724c523c78be5c2d4e6a55060828e2c62ed4766c4354c27c2f776bcd97049c63cf017ff787fbf4724150a86501e32a3a187cdcb79dd81a4bd7a516279bb2abe28f42ee1fdc8ec69341cbf1ddf67592197b2c2ca9a3f031ea1150da24ece48f6a13e6452c2721adcedfeffe5aa7804b682a34c7f0f19a14860ffecbecf12 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = de53ae1c40bb05a44519e74e9389cb49f1c5523fabf9ccd038d2fe401bd8236c07ff300346785cf25ccde020e72dfb5cc9053a9489d0f647f72f1e3c0f3c3775201ba05f2ed31b4b945c8921edfaf55335c9d4112c988bbcfbfa329c1a9b98d571d18797be73499636ee6aba6f95c0177d39a91f5cfa94168e5cc3c7049e4f76 +InvalidSignature = c9ad9f25b354162889ad72cdb4f4c5bc67a4b96fa69082aaaa0f909ddea77cf2e20614bed058bc2acf435811bce36c8a30ce05bb861356cd79553077c69e665b2ff6908a083c271483c5d7fc670592f2dbf8100c4e5e1854920ffb11f635bb4db239198f405bdf1c91fc69e9e92a6565ee56c9a72668e0c116793cedf6e2e36b60d22a5993851dd99e6ea0ab1efb70637e648f2162ba9ed07a5d1acdc396a86552b3c7dccb61592c321616a9fbc61262bf0b8ea67fd823915bec5e37096fc3202df2f1f44b48ff99a7cf0caa2b20e5693ee2627d4fd11069c59fd7257d1983c06e66bfc230f21a4884ce536d0025674c2f9227b1db75ac07478c3971fdd6f039fe9b27e6b8cb4ffeb1ff4b23b75af8b4036ef26e36a22e6248c8c1ef879c2b886e830140a9c11c95000e70727c4b7c5d3abfdf664cb9d59c579bd2a1c1ce24e5d446645a728b692b30620aeaceb5ba230f2316882a0436881bb3fc3c25291db297eeec590c6d9ebdcd7f52bd79ccd80ff0b2f30979a9111adb165fb701b9050c + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = f3946c8f52f20ac9a630dee2da5956e1ea487215f66a78fc97c5e9637339b3cf0f06a81ce58f2f64b75e3a22226778977691cb6dc572fc9b3a5aae88ac94907373e8d7127b64ec79975d613e17b02adb9c4d0a532bf74b198145b22da6edb288c541e0ba3bfaa7d2ee353d7ee0bbd5730485170f5080cd3d138ddf9a89cc81d6 +InvalidSignature = 280e4db5a0f01dbafe7d3cc64c1e76769a7fa877dc4d26c9e0d5cc9782119c8d9662ad25d6ae59fb990391bb1d3b5947809ecea7887cc99a47aa7275cadfef9f82161f7a3054923fa825cf16bd189b41c75d348c4d457ef7ed989c100c10ee008df13ddf6ef9d52bc537f86105976d47188a289fbae6231cefc1f7dcd92865df4588ada4eea069ecb1bff0b5910ad7fd02879caf4c61b9fa9ec03dbd93d61ccc8b5296508ac655d2df9ee68d3a0a1ed43eb7e77674286e4fd74c5f8ffeb9c21a6971a64e92e164b0708c092e2f6fd6edad762642416b7a98339deea10d9d0a0b3b4d191b75dcc3816ff61e377c03b29e883a99b6bb9871950be37bf921b0989bc7ee9e01b1c3b2fd8b428684e0b5409e432f6df104aa0f76d38a8b3bfe715322c7fa59c113b77436cfb5bb799baffdfc74aecb38b139c0937669daf7dc4f1c490d7a8e17c867ad834d6105319f6ed99e3173198ca7635762f277bf76be3bd5d605dc02d01abb2b3a36bd247c0ce3c84efb56b0b6b671e865fdddbdf27b402f0d + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b98e6f +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = f3328c688ab764f3f497a8b5403683408dc7a888cd043a39c922ea4d66045fdd26afda37f1fe1a3216967dbe8d1d69bf7fa7ea1c07719c123bd2cccf666eda3c98ade11a616c9a50d9f27e83e3252be8b3fd09568e3a2da0d1527e2135ae16985115eb376169aef64591f32dcdb6936233b24e5fe9c5b588958a486c5b2adb9a +InvalidSignature = c8a5f44532aaab2c8d64485004e0e1cadb033d4b4c456a01f9a0f217fd7fcdcc0ecd6b788cf3c7db5e39012540ef2d692f04ba77da29b34d6c817dfb45e0a47ba5da8e7d96f5f929aaf85222d2baf9e7dc8756dae01f7881c99efaff21e0dbe554ef9127e6b30681cc21c1cd9d7525279f793eeed2926f18060c1fcc3538c63515dbd8ca6607cac1f65ca8a3ff9ef92b7a3ef68a5ecab366085677e7134b7c32b99a3056dbb8b7cc617e3d3a6d1a42e5aee5d24632919dccf6826677be8633819c27da66f0eeb3048cff202c42407a74469c114d496270e3574c5a516257986a234c1c6e48e868df31b6f2e6352a1d838ec8b582174e4a493a47a17c3ee0be12de201a9d60df89a9db145094d04f9637026d3a64d022b02b052e3e0cee55f73b729b09f6cd7f84f7abc1a357cc1e10b5a6cea2486aa8fdb0d36cdad9b60be1c6dfbd646c003647f57071cf6791f1e5e386ba876ce1afafe636456647d4794a0b932e8f4d600f85a2e6a485e9700844a1354fb6211eec8a25aae2ae91944e375c + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = 783379f295b2bb2e1dae5115b34c991854a517403a1c741d00f0c700080d146a1a2812c34d0a324f2b2cdc5f1085fcc4d3a0bd89a8f194e24569815f44489265c933a8df64867d3139ebe66d5e2c56ca8445a452dabe0eda2e377d3755450bafce7cc2aea2cda6ba8e13f6a964e8b012afbd5301962ae8ef038243f104ab872f +InvalidSignature = 330d94974270835358e4ad6a73a3b1686782706b5fcad43d7e5f66d61b7a3baa859fb58fb3aca262d4751d1fa766128f961b3a3380c83d3f9e250810b304417f6477446d288f07713682e3c9f476329df75db1e4ff0432c3f1a7b341348899288c056120a3a3844d1efee7e1427ffb533cb1d453cf308654499f26e16500d2ba52e94bd0c2b91e4f0fd747d73e04a81665d1e9e8a7e2b1ebcf91dd85043e20846908b2ab26a8f01a8a3662fa413046c68704d139616a4835223b04221e3fadf5a06e0b1eee722298e287932dc676a5038efb6c6035d1e064bd0255361a74e4f8efaa754a27fd0385b54ca4a4ff16422f427ef482393b1df05ce03fd30d82419a78dcc988e4dd2083bf97ae09c26a2b52a10de44dcf9ecba2b24803e93ad9e3660cdf00b1f65bc59b8a831461f92a263fae7278c1e421c80186251d33b7ebc14fece0135f39b3f9c8631e49e2069e1675c724c542b803398e97975c89b7a92649b790b1fdcbc1cde0fe5dccc6b82058067eb227fd6c60bab33a8c5ea0afee1617 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = 1fada40d53af0011403e97c01556c2228c6199fa27625c9eb973120529716f2273f6fb70ef8771cfd60f658e028c2ac9f509f3f51dcc38b957d05cffb1768c4c7477ea4c621debb23cb3fd3f873a6e1f905d897caea7024ec7f494701525e8f92a18b9c932d836627910a7fa2dc654ce6445a2b8605b800412c50180dee84ad2 +InvalidSignature = 4824ebeea84b2e2a5044c5ba673be3122e744ccb4c431aa01a70214f371ed9b4aa65cf6311d844f0eaa02ac85952b480422f57aadb3be1e3abd83790637bba5b16da395d7d748a572d495287c9273aa090c395dfe35f581f230f9313b551e03746f3830c7cc0949c5b0d1dbdd9a87d315a8e62c5e4fddcf377730012e223279c2550043d550a6ca67fc3f0905ac71e35b596cba990e183ec0839f3c39846a10fc2f9a5a5868d224b1cc6ffccdf6e86f571bcdcfdd5f1cf5a48d3354c78ced64d212f62b8d0f439782e52cd32f500c8bbb71ee84432d0b81aebbb183a3c716d41ce0b0c31d198f96c813d8f0a3ff89294ab6546577119602c7424e933b99f7990a88d1ab6a8de43ca838527f49b610666e0985ed691e5d0f04c0f75ecd3623617999673a30487257a49db23de7b92c25f22bdc2cc167f20396098e924b2316a5152d67780580a77d886cc0abe4b17cf3a318b8e92fbbdd83e99a39cbb3b74c72dec839ea47f534235b1aa7ab5e7063e54cba623a2ccb730ac6f68e35a9bbad990 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = c66e28557124273e4a1fdf519ad9fb646e761b648fec6c9ab4667b2df7eb4be8863aa53e9bf9af8bae0fc09de94f7373dc56fa4472b6b5c4235403a26c0e59557ca1911831ca843342acda7dbe72211fb5351d9a34205f0c77d219af5b0331a2126b94ec1adfcdbe70bed6f8018b2eef61db2b6dbf7292fa19a9655aac13fc57 +InvalidSignature = 89fb67fcf9eb4bc9c6ee9713ce1aab7dbe72b9c2f92bee7295521e2c9b1380b04df669f2a8cc06fe94d3843c64d4b4ecef511524951544b2d6a0770543bf45166fdef8cfff91d9b95217f1453ff353d9241d3d755b805a1e2ef9980782afdf3a9f3074f460dafebcf939b90e11e870f39b3d8221dda98c3b0d26ff5b953a4445bd4e63d915bde34f0ac8ba13b604e3bd5370142610064a12217a82e9f33f7e5e92d9a46d6bfdff3868923fc86d30d722e4f6d2e03cc08631f7f13a319278ee76ec014214983b011b5fd862fe189e84ea67499717a406df4d0bcb56b312f035be828f0380331503dee9b303a4f96bd687dd36fbc43c53a65496766ac2e0d6eda7e415be87abee1283998d56b1c54cc5f9bcb08c0a59c070c072ba260950c7500868808da6a7c0ef773e3d2e6d06a686cec36bc34a8ef7f24d26756e485dfa4b71db26174db3ef1ea61e15255579e63cb164eb6eed538c87ac43f7df50bf1ab83f2a85e753ad6e3611d36f2137801e03fdbf58d8e1416c008cbd7c49e0a44859d1 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = d69fc30f760dd6025878a1ba227e9be2a73cc19466bf386f53bb34eadb8018e72229df8c8f17ba4e8a9efa4e84fd31e93894948a3151a4c38d6c0e9d0054cf2c1ce99b66cfeb80352db2c7ca6f201b353cd5ed3228a116467b3fbe0b33407dc84c45c1453e7170dec81eced5eccfa0ed3b6692345298d620a59d0edd7b2c6ce6 +InvalidSignature = 3000b858d0217705959e33771853c39faca2f07db5600ab6b937c014433c030197a7e7834374c5c0ea66bee8e5e90e7454601e9fc994076758c8a06157c0f23332a9f36eeddf0779664a20c6db9ee884fbe8f845bb608d06cc027d572a0625d0fd548bed10ca9ffed8bacb67e6ded629cbdfc37b4f03e9a56407441d485eb26473ebdf120c4dad7a727c8fb254fd927b1fdfd1f76860f2e0106405f248d950950f87420900277ecbe5a2c7b77f7789da11ddc5b77ba7b6d8ce600e967d9abfd5648fd4040172416508e871785529fc3acd8d55ab05c5a761e2bf77c4f63438edb7dff5770e13efe4dd1e5ee625a751ed75b4e37850655a3d6096fb71ad2dae705a64dd41c84d1ed2b2980f5d80d35f6b7a4bc537b24a0a45200be4bdb71f1936c4665fefefda47752a383ba6ebb3b767c5c76b8adc0cc31f5dc9c17dc67467ae649442bbb9aa2af633f9a7559dc531658429f630a3b4cfeef84f8768554422905fbe86a6a4fb41a477907c4a51a8f0dd5d9b459ec4aa698f2e4d34c9358b85e1 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e24d7d +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = fa0c34ce3cf0cf6e48488b2b8671a94ded157501c6e728adb3930d81eff4e34fd788839caa22c2f78ddf9989d25b83ee79252743f7703780370b9808df93c37fd4e76bdc00dc60bf5332b30407c71b98290b978b55b45567c1b3d3c17c66440df80f35b7c785706fa22920c4af1c37f404af0d02671b490a577305d251d62da1 +InvalidSignature = 60b39a9806dc82244820a8221985f08a775fadc715fac22e856abeae07223b0f7093d3d835e41a4cc1fcd239d129879f70e94014b5c46aa2919f3e13706979aa32172cada7f326423035adccb6096ca44e2f09146b38642605ebee531ca81badb5f5977c01ec2015ee7cb9f7ce12e0a3f586baba7c37e5bbc21e02bf887f672bd1eb17a7c785ad9020a22410068b879a0143b735b5ec44d224f0a095e239dd18d84d99eec82a2d5c3bcef4648772e337dc7b99bcc98bc33ad13ba1ddf36a43dc83aa29f4118db6b0899cd3a8f016fd0c456e80a654a86e0239c8a1e76d0293bf7f880e6ba3b2de37f6f2a6faf551f91ca685d3b26398b734de2599466a896c829a4949483c04cb168d0ae8721cd91b48780f495cf8093b52dfcec7b81370904195617df9b13ae1f06672690124a45c2c34cae84dea3d4db663303af2abb591db41c14ff93a491c008c0fcc1b8c3a00dbf3b0a7796579dc1c2279985b1231c9d2a10c46eb513c8b29797d7aea50b72224bed04e707ad81dc033c54849f0b7cc48 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = 9b7687dcef6ff9aa5af4570ef50b98f09d6baf4bec99187a6751b0b3f927c9d1a16e7e56675944b09460c2bb22e5e3887218295d3d1844fccd5be3286d4fca661e4124018b7f1b503fb9a73b16ada3fcf1042623ae7610dd5835e3759a89d51b7ab723e54428a713c3c7ad97b7ab03d584f64fa728fda5a46fa959a26a1d1279 +InvalidSignature = 6b784ee0a868b7dba298549130204a5245f830a89388dc8d320203fca4f8a1acf33777a43e1b0bc00a6d7ffa6fc1fdd78f4b2edd65c28a2b3932388900a0b5b76b44cb78458b2adf23a19c978620050dd0b8fbeca50e8cb1559a85ef0cd11ca38264d381414b6b1c63e16ea415173895430f1b1f42ab1b0280a31d981c402aeef3e890a936d6b182e83383ba75b27a1799353dfa37faa7986f4dbdb14da99ef18787bac6832464235660b6669eb74a41a9260023115d97bcd14f8707b619b0ae1401a8502a818cc1625646ec58f76e529ceada77b25a5a9e328991b0aae5e8d0ea06c357c28b63f101cb90d0b5d0d9d8cdd606d91cb0b7cfdfd33cc5e4268b78b84827e87debfc38a70c9b86e7be02462a62bef66664162216b2ca06ac1b8f52785d3115e08008d8c44a77a4221af3df45ceab9c6744427a9a8d019a4ddda659c0a5d3bd7401e09d143bbd6e3867a22a26bb09551b91488be53f561b1e80fc2ad649d043b6aae138737d0c6d7e7e38be7c263a536278c6910fd9414f43e858b1 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = 7ad9bf1f36f9897d2844872e582ab3513cdbcdb437ba01eb610ec49f8bfbff297eb26f5f84e44bae2a7c286a438d1b6130891db65fb5b3ed12d9ce42623cef3f83cf908d49a9c00bebb30d1d08a5a647e731c1fa037d3badc7d77e3096a5a83d0e9aea518e302db9f552fcf0ad589e28e93982272afce15408709e122f1d714c +InvalidSignature = 177e1c38251b8e9b406597ed90d09f666cbcd89f6863811fe7ef2df91a5333930052bf51c35aab93c77b4b6f8dd31b01e055303bfacdceae9c3a1b9af278100c11ed167acfe272c030dc358cae5780fcec0f6bc581e0c3b0b45a7272aa92707659c2b818709e2ef9ae2efd6b841cc82267f384cc8c87f66909dda9ce58e2e7c35e68c0c43973e9fe024642f04ba2b25d6dc956bee6dac19391f5a2bd5ecc64afd1c25af65ad8b4189aeded9e496a73e62e648cb1ff789d01c1610db96564b2b8fb42846ddbb1073f1edf6b807dc9635bc247628726e7d428562a48e4399846660eeccf851a47b7bd1dacc9bef14e3d0bdf7b22c7047955380dc3a1ef6ddfd9533a0bb0f511811ca3488076a4896a95127028dcd23829987680829d80d68c98be2a7dcd7c891fba6e46e4f99d4966c9d7db1975b60b4fbc1252c93a96f0919d5a4177bd578bcad8656ad596b173414eaa135c462cd5e1f783fc96da55bd41123e58b892618dc5919e4bca146fed14bbd54601635e69000b506044da3aab706848 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = 6c2956c024c46d04fe8190d0383885e367b0485a0512aec52c9d48809f9c8a410a952ced8bc4d1b070c7e74c439bceb104c73ccfb5d7e0a81c0c45a9c452fa3a4572f094c58923d2bfb97c4b031ef620fe0401113c5724952b5ae529229cede8a129685cdbfdab9471be197681aa4757dfce5ec9a278c1b4e3f0f0a9c163ad72 +InvalidSignature = 1d096e665bdd8042e8f4ad8710042a3e0f26f95ac00e285e1bef437622dd6f3341a2a1840a09f680c982fba7a69e14e5e1b0d199751863996843696fe4eb46875b2ca707937b36bcd9da782039345424863af7275e002b25f913c60e56814ca4fa2b32769340dce790bc7b1d2c479a4ecaadd87869f62605e2302cc2bafacea33205c943c6bd60aba0cab77e67e220c615007479705df8bf41cc164d39e09b8ad34c4bf7b542bdf74b91e53f7ce30b9e9d29a1660c1a2051168927e422bdb9a8255db120adce8385507d0631392b62548bcf40527c265c174ed19ad00d9f4ced6c9a2f620f6d9b1f0bb605650e03baa4da21eb4feac20034f64b16c3c03b1a35f890c8dffb6540dc892dd3aa8942c88e3733173b9ba931bff106020bf3cd9f797ba14e9231efc45b54acc2aabf4caa189ec42493801000016b85b42c8ae0b40495ae3a530712bdf5d33f09660903b1605cf62a8be3773556f25d08c0a9d557229cfdb289618ea3dbf3390f9f916daf6b7cf909b541a72691b6f9b7f56becc8c9 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = d17e77c2ae30cbc6e50616bfa30d7c59b961fe99e559e5b653ff642b63c3790aad701493435e7b0535eaedb45b23855c4ec662b5b86d0547ce03fa801a7bbb047ec1d14476f13c529dc815f4735872f75dff8ac5ed991a3a64f507b4758644694c5bf6fecf51d6552488d7a673130ad1edf4bef20d47eb361dbdd1eefd4cdce2 +InvalidSignature = 1739c5a5949f984829c5baee380da556de5b3fb39deeacbbbaf1409828c92df1d00149aa41195fb6fac035df1e9ee276df3d508928240bf0932a2f9224fc5aabc4f9ed4c413309c993536c8cd0d0551555a9ea8797a6f7ab60eada0a969f3687ef75669bff8d597aec3f8d868dacd1ddbe5f819817a8093f63a4127ae39e8dfd70c38fd1e56c8bb742ad9b85d61764c391050467d18d78ede56bb0f598823531a64a4d33ebda0a0882775a52ead6c404913e0ba876684321132069e420a8cb44b1f7b5d0ae431016eeb137c9a78a701936d5b7879f3f9a1d679860949b8d266c3676f46617add4bd8ad742d95aaf4dbbe6e123898240d123ce5c804bf448904945a928a897baa37aaca37ab1fc53f7c0f2a7de496edf5377dce9ed73f8321ab09083057c44529f65ff0846cda76c11f579ca00e4ad4e768ae3e19a7ad0a3876a0996bb829d03e9736d63e886bd2f9857d3280f1898b51be9d95e66a479faa76bab6bc991edde71a715846ed20d76cbf16e4e4fdcf6e91136350c8388a4db005e + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eb8f15 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = 5c5ff1160746c63bedd787e27cdd9f581f2286c7aa3d42aaf8ab2e84d221fad21321f33e0acc841520f7fdfbbb8094de62e2aa2821084f392f5f0714ce2fce58732b5b732747a2122dc99cdbe5a34a5ff000f84a951dbfdd635a4d9f1891e94fc2a6b11c245f26195b76ebebc2edcac412a2f896ce239a80dec3878d79ee509d +InvalidSignature = 824b73c9a5008b6bfeec6696ce8c3560d2da11f6dde2f8bec7b1d447820171d46f88654b30be09bd7496739c86cc393cf06496c7cc203cdb739a0b7abb5bf82d043bcda57b6a4f2d2c03f813cf01c4e68e2a2ea5a2199ed1798c017749e35cff02d0daf19521ab65234ac7f4a2e904ce4f7c2d559537ec161b6ac5895677ee9a3ad1e89330a02557845601ee76e5c4086d8a25bf49b27d7f23bcef3fa74ff1fe752069245528f9b3e5774591d855477bdd7df7b76258f3c654840ce0c9adfc4e8de5c20cf619e7b7ff6e9d3d4c6503551b38134d47c6a944afb84302db1ac48b54f980819393142c23cc6bd4bd3ab519d42d9bfc9be75df722aa6336d341d9703874e41ae2899248a939b57339d6ae6431513d6aeddb91accbe990491c0c1c06af81167993eee641ca06a1fa6ecedfea2162edef08db09adcc235eabc7f511c8aad8cb0f9f9601e400a258afc1b249b47130474747ec710c26e0528595c968f8076354b0ba5f422d417302d47572cb2394d373c17096edfa8b4ebe2d74a9c8ac + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = 6a798995eaee88b861274398cff6d0411e6995d5fa4fb92fe2f7d8c57f3bfbd335bdc7b6f971f495625c0147029b2671f6a68befbcd6b77645254b774b36f046e5958e7b593fbf99316583ed916d35b9c73abd9224ad08070a6bb58347e11175a18646adb260cf09f7ca2f522374e361b9ab9586d9db922a5a527eb21a4647a7 +InvalidSignature = 62f35bc627d3cc3e8ff8c9405295f967d95abb90ff3bbffb536f4a14d05d6ea88dc092a05a46847baa76837383e9527bb267ed8db2fe4a94d47dfcd8e23eda67f75a4fc9e276dd3006b0cb5ac21ca483a8020b4df3485c5fd6495577d29d32c6d4429b042f3be4675cb56ed5d3178aece1e8c938106e5b8c1111f2265f6204fc7ab87860301a1b15577c605a0be4931048753762d7d4c2cfbf3e873ed63b2ad9669971a32be0c8246b862cd882ebec164adaf79e37b3b07c9ca193887f370573f2fb9dcd9b3c9a0a155d5d622e1196216474fa2a0982dab39e01d6654ee4b36817bf5f0eb0ef0c65b7dbe1dfd6a6524df99895ffbc264b93bdf61502b7e2c9bcd63e7133c611f5ea7e3218d001aeab09d891c045cfdcdcc049e5cefdeabd617af83c96e29a90133d29e4a2e6dffb370bbb64ffee31e3a6bf9225df8fcc0c0ccc7606b3dcfd883c3950c80648049673cc65f0e443edb63b26bda9b554b2996960c7ddeabe849e871199fb54566913a7992f007b54fa8aefc7f95561cc030e80b8 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = 1470f2d65fd72258e662671936f46a2af03f6000847eeac83d673afa7e5b78314be1643a0a523c6a8bd6e035478e34fde513c6280320b175328bc190427ad7e4c1d38fb0bef4215dd2a5850f624adb7a1e5e09f7cd1ca6d64d7f17f6d56df7947e2fbd61022598d7c3b89ecc0f8f2648a20672946cdc9293952b8455bf9ea0ea +InvalidSignature = 99a58b0398830437da35a7689255de79718f66c91cb07f9dcb33293194f1dacbbba05013e8df993f06654c45462b3723c59c269df07a5ca742fda3236ff32bd98be7cc2e2e7d5c7f88f409b2a0b9ee85bbe33d0e84823fe6ae1b4e38292075d0315959806254773175de32162b66c7c68ae0a4eee7b1e947f20359a83513e3bafc365933d32557551b9d3fba183736201decd6a1e1616f18c6264db3e905f36f98c4818b6fa54051e95feada6c642ea1a3fcfee595a172ea05ab7051001a55958c3a733e69161b441fa1c97ddb07f9d73da7273fda4e4b3a0e5a96c2d0e462348ed05fd5a23a52bc6e08a73e6b7c595db42bf36e2fea5120b605ce1e8503f34b676354f8f861f6185d1aedd915d07f978366da1a7d2e4a220c43babb4d60d2a543f0406fbd205b8c6a759374e8f17c5c49efc0c0a2f327eb0c0c681483af84c88eed6da33e222fc8937ce9026e8533950b684bcfcc7c450ae5cd750a737f718c201d33625a95a4dd37de920ba97af7dedd961d0e8f5b61f9007013ebdad61044 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = aafe2e086cd97ad052b192e43eb18861ed6e2a27cf6e7d7f16e767020dc8acb6acfd1c7969ef0aa3504bffe75605b07aeb9c2e77ce9f5d832570a7adcd48f197ef7bcedbd4fef3a8fa26ecac67b20d373d0caa9d8fcc8bdc737e9a7e58a5dfc19a00aef6540b1f2776c9bffc17c185df0c46085fb9fceed22798a83f57e75d7b +InvalidSignature = 2b6dcd7b7b261f67e950ce9ccafa8675e2cb70f971917d557bfe8fe87f81f4370a04e0b05bcb96e599483c18c3a4ab39dbd1b74098461fcd050139fc8ed16a62ab95c3aba51e23e03ad615990450bbc60bab43c1b8f4b965b0d6ba86b0600cb360acde39b9958e12700ae7a9236efff9ac5f43a44f7ba0110b4ea1dd9993a5b6fc5e748ea2e4085db6fd486061a56925d705f3ab1340149d7133c02075330f9e8ba591b361da737a69c5a5ff7267eedd23c1a5cd450c339dc93f72c6fdba6dba2efd896f1436b8840422c15b932ab9699296596250097aba06f69e6c5a3e4337e9c7a52cc3d80ad07eec1591d5270f32e6cbf633cbc37924c041696c2ee60463087d0d29346e2c3f8eb86021dd8b37b5bc3fa3078afb5105aa6b648fd6b73a3defbd4f35e14276891b5c6f9fa1394b9a0ef14cc1a6227c7bf682bda835f8b6b6d8e9c8ea7c0d5ca3213427f8dd8c91c0096d5c64df2f8e0484bbee604d41b009fe43262083edd5479df5a491034452df9f5111623d87413b50ddbe7c5b0e948f + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = 32aabc83e58c61f89b6812528be8e61b9e9d381526e6fa36cd144bf1cbcb4cb75dab30be72309301a7d70d88758306e9a91ecc0f1583e23a869c9c47f6c7e832027f6fd99e38dd02078a7ca0f99208522396bf2dd8e7b7bb070c74436d1cba4b096ca05cd06ae605a3c988227edf935ff24b38f7d5da1fc238acfe6e9992690c +InvalidSignature = 61a6f61268a512a0304fc5bd13cb236d7415793cc35593f0d523296c9d7ecdb8209165757ec37db671cbd2de9ffb35aa24262a8cd7d60f52975ea64162beb6a14b0c6379fd11c246098f01b32fd46cf5f23356fddb33a7ca2690d92c70f5dc87dff321bb0b33b5e3fa7254954d45ec8deab369807683f07c6e03853c3482841aec307e53eb798b23c31f2570cee10340becae99e980d12f5d95298a09e3c4d3e9d557e3811a125aa41e8c9051aa0930441a5ceec751e1d73a37373b15cfd142b65164fb923b05b55f8d643a38648d54186b5c21fb785ab7f899b3615c8a003d4a37651238ff0e4a598661a79739005f7755ffea700a70bae33b0ec8c3b63064aca6ba4ac029e2d7964193f187ea84f964900acb3700e72ae6e40ab2af3886bc5a1b935959e95c338f9948a749c8e2d8abb91deef6b89fb21877b4a84a27402d98718e32ee051655e78533e928ad45f9adaaf3b12d9bf987955cb68ce67ffc7abb8670b80abb91d7e41ed85672fb8ee2aa54cf1e642839c7199b251bc1a887e06 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = 1a943837eb6a0bfc1f7ff310c143ef836d6c2ddf59eb2bb9941e1c8590478dafdf3d48e73a6178bcc7d40f6c9ce765fa7fd32182efab5dca698e0519e421804c9e3c93261ae482e8697a7821aa3128c8cdc6b5889c6bcf5bfb04205a6e95e6d4ddfbe19d94db6fa88ed9f6d8f30a8214dfabaf9a6513ca95d4e633f1388c056e +InvalidSignature = 1f105915ef819f8a2464f76f02f389a2a299dc8a0a5ed7028681a6414e3b75efb80c06d8a64cbd843afa275e49b57b320ea1c65b776db4bb41dce07dd7f4afb653e3e0b814d678c481a83e74e18ec1f6b2933470c98e7e5b12ba594a9412a52393165cc2d570724b9280d20795b0a4eea2025bbb02bee259b842d1f8e315dd94857855b37dfd498c64035de39435a17235d45233e4637b7b6d3fdf295ccfb82133ef2d97d8b1edf12e4ab4ec12950180e80f2f2e43acc2942e34b15bf70515be21004e2f5b4f2e272cafe84cdef2941036a23ee99fb141f6fb70d8c09b461b503632bafe36a9a61ce7a148e4d3e29468c1a47b174c2befdf47b00d2a271699cb723fb0833ca94fae4d1b5c3633f4ab1277f16ff4ebededba2eae21f1b545ae74384d85d0cd5567e3d8e7cd89d03df9834ff544b21dd0b99d9dc35cfdfc9c116903316225e303198f18bcba8b8480a586f452bfa4d57ae7d6768dd72ccb96849805291bf9d03052895cc6367ce97fef83363e8e8e6123b14a9be0698ff42e6222 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = 0b03b1950e6974afd60ed2ef4d40b3274e825b24c327a4df0a208af79e13ed5ff3ad9354a1386d93c5701bc8a492b14992b7bc04136080b73f52845f6ba451f205167650c0a4cf77f15b07f7396c5ca7657fa29592498b43956125109a4fa4f40ae66270b3d524c523789f6554f43ba78f8216be8a0b4cecd4f676f3723e70cd +InvalidSignature = 5cfef1fe1cb83d283a0f55ff2a3005b5c0b6626696de1b2e4033b6fbd69ab4990bd5d696d82b4418d7a996ff4c47dda4031bea00bc24d7cf866295668b340664c0479b9084001ed293cfa845cc4c7f57b0279c47fbc9f8702ae11e1cf6daa9e2c73e80b4fd14987b08ae56d77ab30a1a223d9220b7e1a43d3d2a5bd83833167074756f9513a2b74c6458c5e74c25ca56165a10eccaee5443e1e370c44714c3d9a3bfe653d8222dd633c3128eceead38f36f4141657f5edbd469a5ff0733828e6c4cd35d50c8903ff5d70136a83e7186135069d962ebafc9d0280553ac62d221e116f77734e20914536dc5e367d8d3188f3f4e45d80970c606461321a4136ea0365324d989a1beb81600afe219cd18429a0931e15475e6d35e04b1dfa2aa605fd3dd98345f57109528d45d60239e50442889fb8fbdc3c61c9c6c40ea0e531ea1e09a20216ea87d4c5d7f16669b46be9665308532328e62d2c50028c0ebba52b14d66a4bd0849a5413a0a7fbd770015ec0e38215898c1662a0d1a5eddfafe67c0e + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049be93 +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = cfecd702ac5ea7606bd75b26b2746b7b5db330e92085a40e6ea56a949a270e633d548d14d7b518a9b96e157c22ce6776a823ef81d9d3524023a8fdfdf16c67e317b6966d7003e51ec5080473f147401643e1055424aba1d1fa834a7a4ce563bc26b9fbf3bf6f9726594e31f1690980c2f8947a4949351829bcde59f4f2ba8956 +InvalidSignature = 1b94c923251a32c3cfe4dbfbc78e577aa9953d6f47e38a8d3e844a985d60eabd69696f968d5a9f476baf15b2d1b1febc95a2dd133a870b14d67a3cae49b3d473afc3ace7f0b2884da88494c426b9adcd1b40d5efc409622788faec52a6825a1325e922bde9d1be6de33e1ac05ad9ac5d222980696226fbbe191581b030a82219c951c25114ea4412b53aa411a107927c03084b986ecacc7c2f36df1817228060737c58bfc3823f7d16630949b186c195cc34f1bc829dcafdc6c735affc008412b96e9f279474e515fbfc598886fbf622e5367235c4617daca77f2cd1d5644ce32cd2a7104501391685ad7cd82e0d21bf085f58dd3cb1d11005f2adb0e9f962b65526cb39fe1f34acc2d1932bea55bded8690826c8fe817511a850e7aa8fedb9b1a83cb2b05b58b302c0b9feadf2621c1412c789d2ca5dec04d028797781843c19c4b8e7ecfaf14dd46fe4c4375a9138fb058e47bcfdcf18c563a0d54170283c8bb2f0ed2b801e28afebebcce9e1f9b707bd1fd67a534db9d9ac61087415d2b1d + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = cde63c4c124da95b23a8323a5db03714557615226da75815a50f2cb4b45d15c65826e032ea2cda6535df3ff48824f5820a567ae54e8a1c8427186803be57e423e1a701e39eb54bec11fae32b7a852fc092fbd01720dcd454c7072df5228162b2137285a8577065b75e0004295a5a4c94976dfd010a23ea4d2ce665d00963f83d +InvalidSignature = 6ea308d95a963e1fd18edbd6829400071e0f144571219f6909024064b28f72a8c0d6969bdfb705ce06b36c0a9d65a5c9331cc146d5f2c2eb96226c5a09957a945461a74aa20e966334741f4244311e2ac70f0329cc622864cdf614631c1e2e545564a682ff11dae5f8dfc3fc1428a2f028ab3f957cf970cd22e1f16e8e42f5ba879bc5c26c37aab6fe2b3f5b9f842c158515611c41e25bdb2e20962d794ebe1d626a4d36c07b63354ff9c333bba44129fa3210d0a0e10453efa17e053ca12513e0803c206a90edabe604f633a1d722363a2dbfa9b6b8862f5e2f40cf57f5c668af65fb7292c58c6750a6630159259c26a8ead1e4ac6dfffd96234978f15b9c9d80fe21b6ce9aa1a85a7f84f1954044bc13b42e181a323f2f9a4e1d7272c8731d14651d5302ecad25d7f1231b3f686690e69c3883614d8b85b6568b788d874ed737aaee11a11d7f9a8c67479662c77308318fe8bd5ceaf447f9592396ec3261f2b91ee25b54dffc269a9e7f965dc00d586da77d1a40469e68b0ef5d4f660c935f + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = f676f3723e70cdcbc7609cc1f2f3e4216feaf83d52d6b2d7691f6741cd4b1ac3b87df03d963ce40d5f76bc3323c53cb3e7f0993bafb53106dcc67800b811362b5044f0418291a39b56afb951922135a388ba319833618ae48212da0ff425a6d465d3d9c828f6713c55107963648f37b8fb4fa69a05612739040b73b6a80fd486 +InvalidSignature = 6a2a7ff14c4028a67401ae18a6e3450913afd048f363607be81edf187790a4aaa57eeff802050bcdd6c4bfb921df1a24d62763e1aee6f8878bfbc70c26eb9f270bc898753f5583d5c5b40ac32e7c4de0ffb073c076d5e750b2c0b0754a7491bea420a329ae68f5c5190c74a75b7db61c84f2e017deb4ea5d9452679a54b5b7db1ff66c7d7a929cc3d78357ca68e39d75f1e92d32cad5bc11080b054044ed5fc351afa53b294165510cca83dbd91843297d9249ccfa692b82d75345823086d9234f5e2e0dfcc6fa194868c04050e6e80425a71529ad672c6e3b32f6fd606cd84ead5de2512cd09891cac69def77d09cddd0e2a6383d1b60ae831c05be4ee5836e1810f60ad16bdc253fe39e1fe10205ab6dbccd2971d7c2807411742358d7162d95dcbca5a8924213113197424260ac81cd999ef505de9ac531ce803026c9e9805ac84e0d6c94f51f79ea750ab29b384059843b22aab802443df06bfa1adcb6aafa5fa267a7bc230bb26de37973d6d5cbae0b7a258ac96cbaab35de8d418dd7f5 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e22ca1 +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = 51ec15201bc61b8d9553c9cd3e64b3ee762865243508afc9fccf40a20c0e7664d7bf7576b42877f9d60263067fdba03671b92b68a600e7be409535e9c344c5a7825fac8957a8b6fa9771fd7d4502ba36863b5cac557bd7cd78c03f33b30f95a53b16e1e16d108098c0e9c0bbf9a2aaf59ef81f79ac4027fd8c96850644368f67 +InvalidSignature = 71721988738850d97a12fa89245a87cf3b032da83b7561c60e55473c5dd8a8d3085de931afcee9a401f46d227370b31dceca0231d4b13aaf293f0f2bfd742a996b655b7e363110c57bebe9b86ee9f460afc2988940cfd56c3e4b30c6dc990089e525b77fbb633bb89d38aae143eb6dc6e3388b01f7ccf51637f0955cc3808fa8a9a61290a82c5f163c4b10fbd1abef65f85e8fe8184ca9b0bee0ce173a6af19865ca32a2a9a0d7cedcd4989b32c5472e57d025ec5106bda37fbd2d7b69c0528ebd8120bc9d3dfc08018cb0107cab8bb70a277e58c9ccc7a5f6c92fe791d68384f3fc5ea315e37c02fa83c019b59060bf0fb2d033b8f5d3a7e2549f5aea22d8cb323bcd4f0c3d9a9d5c1ea256241a22c3311358fdf04f23c1313335159ed156bbcce4671bde5e78e1e6ff11339bc64d699ef36826940064db7580df64448764e84dea828d0757d533d62617f5db658810a092fc2ed35b9e08d45f85e6720f58f290442ecd44ebd0aef1db6bd1c76fd81e674b1f9226ab143b765618fb243bdfd4 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = 2f7ab138cf776750162edc63c3b5dbe311ab9fee2ed4e51aee034572c13dc1bce31b9ffed2707440052c8292db804351d24346a7f9953a51a8c249a56e69a7d34bdd6a6b1fcb9c1f631d8ecb171f70b2fbe01f0a02dc3ebc04d78865b30c64a0d087ba879fd0067798c9ab145fd9898df64ad12232f018e36b0cabba786f23ab +InvalidSignature = 765c62cd7e50bbbc4d7731e53fb468df256b53bf41a49c8950339f25a4a8ce8a6b31672e1ee72da84195fc3c679ce107dfc76dbe858ec2671d7a54f23d2e57aeca984c4973f79358dd445ac0575624b6252bf48ed74f7081cb29e2da05aca46749d4977173be27331cef847dc7ec7748eaa0a903643f45f69a61602112c412a46c2541dbce865cb30e87a4002de44aa9cef0b06b9a1220ddcf3cbec46fabb0216920d787c0ebaeb6823f11180de58e6cbb4b432391af394b5936e6132530dda9f13a5d8914b2f4c097b01046a60311371c678e6a04b0fc2eb03227686f67503dcded15873d57e9e8008d07fbf4bab4273f61bdfd93181e3b0c37ebe146226ba1730a731a01eda193eca6ae77c9085d74195a3e8b8036dcce07250d99d60a1c6a6f3c02abcc902e26f37bdc979f82312131d0d00264f798ad09e7dceb29e0994d527e15442b877656621427757f507799453559037804ad147ccea6fceb522c6ddbe8d90b0d45c80cb5e155068daf7043c6b37e7e17c49a22f7ea0421c8062a81 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = eff93ee57b47accf61e80d26313a106abbdbb1397577bcc221de8c7da95a191a4e3f32b701c306551110e98d0798557fcfa92f0c18414c45fc233422e42a2678a6de5c25f1458f8debfcbe4b18852c207ee3a82f0764106d26bf1853bd5e48d63ffd44981274506037d113c82caa9b3511b2a20c0b891023e6d9c176fe9e871c +InvalidSignature = 78f7ca725ce380711afccd67be0156c7e5aa8b8f981c802ef0456000b749c0e10e8a87a99b0abad80425b5a142bfed87bd8672701808435e8f06e28b3547a943fafe99d13fd543d56876ed0857f85ba1c939fd98e90f4b8ad864d4aa47fa4c509f73ccec5f7461e049ac06ee8d52cb64b2b1fa941801648f2ddd5a371202ee74b5b0f95313eef842701dddcf83c2a6114675ca1eecdf564a6e5a3c44c34cfbb34d1683859259d42e94c133543fc84aa4a8a3b0b98ae355314bb774d7ba6cc5bd24faaea141276e8331a68f0b4a6a5e5ccb50d78028bd9dcfeee34dc7134f7ee2f94f3be443c0dc6156bdf5225cb489e7e70acc37f35e09668649b5942a683dab9e6215ff075ccd6c3f0be3a43aca525843477a20289b03e5f4f17e12af80158191eff3e1b7f4bfabcd8d681db7050153a9beb739ffb48cd977fac9d4ed74b0c85bc5b446b3b7c5824f84e58a8e41cde59e0ed3642607a897e600742f3727deab18f6d051c0e4c092b6667b247dcc78e1a00bd12f8d9e47fbbaa9edf6911e7d94 + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = ed55f2cd9db6bbe81dfcd809973b5c0262f804a9cce01d2d17baa1aac19aa4fa0957eecfae40eafefa0bbf1eff0ebc5221b2f963d4243b12a74d19ac82055dde2b83adcb0f186b5c401ed9d7ba2b81b4ea8ad4ac71eb111225596866586d60285ec176ea49a806a9f71c6f5d4ff873cfc768dcab299d65d698c5d701ce3a737f +InvalidSignature = 1ba90dc10ff5825cd6042dbfbfd6bc48ed77e1a7e2e6ef0a002484e21a38ae123111dca0b9e34f6d8fd547ee0da1d44f18b84edb71923d07e67ddb8ad0aa44336551248db0200310016a81372d5906295342a84d9747123bc7eefe47a8543b849b13bffb9c9a292aa5ae809f09ce36867e584aaf8b32524dff72db7849d1ef7b22efc1475e67ea6606c8e0f4c96f7acc8a745a47a13c0030eb23a68b664c12387a3ab8e438545009dd2824f1c1494e064e5d400fa4d81ad3e024e4491e7521b410cdbbc6955d3ca11b928a68da56ab7346beabf14b2663b45d62903a046d3ca1707c33014da7e757ca5aed8fe94f7aed8c586ffffd5287c8d63b6cfa0b41f5cd1c66b0c56bbc293463933fe3ee5097876cb4e34f23008a3647f446046f1b75e4caff3a3172a58429562c0e51571aff92b927c38585ce81be9d41395ddabbb6be7f17ee8903a6d824dcc3cccab72a9c3af12d5e7185eeefeb01a1513fc9996504f6857723eef630a1d993ae22ae308a955bc01045631f26308014d8daf1e0cc32 + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e324c1 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = 7046b5c4ed235e49275f2c98490a3e6bfbb72a0b2b30e4ae0d68e20460b17d0df42f9b2d698d8b8239ee3075f927628fdb2b918f78c6abb9cc8f40708218e5077267d6d569aadf8728267cbaaf713fcabbe172e48d44fe63edd18b596f5fe96bf5d5aee375e22100fcee5790f3509cc1a2c11535f210a354771809e6adf052e1 +InvalidSignature = 9f26df018bd94829168a13fe22ad206da944831f09c2dd828d3677a1b4c436400687499a710eb2aee5a4823ee0d1acded86de2ecf51d2b32408b7a0cd8811ffdfbc044139569527befbf52b244e919e4a2a22d2405576b72b4d2b44731a57ae4d34d618194193e1de8b72d141c7805b46e9b46d404462f50df48279302e47b090efe543039071aa8f7b3a5a62eafa8f98ed681cb0f11b018e2b5d6bb1a634ae242269b6dac07f1d1db4e8216a2ee91aeba2c13501fc3fcc02e6dda680506efe6cfed1b5c6efbe096f25d1c98725435004854aaf75fe0ce9138b5ac5027f36dcf8220c6868a74b7d89ff26193e00fbeb581f0173fa5578ea7884520b33767f5b060b823843e715050fb569e0630e183cbb8ecc404b02e33ee48f552eca84a2c0160fd6ec008dcdd7ac0ece42bd3fd3287069e195122662f09616a1245d331edef4c11cf2f9c2231ac079e6604b3ea2893ea1f511cb2e1f2d790fd009a18251bee4edb52393592f590edff2c8d315d20286d99d82520c34378d7f46f34fb20d2a5 + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = 2dd8a30ce4d971718b9c3a1fa33512f0677cc1959abdb2e682b10c7735ad1e6c131a008e9425779e44b71ae90ba8b31cb230e85aa39e1b8cf04c8ef897d2cb16057a439ed8f435e6e94bd16b8a189ead0cf6194185359f21cfd38c46d4a7a57909e0b36639ae71f2843fa8cea7ed994c7eb69b72c7ec054e282d4e887496733e +InvalidSignature = 9aa4039c0c5a617c1ba2d6f71362ca1ee76f6605ded0b51e881a5eb800297b4d74de776851355cb744e3f7976b379b54a56f5cf705b9e080924acf12d74e064e3a4571432096c63b9be3301cc2c8d91591dbdde6457ec79aab96b9a9132f7feea63fb5bcfa192bd126a0ed82b0f3779c17a5769733bd06185950f3adc8bb62981c33c81e40a6fc5c87a2733a938054b0db4fa79b63b822c0b69cdf53676bebdaa8889b181b0760b7cb11c8c1c89095f8fd76c4ee02f5d0a4143895431de8b538efc6160e0f3ef8d3f2e1fdc7cc72a568934905c2ca598e36482113b8592849dc21943f5b3025091a22bbd3b8ebdf2e966bdcea2350bc2ea59413abebb6b2cc332f3dbef652cd90e85f860d843f2459c431dece9c432ea5b6d7f361eb851ad5b03667c7134f9cdf27f575f4b093693f35ea7f2d7491a597302e2347c182dd0b07401175bcd625dc66449ebc201441fc132d1a5d5eab92ebb759f9931c28039434ca7cf249c9c7994aeac06c55111a73a8d2d27912ce9219142ff1daac82431a3c + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = 5707c0d7c2a388eb7bd51616c0f33a7197f4dcd9b7cbf7e8a5f4e6231d4cdf75b325bdddba9a026365201c502c5ee79e713f74ae6445093924206889277f54e9db26525a8d40ad878bf7bcfb8543679239ffe82d5042cfaa82ec4914017fa116153107b6033f914034837f7f9349c333375fc1c0426b53240981102b75f5cee6 +InvalidSignature = 01cdf5e7f2702e03c7b98e8fde047b8a7df698ce37a51e3931b6b8caac44278d216326644d28cec12a63b8e58359856317a6a5c7ddbf32fa264feddda83540979d68dc4ea92d75dfeb073f0550712979030a23de1c39e28f4abf7064cb0ee1ea19f1c1694747a53de50caee9f346c24089389f6c37519c7509fe4922fe510b31399dec4e079c0808dd4bde6e713d2e58a6b54dd11b6ed8796dc793265f1edab0a2e5dede076ce9a93e112ba3e2e761c8d530871f14fd17a5fb582946fc40e951b2f35651cc9bfaf8a46d82d7e025a4f1f86b9805c9a23178539885288c873e102c4cf500c612db01f6e6a6b9c7239a0f0ddb6f4700fa526336a8e2a1851c08291bbed4e01ff0bf5e9d3278bfa88a21e8f78b360d31ecfa3fef98a61aeede752e93bdfacfb5e7a82c3e25759a9921b96f94cee537e127bbae2dcc4ae6a8cc93416160f59a3582cfb94d914d42ff8c68be2c91c5fdca7946130821df910b64862fcd14fe72fe31d35b0504eb387915cdb19d64a7c330c1811950a1cad3977f9ea8 + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = dbf8391b3592af32c893b92301064edea2ef6c38b976ad33d3481a806d3b4342ab3190154d3ed24fde0d1d862e7fda52039618530c92237616595875821c379df738bad4545ae5dae9e79fcfe69bc0f613706bb8c2c19eec03af075516c41a6c26d66060342e125c51eae60810a029523b440e6ec54c461b0011d02910791338 +InvalidSignature = 24488702f736a23bbddc56d6472b083d92a76be7e51ff787153f3cddd8d0ba1b7ba56685f678a159f8e63dc611ad4fd1ed9d86e597672f6a11c5cda9f55f027053f1596448da8233d2a19b0a4de8d179403b9773517c0a26dcf00637a90f0832cd3918d35fe8e1293176dac33f6a0a562adfafcc97d7cdf862d338599d8bf94fcccc58b0aeb6542e9d6c65d2909e5b258f32f17231a274f53024751b871cce290a976ed98cc394a5cc5b5b6f5c6bf0ae9a21e2be3d1d12f30a295d84cd8a686fcf61883037ceb0007d1a443eba92f6105d1b282c326a3cee65c45b5fc53dd13909dfa97ddb46f8c6889c03776deb2f0220e5f2e86b6407dc1935352a13086e1301d2a9e015cf3ded7360bfd5b0eb29367c69f1fd2226c5cc869cd03e08a689396f1cdc332a4e4b150c700a9795d32e356391f2696d4f8f3ebd6c817a3920f243c4eacd373c6acaeb9ebeeddb06457ba31ac3ee06cc681041fd0354edf9098b2aba6d9e766b15383b274a88f2ad864c7bc15c912fbccb81ae90411c07e2571cca + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = 9fe9f933b93d5c2ab2f681086efb04090c809727697da534e65f35266cfd10b2adcd261cac582e4d7feb8d2653907914b23c5ee4014a80d94d28e3fc475168b48c7b38962a11657e60e3cfdfa61d4557ed75ed8728a9e6210b292b421310bb03c659f74b3c504be7de4610dc6e89b1fb48940db7e7821d34aac9d7a0d82452c6 +InvalidSignature = 4311cc3ccb4a2215d64184a22d0910e2f32931be4e1751b85746c5eb69c2a388d6cfe8f0f7d492085e2debbcdcad65ed588103df67099d5c9aa6c7940e777f9141f6d00f2c30c749228656cc473dc26c3bcbae8b46b9752a29cd0de51023e442752dc6493981089ec6a000bb53ccfc7f48eb320302aeb13ec9ca31446a3991cf78406a6d7d3591d8bcbb643480084e663edda49cb7549d42108383a813ef4709135dc9be769d8573ba947382d63e817c4ca51d6672b1a061ccfb1362723b35d18eaf713c86c9b8fc38485864bedf5d4376575025b046a803280c20fcb2e243b39c5ddd52c2961dd7dccbad7d0daec3575ec564ef268b9d0b5f4fd1decef2ad8f22af11169b471b602ecfa961d5f59df6103bb73c75557b93019dd0ad4ab1ce9c1ba466e01aeaa5beca934a4ba25f5dd3290b211855ae55e730245534889bff626bf53cddc2e8163f117c4d2309db4771f06fd326af015cd46036b457ef1da7b6064497e322644897966bbb99f98e04a91a7240f12559ac4446a1445f1e378b21 + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e6f03f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = e62f04e5d82cd16ea4cf1b3e74e5882a52a0929a9b3d9547b1e32642f1cfa739e5ae18f6ba4a3028f469ad6660f2e8714a52acb9f11e482338fae30a9eb9108470c6a3e63ec2c28a8b6e3fcfc8cc2562848190bcdd7ec2ec3adf74973c136a3df13e4abd4bdbae1cd1a6788295b9668566f5e6aa46a32b291f5b80f1b125dcec +InvalidSignature = 8f20b434b6952a0647610122d5f836965ef69c2717f288c226b1c1d87d5313daed259fce61850a70781244954402a0c210d1cac134cad6cdeaa670cc7e4f682cc26b2108eee4aea7abd8477e5f52f6ee539d9e1799580db1c3fa5b7ba018c16bc3dfcc67b8ca016d5c26554422a74593e0e056a239fa731ab3e780aafa711a762e174b487f95194f902bc7186fc77839e2885ac0db328c71f4060eb8ef7cafe109cdc8e4acb5c21bc964feec80474daf737ea08562888b4296f041581ccde0a2fd61455f6bf56986dc0506f4e6f6b55b4b0e7ece521ee8265a0e63fa87419032c28cf0536cae35d0ed9941027ea680c0785a96d075de14f2a09f36ffa406a954f7d3654a78a968002bad6cc6639fe8fc0ea7da6aa900aebe136368ea8c3417f20af01a0ea5ea485416d577931f9f942d1c6a440c1d6f2edd5631fead4c21f71297e0d8ed753be4100e5f8d6d7acf7030eb264b4edf13c1a5b9c12280cfb5fffc7d691bbb781f5acc4b55f64cf28fb8ea764d79ddad4a0a59e562e45093ac7ad8 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = 5df6c2f15c25e0d72a7ecd6aa3b480949f979945db38f4b8364e7ef720d847a14f04d9ebb350c9e5adef8bff7c6e8acbf89778048296e3d03b5a0a42743eee2366e9acf223720929cdc84fc2065258faa7d2e855b58f40e291b3efc06ef2ece1086ce20e94d5cb2bf2d3c0bd2aa70fa916108f3e5c6c3076a021d679f73b6863 +InvalidSignature = 44444dee1f63274ae503afa3c982b96eb60fa8beb0d4146b48473f816946274004d0cea30c1b70d1291caa38012f848815d33e105bdbf2840a1f847cbc353fb8a7688db9e27f9ed3ec0c649aa7650f102374936dcffccc5848953f7dcac50974bd760c4931308c7583b76510eaa1311d14ee4d8cd7403df1b0b7e97aa7acf6279e4849e404217b8fe072207b1af48a154ca91316a1957f25e82bf30468a75c51fc7031253f492e75bbb656bd291110fda322052324bff373b493c713bce00276854802a46fe05f4952d6e80efb1e12a9d6122a554a6a73225586fa690ae4e809b74999317e6fbe1229177bbbf8760f7cadd715fd1296664005150bb38663a890a765bb4646f4b383aeb1c7702fa2092299471df682732df8835737d3ab842ec83c3f2021aa6a618325fa36b4ce34dc2a8a40d5bdc95ba621af1ae7e3f65a61d61c7e0c8e42fe0ed054f3e68f8f8f64a21f7931abe603e13094b9730c1dc8be5918c7386dbfb436570cdc2a3e5e4ae1c937a654eef7354273c4002ca6c79ec273 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = da1721b3190694d873daae06b0108945c693ed88ef850c8cff3d7003f58c31f2d0456b58a4fcef10ec0d39f822e1a3538d6cd86c5bfa8a7def2c68ce7c3d4a21d38aaf4e79526a2bfdba98ae8814d556b660b0c6a4135cb44b18a8010c1530298befd5dec1906cf04de8b3700b318915e8785edef559e8f9ba0a17e4cc9b4cd2 +InvalidSignature = 509d9b9af57ce731263300032280ae4bc353189a6d25b50b66834b2a9e7626937578c82f33c0369803a2b97d71093e79e656d56bea286a6c31276ea3796d0684a30eec606665b829c82621bc6274e93b4f1add1be8d7ceb66da8f1f6eb7b9493669925a8b3dc0c21a4d6cc19840b71a0b312f911a328c7e58735cec47303065e6fb01457b3d97b93814cb6ae6f42b3733d2101159b08bd33403e22b9f0a288ec02d386a59c4ddddf9c83c3154ebfbb81914373b91fc187dff00d93b8ba344aed763362c67a623c1b90e7d6b781f3688254c8a013976cfef38f8cb947e7704ed5d6cf4b2480a956c0be551e986b5a054ab59b2e9b979062fa6ae9f8204e09a5962a8af893215646b91aaa2743df1745449a30fd13785b2c4b839617d380b1aeeb4296908fe494a810a6cb80d723ce74716f89f7b50770b577dd5dd900529d6d67323094e8d46c60539c9c9dbf44801cec4082f6a73910ec452a2fada90f2832a3dff07fa1f0ffa1476994e20a335d69e671366c95a2cf4c16dd4043e57501184d + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = 697e6ffd617d01d666fb1c069477d3a5b36b45a00ad2175e73e622a3b52e68b50db84dbe0ea40472ace247f1933b4befbd96f3124374449b73be194924c0177a4675e494bd0594a3708c64449c1dabc16f070d7dd256f293869d36ba72f3236c3b3c9c4716aa9ab3da83ddc55a24db63f146fda95e800a8cd20de3bd48d072d0 +InvalidSignature = 359ac6731fdb0c3360c8c24311e48e84b2ad4d1b19041009e5fa2d6b94ddd87dc9be9206633fa87059d184dc583b9f24e6909fd5a533da78e1687b1c01e4c5a5d58de0aedba5d7b19b268957c9e79bb631bdbd423e3a267f9ba4a1266e2c3aa80929e5f7260ad9681af2eb2b8936596e3b1622e076b8a33dd86ded2b06060c8e74b1fd0f2ca88a8efa3c462b1227f8cecee0f77ef17606c218abfddc8cfdf990102524ecff3118f81b48adf286d6b21cb8dd815cc1235289ac15f6dbf420db9a608ff26667d7c80fd56124741bfcd47b42bdb0c17d66bf45b2f88d633e1954172ff808e7904db96d3396fb9f7d0da5742a937691fceb97894ac6774aa9daa7d18d889543cf3a7ad96d6a6e6feb4ee16900ad070ecbcd165bf82fd075046478c42fe8584023910c320901b22f3a4690597fc78b49cc2aca4e9b97bde0e69d62c9fe1ad07b5f0917e175d01f1fe5dbaf8abc3c71efbe0b55ea48f23601eaa5c70fdc841be8d1b89d01cb922e9ce4406747114fa05f55c73922fb28a42c2138a5c6 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = 6ec1913b9a55cfce3baa6a742498e6712109949f2e5e66fae70e01624090149d767ce89c46ed39ff5c2945db0e8422ba4a8154e3cd3b9fdc96031a2e9b4b8568bac3dc66f2c12cd3d3e6a6ed33fff2882329c6562239b665905a4ee965f85e3c22dd9523089a51538829b634fcd0fee494480f7f931f539ebb5bc41d05604622 +InvalidSignature = 1fdb03e44e04d5823751c29f4404de6859ed5ad1fd7942c6387494327b3fccb98d662bd6311edc0bf49cb4d1014c6f2fed8b5238493bb4db23580f10763707414e3c87a663d664cae71bb00c2596b2515d711f1087125670e2c58f7ae57686f82da409c79718d942fa05545518055a256e007ef761d4acc33984a629ed548005acfd79e0cf151376798eadcf978729a3e18b9603b7693e1c923cb86b52199a360c88e9ec5303afa6e60e47f45719e93cf2e7a53530b9c9a2ab3b2c8b5d7d6d7971445c8a1494bc36363ad58a1c1f4bfb86534cd84be778ff4ef4a410a73c9d0ea327d30548977f2337a74641ace92c749ecd54af207c4bc29d446eddc173934bcd3e998da643261275b1556063dd5c1821c43cf2bef36eef66e514d72462043fac5d568d1be6d57e49f40f30be88c7b4389cec090ed954f48fe48aa26ba39dd739c2d0097fd31330344351a3e941bd633952ce99039e31056097d00aef49218c2589212b44bdb12b6edb68c784b8f789f370999f71eed9c04d6dd2d4d0723d2e + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = 89008623eb2864cc6d698bd707adce222f5e7f02f128282d42017bd892678c1ca0e93e9e92e9fb6f45a0a931e263d97cb2244180333b6ceb6b67b00d7c0f613979ce446f782f4639e8b56ed3251f118e4ae9457647169733332d012de38216f4bbb680dec481acf2ffafc404f969de22a0b6732f554212ce425d5582ee461513 +InvalidSignature = 52c068fd97c371bf7ad059310286d099e9e1486d6bdd9aa324a51019afbc5b502f1b9f2fecb23560b7a414d0e9e6fca69f4cacdb5228728c77e7659139ba2de38fd74b98f7d70ab4cf61655b84be1473db8b29563f2ad053a89369bb58588874d8d49dac78a42c0ab78d5dc739901b9106dda53c670c2e0ef47a45522af0e3ea7d584c6d1b782469cb7e86b0df2ea67d50ac4dd491e5248974bbc3caa5523da1809f93656706b72f9d7d17ca19d3ee4ca5942f9f5da16db8c25aaf911d85b6c30066d42b7cc6bf33672323177994b95932c224a87a3b15c7a74bead04ca432e933ca26af1677e3fcd67c3ad3196aed8319bfda468b753db289f6009972fe0ac34e7cc2c0c9833534a88e79a6ba7177ccfee0012f174e7e63e63b8e9f6bd24133b2685843ac90aa83ef81b421a202758ba48cd95c46b52192bfa52242bb65a00a21e72f73a5a8f3100c5f8d5fcbc4a5d3ab17a2bd7cefc23126f93cddbf575f22e03c7b7c2e5086992f712bdbfd155b07d05970d8e56c8da399defe061a563036 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002fcbdd +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = 6cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f1d85 +InvalidSignature = 8fde6a6c314b86ef918ae2d2adf68f85e330a8a1e3486bb3003fab3a52017096ebe000a4a7e8d05df6fafcf4b01940f5e322b7c64a7fb5949a6eb356e905c96c6abd9ef18b4ea9fcc3836dbf6b24979b9e6fa6785e09db540c079a0e97d3adecf6158de9750df9598ae8e7085140328c50beb09ff37e10f7fb11691316db255b6e9be021bec7b0a967589f63d6dd7a43aa0901cc83b8a8954542a41284f2fc381cb5a6eb3625099c911bcbb421b35a70ef5275f2744ead1813873f1d0333060d9cf2ffcee888335b0aed2428362358f7d1aab34fffc11f27ab3cfb8b5390e7dfde1fdd33f2a8b8171d865bf40a8df783e216112b4d416b31f33cdd8c905133557b074cffaa14c73c087e6990c9bb7a36998459e4758ab07c85d260849c0be374a99f3b8b23b97fa5c9dd6206ed21e2bc54fc256e080856c3599772b00c4c5799daedb1a6674625029da3e17ce73365675c5f3a71398f4a0c4f609d4f4016f554cb2424e19c35ca2b0649a210edcb6eca7ac2b31ffff175b25d77b26933e52787 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = 4621b17cd9f5b623fe73b5fe280ce9ac840805608acd6e41d55ea71132220c0df7e7c4159626f10d71882983f0aa2a92d11dc906c0b22cc028f4395d48f54e12894e33da0f614dd48ee114e65f95c7a7d3585e7cc765c00178d136aa99591faaa35ee6136d2e323ffc855c709c5426b32fc0aa0ac66e90c96efe84414dd5e79c +InvalidSignature = 33bb9affe18723767ee34d8e40982c735099ef1806d8720e71d16fc2d6617a8cf301e992b6c5fc567aa971285cdb372c1934eccb1e83a6597011ad091aefc40db52a7cce970e3e2eee817a727beb9e5d137e64606279c36341c4a7e7488cea8c69af8a3e8497fcbd7679462a1aa15ae4b0d8ea321d4f7c54c75dadc64318cc99533297d9f5bdf4882e64ede175f32cd20081f996c52f288bd56dbc63fdbba190f1167081c95e37c0dbaad3506009660a3fd10d992a2968bfda881cec2cad19ddd852ab579abad0a9cf43c10b1758867dc0f25317d630fd154caf9a4b057d2abcd933748c7d87686c7661dab7b5990f32708183e494b243b862f4255ae02e2d2bfbf00f13d7cc2be7e1f16c43c94b500898de9afc7d4aa8cbb56a4128ec0159a1568c0ebdb819f49ca06b0f0686dfd920d6eff0a3a5e1d913d4ed44f9da20572c132965a958a139207e8900cba4d6b1157a57a4414011b412888cd1935c01e630410607db7852c174dc32b6312d22f541c453ccc07f7689113013c367f4889a7e + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = aa4a6da9f73b58f5326d587572aed18ed9a79f3dbc6959510349d2d8d3eee6d76ba8733e4c03a51a9d9d770dcd3476fb7a03c807924f6ebeb83dc691e9e654895fadc136b5d124e94d3e8123efa98f4cb2dbbfa8204d798895f6a9bde8617a524d02617b7aca5ec809f97f9e1e34a5e849d78a0aae8c0316631d83431986e19b +InvalidSignature = 950e4924b04152a1bfe6f36351d637ac802b08344c250118aaa7e8c414f39f559761d458b7744d952edf9851197b2465c46aafa827ea0610f85fadd7b41418b04c1e335fa084fdc84782e1f51f90df0eef306d9b9361a1e610244fc5dc609a9f82f670521f63b3b3ed8e1a48a630c55dc9f73f16bf49478d8410434dc0da78ef840a4bfba56d5770d084c90d7ffd198a802c8b90a8700b96a0f2f50c994af7d44b3e9eabf9c7b5d9d6b7da0d64b623293b5b7e2108d7085fe7f70b29b98c3bd575df131da4b78a50dfb6392d0f37295908170d4475d7702ea3abce584efbd4b4e37ab760c1641548a79eb7f27c69eb4c78113bc0c22ec2d2a9a244ee6fee9aaf57f71aa9dda726bc0dd580673ff2c69922dde0b4ebb92653fd324077040fa00a280454ea879147937ed1f53ce26422f4677e0125cd49c2bcb9a88767e0e67ca51f6472de6cf32c7b0ab7bea63253d8fa031a938621a026a92384bae79594a8c9bddfb06fa9c58c5a4a5776cf65b1f5d346da7deab2154e45440b0405d1052405 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb +Msg = 31e3e05d7a984db4da8696db9bdefba791358c70fdd8330db060f4ff748674eda738b85129ec30707934f48f1a924d643c8e77cb9807a5ba9cc74677c85a8708581f19ec239f3408c31edce4f6706317440e2f00e269bdb7d77ee6435dab610e8ac18a962f5a6164016dd642f61f44a9f2dc3b79a3a782eca9ae5ccdfb220be5 +InvalidSignature = 4fc3232b033b22a8406ab979cf0bb66175b523285eb8425d2e80113b2bd28f8f364a6487304650789c3ec0f2e1ecbd0c919ae8d46c604534aee503dda653ed94582c93abf67417412080871e193faca2ab5be8944663415475f3fcf6086592418b6b845d5f6281943b19dd68c0a3526b39d8d225a97c5705b7b9d2afffdc2351dd95dee2eace1aaa8bd9643fab8e764d6a7c66499f74c944f10afbfdbd901b385388696d536fc9ca5b68b933784f646773e99ec2bf312883fdeb9ecc3d6e46094d87802cf11deb8e8293ec1ba76711a4b49db5d2a443324783cd4fa001b92a46f7aae084bddb30af4d23c6ec6faa9003def5dd59d00c225ba1212ad0b58fec5b251200ae135345ef141106d3265d9e8019a426f652b91ec32c8658869aa10044997f22f24fa101d088379d60d64830f7948a0bfe1c348b90b28dee91bc501556cc1dac0d050fbdd2efef2538fa4f182d7908ff754ab84c238d16a9b10b0140e7298b026b4830ce14f3caf9e72daf32a6a785360816c70989834691133c7a918a + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb +Msg = 691c263b523e54312dad47dddcce9bfb7275a61a9ab5fd0736f73a89454afd4e0afa31266b64916f97086ad0ebe0a22b17f1f9cc7c1f8fe7d945a7412785aa2dc1dd6fbac8fbb92bc65301a7916e7632738543dc874e10386616cb100310a857d4ed665f33acd54d03b495c9962020face5a0ab183eb88e42591305fa392ffb6 +InvalidSignature = 0c42f7dfb0a5b5d439d505310f148a0721670d81c806bb50bec20d941dbdfa12980b2326984169ca4a3943ececd9b1527dccedcaefeb5cf739e0112ab9410396e3692163fe2a74fb8d530c8d805575e101b4ddfcfd7f14a8ed95074a516a1ccb0190345a79ae0e83934cf09cd1617ca471e10de6bf512ccb5cbf9a87ffb65f032422dece63dfc0247f54c9752b2e966c904cc203362d3f680fda66b17f761571b2984cece2f4575064b47d78afe8d683554da1f132e8bf707f850f97310cafafdf374835188983bcdb3493ec1479aa26fe12b504a32a8e9b31a1fc821fdcc8b7a2c6405d189cf7f644e5f47bed54c0f1b03ceac14b19f13a25ccf4c779a052989a9e966dcacf29ee5efe93e1dcd5fee4521faac968652353e5ad9e0ff2d4622e98cf7fde4800ef00981d76dfdb953ea9c599a1c07611876d11ce94e9a421cfef3aec08145703c2e6a878112959696ea54effd9c3819d0f6fc6d722a26ba044d16cc93359e4b6df565b43c354abd105a638aa1e1d6cc7fc9300165c57b41cdbe2 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb +Msg = be0f5c666c1d2c480ab93ab82e2c7d5d347ab87e9937ff72a59b77574dd95d0757ad4a48bf34b5435a01b938b96d186f502e8172d72c0e79f19011260c1d107288c30ee81b710c11742cd02f1e5ee52da870e3d7039af1472bfa879f09e479fe997a31ac487c3b98a061080526a6eb8083666815e32baec29b04622c0ed79e91 +InvalidSignature = 64e703378e5e73cbe26a01ea4b21e926501266d634a83b2542985d3405202f38504917cd42363969d5f65bc7a1db79dd1f91c49407be518aa77843d14fbe7ee49715ef4457c32eec47f03020209b761ef1be6a12f489030ae585214a7a9429e60618eedf82eab01e3d7b39de7e220540812e1b6d0b88d200699c17387c1deb893c3012f4a340bb86fb353825f772efc4afa625784aeba437d2cf4a09e1dccb7e224385b03a40be52557005ed9023c0aec390f551de23d590cacb7c3b5efeb6c878b44524613bf5293fd5cce9e486c2552be609993dd15582df09aff677813ff5d2c2a8c55460912107818b29ed76601ad999902a461b06c85da91376893b9dfbcd8d50e135ba39a4c1daf2c610f0efc8717842d40caf59bd2f51fef7962d1a936a3a31705febaaedf94083748f2f3cf3fd2ed498490b8e6b20823f7ab78c8fbf518945d426cdca11e4b3e6a8e5c15bb3f932d60e0eceea2c3e6bc72255a4ff248203b02e268794b09cbfe4891b3383ff7e845c26a01fc9c4ecacd267ab186a4c + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000453aad +N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb +Msg = dd1ac9357850544f391febbba214bc7b034f30e99b2229ee00db8974c1ddf31e49f6d53606eca6e7cb596cac73b98208c8c29878a3f4fba6547017df430d3ac7d8a99a4b99bd9ad8923449cafa7e2b2813e03d8e520e336ac0fb046ba0f0a83752dc205d77ebb88a565989ff7f894142ad512714f19859a40d2458021eadc7d6 +InvalidSignature = 087210ce149329791f3509b67df8ce6fd0f75b86500780f9b16f451b8179d8aa69bf64416ac5c7cfc0695a775fa30aa6183fac051642e4e8383e8a2dfd8a93523e1de54478489caf0b35efab456123b771db81c734ddd3545c971b5a85663c9dae8970fc15752b843e3ab11d1a660cb8d4f63ba5a0c8ad3e7e2f21f7d70c5cf9753607698022e7f379dcd5fa5c4d7c66a71efd3f845567c360f704bd3679633310066a20050c056c8ac025f7721573a94dc91dab73c4f9b4d74ec24114d35b806562ccab94d598e46d2e915282a6b84eb9d545304dbc72f67957b6391a3b4e779a8db79d2f69316b28046b41c6f7a3fa1756d85e6c74f45a86aa17b2ba0d57d5548fdeafd33c9b8308d12c49ba913fa1d01178b83b7c99abcba31b3b92a014343ee67dbbb15d63f165495973fbd7769346f4b4a82a573a0ad36a8ba55de22bf595d368c3807d22828bc5da051a5ae469729e0d3f1fc9ce94d1d754703ee90fc9a7683ad88a2392241cf508fb6dc485652b8d8bf6dbdea987ecdf71948345d771 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb +Msg = bf8cec246224e055e794d2f3f3fb3b1f77982a3f8f2544f4aa66094dec01593ad090364312f5cb79ccedadaddfe962e1941920fc83c9d6c2b4f0710205065811cb173878bc1607ea0d734379d7ef7b09bfb01104d6903e4fbebb567d0f794e43f8487b2c2a2e9c8ef14d1bbda4b8907e408587bf5024838510ef4325d10143b7 +InvalidSignature = 92579093d53403c964f045fb794065964cf98f2dc9236347bf5a757342a546443ec4e7c885f930e1d4691073a50bfbfaf7fb71ee7c8f7981ab009924c1573f6b92bfd66f36e22d5de5e707d87247ef2422270b772474699ae77d771c4a94caaca81d123380aa09e447f1384af3d8ee076ba0592a9b0d5e550a16a9a63482a09ca95425a05eb7c02d3727f2eb64e7f74b03668209e1a32b722d36e8b4614451b22576b4645f23ad95392a01d36f30e55958648bc6f7245479f949821985d66936c173fa5a9f0d772ccfffad1610f8247a2e598f5f7ccc258579ae46beadb94e7b8f558594f2f546aa3177247ebefcfc99f306fce40066b3d72900cb312be0a58062c36d1b2d6a47673b8599b4fae469865059b6e38e1d6f0c069df61268d38d885dfa42d0dfc9659bad6637fe76865f509cd3b2abab37d571aedc5068be59af0f7678ffa1406ee263e76265723fd4db14acf7ec1bef3bdce0db1a976e30f5f4a36e65a2e8b3ce8bc9e6df970af5b149a1d30958c7ef79802a6728ef1b0ad47d79 diff --git a/src/tests/data/pubkey/rsa_verify.vec b/src/tests/data/pubkey/rsa_verify.vec index 56ba042b9a..bafb02b68d 100644 --- a/src/tests/data/pubkey/rsa_verify.vec +++ b/src/tests/data/pubkey/rsa_verify.vec @@ -191,3 +191,642 @@ E = 65537 N = 0xAB9014DC47D44B6D260FC1FEF9AB022042FD9566E9D7B60C54100CB6E1D4EDC98590467D0502C17FCE69D00AC5EFB40B2CB167D8A44AB93D73C4D0F109FB5A26C2F8823236FF517CF84412E173679CFAE42E043B6FEC81F9D984B562517E6FEBE1F72295DBC3FDFC19D3240AA75515563F31DAD83563F3A315ACF9A0B351A23F Msg = 54657374 Signature = 68ea71ee1911687eb54b3d19cedcfd44719d0b24accccc59bdafd84e4eba48ef0be7f115e7073f9f273286a7dcee3b94cdbe208e30ae496987479d3aa12ab0e12685ab592d7693a494e6ad27d526ed3ab5912c7f81e09983931794c2165c22fd859e0f9af1a93a4dfe144098c562731e6059d236b52cb865996c87a9baf7f103 + +# Based on SigVerPSS_186-3.rsp +# CAVS 11.1 +# "FIPS186-3 - SigVer RSA PKCS#1 RSASSA-PSS" information for "rsa2_check" +# Combinations selected:Mod Size 1024 with SHA-1(Salt len: 20); SHA-224(Salt len: 20); SHA-256(Salt len: 20); SHA-384(Salt len: 20); SHA-512(Salt len: 20);; Mod Size 2048 with SHA-1(Salt len: 20); SHA-224(Salt len: 28); SHA-256(Salt len: 32); SHA-384(Salt len: 48); SHA-512(Salt len: 64);; Mod Size 3072 with SHA-1(Salt len: 0); SHA-224(Salt len: 0); SHA-256(Salt len: 0); SHA-384(Salt len: 24); SHA-512(Salt len: 0); +# Generated on Wed May 18 13:42:19 2011 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd +Msg = a4daf4621676917e28493a585d9baffca3755e77e1f18e3ccfb3dec60ab8ee7e684f5cde8864f2d7ae041d70ce1ea1b1e7878cbf93416848dbfdb5214fde972e5780cb83c439dfc8aa9fa3e2724adbd02bdb36d2213c84d1b12a23fb5bf1baae19772a97ef7cc21bc420b3f570a6c321167745f9b46a489ff8420f9a5679c1c4 +Signature = 319c62984acd52423e59a17d27d4eca7722703b054a71a1ee5f7a218b6f4a274632eaf8ef2a577a7e8a7f654b8deb1ec9b1e529cf93459cc8af4c6df6fffabc3edded0c421604ea2aae35836b05fd9de7abd78540d45fd6d0ea714733a3427b00d9d6404db8ede4a27932b47d88243eefcbffe1e55841823def30c57de7562cf + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = c728846980d2461db29343acbaa0e69e8a7ac11456cedcc190994d37178f0964acbefa5ca56f5259e54d1eff0bc91ee5eabcd4523a4edb448c187ab784857923427e33472146ed25a4a2664ead3eaf5ff04c3dcca86e3ddc88d627f5f5ab961a72af57b25c20c08bd7dc431e08c843158571250a09f4ab926d1c7d7ad3cb0950 +Signature = 46acca5782d216e2f3d6f874a38b49b35c1e7a26626c9ad8af2c88a0e1d89495c02e1c476b3c8c86b0c6267683a16b3513d6ae5061a8c0557bd3cf0155df16369364da81bbf9f6d856b65add3290f5a7dc6e975812d1e680f7f24650d5c3f15ce90836b47db064b6494a68b95539eb2d5909bb033999c423ab14964a64c42efb + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = 0b95962764ca7454c8212a4407782e6174248c5898db391d28d2a42f35228f1da3701d49dccd2cecc5dbe45af23190881601adcbbdf841e23d666f37e99f476289a1e3ef07f7af616bdd087609a409adf958a106c8a1e9096de7b5097fb96aaaa5700fa14d0fa6bba16ebc21b6983fda07719091239cd999a29ba12e5d389dfe +Signature = 7287a0b4db04c8c795018cf818a170b152309ee195cb239d22c70eb248e1db54dcf0c0f6c8a311bd07c7051218e53c41e94d0c67707d0a69f5bd9cd1abc5e01cdbe70d4abc75a8536bad424d94ce160d71104b89d920fbdddf8da741178bbbf315c3e9fa9cfdaacd41a55a86eb143c1fce55f0bac0b5e08c9dffdad05485031d + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = aab88ff728c8f829841a14e56194bbf278d69f88317a81b4749aa5fdbc9383486e09bff96a2c5b5bdf392c4263438aef43334c33170ef4d89a76263cb9745f3fea74e35fbf91f722bb1351b56436cdd2992e61e6266753749611a9b449dce281c600e37251813446c1b16c858cf6ea6424cdc6e9860f07510f7417af925574d5 +Signature = 657296e902331b8030a72920c6c16b22ea65fe18e7e10b7cdbb8a44ef0f4c66f3e9c22f8f35e4184b420ad3f1bdbc1d6a65e6230abca8a9bee10887833dae15a84bf09a4542389c685fd33e7385c6001b49aa108f2272a46a832bbadc067ff06b09b2f5f40c81cc2acac03311a3945f7a9f2ea81213ba9ba626d6a7ed49f17dd + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = b80271b3ef26efb5b0ca8e809b61fdd209337ac23fbaa349e84c8900c2fb072b97ba52f76fc1d00004322e1676fcad4140ffbc026b72ccdc01826013c53c63b421adbfd560482b1e1d884489fbd6e06597ac9fa1bbfbc347d5ca4147a72017763f25e1d62a84a718e513fa5f94b63f47f6814a26991c2f924a6c5423d06fcb79 +Signature = 2db61ebaca89ecde29a2895f21d61220300f01d117337ba992e0e5a65d6c4a6bd537f6f74e64db2ea45c8892114d2d5450d9b9eb38dece3dadcbe91123a9ef8288e000bd3fc1e140d2499a7fdf44f3382e71d4def1baa6e40d8b70334906f895055295b8f37c779969975c11b79e2184321a883e1abcbc100273187ed1480a70 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = 6509048df94c808fcd84fcf16aa7e6735f95f111884c72d8905c0af9b59c861ccb1a03f68458561eeeb5ab1c3d296bc3cb3564c25d1a2475a84aa501141c309fbfc37b38c5811533bf18038b8982ac2449e1f25facb9a2ec735d0edf2fa7f80648ecb27a442f847546954e63d5196e3cdf81e410fe91b4e4f97e8cbc8ea6a7f9 +Signature = 7632ab719f25cf1d3baaaaacaa3fd102e519e0e2b6b153aad715a71582a5d36990dbbf807f9a71fe0390ddbff757de055399673a1fc0ca3e1e577ab380061875d5a3a60da90ca74eb437aa73910f128fb014a2b2cd0194e6a40f6a2f2697e2688f899e685f28b43f523d59f55b9050f8b7f11ea5960d9aa03fc5c94321c5a732 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = b2ca1c4b7d1a56595f8fe90c3e460b151c08ef26ebce3c9ea384bf68930e5c20f4894b78c4d381dbd24d6b5015dfe2a0413d5cbb9c695f580e7a3cdc789bf97d47568fa74913569ebfdbbd66b3623ee08c459135df9020778883bc86fa968e31d3ba509eb4e2bdec4fc24516c1d6061b23a7f85c5b4a67453829a72fbf060385 +Signature = 435ae89ed7ad4138aa8b19245dff3153b82971b6ad38233d39d34e9e388da6155e1c353575f74eecbabf1db03821dd38fe6047bf5027360f991abd890de235a0c1b545b5487d0ded6c4557c7ef74e12524534dd666804b861d4a778e42969a32295b63d1d70a105287b0ac75494e2dff1094a42118ec8d9b4ab28ee5cf746eaa + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = 9872df5b9025393394ae1b59030765ba60af6cea40fcfa1867b397422ed607a528bd147804688ed9b5148f08d10c03d337c26851f51ed3d369163418a67fdac018233a036c13eca3aa3ff61fa4434d2a9484995b017c3926e252870b06ae5d0db3cbd8668ece5b79ba56d70844544aa7bf1d86712bbd34f91c8e1884180a9775 +Signature = cc7a427ab109f85f16832c04bba7a0eebfcf4e236c7507b337fa9e1d437d89c908685a5bafda8e26e4c1027a841c809ea0693749c2461c834aa0a2344a2a332dc3a3440d895087278562a7e91114a052599de0aef06787aac8963b8ed2a97db088b808f0b91c17c91e24448b38fcee4cf0c76f4aafa0c61f380c97afc4dd49e1 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = 489a093a195392c15b4ab965677d572888209e061834592ae55b7562daebc1d1db41f2e4f058ea87a69a3a98b2f5e59bd83267b00b82f5c3d65a0703fa81149559689c8912b96c0dee321ee0fbb4df0a769775cbee4180d1a7f7ffad3df2178889b61012c89fa1bcfabd6d2789e2cddc2bf8d03d099880bc21d9674ae9665212 +Signature = 71fd89c20c030e2f1d32c9b3241f008daa2502d220a9ee24dfb937d6d0a91172c686ebe146a0b4aa881042f0645c65f3241edcaf3e6e5e2eeb1196bcafdbecd04bdec6d84aa6800b344a93c0e2243d6450adb68bba8168ac8fe713cdcf63956e502c04a5ef05ae603fa38b3ad50156598de70f740e35e5a175a6f045106a05f5 + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = 56f35f42516bfca0dc1d2d727a4fb6bb2bcfba68417c2beb6f07852723fbbc8c15fb7283204b6e0c52934aa53fdf6b6f9ae9378c069b81cb29d04887025ba2cc7d4af3bc456c6231da108ea4e3107c4ec50ed58c74fe4e888ae4671696df58dcb66748b668d3c1599d1e61360fead2a1d5c5fc3234ac786bb9cd489c8491c604 +Signature = 2ce4a58678ab5a9def663e03397756e4e6e345199657e2526c8515ef5c705d3db2775a28c2c65599dd786682170e36d502242837e688fc6020a4239ec7380765724645e97f4795fd0e50c257eb5c5b2f4332f6219231b44b3f5bb4605f45b901dae7af47300bb29478ff22b7405a383b20874564def9f3b470ce46ac6e560d83 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = 60e8b840316f75535b1171f6ea36c7ea71ba2e1607e7201f90a03b3a3edee73e576139fe389f17d59a019d82144ec036e16731ece43684f9e9e192e42e431c77229cb1166c87d1502f2d52b48cb903e6690c90f271b1a5df5c13568871edbfa74903e733d510ebeca3ff58345c5dd820920f11cfb840cafa729e4fcd10c617f5 +Signature = 500d43a05b3083bf9720d59e24856d8429d95fddf3caea9968d30962e14473b60017ad57f07086bb0f3ded5aaeb2b5034ecd541f64e7bd40bdd25dbfb0b1d46fc69c79a8f833ee3c758033f3a48a5d79ab0fdbedd726491880d5a13e6a545021125a0fd695b0d266f9e527237e119083c4b175abd8391ca0bd26cb84249bf1f0 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed +Msg = 7490b77f604083c6c88c5571a98ab96a8ea932b9b3457eb269791c6dbc350c775490d6c7995fcdf41b0695a5308ee348dff88407fcd1a1f7950741938dfb0f6a87d75e1405226a6ad192e0f79d21a1a9e662c3cc1e16d93909fb75cb68e4eb13d50e574deeb2e192b5d73f4f376a7cf56c90f8f25f3bb1e18efcc0fd941827dc +Signature = 7434621457f9841573fefc0be82779d44c687d15ab75a6f284bf86b1e0a31647b0a8f5aa8d8a8aa216647f7ba802724406b18ee473724e2fa9ede3cae83130487cec4145ec00d4ae5e0542f2a1a7be491e59bad6e05d0422e87e98ba5ce9ceefe43c5a96a94f260035d7e7131dacbdbdf7beb0a10e8883ff272884c602ce11bd + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = 343d565d85c1a326570cc4062d617711e00c7178ef5b52aa16ead8bf222353170306593e2326ba13f6f4b62ad3406e6e02fd990b1645788b7c9d0c3e557986e08103ff76fc1869796e93c636fdcf9875666798594c40aa87d0ca118a6182df77d5bcb0ccb99f989ee6715af45515db6e35d1d62a3a55d0e737f94f6bef474723 +Signature = 1ee5c565d81347bfe222945008daa3923e88e273d537b4f993197f8e2cceb60f477cd53a63950b9c0aa03d559fbe940a506be4e9d8a8f5335ddd514483a79e81e24388e31c90ca6906be6c314df7904d6a7961832c2175edfe0f41412bc042d646edf6897979ce0cf0f30cb36ae22fab36ca815ac5288ba7b3b49fc109aac798 + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = e302eccdfddf1455a17fd2870f737f23902fd1d8ab6cafc39bca443301ba53afd79bca3aa52399d5f701c4460ec0b718d6efdbe3187f66cdf16c775183a0623fea1448047138ec2c0695c125ecb04846b032980f5e473eb3f44448d3178c9d8d05b490b5cbe5b462b882f1ad110bd7b5064233e7e58ce07c8e99e0422747aba0 +Signature = 032678e9feed45edf12af67a5fda9d1941f2942512adf95b04804eba5ccf01f0b37bf9e6a2e01b482ac1afec7684ac896b0d8c4149338e3936422cc7058114faf4dbbf7bf3c330f3f1e8e16a4bb755ce1dce34fee376b6c58e352f88e6ec8f60c5319d45fa01d46d7fa5fd2eb7ac453d1b3d34c17e2c9cf3b851be7b734c733f + +Padding = EMSA4(SHA-512) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 5b546a186eb7af3e5c1270c3b97904efbd1189b79b17d9e10f24ba6936af5524a3d3eaa3af52c15a10db6401ae880b3bb2ab5876dfca441225e85ac57306233eceeae108a01f7fb2523dc92d1c6bd9751c21d173a633d023dc0b1ef27e35aa6a0322b710e825d28d48c2070dad2854e526fc5e789958635b5b1470b7fe44d4ef +Signature = 52119892d0cf2f9d556c9119979ed9d9e49cfcb4d634b951e7dbea750f97c1bcd2b713cde92ae5cb91979711aff3891aed1f514265d0ee7273630fdcde3818cd5ce63494604a89dcc9745d0fff9bfcfdada043ba2e669c9a51121fdc0a7adeaf132476815afb47440f3e47d6508f021938596e61be6a982561855c29447f89ab + +Padding = EMSA4(SHA-1) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 7a884d5e7edc74c10c44418e47ec7d7dd66db0012dfc8a200ee181824f2cbcc8dda3301f01fe0914e2574baa4cdcb9a9afc7f63a6b90eab14a6067aa4eca0c57aeb66a181b9d664c47fcde68a80290467a8c37bf0354f67b1a65fa08ead35c2af4a8447253215412441b44f0e5c8c9f93da6bcb87db2782785d984c5aaaf72e8 +Signature = 8103b5648993736624556e994e052f6fb9b7dad36bbb845bf788a31c325f02c6f13971900c08948f448438472230ea69a6002f52417b53e1d32954d96dd35443ccd459b98d4c211c2277b54b36310cbff6da97298cd6ef261a7b4f7027ee11b97081cc710a7a3bc65714e1c69cb37bc844023691ec9f704d57357eebec21a27f6e624f46d35d88a64cfded5c5fbce3e97e71bad21f8d09f07de8afcb73e5d165999ce7fabc8fba8100fc7efa85acd447afb593b97b8e86ad24c1b93e2266d9cd433331c6c9395e1a7a4431ec46d57d53a37afbc985db7e4ee32d34da6da2727b930fe6ce8d7429bc04ba4877760d73fd1ee9c8e22478737c73405136a4e3d5d2 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = 7ced8a54c8e35ef5c87d03ee6357b658e2e528eda55ad30f14c88d0cd9895ea04ddf8fbb2fd703859c73cb9f3b07f4acb9e4a311753465f87c25c09bb74a0ebf633e8b7ec28aac4a10c8b22fb9098058c975a9d5a431ce9cf78627cdee3f5f3aa852a526e8c3004d0dc6e22544240164fcdf62c29a19b6006e32ea29e631fa18 +Signature = 8c074bae48454875aefa2b7ea090d11d8860d7cbee5ee4c3ed02cb45aadb0b4516872b0e4521789d503b4e70092ca2a0c7a88efb7d74c63ce8dffcf06995af7c9567a8df05a01b243c5f3edcfa3922d06967bec9d0faad2c84486dd38602a416ef253e4a28f74ca290e4d743accccd204d8b136dd197e7a2f25a2707f339c6ba444c19bc047dff0584c479ab07c2ae68f219c3c430f19cae3f711c0efab8d09f85ab66ae948c357db67078a359b9c746d2d66b31486c83765ab097b540b5e6f626c9111a295855dff5c2acea102f6a29b9569909dad0d4c79a941a3e71b3137dc68ae2296b6f8175bfab205432e409be9075d12580b5c14924dd53c3d44745d7 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = e002377affb04f0fe4598de9d92d31d6c786040d5776976556a2cfc55e54a1dcb3cb1b126bd6a4bed2a184990ccea773fcc79d246553e6c64f686d21ad4152673cafec22aeb40f6a084e8a5b4991f4c64cf8a927effd0fd775e71e8329e41fdd4457b3911173187b4f09a817d79ea2397fc12dfe3d9c9a0290c8ead31b6690a6 +Signature = 4f9b425c2058460e4ab2f5c96384da2327fd29150f01955a76b4efe956af06dc08779a374ee4607eab61a93adc5608f4ec36e47f2a0f754e8ff839a8a19b1db1e884ea4cf348cd455069eb87afd53645b44e28a0a56808f5031da5ba9112768dfbfca44ebe63a0c0572b731d66122fb71609be1480faa4e4f75e43955159d70f081e2a32fbb19a48b9f162cf6b2fb445d2d6994bc58910a26b5943477803cdaaa1bd74b0da0a5d053d8b1dc593091db5388383c26079f344e2aea600d0e324164b450f7b9b465111b7265f3b1b063089ae7e2623fc0fda8052cf4bf3379102fbf71d7c98e8258664ceed637d20f95ff0111881e650ce61f251d9c3a629ef222d + +Padding = EMSA4(SHA-384) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = f991a40a6c3cda01f1a2fed01ca0cf425588a071205eb997a147fa205f3ec10448090e53f56be512309cf445b3f6764d33f157749d5199c7a09ef6246bd5c793b85d24d9093c4d4b318b48e11727cc8bb7aa5ec8699aba7466e074e1887bdf2a51752ec42f16d956fe5943cbcf9c99a5e89bfd940c9fe447fcf3bc823d98d371 +Signature = 6b42514e88d93079d158336897dc34b450e424d61f6ddcf86fe8c9a368ae8a22c4ee4084c978b5169379da10ae6a6ae8cd80028e198cd0a8db532cd78a409f53baf7d231b545835b0dc06d594d76868d986889419a959268fd321bbc8bad5e800e452fe1a1a2a5a851d542494473deb425171a2f37ffc4cf0600a8d561b20f777407bbef1b596f92e518c0929e8bd52b015c2718d14443a56056f65015515673deef32ae5399ae71f97873ec1508f8c41d6a66a13017685134e5425c4b580a7f6986c26fb272f0ed215d6698dcec9e7c5258173b295b3611869254a538945de952dedf291837df0d7a205e1b76b01140df4edce3afe7245d46ee3b292bb117b1 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 7811a407fe653ad2343d83c0499fc11e2951ef0a4791a3cd9a06396be5f72e783cbbca2cc47002babaf09cdeb70194b532ccbfd24691ae8eb598d59f2e6becedcb4296a1debf417eeddb4d74fb217072091a597ddd0893ff02d6ad61105098db2e90508bd4b8bec5d6e7deab9e651dfdb8210532955e1bc788a908d7150ef8ec +Signature = 3ad1f0faa9a36586154a382a1f2c10e819dc318a68be35f54f95401b0ef2ba5cc895f0d6bde28c8d3b364f60de03ce75a7af29e5807c1eec4cd70624756e2631eb46af010ca8cf93ee7d86a4af3ced5dd2a8a41c1feee6b4572070873939ae7a2ce75193945937461d0064eeba07760c495c5c70bdb04d89951de3f96525f8e44612493d490731e7ef7679a24b0b1e2b24c8003c2f94114e4193d6e54c0af9e870530b008530210ac0b0e4c7c79f379384e1bb319b5f2a0b622517ae5d27f0eaaf7958cb0b41849126075092e86e7e7be5eeacef9a8e3ec595432ef619858fe0d0517871b8b495c01af6f18d4e6d250dbd19280ef4f8a37d1b59a48fa41b831d + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = 4f9a34e96e649f8928a7c58a0c84d1bbbee1a4c84a69c95db7d4ab8ee06905777fc19b1f8bcd28a3c41b97908c547590f80aa74927b05882d2ea36872508decfcdcc94dd53743864a8f475ae01843c3ee45a71b583b9e4f24a2a827db40acd26624489e96e60b815fdbdc9ae131a0d0fac5b6ad3088a53f6461df7383477b9c2 +Signature = 890bce2539c7bc657983af81cff87ec799771438f6dcf417e01ee056270a0ddf6095fcb94bac89626101a34209c1bbe3d3bd301b3e8a7303cb7d5fe193b0d6422e1feb6eb1ea8f1f37b29089b54633fcabf23a28c9ca422de4f7851f292ddfda0d550673961b72cf2dad77b3b66c9f3bbab643e80c569a6f651be3c6496caf72478cd437fc85a57a1cdc78d8029b76a804d04013f16cd6b469c69e29d07409aca30c719c8659454fbd9da60a9f62165247db74d18799eba33508667d1b645268ba39d74d7d954bb41d607fb7820960687b022320e6c9a3853c2fae535bddd915347405f525c8ab40edbc9b7fc6c62d2373c0cc7edfcc4c956615cc08d49a4273 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = 7a27b3080a30aa2ad290a71e7668133943e04af91676a0f37996a20c106a9eec34f365b0dd594fdfc57f80a0cadb6a2a9485937b798d984d9d9273465e90f96feffaa6e742099dd92c53ebabc49f0c780cf8b0c1d300bf5fd9879abc355ca443f463011503e89dfe4f3370a72a5d010df1622931eb761a12759d9fd85c76a652 +Signature = 085c5953fbdf2078040447ebf7e351fa0516a403067570eeb072d5a2601db2e550399eb8d1f5a5d35174468490a1ce554422d0966bcc3dc42d8ecaa4a3805d2d642c9279a4a30673cf495a15fcfdf04d408631a72acc94ff85c8002bc084f5d35c6a2baa6734e6c411e1b89d4be6aacd6f4277b37b179b503e023e95babb1e4254b702703903e3157ed1ff8b7f8edd498bf95b50ba4b10f244738e259315a74fb479c2accb01634a856b3415b880a2441ab6f9f5f810248c0b1a74316600f013a85d52a870f8c926680a45f8f7fc117e6298c878667b1059280bc52e129c6ae51f96c0eb3348aef9c4c8039e7684294cec1392ca1d9f1d1a67822ea936e360ab + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f +Msg = a6a2c5c8718c64105fab8d44fc69d334273aa71e7475d924ce625cfc61944aeab77927eb202f6a33589939da64b375d3bd22f61db010183d053676ebdf3af50ce33c05e09cac237d1e5ea27ceae0acf2120b84a29ed80d702d759019e098ba227314e40eadaa98d4fb215090589880796f1cd7130476c2a6904633ee2b56a014 +Signature = 8ec5b4e7671975686b72eb3930f77ef3622119d0b2ae0618fa52c7410519c4f846c986001d3d82844ae4c13e99dee463448a498a652e9b725ddeb6323b83d5521637be0dee7b224c50dcaf6c7b9a2d26f9b0aad81ac6e4651f241d7a860b51c96ebfc3df978c5373b7846d3139f509dc16726f712c0e61af620b2c6db0955d0ae9cd4760bb9de6151e04bfa19df4d5aca2576f91ee7aba9eb446fee77c604faa5af87536f22fa6e239e898de906642fc6594be9328571b35a3a8420ac697ef993016f78def8a17d13698cc4c1876ee1006d814dc60161214a8f8b6f2a345c8b0c0fc645873b6bf9d2fbace2246f643a6d3a2e0b88929623a2e2a73823f6e325a + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = f3169de46af85cb510fbb4cf9c0aada9f875301ceafbc818f428a59679e1e6cd203d18a97e96f979efe082e8c43a252ea4c354872caf42e4d99aede1281b5cf8fb9d25f43f6a33a8cc09c6e08ccabb98e09f0e6c3f2d9d5021232f811bcbb4bc4bdfcfadf69d91aa701d88a13ce3f84f75b168b36c9e60c3936c725d9a177780 +Signature = 47b74ab96c333f1b60313998e9bdf5e313534c96c2f7b139f4fdc8295c8e53a1ae275b235a6931c69690ba8f1cd5bf9d3e1a6f8a23c9f026a592ddcfe35dc498ebef292ed49a87b4813ddcf04cfae8aaa6978f629ff58f24960985a452a09439a3aa027668055ac5900d62f5f584f8bdfaaa72489792fc32b6adc9d289dcbf5bb9a278ada1392b42a4e5b9714a1c3af00f937962477fe72b820dd4fce5cd2e25e6a56081d6119df474b7b7586b801680c4ecf9d067f584d79a9cd0f451aa90644096bf9e80bd469727ad7b7ceeb9cba63de2abd423ea96675d8fef64130e357a5d2f67da0fa528fb3ddbe2fd553033e517533c6d1c301c094ce0899bcbbcd4f2 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = 25e9e6c39ee6f5c455d81f868713362929cd68ae87300aac2bae94440095ec56b7e3e7f56a5b0d197fd89c94d0e2d048087f6296504b4e1a2ccbda959fffd42a96361bce842661fa493c2ea25831286b19de93198c5114463020ba5a23fd3eb78a8b8a34337179cd79acde996829c7fc2293031d816ae19afe553b7bd2b9b365 +Signature = 2e0b30ae35777c9f951b22740fccb88fdfa94e7d139c9eb105be1a1ce542f6efdf4eb3d1ab0b2342f8e354a0878e31f0bdec1eb67ed19491a086065af7e5188ed0b95e0dc88812f66d6c726fd672e03652432f85a9fe4766a7c315c0c695fc37c45ff5441d3177c4181f01c243ad3c9614e4c6f4f8b879ca8167a7790aca6b34c74936cba58e64cc4e32ffc8ad6c09c48ac59f1eb18dd11871ffccae98c465abd5885bddf59dcec5ddb31ce4ecd86bf6af207373a912b2717e726ce9ff555f3502e8cb83e287cf0f7c938cd4b26f075fd50e4127555ade94c974a4cf604ea5c5d9e94ce91fcb9a2bfc8743c06e69ca41ef029881c3d64078cc6311c694dee627 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = 36724717ec13584b5ae5c9816118a0f5596e1d37a88af088936baa875434720d6c2ef9553a0fb060cd7d3897f7ce19b3a212b8da6753830a5d1b6fbb2f37a4c072bb766f35469801d9878c3c23005e4f8f0a92fde71a5bfd15420ea136fbd5b7ef21a8ad043f79f8260dafb50d37d691c76095e75067e02962e96e818e076eb8 +Signature = 748b86aa568fd9db1c804ff3921350353a4e68f32a06066bbbb3933e630fb57db6ae097d26e167e9e7a7e594d30e5cf183347b691bb991e6249ea9f3b6b3ee9830b57e208b4f69b861febe5bf2a56c0f886ca715fc790e0112348436af22f56aaed69b9854ac1b4cdfb84fbe29a3faa7df9570e71950fff8d9c6d5138cb4ae7c6aa58e616a858ebc367a3b2fa813a95956bdf75d4db0d1ca3704fcd49a234fb6f0e9c5d17e220905c860da62eeecdfdd9beeccb3a43e86f5afd98e3003d523cd491897d3629c39ccd15f154554c369e6f03bd0afb92e5612d87418ef1844e812b12f718cedace11d61871f6337f6063aa41f542cd3b9fff2ddd8c42a9c9be792 + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = 0380169fd5b1da966bc268e6c705dd0d05716455d6464f9b30f06655442e7ed4b1734ec6f78d7ffe2e840278f8c5a697b47feab2f44e0fcf311772aebe33190afbcf8c1bcb92e65f48812b9ab520dc1cb3dac942b8a3273fbedce21c387735fe4a5b77a8390a384021818c56e660a7226c4aaa0d0b8fbd743d085ea89a43f839 +Signature = 329eb5bce7e499c789504948fc2a7d71bc5ed2ff9c408e523d97bbed7756024f587cf4875f5849e7571015a2abe6547cee2af4a01ec0b81eb8144315aa316dfba35b6763701484bb081596d250d8548fa2fc562e12e823bfa58c31a66e914307ff886caae281eeed9232b68fe47164a87c0cd2333cf69d416212af17f2aaf869b22d4525456d29b437802348c258e7778774a9f88451452519cfeb36c8c95a6edeb7b0d472981e34f4aa31eea1e7e13cac78cceb2133fa29e03507b400154fafb55f6a86c85d4b8fc467caee0c75e5402bde718d3773a3273e59c1f1f3a9c6d57f0b46902cd346e9f2aaa20b85811340107c5c9745d73abf4a74ed3a35ee8b47 + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = dc4c136c805849fe77b4b381e4c6b22a3ff69947a9b5aa6b7cbe42cb279c50e8396d0b6ebbe5e55cc396ba66466e4e982e81f63bac0895fcd0aaca4b57fb6802c4432747b28099b368ae5fb4ae459c2fdf04aa6a40ed0c2a9091a418e08d2669a555cdbe0c304d498d840832c35484397b071d9c0b6bf73be5f937fa6b5b7367 +Signature = 723f89429e5f8443defd528d57798d67548279cd169d185a0052e09472e1b37c313250136b2a5f8910e31229363515ad674ca9489d6c7ca7974277ba323110c152f664a79cfdb3453d4cfa6edd124f81384daae9b06f24f3599884e13db024393b5e211ca352149521eb37d29902de0c4392b44bcdf79d2f3792cc0a7edc3995aff9629719507a2bb35eaf2be9a88b74551a068e6e556d78f1662f0a78cc29be00acf9af7ba491940b8a731a3af7003654f15205c6171d009a015b68d423166e971cfce113bf2c7edae6af28a500d43e2f3bcb3b8dbe940eb0f8bb1a077bbfeac4cd20dbfe058605c31b3d1be79aaf1d051e27daab45597ac2838763e49caebe + +Padding = EMSA4(SHA-384) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = e4ceaf62ba10e317e1001d8a6a008843880790159597ffaf56ef666d8081bf747ba650fd6591d3f15a81d3b7f33b59490cb8c88ecb1b06e4dee6dcfb036ca0eace8a117ca79282cb12883b1133911cba91a883be1a93702d6715e70c4266965f65e0b88785fb39ce8f7b1b4132e818be9d3f894d8ae786b37be64f454355eafb +Signature = c269b61d34cb9814934aa8d2eac38f5d941d7b69e1e0cdebea5f275f9fc4a94007cfde1b33a0f9cec3d2b60c6b6675d8a91e7a3251d78c31943524ba75824cff10dee098205f0c84d0f941bf1098785597a88c10058f2c857f85e53a205de7cedc10ad3f1d2abe3cf7c61382c14eeb6d7b409f690f9690fe9b72eb84619fc1f95a8fab7bf9a35248d7e1c89559798c0958a75b85fcaf143b41c3a23864a548026d57209ef64c2d6d61bf9ac15257a531b10fcc06fa97fd6e3fe1a882bce6fd2b8eb5a6267835dd8eb0b5e3e21350f6650de66d27c719980e98ed96006115caf94c061fd3669dc64653843853269b1b6df0515cf67f3161024ab3cd99a4ff5f16 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = 19dc8b8a9da18dcb3cdcd54fe19fb766a8635ede3904bf27550dcfb5ae36f4a6fc2bbaa54d8fc80e9c411252a6de509ef987aeb74ee4c5291868caa05dd70596c506852ef1e313600db46457a9a49317c47bce632aad4fde01968d709e04b4eb9df653ef30a3550bb7be332491f9681b32c824aa7667448f351e82ed18c4e9ef +Signature = 694678413019405b4650f73897387df0a9a0744c345e52c02dbbc7d0083c71e0304d0d8cb47e08ac78ca34bcac209679671a036e1262285bddcf8d65082d8f49db6637bc2711f2ffcbebc84b0a96f581bd2de0e53ca24c715e416cb4f4da2eb4a4d0df893895910cfa4c346ee002f35792cfc066f25f048934b911dc748ecc88f709ba96f320b3f4ac84b740d7ecd32af63a833612a6b153e06f082e25b195fb0498e57c0e284ae03fdb27124f3af34b468ec03c8f9e2e4182a8d0d18f10221f79c13715be8ca77ce322f81f7555a57fe2e759f280d2a095d33ccc89ae1629b6386014df1215bc21cd8385548b1a149f57f2cf8487a6867a1bce842240050763 + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = 744a128d95416147b635c3ad244f885c5440759bc98dc446382a6d0ceb4ba4db6377a39741dea91267ec43395a1eca8bea152dd016e9f0072abf75a02a9e7beb737ee4d1a0a2bbc2ab2875ee54df77b8c758d96779406a1f53ecf4111236c1eeee885da179369e3dcb11e234dc3998cb313202cabb3a3878fcda71c66bbc7ecb +Signature = 2874dcd9997e8f60ed51f9c47246cf5d919cc2368ab2b5d6078ff80c78e36dbc9722c94c0788858cd5e46150c9734df75fc9da2ab6bfdb1c6cd7ea6a181489e5a7c4b499733e9663784e1c87cb79f90d830eccec4824f4f2565d885d31fe0897173ee3ae61d19488375ac3917652ae66fe56e683be86d7a8445e62ab134f3cb1cffc931fc04689fa317fab58c150a94a555e023088d410b316c4e79c1c57f90ab86199c26555b34d44397e11e9f9161984317ef5d5c489b501a1885ecd25a994583c263b2f2c415b7ba7faf237bf58471dbfadbdf09bcb0de1d095b5aeb3f20af46113bbf9638c138a2ba78683b69c8652ab401c3beb2bb06ddedbe61dcf398578fe4c958465aa1bc430140b68f0ce34e4c964b541e6d66825011a4bc367d95338fe6256c29fba249d98a1ae0e4db55fce67775f2cde1d8661b7753f5c5b3a476e7a2c94941e74fffeb41a8a3d38e2a8c3d9bf373c7a511411e211bd4381ff30d36ae66fd29c55345ac6b8fd07d0b91135fc6c190861aad1b2d5448bff181e7e + +Padding = EMSA4(SHA-224) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = 68b59f9de0146fa3a964bf399cabcbb685145fc727e8f70a81b925d850e13362d52b09ffd8cf52c4eda4db56f6913bfce944b9f8d4276a181e909a880f396dea92efc6a83a8e6889842c5c835c9592d1e2f8cb456ddfb5ded064589ddda2b295286b9e420e39fb1bf566096ad49f165cf7965b54fcf72185229e28c0c307488a +Signature = 0f49851133f72670c3aac857def0e20b2c3199cbf04fdb2360afd48a5f4a6d371cd77167e87f34daad9035afa520688f0705931f987f0a9d33dbb7d89a0cd4b286cef04c07b8a5b521ab7881d8a06b914cf416311e5dbc77637a8dd5752f114b3fe65e03130c603ea641252e1efda9cff7477054552174bb211e556eb27e5d9548a63545c01939e63568aac7295c87583578a4a46cb4a53f3e830ae9d09ba135800a97668d9844229b7e7c38e7df08bc9bc7f2ebbe462a43d224c9de34b386e67280350bd9f8ca05859519e07210cfcd1d3983b1d75aaeb9b9fed2d378f8ab233e501353dc8c35e7b573dd041924029bc7efc6a02aff08e2bfb1650da656c0073a04acfd2f3a09b4c41c857622d7bc42b81596157e61a2b8f6174f94af672de4b59e77d805fe5e62987afd740d34ae1e35b8c1b682996935258cf627b6cf85efb758f2d08507047f0aeba1127eae29fe00ca8738562eca3d55084b8c011bce7baffd902921b9e0de583f8979b97d93065f266a7eb546899127b8c287403decdd + +Padding = EMSA4(SHA-256) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = 0897d40e7c0f2dfc07b0c7fddaf5fd8fcc6af9c1fdc17bebb923d59c9fc43bd402ba39738f0f85f23015f75131f9d650a29b55e2fc9d5ddf07bb8df9fa5a80f1e4634e0b4c5155bf148939b1a4ea29e344a66429c850fcde7336dad616f0039378391abcfafe25ca7bb594057af07faf7a322f7fab01e051c63cc51b39af4d23 +Signature = 8ebed002d4f54de5898a5f2e69d770ed5a5ce1d45ad6dd9ce5f1179d1c46daa4d0394e21a99d803358d9abfd23bb53166394f997b909e675662066324ca1f2b731deba170525c4ee8fa752d2d7f201b10219489f5784e399d916302fd4b7adf88490df876501c46742a93cfb3aaab9602e65d7e60d7c4ceadb7eb67e421d180323a6d38f38b9f999213ebfccc7e04f060fbdb7c210206522b494e199e98c6c24e457f8696644fdcaebc1b9031c818322c29d135e1172fa0fdf7be1007dabcaab4966332e7ea1456b6ce879cd910c9110104fc7d3dcab076f2bd182bb8327a863254570cdf2ab38e0cda31779deaad616e3437ed659d74e5a4e045a70133890b81bc4f24ab6da67a2ee0ce15baba337d091cb5a1c44da690f81145b0252a6549bbb20cd5cc47afec755eb37fed55a9a33d36557424503d805a0a120b76941f4150d89342d7a7fa3a2b08c515e6f68429cf7afd1a3fce0f428351a6f9eda3ab24a7ef591994c21fbf1001f99239e88340f9b359ec72e8a212a1920e6cf993ff848 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb +Msg = d55869d6623971fa7c90b597b40354195106fc488a46bbcdf84812f14a4d4ca93b7a0dd0c1352eb387d2c8d29e6f8fe5701c621ef54020ae2938bc8abd40946f0c97fe2352de24ff18c113aaf3da0e276ed2281245ca1226d4f93103ce96f32e32f8645a7bfcfce618a7bba61b0c79e6357077ace2ad393ee1d498e4e71613ef +Signature = 9c2d846eacd75c81b7cadbbb0667f58ec2158c64ddbbc2af078082aea4047e30a59e74c3b5a58be9553253a7d8bd4e527a0daac1bf03f3bf7ce5cd8d20443eee2ee89a78c0692c08e3c452aa48b5aa76b31e00518e435fe8e7858229891ea0c16529ab09e3801b07f3ffbbc54bd821714ee90788d61f60a819d00ff40914e7aadcc596bae30253f495adf49ddfec4532b824e8866e39406c0021914f267e424ffc589440bd847baebf346608978bab8ab4795199ec755ac6151bf9466c5b085812eeda9f16b4dc22fef2908231bfc31211293374ce6f7d681959455c4cf0b6660895dc128a5bdc8445a0811f2e372123e5a21fc0638da5f26ae270930d2e096c6aa2178a4d84040e3de195cdbcd6940cbac0df96ae273a232a4c5a3fc2a2bb7e7b12e9c49d95ea2458cc7cf23ceaa2c8ce423327de1ffaf6ea6413a8843316418c2ae714fcd07f75c0e557c71229c137e0160eba1c29f2098245a8623ab1e05612485d0764448b2149ba1931513dd31b7ceea80549c26ef166d0e3aeecf7bf61 + +Padding = EMSA4(SHA-512) +E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = cc21593a6a0f737e2970b7c07984b070d761726296a07e24e056e68ff846b29cc1548179843d74dcee86479858b2c16e4cb84f2544b4ecdcb4dd43a04bb7183a768ae44a2712bf9ad47883acc2812f958306890ebea408c92eb4f001ed7dbf55f3a9c8d6d9f61e5fe32eb3253e59c18e863169478cd69b9155c335db66016f96 +Signature = 0aa572a6845b870b8909a683bb7e6e7616f77beff28746116d8bc4b7335546b51e8006ed0fc9a0d66f63ce0b9ebf792d7efd4305d7624d545400a5fd6a06b78f174b86803f7cd1cc93e3a97286f0ea590e40ff26195aa219fe1510a016785223606d9311a16c59a8fe4a6da6ecd0c1d7775039290c2aaa17ed1eb1b54374f7e572db13cca3a638575f8004aa54a2fa98422fc07e43ad3a20dd93001493442677d883914dc74ec1cbebbbd3d2b6bad4666d91457b69b46a1a61f21298f1a67942ec86c876322dd366ed167814e9c8fc9040c5b4b7a859bbd880cb6bc241b9e327ce779e0783b1cf445e0b2f5771b3f5822a1364391c154dc506fff1fb9d9a35f80199a6b30b4b92b92619a40e21aea19284015863c44866c61ed904a7ad19ee04d966c0aae390636243565581ff20bd6e3cfb6e31f5afba964b311dc2d023a21998c8dd50ca453699190bd467429e2f88ace29c4d1da4da61aac1eda2380230aa8dbb63c75a3c1ec04da3a1f880c9c747acdb74a8395af58f5f044015ccaf6e94 + +Padding = EMSA4(SHA-1) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = ab73de454dec96f7e9435a968b1ec3a7b5ca806cb1384c0726461de1ea409e4d17a7e06961314c45a610dd48c7778ccfb75b0b16d177b55c6f92c642b804c775b9774d8cb8ebe334c4fd458a9168cfc883cc342409ae73f52cc0071868635e92ba6b8d76fa22420a6b8ffa2591f874db42a5655c00e76d1a86594a2aa1664ced +Signature = 518da26aaed8f7d3ae91b2556e71586e97adedde3f4ff3e641892c19d5a5419c96214ed32f9095960ccadf7464af214c964fca23df2adc194049ff1f7685136a2a7e033f297b224086547e8169b115ea7796b6b0aaf4d949de198f9404acdb2a1d229db9e05080af35910e805efd6151e632e28a057de7ba7b01fb1f4ae8e3091a720eb7dc2ca1e2d7705195feb9d74a58afdfb3530d988df70adef2d474ae1e33c9c2b762a7222748e6b9aef284c543dfd8fec4474af4298f1372d9ed79e9f920210d7b8c43abc0a22acb6bcbc75607c53af746517ebc5fd1f8a560d64595ac7d07066222c355b211fd4891b8ca3b92b00019d32c4a9b80f2cc52bd70219cc473baec785349dfdb0214b01ee7e1c618d8c851de0c3c8a9d3c20557492355eb9068163e241ab9f335a2036f0471424d8ea5e80d0bc951fc75087d5128c13ba022d8b9cc02a54992bbef119a34b652c707c2f6d362b30b2e0065ef5177f6b3d3b15d0117f82c54b2ad62b26ba8d9958c2227afcadff47e5e77ae7755db69f6689 + +Padding = EMSA4(SHA-224) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = e883d8559b04cb610d3000d6af8887d72bd68e293fb7d5ddcc5762302a7c75afbfc6be9fd035ce9b96ebcc7f9533698529c315ae623e746411fd0b5d230f40c22e7e81914ad4c34022de2ea34bb0160fd4e92ec01e39f878ed208069c0f84a555e3589f4b2ec9196d8928f09780778bd53d23f261baf4b628847281ca83e7db0 +Signature = b0e596b45e09da386bacde6ec9c44e8a3aa54ad2d413c941bfa077de7b3838afeea98eb018ed40be73f5f8d617a212bc9eca171781c6ec837769d587450f17cb6a1bf594a620dcd254e0909a9ffac9814fdd4953b885cff3f099ef243206dc3f7c127325ea0bba1ea3341aaffcbadfee4845ebb55e3ad97e78bf41ca41eab4e784b6095be635ba7aadc5b58d702aa80fce64ff6252cda383557c37afa78148879e0dedc6d3828e8e8fabace3885f9f55ae887c44e935386a3d961fa7be2babd8716edb5dbbc0e587ba06a78e3492c6c029813a0dbead055c8d75573d70c3db7a087c8fdbd8c8da35ac2dc15f6e8f21df1e9f25d84b9ba186b3f3c8ecad13eacd98b18cb8ca2e312f1f7c7a719b184a524b003f22e4c504b2c085c85ffb1c035fc0717d1928922964bb837ce9ce4171cfbf09b6580281f7f8c0dfe0008ec4708352b47a0d812dbfce18fc564c6d1b0d5756848b08772c33c9a0052e1d50b4d9cba51e81d75ed097b6c29a0dd6ed5fdb2cf417eb0c1e09cfeac75149a38268821a + +Padding = EMSA4(SHA-256) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = 3abd43f1d741ddf0b752dd94197ab656288ff465e5dbccec6179f8932f02c248196a5e3f12247c376c8d1e004b87a73a5a64355fbc0731044645255beb91cdfd77d970e681ab70c19a9c2167cbead7a23f6043363c7aff2258ca6723e99aab7abdd322ef0b1ee116aa488dd181eb6d163f4bc3f24c7e5dceffd067f211658347 +Signature = 4740115f251b35cfe19d3816cc1fbf02b9a4d9470dc62b41cdb72284c30fffd34e7057559a73b44ac49fa7285f3e9a680bf1949562a47f01bfc55eb7bda9e291c9a5ce1a5d7b619590c0e1bd36943fa41b9cc9b2a3a742c2942c53ec3e45c77176e4bf32b7101ab4b05a996a21fe12921841f8f0fad1e71bdeff5a7f53e8766367311a98b9d8618a6198aa1662e587332c24283f9ecf2bb2d825f597d18256ce9c5864f1ffca37c4ec8df4f945cf22c974f5ef3dbb9f170b3978bddcc91b13b9e8550bfcdb74ac7349d531e1e3280fc005ac34c03608993b7876caf27c8bd5a97306292082f77d9144005bcd1046f27303185b6a7cac539f1e05805ee8d0772f37acc3e7fa0920171c19ec9266c4dd6d9e51766c4433a2831c3e5fb7d84341624ea9a25e1a2eb27ef2c7e8de491d94d8a8a31919bdd7cdf6073a1d88f452ff8d15e57cf6504a81843c24351c61a373b73acd84c76de916f290e0e9bdf51d8ffa63f867af587b5c759111671079ea28846466cc33df7683639d018337ebe13cb8 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = 5e91f67cbbbfdfaab386b3ecf5f02aaa92d48ba0a6f06f913b37c73a6a6c2086c3f02600f0d9678d94435a5b79eba015ebfa89595f1eda6b59dfce2b8c315a444245b5a7fea518386080c3c64a4240414168eb271693b240c5db1a8b9d658278a138ac572f4c7911dfe4f416ae1e92965cc9b9f412767e7848d2b344e6332189 +Signature = 56f14f6bf965b67d83b1401c8b23f4355c0f9c0d1db670f23c89086ec627df88fba5affc742661b0362728f83c447474348ee700ad8d58fa48e4a65a1d5bdbee40da7576d3b5c7071fbc9d9f98f083a9ad9a1397cf023abb81b2b0998db238a053fc4303c057ea27c542013e5cfab46bccfec5abaa3887f18eaf2878a114e5c2ef6957f4297a7b6ab006920b2c4b0ec53ceb8539c6143245bb357abebdcd699219e5a617848ff3eedb931373d3ec38a067685848c21be6f787f609b482363bf162b7df1db2f579041bf8349c34b88e48a7dabf178a3fff29dca6af55c45b4f94b24c68fde29f25f258cb3c44c8abb460c4276a5467e8547dff71f9ddf806d884f34451cb5adecdf854ddc8004fdb0bd301f36218ac78c37f05000dec91248c16fb8fa24d60b0b224638721f54e87137125bc815b2adab635b596890288fac155b613785cbf52582f81159212230bbd7d9de687b890d409ae477a61f089a174d4dc7b90bd4974d0b79b2e828d35c853bcbc46cba6a3a31b95d631af2af2051fa6 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = dddb05cb9bf10c14e7dd1e9f3b3d2b329a17f31676281011d2783794a432bb347db3525e6be11c471fbee1234b3d9b974e543470135290953673ce3a69b1cb5717dee85947f00e17c29cef0778268eb2207701651f70752aab7e74f6306e6324f2834f22f5c6e96b1a9eceb58aa00c6b57a8e25d6129c8b777c1af2fbf118a83 +Signature = 11107c6da7a76dba8ce8de3d5c90c6bccaf33fb9a7ec4d40a97fbcdebaf6e65c095b67dfa171c54a3364a6ded718e1bebbb497d15f1de133b58297e08c1b200f8466579cb8e9c3dbe5f724282e5bb28570a41d8d35ad6e131eb2a1d329d8b08d10faf76fdbe74217a276936b1593b1d3a11891d18641c0bee0c37e68bf75add9e7dcf3b9b4413fa3ec90676038161f68fe3af64d69a16fc22c8ea7c06f86bcbba6679b6fa45858c87ec2da8896920dfd77fd16d953e984624203cc2178d220fa47ba9a6ddbe759db3dc4224c7ccb09b29e200722a745d3329209323a082a3f7a2c624b4053fa42183dd22b7f49c4569f8c3d49515753b993ef8122c36985e96a3289af8d6e22934bbcf7551b1570923158d1b554c13f4fe08faff4898be92f6e66ff74a80b13703e0d2665db715c559e68bead6f6b7593f02efbd68c676256ae8695a51dab90e32986697f4ede076628176ca6b651918d749fd01a16a87adaad4aae93b8c05d92565ec68217aaab967623da3e5a5095642cc17d730a6d959cfa + +Padding = EMSA4(SHA-1) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = 6f8c5ab0de743f69bfebc93d28425330dfb2845b644e738731350ffa400cbf91ceac450f5f17e8b502b1d213d6adb71dcdc5b781b02e863863cbca5b6ba1c439ad8b33a6782e7596c630f0eabfa5b0897fca51b319f62092dccd7d12d5b784f39491ec1d33a22e3395d0ea6aec13879c7e2b1b98a88e8abd23a5f1c7863745e8 +Signature = 75ca1d0f756cb322ef458d0421af9aa6d0425c52864322129c63ae30e442e03342369283ca78ef95a29a2f58615847bc9a0f73d6ec8213d6863c30b84d56ea31684e6ad27b09a96bd8bb39b5aef2b25d40d3a7e1d47b3bfd6edd5170a84e669b7d5f7e81810280e41089ff7e4bce718b79d116c9ced7dc1e7ed6256a4ae480e9ef3e3af95de3ab5dbeccb5a36e60840b646ad418ed71c548fd68439e8098e63e55b3593a453cf87e9b8d7ceaea8cd8145173a6b36bf4c6d8b7e7231d3391440227ca8388d573b34e4838cd7e0a4402c45bf58c16120b6093686309c0cfabcf7e2f15de230289f59f5f9cf12841c75815b2da9c7d4f76998134d8df282e2a42cceb28d4f29740434422b1a8e7ffc1ef42383c4a31073421b034f709f6192308367d4f7283d068d4f128fa6574a2a305ec7033368923918ace1776cba31bde0bcaa833b5a9bcada359b26157487fbe01bd94169de91a1c45d928ef69de1f91b231b0b43e8d827d4f08ba15cca460525a03c4e381a44c1fac3515bb3d61a8d520c1 + +Padding = EMSA4(SHA-224) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = e28b42777e68da66c97814b91025c3c4e31310e1c500c97027effc1b9885c55f36b364476895927bcf9a167a79e6932458f4a47bf3802aaa5ca4e547624142d507a0748d3559c65eac7430323fcf287340bfbacd39fadb36dcb5fb2c3d09d93e3f9b9bce4c7c1e154a4e8b68caa92bb982bd7c60fd38841c916a655492a632a3 +Signature = 7cf8440fa34025c9811aec02028bb2b7f3674aa29e755b8850b43e0ef297e08925745003740417be744ed2d69189dcffbf76026db75a5210c48f55b894e58b467e415275564e9e919f924b3272ac21aa152b865303975d9c3dc7e0c1fffeb60bb0e7d1e1fc159d85f69bbd19555326f010b3583c145989ff0b37e22f156ea4b67f31b918d263b337d4d505c03bc09109cd563a3b83ab3d9eddbe83c1eab35f2f861bcc8aefacc53d919f9f3d92fba06b52b11bd91adf5f91c883ace20c528a6210d89878ca1495a44dba51e8544300649db46e2a7e5d05c165ca7f684097540264fde41ff4fc9cad42b2a669b9cdd17b168e730a4de41fc0ea8faa07eaf0ff64b3279b2bae262e78ce317fdaba6c2f8693296e2a2b74d5418b5fc7e2d847b5be7595c69bd7c4e0a4367325411d50273ba1708d773fa07209f92ba4d89aafa46a6583412aba1fab691ee1ee0994e65ccbb8f31ca1e3b405636a24648e024b3e523be241919511e044adb3dfdb56836c6cf9f07090b5d1f729ad1d38f3c07eed85 + +Padding = EMSA4(SHA-256) +E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = d1acd4a6035f23bfe67006132a1cd474ef58c0113670f53c95eee57030bddd92e48edd77c57ba8a7cbea1760c8b5b2de9d8881daae8a2051933f128611ad574a48bd417b2de583cb3b048bc2668d120751e8f1dbc01536e650937736668066856501a6ba24e4ddb39f840b42eced1a757141b61b555b5e8334b1bb87177f31c9 +Signature = 55613f64331abd971e822cc3d972f67e782b6af81aac0b80e2f6324da6d9f33c46f8b7e24c94deee7e98525aaf4ca6843753df3d444e1e0540f9c196ffbbcb4fca7aad4ba94288f911650e3caf6dd22f87923fa4b12e2d6b115f2fe773af2563cc760de88cfa6e16878dd9c07f0d45b10a224d1a7ee1d26ffadfd38b78004a2045b35d9cb9fccdc715668a7401db7adef109ebcaafc5269d377c1e8f7d4292459c801a93c4d07ef477f87175aa35e002a03c2051985fcb6963e9bf96e28e55eb52a3554475f9095f24a9e422fa84b60590e8b8d6ec91dcf6a584cc8a934e551befeedc0f0f48dadf293f0f9260ee22d72ea46e271045b66516b2bebeed52722aec5f084085f8faa689308bc13fa5b9e5b0aadf2766258e01d4b8ddbe0d328aa112237ec10b115be83fae8a0113f8890edab79d0463c9ec6e2db4504693535dcf7695f84425e9f7b73e4f18bc072f5131989b0cdb07f496f15e562d07f0711cf979f1aa4d140d9783efd6f96c41fe5fb79e5d5d689dd5a705f1ff837754031a39 + +Padding = EMSA4(SHA-384) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = f6f47d4bd1da9f9fe5b02b1867a323fb96c9d6b14c650f25d3668c6ef930b1ae679f7e3a2e49bffba30482146da9cec4dc17928e7d7adc98ebcd4b52e79dc757ab106f987c27d3b77f4064b1cddf29c0c9adb380b2c15250741f89fbc47ec0986b4f39aee2fa459c206bb838b0cd9ab706951fcd13c3d91417642db2b75c0437 +Signature = 5592798437c8c3a7f2d02b41891b25d9b81c8bd63a7e539477a9a995f19438af7cad25645ec908d3fc00ff47a7d2142241241a90ba742eeff3b28889b80209d30e3a610007e646954bc78ec5c8016421ebe7bbabc7f65aa029105c2c1f12fedfcc9d57864c5526018543c9de3fac3ab80fd9c7cfde719c79a63f94f813f86911e21b6de23aae07e77f13905af8f118b53bfb5c7c64225f2f12d0f16b82d6c18450df655176b1f4b804af1cf266640f7b855e2b63dad7ee4ebca63c450b66790c1845c484fb2bcd73eede97b8b722a96387cfe4f2fdcd50e35b4e7de29bc28094d7915f0a56673d668858ef90a58fa76993ba3861d73c10a8d37a88190ac4a99589279b31d156750c275b025e7866e69e796c037629c4d154b0f0435a99af8847d6cbae073b01965e7ae3a0ff3123d81e0ec03858824a3cac04a9c34e95989fd5c82d89ff40aa3cae21e04c68d344eed7bdd61ca92ef1c42ae40b92a66c55e41c0d8802acc4d226d0d684fbb2f7370751babb974c3dd3dfcd6e348a2c22e006e8 + +Padding = EMSA4(SHA-512) +E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb +Msg = be2f3e1dc8a3711570401bd535185426944d094e8481a12a438de07d54760c88c99d4fdbbe355d6a26fa56e3ca20ee3f8e8acb98f63d2f3aea14d6fcb6b522d155c3759aef56de3ea0a8f9fd7b111001cf358636a87c765c99c2975bb95063d6ec0b780264ec3eb967b0caca52d10294deb402d3a224bfb9d9ffea41662f18c0 +Signature = 787cdd6e1d4fdf9a0d9f965eb85725232a9efcc12abfa1ef25a81e0983111d9000d494fc7d3201eb3bba327302727f7086147a755b4827030c7276536f425593ab2e9127a149e754de7ad77f8c2043267db49f8a35031d83f13d140d5df4d424b47454041a23b92ff6818e749d65d01fc50bebf69152f3f5fcb4873b1036219e22b1e74f8368c8c501ce65f2c929d90a8ec899630e802547a7ca6ef18ab3cb3eb4a691ee68aebeaf1b9c055ad12218039cf480cd8d294332c5e16ebbe6af11f8f4bf49f9b4ed2f511126ae780a3b784be8f4426abd17f8600074483f2af3b71a8964c6e0fa00049a1d940d34cc08839e0c59253d99e90d17871d489674695663626166d36ff91d8c2299a2f051eae2d60e8ed0bc3fac1e490b470c12f3d697f6fbfd880de2e90e9fcbd485fa3393198372fb01e4cec5c15917ecdd42e57c43ecf55a8c0ecbdcef1bce4e36d96d46b112570b53f82f3d2064b08ac78613670a28ea69d79c717eb1c294090dbd561fa6e504d09d265724e37a2dc6f445f6f528c9 + +# from RSA: ftp://ftp.rsa.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 +Msg = cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0 +Signature = 9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 +Msg = 851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e +Signature = 3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 +Msg = a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470 +Signature = 666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 +Msg = bc656747fa9eafb3f0 +Signature = 4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 +Msg = b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4 +Signature = 1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 +Msg = 10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73 +Signature = 2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 +Msg = daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360 +Signature = 014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 +Msg = e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe +Signature = 010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 +Msg = 52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1 +Signature = 007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 +Msg = a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff +Signature = 009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 +Msg = 86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f +Signature = 00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 +Msg = 049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1 +Signature = 00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6 + +# THIS TEST FAILS +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 +Msg = 594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057 +Signature = 0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 +Msg = 8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451 +Signature = 02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 +Msg = 1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051 +Signature = 0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 +Msg = 8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec +Signature = 0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 +Msg = fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64 +Signature = 021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 +Msg = efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb +Signature = 012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 +Msg = 9fb03b827c8217d9 +Signature = 0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 +Msg = 0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f +Signature = 049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 +Msg = 288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca +Signature = 03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 +Msg = 6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee +Signature = 0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 +Msg = e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73 +Signature = 022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 +Msg = afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50 +Signature = 00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 +Msg = 30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29 +Signature = 0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 +Msg = e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469 +Signature = 08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 +Msg = 8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b +Signature = 05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 +Msg = 328c659e0a6437433cceb73c14 +Signature = 0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 +Msg = f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e +Signature = 0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 +Msg = c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282 +Signature = 02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 +Msg = 0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c +Signature = 04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 +Msg = 2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715 +Signature = 0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 +Msg = 0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41 +Signature = 086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 +Msg = 337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf +Signature = 0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 +Msg = 84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73 +Signature = 02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 +Msg = 9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183 +Signature = 0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 +Msg = 9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9 +Signature = 187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 +Msg = 8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3 +Signature = 10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 +Msg = 808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9 +Signature = 2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 +Msg = f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c +Signature = 32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 +Msg = 45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032 +Signature = 07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 +Msg = 2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf +Signature = 18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f +Msg = 81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb +Signature = 0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f +Msg = e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08 +Signature = 2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f +Msg = e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7 +Signature = 2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f +Msg = dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8 +Signature = 1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f +Msg = 04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef +Signature = 33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f +Msg = 0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd +Signature = 1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b +Msg = a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5 +Signature = 586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b +Msg = c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e +Signature = 80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b +Msg = 0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594 +Signature = 484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b +Msg = 1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8 +Signature = 84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b +Msg = 1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341 +Signature = 82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b +Msg = 88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797 +Signature = a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 +Msg = 883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609 +Signature = 82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 +Msg = dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac +Signature = 14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 +Msg = 48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db +Signature = 6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 +Msg = 0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a +Signature = 34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 +Msg = f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916 +Signature = 7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc + +Padding = EMSA4(SHA-1) +E = 0x010001 +N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 +Msg = 25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7 +Signature = 6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index e31d3265ca..cb08953698 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -12,6 +12,8 @@ #include #include #include + #include + #include #endif #include @@ -317,6 +319,130 @@ std::vector Extended_Path_Validation_Tests::run() BOTAN_REGISTER_TEST("x509_path_extended", Extended_Path_Validation_Tests); +class PSS_Path_Validation_Tests : public Test + { + public: + std::vector run() override; + }; + +std::vector PSS_Path_Validation_Tests::run() + { + std::vector results; + + const std::string pss_x509_test_dir = Test::data_dir() + "/pss_x509"; + + try + { + // Do nothing, just test filesystem access + Botan::get_files_recursive(pss_x509_test_dir); + } + catch(Botan::No_Filesystem_Access&) + { + Test::Result result("RSA-PSS X509 signature validation"); + result.test_note("Skipping due to missing filesystem access"); + results.push_back(result); + return results; + } + + std::map expected = + read_results(Test::data_file("pss_x509/expected.txt")); + + std::map validation_times = + read_results(Test::data_file("pss_x509/validation_times.txt")); + + auto validation_times_iter = validation_times.begin(); + for(auto i = expected.begin(); i != expected.end(); ++i) + { + const std::string test_name = i->first; + const std::string expected_result = i->second; + + const std::string test_dir = pss_x509_test_dir + "/" + test_name; + + Test::Result result("RSA-PSS X509 signature validation"); + result.start_timer(); + + const std::vector all_files = Botan::get_files_recursive(test_dir); + + if(all_files.empty()) + { + result.test_failure("No test files found in " + test_dir); + results.push_back(result); + continue; + } + + std::shared_ptr crl; + std::shared_ptr end; + std::shared_ptr root; + Botan::Certificate_Store_In_Memory store; + std::shared_ptr csr; + auto validation_time = Botan::calendar_point(std::atoi((validation_times_iter++)->second.c_str()), 0, 0, 0, 0, + 0).to_std_timepoint(); + for(auto const& file : all_files) + { + if(file.find("end.crt") != std::string::npos) + { + end.reset(new Botan::X509_Certificate(file)); + } + else if(file.find("root.crt") != std::string::npos) + { + root.reset(new Botan::X509_Certificate(file)); + store.add_certificate(*root); + } + else if(file.find(".crl") != std::string::npos) + { + crl.reset(new Botan::X509_CRL(file)); + } + else if(file.find(".csr") != std::string::npos) + { + csr.reset(new Botan::PKCS10_Request(file)); + } + } + + if(end && crl && root) // CRL tests + { + const std::vector> cert_path = { end, root }; + const std::vector> crls = { crl }; + auto crl_status = Botan::PKIX::check_crl(cert_path, crls, + validation_time); // alternatively we could just call crl.check_signature( root_pubkey ) + + result.test_eq(test_name + " check_crl result", + Botan::Path_Validation_Result::status_string(Botan::PKIX::overall_status(crl_status)), + expected_result); + } + else if(end && root) // CRT chain tests + { + // sha-1 is used + Botan::Path_Validation_Restrictions restrictions(false, 80); + + Botan::Path_Validation_Result validation_result = + Botan::x509_path_validate(*end, + restrictions, + store, "", Botan::Usage_Type::UNSPECIFIED, validation_time); + + result.test_eq(test_name + " path validation result", + validation_result.result_string(), + expected_result); + } + else if(end && !root) // CRT self signed tests + { + std::unique_ptr pubkey(end->subject_public_key()); + result.test_eq(test_name + " verify signature", end->check_signature(*pubkey), !!(std::stoi(expected_result))); + } + else if(csr) // PKCS#10 Request + { + std::unique_ptr pubkey(csr->subject_public_key()); + result.test_eq(test_name + " verify signature", csr->check_signature(*pubkey), !!(std::stoi(expected_result))); + } + + result.end_timer(); + results.push_back(result); + } + + return results; + } + +BOTAN_REGISTER_TEST("x509_path_rsa_pss", PSS_Path_Validation_Tests); + #endif } From 85c97aa989e93861f1623ac05fc4f8c7610f976d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Fri, 20 Oct 2017 17:09:44 +0200 Subject: [PATCH 0078/1008] Fall back to default group if client does not send any DH groups --- src/lib/tls/msg_server_kex.cpp | 20 +++++++++++++++++++- src/lib/tls/tls_server.cpp | 1 - 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 0765e1bdc9..ab75d3a9b5 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -59,7 +59,25 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, const std::vector& dh_groups = state.client_hello()->supported_dh_groups(); - std::unique_ptr dh(new DH_PrivateKey(rng, DL_Group(policy.choose_dh_group(dh_groups)))); + std::string group_name; + + // if the client does not send any DH groups in + // the supported groups extension, but does offer DH ciphersuites, + // we select a group arbitrarily + if (dh_groups.empty()) + { + group_name = policy.dh_group(); + } + else + { + group_name = policy.choose_dh_group(dh_groups); + } + + if (group_name.empty()) + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Could not agree on a DH group with the client"); + + std::unique_ptr dh(new DH_PrivateKey(rng, DL_Group(group_name))); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index fb8317a1ca..9f1dfe1d1f 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -193,7 +193,6 @@ uint16_t choose_ciphersuite( if(suite.valid() == false) continue; - // TODO supported groups SHOULD have preference over ciphersuite list if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false) continue; From 558b66b0d56879f9b204266d08e661ff90667d20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Fri, 20 Oct 2017 17:59:08 +0200 Subject: [PATCH 0079/1008] Remove check for negotiated DH group in TLS client The server may not support the supported groups extension and choose an arbitrary group. RFC 7919 permits clients to continue if the group is acceptable under local policy, which we do now. --- src/lib/tls/msg_client_kex.cpp | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 1c3950a035..3291b6eb5a 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -100,35 +100,6 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, if(reader.remaining_bytes()) throw Decoding_Error("Bad params size for DH key exchange"); - /* - * If we offer ffdhe groups in the client hello, - * p and g must match one of these groups. - */ - std::vector allowed_groups = policy.allowed_groups(); - bool server_sent_requested_group = false; - - if(!allowed_groups.empty()) - { - for(const auto& allowed_group : allowed_groups) - { - if(Supported_Groups::is_dh_group(allowed_group)) - { - DL_Group client_group(allowed_group); - if(client_group.get_p() == p && client_group.get_g() == g) - { - server_sent_requested_group = true; - break; - } - } - } - } - - if(!server_sent_requested_group) - { - throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, - "Server sent unexpected DH key for DHE exchange"); - } - /* * A basic check for key validity. As we do not know q here we * cannot check that Y is in the right subgroup. However since From d34d1edc22e947b8b4a95ee86d268592d03675a8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 18:03:27 -0400 Subject: [PATCH 0080/1008] Update side channel notes --- doc/manual/side_channels.rst | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/doc/manual/side_channels.rst b/doc/manual/side_channels.rst index f7b7cdd6d3..5656001e48 100644 --- a/doc/manual/side_channels.rst +++ b/doc/manual/side_channels.rst @@ -104,12 +104,9 @@ See eme_oaep.cpp. Modular Exponentiation ------------------------ -Modular exponentiation uses a fixed window algorithm with Montgomery representation. -In the current code, information about the exponent is leaked through the -sequence of memory indexes; we currently rely on randomized blinding at higher -levels of the cryptographic stack to hide this. A future project would be to -change this to use either Montgomery ladder or use a side channel silent table -lookup. See powm_mnt.cpp. +Modular exponentiation uses a fixed window algorithm with Montgomery +representation. A side channel silent table lookup is used to access the +precomputed powers. See powm_mnt.cpp. The Karatsuba multiplication algorithm has some conditional branches that probably expose information through the branch predictor, but probably? does not @@ -239,8 +236,8 @@ const time 8x bitsliced AES could be integrated fairly easily. GCM --------------------- -On x86 platforms which support the clmul instruction, GCM support is fast and -constant time. +On platforms that support a carryless multiply instruction (recent x86 and ARM), +GCM is fast and constant time. On all other platforms, GCM is slow and constant time. It uses a simple bit at at time loop. It would be much faster using a table lookup, but we wish to avoid From b1566227fc22d4b94b1828b0916864a621ad22d5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 18:03:37 -0400 Subject: [PATCH 0081/1008] Update news --- news.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/news.rst b/news.rst index e1f6242684..eac8422bee 100644 --- a/news.rst +++ b/news.rst @@ -4,8 +4,8 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Optimizations for OCB, CFB, SM3, SM4, GMAC, GCM (#1253), - CAST-128/CAST-256 (#1247). +* Optimizations for OCB, CFB, SM3, SM4, GMAC, GCM (GH #1253 #1262), + CAST-128/CAST-256 (GH #1247), TLS-CBC ciphersuites (GH #1269) * Reduce the overhead of ffi calls. From 2a5f2c78fcf44987e38c79ea92b95bacec6ee004 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 18:04:17 -0400 Subject: [PATCH 0082/1008] Add GHASH using SSSE3 About 30% faster than scalar on Skylake --- .../aead/gcm/clmul_ssse3/clmul_ssse3.cpp | 60 +++++++++++++++++++ .../modes/aead/gcm/clmul_ssse3/clmul_ssse3.h | 20 +++++++ src/lib/modes/aead/gcm/clmul_ssse3/info.txt | 9 +++ src/lib/modes/aead/gcm/ghash.cpp | 18 +++++- src/tests/data/aead/gcm.vec | 2 +- 5 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp create mode 100644 src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.h create mode 100644 src/lib/modes/aead/gcm/clmul_ssse3/info.txt diff --git a/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp b/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp new file mode 100644 index 0000000000..3aace10946 --- /dev/null +++ b/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp @@ -0,0 +1,60 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include + +namespace Botan { + +BOTAN_FUNC_ISA("ssse3") +void gcm_multiply_ssse3(uint8_t x[16], + const uint64_t HM[256], + const uint8_t input_bytes[], size_t blocks) + { + const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + + const __m128i* HM_mm = reinterpret_cast(HM); + + __m128i X = _mm_loadu_si128(reinterpret_cast<__m128i*>(x)); + X = _mm_shuffle_epi8(X, BSWAP_MASK); + + const __m128i ones = _mm_set1_epi8(-1); + + for(size_t b = 0; b != blocks; ++b) + { + __m128i M = _mm_loadu_si128(reinterpret_cast(input_bytes) + b); + M = _mm_shuffle_epi8(M, BSWAP_MASK); + + X = _mm_xor_si128(X, M); + + __m128i Z = _mm_setzero_si128(); + + for(size_t i = 0; i != 64; i += 2) + { + const __m128i HM0 = _mm_load_si128(HM_mm + 2*i); + const __m128i HM1 = _mm_load_si128(HM_mm + 2*i + 1); + const __m128i HM2 = _mm_load_si128(HM_mm + 2*i + 2); + const __m128i HM3 = _mm_load_si128(HM_mm + 2*i + 3); + + const __m128i XMASK1 = _mm_add_epi64(_mm_srli_epi64(X, 63), ones); + X = _mm_slli_epi64(X, 1); + const __m128i XMASK2 = _mm_add_epi64(_mm_srli_epi64(X, 63), ones); + X = _mm_slli_epi64(X, 1); + + Z = _mm_xor_si128(Z, _mm_andnot_si128(_mm_unpackhi_epi64(XMASK1, XMASK1), HM0)); + Z = _mm_xor_si128(Z, _mm_andnot_si128(_mm_unpacklo_epi64(XMASK1, XMASK1), HM1)); + Z = _mm_xor_si128(Z, _mm_andnot_si128(_mm_unpackhi_epi64(XMASK2, XMASK2), HM2)); + Z = _mm_xor_si128(Z, _mm_andnot_si128(_mm_unpacklo_epi64(XMASK2, XMASK2), HM3)); + } + + X = _mm_shuffle_epi32(Z, _MM_SHUFFLE(1, 0, 3, 2)); + } + + X = _mm_shuffle_epi8(X, BSWAP_MASK); + _mm_storeu_si128(reinterpret_cast<__m128i*>(x), X); + } + +} diff --git a/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.h b/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.h new file mode 100644 index 0000000000..7b1d19d9bb --- /dev/null +++ b/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.h @@ -0,0 +1,20 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_GCM_CLMUL_SSSE3_H_ +#define BOTAN_GCM_CLMUL_SSSE3_H_ + +#include + +namespace Botan { + +void gcm_multiply_ssse3(uint8_t x[16], + const uint64_t HM[256], + const uint8_t input[], size_t blocks); + +} + +#endif diff --git a/src/lib/modes/aead/gcm/clmul_ssse3/info.txt b/src/lib/modes/aead/gcm/clmul_ssse3/info.txt new file mode 100644 index 0000000000..a802b5f20e --- /dev/null +++ b/src/lib/modes/aead/gcm/clmul_ssse3/info.txt @@ -0,0 +1,9 @@ + +GCM_CLMUL_SSSE3 -> 20171020 + + +need_isa ssse3 + + +clmul_ssse3.h + diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp index c3c2453e89..51477f43a9 100644 --- a/src/lib/modes/aead/gcm/ghash.cpp +++ b/src/lib/modes/aead/gcm/ghash.cpp @@ -15,6 +15,10 @@ #include #endif +#if defined(BOTAN_HAS_GCM_CLMUL_SSSE3) + #include +#endif + #if defined(BOTAN_HAS_GCM_PMULL) #include #endif @@ -28,6 +32,11 @@ std::string GHASH::provider() const return "clmul"; #endif +#if defined(BOTAN_HAS_GCM_CLMUL_SSSE3) + if(CPUID::has_ssse3()) + return "ssse3"; +#endif + #if defined(BOTAN_HAS_GCM_PMULL) if(CPUID::has_arm_pmull()) return "pmull"; @@ -47,6 +56,13 @@ void GHASH::gcm_multiply(secure_vector& x, } #endif +#if defined(BOTAN_HAS_GCM_CLMUL_SSSE3) + if(CPUID::has_ssse3()) + { + return gcm_multiply_ssse3(x.data(), m_HM.data(), input, blocks); + } +#endif + #if defined(BOTAN_HAS_GCM_PMULL) if(CPUID::has_arm_pmull()) { @@ -56,8 +72,6 @@ void GHASH::gcm_multiply(secure_vector& x, CT::poison(x.data(), x.size()); - // SSE2 might be useful here - const uint64_t ALL_BITS = 0xFFFFFFFFFFFFFFFF; uint64_t X[2] = { diff --git a/src/tests/data/aead/gcm.vec b/src/tests/data/aead/gcm.vec index 4a3c955b54..3eaa85d348 100644 --- a/src/tests/data/aead/gcm.vec +++ b/src/tests/data/aead/gcm.vec @@ -1,5 +1,5 @@ -#test cpuid aesni ssse3 clmul +#test cpuid aesni clmul pmull ssse3 [AES-128/GCM] # Nist | Test Case 1 From a6e051bea6e7341f8f7b8ab40e042e1e099b9b8b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 18:13:11 -0400 Subject: [PATCH 0083/1008] Remove redundant check CBC mode already has this same size check. [ci skip] --- src/lib/tls/tls_cbc/tls_cbc.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index f38419ba7b..ca80a3d3c7 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -150,9 +150,6 @@ void TLS_CBC_HMAC_AEAD_Encryption::set_associated_data(const uint8_t ad[], size_ void TLS_CBC_HMAC_AEAD_Encryption::cbc_encrypt_record(uint8_t buf[], size_t buf_size) { - const size_t blocks = buf_size / block_size(); - BOTAN_ASSERT(buf_size % block_size() == 0, "Valid CBC input"); - cbc().start(cbc_state()); cbc().process(buf, buf_size); From cba904d7a474ef4151654c762d110ffd19841b33 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 20:15:16 -0400 Subject: [PATCH 0084/1008] Allow setting CTR width via string Prohibit very small counter widths (under 4 bytes), since they lead to trivial keystream reuse. Add tests. Fix clone which always returned an object with a block-wide counter. --- news.rst | 7 +++++++ src/lib/stream/ctr/ctr.cpp | 8 ++++++-- src/lib/stream/ctr/ctr.h | 2 +- src/lib/stream/stream_cipher.cpp | 10 +++++++--- src/tests/data/stream/ctr.vec | 18 ++++++++++++++++++ 5 files changed, 39 insertions(+), 6 deletions(-) diff --git a/news.rst b/news.rst index eac8422bee..118c41d147 100644 --- a/news.rst +++ b/news.rst @@ -13,6 +13,13 @@ Version 2.4.0, Not Yet Released They have been changed to use the correct encoding, and a test added to ensure such errors do not recur. +* Counter mode allows setting a configurable width of the counter. + Previously it was allowed for a counter of even 8 bits wide, which + would mean the keystream would repeat after just 256 blocks. Now it + requires the width be at least 32 bits. The only way this feature + could be used was by manually constructing a ``CTR_BE`` object and + setting the second parameter to something in the range of 1 to 3. + * Add an OID for RIPEMD-160 Version 2.3.0, 2017-10-02 diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index d0b44589b9..99a589bb9c 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -32,7 +32,7 @@ CTR_BE::CTR_BE(BlockCipher* cipher, size_t ctr_size) : m_iv(m_cipher->block_size()), m_pad_pos(0) { - if(m_ctr_size == 0 || m_ctr_size > m_block_size) + if(m_ctr_size < 4 || m_ctr_size > m_block_size) throw Invalid_Argument("Invalid CTR-BE counter size"); } @@ -55,7 +55,11 @@ void CTR_BE::key_schedule(const uint8_t key[], size_t key_len) std::string CTR_BE::name() const { - return ("CTR-BE(" + m_cipher->name() + ")"); + if(m_ctr_size == m_block_size) + return ("CTR-BE(" + m_cipher->name() + ")"); + else + return ("CTR-BE(" + m_cipher->name() + "," + std::to_string(m_ctr_size) + ")"); + } void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length) diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h index 3ff63b8e58..c4c5981616 100644 --- a/src/lib/stream/ctr/ctr.h +++ b/src/lib/stream/ctr/ctr.h @@ -34,7 +34,7 @@ class BOTAN_PUBLIC_API(2,0) CTR_BE final : public StreamCipher std::string name() const override; CTR_BE* clone() const override - { return new CTR_BE(m_cipher->clone()); } + { return new CTR_BE(m_cipher->clone(), m_ctr_size); } void clear() override; diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp index f33d68296b..c0e75c0a8c 100644 --- a/src/lib/stream/stream_cipher.cpp +++ b/src/lib/stream/stream_cipher.cpp @@ -44,12 +44,16 @@ std::unique_ptr StreamCipher::create(const std::string& algo_spec, const SCAN_Name req(algo_spec); #if defined(BOTAN_HAS_CTR_BE) - if(req.algo_name() == "CTR-BE" && req.arg_count() == 1) + if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1,2)) { if(provider.empty() || provider == "base") { - if(auto c = BlockCipher::create(req.arg(0))) - return std::unique_ptr(new CTR_BE(c.release())); + auto cipher = BlockCipher::create(req.arg(0)); + if(cipher) + { + size_t ctr_size = req.arg_as_integer(1, cipher->block_size()); + return std::unique_ptr(new CTR_BE(cipher.release(), ctr_size)); + } } } #endif diff --git a/src/tests/data/stream/ctr.vec b/src/tests/data/stream/ctr.vec index 9fddf1cfc7..3eccc3cf6b 100644 --- a/src/tests/data/stream/ctr.vec +++ b/src/tests/data/stream/ctr.vec @@ -280,6 +280,24 @@ Nonce = 88D9C46E992B27AE In = CD Out = 9D +[CTR-BE(AES-128,4)] +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Out = 8AF2860142F786F409307C1A3F7EAAAC597D5761063D8BAD232CB0136888AABB90B8CF63F44412CEEE802A522AB6566313C5E10652749056AD2F02CE3BBF5BEC + +[CTR-BE(AES-128,5)] +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Out = 8AF2860142F786F409307C1A3F7EAAACE0828A20E49595A19191201820125CC1B976913097C4A3245CAB186AE3B581F173DFEE01730EBB880CB63C673CBD4FC1 + +[CTR-BE(AES-128,6)] +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Out = 8AF2860142F786F409307C1A3F7EAAAC33E25A114853DFEA903DB7B182593CB439E12B65EBFE27B2C1557F1EAD7AB52F0D42E2BB9772747085DD8C2AF5F357BB + [CTR-BE(AES-128)] Key = 2B7E151628AED2A6ABF7158809CF4F3C Nonce = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF From 9123c7b7193f671c0fe8646b62f73357a5b190e4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 20:44:55 -0400 Subject: [PATCH 0085/1008] Add ability to print fingerprint in cert_info cli [ci skip] --- src/cli/x509.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index 954c2ea6fb..eb09eb41d3 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -74,7 +74,7 @@ BOTAN_REGISTER_COMMAND("sign_cert", Sign_Cert); class Cert_Info final : public Command { public: - Cert_Info() : Command("cert_info --ber file") {} + Cert_Info() : Command("cert_info --fingerprint --ber file") {} void go() override { @@ -95,6 +95,9 @@ class Cert_Info final : public Command // to_string failed - report the exception and continue output() << "X509_Certificate::to_string failed: " << e.what() << "\n"; } + + if(flag_set("fingerprint")) + output() << "Fingerprint: " << cert.fingerprint("SHA-256") << std::endl; } catch(Botan::Exception& e) { From 09ff689fcd24ee6d5e677f5769d2b4ac26a3a9e6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 20 Oct 2017 22:02:43 -0400 Subject: [PATCH 0086/1008] Fix for 32-bit Windows The buffer is not aligned :/ --- src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp b/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp index 3aace10946..207820ec72 100644 --- a/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp +++ b/src/lib/modes/aead/gcm/clmul_ssse3/clmul_ssse3.cpp @@ -34,10 +34,10 @@ void gcm_multiply_ssse3(uint8_t x[16], for(size_t i = 0; i != 64; i += 2) { - const __m128i HM0 = _mm_load_si128(HM_mm + 2*i); - const __m128i HM1 = _mm_load_si128(HM_mm + 2*i + 1); - const __m128i HM2 = _mm_load_si128(HM_mm + 2*i + 2); - const __m128i HM3 = _mm_load_si128(HM_mm + 2*i + 3); + const __m128i HM0 = _mm_loadu_si128(HM_mm + 2*i); + const __m128i HM1 = _mm_loadu_si128(HM_mm + 2*i + 1); + const __m128i HM2 = _mm_loadu_si128(HM_mm + 2*i + 2); + const __m128i HM3 = _mm_loadu_si128(HM_mm + 2*i + 3); const __m128i XMASK1 = _mm_add_epi64(_mm_srli_epi64(X, 63), ones); X = _mm_slli_epi64(X, 1); From e2ef35fb9f340eff40fadd1e03cc1ab6ff494b86 Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Sat, 21 Oct 2017 19:13:14 +0200 Subject: [PATCH 0087/1008] review changes --- src/lib/pubkey/pk_algs.cpp | 5 +- src/lib/x509/x509_obj.cpp | 3 +- src/lib/x509/x509cert.cpp | 12 +- src/tests/data/pubkey/rsa_invalid.vec | 450 +++++++++++++------------- 4 files changed, 235 insertions(+), 235 deletions(-) diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 0af264f329..e2009ce0e7 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -85,11 +85,12 @@ load_public_key(const AlgorithmIdentifier& alg_id, const std::vector& key_bits) { const std::vector alg_info = split_on(OIDS::lookup(alg_id.oid), '/'); - const std::string alg_name = alg_info[0]; - if(alg_name == "") + if(alg_info.empty()) throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string()); + const std::string alg_name = alg_info[0]; + #if defined(BOTAN_HAS_RSA) if(alg_name == "RSA") return std::unique_ptr(new RSA_PublicKey(alg_id, key_bits)); diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index dd097f123c..f566be00e5 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -246,8 +246,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - std::string mgf_hash_algo = OIDS::lookup(pss_parameter.mask_gen_hash.oid); - if(mgf_hash_algo != hash_algo) + if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid) { return false; } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index c20224abae..5a6588ecc8 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -115,15 +115,15 @@ void X509_Certificate::force_decode() AlgorithmIdentifier public_key_alg_id; BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining(); - std::vector sig_info = + std::vector public_key_info = split_on(OIDS::lookup(public_key_alg_id.oid), '/'); - if(sig_info[0] == "RSA") + if(!public_key_info.empty() && public_key_info[0] == "RSA") { // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP - if(sig_info.size() >= 2) + if(public_key_info.size() >= 2) { - if(sig_info[1] == "EMSA4") + if(public_key_info[1] == "EMSA4") { /* When the RSA private key owner wishes to limit the use of the public @@ -144,9 +144,9 @@ void X509_Certificate::force_decode() throw Decoding_Error("Algorithm identifier mismatch"); } } - if(sig_info[1] == "OAEP") + if(public_key_info[1] == "OAEP") { - throw Decoding_Error("Currently unsupported"); + throw Decoding_Error("Decoding subject public keys of type RSAES-OAEP is currently not supported"); } } else diff --git a/src/tests/data/pubkey/rsa_invalid.vec b/src/tests/data/pubkey/rsa_invalid.vec index 8963a18be3..92007d1b69 100644 --- a/src/tests/data/pubkey/rsa_invalid.vec +++ b/src/tests/data/pubkey/rsa_invalid.vec @@ -156,1351 +156,1351 @@ InvalidSignature = ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4e # Generated on Wed May 18 13:42:19 2011 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = f0b83b8facf6698d564bad334fe494aba3eea42f3cfc378455a989c4317e0f610c160a67527f5d010fe49b3fa6696516c757f3a99b79f0c641c68bb47e3fcb2cb01b22a5042246d5e9573c74c5d9b543e60b9e4dbbf3f36c44e0d410c750da3cc510abd12ca5cc0fceebb75912fc2e38e953cea30432e77e45408b607377e599 InvalidSignature = 7973359908f1cb2f7eb31e19f7655e8117261e17c43c8ce5b12bb861b541fea168e077b41cf11a95ef7a80edf5f5903987e59d4b9f115cdb3b6394eb0dcb6f5869be0f896087bec612093965ba020449eca36ea74acffe1eb9f42e4ef03247cccbf99557073ad99a144172669e49296980c9aeb5fc7fa64660a680c320edb20d Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = a4ceb81c341237facdf5c8dab1f5fdd725985939df0b623cbb08f714affce42d016ab4b7b78ac7625037a466b1088fc762bc5fd7fadb8afcd89a82b314ff44d5b5472d1a258510dbe28b871c750d86c9a8043640f451001039a3e700b29a1c54272dcc4b64493decebba1902e64f0a665f39867cb3b5ed0044ebd1036f159430 InvalidSignature = c12ad0a80b116cd65a8c81aadd81f05bde5d6adc60e4deffa3d7c68ed8df5314c98b70979c4ce5f9e1c3f0e52fab15725c4f22dc0c4b182a1d7cd81dc24f54e768dd2518a6cee3952922e653b8feaa32745f92ea01907aa4ff2c5f64ed9bad461e2825eafdc31158fafd38afb39fa10f5f833faca076c8771cabe406be6df648 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = ada7d6e417da2c55aba768f60df46b73496cc07866c7d2193f4c5c728e94228a4a90df7e33ce7edbabf78c4bc79dee74a633cf1d015ddd92046bb54a5c1f9bc892b76fbf9727dc79a0a7d379336d386082bcdb0df91da90813ed2421711710542d236ff06c70b0f932bd24ca7beeb1fe870dca9175909e4313da903df504e8f7 InvalidSignature = dd45ac85aa560159b2b9890cd61b8c082bb02b55529afec05e7f3fc1d73e30a09e0a7a422c20c074bd25c1271924a94d7576d99125d9200e0190979dd4238db8bdd286eba5d3e46a48fa2b18e43d7926aca3312eaa93970797c20c7e12a64c47858d1deabe5260620f01ee528d63e073f90f5044ea92804f3c1500cc2b958289 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c35377 +E = 0xc35377 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = 68a53131f6499d299801d88d6dc311a138934f1f58a5057efac2e6738decfab97645f20e052db97ea8ab4be35f0ecaad70d4cfdf5ccafe5a1175dd5e61b1e64eb398dab3f9a55984e219b0a5509ef2ad0c2b4aecb9278fad06d119b828dfd31b8865922ab8f9a5c5ac15aed927bdb0297361684f5504e1fd409e4389c9bfeba9 InvalidSignature = e955264d644003b69f39f955150a7f42b629081b5c13787c7a9e2c988089b5e550ad4bc14e7e71c441ddb69afad39c56f811327e25270443cc0976adc9ff392a9e1dbff48fd9adbf6263be6e78d7b95feffbaa2879ba8b75e67a97aaad39d9211e5610ee369777d3f8ffe373f9d7d2984d209a9399cc1e105ffff0baaadbdd25 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = 340eff60922f2d65152cde96f5729fddc554434d9aa32b596f7fc543c86c53d796a9ee585bbdcabb8e52bb134146f84d0100201dfe007a386cba81c428a5a00c9f8f3a79ec33edbe400d1852876d9a2348cbdd89cd5a147885dfc0fba6c479dd1668eba98cba1fd6f306fc3b0f0f0dc9625d847851d87f8283968bd08af266b1 InvalidSignature = 4d744a1aad0c4d76512902eef63753ec58ec3f5e23f91889fd6705bb111db9c688587c320b52e65939c69f2296d9a4c01bc450513486f86a861e706abe25b40a8e3f517ab58e99ffaf6b8c4efbf44ddfa9150349baf5daf0af17cecbbd99d0f5af871ed8b10095b4a0d14d3c8c4ecdf9e52d361d21694dbd9bae7fa395714d9a Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = f0b83b8facf6698d564bad334fe494aba3eea42f3cfc378455a989c4317e0f610c160a67527f5d010fe49b3fa6696516c757f3a99b79f0c641c68bb47e3fcb2cb01b22a5042246d5e9573c74c5d9b543e60b9e4dbbf3f36c44e0d410c750da3cc510abd12ca5cc0fceebb75912fc2e38e953cea30432e77e45408b607377e599 InvalidSignature = 6b5a094e74c5c34ceffaa51dbb15f02689e1c45b620e926f85882800dd4662c9412f1e6a54388b51a58a7d3791c6ca6acdf03ecece746e5e3189ebdf5c958ec0233758f126e4455957b7f6450f65f61f1202f569e1c95e36207916b7bd22f530debc965dd5ee543d80e14b19341221b294d2f4acf846a63705a9479b49fde460 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = a4ceb81c341237facdf5c8dab1f5fdd725985939df0b623cbb08f714affce42d016ab4b7b78ac7625037a466b1088fc762bc5fd7fadb8afcd89a82b314ff44d5b5472d1a258510dbe28b871c750d86c9a8043640f451001039a3e700b29a1c54272dcc4b64493decebba1902e64f0a665f39867cb3b5ed0044ebd1036f159430 InvalidSignature = 1db247c271a11b2d41205d1abafd433be26e273563f636a3a46191fefe2aceac656a9e91cd58df247a4feda14b006e6871896f1f3fd84a4c91e85a82d88314011b85b3e0432c07fc5f16b0d10fc56e2823bee8746f1ad6cf4cc4603bf1046c98e36cd373d7955ec37d86916bb4cb5ed4d43a5a12720ab9ab7f18a17ce927a286 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = ada7d6e417da2c55aba768f60df46b73496cc07866c7d2193f4c5c728e94228a4a90df7e33ce7edbabf78c4bc79dee74a633cf1d015ddd92046bb54a5c1f9bc892b76fbf9727dc79a0a7d379336d386082bcdb0df91da90813ed2421711710542d236ff06c70b0f932bd24ca7beeb1fe870dca9175909e4313da903df504e8f7 InvalidSignature = 468a0a4d9887dc8de86672bf5888ab473fc58cd681de1dd4b9fc46eeb32b184cf25877be736696aaa86e9707e6afe57ea1f9ea493e5f72473d7c5e77710e15e325eeac1a1c0a82199fb14f3f090703e9f14d0b0acd556bb4c242eccbec203664d8c903bb90210aab8f61c1de2391cb77f93c8cf6f5e3d1fb621c4109d5d089d4 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e887c5 +E = 0xe887c5 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = 68a53131f6499d299801d88d6dc311a138934f1f58a5057efac2e6738decfab97645f20e052db97ea8ab4be35f0ecaad70d4cfdf5ccafe5a1175dd5e61b1e64eb398dab3f9a55984e219b0a5509ef2ad0c2b4aecb9278fad06d119b828dfd31b8865922ab8f9a5c5ac15aed927bdb0297361684f5504e1fd409e4389c9bfeba9 InvalidSignature = 03999476730932d46eaa5205f422de58c5d517a2d15fd449404c52ce7f0a3636a323aa681d79bffac60e8d9fbd6e62e299368cf8dedc3c1631d347cdd518e0a18b7e146ff913f191c0e772fc3e50a4424845d23d7e10e038f9fcee9e9a2fe4907ee597e3c589000644d65cfee60115dbafd9a8348df03435224e1f99d04ceafb Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 +E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = b3e512b4ff753fcf01b6e6d830915f93cb99fbdfca3697f3140371e8f2743a78c4bc6c05f3eedddc266295bcb95adc926be598875604d63c250ca754814b2d34cceef506122287043c7a3cf3879150ed35f0386483323664da662a1849b4ab90334456c1455b66ceabc78686847ee32d9382847f3707def29dd8a33c34f7dc15 InvalidSignature = 5432923b53dc8ad5df6a5db2b04506b42afbf29e31086fb3aa7b7b7a041940466a6535da54329c1aa5cfd328d4cb622398bb572354eabb3c1a59953c7881d1b1603a3f0c5ce845dda3bcf509c9c7b7f61fb310ae50101d08062eb2b894d12602ec28e7533251c0987e4a290e5affd0083b2216f26a55a732432268bcd1982ef6 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 14ccaca3e4e313a960023ce1ea1335a9b29b47bdd7463466cfc7bdef08de6759cfba7f5072825c5da12fe45c1a9c523186e036b79ddbbcf9910f32a5aab1c5bd2d008b9083d6c7e9977d688680c3d2cb6051e1b88c382b19edcd86fca6b7cb68f646d94c6007dcb60a95cf4564b13fe1099552a9ea86092da9a9c2de431701c3 InvalidSignature = 93e0eab6ad774d35fbf94f2226072c7b6dd9edb54377ab7d8c8f8c1f125b62536334d953d3c610ff9aaf04b1962cf30ec213a6022ddbdbdad67084db957853a4d35eb644e1dcf8ff82b26a74738271b2394b5a063de453ae5c0968034dc7ca12f9d1c11ac213e801794a00eec5d3ca9469a47ba7b932259be0aaf13d41302c05 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067109f +E = 0x67109f N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = e5494be79aa11936c226d26f260c2a8baa36c7a4d2a9eb068640528812a15e1d716f71a6cbc29a0a3cd47589d7fd4c4debe1824284e8322835ee13e7153c9f2208b7740e4058fa8503dc4656aebd3ee0fa60fedf7e907b85752b66cdc21b540c31881bc8004c7fce9ea80e7fb235486b5f1d0321c68a0e44cd5f15e21f27c402 InvalidSignature = 983e58dd64d1dc369a71485a497f9242a527bb285e5039e88f997a30fbdd32f3022c453218e22f0180c3f753bc0d6e3d695ebde88e8963571adb68510c1e40d84ac83785cea9ef84bdd3957e98d718c7a97b22f692dfa9d1273a97ce9446794fd193ec3d9354caad1b7bfcddf82505f8a963f7759d108b7a67a57aa7cce3c84b Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 3620220deb2101077555298267995366d834f856ac0cb687151af5d3581bca09d5881c8842c9050c37a67ac7effe2fb44dbbb5281d05e5aa9db682043b0e1a9aa1a92dfbefad92b64748156f8f5a6531726e2e06a8ef82c578997d2c7b2d292ea2699f8e7a376fadaf2542a1d015be865135aa19d6325383afa92e729edfbe6e InvalidSignature = 3e9d528a7bdbb9d1083384e67441712645c2aade8ca32c8c5632ec2708b6b9877dc4cf4803b6cbe533fc58db7ab01019ae879cf746dbca08ef39affbd600562ae99613d76183554e712e90fdd4b37a0092a3ddb3bf2835e6fc6ee12e7b355ac006e8e5725d8773d856360bbef7a896fc66594b1a4f7ecbd13ed2c02b76511feb Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 75d462568edb867e996ef0197de4685fe3528225985d2053364c38970162d85b0f6a67f5ac932d1efc7e16a6e296b26621a08175c1926e9fb5a99912bab6595b82b9829112b0e3d069b113e962376e58dbba5a771782cff161bc1678f2ced0bb15e83b9289dbb17c272f714cc46fa21f59c8959162d34b3183ae373271514463 InvalidSignature = 97828f3a8b864a95c19b617aaa5744cb09c3c37758349e398169e2e8344eba663f9dc871f744b52b3f15d07875ae8706e7bb849e0828e6c9228cf43e742fd2c233f2b31a67365a12f0ebc2d9d3369232c6939cb9e6e80b18443820773ff796d2d77d633f1e240a2e62625ca6e85e85105a9b9beff0c6d86a112f1e9aaa551c88 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 +E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 372c9d4b73d3d7527d991817dac22792b1a2926824a8a30fe09b9033f324f259df8d78c3ecc8dd93c2b31733369ad2f365fd1cf4ff946246e6919b4df825c36928458bd5d4ae4fd0532748fbcd0603034ff5117f1ef6011c4ca58bf78abd0e4a3dde3d4bd48e1451587d1239440da2089811dad129d567da3b60c8fa51f5bb45 InvalidSignature = 7ea27bfe422507d9f40f5200ba8b68d92147611c63825aa1aecb3268893388be452de5c3f9c6d224d5633913d5f27a33b669550c5653315fdefb6032ca50f781e789f148f2642aa479aac4f85454425e570cb0cba2a1a8586178a48127897003be424eb86d87a2c5c95627dc4407f4800536567337d88d1df3b369b176a21c6e Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 78b8e34e3d1026e88148aff5a05d5b6ff747113148cf47665fa1c842f6a2b4f0d783c8cb4097dfd08be1b9530e72fcf241f278c81e7cafe3ceaf95f7810194539e57d3151cd3b89a2fedac3928c61e3196b8cadfb2323b35fac38e671b747ae7145b8d94996db82fb5940e0eb402c91440c48ee0ca9af2452c063cfa8ca36c93 InvalidSignature = 697f7422aa7bb453c6b7e5c3c1f5a44d4631ceb0b9a9e77a0ffffdadcbd50d8f69a2fe23ef495191dbc4df75605198af429807393efce5d0742c6cd65ea4f6e60fb9de39faf141f6b9f2339bfdd95677de6ac7856b183ca7c2e19fcfefa916858e7e41de93257e8771e361d056d5c96557c655e1da2d4906798cc4b93509b0af Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 8ae68ad40631981d0cb68428c642fabc658ddffc1761e4a436fe5c90bfbe4b7e07f5bf14a91b6325c32d5130625028293ab85e7c9bc8d850a07ab808aa0277100cae33d608114a16fb60275bd41c5cc3caf1f1024fdffca93f9772a95e283d1201da8f210b5a757a1b18afb204eebf107e0240951bed79397c1d3278c477c60d InvalidSignature = 7c17bf8aaeafb9c97966d905205b1f007a1379e5fea9418bd6decab846bc4d430de0315c5b2195ea62900b34b7d37cd6dde7e37d9361073942976215e7183e4dc876d69e1eca9cc3786d2e9922b71333ae3f0cacbe173a6346c152273556b6bdd1afb7fe01fcda772362fe20be34bd4c8ed9b16cbcd3db910a0d89a1859a2539 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 5ec0479f0010f6f12a707ab52bc4ba883f29ea19617d02d660216fc535fd08af94c54384c17ba9fba53687792121e734a2c6be98f68d67ea5e7f502be450f43fee9d094e1472fa6b2f0f9773b2ec0c383efa0fdf702c5e87fe36692c02954bca95cfffc5a0fcd188ef85126c872c10dc3a4c46b87862cff668cd218f37d2f799 InvalidSignature = 7202f1ed02d85d82b574b06fa3de38a0d19b80a612f470f22b4eb8a032c15be565bcfc7e9780d35f1aa11a312339554ec51e690287ad57acff359fdbe7cdfabf9770e9b33343cd8aeb8b2ddaaffd1d2308ec9fa28e5dc26abfee5c5e8470adf13380e7aefef727a78dffaf32bee251ca8bab4dd375d2a9e6c470943bdb58028e Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 +E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 3de862f4efd8bda0f2f8254f730e5a8d5baeab4382a6c5371f99c9d684e9a13208da934744f5168282abe584723b53231fd6deb122000681153960a84bdde601be499174493f2a77188c5dd45ce70fad431df1be276b55e3062b41da32b4c249497b8303687e9e879ce2b2ca99da3636afcc0df2f9af5a64d8b895f49f35df13 InvalidSignature = 26068d35b77ed46848c6006fa718c92ea035464018403019929daa2fb8af505ea81e7b0c1ffeebd614d006fc6c445febc27a562ac6bae807a52d2268690d26b1510c9c1bcafb16626212832b1c5f8a24630c16849e6c5dae23d2af780f34095ebc298a0cdfc3dab0a853148b74b676baa2b23bbac4c64b7354c3f0e5c901fc09 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c78d0b +E = 0xc78d0b N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = bf087ce3582a9462c3706a2eb7cafae1b9b79c0185138977af309b428a29546c4973223d64b5e1b03edaa2230464ab52d803bf862f669f0a7751d0dffef09fb00f6b63085eba02c3a5bbb6c3908111e4d7ef3f31a9868c58517c255b140e23895817c5ad0ce0fd85433a2f7522ca357dfda5a669bd1d584785da231e952ce8dd InvalidSignature = 17cbcaab779fdd6aeac8f0b90fbfe96b6d7231fdb550f2caea85eb9911121d7a0e956cf11414bb111d1d0b05b1404d480d6eccc65c0d301207ebc1b150247809f4cba9ee3b5f759c59602b1e63594ccd374d509a7c135a68c6013ed73ddf68cba5ea31087af451832411dca910fbc2aaab286b3a9c95b1655ab872e8c2766d0a Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = ca69f73a1e17310789a65561639b2b054aaed69622c4fb345b1d255172cf68c0bb73450f5d1ece179e930ad161b69b6cec449e9cefc2d334c2b3fef7ef0e8dabf0ef7a703a8d73507a6c39171ed446651781b201dd9c5770b4ea34c72f440fbdf2475e04bb4c68daa49aa8dba2db721952cdd96ef53acf11b82a8e683a57371d InvalidSignature = b8459c62f5dc848a47e73837c3fb1b5b96c6cedc1cd0e08d5bccb8a0fe4e43ee03180a9457a8db53c16ab994e959bc59d29d3b15749a8e9cf43cbe81d13c3b2e0d55198e0776ddd2915e25f59b17e914888e10809016afa90fe24d6bf9aef635f291f6df2a80b777db31783ffd7148d078ee82ff15b4b83298c728fcfe80f58b Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = aaa280f51dfd88d1e7c7f08834ca69d75e4743996295858e950b3c5c922013d377d1247551430e36d4aa48805069b57ae07b788ae5110919b27c8896894e52bdc7bcd3195b479bc77c9cb37e9cb831cc974f0aa2316f2813bf61bc5924d0d619ff2c33e82351550d4864d98800fe0654ec8da2ea2ff70906238080ad4bedc66f InvalidSignature = 570c0eecf611c34433df2f79b602ab96459bfd22a27b4acd07584dad4957af8c322ae98c376312c6b9330e50546a148734219636dd44de74106663e576ea85f8e02d9d03818f42134fc90c78fe94f06c4367e5a6c11357bc3abfd313c40a25986c083210a066985da3653eaf4581912f5396e5bd15eedc2d7fb9bb076ef85c14 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = 512dcdc30e9ae2b6e44a773eaffe62b10050dd2a12de22d100aa385d36c10cd7251bc3a03cc34fb513374032e912dd1550e874452772eed3c9eba67f84b97c7e4d50257ab154c5db0ffdbf4505c0cb61282c4ae1f812d7be13e81fc4a86ff2512f949a5a57946bae40649b7feb50541eefe208066d05051c456a49358a2b97d9 InvalidSignature = b19f58f4374cc02135eb3aae5303dfd5e54b68ca90daf44e2ffb4dcb65ad49eba624688b7c18987177573ad4299c8cae53fd2ce2aae3515d033673155f1e5849b874f6bb28f691a0b920aadc7cfd5218fa2bbe60513df35f50bf8afa968c7f3a821ed9f185f23d020598d745be5dfa74b4ab25029bd47000637a2868438a6cb6 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 +E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = aae7e01a6e1a1070fb04dbaf97684bd0252aff01eb0715f899844d8887246a723fdedc7d3bce9dc9f02b59600b79d10efa008173ae7c80569f16a93c1193f83996cc3607d55ed95589a22661cde098c996bf859f8100ffbbcf6cf955ad0baad3b99737dfc3308cbdd0518adb650368aa025153adecfb58d02f6f84fae4f44ae5 InvalidSignature = 2935b15fc9d8f8dacf912f828cad15c50e66745e08107bb23c419d7b177940716c04774898be1db3b175daa1cd1014900e7ec64705a1a145789bc3a7a5d2bb5a5956cf66a55b258913193aa44d29a731c33f1b7f04cb9dbc55f351a12ad77796502876fdfe47330d501c52fc87c5fc9d114756ba496a3742d5eb38f8835367c9 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054128d +E = 0x54128d N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = 0c5f5fa28397254fc62d7e2cb124b769873cdfe37f66713d7f7a3432272c6029113d020a57eea15156ba2261b244e91a9b8f41ad4e6dfeafde3a616d34c93b80549f55a1e35f10bee686494dcd587fe0b01b38f9d882a020816c7434decf1eff5eee220c2ed3b8bdfff9ba980949c1e250478c6f268ea1b8f17a362e2e2451ce InvalidSignature = 2596aabc2978bd62da57c486172a2cf433eb145835059fc035bd42886500156eca00554a989d19b6bcc4f640eb7cb5cb634dae38f59b015a01ffea0504847c643d525b910f61c2718f4cbb076e8af82183661d6c7e06dddfe1579ca2d6dc7e3e056b0ff6e6806fdf419e984018e2a1126820fbe966c52f9d8295a2a9cc9d0e0e Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = a4dd2d68a6ccaa4d2218c34c89fa1b8b37ea9a61fa121269d10222d5f3a55b051374a259e3e9d543d737b2a02b38f44827a7bee3a28f3dffc5038a601110cd97a3f0a8d7b780d3036cf5030bc7ca1179f9fc5847e57a5ff4ddd7b8d7ac4327b2dab9078a2b7aeab669b980376398ba4736532e34cbbbbe6fa1e774e0cd26b17d InvalidSignature = 97a9b907731d605e40d7df6a8c813e3ff319a02074a966782fc2ef7937d0e9710e4473cf0703c23de5a1d238aaf38f6c5882725fa386a92f50c213b25385bd1d6b481708959677f7263bb8766049c3a24022180ac7db049edc37f19c1cf1e613a6d295190fa86b8f52b52e989507ea1368637cf6147de89eb9d840d5a2fc23e4 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 8e1451587d1239440da2089811dad129d567da3b60c8fa51f5bb4544e0f5ec936f165efa3edcb346b7974b67daddb2c73a7ec7da48ba1ef7d4b2a266d11d7fba593c3f60f11032790dca14e5d783eaa02c2d2d52e7ca2a2163dca9ca3b1ccdf0546e3bb41e157e851623ab399034405db35c52cac55ee879a91fa299a55a9ede InvalidSignature = 9003fc803fabb16ea2318a36e3e00b8a0d91c882b3cf11ac778e445cb5189b920e7689b865f1a323fb28bdeca4effd085de9611021ae95558db37bde3ce4326a1c931a60afdf03c3cb5a43465242f82a6b27352e1fa75af4e7bc1a93e81b2f3fc07a4312174b8888e4fbaafbb204880f3188e3e739223a57bc9583e6f125f597 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 6bc3cf22b29b88757a39072df815b59e7a4f01079344a7c8786032cfaa33bf54d5c605c6f82f9205c76357d14e4c6783d61bfcfa0ce0bbd9605739f0ac05bdf716844882371cd2317d93d727cd4512be6d77897922e8c93b95a973b6fb2ff725f5a7a03eb589d16263708e18bf293db90709ae6d1b845a55dffce80ae1d7f647 InvalidSignature = 1a73d7d3cd4dff2de010d2ab176ee64db3adf4b1fd07cf37caf19bd223d6c343e7ef75b14603ad9e0a52b853516cb43f262552d2e25f72c2c3119f0ff5b516dc8dab8417f4aa2a85b812e8600b7cfbdd217db95e9f889cb648e865215289d88813af6c562b48ab0a2a12c18c7ff927d020329cd53635ac5e7c1c7fb6a9139566 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d +E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 63215755a54b4a68ef26d1cc120c6b5a963cebe706dd6e6c8f409065ca66e076d5c29154a83f72e3a685209c7378793206025575ff1371763ae6aceca48576d64d8f8562bf39c90e8f93a30d310d52ec1039ae75ded218d429feb1f830d0ca3cf4119c4792403930cfd7c3e6f5d0dcd0de685db04e234bcd86100751154ec4f0 InvalidSignature = 3cdefbd51d9d74dcb34cdd5dcb6aa2329c38b72bef3fc30c5559e564fea7df8edde691f7793fb37e4ee8e363884493e21010e67c2b1310297a967dc852f94f1121456c6d83afc935586927cf1b5a1a927a221a05b133dbf775797c112dcece11232566b64e27bbaaddef31ad704f8b12d0e41571671de1e0fdea873a02cae156 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cb82f3 +E = 0xcb82f3 N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 361f28f34dbee24034e03367b6b8d34df3738ca3a86b9ebcb09e639bcb5e2f519f4a7a86fc7c41556404a95dcb95e6149b7f5b5ffbdd026051100f8f056cd00d8930d83596bc5c73b8fedd590c2e07ef48bbda4bfd850762194c9d1eb068e4b1fcbb8928a2e5fc4336b6178402e90086030f509035c9756a113a556f53bc33e4 InvalidSignature = 5b594ac8b973c6fb485d17268619b26c9948ff142284487a2ba1ab3e65d12af9e589f8fc0f583bc1136a2744be1f325f43e0b604a20c229996471ac2ab69860439a57adf60257945f4197e57b7c6711057a695f13d4b44f04d7c2bb87bd492fb0c03006c184628bade5c168fcaaba94fcfbe0911cf7e0b514aa975922e4a93a0 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = bc8e2a0b7a699afd26236facc6780b4ccfde98a8f30b86c23bb73ab955a304f02fda526dc537247f3727c0a41eb0a7a920b3c713c26ef2be7e448fc416c190a027d9a4940170ad48b62074b371369b3e09fdd427d6405124c40a7c4aa5b0e72ccc118647d71d1c9ecc94f3a16810d053b34626acd8898a3c34906712ad78f3dc InvalidSignature = 70c2b47c69e68df4ea95dcb48bb3609b98805340d4336d544fa5d628af72583ae86a28c043c5aeab389cd7c23f2e164ea32ea83b5557cdf1421e4ed72d27ebc6e645e4743771dca252726cc6015ed165182c90e972f6c6be11c81c1f68083f58ea100ffa61aa0d7aa83fb4bc7df237dff22dc03093b65d78eba1e57d4344798d Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c9c009 +E = 0xc9c009 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 370bc75902d814961b5d55a3ca12334f31df07648182a82c6d308033df7fe64fea83a8de0137e64f661f27e4e42ca6b5c1e0edf9efb2a58182b4ad85677369a3521f5d25f8ecfa837fb7b72832ed64797aa9bb14091c395559322c1f55720cd956270eb650bdf73a4e6d2efa1b1d16a342819a3d39870ab1daf22589124477f8 InvalidSignature = 3e18333b801bea1045458e538142886d338017f2d8e35147382668c8a68596bc2ac5bd7f781ac756e5cad5114b4373bee0758fb1b3a9a5d59d6e5345187797b9b08a9ca87cb039b36923e8be48f6839c00a165836f761c4afaef61da4b4f64c426c78ce22be51774ffe67cc1609160e0369cb894f036642be789875b8e8e33cb Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 5d85ba30feae44c6de674c4ea2495d3cbe892394f46f18fe1a0a601d1d23f01d466ff68bbc08756a4b1e308363eacafc64e42b2c183626ae817058b4d67d539ec8d6fccc09f531b00f0daf2716f833096471e0fed083e19485414f8f04b855816822929aee5dbec0b49b91e2c15ae08a46970ab2233e92d9ade60d56afbb3feb InvalidSignature = 1b5f06f3c6969fdec39025d409faf8a800ac771d5bb821cb8ebe5343dfeb93dd741ebd881dbd02d029cc5e76381b451aa6e2effd2a1eb0291f002e3cc4909cd78ec5356b11756cdd06db3f74eaf18ba49f93f7fbf56880123eabf41bc1f9695675a491b140944b737df538bd7da904f72f469c890d05d858d145d59ba152aa19 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 70bab1b9866237e8f5609aebad3662f5a64677221a3aeffff2a3254d7ee00b026842c191eb6e666b40022ec6597bb49dd25692f82575306d1dc5d9e78d1e14a6416a3187350a228605758c81a5221e3f52a922b0c8255176b6dceca56f2208c7e27a2a24ccff13402c02dda4f8f547e10e874ed36d11fd23a531850f8cb4906e InvalidSignature = 1e43dc1fbe0363e626d5448f3670a100ba199095d3d8a81944ec33c269ca5e2df4256dc5749b2add1accaaca0c3bef0a901fe895baca9eaf1e521ea015dc4c2bbd334a0d86a5ad65789adeda378a34d25b11d731f3950581f99a9aa385f2d6391cd7402406ae72962fa438cf12d9aeec557cd8aa34ef483ee3aedc1737d748a6 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 +E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 5623af60bc0fd288d83dff1c0a212b5182b5b7134a6e949c876fac46fcfe7d9dcf3407b990f8e9cb772ec7f5ed2bee5f4e6c3b87ee8839d85a64897fe0a6877a516c2af1053d2cca20406b7814ab9013677feeaeb773ade5fb2d27b50bb892916333e0b123c6e3ae5bdbb54c868a579654549831ad1538eaf2344e91861de70a InvalidSignature = b1705a416781943f623d7e766fe1824bbabf15760f3288280d36208d6eea1fe8d638a9a5a7095845cd1870459a7f05023950756d01b630b1dae3818383c5f5a78b264f191bdb28735f350839ae58490b5fc13ba6794a9500b956782fb013c28726bccb0b19489e7244eef84b9262c603851be1b885c63c4d1b012e1a87aa30cc Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004065a7 +E = 0x4065a7 N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 9299311456fe2ddffb3d231e14afdb0e3c906ff1fc554f04ef3f87b023314504c3bf9563f387707afcc4f575a920f673f1cab637d5c9f1208c901d5bded2f057ce9722797b90741248a7f18e3bdb74eea34b6a78fe90d9ac1950a27b791003b4fa4a5fbfb6c0428d280fa0cf92875d669b3a121b3d530f91deaa9c77bd958502 InvalidSignature = 70d2c3138dd7a07fe22e8e3d2335e0a2c0cef949373f53d4d242e4027c154574f6d18014252cc10ab02ec1ccdcd3dc6f7c3d131346e76edf38ad66f36fec73e93df7f548ed7ba1759fced7b15c8cef2875822a6ea5b215a5cca0009fdb64f622eb1d9e27df411c3a1b916511dfd51da873d14a15b6d87553a2546ee15327ffe1 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = ca2932d61c66292bb02e7e64a1c6b40438e4fb91af640ceb3a3c55dc48b256ef05cd4b8624090b27dd4e30173123782a75206bd90ea13e957ac2f85b9087d389085ae5f03dbbff2a3233d62dd38960217e39816fc222e71b677f3353ae185948d9ba493ceee4cfdcb9c3b7d1106036925b19857c534ecf24095c4dec2acfb0d4 InvalidSignature = ac59e4b969236d714c59cc4218a7cc02cb31d86aa24741ebab2b02deeafc350c9d533c8eb3d9a5f53317a634eeeb05e0d6d292fc52aa3b5469168b8cc79b2ddcfe9be2c42adf62dcbc568387422851f334a20b2994b47fa43615cf5eec6eed3a9954d7716526bd96d26118aa85e23c6c82278539874324822b5975c1370a70d5 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 1d4b556abc81b293c22fadd2b48f26da8699c9f56c8184a6ed813e8d39d8c68cbc130928f38b89327f2f0aa678838ed303e984bc27203dbfdc0a9f7465b21dd8e08de7ab1c005d16aa23ca9137c54f0419b01d2c272de741cecb98d6615d4100b14255badee918886c93555b995b4fb5ee74fb0d15b36c75ea4d8f7ad4e1184c InvalidSignature = 425e7ab27d14c8e05f82c9dbc8e660e0f0622db0426a741ef7876b749ff467f0e58043f1664de21881f63c0809527abf401038ca92000ca0c0f6d22d630c995fab4d2661258fd506cd77189d88c4541278cb5a3e0ac54e7dfa431c4700f99157da16e4f87b925368f537362dbffa9dbaec7524de3a1b1d9824ce339788779a15 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 99331af1b3c7f0f9426b4e3d9b30d371f7762e171c02e13b39514561112bcfbc5b7b91a0695d043a0979047fa9901c62be54044a667d68c34b19eb73cb236c5157588811194660e2daa69c5c22ebb0b4a11b5d33cdde7be6cdd5f796962c18fa5473062c0ba98c5a7e9a1dbe506c15d0697442ba9b4ea30c852c6fb1b86e5922 InvalidSignature = 04dc5d566e302f6f1fbc45e4fd136449c399519bc02a212e1df8778d8fbf166a72314260ced82b30950a342b1cfb81574ce652bb781f6c0119a1ae2021cad521887916378c848dbc573c3c7b8cb4f9421d4d79cbf3fe69cf78a0da68c7e704c19b8b9716e415e2c3f8c8533abe3590c3d25f2ee7a5cc46e0bab7492d52db0d4e Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd +E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 6be1036d728dea34e224ad9218dbbd012cb9175b25f819576cae945081ad2249eda7ba2f7896815d9b5ae36638a4e30e8914af99579e78496c3280224a9c75f01da9fd8bef8b925a1b7e901604ac8cd0064ee836ad15a41225c87713f22e1fd0e12ef50a3f35c43148d8db2ae2bb61508cb1e9b9912446ba81b8a1ade12bc9f1 InvalidSignature = c93724236f58ae9eb0f9c6b4d9326bb17cb53b2433c2b13d8402ec0b4455d7e1ca8d5ffde7d57bf5d7152de6abe3336ddf781b849fa821ec8079d9ef7c9272c91ff24908f79a9a62e88d8fdafe3aa67dcb1759ef54cab03f5644fda4debf537ce6c14cb2d35cc276c9dee09adb0ef29c3ed15189295de153bb20b08c80e7d348 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000053722d +E = 0x53722d N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 40d5b6a7c87573de1cd1960a16abed930b5591fffe17bc7114d1da7048e1e3ea6047e7792007ebe4bdcff3e995da603a1c147cc51a7f543814d5c6c5076fda235d6556d519f78cae552c7795eeb806867e23b8d98a2869c7fd5c6c2ad510d9841d7728431b0cff43ca2e49958b0d887f17ca6cc3b8daa424b9acf4271a8b8817 InvalidSignature = 09e22f6503b81ee8e29e0b6c969b0ab7dbde242245d806ff55891541429a85fe05ca8d21be824bb985ec0aa98d9263d83f8f3ce35f5fb67969e0e77014d9b20936c37348b337fff3433bab7fafcbc429a341371048138bc0726a19b7a4e3c765e89660400e2cd7e1154039fdd8c7d8f0b897f442e5c9bd04d49e1116937a2045 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 628acb4da4fb0c0b2a632800b3d4f47bdfbb3ceee7c211f48af460924b22c9bdd986ad1dcfa789119d7c83f3c6d4439d4df6042c6984eb0480a597145362f95b775166aa0471eaac9156e0255f86bf77d422376a2bc97d2c6bb9e3979537abb322321d7cac23d7e5ec37651ce4b011105d88fc3194586e7631796ba5786987cf InvalidSignature = 5b9cf3df0c0717027ad0acf508fc0ff4d11ffed402e355675431b8fd44e308944ace9cd66a790ea66f25ddcaa43a65b50304da9d83b7702fd3e9e65d8ec2d73c9669ddbad51814a01a0a306442ae736ffa87fa8bc38cd1484dce14c5474b578ea26d98b47da09efe294f1664c9d9a41f23d8be9aaf3c68c475d793b6c6f8a311 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 1d39ede43551c1527056d10ad3c7ecac54574d9a989e7b4f010d6df2e827f22a27ee5035db9c2b346894a9c9bd98d4e4d93c40da8d9bedb884486ed682884bafe9bea5ef812618ce78c6e69da8a2519e19304819c70b46aca5eb78e3e1d51e096a8f333db05750c8abd4cead1e4d2b821d19ae7fcd574ed56bdfd1408f7831e0 InvalidSignature = 8a547641db63e40de38a4a9aea327ee84d158e974329a15ce2478d2792fdcdac0d0abb6b61ac8f9bec9acb780298be56975c476ceb125e394b3d16562b03e92fa5f392c72ffcc0b3ebfd67a4c6b80f5652a59bcfc170a7f46c214c099ff287de1cdbbb3e410ac8d27d72c2c5357005a8262f322308bed50c3b67960e5fe0d980 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 26f567e1af866ce7a2dc22e0a2596df4c60d343f4a91b5d485321b021b5252d6740c1ae06d175a3a4dedb7c7fa2c66b96d3c3e56633212fb55f43d61ab9e7e1f2d250770ba3bd0373c723140dba3b0c9719118413ecacb4fdece5816777350b837885618feb976e557b2b8d4ad88f42cbc54e788452187d8060894aae99970a8 InvalidSignature = b7a051f79fee95c69277cf8eadc867497f28bd9f66df38de5bfee5828de89d9b5bc3ac72579c86abc405b36f5d7ea26b4fdb88dbfbcdc8b756c80b8d0ccadd8e33ea5b5e4bbb9e8a45ce61b4dbc61f855f864d46a2599e1ec5d45901f0e273907a220c00863ee69c74cd8e07f29dda0ed6d519af8c926c2b2b648ea1e9ea06b3 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b +E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = ea567b6c6c27320893fb1b63817714739f7169e43e069bc47de660806cf3ea0f710b6c6deb21db4b1693f2052fb778d4d8b7c545bda083e978b5b24eb209ee2f8b4df5e83ce6642cfb43c1fa206dbecd85dfbc1432998fe13a7081e5e0a8999cfec41dc5a89d55150cb2922c9cbf6fc870915739e51847158bbed52c3ef772be InvalidSignature = 0b9e0437a57b4a927e26bddb19a0736ce67ecb210e79f2467a00113bbb773be9da3a1071c0837dcce41abcebc59f5387adf9402e50ed6cf884ad007c12c16e7a97323c150d7acd7a456348fa803d4fdbaa4c9648724d2e68afd18f9b0d4247502b71578afa6d25335565a47b9780687d1997e30ab5ca2e60cb00de5b4a6b757e Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 541b21710c8956949458f4daac99d96f59886119deb5ee78e861c88c092b287767ec8f84b6df5c6963059ec912c727fd4bdee21470706618f37bca93c577bb521237cd692b110f78c43ee22c5f830b080811066543ab9db74306ba135c757aeebbc68228556696491dcc680a7a15ad17f8ec76133eadbedc40ca3f11b56d8bd2 InvalidSignature = 286dafd4c04495f875456be6adcc9109def4903bdf2972abdef455aac0f814bd71144a0cdc87406d4b08de70aeed47073b70b8cc9332b7965d586af2ac4112bc07680aa9641beaea7f5e1e7e6cda80e5958ce7487e388aad7d3027e769ac6be260deb48f7eaea1f30e411088c684d5291618421212ba18461f87371fd171b25b Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = de1bc34f15b473167a95e1d754f43d94e8109d9c9fc341ba64561bac4e9a8ed67f3477384c396a9e9efb3e169722cba779fef240c41bdeef9f168a5379b08354f021f011f2afcf1a227e81e07daa896a3d939149fd78adcd1f48e4796bb4edb5f88936c3503d2bf4cfc7b41c4cb4ff43fc78819d920237bdab9332056acf5261 InvalidSignature = 1c6399bf074dab80478afd8cd35b217b9f4f7d10f871dcace4bc47c7afdd37da23b9475c7990f883e95db6e4d0254306ba9e95ca847ef6dec86c6084ae78440c2308f2061a8111bc4df3ee133fcc00dedcf8a30bf5adc7979d37dacba566c22996c06ab107f2bc7a0c05bda7eef7742b4abaebb442c11eb41a9f32f57f1698ff Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 810fcfc108d1c958f62f7a243aaa72420befba69dbfb68278682716dd092bf4e0e74830423d3cd34ae1f5a738234ac08573760f3bfc1bd2f5b4089354e9a20c1f213c7d8ca703d0ab85c93f5700c3e0a2d1f6b94a3c892f5342e4e3366136cb495b44146e5f141637baeceb2ed794ed0f66d80516f5610027a1669710147cab0 InvalidSignature = 525206937a5a77259ef4249350f89d92c1c63137e4b191812a35b53a7cb5cca52b5f697fd302e39a9024b009ff6357d998b2416993cb72c5c836b5ba7de736bc8d07020cf9360f7655443a0282c93beb40bb46a4f5ef7b76590433dbde9914d9b9c455f9353da45cd4192feb8cdce2cd46741682162955ac6db834a42d2f92b5 Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d +E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 44faf422f16b794a9763181c52dbf3066e43ca91d724142ed0044e33e88a93212ae26d289563ebedcc6ff38a0e9bdad6671032e82832e3d6967f7ec2dfb9cd185247af11ced9227c7b4ba2bdb9ccb216563fb82504e10dae0a2c559b39fc0c4122f162e58614497f0ebdccbd3cb4a24ba2960352527aba3f95d57cc5e09b7825 InvalidSignature = 13db3ff9ab38305903f54095045fd95e687a79e764311af09b3c6a265176099c3547187832a0b0d318b0ce9c58b20b67fbf0a8fdb05a656edb46128aa45e1caff3c60a920c2a500ea0c8cf5eb4bcd9a0fcb5acf7ee33268d351aec6551a73b9f9b10f3c9c0214ab549a71a7e248840b09257be2fe15dcbf5766d13f2ef762c97 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007afd43 +E = 0x7afd43 N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 83c53e873e548de19a44fa2d46d1db3377b21c0196fb92eb35428cd14800aba0923bf41b5d6224dc6e79439538757c9c50ea2ca721e339d4e111a5ecc42963e86f8769b4af1706346b757685d753b485eb1c8f9514d6009d294dbb51a06e04b302f1c4d99c3bdcf17882b9828b3228f5308f6c53d59c8f50f43cf5894698370a InvalidSignature = 3c0a78c3f98cf8ec68834879eef97b990a69c670b3cf987d2836263e0b5c33d9207e7521c6794258500a586e309aeadd641ff98f4c55a8d9c925e4bdffce15a31c31a0751db6f99c8945beebb259207e4ddcea646e96c57f565f08e87cf83a6e7c1e54dfb4eba57193b8c066a2c5085874446df40e401def7cbab9390c130c52 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = 541b21710c8956949458f4daac99d96f59886119deb5ee78e861c88c092b287767ec8f84b6df5c6963059ec912c727fd4bdee21470706618f37bca93c577bb521237cd692b110f78c43ee22c5f830b080811066543ab9db74306ba135c757aeebbc68228556696491dcc680a7a15ad17f8ec76133eadbedc40ca3f11b56d8bd2 InvalidSignature = 80e1846ad50ec6ac9937be11c1d589041fc970344d5997ac3d9f6ed5735392bd5dc3dc626f5b6e49842d79c9cce21527808d8c3bd30048e1f07567c84eed704a8f201ce840efb08e3c860d15db421ab4998f4acb43280e8445ed25b32b6e62ef7b47270e94cfeff31603e609a99814369d2eefeeb88c5bc5a4a8121ecbf37900 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = de1bc34f15b473167a95e1d754f43d94e8109d9c9fc341ba64561bac4e9a8ed67f3477384c396a9e9efb3e169722cba779fef240c41bdeef9f168a5379b08354f021f011f2afcf1a227e81e07daa896a3d939149fd78adcd1f48e4796bb4edb5f88936c3503d2bf4cfc7b41c4cb4ff43fc78819d920237bdab9332056acf5261 InvalidSignature = 06e5620bd595f0e1a70aa5d73bafea42eac2a131120919903ad4259d9b2a744d71d22fc2ab36dc1c6cb0d7e9e77335a433b5c4ea285180cd551214022be3d4a145b371f3760c0d0135972b95eb593e283e04c7578d1dd9f38f3f0aed08bcb60f80593aef3b14155ac0eb98d54705f24ba75958215e308949b62f4545e48ed938 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = 810fcfc108d1c958f62f7a243aaa72420befba69dbfb68278682716dd092bf4e0e74830423d3cd34ae1f5a738234ac08573760f3bfc1bd2f5b4089354e9a20c1f213c7d8ca703d0ab85c93f5700c3e0a2d1f6b94a3c892f5342e4e3366136cb495b44146e5f141637baeceb2ed794ed0f66d80516f5610027a1669710147cab0 InvalidSignature = 0c18050560c400fe3bc390fff314aecfc926d45d5dc310d1a80ecdcd237d2e97a2a3283c99bc49baaa147bbb82f0e4834f2da7d9ca29bc36fe43033adc0e56bdd1756664241b16664a52d6383cf545f3ecd25be6d450bf82330c1fc020d4f89945186e5347f657aa8cb364bddad0c33f7d94b652197432108dedaa186338d290 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 +E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = de225e04afc5701bc2c40ac3a9b972fcf04db86353a08db32dec588c346587736463231b39c2a8e22189139f31cb3c9b17cb66dd506315ab9ba7204dadc506142630859bc4fd694dd68da327f46c9abfee79c68602477a4a52c401ff9518edbe0cd0ac0eb73c5c63ca15e0e45b6334715d9efde5d11465983b8a25295326e37a InvalidSignature = 0a2d99a4416e30969e2e6c5cf94603dc1f94936974753ef5513df8e5dc6ae6768ff5b2ba3231e51b45da4dd90233fd136d59e56a2a96c886b1edafbae485c9b6084c88fd09d691c2ebb157f4f71b2f3cbf9290123acf50e4d697bba9b0022f618627a2646ead3b93067ccba82a4b43f8755a5393e5433a00398df0837d5457ae Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bbb2f9 +E = 0xbbb2f9 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = d4fac2af4fa7a3934afc123e9f3dd0be328c0cd6ca67d6a31f72d67f34773e26e6abfd18c533363e24e6f0cf6c550f75b60883ac980bbf6b3eaa6c07bd785f54a596c90dd531ae76944d993fddc18dacf9833ef3542681e689a102d1bf5235a638438f5727abf584c2b87556998b34ab2685a773a5c1065926e1fea7e00ea763 InvalidSignature = 5782dbf7e801d74532c088c294b69811a6e37e1d2969fadb7b7b18073bcd59172a1a2b4d19eea6c2abbeaddaa80d88a4b21be6abebd040151bd0f258c11ee06bd81db342170f7b68f0716cd1eeedcaee764fff9023d1fa6a8371946b789673c7debbfe9ce63fde4f233f476e80ecbf95920ef19bb22bdb006e4fc9bdb556aede Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 0aa54f40506682881b5ecb5301199929f9fcce361428134b6ba26e2655b016f3de8686137521d01be574342087c2f132b54b5b26812a2e99a77e2231c1c8bf26ba947301855ce2a40fa97d8b727b56516beb32760e0fe05fb81eca9e46d4ca7484183f94e8dd5f2a8146cf1c2a0d719003257dae229ed3a785ca8ff64b9edee6 InvalidSignature = c8e2f3ae12071b49736553ef634fee2fcd61e4018fdb452d663c3b07432cf1f00e3e59b016663052d92b6311c2ccd3aee1ad5993b2d4660fa79ba5e8bc5df304e1abc9bf06848c487b81e7536e5f13e1db8125941a168fec73fa3c3e8551da2444cb0bfeee2ab9ede128eab718f373e56348500dd4cee900f9ac561b03d5248e Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 17e9517428239fcf87fa7f461e833d45b9282a255daa9451dc67f5a8a6d96b23e26068b8bd41ab7e02ee6f11ec88e23838a2d8c57d48c1bdc03fd8b9438f9e8c9f3f87261260f3b91a4d5f1a4330dd693dc8c1f4316a9e59554671ebbfec1b57770f1588cf885fc7f79db927cc841620f1234e7a211a136cc3032606bff8cacc InvalidSignature = bd83d910364d07022f775c679110bfbfff38f00f29f984b9f951b440ae9c09477128dcfb0dc6da7c0f214e4c79a73314d7fddcef277781a70ceefd81bab2f9ded7baef76308cdbfa0d2a0244cfefb7c90d61c1f8fa557ebcecfd481a8e7faca060df6af93486acec7608474514b39ae002eb7f2e4a95ba1799ca4700cf92461f Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 6335ac2fe053d75f7e288705ae77431bcf2e0e29973de9bbb5a89a12b4dbac1a233fb79cf30ae1b5205ba5879486d32e48acd8f5ac9040ca49a579f0a46cdaf466fce3e2bbe2c7b8f82c271b80c12149e8f4894f5958767c36d50115fffb494a7697bb69008490524dc4962b3bcf3455f82ba89e673d94b8c65fb9ea8d330205 InvalidSignature = 8324e0f771e2425b09a6be4945bafcc30f21f6c85cb105ff76009c7c79a8cf6908de6952fa9226123e145186df7c57ca40819a5ef42556bf521771979a5d32f743772693d0c6ee9055f3f613f79f91f46ef8a0817f39bf75d89fde5a62c377d0da29c6418641591c37abd0314bd8ed8f25d4cea6ee00802ab5efd0f683a85f50 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b4c049 +E = 0xb4c049 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = bd550157371c4ec71c10cc7cb467ae6b6ee3759c82efb9ded6ea26b91fc3c5a448c67c7817b5d9250e1b0ba38fdd312c4412d8a9be14be6a5cd7dc196f7aa4f19b1c882b81f1bbb99a953b3766a00f1fc77acd3ca7716061e108085a5f92a22380002a58bcf87eed8a27651f81d7cfaabec45f3d872b262b2d25b263373347a2 InvalidSignature = 9cad4b858d9670d68592544e11e6ffe849051f7d5a5732aa20c2b3d6f8c9648e52a45aa02fc27a4f3614c27d1f9eda37477d2e9f5a323e3ca10998f13d56ca0b46b0a4214ab31f124f81e6448f790d027895b401a11a7f75a82cc06f5417eb82511f5674a36187b2bc3d122f992fa2a85ec2bcf91bcb386e5320dd502e3c9dcd Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 36337dcd88c66f37c4e3e8a05123aa0e2c65afe538cb190ad6066c49b6d4fbf4edc6a0cd4747b026deda2e47eba33f10dd29dee0a85ad1b560d0dc940652342ba29e36b59165591e219862675be2d74d2076b525780a650b2623ed3b809464bf7d41a84b10295365b4a4eac848e8580b1ed29b7e4fe4be55518a0708cba171f9 InvalidSignature = 148a9f6732c77152223c8f38ead0016ec9cff52302fcca9b4b99ce1f1f093276ac2235a82a6197301ef73f63989600a160cbaaf830a2e4cbd0872bdfd2fbedc2f0afa66c5cdf9cae8062f31d97b4b6647f59bf04a9f1bfe2c55ac4e49142659a3529550be59fffd8669cfdca9e58895caea6676edb17a709e5ba4f01b4343fde Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 91b07ffc7a0f56dfd81fe53414f6fc57ae6538492f218cf75f2021bfb746603019414d11bfb216a5728deb2efcc211b0df1d32f7476af8db3ededac31fb235684d119edc243477ca30ccc0ff9da03029ef7784dff43818e2f650b4a33454a80594e71b6392dfa0d57ca30aafe1d7824b473cd6091cd11493ef3f5866e073e28e InvalidSignature = 59811c0f93c7407546a19bf0dccf244b1529c1db5b8a6feb9e4182f4c2974810a97dc85f621a4ae43e45dab7af4fba76412dddfe380785edb2e24493670aaaa9a782f5effb7124bc60f254fd25b11b125584952d32e1db39567e82bd34eeb1eafd3ceac1554b368f61d77762ae3e672c053d20a3af591b9bd27441e7977c0fef Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e7fdf +E = 0x6e7fdf N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = b1913763b5afa5045396ec7a4dd1fc472e92ced0dbf79abc6b8d499d38132dd23680f0ac8447cacf41d9f7dba16b694c40faba9fb68d64b76bbb347ead6cfccfffe48994b4fdd42bbdb37c0fc0e674b46a5cf9b20506c8264d848d557fea9e93b4c5e9646d592ce06f2d645cd1ca874653bf7551f1e82cd2b8f03c6ad9157ce6 InvalidSignature = 411df9bc426d5bf6ca6e12c564ffaa52b1770cc96bc670e9726759b1bef233a7b6ad24d79545eb78f3a1318881bf65e886563918521350e125b957eabea89d0e487f7b963767bf1725c6a4c6544c734600669699ec2b7fae5a01433dae3c148d5824031209c754fcfb0a2d9702bbcf17bf35cf9f07b73ea6a732c3531a229471 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 58b262cd0a0859381541e24340169e9bd8b3dddd52c5644e31d56ecb2bd4f00387f721e3c9c53a52916e7a1fc15e6e37de126f1cb92a6c924ec0ea9cecf948a696d94804aa5ccb9bc0c2dcded52af0fda9626c5865fe683a81a7b3c4e5b617274e02de17f4f5947c6ae60f6ac5a2ad53004cdd7b9f68e1ad9332d22d5e34e4ed InvalidSignature = 56ea3c128c5d3c6342c45a8eb5275a518ba00aa2a6e177fd855abbf35386835773299af0809c049c48ab18b50ede9cf2d84650dc33b75d11e6e607c5e05d3052c0cb513ab62114cf9d850a1117ae655a3e5b54149b7089aea33d38bf673d04868ee314e858d981a31967178471ed93d350590fafa337deff21c0468aefa4bca2 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 45b73d8ab4f335e03c0154e92e467bd390f817285b83f64de72b594fa3f34ade09be2f9ad1b5a08e65e876fa963824568d744b9304c288a4b641913d13ec80db39c26e04202444d0147ecea86929114e6a90df1d9292a893ff28930c2348cdd0bd0921500707caad3109857a0fe1eac30f94fb4e6dbbfe20aa2988433acedbc7 InvalidSignature = 66090f92daa94f0d03bc2cee8b21140d5eec31bf90d096ff8e3f23bb29662cc36925e1db46e9c91de5bccb209f9dd9d7ec8e3f0496dcc72191238327eeedd19c40325f74e04636457485c6bab62d1a75c78dc8e841d1f2dc33afffa9acb7a44ad4bd5a0038ee2fec8c5d2e060fff412e88f4dd25bb90e2a3f46a6e378be209d4 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff +E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 61bd546bc549b962a8868d7ec803b95674a812b4593cd33e98294a561b84d13e2848008036e2218d00f3e4a4d95155f53f4f0a07b23ea157c7336a42780b6024bead5ec2628f8fe50f7c2748ad9450b4ea94676a195769c1409da8106c0cc3ce4874d4f8ee57ebb3fda9bc33ecd494db9eff92a6369013c52cef6e8aa18de284 InvalidSignature = 1ca0b712162c8f1ef2c443d7caab390e844e0859d337dfa4c42f17afff26fea832ab4d7bf1154ccbb88f7220bc0fb6980506d39b8f8126acb1cb56369f799164ac9ab702074677abf3d6eea003072b49f70f3a9d11bf3cdbf5f4b6adae5c5b6cb4b75af5e1a8865fc1bd9b09ea35a5274c4e3d62afa575bf85bdb4d87725ee84 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = a5e2ce04a27a898b29d3f51c2cdfcfda59674975a94f4796361ccd7e4cb3b8eac263ad398b2650d08824b6bea0791c9c1338d9b70bb0917275eeace50e8306cac187e89a30dd38f391b9ec3dbb60c48d802f39c93edfb10eb107f44e0be2e33e4753686fba26a9baeb9981e2a41b3075495351f369640d3293708f016b5bb70c InvalidSignature = bef3928d30828d0f473d1bcadb04c4bc636362f82bfed5a3f5caf3fa1d50fcff15ceaabfde593f997315b1163c03f80c5f668e32edf24cb4b9f0ea069f9cba9ee4c234cb3044222310046bdb4cdf003033de6a483ffd36f01b1bf205fd79b58394f477d4eb88f6e4e2b2d3aaf56a9a44c1f5a377ecd755dc71812e205e0cbbb5 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059c0d7 +E = 0x59c0d7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = a8a186db7f996a09a652fa6c82eae8be7886d7e75ef46dc2308faa240563781b419283730bf74a7f020877162b016bdb2e3f1ec1c3e926cf67d6152153ab0830ae447d5302566585ed527b68198cd38a6d9cb6e78504adb06014dc4b590b919b597f1d814affe3a3cff6ae6c32d248549e6648618e8d2bed8511a6ab00cb3be5 InvalidSignature = a5f4ea68ef0aeb4b95f166f500ad95ed68e876743add1cd884c92e8c1e5dff02e3c5631e244efd8708150e1bc1f848d338bccd7d3c74099bc4e88618349fc3e51b50c311eeece26f21b63fb3d20ac52f4f20889f148bafe24ffb5a5e913b83849445e163c4b0777e78cb1420848936953a58b73d61a74ff9e195fe9c8a989f79 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = b47e91f13b8cbabb48637ddbf28ad8a44c9c823df2932403e146c6298c3187a12c759240571f4d1dd4add43aaecfa566876a9d612fe223427599a3163db33ecad31dbf4b7fcdd1eb5a4b70075f709ee6c56d57e58d10c6d15743b99579d65315527e0059dc1daeee81433b8930f529eeafae991033a4777a2e4cf2ed68202f4b InvalidSignature = 6cb1e5a178a8f5331e7b93ade2ec62e75613f5b93b1c82a3c13f0d950ed14f1f679cdb0c3d11d431005f4152e7f19347f0daa308652aff6d7d2c162b6486cbe8588ee1e8d3a6e8a5cef12ac61c1f69ef88ca70c8c600820075fe844a6e4d003e722586684566b17b51438df5e9ee2a5272add516430beac83704ccfe9f3e32c7 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = f5ab2af81fa31cd0c85348d948475b195bd3a5b26c4b7ab71376d83edc4149b74ab10b7c1b1b6fa9ce977f2d63b2e321626306591e4174393bf287ca6ee7420d84467d90a628423edb05787bce6cbe71d2f89aa4237fd3cd6e8c1be59410f180ac54c65c47325f3af7857aec12deb4b0b379aabc026f5f1ab52cdeb6d72420b6 InvalidSignature = e1c4ae4f01ae882268b35f11cec2b112816063506ef8d1934ed7f3ad76b7a12a663fb965321886fe7eaf05abeba8bb57e44c9937ecf0515862246f737abaa80a127ba32e78e650d236653d36426589e728387f1adb8001b9f69007d5b2d504ef5c534526a60f6b53d006c7ed0230a7ec9c09d80eb22a7bdb07f354a0292c0e22 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 +E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = 31aea9d1beb7bc4f5fc7f5a49f8968654fdf7c2d32c84199fa87039773021fe1ff6815c44216df261ebc81c7e2bbe2c7bed2da697bfa8c16688ef6a598afc6d94ae76f2ba90c7dcab66825e182162118a0afbb5dda2727e423f1156ccd6a87c5fc74e08f5b613e440d140a79e762ce60dcbe4692b816b90b12f889767bf90aac InvalidSignature = 103aa0873b0d2045b0867c084fa7e253c0119c91ad3c8144156b61f36fcda4a5578f515bf70167a1aca05b8fd168287bba88558932d54b218e822bb8c657067955c78ef3f97f3fc73d1c9ad93c31123cd519a17a82c4afd2bf915907433be789b302a9cb7cef11e93c07d35961ad827971221a0a3b26eb74445e6ea0db338b8e Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 537427fc226d46bebf3264621d7aa97b5686a277ee579f745c1e5955c6f4d8150dcb945c09a4db50160372aecfa07f191960a6b2648373e82d1ff892c7cdb73b5ca2c2bc2f61201123ee73658106d86ff62e0f01dbe9dcdeb92eaccd0d197ceb48e1f7451a0adea6f0dcadaebc137c24f4d8238dddf0a1fe0934bf2e1e41f0cf InvalidSignature = 4ac98f889b20bec85506523c1f6603ef0acea62d294e4f769b3a4be02091c246b186d23e5f22cfee7c3864f19f414c2760b30a725de04ed2bcc93cf871adfc94ac9a1282cca0d3670ea27a7ebc146d3981c6a705fbc7738f96adadf5411b44eb1c41ac19fac996a35a79ad34ec1d6d10ab062bb59d92bd9cdad7500864c6721c Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 3151fcca24364d0fe8733e86e2a6806c6c935a3c27249dcf92aedac8dc76d22ff7742e5cee57711778c92afdcdf36e26b8448504ee6ee48e9eb25b9e495e9098d494ac4ddc4c541f499cdb652638b611b0353090ac125ff1fef8564a78419c57f038dd65951fe06e8377b986947b407579eec1a60a16f540db0931921027deb4 InvalidSignature = 9875f7bb194c63b53a38a06524b2d1300f1b3db33bcbbc6fafed33ed7f49ab2bfb0a4a085bd4e43e43515519aec4f05578bfd9639eeed5c57f4eff0f0fcb4bc1d21ff0d18a671b39808b72b26651c93515ce97358b850840a7fe4c513a05476ee447e464183793f92aeb1a34b8560f590e541c7ebb504f6fa839db5b59a92faf Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 390fb4adb6b1b14c59872d1584b5d1e2378fae4a3efe1923a725b9457944de91a3dc14323314f923c85b4bf14a4f45c3d8dd2c9702aa25ce39b249eb8330fb9874bd79ea59bbb2e5b6f45843f37f357152e4c2db247ff6693d2a5c49a51668f090fa0b5b9070859b0a9b7b90e70e49f58be9999c0b4535fb9ad319e845bfcda1 InvalidSignature = 5df6894b07078bda9a4b3da89c7e92d98d66d3e67381adfb8e1a2ce8cf572069a42d1ebd39cef5bceb399c8e0823d25b594dfaa8bcb270a9281384b62341e91bcd9b25252dec25aee0c71085fc21cad423f65e144eec0d3e9a700b8bf7e92ac06e33ccc70f2bbec5f7e355fe444abb0acef58cf978e10a4a953a6ef0d48214c5 Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c1ddcd +E = 0xc1ddcd N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 83d4b9b338fda00d34270963c6f35c854ed58ea8fcc7ffb8da3fa3f00d5e61a7586ab86de17ea8563880d0969554d44e614f01a6f8ef341caec9f71c10c2eed06c82723993267b7fdd35c3856ed628c1b840524b41719733a6231b18e1fc3cf6c7052d40d45de02f2b2f2a59d9e122855a8ecabe5eb7f1a6cd35570d087213c2 InvalidSignature = 02908246b1501dba9daf82750fddb095f66ef66e8b26fea97ccdb120a7c9f5ae0faec977b37d2a7c3c4873fe98139d85e2daa02bc9df1213f78c5417552cddf3844952a4295a6babd59822a824fd3404296532a2e8dd004244bf95ad2282319ac07e31afabc092c25bebd23d29d748e60cd6f8c5fc0f365390169b3a8da1e38e Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb +E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 3150fcd0fee48e6e623e34a588a99cb5c202bd0ad8bfc863a0305b33ce05f8470e11b7aa504d37c66320dacbc6dd3255bb8eb6499cf0baff72be9ea7c43245e5adcac8bf31486cb9d1fcd23e5d456e420a563a26c536acdcc60ae54b67972bf5370399d74adb1590d45b83c6f6e938c6d8e2b26af8998640c29d99e8603b93be InvalidSignature = 73e59071308a443d194c43ba89bc5700e0932699b8923a2a8491db20433d90c80289265cfce1cf419b83873bc5adadf42dd26d367819ddfd5110c31e7c1fc7b86f94e782c55023e21694cf05eb08eee9838cb35081847c7472840ece7252c2404d66f173f6c6c74db5f9d247d93f1ed077f37e574804a7dce99c03f393149fb4 Padding = EMSA4(SHA-1) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000645c29 +E = 0x645c29 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 6c0e15a99f9948d41980d7a37a327eb280c70a6b7b9f6bce01460b6ee29b5ebc5e32bb8896f66ac54113fe8da013e465b4463dc1ae68e9cba77ee4609101d65b6e3ee517c0fdce2f40613488d20f3892b99249ca07ff3d8458d4a1e7c0264e3902fc3d5d03f69d997e32229df86f9fc1f773d78f6fab91817d12ea0b5753efdc InvalidSignature = 573cbed450f945f56497273fc3c1731d6198067ffa30047e38d1e6afe0aa643ae051b6a19ed64ec81a7621045492cfe8ad18c98e58b6238bc77c24186290dd990926a9fa6ce06eb0891db942c07b44fd00457cf277b12dafd0d636766456254b02087d0e05253f1fec4cdcfd65885340b6c6ee46bea267aab3895cca4ac8dddf15ce1157603f272551c47d792709e94a894b236bebda73af22d840c34d59e5ebfac5ab3f52cfa43398dc14113f45f5ea5c1f1539dbb7cf70bd632931fac73c26bd28b9301338a22aec43b8f7564736543af56198f962fc30369b50caef1eda10806fa70dae5c072f7f4ed1fc21e89d7986aeda084b5c4b8e51a2d9275ecb38b1 Padding = EMSA4(SHA-1) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 064206831cd415425cdaeb49ee727dc90e74917f55a723883a340877d85ad1a5f264f2c834d824c7bbf207cdd8500c9d11ef922569564f55e211f2313f6106250e321a99e64d1fc6eecf11c89edadaf4ca8a736bdc2b4cef61a9eef6c747dffd6494c51fbb9ccfe6fb5b5161c977ae773f2e7b7a358ce100bfe243eef67521d5 InvalidSignature = 385b551fca5e32d9e3ddb5dca31464b14cc4303688c173a43e13a8f036a9c9184d5573122398ccfc5f5eef01c3a0b29d25aca8e388f6cb84720bd6bdf32da681d431b6de9feadb4631ae7fb1e2aec9a30b99f82e620246357c4588b0b975c0a3f6797b71dfa741dd0150f9b614685accbb7609a5c511be4d522631c3f9c84e308c6e7034fdfd78da43eac1d45983c653eb57677d71309588cd18b6223024c2289c8ff5bc62cc7143de19c446e56c0e95245e84899972832beeaea36e5010e9bd7df8ca0bf464bdfea13ac4ea1e57ffe8f7f65a5e66bdccba127f08fbb808d4b9a7288b7f3f2a42233de496833cec587f360e135a7051a0a9fd24d9bbdf0fa10c Padding = EMSA4(SHA-1) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 624ef431a1c81e279c7f3e37609ee57c27c44333ceaa3e7a8905c658d6ae62feaf000f4c04814b9768c56daa0b90370ae83bae7f3f5929cf469aa9cd1cef6892feeeb50bbd79feb46f9a2fa265b23bc75ed3f772fa6a2f157221f44b85033319b6e18c74b4f560041ac62c28584b163af153c614e82577d374634edbfb34ea1b InvalidSignature = 3162cc1bb742edb6bb18211dc80a5fb1ab196487117080580c2f28059c64fb5aeddf40d98b2cf95024f8dd9c1698f06572f7f1682b67868749d33bcb678a3dffb9e4bde290d256c7090212844ff279906291002bff161b30e256b7e57a65f5c89273956a0a92e1482a90dc8fb2707cb3b64497c6ed40bf89c5b73de759a8a40e2f95943aaf6ba80946704f9171eec6d68c11f4158bc29141bc1b31d8ccfc62e9f4221dcc4451fb4c1619765aa230cb3c487bc9a055f61360e9c42e938f16e38fa4257443b0939c7d5506c4652c750f22788f6db34b0df54c8bb1ed75650f7434779041abe1b70c403933beefb3d22892849e00206d01ed74fe1376128a41e19e Padding = EMSA4(SHA-1) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 6305a7c4512d7d903eae65dc8e629c81060da681eaef9240659a7ff12a025f4e5cd3fb8cac07388ec1b79859dc3103c8bc4cc880bff8df274b1971d16c9699bbbeac6d3c8e8938f83c160a57e31473363c6a8bdcc0bd352f0d42a5278bd020844f3a03bc40db07387872c3bfed3173335010f77b35671fc075bc25dcd0d97b0f InvalidSignature = 40e1afa3895d938a9738791578a343c96095db0e72025dc2f80fc94a64143425abd96b9a3b5d039a5645c2fc6e70bef64a3deafd9eb6dec041c49e04f86d038a61719364d4f3599f13a8ba047c2f88a9638c75176ec15b26b3b37530441a120e8431ceca4c63c592789a1db9bab49959d593b273823bbab46b5178a8d1a79e7f93c03bb0468d5f64e5a0f5c607f38d4106022e4eeddb34ed457dca40a4f25fd9cb68d497b42d961091e4a06e6ad70a2b76caa8e267d54f8ea9aee85d4f8fa510b5ea8ac9b458eb0556566e8a71145a733897e0098dcb540dc4247a0f5f8b1e9735a636a4561e96141e33d3beb629eb90613c0d23f8330d3ceefb11e19518d219 Padding = EMSA4(SHA-1) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 +E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 1c9c81544661aab0ec7f6296572cd608cca51f55b4c47c48fad5df9fb5a6acbe07ddbda5448ea920570d463d62016c03a5bafc61a1c521657dbdd6afa863a924c0f1bee7b3ac168524b9116f103132aeb17823d2a2caf92b4516b83c62101a6d10828c00d9e27a46192acc13a7e4b16fb7849b8efffb8b0319898e3029d38701 InvalidSignature = 7a5da603b9e8af2fe8787abf9496c27324fe31e2967cc6451898587da67c337cf03cea8a528465649f76da77ed4b23b956be317ae3929aeb0664ad06a6bd83a9228c7a31f14fe54b879b8019e4622af59d31c7e4924ebe0d6260ff83013f2f684dd34671cdbbb9b9937f5d8cbc13d222e3809a757d4168d7210039fc4edde9fb23e27363848664ba10a750a7c3f3e06559303762acff5c1524b369f5fc8b0768c4c465a88720cdbba36ab49cbd6a95d4cf15c45084a84d7f88ab61d1546cbe1d56ffb29e9ef80115f67c8a962a31c6d4ca742ace4b53667ff9bf44f7a1da87648153e26080560bfe82204bdee00a7db0b14be0c00eb29a4e9311f620cb81e314 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = c9a121fa15bffefb864fe3cfc2b1bf775886be3ff5151c40daee3c288dccf43ecfc02ba0cf8ca7cf9d4d206ee15e9947cd78f08f501eb36b8d3835b38bfee1f52e17cfbd66029513a6b66046988543e80f46ce1a3db3e30a2610c5b9540e7202ccee33d842e971cf89d0cadd4df0646204388167229e54238cbe14c450c44e6c InvalidSignature = 7d081b0e38d73256476358c013908f3497810ac4bd5d76252f3ef440c5742ea552ef5348eccf6ef13afdf616288dbbf05a5b25e66a8745d9ddf66639ca89366e28062529e80b655b0268e922c8d77eb8ceee830fa14c15238dc1442dfdaffbf92436c794c24f6104374bf131616bcf4cca12608cee203e7eb0eba04556a0a0ac3dea9fa39dac8082e39f9a739955e036d0636008f5c3c4f823a5e6e5229fde6b94f986520de9b9a77ca34ccc0236762c77e33e105a9346553dc0e4469d3929ec38e8813a551af26b0f7d9dbb12d40b7d9fe195948e1ea1245362b01faeb4157605a9ab5158a7bc4df644f12121b03ee22e9f23fa5f40067b333b865bf3e41244 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eaf989 +E = 0xeaf989 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = cd69ac8d1c46f54d46cc9aff98e078521357a36177b91392a0459abe15351993df43f437976bc32ec3f34b7e63a9ac11c66cdb5aa2ed533c64b70827c56d9d849e53d653fd10501278b370e1c1f399e57bbba2ea4ce6874c34475e171dec8d6db3a33b2875be04c10c14f171dc48a795da4ede579d2a158bb7fb84d745395317 InvalidSignature = 5725c1ac60b2d610977fae6c52a94155d687d575aa2f5cee817dbf77e1ed692266c0ff14a2105b343dcbb075c43ee6a839a64bd1d151d3801e62f9d76c8d94787c29d1e88ca2ea7f23d7ffe1aac3d5072f556a8087516df5dff9fcde5b0e849d08f1b42707d2cda2eac462bc8810737e03d47dc8240db73c3ccf7106886f8ae9c4c36473493cb5242e2d70bd5c36be35ce1e5aa5286d6439b247fb64ba06af222b133f05d39e6a44a1ad6ad567b9e0b5655486af0b9cfef1d714f311dfcd983bd90674f964f64243be02feb3a202cd5f945505826fda112bba3e5b837bdcb9e974953ee7b1ad7a6e21a0a64268d52eaba083c6719632c21e6615fe4395ce3f53 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = 23708e055e891826f8011b1f48a1c7ad24b5d008f9c91ec31ab1c5f358cc3793d389b927102913a04bc78c800e96153e026bc5ec067b85177e650defed730fa7c71cb11f80ce41c1e9eb24a9bc121008759f7cca6475547601fbf0567f6447d9a4346035d7ff0a507b74cde17b9b20d2265bdcea3e3ff1a84b7a5872352849ef InvalidSignature = a8cbf34ffefba916abf4961a6a1032c01bc4aeb8278ba42a18f4f67fdfeab49ebb05cc289aba475a9667649c6ecf6a8ca17ad81f17d5109807c2b260ac440e134e55ee429213cb8e8a2314e7049019fe95ba36e3ec1ed1e77108e4fd84abee28423996e3fbba3d38b285a055d6390d3d8f5b21415e6874ab37423efea5726d47bbfed125494a2164eab12394f89843f8d8a5bd3bf05b31b598e4caa0ad2a8cad4826d238e4ab8d005379f100f97398d896684b08753c89863c224d65a475443d51a91ed668cac691ea7030aa737c3eeeb9db33cff17ce9a8e399bb2b3cdcf2444567398db196fc86ba76114dbd13096cabd692b083fea1c7a94e6564c2e8c093 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = 0af6365d6065dfc44795d87a8119fb44cb8223e0fb26e1eb4b207102f598ec280045be67592f5bba25ba2e2b56e0d2397cbe857cde52da8cca83ae1e29615c7056af35e8319f2af86fdccc4434cd7707e319c9b2356659d78867a6467a154e76b73c81260f3ab443cc039a0d42695076a79bd8ca25ebc8952ed443c2103b2900 InvalidSignature = 3b32dab565d2f0a5ac267ba8fd4c381f5b0c40f20c19f0dc7b236232a8bdb55c1c33f13f4f74266d7628767763582bb0fb526263e2a4521e09a3207ee5fd7cfdcdac85ccffe3e1048f590dadc19035bf2f3b5b954e8c783f6bd3e99d98930aea8eced5e3119331be1d606410d16d0e5ef069179cd6b513b94b36c1cfe6ad64ad285e818b58c4c89bf9330c4bcec96d08ba21a35cd4851da1f405d928df3fcfeb85108171bb4ae5b0310193bd8b5b861983b7a2483ba6bccfbf2d6e15bac1e2f2f8363c6154546744e301fd2661ebb3a29030d269c8954ace992b075c63ac12a992eed4956cb2a48495d82c47fa68e66740d38a80caa69190b19730ed7d72835b Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 +E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = 4cde2a6d9ecfdefa3c631c95aa9933634ae12668db8b53a03f80524b8130208816cb7d2563b492b68033d7e43c6a3408618a67f93946a521508884d77c6318e91b4a5c779c7fd40841cd71d7227ab56e767817760edba9ce2290f8da504b341ee2c1910b5018ec18059bb21566b3febc1112018a6232a7cd3cfe77fd06cfbc4f InvalidSignature = 4151dbee3d483d20b57b51d80bd2d382fc85575fa031582a88a135b2615c0a079bb08c2cb7ba6020c35706aadfb6bc35d69ce4df0b2e5fca1ea62a807e9765501571d6d123ae114afc19b26ba4b5db1b0522859d2269117059651053b9d72cc253c90285652a7e3094dce3eb5c9ef5fbf35eb268e3b8fe693c2bfc4bbb8682d709a12f3038fd04629bc48ae13ee91112741dab717c58856cc4215eedaeedd57edb2926085ebc05d15038f0deba90b00e18e710e64d31ff563a1ac88ecf9cadca2845babe9dd26771f0a629976fe13ba14f7c9ca37b98bb3a9d96ca9d72273da78ff3b17f6d7aa2645c42e3251e9161c958bd6f10d20f08fe2437aa79d73f9081 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = 7518c85b67e7aef7f26bf006899faef76e076f0c6c946e5dc9c83521771a6d298a9cf5adefdb314b5a07a54d8054c22b879fff50ba552c218291033c918401fd611a7447dddad4815e0f56ded825bfe256557622a385de4b4a69e265c1efd259e2da6db19aac3fa0e5ca2d42fadb4e24c271fc078feb2be10b9afa256f228844 InvalidSignature = 992d48b21bb3d2219b44e8fcc8633cf3aeb591de90f4386496ac7ecd284cb63d7dff81a50b8c4fed9f2ef737692ea6be05248ca138947b49b4e7f3cce6640e049ac2154c40f57e22fa14f97e7a9507e1dc98b206ce6ea0e180039199d1be0a15d1f5093a459e5101aaca2a23cb1f59cad2f1fb99dc956b9d4344bad2c1121d63b915004acbfc7ac60ac9a7b0b1c6812b30bfe087f7f0c7d1625f9c4f458515e11478e3604aa39d14d08bea30b01fcd6189e6f9b701d360e4714d45556b29815c8d8fa8e46e10749ba5e8d445a4c0f487e70ab5890b7ccc1651282a54e87e7db4bb2f7d4a671e71c43c55cf6486416f171d1955037474d06a71dd078767848e5d Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = a3bf44cae8aa8347fd07d84a33eec5dbbdd7b6431368887c988c4be779c5473dd8c33ec82a35f1d3dddfe55f3eed67179b87ce86a4a50088172538fe9d1b06c6ef6897eb3c8e3618cfc21353ed4343e7fceb09a2eb035441cd5c8829c79b81582dd5d69ae85c5a001bd8e98e069961342a2bee00ad2b8b91015ac5cfc1f0c2d9 InvalidSignature = 877f20eed60f8ce286108a5dde9b6828b37e3fbdb08fe153e591513897440f21f81214598fba08ea077394ba8c2a44aa4f0d8f3a5fbaec3dc69b3bddfbe28397c90adf35d08ea771c7aaa31eb06413c1c62b77618af940f4c71859fa4384d29b48e5cfc941d69bf0a3804d2008e758742b8ed68754bc71d231623d181347c36833a7d7160f742a37ce7d432d748e514aa7d8156b50c532151390d086cdcf9d59f122c6d97f4ccb737289f7b00a237cb6b4aae6ba79d41ff73d019a26b59ade04c967356e2aad52f115357ffb7676f190db38dcfc98666e5b258559c8c85fa32942cbcb99d757e8847e56a1687b3302415698708191b136d923349b02fe38b6be Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = e1c46c309b6366fb4d56ac08c9393cee9a7c95bbe7b7c0e79a3d9187c0f42bc33364c28a770da585e3fe7b4901a3ccd037dfc42aa65a3470521ddafa835ce2d16c92ac670bd4d086505e608781736dc4dd64cc5080ee19e586c8fd1d737dade5d378b32f1d5df1e8dda0e32a125024b2d53334943c18782d7e69825a580093e7 InvalidSignature = 8ed1f28fd16d45d416a21554e104c006fd7868e5895e8b99831ae0938135b543610df64a8c3574d08118bfe396f9a5609a8dbda21b9a8530ff0ba90e629d6abe30d2c1b590600db971fcda80e6eaa84017e209b9bd3b641f3c81d5d27f842bec8019790ed99a0e5db4aedc1c070b047c19410cbc56e9a0ff12d8f6e5d7371b1011ecfecf7be7a74f94403590a52f95238dd69e0b5f4c1fcde97ecfdb1acc3803e59ad8b3088b2bc509e3dd12d40d875625dc8362c579176799c75e4fadcdb392c68f401f68d854e46377f084c081f9d83743039f6934722e30ef3f0226bc841d79a4eb68c5cccbb6ae0e9200444e50ff0d0953047ef955d2d39a70c3b837c5f4 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f +E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = 925d59f953cb3ffb6d5a3a55c079cb1083997536e33d7c8aed50ed76aebcde459938f79229613200c70dde2ceddceae08c10608aab9e30ec51842f14a65e5f8f553471da3497881927ec400b4207ef3e2dfc2b7fcd318c9520b8b22f69dc8a1a8efaceb7be93cbad569e67db062362913005dcff902018ed22937fad405fe84e InvalidSignature = 62b07f6d1b8f13651d7f22ce2ce01061090029db5af7dcecfeafef20621dd9e254a0fb914f76a3d79662257489cb8122708583d30778791a77da83c7bea81140c61e4d0484806e20fb85f24d1bbf774ef2ed38809c9b14f2a58c6e8649b760baa901544522ed94bd405c77201d07c8d12864a8d1e97a4d322c29994b214fc83c2ecd5c955b9bdec424e7ca5a1325ec0aae4ab0c202b980a2187f096aaaaa5e85550ebd325799f4f30ef2ead07e79c7a475667f5965e6b50269513659ab5962a391c43cbc3a3da34c0fdd1546c40ea7e2eb5352ce6a06ce6a6385ca0ddd5d162c137836df9ea1f89cfa00c3eb1671a43bd625526f3b6ba8e48a7a2d56fb4f01c6 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c6cd1 +E = 0x3c6cd1 N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = 08d3ac24a595da811cc9bba78828f1452ff390ae653f22d1ad91ef6b22aa7b7b15a44ff7f83efcbd7a755eccf4541eb4040c7a4b774749a26dba3937b7f95c6c8490e3383d4f291dade5f35a65b1f6615fd4998be18bfd0ba4bc3a2136ceec909dbeef513d6f6689fc4202b9a3e78134877374d76ab246f49cbe7a8f65d034cd InvalidSignature = 72ea7d669ac699a149c13aa168eb3e148f590bbc0424951f1c3144c541915573ecf05cabb5275488c98d0ebe55b1f1af49ef8cc72cf00e849897c6afa53833caf9ffc00eb84cfe55b8277e93a6ac3e04b111c9d07ad62082ca32854c40de1e0956a18f8460438484403abb91e6fad12b28f114157f1b6ef563d2fa438ccb8a16aa3afe6ec5e98365c30d9a355e7e14b039bbdecf59f91248d0f1e317d2e3c819096ed68cf98361d7f9310b354f4f45e2f7c4dfb82c218cd438f3174a6f017f0f148a71c40ad5b7e2c8081ddbaeaa764d601bb2e075eb3618aabaa4b5060022c6d23ef072643686a759227daef0331b28ee76da4ab3b5ad5dda8991b9937d1a59 Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbb343 +E = 0xcbb343 N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = 329b4257ece34ecc0185031b0bc665c9c87ac66ec01a8c69281734d2076e97b0977d6c6cee140f86ddd0818719a4af3798b9f70f3e78e8f1b9e54917aa2e5d4a05836654ba2968b795ca2f9f621093165672fb77aa4d20258936147c2c8f8208445837f59848e1c7ef1c174c30309acec84cdb8c4cc0bd6c5fb39bead7b88d54 InvalidSignature = bc7b0631f92c7dfb0e3e8694650bdc73623d0356ad2897aad8eca32ef4531263f3219e0af3ef2fa3b8a3eb878b3f9c293c634263bab59b1dbdee04afc3fe39dd8bcf22a0052e6a081d3b68399294c8c6aab199beefc49706eb3436d95bd3e655d21cbb0fb3488052df8819594ab0f9138fc5ad4e9e3521425e375684d94dd74b9a3a7a858aa1023e967502a38b67ed3b8b8f6086427e8c8b4ca608c4b394fc8dfb818daaec3d4f10e77f51d80c0a103569dc28814a80eca64100d9fce5d6b9081f871bf8aae624f1786151290c86dfac7643b21c74f4f5313bf8b7693dabe4c816d7d309ce27f4b08b59d6a26795a9c2278ffa2185a1af12257a5a6de57c1a41 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = 3cbc49d73addbe2875dde779689a363e42cf88b3e13ab520fcfe655ba246268fe32bbc3dcdd8b8809aeb4d95271f5e9aa828db969bdf4ebafa9fb1e7b5ef83705f611b2027ba3b7f0b52e85148be796015adef7b901084bff97e87151ed666fc16260d8932cb6eab31da61b4b3bfaf15f1246969aa157fb661618defc543f8bd InvalidSignature = 37c9ca333ade423c46419ea16c5d79f56165a03bd5c674fa0127500a1bd7f5c2d21547d7bb45f558b3b986624c8eaef4db101e4092dda2b4fe48811ef7fa694c1384f460087f81cac1861425e44b86bc2fd825eea94b645afa4afca29f632edce048aea9e1365185a60821e4385de7d7435ec00d307d477b2e6a6e3cde0f340c71d2c59624a7ac8cfb838f68b436c403ab3b45f9a19a0a14ea8f47407b7e25e51a498a902ed8eefe9c493421421695a6d17a9cd5b76efad7b39b8d584cc2902c03422f06af528c6bc65bcebd8876b5f4d1ebb68ce22af5de05105837c15f5ff5c4d41ed8019d6a0448c94675e192a51d5eade91d2237ed57773cf3b37ba3da71 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = 59632917bcef9eaa6edb1bb6013bef9e5d285fe212c49b44ed78f129ca804141a8aab16a035aa1d25ed2e25c1fb022469fb8ab0882d44e7f4459994a158c5175e7651c54c5937db266bf052c0215c8d764010f2941364c16c8f553797a8cc6b63c1dd19daaa01892af2beeeb5271c89ad38af10cf7f27f51a0d3857ca0878a4d InvalidSignature = 77a69f4fbd9456eb8cb973e2623d8ea83df850f3c7bc7c8f976728f11b2daa6204ec45e15cd36dcdba5d88bcdeca490bf488a32d12be8c93d9fc63d2a91fcbd79b4bed113dd98bf5b93673a1c143828f47935aeeada7938c65717fb8b370cf649134f6fde56602ba7d6f890ba166d3fe1c51e7471c98b661a6022d7d1d0caa5be5d140e94e70cd1478b9b33622ad69559e27cd6878925cf07f37f5dbd1ae457eea785053d06e2e4d010fd885b897f743ec09c2b06f774407123ac30cd91f81080845f885062fa4be9da31f4e6f626c61a7fefbc123e8b7b80978682b773b5537b2366d1118f506464d27db3991fc2af283abbed6d0c552120f82f906c38c2e0b Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = b9403622a632794f7cd74fbba93aaa64c8d91b63144fe7ba23305c4cd135652d7a995d1c6cc2214e9b24696e976358e1bcb7514ea8950d5ef38ceac01a6d8671bbae8d3a0810cf7a76809625b53b360de536e56007bdcd72b15a60bd06f8ec27e6486f836264ac5973b37eeaeb0c6d6fab1e7fa2170f507fc763654c7f20bed7 InvalidSignature = 81511a0c2eb37d5c6fe2c214c55d6b0e5fcea17242d5a5a9eb4568ac1f0af9b8912498ead877ca43cf9e19c743c3d8ea6f4e67301de53ebb81a1a3eaff67d72e450ffc6646b6b45ce8826957b9afbb13f571c38852c3eb384f6a595538ebf467414f3522471147f2ccb347284d0873018bf6329f33e0b49f4e86338b423a1027a6c4718187d19281aa896a286b6c89622e4cbf4cc6cf4c3ad4443516aec8708006dcbca5f42c9b943fc8cdcee23d9099edf61185635b53ad4d8853d8a511cdc50e189cc8929dfd32f9dcdcf2754adcc19b855f41d25620b65090180ece407427e9ab602a38f1f289eaf3299db856cc5bbda17de17a74bace89913813d147d9ac Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf +E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = a95ece434121269f4bf036395e54718c9b3b247de3534fe147b7b540bfcd2fd81f6e45e54848ff209b81f986b49db65a54a2366d9e7acb9d8798289c88dfbbf395bf3d4653a187d98685a753c8e933c281eddde013b6489555101abc4357532af497ddecccf263d1f242672904008fcb0a65405da9ce6ecf9a65b3295afe9e87 InvalidSignature = c878b4b14526efdfdb99f7287c0e871ef6c0aa7b4d2ee29299a782c8391ecdbbb60b8aeaab5343dffe7ade8af07156c45b16842775cab5201b3403dbd6bf0769ab5533d4c40deddb1eecfd8a46b933627d0d25893f0338e6dabb2a778649ebb2193a9d7c99d069c6c209b4436eda411184d99be0f80e3b293b5ede00f58ec4922fe8e1c6de04e58fd443d1cd96fcc9ca4bfc23343532a3eb840fd5c197e7795f2e3982a928e602b1e8f5cca7ea20da049eda313b1ee8d4b1a8e7960e4cfb5b16082ba73060f73c02716324658d3f00a3ff0a78dcbae103d5048e75669053645156f6640d4f6d1645d02e772dd8e70fe8866cad5ec2878ea6fc5c47530bf9eaf0 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eac839 +E = 0xeac839 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 9c3d5d23d2746d15d616bebf3cf720c6e6012a71cae22002f5021a47d0b8636ca3bd201357e132a680fc5dec9b28a9db932d08ae8b3d3a37d7e2ee754b342a69b94fec26b50412289bcf77e6d4095faa545f15a16783d22eae21e18464150174e6db0b837347d440307655d56f0409db307f9773e81cb19282a93c9ca4c3b135 InvalidSignature = 98657fd8163967fa7d263bd45bb890035adbcdd1645fd48b28febfb9b4e15172540e38b7c2f673c40a205fd40b08b60b4b81ed6e236cdf08f0d6b11f50dc74c60dc466ac372e0f467883aa9a398f4aeef87b040e14a51502dd467e8e8dd89812dfaf6b1dc1c2f6c28448af084590c05aec499dd3b148e66f3d71cf75e239db6d21f4074b8bd9a6bde5ca668634bd47953276ff2d0ebbe01afcfe0e381903736d6a6c672a45fba4ee326e342dc5925169517c5f57e9290724576a225ba89cb4dd091f4e6513be10dd4181855bb4045d6ef6437c16d3b5589ef9d6836682711c7d66025ae37b525580f0dfcf3db7fe57d7c6b15777cc41600307e58a1721b6f7bc Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 7759420c8d1a39ba0e3e1681d9b757fcf30cb40d844f4a71224ff998520e0bb44c761611ff4723a455540fe6b8ef32e3d5a23f8da0206b57987ad2ff4c9616ab1ede493847350dcf1b2ff9b98e813f74f8b68c0615243091501f7f28416c77e174f8a32b6cca3e62e7379ca16455c6d8e3b2651eec45e148d2a4c9ba3978767d InvalidSignature = 91ce8e921f85de845b9bf7503dc65a328224d15b23e8ea65dc3da6d804fbef196c305e0fba059a7d842c8c0f580860cce77652d4dc779073d6a3b0a92bf2dd3ec6c0618da1485036fd594bd962f7b5a1c61d53f1626912c7e312aa83eb4326288a52437c7387916bcb11084a40c219c84cab2ff66e83143f858647f2dc914da0c7858ba39aa8ad8147ea5c9c52069eb2b2ca941d8a5023748dc401e7664500846c85cadf0287e39b8b8b46794a82bfffa752960ab3b9eaa02530b5903c24aefa108f10aee35b6a8a3cdf8795a182e5c04ed36bb68c18785623b42f0979fff319112e1514cee51db437ee32289f61ded61186c6ed44ad722d18d556821f888221 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 864f4f5890a03653d08daa83d9e2992fab3393b7ee152d6f7b8ea3ad1ec9c1219a0e0365eef2fbd5d7cbf3a19667d421f3fe46688264191b2583e484d209ebe2975e4603dbd94015e633febaa43c615aa5cc2cbd69fd6ad9db970ae81bcccdbe8026625adebdcfbb04ad12f589c70883c9878fdf2a46e750a4b15f03807a2d5e InvalidSignature = 245fda2e66d2bab102d0da4098d751650f5ef4738d14dabe866c782009ead9d6d05d43ac0a3014a382d62ac971ee19798f3b8ef49f9bc247fa07b368ac2d0e8a4fb210af5acd87b6b512e135861b30103403304732a10b75c9a149552d1ccf0f9912968c6431398b7d48dff48cc7cb7184e76a0ab94ac9a6b0035b91b3eeb2d1326ebddfc13250224538c143fc0dfa3995926415a658db8e6691504050a1a30e34b21af8d12707bc4454f174385cd84c729e2ddfc5cc9178812059b5da4a1a605a2a81642ccc1bc5cf953965f705673b12c5b46ac8c1a03c1001ae4df1c39cc83cb54b10cb7d33cd5108033c268ceeebba6c6ada92882f46562dc658d3525574 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 71abf895e56ba8f6ae8d0e9e6690c09c759270a73db8c1aa95d05980793537fbfff3472c8d2c34de4abb7e64d216cc952e798314034197d50996a2dcbf4c33485e0b68910baebf0e50ea29bacd3060372bd47b13526ec04bdc81b90dc95a8ac2743b814cc5b9ef8ca9633628bfa4248b55eb7f2d9208e114f4dac69bfe27e472 InvalidSignature = 243c570cd1bd85522e64817361cbb949c83876d7a3609513aebf506fc06750ba38e820232c98acbe00ffa50b36c538560069fd13992ca0df7d9f6d956b883334f1c3af8a74adeed5be15b033d85b207be2fe600a9902d699ccef1f4a8d588672c446401eb390d174d572b918f9b349e2e704775300023850a534cd14e0046e385181d345a01dbd230c7965fffd71d4e9f9bd274d2ef46c556c7332121362e71706c39f08919efa3a4f2f142150c8cef4b30ef788f6fffc2ed2aca0262eba873a251795845da526b78e2b24d66f21d40d5fcbe5542a7553a9178be5a9805bb53579bd108cff733b37640789318db620a6a94444e9203923ae325500b676b14798 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 +E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 4b648de2e390677ce1727191498b76d2d2438d0ceddf3db502ade5c5fd815bc70965d42f9b8d04eeb38986445fbe7dd580177c00d0f8a36c24740be3efbf656408e6dd73adbd45b4c7196fb86f40da17b29e91bf91ba518b4c68ea18e13fe7d4cf4d71571f0a71f7a58bf59684f8d5bff04096f2380b8e3b03f14909d9e92c3e InvalidSignature = 277fe81a1540341c9c04fb5d3c8f70c1e72f87fa7d04b93ee54d56d1184c141ec4e125e2e5cfd0acff1055c76697a1c3079c371cce0bd84ee4437bfa1806aa76df2955935331915fff879d87c7372e75e5e8fecc906f9d34a5adc0b75409a87fb6411e2990cd237ac8223f7223444f5d527a115c85b9ba10287f3e825e1dc58eb37c8a9ca055155ff6a5aaa6565690dceef6f647729d071cdd9f0688c7fee8f9293abe658d0e1ef855c86a28d8d0f8f82f72173186353080b84f142f965907377178fc1ea00819d81afc2474becf79e1e3b70c7c2a8407d50795c3131bb6df78720c31b2f8c43f705464d8982043c45f04e339aa1c6f4e26aa7092b3e6261299 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = db14289f5550b770ac30ad0aa53124753741e4a49c7f1f54a8435f375a5ebc52b1a352a3c0a6f20805c3185cf7621de3de7aaee8e7547da478923662c16fb5e1944876fa765c4d82f6d057723df63045e7ce66a211cd2e3bb3de56f531a77b492c0d7cea9efa2ea8265d5294a073c465f946f51a41739ae1022fa638d18c7652 InvalidSignature = aa194ead943a93e90f29a3e853f0a4d44b4dce8b55d7fdb1de01d2d47bcb18b6e6e81996c5bbb94c66cb276cf3f3b35494cdc229278ce444a001f61669b57a59755b88142e50337a8653e2a413a7aa1602d6dbd56d989c2195ffe82e91fe0b081ac9157a0cec6bfaf770c10c971a76d11940c889eb9e959f14f41d0b765babc655480b3f32d4ce3d660a134a2b34bfae2f40968ce313db34e0138bee57c01652a90f91fbf6f0052db494c514df087d76acc769a3e220c394763468194bdcc7262103a8a73ab621b0562d2d164c8ee1a00f0cc4f784042c144e3d36b8c300c74a1b368f569057da0f77b33daed667c1154119f68672000d25517046947a8fe644 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fba25 +E = 0x1fba25 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = 0709dcc9ffda89add8fc52fa355e059f570a0ca433f02c10c8e5730bafeb6b40f4b39485246011bea78ea2fe5093d2f033047276b77c458fec98fd7e1e466629aa40e2bf10d3159d4ae5e1735c3695a22de661e995380e41b795eb0591d40b56d1b8adbeeabafc136809f99f80d0b57decb7c346f6acedeed2e326e8301bc091 InvalidSignature = 15b86cc61cca52c9dddf9d8ec4efb7dbb8a7f02a4012d896fc127cb1fc383c304c8859cdb07478719d3554e65b306166924d11c1a14d85699ae60a33f601f7a24b4e518c406de3cbf92bde58926d9d93b21c76e1dbff98d5677562769e6514efa4bbc40e12d191f54a33dc1c9361eb1ff03613555e873fcf40fe6349e10d188d0d1d043078e02ff8f1c736cd7090961fde243c15694c0d76b0cd1e6633538c265f21b41cd11708613b62b11808d1f74d927c351a63c8c4f18f5930f39fca55850a787301b2e4eab0f94f5734cba5e0eb76bce60d673fad4c513012b4e57a8b2c2837e0b6355a9a5c15774b0db8636a7b8ab28c36c05832a42ce697ec58447ab7 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = 95529308ed9bec98a8719b3fdd942ae81c6646210efc7dcc59754617c48a42af9c67c13156b988e27509d29faf4894174bab0537cdb95ee6d5a2def345d2124ba2c65370bd1e902692f44e70706decba5a8d2c58ae50ef2f04f640b2599e94116d1650ac69f28ccec5db1798692abb3b12b6c26bf8e9b810ae1a733e49165167 InvalidSignature = 93c5b49a3055f234442d6e4562c99d2233a8198291adc95e65bb76d320203a1a4d7921393cfa03aeaa9c31e6272b5192e3058e54dc5cdc7f467af1b073e6d492f614448368a0cb0338f8e37088e080eb2f6684a1f5cdc24ed7b4e8c62ce9e62e06361c21ad07fb78d853d16b6ecb84c6a158bf6c24bc484d6aa5abd48fb7eb2264faa361caeaeec78a2cdfcdc6011487dcf3682c5e07f0640d1d88e09baf838a5671719032aa1772fd0ec75d61047477015548aa7896e60a297a27a627976050fa6c7978e582b3be3afd708bfcde276b2b3f9c188f4b36d3eca90707fef76c367483aea08b6dda88d1b85bef098d191b1a687d322edcb1fb5cd860749f69d8eb Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = d42084ee99cec1a57097b804c48e454b6390dbf2796f18eabf509d26f0521c5a7d71b20381a978a7f75e555e2bfb16916edac0020e64240c8579b52df11297c1c424f810bdc8a38b179ad253005e44fb4cea908f6b40b9d598fa02d254eb04901303fd1f35736bda3712daeb2bfffa126588f4a2784bfecc619b2e1f01268b50 InvalidSignature = 493d0c02c087149d5f597e97709c55f6aa70defbbb862055b31dfef2cd3fb1debe9fa9dea81d7986ec7e5073092c93afd19ea34a268f9e3c4fc8114c4215c8092d60eedf26620e2a79c70de5caf85a7a256d4903e4f224b602758cddb457357b14136b5b3d7583d0d6c9e426161852df57ef547b286797e1f2f7f6666f6d333d46ec59a7bd17adc444b66369f4be27400c4142cd53eef28b6d9fecacea6b2f2d5741a68d89d8de8e56cbfce25d228b6861c641250a264c182b61025b5840aebb92e694d4e5c14f009ebe856d274872390212a1f672f74d2462678f5a416de1cafc3df240d667397870f2da461bdc4c7f2aa10cec20e207de1fbbb9b52429518c Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 +E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = 978a26632c48c15a2cd0c7aa5b3122630eb304c228037a6b489144f34137e4a1cb1bf57678d6be6ae9d607f941002bdeda9a6f1f376992493a16a6fd97d71eab894b279ec4a53c39aa0cf480c1421fda65841214bab23faae5b009427c0cd67a3ae165e3f8fb624dd83b3746c43d26dd173994ac9927a815b12715cbd61f3494 InvalidSignature = 3075ce37cae7c511a64b3bc91e2146dd2fef25f4955f36848a18a93a0fe5a16a2d1d6d793c832198ca457dc53ea65757775437efa9b7a05cb1f5cab3c800474639a333d22930aad70a3435d2446a4e3cc38d61167004b8b1426a2810e698153dbc4847e45aa98425746ab43a24f919ee841842893dceacd96f705aeda8f8591f27f0108ab4e36a570054a0498ce2c2ade3d457733890e280c236a4931fa8fb708cf2c8ab202b0ef09e35ad425073d2c0ba6970c5c45912d0c2b12011a9d9fb131a4d7c35d17bf7fbb232f4fe69cef8779a2031aa428ce4e2a93479e318573fba4326719dc8ac3a86412d4cd8ee4fa58282d4f6acc3581198eb7284da3f5bfb92 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = dc0d4efdc94cbf64aba6f146d6ed0498804ff9a6d32167fa41db6f7f1863f1e6568e0049bee4940e2ba37f0f2507a3f7b2c961ef6ee5557bdea1409e02cb4545294259e309b8f5580fb50d17f4df4688917a64abf42b01ffb30185a280b552b9fe313f12d4504808ffe584a76cfe5711c66ae8208d78d54d680226d1bcaa800a InvalidSignature = 8ca41de999fad3704a730c9541430332719127a589218401dcbf2e5a8c863027d4cf3533cd633dc8c394c5b9915b5483c351e3ed2622babb66458afab9f102366cc7e0b34dcad351431571df42b6ef28b05c5a575a813f9e44b49e8aca9d1b129711a1fe318788bb1c349c8bb6fdcd5a6c0e97e1085118b28c2c9d06b35aa833855e181e41d726935d587390d816e377718aef9d05e5db52e0ed50dd3963cfac3996d660ea2f150f0a1aa1731e7ab91d0a6c0fb9d5f15103483a313ae765c09fd6758ff796d4c0ee197b3cdbf35ef71b60b33faa4400657b2bf910010afef34b080c29cd9f579d86f5895823d8e353da50b64c68acfdca4ab279393588c6b5ad Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = 17fcb20e72096d78a07c5d090a29dc437bbcaf6584948be11fd5d71092b8b42596263b60b986058401d3f18ad2f121971141462c8a731e9c8f9b3bc4e28705f6d6500236b03055a95393854a1d7180df0cdae02c25d36c661660e2ea1ae2f42f1da390f921b064d0e0e7a2b1b2500003b2b104cc1c5c7e25fa4c56ec007087b8 InvalidSignature = 63b99f6a1c8956f79494c9dd30fd1b0a6b7d761226c2f1ec44bb23a3e225a7780ffd19f99f951799145cf429a78e99a9f9444d3f56c5d3bba3489840cce156a12056fedf211e8a5ca2f60f27dae0888d06328773956e87c36731c094aec645eb8934b0f6bdba17ab1b5cfe3e6ca66628b018574fc0ee4c8bc7a257266f7b53a0a152dc9ec640c844c0580685b3f0d54884e0c3cfdf4056fad1e279dc219ff1429b8dfa436069b6b3d3f600544b80144cc3fc062b3e9c15d864a6e91ecab424d320d39ae7544f34b8a69b1ca4e3688870c6d1d2593997b6f00baf7268c76d10ab4d2ff013ef3d65a9e8c28e199bc1a402a0aa71cdc03f72e70f64b967411e997a Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = 2aea505ee5eafc92db8ebe83a69a9a320d433ea7cee6e5409bfa7b48624402cbd14934a91a096aeaf3eabc51e1f36a34b73a7b8b59a0a346c6bb6ae456148b4140939aaf5e37ea49350aae8430555e072c105dbd399cd8289fb5f1f820a21ddc7daeca983cdc4658a7d7dc431828405474ab2d65f6444c8d2ece58ac49548044 InvalidSignature = 7a3c88d70e8b6b4e219d36092d2be71a3c552e4ebe60b97550ae55f4e31086e9bc952c21f1744ddb889269eb68eaa32af69c493b40d48ec87e458dd1a23837b2588441ad74f34906cdecaf8307a236b03cdd26bd6e3b90646807c4aa184701a259356c62aeab3c32a51b8cc7b1721db8b591e945aeec05aca5c45b054f0658cb3102eedb7919c657554e2a2ea7a074bbe0d2ec7aa7782f9d4dcd1346c36bc7a2c7ce5682fc98b27f03121a5f72e91b7f5816bba8dd0dd271a1881ce4445be719f11e8bcdb56363c001895039064593742c6e52bacf993c07509f9d1b32956757098ef3f7974e6546f9cceb9b83256c01134639afc7f69012fb997123a5342d5d Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 +E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = ada0410f05b7cf29a83853cf604d9aaa0500d631feae43c104b90bef287e681d1887084b9e01b5306970358910a16fb254e0d073a66ced1ce9286ad478931a2e6bfa67fd16edf56ad3ef8243027111964d02477f31c0153eb912978c8d993c302c6328cd7662d6fe6d1d02a43ca6c67f79cc03fca791024effdf5bc07076164a InvalidSignature = 65523c77ea6db320cd0a7446cdbfbe998d603db4ab460f1725c494ea7bebca929cf6cd7e450f606249afe326ae09e6b0f5249cfd9d73eee00739d969cf35a2eade7f31c541bbd4b6632fef95f1a1ca0d90fdb0c4870bb97c2fb92d1ae09cb700ceb2e633c6e08a7c43e7f5ffe77a2293e959b280d9d6b37716e85e214f8d0f3cd719a3ebe652d62d9fbec1a5dbce479119e4028f68d26122d2eb44d9546f5a71df22dd03e3f9db6c470c8d9b96b460cdf9ac2c948d7ec1999a9b6d965e4e8b5ce40f643ed3124f2fc6501b2c7dd4802df3a18245fdef253d27fcda8f8cdace6af41d4d4fc314ef336881047ce5abe0ab699a9f1c89533baf45bc7bf9b2eff6e4 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b62585 +E = 0xb62585 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = 8ec0381566ab63122b5c86430e98681f333d7a27aa6e6625a1f0eab6d8d4e7065557b5db5806bad591263bf49152715a7f66e0520c9ce492a8f58dbdf7dbac2c7e042eeea399a90dd498351306777dcd610a164f39a60f384187c938fb6f08cf73904b572dac59445c7b1dab544db30142f0c3261bd40ea1d26d462eced92376 InvalidSignature = 46f71aafa2017f6103d036ca3b4adfb81eb25fee2ccebff2f49dd9ec7f7a3bf75b927819b68452a2e8c2a08e960c44d695b1e443babb4a271699319f2ae805e1bcb721482e004f2a281015682638673f5759f6bbde92171fe5f1017e6e9d06403bfda82d63d2f31f597d2bf8ce512a0e6c9cb3afcc7ab658bdc238da5980d175b2a7616aac43b317272ce3779a56da46ae1ca73666843e06b7d2108e3b3dab6a19d1486227abe853573effcec8cf4a7bf9ce07b6c617017877b5c839618d595227af594649b408a42399bb80f4f7e872c2ebd394d105ab64ae6047180ef16a6db3b2226c48947ba2e029a3da43f2af4d35aaad42f7909d11017edf506e066a07 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = c3232d8060a3e3f8687dc05d8879004bf5c3a7030336bacaf4d9ae8c0daa21c5f09bc8a225dba963fa568a038d7fa91b274dad04cb83dd3b0f35900a2b88e46550b9b3133b61c30e09f73d2b4d9661fd600077f7f8e409d2fc5c4f2e97baeb7c8c84d71bc9bd9bc13e66c31def4590bb48e5ee27b1dea6556356d5407ac89dd2 InvalidSignature = 21bfdd610a56fb8b3fba9f3841e7ab9cb2b91d16c7bc3ebacc266271e05eadb6d209a043a29d542b57ad832a3ed03933088abd7b56b86fcc295a95fa66e27f5b9b2c919b82d4165e2bc42b9e46eebdc7cddb29888281250e6954190f8e13b6d9ed6906e8d603520deeeb5cfe4f7e932c88ec1ee2dc9b971a0288bd71a45ce6037d8d7ef2325ecaa573c57ec753916fbb6335e9ab5cb695ec0579b511074a6cac3b21584e5e4532621451641a4a09491c77555972a5d42a627f50ffd490c79e32c855aef0e2859c933321341731e796b2ed4c6c50a98a3f3c6995bb6bd53e52c531b15d042061186677f9158eeaabcf302626c8ee639685c832cf3bc4357cbca7 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = 0d8235883f37654b35d3566174cf731b5b22a54ac15718f9d8e2415c57b42003d80dc2537e920b37dc9fb21312de8dfa39190f20024c0f9299ffca24d0d22cab795a4b6d132b35d6aa36eb6df856ad06d0257838bd14ce11e6bbb509346d0235b710d7bd462b6b90664109566e5e5ca7e8efe97a39d6dde085be09f2cdac2b07 InvalidSignature = 6530d456e14269bf37a95ab7b2ca4f534a47135052665a2b64e9eff970a9566ff0304029d2844d5649e643212aaa7f1f9103bd5288b1bebb7797cd8df3393373852cfc7001a4257499fbc92444609e0afea095927ebb773b7b666962faf0686a8b173f446fa562e82be1467111ecc38697103cdc1e700890b60104eb35575d25b9565098544a2e26003b3150c9a579c534a44bd0c1569b58d871d6a5af51b5ecf3cb2b0650793ac95a44596f86723c31ce4b3b1365dd61d2bbadf394b16f734608dddf991595acfd0aba42a12095966bc005c67b60776ba104c9681efd38d2e91fd3995588d9ce244c6bdfffb8e0086837946c35627a09a2f83b325af71f474b Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000baa86b +E = 0xbaa86b N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = 84b1e3cd7c5d6011c581302e03489fd37aefc841bad659fc81d796c6ddd6a1cd9199f824bada3f70b29b40e435ba306fc2c53333440f233af2048d6474b9fda447c87c6c625a56661a85216543d9fa9b9835120c5ddf6a4242d4da438b5d58c06ee3778fbc042e5cc4e7db9b75cc87c0c2e76cb34b6eb47e39f1844969ea3989 InvalidSignature = 1864eb619e358d7e0340b582288e3290d5f8caf1b6831bfe5978f4ea56d15762247bfcec56e2a44fe11507e5eb6fda0706b7287b09ea770d577cdf660c523a76e2e70952177f0260cdba51efca71148e069ae6540f5c4722a4b4db6336168eea86612b6b4ecf8b5b2e1adf3d4f79c3894c617ae0ba56a930c658f0f55c0e5f2719b4b52b7785c30489ca13c9799ded9144404409f284c41530fe35967c2d844dcb1d2d80c10a985164466ced3a4d74573b175ce7288418b39962d4a34cfbdd43ba5a6b73af0f9ef55946b61bc7d5c0af9ab0e99bc0842edfedfc91e213f021842ccc785cd73a5f85d8aa8371c80151b836651020e71c524f92d3c654fef0b37a Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = fcef065e293ecd29ab52046c68c6e940aa0e2d5fce5d4a2b40c516f2a7a198705c301b95218282891098dbeed1c73765105db8532e87ebe53772585115b1585f03df272944853a1e143dd34ddf18d2e1b13ecee7eed464584323cf53dcf6b9aad74351a0f90e9ef1a08b1313f98363bc73f897a4740c5d8c4a1fa37f64386458 InvalidSignature = 00acfc93e41faf5004cbcc252da290b9cf66b56a6a4849c572461d3212cc4cf1021eb96e8651475fac7dc87faf3a5b52923123378c18cb83906d1ee6e53502bf0e89ce66f3cf5a4b7cafa13f2d97f99498c0052fcd640570e5e1dacdc66e24c2a54f02bed338a26748fd17c07bfee5492c4dbe4dfe111932e3153394721b0556a440788a2bcefaa2765ade916653f4aac20d5ea587fde0fdc255dc32c5aa52b05e3ac2db4d7c3a8b02ee1733fd300801d1bb8e8613386f3deef8dd497bfe803523491ab88553db60b03d29c55ff52e71c546873cb1b52bea1853c8f0070d1776545557becb6a11310acfe1be060deb53d16f0dcbc396c1d30e03c4c069c3ad48 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = 79220b8d86942a13861560882a66fb4c5c926a661b74ad2586790a0636a802d9d1df8320dc5f5fb8d18afdbb72ec4fa45c7903b4df15fe950d5a063e1195be16c311d85c799986c61f3831688a436ed809992e903d2a34932bb6cd5490d7bbd374427209024a878697a66559197342308a7d51c0ddba39670817c7105a77df58 InvalidSignature = 54835466397784e6229228ea1e462b37d77757ba17a6624fbd3279408e89fddab2234f5ee20b56cc7095dcee3cf033e4b04cebb9771997e3b9f50ddea290080888fb406cf1af4b2d14c12be788cbbc6454c52276bf64ac3b3158049cc78986e38413bb09d408f04e8234228a9403eb901d6f2fb21887996fb228c292a2aa99fe8456172145939606eba9cfaae694e5fe824ffc3a5547195e24af5039aa1f1dcac9a9cf54c51099f82cb1a5aacd8c9419d1c7ce880366f1276fae7b9e1848e9ceaa7ef7244e5cb788f524bb50231ef4d81e14d59d3f884dbff575e953a145fc45f7661025e1f6fd95874eba803de03b5fb0a8f5eabdc739fbb91c45ad1c29128f Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cfdb6f +E = 0xcfdb6f N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = d5f5d567512a899c0168240b319e6abcd8b92a8d6e20b9d3ff80a0447ecf92155b8ba15f5743b1c798592c5ef806f7c6a39ea597e116eb0030c354b2966436f93563e52c205826486dcfe7d88c4b2d18d78b4d59690b5fa734cef0aa4e5bf7ca8c060a965270d267a951bd409275f2f99b058a9daf08fd103229daf54ebbbcce InvalidSignature = 672403ce06f1ab0ea42fd043666e4623299fcefead6cd204599102fc8d543d3bc93342fcaa1262d52e6ff344febda6faa57119ee7418cb78a893aeb245f618c072214e9740abfab998a0896a1c9066a823dd62b5ddf9e9fbd7bd6b68437eef595e90e725180b3cb12301a989cb78ea2dd48730521caf4b2754679c4df2d8e2c12b8c8e55f1327fc6624d85555558fad198db6973ab155deb56cbcfcd44d8a61f90400dd3760b19aaba4dc167742bfe1da0d9ce20036c284729e16b8aff5b6ac3121fbae8cd55fc0779fd0ef7b382c85db88b2ae79270b1110875923b2d72d8ed7d37e2bdf5396b158a89fd1ae95c146737db028ad6cbeb0ed43edd421197d23a Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 6ba3f34bde03e48259723bd599464274df4de2b6f3bfc3b06970b507234a4f0217fbd5e352eb5f783d7138ed204685e4e43a27c71d25e25d4821be9c50f6adbf58d66f98b44bb326386d7f6ab658d177c2dd87c9b8787cd70182f4eb91a83a32b49c870f0b0a26b5d1ced6f56364705400a0c961cd9fda461cfd1e9ced483c84 InvalidSignature = 236f23de25bb3694f5ad9f09224f5ec1e78cd7f371ec50097327026fa53b1689a95eaf54738cb75e5abba87a964d32817fd5071febd84d60c7b11d95e33a7f90f22259bcafb9425cc1a79305a00a1b8ecfc3bfab326b6463ee57d1e435db91f45cf4edad0f9ee50dbe42130cfd1bc424906deab4906571688d1a514d98dd074139d57304c0c2d8a87ef5f8766486da8df827f9e0c81fe3465ea52d1984d738b9fe9368a0d05384e9cb298330671f65fe52062a0d3c4af210ad471bd5ddf9d72787f40ede3b77297c1d3a5b29ccadc574e9001bef89e4ac093986bbdf048d7b63bcc072a3cde800eda63bfa8e068fff4cb9f15b5f98c255fcde6d46f139e4d30b Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 599d4ceb774e4906332eaa216b2fe8e1fa52506f381baa87c34319cc80ac425fdc9ab0af581f779344d71896cad6a5912fdf268056d63a8e867802726c4a3afe64cfa9f5f4febc1e99f36e96c7e56a6a2b58746533940527d05535777bc4dedb76a6ff6554d45ecfbbeb72cb69447f94752703c9d73b517b2b417c85b202761b InvalidSignature = 0745457af52fca56abd808f094951d3eecab89ec10b74dd49d51a9241c3b85972755a1f80bda2cc96cda7cfd549eec820bd2f99920ebef1d10722918adca8d408c3c883d7c257b117842420afbce88159c7ac4f4bf27f039c24c19dd275643d0ead111d5f04912571cd3a7d40e3f83c32b44762eb6d2e2de22ac006643c498ce55f6116463336cfcfd0ccdab250e9931fde68c9796e05b012adfb76359491f26f69ca9d06b43843a4976f2b017643e6cb80b8dba2a01f1b01231ace075ab31d40319b30ad738f62d2b8a1f43ff1bf67f83330fad67f94a39c2c51db23aa775aa43b708ef25c9c62eb565606e4f5002ab15b00dfa829c99e3dd96b454c7448174 Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 73a125e5705e14e15f2446fe326f563785bcde93d2ee46abe4efd9668e9a1e089cd9656b0a0aa08b74a87449ce279068551f3edcc5ad3744cd17bcb5c0aee2b98df92e97f10f61d5eb4595fc7109899b610e3a8ebaaab3800c7c25af2d513aef2e48a7f28d3501c6ac44d19f82dfead791d1fa3318ab606889663dde3d4bceb3 InvalidSignature = 7a7a4e5b349a06dfdbc9ab958d5fb70b650b1eb2f7eb43cfdd7508062efc9ada3ec0739ad95b2066009f760c8c5030e909189f36b0f7756a67a69a38d2db57d0708a4a2e295b165411b2ebce13723bdd9194afb288452d49c585cfaa3148f5f5464145d2d673cb1803b6ade6003a9f25bf27325f8bc4b883ec7cad37eeecde9ea1a62d0b30da841e2446706e72ac2588948b15fd9ce09ecaf105bee8bea71622e2c58ffb9eae9bce35e9caea8ccc7e0c8593128a6656267ed088bc26347b7b249ac45e06f68034b6d39a4e2eba8c6f5c878450654bf36e5e73468413510e7b50d0e63de67cd7ba35d4f2afca5b460cc7277f04faf2fb03fd7c8995c2fc9b7e6c Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 +E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 86843b3170034a9f8ea79a39657a5e7460c50ef75c800dad690c8818cf25a1e85012cdccad1e7a886c4cf648d7478c334898f044a41bdd5526b4fc7d5e3e089c79c43034c2f4bc7b69d0f4ae83a73da7534486b2c865e29d466f760eaa5f961988042b12b66c58a00f9c5d137183bbf8083199eacf4566ab53a4c073bb719487 InvalidSignature = 45dd07f00a1727f2e992cf0fdaff0c233e6a6866128416456fcd2db6030a4f3cd216db9c4cc2bc7440e06081595e9c51f3c81af68166f6b9cfc0ba4491bf1835b1c946d69d0a6b8c39e1eca84a3bf91f7a299cecc1d98e6fa2ec56cd01ffa04d37423933d746295ce669cd8974caed44f45b88cd7eaffbfcbc70353a3b45c53895edb4e6b19a65564ea3ed404506a4b8dced831c2174995b4455797dd2fa3430f575c6ee80b7d74149746b415ffa6613fc8404ae9e5625e1b8e2b74125b341bd1cd8ce2e87c06114f162fe464d299aee6ed0fe70cb4de523c5b0e10f1f8996f3fdfc9379c3267c268cf29823af84fa756b99ee42f4e0ab8b691e5145f43e38e2 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = bdd8719841159aba3f353440ef98efa92cc503da8d00745bd12094c3809bc971cfe3907dc4f5c2ee9c2e172e6a61e8bb0028391e1277f62199777d3d76915d5258c85d9bdf4dc1e0024dc8edae0e7944af3a9f0fd47b13584e47397c5afecddd2032e0d8da451df7383a516703c52bac02a440931a325168b83ad16a7409a27c InvalidSignature = 2e7b28803bbf9d58be8219ace68c020a42a4b42e59c2c2e0faf56ca17f7c6f3a427688f124481308e249e4d579f576dae5743bae68b349f4d04bfc21d60a969b965827a67025bd8220603763cde90a42b4308f2c84bc2c4c8fd5de0efda349e9cad1f47140d01fd27021ddfe16873067213636ad961cc85d79a87231e1019ac4bedf9630e2c31f4b413d98ffeee53fd46ca6d62449e86fe7692b59feb18bd9296291d1bda77bb9c7cbf15bce21aff1c6f1ed9cc95a87378b13eed54d7b54835160f88f7ec710c87eec07c2239b7001bcd4a8428a1a274d1c78d89c2153c46f4ec997df9a19838813cef1381dcaf97bccac39739a3142aad21a966da1be5c471c Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 3858011a054c52e3b659066f55f219dd58464bfb22b8c55dcc90ffac24f0e141f60929f28b8e0c2c7069204378ae790504cd1295820b6f77343381e73388ca6fb3ffc2b888ab78a1ea797c8e751dfd02734c2f715e2cef4fa109aa6d9f497b85f6a29314058ade67acefe4f95229edfc2d2d6836bd038d0e9a7a42e7701a3bac InvalidSignature = 311e1025e0a8820a5ddc4f632628bac218baa94fb32c709ff70db3ecb3a1957e31513fdbcf15d83927f5840584af5ed90b350833f50cbeb718b12c56fc260b41ef627776bf1c0a67f39be26cb0045e6c2b60216338a085cd867bc5d9e744a27ff77baea199eeb669a2e0096256d081b2313f3b79ed180712ef56a0b549eb299b96029fd93e4f68bee5a0e6c8ee44ddbb06b8843fd4365cbabb229d2f8f2a9881974adb406e6ffb39eba8f20da38b558d0069f45f91c85debf6872a4ff36d5a79284050faf42b78b1770b176c88b7fabaca9111e511dc73a2bacb30abc3a841bb5b0f0b844e756dbfd3f5db458c47861df00b085a06e07ab4e788a080483ccbe4 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 6883a018b48af70d2875a7f5cbb5a303d7338b6d76f988c3cd2f787f394a4bddd880aced4c7fe4e6bb5efcbd1ad422f6aca84fbbc568262bd45e1ef4a0c0e324d227fa3cb442a48638cc06a93cbb867b0cbb781629dafa2e49851ca29eb345505b60d22e753dff97a6a60be2b8d49739005450a829b7cd75338cbab0ba8b370a InvalidSignature = 15be3fb200858d24ddb7586470ffe706eb299da157880a68aae79ff20aa92eca298eec75ac4ada285ecabb10479fa593ee72c585aba707f45599de0dc792c6e3390da5729ae5506100b31c617ee12445093a7593bbcd0e5a155fb9a41cf332c9d65b0d8f077fb417f027eaf728c5c326bddd7be7bf3e69a165c57759337105b94623ee203641ed2bf58f1907e3413b00e08d54a10bb645175449f02da9366b11952364c0328fff018723c30625836a0cdc7a13c220428d03efd625fce63f022b59508fc68ed4d16294111fc391052705ec115da4ead8caf5c50af586ba4dbe1b29d04452f947b5fe9e16a798f5d00094dfe2ba910e6449bd52d3f938c045ca9b Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034ddb5 +E = 0x34ddb5 N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 20075fe0b26832c234a861a77078a8e9a42be3862ac4d0d058541566a68385620e6c9fd4b9ae5770d7bf1a83cf840c2c981f94c866091aae8a600f1d93822e72bada029e7dfaa9d889ead78fddc01ea32d716cd484e7d57b2e549278d5c54a6beafa91274775af6312d1a2b3e45566b72ac97392cc88889e0dd7a75fb37560b5 InvalidSignature = 9166e91b18c8518760131ea0eeecc443023b61148a1d42030ed09d509d4c02cd0068142fdbc6e56073a68f5a942c0c93a7f90882f160522ea005f4afd34453c8c1b1d3a4e5204d0f9b797bc00b84d0dd96e311394f089567e45ecd0c795be010e7fb24e46a2842e8c7dae9d2c760fa09e20a29a623e6c53e3c436d809032b99ac4a81e63ba95a356f86a62dd6abbb0aac1d0759e44ccbfe225f5d206aba8dc7261daa9451ee1ba04de1172ad80c08f0709d2012ad8ffc8c5152508bc1e18ab53cde79ca50da9eee9b3b5229d38015f7e18f03612ad6270727be16fec06a5d9230ece777ff6936a3ae8f3a631e3e13f930256c3903d963ece49c5a10b5a6da47a Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f +E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 46c4bea2eae66ba40f3a6223a28a9756d7c980ea6e4976e2342e5fa1cc238a45af4bda37727a270048a6e15fc798f698efe7f60e682776140b5eb201a4b77682f67b3e35003c9c737f54da6db48ee07a672259af2ce712b1e5c4a2c788675033233a31c31d9391a3be2c9475f1d21da34961eff443ef135ecb48791c019be200 InvalidSignature = 85f33d22d92f3e4f31c5fc0f17df916ec770903445f73536bef61966918efd0b380b9933d2864dfa10f5613d8a232412e5b3db44717eb576fc180891800c5d11597d2d09e477d0392740d700408f3482da6f8d9bac4da6faa220ca3cfd2287f5ed8654bb8dc8ac45e09e52e93bc78d8cb4e08d76e15cfa78c51852c93d31d64417c29aa7e22411746c280e3e275f71c4742faa0cece8e540d1b8bc393db120fc14244a2577650b514c73dd1e5391da76aaad375f56a3cb4e0ca942bbbb542213b5a38445cde0dd9eed4f7515c6c58251dc94c25f7dd929d714b2060da252584af84b82013f924fa91700d92523d69c96e0b0f68203a977affa92574cb241c0c4 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000089e29d +E = 0x89e29d N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 70b6c465d2899b32b736c17af293c562a096d03c5dbe7e08b8aeec3be41c13c0b0e9543db8915397ddc609b8f4581590bb585359117db02066c63d81706182b21fcc14c3d43a6a23ce38ec67e4904d477a6e1be9aec19463d2e4bc7b1f7eacb0a7a72d7f8c4c85df70d4910e2c03148fc51f4f749c52d2d9e45091b159393ac5 InvalidSignature = a231e220538d59cdaf54f6eae7c96f83a3d95b55be54989c1a20ce18f7ffa760ba26879120a2e617b560bd083662d9e95636f1a639f7db31f4dd74ddd891ee6365d5ead006a746a90457cbd4a1b7e9c5df710c81454f68bfe8421cf4468facd85413fc3db970a7a0682ff1377e942c5e5ed4b6b31de3f63a05a8a26f365a355f021380684179aa99996de99e7cc22a5a370c3fff56647f33d1bd1b2948cac297bd622289c1797f2de3be4598593ca4748eb8f74d0b7199a763eb1801d60d09f28bad1ca1b6a3244a7bbf9a1270eceaed2324f604134f404b6caf3c969daabef4e294fcf1603e0813fe20b88aa36b534ad6e79d1967ab2ff4e70b672c642fce46 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 47091ec16155b1e4aaac582b5f255e06483ed8844621dcb92c26ee62cf98bbcc61bc0af1fa0fefe478d0417089be4ffc0623cfb2831117e124ec909fb22867b2ed5485b12458c26604fb5577aea88f450c71ca1564549c6e2dbd50c1224d965096da794807b79230f5357b87f46987a90130b0f31271d127f1a21612498eb06c InvalidSignature = b31a3134c6ff700b8c9390f1ede010a1404d0f297ff5d322dbc3e3e9be541f1aa4667aab8eb59138bdcd1d4e064e9a284c503db86bde9d270d417d3c98d1bfe67cbbbbf7af4021879e02609573070f6c5d5930e65d871d72197e57acc9fb69d09b9d41324959c291cf49c581f49681c3ce6e3d22f0c27aa5b1ca3979c930587280415ac38ca66ba295ab5b8b78b4cdf719c81c8b762935be3845124a5506815adf7d289ad030962a4b16cd53376888a266e35deb0012612731b8c284cff2e71c8d09b2c7b2294881d4b7df459608778dd31af8eb74dd587c687c1a3548c0aaa003867db053add678f6c1500f9f9a5132c410f77219b1cfb7302365eb6fc194e3 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 36af136c05bbc41ee57e94a1be10cc6e33555225797e1c2d6ad3ea9bd5b0355619ce6278f2c43cf792cea184f4cc7bb36d8ef35d844ee143037e86f34ec57df0f444ef0d841d071aa236a5c2593a57b4b3e185018772ebc593864c0aca0e65e9ef9721f263cd0bcf3c3e0823966146b82ed770da2df024fe4171a6a8f295d68b InvalidSignature = 7f3715dba789c233996dabefac36c3d860c9dbe64e58f940d5d3eaafc668cf9761e2341d9bf28a3c3ad67071fa2d875a440df5faa250a89cd9c9eaa5cbde311589d4a443c4148909d6cf69ca0b150d7ce46e7e50128b942d896f9fd536e311e569415b40e405c3d36c89464006305842f9e9ac24bc9a543ebc693cdc99dc1ea4d88b3387ac8ec899a8b7471259bf1d62fb1f15e6fb29a08b30696c4d07e27517bca5bfd22c3b1c7c37d0b5b24b4a796ef4d6589f9b8a0a481db4fc66b44adba4d83bf1cff377ead44109476d71f34a8ac63303b3bfeea171aadac84c0ccd59addb5aa923213422d58d914b65a1705fb884e56ef51472aed15050bee268720c55 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = f5353bc971efc542fe9df930db581a158f541d68c465153b58c2ef1bb20a5f3852841ac6acab46a237ea2e39c1a43ba60577201a7fc254817f64c5627dc7cb07ac1e5adfd1ea7d2056c3ffb09a556b468ca938cd78a63d0921d76b7c0f6eba8b2a8964dd88b5520484b0d35f1074943e4c70cd485719b81a64a147311106160a InvalidSignature = 5f9603f7e564519597548787a74e66635267d3cbf5c26dd9df7ac1069a712bae0c1ddc1523d1751610ae85b1f59192674a46bd727bbf0af902f204c7eba4c6fdae5f84c0d16ed0b8c000517b446473fbdc07c74af0ac6a66ac648c1397c42bb9a74db27dc5605c62e40e5eee1c9021eaa30a76523a35e6ecf513379c0e6e2dd2fa38611e91007f82a3b37d84a6fbaf936286f195e8064e172e8bbbc22d4c15548d0e39b1eff14d1b0ba75c4e1d0acd16fb8566742091ddeb637aa2767e5bd859f145c135cd60257a8c84ef587dafca0d97425a1016d6dc8c3f7eaaaf8d74fe42fbb64958bd00adf03db43920d9831ac49dec2cf534d3cce2dcae9a102a608c5f Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 +E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 1bb027c0e5d654997de7dc160b71e063582c0819ec8ec76d779ae1a86ff92bd7fb4b92c310bf5f23d9e1ba115db46cbb5c01e95b79ee8d699fd2260e9d48b3dd13836bbe92e1012affc2279e389a5149fa45bb08039bad957345fefc78cfd74e2afdb998b463c116b5302ba5e64b1677fca1860ad0bdaf5bbd99715749b31f92 InvalidSignature = 9d406f9da2fd0e203c0943427dfe1074258b288266dd3d85b1ac5f104d50f303f3442cad82b9de40188e972a0895d91db3d5a8b9588da7f63bfa99d79f98a03a3bab502a7c269a9b85d9d57cff86908e7d04f5ac2757e6492cdb3f76ea9e5fd8c9b38bf0828ace69ec8ebc796f0cb9df24714a1603fccc04195512194705ce2144f636ef56600df40d6f472570ccdd57bbe0b550c1378202185c871d03fe22dc0b265910f63cb89bc34b4d71eb4379ff32c6e8aec0079315b896cf015eff9799fcd285cafc50d15b8b35b0216c535df9b5b39067273037444fb4ce65967ade4df30d3aedcdee30a7497013055bf63b6271d30b10566d2a767f3574f9c2446ecf Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = 2e90050655247289b29aa75e121c7c129ec0fc935dff0b42fa684c49c895412f035fb4aa594e56b4a853a7e00aba15ef0f5a689e490f5dc30e6a919879a6a157b2de90076f7e6995bbf82526f7b8ceac1e59e5b74d19028f828aba7fa38bc573c37760c6a29cf15572efead8e1fdef7253253b866f0540cdde328da54f2cf5ac InvalidSignature = bbf53543a9dc4a94401880f3906d0c33a64337feee11dfdec2ef8d2e6eacad082438f9bb7549a9fd26c53231a6ed6dcaa88cf1e5ec87305425ffb3ca103e825546b53b379d8ef5a1f36b998620ef909a6306ed091fa28fed1ca6459a5884cafa1ab74086f7589d7476f8cfa2b4b91368301357110e48863a2b452b6d76b3073253ea495dd6c9978bec851e4c635a37e6dcf714d09d3836e87193405e60db2612d4502a685e6671eb03fe43b12993e8ae1c965a1f2559d3566e6d69cdec42ccd5a3046fd106e156de5f68adba7d664af89728775b9ac9ec89e8ec1185ea282f8f97d72ca8cb0dd739386d0cf6caa06a4c074a270863baafa918526aa54c11cd67 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = 1ffbddc2a2c8bb9fe7a45e4d5532711f07eb17f5676425a8fecf8ea88ac51fe351436ce9b6f20a4e0aabfe50a43a76ba3462b709542257cc6037ac5188e2847d23eb16fc46e6399b96b5d4f15a4e9645d5bfe7acd26f1e7280a6f4bb804f386a3dfdc5427c2db24b34cbc8789ff7398691088e2709d1e26005244e309b95a472 InvalidSignature = 82fbd5a6d937fa94eff1c0d9abccd9223bc63a600023b18c3be059d1e73fa62f1538ddf45643dff89a2d8f0410c10761933cb2d8d702a4b6582fe349481dfd185f79a36f52a7ce776de58dad1edaf032edfeb7c16540eca64bc5df622c05dd629be3404b9b4d263ecf706c364b0bc7b14dd0346b8d2515f81b1f50ef8871ac11ed33973b992deeb601b2f34af381e1d74091b6ac5d7b209d728bbe17046f21692af8948b3bb194349dcafb2a580a5ec120af999a3eced9c1edd2e81ce75cee9f1636351a04028a5d615cd992c467b607c1d929db0c884f1fd0688107bfec2428adc9d3b40b13d9f4f240893a5477f1de626130fbac9af3ba9207bc857fd206c2 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = ebcc2ba94d3b4e302a8ce315cee44fb966cdbf2820d06a4c8c461660486bdda6dcb4315de3631eee6c58cf669f2a5428a476a2e4c077dbc3c1d7d0e49dc5c50c5648749920d354b8c6191ad84a22805fcc9f469bac7b77fbf3b2ee7fef66186d1e30fc464eb478f80178cd5516f65ec4a6efb4362d03c65cea7f771888766131 InvalidSignature = a2a119edb1f0e2c961fb423717be75cb4f9a944316ce35cc7eadde725add5022ee9e09ab57a784c13bb6f9a42ee82379ffac286cb44ef43576b69ed532a67c3a32f256acad415278fb3a9b331695915a70e7ed56b428cb1328cbeb2ac6a7ad62ba529bc8e4211676b77b882897261fb61c0356b3f12b2583a0e90009185c48466ce5363ea3b011b3f5bf5e5f48099d376e5b3f9184847b2d6fe737fbfb7a9aff128dae37d4bdd133eef084f9dc964655583be8595515268c5d8e91198ef9464093b8c156173fd19ee0a28661bcbdb5c163e1be9064c925813a7d18e43c6eb8a3dedefc82df4544663780c580572a08e607f21235d327f989847df98d1715c1cc Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f71807 +E = 0xf71807 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = ecaff1782bac0b38041634cc60fec76f9a24158791bd0f88fc734616feae166afb121df6a949f24c6a02143cd939213ca2b9490e98e0019c01a3fc2734d157a0679c1456c255c9d2b87799ff96e7648f5c7a3b99cdb81787c2e0ca2fc32c3540d855bce09d5af793957eaa5fc08ff82e706ed37358ccb710e6329878d3441910 InvalidSignature = 14d88e528c39ffa8e3e1d60e24159bf03e6e768740442360d19070b036448264496ae1fabf81b37042cad4420e495cc74b8fe4b28c09d07df1bd55cf88aa24262ec49f9f9285c02a33c64d86bdeca15843c9c65a6745f6bf7a8216295642232c305b183eb5d6b0ac0e37309481f194c66828ee14f6a626daa91c6f628ea134d27ba7e96c4146dbcac99b34fa708a82c51c1d669f93dadfe926cff24c25775567d94f06c61110676a651655e67f3fd8d20ef0884e112638113f06002454e3b88971758e74e56d70bdd6b3884aa633968a45bf1750fcc203623f59b01460f350f2bfd36d9280c1b9eb99b7655ec2fbcafc1ac568361ab3de1c18cf99aa6ba3032a Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 +E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = a3069d04fc7ee84fd9eec56da26a0ca4130e7a8fefe1051ff3ff6ddf09f8147cbf730f84f7177d6ee0ab17db257b091b64fe01f3e1b7859d7c598911e02e4183feb9342dba9b924ee3b3c773698950f5caedcdc3cedb586174a216312c450bf246223386abd1cef8cb4ffbbdd65c883a2f2109871e162773c5233bc855061cd0 InvalidSignature = 1bdb6149e68a7cd3a03c9c8157eaec117dda194131006faf90e3e52f9ba4fd5181740fb59343ebafd2792ab4c04ffb3221548b203b8173afc77e59922734960e2e8986c598a872bd47312435001cc8d2d9123b010e09420a28fc66ef6957c319fcfb0d770bb155ab2ff3b13b634b91a9c0bdc183a639ecfbc2f326865e4ecbd0a15ec595e2c15ee96cee8154c96e0c5f4296c5d16821e79da890c0bab335424c7c5e856381194279266d0f13a4c608792f2e42ede2e1aa05b71862570a39780a490b4e66011f10a27176699c169b2878d7e97b416647dd798ac885c614d925549731be52e059e194a2384e9686d0f372a6cf338bdf13fd4525f4d56068a8fca8 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = ba85e1f4f9203ba8d3eef645d7923e10c614080149cc5ec6e282f70b23d30bf91ed665fc1c00baca924539a1508063cffc151d78bfd504943e220037cc531c15dd5a9545bea330458440d13f43444a8a806c7174e805753f42097269a28c4231df56975648d246229327e6a716a49a493a612b7c2c235acfd581742a0d452653 InvalidSignature = 90bb73e761dafdac0b38e4ada5deb5f713ffcbe119ee7af2152ffb3664ed8b7dc11815fdd39f398050ef8d901f836945a89dd0c71ace4b60979ca7e426f676ef3653d7f5045afbf7f38af3eefea2bb2a34ebad8ba029874995d24e98926faffcc79f110ba8f9de35b48829197634f0d842a8ef0dedda72807df0676e08c6b8f76124ae2994151c0379c21dcf3ee33297d8b13eaa74511ec7edf8058dea5d5ee4a6d6701d0700aed62ebe6d69dea7d0b79d01fb5fedb4e291542592e977fd13ad1d49d3c9cea4abaaf003764ad0d3cfd75cae41fdd740e6c17b36831a8f88fd8f9432f45d2bd529291c58215c221d546d71e78a4a4787630af5692a43e1c83af7 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = 284748185ce9e8eb0f872623d43950277e53f59b362f9b40ca2db01548f7c3c3cc0af4379672a9915fd4833dedb2915fe6ebc375e281a138c39f3cc249db65f6e1b81e1dbe6f4ecd2befb90f20222ec013720238108cbe2a0c6315cb77781937105aae10fd683e681bdeaee193109112aef09c2dead65adf4d812178f959454c InvalidSignature = 49193eb45d4d355537d9bdf3bd2bf0fad9d7e33241172d231dea6ca7c9d7bd2bc3ed85285bf01bf379da0db4fc04cb7e53cbbb38695fd689bb73f818bd4e3fbc042013f8e002beb92847dd0d5fee9867cfa3fcf76f3f648cc36f4a67e295aff914f796cc0cabfd4396fc6cf171f468361ad6ecef2023b0a23884880a17ada5372c7cda32cc1e3b986451219d7a171e6c6d5608c3dbe55403b4b42f6eb3f87948d0d72f51de963ed80033b42b5e7ba76c6fc5f74b9a5249b60bb507dc86ad53f5b9b710652a2486a3cded83e447a4c114c4dccabddc51787c19687548c4ff157d887c7886b19ff85543c7f8340a6fee320ba49e02c463c8bbe10d45805c67cb6b Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005bb217 +E = 0x5bb217 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = a3c2ec4c47f444bec34c15ff25f2f811fa94f9a5bf05a5de982a6458451609695174a8a68c25a7a9bc2b181290c646ccd5dc8e92ec9e71b17c69e70f64eaf56cf48681e85cf966c5643dc46f5ead99b9596a966a98fe2bf8433fe5935b76f965f3c121199eb6a69a2449be1d79f01961ef05b735aa6bfc3c547406ed13023edd InvalidSignature = 039c1de64720207c408ea9889471fda297c7b3828e46831ca5ee60a938ba13a7ac524cc394d5ea12d89c2cecfb06ddcc6d86994ebfaf84eb91f39ec470898d89cbc55a12dc47e7be7e0f389dd12c5e59a32d5ca6a37a3e6456fbb8c8c8101725cc3d529f5d1be12de765750e5ee632e43031656442ab0e49f9471cae87dec5751130a2622ecaeba85ef337fa31c472d6a9696231123db350f5a390c8d7ce1f1a839a4c674aee4e7af60ef62e689117fe645e4c322f20373b9fd75dc8606e70d659094f2d2c98108c6c32576adda57ac0b30c47dff442b0901448c68aa1afee4879eddd84d9f2f954971249d87811219e433f3d0d5adff57133d0e9c12f82deec Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = a14e35290344465d6d2f43688a663ee418f80f13e1dbee22ed4641aff65bb28a1c0985b8da3128be39070c1c43bcb417bb5a0cbb0beffb217eed3beeafd1691c420358fdd1fdab7c29b0a3a7b723356a3d5e609dc986bd42e8495807177dbe137a0357fed1f2f621a7f1af11cce5e96606cdb3c104e95c0d93223d0415a6daf5 InvalidSignature = 93775fe8676f4e6ed580f3db99e0697e15f8e0ad168a9321cfd004e6d0bd555bda6483f51b1df63ad78f28a3638e70d230c5e654eb4c86c2c1889a06e28e2a640210523b90fe14019d03d0a3b14c7608614fd88a84ba2c68f7c0e01f9502269382367a07f2d90ee53e15abcd584c56de4602f7573f493e41670026fefaa6e12c615d19d1b2ba25cd0f48b6ab20a8bf809dd15ad9172bc8823302993b51f0ae5f89e5c05ee0dfd91f8926abe7fc64c7694613a996be5728ba3c6a4d2387331c5d3b21377f9734b587fba180577aa6cbba1f4a2483e4e46a5d7c355b4088063d32a10c99bc654677eb08a9b57ad40d88d378a8111678e8dc60be3c789a0639c056 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 +E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = 555400784d0566105b91dca7f4f0849d832d51f0a3c7d3b9925651fae271199672d014a19dae9ddab1719376a38dad2001a60e3d27f51a74b6ec876e421db7da4b5845b56f13dec8dd0f52720d39eaa7afcffd39e1c3be56a4645853913b3da7c833ba3b2afed0e1c8b33f219abce33c75ef436b37fb68684506eb2f37945206 InvalidSignature = 6dbc3049603abc4677bfce12929bcca60bff5350809ce3f98259ddb72967faa076bf02206c9bfcecdae3421c66f2eaf846b4effbb5e6d774e000c1f1f7c1cf409b98f5e0ca13cb2dbc5b1692c6bf7e54a743e4b24c53451387f277aa66e16da87246d3ab7ba1fc5ab1a9029546098d12d1a45293860e2c8f4838148c89921467285b0f6c916f3b0bcab98dd01120055ad1acf9ce18a2f276eb15aa6f9a0fe05652aec728f831063fe6c7985ce3be11377703f76b4904d292598abac7be35bd1409dd7096fdc851abd2b20a1883f4f915309ecf507ce76dc9a75b36394c6f1fa6685857538ff3b847affb483a670969ff59c8de0391ce73bf1e85601d6bce92c1 Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a26a2b +E = 0xa26a2b N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = fbf1f99265060ab82e3cf1a3cb86ea71748f05c4d69e79c209bd3b61c11acfe1c8ad5f9aac1b0af7b5db7ec31997c9a373d56ce472d6b177cebe3f3a81f6ec7a33cfd2b5f668a5a433d14478e4708d6504a4765d44a9591e00bc906e717f42a5249e7c6dabb384c692676a4d95dadfbd0f464ab6b6df19bd86fd5585fb7c7a6c InvalidSignature = 89e152374ee953c4d9e69e29c3100f0168eb71d0f5ad31f6eeb52ab6caa465ac028b81478947fe08765d77dc9d4e75bbe2cfd14f25124e42f7bcff6512193cfe3ef9dffbf07020cc5e4ab0b0c44fcc4b2bc8285f16fe08be89b432fde26b0498c9ad46be8bca8e1354c39b571a8e30f07aec84a1fc9d1a8e239d79223a6af22b4abfe36ac108291503a4f557a7bae28b25ceed47fd5b81182cf391ea409de7ba1eb2b404d4468eb2b47c2930845e2e9199fff4f0c838e3bd5f3a0bc798fd6fa4be5e962070cb45d01a84170638fe2234e8df928777213a87be0adee56b8ae514cc05c5d52f872416b1ea2112e76c364ce82ca33027e0fd1f8c0424276659c08c Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = f2280564177a0b97e8089b77d7d0cc8ed54849a90d44a7dcd319f5c6d70394169fc4494e348e90c81b2333f6863b1cedcc26672517b2bc7a5c4fdc77917179d41a364b3d844960567506b4fbe3df01cc85fed8e9872bf1fa82f1c073abfc48164bc634b96f732449e0f9450f55832432e818c47dc777ee632c46c8408f6ca9e2 InvalidSignature = 7f65da249423b1406aebe4ca1253075588b101d47207acc5dfb7198dd45548ee71ffbc1bce87e7befd256ae20250208c451bb3a4dabe87c0dd67601ce21a49b1fe723b224d02c7304876e5b2f6804f76d1d57fea8edb951b536c372929863cca988380373af61402e746f71103a9d012d0db121c4e2f636e44b6457d16d12e8b493bdec5d05fd311b502e56ae99071d9bc62dcae68b27f8db50d030963e2dab44e4215be69694a55bb113a8c43d3c2412af0ba055ca740ca628a6254add0e0cc51593cd9a283cc70303caaf8e543ac71bae196f208cd4c9373e2810c94029da46b78b421d6aa8bb00bd83c474534bbaf9629f53bd2df3346200631f7cb9ed4a6 Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = 55c50839aa7d0321a6a85cc3f55ba7f6643bc6a18a8faf73ae9a70d4e527701b7b65f70194f5f0551342eef2bb116eef94595c159154d8966fd639fbe0de525fe96af5db8990b6419bcbf10dfd930f98f230048fc5cf1ca4b0d6f883fb75d308687d0bafcf76dc4c06ec6efc0309125b4569c8f7702906053741b4537e147b7e InvalidSignature = 0b853828fa2089ce0d1955d52b20424748a4b227b56c557ad63782471cd0462295cadd808c5250ed2f11e7d2754c8734fa9d13c8b96496eefa515f3f127869bf42fc8c6bd0ea0247863b9c56747d15b16da322064f7cb723e2eacb4457c241b3f84a63b7bc307dbdd63b4d755b9b4a6c0b7590e5c1c7c5dbf9ba61eabfc29a21944ca6166e56e01a42a94b5d8b898c0fd073b03ea998f35e26289454012e62bb58222fe9a03c9b0a562b9b16602c7794ba835245a1401b8e3ae28e00541cb7a9aa8335de46d063739e8c71999b65f7c8fec3701a46bf3c60139b5b780bdd08c679117e14136c84c93fe403efbf346213ef4c85bcf3e2dfd44a6b616009ff47b4 Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = 71ff5c8bd950fa414c774075da8ef7a1a58165bf4fb7670cb1f5c00cd07fb1ce0c80ca719babffe73623fef91298c08b12b35e223bb527a3685bef5e3f04a94a63153992eb9d83511435c89a322b32bceddfadc4a96cf943468bfd510ab55fd1db8851f7b26cae084c764561238d75bb9ccbfaad82250672b34f93ed19daf8ea InvalidSignature = 77b82998fac61f387b1a3264bd695ea3fff605bdcaf4c2d3a57f87f3f425134b16711c7812ef1a6c7a5d191fed835b90769883da3e7dbc81e141e3a477cee00b1283e80dca67998835ef33480caeb10f5eb02374cc38129156197e81ffdf36a09e4c22ba30adf9760c441b9691925a2233138f93bb0283be4affec35094f9866e1de3ba4a7c3ebacf88abdd8a1034e968d104235a805c372daeb7b7844ff292bf1e02f3fe8912a28d92e0724f285410161f4fc8c9ff8e0ae91feafb890de775f874de9c8fd990fe77c21525d55f882c432060da56561811cb7fa2a7ba4ad907faa5453d1c2a8834eeeb7400f17445d59a3344fa64db8ee9e97020c5158def04a Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 +E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = cb254c69cb296eae328fafd8354396594c74e8f9ee4783289bcc8a922031c2f517353c2fade0359ca8713a9ea899907dace6d272d982dcfe771de8803d28f707ce44736583fa12856bacfdfe90cb32e77c4b26eefc54afa4243b221b93b0b8b3f9393731d6dfce118426401e7743453fc48a2d94e026c6c1aa0c808aac32cfa1 InvalidSignature = bab31e3b71988cd3f2a772cd0e33b9db6d7aea6b6b99f631a0259ddfe9489bc662d9c6c9e03916592f212bd4e9619148dcea0b58b475c72dff8815aa3f274ad19d19126d67dc6d120e985ce16a3aeb64aadd785657fc0370c701ffebf71d83260ccdd9da04a8f29a69a01c3a9a6d2bd942c44d5cb91fcb44af60a2b8e2c94cabc23ca04ec6d3005a82cbe06546c38d4fedfc56d549c785a2e23b04ae0135b03a17d63ea504c51a0d129c172ba2ecea5dc6b8db4cec7b7a4d021da03ebe8cf6cce67b8e032b4ce780136afb144e5d8019e7916932ba87c7d9c963c0f51d62c873af41396d87877ca5ae888ea7d322faa79345080fb9d2e6dd98b7b219b6662114 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = e74ded82964ff874c9e10540c9f1dedaccb376b882e61f33eb5afd316bafbb01205f7c8673ff1598edc179a74d3e74a1d7729d16ee08869be5d8356c13afd855254eb4d2b8b55f7528a12f88a253f2f48193df61d7f5cd9f495ba34421bb10979e227cad8ef93ed21f880f2bf3b8be99721d26df64335e08bfe82f03bd5bcb91 InvalidSignature = 23cfae518dad78ff6540e64f54ecb571ae4fa33fcc57732d8555cd25b44b46f46eeb109f91af7d08c89e16f4cf6aa119cd9633515c55ab3fad64c8932417ca945be3e26028b752bca8851567da6408e211df8fa215a8ec07fb6faac5cff26d174a1b5b7fec9ab12c128489c4ccaea60c1347b8451bce07ccc9c21e90c2e5dcbea4a292c16d60ba66ca4e5ffd6c9cc3b8ce4ebe39df418573e0e9f42ae09875a11050a434538790c5c700b5adbbf700db2a93f3e5ac4c570f8543f0a1c1d664f29d161b064a0892db495b68da2454eb983db0fb3defb0f688b67c8506c20dc7997e0bb51854a85af613a3b9a0ca3e746f3d8393b62106c58f8ececb502824c478 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = d122c9b539021a26f4e66a823f29791780a879da291b1858dea5baf0daa906408fe0a5dd8ca84647a49fe61c4d714e8b46eedd0c7d60874e2f1b1e715155d0762f38f2f45336fc0ca89dd49edf6b4fbd1263f561a760045c78eab8903007ca5ef85336625453425d4707bc72bebe83962c2e494271c4966a003910b34166fbe1 InvalidSignature = 57619bb864865b005fae1cb334fc5e60a23cb148e722a781b1da7e822b849b93fc502927ce9d72bf8d2f809ca6afaaf268133a7820ccb1e6c5e8a7252f67f41c8c67f97d19c718b15c32a2fd4a98c69ea535b37d6a1c884409603c80e1aac8ca32c48ad5481ab56a02526a8f37b884f15585a4989f0a7c7f3afb20718f143c4d49fdafdd33944445d39bf857f8c03e4132b1a00d52064f60172b44b67919610f2b69fdb7a51b69087915f76a2a0896fe53103c81c27d00b8c805b42d2adbd31b21d1773bc1f96b3d5f9352f224cf1ab93c18cef97134fb3cafbda7b8e4c301981ac4027486d74d1308c234f84a13cdf0e505d02c3f1f2b8e9984d6b2fdbe0400 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = fa0e2ee8d953ee3589be814638512966d3d5e1b4ca874079170f9fb87db17e070dc7249eef6f86ae5f816af4f6c4cc8d2b61810c19971aca83b10b7d15350d0cec5fc0a259cd9502e27ceb1a8af378da53beeb46001ecfca1fffb3ce472a888b9fbc4a1d9fd7e3d91b974ce07d48f5f452d6678b08842822f5e1ded49cf9b82b InvalidSignature = 2fba3258af60a9c026bacaaba33076b21789358f63d709e4b2374c7e010a3f13d77d71aa6a70a116eda22a652706ede6234e71bb688c32697087a0c12c422e98cd6ea530ad7adf9e293c5eda311578cf0cd6b2cb32c9342f5e2e2f3fd8b27fd8b9bd7beffac03adf6148e72d9775c27ef90aa232f49bed02af05a0d1567817116a9abc0b81ffb02816ec6bac841e559fbdd7c2e41df9e4b66f76729fefc844d6dd6a879441fb212d4c065ebe6af9365fb2ff053433aca778d3a667c901dfd7dc35bc2518640a79aaeca1270646464ca55b872017a51cff49b56b53f70324168da72b0b5a297b790c89b1f71fa7937eb1e514d77f33284765b66608010c324013 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f +E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = e25750b83c69e4e14cd31a1f366d7f97134201535b3601fe9deca9e874e68051b6ee3be3eeb5d7800dbbe43e5c6e24b0b5965468f3f04ab9a71940c20dae70a73eb2e122a630803bb9217253e28fa967bcfbb59385fdddd5d02a6f14793a5461de6be77c4c20089ab8ce6b65b01836459139ccdef9a3e3da7fe5dde8a2d25504 InvalidSignature = 5c3ff26414d2af68f316f7646fe4740d571d7d08a4553c250b6abf0187c2ccf16ede3ba33acf57e28b20ecfcd0c77815d280c08ef4bc76aeba9012939bb53a5c932ccada6323d8de5b00439032b0fb57c77e64423a50d480d9364356e0b3b841cc8a61bbff8f235aa8247c4df7ac1a31faa85a855c76109cc0a8baff6b46feffa65ad576eb2ecf1713baef88cbf8a9d939558f95677e749045a06b8da3fddca07b8c6e25499c8d2dc6f2e152b75a9a85af85db7c84152291bb03a6ecd65a1a0209d8291cca9db5648acebeae1faeaf488c49183b0433d74833812ddd35ca6b483a9f24845f10c11a18152c9d3c8ce5209ec4d8c10c5960cc5889950428e557e3 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd7a0b +E = 0xfd7a0b N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = 2288961b2d0b66e75dfe4079804a7f99cd9735db1bb50721513a3f611e6d1ca8ea636c5f0c685dce3da191de4cef70231415c219ac1e7daeddf9db01d967b06a2917fbbae80ebbc42f4d041cd0ae511e47101c32edb3ac4f6fe52fbe7fdf0821c9ea6ab329c626d11b4bc1ba7351ca934ece6aae483e3d0bef48601f789eccd5 InvalidSignature = 394ecbdd1159193f00fcabfe13f1ebad7d74c0fa954dfe2fcea5203b54c93e02960490f51c155da452cb451aa012f15f27c9ed603014eb88b714cd3232b0b08caad1e18f80cfb81345a18c4419b88a429a4f69c72149e96acb7f4463deca7105938d51f2a9169297e2462dcf4eac45208bc509cc3e85feac0e51b3bb32974ee82fbd23b3e2dc06da6e7f64f917d00befb181b264101de55cd90a86e0fdb27b3e9e8ffb458b39b1718e20da779408de3abc05f98e196f5f92f4dc22b34a39c28aaed5d44ba5fc8a50fbcc355bbeada239bb664f2d8e32fd53a0f8a0ca081276c32cb61c74fa9523b1d3f6a795dacab8363680ef62a2a964f66e3f5c0ef5d663d0 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = 348d8253c3fd1e0175f263081c025ed1d2f48d7498d39f733d417ca7820e857a7b091d573816685fa581525eaf92d4fda8627339edec0913c667c7898dd47bc613d30f963fba521cf8e8fcc74557ec82b371b32bf8255647d53950f441e2d71ec39260f6201165a036cf662c28792ec8bbca573400a41076345f1ecee46121ec InvalidSignature = 7247182f6a34684402028eb1f0ff8ad0f16343265ee6c6f7cc8b18f2ef9d30e778c9ae49bdaaee7fa1d4dc17ea4a1a11a63d29ef17035fa41215fda41d36edc7a0a672649c3b05ca07d09644503abf99df6c7c31f516369044322029c7ba5d7220be8fe46a0a03068b7a8f1a145d0aa0aaccc4405fabadef36354ee749f59c26a0f7e0bcafeca1ecc272c2c83738b63f8ba2c6d1553b1b326de49dfeaab0f50c344ba311c5842f093ef8b906fd5e163180484e9517c363217e9057a933f5c21029c00bb1a93698e417d33b19583d3dc4774f381e434e4a2c35dbd3f3829f4da9c0d18a702f54d73f201dfae3c298007ee87bd2d017b8aa9411c2081ec04ba3bde24cde89cf743fa7f627c7420e4a212662bb160fa5cbc93b7b7585c53a4d93dd18124851b95bf00db240a0850a89bb1d291944947c0d8206d6c509b7b27d8f38a339eccd3641b291dd569bbd3bed6cc18f57890113ca5f3aea7af7b35880fdc0e157f941946e742ab61b5a9de3e18a5575680a869fdee02bec97a726d99d0703 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = 07dd79fa6d610e1c9f3c64a2b92d1254b066531136df0ac3ddf003927e1f7c58dc37e455859ae225f9d799ee0e7f2bde93357bd53405385e9df717e4e3e35f231f86abdc5cd6ebcdb393ade0b41f9ba3088f44f855021f0e6231cc8f7c489e1b18f557f6b9be32fd149727df72b46a89579c35e2617fc7b972c9adfb12f7402a InvalidSignature = bafbff970e29b56aded354a1403ca86d9dca586afe5f7e268dd12a1915803714b37b5b329fb262df320b7e4ff2a078947eb7e114408bc432b41c899f9f7aa45927763c969b819321cb6a048520a3ce64d66e63c81ef4a48ed269f4108d392a1429877252a589ca0fb22f70088a23d01ef81a65e0dad9e7ae9dfa09c42e2843e7551aaac914e1fd436b811a28b78803f1ba34c7ea254d1d37a33217413a0890856297f81a6172bd6f147f3c6ad818324e5d6e36370c2a52301180b8a3a8b7141119ca6e8b5bd71a77d11c513de82ae3e4186757cfed3ddf17b345e6af808e3b0a6338782c253185c51ed855fb9a03c1c1895ba444fcb691e6578a54fb927b20564e328f175bf593663e38ea5b92ec8f856dca9c42c3ed11e93fae960dc2b0384007292ac2385d12ea05dea3c2a60d5fe3e6de6e8886b1b1258c35be13ff1ddd7e3734923d05eb93bd9035c8b936df2b8c3688a045829d4203bcd178fe1cc9a5724368b9148841f173805b88e505cb5d516946bbb17385607e14347dc5fd98d172 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = b61eabe9eb62740c500b32e9b049a0652b4a87317e68289f85a1dab5fe47f4818ff8edab0bd1c251f1df980e35d6a35c4306461d428a7c7495c376d9a805866de98f3b8a14c1ce9fb489bc3be71fb56761f2b539b3e271a6cdaff498c2b18a40cccaddae909a5e9fa3f1e6964c8a9d2e8cf61cae5bd6cede354d9c19d5b5c9a4 InvalidSignature = 09b573ed2be213b3e1ad49ab1fcebc2be8cbd30556a3c9ac4eafdffacee20b7c5b19fe84c66cdf57c0ff081643484d5e5ec904de4ed87d7cbdd8e9897ffcade1b0a260f7cec47212e1dd29cbda97c195d0f47ad0e7f8e836c9f870f2e77d8648f517bfe15f1885084a28ae1bb2ac7377274d2be8748b28fff31140887a317ba4983e0b3c94d4c0360e658161c011f18751ca061be384bf09d3f6b8da459d432081fdb22db78483e69df8f37813faaf31a9c766e16fcb8f4a77d18f8a1ee8de88180b9f15d0894ff2a8b2a5f6f9438c605e181fb5807f9dc635dbb34aa5380feb004e16f49b3b9abf5e9e241d66c5e4dd2dcd4c67ff3340e4b1dcf20e070c18bc9f4972b7cc7f8543564fde3b3598ae177e7a97e3371aeff0df98b1852330befe8ef5473f8e5210360922a5431a2914448e2c7db973d6289515eb3c6053a77aa3276c71f8e2692bb2ff86f48fee9db1960203fbbd7259eec3230ba46d4e3caf2c1178fb4f62e516d86af4e92036f7d08a8e512d933221d0fbf520bb904c7c5b64 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f +E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = e594d640dc2fb4d4d9523ea171c95dfc7aa2348ccce403a1487e4bc7197e339c3a832ade3875cec83a730c9f3e0d8988a5b4419cf26e6f3ecfcfacac51245ad57cf1436b0a9e7e38686d93b502afded9c038392fd010d52ba76b69be42db8f28b2c56a0ed7128dcc6c26180c43162498d215626cef30fe10d83cca24760c983c InvalidSignature = 8565680f9957f0dcb540c1cb61bb07f58bcdef54265047d60e438e01f4bd2b589cc067a40515949808b31e9c22042bbfd369610a45850d15d52670666377dcac674a959f1ab50c5f980d8886c062f553450768041af741e3ff8a151dcc37ede167d69fbda25cd17ee649b72e5a0812dc696cb1ec996b0ea9d1cd59680fa9560c3e80851544d8b970e0f638e162e2385f7f4acd701d528e62842611c1ba68d0b5c4ff273976d36787c837d65f355c186417b6c15934ab6e8f9e7d030add664c191ef81852d85bdf1552c267e40cdc2dd6136851024babdb701428a8ce79aeab9d4332a1e1699731f9d43799b5365536bad860eb5b756f2aed6fe6aad16cf4270f76eb631e1b1dd6bc100111a909da6700ce7f917385bba5d9974987728d6bdede768876e241d2bf23de0f3028d52848f15abe06a93dd616ba95724347043a300c09902bca9fdede9a7d29f25afbc9b0e9077b508164792713278eee448000629b1158d2cc65c6ff06ea9a2e95c2874e2c7e2bf872f319c2627e538f9f7434f6ce Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c9c31 +E = 0x0c9c31 N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = eaf989927d18e789a4c2c889fcf5c21df332e46e2182a365dcb7171006f468472a6f838fc776113eecb0a9e005a644daf581f24d6515cc3d5b1f2af30ecb169ff97a00422ec1b3cbedb587807566d8a01aa9b847981be191a762ed02cfb6ca267ea168745802b478ce58ca32f23d66b989319c236299caa9e707ca07f2bc6c22 InvalidSignature = a5db83aa5318aaa5ed79b8e2f70652e8a7f03edb1280efd24abcdbda7f794f592ba71db3494c2013463a235358c468d0b722b797b51b05ef6d1463203c882be3f2f25bf4918a04049e2a52d6930208839cf3de4b2072671da8ce0d288c9b19ac91b436da8c7d4ce87ca560f16cb759fadfafcf4bface1fcf2d0930ec120b3fef647b1772d3af810a67e3c359f977d9b16ebdd2786d411910c8eb72458eb94017904cc8da37d0dc56b8c7468e7dc88721e66c3a5cbfd729c4506dfcf2bff3206907562b9f8e7536b3ce6d9d607062fdcb06dae044691d40f51758fc0db46fcc07f1a4ced544396698256da55d6aece5b64b72a77d41fa0ee34f998ea3bfc5f79348f46b1b3ced4d35daa3a4ef656d3f039da9d312f36ec8976e5ec1ea2945938232fcf6c47ce1d8683cd49f2b736f6976158c65061326f868fdf87afde1ec7e0fbdaa7c2788acefcbc85d3644e2f9636e470f00afbd86054807d956df0890ca3ac1897cff7f68decc11b975ec4fbf470d30d14f0a88bd1b4f1638596fc54ec9ef Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = c94473f37b3e8fbb10fb2cb105ced77e753b9c4eea71797673151359f641a88cc8cd45387bcd39c0f75ac9a4cc9625a6c7ea9b2bc4920be3c25c9bac3dacabb4b8c40cde99426c6839ea15ca3ca6d8e11ecb434c0f9e1b1701170696ffe58794c0b12fae7ca712f9fe3379ebfb08d678a267fd7b749e905856cfbbdfe4f22274 InvalidSignature = 7b2ba5d847b87118e2c09ad023e2cc5e6f4e0170ba9e02d3c068adf1fd00976b6288f316171d776349dc3570ec1a6950e47094331449a79e74d8699a5397941261d98d6bd5e1f4ee631361b0aaa5e01d25ef71e47d740865592eee53f290a6c419a2153fb7cb373cdaf22cbe638d49492c2cb267be0762995b9756e32dd43675a8029f19f237960334fed8de1bcab36cd091c202bd391c753b7fbd8062b31ba8ddf360f3420d0c99a746fb1bee1ae0ce033794c22c32d8ea8136022647cc90f99a895baa362cbebf294866f3d942a53c789919ff4b846fa1c1d48202c7689f1efaa52036921df7ec58e0b6cb9a5225d89eda78545d6b117fdbc1c726850f73e735d57b8a7355ba6d6ff3c8efeb49a29b85c92d95edddb04914b1c1550e38614804105313660e94c5decc0a5627e0071e13843b7d63a4544a1330a377effc531fdb12d3e9951c4d2c229a1240628d17fb3a7cb410d1b01c827e6672f4fc34b650c3a0f42a1c0d743a1797623c2778a49482d52f37a70d81de36eb6dd9e23b2576 Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4bd05 +E = 0xa4bd05 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = bd1449b44548889ecd191d0a43cdffa7e4bbfd95a51946d5d20f2efef50f2f31f9692e4e8f1a0068d1e52d7725a6f44d65e28fcc3da2b855d4826b83ae05ee1ad12b0f3a2646add923097970a7e2fef3258adf0705da607047e028c86a3246778c8271dfd27394d70aab8a5b8f2925816dd976afc666480c7550ee34f03e3f30 InvalidSignature = 22c2fb8742e325e8e59f449ad6fb8b531e05efa5d87cae928a030924bf34029cd25d2794c42c987520d521a2def57c62d5a00b9540b792fd04088b82053fd5fc7d76d3b912086ac718cc9b19b03e27c3311aaadbc19602a5b4c1321b4f7217c5717bb48de800872ad322c9948682794f25a89b3a7600c36f9d460f0bb2186b5a9a049b04c38e9259a9bf8566ccfe462211607a81cad72f3aa2468909b723c67bd5af913fcea3717c33ee8ab529154dc549ba12506227c957b80788a0d7b630e7d735deaa847ab5dc9de4dd90ce57645d1dfc147d5c2c051597fec2697508bac577aff5dc1a43eec3c7b014f027a1640047d42b4ab59709722bf5bc703566abe2e2aad6e9cf9e850247ed40563ad54296ffe84cb2f8ba31386e8b821a2ac29347ce710ac31939bf01ebd3b7b12b107caec9ee01d78cc80721fa75143cae00b7854e64953580213c46900d9837b523fb204cde1048d02e08dd00ba0e505151840f02cccca387440d007a5452ab6bb741bebafc0bf3c78eb1b895e25da60533bbc2 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = 105741337cb19262c78a1bcbc04349775ec4f32f55c18fe1eb3ca645084c85bf8d1c3688e736ae09e4024887c5897205947fa666b8819dd3c69bbf5c9a0ddde2a74f22348b524778e60907cd6d28d32e3a2cc699669bdb71da8d5e22626ba00304f7ef808f8cc57876a740e4dfa7d2baf8d13a118a97b385d01a6bdd89ed36eb InvalidSignature = 96ed1422c5acf21998993a4d30cee4897d490c8de002f6fbbc3bad70e6c44cfd2232841becbf2cfae42df1f1d91fcfba8b81f19d3fa3364b569e444f6f18dd860beb641920b7c565217ce181b637709bf9a6121feccd49f59675cad5d7b27956f142aed71c962cd23865281622d22429f288338b095524b397030353f590dc11a4cb9810cc247a0c8a816b41683a64651b1c60be462d80e5cbcf025fd0181cf61c2d9a63eacc2de0dd5637193598120b8c6d60b6c6f1228735fd18a4fe3f8f63ecdb33924eb7b809bb66c458d4b73106b6a23a7fc685df3978ba9cc1e2371288f0195b6d73239fbde260bd92ab838f0bb80735665a68ca5e426678fa6ba2f29a9374dd7bed51f3413fa074965e56f3687db310c0b3c69e3f37386ad5e6de25f3faae6212b3549d87e39a6cc9dccee9ea1c8469704f79e88089b3c1d3232adeb99bc0c0a2b34094ddb3006cfadf826e1e2a6aa2a3cbee334bc4f5fd019fcf8eb61b0db6e38e611744515c58619d46a39afde9677189066f55e4f78c39debf7e59 Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = 6ac31acfb46bc42fbd13c38fc2cf6751b2a6333d3e4f8f6a3338bd6207cd0e81b1f6569ebee19deea20317244c5957ddfdf4bf3c59b43bd1bf542fc0d6a6ad1f6820ec9f7498f56f7e4ca05d2a25bf3f093d9991b39e9a5f164d48660d877976354ac31afc17357bfaf7448285bc083d7f89a984739414dce02bf29bd5f5da4d InvalidSignature = 122cadf51e1f0984907c382090aaa972b6dfcee9559e01d96a212a716f23a10163903441d4ba5004b42e26fb31ca4814212c0936cd3c1100f2e5fdff1fbe177ce0ef0f8cc522b85d5871415fe255917944d20618c4bcbe2cd53b9c46f84e3f18b50aa697bbd8b7282107516af44b9661a86efbae960749514fb39ad06329011ffb94c8e2a1e63a4b49280f3b92cf3add5f1ded63e1b436cb2dfda4bb6b3831c9f352544bd7988495362ba5cc7a9c6059f11d0f7ba99b537974a0d24b8bb6014a98a6122d8f2b6979f91d3f0bec9bfd7c0d10f8b25e432557feb9f955cbb5fca7f63b8157e0f1be7604a0efdde294289fb46a732f636b2b0b33f5be9bce3f2f76b186c5a177458ebbb8a46314e37e2841eb53759d3b4636d91e9d1c814b06d761d4e483a55e5c54507d3f03063c53ccaf57c73f1ef98bc60b7c25b015f6a3bfe81a36b32bcc2ae828da985dd869af8cba37444cc79eb3c80f6e81bcf793c2d08bcdd3e8191002278d23153a8ce90c10e825d545a249dbae6013fa3470eca9b13f Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 +E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = 979e87fd762d8f044553a56d47d7c262d04789024fed71fb8bff265b2d162da37fe1c71d731b1970e7ba8972276a6b3db439dd854494ef290972080736cf8515c05ca2ae61759e29e3531ab09b83c34f3496304cae1b0db7a5ca7a41d702ae52e176e05549236757c18520d0aa0a10c0d8c74afe956913cde86f45b11797f181 InvalidSignature = 5a48fe3dbcfdf6b995f849d775ac51e56cde0f0b41c9aca3b035350f3aec027021b3337e4e21653448027ccbd6c83f6036dbfb028212afed26ca99c729081ce742005aee6cc22046f75a6674a4f1f3c1403553c4027137fb27b3804c0c72320d3ef0ef3afe783582947eec01f57a0131cef6781529758e332b162226ff6e347771a4d0a6f8a7244955deb552b976408730153d9008468c13d824111a1f162450c25c365e923ed055b30f747997e49bb5b8af283448b05e1e265366b94de3f55d135c063d45b4a9261fd1b77e295791b8c77ff5feaa146d7c474ef25257b7ce2413a4c0fc422d7f9395f6af256a3c6f5dfbe902ef5f4411034c1e5482d399bb6d462d8e42668715067ead9ad9b6609517ba64c70b3362e2a82abc61710b01132adf39c1a76726d667ac5553baeae28fd36026da0c04fdcd19104b968cf56492229a760509eb615b36a5d0bebddce3071b8dec3a0cc30d887202eedcd12327c798bfa92a0366664e01580840e58a63664c3878afc8fd101f010d8333c725a91cc0 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe3079 +E = 0xfe3079 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = e49f585eeccf2bf7265641fb8c0f94c717e2ff1d9045aecaa302d285353b991bf7ac5dc93b311ce9078828d268571ff909711e5c04553220f8f80f785cc405ca13e02f0d40b2ee765ba295538521663718eabe5783888c345519077a9751a1285fc236f2a25a8ae44a2df247887451c86cd646d7b3e7a44ee0ef23538eec557f InvalidSignature = 4e85f68a5b06b06a17d0f3f27b3a5a119e7db02abc2d9b4afc698220da11524a885f33cd7a10ae89c98b027b69224acef4713a1463f168c8bef551ef8fedb219b6ad0b3e99d6216643e58a51bb2ae93bbef769614914eab137c1993b149171b8633f4a318f69772996ef7dc3f7748f3756d58ecdc3937632717fb40cb7ed6e5c72e172ac58ec01f4e32fffc445b60f98a628fc1b0fa4cfb6686deb125950b862f347e9eb8120fb2b5aa23d6d86eaf1edebeb133793541c4dbea0f14a9f74733da4ed11d1274d464e09a5780843d6750bace0e97029308287dd396efa0f32628171fc5ec20d3c82619b784e4cdb66cbdb28cdd263a46a3ec63e1cad7659dc3b33801432d2b5b5e10a770083b933a805a9c76cc26c912f952cec5fd8413a8c1adaee80149fa19855315075825292db24de325fa6bf3b4c06652fc8320def4236c088dd5ae43315e03672fb999c354ef61ac380b1b1c96d711fc777e345ccb94536355a321466eedcf2355dd51f688023d6b599390f3aff6201369d8103af926c83 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = 4621b17cd9f5b623fe73b5fe280ce9ac840805608acd6e41d55ea71132220c0df7e7c4159626f10d71882983f0aa2a92d11dc906c0b22cc028f4395d48f54e12894e33da0f614dd48ee114e65f95c7a7d3585e7cc765c00178d136aa99591faaa35ee6136d2e323ffc855c709c5426b32fc0aa0ac66e90c96efe84414dd5e79c InvalidSignature = b60a4dd629d6030fe6522f6b754f0e751de4b2552c607efccb2f90da91787583b6fc51bcb60ab21938a48ca6ab3ef8ab75b56abb9df1faa4dbd84b412066f3f92bff778a89f7df4f55317cbc40a780fb87f0c844c2d64e232474a3e931c168b330866579685c51a5937a2e80ea2c6ed00fe123f14bbef55c9774bd620e1e821e0128cf49dab6f8853c08801c8a00919a6c013c3a83f999c66a5cb49c91865df60db8be813bc3d8b35d85d79cf01abed2f60f60edc97153780c0c12fe45e5e487fd959393079dbee5af46c0a7c4214fab75c5b5ddd6f0288669e0a9be33f4b5782524e838315cc031d97beb1596026f129a21e961dde6bc34c492f3026af7f503b8ff87b7775619f8d1e17f972c85940affbb64d3310fb9f74d9d16aeb077b8b997b18020eb992ab61322847fe6cb62f73d0abd81633ac5c5be6519ddbc9334bb56449bdf96930d65d8061db8911d4ed6a59ae8d2276d04596a388e752cf99cbd395b837e7c5aee278a7c4b43c78d3d74c88f49cbc8d816f53cca156927fb92d4 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = 7867b65ed982ed6cdd2d061157be90f85bcd580350f1253145cba5c58946a8a5751c8c008d9df833c8acceee2b0a5a929cd7d0def655f5cb59f01cb4c47b54bae5bde0672f2ce7922ef86d82174b8256a4d0b9a31e72dc60bb66deff2b6b11dd6e5099dce8b7214eb71acd16440b6f0918c0fd9bf2ce43b71635d5eee79d48d4 InvalidSignature = 0a617081dd9794c937e4c7163e2865439558d41e688b230c20a1ea71846643b8321d77cad582ec9a70f40d7a8ed9f722c5b9012f436c7a617ded2ad18643457b6fd33035fc2a2cbd52f3da4158015e01fab55b4e26e2de9602101ddb86e8d2aeb89bf4006933a11b5fbce2bd09e31fda18a82ec405910dd3d1cf1e465c176872da3db1c2b3089b48e768ef155ad5f56417497a648ed0427d45ecdd038d3cc8c87ce99a92f08c7641f7fa39ceb4ec83ece0994ac6848bb6efb4e79327145e5396b10faa1ac3a63ecd4a4a2c9cba946b0e5f185b2cd1a04293ee46393d374db8be0a849377eb11067ead3b76e514551d484d5c51544a1d0da96c17b5b2ef953dcdc1c6d592030e468eb8186a5bf660b71da5d982bc5424cf1a4f8ce952bc763b4eaadb2a3f787c8af01df2f43db5e0ad711824acece2d99d5bf9fdee0fdf1fdd370ec791a946a4b6af20b277479a838776e9c09230c36325b8c8ef84db282fe89ced24b0d7869b5d246fb3c60fcb261309897714e870195b9beed0b265800fc6e6 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = 4d36eb2c3ad233436923e580faddb45ad35967108be8d99a876745df6213c028929f07d549847b4f9a996a3ddde390fb54aede470fdc7a3e0c7e0688a3a125cf216a3b75b4667586871b0aeb2de3c0e143fab1aa51d54f82f2b5a6d5357de1af42c01074411f28d177d24bf2b2844af6e86469a01b79624f7f35ac30df4efcb2 InvalidSignature = 8138922fd1a87333f1316e207e5851af65f27d9f5cda0f7b7cab0054a2deab0a5c246f1834b8fa0a9ae755b6add3b6dd93c694fa49bea28a5635e56d9841d283320e7a6f9812c102a60fc2505a081ee3849f815191b9d7a6c41db67aa1a053f22d1514226aad3922cb0b5be7dc86d6cd5daf28bada179fbeda50372bcee5fd8b567ca1826b081cc0e6cf58cd7ed935c6922b924bedd7e4f3d48f1995a56bb1d8aff5505ea97c56cdcbaa8e93254e8c6a39db1276c6f53a6551f162f403182b4bca892a6cf527c4f96296b2ce17ffdfa0347d5290940d81ed99a3e8b00e859dc0bcb83e90e9cd9a5b64cb9db1f3f01d26d08835ffdfe4053d9c7920963b07fb199e5c01d44d4182586104850213f8ca60c0081e62b5fecbad7eced93c35a1374d27b67150ddfb44ac68f6aa00b55e38e681b456e60655261d8dae047d67a4ee2c55ecf213571da1df549a4889ea3a285b5b2fe0707d74d470c7ece3a21526f5d4af7085dd11e6af405152a05110fcd6aa06ce93f1d2baba3ed5db73293f977ef1 Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 +E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = e2a92b143c8a006cee8afebb663119745d26f4ffacaa535c6165d30a1265d9277164c8d8214977ebc8f2e2bb66311f54e51494d8f16a6822098237a8d6360aa6bc288679b04c634849a720ea1956f5043dd10a723371e6e9ec302ada22b17f99ec80cdbe909aaecc9830221028a884cc8ee5bc951bc8b7fa31f614669edc2048 InvalidSignature = c81ac394f82cb27d75950759224b1787f87225ae5549be13dc1f74326eb668e5e09d03e03ecf039fd08dc301e70bd07992b20a2757b5766bf622052d69fbfbfaca964da33af71c8787eba9ed5caf1bf86e48587d26b21f9f1be601246e1d9cdcea9af7796ae30dd6bcbf1b25734f89e86ae9051c7a2cf3730914406f1541beed812ac6c9e18cfd5bf265523360018860141bcfc51c89ef879636ae2d7f7e41e31337f7afc3e201c6805a76af89dc9ea77413be1f1338e845e9d16cf86e5e04a52d8b579421296fa702ad07ecbfa0237ac996ee2e91eeac8ef48902a76c947b501e265c4b3fbd0c516a0416ea13c79b7e5d5b9435aef3f371d38ff9df8fdded2f265b27da5a84fe5443635e260807db9a1551387e6c9c596498d280d9170daa62954ed32b14d044980eca76a8db63483d8c4cbfa669ec140e7c4a304cc15e468d96fff34d77692581b10e7d25ef075d652758f50e9ac4cf9848466388051518cf93e183f910a4f503fbeb654f4b9424dbadf61d2d50f60f8f02b4ea0e7bc3b398 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = 643e40f3636d706e1337bcce6818c10a104fcf06ed87f859c8b667534446f43f1073f5e561f45653a0ddecdd5fc40663922245d2fcfdaeede7c4fe4e187b3da70217964e3a2c66f92bc593c60b931f7e0e4bfd1ad94923863979e0a615777097a1f5ce37d55ec9e71eb85a8f53cf35e3ea909ee56cb37eab269db6632284b394 InvalidSignature = 4b1264459b5d4066370a09c8e2047911d542e800c0ffc3276bb2d88c74cd16591c0c1c85ac44e08c74849c2d8fc287f5e4c33ebc7bf781fa0e89b4d7ad8e0a0e4e450c02e48cea826f19a96a9873407d131375e99fa2ad744ddb3972f3ef5e3a5bc7a6dc8701c93821bfb31adca2e6cc8f9fd375290b991e5519efba5fcaeec5eea24b671a6c23b6ae4e203c0d0d27553946d1b2fe55b43fba5d321f0ddc07ec9cf72aa8633f8f666428a637fb2b10e7fe9bb81f24c5b5750036d6898d18ebc358a63803ec2b67f516b36321b343f960a1b8db943ac0440c006391dd64e09f6bc3c1d2e2e2cba781a161f0aad3415a5b03addf637060cf0211a02094a1f7b07d443a7ec958abfe74436330a2a8c7c7ec86f91bffa9c35e1e8d3683307e33f226f9645ea66ab59ece99a0496698ecb8926e4772b307110f64f8fc02ba7076d288d4fc1481259ccbb7eb35afce0269f279f68433017622130f62e91851d14bb7e6bb648c00be485fea37bce55ed78575fe12ac3137df34722c0f2e992628c525a1 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = dcf645e2201c3144ccded7cdf843326481ff3105019a5308fdcf74a66033e7b92817c4c360ae83324e73cae2edc584e49ed4337e1ac18772ab012f839c03ef36ed12f3d64c7c63ba41f437cba9354d4065e8b8ac53c85c3b7d04b83891e402d392b07922cccef7650d2ac58e12dbb4014003699895f6f9eadd9fb6cd29204819 InvalidSignature = 0e7a238a1eeb14ed0aeef74bc58feed30afaabd466b13d91b72283a694b785d9a31552b60217d9721197409318097335961d234c9cb6a86bdcb72d6da21951c70461858907336f52e82e7d44074980373a5bacd08768ab9665624c8df9f09363daa823948b4b6887a69ab7eb15d4afcffaf8a1499ab12de74fabbc7c93ec60f66b783d8395fdf95fc3b417222882c91b40d249165f5b60b29da2320d2cc3af8a1c148af334c404d9fc248034888fcde6ac99411995f6ee8a1479def7857307b0b40498a56e64929c81d14a7a91477935a37311e30600d418dc07d6af4cd200ae88d5ba69b2e96bcf993d105a18a1f7e8a56b372961ebd729a76c15e4297ae4bcdb5ef2e7242e30ab9dc13442440310de6bdca48b98d67bbb2ab07822b3a9d5345b4509bb3a82c387f354f4cb19bfda50cb88149f0cf4d8a668458309676c4c7a1ae950ef5a5830b4c1d0592ccc875a46828e617608023f1db249e9cc13e8c0a28b0395465e5870b96d68ef2e254393b04bfea234ea3fa46c6d53d3c5d51640d1 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = f5e7010e4829c855dd6c3c84f57a50cfbe5b3c9fd4c9229e07e4f10d5f278a5e5d9b21ff844ae67418f7e5a8260c2b85c4d42bc29aea60fca1f233092b861e89247312bd9726169d7361322490338befed26cf063cbad3faa0127b30b5eedb7cd1d99bf189a4a0f87712e8a03bd5b635c0b9f014c120c5bd8bae922a04450760 InvalidSignature = 5f231b5b8e5804698ac2931b612c7087462f296502f7cfb95d8547c813004ddc1c01de04ab900a2606db31f98bad9d43d6ce858d7413f6ca48df1214c348725507d86b19314aad2be754a91ba551e156707a991e93f4e49e66fc82ad34d1f36ceaba9b781df4b277f62f5072652ae60a6525f6b28a77e144edcd4f596dffc9cfc6ab235ac406c7d5fe3d364e6c4df5e2e50c0e9931f3ab47fb41bbd0ae196f938168f52f3ca4c6290968306044c236792953a2e84e2a2738f296c032d7a0699849177cc6495b27258820f8476c4b09e85e30515bb9bfb2eea6bb04d90f6561f5bc5123df8e6d276feae3f66367c4481b1f72b38f51529972d9259dbbdbb2f04b028d439520c72abda8f04d7b277831591d2d6b6398fe15fc5cfd0b854f4effa0a77e39c1e596a466e2b184c499e2b15aacc5f6bd4c74a58e346bf6f5aed5343c300c8f71545d95d2276d54de2b6e23aeb8f5247fa6713e0e528e35cea82148ac4c72a654380dff36e4ff0f2b0a14dc271e87fa711e915855efed24eec15700fb Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009ea299 +E = 0x9ea299 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = 961d11d02fea2179ead83fa51684e5f4a2b804a898e2a3b6e8c4c91c676c9e761767cdcca9322caf40f19f8478633a1fa716a59463d7c549446d9850ea8761f442f20692060fb6ab8385ce369f33fe3b1a69a89d14578838d0c59a2bb7053877a02683ca4e6b05953afb956493da7a6f8418d36cb54936a814359756d5d06b27 InvalidSignature = 28e4ee2583d359cc91cf56aacc9a9fc560ee09842fc4fd66433f383b67f4356167c799e6446ec0939691a78947c072c1b071ab15c4c4de6d124550139d6b61c0c8370b725a9a06704592975d57fd3d8b3d1867d5d69a0b5580316f211f10ec4bab68a2dfd99cfc31cd3c5c2b87eac54ec482a60ad2b0cb1fe62676e5405459a6c010c1b9e81caba0a82043423adca1cce0037e444572b092c5eb060b020937948ac798b41c55a183af7ff1c118ed778a140acf7f17894ec6d39de22871ee0bf2fc97071a9662663e62609b184b9e78841f0df34963b228b4b13e5a059ed1f113f14ab65fb95d79a904f4d9c47d619a37b2170ab2d41daf64c39117ae5cfc94a79d055b63485c7681eb4aa4e3c044e98b95fcdebb9bc24c907635c77333acda3d5c1fb9c79ef99910b889a1c7eed7953c07ae9d234c3fa53d627b7fd89b5321c2e8c3f9038fa8391095ddaff9b9ca533e42554c83abf026974a82c95c6d55c842b2a39df9c5faf50d29fef5d148017c42bf41e7de2073dcd5d8a6f7029a19dddc Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = 00d76dc429af281012cb92d5f7c2fafcaa73ce043fecfa01088b70e5c46208ff13e08bc12dae0ac6d4d87514872d699ef9e8480dc1908fbf531c64102f5b6fd95893eb370869fd8ea20044cde865b1f36e2b99d24e5208121e6e597a1f04036bb738b6ad22a5a76f648d288882327b03f183e8db4ffb0d0351c776a9fd276dbc InvalidSignature = 619652bcc22cac5046e8eac8694e0ccda00a7ff1afbab00ef5e971a700499b64eabe6f80102687861e7b8466ca32eaaa87e9a0d143f75dd7fde50b0195a035d4db443045416caa3d51410c66137ecc63e6d0568f76769045ecd66a3512b246dfd296397aa41623f4ff67a67b42b9ff692dd4b9e4595aafe2e7166eb02fb3d13be0f22f5b6c716ee0bffc8ec3567e14775f98ef1f0a6b96fe092be0a6d243ff668045d42a72173c702fd0e19c23093497ccee3ecd7c1f9afc876906b498f85c3b3c0a88dd5988a9e6186d3fe635fd7313bde1aeba873901f10f30ccc2d6f91dcaf64a6d9a95028b1236e9b5af2404f4c224388ef39801eb4b50902925741d3ee50a4d309f920f1e823bebac39312243f66a3f0648db6411612e6c881b4e44920c7f19d7fe5970e1508f2d6cf662d313560a5219973e66bc54bbdc7e05ae3b46fa7c70e5af4d4e379a34fb6794b7d83c3edabf36a080b3020beceeeeeb948d36d157b3e2d27e79f8a9b2dfd413655fb71e68080924a7fe8401538a3e90fb1cdd83 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 4d44665e0e2987cf7dd1e9d6200151f500ea3b85a24f72fb38e5dd6919ff9c486f6a54742f96c6784ff7a70c33ababdc685de48b94694af8ad419bc06a0f6504f79c606ced70026b813b4ec5fc73ed4f6b3f7ff697943303379d959e6561a8904fa0354d2ffd62317d63860a62a13cd77157b7cf921655a53ec3760bf23c8e75 InvalidSignature = 4f48e51a041e40a029d586cb7afd7ec11031f86d7bee58fc13a9227dd209f1d7becf3209cd43055e93165f04f23276d46b0b64669b88c2ba54ad6bcb5e9da81810014e140ed0a14234b1fc0fa4cfa4f258a7b5cf73a336534f37580a3830875f3119092e4854fa80d87833f7e9627ab51e056a8deff3a451e8aad78335816b53ae0d899b0607403bf08e8c32e1cf0baa8fe0d78d1b8d72f85f17c1c5b8870cec499497b42de982408fbadbe3b45a13b4b5371ce2a4d9600b7d14011625cbe73a79313954f4f3ec0b3bf6dc945297325e3aaf5bc89a27670f5b2536a54caea3bc6641ae628a9a4da61de749661a93b6ae68722d10d7902b391f9e9ebf3ab9c186017b52eac6fd442a256fe7c9500165e3c7a402aa0174e6b6f35e4e12e35a9d429b21f6cc98eba73c80ed8ac33acd79488e620b274923e78ce5d91a6196ca59054fa77cd67e0d3fc04d71b94b0cda5478f1b3d69150f40927c1ab392036583609d8efda3fe48643ef2f75f1164ea7f25589b5bbb560c9a042408f85944ca08f92 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 1abca8d81cc98a5d5020e95080b5fce59ffe70dcff544802c49de7fa99286b3da1d83d60b085e696bc9f25758e143efdbd7494d6dd547ad9f4f047d22d14a884d13c3bee72fa59cd6a98336284fe2075f8d7359a9df017b35ae00db6ddee59b1902fc90bc9ef890c42523b9fc83b4957376d7ab1a5f1c499deb7622f118026ca InvalidSignature = 85e15765a401c10d86acf3a05fab14e05487b793569ae680f77d20c25b1763d184634fa0b01d979dce9d803670d7f9f6adcd59476fb1c8c3aae512f94a9ccf6e573aee6a28c0dcfd2dae8522685f03ecec8c045036d1cb054a086454a28326d5319bc7004bc87c7566a56852558f583a38a4e7e7be7981dcf3ec41c12345f845409792ed87b3f1b8fc89c288a2968e73273a36f2b67258fc67e888608566a23a6a5645328f1edd8c105993b486eb3335232212a1dcfd5da40fb3902fd2cfa86e8588eb3c40df8d9edf3c41934ce91b50c0d5ca1a3840ca40e3c841b39520cb5e5654af3961ec9408d22edb345027eea7119dd552656342e316c60c5f5da028308b031bacc74d1fdd6907bc6944fb856082cb14f12cb509ca4efb516ed0c60896771b478442026913e61a32611dde1a8807f2e1cb76d0c0c69c705beb8fe713e848cc03b1ef8965267cfc3ebd43f0001b33b9e9ad418ee0d592f184d202331d4b51a96a17b014d47138f28caa39d9dfbda60894956d0c043e4292877f044b55a2 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 2085e8b946d2059752f8f0fee528e7c4cc0ac1fa24532c1ec29a3a92d2681c4dbd8e2dd151bb325d1c4ddf6318689e3c8e458d1b34cdc5409867e26ec20ec09e15a682f57790d9f4b27c83ef197e11c06e65eebc03489de620614263a51e642ef076f10d017a82c4dc2ce1882f93c9b6350fecc5daeb3a7a2031615ac1c29065 InvalidSignature = 65bd57d4a37495d54eec7f6321f7101a4643d9432a2afc8eaa147fb29e7ab1106eb31a6ea7ae3b48e40de63cc368e7a6df4c998259c59ce40b8ac2f8763bee9192417d2020cbe179bba8aee9be8971466f5e53b3f82004ab6aa529d08545bd894435d8dceeb3a8e905916bbdb015bff65e9e792a88e1c8449f411edacba504cd0730605dc83fee64f8dd17f577075694402f1862790d9629f9fa8ac3ab4ee341dd3979eb1715c4f742fbd89ba3b90565ea4587438562493f611d5ac9989fd405a01d23b13469a2a7a85b0047483a665ce3899a412107cacc11087cb2607ba9d04091c418247242cd8d819ae17e49a21bc4f966ac3d37d2a61a8bfeede0f2ef2da3aa32bc38abb6a16a4475e9672c4aaa31d2e8277f3dd9663f3960f16c01998d50a99bcc681ea02b137555af2cdd28ea43281588066bc55c8f7aab45dedfa2f6befb5b13911cb9cec2b3fb07bc00b2dacaff8237201d3ebeac575083011624b4be018379514dec97209faa29b1f93fda75f0770f3c73e700a2e48453067c909e Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a45b6b +E = 0xa45b6b N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = a589c8788c959961fef98694bbfeffce5d69071899ad969ac25f3cb48eea084b1d84a8613761d1e9d626e2d9e4a0c48045b6141a189c84a23a4a7ee70c2d0be2771cf4472d8d275a31095b0499ddf7269313302da6a072e73adf02955b3ee141ba38f351f483605d178a3b3e631d62674d67a579ca212a11c9060fe40187520f InvalidSignature = 062418750845d3291e633e47406480e32fa2980275f2e4ac79d284ad83ed11190e7b85bfd6ed9bcff63345582fccd88a578941abb987d2dcb549a0ac2ed5fe7ce8257bb1e6288155fff3dc9bc1140f2777a84575986360d076605e655c9d73f9bf010a437eb7b280d6108374ce8da4c702f66a9d1d01b141c6a698729d0fcdb0631b21578dded721ef5c490812266cf6f01270a8c6c2f08466c9b3c626c0f1edeb5b4fb32e958a4a388c6c6e73b53a506137354358bd00bbd2058c9c12790410a45f4348754844b357c4e17fb38c8cac87a6be3cd06a08943db0e8b867d473e7d3581ed2a32d25d7b45eecf8fea10d0ade1c888591c71fc86abd1446fadca2881de87a6d05566c5000c1e075b0c1c5481ffb6e982a3f8f44fa8ad0b6a92f1cdedd9c38d326a6efad9d0359a69af42034b7a4ac388f9c7d356edf4d6e4550addecc7192242b3b1fc4164602919d3411ed43e2b394867bf840ea61750bac4f1b72d28af35eb0b3aaf6eed654d1de883240c0e2234ea2ddf6f8934cdcacea802e26 Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 +E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 70a4a898028568699ccd8a53288a747851884db2971ab17aa116a909d422dabc242efcbd2a428ee0777ac8cb294fd25abc17334222cf8cf4151986c4ac81094a2c04af0821d3784eae54bf5b226a6cc5cbf66c1b0f9e5ec8b8cd8f3a90fa29442e2ea7c10fc08c7be963554b3b64ac81292cde85870c8fbf343aadb5a916a273 InvalidSignature = 078843b04c9855e60b0965970e3485a8517033efb57b773150483e7d79a549d217159fc194c78d1d7eb872ade231d1c95dafcb7d5292d7b113a99567f492cd846f88cdc1d035a04ae6a5ef28a8673387a2479c3e0c5a1204bf13602b49097fd4bec16284566c36e45ea3963567f36daee1ee86697137cb258258b5c318926fed505cd6784ccc95de4edc2034e64521276f9055824479b4abd51a7315e81e204dc00f4b077f26ea0a7256bcfb0edf88624c4e3a059914b75ddfcf945c5620eb6b06b3011e4babc26857bdd9bb065dfde515c37eaa6ad83590537566680ad1d776067827288c80497b76c489cb39762dc1997faa41086b1e377d3c9cb29e4599dea3b123d850463ed20087fa744a5481a4537a6252aea0bc18b2bc962deb589ae53a88239eac7e7906f4b16e68c0e7de2478c4e4da869008a65455c691547b16a9d964fe0faaac4abb22309e0753408e22a8668c0e96681f0fedf3adebd7c3c6ea0b452e07a6d94d9437e8b03e7b26203aff7c1706b58a20568642a8719b9838f0 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = c6542c0b67da9dee6338cdc0ff704346fa13de2c65be53a4b5e5dd5017cf2f6203e2ae021421ddf017f3186a622686506733498688c4f79a2d734ea614d52378e9b79cf117a79fabddb78adea47d2585905ed5bc550d126d4c4e1a2bc600e75ea05a5fa11775cc68de0a8be66e7e082e9e1bea9873a18a6639fdaaa7d258645c InvalidSignature = 4bbed79b3dfd054836d6b9af30b0cb202eea9d5a038c5a2ce9dd68bd22ad74050bf6f95634c28955b539a3dfbe80a4444ae2aba1cfc4f337abfabf55b65a89ba6a5fcbef5b62a4bae5b4c51a22953e89b71f4eb8469966e51f1b2d232e4de3d0ede3d929ce1e90abf16a4f89cd4b102c48afae0e039ef8f36c0c20513f0a79c209f29747757aae8380993cc1d427c8902507e038cc5c2496102b2d1ff0b7f717dd8f083cf313b82f9a4415dd03603b73d926c677f1cab07dfac0f8305d53eea8a8cb789da3dd34230f592334619f487d7ee85b099f98d4f557dbcf1f23944e73e9a3b762c82e1f45477c91507cfa8ee11a944c7de8dd0c0e786daeff11275085c8e2d2f4fcb9973a62c5b9de61368b517b029164d0f6c2e07a3fdefbc082275f5e726ccb1bf084650e46157caf8130fcc902f49926c36c8cce92db6a3072ec7a4fc7acb16bd7703b936f9ba1db295ea70efe3c5b9aa0515e7dcc2f4a02a96d69591f3cc3c64267e4926e094b84f800155d1fff6b686a71ed9abf5295bccc8783 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = c6cec990476cd20d445e83a5ba7ce48e1b4215baa2d13efbe436c86ba9efce0bf9abceaa7a52a509f945ba3c46e77953455c033a429123de857c859126a522b023e5ff83b06d1764ce0b95241fa947aaf91750ddb90a1dc55a649aec46b5a50b6b02c3e292c61168ec377e24eeca38db5ff9646bb04412f78b767044ae293d63 InvalidSignature = 363c8a8e3f251f7c86cf53a34e9da296b478bdd9ff3bcf36921ae36bdaafbd73cc22013fae7d3b0ab840db28cddcf0c122eca5610b1640a5d4658672c2323ceea32609196be2ffcf40488576065cd022c0e2cc22e6103cf93610df661657c3ccbc0357d0ceebb85d8a2b28c6a45b5eed1703a14e1dd28e244882a8101da1e5b9ebd9d10df36ec4576a1cdefa89bd5390957a0d9d72873a9fdf46b67b4f2773f5971052170c71b9aa409e75ca5cc2f0cbc97a8918817be164a820f90a618acf0c5aea19e23c6e5d78465f60ee706c8bf78d38ce3ce4b204db5e3ee35c4dc3cf5d6cfc1d0b17b65b97bf227937540aca0c0b5d2ee7f5fa2ae4fc0a592d9b97f524a7468910e7c1d843b8fecfc48f7e2b5355cdfc7d5359ddf065031730915e41126b7dca03161b45493d641d50276cc1ab05c2f2abef4761e0a99b7f34f35d5621f2cbf8490c61d035af3c40d473192977dd7bce01bda6fab5d363afc5d2e2cdccd6721a6469d68e5523b7d6c30a9b91363dd2e90ef7c51c001f956d7dab72ac5a Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004f19b7 +E = 0x4f19b7 N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = d5054ab2c2e4fbef568b1f7d08a38770ea0b6bb589276900157bcb06c27809ed6d958e0083a2bfa81f593a9772375b47688a05a388ca9f041d2c5c5e9375c0bc230c60e9b354e970f73863c7dd08b7c828836f605a35be8bd803c080490402283f9245d519a17f312850237510bea2db711f3255c70fce7f8f257ed2acccd81b InvalidSignature = 093d399dd290391ef02593ae52e54d5533006b650730fba61170c31fc6d0e2c53751faa31d904f4a96348ad8f36ffe8892b846eecdcc85ac1a739978707fb2b4ffa98106fa2e55953911140fcdf41ddb1450ced819ecc4d723b842a88b4fd9b5a506d8a0f5bd6b629d1a2871766556889326d1c9222c98062ef6903427f13d5c55066b5693e85d749961c53304895e2343fe953fd30d4e8e93c952438c2a83b8590f3242fe561ccc2d4dc393d2442bb57c54276813cbc3317a6e93141c32a240572e52c6eb400e8869005148f66c7b04391e285605133cf8ea5e809777ba22323506ae5ece5f9a55d812766ff3c9d784a979eea3391d47fa97304b719ab7210f1b1be7ca9846cba4b3fdfbbef0127efc2b1f6acb0827b0bf48058cd26d21344ef9a3d34f62484db350e9268048fa096415f833e97114590c7f1f073b562be552cfc2168a186e941b70e8f3fce84dd437fca3cfb191ffc174194d1f448c9270b846f253923c00f73932a038bf97fb47c3ea8bfa39bb2070fdd50a13649f06ad0a Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = 02abc5271d55129fdbf1fddf59f4b99d904915bae196adb2f0c06237b6b10919d259606920f246de8d892b772abac5627fbb041d219c49db87ccd32919e079d18a909fff680263a2f14c17152934f4ff29390c78bad8816d2208f5453e0741c4d1586a301c0dd1b3af42a9017eeaae3a37ce1412d3d2be2f6c7ab1d34eaec8ba InvalidSignature = 70a50b8a4349e57d7c23f990d33d0b1cc5074aaf462529102a1010575dc25fe90a34414ad4f3bf8e203af8fbfb68a8d10db1bd240052c23a4015fb2ed9760f8aa1bf13a0765f907c51037095b2537fa0e72901b76a945fb6094aeb316554218505c53b4aafec448eefb53d0dc4b8175a07f241d64e31d848cc3526e7ff6421971995d143fd3b201f2933e323ba7a1ce81a49c94e45c6ddf3f5cccc2473edd7511d5cec51aad62c4ca0366b487c8691bf2aed919611e7792fbb8013f4a11d15508890a7f1bec10a182d23f187e3f5642868f7a4d237d944eeb0ec3e8a045812fd31625978eb7052df5f1a26d885049b2fc74064ac9486e2f40179d6ea6c0a68a49ad384fde8a37f98a37f96b494651f136d2addc2a3d73ea694436762c02189953f9365a19a488b79458884079e8a94d09250fe8fea7ecba1777cf44289b38fd2e556958ff7170d36b04f7cb76053a73c78cfefaec345728ab66aaf62e7467101ff66b643db74a10d9844dbb3475f280d0a85302c459c67d9879ad44649101304 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d +E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = 6c0b6d2266a246feda6fa5cee22c2f33ed9d643c1f6824d9f327719225bc7678cfe4c85cd210ed4077701b0b5650418177a74c71b8eda3306e2ef3474f5d326990eadea84a9686e822878c932997298e01f2b16c42e019e21bdfb67b3df5478df444366c97df1bdd23dc82ce23abee44d3a61e9484e88ed642634197b52dbece InvalidSignature = 06eb0d95a988e9433b48167603df82c4f951740ce47671cc3374f97a1f168fe834c3bb88874f06800e9094578f472b99fad53282ea8964d2a890e50d1ab4c61d91be1a2c734845cc47e637c89d8e9de430bf3872561a91183edf79740ce9abbdd3c91d418f86dd560fed0cee7b6042faa0d8bbca105cbde474f091ff3688be6cc76ce7b4add80fd7aca06b77de4d0412f78245c422906fb36e2afd7f1cc66729483262e4f459dcdafe2e217bf07ac96c0b33dc98c6f2e20231454bd261692a06ca2204a1bf67b39fb6c8a7f86dfdfbbb1448af119419d12a9e95d237a8abe0513aeb7e157a4d884ce29a37c97f07fc38b14b12101dde27d416df512cd6ff2c7c10a4e724c523c78be5c2d4e6a55060828e2c62ed4766c4354c27c2f776bcd97049c63cf017ff787fbf4724150a86501e32a3a187cdcb79dd81a4bd7a516279bb2abe28f42ee1fdc8ec69341cbf1ddf67592197b2c2ca9a3f031ea1150da24ece48f6a13e6452c2721adcedfeffe5aa7804b682a34c7f0f19a14860ffecbecf12 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = de53ae1c40bb05a44519e74e9389cb49f1c5523fabf9ccd038d2fe401bd8236c07ff300346785cf25ccde020e72dfb5cc9053a9489d0f647f72f1e3c0f3c3775201ba05f2ed31b4b945c8921edfaf55335c9d4112c988bbcfbfa329c1a9b98d571d18797be73499636ee6aba6f95c0177d39a91f5cfa94168e5cc3c7049e4f76 InvalidSignature = c9ad9f25b354162889ad72cdb4f4c5bc67a4b96fa69082aaaa0f909ddea77cf2e20614bed058bc2acf435811bce36c8a30ce05bb861356cd79553077c69e665b2ff6908a083c271483c5d7fc670592f2dbf8100c4e5e1854920ffb11f635bb4db239198f405bdf1c91fc69e9e92a6565ee56c9a72668e0c116793cedf6e2e36b60d22a5993851dd99e6ea0ab1efb70637e648f2162ba9ed07a5d1acdc396a86552b3c7dccb61592c321616a9fbc61262bf0b8ea67fd823915bec5e37096fc3202df2f1f44b48ff99a7cf0caa2b20e5693ee2627d4fd11069c59fd7257d1983c06e66bfc230f21a4884ce536d0025674c2f9227b1db75ac07478c3971fdd6f039fe9b27e6b8cb4ffeb1ff4b23b75af8b4036ef26e36a22e6248c8c1ef879c2b886e830140a9c11c95000e70727c4b7c5d3abfdf664cb9d59c579bd2a1c1ce24e5d446645a728b692b30620aeaceb5ba230f2316882a0436881bb3fc3c25291db297eeec590c6d9ebdcd7f52bd79ccd80ff0b2f30979a9111adb165fb701b9050c Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = f3946c8f52f20ac9a630dee2da5956e1ea487215f66a78fc97c5e9637339b3cf0f06a81ce58f2f64b75e3a22226778977691cb6dc572fc9b3a5aae88ac94907373e8d7127b64ec79975d613e17b02adb9c4d0a532bf74b198145b22da6edb288c541e0ba3bfaa7d2ee353d7ee0bbd5730485170f5080cd3d138ddf9a89cc81d6 InvalidSignature = 280e4db5a0f01dbafe7d3cc64c1e76769a7fa877dc4d26c9e0d5cc9782119c8d9662ad25d6ae59fb990391bb1d3b5947809ecea7887cc99a47aa7275cadfef9f82161f7a3054923fa825cf16bd189b41c75d348c4d457ef7ed989c100c10ee008df13ddf6ef9d52bc537f86105976d47188a289fbae6231cefc1f7dcd92865df4588ada4eea069ecb1bff0b5910ad7fd02879caf4c61b9fa9ec03dbd93d61ccc8b5296508ac655d2df9ee68d3a0a1ed43eb7e77674286e4fd74c5f8ffeb9c21a6971a64e92e164b0708c092e2f6fd6edad762642416b7a98339deea10d9d0a0b3b4d191b75dcc3816ff61e377c03b29e883a99b6bb9871950be37bf921b0989bc7ee9e01b1c3b2fd8b428684e0b5409e432f6df104aa0f76d38a8b3bfe715322c7fa59c113b77436cfb5bb799baffdfc74aecb38b139c0937669daf7dc4f1c490d7a8e17c867ad834d6105319f6ed99e3173198ca7635762f277bf76be3bd5d605dc02d01abb2b3a36bd247c0ce3c84efb56b0b6b671e865fdddbdf27b402f0d Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b98e6f +E = 0xb98e6f N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = f3328c688ab764f3f497a8b5403683408dc7a888cd043a39c922ea4d66045fdd26afda37f1fe1a3216967dbe8d1d69bf7fa7ea1c07719c123bd2cccf666eda3c98ade11a616c9a50d9f27e83e3252be8b3fd09568e3a2da0d1527e2135ae16985115eb376169aef64591f32dcdb6936233b24e5fe9c5b588958a486c5b2adb9a InvalidSignature = c8a5f44532aaab2c8d64485004e0e1cadb033d4b4c456a01f9a0f217fd7fcdcc0ecd6b788cf3c7db5e39012540ef2d692f04ba77da29b34d6c817dfb45e0a47ba5da8e7d96f5f929aaf85222d2baf9e7dc8756dae01f7881c99efaff21e0dbe554ef9127e6b30681cc21c1cd9d7525279f793eeed2926f18060c1fcc3538c63515dbd8ca6607cac1f65ca8a3ff9ef92b7a3ef68a5ecab366085677e7134b7c32b99a3056dbb8b7cc617e3d3a6d1a42e5aee5d24632919dccf6826677be8633819c27da66f0eeb3048cff202c42407a74469c114d496270e3574c5a516257986a234c1c6e48e868df31b6f2e6352a1d838ec8b582174e4a493a47a17c3ee0be12de201a9d60df89a9db145094d04f9637026d3a64d022b02b052e3e0cee55f73b729b09f6cd7f84f7abc1a357cc1e10b5a6cea2486aa8fdb0d36cdad9b60be1c6dfbd646c003647f57071cf6791f1e5e386ba876ce1afafe636456647d4794a0b932e8f4d600f85a2e6a485e9700844a1354fb6211eec8a25aae2ae91944e375c Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = 783379f295b2bb2e1dae5115b34c991854a517403a1c741d00f0c700080d146a1a2812c34d0a324f2b2cdc5f1085fcc4d3a0bd89a8f194e24569815f44489265c933a8df64867d3139ebe66d5e2c56ca8445a452dabe0eda2e377d3755450bafce7cc2aea2cda6ba8e13f6a964e8b012afbd5301962ae8ef038243f104ab872f InvalidSignature = 330d94974270835358e4ad6a73a3b1686782706b5fcad43d7e5f66d61b7a3baa859fb58fb3aca262d4751d1fa766128f961b3a3380c83d3f9e250810b304417f6477446d288f07713682e3c9f476329df75db1e4ff0432c3f1a7b341348899288c056120a3a3844d1efee7e1427ffb533cb1d453cf308654499f26e16500d2ba52e94bd0c2b91e4f0fd747d73e04a81665d1e9e8a7e2b1ebcf91dd85043e20846908b2ab26a8f01a8a3662fa413046c68704d139616a4835223b04221e3fadf5a06e0b1eee722298e287932dc676a5038efb6c6035d1e064bd0255361a74e4f8efaa754a27fd0385b54ca4a4ff16422f427ef482393b1df05ce03fd30d82419a78dcc988e4dd2083bf97ae09c26a2b52a10de44dcf9ecba2b24803e93ad9e3660cdf00b1f65bc59b8a831461f92a263fae7278c1e421c80186251d33b7ebc14fece0135f39b3f9c8631e49e2069e1675c724c542b803398e97975c89b7a92649b790b1fdcbc1cde0fe5dccc6b82058067eb227fd6c60bab33a8c5ea0afee1617 Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 +E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = 1fada40d53af0011403e97c01556c2228c6199fa27625c9eb973120529716f2273f6fb70ef8771cfd60f658e028c2ac9f509f3f51dcc38b957d05cffb1768c4c7477ea4c621debb23cb3fd3f873a6e1f905d897caea7024ec7f494701525e8f92a18b9c932d836627910a7fa2dc654ce6445a2b8605b800412c50180dee84ad2 InvalidSignature = 4824ebeea84b2e2a5044c5ba673be3122e744ccb4c431aa01a70214f371ed9b4aa65cf6311d844f0eaa02ac85952b480422f57aadb3be1e3abd83790637bba5b16da395d7d748a572d495287c9273aa090c395dfe35f581f230f9313b551e03746f3830c7cc0949c5b0d1dbdd9a87d315a8e62c5e4fddcf377730012e223279c2550043d550a6ca67fc3f0905ac71e35b596cba990e183ec0839f3c39846a10fc2f9a5a5868d224b1cc6ffccdf6e86f571bcdcfdd5f1cf5a48d3354c78ced64d212f62b8d0f439782e52cd32f500c8bbb71ee84432d0b81aebbb183a3c716d41ce0b0c31d198f96c813d8f0a3ff89294ab6546577119602c7424e933b99f7990a88d1ab6a8de43ca838527f49b610666e0985ed691e5d0f04c0f75ecd3623617999673a30487257a49db23de7b92c25f22bdc2cc167f20396098e924b2316a5152d67780580a77d886cc0abe4b17cf3a318b8e92fbbdd83e99a39cbb3b74c72dec839ea47f534235b1aa7ab5e7063e54cba623a2ccb730ac6f68e35a9bbad990 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = c66e28557124273e4a1fdf519ad9fb646e761b648fec6c9ab4667b2df7eb4be8863aa53e9bf9af8bae0fc09de94f7373dc56fa4472b6b5c4235403a26c0e59557ca1911831ca843342acda7dbe72211fb5351d9a34205f0c77d219af5b0331a2126b94ec1adfcdbe70bed6f8018b2eef61db2b6dbf7292fa19a9655aac13fc57 InvalidSignature = 89fb67fcf9eb4bc9c6ee9713ce1aab7dbe72b9c2f92bee7295521e2c9b1380b04df669f2a8cc06fe94d3843c64d4b4ecef511524951544b2d6a0770543bf45166fdef8cfff91d9b95217f1453ff353d9241d3d755b805a1e2ef9980782afdf3a9f3074f460dafebcf939b90e11e870f39b3d8221dda98c3b0d26ff5b953a4445bd4e63d915bde34f0ac8ba13b604e3bd5370142610064a12217a82e9f33f7e5e92d9a46d6bfdff3868923fc86d30d722e4f6d2e03cc08631f7f13a319278ee76ec014214983b011b5fd862fe189e84ea67499717a406df4d0bcb56b312f035be828f0380331503dee9b303a4f96bd687dd36fbc43c53a65496766ac2e0d6eda7e415be87abee1283998d56b1c54cc5f9bcb08c0a59c070c072ba260950c7500868808da6a7c0ef773e3d2e6d06a686cec36bc34a8ef7f24d26756e485dfa4b71db26174db3ef1ea61e15255579e63cb164eb6eed538c87ac43f7df50bf1ab83f2a85e753ad6e3611d36f2137801e03fdbf58d8e1416c008cbd7c49e0a44859d1 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = d69fc30f760dd6025878a1ba227e9be2a73cc19466bf386f53bb34eadb8018e72229df8c8f17ba4e8a9efa4e84fd31e93894948a3151a4c38d6c0e9d0054cf2c1ce99b66cfeb80352db2c7ca6f201b353cd5ed3228a116467b3fbe0b33407dc84c45c1453e7170dec81eced5eccfa0ed3b6692345298d620a59d0edd7b2c6ce6 InvalidSignature = 3000b858d0217705959e33771853c39faca2f07db5600ab6b937c014433c030197a7e7834374c5c0ea66bee8e5e90e7454601e9fc994076758c8a06157c0f23332a9f36eeddf0779664a20c6db9ee884fbe8f845bb608d06cc027d572a0625d0fd548bed10ca9ffed8bacb67e6ded629cbdfc37b4f03e9a56407441d485eb26473ebdf120c4dad7a727c8fb254fd927b1fdfd1f76860f2e0106405f248d950950f87420900277ecbe5a2c7b77f7789da11ddc5b77ba7b6d8ce600e967d9abfd5648fd4040172416508e871785529fc3acd8d55ab05c5a761e2bf77c4f63438edb7dff5770e13efe4dd1e5ee625a751ed75b4e37850655a3d6096fb71ad2dae705a64dd41c84d1ed2b2980f5d80d35f6b7a4bc537b24a0a45200be4bdb71f1936c4665fefefda47752a383ba6ebb3b767c5c76b8adc0cc31f5dc9c17dc67467ae649442bbb9aa2af633f9a7559dc531658429f630a3b4cfeef84f8768554422905fbe86a6a4fb41a477907c4a51a8f0dd5d9b459ec4aa698f2e4d34c9358b85e1 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e24d7d +E = 0xe24d7d N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = fa0c34ce3cf0cf6e48488b2b8671a94ded157501c6e728adb3930d81eff4e34fd788839caa22c2f78ddf9989d25b83ee79252743f7703780370b9808df93c37fd4e76bdc00dc60bf5332b30407c71b98290b978b55b45567c1b3d3c17c66440df80f35b7c785706fa22920c4af1c37f404af0d02671b490a577305d251d62da1 InvalidSignature = 60b39a9806dc82244820a8221985f08a775fadc715fac22e856abeae07223b0f7093d3d835e41a4cc1fcd239d129879f70e94014b5c46aa2919f3e13706979aa32172cada7f326423035adccb6096ca44e2f09146b38642605ebee531ca81badb5f5977c01ec2015ee7cb9f7ce12e0a3f586baba7c37e5bbc21e02bf887f672bd1eb17a7c785ad9020a22410068b879a0143b735b5ec44d224f0a095e239dd18d84d99eec82a2d5c3bcef4648772e337dc7b99bcc98bc33ad13ba1ddf36a43dc83aa29f4118db6b0899cd3a8f016fd0c456e80a654a86e0239c8a1e76d0293bf7f880e6ba3b2de37f6f2a6faf551f91ca685d3b26398b734de2599466a896c829a4949483c04cb168d0ae8721cd91b48780f495cf8093b52dfcec7b81370904195617df9b13ae1f06672690124a45c2c34cae84dea3d4db663303af2abb591db41c14ff93a491c008c0fcc1b8c3a00dbf3b0a7796579dc1c2279985b1231c9d2a10c46eb513c8b29797d7aea50b72224bed04e707ad81dc033c54849f0b7cc48 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = 9b7687dcef6ff9aa5af4570ef50b98f09d6baf4bec99187a6751b0b3f927c9d1a16e7e56675944b09460c2bb22e5e3887218295d3d1844fccd5be3286d4fca661e4124018b7f1b503fb9a73b16ada3fcf1042623ae7610dd5835e3759a89d51b7ab723e54428a713c3c7ad97b7ab03d584f64fa728fda5a46fa959a26a1d1279 InvalidSignature = 6b784ee0a868b7dba298549130204a5245f830a89388dc8d320203fca4f8a1acf33777a43e1b0bc00a6d7ffa6fc1fdd78f4b2edd65c28a2b3932388900a0b5b76b44cb78458b2adf23a19c978620050dd0b8fbeca50e8cb1559a85ef0cd11ca38264d381414b6b1c63e16ea415173895430f1b1f42ab1b0280a31d981c402aeef3e890a936d6b182e83383ba75b27a1799353dfa37faa7986f4dbdb14da99ef18787bac6832464235660b6669eb74a41a9260023115d97bcd14f8707b619b0ae1401a8502a818cc1625646ec58f76e529ceada77b25a5a9e328991b0aae5e8d0ea06c357c28b63f101cb90d0b5d0d9d8cdd606d91cb0b7cfdfd33cc5e4268b78b84827e87debfc38a70c9b86e7be02462a62bef66664162216b2ca06ac1b8f52785d3115e08008d8c44a77a4221af3df45ceab9c6744427a9a8d019a4ddda659c0a5d3bd7401e09d143bbd6e3867a22a26bb09551b91488be53f561b1e80fc2ad649d043b6aae138737d0c6d7e7e38be7c263a536278c6910fd9414f43e858b1 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 +E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = 7ad9bf1f36f9897d2844872e582ab3513cdbcdb437ba01eb610ec49f8bfbff297eb26f5f84e44bae2a7c286a438d1b6130891db65fb5b3ed12d9ce42623cef3f83cf908d49a9c00bebb30d1d08a5a647e731c1fa037d3badc7d77e3096a5a83d0e9aea518e302db9f552fcf0ad589e28e93982272afce15408709e122f1d714c InvalidSignature = 177e1c38251b8e9b406597ed90d09f666cbcd89f6863811fe7ef2df91a5333930052bf51c35aab93c77b4b6f8dd31b01e055303bfacdceae9c3a1b9af278100c11ed167acfe272c030dc358cae5780fcec0f6bc581e0c3b0b45a7272aa92707659c2b818709e2ef9ae2efd6b841cc82267f384cc8c87f66909dda9ce58e2e7c35e68c0c43973e9fe024642f04ba2b25d6dc956bee6dac19391f5a2bd5ecc64afd1c25af65ad8b4189aeded9e496a73e62e648cb1ff789d01c1610db96564b2b8fb42846ddbb1073f1edf6b807dc9635bc247628726e7d428562a48e4399846660eeccf851a47b7bd1dacc9bef14e3d0bdf7b22c7047955380dc3a1ef6ddfd9533a0bb0f511811ca3488076a4896a95127028dcd23829987680829d80d68c98be2a7dcd7c891fba6e46e4f99d4966c9d7db1975b60b4fbc1252c93a96f0919d5a4177bd578bcad8656ad596b173414eaa135c462cd5e1f783fc96da55bd41123e58b892618dc5919e4bca146fed14bbd54601635e69000b506044da3aab706848 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 6c2956c024c46d04fe8190d0383885e367b0485a0512aec52c9d48809f9c8a410a952ced8bc4d1b070c7e74c439bceb104c73ccfb5d7e0a81c0c45a9c452fa3a4572f094c58923d2bfb97c4b031ef620fe0401113c5724952b5ae529229cede8a129685cdbfdab9471be197681aa4757dfce5ec9a278c1b4e3f0f0a9c163ad72 InvalidSignature = 1d096e665bdd8042e8f4ad8710042a3e0f26f95ac00e285e1bef437622dd6f3341a2a1840a09f680c982fba7a69e14e5e1b0d199751863996843696fe4eb46875b2ca707937b36bcd9da782039345424863af7275e002b25f913c60e56814ca4fa2b32769340dce790bc7b1d2c479a4ecaadd87869f62605e2302cc2bafacea33205c943c6bd60aba0cab77e67e220c615007479705df8bf41cc164d39e09b8ad34c4bf7b542bdf74b91e53f7ce30b9e9d29a1660c1a2051168927e422bdb9a8255db120adce8385507d0631392b62548bcf40527c265c174ed19ad00d9f4ced6c9a2f620f6d9b1f0bb605650e03baa4da21eb4feac20034f64b16c3c03b1a35f890c8dffb6540dc892dd3aa8942c88e3733173b9ba931bff106020bf3cd9f797ba14e9231efc45b54acc2aabf4caa189ec42493801000016b85b42c8ae0b40495ae3a530712bdf5d33f09660903b1605cf62a8be3773556f25d08c0a9d557229cfdb289618ea3dbf3390f9f916daf6b7cf909b541a72691b6f9b7f56becc8c9 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = d17e77c2ae30cbc6e50616bfa30d7c59b961fe99e559e5b653ff642b63c3790aad701493435e7b0535eaedb45b23855c4ec662b5b86d0547ce03fa801a7bbb047ec1d14476f13c529dc815f4735872f75dff8ac5ed991a3a64f507b4758644694c5bf6fecf51d6552488d7a673130ad1edf4bef20d47eb361dbdd1eefd4cdce2 InvalidSignature = 1739c5a5949f984829c5baee380da556de5b3fb39deeacbbbaf1409828c92df1d00149aa41195fb6fac035df1e9ee276df3d508928240bf0932a2f9224fc5aabc4f9ed4c413309c993536c8cd0d0551555a9ea8797a6f7ab60eada0a969f3687ef75669bff8d597aec3f8d868dacd1ddbe5f819817a8093f63a4127ae39e8dfd70c38fd1e56c8bb742ad9b85d61764c391050467d18d78ede56bb0f598823531a64a4d33ebda0a0882775a52ead6c404913e0ba876684321132069e420a8cb44b1f7b5d0ae431016eeb137c9a78a701936d5b7879f3f9a1d679860949b8d266c3676f46617add4bd8ad742d95aaf4dbbe6e123898240d123ce5c804bf448904945a928a897baa37aaca37ab1fc53f7c0f2a7de496edf5377dce9ed73f8321ab09083057c44529f65ff0846cda76c11f579ca00e4ad4e768ae3e19a7ad0a3876a0996bb829d03e9736d63e886bd2f9857d3280f1898b51be9d95e66a479faa76bab6bc991edde71a715846ed20d76cbf16e4e4fdcf6e91136350c8388a4db005e Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eb8f15 +E = 0xeb8f15 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 5c5ff1160746c63bedd787e27cdd9f581f2286c7aa3d42aaf8ab2e84d221fad21321f33e0acc841520f7fdfbbb8094de62e2aa2821084f392f5f0714ce2fce58732b5b732747a2122dc99cdbe5a34a5ff000f84a951dbfdd635a4d9f1891e94fc2a6b11c245f26195b76ebebc2edcac412a2f896ce239a80dec3878d79ee509d InvalidSignature = 824b73c9a5008b6bfeec6696ce8c3560d2da11f6dde2f8bec7b1d447820171d46f88654b30be09bd7496739c86cc393cf06496c7cc203cdb739a0b7abb5bf82d043bcda57b6a4f2d2c03f813cf01c4e68e2a2ea5a2199ed1798c017749e35cff02d0daf19521ab65234ac7f4a2e904ce4f7c2d559537ec161b6ac5895677ee9a3ad1e89330a02557845601ee76e5c4086d8a25bf49b27d7f23bcef3fa74ff1fe752069245528f9b3e5774591d855477bdd7df7b76258f3c654840ce0c9adfc4e8de5c20cf619e7b7ff6e9d3d4c6503551b38134d47c6a944afb84302db1ac48b54f980819393142c23cc6bd4bd3ab519d42d9bfc9be75df722aa6336d341d9703874e41ae2899248a939b57339d6ae6431513d6aeddb91accbe990491c0c1c06af81167993eee641ca06a1fa6ecedfea2162edef08db09adcc235eabc7f511c8aad8cb0f9f9601e400a258afc1b249b47130474747ec710c26e0528595c968f8076354b0ba5f422d417302d47572cb2394d373c17096edfa8b4ebe2d74a9c8ac Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 6a798995eaee88b861274398cff6d0411e6995d5fa4fb92fe2f7d8c57f3bfbd335bdc7b6f971f495625c0147029b2671f6a68befbcd6b77645254b774b36f046e5958e7b593fbf99316583ed916d35b9c73abd9224ad08070a6bb58347e11175a18646adb260cf09f7ca2f522374e361b9ab9586d9db922a5a527eb21a4647a7 InvalidSignature = 62f35bc627d3cc3e8ff8c9405295f967d95abb90ff3bbffb536f4a14d05d6ea88dc092a05a46847baa76837383e9527bb267ed8db2fe4a94d47dfcd8e23eda67f75a4fc9e276dd3006b0cb5ac21ca483a8020b4df3485c5fd6495577d29d32c6d4429b042f3be4675cb56ed5d3178aece1e8c938106e5b8c1111f2265f6204fc7ab87860301a1b15577c605a0be4931048753762d7d4c2cfbf3e873ed63b2ad9669971a32be0c8246b862cd882ebec164adaf79e37b3b07c9ca193887f370573f2fb9dcd9b3c9a0a155d5d622e1196216474fa2a0982dab39e01d6654ee4b36817bf5f0eb0ef0c65b7dbe1dfd6a6524df99895ffbc264b93bdf61502b7e2c9bcd63e7133c611f5ea7e3218d001aeab09d891c045cfdcdcc049e5cefdeabd617af83c96e29a90133d29e4a2e6dffb370bbb64ffee31e3a6bf9225df8fcc0c0ccc7606b3dcfd883c3950c80648049673cc65f0e443edb63b26bda9b554b2996960c7ddeabe849e871199fb54566913a7992f007b54fa8aefc7f95561cc030e80b8 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 +E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 1470f2d65fd72258e662671936f46a2af03f6000847eeac83d673afa7e5b78314be1643a0a523c6a8bd6e035478e34fde513c6280320b175328bc190427ad7e4c1d38fb0bef4215dd2a5850f624adb7a1e5e09f7cd1ca6d64d7f17f6d56df7947e2fbd61022598d7c3b89ecc0f8f2648a20672946cdc9293952b8455bf9ea0ea InvalidSignature = 99a58b0398830437da35a7689255de79718f66c91cb07f9dcb33293194f1dacbbba05013e8df993f06654c45462b3723c59c269df07a5ca742fda3236ff32bd98be7cc2e2e7d5c7f88f409b2a0b9ee85bbe33d0e84823fe6ae1b4e38292075d0315959806254773175de32162b66c7c68ae0a4eee7b1e947f20359a83513e3bafc365933d32557551b9d3fba183736201decd6a1e1616f18c6264db3e905f36f98c4818b6fa54051e95feada6c642ea1a3fcfee595a172ea05ab7051001a55958c3a733e69161b441fa1c97ddb07f9d73da7273fda4e4b3a0e5a96c2d0e462348ed05fd5a23a52bc6e08a73e6b7c595db42bf36e2fea5120b605ce1e8503f34b676354f8f861f6185d1aedd915d07f978366da1a7d2e4a220c43babb4d60d2a543f0406fbd205b8c6a759374e8f17c5c49efc0c0a2f327eb0c0c681483af84c88eed6da33e222fc8937ce9026e8533950b684bcfcc7c450ae5cd750a737f718c201d33625a95a4dd37de920ba97af7dedd961d0e8f5b61f9007013ebdad61044 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = aafe2e086cd97ad052b192e43eb18861ed6e2a27cf6e7d7f16e767020dc8acb6acfd1c7969ef0aa3504bffe75605b07aeb9c2e77ce9f5d832570a7adcd48f197ef7bcedbd4fef3a8fa26ecac67b20d373d0caa9d8fcc8bdc737e9a7e58a5dfc19a00aef6540b1f2776c9bffc17c185df0c46085fb9fceed22798a83f57e75d7b InvalidSignature = 2b6dcd7b7b261f67e950ce9ccafa8675e2cb70f971917d557bfe8fe87f81f4370a04e0b05bcb96e599483c18c3a4ab39dbd1b74098461fcd050139fc8ed16a62ab95c3aba51e23e03ad615990450bbc60bab43c1b8f4b965b0d6ba86b0600cb360acde39b9958e12700ae7a9236efff9ac5f43a44f7ba0110b4ea1dd9993a5b6fc5e748ea2e4085db6fd486061a56925d705f3ab1340149d7133c02075330f9e8ba591b361da737a69c5a5ff7267eedd23c1a5cd450c339dc93f72c6fdba6dba2efd896f1436b8840422c15b932ab9699296596250097aba06f69e6c5a3e4337e9c7a52cc3d80ad07eec1591d5270f32e6cbf633cbc37924c041696c2ee60463087d0d29346e2c3f8eb86021dd8b37b5bc3fa3078afb5105aa6b648fd6b73a3defbd4f35e14276891b5c6f9fa1394b9a0ef14cc1a6227c7bf682bda835f8b6b6d8e9c8ea7c0d5ca3213427f8dd8c91c0096d5c64df2f8e0484bbee604d41b009fe43262083edd5479df5a491034452df9f5111623d87413b50ddbe7c5b0e948f Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = 32aabc83e58c61f89b6812528be8e61b9e9d381526e6fa36cd144bf1cbcb4cb75dab30be72309301a7d70d88758306e9a91ecc0f1583e23a869c9c47f6c7e832027f6fd99e38dd02078a7ca0f99208522396bf2dd8e7b7bb070c74436d1cba4b096ca05cd06ae605a3c988227edf935ff24b38f7d5da1fc238acfe6e9992690c InvalidSignature = 61a6f61268a512a0304fc5bd13cb236d7415793cc35593f0d523296c9d7ecdb8209165757ec37db671cbd2de9ffb35aa24262a8cd7d60f52975ea64162beb6a14b0c6379fd11c246098f01b32fd46cf5f23356fddb33a7ca2690d92c70f5dc87dff321bb0b33b5e3fa7254954d45ec8deab369807683f07c6e03853c3482841aec307e53eb798b23c31f2570cee10340becae99e980d12f5d95298a09e3c4d3e9d557e3811a125aa41e8c9051aa0930441a5ceec751e1d73a37373b15cfd142b65164fb923b05b55f8d643a38648d54186b5c21fb785ab7f899b3615c8a003d4a37651238ff0e4a598661a79739005f7755ffea700a70bae33b0ec8c3b63064aca6ba4ac029e2d7964193f187ea84f964900acb3700e72ae6e40ab2af3886bc5a1b935959e95c338f9948a749c8e2d8abb91deef6b89fb21877b4a84a27402d98718e32ee051655e78533e928ad45f9adaaf3b12d9bf987955cb68ce67ffc7abb8670b80abb91d7e41ed85672fb8ee2aa54cf1e642839c7199b251bc1a887e06 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = 1a943837eb6a0bfc1f7ff310c143ef836d6c2ddf59eb2bb9941e1c8590478dafdf3d48e73a6178bcc7d40f6c9ce765fa7fd32182efab5dca698e0519e421804c9e3c93261ae482e8697a7821aa3128c8cdc6b5889c6bcf5bfb04205a6e95e6d4ddfbe19d94db6fa88ed9f6d8f30a8214dfabaf9a6513ca95d4e633f1388c056e InvalidSignature = 1f105915ef819f8a2464f76f02f389a2a299dc8a0a5ed7028681a6414e3b75efb80c06d8a64cbd843afa275e49b57b320ea1c65b776db4bb41dce07dd7f4afb653e3e0b814d678c481a83e74e18ec1f6b2933470c98e7e5b12ba594a9412a52393165cc2d570724b9280d20795b0a4eea2025bbb02bee259b842d1f8e315dd94857855b37dfd498c64035de39435a17235d45233e4637b7b6d3fdf295ccfb82133ef2d97d8b1edf12e4ab4ec12950180e80f2f2e43acc2942e34b15bf70515be21004e2f5b4f2e272cafe84cdef2941036a23ee99fb141f6fb70d8c09b461b503632bafe36a9a61ce7a148e4d3e29468c1a47b174c2befdf47b00d2a271699cb723fb0833ca94fae4d1b5c3633f4ab1277f16ff4ebededba2eae21f1b545ae74384d85d0cd5567e3d8e7cd89d03df9834ff544b21dd0b99d9dc35cfdfc9c116903316225e303198f18bcba8b8480a586f452bfa4d57ae7d6768dd72ccb96849805291bf9d03052895cc6367ce97fef83363e8e8e6123b14a9be0698ff42e6222 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb +E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = 0b03b1950e6974afd60ed2ef4d40b3274e825b24c327a4df0a208af79e13ed5ff3ad9354a1386d93c5701bc8a492b14992b7bc04136080b73f52845f6ba451f205167650c0a4cf77f15b07f7396c5ca7657fa29592498b43956125109a4fa4f40ae66270b3d524c523789f6554f43ba78f8216be8a0b4cecd4f676f3723e70cd InvalidSignature = 5cfef1fe1cb83d283a0f55ff2a3005b5c0b6626696de1b2e4033b6fbd69ab4990bd5d696d82b4418d7a996ff4c47dda4031bea00bc24d7cf866295668b340664c0479b9084001ed293cfa845cc4c7f57b0279c47fbc9f8702ae11e1cf6daa9e2c73e80b4fd14987b08ae56d77ab30a1a223d9220b7e1a43d3d2a5bd83833167074756f9513a2b74c6458c5e74c25ca56165a10eccaee5443e1e370c44714c3d9a3bfe653d8222dd633c3128eceead38f36f4141657f5edbd469a5ff0733828e6c4cd35d50c8903ff5d70136a83e7186135069d962ebafc9d0280553ac62d221e116f77734e20914536dc5e367d8d3188f3f4e45d80970c606461321a4136ea0365324d989a1beb81600afe219cd18429a0931e15475e6d35e04b1dfa2aa605fd3dd98345f57109528d45d60239e50442889fb8fbdc3c61c9c6c40ea0e531ea1e09a20216ea87d4c5d7f16669b46be9665308532328e62d2c50028c0ebba52b14d66a4bd0849a5413a0a7fbd770015ec0e38215898c1662a0d1a5eddfafe67c0e Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049be93 +E = 0x49be93 N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = cfecd702ac5ea7606bd75b26b2746b7b5db330e92085a40e6ea56a949a270e633d548d14d7b518a9b96e157c22ce6776a823ef81d9d3524023a8fdfdf16c67e317b6966d7003e51ec5080473f147401643e1055424aba1d1fa834a7a4ce563bc26b9fbf3bf6f9726594e31f1690980c2f8947a4949351829bcde59f4f2ba8956 InvalidSignature = 1b94c923251a32c3cfe4dbfbc78e577aa9953d6f47e38a8d3e844a985d60eabd69696f968d5a9f476baf15b2d1b1febc95a2dd133a870b14d67a3cae49b3d473afc3ace7f0b2884da88494c426b9adcd1b40d5efc409622788faec52a6825a1325e922bde9d1be6de33e1ac05ad9ac5d222980696226fbbe191581b030a82219c951c25114ea4412b53aa411a107927c03084b986ecacc7c2f36df1817228060737c58bfc3823f7d16630949b186c195cc34f1bc829dcafdc6c735affc008412b96e9f279474e515fbfc598886fbf622e5367235c4617daca77f2cd1d5644ce32cd2a7104501391685ad7cd82e0d21bf085f58dd3cb1d11005f2adb0e9f962b65526cb39fe1f34acc2d1932bea55bded8690826c8fe817511a850e7aa8fedb9b1a83cb2b05b58b302c0b9feadf2621c1412c789d2ca5dec04d028797781843c19c4b8e7ecfaf14dd46fe4c4375a9138fb058e47bcfdcf18c563a0d54170283c8bb2f0ed2b801e28afebebcce9e1f9b707bd1fd67a534db9d9ac61087415d2b1d Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = cde63c4c124da95b23a8323a5db03714557615226da75815a50f2cb4b45d15c65826e032ea2cda6535df3ff48824f5820a567ae54e8a1c8427186803be57e423e1a701e39eb54bec11fae32b7a852fc092fbd01720dcd454c7072df5228162b2137285a8577065b75e0004295a5a4c94976dfd010a23ea4d2ce665d00963f83d InvalidSignature = 6ea308d95a963e1fd18edbd6829400071e0f144571219f6909024064b28f72a8c0d6969bdfb705ce06b36c0a9d65a5c9331cc146d5f2c2eb96226c5a09957a945461a74aa20e966334741f4244311e2ac70f0329cc622864cdf614631c1e2e545564a682ff11dae5f8dfc3fc1428a2f028ab3f957cf970cd22e1f16e8e42f5ba879bc5c26c37aab6fe2b3f5b9f842c158515611c41e25bdb2e20962d794ebe1d626a4d36c07b63354ff9c333bba44129fa3210d0a0e10453efa17e053ca12513e0803c206a90edabe604f633a1d722363a2dbfa9b6b8862f5e2f40cf57f5c668af65fb7292c58c6750a6630159259c26a8ead1e4ac6dfffd96234978f15b9c9d80fe21b6ce9aa1a85a7f84f1954044bc13b42e181a323f2f9a4e1d7272c8731d14651d5302ecad25d7f1231b3f686690e69c3883614d8b85b6568b788d874ed737aaee11a11d7f9a8c67479662c77308318fe8bd5ceaf447f9592396ec3261f2b91ee25b54dffc269a9e7f965dc00d586da77d1a40469e68b0ef5d4f660c935f Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = f676f3723e70cdcbc7609cc1f2f3e4216feaf83d52d6b2d7691f6741cd4b1ac3b87df03d963ce40d5f76bc3323c53cb3e7f0993bafb53106dcc67800b811362b5044f0418291a39b56afb951922135a388ba319833618ae48212da0ff425a6d465d3d9c828f6713c55107963648f37b8fb4fa69a05612739040b73b6a80fd486 InvalidSignature = 6a2a7ff14c4028a67401ae18a6e3450913afd048f363607be81edf187790a4aaa57eeff802050bcdd6c4bfb921df1a24d62763e1aee6f8878bfbc70c26eb9f270bc898753f5583d5c5b40ac32e7c4de0ffb073c076d5e750b2c0b0754a7491bea420a329ae68f5c5190c74a75b7db61c84f2e017deb4ea5d9452679a54b5b7db1ff66c7d7a929cc3d78357ca68e39d75f1e92d32cad5bc11080b054044ed5fc351afa53b294165510cca83dbd91843297d9249ccfa692b82d75345823086d9234f5e2e0dfcc6fa194868c04050e6e80425a71529ad672c6e3b32f6fd606cd84ead5de2512cd09891cac69def77d09cddd0e2a6383d1b60ae831c05be4ee5836e1810f60ad16bdc253fe39e1fe10205ab6dbccd2971d7c2807411742358d7162d95dcbca5a8924213113197424260ac81cd999ef505de9ac531ce803026c9e9805ac84e0d6c94f51f79ea750ab29b384059843b22aab802443df06bfa1adcb6aafa5fa267a7bc230bb26de37973d6d5cbae0b7a258ac96cbaab35de8d418dd7f5 Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e22ca1 +E = 0xe22ca1 N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = 51ec15201bc61b8d9553c9cd3e64b3ee762865243508afc9fccf40a20c0e7664d7bf7576b42877f9d60263067fdba03671b92b68a600e7be409535e9c344c5a7825fac8957a8b6fa9771fd7d4502ba36863b5cac557bd7cd78c03f33b30f95a53b16e1e16d108098c0e9c0bbf9a2aaf59ef81f79ac4027fd8c96850644368f67 InvalidSignature = 71721988738850d97a12fa89245a87cf3b032da83b7561c60e55473c5dd8a8d3085de931afcee9a401f46d227370b31dceca0231d4b13aaf293f0f2bfd742a996b655b7e363110c57bebe9b86ee9f460afc2988940cfd56c3e4b30c6dc990089e525b77fbb633bb89d38aae143eb6dc6e3388b01f7ccf51637f0955cc3808fa8a9a61290a82c5f163c4b10fbd1abef65f85e8fe8184ca9b0bee0ce173a6af19865ca32a2a9a0d7cedcd4989b32c5472e57d025ec5106bda37fbd2d7b69c0528ebd8120bc9d3dfc08018cb0107cab8bb70a277e58c9ccc7a5f6c92fe791d68384f3fc5ea315e37c02fa83c019b59060bf0fb2d033b8f5d3a7e2549f5aea22d8cb323bcd4f0c3d9a9d5c1ea256241a22c3311358fdf04f23c1313335159ed156bbcce4671bde5e78e1e6ff11339bc64d699ef36826940064db7580df64448764e84dea828d0757d533d62617f5db658810a092fc2ed35b9e08d45f85e6720f58f290442ecd44ebd0aef1db6bd1c76fd81e674b1f9226ab143b765618fb243bdfd4 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = 2f7ab138cf776750162edc63c3b5dbe311ab9fee2ed4e51aee034572c13dc1bce31b9ffed2707440052c8292db804351d24346a7f9953a51a8c249a56e69a7d34bdd6a6b1fcb9c1f631d8ecb171f70b2fbe01f0a02dc3ebc04d78865b30c64a0d087ba879fd0067798c9ab145fd9898df64ad12232f018e36b0cabba786f23ab InvalidSignature = 765c62cd7e50bbbc4d7731e53fb468df256b53bf41a49c8950339f25a4a8ce8a6b31672e1ee72da84195fc3c679ce107dfc76dbe858ec2671d7a54f23d2e57aeca984c4973f79358dd445ac0575624b6252bf48ed74f7081cb29e2da05aca46749d4977173be27331cef847dc7ec7748eaa0a903643f45f69a61602112c412a46c2541dbce865cb30e87a4002de44aa9cef0b06b9a1220ddcf3cbec46fabb0216920d787c0ebaeb6823f11180de58e6cbb4b432391af394b5936e6132530dda9f13a5d8914b2f4c097b01046a60311371c678e6a04b0fc2eb03227686f67503dcded15873d57e9e8008d07fbf4bab4273f61bdfd93181e3b0c37ebe146226ba1730a731a01eda193eca6ae77c9085d74195a3e8b8036dcce07250d99d60a1c6a6f3c02abcc902e26f37bdc979f82312131d0d00264f798ad09e7dceb29e0994d527e15442b877656621427757f507799453559037804ad147ccea6fceb522c6ddbe8d90b0d45c80cb5e155068daf7043c6b37e7e17c49a22f7ea0421c8062a81 Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b +E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = eff93ee57b47accf61e80d26313a106abbdbb1397577bcc221de8c7da95a191a4e3f32b701c306551110e98d0798557fcfa92f0c18414c45fc233422e42a2678a6de5c25f1458f8debfcbe4b18852c207ee3a82f0764106d26bf1853bd5e48d63ffd44981274506037d113c82caa9b3511b2a20c0b891023e6d9c176fe9e871c InvalidSignature = 78f7ca725ce380711afccd67be0156c7e5aa8b8f981c802ef0456000b749c0e10e8a87a99b0abad80425b5a142bfed87bd8672701808435e8f06e28b3547a943fafe99d13fd543d56876ed0857f85ba1c939fd98e90f4b8ad864d4aa47fa4c509f73ccec5f7461e049ac06ee8d52cb64b2b1fa941801648f2ddd5a371202ee74b5b0f95313eef842701dddcf83c2a6114675ca1eecdf564a6e5a3c44c34cfbb34d1683859259d42e94c133543fc84aa4a8a3b0b98ae355314bb774d7ba6cc5bd24faaea141276e8331a68f0b4a6a5e5ccb50d78028bd9dcfeee34dc7134f7ee2f94f3be443c0dc6156bdf5225cb489e7e70acc37f35e09668649b5942a683dab9e6215ff075ccd6c3f0be3a43aca525843477a20289b03e5f4f17e12af80158191eff3e1b7f4bfabcd8d681db7050153a9beb739ffb48cd977fac9d4ed74b0c85bc5b446b3b7c5824f84e58a8e41cde59e0ed3642607a897e600742f3727deab18f6d051c0e4c092b6667b247dcc78e1a00bd12f8d9e47fbbaa9edf6911e7d94 Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = ed55f2cd9db6bbe81dfcd809973b5c0262f804a9cce01d2d17baa1aac19aa4fa0957eecfae40eafefa0bbf1eff0ebc5221b2f963d4243b12a74d19ac82055dde2b83adcb0f186b5c401ed9d7ba2b81b4ea8ad4ac71eb111225596866586d60285ec176ea49a806a9f71c6f5d4ff873cfc768dcab299d65d698c5d701ce3a737f InvalidSignature = 1ba90dc10ff5825cd6042dbfbfd6bc48ed77e1a7e2e6ef0a002484e21a38ae123111dca0b9e34f6d8fd547ee0da1d44f18b84edb71923d07e67ddb8ad0aa44336551248db0200310016a81372d5906295342a84d9747123bc7eefe47a8543b849b13bffb9c9a292aa5ae809f09ce36867e584aaf8b32524dff72db7849d1ef7b22efc1475e67ea6606c8e0f4c96f7acc8a745a47a13c0030eb23a68b664c12387a3ab8e438545009dd2824f1c1494e064e5d400fa4d81ad3e024e4491e7521b410cdbbc6955d3ca11b928a68da56ab7346beabf14b2663b45d62903a046d3ca1707c33014da7e757ca5aed8fe94f7aed8c586ffffd5287c8d63b6cfa0b41f5cd1c66b0c56bbc293463933fe3ee5097876cb4e34f23008a3647f446046f1b75e4caff3a3172a58429562c0e51571aff92b927c38585ce81be9d41395ddabbb6be7f17ee8903a6d824dcc3cccab72a9c3af12d5e7185eeefeb01a1513fc9996504f6857723eef630a1d993ae22ae308a955bc01045631f26308014d8daf1e0cc32 Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e324c1 +E = 0xe324c1 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = 7046b5c4ed235e49275f2c98490a3e6bfbb72a0b2b30e4ae0d68e20460b17d0df42f9b2d698d8b8239ee3075f927628fdb2b918f78c6abb9cc8f40708218e5077267d6d569aadf8728267cbaaf713fcabbe172e48d44fe63edd18b596f5fe96bf5d5aee375e22100fcee5790f3509cc1a2c11535f210a354771809e6adf052e1 InvalidSignature = 9f26df018bd94829168a13fe22ad206da944831f09c2dd828d3677a1b4c436400687499a710eb2aee5a4823ee0d1acded86de2ecf51d2b32408b7a0cd8811ffdfbc044139569527befbf52b244e919e4a2a22d2405576b72b4d2b44731a57ae4d34d618194193e1de8b72d141c7805b46e9b46d404462f50df48279302e47b090efe543039071aa8f7b3a5a62eafa8f98ed681cb0f11b018e2b5d6bb1a634ae242269b6dac07f1d1db4e8216a2ee91aeba2c13501fc3fcc02e6dda680506efe6cfed1b5c6efbe096f25d1c98725435004854aaf75fe0ce9138b5ac5027f36dcf8220c6868a74b7d89ff26193e00fbeb581f0173fa5578ea7884520b33767f5b060b823843e715050fb569e0630e183cbb8ecc404b02e33ee48f552eca84a2c0160fd6ec008dcdd7ac0ece42bd3fd3287069e195122662f09616a1245d331edef4c11cf2f9c2231ac079e6604b3ea2893ea1f511cb2e1f2d790fd009a18251bee4edb52393592f590edff2c8d315d20286d99d82520c34378d7f46f34fb20d2a5 Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = 2dd8a30ce4d971718b9c3a1fa33512f0677cc1959abdb2e682b10c7735ad1e6c131a008e9425779e44b71ae90ba8b31cb230e85aa39e1b8cf04c8ef897d2cb16057a439ed8f435e6e94bd16b8a189ead0cf6194185359f21cfd38c46d4a7a57909e0b36639ae71f2843fa8cea7ed994c7eb69b72c7ec054e282d4e887496733e InvalidSignature = 9aa4039c0c5a617c1ba2d6f71362ca1ee76f6605ded0b51e881a5eb800297b4d74de776851355cb744e3f7976b379b54a56f5cf705b9e080924acf12d74e064e3a4571432096c63b9be3301cc2c8d91591dbdde6457ec79aab96b9a9132f7feea63fb5bcfa192bd126a0ed82b0f3779c17a5769733bd06185950f3adc8bb62981c33c81e40a6fc5c87a2733a938054b0db4fa79b63b822c0b69cdf53676bebdaa8889b181b0760b7cb11c8c1c89095f8fd76c4ee02f5d0a4143895431de8b538efc6160e0f3ef8d3f2e1fdc7cc72a568934905c2ca598e36482113b8592849dc21943f5b3025091a22bbd3b8ebdf2e966bdcea2350bc2ea59413abebb6b2cc332f3dbef652cd90e85f860d843f2459c431dece9c432ea5b6d7f361eb851ad5b03667c7134f9cdf27f575f4b093693f35ea7f2d7491a597302e2347c182dd0b07401175bcd625dc66449ebc201441fc132d1a5d5eab92ebb759f9931c28039434ca7cf249c9c7994aeac06c55111a73a8d2d27912ce9219142ff1daac82431a3c Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = 5707c0d7c2a388eb7bd51616c0f33a7197f4dcd9b7cbf7e8a5f4e6231d4cdf75b325bdddba9a026365201c502c5ee79e713f74ae6445093924206889277f54e9db26525a8d40ad878bf7bcfb8543679239ffe82d5042cfaa82ec4914017fa116153107b6033f914034837f7f9349c333375fc1c0426b53240981102b75f5cee6 InvalidSignature = 01cdf5e7f2702e03c7b98e8fde047b8a7df698ce37a51e3931b6b8caac44278d216326644d28cec12a63b8e58359856317a6a5c7ddbf32fa264feddda83540979d68dc4ea92d75dfeb073f0550712979030a23de1c39e28f4abf7064cb0ee1ea19f1c1694747a53de50caee9f346c24089389f6c37519c7509fe4922fe510b31399dec4e079c0808dd4bde6e713d2e58a6b54dd11b6ed8796dc793265f1edab0a2e5dede076ce9a93e112ba3e2e761c8d530871f14fd17a5fb582946fc40e951b2f35651cc9bfaf8a46d82d7e025a4f1f86b9805c9a23178539885288c873e102c4cf500c612db01f6e6a6b9c7239a0f0ddb6f4700fa526336a8e2a1851c08291bbed4e01ff0bf5e9d3278bfa88a21e8f78b360d31ecfa3fef98a61aeede752e93bdfacfb5e7a82c3e25759a9921b96f94cee537e127bbae2dcc4ae6a8cc93416160f59a3582cfb94d914d42ff8c68be2c91c5fdca7946130821df910b64862fcd14fe72fe31d35b0504eb387915cdb19d64a7c330c1811950a1cad3977f9ea8 Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 +E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = dbf8391b3592af32c893b92301064edea2ef6c38b976ad33d3481a806d3b4342ab3190154d3ed24fde0d1d862e7fda52039618530c92237616595875821c379df738bad4545ae5dae9e79fcfe69bc0f613706bb8c2c19eec03af075516c41a6c26d66060342e125c51eae60810a029523b440e6ec54c461b0011d02910791338 InvalidSignature = 24488702f736a23bbddc56d6472b083d92a76be7e51ff787153f3cddd8d0ba1b7ba56685f678a159f8e63dc611ad4fd1ed9d86e597672f6a11c5cda9f55f027053f1596448da8233d2a19b0a4de8d179403b9773517c0a26dcf00637a90f0832cd3918d35fe8e1293176dac33f6a0a562adfafcc97d7cdf862d338599d8bf94fcccc58b0aeb6542e9d6c65d2909e5b258f32f17231a274f53024751b871cce290a976ed98cc394a5cc5b5b6f5c6bf0ae9a21e2be3d1d12f30a295d84cd8a686fcf61883037ceb0007d1a443eba92f6105d1b282c326a3cee65c45b5fc53dd13909dfa97ddb46f8c6889c03776deb2f0220e5f2e86b6407dc1935352a13086e1301d2a9e015cf3ded7360bfd5b0eb29367c69f1fd2226c5cc869cd03e08a689396f1cdc332a4e4b150c700a9795d32e356391f2696d4f8f3ebd6c817a3920f243c4eacd373c6acaeb9ebeeddb06457ba31ac3ee06cc681041fd0354edf9098b2aba6d9e766b15383b274a88f2ad864c7bc15c912fbccb81ae90411c07e2571cca Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = 9fe9f933b93d5c2ab2f681086efb04090c809727697da534e65f35266cfd10b2adcd261cac582e4d7feb8d2653907914b23c5ee4014a80d94d28e3fc475168b48c7b38962a11657e60e3cfdfa61d4557ed75ed8728a9e6210b292b421310bb03c659f74b3c504be7de4610dc6e89b1fb48940db7e7821d34aac9d7a0d82452c6 InvalidSignature = 4311cc3ccb4a2215d64184a22d0910e2f32931be4e1751b85746c5eb69c2a388d6cfe8f0f7d492085e2debbcdcad65ed588103df67099d5c9aa6c7940e777f9141f6d00f2c30c749228656cc473dc26c3bcbae8b46b9752a29cd0de51023e442752dc6493981089ec6a000bb53ccfc7f48eb320302aeb13ec9ca31446a3991cf78406a6d7d3591d8bcbb643480084e663edda49cb7549d42108383a813ef4709135dc9be769d8573ba947382d63e817c4ca51d6672b1a061ccfb1362723b35d18eaf713c86c9b8fc38485864bedf5d4376575025b046a803280c20fcb2e243b39c5ddd52c2961dd7dccbad7d0daec3575ec564ef268b9d0b5f4fd1decef2ad8f22af11169b471b602ecfa961d5f59df6103bb73c75557b93019dd0ad4ab1ce9c1ba466e01aeaa5beca934a4ba25f5dd3290b211855ae55e730245534889bff626bf53cddc2e8163f117c4d2309db4771f06fd326af015cd46036b457ef1da7b6064497e322644897966bbb99f98e04a91a7240f12559ac4446a1445f1e378b21 Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e6f03f +E = 0xe6f03f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = e62f04e5d82cd16ea4cf1b3e74e5882a52a0929a9b3d9547b1e32642f1cfa739e5ae18f6ba4a3028f469ad6660f2e8714a52acb9f11e482338fae30a9eb9108470c6a3e63ec2c28a8b6e3fcfc8cc2562848190bcdd7ec2ec3adf74973c136a3df13e4abd4bdbae1cd1a6788295b9668566f5e6aa46a32b291f5b80f1b125dcec InvalidSignature = 8f20b434b6952a0647610122d5f836965ef69c2717f288c226b1c1d87d5313daed259fce61850a70781244954402a0c210d1cac134cad6cdeaa670cc7e4f682cc26b2108eee4aea7abd8477e5f52f6ee539d9e1799580db1c3fa5b7ba018c16bc3dfcc67b8ca016d5c26554422a74593e0e056a239fa731ab3e780aafa711a762e174b487f95194f902bc7186fc77839e2885ac0db328c71f4060eb8ef7cafe109cdc8e4acb5c21bc964feec80474daf737ea08562888b4296f041581ccde0a2fd61455f6bf56986dc0506f4e6f6b55b4b0e7ece521ee8265a0e63fa87419032c28cf0536cae35d0ed9941027ea680c0785a96d075de14f2a09f36ffa406a954f7d3654a78a968002bad6cc6639fe8fc0ea7da6aa900aebe136368ea8c3417f20af01a0ea5ea485416d577931f9f942d1c6a440c1d6f2edd5631fead4c21f71297e0d8ed753be4100e5f8d6d7acf7030eb264b4edf13c1a5b9c12280cfb5fffc7d691bbb781f5acc4b55f64cf28fb8ea764d79ddad4a0a59e562e45093ac7ad8 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = 5df6c2f15c25e0d72a7ecd6aa3b480949f979945db38f4b8364e7ef720d847a14f04d9ebb350c9e5adef8bff7c6e8acbf89778048296e3d03b5a0a42743eee2366e9acf223720929cdc84fc2065258faa7d2e855b58f40e291b3efc06ef2ece1086ce20e94d5cb2bf2d3c0bd2aa70fa916108f3e5c6c3076a021d679f73b6863 InvalidSignature = 44444dee1f63274ae503afa3c982b96eb60fa8beb0d4146b48473f816946274004d0cea30c1b70d1291caa38012f848815d33e105bdbf2840a1f847cbc353fb8a7688db9e27f9ed3ec0c649aa7650f102374936dcffccc5848953f7dcac50974bd760c4931308c7583b76510eaa1311d14ee4d8cd7403df1b0b7e97aa7acf6279e4849e404217b8fe072207b1af48a154ca91316a1957f25e82bf30468a75c51fc7031253f492e75bbb656bd291110fda322052324bff373b493c713bce00276854802a46fe05f4952d6e80efb1e12a9d6122a554a6a73225586fa690ae4e809b74999317e6fbe1229177bbbf8760f7cadd715fd1296664005150bb38663a890a765bb4646f4b383aeb1c7702fa2092299471df682732df8835737d3ab842ec83c3f2021aa6a618325fa36b4ce34dc2a8a40d5bdc95ba621af1ae7e3f65a61d61c7e0c8e42fe0ed054f3e68f8f8f64a21f7931abe603e13094b9730c1dc8be5918c7386dbfb436570cdc2a3e5e4ae1c937a654eef7354273c4002ca6c79ec273 Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = da1721b3190694d873daae06b0108945c693ed88ef850c8cff3d7003f58c31f2d0456b58a4fcef10ec0d39f822e1a3538d6cd86c5bfa8a7def2c68ce7c3d4a21d38aaf4e79526a2bfdba98ae8814d556b660b0c6a4135cb44b18a8010c1530298befd5dec1906cf04de8b3700b318915e8785edef559e8f9ba0a17e4cc9b4cd2 InvalidSignature = 509d9b9af57ce731263300032280ae4bc353189a6d25b50b66834b2a9e7626937578c82f33c0369803a2b97d71093e79e656d56bea286a6c31276ea3796d0684a30eec606665b829c82621bc6274e93b4f1add1be8d7ceb66da8f1f6eb7b9493669925a8b3dc0c21a4d6cc19840b71a0b312f911a328c7e58735cec47303065e6fb01457b3d97b93814cb6ae6f42b3733d2101159b08bd33403e22b9f0a288ec02d386a59c4ddddf9c83c3154ebfbb81914373b91fc187dff00d93b8ba344aed763362c67a623c1b90e7d6b781f3688254c8a013976cfef38f8cb947e7704ed5d6cf4b2480a956c0be551e986b5a054ab59b2e9b979062fa6ae9f8204e09a5962a8af893215646b91aaa2743df1745449a30fd13785b2c4b839617d380b1aeeb4296908fe494a810a6cb80d723ce74716f89f7b50770b577dd5dd900529d6d67323094e8d46c60539c9c9dbf44801cec4082f6a73910ec452a2fada90f2832a3dff07fa1f0ffa1476994e20a335d69e671366c95a2cf4c16dd4043e57501184d Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f +E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = 697e6ffd617d01d666fb1c069477d3a5b36b45a00ad2175e73e622a3b52e68b50db84dbe0ea40472ace247f1933b4befbd96f3124374449b73be194924c0177a4675e494bd0594a3708c64449c1dabc16f070d7dd256f293869d36ba72f3236c3b3c9c4716aa9ab3da83ddc55a24db63f146fda95e800a8cd20de3bd48d072d0 InvalidSignature = 359ac6731fdb0c3360c8c24311e48e84b2ad4d1b19041009e5fa2d6b94ddd87dc9be9206633fa87059d184dc583b9f24e6909fd5a533da78e1687b1c01e4c5a5d58de0aedba5d7b19b268957c9e79bb631bdbd423e3a267f9ba4a1266e2c3aa80929e5f7260ad9681af2eb2b8936596e3b1622e076b8a33dd86ded2b06060c8e74b1fd0f2ca88a8efa3c462b1227f8cecee0f77ef17606c218abfddc8cfdf990102524ecff3118f81b48adf286d6b21cb8dd815cc1235289ac15f6dbf420db9a608ff26667d7c80fd56124741bfcd47b42bdb0c17d66bf45b2f88d633e1954172ff808e7904db96d3396fb9f7d0da5742a937691fceb97894ac6774aa9daa7d18d889543cf3a7ad96d6a6e6feb4ee16900ad070ecbcd165bf82fd075046478c42fe8584023910c320901b22f3a4690597fc78b49cc2aca4e9b97bde0e69d62c9fe1ad07b5f0917e175d01f1fe5dbaf8abc3c71efbe0b55ea48f23601eaa5c70fdc841be8d1b89d01cb922e9ce4406747114fa05f55c73922fb28a42c2138a5c6 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 6ec1913b9a55cfce3baa6a742498e6712109949f2e5e66fae70e01624090149d767ce89c46ed39ff5c2945db0e8422ba4a8154e3cd3b9fdc96031a2e9b4b8568bac3dc66f2c12cd3d3e6a6ed33fff2882329c6562239b665905a4ee965f85e3c22dd9523089a51538829b634fcd0fee494480f7f931f539ebb5bc41d05604622 InvalidSignature = 1fdb03e44e04d5823751c29f4404de6859ed5ad1fd7942c6387494327b3fccb98d662bd6311edc0bf49cb4d1014c6f2fed8b5238493bb4db23580f10763707414e3c87a663d664cae71bb00c2596b2515d711f1087125670e2c58f7ae57686f82da409c79718d942fa05545518055a256e007ef761d4acc33984a629ed548005acfd79e0cf151376798eadcf978729a3e18b9603b7693e1c923cb86b52199a360c88e9ec5303afa6e60e47f45719e93cf2e7a53530b9c9a2ab3b2c8b5d7d6d7971445c8a1494bc36363ad58a1c1f4bfb86534cd84be778ff4ef4a410a73c9d0ea327d30548977f2337a74641ace92c749ecd54af207c4bc29d446eddc173934bcd3e998da643261275b1556063dd5c1821c43cf2bef36eef66e514d72462043fac5d568d1be6d57e49f40f30be88c7b4389cec090ed954f48fe48aa26ba39dd739c2d0097fd31330344351a3e941bd633952ce99039e31056097d00aef49218c2589212b44bdb12b6edb68c784b8f789f370999f71eed9c04d6dd2d4d0723d2e Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 89008623eb2864cc6d698bd707adce222f5e7f02f128282d42017bd892678c1ca0e93e9e92e9fb6f45a0a931e263d97cb2244180333b6ceb6b67b00d7c0f613979ce446f782f4639e8b56ed3251f118e4ae9457647169733332d012de38216f4bbb680dec481acf2ffafc404f969de22a0b6732f554212ce425d5582ee461513 InvalidSignature = 52c068fd97c371bf7ad059310286d099e9e1486d6bdd9aa324a51019afbc5b502f1b9f2fecb23560b7a414d0e9e6fca69f4cacdb5228728c77e7659139ba2de38fd74b98f7d70ab4cf61655b84be1473db8b29563f2ad053a89369bb58588874d8d49dac78a42c0ab78d5dc739901b9106dda53c670c2e0ef47a45522af0e3ea7d584c6d1b782469cb7e86b0df2ea67d50ac4dd491e5248974bbc3caa5523da1809f93656706b72f9d7d17ca19d3ee4ca5942f9f5da16db8c25aaf911d85b6c30066d42b7cc6bf33672323177994b95932c224a87a3b15c7a74bead04ca432e933ca26af1677e3fcd67c3ad3196aed8319bfda468b753db289f6009972fe0ac34e7cc2c0c9833534a88e79a6ba7177ccfee0012f174e7e63e63b8e9f6bd24133b2685843ac90aa83ef81b421a202758ba48cd95c46b52192bfa52242bb65a00a21e72f73a5a8f3100c5f8d5fcbc4a5d3ab17a2bd7cefc23126f93cddbf575f22e03c7b7c2e5086992f712bdbfd155b07d05970d8e56c8da399defe061a563036 Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002fcbdd +E = 0x2fcbdd N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 6cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f1d85 InvalidSignature = 8fde6a6c314b86ef918ae2d2adf68f85e330a8a1e3486bb3003fab3a52017096ebe000a4a7e8d05df6fafcf4b01940f5e322b7c64a7fb5949a6eb356e905c96c6abd9ef18b4ea9fcc3836dbf6b24979b9e6fa6785e09db540c079a0e97d3adecf6158de9750df9598ae8e7085140328c50beb09ff37e10f7fb11691316db255b6e9be021bec7b0a967589f63d6dd7a43aa0901cc83b8a8954542a41284f2fc381cb5a6eb3625099c911bcbb421b35a70ef5275f2744ead1813873f1d0333060d9cf2ffcee888335b0aed2428362358f7d1aab34fffc11f27ab3cfb8b5390e7dfde1fdd33f2a8b8171d865bf40a8df783e216112b4d416b31f33cdd8c905133557b074cffaa14c73c087e6990c9bb7a36998459e4758ab07c85d260849c0be374a99f3b8b23b97fa5c9dd6206ed21e2bc54fc256e080856c3599772b00c4c5799daedb1a6674625029da3e17ce73365675c5f3a71398f4a0c4f609d4f4016f554cb2424e19c35ca2b0649a210edcb6eca7ac2b31ffff175b25d77b26933e52787 Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 4621b17cd9f5b623fe73b5fe280ce9ac840805608acd6e41d55ea71132220c0df7e7c4159626f10d71882983f0aa2a92d11dc906c0b22cc028f4395d48f54e12894e33da0f614dd48ee114e65f95c7a7d3585e7cc765c00178d136aa99591faaa35ee6136d2e323ffc855c709c5426b32fc0aa0ac66e90c96efe84414dd5e79c InvalidSignature = 33bb9affe18723767ee34d8e40982c735099ef1806d8720e71d16fc2d6617a8cf301e992b6c5fc567aa971285cdb372c1934eccb1e83a6597011ad091aefc40db52a7cce970e3e2eee817a727beb9e5d137e64606279c36341c4a7e7488cea8c69af8a3e8497fcbd7679462a1aa15ae4b0d8ea321d4f7c54c75dadc64318cc99533297d9f5bdf4882e64ede175f32cd20081f996c52f288bd56dbc63fdbba190f1167081c95e37c0dbaad3506009660a3fd10d992a2968bfda881cec2cad19ddd852ab579abad0a9cf43c10b1758867dc0f25317d630fd154caf9a4b057d2abcd933748c7d87686c7661dab7b5990f32708183e494b243b862f4255ae02e2d2bfbf00f13d7cc2be7e1f16c43c94b500898de9afc7d4aa8cbb56a4128ec0159a1568c0ebdb819f49ca06b0f0686dfd920d6eff0a3a5e1d913d4ed44f9da20572c132965a958a139207e8900cba4d6b1157a57a4414011b412888cd1935c01e630410607db7852c174dc32b6312d22f541c453ccc07f7689113013c367f4889a7e Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 +E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = aa4a6da9f73b58f5326d587572aed18ed9a79f3dbc6959510349d2d8d3eee6d76ba8733e4c03a51a9d9d770dcd3476fb7a03c807924f6ebeb83dc691e9e654895fadc136b5d124e94d3e8123efa98f4cb2dbbfa8204d798895f6a9bde8617a524d02617b7aca5ec809f97f9e1e34a5e849d78a0aae8c0316631d83431986e19b InvalidSignature = 950e4924b04152a1bfe6f36351d637ac802b08344c250118aaa7e8c414f39f559761d458b7744d952edf9851197b2465c46aafa827ea0610f85fadd7b41418b04c1e335fa084fdc84782e1f51f90df0eef306d9b9361a1e610244fc5dc609a9f82f670521f63b3b3ed8e1a48a630c55dc9f73f16bf49478d8410434dc0da78ef840a4bfba56d5770d084c90d7ffd198a802c8b90a8700b96a0f2f50c994af7d44b3e9eabf9c7b5d9d6b7da0d64b623293b5b7e2108d7085fe7f70b29b98c3bd575df131da4b78a50dfb6392d0f37295908170d4475d7702ea3abce584efbd4b4e37ab760c1641548a79eb7f27c69eb4c78113bc0c22ec2d2a9a244ee6fee9aaf57f71aa9dda726bc0dd580673ff2c69922dde0b4ebb92653fd324077040fa00a280454ea879147937ed1f53ce26422f4677e0125cd49c2bcb9a88767e0e67ca51f6472de6cf32c7b0ab7bea63253d8fa031a938621a026a92384bae79594a8c9bddfb06fa9c58c5a4a5776cf65b1f5d346da7deab2154e45440b0405d1052405 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = 31e3e05d7a984db4da8696db9bdefba791358c70fdd8330db060f4ff748674eda738b85129ec30707934f48f1a924d643c8e77cb9807a5ba9cc74677c85a8708581f19ec239f3408c31edce4f6706317440e2f00e269bdb7d77ee6435dab610e8ac18a962f5a6164016dd642f61f44a9f2dc3b79a3a782eca9ae5ccdfb220be5 InvalidSignature = 4fc3232b033b22a8406ab979cf0bb66175b523285eb8425d2e80113b2bd28f8f364a6487304650789c3ec0f2e1ecbd0c919ae8d46c604534aee503dda653ed94582c93abf67417412080871e193faca2ab5be8944663415475f3fcf6086592418b6b845d5f6281943b19dd68c0a3526b39d8d225a97c5705b7b9d2afffdc2351dd95dee2eace1aaa8bd9643fab8e764d6a7c66499f74c944f10afbfdbd901b385388696d536fc9ca5b68b933784f646773e99ec2bf312883fdeb9ecc3d6e46094d87802cf11deb8e8293ec1ba76711a4b49db5d2a443324783cd4fa001b92a46f7aae084bddb30af4d23c6ec6faa9003def5dd59d00c225ba1212ad0b58fec5b251200ae135345ef141106d3265d9e8019a426f652b91ec32c8658869aa10044997f22f24fa101d088379d60d64830f7948a0bfe1c348b90b28dee91bc501556cc1dac0d050fbdd2efef2538fa4f182d7908ff754ab84c238d16a9b10b0140e7298b026b4830ce14f3caf9e72daf32a6a785360816c70989834691133c7a918a Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = 691c263b523e54312dad47dddcce9bfb7275a61a9ab5fd0736f73a89454afd4e0afa31266b64916f97086ad0ebe0a22b17f1f9cc7c1f8fe7d945a7412785aa2dc1dd6fbac8fbb92bc65301a7916e7632738543dc874e10386616cb100310a857d4ed665f33acd54d03b495c9962020face5a0ab183eb88e42591305fa392ffb6 InvalidSignature = 0c42f7dfb0a5b5d439d505310f148a0721670d81c806bb50bec20d941dbdfa12980b2326984169ca4a3943ececd9b1527dccedcaefeb5cf739e0112ab9410396e3692163fe2a74fb8d530c8d805575e101b4ddfcfd7f14a8ed95074a516a1ccb0190345a79ae0e83934cf09cd1617ca471e10de6bf512ccb5cbf9a87ffb65f032422dece63dfc0247f54c9752b2e966c904cc203362d3f680fda66b17f761571b2984cece2f4575064b47d78afe8d683554da1f132e8bf707f850f97310cafafdf374835188983bcdb3493ec1479aa26fe12b504a32a8e9b31a1fc821fdcc8b7a2c6405d189cf7f644e5f47bed54c0f1b03ceac14b19f13a25ccf4c779a052989a9e966dcacf29ee5efe93e1dcd5fee4521faac968652353e5ad9e0ff2d4622e98cf7fde4800ef00981d76dfdb953ea9c599a1c07611876d11ce94e9a421cfef3aec08145703c2e6a878112959696ea54effd9c3819d0f6fc6d722a26ba044d16cc93359e4b6df565b43c354abd105a638aa1e1d6cc7fc9300165c57b41cdbe2 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = be0f5c666c1d2c480ab93ab82e2c7d5d347ab87e9937ff72a59b77574dd95d0757ad4a48bf34b5435a01b938b96d186f502e8172d72c0e79f19011260c1d107288c30ee81b710c11742cd02f1e5ee52da870e3d7039af1472bfa879f09e479fe997a31ac487c3b98a061080526a6eb8083666815e32baec29b04622c0ed79e91 InvalidSignature = 64e703378e5e73cbe26a01ea4b21e926501266d634a83b2542985d3405202f38504917cd42363969d5f65bc7a1db79dd1f91c49407be518aa77843d14fbe7ee49715ef4457c32eec47f03020209b761ef1be6a12f489030ae585214a7a9429e60618eedf82eab01e3d7b39de7e220540812e1b6d0b88d200699c17387c1deb893c3012f4a340bb86fb353825f772efc4afa625784aeba437d2cf4a09e1dccb7e224385b03a40be52557005ed9023c0aec390f551de23d590cacb7c3b5efeb6c878b44524613bf5293fd5cce9e486c2552be609993dd15582df09aff677813ff5d2c2a8c55460912107818b29ed76601ad999902a461b06c85da91376893b9dfbcd8d50e135ba39a4c1daf2c610f0efc8717842d40caf59bd2f51fef7962d1a936a3a31705febaaedf94083748f2f3cf3fd2ed498490b8e6b20823f7ab78c8fbf518945d426cdca11e4b3e6a8e5c15bb3f932d60e0eceea2c3e6bc72255a4ff248203b02e268794b09cbfe4891b3383ff7e845c26a01fc9c4ecacd267ab186a4c Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000453aad +E = 0x453aad N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = dd1ac9357850544f391febbba214bc7b034f30e99b2229ee00db8974c1ddf31e49f6d53606eca6e7cb596cac73b98208c8c29878a3f4fba6547017df430d3ac7d8a99a4b99bd9ad8923449cafa7e2b2813e03d8e520e336ac0fb046ba0f0a83752dc205d77ebb88a565989ff7f894142ad512714f19859a40d2458021eadc7d6 InvalidSignature = 087210ce149329791f3509b67df8ce6fd0f75b86500780f9b16f451b8179d8aa69bf64416ac5c7cfc0695a775fa30aa6183fac051642e4e8383e8a2dfd8a93523e1de54478489caf0b35efab456123b771db81c734ddd3545c971b5a85663c9dae8970fc15752b843e3ab11d1a660cb8d4f63ba5a0c8ad3e7e2f21f7d70c5cf9753607698022e7f379dcd5fa5c4d7c66a71efd3f845567c360f704bd3679633310066a20050c056c8ac025f7721573a94dc91dab73c4f9b4d74ec24114d35b806562ccab94d598e46d2e915282a6b84eb9d545304dbc72f67957b6391a3b4e779a8db79d2f69316b28046b41c6f7a3fa1756d85e6c74f45a86aa17b2ba0d57d5548fdeafd33c9b8308d12c49ba913fa1d01178b83b7c99abcba31b3b92a014343ee67dbbb15d63f165495973fbd7769346f4b4a82a573a0ad36a8ba55de22bf595d368c3807d22828bc5da051a5ae469729e0d3f1fc9ce94d1d754703ee90fc9a7683ad88a2392241cf508fb6dc485652b8d8bf6dbdea987ecdf71948345d771 Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = bf8cec246224e055e794d2f3f3fb3b1f77982a3f8f2544f4aa66094dec01593ad090364312f5cb79ccedadaddfe962e1941920fc83c9d6c2b4f0710205065811cb173878bc1607ea0d734379d7ef7b09bfb01104d6903e4fbebb567d0f794e43f8487b2c2a2e9c8ef14d1bbda4b8907e408587bf5024838510ef4325d10143b7 InvalidSignature = 92579093d53403c964f045fb794065964cf98f2dc9236347bf5a757342a546443ec4e7c885f930e1d4691073a50bfbfaf7fb71ee7c8f7981ab009924c1573f6b92bfd66f36e22d5de5e707d87247ef2422270b772474699ae77d771c4a94caaca81d123380aa09e447f1384af3d8ee076ba0592a9b0d5e550a16a9a63482a09ca95425a05eb7c02d3727f2eb64e7f74b03668209e1a32b722d36e8b4614451b22576b4645f23ad95392a01d36f30e55958648bc6f7245479f949821985d66936c173fa5a9f0d772ccfffad1610f8247a2e598f5f7ccc258579ae46beadb94e7b8f558594f2f546aa3177247ebefcfc99f306fce40066b3d72900cb312be0a58062c36d1b2d6a47673b8599b4fae469865059b6e38e1d6f0c069df61268d38d885dfa42d0dfc9659bad6637fe76865f509cd3b2abab37d571aedc5068be59af0f7678ffa1406ee263e76265723fd4db14acf7ec1bef3bdce0db1a976e30f5f4a36e65a2e8b3ce8bc9e6df970af5b149a1d30958c7ef79802a6728ef1b0ad47d79 From 30525863fa7166c2b299f55ef34226610d911ca2 Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Sat, 21 Oct 2017 20:00:51 +0200 Subject: [PATCH 0088/1008] deprecate exceptions --- src/lib/utils/exceptn.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 1ed41aeb34..b9b94a8f8b 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -117,7 +117,7 @@ class BOTAN_PUBLIC_API(2,0) PRNG_Unseeded final : public Invalid_State class BOTAN_PUBLIC_API(2,0) Policy_Violation final : public Invalid_State { public: - explicit Policy_Violation(const std::string& err); + BOTAN_DEPRECATED("deprecated") explicit Policy_Violation(const std::string& err); }; /** @@ -135,7 +135,7 @@ class BOTAN_PUBLIC_API(2,0) Algorithm_Not_Found final : public Lookup_Error class BOTAN_PUBLIC_API(2,0) No_Provider_Found final : public Exception { public: - explicit No_Provider_Found(const std::string& name); + BOTAN_DEPRECATED("deprecated") explicit No_Provider_Found(const std::string& name); }; /** @@ -208,7 +208,7 @@ class BOTAN_PUBLIC_API(2,0) Stream_IO_Error final : public Exception class BOTAN_PUBLIC_API(2,0) Self_Test_Failure final : public Internal_Error { public: - explicit Self_Test_Failure(const std::string& err); + BOTAN_DEPRECATED("deprecated") explicit Self_Test_Failure(const std::string& err); }; /** From 2e907a457a44903069d587f60ae31da2405586df Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 22 Oct 2017 11:26:38 -0400 Subject: [PATCH 0089/1008] Update news --- news.rst | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/news.rst b/news.rst index 118c41d147..201834c3d7 100644 --- a/news.rst +++ b/news.rst @@ -4,10 +4,34 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Optimizations for OCB, CFB, SM3, SM4, GMAC, GCM (GH #1253 #1262), - CAST-128/CAST-256 (GH #1247), TLS-CBC ciphersuites (GH #1269) +* Support for negotiating the DH group as specified in RFC 7919 is now + available in TLS (GH #1263) -* Reduce the overhead of ffi calls. +* Add support for verifying X.509 objects (certificates, CRLs, etc) using + RSA-PSS signatures (GH #1270) + +* Optimize GCM mode on systems both with and without carryless + multiply support. This includes a new base case implementation + (still constant time), a new SSSE3 implementation for systems with + SSSE3 but not clmul, and better algorithms for systems with clmul + and pmull. (GH #1253 #1263) + +* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC + +* New functions for bit rotations that distinguish rotating by a + compile-time constant vs a runtime variable rotation. This allows + better optimizations in both cases. Notably performance of CAST-128 + and CAST-256 are substantially improved. (GH #1247) + +* TLS CBC ciphersuites now are implemented using the standard CBC + code, instead of reimplementing CBC inside the TLS stack. This + allows for parallel decryption of TLS CBC ciphertexts, and improves + performance especially when using AES hardware support. (GH #1269) + +* Fix a bug in the amalgamation generation which could cause build + failures on some systems including macOS. (GH #1264 #1265) + +* The overhead of making a call through the FFI layer has been reduced. * The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. They have been changed to use the correct encoding, and a test added From da0a1124242e3a108819df58054e8dd909268a00 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 23 Oct 2017 18:16:49 -0400 Subject: [PATCH 0090/1008] Fix typo [ci skip] --- doc/release_process.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/release_process.rst b/doc/release_process.rst index 0f5caafb92..fb0bce5e46 100644 --- a/doc/release_process.rst +++ b/doc/release_process.rst @@ -47,7 +47,7 @@ run from a git workspace. One useful option is ``--output-dir``, which specifies where the output will be placed. -The ``--pgp-key-id`` option is used to specifiy a PGP keyid. If set, +The ``--pgp-key-id`` option is used to specify a PGP keyid. If set, the script assumes that it can execute GnuPG and will attempt to create signatures for the tarballs. The default value is ``EFBADFBC``, which is the official signing key. You can use ``--pgp-key-id=none`` From 3feae2f7893090b263e762c79b47b99f7f4d07ba Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 22 Oct 2017 12:39:45 -0400 Subject: [PATCH 0091/1008] Refactor option parsing in cli and test code Allows cleaning up header includes, also somewhat smaller binaries. --- src/cli/argparse.h | 278 ++++++++++++++++++++++ src/cli/cli.cpp | 250 ++++++++++++++++++++ src/cli/cli.h | 479 ++++---------------------------------- src/cli/cli_exceptions.h | 44 ++++ src/cli/cli_rng.cpp | 89 +++++++ src/cli/compress.cpp | 13 +- src/cli/credentials.h | 1 - src/cli/encryption.cpp | 8 +- src/cli/main.cpp | 10 +- src/cli/speed.cpp | 1 + src/cli/timing_tests.cpp | 2 + src/cli/tls_client.cpp | 2 + src/cli/tls_server.cpp | 1 + src/cli/tls_utils.cpp | 9 +- src/cli/utils.cpp | 79 +------ src/tests/main.cpp | 439 +++------------------------------- src/tests/test_runner.cpp | 332 ++++++++++++++++++++++++++ src/tests/test_runner.h | 43 ++++ 18 files changed, 1133 insertions(+), 947 deletions(-) create mode 100644 src/cli/argparse.h create mode 100644 src/cli/cli.cpp create mode 100644 src/cli/cli_exceptions.h create mode 100644 src/cli/cli_rng.cpp create mode 100644 src/tests/test_runner.cpp create mode 100644 src/tests/test_runner.h diff --git a/src/cli/argparse.h b/src/cli/argparse.h new file mode 100644 index 0000000000..4577160954 --- /dev/null +++ b/src/cli/argparse.h @@ -0,0 +1,278 @@ +/* +* (C) 2015,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_ARGPARSE_H_ +#define BOTAN_ARGPARSE_H_ + +#include +#include +#include +#include +#include +#include "cli_exceptions.h" + +namespace Botan_CLI { + +class Argument_Parser + { + public: + Argument_Parser(const std::string& spec, + const std::vector& extra_flags = {}, + const std::vector& extra_opts = {}); + + void parse_args(const std::vector& params); + + bool flag_set(const std::string& flag) const; + + bool has_arg(const std::string& opt_name) const; + std::string get_arg(const std::string& option) const; + + std::string get_arg_or(const std::string& option, const std::string& otherwise) const; + + size_t get_arg_sz(const std::string& option) const; + + std::vector get_arg_list(const std::string& what) const; + + private: + // set in constructor + std::vector m_spec_args; + std::set m_spec_flags; + std::map m_spec_opts; + std::string m_spec_rest; + + // set in parse_args() + std::map m_user_args; + std::set m_user_flags; + std::vector m_user_rest; + }; + +bool Argument_Parser::flag_set(const std::string& flag_name) const + { + return m_user_flags.count(flag_name) > 0; + } + +bool Argument_Parser::has_arg(const std::string& opt_name) const + { + return m_user_args.count(opt_name) > 0; + } + +std::string Argument_Parser::get_arg(const std::string& opt_name) const + { + auto i = m_user_args.find(opt_name); + if(i == m_user_args.end()) + { + // this shouldn't occur unless you passed the wrong thing to get_arg + throw CLI_Error("Unknown option " + opt_name + " used (program bug)"); + } + return i->second; + } + +std::string Argument_Parser::get_arg_or(const std::string& opt_name, const std::string& otherwise) const + { + auto i = m_user_args.find(opt_name); + if(i == m_user_args.end() || i->second.empty()) + { + return otherwise; + } + return i->second; + } + +size_t Argument_Parser::get_arg_sz(const std::string& opt_name) const + { + const std::string s = get_arg(opt_name); + + try + { + return static_cast(std::stoul(s)); + } + catch(std::exception&) + { + throw CLI_Usage_Error("Invalid integer value '" + s + "' for option " + opt_name); + } + } + +std::vector Argument_Parser::get_arg_list(const std::string& what) const + { + if(what != m_spec_rest) + { + throw CLI_Error("Unexpected list name '" + what + "'"); + } + return m_user_rest; + } + +void Argument_Parser::parse_args(const std::vector& params) + { + std::vector args; + for(auto const& param : params) + { + if(param.find("--") == 0) + { + // option + const auto eq = param.find('='); + + if(eq == std::string::npos) + { + const std::string opt_name = param.substr(2, std::string::npos); + + if(m_spec_flags.count(opt_name) == 0) + { + if(m_spec_opts.count(opt_name)) + { + throw CLI_Usage_Error("Invalid usage of option --" + opt_name + + " without value"); + } + else + { + throw CLI_Usage_Error("Unknown flag --" + opt_name); + } + } + m_user_flags.insert(opt_name); + } + else + { + const std::string opt_name = param.substr(2, eq - 2); + const std::string opt_val = param.substr(eq + 1, std::string::npos); + + if(m_spec_opts.count(opt_name) == 0) + { + throw CLI_Usage_Error("Unknown option --" + opt_name); + } + + m_user_args.insert(std::make_pair(opt_name, opt_val)); + } + } + else + { + // argument + args.push_back(param); + } + } + + bool seen_stdin_flag = false; + size_t arg_i = 0; + for(auto const& arg : m_spec_args) + { + if(arg_i >= args.size()) + { + // not enough arguments + throw CLI_Usage_Error("Invalid argument count, got " + + std::to_string(args.size()) + + " expected " + + std::to_string(m_spec_args.size())); + } + + m_user_args.insert(std::make_pair(arg, args[arg_i])); + + if(args[arg_i] == "-") + { + if(seen_stdin_flag) + { + throw CLI_Usage_Error("Cannot specify '-' (stdin) more than once"); + } + seen_stdin_flag = true; + } + + ++arg_i; + } + + if(m_spec_rest.empty()) + { + if(arg_i != args.size()) + { + throw CLI_Usage_Error("Too many arguments"); + } + } + else + { + m_user_rest.assign(args.begin() + arg_i, args.end()); + } + + // Now insert any defaults for options not supplied by the user + for(auto const& opt : m_spec_opts) + { + if(m_user_args.count(opt.first) == 0) + { + m_user_args.insert(opt); + } + } + } + +Argument_Parser::Argument_Parser(const std::string& spec, + const std::vector& extra_flags, + const std::vector& extra_opts) + { + class CLI_Error_Invalid_Spec : public CLI_Error + { + public: + explicit CLI_Error_Invalid_Spec(const std::string& spec) + : CLI_Error("Invalid command spec '" + spec + "'") {} + }; + + const std::vector parts = Botan::split_on(spec, ' '); + + if(parts.size() == 0) + { + throw CLI_Error_Invalid_Spec(spec); + } + + for(size_t i = 1; i != parts.size(); ++i) + { + const std::string s = parts[i]; + + if(s.empty()) // ?!? (shouldn't happen) + { + throw CLI_Error_Invalid_Spec(spec); + } + + if(s.size() > 2 && s[0] == '-' && s[1] == '-') + { + // option or flag + + auto eq = s.find('='); + + if(eq == std::string::npos) + { + m_spec_flags.insert(s.substr(2, std::string::npos)); + } + else + { + m_spec_opts.insert(std::make_pair(s.substr(2, eq - 2), s.substr(eq + 1, std::string::npos))); + } + } + else if(s[0] == '*') + { + // rest argument + if(m_spec_rest.empty() && s.size() > 2) + { + m_spec_rest = s.substr(1, std::string::npos); + } + else + { + throw CLI_Error_Invalid_Spec(spec); + } + } + else + { + // named argument + if(!m_spec_rest.empty()) // rest arg wasn't last + { + throw CLI_Error_Invalid_Spec(spec); + } + + m_spec_args.push_back(s); + } + } + + for(std::string flag : extra_flags) + m_spec_flags.insert(flag); + for(std::string opt : extra_opts) + m_spec_opts.insert(std::make_pair(opt, "")); + } + + +} + +#endif diff --git a/src/cli/cli.cpp b/src/cli/cli.cpp new file mode 100644 index 0000000000..f23c3574dd --- /dev/null +++ b/src/cli/cli.cpp @@ -0,0 +1,250 @@ +/* +* (C) 2015,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "cli.h" +#include "argparse.h" +#include +#include +#include +#include + +namespace Botan_CLI { + +Command::Command(const std::string& cmd_spec) : m_spec(cmd_spec) + { + // for checking all spec strings at load time + //m_args.reset(new Argument_Parser(m_spec)); + } + +Command::~Command() { /* for unique_ptr */ } + +std::string Command::help_text() const + { + return "Usage: " + m_spec + + "\n\nAll commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed="; + } + +int Command::run(const std::vector& params) + { + try + { + m_args.reset(new Argument_Parser(m_spec, + {"verbose", "help"}, + {"output", "error-output", "rng-type", "drbg-seed"})); + + m_args->parse_args(params); + + if(m_args->has_arg("output")) + { + const std::string output_file = get_arg("output"); + + if(output_file != "") + { + m_output_stream.reset(new std::ofstream(output_file, std::ios::binary)); + if(!m_output_stream->good()) + throw CLI_IO_Error("opening", output_file); + } + } + + if(m_args->has_arg("error-output")) + { + const std::string output_file = get_arg("error-output"); + + if(output_file != "") + { + m_error_output_stream.reset(new std::ofstream(output_file, std::ios::binary)); + if(!m_error_output_stream->good()) + throw CLI_IO_Error("opening", output_file); + } + } + + if(flag_set("help")) + { + output() << help_text() << "\n"; + return 2; + } + + this->go(); + return 0; + } + catch(CLI_Usage_Error& e) + { + error_output() << "Usage error: " << e.what() << "\n"; + error_output() << help_text() << "\n"; + return 1; + } + catch(std::exception& e) + { + error_output() << "Error: " << e.what() << "\n"; + return 2; + } + catch(...) + { + error_output() << "Error: unknown exception\n"; + return 2; + } + } + +bool Command::flag_set(const std::string& flag_name) const + { + return m_args->flag_set(flag_name); + } + +std::string Command::get_arg(const std::string& opt_name) const + { + return m_args->get_arg(opt_name); + } + +/* +* Like get_arg() but if the argument was not specified or is empty, returns otherwise +*/ +std::string Command::get_arg_or(const std::string& opt_name, const std::string& otherwise) const + { + return m_args->get_arg_or(opt_name, otherwise); + } + +size_t Command::get_arg_sz(const std::string& opt_name) const + { + return m_args->get_arg_sz(opt_name); + } + +std::vector Command::get_arg_list(const std::string& what) const + { + return m_args->get_arg_list(what); + } + +std::ostream& Command::output() + { + if(m_output_stream.get()) + { + return *m_output_stream; + } + return std::cout; + } + +std::ostream& Command::error_output() + { + if(m_error_output_stream.get()) + { + return *m_error_output_stream; + } + return std::cerr; + } + +std::vector Command::slurp_file(const std::string& input_file, + size_t buf_size) const + { + std::vector buf; + auto insert_fn = [&](const uint8_t b[], size_t l) + { + buf.insert(buf.end(), b, b + l); + }; + this->read_file(input_file, insert_fn, buf_size); + return buf; + } + +std::string Command::slurp_file_as_str(const std::string& input_file, + size_t buf_size) const + { + std::string str; + auto insert_fn = [&](const uint8_t b[], size_t l) + { + str.append(reinterpret_cast(b), l); + }; + this->read_file(input_file, insert_fn, buf_size); + return str; + } + +void Command::read_file(const std::string& input_file, + std::function consumer_fn, + size_t buf_size) const + { + if(input_file == "-") + { + do_read_file(std::cin, consumer_fn, buf_size); + } + else + { + std::ifstream in(input_file, std::ios::binary); + if(!in) + { + throw CLI_IO_Error("reading file", input_file); + } + do_read_file(in, consumer_fn, buf_size); + } + } + +void Command::do_read_file(std::istream& in, + std::function consumer_fn, + size_t buf_size) const + { + // Avoid an infinite loop on --buf-size=0 + std::vector buf(buf_size == 0 ? 4096 : buf_size); + + while(in.good()) + { + in.read(reinterpret_cast(buf.data()), buf.size()); + const size_t got = static_cast(in.gcount()); + consumer_fn(buf.data(), got); + } + } + +Botan::RandomNumberGenerator& Command::rng() + { + if(m_rng == nullptr) + { + m_rng = cli_make_rng(get_arg("rng-type"), get_arg("drbg-seed")); + } + + return *m_rng.get(); + } + +// Registration code + +Command::Registration::Registration(const std::string& name, Command::cmd_maker_fn maker_fn) + { + std::map& reg = Command::global_registry(); + + if(reg.count(name) > 0) + { + throw CLI_Error("Duplicated registration of command " + name); + } + + reg.insert(std::make_pair(name, maker_fn)); + } + +//static +std::map& Command::global_registry() + { + static std::map g_cmds; + return g_cmds; + } + +//static +std::vector Command::registered_cmds() + { + std::vector cmds; + for(auto& cmd : Command::global_registry()) + cmds.push_back(cmd.first); + return cmds; + } + +//static +std::unique_ptr Command::get_cmd(const std::string& name) + { + const std::map& reg = Command::global_registry(); + + std::unique_ptr r; + auto i = reg.find(name); + if(i != reg.end()) + { + r.reset(i->second()); + } + + return r; + } + +} diff --git a/src/cli/cli.h b/src/cli/cli.h index 1e81c2ff62..75de335159 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -8,64 +8,39 @@ #define BOTAN_CLI_H_ #include -#include -#include - -#include -#include #include +#include #include #include -#include #include #include +#include "cli_exceptions.h" + +namespace Botan { + +class RandomNumberGenerator; + +} namespace Botan_CLI { -/* Declared in utils.cpp */ +class Argument_Parser; + +/* Declared in cli_rng.cpp */ std::unique_ptr cli_make_rng(const std::string& type, const std::string& hex_drbg_seed); -class CLI_Error : public std::runtime_error - { - public: - explicit CLI_Error(const std::string& s) : std::runtime_error(s) {} - }; - -class CLI_IO_Error : public CLI_Error +class Command { public: - CLI_IO_Error(const std::string& op, const std::string& who) : - CLI_Error("Error " + op + " " + who) {} - }; -class CLI_Usage_Error : public CLI_Error - { - public: - explicit CLI_Usage_Error(const std::string& what) : CLI_Error(what) {} - }; + /** + * Get a registered command + */ + static std::unique_ptr get_cmd(const std::string& name); -/* Thrown eg when a requested feature was compiled out of the library - or is not available, eg hashing with -*/ -class CLI_Error_Unsupported : public CLI_Error - { - public: - CLI_Error_Unsupported(const std::string& what, - const std::string& who) - : CLI_Error(what + " with '" + who + "' unsupported or not available") {} - }; + static std::vector registered_cmds(); -class CLI_Error_Invalid_Spec : public CLI_Error - { - public: - explicit CLI_Error_Invalid_Spec(const std::string& spec) - : CLI_Error("Invalid command spec '" + spec + "'") {} - }; - -class Command - { - public: /** * The spec string specifies the format of the command line, eg for * a somewhat complicated command: @@ -105,156 +80,13 @@ class Command * Use of --help is captured in run() and returns help_text(). * Use of --verbose can be checked with verbose() or flag_set("verbose") */ - explicit Command(const std::string& cmd_spec) : m_spec(cmd_spec) - { - // for checking all spec strings at load time - //parse_spec(); - } - virtual ~Command() = default; + explicit Command(const std::string& cmd_spec); - int run(const std::vector& params) - { - try - { - // avoid parsing specs except for the command actually running - parse_spec(); - - std::vector args; - for(auto const& param : params) - { - if(param.find("--") == 0) - { - // option - const auto eq = param.find('='); - - if(eq == std::string::npos) - { - const std::string opt_name = param.substr(2, std::string::npos); - - if(m_spec_flags.count(opt_name) == 0) - { - if(m_spec_opts.count(opt_name)) - { - throw CLI_Usage_Error("Invalid usage of option --" + opt_name + - " without value"); - } - else - { - throw CLI_Usage_Error("Unknown flag --" + opt_name); - } - } - m_user_flags.insert(opt_name); - } - else - { - const std::string opt_name = param.substr(2, eq - 2); - const std::string opt_val = param.substr(eq + 1, std::string::npos); - - if(m_spec_opts.count(opt_name) == 0) - { - throw CLI_Usage_Error("Unknown option --" + opt_name); - } - - m_user_args.insert(std::make_pair(opt_name, opt_val)); - } - } - else - { - // argument - args.push_back(param); - } - } - - bool seen_stdin_flag = false; - size_t arg_i = 0; - for(auto const& arg : m_spec_args) - { - if(arg_i >= args.size()) - { - // not enough arguments - throw CLI_Usage_Error("Invalid argument count, got " + - std::to_string(args.size()) + - " expected " + - std::to_string(m_spec_args.size())); - } - - m_user_args.insert(std::make_pair(arg, args[arg_i])); - - if(args[arg_i] == "-") - { - if(seen_stdin_flag) - { - throw CLI_Usage_Error("Cannot specifiy '-' (stdin) more than once"); - } - seen_stdin_flag = true; - } - - ++arg_i; - } - - if(m_spec_rest.empty()) - { - if(arg_i != args.size()) - { - throw CLI_Usage_Error("Too many arguments"); - } - } - else - { - m_user_rest.assign(args.begin() + arg_i, args.end()); - } - - if(flag_set("help")) - { - output() << help_text() << "\n"; - return 2; - } - - if(m_user_args.count("output")) - { - m_output_stream.reset(new std::ofstream(get_arg("output"), std::ios::binary)); - } - - if(m_user_args.count("error-output")) - { - m_error_output_stream.reset(new std::ofstream(get_arg("error-output"), std::ios::binary)); - } - - // Now insert any defaults for options not supplied by the user - for(auto const& opt : m_spec_opts) - { - if(m_user_args.count(opt.first) == 0) - { - m_user_args.insert(opt); - } - } - - this->go(); - return 0; - } - catch(CLI_Usage_Error& e) - { - error_output() << "Usage error: " << e.what() << "\n"; - error_output() << help_text() << "\n"; - return 1; - } - catch(std::exception& e) - { - error_output() << "Error: " << e.what() << "\n"; - return 2; - } - catch(...) - { - error_output() << "Error: unknown exception\n"; - return 2; - } - } + virtual ~Command(); - virtual std::string help_text() const - { - return "Usage: " + m_spec + - "\n\nAll commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed="; - } + int run(const std::vector& params); + + virtual std::string help_text() const; const std::string& cmd_spec() const { @@ -268,230 +100,53 @@ class Command protected: - void parse_spec() - { - const std::vector parts = Botan::split_on(m_spec, ' '); - - if(parts.size() == 0) - { - throw CLI_Error_Invalid_Spec(m_spec); - } - - for(size_t i = 1; i != parts.size(); ++i) - { - const std::string s = parts[i]; - - if(s.empty()) // ?!? (shouldn't happen) - { - throw CLI_Error_Invalid_Spec(m_spec); - } - - if(s.size() > 2 && s[0] == '-' && s[1] == '-') - { - // option or flag - - auto eq = s.find('='); - - if(eq == std::string::npos) - { - m_spec_flags.insert(s.substr(2, std::string::npos)); - } - else - { - m_spec_opts.insert(std::make_pair(s.substr(2, eq - 2), s.substr(eq + 1, std::string::npos))); - } - } - else if(s[0] == '*') - { - // rest argument - if(m_spec_rest.empty() && s.size() > 2) - { - m_spec_rest = s.substr(1, std::string::npos); - } - else - { - throw CLI_Error_Invalid_Spec(m_spec); - } - } - else - { - // named argument - if(!m_spec_rest.empty()) // rest arg wasn't last - { - throw CLI_Error("Invalid command spec " + m_spec); - } - - m_spec_args.push_back(s); - } - } - - m_spec_flags.insert("verbose"); - m_spec_flags.insert("help"); - m_spec_opts.insert(std::make_pair("output", "")); - m_spec_opts.insert(std::make_pair("error-output", "")); - m_spec_opts.insert(std::make_pair("rng-type", "")); - m_spec_opts.insert(std::make_pair("drbg-seed", "")); - } - /* * The actual functionality of the cli command implemented in subclas */ virtual void go() = 0; - std::ostream& output() - { - if(m_output_stream.get()) - { - return *m_output_stream; - } - return std::cout; - } + std::ostream& output(); - std::ostream& error_output() - { - if(m_error_output_stream.get()) - { - return *m_error_output_stream; - } - return std::cerr; - } + std::ostream& error_output(); bool verbose() const { return flag_set("verbose"); } - bool flag_set(const std::string& flag_name) const - { - return m_user_flags.count(flag_name) > 0; - } + bool flag_set(const std::string& flag_name) const; - std::string get_arg(const std::string& opt_name) const - { - auto i = m_user_args.find(opt_name); - if(i == m_user_args.end()) - { - // this shouldn't occur unless you passed the wrong thing to get_arg - throw CLI_Error("Unknown option " + opt_name + " used (program bug)"); - } - return i->second; - } + std::string get_arg(const std::string& opt_name) const; /* * Like get_arg() but if the argument was not specified or is empty, returns otherwise */ - std::string get_arg_or(const std::string& opt_name, const std::string& otherwise) const - { - auto i = m_user_args.find(opt_name); - if(i == m_user_args.end() || i->second.empty()) - { - return otherwise; - } - return i->second; - } + std::string get_arg_or(const std::string& opt_name, const std::string& otherwise) const; - size_t get_arg_sz(const std::string& opt_name) const - { - const std::string s = get_arg(opt_name); - - try - { - return static_cast(std::stoul(s)); - } - catch(std::exception&) - { - throw CLI_Usage_Error("Invalid integer value '" + s + "' for option " + opt_name); - } - } + size_t get_arg_sz(const std::string& opt_name) const; - std::vector get_arg_list(const std::string& what) const - { - if(what != m_spec_rest) - { - throw CLI_Error("Unexpected list name '" + what + "'"); - } - - return m_user_rest; - } + std::vector get_arg_list(const std::string& what) const; /* * Read an entire file into memory and return the contents */ std::vector slurp_file(const std::string& input_file, - size_t buf_size = 0) const - { - std::vector buf; - auto insert_fn = [&](const uint8_t b[], size_t l) - { - buf.insert(buf.end(), b, b + l); - }; - this->read_file(input_file, insert_fn, buf_size); - return buf; - } - - /* - * Read an entire file into memory and return the contents - */ - Botan::secure_vector slurp_file_locked(const std::string& input_file, - size_t buf_size = 0) const - { - Botan::secure_vector buf; - auto insert_fn = [&](const uint8_t b[], size_t l) - { - buf.insert(buf.end(), b, b + l); - }; - this->read_file(input_file, insert_fn, buf_size); - return buf; - } + size_t buf_size = 0) const; std::string slurp_file_as_str(const std::string& input_file, - size_t buf_size = 0) const - { - std::string str; - auto insert_fn = [&](const uint8_t b[], size_t l) - { - str.append(reinterpret_cast(b), l); - }; - this->read_file(input_file, insert_fn, buf_size); - return str; - } + size_t buf_size = 0) const; /* * Read a file calling consumer_fn() with the inputs */ void read_file(const std::string& input_file, std::function consumer_fn, - size_t buf_size = 0) const - { - if(input_file == "-") - { - do_read_file(std::cin, consumer_fn, buf_size); - } - else - { - std::ifstream in(input_file, std::ios::binary); - if(!in) - { - throw CLI_IO_Error("reading file", input_file); - } - do_read_file(in, consumer_fn, buf_size); - } - } + size_t buf_size = 0) const; + void do_read_file(std::istream& in, std::function consumer_fn, - size_t buf_size = 0) const - { - // Avoid an infinite loop on --buf-size=0 - std::vector buf(buf_size == 0 ? 4096 : buf_size); - - while(in.good()) - { - in.read(reinterpret_cast(buf.data()), buf.size()); - const size_t got = static_cast(in.gcount()); - consumer_fn(buf.data(), got); - } - } + size_t buf_size = 0) const; template void write_output(const std::vector& vec) @@ -499,75 +154,31 @@ class Command output().write(reinterpret_cast(vec.data()), vec.size()); } - Botan::RandomNumberGenerator& rng() - { - if(m_rng == nullptr) - { - m_rng = cli_make_rng(get_arg("rng-type"), get_arg("drbg-seed")); - } - - return *m_rng.get(); - } + Botan::RandomNumberGenerator& rng(); private: - // set in constructor - std::string m_spec; + void parse_spec(); - // set in parse_spec() from m_spec - std::vector m_spec_args; - std::set m_spec_flags; - std::map m_spec_opts; - std::string m_spec_rest; + typedef std::function cmd_maker_fn; - // set in run() from user args - std::map m_user_args; - std::set m_user_flags; - std::vector m_user_rest; + static std::map& global_registry(); - std::unique_ptr m_output_stream; - std::unique_ptr m_error_output_stream; + // set in constructor + std::string m_spec; + + std::unique_ptr m_args; + std::unique_ptr m_output_stream; + std::unique_ptr m_error_output_stream; std::unique_ptr m_rng; public: // the registry interface: - typedef std::function cmd_maker_fn; - - static std::map& global_registry() - { - static std::map g_cmds; - return g_cmds; - } - - static std::unique_ptr get_cmd(const std::string& name) - { - auto& reg = Command::global_registry(); - - std::unique_ptr r; - auto i = reg.find(name); - if(i != reg.end()) - { - r.reset(i->second()); - } - - return r; - } - class Registration final { public: - Registration(const std::string& name, cmd_maker_fn maker_fn) - { - auto& reg = Command::global_registry(); - - if(reg.count(name) > 0) - { - throw CLI_Error("Duplicated registration of command " + name); - } - - Command::global_registry().insert(std::make_pair(name, maker_fn)); - } + Registration(const std::string& name, cmd_maker_fn maker_fn); }; }; diff --git a/src/cli/cli_exceptions.h b/src/cli/cli_exceptions.h new file mode 100644 index 0000000000..ed7be31373 --- /dev/null +++ b/src/cli/cli_exceptions.h @@ -0,0 +1,44 @@ +/* +* (C) 2015 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_CLI_EXCEPTIONS_H_ +#define BOTAN_CLI_EXCEPTIONS_H_ + +namespace Botan_CLI { + +class CLI_Error : public std::runtime_error + { + public: + explicit CLI_Error(const std::string& s) : std::runtime_error(s) {} + }; + +class CLI_IO_Error : public CLI_Error + { + public: + CLI_IO_Error(const std::string& op, const std::string& who) : + CLI_Error("Error " + op + " " + who) {} + }; + +class CLI_Usage_Error : public CLI_Error + { + public: + explicit CLI_Usage_Error(const std::string& what) : CLI_Error(what) {} + }; + +/* Thrown eg when a requested feature was compiled out of the library + or is not available, eg hashing with +*/ +class CLI_Error_Unsupported : public CLI_Error + { + public: + CLI_Error_Unsupported(const std::string& what, + const std::string& who) + : CLI_Error(what + " with '" + who + "' unsupported or not available") {} + }; + +} + +#endif diff --git a/src/cli/cli_rng.cpp b/src/cli/cli_rng.cpp new file mode 100644 index 0000000000..1e3ecb1415 --- /dev/null +++ b/src/cli/cli_rng.cpp @@ -0,0 +1,89 @@ +/* +* (C) 2015,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "cli.h" +#include +#include +#include +#include + +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + #include +#endif + +#if defined(BOTAN_HAS_SYSTEM_RNG) + #include +#endif + +#if defined(BOTAN_HAS_RDRAND_RNG) + #include +#endif + +#if defined(BOTAN_HAS_HMAC_DRBG) + #include +#endif + +namespace Botan_CLI { + +std::unique_ptr +cli_make_rng(const std::string& rng_type, const std::string& hex_drbg_seed) + { +#if defined(BOTAN_HAS_SYSTEM_RNG) + if(rng_type == "system" || rng_type.empty()) + { + return std::unique_ptr(new Botan::System_RNG); + } +#endif + +#if defined(BOTAN_HAS_RDRAND_RNG) + if(rng_type == "rdrand") + { + if(Botan::CPUID::has_rdrand()) + return std::unique_ptr(new Botan::RDRAND_RNG); + else + throw CLI_Error("RDRAND instruction not supported on this processor"); + } +#endif + + const std::vector drbg_seed = Botan::hex_decode(hex_drbg_seed); + +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + if(rng_type == "auto" || rng_type == "entropy" || rng_type.empty()) + { + std::unique_ptr rng; + + if(rng_type == "entropy") + rng.reset(new Botan::AutoSeeded_RNG(Botan::Entropy_Sources::global_sources())); + else + rng.reset(new Botan::AutoSeeded_RNG); + + if(drbg_seed.size() > 0) + rng->add_entropy(drbg_seed.data(), drbg_seed.size()); + return rng; + } +#endif + +#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_AUTO_RNG_HMAC) + if(rng_type == "drbg") + { + std::unique_ptr mac = + Botan::MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC); + std::unique_ptr rng(new Botan::HMAC_DRBG(std::move(mac))); + rng->add_entropy(drbg_seed.data(), drbg_seed.size()); + + if(rng->is_seeded() == false) + throw CLI_Error("For " + rng->name() + " a seed of at least " + + std::to_string(rng->security_level()/8) + + " bytes must be provided"); + + return std::unique_ptr(rng.release()); + } +#endif + + throw CLI_Error_Unsupported("RNG", rng_type); + } + +} diff --git a/src/cli/compress.cpp b/src/cli/compress.cpp index c60a33921e..e9cd02290c 100644 --- a/src/cli/compress.cpp +++ b/src/cli/compress.cpp @@ -8,6 +8,7 @@ #if defined(BOTAN_HAS_COMPRESSION) #include + #include #endif namespace Botan_CLI { @@ -75,17 +76,17 @@ class Compress final : public Command while(in.good()) { buf.resize(buf_size); - in.read(reinterpret_cast(&buf[0]), buf.size()); + in.read(reinterpret_cast(buf.data()), buf.size()); buf.resize(in.gcount()); compress->update(buf); - out.write(reinterpret_cast(&buf[0]), buf.size()); + out.write(reinterpret_cast(buf.data()), buf.size()); } buf.clear(); compress->finish(buf); - out.write(reinterpret_cast(&buf[0]), buf.size()); + out.write(reinterpret_cast(buf.data()), buf.size()); out.close(); } }; @@ -147,17 +148,17 @@ class Decompress final : public Command while(in.good()) { buf.resize(buf_size); - in.read(reinterpret_cast(&buf[0]), buf.size()); + in.read(reinterpret_cast(buf.data()), buf.size()); buf.resize(in.gcount()); decompress->update(buf); - out.write(reinterpret_cast(&buf[0]), buf.size()); + out.write(reinterpret_cast(buf.data()), buf.size()); } buf.clear(); decompress->finish(buf); - out.write(reinterpret_cast(&buf[0]), buf.size()); + out.write(reinterpret_cast(buf.data()), buf.size()); out.close(); } }; diff --git a/src/cli/credentials.h b/src/cli/credentials.h index 38f91141e3..3b46c239c1 100644 --- a/src/cli/credentials.h +++ b/src/cli/credentials.h @@ -11,7 +11,6 @@ #include #include #include -#include #include inline bool value_exists(const std::vector& vec, diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index e8d5622c24..ffc1d0b484 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -9,7 +9,6 @@ #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_MODES) #include -#include #include using namespace Botan; @@ -39,7 +38,7 @@ bool is_aead(const std::string &cipher) } secure_vector do_crypt(const std::string &cipher, - const secure_vector &input, + const std::vector &input, const SymmetricKey &key, const InitializationVector &iv, const OctetString &ad, @@ -97,7 +96,7 @@ class Encryption final : public Command const std::string ad_hex = get_arg_or("ad", ""); const size_t buf_size = get_arg_sz("buf-size"); - Botan::secure_vector input = this->slurp_file_locked("-", buf_size); + const std::vector input = this->slurp_file("-", buf_size); if (verbose()) { @@ -109,8 +108,7 @@ class Encryption final : public Command auto ad = OctetString(ad_hex); auto direction = flag_set("decrypt") ? Cipher_Dir::DECRYPTION : Cipher_Dir::ENCRYPTION; - auto data = do_crypt(VALID_MODES[mode], input, key, iv, ad, direction); - std::copy(data.begin(), data.end(), std::ostreambuf_iterator(output())); + write_output(do_crypt(VALID_MODES[mode], input, key, iv, ad, direction)); } }; diff --git a/src/cli/main.cpp b/src/cli/main.cpp index 5fbaf085ed..6b00244652 100644 --- a/src/cli/main.cpp +++ b/src/cli/main.cpp @@ -7,25 +7,21 @@ #include "cli.h" #include -#include -#include #include +#include namespace { std::string main_help() { - const std::set avail_commands = - Botan::map_keys_as_set(Botan_CLI::Command::global_registry()); - std::ostringstream oss; oss << "Usage: botan \n"; oss << "Available commands:\n"; - for(auto& cmd_name : avail_commands) + for(const auto& cmd_name : Botan_CLI::Command::registered_cmds()) { - auto cmd = Botan_CLI::Command::get_cmd(cmd_name); + std::unique_ptr cmd = Botan_CLI::Command::get_cmd(cmd_name); oss << cmd->cmd_spec() << "\n"; } diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 518adb8577..e075e752de 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 2587808454..d95df026cf 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -20,6 +20,8 @@ #include "cli.h" #include #include +#include + #include #if defined(BOTAN_HAS_SYSTEM_RNG) diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index d773cd81f7..db0453a727 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -15,6 +15,8 @@ #include #include #include +#include +#include #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) #include diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 7039676419..02c15bf7b4 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -17,6 +17,7 @@ #include "credentials.h" #include +#include #if defined(BOTAN_TARGET_OS_IS_WINDOWS) #include diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index f62781af9e..7b2474a690 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -114,13 +114,8 @@ class TLS_Ciphersuites final : public Command } else { - std::ifstream policy_file(policy_type); - if(!policy_file.good()) - { - throw CLI_Error("Error TLS policy '" + policy_type + "' is neither a file nor a known policy type"); - } - - policy.reset(new Botan::TLS::Text_Policy(policy_file)); + const std::string policy_txt = slurp_file_as_str(policy_type); + policy.reset(new Botan::TLS::Text_Policy(policy_txt)); } for(uint16_t suite_id : policy->ciphersuite_list(version, with_srp)) diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 6b108eb432..1e2ddf42e2 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -10,30 +10,15 @@ #include #include #include +#include #include #include -#include +#include #if defined(BOTAN_HAS_BASE64_CODEC) #include #endif -#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) - #include -#endif - -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include -#endif - -#if defined(BOTAN_HAS_RDRAND_RNG) - #include -#endif - -#if defined(BOTAN_HAS_HMAC_DRBG) - #include -#endif - #if defined(BOTAN_HAS_HTTP_UTIL) #include #endif @@ -44,64 +29,6 @@ namespace Botan_CLI { -std::unique_ptr -cli_make_rng(const std::string& rng_type, const std::string& hex_drbg_seed) - { -#if defined(BOTAN_HAS_SYSTEM_RNG) - if(rng_type == "system" || rng_type.empty()) - { - return std::unique_ptr(new Botan::System_RNG); - } -#endif - -#if defined(BOTAN_HAS_RDRAND_RNG) - if(rng_type == "rdrand") - { - if(Botan::CPUID::has_rdrand()) - return std::unique_ptr(new Botan::RDRAND_RNG); - else - throw CLI_Error("RDRAND instruction not supported on this processor"); - } -#endif - - const std::vector drbg_seed = Botan::hex_decode(hex_drbg_seed); - -#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) - if(rng_type == "auto" || rng_type == "entropy" || rng_type.empty()) - { - std::unique_ptr rng; - - if(rng_type == "entropy") - rng.reset(new Botan::AutoSeeded_RNG(Botan::Entropy_Sources::global_sources())); - else - rng.reset(new Botan::AutoSeeded_RNG); - - if(drbg_seed.size() > 0) - rng->add_entropy(drbg_seed.data(), drbg_seed.size()); - return rng; - } -#endif - -#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_AUTO_RNG_HMAC) - if(rng_type == "drbg") - { - std::unique_ptr mac = - Botan::MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC); - std::unique_ptr rng(new Botan::HMAC_DRBG(std::move(mac))); - rng->add_entropy(drbg_seed.data(), drbg_seed.size()); - - if(rng->is_seeded() == false) - throw CLI_Error("For " + rng->name() + " a seed of at least " + - std::to_string(rng->security_level()/8) + - " bytes must be provided"); - - return std::unique_ptr(rng.release()); - } -#endif - - throw CLI_Error_Unsupported("RNG", rng_type); - } - class Config_Info final : public Command { public: @@ -245,7 +172,7 @@ class RNG final : public Command } const std::string drbg_seed = get_arg("drbg-seed"); - std::unique_ptr rng = cli_make_rng(type, drbg_seed); + std::unique_ptr rng = cli_make_rng(type, drbg_seed); for(const std::string& req : get_arg_list("bytes")) { diff --git a/src/tests/main.cpp b/src/tests/main.cpp index 41009ed196..3144b957d6 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -4,445 +4,62 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include "../cli/cli.h" -#include "tests.h" +#include "../cli/argparse.h" +#include "test_runner.h" #include -#include +#include #include -#include -#include #include -#include - -#if defined(BOTAN_HAS_HMAC_DRBG) - #include -#endif - -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include -#endif - -#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) - #include -#endif #if defined(BOTAN_HAS_OPENSSL) #include #endif -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - #include - #include -#endif - -namespace { - -class Test_Runner final : public Botan_CLI::Command +int main(int argc, char* argv[]) { - public: - Test_Runner() - : Command("test --threads=0 --run-long-tests --run-online-tests --test-runs=1 --drbg-seed= --data-dir=" - " --pkcs11-lib= --provider= --log-success *suites") {} - - std::unique_ptr - create_test_rng(const std::string& drbg_seed) - { - std::unique_ptr rng; - -#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_AUTO_RNG_HMAC) - - std::vector seed = Botan::hex_decode(drbg_seed); - if(seed.empty()) - { - const uint64_t ts = Botan_Tests::Test::timestamp(); - seed.resize(8); - Botan::store_be(ts, seed.data()); - } - - output() << " rng:HMAC_DRBG(" << BOTAN_AUTO_RNG_HMAC << ") with seed '" << Botan::hex_encode(seed) << "'\n"; - - // Expand out the seed with a hash to make the DRBG happy - std::unique_ptr mac = - Botan::MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC); - - mac->set_key(seed); - seed.resize(mac->output_length()); - mac->final(seed.data()); - - std::unique_ptr drbg(new Botan::HMAC_DRBG(std::move(mac))); - drbg->initialize_with(seed.data(), seed.size()); - -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - rng.reset(new Botan::Serialized_RNG(drbg.release())); -#else - rng = std::move(drbg); -#endif - -#endif - - if(!rng && drbg_seed != "") - throw Botan_Tests::Test_Error("HMAC_DRBG disabled in build, cannot specify DRBG seed"); - -#if defined(BOTAN_HAS_SYSTEM_RNG) - if(!rng) - { - output() << " rng:system\n"; - rng.reset(new Botan::System_RNG); - } -#endif - -#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) - if(!rng) - { - output() << " rng:autoseeded\n"; -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - rng.reset(new Botan::Serialized_RNG(new Botan::AutoSeeded_RNG)); -#else - rng.reset(new Botan::AutoSeeded_RNG); -#endif - - } -#endif - - if(!rng) - { - // last ditch fallback for RNG-less build - class Bogus_Fallback_RNG final : public Botan::RandomNumberGenerator - { - public: - std::string name() const override { return "Bogus_Fallback_RNG"; } - - void clear() override { /* ignored */ } - void add_entropy(const uint8_t[], size_t) override { /* ignored */ } - bool is_seeded() const override { return true; } - - void randomize(uint8_t out[], size_t len) override - { - for(size_t i = 0; i != len; ++i) - { - m_x = (m_x * 31337 + 42); - out[i] = static_cast(m_x >> 7); - } - } - - Bogus_Fallback_RNG() : m_x(1) {} - private: - uint32_t m_x; - }; - - output() << " rng:bogus\n"; - rng.reset(new Bogus_Fallback_RNG); - } - - return rng; - } - - std::string help_text() const override - { - std::ostringstream err; - - const std::string& spec = cmd_spec(); - - err << "Usage: botan-test" - << spec.substr(spec.find_first_of(' '), std::string::npos) - << "\n\nAvailable test suites\n" - << "----------------\n"; - - size_t line_len = 0; - - for(auto const& test : Botan_Tests::Test::registered_tests()) - { - err << test << " "; - line_len += test.size() + 1; - - if(line_len > 64) - { - err << "\n"; - line_len = 0; - } - } - - if(line_len > 0) - { - err << "\n"; - } - - return err.str(); - } - - void go() override - { - const size_t threads = get_arg_sz("threads"); - const std::string drbg_seed = get_arg("drbg-seed"); - const bool log_success = flag_set("log-success"); - const bool run_online_tests = flag_set("run-online-tests"); - const bool run_long_tests = flag_set("run-long-tests"); - const std::string data_dir = get_arg_or("data-dir", "src/tests/data"); - const std::string pkcs11_lib = get_arg("pkcs11-lib"); - const std::string provider = get_arg("provider"); - const size_t runs = get_arg_sz("test-runs"); - - std::vector req = get_arg_list("suites"); - - if(req.empty()) - { - /* - If nothing was requested on the command line, run everything. First - run the "essentials" to smoke test, then everything else in - alphabetical order. - */ - req = {"block", "stream", "hash", "mac", "modes", "aead" - "kdf", "pbkdf", "hmac_drbg", "x931_rng", "util" - }; - - std::set all_others = Botan_Tests::Test::registered_tests(); - - if(pkcs11_lib.empty()) - { - // do not run pkcs11 tests by default unless pkcs11-lib set - for(std::set::iterator iter = all_others.begin(); iter != all_others.end();) - { - if((*iter).find("pkcs11") != std::string::npos) - { - iter = all_others.erase(iter); - } - else - { - ++iter; - } - } - } + std::cerr << Botan::runtime_version_check(BOTAN_VERSION_MAJOR, BOTAN_VERSION_MINOR, BOTAN_VERSION_PATCH); - for(auto f : req) - { - all_others.erase(f); - } + try + { + Botan_CLI::Argument_Parser parser("test --data-dir= --pkcs11-lib= --provider= --log-success " + "--verbose --help --run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " + "*suites"); - req.insert(req.end(), all_others.begin(), all_others.end()); - } - else if(req.size() == 1 && req.at(0) == "pkcs11") - { - req = {"pkcs11-manage", "pkcs11-module", "pkcs11-slot", "pkcs11-session", "pkcs11-object", "pkcs11-rsa", - "pkcs11-ecdsa", "pkcs11-ecdh", "pkcs11-rng", "pkcs11-x509" - }; - } - else - { - std::set all = Botan_Tests::Test::registered_tests(); - for(auto const& r : req) - { - if(all.find(r) == all.end()) - { - throw Botan_CLI::CLI_Usage_Error("Unknown test suite: " + r); - } - } - } + parser.parse_args(std::vector(argv + 1, argv + argc)); - output() << "Testing " << Botan::version_string() << "\n"; - output() << "Starting tests"; + const std::string data_dir = parser.get_arg_or("data-dir", "src/tests/data"); + const std::string pkcs11_lib = parser.get_arg("pkcs11-lib"); + const std::string provider = parser.get_arg("provider"); + const std::string drbg_seed = parser.get_arg("drbg-seed"); - if(threads > 1) - { - output() << " threads:" << threads; - } + const bool log_success = parser.flag_set("log-success"); + const bool run_long_tests = parser.flag_set("run-long-tests"); + const bool run_online_tests = parser.flag_set("run-online-tests"); + const size_t test_runs = parser.get_arg_sz("test-runs"); - if(!pkcs11_lib.empty()) - { - output() << " pkcs11 library:" << pkcs11_lib; - } + const std::vector suites = parser.get_arg_list("suites"); - Botan_Tests::Provider_Filter pf; - if(!provider.empty()) - { - output() << " provider:" << provider; - pf.set(provider); - } #if defined(BOTAN_HAS_OPENSSL) - if(provider.empty() || provider == "openssl") - { - ERR_load_crypto_strings(); - } -#endif - - std::unique_ptr rng = create_test_rng(drbg_seed); - - Botan_Tests::Test::setup_tests(log_success, run_online_tests, run_long_tests, - data_dir, pkcs11_lib, pf, rng.get()); - - for(size_t i = 0; i != runs; ++i) - { - const size_t failed = run_tests(req, output(), threads); - - // Throw so main returns an error - if(failed) - { - throw Botan_Tests::Test_Error("Test suite failure"); - } - } - } - - private: - - std::string report_out(const std::vector& results, - size_t& tests_failed, - size_t& tests_ran) + if(provider.empty() || provider == "openssl") { - std::ostringstream out; - - std::map combined; - for(auto const& result : results) - { - const std::string who = result.who(); - auto i = combined.find(who); - if(i == combined.end()) - { - combined.insert(std::make_pair(who, Botan_Tests::Test::Result(who))); - i = combined.find(who); - } - - i->second.merge(result); - } - - for(auto const& result : combined) - { - out << result.second.result_string(verbose()); - tests_failed += result.second.tests_failed(); - tests_ran += result.second.tests_run(); - } - - return out.str(); + ::ERR_load_crypto_strings(); } - - - size_t run_tests(const std::vector& tests_to_run, - std::ostream& out, - size_t threads) - { - size_t tests_ran = 0, tests_failed = 0; - - const uint64_t start_time = Botan_Tests::Test::timestamp(); - - if(threads <= 1) - { - for(auto const& test_name : tests_to_run) - { - try - { - out << test_name << ':' << std::endl; - const auto results = Botan_Tests::Test::run_test(test_name, false); - out << report_out(results, tests_failed, tests_ran) << std::flush; - } - catch(std::exception& e) - { - out << "Test " << test_name << " failed with exception " << e.what() << std::flush; - } - } - } - else - { - -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - /* - We're not doing this in a particularly nice way, and variance in time is - high so commonly we'll 'run dry' by blocking on the first future. But - plain C++11 is missing a lot of tools we'd need (like - wait_for_any on a set of futures) and there is no point pulling in an - additional dependency just for this. In any case it helps somewhat - (50-100% speedup) and provides a proof of concept for parallel testing. - */ - - typedef std::future> FutureResults; - std::deque fut_results; - - for(auto const& test_name : tests_to_run) - { - auto run_it = [test_name]() -> std::vector - { - try - { - return Botan_Tests::Test::run_test(test_name, false); - } - catch(std::exception& e) - { - Botan_Tests::Test::Result r(test_name); - r.test_failure("Exception thrown", e.what()); - return std::vector {r}; - } - }; - - fut_results.push_back(std::async(std::launch::async, run_it)); - - while(fut_results.size() > threads) - { - out << report_out(fut_results[0].get(), tests_failed, tests_ran) << std::flush; - fut_results.pop_front(); - } - } - - while(fut_results.size() > 0) - { - out << report_out(fut_results[0].get(), tests_failed, tests_ran) << std::flush; - fut_results.pop_front(); - } -#else - out << "Threading support disabled\n"; - return 1; #endif - } - - const uint64_t total_ns = Botan_Tests::Test::timestamp() - start_time; - out << "Tests complete ran " << tests_ran << " tests in " - << Botan_Tests::Test::format_time(total_ns) << " "; - - if(tests_failed > 0) - { - out << tests_failed << " tests failed"; - } - else if(tests_ran > 0) - { - out << "all tests ok"; - } - - out << std::endl; - - return tests_failed; - } - - - }; - -BOTAN_REGISTER_COMMAND("test", Test_Runner); -} + Botan_Tests::Test_Runner tests(std::cout); -int main(int argc, char* argv[]) - { - std::cerr << Botan::runtime_version_check(BOTAN_VERSION_MAJOR, BOTAN_VERSION_MINOR, BOTAN_VERSION_PATCH); - - try - { - std::unique_ptr cmd(Botan_CLI::Command::get_cmd("test")); - - if(!cmd) - { - std::cerr << "Unable to retrieve testing helper (program bug)\n"; // WTF - return 1; - } - - std::vector args(argv + 1, argv + argc); - return cmd->run(args); - } - catch(Botan::Exception& e) - { - std::cerr << "Exiting with library exception " << e.what() << std::endl; + return tests.run(suites, data_dir, pkcs11_lib, provider, + log_success, run_online_tests, run_long_tests, + drbg_seed, test_runs); } catch(std::exception& e) { - std::cerr << "Exiting with std exception " << e.what() << std::endl; + std::cerr << "Exiting with error: " << e.what() << std::endl; } catch(...) { std::cerr << "Exiting with unknown exception" << std::endl; } + return 2; } diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp new file mode 100644 index 0000000000..8d3fe75581 --- /dev/null +++ b/src/tests/test_runner.cpp @@ -0,0 +1,332 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "test_runner.h" +#include "tests.h" + +#include +#include +#include + +#if defined(BOTAN_HAS_HMAC_DRBG) + #include +#endif + +#if defined(BOTAN_HAS_SYSTEM_RNG) + #include +#endif + +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + #include +#endif + +namespace Botan_Tests { + +Test_Runner::Test_Runner(std::ostream& out) : m_output(out) {} + +namespace { + +std::unique_ptr +create_test_rng(const std::string& drbg_seed, std::ostream& output) + { + std::unique_ptr rng; + +#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_AUTO_RNG_HMAC) + + std::vector seed = Botan::hex_decode(drbg_seed); + if(seed.empty()) + { + const uint64_t ts = Botan_Tests::Test::timestamp(); + seed.resize(8); + Botan::store_be(ts, seed.data()); + } + + output << " rng:HMAC_DRBG(" << BOTAN_AUTO_RNG_HMAC << ") with seed '" << Botan::hex_encode(seed) << "'\n"; + + // Expand out the seed with a hash to make the DRBG happy + std::unique_ptr mac = + Botan::MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC); + + mac->set_key(seed); + seed.resize(mac->output_length()); + mac->final(seed.data()); + + std::unique_ptr drbg(new Botan::HMAC_DRBG(std::move(mac))); + drbg->initialize_with(seed.data(), seed.size()); + +#if defined(BOTAN_TARGET_OS_HAS_THREADS) + rng.reset(new Botan::Serialized_RNG(drbg.release())); +#else + rng = std::move(drbg); +#endif + +#endif + + if(!rng && drbg_seed != "") + throw Botan_Tests::Test_Error("HMAC_DRBG disabled in build, cannot specify DRBG seed"); + +#if defined(BOTAN_HAS_SYSTEM_RNG) + if(!rng) + { + output << " rng:system\n"; + rng.reset(new Botan::System_RNG); + } +#endif + +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + if(!rng) + { + output << " rng:autoseeded\n"; +#if defined(BOTAN_TARGET_OS_HAS_THREADS) + rng.reset(new Botan::Serialized_RNG(new Botan::AutoSeeded_RNG)); +#else + rng.reset(new Botan::AutoSeeded_RNG); +#endif + + } +#endif + + if(!rng) + { + // last ditch fallback for RNG-less build + class Bogus_Fallback_RNG final : public Botan::RandomNumberGenerator + { + public: + std::string name() const override { return "Bogus_Fallback_RNG"; } + + void clear() override { /* ignored */ } + void add_entropy(const uint8_t[], size_t) override { /* ignored */ } + bool is_seeded() const override { return true; } + + void randomize(uint8_t out[], size_t len) override + { + for(size_t i = 0; i != len; ++i) + { + m_x = (m_x * 31337 + 42); + out[i] = static_cast(m_x >> 7); + } + } + + Bogus_Fallback_RNG() : m_x(1) {} + private: + uint32_t m_x; + }; + + output << " rng:bogus\n"; + rng.reset(new Bogus_Fallback_RNG); + } + + return rng; + } + +} + +std::string Test_Runner::help_text() const + { + std::ostringstream err; + + err << "Usage: botan-test " + << "--run-long-tests --run-online-tests --test-runs=1 --drbg-seed= --data-dir= --pkcs11-lib= --provider= --log-success" + << "\n\nAvailable test suites\n" + << "----------------\n"; + + size_t line_len = 0; + + for(auto const& test : Botan_Tests::Test::registered_tests()) + { + err << test << " "; + line_len += test.size() + 1; + + if(line_len > 64) + { + err << "\n"; + line_len = 0; + } + } + + if(line_len > 0) + { + err << "\n"; + } + + return err.str(); + } + +int Test_Runner::run(const std::vector& requested_tests, + const std::string& data_dir, + const std::string& pkcs11_lib, + const std::string& provider, + bool log_success, + bool run_online_tests, + bool run_long_tests, + const std::string& drbg_seed, + size_t runs) + { + std::vector req = requested_tests; + + if(req.empty()) + { + /* + If nothing was requested on the command line, run everything. First + run the "essentials" to smoke test, then everything else in + alphabetical order. + */ + req = {"block", "stream", "hash", "mac", "modes", "aead" + "kdf", "pbkdf", "hmac_drbg", "util" + }; + + std::set all_others = Botan_Tests::Test::registered_tests(); + + if(pkcs11_lib.empty()) + { + // do not run pkcs11 tests by default unless pkcs11-lib set + for(std::set::iterator iter = all_others.begin(); iter != all_others.end();) + { + if((*iter).find("pkcs11") != std::string::npos) + { + iter = all_others.erase(iter); + } + else + { + ++iter; + } + } + } + + for(auto f : req) + { + all_others.erase(f); + } + + req.insert(req.end(), all_others.begin(), all_others.end()); + } + else if(req.size() == 1 && req.at(0) == "pkcs11") + { + req = {"pkcs11-manage", "pkcs11-module", "pkcs11-slot", "pkcs11-session", "pkcs11-object", "pkcs11-rsa", + "pkcs11-ecdsa", "pkcs11-ecdh", "pkcs11-rng", "pkcs11-x509" + }; + } + else + { + std::set all = Botan_Tests::Test::registered_tests(); + for(auto const& r : req) + { + if(all.find(r) == all.end()) + { + throw Botan_Tests::Test_Error("Unknown test suite: " + r); + } + } + } + + output() << "Testing " << Botan::version_string() << "\n"; + output() << "Starting tests"; + + if(!pkcs11_lib.empty()) + { + output() << " pkcs11 library:" << pkcs11_lib; + } + + Botan_Tests::Provider_Filter pf; + if(!provider.empty()) + { + output() << " provider:" << provider; + pf.set(provider); + } + + std::unique_ptr rng = create_test_rng(drbg_seed, output()); + + Botan_Tests::Test::setup_tests(log_success, run_online_tests, run_long_tests, + data_dir, pkcs11_lib, pf, rng.get()); + + for(size_t i = 0; i != runs; ++i) + { + const size_t failed = run_tests(req); + + // Throw so main returns an error + if(failed) + { + return failed; + } + } + + return 0; + } + +namespace { + +std::string report_out(const std::vector& results, + size_t& tests_failed, + size_t& tests_ran) + { + std::ostringstream out; + + std::map combined; + for(auto const& result : results) + { + const std::string who = result.who(); + auto i = combined.find(who); + if(i == combined.end()) + { + combined.insert(std::make_pair(who, Botan_Tests::Test::Result(who))); + i = combined.find(who); + } + + i->second.merge(result); + } + + for(auto const& result : combined) + { + const bool verbose = false; + out << result.second.result_string(verbose); + tests_failed += result.second.tests_failed(); + tests_ran += result.second.tests_run(); + } + + return out.str(); + } + +} + +size_t Test_Runner::run_tests(const std::vector& tests_to_run) + { + size_t tests_ran = 0, tests_failed = 0; + + const uint64_t start_time = Botan_Tests::Test::timestamp(); + + for(auto const& test_name : tests_to_run) + { + try + { + output() << test_name << ':' << std::endl; + const auto results = Botan_Tests::Test::run_test(test_name, false); + output() << report_out(results, tests_failed, tests_ran) << std::flush; + } + catch(std::exception& e) + { + output() << "Test " << test_name << " failed with exception " << e.what() << std::flush; + } + } + + const uint64_t total_ns = Botan_Tests::Test::timestamp() - start_time; + output() << "Tests complete ran " << tests_ran << " tests in " + << Botan_Tests::Test::format_time(total_ns) << " "; + + if(tests_failed > 0) + { + output() << tests_failed << " tests failed"; + } + else if(tests_ran > 0) + { + output() << "all tests ok"; + } + + output() << std::endl; + + return tests_failed; + } + +} + diff --git a/src/tests/test_runner.h b/src/tests/test_runner.h new file mode 100644 index 0000000000..7d111920c2 --- /dev/null +++ b/src/tests/test_runner.h @@ -0,0 +1,43 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_TEST_RUNNER_H_ +#define BOTAN_TEST_RUNNER_H_ + +#include +#include +#include + +namespace Botan_Tests { + +class Test_Runner final + { + public: + Test_Runner(std::ostream& out); + + std::string help_text() const; + + int run(const std::vector& requested_tests, + const std::string& data_dir, + const std::string& pkcs11_lib, + const std::string& provider, + bool log_success, + bool run_online_tests, + bool run_long_tests, + const std::string& drbg_seed, + size_t runs); + + private: + std::ostream& output() const { return m_output; } + + size_t run_tests(const std::vector& tests_to_run); + + std::ostream& m_output; + }; + +} + +#endif From 08ffc1a49bb0f1a1a42a57d7c55bbf0d9b6b8336 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 11:51:12 -0400 Subject: [PATCH 0092/1008] Avoid using namespace, other cleanups --- src/cli/encryption.cpp | 51 ++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index ffc1d0b484..c041f78ee7 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -9,10 +9,9 @@ #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_MODES) #include +#include #include -using namespace Botan; - namespace Botan_CLI { namespace { @@ -31,41 +30,39 @@ auto VALID_MODES = std::map{ { "aes-256-xts", "AES-256/XTS" }, }; -bool is_aead(const std::string &cipher) - { - return cipher.find("/GCM") != std::string::npos - || cipher.find("/OCB") != std::string::npos; - } - -secure_vector do_crypt(const std::string &cipher, - const std::vector &input, - const SymmetricKey &key, - const InitializationVector &iv, - const OctetString &ad, - Cipher_Dir direction) +Botan::secure_vector +do_crypt(const std::string &cipher, + const std::vector &input, + const Botan::SymmetricKey &key, + const Botan::InitializationVector &iv, + const std::vector& ad, + Botan::Cipher_Dir direction) { - if (iv.size() == 0) throw std::invalid_argument("IV must not be empty"); + if(iv.size() == 0) + throw CLI_Usage_Error("IV must not be empty"); // TODO: implement streaming - std::shared_ptr processor(Botan::get_cipher_mode(cipher, direction)); - if(!processor) throw std::runtime_error("Cipher algorithm not found"); + std::unique_ptr processor(Botan::get_cipher_mode(cipher, direction)); + if(!processor) + throw CLI_Error("Cipher algorithm not found"); // Set key processor->set_key(key); - // Set associated data - if (is_aead(cipher)) + if(Botan::AEAD_Mode* aead = dynamic_cast(processor.get())) + { + aead->set_ad(ad); + } + else if(ad.size() != 0) { - auto aead_processor = std::dynamic_pointer_cast(processor); - if(!aead_processor) throw std::runtime_error("Cipher algorithm not could not be converted to AEAD"); - aead_processor->set_ad(ad.bits_of()); + throw CLI_Usage_Error("Cannot specify associated data with non-AEAD mode"); } // Set IV processor->start(iv.bits_of()); - secure_vector buf(input.begin(), input.end()); + Botan::secure_vector buf(input.begin(), input.end()); processor->finish(buf); return buf; @@ -103,11 +100,11 @@ class Encryption final : public Command error_output() << "Got " << input.size() << " bytes of input data.\n"; } - auto key = SymmetricKey(key_hex); - auto iv = InitializationVector(iv_hex); - auto ad = OctetString(ad_hex); + const Botan::SymmetricKey key(key_hex); + const Botan::InitializationVector iv(iv_hex); + const std::vector ad = Botan::hex_decode(ad_hex); - auto direction = flag_set("decrypt") ? Cipher_Dir::DECRYPTION : Cipher_Dir::ENCRYPTION; + auto direction = flag_set("decrypt") ? Botan::Cipher_Dir::DECRYPTION : Botan::Cipher_Dir::ENCRYPTION; write_output(do_crypt(VALID_MODES[mode], input, key, iv, ad, direction)); } }; From 5c3470fee0d3e8a6c0eb702602364e9e5dd5d658 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 12:01:43 -0400 Subject: [PATCH 0093/1008] Avoid "using namespace" in test code --- src/tests/test_mp.cpp | 58 +++++++++++++++++---------------------- src/tests/test_pkcs11.cpp | 7 ++--- src/tests/test_utils.cpp | 50 ++++++++++++++++----------------- 3 files changed, 51 insertions(+), 64 deletions(-) diff --git a/src/tests/test_mp.cpp b/src/tests/test_mp.cpp index 8372e7e5cf..766ba476f4 100644 --- a/src/tests/test_mp.cpp +++ b/src/tests/test_mp.cpp @@ -35,17 +35,15 @@ class MP_Unit_Tests final : public Test { Result result("bigint_cnd_add"); - using namespace Botan; + const Botan::word max = Botan::MP_WORD_MAX; - const word max = MP_WORD_MAX; - - word a = 2; - word c = bigint_cnd_add(0, &a, &max, 1); + Botan::word a = 2; + Botan::word c = Botan::bigint_cnd_add(0, &a, &max, 1); result.test_int_eq(a, 2, "No op"); result.test_int_eq(c, 0, "No op"); - c = bigint_cnd_add(1, &a, &max, 1); + c = Botan::bigint_cnd_add(1, &a, &max, 1); result.test_int_eq(a, 1, "Add"); result.test_int_eq(c, 1, "Carry"); @@ -59,18 +57,16 @@ class MP_Unit_Tests final : public Test { Result result("bigint_cnd_sub"); - using namespace Botan; - - word a = 2; - word b = 3; - word c = bigint_cnd_sub(0, &a, &b, 1); + Botan::word a = 2; + Botan::word b = 3; + Botan::word c = Botan::bigint_cnd_sub(0, &a, &b, 1); result.test_int_eq(a, 2, "No op"); result.test_int_eq(c, 0, "No op"); - c = bigint_cnd_sub(1, &a, &b, 1); + c = Botan::bigint_cnd_sub(1, &a, &b, 1); - result.test_int_eq(a, MP_WORD_MAX, "Sub"); + result.test_int_eq(a, Botan::MP_WORD_MAX, "Sub"); result.test_int_eq(c, 1, "Borrow"); return result; @@ -80,27 +76,25 @@ class MP_Unit_Tests final : public Test { Result result("bigint_cnd_abs"); - using namespace Botan; - - word x1 = MP_WORD_MAX; - bigint_cnd_abs(1, &x1, 1); + Botan::word x1 = Botan::MP_WORD_MAX; + Botan::bigint_cnd_abs(1, &x1, 1); result.test_int_eq(x1, 1, "Abs"); x1 = 0; - bigint_cnd_abs(1, &x1, 1); + Botan::bigint_cnd_abs(1, &x1, 1); result.test_int_eq(x1, 0, "Abs"); x1 = 1; - bigint_cnd_abs(1, &x1, 1); - result.test_int_eq(x1, MP_WORD_MAX, "Abs"); + Botan::bigint_cnd_abs(1, &x1, 1); + result.test_int_eq(x1, Botan::MP_WORD_MAX, "Abs"); x1 = 1; - bigint_cnd_abs(0, &x1, 1); + Botan::bigint_cnd_abs(0, &x1, 1); result.test_int_eq(x1, 1, "No change"); - word x2[2] = { MP_WORD_MAX, MP_WORD_MAX }; + Botan::word x2[2] = { Botan::MP_WORD_MAX, Botan::MP_WORD_MAX }; - bigint_cnd_abs(1, x2, 2); + Botan::bigint_cnd_abs(1, x2, 2); result.test_int_eq(x2[0], 1, "Abs"); result.test_int_eq(x2[1], 0, "Abs"); @@ -111,24 +105,22 @@ class MP_Unit_Tests final : public Test { Result result("bigint_cnd_swap"); - using namespace Botan; - // null with zero length is ok - bigint_cnd_swap(0, nullptr, nullptr, 0); - bigint_cnd_swap(1, nullptr, nullptr, 0); + Botan::bigint_cnd_swap(0, nullptr, nullptr, 0); + Botan::bigint_cnd_swap(1, nullptr, nullptr, 0); - word x1 = 5, y1 = 9; + Botan::word x1 = 5, y1 = 9; - bigint_cnd_swap(0, &x1, &y1, 1); + Botan::bigint_cnd_swap(0, &x1, &y1, 1); result.test_int_eq(x1, 5, "No swap"); - bigint_cnd_swap(1, &x1, &y1, 1); + Botan::bigint_cnd_swap(1, &x1, &y1, 1); result.test_int_eq(x1, 9, "Swap"); - word x5[5] = { 0, 1, 2, 3, 4 }; - word y5[5] = { 3, 2, 1, 0, 9 }; + Botan::word x5[5] = { 0, 1, 2, 3, 4 }; + Botan::word y5[5] = { 3, 2, 1, 0, 9 }; // Should only modify first four - bigint_cnd_swap(1, x5, y5, 4); + Botan::bigint_cnd_swap(1, x5, y5, 4); for(size_t i = 0; i != 4; ++i) { diff --git a/src/tests/test_pkcs11.cpp b/src/tests/test_pkcs11.cpp index 289e344660..70861cef72 100644 --- a/src/tests/test_pkcs11.cpp +++ b/src/tests/test_pkcs11.cpp @@ -10,9 +10,6 @@ namespace Botan_Tests { #if defined(BOTAN_HAS_PKCS11) -using namespace Botan; -using namespace PKCS11; - std::vector PKCS11_Test::run_pkcs11_tests(const std::string& name, std::vector>& fns) { @@ -24,11 +21,11 @@ std::vector PKCS11_Test::run_pkcs11_tests(const std::string& name, { results.push_back(fns[ i ]()); } - catch(PKCS11_ReturnError& e) + catch(Botan::PKCS11::PKCS11_ReturnError& e) { results.push_back(Test::Result::Failure(name + " test " + std::to_string(i), e.what())); - if(e.get_return_value() == ReturnValue::PinIncorrect) + if(e.get_return_value() == Botan::PKCS11::ReturnValue::PinIncorrect) { break; // Do not continue to not potentially lock the token } diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index 8d46d4a26b..57cd3208c6 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -404,8 +404,6 @@ class Charset_Tests final : public Text_Based_Test Test::Result run_one_test(const std::string& type, const VarMap& vars) override { - using namespace Botan; - Test::Result result("Charset"); const std::vector in = get_req_bin(vars, "In"); @@ -414,18 +412,21 @@ class Charset_Tests final : public Text_Based_Test std::string converted; if(type == "UTF16-LATIN1") { - converted = Charset::transcode(std::string(in.begin(), in.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UCS2_CHARSET); + converted = Botan::Charset::transcode(std::string(in.begin(), in.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UCS2_CHARSET); } else if(type == "UTF8-LATIN1") { - converted = Charset::transcode(std::string(in.begin(), in.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UTF8_CHARSET); + converted = Botan::Charset::transcode(std::string(in.begin(), in.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UTF8_CHARSET); } else if(type == "LATIN1-UTF8") { - converted = Charset::transcode(std::string(in.begin(), in.end()), - Character_Set::UTF8_CHARSET, Character_Set::LATIN1_CHARSET); + converted = Botan::Charset::transcode(std::string(in.begin(), in.end()), + Botan::Character_Set::UTF8_CHARSET, + Botan::Character_Set::LATIN1_CHARSET); } else { @@ -439,8 +440,6 @@ class Charset_Tests final : public Text_Based_Test Test::Result utf16_to_latin1_negative_tests() { - using namespace Botan; - Test::Result result("Charset negative tests"); result.test_throws("conversion fails for non-Latin1 characters", []() @@ -450,16 +449,18 @@ class Charset_Tests final : public Text_Based_Test 0x78, 0x00, 0x61, 0x00, 0x62, 0x00, 0x63, 0x00, 0x64, 0x00, 0x65, 0x00, 0x66 }; - Charset::transcode(std::string(input.begin(), input.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UCS2_CHARSET); + Botan::Charset::transcode(std::string(input.begin(), input.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UCS2_CHARSET); }); result.test_throws("conversion fails for UTF16 string with odd number of bytes", []() { std::vector input = { 0x00, 0x61, 0x00 }; - Charset::transcode(std::string(input.begin(), input.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UCS2_CHARSET); + Botan::Charset::transcode(std::string(input.begin(), input.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UCS2_CHARSET); }); return result; @@ -467,8 +468,6 @@ class Charset_Tests final : public Text_Based_Test Test::Result utf8_to_latin1_negative_tests() { - using namespace Botan; - Test::Result result("Charset negative tests"); result.test_throws("conversion fails for non-Latin1 characters", []() @@ -478,8 +477,9 @@ class Charset_Tests final : public Text_Based_Test 0xB8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; - Charset::transcode(std::string(input.begin(), input.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UTF8_CHARSET); + Botan::Charset::transcode(std::string(input.begin(), input.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UTF8_CHARSET); }); result.test_throws("invalid utf-8 string", []() @@ -487,16 +487,18 @@ class Charset_Tests final : public Text_Based_Test // sequence truncated std::vector input = { 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC5 }; - Charset::transcode(std::string(input.begin(), input.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UTF8_CHARSET); + Botan::Charset::transcode(std::string(input.begin(), input.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UTF8_CHARSET); }); result.test_throws("invalid utf-8 string", []() { std::vector input = { 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC8, 0xB8, 0x61 }; - Charset::transcode(std::string(input.begin(), input.end()), - Character_Set::LATIN1_CHARSET, Character_Set::UTF8_CHARSET); + Botan::Charset::transcode(std::string(input.begin(), input.end()), + Botan::Character_Set::LATIN1_CHARSET, + Botan::Character_Set::UTF8_CHARSET); }); return result; @@ -504,8 +506,6 @@ class Charset_Tests final : public Text_Based_Test std::vector run_final_tests() override { - using namespace Botan; - Test::Result result("Charset negative tests"); result.merge(utf16_to_latin1_negative_tests()); @@ -526,8 +526,6 @@ class Hostname_Tests final : public Text_Based_Test Test::Result run_one_test(const std::string& type, const VarMap& vars) override { - using namespace Botan; - Test::Result result("Hostname"); const std::string issued = get_req_str(vars, "Issued"); From ec4f5f1aa187a5416a43f10ae5afa5da137f99ae Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 12:21:22 -0400 Subject: [PATCH 0094/1008] In cipher tests count IV setup as part of the message cost Splitting this out gives a misleading perf measurement. --- src/cli/speed.cpp | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 518adb8577..15b955b3e9 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1084,8 +1084,6 @@ class Speed final : public Command record_result(ks_timer); - Timer iv_timer(enc.name(), enc.provider(), "iv setup"); - for(auto buf_size : buf_sizes) { Botan::secure_vector buffer = rng().random_vec(buf_size); @@ -1095,23 +1093,18 @@ class Speed final : public Command Botan::secure_vector iv = rng().random_vec(enc.default_nonce_length()); - iv_timer.run([&]() { enc.start(iv); }); - iv_timer.run([&]() { dec.start(iv); }); - if(buf_size >= enc.minimum_final_size()) { while(encrypt_timer.under(runtime) && decrypt_timer.under(runtime)) { // Must run in this order, or AEADs will reject the ciphertext - encrypt_timer.run([&]() { enc.finish(buffer); }); + encrypt_timer.run([&]() { enc.start(iv); enc.finish(buffer); }); - decrypt_timer.run([&]() { dec.finish(buffer); }); + decrypt_timer.run([&]() { dec.start(iv); dec.finish(buffer); }); if(iv.size() > 0) { iv[0] += 1; - iv_timer.run([&]() { enc.start(iv); }); - iv_timer.run([&]() { dec.start(iv); }); } } } @@ -1119,7 +1112,6 @@ class Speed final : public Command record_result(encrypt_timer); record_result(decrypt_timer); } - record_result(iv_timer); } void bench_rng( From c2830ddf08b41a9f5f2a472e0cc488c9c358fdb2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 13:58:41 -0400 Subject: [PATCH 0095/1008] Inline Test::run_test into only caller --- src/tests/test_runner.cpp | 24 ++++++++++++++++++++---- src/tests/tests.cpp | 38 -------------------------------------- src/tests/tests.h | 4 +--- 3 files changed, 21 insertions(+), 45 deletions(-) diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 8d3fe75581..9abf43795d 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -298,16 +298,32 @@ size_t Test_Runner::run_tests(const std::vector& tests_to_run) for(auto const& test_name : tests_to_run) { + output() << test_name << ':' << std::endl; + + std::vector results; + try { - output() << test_name << ':' << std::endl; - const auto results = Botan_Tests::Test::run_test(test_name, false); - output() << report_out(results, tests_failed, tests_ran) << std::flush; + if(Test* test = Test::get_test(test_name)) + { + std::vector test_results = test->run(); + results.insert(results.end(), test_results.begin(), test_results.end()); + } + else + { + results.push_back(Test::Result::Note(test_name, "Test missing or unavailable")); + } } catch(std::exception& e) { - output() << "Test " << test_name << " failed with exception " << e.what() << std::flush; + results.push_back(Test::Result::Failure(test_name, e.what())); + } + catch(...) + { + results.push_back(Test::Result::Failure(test_name, "unknown exception")); } + + output() << report_out(results, tests_failed, tests_ran) << std::flush; } const uint64_t total_ns = Botan_Tests::Test::timestamp() - start_time; diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index 7c4e8a2588..3d937b9de1 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -506,44 +506,6 @@ Test* Test::get_test(const std::string& test_name) return nullptr; } -//static -std::vector Test::run_test(const std::string& test_name, bool fail_if_missing) - { - std::vector results; - - try - { - if(Test* test = get_test(test_name)) - { - std::vector test_results = test->run(); - results.insert(results.end(), test_results.begin(), test_results.end()); - } - else - { - Test::Result result(test_name); - if(fail_if_missing) - { - result.test_failure("Test missing or unavailable"); - } - else - { - result.test_note("Test missing or unavailable"); - } - results.push_back(result); - } - } - catch(std::exception& e) - { - results.push_back(Test::Result::Failure(test_name, e.what())); - } - catch(...) - { - results.push_back(Test::Result::Failure(test_name, "unknown exception")); - } - - return results; - } - // static member variables of Test Botan::RandomNumberGenerator* Test::m_test_rng = nullptr; std::string Test::m_data_dir; diff --git a/src/tests/tests.h b/src/tests/tests.h index d8573444a0..fdbd080f42 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -357,8 +357,6 @@ class Test virtual ~Test() = default; virtual std::vector possible_providers(const std::string&); - static std::vector run_test(const std::string& what, bool fail_if_missing); - static std::map>& global_registry(); static std::set registered_tests(); @@ -397,7 +395,7 @@ class Test return r; } - static void setup_tests(bool log_succcss, + static void setup_tests(bool log_success, bool run_online_tests, bool run_long_tests, const std::string& data_dir, From 39314a242f1a98d7493410ebddd449fa57813bc2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 14:38:09 -0400 Subject: [PATCH 0096/1008] Tweak help output a bit --- src/cli/cli.cpp | 10 +++++++--- src/cli/cli.h | 13 ++++++++----- src/cli/main.cpp | 33 ++++++--------------------------- src/cli/utils.cpp | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 53 insertions(+), 35 deletions(-) diff --git a/src/cli/cli.cpp b/src/cli/cli.cpp index f23c3574dd..e3ff2a75fe 100644 --- a/src/cli/cli.cpp +++ b/src/cli/cli.cpp @@ -21,10 +21,14 @@ Command::Command(const std::string& cmd_spec) : m_spec(cmd_spec) Command::~Command() { /* for unique_ptr */ } +std::string Command::cmd_name() const + { + return m_spec.substr(0, m_spec.find(' ')); + } + std::string Command::help_text() const { - return "Usage: " + m_spec + - "\n\nAll commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed="; + return "Usage: " + m_spec; } int Command::run(const std::vector& params) @@ -68,7 +72,7 @@ int Command::run(const std::vector& params) } this->go(); - return 0; + return m_return_code; } catch(CLI_Usage_Error& e) { diff --git a/src/cli/cli.h b/src/cli/cli.h index 75de335159..d096617a35 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -93,18 +93,18 @@ class Command return m_spec; } - std::string cmd_name() const - { - return m_spec.substr(0, m_spec.find(' ')); - } + std::string cmd_name() const; protected: /* - * The actual functionality of the cli command implemented in subclas + * The actual functionality of the cli command implemented in subclas. + * The return value from main will be zero. */ virtual void go() = 0; + void set_return_code(int rc) { m_return_code = rc; } + std::ostream& output(); std::ostream& error_output(); @@ -172,6 +172,9 @@ class Command std::unique_ptr m_rng; + // possibly set by calling set_return_code() + int m_return_code = 0; + public: // the registry interface: diff --git a/src/cli/main.cpp b/src/cli/main.cpp index 6b00244652..167052c9de 100644 --- a/src/cli/main.cpp +++ b/src/cli/main.cpp @@ -5,41 +5,20 @@ */ #include "cli.h" - #include -#include #include -namespace { - -std::string main_help() - { - std::ostringstream oss; - - oss << "Usage: botan \n"; - oss << "Available commands:\n"; - - for(const auto& cmd_name : Botan_CLI::Command::registered_cmds()) - { - std::unique_ptr cmd = Botan_CLI::Command::get_cmd(cmd_name); - oss << cmd->cmd_spec() << "\n"; - } - - return oss.str(); - } - -} - int main(int argc, char* argv[]) { std::cerr << Botan::runtime_version_check(BOTAN_VERSION_MAJOR, BOTAN_VERSION_MINOR, BOTAN_VERSION_PATCH); - const std::string cmd_name = (argc <= 1) ? "help" : argv[1]; + std::string cmd_name = "help"; - if(cmd_name == "help" || cmd_name == "--help" || cmd_name == "-h") + if(argc >= 2) { - std::cout << main_help(); - return 1; + cmd_name = argv[1]; + if(cmd_name == "--help" || cmd_name == "-h") + cmd_name = "help"; } std::unique_ptr cmd(Botan_CLI::Command::get_cmd(cmd_name)); @@ -50,6 +29,6 @@ int main(int argc, char* argv[]) return 1; } - std::vector args(argv + 2, argv + argc); + std::vector args(argv + std::min(argc, 2), argv + argc); return cmd->run(args); } diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 1e2ddf42e2..602035c8c7 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -14,6 +14,7 @@ #include #include #include +#include #if defined(BOTAN_HAS_BASE64_CODEC) #include @@ -29,6 +30,37 @@ namespace Botan_CLI { +class Print_Help final : public Command + { + public: + Print_Help() : Command("help") {} + + std::string help_text() const override + { + std::ostringstream oss; + + oss << "Usage: botan \n\n"; + oss << "All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed=\n\n"; + oss << "Available commands:\n"; + + for(const auto& cmd_name : Command::registered_cmds()) + { + std::unique_ptr cmd = Command::get_cmd(cmd_name); + oss << " " << cmd->cmd_spec() << "\n"; + } + + return oss.str(); + } + + void go() override + { + this->set_return_code(1); + output() << help_text(); + } + }; + +BOTAN_REGISTER_COMMAND("help", Print_Help); + class Config_Info final : public Command { public: From 00d6b7c01429682b4f12d007ad5ce20e8492afda Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 15:18:02 -0400 Subject: [PATCH 0097/1008] Add header for std::min --- src/cli/main.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cli/main.cpp b/src/cli/main.cpp index 167052c9de..74cf71d37f 100644 --- a/src/cli/main.cpp +++ b/src/cli/main.cpp @@ -7,6 +7,7 @@ #include "cli.h" #include #include +#include int main(int argc, char* argv[]) { From 4f49a6444127801335dab049f0f0b4419d8d9cc1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 15:48:21 -0400 Subject: [PATCH 0098/1008] Convert http:// links to https:// where possible --- src/lib/block/aes/aes_ssse3/aes_ssse3.cpp | 2 +- src/lib/block/aria/aria.cpp | 2 +- src/lib/block/aria/aria.h | 2 +- src/lib/block/lion/lion.h | 2 +- src/lib/block/serpent/serpent.h | 2 +- src/lib/hash/sha1/sha1_armv8/sha1_armv8.cpp | 2 +- src/lib/hash/sha2_32/sha2_32_armv8/sha2_32_armv8.cpp | 2 +- src/lib/math/ec_gfp/point_gfp.cpp | 6 +++--- src/lib/math/numbertheory/numthry.cpp | 4 ++-- src/lib/misc/fpe_fe1/fpe_fe1.h | 2 +- src/lib/modes/aead/gcm/pmull/pmull.cpp | 2 +- src/lib/passhash/bcrypt/bcrypt.h | 2 +- src/lib/pubkey/curve25519/donna.cpp | 4 ++-- src/lib/stream/chacha/chacha.h | 2 +- src/lib/tls/tls_channel.cpp | 2 +- src/lib/utils/calendar.cpp | 2 +- src/lib/x509/certstor_sqlite3/certstor_sqlite.h | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/lib/block/aes/aes_ssse3/aes_ssse3.cpp b/src/lib/block/aes/aes_ssse3/aes_ssse3.cpp index 6dcf1e794e..47d70d0b8b 100644 --- a/src/lib/block/aes/aes_ssse3/aes_ssse3.cpp +++ b/src/lib/block/aes/aes_ssse3/aes_ssse3.cpp @@ -5,7 +5,7 @@ * This is more or less a direct translation of public domain x86-64 * assembly written by Mike Hamburg, described in "Accelerating AES * with Vector Permute Instructions" (CHES 2009). His original code is -* available at http://crypto.stanford.edu/vpaes/ +* available at https://crypto.stanford.edu/vpaes/ * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/block/aria/aria.cpp b/src/lib/block/aria/aria.cpp index 1583dd7d34..4b99d23065 100644 --- a/src/lib/block/aria/aria.cpp +++ b/src/lib/block/aria/aria.cpp @@ -11,7 +11,7 @@ * National Security Research Institute, KOREA. Aaram Yun's implementation is based on * the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from * the Korea Internet & Security Agency website. -* RFC 5794, A Description of the ARIA Encryption Algorithm, +* RFC 5794, A Description of the ARIA Encryption Algorithm, * Korea * Internet & Security Agency homepage */ diff --git a/src/lib/block/aria/aria.h b/src/lib/block/aria/aria.h index f412197cfb..3742776869 100644 --- a/src/lib/block/aria/aria.h +++ b/src/lib/block/aria/aria.h @@ -8,7 +8,7 @@ * National Security Research Institute, KOREA. Aaram Yun's implementation is based on * the 8-bit implementation by Jin Hong. The source files are available in ARIA.zip from * the Korea Internet & Security Agency website. -* RFC 5794, A Description of the ARIA Encryption Algorithm, +* RFC 5794, A Description of the ARIA Encryption Algorithm, * Korea * Internet & Security Agency homepage */ diff --git a/src/lib/block/lion/lion.h b/src/lib/block/lion/lion.h index 54e13175e7..846c3cd302 100644 --- a/src/lib/block/lion/lion.h +++ b/src/lib/block/lion/lion.h @@ -20,7 +20,7 @@ namespace Botan { * Ciphers: BEAR and LION". It has a variable block size and is * designed to encrypt very large blocks (up to a megabyte) -* http://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf +* https://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf */ class BOTAN_PUBLIC_API(2,0) Lion final : public BlockCipher { diff --git a/src/lib/block/serpent/serpent.h b/src/lib/block/serpent/serpent.h index 28aa44e21f..4d23c9a01f 100644 --- a/src/lib/block/serpent/serpent.h +++ b/src/lib/block/serpent/serpent.h @@ -14,7 +14,7 @@ namespace Botan { /** * Serpent is the most conservative of the AES finalists -* http://www.cl.cam.ac.uk/~rja14/serpent.html +* https://www.cl.cam.ac.uk/~rja14/serpent.html */ class BOTAN_PUBLIC_API(2,0) Serpent final : public Block_Cipher_Fixed_Params<16, 16, 32, 8> { diff --git a/src/lib/hash/sha1/sha1_armv8/sha1_armv8.cpp b/src/lib/hash/sha1/sha1_armv8/sha1_armv8.cpp index 1d5ebaa4ee..9da48c9fec 100644 --- a/src/lib/hash/sha1/sha1_armv8/sha1_armv8.cpp +++ b/src/lib/hash/sha1/sha1_armv8/sha1_armv8.cpp @@ -33,7 +33,7 @@ void SHA_160::sha1_armv8_compress_n(secure_vector& digest, const uint8 ABCD = vld1q_u32(&digest[0]); E0 = digest[4]; - // Intermediate void* cast due to http://llvm.org/bugs/show_bug.cgi?id=20670 + // Intermediate void* cast due to https://llvm.org/bugs/show_bug.cgi?id=20670 const uint32_t* input32 = reinterpret_cast(reinterpret_cast(input8)); while (blocks) diff --git a/src/lib/hash/sha2_32/sha2_32_armv8/sha2_32_armv8.cpp b/src/lib/hash/sha2_32/sha2_32_armv8/sha2_32_armv8.cpp index a909b1fbf6..1574a32738 100644 --- a/src/lib/hash/sha2_32/sha2_32_armv8/sha2_32_armv8.cpp +++ b/src/lib/hash/sha2_32/sha2_32_armv8/sha2_32_armv8.cpp @@ -47,7 +47,7 @@ void SHA_256::compress_digest_armv8(secure_vector& digest, const uint8 STATE0 = vld1q_u32(&digest[0]); STATE1 = vld1q_u32(&digest[4]); - // Intermediate void* cast due to http://llvm.org/bugs/show_bug.cgi?id=20670 + // Intermediate void* cast due to https://llvm.org/bugs/show_bug.cgi?id=20670 const uint32_t* input32 = reinterpret_cast(reinterpret_cast(input8)); while (blocks) diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index c549823aaf..0b615b88bf 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -86,7 +86,7 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) BigInt& r = ws_bn[7]; /* - http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 + https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 */ curve_sqr(rhs_z2, rhs.m_coord_z); @@ -158,7 +158,7 @@ void PointGFp::mult2(std::vector& ws_bn) } /* - http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc + https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc */ const BigInt& p = m_curve.get_p(); @@ -359,7 +359,7 @@ PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar_in, /* Algorithm 7 from "Randomizing the Montgomery Powering Ladder" Duc-Phong Le, Chik How Tan and Michael Tunstall - http://eprint.iacr.org/2015/657 + https://eprint.iacr.org/2015/657 It takes a random walk through (a subset of) the set of addition chains that end in k. diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index 45a81daa80..12ac519537 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -82,7 +82,7 @@ with n <= k <= 2n Returns k "The Montgomery Modular Inverse - Revisited" Çetin Koç, E. Savas -http://citeseerx.ist.psu.edu/viewdoc/citations?doi=10.1.1.75.8377 +https://citeseerx.ist.psu.edu/viewdoc/citations?doi=10.1.1.75.8377 A const time implementation of this algorithm is described in "Constant Time Modular Inversion" Joppe W. Bos @@ -171,7 +171,7 @@ BigInt ct_inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod) Software Polynomial Multiplication on ARM Processors using the NEON Engine" by Danilo Câmara, Conrado P. L. Gouvêa, Julio López, and Ricardo Dahab in LNCS 8182 - http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf + https://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf Thanks to Niels for creating the algorithm, explaining some things about it, and the reference to the paper. diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h index 862c128460..7f92f0601a 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.h +++ b/src/lib/misc/fpe_fe1/fpe_fe1.h @@ -18,7 +18,7 @@ namespace FPE { /** * Format Preserving Encryption using the scheme FE1 from the paper * "Format-Preserving Encryption" by Bellare, Rogaway, et al -* (http://eprint.iacr.org/2009/251) +* (https://eprint.iacr.org/2009/251) * * Encrypt X from and onto the group Z_n using key and tweak * @param n the modulus diff --git a/src/lib/modes/aead/gcm/pmull/pmull.cpp b/src/lib/modes/aead/gcm/pmull/pmull.cpp index 77eb1909f2..13fa565c4f 100644 --- a/src/lib/modes/aead/gcm/pmull/pmull.cpp +++ b/src/lib/modes/aead/gcm/pmull/pmull.cpp @@ -15,7 +15,7 @@ namespace Botan { /* This follows the same pattern as the clmul implementation. -See also http://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf +See also https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf */ namespace { diff --git a/src/lib/passhash/bcrypt/bcrypt.h b/src/lib/passhash/bcrypt/bcrypt.h index 7f05dccde4..f5b8113337 100644 --- a/src/lib/passhash/bcrypt/bcrypt.h +++ b/src/lib/passhash/bcrypt/bcrypt.h @@ -21,7 +21,7 @@ class RandomNumberGenerator; * @param rng a random number generator * @param work_factor how much work to do to slow down guessing attacks * -* @see http://www.usenix.org/events/usenix99/provos/provos_html/ +* @see https://www.usenix.org/events/usenix99/provos/provos_html/ */ std::string BOTAN_PUBLIC_API(2,0) generate_bcrypt(const std::string& password, RandomNumberGenerator& rng, diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 89f3fbc4aa..6807d56f69 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -10,14 +10,14 @@ * * curve25519-donna: Curve25519 elliptic curve, public key function * - * http://code.google.com/p/curve25519-donna/ + * https://code.google.com/p/curve25519-donna/ * * Adam Langley * * Derived from public domain C code by Daniel J. Bernstein * * More information about curve25519 can be found here - * http://cr.yp.to/ecdh.html + * https://cr.yp.to/ecdh.html * * djb's sample implementation of curve25519 is written in a special assembly * language called qhasm and uses the floating point registers. diff --git a/src/lib/stream/chacha/chacha.h b/src/lib/stream/chacha/chacha.h index 6b23715536..8016a73f60 100644 --- a/src/lib/stream/chacha/chacha.h +++ b/src/lib/stream/chacha/chacha.h @@ -13,7 +13,7 @@ namespace Botan { /** -* DJB's ChaCha (http://cr.yp.to/chacha.html) +* DJB's ChaCha (https://cr.yp.to/chacha.html) */ class BOTAN_PUBLIC_API(2,0) ChaCha final : public StreamCipher { diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 2f8e722283..892e1a3991 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -509,7 +509,7 @@ void Channel::send_record_array(uint16_t epoch, uint8_t type, const uint8_t inpu * An empty record also works but apparently some implementations do * not like this (https://bugzilla.mozilla.org/show_bug.cgi?id=665814) * - * See http://www.openssl.org/~bodo/tls-cbc.txt for background. + * See https://www.openssl.org/~bodo/tls-cbc.txt for background. */ auto cipher_state = write_cipher_state_epoch(epoch); diff --git a/src/lib/utils/calendar.cpp b/src/lib/utils/calendar.cpp index 1ff5a642df..db933e648f 100644 --- a/src/lib/utils/calendar.cpp +++ b/src/lib/utils/calendar.cpp @@ -137,7 +137,7 @@ std::chrono::system_clock::time_point calendar_point::to_std_timepoint() const #if defined(BOTAN_TARGET_OS_HAS_TIMEGM) std::time_t (&botan_timegm)(std::tm *tm) = ::timegm; #elif defined(BOTAN_TARGET_OS_HAS_MKGMTIME) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) - // http://stackoverflow.com/questions/16647819/timegm-cross-platform + // https://stackoverflow.com/questions/16647819/timegm-cross-platform std::time_t (&botan_timegm)(std::tm *tm) = ::_mkgmtime; #elif defined(BOTAN_HAS_BOOST_DATETIME) std::time_t (&botan_timegm)(std::tm *tm) = boost_timegm; diff --git a/src/lib/x509/certstor_sqlite3/certstor_sqlite.h b/src/lib/x509/certstor_sqlite3/certstor_sqlite.h index 4e53f34f42..6d4187e148 100644 --- a/src/lib/x509/certstor_sqlite3/certstor_sqlite.h +++ b/src/lib/x509/certstor_sqlite3/certstor_sqlite.h @@ -13,7 +13,7 @@ namespace Botan { /** -* Certificate and private key store backed by an sqlite (http://sqlite.org) database. +* Certificate and private key store backed by an sqlite (https://sqlite.org) database. */ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_SQLite final : public Certificate_Store_In_SQL { From d689e0f9148282148135034a32622df62b53d7c0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 15:53:47 -0400 Subject: [PATCH 0099/1008] Update http:// links in the docs [ci skip] --- doc/manual/building.rst | 6 +++--- doc/manual/fpe.rst | 4 ++-- doc/manual/fuzzing.rst | 4 ++-- doc/manual/side_channels.rst | 10 +++++----- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/manual/building.rst b/doc/manual/building.rst index 6d9a1ba951..b3dbc97bb1 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -10,7 +10,7 @@ the build system, primarily due to lack of access. Please contact the maintainer if you would like to build Botan on such a system. Botan's build is controlled by configure.py, which is a `Python -`_ script. Python 2.6 or later is required. +`_ script. Python 2.6 or later is required. .. highlight:: none @@ -237,7 +237,7 @@ For Android ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Instructions for building the library on Android can be found -`here `_. +`here `_. Other Build-Related Tasks ---------------------------------------- @@ -334,7 +334,7 @@ distribution this build is from. Applications can test this value by checking the string value of the macro ``BOTAN_DISTRIBUTION_INFO``. It can be set using the ``--distribution-info`` flag to ``configure.py``, and otherwise defaults to "unspecified". For instance, a `Gentoo -`_ ebuild might set it with +`_ ebuild might set it with ``--distribution-info="Gentoo ${PVR}"`` where ``${PVR}`` is an ebuild variable automatically set to a combination of the library and ebuild versions. diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst index 0de6032176..3ce5415587 100644 --- a/doc/manual/fpe.rst +++ b/doc/manual/fpe.rst @@ -13,7 +13,7 @@ mappings like English words onto other English words. The scheme currently implemented in botan is called FE1, and described in the paper `Format Preserving Encryption -`_ by Mihir Bellare, Thomas +`_ by Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. FPE is an area of ongoing standardization and it is likely that other schemes will be included in the future. @@ -50,7 +50,7 @@ To use FE1, use these functions, from ``fpe_fe1.h``: simply a random integer. This example encrypts a credit card number with a valid -`Luhn checksum `_ to +`Luhn checksum `_ to another number with the same format, including a correct checksum. .. literalinclude:: ../../src/cli/cc_enc.cpp diff --git a/doc/manual/fuzzing.rst b/doc/manual/fuzzing.rst index 1f596f6dad..8260582d69 100644 --- a/doc/manual/fuzzing.rst +++ b/doc/manual/fuzzing.rst @@ -9,10 +9,10 @@ the library. Fuzzing with libFuzzer ------------------------ -To fuzz with libFuzzer (http://llvm.org/docs/LibFuzzer.html), you'll first +To fuzz with libFuzzer (https://llvm.org/docs/LibFuzzer.html), you'll first need to compile libFuzzer:: - $ svn co http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer libFuzzer + $ svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer libFuzzer $ cd libFuzzer && clang -c -g -O2 -std=c++11 *.cpp $ ar cr libFuzzer.a libFuzzer/*.o diff --git a/doc/manual/side_channels.rst b/doc/manual/side_channels.rst index 5656001e48..7cf8a7b353 100644 --- a/doc/manual/side_channels.rst +++ b/doc/manual/side_channels.rst @@ -355,25 +355,25 @@ References [CoronDpa] Coron, "Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems" -(http://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.5695) +(https://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.5695) [InvalidCurve] Biehl, Meyer, Müller: Differential fault attacks on elliptic curve cryptosystems -(http://www.iacr.org/archive/crypto2000/18800131/18800131.pdf) +(https://www.iacr.org/archive/crypto2000/18800131/18800131.pdf) [InvalidCurveTLS] Jager, Schwenk, Somorovsky: Practical Invalid Curve Attacks on TLS-ECDH (https://www.nds.rub.de/research/publications/ESORICS15/) [SafeCurves] Bernstein, Lange: SafeCurves: choosing safe curves for -elliptic-curve cryptography. (http://safecurves.cr.yp.to) +elliptic-curve cryptography. (https://safecurves.cr.yp.to) [Lucky13] AlFardan, Paterson "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols" (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) [MillionMsg] Bleichenbacher "Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS1" -(http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.19.8543) +(https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.19.8543) [MillionMsgTiming] Meyer, Somorovsky, Weiss, Schwenk, Schinzel, Tews: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks @@ -385,7 +385,7 @@ Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0" [RsaFault] Boneh, Demillo, Lipton "On the importance of checking cryptographic protocols for faults" -(http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.48.9764) +(https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.48.9764) [RandomMonty] Le, Tan, Tunstall "Randomizing the Montgomery Powering Ladder" (https://eprint.iacr.org/2015/657) From 4bff25a393c771618f0d14428adbd40e37625d2e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 19:00:34 -0400 Subject: [PATCH 0100/1008] Fix botan-test --help [ci skip] --- src/tests/main.cpp | 51 ++++++++++++++++++++++++++++++++++++--- src/tests/test_runner.cpp | 31 ------------------------ src/tests/test_runner.h | 2 -- 3 files changed, 48 insertions(+), 36 deletions(-) diff --git a/src/tests/main.cpp b/src/tests/main.cpp index 3144b957d6..7ed5390012 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -6,9 +6,11 @@ #include "../cli/argparse.h" #include "test_runner.h" +#include "tests.h" #include #include #include +#include #include @@ -16,18 +18,61 @@ #include #endif +namespace { + +std::string help_text(const std::string& spec) + { + std::ostringstream err; + + err << "Usage: " << spec << "\n\n" + << "Available test suites\n" + << "----------------\n"; + + size_t line_len = 0; + + for(auto const& test : Botan_Tests::Test::registered_tests()) + { + err << test << " "; + line_len += test.size() + 1; + + if(line_len > 64) + { + err << "\n"; + line_len = 0; + } + } + + if(line_len > 0) + { + err << "\n"; + } + + return err.str(); + } + +} + int main(int argc, char* argv[]) { std::cerr << Botan::runtime_version_check(BOTAN_VERSION_MAJOR, BOTAN_VERSION_MINOR, BOTAN_VERSION_PATCH); try { - Botan_CLI::Argument_Parser parser("test --data-dir= --pkcs11-lib= --provider= --log-success " - "--verbose --help --run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " - "*suites"); + const std::string arg_spec = + "botan-test --data-dir= --pkcs11-lib= --provider= --log-success " + "--verbose --help --run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " + "*suites"; + + Botan_CLI::Argument_Parser parser(arg_spec); parser.parse_args(std::vector(argv + 1, argv + argc)); + if(parser.flag_set("help")) + { + std::cout << help_text(arg_spec); + return 0; + } + const std::string data_dir = parser.get_arg_or("data-dir", "src/tests/data"); const std::string pkcs11_lib = parser.get_arg("pkcs11-lib"); const std::string provider = parser.get_arg("provider"); diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 9abf43795d..6900a32ed6 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -124,37 +124,6 @@ create_test_rng(const std::string& drbg_seed, std::ostream& output) } -std::string Test_Runner::help_text() const - { - std::ostringstream err; - - err << "Usage: botan-test " - << "--run-long-tests --run-online-tests --test-runs=1 --drbg-seed= --data-dir= --pkcs11-lib= --provider= --log-success" - << "\n\nAvailable test suites\n" - << "----------------\n"; - - size_t line_len = 0; - - for(auto const& test : Botan_Tests::Test::registered_tests()) - { - err << test << " "; - line_len += test.size() + 1; - - if(line_len > 64) - { - err << "\n"; - line_len = 0; - } - } - - if(line_len > 0) - { - err << "\n"; - } - - return err.str(); - } - int Test_Runner::run(const std::vector& requested_tests, const std::string& data_dir, const std::string& pkcs11_lib, diff --git a/src/tests/test_runner.h b/src/tests/test_runner.h index 7d111920c2..96c5620240 100644 --- a/src/tests/test_runner.h +++ b/src/tests/test_runner.h @@ -18,8 +18,6 @@ class Test_Runner final public: Test_Runner(std::ostream& out); - std::string help_text() const; - int run(const std::vector& requested_tests, const std::string& data_dir, const std::string& pkcs11_lib, From 710daea322295bd8901ec3d2a03447985a89f39d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 24 Oct 2017 20:56:54 -0400 Subject: [PATCH 0101/1008] Skip ARM32 specific byteswap code, enable MSVC byteswap intrinsics While older versions of GCC did very badly with __builtin_bswap on ARM, I checked GCC 4.8 and it behaves correctly, emitting either rev or else the same optimal sequence as was used in the inline asm (depending on if ARMv7 is enabled or not.) Enable MSVC byteswap intrinsics, which (hopefully) work on all platforms. Drop the x86-32 specific asm for byteswap. --- src/lib/utils/bit_ops.h | 2 +- src/lib/utils/bswap.h | 47 ++++++++++++----------------------------- 2 files changed, 15 insertions(+), 34 deletions(-) diff --git a/src/lib/utils/bit_ops.h b/src/lib/utils/bit_ops.h index 2da0e55fbc..aa41db3912 100644 --- a/src/lib/utils/bit_ops.h +++ b/src/lib/utils/bit_ops.h @@ -102,7 +102,7 @@ inline size_t ctz(T n) return 8*sizeof(T); } -#if defined(BOTAN_BUILD_COMPILER_IS_GCC) +#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG) template<> inline size_t ctz(uint32_t n) diff --git a/src/lib/utils/bswap.h b/src/lib/utils/bswap.h index c1aa8b5943..8d5731f1b0 100644 --- a/src/lib/utils/bswap.h +++ b/src/lib/utils/bswap.h @@ -12,6 +12,10 @@ #include #include +#if defined(BOTAN_BUILD_COMPILER_IS_MSVC) + #include +#endif + namespace Botan { /** @@ -27,45 +31,22 @@ inline uint16_t reverse_bytes(uint16_t val) */ inline uint32_t reverse_bytes(uint32_t val) { -#if BOTAN_GCC_VERSION >= 430 && !defined(BOTAN_TARGET_ARCH_IS_ARM32) - /* - GCC intrinsic added in 4.3, works for a number of CPUs - - However avoid under ARM, as it branches to a function in libgcc - instead of generating inline asm, so slower even than the generic - rotate version below. - */ +#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG) return __builtin_bswap32(val); +#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC) + return _byteswap_ulong(val); + #elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) // GCC-style inline assembly for x86 or x86-64 asm("bswapl %0" : "=r" (val) : "0" (val)); return val; -#elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_ARCH_IS_ARM32) - - asm ("eor r3, %1, %1, ror #16\n\t" - "bic r3, r3, #0x00FF0000\n\t" - "mov %0, %1, ror #8\n\t" - "eor %0, %0, r3, lsr #8" - : "=r" (val) - : "0" (val) - : "r3", "cc"); - - return val; - -#elif defined(_MSC_VER) && defined(BOTAN_TARGET_ARCH_IS_X86_32) - - // Visual C++ inline asm for 32-bit x86, by Yves Jerschow - __asm mov eax, val; - __asm bswap eax; - #else // Generic implementation - return (rotr<8>(val) & 0xFF00FF00) | - (rotl<8>(val) & 0x00FF00FF); + return (rotr<8>(val) & 0xFF00FF00) | (rotl<8>(val) & 0x00FF00FF); #endif } @@ -75,11 +56,12 @@ inline uint32_t reverse_bytes(uint32_t val) */ inline uint64_t reverse_bytes(uint64_t val) { -#if BOTAN_GCC_VERSION >= 430 - - // GCC intrinsic added in 4.3, works for a number of CPUs +#if defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG) return __builtin_bswap64(val); +#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC) + return _byteswap_uint64(val); + #elif defined(BOTAN_USE_GCC_INLINE_ASM) && defined(BOTAN_TARGET_ARCH_IS_X86_64) // GCC-style inline assembly for x86-64 asm("bswapq %0" : "=r" (val) : "0" (val)); @@ -87,8 +69,7 @@ inline uint64_t reverse_bytes(uint64_t val) #else /* Generic implementation. Defined in terms of 32-bit bswap so any - * optimizations in that version can help here (particularly - * useful for 32-bit x86). + * optimizations in that version can help. */ uint32_t hi = static_cast(val >> 32); From 03f469365aebd6b9a10026bc31144849466d19c1 Mon Sep 17 00:00:00 2001 From: Frank Schoenmann Date: Wed, 25 Oct 2017 15:18:39 +0200 Subject: [PATCH 0102/1008] Perform OIDS lookup before to prevent a guaranteed exception in EC_Group. --- src/lib/tls/msg_client_kex.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 3291b6eb5a..3d2f72e1c7 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -181,7 +181,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, } else { - EC_Group group(curve_name); + EC_Group group(OIDS::lookup(curve_name)); ECDH_PublicKey counterparty_key(group, OS2ECP(ecdh_key, group.get_curve())); policy.check_peer_key_acceptable(counterparty_key); ECDH_PrivateKey priv_key(rng, group); From a07a22449a97d8734944566be01ee76cb817b846 Mon Sep 17 00:00:00 2001 From: Frank Schoenmann Date: Wed, 25 Oct 2017 15:34:59 +0200 Subject: [PATCH 0103/1008] Added missing include. --- src/lib/tls/msg_client_kex.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 3d2f72e1c7..742fee6b54 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -7,6 +7,7 @@ #include #include +#include #include #include From 056fc571a26012587e0411950f038d5c81aaf2b4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 25 Oct 2017 11:03:04 -0400 Subject: [PATCH 0104/1008] Round block cipher buffer sizes to multiple of block size Previously --buf-size was taken as a multiple of the block size, ie --buf-size=5 tested over 5 blocks (rather than 5 bytes, as the output claimed.) --- src/cli/speed.cpp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 9539e22ec6..fa8a09fd70 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -989,9 +989,19 @@ class Speed final : public Command const Botan::SymmetricKey key(rng(), cipher.maximum_keylength()); ks_timer.run([&]() { cipher.set_key(key); }); - for(auto buf_size : buf_sizes) + const size_t bs = cipher.block_size(); + std::set buf_sizes_in_blocks; + for(size_t buf_size : buf_sizes) + { + if(buf_size % bs == 0) + buf_sizes_in_blocks.insert(buf_size); + else + buf_sizes_in_blocks.insert(buf_size + bs - (buf_size % bs)); + } + + for(size_t buf_size : buf_sizes_in_blocks) { - std::vector buffer(buf_size * cipher.block_size()); + std::vector buffer(buf_size); Timer encrypt_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); Timer decrypt_timer(cipher.name(), buffer.size(), "decrypt", provider, buf_size); From d2630df202cffe37e5b409f2951108bfa4ef9471 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 25 Oct 2017 18:29:19 -0400 Subject: [PATCH 0105/1008] Avoid sending OCSP status request on resumption client hello Causes the connection to break for some servers. Fixes GH #1276 Also avoid setting the same extension twice in the initial connection case. The extensions code dedups it so this wasn't a problem, but confusing. --- src/lib/tls/msg_client_hello.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index e804a0cf00..e0d3c8b657 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -92,7 +92,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, */ m_extensions.add(new Extended_Master_Secret); m_extensions.add(new Session_Ticket()); - m_extensions.add(new Certificate_Status_Request); if(policy.negotiate_encrypt_then_mac()) m_extensions.add(new Encrypt_then_MAC); @@ -167,7 +166,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, attempt and upgrade us to a new session with the EMS protection. */ m_extensions.add(new Extended_Master_Secret); - m_extensions.add(new Certificate_Status_Request); m_extensions.add(new Renegotiation_Extension(reneg_info)); m_extensions.add(new Server_Name_Indicator(session.server_info().hostname())); From 9bbca51d2c760db724136695837bc9c1d1a4f4b4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 16:46:31 -0400 Subject: [PATCH 0106/1008] Blake2b optimizations Nothing major but does improve perf for large buffers from 910 MB/s to 970 MB/s on Skylake. --- src/lib/hash/blake2/blake2b.cpp | 207 ++++++++++++----------------- src/lib/hash/blake2/blake2b.h | 17 +-- src/lib/hash/mdx_hash/mdx_hash.cpp | 3 +- 3 files changed, 94 insertions(+), 133 deletions(-) diff --git a/src/lib/hash/blake2/blake2b.cpp b/src/lib/hash/blake2/blake2b.cpp index 79a30de3db..2cc1c3888b 100644 --- a/src/lib/hash/blake2/blake2b.cpp +++ b/src/lib/hash/blake2/blake2b.cpp @@ -1,6 +1,7 @@ /* * Blake2b * (C) 2016 cynecx +* (C) 2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -16,37 +17,27 @@ namespace Botan { namespace { -const uint64_t blake2b_IV[BLAKE2B_IVU64COUNT] = { - 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +enum blake2b_constant { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_IVU64COUNT = 8 }; -const uint64_t blake2b_sigma[12][16] = { - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , - { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , - { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , - { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , - { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , - { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , - { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , - { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , - { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , - { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , - { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +const uint64_t blake2b_IV[BLAKE2B_IVU64COUNT] = { + 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, + 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, + 0x510e527fade682d1, 0x9b05688c2b3e6c1f, + 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179 }; + } Blake2b::Blake2b(size_t output_bits) : m_output_bits(output_bits), m_buffer(BLAKE2B_BLOCKBYTES), - m_buflen(0), + m_bufpos(0), m_H(BLAKE2B_IVU64COUNT) { - if(output_bits == 0 || output_bits % 8 != 0 - || output_bits / 8 > BLAKE2B_OUTBYTES) + if(output_bits == 0 || output_bits > 512 || output_bits % 8 != 0) { throw Invalid_Argument("Bad output bits size for Blake2b"); } @@ -56,145 +47,121 @@ Blake2b::Blake2b(size_t output_bits) : void Blake2b::state_init() { - std::copy(std::begin(blake2b_IV), std::end(blake2b_IV), m_H.begin()); + copy_mem(m_H.data(), blake2b_IV, BLAKE2B_IVU64COUNT); m_H[0] ^= 0x01010000 ^ static_cast(output_length()); m_T[0] = m_T[1] = 0; m_F[0] = m_F[1] = 0; } -void Blake2b::compress(bool lastblock) +void Blake2b::compress(const uint8_t* input, size_t blocks, size_t increment) { - uint64_t m[16]; - uint64_t v[16]; - uint64_t* const H = m_H.data(); - const uint8_t* const block = m_buffer.data(); - - if(lastblock) + for(size_t b = 0; b != blocks; ++b) { - m_F[0] = ~0ULL; - } + m_T[0] += increment; + if(m_T[0] < increment) + { + m_T[1]++; + } - for(int i = 0; i < 16; i++) - { - m[i] = load_le(block, i); - } + uint64_t M[16]; + uint64_t v[16]; + load_le(M, input, 16); - for(int i = 0; i < 8; i++) - { - v[i] = H[i]; - v[i + 8] = blake2b_IV[i]; - } + input += BLAKE2B_BLOCKBYTES; + + for(size_t i = 0; i < 8; i++) + v[i] = m_H[i]; + for(size_t i = 0; i != 8; ++i) + v[i + 8] = blake2b_IV[i]; - v[12] ^= m_T[0]; - v[13] ^= m_T[1]; - v[14] ^= m_F[0]; - v[15] ^= m_F[1]; + v[12] ^= m_T[0]; + v[13] ^= m_T[1]; + v[14] ^= m_F[0]; + v[15] ^= m_F[1]; -#define G(r, i, a, b, c, d) \ +#define G(a, b, c, d, M0, M1) \ do { \ - a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + a = a + b + M0; \ d = rotr<32>(d ^ a); \ c = c + d; \ b = rotr<24>(b ^ c); \ - a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + a = a + b + M1; \ d = rotr<16>(d ^ a); \ c = c + d; \ b = rotr<63>(b ^ c); \ } while(0) -#define ROUND(r) \ - do { \ - G(r, 0, v[0], v[4], v[8], v[12]); \ - G(r, 1, v[1], v[5], v[9], v[13]); \ - G(r, 2, v[2], v[6], v[10], v[14]); \ - G(r, 3, v[3], v[7], v[11], v[15]); \ - G(r, 4, v[0], v[5], v[10], v[15]); \ - G(r, 5, v[1], v[6], v[11], v[12]); \ - G(r, 6, v[2], v[7], v[8], v[13]); \ - G(r, 7, v[3], v[4], v[9], v[14]); \ +#define ROUND(i0, i1, i2, i3, i4, i5, i6, i7, i8, i9, iA, iB, iC, iD, iE, iF) \ + do { \ + G(v[ 0], v[ 4], v[ 8], v[12], M[i0], M[i1]); \ + G(v[ 1], v[ 5], v[ 9], v[13], M[i2], M[i3]); \ + G(v[ 2], v[ 6], v[10], v[14], M[i4], M[i5]); \ + G(v[ 3], v[ 7], v[11], v[15], M[i6], M[i7]); \ + G(v[ 0], v[ 5], v[10], v[15], M[i8], M[i9]); \ + G(v[ 1], v[ 6], v[11], v[12], M[iA], M[iB]); \ + G(v[ 2], v[ 7], v[ 8], v[13], M[iC], M[iD]); \ + G(v[ 3], v[ 4], v[ 9], v[14], M[iE], M[iF]); \ } while(0) - ROUND(0); - ROUND(1); - ROUND(2); - ROUND(3); - ROUND(4); - ROUND(5); - ROUND(6); - ROUND(7); - ROUND(8); - ROUND(9); - ROUND(10); - ROUND(11); - - for(int i = 0; i < 8; i++) - { - H[i] ^= v[i] ^ v[i + 8]; + ROUND( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + ROUND(14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); + ROUND(11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4); + ROUND( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8); + ROUND( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13); + ROUND( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9); + ROUND(12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11); + ROUND(13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10); + ROUND( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5); + ROUND(10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0); + ROUND( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + ROUND(14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); + + for(size_t i = 0; i < 8; i++) + { + m_H[i] ^= v[i] ^ v[i + 8]; + } } #undef G #undef ROUND } -void Blake2b::increment_counter(const uint64_t inc) - { - m_T[0] += inc; - if(m_T[0] < inc) - { - m_T[1]++; - } - } - void Blake2b::add_data(const uint8_t input[], size_t length) { - if(!input || length == 0) + if(m_bufpos > 0) { - return; - } - - uint8_t* const buffer = m_buffer.data(); + const size_t take = std::min(BLAKE2B_BLOCKBYTES - m_bufpos, length); + copy_mem(&m_buffer[m_bufpos], input, take); + m_bufpos += take; + length -= take; + input += take; - while(length > 0) - { - size_t fill = BLAKE2B_BLOCKBYTES - m_buflen; - - if(length <= fill) + if(m_bufpos == m_buffer.size() && length > 0) { - std::memcpy(buffer + m_buflen, input, length); - m_buflen += length; - return; + compress(m_buffer.data(), 1, BLAKE2B_BLOCKBYTES); + m_bufpos = 0; } + } - std::memcpy(buffer + m_buflen, input, fill); - increment_counter(BLAKE2B_BLOCKBYTES); - compress(); + if(length > BLAKE2B_BLOCKBYTES) + { + const size_t full_blocks = ((length-1) / BLAKE2B_BLOCKBYTES); + compress(input, full_blocks, BLAKE2B_BLOCKBYTES); - m_buflen = 0; - input += fill; - length -= fill; + input += full_blocks * BLAKE2B_BLOCKBYTES; + length -= full_blocks * BLAKE2B_BLOCKBYTES; } + + copy_mem(&m_buffer[m_bufpos], input, length); + m_bufpos += length; } void Blake2b::final_result(uint8_t output[]) { - if(!output) - { - return; - } - - uint8_t* const buffer = m_buffer.data(); - const uint64_t* const H = static_cast(m_H.data()); - uint16_t outlen = static_cast(output_length()); - - std::memset(buffer + m_buflen, 0, BLAKE2B_BLOCKBYTES - m_buflen); - increment_counter(m_buflen); - compress(true); - - for (uint16_t i = 0; i < outlen; i++) - { - output[i] = (H[i >> 3] >> (8 * (i & 7))) & 0xFF; - } - + clear_mem(&m_buffer[m_bufpos], BLAKE2B_BLOCKBYTES - m_bufpos); + m_F[0] = 0xFFFFFFFFFFFFFFFF; + compress(m_buffer.data(), 1, m_bufpos); + copy_out_vec_le(output, output_length(), m_H); clear(); } @@ -217,7 +184,7 @@ void Blake2b::clear() { zeroise(m_H); zeroise(m_buffer); - m_buflen = 0; + m_bufpos = 0; state_init(); } diff --git a/src/lib/hash/blake2/blake2b.h b/src/lib/hash/blake2/blake2b.h index fa67ab2cfc..f4a68ad55d 100644 --- a/src/lib/hash/blake2/blake2b.h +++ b/src/lib/hash/blake2/blake2b.h @@ -14,12 +14,6 @@ namespace Botan { -enum blake2b_constant { - BLAKE2B_BLOCKBYTES = 128, - BLAKE2B_OUTBYTES = 64, - BLAKE2B_IVU64COUNT = 8 -}; - /** * BLAKE2B */ @@ -31,7 +25,7 @@ class BOTAN_PUBLIC_API(2,0) Blake2b final : public HashFunction */ explicit Blake2b(size_t output_bits = 512); - size_t hash_block_size() const override { return BLAKE2B_BLOCKBYTES; } + size_t hash_block_size() const override { return 128; } size_t output_length() const override { return m_output_bits / 8; } HashFunction* clone() const override; @@ -44,14 +38,13 @@ class BOTAN_PUBLIC_API(2,0) Blake2b final : public HashFunction void add_data(const uint8_t input[], size_t length) override; void final_result(uint8_t out[]) override; - inline void state_init(); - inline void increment_counter(const uint64_t inc); - void compress(bool lastblock = false); + void state_init(); + void compress(const uint8_t* data, size_t blocks, uint64_t increment); - size_t m_output_bits; + const size_t m_output_bits; secure_vector m_buffer; - size_t m_buflen; + size_t m_bufpos; secure_vector m_H; uint64_t m_T[2]; diff --git a/src/lib/hash/mdx_hash/mdx_hash.cpp b/src/lib/hash/mdx_hash/mdx_hash.cpp index c2fb320ec4..8c668874a8 100644 --- a/src/lib/hash/mdx_hash/mdx_hash.cpp +++ b/src/lib/hash/mdx_hash/mdx_hash.cpp @@ -19,11 +19,12 @@ MDx_HashFunction::MDx_HashFunction(size_t block_len, bool bit_end, size_t cnt_size) : m_buffer(block_len), + m_count(0), + m_position(0), BIG_BYTE_ENDIAN(byte_end), BIG_BIT_ENDIAN(bit_end), COUNT_SIZE(cnt_size) { - m_count = m_position = 0; } /* From 9c7436fbd0a750d0dca5a4dfd3970917c50dedfb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 17:05:08 -0400 Subject: [PATCH 0107/1008] Avoid invalid iterator woes --- src/lib/hash/blake2/blake2b.cpp | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/lib/hash/blake2/blake2b.cpp b/src/lib/hash/blake2/blake2b.cpp index 2cc1c3888b..42ec707bdc 100644 --- a/src/lib/hash/blake2/blake2b.cpp +++ b/src/lib/hash/blake2/blake2b.cpp @@ -128,13 +128,19 @@ void Blake2b::compress(const uint8_t* input, size_t blocks, size_t increment) void Blake2b::add_data(const uint8_t input[], size_t length) { + if(length == 0) + return; + if(m_bufpos > 0) { - const size_t take = std::min(BLAKE2B_BLOCKBYTES - m_bufpos, length); - copy_mem(&m_buffer[m_bufpos], input, take); - m_bufpos += take; - length -= take; - input += take; + if(m_bufpos < BLAKE2B_BLOCKBYTES) + { + const size_t take = std::min(BLAKE2B_BLOCKBYTES - m_bufpos, length); + copy_mem(&m_buffer[m_bufpos], input, take); + m_bufpos += take; + length -= take; + input += take; + } if(m_bufpos == m_buffer.size() && length > 0) { @@ -152,13 +158,17 @@ void Blake2b::add_data(const uint8_t input[], size_t length) length -= full_blocks * BLAKE2B_BLOCKBYTES; } - copy_mem(&m_buffer[m_bufpos], input, length); - m_bufpos += length; + if(length > 0) + { + copy_mem(&m_buffer[m_bufpos], input, length); + m_bufpos += length; + } } void Blake2b::final_result(uint8_t output[]) { - clear_mem(&m_buffer[m_bufpos], BLAKE2B_BLOCKBYTES - m_bufpos); + if(m_bufpos != BLAKE2B_BLOCKBYTES) + clear_mem(&m_buffer[m_bufpos], BLAKE2B_BLOCKBYTES - m_bufpos); m_F[0] = 0xFFFFFFFFFFFFFFFF; compress(m_buffer.data(), 1, m_bufpos); copy_out_vec_le(output, output_length(), m_H); From 9a37a338e8798c2b94342c8984136b35e7a7394d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 17:06:07 -0400 Subject: [PATCH 0108/1008] Fix build on 32-bit --- src/lib/hash/blake2/blake2b.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/hash/blake2/blake2b.cpp b/src/lib/hash/blake2/blake2b.cpp index 42ec707bdc..33cc8a2f48 100644 --- a/src/lib/hash/blake2/blake2b.cpp +++ b/src/lib/hash/blake2/blake2b.cpp @@ -53,7 +53,7 @@ void Blake2b::state_init() m_F[0] = m_F[1] = 0; } -void Blake2b::compress(const uint8_t* input, size_t blocks, size_t increment) +void Blake2b::compress(const uint8_t* input, size_t blocks, uint64_t increment) { for(size_t b = 0; b != blocks; ++b) { From 3e595342d35d79aca0b00bef22ed6eedde2ebf0d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 20:33:28 -0400 Subject: [PATCH 0109/1008] Add more SipHash tests Generated by ref implementation --- src/tests/data/mac/siphash.vec | 187 +++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) diff --git a/src/tests/data/mac/siphash.vec b/src/tests/data/mac/siphash.vec index 7e4bfed04b..5420a992ba 100644 --- a/src/tests/data/mac/siphash.vec +++ b/src/tests/data/mac/siphash.vec @@ -2,3 +2,190 @@ Key = 000102030405060708090A0B0C0D0E0F In = 000102030405060708090A0B0C0D0E Out = E545BE4961CA29A1 + +# Randomly generated by SipHash ref impl + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = +Out = 9BBA4CA0FF8CF5CA + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254 +Out = 474A3D4A55BFB364 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8 +Out = DCCE723718444981 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D76 +Out = 3BFC828B03F3BC86 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63 +Out = 731D82FF69D32F91 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC9 +Out = 2DC30C79EAEB92CF + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A6632 +Out = 470E18E4AB16C21A + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB731 +Out = 4BD0C46B0DD2E678 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A +Out = 9EA09C9401808C75 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D05 +Out = 190F7D3DF4EE7C79 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E9 +Out = 93C91D8E02617E1C + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4AB +Out = CEED4CF53E1A6CF7 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC6 +Out = 63A7AA054DF3DD34 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454 +Out = 03CB99AFC5749081 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E82 +Out = 80A216A197DF7B2A + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E82744121 +Out = 519A7FCDD0799A30 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC87 +Out = 1257D4140FE18AAF + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93E +Out = 06EA81DB5FEC50AD + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1 +Out = 466A1C6592985926 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E +Out = F1E040A7BA53BF73 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97 +Out = 83D3F6587449E528 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B +Out = 47195A20F3F5EB89 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F38 +Out = B15CC680530086E9 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AEC +Out = FBA0618A89484698 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB +Out = 1E78313620262F04 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C +Out = 3A6A22D72CD4BEE1 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18 +Out = 1CCA89F7612EB1EF + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C02 +Out = EBE47A6E419120CE + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43 +Out = E3C84C1DCC2C916F + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA +Out = A64933631D955CCC + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29 +Out = 8CC6E0F1E0A1A069 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E605 +Out = 7095084F0CA2BE9B + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C94 +Out = D3B74D72533F0FE7 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE +Out = 50489426B6585B99 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F9 +Out = 9F065ABB4D0D176A + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8 +Out = 8FC3896D73E4FA4E + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95 +Out = AB1A9E9D1D27617C + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1 +Out = 33192A15813C8E0E + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EF +Out = 19158BE6BB4DF2D3 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9 +Out = 124D9999C07C5F1E + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9A13AE5 +Out = 4AB5769CDBC18FFA + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9A13AE5CA0BCB +Out = AFFAA607903DF845 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9A13AE5CA0BCBD04847 +Out = 40967B87E46C92DC + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9A13AE5CA0BCBD0484764BD1F +Out = 73AA9EE7DE316517 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9A13AE5CA0BCBD0484764BD1F231EA8 +Out = 0B80E80776D069B9 + +Key = 67C6697351FF4AEC29CDBAABF2FBE346 +In = 7CC254F81BE8E78D765A2E63339FC99A66320DB73158A35A255D051758E95ED4ABB2CDC69BB454110E827441213DDC8770E93EA141E1FC673E017E97EADC6B968F385C2AECB03BFB32AF3C54EC18DB5C021AFE43FBFAAA3AFB29D1E6053C7C9475D8BE6189F95CBBA8990F95B1EBF1B305EFF700E9A13AE5CA0BCBD0484764BD1F231EA81C7B64 +Out = CBF51B4D013F1408 + From 315b002ecf00f6b6bb0f0d5200d1f39a83527e8f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 20:33:46 -0400 Subject: [PATCH 0110/1008] Update news [ci skip] --- news.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 201834c3d7..3cb695f95d 100644 --- a/news.rst +++ b/news.rst @@ -16,7 +16,7 @@ Version 2.4.0, Not Yet Released SSSE3 but not clmul, and better algorithms for systems with clmul and pmull. (GH #1253 #1263) -* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC +* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b * New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows From e6d45052efedfe49e99adb6318aaf56e0a9e8d7b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 20:31:30 -0400 Subject: [PATCH 0111/1008] Add checks that keyed algorithms are actually keyed before use Previously calling update or encrypt without calling set_key first would result in invalid outputs or else crashing. --- src/lib/base/sym_algo.h | 7 +++ src/lib/block/aes/aes.cpp | 12 +++++ src/lib/block/blowfish/blowfish.cpp | 4 ++ src/lib/block/camellia/camellia.cpp | 6 +++ src/lib/block/cast/cast128.cpp | 4 ++ src/lib/block/cast/cast256.cpp | 4 ++ src/lib/block/des/des.cpp | 8 ++++ src/lib/block/des/desx.cpp | 4 ++ src/lib/block/gost_28147/gost_28147.cpp | 4 ++ src/lib/block/idea/idea.cpp | 4 ++ src/lib/block/kasumi/kasumi.cpp | 4 ++ src/lib/block/lion/lion.cpp | 16 ++++--- src/lib/block/misty1/misty1.cpp | 4 ++ src/lib/block/noekeon/noekeon.cpp | 4 ++ src/lib/block/seed/seed.cpp | 4 ++ src/lib/block/serpent/serpent.cpp | 4 ++ src/lib/block/shacal2/shacal2.cpp | 4 ++ src/lib/block/sm4/sm4.cpp | 4 ++ src/lib/block/threefish/threefish.cpp | 6 +-- src/lib/block/twofish/twofish.cpp | 4 ++ src/lib/block/xtea/xtea.cpp | 4 ++ src/lib/mac/cbc_mac/cbc_mac.cpp | 9 +++- src/lib/mac/hmac/hmac.cpp | 2 + src/lib/mac/poly1305/poly1305.cpp | 4 +- src/lib/mac/siphash/siphash.cpp | 6 ++- src/lib/mac/x919_mac/x919_mac.cpp | 8 +++- src/lib/modes/aead/gcm/ghash.cpp | 2 +- src/lib/prov/openssl/openssl_block.cpp | 15 ++++++- src/lib/prov/openssl/openssl_rc4.cpp | 5 ++- src/lib/stream/chacha/chacha.cpp | 2 + src/lib/stream/ctr/ctr.cpp | 7 +-- src/lib/stream/rc4/rc4.cpp | 2 + src/lib/stream/salsa20/salsa20.cpp | 2 + src/lib/stream/shake_cipher/shake_cipher.cpp | 10 +++-- src/lib/utils/exceptn.cpp | 4 ++ src/lib/utils/exceptn.h | 6 +++ src/tests/test_block.cpp | 47 +++++++++++++++++++- src/tests/test_hash.cpp | 13 +++++- src/tests/test_mac.cpp | 35 +++++++++++++++ src/tests/test_stream.cpp | 23 ++++++++++ 40 files changed, 287 insertions(+), 30 deletions(-) diff --git a/src/lib/base/sym_algo.h b/src/lib/base/sym_algo.h index a596f59327..a0ebac6260 100644 --- a/src/lib/base/sym_algo.h +++ b/src/lib/base/sym_algo.h @@ -91,6 +91,13 @@ class BOTAN_PUBLIC_API(2,0) SymmetricAlgorithm */ virtual std::string name() const = 0; + protected: + void verify_key_set(bool cond) const + { + if(cond == false) + throw Key_Not_Set(name()); + } + private: /** * Run the key schedule diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 8a82ad9429..9c375c362a 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -452,6 +452,8 @@ size_t AES_256::parallelism() const { return aes_parallelism(); } void AES_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + #if defined(BOTAN_HAS_AES_NI) if(CPUID::has_aes_ni()) { @@ -478,6 +480,8 @@ void AES_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_DK.empty() == false); + #if defined(BOTAN_HAS_AES_NI) if(CPUID::has_aes_ni()) { @@ -531,6 +535,8 @@ void AES_128::clear() void AES_192::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + #if defined(BOTAN_HAS_AES_NI) if(CPUID::has_aes_ni()) { @@ -557,6 +563,8 @@ void AES_192::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const void AES_192::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_DK.empty() == false); + #if defined(BOTAN_HAS_AES_NI) if(CPUID::has_aes_ni()) { @@ -610,6 +618,8 @@ void AES_192::clear() void AES_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + #if defined(BOTAN_HAS_AES_NI) if(CPUID::has_aes_ni()) { @@ -636,6 +646,8 @@ void AES_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_DK.empty() == false); + #if defined(BOTAN_HAS_AES_NI) if(CPUID::has_aes_ni()) { diff --git a/src/lib/block/blowfish/blowfish.cpp b/src/lib/block/blowfish/blowfish.cpp index 68d73cafde..c2634bba48 100644 --- a/src/lib/block/blowfish/blowfish.cpp +++ b/src/lib/block/blowfish/blowfish.cpp @@ -197,6 +197,8 @@ const uint32_t S_INIT[1024] = { */ void Blowfish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_S.empty() == false); + const uint32_t* S1 = &m_S[0]; const uint32_t* S2 = &m_S[256]; const uint32_t* S3 = &m_S[512]; @@ -229,6 +231,8 @@ void Blowfish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void Blowfish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_S.empty() == false); + const uint32_t* S1 = &m_S[0]; const uint32_t* S2 = &m_S[256]; const uint32_t* S3 = &m_S[512]; diff --git a/src/lib/block/camellia/camellia.cpp b/src/lib/block/camellia/camellia.cpp index 89db6f8b9c..9281cd8596 100644 --- a/src/lib/block/camellia/camellia.cpp +++ b/src/lib/block/camellia/camellia.cpp @@ -854,31 +854,37 @@ void key_schedule(secure_vector& SK, const uint8_t key[], size_t lengt void Camellia_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SK.empty() == false); Camellia_F::encrypt(in, out, blocks, m_SK, 9); } void Camellia_192::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SK.empty() == false); Camellia_F::encrypt(in, out, blocks, m_SK, 12); } void Camellia_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SK.empty() == false); Camellia_F::encrypt(in, out, blocks, m_SK, 12); } void Camellia_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SK.empty() == false); Camellia_F::decrypt(in, out, blocks, m_SK, 9); } void Camellia_192::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SK.empty() == false); Camellia_F::decrypt(in, out, blocks, m_SK, 12); } void Camellia_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SK.empty() == false); Camellia_F::decrypt(in, out, blocks, m_SK, 12); } diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index 5ad732eb30..f7910f0340 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -50,6 +50,8 @@ inline uint32_t R3(uint32_t R, uint32_t MK, uint8_t RK) */ void CAST_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) { uint32_t L, R; @@ -81,6 +83,8 @@ void CAST_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void CAST_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) { uint32_t L, R; diff --git a/src/lib/block/cast/cast256.cpp b/src/lib/block/cast/cast256.cpp index b4aa491661..cd5175dd76 100644 --- a/src/lib/block/cast/cast256.cpp +++ b/src/lib/block/cast/cast256.cpp @@ -50,6 +50,8 @@ void round3(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) */ void CAST_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t A = load_be(in, 0); @@ -94,6 +96,8 @@ void CAST_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void CAST_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t A = load_be(in, 0); diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp index 15c2adb66e..2881cfa9a1 100644 --- a/src/lib/block/des/des.cpp +++ b/src/lib/block/des/des.cpp @@ -144,6 +144,8 @@ void des_decrypt(uint32_t& L, uint32_t& R, */ void DES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_round_key.empty() == false); + for(size_t i = 0; i < blocks; ++i) { uint64_t T = (DES_IPTAB1[in[8*i+0]] ) | (DES_IPTAB1[in[8*i+1]] << 1) | @@ -171,6 +173,8 @@ void DES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void DES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_round_key.empty() == false); + for(size_t i = 0; i < blocks; ++i) { uint64_t T = (DES_IPTAB1[in[BLOCK_SIZE*i+0]] ) | (DES_IPTAB1[in[BLOCK_SIZE*i+1]] << 1) | @@ -213,6 +217,8 @@ void DES::clear() */ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_round_key.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint64_t T = (DES_IPTAB1[in[0]] ) | (DES_IPTAB1[in[1]] << 1) | @@ -246,6 +252,8 @@ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons */ void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_round_key.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint64_t T = (DES_IPTAB1[in[0]] ) | (DES_IPTAB1[in[1]] << 1) | diff --git a/src/lib/block/des/desx.cpp b/src/lib/block/des/desx.cpp index 7c99955231..e869b3ebf8 100644 --- a/src/lib/block/des/desx.cpp +++ b/src/lib/block/des/desx.cpp @@ -14,6 +14,8 @@ namespace Botan { */ void DESX::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_K1.empty() == false); + for(size_t i = 0; i != blocks; ++i) { xor_buf(out, in, m_K1.data(), BLOCK_SIZE); @@ -30,6 +32,8 @@ void DESX::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void DESX::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_K1.empty() == false); + for(size_t i = 0; i != blocks; ++i) { xor_buf(out, in, m_K2.data(), BLOCK_SIZE); diff --git a/src/lib/block/gost_28147/gost_28147.cpp b/src/lib/block/gost_28147/gost_28147.cpp index ffe9b5d661..b46d162de2 100644 --- a/src/lib/block/gost_28147/gost_28147.cpp +++ b/src/lib/block/gost_28147/gost_28147.cpp @@ -111,6 +111,8 @@ std::string GOST_28147_89::name() const */ void GOST_28147_89::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t N1 = load_le(in, 0); @@ -141,6 +143,8 @@ void GOST_28147_89::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) */ void GOST_28147_89::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t N1 = load_le(in, 0); diff --git a/src/lib/block/idea/idea.cpp b/src/lib/block/idea/idea.cpp index c0364b3251..26bd246907 100644 --- a/src/lib/block/idea/idea.cpp +++ b/src/lib/block/idea/idea.cpp @@ -137,6 +137,8 @@ std::string IDEA::provider() const */ void IDEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + #if defined(BOTAN_HAS_IDEA_SSE2) if(CPUID::has_sse2()) { @@ -158,6 +160,8 @@ void IDEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void IDEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_DK.empty() == false); + #if defined(BOTAN_HAS_IDEA_SSE2) if(CPUID::has_sse2()) { diff --git a/src/lib/block/kasumi/kasumi.cpp b/src/lib/block/kasumi/kasumi.cpp index a9b5d82742..a40a9d9d53 100644 --- a/src/lib/block/kasumi/kasumi.cpp +++ b/src/lib/block/kasumi/kasumi.cpp @@ -110,6 +110,8 @@ uint16_t FI(uint16_t I, uint16_t K) */ void KASUMI::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint16_t B0 = load_be(in, 0); @@ -154,6 +156,8 @@ void KASUMI::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void KASUMI::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint16_t B0 = load_be(in, 0); diff --git a/src/lib/block/lion/lion.cpp b/src/lib/block/lion/lion.cpp index 7959de5853..cd7d25d9cc 100644 --- a/src/lib/block/lion/lion.cpp +++ b/src/lib/block/lion/lion.cpp @@ -14,6 +14,8 @@ namespace Botan { */ void Lion::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_key1.empty() == false); + const size_t LEFT_SIZE = left_size(); const size_t RIGHT_SIZE = right_size(); @@ -44,6 +46,8 @@ void Lion::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void Lion::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_key1.empty() == false); + const size_t LEFT_SIZE = left_size(); const size_t RIGHT_SIZE = right_size(); @@ -77,6 +81,11 @@ void Lion::key_schedule(const uint8_t key[], size_t length) clear(); const size_t half = length / 2; + + m_key1.resize(left_size()); + m_key2.resize(left_size()); + clear_mem(m_key1.data(), m_key1.size()); + clear_mem(m_key2.data(), m_key2.size()); copy_mem(m_key1.data(), key, half); copy_mem(m_key2.data(), key + half, half); } @@ -104,8 +113,8 @@ BlockCipher* Lion::clone() const */ void Lion::clear() { - zeroise(m_key1); - zeroise(m_key2); + zap(m_key1); + zap(m_key2); m_hash->clear(); m_cipher->clear(); } @@ -123,9 +132,6 @@ Lion::Lion(HashFunction* hash, StreamCipher* cipher, size_t bs) : if(!m_cipher->valid_keylength(left_size())) throw Invalid_Argument(name() + ": This stream/hash combo is invalid"); - - m_key1.resize(left_size()); - m_key2.resize(left_size()); } } diff --git a/src/lib/block/misty1/misty1.cpp b/src/lib/block/misty1/misty1.cpp index eaef86c8cf..e7ebffa6ef 100644 --- a/src/lib/block/misty1/misty1.cpp +++ b/src/lib/block/misty1/misty1.cpp @@ -103,6 +103,8 @@ uint16_t FI(uint16_t input, uint16_t key7, uint16_t key9) */ void MISTY1::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint16_t B0 = load_be(in, 0); @@ -153,6 +155,8 @@ void MISTY1::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void MISTY1::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_DK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint16_t B0 = load_be(in, 2); diff --git a/src/lib/block/noekeon/noekeon.cpp b/src/lib/block/noekeon/noekeon.cpp index a7f60a0fd4..5fd5be82a7 100644 --- a/src/lib/block/noekeon/noekeon.cpp +++ b/src/lib/block/noekeon/noekeon.cpp @@ -110,6 +110,8 @@ const uint8_t Noekeon::RC[] = { */ void Noekeon::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + #if defined(BOTAN_HAS_NOEKEON_SIMD) if(CPUID::has_simd_32()) { @@ -161,6 +163,8 @@ void Noekeon::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void Noekeon::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_DK.empty() == false); + #if defined(BOTAN_HAS_NOEKEON_SIMD) if(CPUID::has_simd_32()) { diff --git a/src/lib/block/seed/seed.cpp b/src/lib/block/seed/seed.cpp index 7002830427..81194e44ab 100644 --- a/src/lib/block/seed/seed.cpp +++ b/src/lib/block/seed/seed.cpp @@ -208,6 +208,8 @@ inline uint32_t SEED_G(uint32_t X) */ void SEED::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_K.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t B0 = load_be(in, 0); @@ -246,6 +248,8 @@ void SEED::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void SEED::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_K.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t B0 = load_be(in, 0); diff --git a/src/lib/block/serpent/serpent.cpp b/src/lib/block/serpent/serpent.cpp index 6e1d797661..39968e87e2 100644 --- a/src/lib/block/serpent/serpent.cpp +++ b/src/lib/block/serpent/serpent.cpp @@ -57,6 +57,8 @@ inline void i_transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) */ void Serpent::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_round_key.empty() == false); + #if defined(BOTAN_HAS_SERPENT_SIMD) if(CPUID::has_simd_32()) { @@ -117,6 +119,8 @@ void Serpent::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void Serpent::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_round_key.empty() == false); + #if defined(BOTAN_HAS_SERPENT_SIMD) if(CPUID::has_simd_32()) { diff --git a/src/lib/block/shacal2/shacal2.cpp b/src/lib/block/shacal2/shacal2.cpp index 12c87c426a..dd4224ed46 100644 --- a/src/lib/block/shacal2/shacal2.cpp +++ b/src/lib/block/shacal2/shacal2.cpp @@ -44,6 +44,8 @@ inline void SHACAL2_Rev(uint32_t A, uint32_t B, uint32_t C, uint32_t& D, */ void SHACAL2::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + #if defined(BOTAN_HAS_SHACAL2_X86) if(CPUID::has_intel_sha()) { @@ -99,6 +101,8 @@ void SHACAL2::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void SHACAL2::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + #if defined(BOTAN_HAS_SHACAL2_SIMD) if(CPUID::has_simd_32()) { diff --git a/src/lib/block/sm4/sm4.cpp b/src/lib/block/sm4/sm4.cpp index 2902d514c2..7c409d40f1 100644 --- a/src/lib/block/sm4/sm4.cpp +++ b/src/lib/block/sm4/sm4.cpp @@ -124,6 +124,8 @@ inline uint32_t SM4_Tp(uint32_t b) */ void SM4::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t B0 = load_be(in, 0); @@ -152,6 +154,8 @@ void SM4::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void SM4::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_RK.empty() == false); + for(size_t i = 0; i != blocks; ++i) { uint32_t B0 = load_be(in, 0); diff --git a/src/lib/block/threefish/threefish.cpp b/src/lib/block/threefish/threefish.cpp index 804d6003a2..60f793d64c 100644 --- a/src/lib/block/threefish/threefish.cpp +++ b/src/lib/block/threefish/threefish.cpp @@ -124,8 +124,7 @@ std::string Threefish_512::provider() const void Threefish_512::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { - BOTAN_ASSERT(m_K.size() == 9, "Key was set"); - BOTAN_ASSERT(m_T.size() == 3, "Tweak was set"); + verify_key_set(m_K.empty() == false); #if defined(BOTAN_HAS_THREEFISH_512_AVX2) if(CPUID::has_avx2()) @@ -161,8 +160,7 @@ void Threefish_512::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) void Threefish_512::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { - BOTAN_ASSERT(m_K.size() == 9, "Key was set"); - BOTAN_ASSERT(m_T.size() == 3, "Tweak was set"); + verify_key_set(m_K.empty() == false); #if defined(BOTAN_HAS_THREEFISH_512_AVX2) if(CPUID::has_avx2()) diff --git a/src/lib/block/twofish/twofish.cpp b/src/lib/block/twofish/twofish.cpp index 3a09af8daa..496c31a36c 100644 --- a/src/lib/block/twofish/twofish.cpp +++ b/src/lib/block/twofish/twofish.cpp @@ -19,6 +19,8 @@ namespace Botan { */ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SB.empty() == false); + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) { uint32_t A, B, C, D; @@ -70,6 +72,8 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_SB.empty() == false); + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) { uint32_t A, B, C, D; diff --git a/src/lib/block/xtea/xtea.cpp b/src/lib/block/xtea/xtea.cpp index b53de448b4..679ad4cfb3 100644 --- a/src/lib/block/xtea/xtea.cpp +++ b/src/lib/block/xtea/xtea.cpp @@ -15,6 +15,8 @@ namespace Botan { */ void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + const uint32_t* EK = &m_EK[0]; const size_t blocks4 = blocks / 4; @@ -61,6 +63,8 @@ void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const */ void XTEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { + verify_key_set(m_EK.empty() == false); + const uint32_t* EK = &m_EK[0]; const size_t blocks4 = blocks / 4; diff --git a/src/lib/mac/cbc_mac/cbc_mac.cpp b/src/lib/mac/cbc_mac/cbc_mac.cpp index b272fe3bc8..ba403b564a 100644 --- a/src/lib/mac/cbc_mac/cbc_mac.cpp +++ b/src/lib/mac/cbc_mac/cbc_mac.cpp @@ -14,6 +14,8 @@ namespace Botan { */ void CBC_MAC::add_data(const uint8_t input[], size_t length) { + verify_key_set(m_state.empty() == false); + size_t xored = std::min(output_length() - m_position, length); xor_buf(&m_state[m_position], input, xored); m_position += xored; @@ -41,6 +43,8 @@ void CBC_MAC::add_data(const uint8_t input[], size_t length) */ void CBC_MAC::final_result(uint8_t mac[]) { + verify_key_set(m_state.empty() == false); + if(m_position) m_cipher->encrypt(m_state); @@ -54,6 +58,7 @@ void CBC_MAC::final_result(uint8_t mac[]) */ void CBC_MAC::key_schedule(const uint8_t key[], size_t length) { + m_state.resize(m_cipher->block_size()); m_cipher->set_key(key, length); } @@ -63,7 +68,7 @@ void CBC_MAC::key_schedule(const uint8_t key[], size_t length) void CBC_MAC::clear() { m_cipher->clear(); - zeroise(m_state); + zap(m_state); m_position = 0; } @@ -87,7 +92,7 @@ MessageAuthenticationCode* CBC_MAC::clone() const * CBC-MAC Constructor */ CBC_MAC::CBC_MAC(BlockCipher* cipher) : - m_cipher(cipher), m_state(cipher->block_size()) + m_cipher(cipher) { } diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp index 32f62f0c22..244946d884 100644 --- a/src/lib/mac/hmac/hmac.cpp +++ b/src/lib/mac/hmac/hmac.cpp @@ -15,6 +15,7 @@ namespace Botan { */ void HMAC::add_data(const uint8_t input[], size_t length) { + verify_key_set(m_ikey.empty() == false); m_hash->update(input, length); } @@ -23,6 +24,7 @@ void HMAC::add_data(const uint8_t input[], size_t length) */ void HMAC::final_result(uint8_t mac[]) { + verify_key_set(m_okey.empty() == false); m_hash->final(mac); m_hash->update(m_okey); m_hash->update(mac, output_length()); diff --git a/src/lib/mac/poly1305/poly1305.cpp b/src/lib/mac/poly1305/poly1305.cpp index 9fe0bad0a7..639aa88c02 100644 --- a/src/lib/mac/poly1305/poly1305.cpp +++ b/src/lib/mac/poly1305/poly1305.cpp @@ -155,7 +155,7 @@ void Poly1305::key_schedule(const uint8_t key[], size_t) void Poly1305::add_data(const uint8_t input[], size_t length) { - BOTAN_ASSERT_EQUAL(m_poly.size(), 8, "Initialized"); + verify_key_set(m_poly.size() == 8); if(m_buf_pos) { @@ -182,7 +182,7 @@ void Poly1305::add_data(const uint8_t input[], size_t length) void Poly1305::final_result(uint8_t out[]) { - BOTAN_ASSERT_EQUAL(m_poly.size(), 8, "Initialized"); + verify_key_set(m_poly.size() == 8); if(m_buf_pos != 0) { diff --git a/src/lib/mac/siphash/siphash.cpp b/src/lib/mac/siphash/siphash.cpp index 255a35493b..80acc4d608 100644 --- a/src/lib/mac/siphash/siphash.cpp +++ b/src/lib/mac/siphash/siphash.cpp @@ -39,6 +39,8 @@ void SipRounds(uint64_t M, secure_vector& V, size_t r) void SipHash::add_data(const uint8_t input[], size_t length) { + verify_key_set(m_V.empty() == false); + // SipHash counts the message length mod 256 m_words += static_cast(length); @@ -76,6 +78,8 @@ void SipHash::add_data(const uint8_t input[], size_t length) void SipHash::final_result(uint8_t mac[]) { + verify_key_set(m_V.empty() == false); + m_mbuf = (m_mbuf >> (64-m_mbuf_pos*8)) | (static_cast(m_words) << 56); SipRounds(m_mbuf, m_V, m_C); @@ -103,7 +107,7 @@ void SipHash::key_schedule(const uint8_t key[], size_t) void SipHash::clear() { - m_V.clear(); + zap(m_V); m_mbuf = 0; m_mbuf_pos = 0; m_words = 0; diff --git a/src/lib/mac/x919_mac/x919_mac.cpp b/src/lib/mac/x919_mac/x919_mac.cpp index 189108377b..ef1e78602f 100644 --- a/src/lib/mac/x919_mac/x919_mac.cpp +++ b/src/lib/mac/x919_mac/x919_mac.cpp @@ -14,6 +14,8 @@ namespace Botan { */ void ANSI_X919_MAC::add_data(const uint8_t input[], size_t length) { + verify_key_set(m_state.empty() == false); + size_t xored = std::min(8 - m_position, length); xor_buf(&m_state[m_position], input, xored); m_position += xored; @@ -53,6 +55,8 @@ void ANSI_X919_MAC::final_result(uint8_t mac[]) */ void ANSI_X919_MAC::key_schedule(const uint8_t key[], size_t length) { + m_state.resize(8); + m_des1->set_key(key, 8); if(length == 16) @@ -68,7 +72,7 @@ void ANSI_X919_MAC::clear() { m_des1->clear(); m_des2->clear(); - zeroise(m_state); + zap(m_state); m_position = 0; } @@ -88,7 +92,7 @@ MessageAuthenticationCode* ANSI_X919_MAC::clone() const ANSI_X919_MAC::ANSI_X919_MAC() : m_des1(BlockCipher::create("DES")), m_des2(BlockCipher::create("DES")), - m_state(8), m_position(0) + m_position(0) { } diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp index 51477f43a9..482eec3356 100644 --- a/src/lib/modes/aead/gcm/ghash.cpp +++ b/src/lib/modes/aead/gcm/ghash.cpp @@ -199,7 +199,7 @@ void GHASH::set_associated_data(const uint8_t input[], size_t length) void GHASH::update_associated_data(const uint8_t ad[], size_t length) { - BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set"); + verify_key_set(m_ghash.size() == GCM_BS); m_ad_len += length; ghash_update(m_ghash, ad, length); } diff --git a/src/lib/prov/openssl/openssl_block.cpp b/src/lib/prov/openssl/openssl_block.cpp index 33cd9b8cc6..3cf2039616 100644 --- a/src/lib/prov/openssl/openssl_block.cpp +++ b/src/lib/prov/openssl/openssl_block.cpp @@ -36,6 +36,7 @@ class OpenSSL_BlockCipher final : public BlockCipher void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override { + verify_key_set(m_key_set); int out_len = 0; if(!EVP_EncryptUpdate(m_encrypt, out, &out_len, in, blocks * m_block_sz)) throw OpenSSL_Error("EVP_EncryptUpdate"); @@ -43,6 +44,7 @@ class OpenSSL_BlockCipher final : public BlockCipher void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override { + verify_key_set(m_key_set); int out_len = 0; if(!EVP_DecryptUpdate(m_decrypt, out, &out_len, in, blocks * m_block_sz)) throw OpenSSL_Error("EVP_DecryptUpdate"); @@ -55,13 +57,15 @@ class OpenSSL_BlockCipher final : public BlockCipher std::string m_cipher_name; EVP_CIPHER_CTX *m_encrypt; EVP_CIPHER_CTX *m_decrypt; + bool m_key_set; }; OpenSSL_BlockCipher::OpenSSL_BlockCipher(const std::string& algo_name, const EVP_CIPHER* algo) : m_block_sz(EVP_CIPHER_block_size(algo)), m_cipher_key_spec(EVP_CIPHER_key_length(algo)), - m_cipher_name(algo_name) + m_cipher_name(algo_name), + m_key_set(false) { if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in"); @@ -92,7 +96,8 @@ OpenSSL_BlockCipher::OpenSSL_BlockCipher(const std::string& algo_name, size_t key_mod) : m_block_sz(EVP_CIPHER_block_size(algo)), m_cipher_key_spec(key_min, key_max, key_mod), - m_cipher_name(algo_name) + m_cipher_name(algo_name), + m_key_set(false) { if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) throw Invalid_Argument("OpenSSL_BlockCipher: Non-ECB EVP was passed in"); @@ -134,15 +139,19 @@ void OpenSSL_BlockCipher::key_schedule(const uint8_t key[], size_t length) full_key += std::make_pair(key, 8); } else + { if(EVP_CIPHER_CTX_set_key_length(m_encrypt, length) == 0 || EVP_CIPHER_CTX_set_key_length(m_decrypt, length) == 0) throw Invalid_Argument("OpenSSL_BlockCipher: Bad key length for " + m_cipher_name); + } if(!EVP_EncryptInit_ex(m_encrypt, nullptr, nullptr, full_key.data(), nullptr)) throw OpenSSL_Error("EVP_EncryptInit_ex"); if(!EVP_DecryptInit_ex(m_decrypt, nullptr, nullptr, full_key.data(), nullptr)) throw OpenSSL_Error("EVP_DecryptInit_ex"); + + m_key_set = true; } /* @@ -164,6 +173,8 @@ void OpenSSL_BlockCipher::clear() { const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(m_encrypt); + m_key_set = false; + if(!EVP_CIPHER_CTX_cleanup(m_encrypt)) throw OpenSSL_Error("EVP_CIPHER_CTX_cleanup encrypt"); if(!EVP_CIPHER_CTX_cleanup(m_decrypt)) diff --git a/src/lib/prov/openssl/openssl_rc4.cpp b/src/lib/prov/openssl/openssl_rc4.cpp index 5fb2a68f50..b24760f457 100644 --- a/src/lib/prov/openssl/openssl_rc4.cpp +++ b/src/lib/prov/openssl/openssl_rc4.cpp @@ -21,7 +21,7 @@ namespace { class OpenSSL_RC4 final : public StreamCipher { public: - void clear() override { clear_mem(&m_rc4, 1); } + void clear() override { clear_mem(&m_rc4, 1); m_key_set = false; } std::string provider() const override { return "openssl"; } @@ -61,6 +61,7 @@ class OpenSSL_RC4 final : public StreamCipher private: void cipher(const uint8_t in[], uint8_t out[], size_t length) override { + verify_key_set(m_key_set); ::RC4(&m_rc4, length, in, out); } @@ -70,10 +71,12 @@ class OpenSSL_RC4 final : public StreamCipher uint8_t d = 0; for(size_t i = 0; i != m_skip; ++i) ::RC4(&m_rc4, 1, &d, &d); + m_key_set = true; } size_t m_skip; RC4_KEY m_rc4; + bool m_key_set; }; } diff --git a/src/lib/stream/chacha/chacha.cpp b/src/lib/stream/chacha/chacha.cpp index 0bbb47bcbf..52e5eaaf44 100644 --- a/src/lib/stream/chacha/chacha.cpp +++ b/src/lib/stream/chacha/chacha.cpp @@ -116,6 +116,8 @@ void ChaCha::chacha_x4(uint8_t output[64*4], uint32_t input[16], size_t rounds) */ void ChaCha::cipher(const uint8_t in[], uint8_t out[], size_t length) { + verify_key_set(m_state.empty() == false); + while(length >= m_buffer.size() - m_position) { xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position); diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index 99a589bb9c..463119caf7 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -17,7 +17,6 @@ CTR_BE::CTR_BE(BlockCipher* ciph) : m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size), m_counter(m_cipher->parallel_bytes()), m_pad(m_counter.size()), - m_iv(m_cipher->block_size()), m_pad_pos(0) { } @@ -29,7 +28,6 @@ CTR_BE::CTR_BE(BlockCipher* cipher, size_t ctr_size) : m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size), m_counter(m_cipher->parallel_bytes()), m_pad(m_counter.size()), - m_iv(m_cipher->block_size()), m_pad_pos(0) { if(m_ctr_size < 4 || m_ctr_size > m_block_size) @@ -41,7 +39,7 @@ void CTR_BE::clear() m_cipher->clear(); zeroise(m_pad); zeroise(m_counter); - zeroise(m_iv); + zap(m_iv); m_pad_pos = 0; } @@ -64,6 +62,8 @@ std::string CTR_BE::name() const void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length) { + verify_key_set(m_iv.empty() == false); + const uint8_t* pad_bits = &m_pad[0]; const size_t pad_size = m_pad.size(); @@ -105,6 +105,7 @@ void CTR_BE::set_iv(const uint8_t iv[], size_t iv_len) if(!valid_iv_length(iv_len)) throw Invalid_IV_Length(name(), iv_len); + m_iv.resize(m_cipher->block_size()); zeroise(m_iv); buffer_insert(m_iv, 0, iv, iv_len); diff --git a/src/lib/stream/rc4/rc4.cpp b/src/lib/stream/rc4/rc4.cpp index 208b2f5602..60565d445e 100644 --- a/src/lib/stream/rc4/rc4.cpp +++ b/src/lib/stream/rc4/rc4.cpp @@ -15,6 +15,8 @@ namespace Botan { */ void RC4::cipher(const uint8_t in[], uint8_t out[], size_t length) { + verify_key_set(m_state.empty() == false); + while(length >= m_buffer.size() - m_position) { xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position); diff --git a/src/lib/stream/salsa20/salsa20.cpp b/src/lib/stream/salsa20/salsa20.cpp index e27b2d2bbf..3f93cee94e 100644 --- a/src/lib/stream/salsa20/salsa20.cpp +++ b/src/lib/stream/salsa20/salsa20.cpp @@ -103,6 +103,8 @@ void salsa20(uint8_t output[64], const uint32_t input[16]) */ void Salsa20::cipher(const uint8_t in[], uint8_t out[], size_t length) { + verify_key_set(m_state.empty() == false); + while(length >= m_buffer.size() - m_position) { xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position); diff --git a/src/lib/stream/shake_cipher/shake_cipher.cpp b/src/lib/stream/shake_cipher/shake_cipher.cpp index 4f79777f4b..72a8fd8858 100644 --- a/src/lib/stream/shake_cipher/shake_cipher.cpp +++ b/src/lib/stream/shake_cipher/shake_cipher.cpp @@ -12,13 +12,13 @@ namespace Botan { SHAKE_128_Cipher::SHAKE_128_Cipher() : - m_state(25), - m_buffer((1600 - 256) / 8), m_buf_pos(0) {} void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length) { + verify_key_set(m_state.empty() == false); + while(length >= m_buffer.size() - m_buf_pos) { xor_buf(out, in, &m_buffer[m_buf_pos], m_buffer.size() - m_buf_pos); @@ -37,6 +37,8 @@ void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length) void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length) { + m_state.resize(25); + m_buffer.resize((1600 - 256) / 8); zeroise(m_state); for(size_t i = 0; i < length/8; ++i) @@ -53,8 +55,8 @@ void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length) void SHAKE_128_Cipher::clear() { - zeroise(m_state); - zeroise(m_buffer); + zap(m_state); + zap(m_buffer); m_buf_pos = 0; } diff --git a/src/lib/utils/exceptn.cpp b/src/lib/utils/exceptn.cpp index 240742602c..3fa7dfd3ec 100644 --- a/src/lib/utils/exceptn.cpp +++ b/src/lib/utils/exceptn.cpp @@ -44,6 +44,10 @@ Invalid_IV_Length::Invalid_IV_Length(const std::string& mode, size_t bad_len) : " is invalid for " + mode) {} +Key_Not_Set::Key_Not_Set(const std::string& algo) : + Invalid_State("Key not set in " + algo) + {} + Policy_Violation::Policy_Violation(const std::string& err) : Invalid_State("Policy violation: " + err) {} diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index b9b94a8f8b..e82889b5a5 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -62,6 +62,12 @@ class BOTAN_PUBLIC_API(2,0) Invalid_State : public Exception explicit Invalid_State(const std::string& err) : Exception(err) {} }; +class BOTAN_PUBLIC_API(2,4) Key_Not_Set : public Invalid_State + { + public: + explicit Key_Not_Set(const std::string& algo); + }; + /** * Lookup_Error Exception */ diff --git a/src/tests/test_block.cpp b/src/tests/test_block.cpp index 535556a901..02115b66aa 100644 --- a/src/tests/test_block.cpp +++ b/src/tests/test_block.cpp @@ -53,8 +53,31 @@ class Block_Cipher_Tests final : public Text_Based_Test result.test_gte(provider, cipher->block_size(), 8); result.test_gte(provider, cipher->parallel_bytes(), cipher->block_size() * cipher->parallelism()); + // Test that trying to encrypt or decrypt with now key set throws Botan::Invalid_State + try + { + std::vector block(cipher->block_size()); + cipher->encrypt(block); + result.test_failure("Was able to encrypt without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to encrypt with no key set fails"); + } + + try + { + std::vector block(cipher->block_size()); + cipher->decrypt(block); + result.test_failure("Was able to decrypt without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to encrypt with no key set fails"); + } + // Test to make sure clear() resets what we need it to - cipher->set_key(Test::rng().random_vec(cipher->key_spec().minimum_keylength())); + cipher->set_key(Test::rng().random_vec(cipher->key_spec().maximum_keylength())); Botan::secure_vector garbage = Test::rng().random_vec(cipher->block_size()); cipher->encrypt(garbage); cipher->clear(); @@ -89,6 +112,28 @@ class Block_Cipher_Tests final : public Text_Based_Test result.test_eq(provider, "decrypt", buf, input); + try + { + std::vector block(cipher->block_size()); + cipher->encrypt(block); + result.test_failure("Was able to encrypt without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to encrypt with no key set (after clear) fails"); + } + + try + { + std::vector block(cipher->block_size()); + cipher->decrypt(block); + result.test_failure("Was able to decrypt without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to decrypt with no key set (after clear) fails"); + } + } return result; diff --git a/src/tests/test_hash.cpp b/src/tests/test_hash.cpp index 2116cade46..39b13de328 100644 --- a/src/tests/test_hash.cpp +++ b/src/tests/test_hash.cpp @@ -68,7 +68,6 @@ class Hash_Function_Tests final : public Text_Based_Test result.test_eq(provider, "hashing after clear", hash->final(), expected); - // TODO: feed in random pieces to fully test buffering if(input.size() > 5) { hash->update(input[0]); @@ -77,7 +76,17 @@ class Hash_Function_Tests final : public Text_Based_Test // verify fork copy doesn't affect original computation fork->update(&input[1], input.size() - 2); - hash->update(&input[1], input.size() - 1); + size_t so_far = 1; + while(so_far < input.size()) + { + size_t take = Test::rng().next_byte() % (input.size() - so_far); + + if(input.size() - so_far == 1) + take = 1; + + hash->update(&input[so_far], take); + so_far += take; + } result.test_eq(provider, "hashing split", hash->final(), expected); fork->update(&input[input.size() - 1], 1); diff --git a/src/tests/test_mac.cpp b/src/tests/test_mac.cpp index f4e3e4268a..18ba82b30d 100644 --- a/src/tests/test_mac.cpp +++ b/src/tests/test_mac.cpp @@ -59,6 +59,17 @@ class Message_Auth_Tests final : public Text_Based_Test result.test_is_nonempty("provider", provider); result.test_eq(provider, mac->name(), algo); + try + { + std::vector buf(128); + mac->update(buf.data(), buf.size()); + result.test_failure("Was able to MAC without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to MAC with no key set fails"); + } + mac->set_key(key); mac->start(iv); @@ -108,6 +119,30 @@ class Message_Auth_Tests final : public Text_Based_Test result.test_eq(provider + " split mac", mac->verify_mac(expected.data(), expected.size()), true); } + + mac->clear(); + + try + { + std::vector buf(128); + mac->update(buf.data(), buf.size()); + result.test_failure("Was able to MAC without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to MAC with no key set (after clear) fails"); + } + + try + { + std::vector buf(mac->output_length()); + mac->final(buf.data()); + result.test_failure("Was able to MAC without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to MAC with no key set (after clear) fails"); + } } return result; diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp index 50012fe97a..357b8c769b 100644 --- a/src/tests/test_stream.cpp +++ b/src/tests/test_stream.cpp @@ -56,6 +56,18 @@ class Stream_Cipher_Tests final : public Text_Based_Test const std::string provider(cipher->provider()); result.test_is_nonempty("provider", provider); result.test_eq(provider, cipher->name(), algo); + + try + { + std::vector buf(128); + cipher->cipher1(buf.data(), buf.size()); + result.test_failure("Was able to encrypt without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to encrypt with no key set fails"); + } + cipher->set_key(key); if(nonce.size()) @@ -96,6 +108,17 @@ class Stream_Cipher_Tests final : public Text_Based_Test cipher->clear(); + try + { + std::vector buf(128); + cipher->cipher1(buf.data(), buf.size()); + result.test_failure("Was able to encrypt without a key being set (after clear)"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to encrypt with no key set (after clear) fails"); + } + result.test_eq(provider, "encrypt", buf, expected); } From 814ad06e3dcde954a1e0fb2422ed98297bd1a81d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 23:57:25 -0400 Subject: [PATCH 0112/1008] Update news --- news.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/news.rst b/news.rst index 3cb695f95d..4e0aebaa63 100644 --- a/news.rst +++ b/news.rst @@ -18,6 +18,10 @@ Version 2.4.0, Not Yet Released * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b +* Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a + key was set before accepting data. Previously attempting to use an unkeyed + object would instead result in either a crash or invalid outputs. (GH #1279) + * New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows better optimizations in both cases. Notably performance of CAST-128 From 1cb385d089c47485adcf87bb65e041f988b9208d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 26 Oct 2017 23:57:39 -0400 Subject: [PATCH 0113/1008] Remove needless virtual on GMAC destructor --- src/lib/mac/gmac/gmac.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/mac/gmac/gmac.h b/src/lib/mac/gmac/gmac.h index 83094a5bc5..4b02ebf85f 100644 --- a/src/lib/mac/gmac/gmac.h +++ b/src/lib/mac/gmac/gmac.h @@ -42,7 +42,7 @@ class BOTAN_PUBLIC_API(2,0) GMAC final : public MessageAuthenticationCode GMAC(const GMAC&) = delete; GMAC& operator=(const GMAC&) = delete; - virtual ~GMAC(); + ~GMAC(); private: void add_data(const uint8_t[], size_t) override; From 77e438a0a9a1721d861bcab2fad98739f40fe888 Mon Sep 17 00:00:00 2001 From: Krzysztof Kwiatkowski Date: Sat, 28 Oct 2017 15:35:56 +0100 Subject: [PATCH 0114/1008] CRC24 performance improvement (32 bits in parallel) Algorithm uses 4 tables of precalculated CRC24 values, thanks to which it can process in parallel 32 bits of data. This tric doubles performance Further improvements are possible. Results - (tested with RNP) processing 1GB armor data ``` OLD: rnp --enarmor=msg /tmp/1gb.rnd --output 4.48s user 0.89s system 98% cpu 5.429 total NEW: rnp --enarmor=msg /tmp/1gb.rnd --output 2.38s user 0.86s system 79% cpu 4.089 total OLD: rnp --dearmor out.xxx --output out.d 5.58s user 0.65s system 98% cpu 6.338 total NEW: rnp --dearmor out.xxx --output out.d 3.28s user 0.84s system 96% cpu 4.275 total ``` --- src/lib/hash/checksum/crc24/crc24.cpp | 277 ++++++++++++++++++++------ src/lib/hash/checksum/crc24/crc24.h | 3 +- 2 files changed, 213 insertions(+), 67 deletions(-) diff --git a/src/lib/hash/checksum/crc24/crc24.cpp b/src/lib/hash/checksum/crc24/crc24.cpp index bed4561777..9aef3e76ec 100644 --- a/src/lib/hash/checksum/crc24/crc24.cpp +++ b/src/lib/hash/checksum/crc24/crc24.cpp @@ -1,15 +1,191 @@ /* * CRC24 * (C) 1999-2007 Jack Lloyd +* (C) 2017 [Ribose Inc](https://www.ribose.com). Performed by Krzysztof Kwiatkowski. * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include +#include namespace Botan { +namespace { + +const uint32_t T0[256] = { + 0x00000000, 0x00FB4C86, 0x000DD58A, 0x00F6990C, 0x00E1E693, 0x001AAA15, 0x00EC3319, + 0x00177F9F, 0x003981A1, 0x00C2CD27, 0x0034542B, 0x00CF18AD, 0x00D86732, 0x00232BB4, + 0x00D5B2B8, 0x002EFE3E, 0x00894EC5, 0x00720243, 0x00849B4F, 0x007FD7C9, 0x0068A856, + 0x0093E4D0, 0x00657DDC, 0x009E315A, 0x00B0CF64, 0x004B83E2, 0x00BD1AEE, 0x00465668, + 0x005129F7, 0x00AA6571, 0x005CFC7D, 0x00A7B0FB, 0x00E9D10C, 0x00129D8A, 0x00E40486, + 0x001F4800, 0x0008379F, 0x00F37B19, 0x0005E215, 0x00FEAE93, 0x00D050AD, 0x002B1C2B, + 0x00DD8527, 0x0026C9A1, 0x0031B63E, 0x00CAFAB8, 0x003C63B4, 0x00C72F32, 0x00609FC9, + 0x009BD34F, 0x006D4A43, 0x009606C5, 0x0081795A, 0x007A35DC, 0x008CACD0, 0x0077E056, + 0x00591E68, 0x00A252EE, 0x0054CBE2, 0x00AF8764, 0x00B8F8FB, 0x0043B47D, 0x00B52D71, + 0x004E61F7, 0x00D2A319, 0x0029EF9F, 0x00DF7693, 0x00243A15, 0x0033458A, 0x00C8090C, + 0x003E9000, 0x00C5DC86, 0x00EB22B8, 0x00106E3E, 0x00E6F732, 0x001DBBB4, 0x000AC42B, + 0x00F188AD, 0x000711A1, 0x00FC5D27, 0x005BEDDC, 0x00A0A15A, 0x00563856, 0x00AD74D0, + 0x00BA0B4F, 0x004147C9, 0x00B7DEC5, 0x004C9243, 0x00626C7D, 0x009920FB, 0x006FB9F7, + 0x0094F571, 0x00838AEE, 0x0078C668, 0x008E5F64, 0x007513E2, 0x003B7215, 0x00C03E93, + 0x0036A79F, 0x00CDEB19, 0x00DA9486, 0x0021D800, 0x00D7410C, 0x002C0D8A, 0x0002F3B4, + 0x00F9BF32, 0x000F263E, 0x00F46AB8, 0x00E31527, 0x001859A1, 0x00EEC0AD, 0x00158C2B, + 0x00B23CD0, 0x00497056, 0x00BFE95A, 0x0044A5DC, 0x0053DA43, 0x00A896C5, 0x005E0FC9, + 0x00A5434F, 0x008BBD71, 0x0070F1F7, 0x008668FB, 0x007D247D, 0x006A5BE2, 0x00911764, + 0x00678E68, 0x009CC2EE, 0x00A44733, 0x005F0BB5, 0x00A992B9, 0x0052DE3F, 0x0045A1A0, + 0x00BEED26, 0x0048742A, 0x00B338AC, 0x009DC692, 0x00668A14, 0x00901318, 0x006B5F9E, + 0x007C2001, 0x00876C87, 0x0071F58B, 0x008AB90D, 0x002D09F6, 0x00D64570, 0x0020DC7C, + 0x00DB90FA, 0x00CCEF65, 0x0037A3E3, 0x00C13AEF, 0x003A7669, 0x00148857, 0x00EFC4D1, + 0x00195DDD, 0x00E2115B, 0x00F56EC4, 0x000E2242, 0x00F8BB4E, 0x0003F7C8, 0x004D963F, + 0x00B6DAB9, 0x004043B5, 0x00BB0F33, 0x00AC70AC, 0x00573C2A, 0x00A1A526, 0x005AE9A0, + 0x0074179E, 0x008F5B18, 0x0079C214, 0x00828E92, 0x0095F10D, 0x006EBD8B, 0x00982487, + 0x00636801, 0x00C4D8FA, 0x003F947C, 0x00C90D70, 0x003241F6, 0x00253E69, 0x00DE72EF, + 0x0028EBE3, 0x00D3A765, 0x00FD595B, 0x000615DD, 0x00F08CD1, 0x000BC057, 0x001CBFC8, + 0x00E7F34E, 0x00116A42, 0x00EA26C4, 0x0076E42A, 0x008DA8AC, 0x007B31A0, 0x00807D26, + 0x009702B9, 0x006C4E3F, 0x009AD733, 0x00619BB5, 0x004F658B, 0x00B4290D, 0x0042B001, + 0x00B9FC87, 0x00AE8318, 0x0055CF9E, 0x00A35692, 0x00581A14, 0x00FFAAEF, 0x0004E669, + 0x00F27F65, 0x000933E3, 0x001E4C7C, 0x00E500FA, 0x001399F6, 0x00E8D570, 0x00C62B4E, + 0x003D67C8, 0x00CBFEC4, 0x0030B242, 0x0027CDDD, 0x00DC815B, 0x002A1857, 0x00D154D1, + 0x009F3526, 0x006479A0, 0x0092E0AC, 0x0069AC2A, 0x007ED3B5, 0x00859F33, 0x0073063F, + 0x00884AB9, 0x00A6B487, 0x005DF801, 0x00AB610D, 0x00502D8B, 0x00475214, 0x00BC1E92, + 0x004A879E, 0x00B1CB18, 0x00167BE3, 0x00ED3765, 0x001BAE69, 0x00E0E2EF, 0x00F79D70, + 0x000CD1F6, 0x00FA48FA, 0x0001047C, 0x002FFA42, 0x00D4B6C4, 0x00222FC8, 0x00D9634E, + 0x00CE1CD1, 0x00355057, 0x00C3C95B, 0x003885DD }; + +const uint32_t T1[256] = { + 0x00000000, 0x00488F66, 0x00901ECD, 0x00D891AB, 0x00DB711C, 0x0093FE7A, 0x004B6FD1, + 0x0003E0B7, 0x00B6E338, 0x00FE6C5E, 0x0026FDF5, 0x006E7293, 0x006D9224, 0x00251D42, + 0x00FD8CE9, 0x00B5038F, 0x006CC771, 0x00244817, 0x00FCD9BC, 0x00B456DA, 0x00B7B66D, + 0x00FF390B, 0x0027A8A0, 0x006F27C6, 0x00DA2449, 0x0092AB2F, 0x004A3A84, 0x0002B5E2, + 0x00015555, 0x0049DA33, 0x00914B98, 0x00D9C4FE, 0x00D88EE3, 0x00900185, 0x0048902E, + 0x00001F48, 0x0003FFFF, 0x004B7099, 0x0093E132, 0x00DB6E54, 0x006E6DDB, 0x0026E2BD, + 0x00FE7316, 0x00B6FC70, 0x00B51CC7, 0x00FD93A1, 0x0025020A, 0x006D8D6C, 0x00B44992, + 0x00FCC6F4, 0x0024575F, 0x006CD839, 0x006F388E, 0x0027B7E8, 0x00FF2643, 0x00B7A925, + 0x0002AAAA, 0x004A25CC, 0x0092B467, 0x00DA3B01, 0x00D9DBB6, 0x009154D0, 0x0049C57B, + 0x00014A1D, 0x004B5141, 0x0003DE27, 0x00DB4F8C, 0x0093C0EA, 0x0090205D, 0x00D8AF3B, + 0x00003E90, 0x0048B1F6, 0x00FDB279, 0x00B53D1F, 0x006DACB4, 0x002523D2, 0x0026C365, + 0x006E4C03, 0x00B6DDA8, 0x00FE52CE, 0x00279630, 0x006F1956, 0x00B788FD, 0x00FF079B, + 0x00FCE72C, 0x00B4684A, 0x006CF9E1, 0x00247687, 0x00917508, 0x00D9FA6E, 0x00016BC5, + 0x0049E4A3, 0x004A0414, 0x00028B72, 0x00DA1AD9, 0x009295BF, 0x0093DFA2, 0x00DB50C4, + 0x0003C16F, 0x004B4E09, 0x0048AEBE, 0x000021D8, 0x00D8B073, 0x00903F15, 0x00253C9A, + 0x006DB3FC, 0x00B52257, 0x00FDAD31, 0x00FE4D86, 0x00B6C2E0, 0x006E534B, 0x0026DC2D, + 0x00FF18D3, 0x00B797B5, 0x006F061E, 0x00278978, 0x002469CF, 0x006CE6A9, 0x00B47702, + 0x00FCF864, 0x0049FBEB, 0x0001748D, 0x00D9E526, 0x00916A40, 0x00928AF7, 0x00DA0591, + 0x0002943A, 0x004A1B5C, 0x0096A282, 0x00DE2DE4, 0x0006BC4F, 0x004E3329, 0x004DD39E, + 0x00055CF8, 0x00DDCD53, 0x00954235, 0x002041BA, 0x0068CEDC, 0x00B05F77, 0x00F8D011, + 0x00FB30A6, 0x00B3BFC0, 0x006B2E6B, 0x0023A10D, 0x00FA65F3, 0x00B2EA95, 0x006A7B3E, + 0x0022F458, 0x002114EF, 0x00699B89, 0x00B10A22, 0x00F98544, 0x004C86CB, 0x000409AD, + 0x00DC9806, 0x00941760, 0x0097F7D7, 0x00DF78B1, 0x0007E91A, 0x004F667C, 0x004E2C61, + 0x0006A307, 0x00DE32AC, 0x0096BDCA, 0x00955D7D, 0x00DDD21B, 0x000543B0, 0x004DCCD6, + 0x00F8CF59, 0x00B0403F, 0x0068D194, 0x00205EF2, 0x0023BE45, 0x006B3123, 0x00B3A088, + 0x00FB2FEE, 0x0022EB10, 0x006A6476, 0x00B2F5DD, 0x00FA7ABB, 0x00F99A0C, 0x00B1156A, + 0x006984C1, 0x00210BA7, 0x00940828, 0x00DC874E, 0x000416E5, 0x004C9983, 0x004F7934, + 0x0007F652, 0x00DF67F9, 0x0097E89F, 0x00DDF3C3, 0x00957CA5, 0x004DED0E, 0x00056268, + 0x000682DF, 0x004E0DB9, 0x00969C12, 0x00DE1374, 0x006B10FB, 0x00239F9D, 0x00FB0E36, + 0x00B38150, 0x00B061E7, 0x00F8EE81, 0x00207F2A, 0x0068F04C, 0x00B134B2, 0x00F9BBD4, + 0x00212A7F, 0x0069A519, 0x006A45AE, 0x0022CAC8, 0x00FA5B63, 0x00B2D405, 0x0007D78A, + 0x004F58EC, 0x0097C947, 0x00DF4621, 0x00DCA696, 0x009429F0, 0x004CB85B, 0x0004373D, + 0x00057D20, 0x004DF246, 0x009563ED, 0x00DDEC8B, 0x00DE0C3C, 0x0096835A, 0x004E12F1, + 0x00069D97, 0x00B39E18, 0x00FB117E, 0x002380D5, 0x006B0FB3, 0x0068EF04, 0x00206062, + 0x00F8F1C9, 0x00B07EAF, 0x0069BA51, 0x00213537, 0x00F9A49C, 0x00B12BFA, 0x00B2CB4D, + 0x00FA442B, 0x0022D580, 0x006A5AE6, 0x00DF5969, 0x0097D60F, 0x004F47A4, 0x0007C8C2, + 0x00042875, 0x004CA713, 0x009436B8, 0x00DCB9DE }; + +const uint32_t T2[256] = { + 0x00000000, 0x00D70983, 0x00555F80, 0x00825603, 0x0051F286, 0x0086FB05, 0x0004AD06, + 0x00D3A485, 0x0059A88B, 0x008EA108, 0x000CF70B, 0x00DBFE88, 0x00085A0D, 0x00DF538E, + 0x005D058D, 0x008A0C0E, 0x00491C91, 0x009E1512, 0x001C4311, 0x00CB4A92, 0x0018EE17, + 0x00CFE794, 0x004DB197, 0x009AB814, 0x0010B41A, 0x00C7BD99, 0x0045EB9A, 0x0092E219, + 0x0041469C, 0x00964F1F, 0x0014191C, 0x00C3109F, 0x006974A4, 0x00BE7D27, 0x003C2B24, + 0x00EB22A7, 0x00388622, 0x00EF8FA1, 0x006DD9A2, 0x00BAD021, 0x0030DC2F, 0x00E7D5AC, + 0x006583AF, 0x00B28A2C, 0x00612EA9, 0x00B6272A, 0x00347129, 0x00E378AA, 0x00206835, + 0x00F761B6, 0x007537B5, 0x00A23E36, 0x00719AB3, 0x00A69330, 0x0024C533, 0x00F3CCB0, + 0x0079C0BE, 0x00AEC93D, 0x002C9F3E, 0x00FB96BD, 0x00283238, 0x00FF3BBB, 0x007D6DB8, + 0x00AA643B, 0x0029A4CE, 0x00FEAD4D, 0x007CFB4E, 0x00ABF2CD, 0x00785648, 0x00AF5FCB, + 0x002D09C8, 0x00FA004B, 0x00700C45, 0x00A705C6, 0x002553C5, 0x00F25A46, 0x0021FEC3, + 0x00F6F740, 0x0074A143, 0x00A3A8C0, 0x0060B85F, 0x00B7B1DC, 0x0035E7DF, 0x00E2EE5C, + 0x00314AD9, 0x00E6435A, 0x00641559, 0x00B31CDA, 0x003910D4, 0x00EE1957, 0x006C4F54, + 0x00BB46D7, 0x0068E252, 0x00BFEBD1, 0x003DBDD2, 0x00EAB451, 0x0040D06A, 0x0097D9E9, + 0x00158FEA, 0x00C28669, 0x001122EC, 0x00C62B6F, 0x00447D6C, 0x009374EF, 0x001978E1, + 0x00CE7162, 0x004C2761, 0x009B2EE2, 0x00488A67, 0x009F83E4, 0x001DD5E7, 0x00CADC64, + 0x0009CCFB, 0x00DEC578, 0x005C937B, 0x008B9AF8, 0x00583E7D, 0x008F37FE, 0x000D61FD, + 0x00DA687E, 0x00506470, 0x00876DF3, 0x00053BF0, 0x00D23273, 0x000196F6, 0x00D69F75, + 0x0054C976, 0x0083C0F5, 0x00A9041B, 0x007E0D98, 0x00FC5B9B, 0x002B5218, 0x00F8F69D, + 0x002FFF1E, 0x00ADA91D, 0x007AA09E, 0x00F0AC90, 0x0027A513, 0x00A5F310, 0x0072FA93, + 0x00A15E16, 0x00765795, 0x00F40196, 0x00230815, 0x00E0188A, 0x00371109, 0x00B5470A, + 0x00624E89, 0x00B1EA0C, 0x0066E38F, 0x00E4B58C, 0x0033BC0F, 0x00B9B001, 0x006EB982, + 0x00ECEF81, 0x003BE602, 0x00E84287, 0x003F4B04, 0x00BD1D07, 0x006A1484, 0x00C070BF, + 0x0017793C, 0x00952F3F, 0x004226BC, 0x00918239, 0x00468BBA, 0x00C4DDB9, 0x0013D43A, + 0x0099D834, 0x004ED1B7, 0x00CC87B4, 0x001B8E37, 0x00C82AB2, 0x001F2331, 0x009D7532, + 0x004A7CB1, 0x00896C2E, 0x005E65AD, 0x00DC33AE, 0x000B3A2D, 0x00D89EA8, 0x000F972B, + 0x008DC128, 0x005AC8AB, 0x00D0C4A5, 0x0007CD26, 0x00859B25, 0x005292A6, 0x00813623, + 0x00563FA0, 0x00D469A3, 0x00036020, 0x0080A0D5, 0x0057A956, 0x00D5FF55, 0x0002F6D6, + 0x00D15253, 0x00065BD0, 0x00840DD3, 0x00530450, 0x00D9085E, 0x000E01DD, 0x008C57DE, + 0x005B5E5D, 0x0088FAD8, 0x005FF35B, 0x00DDA558, 0x000AACDB, 0x00C9BC44, 0x001EB5C7, + 0x009CE3C4, 0x004BEA47, 0x00984EC2, 0x004F4741, 0x00CD1142, 0x001A18C1, 0x009014CF, + 0x00471D4C, 0x00C54B4F, 0x001242CC, 0x00C1E649, 0x0016EFCA, 0x0094B9C9, 0x0043B04A, + 0x00E9D471, 0x003EDDF2, 0x00BC8BF1, 0x006B8272, 0x00B826F7, 0x006F2F74, 0x00ED7977, + 0x003A70F4, 0x00B07CFA, 0x00677579, 0x00E5237A, 0x00322AF9, 0x00E18E7C, 0x003687FF, + 0x00B4D1FC, 0x0063D87F, 0x00A0C8E0, 0x0077C163, 0x00F59760, 0x00229EE3, 0x00F13A66, + 0x002633E5, 0x00A465E6, 0x00736C65, 0x00F9606B, 0x002E69E8, 0x00AC3FEB, 0x007B3668, + 0x00A892ED, 0x007F9B6E, 0x00FDCD6D, 0x002AC4EE }; + +const uint32_t T3[256] = { + 0x00000000, 0x00520936, 0x00A4126C, 0x00F61B5A, 0x004825D8, 0x001A2CEE, 0x00EC37B4, + 0x00BE3E82, 0x006B0636, 0x00390F00, 0x00CF145A, 0x009D1D6C, 0x002323EE, 0x00712AD8, + 0x00873182, 0x00D538B4, 0x00D60C6C, 0x0084055A, 0x00721E00, 0x00201736, 0x009E29B4, + 0x00CC2082, 0x003A3BD8, 0x006832EE, 0x00BD0A5A, 0x00EF036C, 0x00191836, 0x004B1100, + 0x00F52F82, 0x00A726B4, 0x00513DEE, 0x000334D8, 0x00AC19D8, 0x00FE10EE, 0x00080BB4, + 0x005A0282, 0x00E43C00, 0x00B63536, 0x00402E6C, 0x0012275A, 0x00C71FEE, 0x009516D8, + 0x00630D82, 0x003104B4, 0x008F3A36, 0x00DD3300, 0x002B285A, 0x0079216C, 0x007A15B4, + 0x00281C82, 0x00DE07D8, 0x008C0EEE, 0x0032306C, 0x0060395A, 0x00962200, 0x00C42B36, + 0x00111382, 0x00431AB4, 0x00B501EE, 0x00E708D8, 0x0059365A, 0x000B3F6C, 0x00FD2436, + 0x00AF2D00, 0x00A37F36, 0x00F17600, 0x00076D5A, 0x0055646C, 0x00EB5AEE, 0x00B953D8, + 0x004F4882, 0x001D41B4, 0x00C87900, 0x009A7036, 0x006C6B6C, 0x003E625A, 0x00805CD8, + 0x00D255EE, 0x00244EB4, 0x00764782, 0x0075735A, 0x00277A6C, 0x00D16136, 0x00836800, + 0x003D5682, 0x006F5FB4, 0x009944EE, 0x00CB4DD8, 0x001E756C, 0x004C7C5A, 0x00BA6700, + 0x00E86E36, 0x005650B4, 0x00045982, 0x00F242D8, 0x00A04BEE, 0x000F66EE, 0x005D6FD8, + 0x00AB7482, 0x00F97DB4, 0x00474336, 0x00154A00, 0x00E3515A, 0x00B1586C, 0x006460D8, + 0x003669EE, 0x00C072B4, 0x00927B82, 0x002C4500, 0x007E4C36, 0x0088576C, 0x00DA5E5A, + 0x00D96A82, 0x008B63B4, 0x007D78EE, 0x002F71D8, 0x00914F5A, 0x00C3466C, 0x00355D36, + 0x00675400, 0x00B26CB4, 0x00E06582, 0x00167ED8, 0x004477EE, 0x00FA496C, 0x00A8405A, + 0x005E5B00, 0x000C5236, 0x0046FF6C, 0x0014F65A, 0x00E2ED00, 0x00B0E436, 0x000EDAB4, + 0x005CD382, 0x00AAC8D8, 0x00F8C1EE, 0x002DF95A, 0x007FF06C, 0x0089EB36, 0x00DBE200, + 0x0065DC82, 0x0037D5B4, 0x00C1CEEE, 0x0093C7D8, 0x0090F300, 0x00C2FA36, 0x0034E16C, + 0x0066E85A, 0x00D8D6D8, 0x008ADFEE, 0x007CC4B4, 0x002ECD82, 0x00FBF536, 0x00A9FC00, + 0x005FE75A, 0x000DEE6C, 0x00B3D0EE, 0x00E1D9D8, 0x0017C282, 0x0045CBB4, 0x00EAE6B4, + 0x00B8EF82, 0x004EF4D8, 0x001CFDEE, 0x00A2C36C, 0x00F0CA5A, 0x0006D100, 0x0054D836, + 0x0081E082, 0x00D3E9B4, 0x0025F2EE, 0x0077FBD8, 0x00C9C55A, 0x009BCC6C, 0x006DD736, + 0x003FDE00, 0x003CEAD8, 0x006EE3EE, 0x0098F8B4, 0x00CAF182, 0x0074CF00, 0x0026C636, + 0x00D0DD6C, 0x0082D45A, 0x0057ECEE, 0x0005E5D8, 0x00F3FE82, 0x00A1F7B4, 0x001FC936, + 0x004DC000, 0x00BBDB5A, 0x00E9D26C, 0x00E5805A, 0x00B7896C, 0x00419236, 0x00139B00, + 0x00ADA582, 0x00FFACB4, 0x0009B7EE, 0x005BBED8, 0x008E866C, 0x00DC8F5A, 0x002A9400, + 0x00789D36, 0x00C6A3B4, 0x0094AA82, 0x0062B1D8, 0x0030B8EE, 0x00338C36, 0x00618500, + 0x00979E5A, 0x00C5976C, 0x007BA9EE, 0x0029A0D8, 0x00DFBB82, 0x008DB2B4, 0x00588A00, + 0x000A8336, 0x00FC986C, 0x00AE915A, 0x0010AFD8, 0x0042A6EE, 0x00B4BDB4, 0x00E6B482, + 0x00499982, 0x001B90B4, 0x00ED8BEE, 0x00BF82D8, 0x0001BC5A, 0x0053B56C, 0x00A5AE36, + 0x00F7A700, 0x00229FB4, 0x00709682, 0x00868DD8, 0x00D484EE, 0x006ABA6C, 0x0038B35A, + 0x00CEA800, 0x009CA136, 0x009F95EE, 0x00CD9CD8, 0x003B8782, 0x00698EB4, 0x00D7B036, + 0x0085B900, 0x0073A25A, 0x0021AB6C, 0x00F493D8, 0x00A69AEE, 0x005081B4, 0x00028882, + 0x00BCB600, 0x00EEBF36, 0x0018A46C, 0x004AAD5A }; + +inline uint32_t process8(uint32_t crc, uint8_t data) + { + return (crc >> 8) ^ T0[(crc & 0xff) ^ data]; + } + +inline uint32_t process32(uint32_t crc, uint32_t word) + { + crc ^= word; + crc = T3[(crc >> 0) & 0xff] + ^ T2[(crc >> 8) & 0xff] + ^ T1[(crc >> 16) & 0xff] + ^ T0[(crc >> 24) & 0xff]; + return crc; + } +} + std::unique_ptr CRC24::copy_state() const { return std::unique_ptr(new CRC24(*this)); @@ -17,81 +193,49 @@ std::unique_ptr CRC24::copy_state() const /* * Update a CRC24 Checksum +* +* Implementation uses Slicing-by-N algorithm described in +* "Novel Table Lookup-Based Algorithms for High-Performance +* CRC Generation", by M.Kounavis. +* +* This algorithm uses 4 precomputed look-up tables. First +* table T0 is computed same way as in a method proposed +* by D. Sarwate (1988). Then T_1, T2 and T3 are computed +* in following way: +* +* T1[j] = (T0[j] >> 8) ^ T0[ T0[j] & 0xFF ] +* T2[j] = (T1[j] >> 8) ^ T0[ T1[j] & 0xFF ] +* T3[j] = (T2[j] >> 8) ^ T0[ T2[j] & 0xFF ] +* */ void CRC24::add_data(const uint8_t input[], size_t length) { - const uint32_t TABLE[256] = { - 0x00000000, 0x00864CFB, 0x008AD50D, 0x000C99F6, 0x0093E6E1, 0x0015AA1A, - 0x001933EC, 0x009F7F17, 0x00A18139, 0x0027CDC2, 0x002B5434, 0x00AD18CF, - 0x003267D8, 0x00B42B23, 0x00B8B2D5, 0x003EFE2E, 0x00C54E89, 0x00430272, - 0x004F9B84, 0x00C9D77F, 0x0056A868, 0x00D0E493, 0x00DC7D65, 0x005A319E, - 0x0064CFB0, 0x00E2834B, 0x00EE1ABD, 0x00685646, 0x00F72951, 0x007165AA, - 0x007DFC5C, 0x00FBB0A7, 0x000CD1E9, 0x008A9D12, 0x008604E4, 0x0000481F, - 0x009F3708, 0x00197BF3, 0x0015E205, 0x0093AEFE, 0x00AD50D0, 0x002B1C2B, - 0x002785DD, 0x00A1C926, 0x003EB631, 0x00B8FACA, 0x00B4633C, 0x00322FC7, - 0x00C99F60, 0x004FD39B, 0x00434A6D, 0x00C50696, 0x005A7981, 0x00DC357A, - 0x00D0AC8C, 0x0056E077, 0x00681E59, 0x00EE52A2, 0x00E2CB54, 0x006487AF, - 0x00FBF8B8, 0x007DB443, 0x00712DB5, 0x00F7614E, 0x0019A3D2, 0x009FEF29, - 0x009376DF, 0x00153A24, 0x008A4533, 0x000C09C8, 0x0000903E, 0x0086DCC5, - 0x00B822EB, 0x003E6E10, 0x0032F7E6, 0x00B4BB1D, 0x002BC40A, 0x00AD88F1, - 0x00A11107, 0x00275DFC, 0x00DCED5B, 0x005AA1A0, 0x00563856, 0x00D074AD, - 0x004F0BBA, 0x00C94741, 0x00C5DEB7, 0x0043924C, 0x007D6C62, 0x00FB2099, - 0x00F7B96F, 0x0071F594, 0x00EE8A83, 0x0068C678, 0x00645F8E, 0x00E21375, - 0x0015723B, 0x00933EC0, 0x009FA736, 0x0019EBCD, 0x008694DA, 0x0000D821, - 0x000C41D7, 0x008A0D2C, 0x00B4F302, 0x0032BFF9, 0x003E260F, 0x00B86AF4, - 0x002715E3, 0x00A15918, 0x00ADC0EE, 0x002B8C15, 0x00D03CB2, 0x00567049, - 0x005AE9BF, 0x00DCA544, 0x0043DA53, 0x00C596A8, 0x00C90F5E, 0x004F43A5, - 0x0071BD8B, 0x00F7F170, 0x00FB6886, 0x007D247D, 0x00E25B6A, 0x00641791, - 0x00688E67, 0x00EEC29C, 0x003347A4, 0x00B50B5F, 0x00B992A9, 0x003FDE52, - 0x00A0A145, 0x0026EDBE, 0x002A7448, 0x00AC38B3, 0x0092C69D, 0x00148A66, - 0x00181390, 0x009E5F6B, 0x0001207C, 0x00876C87, 0x008BF571, 0x000DB98A, - 0x00F6092D, 0x007045D6, 0x007CDC20, 0x00FA90DB, 0x0065EFCC, 0x00E3A337, - 0x00EF3AC1, 0x0069763A, 0x00578814, 0x00D1C4EF, 0x00DD5D19, 0x005B11E2, - 0x00C46EF5, 0x0042220E, 0x004EBBF8, 0x00C8F703, 0x003F964D, 0x00B9DAB6, - 0x00B54340, 0x00330FBB, 0x00AC70AC, 0x002A3C57, 0x0026A5A1, 0x00A0E95A, - 0x009E1774, 0x00185B8F, 0x0014C279, 0x00928E82, 0x000DF195, 0x008BBD6E, - 0x00872498, 0x00016863, 0x00FAD8C4, 0x007C943F, 0x00700DC9, 0x00F64132, - 0x00693E25, 0x00EF72DE, 0x00E3EB28, 0x0065A7D3, 0x005B59FD, 0x00DD1506, - 0x00D18CF0, 0x0057C00B, 0x00C8BF1C, 0x004EF3E7, 0x00426A11, 0x00C426EA, - 0x002AE476, 0x00ACA88D, 0x00A0317B, 0x00267D80, 0x00B90297, 0x003F4E6C, - 0x0033D79A, 0x00B59B61, 0x008B654F, 0x000D29B4, 0x0001B042, 0x0087FCB9, - 0x001883AE, 0x009ECF55, 0x009256A3, 0x00141A58, 0x00EFAAFF, 0x0069E604, - 0x00657FF2, 0x00E33309, 0x007C4C1E, 0x00FA00E5, 0x00F69913, 0x0070D5E8, - 0x004E2BC6, 0x00C8673D, 0x00C4FECB, 0x0042B230, 0x00DDCD27, 0x005B81DC, - 0x0057182A, 0x00D154D1, 0x0026359F, 0x00A07964, 0x00ACE092, 0x002AAC69, - 0x00B5D37E, 0x00339F85, 0x003F0673, 0x00B94A88, 0x0087B4A6, 0x0001F85D, - 0x000D61AB, 0x008B2D50, 0x00145247, 0x00921EBC, 0x009E874A, 0x0018CBB1, - 0x00E37B16, 0x006537ED, 0x0069AE1B, 0x00EFE2E0, 0x00709DF7, 0x00F6D10C, - 0x00FA48FA, 0x007C0401, 0x0042FA2F, 0x00C4B6D4, 0x00C82F22, 0x004E63D9, - 0x00D11CCE, 0x00575035, 0x005BC9C3, 0x00DD8538 }; - + uint32_t d[4]; uint32_t tmp = m_crc; + + // Input is word aligned if WA & input == 0 + static const uint8_t WA = (BOTAN_MP_WORD_BITS/8) - 1; + + // Ensure input is word aligned before processing in parallel + for(;length && (reinterpret_cast(input) & WA); length--) + tmp = process8(tmp, *input++); + while(length >= 16) { - tmp = TABLE[((tmp >> 16) ^ input[ 0]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 1]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 2]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 3]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 4]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 5]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 6]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 7]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 8]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[ 9]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[10]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[11]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[12]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[13]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[14]) & 0xFF] ^ (tmp << 8); - tmp = TABLE[((tmp >> 16) ^ input[15]) & 0xFF] ^ (tmp << 8); + load_le(d, input, 4); + tmp = process32(tmp, d[0]); + tmp = process32(tmp, d[1]); + tmp = process32(tmp, d[2]); + tmp = process32(tmp, d[3]); + input += 16; length -= 16; } - for(size_t i = 0; i != length; ++i) - tmp = TABLE[((tmp >> 16) ^ input[i]) & 0xFF] ^ (tmp << 8); + while(length--) + tmp = process8(tmp, *input++); - m_crc = tmp; + m_crc = tmp & 0xffffff; } /* @@ -99,8 +243,9 @@ void CRC24::add_data(const uint8_t input[], size_t length) */ void CRC24::final_result(uint8_t output[]) { - for(size_t i = 0; i != 3; ++i) - output[i] = get_byte(i+1, m_crc); + output[0] = get_byte(3, m_crc); + output[1] = get_byte(2, m_crc); + output[2] = get_byte(1, m_crc); clear(); } diff --git a/src/lib/hash/checksum/crc24/crc24.h b/src/lib/hash/checksum/crc24/crc24.h index 9465b07240..cebb171f67 100644 --- a/src/lib/hash/checksum/crc24/crc24.h +++ b/src/lib/hash/checksum/crc24/crc24.h @@ -1,6 +1,7 @@ /* * CRC24 * (C) 1999-2007 Jack Lloyd +* (C) 2017 [Ribose Inc](https://www.ribose.com). Performed by Krzysztof Kwiatkowski. * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -23,7 +24,7 @@ class BOTAN_PUBLIC_API(2,0) CRC24 final : public HashFunction HashFunction* clone() const override { return new CRC24; } std::unique_ptr copy_state() const override; - void clear() override { m_crc = 0xB704CE; } + void clear() override { m_crc = 0XCE04B7L; } CRC24() { clear(); } ~CRC24() { clear(); } From e5169713cf638a79933a09d263f69da59ac45453 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 29 Oct 2017 12:08:52 -0400 Subject: [PATCH 0115/1008] Include in base type headers Needed for the create calls --- src/lib/block/block_cipher.h | 1 + src/lib/hash/hash.h | 1 + src/lib/mac/mac.h | 1 + src/lib/stream/stream_cipher.h | 1 + 4 files changed, 4 insertions(+) diff --git a/src/lib/block/block_cipher.h b/src/lib/block/block_cipher.h index 9961182faf..a365397fa3 100644 --- a/src/lib/block/block_cipher.h +++ b/src/lib/block/block_cipher.h @@ -10,6 +10,7 @@ #include #include +#include namespace Botan { diff --git a/src/lib/hash/hash.h b/src/lib/hash/hash.h index 3041774b85..01e52e9b6e 100644 --- a/src/lib/hash/hash.h +++ b/src/lib/hash/hash.h @@ -10,6 +10,7 @@ #include #include +#include namespace Botan { diff --git a/src/lib/mac/mac.h b/src/lib/mac/mac.h index b072fbaa2c..1e358a4c56 100644 --- a/src/lib/mac/mac.h +++ b/src/lib/mac/mac.h @@ -11,6 +11,7 @@ #include #include #include +#include namespace Botan { diff --git a/src/lib/stream/stream_cipher.h b/src/lib/stream/stream_cipher.h index 31fa5b3b08..03ffcadd04 100644 --- a/src/lib/stream/stream_cipher.h +++ b/src/lib/stream/stream_cipher.h @@ -10,6 +10,7 @@ #include #include +#include namespace Botan { From 9c927c8699f26da7c79c8f7bfa1163868217bbda Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 29 Oct 2017 12:25:34 -0400 Subject: [PATCH 0116/1008] Another todo --- doc/todo.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/todo.rst b/doc/todo.rst index 50841237d0..b33a7b1f16 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -194,3 +194,8 @@ Documentation * Some howto style docs (setting up CA, ...) * List each cipher, hash, etc, describe its usage, and give the header file and BOTAN_HAS_X macro associated with it. + +Packaging +------------ + +* Create a PPA for Ubuntu From 1007ab45750e4ebfd7c9bfe96efb39b7a1323226 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 29 Oct 2017 13:46:23 -0400 Subject: [PATCH 0117/1008] Update news --- news.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 4e0aebaa63..cdb96ec112 100644 --- a/news.rst +++ b/news.rst @@ -16,7 +16,8 @@ Version 2.4.0, Not Yet Released SSSE3 but not clmul, and better algorithms for systems with clmul and pmull. (GH #1253 #1263) -* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b +* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, + CRC24 (GH #1281) * Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a key was set before accepting data. Previously attempting to use an unkeyed From 44d5d6a7e74a45f717cfedddc0d6186f182066de Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 29 Oct 2017 13:40:45 -0400 Subject: [PATCH 0118/1008] Use a simple PRNG for the tests Not cryptographically secure, but fast! Cuts several seconds off the test suite even on a very fast machine. Probably even more effective for 32-bit systems since the default for HMAC_DRBG is SHA-384. Also it means deterministic tests are used regardless of build configuration which is nice. Improve output for --test-runs which was useful for me when debugging SM2 encryption issue. --- src/tests/test_runner.cpp | 189 +++++++++++++++++--------------------- src/tests/test_runner.h | 4 +- src/tests/tests.cpp | 24 +++-- src/tests/tests.h | 20 ++-- 4 files changed, 114 insertions(+), 123 deletions(-) diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 6900a32ed6..d6b612ded7 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -8,20 +8,8 @@ #include "tests.h" #include +#include #include -#include - -#if defined(BOTAN_HAS_HMAC_DRBG) - #include -#endif - -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include -#endif - -#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) - #include -#endif namespace Botan_Tests { @@ -29,98 +17,72 @@ Test_Runner::Test_Runner(std::ostream& out) : m_output(out) {} namespace { -std::unique_ptr -create_test_rng(const std::string& drbg_seed, std::ostream& output) +/* +* This is a fast, simple, deterministic PRNG that's used for running +* the tests. It is not intended to be cryptographically secure. +*/ +class Testsuite_RNG final : public Botan::RandomNumberGenerator { - std::unique_ptr rng; - -#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_AUTO_RNG_HMAC) - - std::vector seed = Botan::hex_decode(drbg_seed); - if(seed.empty()) - { - const uint64_t ts = Botan_Tests::Test::timestamp(); - seed.resize(8); - Botan::store_be(ts, seed.data()); - } - - output << " rng:HMAC_DRBG(" << BOTAN_AUTO_RNG_HMAC << ") with seed '" << Botan::hex_encode(seed) << "'\n"; + public: + std::string name() const override { return "Testsuite_RNG"; } - // Expand out the seed with a hash to make the DRBG happy - std::unique_ptr mac = - Botan::MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC); - - mac->set_key(seed); - seed.resize(mac->output_length()); - mac->final(seed.data()); - - std::unique_ptr drbg(new Botan::HMAC_DRBG(std::move(mac))); - drbg->initialize_with(seed.data(), seed.size()); - -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - rng.reset(new Botan::Serialized_RNG(drbg.release())); -#else - rng = std::move(drbg); -#endif - -#endif - - if(!rng && drbg_seed != "") - throw Botan_Tests::Test_Error("HMAC_DRBG disabled in build, cannot specify DRBG seed"); + void clear() override + { + m_a = m_b = m_c = m_d = 0; + } -#if defined(BOTAN_HAS_SYSTEM_RNG) - if(!rng) - { - output << " rng:system\n"; - rng.reset(new Botan::System_RNG); - } -#endif + void add_entropy(const uint8_t data[], size_t len) override + { + for(size_t i = 0; i != len; ++i) + { + m_a ^= data[i]; + m_b ^= i; + mix(); + } + } -#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) - if(!rng) - { - output << " rng:autoseeded\n"; -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - rng.reset(new Botan::Serialized_RNG(new Botan::AutoSeeded_RNG)); -#else - rng.reset(new Botan::AutoSeeded_RNG); -#endif + bool is_seeded() const override + { + return true; + } - } -#endif + void randomize(uint8_t out[], size_t len) override + { + for(size_t i = 0; i != len; ++i) + { + out[i] = static_cast(m_a); + mix(); + } + } - if(!rng) - { - // last ditch fallback for RNG-less build - class Bogus_Fallback_RNG final : public Botan::RandomNumberGenerator + Testsuite_RNG(const std::string& drbg_seed, size_t test_counter = 0) { - public: - std::string name() const override { return "Bogus_Fallback_RNG"; } + m_d = static_cast(test_counter); - void clear() override { /* ignored */ } - void add_entropy(const uint8_t[], size_t) override { /* ignored */ } - bool is_seeded() const override { return true; } + add_entropy(reinterpret_cast(drbg_seed.data()), + drbg_seed.size()); + } + private: + void mix() + { + const size_t ROUNDS = 3; - void randomize(uint8_t out[], size_t len) override - { - for(size_t i = 0; i != len; ++i) - { - m_x = (m_x * 31337 + 42); - out[i] = static_cast(m_x >> 7); - } - } + for(size_t i = 0; i != ROUNDS; ++i) + { + m_a += i; - Bogus_Fallback_RNG() : m_x(1) {} - private: - uint32_t m_x; - }; + m_a = Botan::rotl<9>(m_a); + m_b ^= m_a; + m_d ^= m_c; - output << " rng:bogus\n"; - rng.reset(new Bogus_Fallback_RNG); - } + m_a += m_d; + m_c += m_b; + m_c = Botan::rotl<23>(m_c); + } + } - return rng; - } + uint32_t m_a = 0, m_b = 0, m_c = 0, m_d = 0; + }; } @@ -205,20 +167,33 @@ int Test_Runner::run(const std::vector& requested_tests, pf.set(provider); } - std::unique_ptr rng = create_test_rng(drbg_seed, output()); + std::vector seed = Botan::hex_decode(drbg_seed); + if(seed.empty()) + { + const uint64_t ts = Botan_Tests::Test::timestamp(); + seed.resize(8); + Botan::store_be(ts, seed.data()); + } - Botan_Tests::Test::setup_tests(log_success, run_online_tests, run_long_tests, - data_dir, pkcs11_lib, pf, rng.get()); + output() << " drbg_seed:" << Botan::hex_encode(seed) << "\n"; + + Botan_Tests::Test::set_test_options(log_success, + run_online_tests, + run_long_tests, + data_dir, + pkcs11_lib, + pf); for(size_t i = 0; i != runs; ++i) { - const size_t failed = run_tests(req); + std::unique_ptr rng = + std::unique_ptr(new Testsuite_RNG(drbg_seed, i)); - // Throw so main returns an error - if(failed) - { + Botan_Tests::Test::set_test_rng(std::move(rng)); + + const size_t failed = run_tests(req, i, runs); + if(failed > 0) return failed; - } } return 0; @@ -259,7 +234,9 @@ std::string report_out(const std::vector& results, } -size_t Test_Runner::run_tests(const std::vector& tests_to_run) +size_t Test_Runner::run_tests(const std::vector& tests_to_run, + size_t test_run, + size_t tot_test_runs) { size_t tests_ran = 0, tests_failed = 0; @@ -296,7 +273,13 @@ size_t Test_Runner::run_tests(const std::vector& tests_to_run) } const uint64_t total_ns = Botan_Tests::Test::timestamp() - start_time; - output() << "Tests complete ran " << tests_ran << " tests in " + + if(test_run == 0 && tot_test_runs == 1) + output() << "Tests"; + else + output() << "Test run " << (1+test_run) << "/" << tot_test_runs; + + output() << " complete ran " << tests_ran << " tests in " << Botan_Tests::Test::format_time(total_ns) << " "; if(tests_failed > 0) diff --git a/src/tests/test_runner.h b/src/tests/test_runner.h index 96c5620240..a314fdb6b8 100644 --- a/src/tests/test_runner.h +++ b/src/tests/test_runner.h @@ -31,7 +31,9 @@ class Test_Runner final private: std::ostream& output() const { return m_output; } - size_t run_tests(const std::vector& tests_to_run); + size_t run_tests(const std::vector& tests_to_run, + size_t test_run, + const size_t tot_test_runs); std::ostream& m_output; }; diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index 3d937b9de1..bda3cd6484 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -507,7 +507,7 @@ Test* Test::get_test(const std::string& test_name) } // static member variables of Test -Botan::RandomNumberGenerator* Test::m_test_rng = nullptr; +std::unique_ptr Test::m_test_rng; std::string Test::m_data_dir; bool Test::m_log_success = false; bool Test::m_run_online_tests = false; @@ -516,23 +516,27 @@ std::string Test::m_pkcs11_lib; Botan_Tests::Provider_Filter Test::m_provider_filter; //static -void Test::setup_tests(bool log_success, - bool run_online, - bool run_long, - const std::string& data_dir, - const std::string& pkcs11_lib, - const Botan_Tests::Provider_Filter& pf, - Botan::RandomNumberGenerator* rng) +void Test::set_test_options(bool log_success, + bool run_online, + bool run_long, + const std::string& data_dir, + const std::string& pkcs11_lib, + const Botan_Tests::Provider_Filter& pf) { m_data_dir = data_dir; m_log_success = log_success; m_run_online_tests = run_online; m_run_long_tests = run_long; - m_test_rng = rng; m_pkcs11_lib = pkcs11_lib; m_provider_filter = pf; } +//static +void Test::set_test_rng(std::unique_ptr rng) + { + m_test_rng.reset(rng.release()); + } + //static std::string Test::data_file(const std::string& what) { @@ -580,7 +584,7 @@ Botan::RandomNumberGenerator& Test::rng() { if(!m_test_rng) { - throw Test_Error("No usable RNG in build, and this test requires an RNG"); + throw Test_Error("Test requires RNG but no RNG set with Test::set_test_rng"); } return *m_test_rng; } diff --git a/src/tests/tests.h b/src/tests/tests.h index fdbd080f42..9ab8e43b8a 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -353,8 +353,9 @@ class Test Registration(const std::string& name, Test* test); }; - virtual std::vector run() = 0; virtual ~Test() = default; + virtual std::vector run() = 0; + virtual std::vector possible_providers(const std::string&); static std::map>& global_registry(); @@ -395,13 +396,14 @@ class Test return r; } - static void setup_tests(bool log_success, - bool run_online_tests, - bool run_long_tests, - const std::string& data_dir, - const std::string& pkcs11_lib, - const Botan_Tests::Provider_Filter& pf, - Botan::RandomNumberGenerator* rng); + static void set_test_options(bool log_success, + bool run_online_tests, + bool run_long_tests, + const std::string& data_dir, + const std::string& pkcs11_lib, + const Botan_Tests::Provider_Filter& pf); + + static void set_test_rng(std::unique_ptr rng); static bool log_success(); static bool run_online_tests(); @@ -417,7 +419,7 @@ class Test private: static std::string m_data_dir; - static Botan::RandomNumberGenerator* m_test_rng; + static std::unique_ptr m_test_rng; static bool m_log_success, m_run_online_tests, m_run_long_tests; static std::string m_pkcs11_lib; static Botan_Tests::Provider_Filter m_provider_filter; From c9f3da32344479d43c221d035d14ecdd45f6b320 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 2 Nov 2017 11:43:55 -0400 Subject: [PATCH 0119/1008] speed: simplify some code --- src/cli/speed.cpp | 227 ++++++++++++---------------------------------- 1 file changed, 60 insertions(+), 167 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index fa8a09fd70..eb8eeb00fe 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -65,6 +65,7 @@ #if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO) #include #include + #include #include #include #endif @@ -74,58 +75,18 @@ #include #endif -#if defined(BOTAN_HAS_RSA) - #include -#endif - #if defined(BOTAN_HAS_ECC_GROUP) #include #endif -#if defined(BOTAN_HAS_ECDSA) - #include -#endif - -#if defined(BOTAN_HAS_ECKCDSA) - #include -#endif - -#if defined(BOTAN_HAS_ECGDSA) - #include -#endif - -#if defined(BOTAN_HAS_ED25519) - #include -#endif - #if defined(BOTAN_HAS_DL_GROUP) #include #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include -#endif - -#if defined(BOTAN_HAS_CURVE_25519) - #include -#endif - -#if defined(BOTAN_HAS_ECDH) - #include -#endif - #if defined(BOTAN_HAS_MCELIECE) #include #endif -#if defined(BOTAN_HAS_XMSS) - #include -#endif - -#if defined(BOTAN_HAS_SM2) - #include -#endif - #if defined(BOTAN_HAS_NEWHOPE) #include #endif @@ -1539,18 +1500,35 @@ class Speed final : public Command record_result(dec_timer); } - void bench_pk_ka(const Botan::PK_Key_Agreement_Key& key1, - const Botan::PK_Key_Agreement_Key& key2, + void bench_pk_ka(const std::string& algo, const std::string& nm, + const std::string& params, const std::string& provider, - const std::string& kdf, std::chrono::milliseconds msec) { - Botan::PK_Key_Agreement ka1(key1, rng(), kdf, provider); - Botan::PK_Key_Agreement ka2(key2, rng(), kdf, provider); + const std::string kdf = "KDF2(SHA-256)"; // arbitrary choice + + Timer keygen_timer(nm, provider, "keygen"); + + std::unique_ptr key1(keygen_timer.run([&] + { + return Botan::create_private_key(algo, rng(), params); + })); + std::unique_ptr key2(keygen_timer.run([&] + { + return Botan::create_private_key(algo, rng(), params); + })); + + record_result(keygen_timer); - const std::vector ka1_pub = key1.public_value(); - const std::vector ka2_pub = key2.public_value(); + const Botan::PK_Key_Agreement_Key& ka_key1 = dynamic_cast(*key1); + const Botan::PK_Key_Agreement_Key& ka_key2 = dynamic_cast(*key2); + + Botan::PK_Key_Agreement ka1(ka_key1, rng(), kdf, provider); + Botan::PK_Key_Agreement ka2(ka_key2, rng(), kdf, provider); + + const std::vector ka1_pub = ka_key1.public_value(); + const std::vector ka2_pub = ka_key2.public_value(); Timer ka_timer(nm, provider, "key agreements"); @@ -1603,6 +1581,28 @@ class Speed final : public Command record_result(kem_dec_timer); } + void bench_pk_sig_ecc(const std::string& algo, + const std::string& emsa, + const std::string& provider, + const std::vector& params, + std::chrono::milliseconds msec) + { + for(std::string grp : params) + { + const std::string nm = grp.empty() ? algo : (algo + "-" + grp); + + Timer keygen_timer(nm, provider, "keygen"); + + std::unique_ptr key(keygen_timer.run([&] + { + return Botan::create_private_key(algo, rng(), grp); + })); + + record_result(keygen_timer); + bench_pk_sig(*key, nm, provider, emsa, msec); + } + } + void bench_pk_sig(const Botan::Private_Key& key, const std::string& nm, const std::string& provider, @@ -1674,7 +1674,7 @@ class Speed final : public Command std::unique_ptr key(keygen_timer.run([&] { - return new Botan::RSA_PrivateKey(rng(), keylen); + return Botan::create_private_key("RSA", rng(), std::to_string(keylen)); })); record_result(keygen_timer); @@ -1694,20 +1694,7 @@ class Speed final : public Command const std::string& provider, std::chrono::milliseconds msec) { - for(std::string grp : groups) - { - const std::string nm = "ECDSA-" + grp; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key(keygen_timer.run([&] - { - return new Botan::ECDSA_PrivateKey(rng(), Botan::EC_Group(grp)); - })); - - record_result(keygen_timer); - bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); - } + return bench_pk_sig_ecc("ECDSA", "EMSA1(SHA-256)", provider, groups, msec); } #endif @@ -1716,20 +1703,7 @@ class Speed final : public Command const std::string& provider, std::chrono::milliseconds msec) { - for(std::string grp : groups) - { - const std::string nm = "ECKCDSA-" + grp; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key(keygen_timer.run([&] - { - return new Botan::ECKCDSA_PrivateKey(rng(), Botan::EC_Group(grp)); - })); - - record_result(keygen_timer); - bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); - } + return bench_pk_sig_ecc("ECKCDSA", "EMSA1(SHA-256)", provider, groups, msec); } #endif @@ -1738,20 +1712,7 @@ class Speed final : public Command const std::string& provider, std::chrono::milliseconds msec) { - for(std::string grp : groups) - { - const std::string nm = "SM2-" + grp; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key(keygen_timer.run([&] - { - return new Botan::SM2_Signature_PrivateKey(rng(), Botan::EC_Group(grp)); - })); - - record_result(keygen_timer); - bench_pk_sig(*key, nm, provider, "SM3", msec); - } + return bench_pk_sig_ecc("SM2_Sig", "SM3", provider, groups, msec); } #endif @@ -1760,20 +1721,7 @@ class Speed final : public Command const std::string& provider, std::chrono::milliseconds msec) { - for(std::string grp : groups) - { - const std::string nm = "ECGDSA-" + grp; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key(keygen_timer.run([&] - { - return new Botan::ECGDSA_PrivateKey(rng(), Botan::EC_Group(grp)); - })); - - record_result(keygen_timer); - bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); - } + return bench_pk_sig_ecc("ECGDSA", "EMSA1(SHA-256)", provider, groups, msec); } #endif @@ -1781,17 +1729,7 @@ class Speed final : public Command void bench_ed25519(const std::string& provider, std::chrono::milliseconds msec) { - const std::string nm = "Ed25519"; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key(keygen_timer.run([&] - { - return new Botan::Ed25519_PrivateKey(rng()); - })); - - record_result(keygen_timer); - bench_pk_sig(*key, nm, provider, "Pure", msec); + return bench_pk_sig_ecc("Ed25519", "Pure", provider, std::vector{""}, msec); } #endif @@ -1801,22 +1739,10 @@ class Speed final : public Command { for(size_t bits : { 1024, 2048, 3072 }) { - const std::string grp = "modp/ietf/" + std::to_string(bits); - const std::string nm = "DH-" + std::to_string(bits); - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key1(keygen_timer.run([&] - { - return new Botan::DH_PrivateKey(rng(), Botan::DL_Group(grp)); - })); - std::unique_ptr key2(keygen_timer.run([&] - { - return new Botan::DH_PrivateKey(rng(), Botan::DL_Group(grp)); - })); - - record_result(keygen_timer); - bench_pk_ka(*key1, *key2, nm, provider, "KDF2(SHA-256)", msec); + bench_pk_ka("DH", + "DH-" + std::to_string(bits), + "modp/ietf/" + std::to_string(bits), + provider, msec); } } #endif @@ -1828,21 +1754,7 @@ class Speed final : public Command { for(std::string grp : groups) { - const std::string nm = "ECDH-" + grp; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key1(keygen_timer.run([&] - { - return new Botan::ECDH_PrivateKey(rng(), Botan::EC_Group(grp)); - })); - std::unique_ptr key2(keygen_timer.run([&] - { - return new Botan::ECDH_PrivateKey(rng(), Botan::EC_Group(grp)); - })); - - record_result(keygen_timer); - bench_pk_ka(*key1, *key2, nm, provider, "KDF2(SHA-256)", msec); + bench_pk_ka("ECDH", "ECDH-" + grp, grp, provider, msec); } } #endif @@ -1851,21 +1763,7 @@ class Speed final : public Command void bench_curve25519(const std::string& provider, std::chrono::milliseconds msec) { - const std::string nm = "Curve25519"; - - Timer keygen_timer(nm, provider, "keygen"); - - std::unique_ptr key1(keygen_timer.run([&] - { - return new Botan::Curve25519_PrivateKey(rng()); - })); - std::unique_ptr key2(keygen_timer.run([&] - { - return new Botan::Curve25519_PrivateKey(rng()); - })); - - record_result(keygen_timer); - bench_pk_ka(*key1, *key2, nm, provider, "KDF2(SHA-256)", msec); + bench_pk_ka("Curve25519", "Curve25519", "", provider, msec); } #endif @@ -1896,11 +1794,6 @@ class Speed final : public Command size_t n = params.first; size_t t = params.second; - if((msec < std::chrono::milliseconds(5000)) && (n >= 3000)) - { - continue; - } - const std::string nm = "McEliece-" + std::to_string(n) + "," + std::to_string(t) + " (WF=" + std::to_string(Botan::mceliece_work_factor(n, t)) + ")"; @@ -1936,7 +1829,7 @@ class Speed final : public Command std::unique_ptr key(keygen_timer.run([&] { - return new Botan::XMSS_PrivateKey(Botan::XMSS_Parameters::xmss_id_from_string(params), rng()); + return Botan::create_private_key("XMSS", rng(), params); })); record_result(keygen_timer); From d9a456e0b0fe2c3a3f8197f2a3daf7325495010f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 2 Nov 2017 13:47:26 -0400 Subject: [PATCH 0120/1008] Minor SIV/CMAC optimizations --- src/lib/mac/cmac/cmac.cpp | 21 +++++++++++---------- src/lib/modes/aead/siv/siv.cpp | 9 ++++++--- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/src/lib/mac/cmac/cmac.cpp b/src/lib/mac/cmac/cmac.cpp index 9e0a018530..18f7c151c0 100644 --- a/src/lib/mac/cmac/cmac.cpp +++ b/src/lib/mac/cmac/cmac.cpp @@ -25,19 +25,21 @@ secure_vector CMAC::poly_double(const secure_vector& in) */ void CMAC::add_data(const uint8_t input[], size_t length) { + const size_t bs = output_length(); + buffer_insert(m_buffer, m_position, input, length); - if(m_position + length > output_length()) + if(m_position + length > bs) { - xor_buf(m_state, m_buffer, output_length()); + xor_buf(m_state, m_buffer, bs); m_cipher->encrypt(m_state); - input += (output_length() - m_position); - length -= (output_length() - m_position); - while(length > output_length()) + input += (bs - m_position); + length -= (bs - m_position); + while(length > bs) { - xor_buf(m_state, input, output_length()); + xor_buf(m_state, input, bs); m_cipher->encrypt(m_state); - input += output_length(); - length -= output_length(); + input += bs; + length -= bs; } copy_mem(m_buffer.data(), input, length); m_position = 0; @@ -64,8 +66,7 @@ void CMAC::final_result(uint8_t mac[]) m_cipher->encrypt(m_state); - for(size_t i = 0; i != output_length(); ++i) - mac[i] = m_state[i]; + copy_mem(mac, m_state.data(), output_length()); zeroise(m_state); zeroise(m_buffer); diff --git a/src/lib/modes/aead/siv/siv.cpp b/src/lib/modes/aead/siv/siv.cpp index df9a0ef378..3a960e0af4 100644 --- a/src/lib/modes/aead/siv/siv.cpp +++ b/src/lib/modes/aead/siv/siv.cpp @@ -16,7 +16,7 @@ namespace Botan { SIV_Mode::SIV_Mode(BlockCipher* cipher) : m_name(cipher->name() + "/SIV"), - m_ctr(new CTR_BE(cipher->clone())), + m_ctr(new CTR_BE(cipher->clone(), 8)), m_mac(new CMAC(cipher)), m_bs(cipher->block_size()) { @@ -173,8 +173,11 @@ void SIV_Decryption::finish(secure_vector& buffer, size_t offset) { BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); - buffer.insert(buffer.begin() + offset, msg_buf().begin(), msg_buf().end()); - msg_buf().clear(); + if(msg_buf().size() > 0) + { + buffer.insert(buffer.begin() + offset, msg_buf().begin(), msg_buf().end()); + msg_buf().clear(); + } const size_t sz = buffer.size() - offset; From ed4a03da6e04bed8565bc69b1f0c9637b0b4bc3e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 2 Nov 2017 17:10:23 -0400 Subject: [PATCH 0121/1008] Avoid saving a session to SQL database with empty hostname This happens if the hostname is unknown or specified as an IP. --- src/lib/tls/sessions_sql/tls_session_manager_sql.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index 4287172f4a..45b3059f54 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -170,6 +170,9 @@ size_t Session_Manager_SQL::remove_all() void Session_Manager_SQL::save(const Session& session) { + if(session.server_info().hostname().empty()) + return; + auto stmt = m_db->new_statement("insert or replace into tls_sessions" " values(?1, ?2, ?3, ?4, ?5)"); From 9e2fb18a1a61285bf35780631bbae44dfd099aa2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 2 Nov 2017 17:51:51 -0400 Subject: [PATCH 0122/1008] Avoid using semicolon at and of do { } while(0) macro block. Clearly I have a tic for this. --- src/lib/block/serpent/serpent_sbox.h | 32 +++++++++---------- .../serpent/serpent_simd/serpent_simd.cpp | 6 ++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/lib/block/serpent/serpent_sbox.h b/src/lib/block/serpent/serpent_sbox.h index 2301893a58..ab8c7cb76e 100644 --- a/src/lib/block/serpent/serpent_sbox.h +++ b/src/lib/block/serpent/serpent_sbox.h @@ -34,7 +34,7 @@ B3 = B0; \ B0 = B1; \ B1 = B4; \ - } while(0); + } while(0) #define SBoxE2(B0, B1, B2, B3) \ do { \ @@ -60,7 +60,7 @@ B2 = B3; \ B3 = B1; \ B1 = B4; \ - } while(0); + } while(0) #define SBoxE3(B0, B1, B2, B3) \ do { \ @@ -83,7 +83,7 @@ B2 = B1; \ B1 = B3; \ B3 = ~B4; \ - } while(0); + } while(0) #define SBoxE4(B0, B1, B2, B3) \ do { \ @@ -109,7 +109,7 @@ B1 = B2; \ B2 = B3; \ B3 = B4; \ - } while(0); + } while(0) #define SBoxE5(B0, B1, B2, B3) \ do { \ @@ -136,7 +136,7 @@ B2 = B0; \ B0 = B1; \ B1 = B4; \ - } while(0); + } while(0) #define SBoxE6(B0, B1, B2, B3) \ do { \ @@ -163,7 +163,7 @@ B0 = B1; \ B1 = B3; \ B3 = B4; \ - } while(0); + } while(0) #define SBoxE7(B0, B1, B2, B3) \ do { \ @@ -186,7 +186,7 @@ B2 &= B4; \ B3 ^= B2; \ B2 = B4; \ - } while(0); + } while(0) #define SBoxE8(B0, B1, B2, B3) \ do { \ @@ -214,7 +214,7 @@ B1 = B3; \ B3 = B0; \ B0 = B4; \ - } while(0); + } while(0) #define SBoxD1(B0, B1, B2, B3) \ do { \ @@ -239,7 +239,7 @@ B4 ^= B2; \ B2 = B1; \ B1 = B4; \ - } while(0); + } while(0) #define SBoxD2(B0, B1, B2, B3) \ do { \ @@ -267,7 +267,7 @@ B4 = B2; \ B2 = B3; \ B3 = B4; \ - } while(0); + } while(0) #define SBoxD3(B0, B1, B2, B3) \ do { \ @@ -292,7 +292,7 @@ B3 ^= B0; \ B0 = B1; \ B1 = B4; \ - } while(0); + } while(0) #define SBoxD4(B0, B1, B2, B3) \ do { \ @@ -318,7 +318,7 @@ B0 = B2; \ B2 = B3; \ B3 = B4; \ - } while(0); + } while(0) #define SBoxD5(B0, B1, B2, B3) \ do { \ @@ -344,7 +344,7 @@ B2 ^= B1; \ B1 = B3; \ B3 = B4; \ - } while(0); + } while(0) #define SBoxD6(B0, B1, B2, B3) \ do { \ @@ -372,7 +372,7 @@ B4 = B3; \ B3 = B2; \ B2 = B4; \ - } while(0); + } while(0) #define SBoxD7(B0, B1, B2, B3) \ do { \ @@ -396,7 +396,7 @@ B0 = B1; \ B1 = B2; \ B2 = B4; \ - } while(0); + } while(0) #define SBoxD8(B0, B1, B2, B3) \ do { \ @@ -423,6 +423,6 @@ B1 = B0; \ B0 = B3; \ B3 = B4; \ - } while(0); + } while(0) #endif diff --git a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp index b184b0d4af..ad4871cf68 100644 --- a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp +++ b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp @@ -17,7 +17,7 @@ namespace Botan { B1 ^= SIMD_32::splat(m_round_key[4*round+1]); \ B2 ^= SIMD_32::splat(m_round_key[4*round+2]); \ B3 ^= SIMD_32::splat(m_round_key[4*round+3]); \ - } while(0); + } while(0) /* * Serpent's linear transformations @@ -34,7 +34,7 @@ namespace Botan { B2 ^= B3 ^ (B1 << 7); \ B0 = B0.rotl<5>(); \ B2 = B2.rotl<22>(); \ - } while(0); + } while(0) #define i_transform(B0, B1, B2, B3) \ do { \ @@ -48,7 +48,7 @@ namespace Botan { B1 ^= B0 ^ B2; \ B2 = B2.rotr<3>(); \ B0 = B0.rotr<13>(); \ - } while(0); + } while(0) /* * SIMD Serpent Encryption of 4 blocks in parallel From 334db5fc568999edc88f83e0570732cc1f4901d0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 2 Nov 2017 17:54:57 -0400 Subject: [PATCH 0123/1008] Format tweaks --- src/lib/block/shacal2/shacal2.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/block/shacal2/shacal2.cpp b/src/lib/block/shacal2/shacal2.cpp index dd4224ed46..3de838329c 100644 --- a/src/lib/block/shacal2/shacal2.cpp +++ b/src/lib/block/shacal2/shacal2.cpp @@ -179,8 +179,8 @@ void SHACAL2::key_schedule(const uint8_t key[], size_t len) for(size_t i = 16; i != 64; ++i) { - const uint32_t sigma0_15 = rotr<7>(m_RK[i-15]) ^ rotr<18>(m_RK[i-15]) ^ (m_RK[i-15] >> 3); - const uint32_t sigma1_2 = rotr<17>(m_RK[i-2]) ^ rotr<19>(m_RK[i-2]) ^ (m_RK[i-2] >> 10); + const uint32_t sigma0_15 = rotr< 7>(m_RK[i-15]) ^ rotr<18>(m_RK[i-15]) ^ (m_RK[i-15] >> 3); + const uint32_t sigma1_2 = rotr<17>(m_RK[i- 2]) ^ rotr<19>(m_RK[i- 2]) ^ (m_RK[i- 2] >> 10); m_RK[i] = m_RK[i-16] + sigma0_15 + m_RK[i-7] + sigma1_2; } From 5de6a1d97996ba5ec150ea0f4b4c374681668b68 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 2 Nov 2017 20:42:06 -0400 Subject: [PATCH 0124/1008] Add some KDF2 values from Bouncy Castle --- src/tests/data/kdf/kdf2.vec | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/tests/data/kdf/kdf2.vec b/src/tests/data/kdf/kdf2.vec index 7c5a771cf2..6431bea6e6 100644 --- a/src/tests/data/kdf/kdf2.vec +++ b/src/tests/data/kdf/kdf2.vec @@ -1,4 +1,7 @@ [KDF2(SHA-160)] + +# Source unknown + Secret = FD7A43EA8A443C580C0DE618ECC013704505EFF8B5A4A9 Salt = BF0B2ECD1724A348211D8C0CA7 Output = 79 @@ -302,3 +305,19 @@ Output = 7B80CD69345CBA9E46186372DD6602F2CB55496364CEEA96823110E28CAA68BB200F56F Secret = 6FD4C3C0F38E5C7A6F83E99CD9BD Salt = DBB986 Output = 02AEB40A3D4B66FBA540F9D4B20006F2046E0F3A029DEAB201FC692B79EB27CEF7E16069046A + +# Following values from BouncyCastle + +Secret = CA7C0F8C3FFA87A96E1B74AC8E6AF594347BB40A +Output = 744AB703F5BC082E59185F6D049D2D367DB245C2 + +Secret = 0499B502FC8B5BAFB0F4047E731D1F9FD8CD0D8881 +Output = 03C62280C894E103C680B13CD4B4AE740A5EF0C72547292F82DC6B1777F47D63BA9D1EA732DBF386 + +Secret = 032E45326FA859A72EC235ACFF929B15D1372E30B207255F0611B8F785D764374152E0AC009E509E7BA30CD2F1778E113B64E135CF4E2292C75EFE5288EDFDA4 +Output = 0E6A26EB7B956CCB8B3BDC1CA975BC57C3989E8FBAD31A224655D800C46954840FF32052CDF0D640562BDFADFA263CFCCF3C52B29F2AF4A1869959BC77F854CF15BD7A25192985A842DBFF8E13EFEE5B7E7E55BBE4D389647C686A9A9AB3FB889B2D7767D3837EEA4E0A2F04B53CA8F50FB31225C1BE2D0126C8C7A4753B0807 + +[KDF2(SHA-256)] +# From BouncyCastle +Secret = 032E45326FA859A72EC235ACFF929B15D1372E30B207255F0611B8F785D764374152E0AC009E509E7BA30CD2F1778E113B64E135CF4E2292C75EFE5288EDFDA4 +Output = 10A2403DB42A8743CB989DE86E668D168CBE6046E23FF26F741E87949A3BBA1311AC179F819A3D18412E9EB45668F2923C087C1299005F8D5FD42CA257BC93E8FEE0C5A0D2A8AA70185401FBBD99379EC76C663E9A29D0B70F3FE261A59CDC24875A60B4AACB1319FA11C3365A8B79A44669F26FBA933D012DB213D7E3B16349 From 129fb36cab63863ad2b697900666f6d088c3c76c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 3 Nov 2017 11:19:42 -0400 Subject: [PATCH 0125/1008] Add support for ARIA GCM ciphersuites Tested against OpenSSL master --- doc/manual/tls.rst | 3 ++- src/lib/tls/tls_policy.cpp | 2 ++ src/lib/tls/tls_suite_info.cpp | 18 +++++++++++++++++- src/scripts/tls_suite_info.py | 12 ++++++------ src/tests/unit_tls.cpp | 5 +++++ 5 files changed, 32 insertions(+), 8 deletions(-) diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 4d7cc7e08d..aa075141d1 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -805,7 +805,8 @@ policy settings from a file. "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128" Also allowed: "AES-256/CCM(8)", "AES-128/CCM(8)", - "Camellia-256/GCM", "Camellia-128/GCM", "Camellia-256", "Camellia-128" + "Camellia-256/GCM", "Camellia-128/GCM", "ARIA-256/GCM", "ARIA-128/GCM", + "Camellia-256", "Camellia-128" Also allowed (though currently experimental): "AES-128/OCB(12)", "AES-256/OCB(12)" diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 0a7e78e659..5d82eee0c7 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -33,6 +33,8 @@ std::vector Policy::allowed_ciphers() const //"AES-128/CCM(8)", //"Camellia-256/GCM", //"Camellia-128/GCM", + //"ARIA-256/GCM", + //"ARIA-128/GCM", "AES-256", "AES-128", //"Camellia-256", diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index e32f119187..90b158457a 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash ac96406c0080f669ca9442b0f5efcb31549ecb2e) -* by ./src/scripts/tls_suite_info.py on 2017-08-22 +* by ./src/scripts/tls_suite_info.py on 2017-11-03 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -116,6 +116,22 @@ const std::vector& Ciphersuite::all_known_ciphersuites() Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20, ""), Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32, ""), Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48, ""), + Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", "RSA", "RSA", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", "RSA", "RSA", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", "RSA", "DH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", "RSA", "DH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC056, "DHE_DSS_WITH_ARIA_128_GCM_SHA256", "DSA", "DH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC057, "DHE_DSS_WITH_ARIA_256_GCM_SHA384", "DSA", "DH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC05A, "DH_anon_WITH_ARIA_128_GCM_SHA256", "", "DH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC05B, "DH_anon_WITH_ARIA_256_GCM_SHA384", "", "DH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", "ECDSA", "ECDH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", "ECDSA", "ECDH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", "RSA", "ECDH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", "RSA", "ECDH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", "", "PSK", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", "", "PSK", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xC06C, "DHE_PSK_WITH_ARIA_128_GCM_SHA256", "", "DHE_PSK", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xC06D, "DHE_PSK_WITH_ARIA_256_GCM_SHA384", "", "DHE_PSK", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), Ciphersuite(0xC072, "ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), Ciphersuite(0xC073, "ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48, ""), Ciphersuite(0xC076, "ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index ec91d598ae..fd944f3760 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -176,10 +176,10 @@ def process_command_line(args): parser.add_option('--without-ocb', action='store_false', dest='with_ocb', help='disable OCB AEAD suites') - parser.add_option('--with-aria', action='store_true', default=False, - help='enable ARIA suites') - parser.add_option('--without-aria', action='store_false', dest='with_aria', - help='disable ARIA suites') + parser.add_option('--with-aria-cbc', action='store_true', default=False, + help='enable ARIA CBC suites') + parser.add_option('--without-aria-cbc', action='store_false', dest='with_aria_cbc', + help='disable ARIA CBC suites') parser.add_option('--with-cecpq1', action='store_true', default=True, help='enable CECPQ1 suites') @@ -212,8 +212,8 @@ def main(args = None): (options, args) = process_command_line(args) - if options.with_aria == False: - not_supported += ['ARIA'] + if not options.with_aria_cbc: + not_supported += ['ARIA_128_CBC', 'ARIA_256_CBC'] ciphersuite_re = re.compile(' +0x([0-9a-fA-F][0-9a-fA-F]),0x([0-9a-fA-F][0-9a-fA-F]) + TLS_([A-Za-z_0-9]+) ') diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index c181e5c92e..b22028a0eb 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1324,6 +1324,11 @@ class TLS_Unit_Tests final : public Test test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "Camellia-256/GCM", "AEAD"); #endif +#if defined(BOTAN_HAS_ARIA) + test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "ARIA-128/GCM", "AEAD"); + test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "ARIA-256/GCM", "AEAD"); +#endif + #if defined(BOTAN_HAS_CECPQ1) #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_GCM) From 16e232c789baaca04d4bd832931d1c3590c6a331 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 3 Nov 2017 18:39:14 -0400 Subject: [PATCH 0126/1008] Update news --- news.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news.rst b/news.rst index cdb96ec112..806251ac06 100644 --- a/news.rst +++ b/news.rst @@ -7,6 +7,9 @@ Version 2.4.0, Not Yet Released * Support for negotiating the DH group as specified in RFC 7919 is now available in TLS (GH #1263) +* Support for ARIA-GCM ciphersuites are now available in TLS. They + are disabled by default. (GH #1284) + * Add support for verifying X.509 objects (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270) From 6a4ef2e84d321da042e67afcd6e6f93cb198d4cb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 5 Nov 2017 10:39:56 -0500 Subject: [PATCH 0127/1008] Fix shadow warning [ci skip] --- src/tests/test_stream.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp index 357b8c769b..c430c0cf30 100644 --- a/src/tests/test_stream.cpp +++ b/src/tests/test_stream.cpp @@ -103,8 +103,11 @@ class Stream_Cipher_Tests final : public Text_Based_Test result.test_eq("Clone has same name", cipher->name(), clone->name()); clone->set_key(Test::rng().random_vec(cipher->maximum_keylength())); + { std::vector buf = input; cipher->encrypt(buf); + result.test_eq(provider, "encrypt", buf, expected); + } cipher->clear(); @@ -118,8 +121,6 @@ class Stream_Cipher_Tests final : public Text_Based_Test { result.test_success("Trying to encrypt with no key set (after clear) fails"); } - - result.test_eq(provider, "encrypt", buf, expected); } return result; From 70b5a6ac8e8787d38286edcd5dd9135bd32125b0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 5 Nov 2017 11:33:31 -0500 Subject: [PATCH 0128/1008] Additionally deprecate static RSA key exchange. It complicates the state machine and has severe security problems. (Not just missing PFS, but also exposing a decryption oracle that otherwise is not available.) [ci skip] --- doc/deprecated.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/deprecated.txt b/doc/deprecated.txt index 82505566fc..9ad99a69de 100644 --- a/doc/deprecated.txt +++ b/doc/deprecated.txt @@ -15,11 +15,13 @@ in the source. - Platform support for BeOS and IRIX operating systems -- 3DES and SEED ciphersuites in TLS +- TLS: 3DES and SEED ciphersuites -- Anonymous DH/ECDH ciphersuites in TLS +- TLS: Anonymous DH/ECDH ciphersuites -- DSA ciphersuites/certs in TLS +- TLS: DSA ciphersuites/certs + +- TLS: static RSA key exchange ciphersuites - Block ciphers CAST-256, Kasumi, MISTY1, and DESX. From 7e3cfd7eb4cc9165c9c53c81c3613c23db433cd7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 5 Nov 2017 21:22:59 -0500 Subject: [PATCH 0129/1008] Add SHACAL2 test from Bouncy Castle [ci skip] --- src/tests/data/block/shacal2.vec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/tests/data/block/shacal2.vec b/src/tests/data/block/shacal2.vec index e72b1b078b..5eaf70a293 100644 --- a/src/tests/data/block/shacal2.vec +++ b/src/tests/data/block/shacal2.vec @@ -1,5 +1,10 @@ [SHACAL2] +# From Bouncy Castle +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +In = 98BCC10405AB0BFC686BECECAAD01AC19B452511BCEB9CB094F905C51CA45430 +Out = 00112233445566778899AABBCCDDEEFF102132435465768798A9BACBDCEDFE0F + # Tests for short key handling Key = 80000000000000000000000000000000 In = 0000000000000000000000000000000000000000000000000000000000000000 From 2aea9e3b2d6d9a3ad1f5e3c76e7e0d99c0872122 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 9 Nov 2017 12:19:28 -0500 Subject: [PATCH 0130/1008] Add UCS-2 and UCS-4 to UTF-8 conversion functions Crosschecked by fuzzing and comparing with iconv Needed in #1250 --- src/lib/utils/charset.cpp | 81 ++++++++++++++++++++++++++++++++++++++ src/lib/utils/charset.h | 16 ++++++++ src/tests/data/charset.vec | 20 +++++++++- src/tests/test_utils.cpp | 19 +++++++-- 4 files changed, 131 insertions(+), 5 deletions(-) diff --git a/src/lib/utils/charset.cpp b/src/lib/utils/charset.cpp index 546e4e74d1..dadee8f78c 100644 --- a/src/lib/utils/charset.cpp +++ b/src/lib/utils/charset.cpp @@ -7,10 +7,91 @@ #include #include +#include #include namespace Botan { +namespace { + +void append_utf8_for(std::string& s, uint32_t c) + { + if(c >= 0xD800 && c < 0xE000) + throw Decoding_Error("Invalid Unicode character"); + + if(c <= 0x7F) + { + const uint8_t b0 = static_cast(c); + s.push_back(static_cast(b0)); + } + else if(c <= 0x7FF) + { + const uint8_t b0 = 0xC0 | static_cast(c >> 6); + const uint8_t b1 = 0x80 | static_cast(c & 0x3F); + s.push_back(static_cast(b0)); + s.push_back(static_cast(b1)); + } + else if(c <= 0xFFFF) + { + const uint8_t b0 = 0xE0 | static_cast(c >> 12); + const uint8_t b1 = 0x80 | static_cast((c >> 6) & 0x3F); + const uint8_t b2 = 0x80 | static_cast(c & 0x3F); + s.push_back(static_cast(b0)); + s.push_back(static_cast(b1)); + s.push_back(static_cast(b2)); + } + else if(c <= 0x10FFFF) + { + const uint8_t b0 = 0xF0 | static_cast(c >> 18); + const uint8_t b1 = 0x80 | static_cast((c >> 12) & 0x3F); + const uint8_t b2 = 0x80 | static_cast((c >> 6) & 0x3F); + const uint8_t b3 = 0x80 | static_cast(c & 0x3F); + s.push_back(static_cast(b0)); + s.push_back(static_cast(b1)); + s.push_back(static_cast(b2)); + s.push_back(static_cast(b3)); + } + else + throw Decoding_Error("Invalid Unicode character"); + + } + +} + +std::string ucs2_to_utf8(const uint8_t ucs2[], size_t len) + { + if(len % 2 != 0) + throw Decoding_Error("Invalid length for UCS-2 string"); + + const size_t chars = len / 2; + + std::string s; + for(size_t i = 0; i != chars; ++i) + { + const uint16_t c = load_be(ucs2, i); + append_utf8_for(s, c); + } + + return s; + } + +std::string ucs4_to_utf8(const uint8_t ucs4[], size_t len) + { + if(len % 4 != 0) + throw Decoding_Error("Invalid length for UCS-4 string"); + + const size_t chars = len / 4; + + std::string s; + for(size_t i = 0; i != chars; ++i) + { + const uint32_t c = load_be(ucs4, i); + append_utf8_for(s, c); + } + + return s; + } + namespace Charset { namespace { diff --git a/src/lib/utils/charset.h b/src/lib/utils/charset.h index 528ab908ba..3f2ff99129 100644 --- a/src/lib/utils/charset.h +++ b/src/lib/utils/charset.h @@ -23,6 +23,22 @@ enum Character_Set { LATIN1_CHARSET }; +/** +* Convert a sequence of UCS-2 (big endian) characters to a UTF-8 string +* This is used for ASN.1 BMPString type +* @param ucs2 the sequence of UCS-2 characters +* @param len length of ucs2 in bytes, must be a multiple of 2 +*/ +std::string BOTAN_UNSTABLE_API ucs2_to_utf8(const uint8_t ucs2[], size_t len); + +/** +* Convert a sequence of UCS-4 (big endian) characters to a UTF-8 string +* This is used for ASN.1 UniversalString type +* @param ucs4 the sequence of UCS-4 characters +* @param len length of ucs4 in bytes, must be a multiple of 4 +*/ +std::string BOTAN_UNSTABLE_API ucs4_to_utf8(const uint8_t ucs4[], size_t len); + namespace Charset { /* diff --git a/src/tests/data/charset.vec b/src/tests/data/charset.vec index dd64ac6e34..6f12be8c22 100644 --- a/src/tests/data/charset.vec +++ b/src/tests/data/charset.vec @@ -1,3 +1,21 @@ +[UCS2-UTF8] +In = 0042006F00740061006E +Out = 426F74616E + +# Nonsense, converted with iconv +In = 03B404960556096710751827FFF0 +Out = CEB4D296D596E0A5A7E181B5E1A0A7EFBFB0 + +In = B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B246B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B2B204 +Out = EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8986EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8AB2EB8884 + +In = 0A0000000000000000000000000030000000000000001D1D1D1D01000000000000001D1D1D1D00000000000000000000 +Out = E0A880000000000000E38080000000E1B49DE1B49DC480000000E1B49DE1B49D0000000000 + +[UCS4-UTF8] +In = 0000004800000065000000690000007A000000F60000006C00000072000000FC000000630000006B00000073000000740000006F000000DF000000610000006200000064000000E40000006D0000007000000066000000750000006E00000067 +Out = 4865697AC3B66C72C3BC636B73746FC39F616264C3A46D7066756E67 + [UTF16-LATIN1] # Botan @@ -38,4 +56,4 @@ Out = 4865697AC3B66C72C3BC636B73746FC39F616264C3A46D7066756E67 # ÿ@Ãé¿ã!ð In = FF40D0E9BFE321F0 -Out = C3BF40C390C3A9C2BFC3A321C3B0 \ No newline at end of file +Out = C3BF40C390C3A9C2BFC3A321C3B0 diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index 57cd3208c6..da2d25d5ec 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -409,22 +409,33 @@ class Charset_Tests final : public Text_Based_Test const std::vector in = get_req_bin(vars, "In"); const std::vector expected = get_req_bin(vars, "Out"); + const std::string in_str(in.begin(), in.end()); + std::string converted; - if(type == "UTF16-LATIN1") + + if(type == "UCS2-UTF8") + { + converted = Botan::ucs2_to_utf8(in.data(), in.size()); + } + else if(type == "UCS4-UTF8") + { + converted = Botan::ucs4_to_utf8(in.data(), in.size()); + } + else if(type == "UTF16-LATIN1") { - converted = Botan::Charset::transcode(std::string(in.begin(), in.end()), + converted = Botan::Charset::transcode(in_str, Botan::Character_Set::LATIN1_CHARSET, Botan::Character_Set::UCS2_CHARSET); } else if(type == "UTF8-LATIN1") { - converted = Botan::Charset::transcode(std::string(in.begin(), in.end()), + converted = Botan::Charset::transcode(in_str, Botan::Character_Set::LATIN1_CHARSET, Botan::Character_Set::UTF8_CHARSET); } else if(type == "LATIN1-UTF8") { - converted = Botan::Charset::transcode(std::string(in.begin(), in.end()), + converted = Botan::Charset::transcode(in_str, Botan::Character_Set::UTF8_CHARSET, Botan::Character_Set::LATIN1_CHARSET); } From 3bc43de0a1e8ca1e05dc8b85c0965425b15ad806 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Wed, 11 Oct 2017 21:34:31 +0200 Subject: [PATCH 0131/1008] add a failing test for an UTF-8 string and a successful test for ASCII --- src/tests/test_asn1.cpp | 57 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index 5c54f2bb4c..ee809a0c8d 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -9,6 +9,7 @@ #if defined(BOTAN_HAS_ASN1) #include #include + #include #endif namespace Botan_Tests { @@ -46,6 +47,60 @@ Test::Result test_ber_stack_recursion() } +Test::Result test_asn1_utf8_ascii_parsing() + { + Test::Result result("ASN.1 ASCII parsing"); + + try + { + // \x13 - ASN1 tag for 'printable string' + // \x06 - 6 characters of payload + // ... - UTF-8 encoded (ASCII chars only) word 'Moscow' + const std::string privet = + "\x13\x06\x4D\x6F\x73\x63\x6F\x77"; + Botan::DataSource_Memory input(privet.data()); + Botan::BER_Decoder dec(input); + + Botan::ASN1_String str; + str.decode_from(dec); + + result.test_success("No crash"); + } + catch(const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + +Test::Result test_asn1_utf8_parsing() + { + Test::Result result("ASN.1 UTF-8 parsing"); + + try + { + // \x0C - ASN1 tag for 'UTF8 string' + // \x0C - 12 characters of payload + // ... - UTF-8 encoded russian word for Moscow in cyrilic script + const std::string privet = + "\x0C\x0C\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::DataSource_Memory input(privet.data()); + Botan::BER_Decoder dec(input); + + Botan::ASN1_String str; + str.decode_from(dec); + + result.test_success("No crash"); + } + catch(const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + class ASN1_Tests final : public Test { public: @@ -54,6 +109,8 @@ class ASN1_Tests final : public Test std::vector results; results.push_back(test_ber_stack_recursion()); + results.push_back(test_asn1_utf8_ascii_parsing()); + results.push_back(test_asn1_utf8_parsing()); return results; } From 8a93eae8b6f159c0c66bee0f04bf446ef0bc3ac4 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Wed, 11 Oct 2017 21:59:17 +0200 Subject: [PATCH 0132/1008] switch to default utf-8 string in ASN1_String --- src/lib/asn1/asn1_str.cpp | 14 +++++++------- src/lib/asn1/asn1_str.h | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 526e101586..aabfd00488 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -61,11 +61,11 @@ ASN1_Tag choose_encoding(const std::string& str, /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_iso_8859_str(Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET)), m_tag(t) +ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_utf8_str(str), m_tag(t) { if(m_tag == DIRECTORY_STRING) - m_tag = choose_encoding(m_iso_8859_str, "latin1"); + m_tag = choose_encoding(m_utf8_str, "utf8"); if(m_tag != NUMERIC_STRING && m_tag != PRINTABLE_STRING && @@ -81,7 +81,7 @@ ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_iso_8859_str(Ch /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str) : m_iso_8859_str(Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET)), m_tag(choose_encoding(m_iso_8859_str, "latin1")) +ASN1_String::ASN1_String(const std::string& str) : m_utf8_str(str), m_tag(choose_encoding(m_utf8_str, "utf8")) {} /* @@ -89,15 +89,15 @@ ASN1_String::ASN1_String(const std::string& str) : m_iso_8859_str(Charset::trans */ std::string ASN1_String::iso_8859() const { - return m_iso_8859_str; + return Charset::transcode(m_utf8_str, LATIN1_CHARSET, UTF8_CHARSET); } /* -* Return this string in local encoding +* Return this string in UTF-8 encoding */ std::string ASN1_String::value() const { - return Charset::transcode(m_iso_8859_str, LATIN1_CHARSET, LOCAL_CHARSET); + return m_utf8_str; } /* @@ -136,7 +136,7 @@ void ASN1_String::decode_from(BER_Decoder& source) charset_is = LATIN1_CHARSET; *this = ASN1_String( - Charset::transcode(ASN1::to_string(obj), LOCAL_CHARSET, charset_is), + Charset::transcode(ASN1::to_string(obj), UTF8_CHARSET, charset_is), obj.type_tag); } diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index 9e02375501..3ad82582e1 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -29,7 +29,7 @@ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object explicit ASN1_String(const std::string& = ""); ASN1_String(const std::string&, ASN1_Tag); private: - std::string m_iso_8859_str; + std::string m_utf8_str; ASN1_Tag m_tag; }; From ce88363acee0c0b403891208def5e54c0633a752 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Wed, 11 Oct 2017 22:27:58 +0200 Subject: [PATCH 0133/1008] allow encoding of UTF-8 strings --- src/lib/asn1/asn1_str.cpp | 5 +-- src/tests/test_asn1.cpp | 73 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 70 insertions(+), 8 deletions(-) diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index aabfd00488..43331d414f 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -113,10 +113,7 @@ ASN1_Tag ASN1_String::tagging() const */ void ASN1_String::encode_into(DER_Encoder& encoder) const { - std::string value = iso_8859(); - if(tagging() == UTF8_STRING) - value = Charset::transcode(value, LATIN1_CHARSET, UTF8_CHARSET); - encoder.add_object(tagging(), UNIVERSAL, value); + encoder.add_object(tagging(), UNIVERSAL, m_utf8_str); } /* diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index ee809a0c8d..a034a64ce7 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -56,9 +56,9 @@ Test::Result test_asn1_utf8_ascii_parsing() // \x13 - ASN1 tag for 'printable string' // \x06 - 6 characters of payload // ... - UTF-8 encoded (ASCII chars only) word 'Moscow' - const std::string privet = + const std::string moscow = "\x13\x06\x4D\x6F\x73\x63\x6F\x77"; - Botan::DataSource_Memory input(privet.data()); + Botan::DataSource_Memory input(moscow.data()); Botan::BER_Decoder dec(input); Botan::ASN1_String str; @@ -83,9 +83,9 @@ Test::Result test_asn1_utf8_parsing() // \x0C - ASN1 tag for 'UTF8 string' // \x0C - 12 characters of payload // ... - UTF-8 encoded russian word for Moscow in cyrilic script - const std::string privet = + const std::string moscow = "\x0C\x0C\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; - Botan::DataSource_Memory input(privet.data()); + Botan::DataSource_Memory input(moscow.data()); Botan::BER_Decoder dec(input); Botan::ASN1_String str; @@ -101,6 +101,69 @@ Test::Result test_asn1_utf8_parsing() return result; } +Test::Result test_asn1_ascii_encoding() + { + Test::Result result("ASN.1 ASCII encoding"); + + try + { + // UTF-8 encoded (ASCII chars only) word 'Moscow' + const std::string moscow = + "\x4D\x6F\x73\x63\x6F\x77"; + Botan::ASN1_String str(moscow); + + Botan::DER_Encoder enc; + + str.encode_into(enc); + auto encodingResult = enc.get_contents(); + + // \x13 - ASN1 tag for 'printable string' + // \x06 - 6 characters of payload + const auto moscowEncoded = Botan::hex_decode("13064D6F73636F77"); + result.test_eq("encoding result", encodingResult, moscowEncoded); + + result.test_success("No crash"); + } + catch(const std::exception &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + +Test::Result test_asn1_utf8_encoding() + { + Test::Result result("ASN.1 UTF-8 encoding"); + + try + { + // UTF-8 encoded russian word for Moscow in cyrilic script + const std::string moscow = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::ASN1_String str(moscow); + + Botan::DER_Encoder enc; + + str.encode_into(enc); + auto encodingResult = enc.get_contents(); + + // \x0C - ASN1 tag for 'UTF8 string' + // \x0C - 12 characters of payload + const auto moscowEncoded = + Botan::hex_decode("0C0CD09CD0BED181D0BAD0B2D0B0"); + result.test_eq("encoding result", encodingResult, moscowEncoded); + + result.test_success("No crash"); + } + catch(const std::exception &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + class ASN1_Tests final : public Test { public: @@ -111,6 +174,8 @@ class ASN1_Tests final : public Test results.push_back(test_ber_stack_recursion()); results.push_back(test_asn1_utf8_ascii_parsing()); results.push_back(test_asn1_utf8_parsing()); + results.push_back(test_asn1_ascii_encoding()); + results.push_back(test_asn1_utf8_encoding()); return results; } From 1e7da7016ce09dc68b1fa090223b95cd77aa5135 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Wed, 11 Oct 2017 22:58:21 +0200 Subject: [PATCH 0134/1008] add test reading UTF-8 X509 cert --- src/tests/data/x509test/cyrillic.pem | 24 +++++++++++++++++++ src/tests/test_asn1.cpp | 4 ++-- src/tests/unit_x509.cpp | 35 ++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 src/tests/data/x509test/cyrillic.pem diff --git a/src/tests/data/x509test/cyrillic.pem b/src/tests/data/x509test/cyrillic.pem new file mode 100644 index 0000000000..ddcd4b046b --- /dev/null +++ b/src/tests/data/x509test/cyrillic.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9DCCAtwCCQD6cbgDx1XA/jANBgkqhkiG9w0BAQUFADCBuzEkMCIGA1UEAwwb +0J7Qv9C40YHQsNC90LjQtSDRgdCw0LnRgtCwMSEwHwYJKoZIhvcNAQkBFhJ0ZXN0 +QHJhbmRvbWNvcnAucnUxIDAeBgNVBAoMF9Cc0L7RjyDQutC+0LzQv9Cw0L3QuNGP +MSowKAYDVQQLDCHQnNC+0ZEg0L/QvtC00YDQsNC30LTQtdC70LXQvdC40LUxFTAT +BgNVBAcMDNCc0L7RgdC60LLQsDELMAkGA1UEBhMCUlUwHhcNMTcxMDExMjAzNTQ5 +WhcNMTgxMDExMjAzNTQ5WjCBuzEkMCIGA1UEAwwb0J7Qv9C40YHQsNC90LjQtSDR +gdCw0LnRgtCwMSEwHwYJKoZIhvcNAQkBFhJ0ZXN0QHJhbmRvbWNvcnAucnUxIDAe +BgNVBAoMF9Cc0L7RjyDQutC+0LzQv9Cw0L3QuNGPMSowKAYDVQQLDCHQnNC+0ZEg +0L/QvtC00YDQsNC30LTQtdC70LXQvdC40LUxFTATBgNVBAcMDNCc0L7RgdC60LLQ +sDELMAkGA1UEBhMCUlUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL +K3xsfEoH/+mjq3scoZ6TfKvlTugzjOSirenGsSdw6IuxEy6ywEFb9YDSKyvMSDOG +LhbotiKvn3n9WwKYhEMkNhMJDavb4s+CRYPtM4iBhzO3gTuNMqBAjKayykOWWNEq +b6lgRivfo62iCetvp0zoXHVEyomfSUCl11sQ21etwOdnloocyRqKfDHHp2jO5J0g +0HEQx2klxuivDU3lpEHRhH4cE5zUMStOdXaHm5nYnPUYnSrFinGLE01l7/MXsJwX +AOVwBv3ErIh173KuwtyPci8AK16UNQqqvGy9QDEvH3TxMxrl7416K/iqCZg5d0FG +HmsAbrGfT9pUA3IScSphAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAHM8W84yxiIV +o87x6usP+BCQ5T7IIb7NgjnseJUS+dl0gJEyFdLBa4mz5FDdtaYEi3firc3NOJ6l +yA4kEQ49k4I3yaDEjMuc1+qpzThdtC/+cycLCYuoaYxR/kx4/zoLcELsk8rud9Dq +8N6g7q7MR6Nno3to3kHzrka/P0W6X8jfWmYm2RDTKhBPlcobTvgIyupn6uadWhY8 +Ahte186a2ylV/feFHIBuFr9jLzWKPMQm6MmPv86ZatdfqSNOU/YtKAQyLouoT45b +urVwAyOlYDyiXsTfzTcsOAa9sHHAzofK2E+tZ0gY3s7JT1kEWVG5XoJWx+hKM5Ht +hGah1kV664Y= +-----END CERTIFICATE----- diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index a034a64ce7..eae1d96f8c 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -82,7 +82,7 @@ Test::Result test_asn1_utf8_parsing() { // \x0C - ASN1 tag for 'UTF8 string' // \x0C - 12 characters of payload - // ... - UTF-8 encoded russian word for Moscow in cyrilic script + // ... - UTF-8 encoded russian word for Moscow in cyrillic script const std::string moscow = "\x0C\x0C\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; Botan::DataSource_Memory input(moscow.data()); @@ -138,7 +138,7 @@ Test::Result test_asn1_utf8_encoding() try { - // UTF-8 encoded russian word for Moscow in cyrilic script + // UTF-8 encoded russian word for Moscow in cyrillic script const std::string moscow = "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; Botan::ASN1_String str(moscow); diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index b9aa1709e6..dd16e49883 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -358,6 +358,40 @@ Test::Result test_x509_dates() return result; } +Test::Result test_x509_utf8() + { + Test::Result result("X509 with UTF-8 encoded fields"); + + try + { + Botan::X509_Certificate utf8_cert(Test::data_file("x509test/cyrillic.pem")); + + // UTF-8 encoded fields of test certificate (contains cyrillic letters) + const std::string organization = + "\xD0\x9C\xD0\xBE\xD1\x8F\x20\xD0\xBA\xD0\xBE\xD0" + "\xBC\xD0\xBF\xD0\xB0\xD0\xBD\xD0\xB8\xD1\x8F"; + const std::string organization_unit = + "\xD0\x9C\xD0\xBE\xD1\x91\x20\xD0\xBF\xD0\xBE\xD0\xB4\xD1\x80\xD0\xB0" + "\xD0\xB7\xD0\xB4\xD0\xB5\xD0\xBB\xD0\xB5\xD0\xBD\xD0\xB8\xD0\xB5"; + const std::string common_name = + "\xD0\x9E\xD0\xBF\xD0\xB8\xD1\x81\xD0\xB0\xD0\xBD\xD0\xB8" + "\xD0\xB5\x20\xD1\x81\xD0\xB0\xD0\xB9\xD1\x82\xD0\xB0"; + const std::string location = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + + result.test_eq("O", utf8_cert.issuer_info("O").at(0), organization); + result.test_eq("OU", utf8_cert.issuer_info("OU").at(0), organization_unit); + result.test_eq("CN", utf8_cert.issuer_info("CN").at(0), common_name); + result.test_eq("L", utf8_cert.issuer_info("L").at(0), location); + } + catch (const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash_fn = "SHA-256") { Test::Result result("X509 Unit"); @@ -1135,6 +1169,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_x509_dates()); results.push_back(test_cert_status_strings()); results.push_back(test_hashes("ECDSA")); + results.push_back(test_x509_utf8()); return results; } From 6818b78851c930f2e6747c9a40187bec88720d7b Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Sun, 15 Oct 2017 12:15:30 +0200 Subject: [PATCH 0135/1008] add coding clarifications --- src/lib/asn1/asn1_str.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 43331d414f..e6cb229a6b 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -125,11 +125,15 @@ void ASN1_String::decode_from(BER_Decoder& source) Character_Set charset_is; - if(obj.type_tag == BMP_STRING) + if(obj.type_tag == BMP_STRING) // Basic Multilingual Plane - 2 byte encoding charset_is = UCS2_CHARSET; else if(obj.type_tag == UTF8_STRING) charset_is = UTF8_CHARSET; - else + else // IA5_STRING - international ASCII characters + // T61_STRING - pretty much ASCII + // PRINTABLE_STRING - ASCII subset (a-z, A-Z, ' () +,-.?:/= and SPACE) + // VISIBLE_STRING - visible ASCII subset + // NUMERIC_STRING - ASCII subset (0-9 and SPACE) charset_is = LATIN1_CHARSET; *this = ASN1_String( From 2349f20fdb312a74b2705bf7f0e298be13e3d7a0 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Sat, 28 Oct 2017 18:39:52 +0200 Subject: [PATCH 0136/1008] introduce UNIVERSAL_STRING (UCS-4) --- src/lib/asn1/asn1_obj.h | 1 + src/lib/asn1/asn1_str.cpp | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 63c7dc2e3c..95b84c5c14 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -45,6 +45,7 @@ enum ASN1_Tag { T61_STRING = 0x14, IA5_STRING = 0x16, VISIBLE_STRING = 0x1A, + UNIVERSAL_STRING = 0x1C, BMP_STRING = 0x1E, UTC_TIME = 0x17, diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index e6cb229a6b..4e1d1d78d3 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -73,7 +73,8 @@ ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_utf8_str(str), m_tag != T61_STRING && m_tag != IA5_STRING && m_tag != UTF8_STRING && - m_tag != BMP_STRING) + m_tag != BMP_STRING && + m_tag != UNIVERSAL_STRING) throw Invalid_Argument("ASN1_String: Unknown string type " + std::to_string(m_tag)); } From cb4977cf9396485d8a133aea1802e4bd57988e55 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Sat, 28 Oct 2017 18:40:57 +0200 Subject: [PATCH 0137/1008] add conversion from UCS-2/4 to UTF-8 --- src/lib/asn1/asn1_str.cpp | 53 +++++++++++++++++++++++++++++++-------- src/tests/test_asn1.cpp | 7 ++++-- 2 files changed, 47 insertions(+), 13 deletions(-) diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 4e1d1d78d3..e9cc8ccdce 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -10,6 +10,9 @@ #include #include +#include +#include + namespace Botan { namespace { @@ -58,6 +61,28 @@ ASN1_Tag choose_encoding(const std::string& str, } +template +static std::string ucsX_to_utf8(const std::vector &ucsX) + { + if (ucsX.size() % sizeof(CharT) != 0) + { + throw Invalid_Argument("cannot decode UCS string (wrong byte count)"); + } + + union + { + const byte *as_char; + const CharT *as_wide_char; + }; + + as_char = ucsX.data(); + const size_t wide_char_count = ucsX.size() / sizeof(CharT); + + using converter_t = std::codecvt_utf8; + std::wstring_convert convert; + return convert.to_bytes(as_wide_char, as_wide_char + wide_char_count); + } + /* * Create an ASN1_String */ @@ -124,22 +149,28 @@ void ASN1_String::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); - Character_Set charset_is; - - if(obj.type_tag == BMP_STRING) // Basic Multilingual Plane - 2 byte encoding - charset_is = UCS2_CHARSET; - else if(obj.type_tag == UTF8_STRING) - charset_is = UTF8_CHARSET; + if(obj.type_tag == UTF8_STRING) + { + *this = ASN1_String(ASN1::to_string(obj), obj.type_tag); + } + else if(obj.type_tag == BMP_STRING) + { + *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); + } + else if(obj.type_tag == UNIVERSAL_STRING) + { + *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); + } else // IA5_STRING - international ASCII characters // T61_STRING - pretty much ASCII // PRINTABLE_STRING - ASCII subset (a-z, A-Z, ' () +,-.?:/= and SPACE) // VISIBLE_STRING - visible ASCII subset // NUMERIC_STRING - ASCII subset (0-9 and SPACE) - charset_is = LATIN1_CHARSET; - - *this = ASN1_String( - Charset::transcode(ASN1::to_string(obj), UTF8_CHARSET, charset_is), - obj.type_tag); + { + *this = ASN1_String( + Charset::transcode(ASN1::to_string(obj), UTF8_CHARSET, LATIN1_CHARSET), + obj.type_tag); + } } } diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index eae1d96f8c..f28093e4b4 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -58,13 +58,14 @@ Test::Result test_asn1_utf8_ascii_parsing() // ... - UTF-8 encoded (ASCII chars only) word 'Moscow' const std::string moscow = "\x13\x06\x4D\x6F\x73\x63\x6F\x77"; + const std::string moscow_plain = "Moscow"; Botan::DataSource_Memory input(moscow.data()); Botan::BER_Decoder dec(input); Botan::ASN1_String str; str.decode_from(dec); - result.test_success("No crash"); + result.test_eq("value()", str.value(), moscow_plain); } catch(const Botan::Decoding_Error &ex) { @@ -85,13 +86,15 @@ Test::Result test_asn1_utf8_parsing() // ... - UTF-8 encoded russian word for Moscow in cyrillic script const std::string moscow = "\x0C\x0C\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + const std::string moscow_plain = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; Botan::DataSource_Memory input(moscow.data()); Botan::BER_Decoder dec(input); Botan::ASN1_String str; str.decode_from(dec); - result.test_success("No crash"); + result.test_eq("value()", str.value(), moscow_plain); } catch(const Botan::Decoding_Error &ex) { From 8fd2f50752e86c7d095bfed1cddb2dedcc01b909 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Sat, 28 Oct 2017 18:42:32 +0200 Subject: [PATCH 0138/1008] add tests for UCS-2/4 parsing --- src/tests/test_asn1.cpp | 65 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index f28093e4b4..8ec6c649d8 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -167,6 +167,69 @@ Test::Result test_asn1_utf8_encoding() return result; } +Test::Result test_asn1_ascii_encoding() + { + Test::Result result("ASN.1 ASCII encoding"); + + try + { + // UTF-8 encoded (ASCII chars only) word 'Moscow' + const std::string moscow = + "\x4D\x6F\x73\x63\x6F\x77"; + Botan::ASN1_String str(moscow); + + Botan::DER_Encoder enc; + + str.encode_into(enc); + auto encodingResult = enc.get_contents(); + + // \x13 - ASN1 tag for 'printable string' + // \x06 - 6 characters of payload + const auto moscowEncoded = Botan::hex_decode("13064D6F73636F77"); + result.test_eq("encoding result", encodingResult, moscowEncoded); + + result.test_success("No crash"); + } + catch(const std::exception &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + +Test::Result test_asn1_utf8_encoding() + { + Test::Result result("ASN.1 UTF-8 encoding"); + + try + { + // UTF-8 encoded russian word for Moscow in cyrillic script + const std::string moscow = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::ASN1_String str(moscow); + + Botan::DER_Encoder enc; + + str.encode_into(enc); + auto encodingResult = enc.get_contents(); + + // \x0C - ASN1 tag for 'UTF8 string' + // \x0C - 12 characters of payload + const auto moscowEncoded = + Botan::hex_decode("0C0CD09CD0BED181D0BAD0B2D0B0"); + result.test_eq("encoding result", encodingResult, moscowEncoded); + + result.test_success("No crash"); + } + catch(const std::exception &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + class ASN1_Tests final : public Test { public: @@ -177,6 +240,8 @@ class ASN1_Tests final : public Test results.push_back(test_ber_stack_recursion()); results.push_back(test_asn1_utf8_ascii_parsing()); results.push_back(test_asn1_utf8_parsing()); + results.push_back(test_asn1_ucs2_parsing()); + results.push_back(test_asn1_ucs4_parsing()); results.push_back(test_asn1_ascii_encoding()); results.push_back(test_asn1_utf8_encoding()); From 19a38c8c60821c6f76c84d57d302388a1711d7bb Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Sat, 28 Oct 2017 18:46:48 +0200 Subject: [PATCH 0139/1008] FIX: coding style --- src/tests/test_asn1.cpp | 186 ++++++++++++++++++++-------------------- 1 file changed, 92 insertions(+), 94 deletions(-) diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index 8ec6c649d8..674d9d34be 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -49,122 +49,120 @@ Test::Result test_ber_stack_recursion() Test::Result test_asn1_utf8_ascii_parsing() { - Test::Result result("ASN.1 ASCII parsing"); + Test::Result result("ASN.1 ASCII parsing"); - try - { - // \x13 - ASN1 tag for 'printable string' - // \x06 - 6 characters of payload - // ... - UTF-8 encoded (ASCII chars only) word 'Moscow' - const std::string moscow = - "\x13\x06\x4D\x6F\x73\x63\x6F\x77"; - const std::string moscow_plain = "Moscow"; - Botan::DataSource_Memory input(moscow.data()); - Botan::BER_Decoder dec(input); - - Botan::ASN1_String str; - str.decode_from(dec); - - result.test_eq("value()", str.value(), moscow_plain); - } - catch(const Botan::Decoding_Error &ex) - { - result.test_failure(ex.what()); - } + try + { + // \x13 - ASN1 tag for 'printable string' + // \x06 - 6 characters of payload + // ... - UTF-8 encoded (ASCII chars only) word 'Moscow' + const std::string moscow = + "\x13\x06\x4D\x6F\x73\x63\x6F\x77"; + const std::string moscow_plain = "Moscow"; + Botan::DataSource_Memory input(moscow.data()); + Botan::BER_Decoder dec(input); + + Botan::ASN1_String str; + str.decode_from(dec); + + result.test_eq("value()", str.value(), moscow_plain); + } + catch(const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } - return result; + return result; } Test::Result test_asn1_utf8_parsing() { - Test::Result result("ASN.1 UTF-8 parsing"); + Test::Result result("ASN.1 UTF-8 parsing"); - try - { - // \x0C - ASN1 tag for 'UTF8 string' - // \x0C - 12 characters of payload - // ... - UTF-8 encoded russian word for Moscow in cyrillic script - const std::string moscow = - "\x0C\x0C\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; - const std::string moscow_plain = - "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; - Botan::DataSource_Memory input(moscow.data()); - Botan::BER_Decoder dec(input); - - Botan::ASN1_String str; - str.decode_from(dec); - - result.test_eq("value()", str.value(), moscow_plain); - } - catch(const Botan::Decoding_Error &ex) - { - result.test_failure(ex.what()); - } + try + { + // \x0C - ASN1 tag for 'UTF8 string' + // \x0C - 12 characters of payload + // ... - UTF-8 encoded russian word for Moscow in cyrillic script + const std::string moscow = + "\x0C\x0C\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + const std::string moscow_plain = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::DataSource_Memory input(moscow.data()); + Botan::BER_Decoder dec(input); - return result; - } + Botan::ASN1_String str; + str.decode_from(dec); -Test::Result test_asn1_ascii_encoding() - { - Test::Result result("ASN.1 ASCII encoding"); + result.test_eq("value()", str.value(), moscow_plain); + } + catch(const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } - try - { - // UTF-8 encoded (ASCII chars only) word 'Moscow' - const std::string moscow = - "\x4D\x6F\x73\x63\x6F\x77"; - Botan::ASN1_String str(moscow); + return result; + } - Botan::DER_Encoder enc; +Test::Result test_asn1_ucs2_parsing() + { + Test::Result result("ASN.1 BMP string (UCS-2) parsing"); - str.encode_into(enc); - auto encodingResult = enc.get_contents(); + try + { + // \x1E - ASN1 tag for 'BMP (UCS-2) string' + // \x0E - 14 characters of payload (includes BOM) + // \xFF\xFE - Byte Order Mark (BOM) + // ... - UCS-2 encoding for Moscow in cyrillic script + const std::string moscow = + "\x1E\x0E\xFF\xFE\x1C\x04\x3E\x04" + "\x41\x04\x3A\x04\x32\x04\x30\x04"; + const std::string moscow_plain = // with BOM (EF BB BF) + "\xEF\xBB\xBF\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::DataSource_Memory input(moscow.data()); + Botan::BER_Decoder dec(input); - // \x13 - ASN1 tag for 'printable string' - // \x06 - 6 characters of payload - const auto moscowEncoded = Botan::hex_decode("13064D6F73636F77"); - result.test_eq("encoding result", encodingResult, moscowEncoded); + Botan::ASN1_String str; + str.decode_from(dec); - result.test_success("No crash"); - } - catch(const std::exception &ex) - { - result.test_failure(ex.what()); - } + result.test_eq("value()", str.value(), moscow_plain); + } + catch(const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } - return result; + return result; } -Test::Result test_asn1_utf8_encoding() +Test::Result test_asn1_ucs4_parsing() { - Test::Result result("ASN.1 UTF-8 encoding"); - - try - { - // UTF-8 encoded russian word for Moscow in cyrillic script - const std::string moscow = - "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; - Botan::ASN1_String str(moscow); + Test::Result result("ASN.1 universal string (UTF-32 LE) parsing"); - Botan::DER_Encoder enc; - - str.encode_into(enc); - auto encodingResult = enc.get_contents(); + try + { + // \x1C - ASN1 tag for 'universal string' + // \x1C - 28 characters of payload (with BOM - FF FE 00 00) + // ... - UTF-32 LE encoding for Moscow in cyrillic script + const Botan::byte moscow[] = + "\x1C\x1C\xFF\xFE\x00\x00\x1C\x04\x00\x00\x3E\x04\x00\x00\x41" + "\x04\x00\x00\x3A\x04\x00\x00\x32\x04\x00\x00\x30\x04\x00\x00"; + const std::string moscow_plain = // with BOM (EF BB BF) + "\xEF\xBB\xBF\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::DataSource_Memory input(moscow, sizeof(moscow)); + Botan::BER_Decoder dec(input); - // \x0C - ASN1 tag for 'UTF8 string' - // \x0C - 12 characters of payload - const auto moscowEncoded = - Botan::hex_decode("0C0CD09CD0BED181D0BAD0B2D0B0"); - result.test_eq("encoding result", encodingResult, moscowEncoded); + Botan::ASN1_String str; + str.decode_from(dec); - result.test_success("No crash"); - } - catch(const std::exception &ex) - { - result.test_failure(ex.what()); - } + result.test_eq("value()", str.value(), moscow_plain); + } + catch(const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } - return result; + return result; } Test::Result test_asn1_ascii_encoding() From a27772c069f511e4277bde84349fb24a93f39d53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Wed, 8 Nov 2017 11:01:18 +0100 Subject: [PATCH 0140/1008] FIX: test method namespacing --- src/tests/test_asn1.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index 674d9d34be..0c1b6ce5e5 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -45,8 +45,6 @@ Test::Result test_ber_stack_recursion() return result; } -} - Test::Result test_asn1_utf8_ascii_parsing() { Test::Result result("ASN.1 ASCII parsing"); @@ -228,6 +226,8 @@ Test::Result test_asn1_utf8_encoding() return result; } +} + class ASN1_Tests final : public Test { public: From 54baf3a3d3ee070e3740859298f92d69b042c9c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Wed, 8 Nov 2017 11:20:09 +0100 Subject: [PATCH 0141/1008] FIX: linker error on windows (VSO#143857) --- src/lib/asn1/asn1_str.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index e9cc8ccdce..070acbebd4 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -149,17 +149,29 @@ void ASN1_String::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); +#if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) + // using char32_t and char16_t (as suggested by the standard) leads to linker + // errors on MSVC 2015 and 2017. This workaround was suggested here: + // https://social.msdn.microsoft.com/Forums/vstudio/en-US/ + // 8f40dcd8-c67f-4eba-9134-a19b9178e481/vs-2015-rc-linker-stdcodecvt-error + using utf32_type = int32_t; + using utf16_type = wchar_t; +#else + using utf32_type = char32_t; + using utf16_type = char16_t; +#endif + if(obj.type_tag == UTF8_STRING) { *this = ASN1_String(ASN1::to_string(obj), obj.type_tag); } else if(obj.type_tag == BMP_STRING) { - *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); + *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); } else if(obj.type_tag == UNIVERSAL_STRING) { - *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); + *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); } else // IA5_STRING - international ASCII characters // T61_STRING - pretty much ASCII From b08f26d3658db3213d98932cbc6dd3e6efdc8b85 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 9 Nov 2017 16:43:57 -0500 Subject: [PATCH 0142/1008] Remove use of transcode --- src/cli/asn1.cpp | 15 +--- src/lib/asn1/asn1_alt_name.cpp | 13 +-- src/lib/asn1/asn1_str.cpp | 132 +++++++++++-------------------- src/lib/asn1/asn1_str.h | 16 ++-- src/lib/asn1/asn1_time.cpp | 11 +-- src/lib/asn1/info.txt | 2 +- src/lib/utils/charset.cpp | 58 +++++++------- src/lib/utils/charset.h | 44 +++++++---- src/lib/x509/name_constraint.cpp | 3 +- src/lib/x509/x509_ext.cpp | 7 +- src/tests/test_utils.cpp | 35 ++++---- 11 files changed, 140 insertions(+), 196 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 5c90a3c5b4..234cbd6e6f 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -22,9 +22,6 @@ #include #include -// Set this if your terminal understands UTF-8; otherwise output is in Latin-1 -#define UTF8_TERMINAL 1 - namespace Botan_CLI { namespace { @@ -349,17 +346,7 @@ void decode(std::ostream& output, { Botan::ASN1_String str; data.decode(str); - if(UTF8_TERMINAL) - { - emit(output, type_name(type_tag), level, length, - Botan::Charset::transcode(str.iso_8859(), - Botan::UTF8_CHARSET, - Botan::LATIN1_CHARSET)); - } - else - { - emit(output, type_name(type_tag), level, length, str.iso_8859()); - } + emit(output, type_name(type_tag), level, length, str.value()); } else if(type_tag == Botan::UTC_TIME || type_tag == Botan::GENERALIZED_TIME) { diff --git a/src/lib/asn1/asn1_alt_name.cpp b/src/lib/asn1/asn1_alt_name.cpp index 7bd4cd4940..9403128867 100644 --- a/src/lib/asn1/asn1_alt_name.cpp +++ b/src/lib/asn1/asn1_alt_name.cpp @@ -11,7 +11,6 @@ #include #include #include -#include #include #include @@ -133,7 +132,7 @@ void encode_entries(DER_Encoder& encoder, if(type == "RFC822" || type == "DNS" || type == "URI") { ASN1_String asn1_string(i->second, IA5_STRING); - encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859()); + encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.value()); } else if(type == "IP") { @@ -218,13 +217,9 @@ void AlternativeName::decode_from(BER_Decoder& source) } else if(tag == 1 || tag == 2 || tag == 6) { - const std::string value = Charset::transcode(ASN1::to_string(obj), - LATIN1_CHARSET, - LOCAL_CHARSET); - - if(tag == 1) add_attribute("RFC822", value); - if(tag == 2) add_attribute("DNS", value); - if(tag == 6) add_attribute("URI", value); + if(tag == 1) add_attribute("RFC822", ASN1::to_string(obj)); + if(tag == 2) add_attribute("DNS", ASN1::to_string(obj)); + if(tag == 6) add_attribute("URI", ASN1::to_string(obj)); } else if(tag == 7) { diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 070acbebd4..d90aa215be 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -10,9 +10,6 @@ #include #include -#include -#include - namespace Botan { namespace { @@ -20,8 +17,7 @@ namespace { /* * Choose an encoding for the string */ -ASN1_Tag choose_encoding(const std::string& str, - const std::string& type) +ASN1_Tag choose_encoding(const std::string& str) { static const uint8_t IS_PRINTABLE[256] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -51,63 +47,49 @@ ASN1_Tag choose_encoding(const std::string& str, { if(!IS_PRINTABLE[static_cast(str[i])]) { - if(type == "utf8") return UTF8_STRING; - if(type == "latin1") return T61_STRING; - throw Invalid_Argument("choose_encoding: Bad string type " + type); + return UTF8_STRING; } } return PRINTABLE_STRING; } -} - -template -static std::string ucsX_to_utf8(const std::vector &ucsX) +void assert_is_string_type(ASN1_Tag tag) { - if (ucsX.size() % sizeof(CharT) != 0) + if(tag != NUMERIC_STRING && + tag != PRINTABLE_STRING && + tag != VISIBLE_STRING && + tag != T61_STRING && + tag != IA5_STRING && + tag != UTF8_STRING && + tag != BMP_STRING && + tag != UNIVERSAL_STRING) { - throw Invalid_Argument("cannot decode UCS string (wrong byte count)"); + throw Invalid_Argument("ASN1_String: Unknown string type " + + std::to_string(tag)); } - - union - { - const byte *as_char; - const CharT *as_wide_char; - }; - - as_char = ucsX.data(); - const size_t wide_char_count = ucsX.size() / sizeof(CharT); - - using converter_t = std::codecvt_utf8; - std::wstring_convert convert; - return convert.to_bytes(as_wide_char, as_wide_char + wide_char_count); } +} + /* * Create an ASN1_String */ ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : m_utf8_str(str), m_tag(t) { - if(m_tag == DIRECTORY_STRING) - m_tag = choose_encoding(m_utf8_str, "utf8"); - - if(m_tag != NUMERIC_STRING && - m_tag != PRINTABLE_STRING && - m_tag != VISIBLE_STRING && - m_tag != T61_STRING && - m_tag != IA5_STRING && - m_tag != UTF8_STRING && - m_tag != BMP_STRING && - m_tag != UNIVERSAL_STRING) - throw Invalid_Argument("ASN1_String: Unknown string type " + - std::to_string(m_tag)); + { + m_tag = choose_encoding(m_utf8_str); + } + + assert_is_string_type(m_tag); } /* * Create an ASN1_String */ -ASN1_String::ASN1_String(const std::string& str) : m_utf8_str(str), m_tag(choose_encoding(m_utf8_str, "utf8")) +ASN1_String::ASN1_String(const std::string& str) : + m_utf8_str(str), + m_tag(choose_encoding(m_utf8_str)) {} /* @@ -115,23 +97,7 @@ ASN1_String::ASN1_String(const std::string& str) : m_utf8_str(str), m_tag(choose */ std::string ASN1_String::iso_8859() const { - return Charset::transcode(m_utf8_str, LATIN1_CHARSET, UTF8_CHARSET); - } - -/* -* Return this string in UTF-8 encoding -*/ -std::string ASN1_String::value() const - { - return m_utf8_str; - } - -/* -* Return the type of this string object -*/ -ASN1_Tag ASN1_String::tagging() const - { - return m_tag; + return utf8_to_latin1(m_utf8_str); } /* @@ -139,7 +105,15 @@ ASN1_Tag ASN1_String::tagging() const */ void ASN1_String::encode_into(DER_Encoder& encoder) const { - encoder.add_object(tagging(), UNIVERSAL, m_utf8_str); + if(m_data.empty()) + { + encoder.add_object(tagging(), UNIVERSAL, m_utf8_str); + } + else + { + // If this string was decoded, reserialize using original encoding + encoder.add_object(tagging(), UNIVERSAL, m_data.data(), m_data.size()); + } } /* @@ -149,39 +123,23 @@ void ASN1_String::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); -#if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) - // using char32_t and char16_t (as suggested by the standard) leads to linker - // errors on MSVC 2015 and 2017. This workaround was suggested here: - // https://social.msdn.microsoft.com/Forums/vstudio/en-US/ - // 8f40dcd8-c67f-4eba-9134-a19b9178e481/vs-2015-rc-linker-stdcodecvt-error - using utf32_type = int32_t; - using utf16_type = wchar_t; -#else - using utf32_type = char32_t; - using utf16_type = char16_t; -#endif - - if(obj.type_tag == UTF8_STRING) - { - *this = ASN1_String(ASN1::to_string(obj), obj.type_tag); - } - else if(obj.type_tag == BMP_STRING) + assert_is_string_type(obj.type_tag); + + m_tag = obj.type_tag; + m_data.assign(obj.value.begin(), obj.value.end()); + + if(m_tag == BMP_STRING) { - *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); + m_utf8_str = ucs2_to_utf8(m_data.data(), m_data.size()); } - else if(obj.type_tag == UNIVERSAL_STRING) + else if(m_tag == UNIVERSAL_STRING) { - *this = ASN1_String(ucsX_to_utf8(obj.value), obj.type_tag); + m_utf8_str = ucs4_to_utf8(m_data.data(), m_data.size()); } - else // IA5_STRING - international ASCII characters - // T61_STRING - pretty much ASCII - // PRINTABLE_STRING - ASCII subset (a-z, A-Z, ' () +,-.?:/= and SPACE) - // VISIBLE_STRING - visible ASCII subset - // NUMERIC_STRING - ASCII subset (0-9 and SPACE) + else { - *this = ASN1_String( - Charset::transcode(ASN1::to_string(obj), UTF8_CHARSET, LATIN1_CHARSET), - obj.type_tag); + // All other supported string types are UTF-8 or some subset thereof + m_utf8_str = ASN1::to_string(obj); } } diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index 3ad82582e1..f19265494a 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -13,7 +13,8 @@ namespace Botan { /** -* Simple String +* ASN.1 string type +* This class normalizes all inputs to a UTF-8 std::string */ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object { @@ -21,14 +22,17 @@ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object void encode_into(class DER_Encoder&) const override; void decode_from(class BER_Decoder&) override; - std::string value() const; - std::string iso_8859() const; + ASN1_Tag tagging() const { return m_tag; } + + const std::string& value() const { return m_utf8_str; } - ASN1_Tag tagging() const; + std::string BOTAN_DEPRECATED("Use value() to get UTF-8 string instead") + iso_8859() const; - explicit ASN1_String(const std::string& = ""); - ASN1_String(const std::string&, ASN1_Tag); + explicit ASN1_String(const std::string& utf8 = ""); + ASN1_String(const std::string& utf8, ASN1_Tag tag); private: + std::vector m_data; std::string m_utf8_str; ASN1_Tag m_tag; }; diff --git a/src/lib/asn1/asn1_time.cpp b/src/lib/asn1/asn1_time.cpp index 2cd2259158..f6a0c414e8 100644 --- a/src/lib/asn1/asn1_time.cpp +++ b/src/lib/asn1/asn1_time.cpp @@ -8,7 +8,6 @@ #include #include #include -#include #include #include #include @@ -41,20 +40,14 @@ void X509_Time::encode_into(DER_Encoder& der) const if(m_tag != GENERALIZED_TIME && m_tag != UTC_TIME) throw Invalid_Argument("X509_Time: Bad encoding tag"); - der.add_object(m_tag, UNIVERSAL, - Charset::transcode(to_string(), - LOCAL_CHARSET, - LATIN1_CHARSET)); + der.add_object(m_tag, UNIVERSAL, to_string()); } void X509_Time::decode_from(BER_Decoder& source) { BER_Object ber_time = source.get_next_object(); - set_to(Charset::transcode(ASN1::to_string(ber_time), - LATIN1_CHARSET, - LOCAL_CHARSET), - ber_time.type_tag); + set_to(ASN1::to_string(ber_time), ber_time.type_tag); } std::string X509_Time::to_string() const diff --git a/src/lib/asn1/info.txt b/src/lib/asn1/info.txt index 4b3689f453..4772e1ca70 100644 --- a/src/lib/asn1/info.txt +++ b/src/lib/asn1/info.txt @@ -1,5 +1,5 @@ -ASN1 -> 20161102 +ASN1 -> 20171109 diff --git a/src/lib/utils/charset.cpp b/src/lib/utils/charset.cpp index dadee8f78c..ca32c652db 100644 --- a/src/lib/utils/charset.cpp +++ b/src/lib/utils/charset.cpp @@ -92,34 +92,6 @@ std::string ucs4_to_utf8(const uint8_t ucs4[], size_t len) return s; } -namespace Charset { - -namespace { - -/* -* Convert from UCS-2 to ISO 8859-1 -*/ -std::string ucs2_to_latin1(const std::string& ucs2) - { - if(ucs2.size() % 2 == 1) - throw Decoding_Error("UCS-2 string has an odd number of bytes"); - - std::string latin1; - - for(size_t i = 0; i != ucs2.size(); i += 2) - { - const uint8_t c1 = ucs2[i]; - const uint8_t c2 = ucs2[i+1]; - - if(c1 != 0) - throw Decoding_Error("UCS-2 has non-Latin1 characters"); - - latin1 += static_cast(c2); - } - - return latin1; - } - /* * Convert from UTF-8 to ISO 8859-1 */ @@ -133,7 +105,9 @@ std::string utf8_to_latin1(const std::string& utf8) const uint8_t c1 = static_cast(utf8[position++]); if(c1 <= 0x7F) + { iso8859 += static_cast(c1); + } else if(c1 >= 0xC0 && c1 <= 0xC7) { if(position == utf8.size()) @@ -154,6 +128,34 @@ std::string utf8_to_latin1(const std::string& utf8) return iso8859; } +namespace Charset { + +namespace { + +/* +* Convert from UCS-2 to ISO 8859-1 +*/ +std::string ucs2_to_latin1(const std::string& ucs2) + { + if(ucs2.size() % 2 == 1) + throw Decoding_Error("UCS-2 string has an odd number of bytes"); + + std::string latin1; + + for(size_t i = 0; i != ucs2.size(); i += 2) + { + const uint8_t c1 = ucs2[i]; + const uint8_t c2 = ucs2[i+1]; + + if(c1 != 0) + throw Decoding_Error("UCS-2 has non-Latin1 characters"); + + latin1 += static_cast(c2); + } + + return latin1; + } + /* * Convert from ISO 8859-1 to UTF-8 */ diff --git a/src/lib/utils/charset.h b/src/lib/utils/charset.h index 3f2ff99129..4913f0a5aa 100644 --- a/src/lib/utils/charset.h +++ b/src/lib/utils/charset.h @@ -13,16 +13,6 @@ namespace Botan { -/** -* The different charsets (nominally) supported by Botan. -*/ -enum Character_Set { - LOCAL_CHARSET, - UCS2_CHARSET, - UTF8_CHARSET, - LATIN1_CHARSET -}; - /** * Convert a sequence of UCS-2 (big endian) characters to a UTF-8 string * This is used for ASN.1 BMPString type @@ -39,15 +29,41 @@ std::string BOTAN_UNSTABLE_API ucs2_to_utf8(const uint8_t ucs2[], size_t len); */ std::string BOTAN_UNSTABLE_API ucs4_to_utf8(const uint8_t ucs4[], size_t len); +/** +* Convert a UTF-8 string to Latin-1 +* If a character outside the Latin-1 range is encountered, an exception is thrown. +*/ +std::string BOTAN_UNSTABLE_API utf8_to_latin1(const std::string& utf8); + +/** +* The different charsets (nominally) supported by Botan. +*/ +enum Character_Set { + LOCAL_CHARSET, + UCS2_CHARSET, + UTF8_CHARSET, + LATIN1_CHARSET +}; + namespace Charset { /* -* Character Set Handling +* Character set conversion - avoid this. +* For specific conversions, use the functions above like +* ucs2_to_utf8 and utf8_to_latin1 +* +* If you need something more complex than that, use a real library +* such as iconv, Boost.Locale, or ICU */ -std::string BOTAN_PUBLIC_API(2,0) transcode(const std::string& str, - Character_Set to, - Character_Set from); +std::string BOTAN_PUBLIC_API(2,0) + BOTAN_DEPRECATED("Avoid. See comment in header.") + transcode(const std::string& str, + Character_Set to, + Character_Set from); +/* +* Simple character classifier functions +*/ bool BOTAN_PUBLIC_API(2,0) is_digit(char c); bool BOTAN_PUBLIC_API(2,0) is_space(char c); bool BOTAN_PUBLIC_API(2,0) caseless_cmp(char x, char y); diff --git a/src/lib/x509/name_constraint.cpp b/src/lib/x509/name_constraint.cpp index e27dca9ec9..e098bcd8d6 100644 --- a/src/lib/x509/name_constraint.cpp +++ b/src/lib/x509/name_constraint.cpp @@ -7,7 +7,6 @@ #include #include -#include #include #include #include @@ -49,7 +48,7 @@ void GeneralName::decode_from(class BER_Decoder& ber) if(tag == 1 || tag == 2 || tag == 6) { - m_name = Charset::transcode(ASN1::to_string(obj), LATIN1_CHARSET, LOCAL_CHARSET); + m_name = ASN1::to_string(obj); if(tag == 1) { diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 3141d3c44d..6e4c29d426 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include @@ -735,7 +734,7 @@ std::vector Authority_Information_Access::encode_inner() const .start_cons(SEQUENCE) .start_cons(SEQUENCE) .encode(OIDS::lookup("PKIX.OCSP")) - .add_object(ASN1_Tag(6), CONTEXT_SPECIFIC, url.iso_8859()) + .add_object(ASN1_Tag(6), CONTEXT_SPECIFIC, url.value()) .end_cons() .end_cons().get_contents_unlocked(); } @@ -758,9 +757,7 @@ void Authority_Information_Access::decode_inner(const std::vector& in) if(name.type_tag == 6 && name.class_tag == CONTEXT_SPECIFIC) { - m_ocsp_responder = Charset::transcode(ASN1::to_string(name), - LATIN1_CHARSET, - LOCAL_CHARSET); + m_ocsp_responder = ASN1::to_string(name); } } diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index da2d25d5ec..d102a3e468 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -6,6 +6,8 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#define BOTAN_NO_DEPRECATED_WARNINGS + #include "tests.h" #include #include @@ -421,17 +423,15 @@ class Charset_Tests final : public Text_Based_Test { converted = Botan::ucs4_to_utf8(in.data(), in.size()); } - else if(type == "UTF16-LATIN1") + else if(type == "UTF8-LATIN1") { - converted = Botan::Charset::transcode(in_str, - Botan::Character_Set::LATIN1_CHARSET, - Botan::Character_Set::UCS2_CHARSET); + converted = Botan::utf8_to_latin1(in_str); } - else if(type == "UTF8-LATIN1") + else if(type == "UTF16-LATIN1") { converted = Botan::Charset::transcode(in_str, Botan::Character_Set::LATIN1_CHARSET, - Botan::Character_Set::UTF8_CHARSET); + Botan::Character_Set::UCS2_CHARSET); } else if(type == "LATIN1-UTF8") { @@ -484,32 +484,25 @@ class Charset_Tests final : public Text_Based_Test result.test_throws("conversion fails for non-Latin1 characters", []() { // "abcdefŸabcdef" - std::vector input = { 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC5, - 0xB8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 - }; + const std::vector input = { + 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC5, + 0xB8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; - Botan::Charset::transcode(std::string(input.begin(), input.end()), - Botan::Character_Set::LATIN1_CHARSET, - Botan::Character_Set::UTF8_CHARSET); + Botan::utf8_to_latin1(std::string(input.begin(), input.end())); }); result.test_throws("invalid utf-8 string", []() { // sequence truncated - std::vector input = { 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC5 }; - - Botan::Charset::transcode(std::string(input.begin(), input.end()), - Botan::Character_Set::LATIN1_CHARSET, - Botan::Character_Set::UTF8_CHARSET); + const std::vector input = { 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC5 }; + Botan::utf8_to_latin1(std::string(input.begin(), input.end())); }); result.test_throws("invalid utf-8 string", []() { std::vector input = { 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0xC8, 0xB8, 0x61 }; - - Botan::Charset::transcode(std::string(input.begin(), input.end()), - Botan::Character_Set::LATIN1_CHARSET, - Botan::Character_Set::UTF8_CHARSET); + Botan::utf8_to_latin1(std::string(input.begin(), input.end())); }); return result; From 1f093d2e26d46c98234a1d633e950f02e6614bb9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 9 Nov 2017 16:56:04 -0500 Subject: [PATCH 0143/1008] Switch test code to use big-endian UCS2/UCS4 Specifications are somewhat unclear but as best I can tell only big-endian codepoints are allowed and that follows OpenSSL and GnuTLS behavior. --- src/tests/test_asn1.cpp | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index 0c1b6ce5e5..c99fa41d9d 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -109,14 +109,13 @@ Test::Result test_asn1_ucs2_parsing() try { // \x1E - ASN1 tag for 'BMP (UCS-2) string' - // \x0E - 14 characters of payload (includes BOM) - // \xFF\xFE - Byte Order Mark (BOM) + // \x0C - 12 characters of payload // ... - UCS-2 encoding for Moscow in cyrillic script const std::string moscow = - "\x1E\x0E\xFF\xFE\x1C\x04\x3E\x04" - "\x41\x04\x3A\x04\x32\x04\x30\x04"; - const std::string moscow_plain = // with BOM (EF BB BF) - "\xEF\xBB\xBF\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + "\x1E\x0C\x04\x1C\x04\x3E\x04\x41\x04\x3A\x04\x32\x04\x30"; + const std::string moscow_plain = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + Botan::DataSource_Memory input(moscow.data()); Botan::BER_Decoder dec(input); @@ -135,18 +134,17 @@ Test::Result test_asn1_ucs2_parsing() Test::Result test_asn1_ucs4_parsing() { - Test::Result result("ASN.1 universal string (UTF-32 LE) parsing"); + Test::Result result("ASN.1 universal string (UCS-4) parsing"); try { // \x1C - ASN1 tag for 'universal string' - // \x1C - 28 characters of payload (with BOM - FF FE 00 00) - // ... - UTF-32 LE encoding for Moscow in cyrillic script + // \x18 - 24 characters of payload + // ... - UCS-4 encoding for Moscow in cyrillic script const Botan::byte moscow[] = - "\x1C\x1C\xFF\xFE\x00\x00\x1C\x04\x00\x00\x3E\x04\x00\x00\x41" - "\x04\x00\x00\x3A\x04\x00\x00\x32\x04\x00\x00\x30\x04\x00\x00"; - const std::string moscow_plain = // with BOM (EF BB BF) - "\xEF\xBB\xBF\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; + "\x1C\x18\x00\x00\x04\x1C\x00\x00\x04\x3E\x00\x00\x04\x41\x00\x00\x04\x3A\x00\x00\x04\x32\x00\x00\x04\x30"; + const std::string moscow_plain = + "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; Botan::DataSource_Memory input(moscow, sizeof(moscow)); Botan::BER_Decoder dec(input); From 6030502da52089b255bfcd95856e432d9db9a1e7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 9 Nov 2017 17:05:50 -0500 Subject: [PATCH 0144/1008] Remove obsolete doc See also GH #1113 --- doc/manual/x509.rst | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index 72a7b32b74..1fb6d90f5c 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -79,19 +79,6 @@ associated with a position of some sort in the organization. It may also include fields for state/province and locality. What a locality is, nobody knows, but it's usually given as a city name. -Botan doesn't currently support any of the Unicode variants used in -ASN.1 (UTF-8, UCS-2, and UCS-4), any of which could be used for the -fields in the DN. This could be problematic, particularly in Asia and -other areas where non-ASCII characters are needed for most names. The -UTF-8 and UCS-2 string types *are* accepted (in fact, UTF-8 is used -when encoding much of the time), but if any of the characters included -in the string are not in ISO 8859-1 (ie 0 ... 255), an exception will -get thrown. Currently the ``ASN1_String`` type holds its data as ISO -8859-1 internally (regardless of local character set); this would have -to be changed to hold UCS-2 or UCS-4 in order to support Unicode -(also, many interfaces in the X.509 code would have to accept or -return a ``std::wstring`` instead of a ``std::string``). - Like the distinguished names, subject alternative names can contain a lot of things that Botan will flat out ignore (most of which you would likely never want to use). However, there are three very useful pieces of information that From c8dda8ace59fc67704833d32d5fa97b073829726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Fri, 10 Nov 2017 10:02:31 +0100 Subject: [PATCH 0145/1008] TEST: read (self signed) cert containing BMPString fields --- .../data/x509test/contains_bmpstring.pem | 22 ++++++++++++++ src/tests/unit_x509.cpp | 30 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 src/tests/data/x509test/contains_bmpstring.pem diff --git a/src/tests/data/x509test/contains_bmpstring.pem b/src/tests/data/x509test/contains_bmpstring.pem new file mode 100644 index 0000000000..c204c4296d --- /dev/null +++ b/src/tests/data/x509test/contains_bmpstring.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDmDCCAoACCQCJ7TVHW6qlLDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMC +REUxDzANBgNVBAcTBkJlcmxpbjEXMBUGA1UECh4OAG4AZQPHA/UAbgBpA8kxCzAJ +BgNVBAsTAkRDMR8wHQYDVQQDHhYA6ABuAd0ELwAgBBwB3QQ5BDcETQQ7MSYwJAYJ +KoZIhvcNAQkBFhdyZW5lLm1ldXNlbEBuZXhlbmlvLmNvbTAeFw0xNzExMTAwODQ5 +MzFaFw0xODExMTAwODQ5MzFaMIGNMQswCQYDVQQGEwJERTEPMA0GA1UEBxMGQmVy +bGluMRcwFQYDVQQKHg4AbgBlA8cD9QBuAGkDyTELMAkGA1UECxMCREMxHzAdBgNV +BAMeFgDoAG4B3QQvACAEHAHdBDkENwRNBDsxJjAkBgkqhkiG9w0BCQEWF3JlbmUu +bWV1c2VsQG5leGVuaW8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvykcZZN3B+pWCi4eNnVv4jITDendIJhfjELocgALmgCJer5XH0gdChJMqHre +bnhpBHEdgivMvVGN2BDCkz5+4WshqwZ8lSXIMlHXaaIy7CulhJUnj2lTsa75jr2F +BmxUF+NwQMrBOOIs2IFlfqeEnlXgRD3pBv9erZI5ng3ciTgXMCbg21t1E56706cD +sLKv2OWXZrz+KLIaNvNV5pNW1wLup3sCKhtFRaH721crp2KROvAGkb0R6oNannKm +DQieQ1g4AR94ihCc1SjaoMydzrFhmyArgsusnkbrl6n14kHfSuyUul355ejSOz+V +k0HGQMykh2WDo2MPy06oxw5ZAwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCoE+4W +OLQ3FuTigBYf7Hv0D+qY58XIV0D9YgJYrCHJL7S31NTbCuoYK2NdfcwE1MUUxb28 +nCIR3jgawN1WlHCeiLkhrD6TnMNjvZ34xVqSmkQ5zIJTo909wFhjGjtByP5fAQqt +uja2bJOUOg0GRsbrv1c8zCYnz5+bhRNrZqdxWQzB9c10QiMrReYxFY4wPwIVK9y5 +6eYA4dkkhiRV+KAtyPQokn9N5kUM4VjlyYS3IB3DzXlB3Z6mlHP7t/G5Su1Nmkxu +NhqtL0Vg+oo6DDuzsI+1WZO9saPJnUPSNwu3BDIu56gWHlHw6dZksVK0J7eF5n8d +rPULI83gQXKxuD+C +-----END CERTIFICATE----- diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index dd16e49883..e12f7773e9 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -392,6 +392,35 @@ Test::Result test_x509_utf8() return result; } +Test::Result test_x509_bmpstring() + { + Test::Result result("X509 with UCS-2 (BMPString) encoded fields"); + + try + { + Botan::X509_Certificate ucs2_cert(Test::data_file("x509test/contains_bmpstring.pem")); + + // UTF-8 encoded fields of test certificate (contains cyrillic and greek letters) + const std::string organization = + "\x6E\x65\xCF\x87\xCF\xB5\x6E\x69\xCF\x89"; + const std::string common_name = + "\xC3\xA8\x6E\xC7\x9D\xD0\xAF\x20\xD0\x9C\xC7\x9D\xD0\xB9\xD0\xB7\xD1\x8D\xD0\xBB"; + + // UTF-8 encoded fields of test certificate (contains only ASCII characters) + const std::string location = "Berlin"; + + result.test_eq("O", ucs2_cert.issuer_info("O").at(0), organization); + result.test_eq("CN", ucs2_cert.issuer_info("CN").at(0), common_name); + result.test_eq("L", ucs2_cert.issuer_info("L").at(0), location); + } + catch (const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash_fn = "SHA-256") { Test::Result result("X509 Unit"); @@ -1170,6 +1199,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_cert_status_strings()); results.push_back(test_hashes("ECDSA")); results.push_back(test_x509_utf8()); + results.push_back(test_x509_bmpstring()); return results; } From ba16efe696d181b0165e57f86cade99934aa788f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Fri, 10 Nov 2017 10:04:05 +0100 Subject: [PATCH 0146/1008] rename cert containing UTF8String consistently --- .../data/x509test/{cyrillic.pem => contains_utf8string.pem} | 0 src/tests/unit_x509.cpp | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename src/tests/data/x509test/{cyrillic.pem => contains_utf8string.pem} (100%) diff --git a/src/tests/data/x509test/cyrillic.pem b/src/tests/data/x509test/contains_utf8string.pem similarity index 100% rename from src/tests/data/x509test/cyrillic.pem rename to src/tests/data/x509test/contains_utf8string.pem diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index e12f7773e9..d635f7fe1b 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -364,7 +364,7 @@ Test::Result test_x509_utf8() try { - Botan::X509_Certificate utf8_cert(Test::data_file("x509test/cyrillic.pem")); + Botan::X509_Certificate utf8_cert(Test::data_file("x509test/contains_utf8string.pem")); // UTF-8 encoded fields of test certificate (contains cyrillic letters) const std::string organization = From 37327235a0f6a2b5f6f4b88480178206cff72e83 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 10 Nov 2017 11:58:11 -0500 Subject: [PATCH 0147/1008] Update news [ci skip] --- news.rst | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/news.rst b/news.rst index 806251ac06..3f103942e9 100644 --- a/news.rst +++ b/news.rst @@ -26,6 +26,13 @@ Version 2.4.0, Not Yet Released key was set before accepting data. Previously attempting to use an unkeyed object would instead result in either a crash or invalid outputs. (GH #1279) +* ASN.1 string objects previously held their contents as ISO 8859-1 codepoints. + However this led to certificates which contained strings outside of this + character set (eg in Cyrillic, Greek, or Chinese) being rejected. Now the + strings are always converted to UTF-8, which allows representing any + character. In addition, UCS-4 strings are now supported. + (GH #1113 #1250 #1287 #1289) + * New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows better optimizations in both cases. Notably performance of CAST-128 @@ -39,6 +46,25 @@ Version 2.4.0, Not Yet Released * Fix a bug in the amalgamation generation which could cause build failures on some systems including macOS. (GH #1264 #1265) +* A particular code sequence in TLS handshake would always (with an ECC + ciphersuite) result in an exception being thrown and then caught. + This has changed so no exception is thrown. (GH #1275) + +* The code for byteswapping has been improved for ARMv7 and for Windows x86-64 + systems using MSVC. (GH #1274) + +* The GMAC class no longer derives from GHASH. This should not cause any + noticeable change for applications. (GH #1253) + +* The base implementation of AES now uses a single 4K table, instead of 4 such + tables. This offers a significant improvement against cache-based side + channels without hurting performance too much. In addition the table is now + guaranteed to be aligned on a cache line, which ensures the additional + countermeasure of reading each cache line works as expected. (GH #1255) + +* In TLS client resumption, avoid sending a OCSP stapling request. This caused + resumption failures with some servers. (GH #1276) + * The overhead of making a call through the FFI layer has been reduced. * The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. @@ -54,6 +80,10 @@ Version 2.4.0, Not Yet Released * Add an OID for RIPEMD-160 +* Fixes for CMake build (GH #1251) + +* Avoid some signed overflow warnings (GH #1220 #1245) + Version 2.3.0, 2017-10-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 39e9a642a826b80fff44d069e90af30318ebb5d5 Mon Sep 17 00:00:00 2001 From: Yuri Date: Sat, 11 Nov 2017 08:10:20 -0800 Subject: [PATCH 0148/1008] Missing include: #include is needed for std::free. --- src/lib/prov/openssl/openssl_rsa.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index e6d58c74d3..f71cf53002 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -18,6 +18,7 @@ #include #include #include +#include #include #include From 473d228381452e4721aa718ee8f5f2627fa28f25 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 11 Nov 2017 12:57:28 -0500 Subject: [PATCH 0149/1008] Deprecate TLS CCM-8 ciphersuites [ci skip] --- doc/deprecated.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/deprecated.txt b/doc/deprecated.txt index 9ad99a69de..291675aef4 100644 --- a/doc/deprecated.txt +++ b/doc/deprecated.txt @@ -23,6 +23,8 @@ in the source. - TLS: static RSA key exchange ciphersuites +- TLS: CCM_8 ciphersuites + - Block ciphers CAST-256, Kasumi, MISTY1, and DESX. - CBC-MAC, X9.19-MAC From fb6398a9ab002d2c21ea1aaeb31d3b8992951904 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 13 Nov 2017 11:43:28 -0500 Subject: [PATCH 0150/1008] Remove final on TLS policy objects (GH #1292) --- news.rst | 7 +++++++ src/lib/tls/tls_policy.h | 8 ++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/news.rst b/news.rst index 3f103942e9..e79f3e4441 100644 --- a/news.rst +++ b/news.rst @@ -78,6 +78,13 @@ Version 2.4.0, Not Yet Released could be used was by manually constructing a ``CTR_BE`` object and setting the second parameter to something in the range of 1 to 3. +* In 2.3.0, final annotations were added to many classes including the TLS + policies (like ``Strict_Policy`` and ``BSI_TR_02102_2``). However it is + reasonable and useful for an application to derive from one of these policies, so + as to create an application specific policy that is based on a library-provided + policy, but with a few tweaks. So the final annotations have been removed on + these classes. (GH #1292) + * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 499ae91ba2..db2cbb3bb4 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -326,7 +326,7 @@ class BOTAN_PUBLIC_API(2,0) Policy /** * NSA Suite B 128-bit security level (RFC 6460) */ -class BOTAN_PUBLIC_API(2,0) NSA_Suite_B_128 final : public Policy +class BOTAN_PUBLIC_API(2,0) NSA_Suite_B_128 : public Policy { public: std::vector allowed_ciphers() const override @@ -362,7 +362,7 @@ class BOTAN_PUBLIC_API(2,0) NSA_Suite_B_128 final : public Policy /** * BSI TR-02102-2 Policy */ -class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 final : public Policy +class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy { public: std::vector allowed_ciphers() const override @@ -423,7 +423,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 final : public Policy /** * Policy for DTLS. We require DTLS v1.2 and an AEAD mode. */ -class BOTAN_PUBLIC_API(2,0) Datagram_Policy final : public Policy +class BOTAN_PUBLIC_API(2,0) Datagram_Policy : public Policy { public: std::vector allowed_macs() const override @@ -443,7 +443,7 @@ class BOTAN_PUBLIC_API(2,0) Datagram_Policy final : public Policy * to use if you control both sides of the protocol and don't have to worry * about ancient and/or bizarre TLS implementations. */ -class BOTAN_PUBLIC_API(2,0) Strict_Policy final : public Policy +class BOTAN_PUBLIC_API(2,0) Strict_Policy : public Policy { public: std::vector allowed_ciphers() const override; From 4f7ef92269a3051c8afc7148566d23c9aa55a069 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 13 Nov 2017 12:41:41 -0500 Subject: [PATCH 0151/1008] Remove duplicated include --- src/lib/prov/openssl/openssl_rsa.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index f71cf53002..6385bcbb3b 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -15,7 +15,6 @@ #include #include -#include #include #include #include From 41c31ca694b54d6cf6302613d2f9a597f6357e33 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 13 Nov 2017 19:48:41 -0500 Subject: [PATCH 0152/1008] Use jom via botan-ci-tools repo download.qt.io seems to be down ... --- src/scripts/ci/setup_appveyor.bat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/scripts/ci/setup_appveyor.bat b/src/scripts/ci/setup_appveyor.bat index e3f081773d..6da5faa4bc 100644 --- a/src/scripts/ci/setup_appveyor.bat +++ b/src/scripts/ci/setup_appveyor.bat @@ -8,5 +8,5 @@ if %MSVS% == 2017 call "%ProgramFiles(x86)%\Microsoft Visual Studio\2017\Communi rem check compiler version cl -appveyor DownloadFile http://download.qt.io/official_releases/jom/jom.zip -FileName jom.zip -7z e jom.zip +git clone --depth 1 https://github.com/randombit/botan-ci-tools +7z e botan-ci-tools/jom_1_1_2.zip From 6979a93a7917dd1f47928921d1afd65075dad076 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 07:40:33 -0500 Subject: [PATCH 0153/1008] Correct issuer field of created CRLs Fixes GH #1242 --- src/lib/x509/x509_ca.cpp | 10 +++++----- src/lib/x509/x509_ca.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 332aed545e..932fdb57cc 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -72,7 +72,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions.replace(new Cert_Extension::Key_Usage(constraints), true); } - extensions.replace(new Cert_Extension::Authority_Key_ID(m_cert.subject_key_id())); + extensions.replace(new Cert_Extension::Authority_Key_ID(m_ca_cert.subject_key_id())); extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.replace( @@ -84,7 +84,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, return make_cert(m_signer.get(), rng, m_ca_sig_algo, req.raw_public_key(), not_before, not_after, - m_cert.subject_dn(), req.subject_dn(), + m_ca_cert.subject_dn(), req.subject_dn(), extensions); } @@ -182,7 +182,7 @@ X509_CRL X509_CA::make_crl(const std::vector& revoked, Extensions extensions; extensions.add( - new Cert_Extension::Authority_Key_ID(m_cert.subject_key_id())); + new Cert_Extension::Authority_Key_ID(m_ca_cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); // clang-format off @@ -191,7 +191,7 @@ X509_CRL X509_CA::make_crl(const std::vector& revoked, DER_Encoder().start_cons(SEQUENCE) .encode(X509_CRL_VERSION-1) .encode(m_ca_sig_algo) - .encode(m_cert.issuer_dn()) + .encode(m_ca_cert.subject_dn()) .encode(X509_Time(current_time)) .encode(X509_Time(expire_time)) .encode_if(revoked.size() > 0, @@ -217,7 +217,7 @@ X509_CRL X509_CA::make_crl(const std::vector& revoked, */ X509_Certificate X509_CA::ca_certificate() const { - return m_cert; + return m_ca_cert; } /* diff --git a/src/lib/x509/x509_ca.h b/src/lib/x509/x509_ca.h index 01c27d4091..7859a20584 100644 --- a/src/lib/x509/x509_ca.h +++ b/src/lib/x509/x509_ca.h @@ -123,7 +123,7 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final RandomNumberGenerator& rng) const; AlgorithmIdentifier m_ca_sig_algo; - X509_Certificate m_cert; + X509_Certificate m_ca_cert; std::unique_ptr m_signer; }; From bf591b86c92b08b2773a252aa27008435cd8609e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:04:48 -0500 Subject: [PATCH 0154/1008] Compile fix --- src/lib/x509/x509_ca.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 932fdb57cc..81536c768b 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -25,9 +25,9 @@ namespace Botan { X509_CA::X509_CA(const X509_Certificate& c, const Private_Key& key, const std::string& hash_fn, - RandomNumberGenerator& rng) : m_cert(c) + RandomNumberGenerator& rng) : m_ca_cert(c) { - if(!m_cert.is_CA_cert()) + if(!m_ca_cert.is_CA_cert()) throw Invalid_Argument("X509_CA: This certificate is not for a CA"); m_signer.reset(choose_sig_format(key, rng, hash_fn, m_ca_sig_algo)); From ece37db0992107bdc9416c75427047bf94f5be29 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:12:11 -0500 Subject: [PATCH 0155/1008] Add include to TLS headers which use std::function --- src/lib/tls/tls_callbacks.h | 1 + src/lib/tls/tls_channel.h | 1 + 2 files changed, 2 insertions(+) diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 50077c4a9d..962bb2489d 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -11,6 +11,7 @@ #include #include +#include namespace Botan { diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 2b21b163d4..070a190ddb 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include From cce28dc1da0ee946495b89525d74e224e6743cb3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:12:35 -0500 Subject: [PATCH 0156/1008] Add a second constructor to Decoding_Error which takes an exception string. --- src/lib/utils/exceptn.cpp | 3 +++ src/lib/utils/exceptn.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/src/lib/utils/exceptn.cpp b/src/lib/utils/exceptn.cpp index 3fa7dfd3ec..a72e45ba4c 100644 --- a/src/lib/utils/exceptn.cpp +++ b/src/lib/utils/exceptn.cpp @@ -79,6 +79,9 @@ Decoding_Error::Decoding_Error(const std::string& name) : Invalid_Argument("Decoding error: " + name) {} +Decoding_Error::Decoding_Error(const std::string& name, const char* exception_message) : + Invalid_Argument("Decoding error: " + name + " failed with exception " + exception_message) {} + Integrity_Failure::Integrity_Failure(const std::string& msg) : Exception("Integrity failure: " + msg) {} diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index e82889b5a5..2d242339df 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -179,6 +179,8 @@ class BOTAN_PUBLIC_API(2,0) Decoding_Error : public Invalid_Argument { public: explicit Decoding_Error(const std::string& name); + + Decoding_Error(const std::string& name, const char* exception_message); }; /** From 1091bd40435bd5e01cab27f488c03f0a7d2e38d7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:12:59 -0500 Subject: [PATCH 0157/1008] Add OIDS::oid2str and str2oid Using the name "lookup" for both directions is confusing. --- src/lib/asn1/oids.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/lib/asn1/oids.h b/src/lib/asn1/oids.h index 7feeee6ece..5b175e9a5c 100644 --- a/src/lib/asn1/oids.h +++ b/src/lib/asn1/oids.h @@ -29,6 +29,16 @@ BOTAN_PUBLIC_API(2,0) std::string lookup(const OID& oid); */ BOTAN_PUBLIC_API(2,0) OID lookup(const std::string& name); +inline std::string oid2str(const OID& oid) + { + return lookup(oid); + } + +inline OID str2oid(const std::string& name) + { + return lookup(name); + } + /** * See if an OID exists in the internal table. * @param oid the oid to check for From 72a5d030625341cc372b5a7ced454dd6d309f3e5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:57:58 -0500 Subject: [PATCH 0158/1008] Support seeking in Salsa20 Add a test that StreamCipher::seek throws if not keyed. --- src/lib/stream/chacha/chacha.cpp | 5 +---- src/lib/stream/ctr/ctr.cpp | 2 ++ src/lib/stream/ofb/ofb.cpp | 2 +- src/lib/stream/rc4/rc4.cpp | 2 +- src/lib/stream/salsa20/info.txt | 2 +- src/lib/stream/salsa20/salsa20.cpp | 19 +++++++++++++++++-- src/tests/data/stream/salsa20.vec | 24 ++++++++++++++++++++++++ src/tests/test_stream.cpp | 14 ++++++++++++++ 8 files changed, 61 insertions(+), 9 deletions(-) diff --git a/src/lib/stream/chacha/chacha.cpp b/src/lib/stream/chacha/chacha.cpp index 52e5eaaf44..0f1e082cfe 100644 --- a/src/lib/stream/chacha/chacha.cpp +++ b/src/lib/stream/chacha/chacha.cpp @@ -222,10 +222,7 @@ std::string ChaCha::name() const void ChaCha::seek(uint64_t offset) { - if (m_state.size() == 0 && m_buffer.size() == 0) - { - throw Invalid_State("You have to setup the stream cipher (key and iv)"); - } + verify_key_set(m_state.empty() == false); // Find the block offset uint64_t counter = offset / 64; diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index 463119caf7..21e62fb4b5 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -174,6 +174,8 @@ void CTR_BE::add_counter(const uint64_t counter) void CTR_BE::seek(uint64_t offset) { + verify_key_set(m_iv.empty() == false); + const uint64_t base_counter = m_ctr_blocks * (offset / m_counter.size()); zeroise(m_counter); diff --git a/src/lib/stream/ofb/ofb.cpp b/src/lib/stream/ofb/ofb.cpp index 5a2d63dd48..75b7048aaf 100644 --- a/src/lib/stream/ofb/ofb.cpp +++ b/src/lib/stream/ofb/ofb.cpp @@ -66,6 +66,6 @@ void OFB::set_iv(const uint8_t iv[], size_t iv_len) void OFB::seek(uint64_t) { - throw Exception("OFB does not support seeking"); + throw Not_Implemented("OFB does not support seeking"); } } diff --git a/src/lib/stream/rc4/rc4.cpp b/src/lib/stream/rc4/rc4.cpp index 60565d445e..cce09d183b 100644 --- a/src/lib/stream/rc4/rc4.cpp +++ b/src/lib/stream/rc4/rc4.cpp @@ -115,6 +115,6 @@ RC4::RC4(size_t s) : m_SKIP(s) {} void RC4::seek(uint64_t) { - throw Exception("RC4 does not support seeking"); + throw Not_Implemented("RC4 does not support seeking"); } } diff --git a/src/lib/stream/salsa20/info.txt b/src/lib/stream/salsa20/info.txt index 3c7fed8fea..8e9bfa5683 100644 --- a/src/lib/stream/salsa20/info.txt +++ b/src/lib/stream/salsa20/info.txt @@ -1,3 +1,3 @@ -SALSA20 -> 20131128 +SALSA20 -> 20171114 diff --git a/src/lib/stream/salsa20/salsa20.cpp b/src/lib/stream/salsa20/salsa20.cpp index 3f93cee94e..ce22adcb74 100644 --- a/src/lib/stream/salsa20/salsa20.cpp +++ b/src/lib/stream/salsa20/salsa20.cpp @@ -234,8 +234,23 @@ void Salsa20::clear() m_position = 0; } -void Salsa20::seek(uint64_t) +void Salsa20::seek(uint64_t offset) { - throw Not_Implemented("Salsa20::seek"); + verify_key_set(m_state.empty() == false); + + // Find the block offset + const uint64_t counter = offset / 64; + uint8_t counter8[8]; + store_le(counter, counter8); + + m_state[8] = load_le(counter8, 0); + m_state[9] += load_le(counter8, 1); + + salsa20(m_buffer.data(), m_state.data()); + + ++m_state[8]; + m_state[9] += (m_state[8] == 0); + + m_position = offset % 64; } } diff --git a/src/tests/data/stream/salsa20.vec b/src/tests/data/stream/salsa20.vec index afe111266a..e8276bf32c 100644 --- a/src/tests/data/stream/salsa20.vec +++ b/src/tests/data/stream/salsa20.vec @@ -30,3 +30,27 @@ Key = 3070F0DB09C523507D36404DAC79038A393E9F0E3CF5F870B16D2A06DA68DCD3 In = F4EA120B47D15466ADE07DF0F2FF508759D9CB1035CEEAB43920E9094FA50B868673B07173557D4B994B1E9D35078C1C7369DF6B6ADB2EC0E6BFD280FEA8AC31DB44BEB0C2A4DDC6198957BD0592E3E587D304863B893FF8EEE0EFC70CED5D712651C3E9DD1A0DE0480FD8CCCBAE4C50DCCBACB83DCDC3E2CEF7DBC645F0AF468163FB0E015EF48AD74694DFBCE2DB8430A6E91645FD16ADBB72E21A0FBAEDF5ECFF829CEA9CBC22F82902748AA52DA5CE903D9F2BDE77EFEF5FA3970C720E89F25DD05157247BF0DE2D2129C3F856238D4FAD Nonce = 4AFE87BF79EB938D786BA54C26FD6D7E62261EEAE8B62202 Out = 46F396F0D2D54189968BF56B5B2F35588C3AD851E00FAC6507598F3EA0193A586C00B18677811CC305B0261D9AEBBB9C0485A5800C940AA4F09C4FBDEDE12553824C429C7954E0B8DAD889203D292517B98A64E8D7A37C1364EB0934751323D9B9F8498F50D729E977FB742880222F22AC5D7BFEBE6905A4C344D82027398A70C334635792DEB0F20B83861B05E731F5627AEE17DF20413C79957556E66A970085E9AD40A73D9A964381584976C6F111619A916FBB5F5D305DF862D5A56BAC9FF9B436F31C85F34FF890B5AD3299EDA2B8642D + +Key = 000102030405060708090A0B0C0D0E0F +Nonce = 0000000000000000 +Seek = 3 +Out = F7BA2B20F76802410C688688895AD8C1BD4EA6C9B140FB9B90E21049BF583F527970EBC1 + +Key = 0F62B5085BAE0154A7FA4DA0F34699EC3F92E5388BDE3184D72A7DD02376C91C +Nonce = 288FF65DC42B92F9 +Out = 5E5E71F90199340304ABB22A37B6625BF883FB89CE3B21F54A10B81066EF87DA30B77699AA7379DA595C77DD59542DA208E5954F89E40EB7AA80A84A6176663F + +Key = 0F62B5085BAE0154A7FA4DA0F34699EC3F92E5388BDE3184D72A7DD02376C91C +Nonce = 288FF65DC42B92F9 +Seek = 65472 +Out = 2DA2174BD150A1DFEC1796E921E9D6E24ECF0209BCBEA4F98370FCE629056F64917283436E2D3F45556225307D5CC5A565325D8993B37F1654195C240BF75B16 + +Key = 0F62B5085BAE0154A7FA4DA0F34699EC3F92E5388BDE3184D72A7DD02376C91C +Nonce = 288FF65DC42B92F9 +Seek = 65473 +Out = A2174BD150A1DFEC1796E921E9D6E24ECF0209BCBEA4F98370FCE629056F64917283436E2D3F45556225307D5CC5A565325D8993B37F1654195C240BF75B16ABF39A + +Key = 0F62B5085BAE0154A7FA4DA0F34699EC3F92E5388BDE3184D72A7DD02376C91C +Nonce = 288FF65DC42B92F9 +Seek = 65479 +Out = DFEC1796E921E9D6E24ECF0209BCBEA4F98370FCE629056F64917283436E2D3F45556225307D5CC5A565325D8993B37F1654195C240BF75B16ABF39A210EEE89598B7133377056C2FE diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp index c430c0cf30..ab9de228b9 100644 --- a/src/tests/test_stream.cpp +++ b/src/tests/test_stream.cpp @@ -68,6 +68,20 @@ class Stream_Cipher_Tests final : public Text_Based_Test result.test_success("Trying to encrypt with no key set fails"); } + try + { + cipher->seek(0); + result.test_failure("Was able to seek without a key being set"); + } + catch(Botan::Invalid_State&) + { + result.test_success("Trying to seek with no key set fails"); + } + catch(Botan::Not_Implemented&) + { + result.test_success("Trying to seek failed because not implemented"); + } + cipher->set_key(key); if(nonce.size()) From f66fd9c12ff7d64c925e73be12a27135790994c3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 16:19:19 -0500 Subject: [PATCH 0159/1008] Fix seek test with OpenSSL RC4 --- src/lib/prov/openssl/openssl_rc4.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/prov/openssl/openssl_rc4.cpp b/src/lib/prov/openssl/openssl_rc4.cpp index b24760f457..661fda23c2 100644 --- a/src/lib/prov/openssl/openssl_rc4.cpp +++ b/src/lib/prov/openssl/openssl_rc4.cpp @@ -56,7 +56,7 @@ class OpenSSL_RC4 final : public StreamCipher void seek(uint64_t) override { - throw Exception("RC4 does not support seeking"); + throw Not_Implemented("RC4 does not support seeking"); } private: void cipher(const uint8_t in[], uint8_t out[], size_t length) override From ce9326bef92b2ef4cd93a1de232b0daec0357a3f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:14:24 -0500 Subject: [PATCH 0160/1008] Move X509_DN and AlternativeName from asn1 to x509 --- src/lib/asn1/asn1_alt_name.h | 47 ------------------- src/lib/{asn1 => x509}/asn1_alt_name.cpp | 39 ++++++++-------- src/lib/x509/asn1_alt_name.h | 58 ++++++++++++++++++++++++ src/lib/x509/ocsp.h | 1 + src/lib/{asn1 => x509}/x509_dn.cpp | 27 +++++++++-- src/lib/{asn1 => x509}/x509_dn.h | 22 +++++---- src/tests/test_pkcs11_high_level.cpp | 1 + src/tests/test_x509_dn.cpp | 4 +- 8 files changed, 118 insertions(+), 81 deletions(-) delete mode 100644 src/lib/asn1/asn1_alt_name.h rename src/lib/{asn1 => x509}/asn1_alt_name.cpp (90%) create mode 100644 src/lib/x509/asn1_alt_name.h rename src/lib/{asn1 => x509}/x509_dn.cpp (93%) rename src/lib/{asn1 => x509}/x509_dn.h (68%) diff --git a/src/lib/asn1/asn1_alt_name.h b/src/lib/asn1/asn1_alt_name.h deleted file mode 100644 index 9a9b759d7b..0000000000 --- a/src/lib/asn1/asn1_alt_name.h +++ /dev/null @@ -1,47 +0,0 @@ -/* -* Common ASN.1 Objects -* (C) 1999-2007 Jack Lloyd -* 2007 Yves Jerschow -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ASN1_ALT_NAME_H_ -#define BOTAN_ASN1_ALT_NAME_H_ - -#include -#include -#include -#include - -namespace Botan { - -/** -* Alternative Name -*/ -class BOTAN_PUBLIC_API(2,0) AlternativeName final : public ASN1_Object - { - public: - void encode_into(class DER_Encoder&) const override; - void decode_from(class BER_Decoder&) override; - - std::multimap contents() const; - - void add_attribute(const std::string&, const std::string&); - std::multimap get_attributes() const; - - void add_othername(const OID&, const std::string&, ASN1_Tag); - std::multimap get_othernames() const; - - bool has_items() const; - - AlternativeName(const std::string& = "", const std::string& = "", - const std::string& = "", const std::string& = ""); - private: - std::multimap m_alt_info; - std::multimap m_othernames; - }; - -} - -#endif diff --git a/src/lib/asn1/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp similarity index 90% rename from src/lib/asn1/asn1_alt_name.cpp rename to src/lib/x509/asn1_alt_name.cpp index 9403128867..8b3d2d6e95 100644 --- a/src/lib/asn1/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -52,17 +52,17 @@ AlternativeName::AlternativeName(const std::string& email_addr, * Add an attribute to an alternative name */ void AlternativeName::add_attribute(const std::string& type, - const std::string& str) + const std::string& value) { - if(type.empty() || str.empty()) + if(type.empty() || value.empty()) return; auto range = m_alt_info.equal_range(type); for(auto j = range.first; j != range.second; ++j) - if(j->second == str) + if(j->second == value) return; - multimap_insert(m_alt_info, type, str); + multimap_insert(m_alt_info, type, value); } /* @@ -76,22 +76,6 @@ void AlternativeName::add_othername(const OID& oid, const std::string& value, multimap_insert(m_othernames, oid, ASN1_String(value, type)); } -/* -* Get the attributes of this alternative name -*/ -std::multimap AlternativeName::get_attributes() const - { - return m_alt_info; - } - -/* -* Get the otherNames -*/ -std::multimap AlternativeName::get_othernames() const - { - return m_othernames; - } - /* * Return all of the alternative names */ @@ -108,6 +92,21 @@ std::multimap AlternativeName::contents() const return names; } +bool AlternativeName::has_field(const std::string& attr) const + { + auto range = m_alt_info.equal_range(attr); + return (range.first != range.second); + } + +std::vector AlternativeName::get_attribute(const std::string& attr) const + { + std::vector results; + auto range = m_alt_info.equal_range(attr); + for(auto i = range.first; i != range.second; ++i) + results.push_back(i->second); + return results; + } + /* * Return if this object has anything useful */ diff --git a/src/lib/x509/asn1_alt_name.h b/src/lib/x509/asn1_alt_name.h new file mode 100644 index 0000000000..81f933ea08 --- /dev/null +++ b/src/lib/x509/asn1_alt_name.h @@ -0,0 +1,58 @@ +/* +* (C) 1999-2007 Jack Lloyd +* 2007 Yves Jerschow +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_X509_ALT_NAME_H_ +#define BOTAN_X509_ALT_NAME_H_ + +#include +#include +#include +#include + +namespace Botan { + +/** +* Alternative Name +*/ +class BOTAN_PUBLIC_API(2,0) AlternativeName final : public ASN1_Object + { + public: + void encode_into(class DER_Encoder&) const override; + void decode_from(class BER_Decoder&) override; + + std::multimap contents() const; + + bool has_field(const std::string& attr) const; + std::vector get_attribute(const std::string& attr) const; + + void add_attribute(const std::string& type, const std::string& value); + void add_othername(const OID& oid, const std::string& value, ASN1_Tag type); + + const std::multimap& get_attributes() const + { + return m_alt_info; + } + + const std::multimap& get_othernames() const + { + return m_othernames; + } + + bool has_items() const; + + AlternativeName(const std::string& email_addr = "", + const std::string& uri = "", + const std::string& dns = "", + const std::string& ip_address = ""); + private: + std::multimap m_alt_info; + std::multimap m_othernames; + }; + +} + +#endif diff --git a/src/lib/x509/ocsp.h b/src/lib/x509/ocsp.h index 254de50383..33177dc59a 100644 --- a/src/lib/x509/ocsp.h +++ b/src/lib/x509/ocsp.h @@ -10,6 +10,7 @@ #include #include +#include namespace Botan { diff --git a/src/lib/asn1/x509_dn.cpp b/src/lib/x509/x509_dn.cpp similarity index 93% rename from src/lib/asn1/x509_dn.cpp rename to src/lib/x509/x509_dn.cpp index dd92b25ecc..ce1300e536 100644 --- a/src/lib/asn1/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -83,6 +83,25 @@ std::multimap X509_DN::contents() const return retval; } +bool X509_DN::has_field(const std::string& attr) const + { + const OID oid = OIDS::lookup(deref_info_field(attr)); + auto range = m_dn_info.equal_range(oid); + return (range.first != range.second); + } + +std::string X509_DN::get_first_attribute(const std::string& attr) const + { + const OID oid = OIDS::lookup(deref_info_field(attr)); + + auto range = m_dn_info.equal_range(oid); + + if(range.first != m_dn_info.end()) + return range.first->second.value(); + + return ""; + } + /* * Get a single attribute type */ @@ -98,10 +117,7 @@ std::vector X509_DN::get_attribute(const std::string& attr) const return values; } -/* -* Return the BER encoded data, if any -*/ -std::vector X509_DN::get_bits() const +const std::vector& X509_DN::get_bits() const { return m_dn_bits; } @@ -278,6 +294,9 @@ std::string to_short_form(const std::string& long_id) if(long_id == "X520.CommonName") return "CN"; + if(long_id == "X520.Country") + return "C"; + if(long_id == "X520.Organization") return "O"; diff --git a/src/lib/asn1/x509_dn.h b/src/lib/x509/x509_dn.h similarity index 68% rename from src/lib/asn1/x509_dn.h rename to src/lib/x509/x509_dn.h index 09f8cf16b9..cbd89de7c3 100644 --- a/src/lib/asn1/x509_dn.h +++ b/src/lib/x509/x509_dn.h @@ -25,23 +25,29 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object void encode_into(class DER_Encoder&) const override; void decode_from(class BER_Decoder&) override; - std::multimap get_attributes() const; - std::vector get_attribute(const std::string&) const; + bool has_field(const std::string& attr) const; + std::vector get_attribute(const std::string& attr) const; + + std::string get_first_attribute(const std::string& attr) const; + std::multimap get_attributes() const; std::multimap contents() const; - void add_attribute(const std::string&, const std::string&); - void add_attribute(const OID&, const std::string&); + void add_attribute(const std::string& key, const std::string& val); + void add_attribute(const OID& oid, const std::string& val); - static std::string deref_info_field(const std::string&); + static std::string deref_info_field(const std::string& key); - std::vector get_bits() const; + /* + * Return the BER encoded data, if any + */ + const std::vector& get_bits() const; bool empty() const { return m_dn_info.empty(); } X509_DN() = default; - explicit X509_DN(const std::multimap&); - explicit X509_DN(const std::multimap&); + explicit X509_DN(const std::multimap& vals); + explicit X509_DN(const std::multimap& vals); private: std::multimap m_dn_info; std::vector m_dn_bits; diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 7b4f749fbb..1ae7f55275 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -47,6 +47,7 @@ #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_PKCS11) #include + #include #endif #if defined(BOTAN_HAS_HMAC_DRBG) diff --git a/src/tests/test_x509_dn.cpp b/src/tests/test_x509_dn.cpp index 55cf05c1c1..74803909b9 100644 --- a/src/tests/test_x509_dn.cpp +++ b/src/tests/test_x509_dn.cpp @@ -6,14 +6,14 @@ #include "tests.h" -#if defined(BOTAN_HAS_ASN1) +#if defined(BOTAN_HAS_CERTIFICATES) #include #include #endif namespace Botan_Tests { -#if defined(BOTAN_HAS_ASN1) +#if defined(BOTAN_HAS_CERTIFICATES) class X509_DN_Comparisons_Tests final : public Text_Based_Test { public: From 619097fd33401a5ea81769ca8bec07a51f5c198e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:15:41 -0500 Subject: [PATCH 0161/1008] In X509_CA save the hash function used --- src/lib/x509/x509_ca.cpp | 6 ++++-- src/lib/x509/x509_ca.h | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 81536c768b..6820021116 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -25,12 +25,14 @@ namespace Botan { X509_CA::X509_CA(const X509_Certificate& c, const Private_Key& key, const std::string& hash_fn, - RandomNumberGenerator& rng) : m_ca_cert(c) + RandomNumberGenerator& rng) : + m_ca_cert(c), + m_hash_fn(hash_fn) { if(!m_ca_cert.is_CA_cert()) throw Invalid_Argument("X509_CA: This certificate is not for a CA"); - m_signer.reset(choose_sig_format(key, rng, hash_fn, m_ca_sig_algo)); + m_signer.reset(choose_sig_format(key, rng, m_hash_fn, m_ca_sig_algo)); } /* diff --git a/src/lib/x509/x509_ca.h b/src/lib/x509/x509_ca.h index 7859a20584..cd122a6fc2 100644 --- a/src/lib/x509/x509_ca.h +++ b/src/lib/x509/x509_ca.h @@ -116,7 +116,13 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final X509_CA(const X509_CA&) = delete; X509_CA& operator=(const X509_CA&) = delete; +#if !defined(BOTAN_BUILD_COMPILER_IS_MSVC_2013) + X509_CA(X509_CA&&) = default; + X509_CA& operator=(X509_CA&&) = default; +#endif + ~X509_CA(); + private: X509_CRL make_crl(const std::vector& entries, uint32_t crl_number, uint32_t next_update, @@ -124,6 +130,7 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final AlgorithmIdentifier m_ca_sig_algo; X509_Certificate m_ca_cert; + std::string m_hash_fn; std::unique_ptr m_signer; }; From 653453b211d94538fb158b830eb8bf4872e4288d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:17:37 -0500 Subject: [PATCH 0162/1008] Require SHA-2 for X.509 module The certstore interface assumes it and it's probably not unreasonable... --- src/lib/x509/info.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/x509/info.txt b/src/lib/x509/info.txt index 8221dc0f15..6b136cbcf2 100644 --- a/src/lib/x509/info.txt +++ b/src/lib/x509/info.txt @@ -7,4 +7,5 @@ OCSP -> 20161118 asn1 pubkey sha1 +sha2_32 From 9d4f65f3ddd2afebfc59c7104ffe3814c0776dc7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:18:29 -0500 Subject: [PATCH 0163/1008] Use new Decoding_Error constructor --- src/lib/x509/x509_obj.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index f566be00e5..dad27d6ff4 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -299,13 +299,11 @@ void X509_Object::do_decode() } catch(Decoding_Error& e) { - throw Decoding_Error(m_PEM_label_pref + " decoding failed (" + - e.what() + ")"); + throw Decoding_Error(m_PEM_label_pref + " decoding failed", e.what()); } catch(Invalid_Argument& e) { - throw Decoding_Error(m_PEM_label_pref + " decoding failed (" + - e.what() + ")"); + throw Decoding_Error(m_PEM_label_pref + " decoding failed", e.what()); } } From dbcdaa424c98ad10ff9657f3574c130a11139228 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:19:07 -0500 Subject: [PATCH 0164/1008] Store all data of an X509 certificate in a shared_ptr data struct. --- src/lib/x509/datastor.cpp | 41 +++ src/lib/x509/datastor.h | 28 +- src/lib/x509/x509cert.cpp | 685 +++++++++++++++++++++----------------- src/lib/x509/x509cert.h | 177 ++++++---- 4 files changed, 567 insertions(+), 364 deletions(-) diff --git a/src/lib/x509/datastor.cpp b/src/lib/x509/datastor.cpp index ae6b1e45c8..2cdd3458ca 100644 --- a/src/lib/x509/datastor.cpp +++ b/src/lib/x509/datastor.cpp @@ -161,4 +161,45 @@ void Data_Store::add(const std::multimap& in) } } +/* +* Create and populate a X509_DN +*/ +X509_DN create_dn(const Data_Store& info) + { + auto names = info.search_for( + [](const std::string& key, const std::string&) + { + return (key.find("X520.") != std::string::npos); + }); + + X509_DN dn; + + for(auto i = names.begin(); i != names.end(); ++i) + dn.add_attribute(i->first, i->second); + + return dn; + } + +/* +* Create and populate an AlternativeName +*/ +AlternativeName create_alt_name(const Data_Store& info) + { + auto names = info.search_for( + [](const std::string& key, const std::string&) + { + return (key == "RFC822" || + key == "DNS" || + key == "URI" || + key == "IP"); + }); + + AlternativeName alt_name; + + for(auto i = names.begin(); i != names.end(); ++i) + alt_name.add_attribute(i->first, i->second); + + return alt_name; + } + } diff --git a/src/lib/x509/datastor.h b/src/lib/x509/datastor.h index c730c71407..556a789846 100644 --- a/src/lib/x509/datastor.h +++ b/src/lib/x509/datastor.h @@ -8,7 +8,8 @@ #ifndef BOTAN_DATA_STORE_H_ #define BOTAN_DATA_STORE_H_ -#include +#include +#include #include #include #include @@ -23,7 +24,7 @@ namespace Botan { * reasons. There is no reason for applications to use this type directly. * It will be removed in a future major release. */ -class BOTAN_PUBLIC_API(2,0) Data_Store +class BOTAN_UNSTABLE_API Data_Store { public: /** @@ -55,6 +56,29 @@ class BOTAN_PUBLIC_API(2,0) Data_Store std::multimap m_contents; }; +/* +* Data Store Extraction Operations +*/ + +/* +* Create and populate a X509_DN +* @param info data store containing DN information +* @return DN containing attributes from data store +*/ +BOTAN_PUBLIC_API(2,0) X509_DN +BOTAN_DEPRECATED("Avoid roundtripping names through Data_Store") +create_dn(const Data_Store& info); + +/* +* Create and populate an AlternativeName +* @param info data store containing AlternativeName information +* @return AlternativeName containing attributes from data store +*/ +BOTAN_PUBLIC_API(2,0) AlternativeName +BOTAN_DEPRECATED("Avoid roundtripping names through Data_Store") +create_alt_name(const Data_Store& info); + + } #endif diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 5a6588ecc8..808d4b2b20 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -1,12 +1,13 @@ /* * X.509 Certificates -* (C) 1999-2010,2015 Jack Lloyd +* (C) 1999-2010,2015,2017 Jack Lloyd * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ #include +#include #include #include #include @@ -20,29 +21,59 @@ namespace Botan { -namespace { +struct X509_Certificate_Data + { + size_t m_version = 0; + std::vector m_serial; + AlgorithmIdentifier m_sig_algo_inner; + X509_DN m_issuer_dn; + X509_DN m_subject_dn; + std::vector m_issuer_dn_bits; + std::vector m_subject_dn_bits; + X509_Time m_not_before; + X509_Time m_not_after; + std::vector m_subject_public_key_bits; + AlgorithmIdentifier m_subject_public_key_algid; + std::vector m_subject_public_key_bitstring; + std::vector m_subject_public_key_bitstring_sha1; + + std::vector m_v2_issuer_key_id; + std::vector m_v2_subject_key_id; + Extensions m_v3_extensions; + + Key_Constraints m_key_constraints; + std::vector m_extended_key_usage; + std::vector m_authority_key_id; + std::vector m_subject_key_id; + + std::vector m_crl_distribution_points; + std::string m_ocsp_responder; + + size_t m_path_len_constraint = 0; + bool m_self_signed = false; + bool m_is_ca_certificate = false; + + AlternativeName m_subject_alt_name; + AlternativeName m_issuer_alt_name; + + Data_Store m_subject_ds; + Data_Store m_issuer_ds; + }; /* -* Lookup each OID in the vector +* X509_Certificate Constructor */ -std::vector lookup_oids(const std::vector& in) +X509_Certificate::X509_Certificate(DataSource& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { - std::vector out; - - for(auto i = in.begin(); i != in.end(); ++i) - out.push_back(OIDS::lookup(OID(*i))); - return out; + do_decode(); } -} - /* * X509_Certificate Constructor */ -X509_Certificate::X509_Certificate(DataSource& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"), - m_self_signed(false), - m_v3_extensions(false) +X509_Certificate::X509_Certificate(const std::vector& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") { do_decode(); } @@ -52,71 +83,55 @@ X509_Certificate::X509_Certificate(DataSource& in) : * X509_Certificate Constructor */ X509_Certificate::X509_Certificate(const std::string& fsname) : - X509_Object(fsname, "CERTIFICATE/X509 CERTIFICATE"), - m_self_signed(false), - m_v3_extensions(false) + X509_Object(fsname, "CERTIFICATE/X509 CERTIFICATE") { do_decode(); } #endif -/* -* X509_Certificate Constructor -*/ -X509_Certificate::X509_Certificate(const std::vector& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"), - m_self_signed(false), - m_v3_extensions(false) - { - do_decode(); - } +namespace { -/* -* Decode the TBSCertificate data -*/ -void X509_Certificate::force_decode() +std::unique_ptr parse_x509_cert_body(const X509_Object& obj) { - size_t version; - BigInt serial_bn; - AlgorithmIdentifier sig_algo_inner; - X509_DN dn_issuer, dn_subject; - X509_Time start, end; + std::unique_ptr data(new X509_Certificate_Data); - BER_Decoder tbs_cert(signed_body()); + BER_Decoder tbs_cert(obj.signed_body()); + BigInt serial_bn; - tbs_cert.decode_optional(version, ASN1_Tag(0), + tbs_cert.decode_optional(data->m_version, ASN1_Tag(0), ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) .decode(serial_bn) - .decode(sig_algo_inner) - .decode(dn_issuer) + .decode(data->m_sig_algo_inner) + .decode(data->m_issuer_dn) .start_cons(SEQUENCE) - .decode(start) - .decode(end) + .decode(data->m_not_before) + .decode(data->m_not_after) .end_cons() - .decode(dn_subject); - - if(version > 2) - throw Decoding_Error("Unknown X.509 cert version " + std::to_string(version)); - if(signature_algorithm() != sig_algo_inner) - throw Decoding_Error("Algorithm identifier mismatch"); + .decode(data->m_subject_dn); + if(data->m_version > 2) + throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); + if(obj.signature_algorithm() != data->m_sig_algo_inner) + throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields"); - m_subject.add(dn_subject.contents()); - m_issuer.add(dn_issuer.contents()); + // for general sanity convert wire version (0 based) to standards version (v1 .. v3) + data->m_version += 1; - m_subject.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_subject.get_bits())); - m_issuer.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_issuer.get_bits())); + data->m_serial = BigInt::encode(serial_bn); + data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); + data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); BER_Object public_key = tbs_cert.get_next_object(); if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); + // validate_public_key_params(public_key.value); AlgorithmIdentifier public_key_alg_id; BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining(); std::vector public_key_info = - split_on(OIDS::lookup(public_key_alg_id.oid), '/'); + split_on(OIDS::oid2str(public_key_alg_id.oid), '/'); if(!public_key_info.empty() && public_key_info[0] == "RSA") { @@ -139,7 +154,7 @@ void X509_Certificate::force_decode() ToDo: Allow salt length to be greater */ - if(public_key_alg_id != signature_algorithm()) + if(public_key_alg_id != obj.signature_algorithm()) { throw Decoding_Error("Algorithm identifier mismatch"); } @@ -159,146 +174,260 @@ void X509_Certificate::force_decode() } } - std::vector v2_issuer_key_id, v2_subject_key_id; + data->m_subject_public_key_bits = unlock(public_key.value); - tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); - tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); + BER_Decoder(data->m_subject_public_key_bits) + .decode(data->m_subject_public_key_algid) + .decode(data->m_subject_public_key_bitstring, BIT_STRING); + + tbs_cert.decode_optional_string(data->m_v2_issuer_key_id, BIT_STRING, 1); + tbs_cert.decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2); BER_Object v3_exts_data = tbs_cert.get_next_object(); if(v3_exts_data.type_tag == 3 && v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) { - BER_Decoder(v3_exts_data.value).decode(m_v3_extensions).verify_end(); - m_v3_extensions.contents_to(m_subject, m_issuer); + BER_Decoder(v3_exts_data.value).decode(data->m_v3_extensions).verify_end(); } else if(v3_exts_data.type_tag != NO_OBJECT) throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.type_tag, v3_exts_data.class_tag); if(tbs_cert.more_items()) - throw Decoding_Error("TBSCertificate has more items that expected"); + throw Decoding_Error("TBSCertificate has extra data after extensions block"); + + // Now cache some fields from the extensions + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_key_constraints = ext->get_constraints(); + } + else + { + data->m_key_constraints = NO_CONSTRAINTS; + } - m_subject.add("X509.Certificate.version", static_cast(version)); - m_subject.add("X509.Certificate.serial", BigInt::encode(serial_bn)); - m_subject.add("X509.Certificate.start", start.to_string()); - m_subject.add("X509.Certificate.end", end.to_string()); + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_subject_key_id = ext->get_key_id(); + } - m_issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id); - m_subject.add("X509.Certificate.v2.key_id", v2_subject_key_id); + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_authority_key_id = ext->get_key_id(); + } - m_subject.add("X509.Certificate.public_key", hex_encode(public_key.value)); + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + if(ext->get_is_ca() == true) + { + if(data->m_key_constraints == NO_CONSTRAINTS || + (data->m_key_constraints & KEY_CERT_SIGN)) + { + data->m_is_ca_certificate = true; + data->m_path_len_constraint = ext->get_path_limit(); + } + } + } + + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_issuer_alt_name = ext->get_alt_name(); + } - m_self_signed = false; - if(dn_subject == dn_issuer) + if(auto ext = data->m_v3_extensions.get_extension_object_as()) { - std::unique_ptr pub_key(subject_public_key()); - m_self_signed = check_signature(*pub_key); + data->m_subject_alt_name = ext->get_alt_name(); } - if(m_self_signed && version == 0) + if(auto ext = data->m_v3_extensions.get_extension_object_as()) { - m_subject.add("X509v3.BasicConstraints.is_ca", 1); - m_subject.add("X509v3.BasicConstraints.path_constraint", Cert_Extension::NO_CERT_PATH_LIMIT); + data->m_extended_key_usage = ext->get_oids(); } - if(is_CA_cert() && - !m_subject.has_value("X509v3.BasicConstraints.path_constraint")) + if(auto ext = data->m_v3_extensions.get_extension_object_as()) { - const size_t limit = (x509_version() < 3) ? - Cert_Extension::NO_CERT_PATH_LIMIT : 0; + data->m_ocsp_responder = ext->ocsp_responder(); + } - m_subject.add("X509v3.BasicConstraints.path_constraint", static_cast(limit)); + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_crl_distribution_points = ext->crl_distribution_urls(); } + + // Check for self-signed vs self-issued certificates + if(data->m_subject_dn == data->m_issuer_dn) + { + std::unique_ptr pub_key( + X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits))); + data->m_self_signed = obj.check_signature(*pub_key); + } + + std::unique_ptr sha1(HashFunction::create("SHA-1")); + if(sha1) + { + sha1->update(data->m_subject_public_key_bitstring); + data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec(); + // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called + } + + data->m_subject_ds.add(data->m_subject_dn.contents()); + data->m_issuer_ds.add(data->m_issuer_dn.contents()); + data->m_v3_extensions.contents_to(data->m_subject_ds, data->m_issuer_ds); + + return data; } +} + /* -* Return the X.509 version in use +* Decode the TBSCertificate data */ +void X509_Certificate::force_decode() + { + m_data.reset(); + + std::unique_ptr data = parse_x509_cert_body(*this); + + m_data.reset(data.release()); + } + +const X509_Certificate_Data& X509_Certificate::data() const + { + if(m_data == nullptr) + { + abort(); + throw Decoding_Error("Failed to parse X509 certificate"); + } + return *m_data.get(); + } + uint32_t X509_Certificate::x509_version() const { - return (m_subject.get1_uint32("X509.Certificate.version") + 1); + return data().m_version; } -/* -* Return the time this cert becomes valid -*/ -std::string X509_Certificate::start_time() const +bool X509_Certificate::is_self_signed() const { - return m_subject.get1("X509.Certificate.start"); + return data().m_self_signed; } -/* -* Return the time this cert becomes invalid -*/ -std::string X509_Certificate::end_time() const +const X509_Time& X509_Certificate::not_before() const { - return m_subject.get1("X509.Certificate.end"); + return data().m_not_before; } -/* -* Return information about the subject -*/ -std::vector -X509_Certificate::subject_info(const std::string& what) const +const X509_Time& X509_Certificate::not_after() const { - return m_subject.get(X509_DN::deref_info_field(what)); + return data().m_not_after; } -/* -* Return information about the issuer -*/ -std::vector -X509_Certificate::issuer_info(const std::string& what) const +const std::vector& X509_Certificate::v2_issuer_key_id() const { - return m_issuer.get(X509_DN::deref_info_field(what)); + return data().m_v2_issuer_key_id; } -/* -* Return the public key in this certificate -*/ -Public_Key* X509_Certificate::subject_public_key() const +const std::vector& X509_Certificate::v2_subject_key_id() const + { + return data().m_v2_subject_key_id; + } + +const std::vector& X509_Certificate::subject_public_key_bits() const { - return X509::load_key( - ASN1::put_in_sequence(this->subject_public_key_bits())); + return data().m_subject_public_key_bits; } -std::vector X509_Certificate::subject_public_key_bits() const +const std::vector& X509_Certificate::subject_public_key_bitstring() const { - return hex_decode(m_subject.get1("X509.Certificate.public_key")); + return data().m_subject_public_key_bitstring; } -std::vector X509_Certificate::subject_public_key_bitstring() const +std::vector X509_Certificate::subject_public_key_bitstring_sha1() const { - // TODO: cache this - const std::vector key_bits = subject_public_key_bits(); + if(data().m_subject_public_key_bitstring_sha1.empty()) + throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build"); + + return data().m_subject_public_key_bitstring_sha1; + } - AlgorithmIdentifier public_key_algid; - std::vector public_key_bitstr; +const std::vector& X509_Certificate::authority_key_id() const + { + return data().m_authority_key_id; + } - BER_Decoder(key_bits) - .decode(public_key_algid) - .decode(public_key_bitstr, BIT_STRING); +const std::vector& X509_Certificate::subject_key_id() const + { + return data().m_subject_key_id; + } - return public_key_bitstr; +const std::vector& X509_Certificate::serial_number() const + { + return data().m_serial; } -std::vector X509_Certificate::subject_public_key_bitstring_sha1() const +const X509_DN& X509_Certificate::issuer_dn() const { - // TODO: cache this value - std::unique_ptr hash(HashFunction::create("SHA-1")); - hash->update(this->subject_public_key_bitstring()); - return hash->final_stdvec(); + return data().m_issuer_dn; + } + +const X509_DN& X509_Certificate::subject_dn() const + { + return data().m_subject_dn; + } + +const std::vector& X509_Certificate::raw_issuer_dn() const + { + return data().m_issuer_dn_bits; + } + +const std::vector& X509_Certificate::raw_subject_dn() const + { + return data().m_subject_dn_bits; + } + +bool X509_Certificate::is_CA_cert() const + { + return data().m_is_ca_certificate; + } + +uint32_t X509_Certificate::path_limit() const + { + return data().m_path_len_constraint; + } + +Key_Constraints X509_Certificate::constraints() const + { + return data().m_key_constraints; + } + +const std::vector& X509_Certificate::extended_key_usage() const + { + return data().m_extended_key_usage; + } + +std::vector X509_Certificate::certificate_policy_oids() const + { + if(auto ext = v3_extensions().get_extension_object_as()) + { + return ext->get_policy_oids(); + } + return std::vector(); } /* -* Check if the certificate is for a CA +* Return the name constraints */ -bool X509_Certificate::is_CA_cert() const +NameConstraints X509_Certificate::name_constraints() const { - if(!m_subject.get1_uint32("X509v3.BasicConstraints.is_ca")) - return false; + if(auto ext = v3_extensions().get_extension_object_as()) + { + return ext->get_name_constraints(); + } + return NameConstraints(); // no constraints + } - return allowed_usage(Key_Constraints(KEY_CERT_SIGN)); +const Extensions& X509_Certificate::v3_extensions() const + { + return data().m_v3_extensions; } bool X509_Certificate::allowed_usage(Key_Constraints usage) const @@ -310,8 +439,12 @@ bool X509_Certificate::allowed_usage(Key_Constraints usage) const bool X509_Certificate::allowed_extended_usage(const std::string& usage) const { - const std::vector ex = ex_constraints(); + return allowed_extended_usage(OIDS::str2oid(usage)); + } +bool X509_Certificate::allowed_extended_usage(const OID& usage) const + { + const std::vector& ex = extended_key_usage(); if(ex.empty()) return true; @@ -358,27 +491,13 @@ bool X509_Certificate::has_constraints(Key_Constraints constraints) const bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const { - const std::vector ex = ex_constraints(); - - if(ex.empty()) - { - return false; - } - - if(std::find(ex.begin(), ex.end(), ex_constraint) != ex.end()) - { - return true; - } - - return false; + return has_ex_constraint(OIDS::str2oid(ex_constraint)); } -/* -* Return the path length constraint -*/ -uint32_t X509_Certificate::path_limit() const +bool X509_Certificate::has_ex_constraint(const OID& usage) const { - return m_subject.get1_uint32("X509v3.BasicConstraints.path_constraint", Cert_Extension::NO_CERT_PATH_LIMIT); + const std::vector& ex = extended_key_usage(); + return (std::find(ex.begin(), ex.end(), usage) != ex.end()); } /* @@ -386,132 +505,155 @@ uint32_t X509_Certificate::path_limit() const */ bool X509_Certificate::is_critical(const std::string& ex_name) const { - return !!m_subject.get1_uint32(ex_name + ".is_critical",0); + return v3_extensions().critical_extension_set(OIDS::str2oid(ex_name)); } -/* -* Return the key usage constraints -*/ -Key_Constraints X509_Certificate::constraints() const +std::string X509_Certificate::ocsp_responder() const { - return Key_Constraints(m_subject.get1_uint32("X509v3.KeyUsage", - NO_CONSTRAINTS)); + return data().m_ocsp_responder; } -/* -* Return the list of extended key usage OIDs -*/ -std::vector X509_Certificate::ex_constraints() const +std::string X509_Certificate::crl_distribution_point() const { - return lookup_oids(m_subject.get("X509v3.ExtendedKeyUsage")); + // just returns the first (arbitrarily) + if(data().m_crl_distribution_points.size() > 0) + return data().m_crl_distribution_points[0]; + return ""; } -/* -* Return the name constraints -*/ -NameConstraints X509_Certificate::name_constraints() const +const AlternativeName& X509_Certificate::subject_alt_name() const { - std::vector permit, exclude; - - for(const std::string& v: m_subject.get("X509v3.NameConstraints.permitted")) - { - permit.push_back(GeneralSubtree(v)); - } - - for(const std::string& v: m_subject.get("X509v3.NameConstraints.excluded")) - { - exclude.push_back(GeneralSubtree(v)); - } + return data().m_subject_alt_name; + } - return NameConstraints(std::move(permit),std::move(exclude)); +const AlternativeName& X509_Certificate::issuer_alt_name() const + { + return data().m_issuer_alt_name; } /* -* Return the list of certificate policies +* Return information about the subject */ -std::vector X509_Certificate::policies() const +std::vector +X509_Certificate::subject_info(const std::string& req) const { - return lookup_oids(m_subject.get("X509v3.CertificatePolicies")); - } + if(subject_dn().has_field(req)) + return subject_dn().get_attribute(req); -Extensions X509_Certificate::v3_extensions() const - { - return m_v3_extensions; - } + if(subject_alt_name().has_field(req)) + return subject_alt_name().get_attribute(req); -std::string X509_Certificate::ocsp_responder() const - { - return m_subject.get1("OCSP.responder", ""); - } + // These will be removed later: + if(req == "X509.Certificate.v2.key_id") + return {hex_encode(this->v2_subject_key_id())}; + if(req == "X509v3.SubjectKeyIdentifier") + return {hex_encode(this->subject_key_id())}; + if(req == "X509.Certificate.dn_bits") + return {hex_encode(this->raw_subject_dn())}; + if(req == "X509.Certificate.start") + return {not_before().to_string()}; + if(req == "X509.Certificate.end") + return {not_after().to_string()}; -std::string X509_Certificate::crl_distribution_point() const - { - return m_subject.get1("CRL.DistributionPoint", ""); - } + if(req == "X509.Certificate.version") + return {std::to_string(x509_version())}; + if(req == "X509.Certificate.serial") + return {hex_encode(serial_number())}; -/* -* Return the authority key id -*/ -std::vector X509_Certificate::authority_key_id() const - { - return m_issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); + return data().m_subject_ds.get(req); } /* -* Return the subject key id +* Return information about the issuer */ -std::vector X509_Certificate::subject_key_id() const +std::vector +X509_Certificate::issuer_info(const std::string& req) const { - return m_subject.get1_memvec("X509v3.SubjectKeyIdentifier"); + if(issuer_dn().has_field(req)) + return issuer_dn().get_attribute(req); + + if(issuer_alt_name().has_field(req)) + return issuer_alt_name().get_attribute(req); + + // These will be removed later: + if(req == "X509.Certificate.v2.key_id") + return {hex_encode(this->v2_issuer_key_id())}; + if(req == "X509v3.AuthorityKeyIdentifier") + return {hex_encode(this->authority_key_id())}; + if(req == "X509.Certificate.dn_bits") + return {hex_encode(this->raw_issuer_dn())}; + + return data().m_issuer_ds.get(req); } /* -* Return the certificate serial number +* Return the public key in this certificate */ -std::vector X509_Certificate::serial_number() const - { - return m_subject.get1_memvec("X509.Certificate.serial"); - } - -X509_DN X509_Certificate::issuer_dn() const +std::unique_ptr X509_Certificate::load_subject_public_key() const { - return create_dn(m_issuer); + try + { + return std::unique_ptr(X509::load_key(ASN1::put_in_sequence(this->subject_public_key_bits()))); + } + catch(std::exception& e) + { + throw Decoding_Error("X509_Certificate::load_subject_public_key", e.what()); + } } -std::vector X509_Certificate::raw_issuer_dn() const +std::vector X509_Certificate::raw_issuer_dn_sha256() const { - return m_issuer.get1_memvec("X509.Certificate.dn_bits"); + std::unique_ptr hash(HashFunction::create_or_throw("SHA-256")); + hash->update(raw_issuer_dn()); + return hash->final_stdvec(); } -std::vector X509_Certificate::raw_issuer_dn_sha256() const +std::vector X509_Certificate::raw_subject_dn_sha256() const { std::unique_ptr hash(HashFunction::create("SHA-256")); - hash->update(raw_issuer_dn()); + hash->update(raw_subject_dn()); return hash->final_stdvec(); } -X509_DN X509_Certificate::subject_dn() const +namespace { + +/* +* Lookup each OID in the vector +*/ +std::vector lookup_oids(const std::vector& oids) { - return create_dn(m_subject); + std::vector out; + + for(const OID& oid : oids) + { + out.push_back(OIDS::oid2str(oid)); + } + return out; } -std::vector X509_Certificate::raw_subject_dn() const +} + +/* +* Return the list of extended key usage OIDs +*/ +std::vector X509_Certificate::ex_constraints() const { - return m_subject.get1_memvec("X509.Certificate.dn_bits"); + return lookup_oids(extended_key_usage()); } -std::vector X509_Certificate::raw_subject_dn_sha256() const +/* +* Return the list of certificate policies +*/ +std::vector X509_Certificate::policies() const { - std::unique_ptr hash(HashFunction::create("SHA-256")); - hash->update(raw_subject_dn()); - return hash->final_stdvec(); + return lookup_oids(certificate_policy_oids()); } std::string X509_Certificate::fingerprint(const std::string& hash_name) const { - std::unique_ptr hash(HashFunction::create(hash_name)); + std::unique_ptr hash(HashFunction::create_or_throw(hash_name)); hash->update(this->BER_encode()); - const auto hex_print = hex_encode(hash->final()); + const std::string hex_print = hex_encode(hash->final()); std::string formatted_print; @@ -579,42 +721,13 @@ bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) std::string X509_Certificate::to_string() const { - const std::vector dn_fields{ - "Name", - "Email", - "Organization", - "Organizational Unit", - "Locality", - "State", - "Country", - "IP", - "DNS", - "URI", - "PKIX.XMPPAddr" - }; - std::ostringstream out; - for(auto&& field : dn_fields) - { - for(auto&& val : subject_info(field)) - { - out << "Subject " << field << ": " << val << "\n"; - } - } - - for(auto&& field : dn_fields) - { - for(auto&& val : issuer_info(field)) - { - out << "Issuer " << field << ": " << val << "\n"; - } - } - out << "Version: " << this->x509_version() << "\n"; - - out << "Not valid before: " << this->start_time() << "\n"; - out << "Not valid after: " << this->end_time() << "\n"; + out << "Subject: " << subject_dn() << "\n"; + out << "Issuer: " << issuer_dn() << "\n"; + out << "Issued: " << this->not_before().readable_string() << "\n"; + out << "Expires: " << this->not_after().readable_string() << "\n"; out << "Constraints:\n"; Key_Constraints constraints = this->constraints(); @@ -642,20 +755,20 @@ std::string X509_Certificate::to_string() const out << " Decipher Only\n"; } - std::vector policies = this->policies(); + const std::vector policies = this->certificate_policy_oids(); if(!policies.empty()) { out << "Policies: " << "\n"; - for(size_t i = 0; i != policies.size(); i++) - out << " " << policies[i] << "\n"; + for(auto oid : policies) + out << " " << oid.as_string() << "\n"; } - std::vector ex_constraints = this->ex_constraints(); + std::vector ex_constraints = this->extended_key_usage(); if(!ex_constraints.empty()) { out << "Extended Constraints:\n"; for(size_t i = 0; i != ex_constraints.size(); i++) - out << " " << ex_constraints[i] << "\n"; + out << " " << OIDS::oid2str(ex_constraints[i]) << "\n"; } NameConstraints name_constraints = this->name_constraints(); @@ -691,7 +804,7 @@ std::string X509_Certificate::to_string() const out << "CRL " << crl_distribution_point() << "\n"; out << "Signature algorithm: " << - OIDS::lookup(this->signature_algorithm().oid) << "\n"; + OIDS::oid2str(this->signature_algorithm().oid) << "\n"; out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; @@ -702,50 +815,10 @@ std::string X509_Certificate::to_string() const out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; std::unique_ptr pubkey(this->subject_public_key()); - out << "Public Key:\n" << X509::PEM_encode(*pubkey); + out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n"; + out << X509::PEM_encode(*pubkey); return out.str(); } -/* -* Create and populate a X509_DN -*/ -X509_DN create_dn(const Data_Store& info) - { - auto names = info.search_for( - [](const std::string& key, const std::string&) - { - return (key.find("X520.") != std::string::npos); - }); - - X509_DN dn; - - for(auto i = names.begin(); i != names.end(); ++i) - dn.add_attribute(i->first, i->second); - - return dn; - } - -/* -* Create and populate an AlternativeName -*/ -AlternativeName create_alt_name(const Data_Store& info) - { - auto names = info.search_for( - [](const std::string& key, const std::string&) - { - return (key == "RFC822" || - key == "DNS" || - key == "URI" || - key == "IP"); - }); - - AlternativeName alt_name; - - for(auto i = names.begin(); i != names.end(); ++i) - alt_name.add_attribute(i->first, i->second); - - return alt_name; - } - } diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 14db2c1331..c9cf8bb7b6 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -1,6 +1,6 @@ /* * X.509 Certificates -* (C) 1999-2007,2015 Jack Lloyd +* (C) 1999-2007,2015,2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -9,17 +9,19 @@ #define BOTAN_X509_CERTS_H_ #include -#include #include -#include -#include -#include +#include #include #include #include namespace Botan { +class Public_Key; +class X509_DN; +class AlternativeName; +class Extensions; + enum class Usage_Type { UNSPECIFIED, // no restrictions @@ -29,33 +31,53 @@ enum class Usage_Type OCSP_RESPONDER }; +struct X509_Certificate_Data; + /** -* This class represents X.509 Certificate +* This class represents an X.509 Certificate */ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object { public: /** - * Get the public key associated with this certificate. + * Return a newly allocated copy of the public key associated + * with the subject of this certificate. This object is owned + * by the caller. + * + * @return public key + */ + Public_Key* subject_public_key() const + { + return load_subject_public_key().release(); + } + + /** + * Create a public key object associated with the public key bits in this + * certificate. If the public key bits was valid for X.509 encoding + * purposes but invalid algorithmically (for example, RSA with an even + * modulus) that will be detected at this point, and an exception will be + * thrown. + * * @return subject public key of this certificate */ - Public_Key* subject_public_key() const; + std::unique_ptr load_subject_public_key() const; /** - * Get the public key associated with this certificate. + * Get the public key associated with this certificate. This includes the + * outer AlgorithmIdentifier * @return subject public key of this certificate */ - std::vector subject_public_key_bits() const; + const std::vector& subject_public_key_bits() const; /** * Get the bit string of the public key associated with this certificate - * @return subject public key of this certificate + * @return public key bits */ - std::vector subject_public_key_bitstring() const; + const std::vector& subject_public_key_bitstring() const; /** * Get the SHA-1 bit string of the public key associated with this certificate. - * This is used for OCSP among other protocols + * This is used for OCSP among other protocols. * @return hash of subject public key of this certificate */ std::vector subject_public_key_bitstring_sha1() const; @@ -64,13 +86,13 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object * Get the certificate's issuer distinguished name (DN). * @return issuer DN of this certificate */ - X509_DN issuer_dn() const; + const X509_DN& issuer_dn() const; /** * Get the certificate's subject distinguished name (DN). * @return subject DN of this certificate */ - X509_DN subject_dn() const; + const X509_DN& subject_dn() const; /** * Get a value for a specific subject_info parameter name. @@ -97,9 +119,9 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object std::vector issuer_info(const std::string& name) const; /** - * Raw issuer DN + * Raw issuer DN bits */ - std::vector raw_issuer_dn() const; + const std::vector& raw_issuer_dn() const; /** * SHA-256 of Raw issuer DN @@ -109,7 +131,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object /** * Raw subject DN */ - std::vector raw_subject_dn() const; + const std::vector& raw_subject_dn() const; /** * SHA-256 of Raw subject DN @@ -117,16 +139,34 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object std::vector raw_subject_dn_sha256() const; /** - * Get the notBefore of the certificate. + * Get the notBefore of the certificate as a string * @return notBefore of the certificate */ - std::string start_time() const; + std::string BOTAN_DEPRECATED("Use not_before().to_string()") start_time() const + { + return not_before().to_string(); + } /** - * Get the notAfter of the certificate. + * Get the notAfter of the certificate as a string * @return notAfter of the certificate */ - std::string end_time() const; + std::string BOTAN_DEPRECATED("Use not_after().to_string()") end_time() const + { + return not_after().to_string(); + } + + /** + * Get the notBefore of the certificate as X509_Time + * @return notBefore of the certificate + */ + const X509_Time& not_before() const; + + /** + * Get the notAfter of the certificate as X509_Time + * @return notAfter of the certificate + */ + const X509_Time& not_after() const; /** * Get the X509 version of this certificate object. @@ -138,25 +178,26 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object * Get the serial number of this certificate. * @return certificates serial number */ - std::vector serial_number() const; + const std::vector& serial_number() const; /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. * @return DER encoded AuthorityKeyIdentifier */ - std::vector authority_key_id() const; + const std::vector& authority_key_id() const; /** * Get the DER encoded SubjectKeyIdentifier of this certificate. * @return DER encoded SubjectKeyIdentifier */ - std::vector subject_key_id() const; + const std::vector& subject_key_id() const; /** * Check whether this certificate is self signed. + * If the DN issuer and subject agree, * @return true if this certificate is self signed */ - bool is_self_signed() const { return m_self_signed; } + bool is_self_signed() const; /** * Check whether this certificate is a CA certificate. @@ -180,6 +221,14 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ bool allowed_extended_usage(const std::string& usage) const; + /** + * Returns true if the specified usage is set in the extended key usage extension, + * or if no extended key usage constraints are set at all. + * To check if a certain extended key constraint is set in the certificate + * use @see X509_Certificate#has_ex_constraint. + */ + bool allowed_extended_usage(const OID& usage) const; + /** * Returns true if the required key and extended key constraints are set in the certificate * for the specified @param usage or if no key constraints are set in both the key usage @@ -187,15 +236,25 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ bool allowed_usage(Usage_Type usage) const; - /// Returns true if the specified @param constraints are included in the key usage extension. + /** + * Returns true if the specified @param constraints are included in the key + * usage extension. + */ bool has_constraints(Key_Constraints constraints) const; /** - * Returns true if and only if @param ex_constraint (referring to an extended key - * constraint, eg "PKIX.ServerAuth") is included in the extended - * key extension. + * Returns true if and only if @param ex_constraint (referring to an + * extended key constraint, eg "PKIX.ServerAuth") is included in the + * extended key extension. + */ + bool BOTAN_DEPRECATED("Use version taking an OID") + has_ex_constraint(const std::string& ex_constraint) const; + + /** + * Returns true if and only if OID @param ex_constraint is + * included in the extended key extension. */ - bool has_ex_constraint(const std::string& ex_constraint) const; + bool has_ex_constraint(const OID& ex_constraint) const; /** * Get the path limit as defined in the BasicConstraints extension of @@ -222,7 +281,15 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object * extension of this certificate. * @return key constraints */ - std::vector ex_constraints() const; + std::vector + BOTAN_DEPRECATED("Use extended_key_usage") ex_constraints() const; + + /** + * Get the key usage as defined in the ExtendedKeyUsage extension + * of this certificate, or else an empty vector. + * @return key usage + */ + const std::vector& extended_key_usage() const; /** * Get the name constraints as defined in the NameConstraints @@ -238,11 +305,28 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ std::vector policies() const; + std::vector certificate_policy_oids() const; + /** * Get all extensions of this certificate. * @return certificate extensions */ - Extensions v3_extensions() const; + const Extensions& v3_extensions() const; + + /** + * Return the v2 issuer key ID. v2 key IDs are almost never used, + * instead see v3_subject_key_id. + */ + const std::vector& v2_issuer_key_id() const; + + /** + * Return the v2 subject key ID. v2 key IDs are almost never used, + * instead see v3_subject_key_id. + */ + const std::vector& v2_subject_key_id() const; + + const AlternativeName& subject_alt_name() const; + const AlternativeName& issuer_alt_name() const; /** * Return the listed address of an OCSP responder, or empty if not set @@ -255,7 +339,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object std::string crl_distribution_point() const; /** - * @return a string describing the certificate + * @return a free-form string describing the certificate */ std::string to_string() const; @@ -313,13 +397,12 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object private: void force_decode() override; friend class X509_CA; - friend class BER_Decoder; X509_Certificate() = default; - Data_Store m_subject, m_issuer; - bool m_self_signed; - Extensions m_v3_extensions; + const X509_Certificate_Data& data() const; + + std::shared_ptr m_data; }; /** @@ -331,24 +414,6 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ BOTAN_PUBLIC_API(2,0) bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2); -/* -* Data Store Extraction Operations -*/ - -/* -* Create and populate a X509_DN -* @param info data store containing DN information -* @return DN containing attributes from data store -*/ -BOTAN_PUBLIC_API(2,0) X509_DN create_dn(const Data_Store& info); - -/* -* Create and populate an AlternativeName -* @param info data store containing AlternativeName information -* @return AlternativeName containing attributes from data store -*/ -BOTAN_PUBLIC_API(2,0) AlternativeName create_alt_name(const Data_Store& info); - } #endif From af1158dd7707d09bcaf47fa78868d0cedf99c0e1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:19:50 -0500 Subject: [PATCH 0165/1008] Refactor certificate extension handling --- src/lib/x509/x509_ext.cpp | 383 +++++++++++++++++++------------------- src/lib/x509/x509_ext.h | 332 ++++++++++++++++++++++++--------- 2 files changed, 441 insertions(+), 274 deletions(-) diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 6e4c29d426..682cc1cc7a 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -8,10 +8,11 @@ #include #include -#include +#include #include #include #include +#include #include #include #include @@ -19,138 +20,177 @@ namespace Botan { /* -* List of X.509 Certificate Extensions +* Create a Certificate_Extension object of some kind to handle */ -Certificate_Extension* Extensions::create_extension(const OID& oid, bool critical) +Certificate_Extension* +Extensions::create_extn_obj(const OID& oid, + bool critical, + const std::vector& body) { -#define X509_EXTENSION(NAME, TYPE) \ - if(oid == OIDS::lookup(NAME)) { return new Cert_Extension::TYPE(); } + const std::string oid_str = oid.as_string(); - X509_EXTENSION("X509v3.KeyUsage", Key_Usage); - X509_EXTENSION("X509v3.BasicConstraints", Basic_Constraints); - X509_EXTENSION("X509v3.SubjectKeyIdentifier", Subject_Key_ID); - X509_EXTENSION("X509v3.AuthorityKeyIdentifier", Authority_Key_ID); - X509_EXTENSION("X509v3.ExtendedKeyUsage", Extended_Key_Usage); - X509_EXTENSION("X509v3.IssuerAlternativeName", Issuer_Alternative_Name); - X509_EXTENSION("X509v3.SubjectAlternativeName", Subject_Alternative_Name); - X509_EXTENSION("X509v3.NameConstraints", Name_Constraints); - X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies); - X509_EXTENSION("X509v3.CRLDistributionPoints", CRL_Distribution_Points); - X509_EXTENSION("PKIX.AuthorityInformationAccess", Authority_Information_Access); - X509_EXTENSION("X509v3.CRLNumber", CRL_Number); - X509_EXTENSION("X509v3.ReasonCode", CRL_ReasonCode); + Certificate_Extension* extn = nullptr; - return critical ? new Cert_Extension::Unknown_Critical_Extension(oid) : nullptr; + if(oid == Cert_Extension::Subject_Key_ID::static_oid()) + { + extn = new Cert_Extension::Subject_Key_ID; + } + else if(oid == Cert_Extension::Key_Usage::static_oid()) + { + extn = new Cert_Extension::Key_Usage; + } + else if(oid == Cert_Extension::Subject_Alternative_Name::static_oid()) + { + extn = new Cert_Extension::Subject_Alternative_Name; + } + else if(oid == Cert_Extension::Issuer_Alternative_Name::static_oid()) + { + extn = new Cert_Extension::Issuer_Alternative_Name; + } + else if(oid == Cert_Extension::Basic_Constraints::static_oid()) + { + extn = new Cert_Extension::Basic_Constraints; + } + else if(oid == Cert_Extension::CRL_Number::static_oid()) + { + extn = new Cert_Extension::CRL_Number; + } + else if(oid == Cert_Extension::CRL_ReasonCode::static_oid()) + { + extn = new Cert_Extension::CRL_ReasonCode; + } + else if(oid == Cert_Extension::Authority_Key_ID::static_oid()) + { + extn = new Cert_Extension::Authority_Key_ID; + } + else if(oid == Cert_Extension::Name_Constraints::static_oid()) + { + extn = new Cert_Extension::Name_Constraints; + } + else if(oid == Cert_Extension::CRL_Distribution_Points::static_oid()) + { + extn = new Cert_Extension::CRL_Distribution_Points; + } + else if(oid == Cert_Extension::Certificate_Policies::static_oid()) + { + extn = new Cert_Extension::Certificate_Policies; + } + else if(oid == Cert_Extension::Extended_Key_Usage::static_oid()) + { + extn = new Cert_Extension::Extended_Key_Usage; + } + else if(oid == Cert_Extension::Authority_Information_Access::static_oid()) + { + extn = new Cert_Extension::Authority_Information_Access; + } + else + { + // some other unknown extension type + extn = new Cert_Extension::Unknown_Extension(oid, critical); + } + + try + { + extn->decode_inner(body); + } + catch(Decoding_Error& e) + { + throw Decoding_Error("Decoding X.509 extension " + oid.as_string() + " failed", e.what()); + } + return extn; } /* -* Extensions Copy Constructor +* Validate the extension (the default implementation is a NOP) */ -Extensions::Extensions(const Extensions& extensions) : ASN1_Object() +void Certificate_Extension::validate(const X509_Certificate&, const X509_Certificate&, + const std::vector>&, + std::vector>&, + size_t) { - *this = extensions; } /* -* Extensions Assignment Operator +* Add a new cert */ -Extensions& Extensions::operator=(const Extensions& other) +void Extensions::add(Certificate_Extension* extn, bool critical) { - if(this == &other) - return *this; - - m_extensions.clear(); - - for(size_t i = 0; i != other.m_extensions.size(); ++i) - m_extensions.push_back( - std::make_pair(std::unique_ptr(other.m_extensions[i].first->copy()), - other.m_extensions[i].second)); - - m_extensions_raw = other.m_extensions_raw; - m_throw_on_unknown_critical = other.m_throw_on_unknown_critical; + // sanity check: we don't want to have the same extension more than once + if(m_extension_info.count(extn->oid_of()) > 0) + throw Invalid_Argument(extn->oid_name() + " extension already present in Extensions::add"); - return (*this); + const OID oid = extn->oid_of(); + Extensions_Info info(critical, extn); + m_extension_oids.push_back(oid); + m_extension_info.emplace(oid, info); } -/* -* Return the OID of this extension -*/ -OID Certificate_Extension::oid_of() const +void Extensions::replace(Certificate_Extension* extn, bool critical) { - return OIDS::lookup(oid_name()); + // Remove it if it existed + m_extension_info.erase(extn->oid_of()); + + const OID oid = extn->oid_of(); + Extensions_Info info(critical, extn); + m_extension_oids.push_back(oid); + m_extension_info.emplace(oid, info); } -/* -* Validate the extension (the default implementation is a NOP) -*/ -void Certificate_Extension::validate(const X509_Certificate&, const X509_Certificate&, - const std::vector>&, - std::vector>&, - size_t) +bool Extensions::extension_set(const OID& oid) const { + return (m_extension_info.find(oid) != m_extension_info.end()); } -void Extensions::add(Certificate_Extension* extn, bool critical) +bool Extensions::critical_extension_set(const OID& oid) const { - // sanity check: we don't want to have the same extension more than once - for(const auto& ext : m_extensions) - { - if(ext.first->oid_of() == extn->oid_of()) - { - throw Invalid_Argument(extn->oid_name() + " extension already present"); - } - } - - if(m_extensions_raw.count(extn->oid_of()) > 0) - { - throw Invalid_Argument(extn->oid_name() + " extension already present"); - } - - m_extensions.push_back(std::make_pair(std::unique_ptr(extn), critical)); - m_extensions_raw.emplace(extn->oid_of(), std::make_pair(extn->encode_inner(), critical)); + auto i = m_extension_info.find(oid); + if(i != m_extension_info.end()) + return i->second.is_critical(); + return false; } -void Extensions::replace(Certificate_Extension* extn, bool critical) +const Certificate_Extension* Extensions::get_extension_object(const OID& oid) const { - for(auto it = m_extensions.begin(); it != m_extensions.end(); ++it) - { - if(it->first->oid_of() == extn->oid_of()) - { - m_extensions.erase(it); - break; - } - } + auto extn = m_extension_info.find(oid); + if(extn == m_extension_info.end()) + return nullptr; - m_extensions.push_back(std::make_pair(std::unique_ptr(extn), critical)); - m_extensions_raw[extn->oid_of()] = std::make_pair(extn->encode_inner(), critical); + return &extn->second.obj(); } std::unique_ptr Extensions::get(const OID& oid) const { - for(auto& ext : m_extensions) + if(const Certificate_Extension* ext = this->get_extension_object(oid)) { - if(ext.first->oid_of() == oid) - { - return std::unique_ptr(ext.first->copy()); - } + return std::unique_ptr(ext->copy()); } - return nullptr; } std::vector, bool>> Extensions::extensions() const { std::vector, bool>> exts; - for(auto& ext : m_extensions) + for(auto&& ext : m_extension_info) { - exts.push_back(std::make_pair(std::unique_ptr(ext.first->copy()), ext.second)); + exts.push_back( + std::make_pair( + std::unique_ptr(ext.second.obj().copy()), + ext.second.is_critical()) + ); } return exts; } std::map, bool>> Extensions::extensions_raw() const { - return m_extensions_raw; + std::map, bool>> out; + for(auto&& ext : m_extension_info) + { + out.emplace(ext.first, + std::make_pair(ext.second.bits(), + ext.second.is_critical())); + } + return out; } /* @@ -158,44 +198,20 @@ std::map, bool>> Extensions::extensions_raw( */ void Extensions::encode_into(DER_Encoder& to_object) const { - // encode any known extensions - for(size_t i = 0; i != m_extensions.size(); ++i) + for(auto ext_info : m_extension_info) { - const Certificate_Extension* ext = m_extensions[i].first.get(); - const bool is_critical = m_extensions[i].second; - - const bool should_encode = ext->should_encode(); + const OID& oid = ext_info.first; + const bool should_encode = ext_info.second.obj().should_encode(); if(should_encode) { - to_object.start_cons(SEQUENCE) - .encode(ext->oid_of()) - .encode_optional(is_critical, false) - .encode(ext->encode_inner(), OCTET_STRING) - .end_cons(); - } - } - - // encode any unknown extensions - for(const auto& ext_raw : m_extensions_raw) - { - const bool is_critical = ext_raw.second.second; - const OID oid = ext_raw.first; - const std::vector value = ext_raw.second.first; - - auto pos = std::find_if(std::begin(m_extensions), std::end(m_extensions), - [&oid](const std::pair, bool>& ext) -> bool - { - return ext.first->oid_of() == oid; - }); + const bool is_critical = ext_info.second.is_critical(); + const std::vector& ext_value = ext_info.second.bits(); - if(pos == std::end(m_extensions)) - { - // not found in m_extensions, must be unknown to_object.start_cons(SEQUENCE) .encode(oid) .encode_optional(is_critical, false) - .encode(value, OCTET_STRING) + .encode(ext_value, OCTET_STRING) .end_cons(); } } @@ -206,47 +222,29 @@ void Extensions::encode_into(DER_Encoder& to_object) const */ void Extensions::decode_from(BER_Decoder& from_source) { - m_extensions.clear(); - m_extensions_raw.clear(); + m_extension_oids.clear(); + m_extension_info.clear(); BER_Decoder sequence = from_source.start_cons(SEQUENCE); while(sequence.more_items()) { OID oid; - std::vector value; bool critical; + std::vector bits; sequence.start_cons(SEQUENCE) - .decode(oid) - .decode_optional(critical, BOOLEAN, UNIVERSAL, false) - .decode(value, OCTET_STRING) - .end_cons(); - - m_extensions_raw.emplace(oid, std::make_pair(value, critical)); - - std::unique_ptr ext(create_extension(oid, critical)); + .decode(oid) + .decode_optional(critical, BOOLEAN, UNIVERSAL, false) + .decode(bits, OCTET_STRING) + .end_cons(); - if(!ext && critical && m_throw_on_unknown_critical) - throw Decoding_Error("Encountered unknown X.509 extension marked " - "as critical; OID = " + oid.as_string()); + Extensions_Info info(critical, bits, + create_extn_obj(oid, critical, bits)); - if(ext) - { - try - { - ext->decode_inner(value); - } - catch(std::exception& e) - { - throw Decoding_Error("Exception while decoding extension " + - oid.as_string() + ": " + e.what()); - } - - m_extensions.push_back(std::make_pair(std::move(ext), critical)); - } + m_extension_oids.push_back(oid); + m_extension_info.emplace(oid, info); } - sequence.verify_end(); } @@ -256,14 +254,14 @@ void Extensions::decode_from(BER_Decoder& from_source) void Extensions::contents_to(Data_Store& subject_info, Data_Store& issuer_info) const { - for(size_t i = 0; i != m_extensions.size(); ++i) + for(auto&& m_extn_info : m_extension_info) { - m_extensions[i].first->contents_to(subject_info, issuer_info); - subject_info.add(m_extensions[i].first->oid_name() + ".is_critical", (m_extensions[i].second ? 1 : 0)); + m_extn_info.second.obj().contents_to(subject_info, issuer_info); + subject_info.add(m_extn_info.second.obj().oid_name() + ".is_critical", + m_extn_info.second.is_critical()); } } - namespace Cert_Extension { /* @@ -402,8 +400,15 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const std::vector& pub_key) : m_key_id(unlock(SHA_160().process(pub_key))) - {} +Subject_Key_ID::Subject_Key_ID(const std::vector& pub_key, const std::string& hash_name) + { + std::unique_ptr hash(HashFunction::create_or_throw(hash_name)); + + m_key_id.resize(hash->output_length()); + + hash->update(pub_key); + hash->final(m_key_id.data()); + } /* * Encode the extension @@ -439,61 +444,50 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const /* * Encode the extension */ -std::vector Alternative_Name::encode_inner() const +std::vector Subject_Alternative_Name::encode_inner() const { return DER_Encoder().encode(m_alt_name).get_contents_unlocked(); } /* -* Decode the extension +* Encode the extension */ -void Alternative_Name::decode_inner(const std::vector& in) +std::vector Issuer_Alternative_Name::encode_inner() const { - BER_Decoder(in).decode(m_alt_name); + return DER_Encoder().encode(m_alt_name).get_contents_unlocked(); } /* -* Return a textual representation +* Decode the extension */ -void Alternative_Name::contents_to(Data_Store& subject_info, - Data_Store& issuer_info) const +void Subject_Alternative_Name::decode_inner(const std::vector& in) { - std::multimap contents = - get_alt_name().contents(); - - if(m_oid_name_str == "X509v3.SubjectAlternativeName") - subject_info.add(contents); - else if(m_oid_name_str == "X509v3.IssuerAlternativeName") - issuer_info.add(contents); - else - throw Internal_Error("In Alternative_Name, unknown type " + - m_oid_name_str); + BER_Decoder(in).decode(m_alt_name); } /* -* Alternative_Name Constructor +* Decode the extension */ -Alternative_Name::Alternative_Name(const AlternativeName& alt_name, - const std::string& oid_name_str) : - m_oid_name_str(oid_name_str), - m_alt_name(alt_name) - {} +void Issuer_Alternative_Name::decode_inner(const std::vector& in) + { + BER_Decoder(in).decode(m_alt_name); + } /* -* Subject_Alternative_Name Constructor +* Return a textual representation */ -Subject_Alternative_Name::Subject_Alternative_Name( - const AlternativeName& name) : - Alternative_Name(name, "X509v3.SubjectAlternativeName") +void Subject_Alternative_Name::contents_to(Data_Store& subject_info, + Data_Store&) const { + subject_info.add(get_alt_name().contents()); } /* -* Issuer_Alternative_Name Constructor +* Return a textual representation */ -Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : - Alternative_Name(name, "X509v3.IssuerAlternativeName") +void Issuer_Alternative_Name::contents_to(Data_Store&, Data_Store& issuer_info) const { + issuer_info.add(get_alt_name().contents()); } /* @@ -849,22 +843,26 @@ std::vector CRL_Distribution_Points::encode_inner() const void CRL_Distribution_Points::decode_inner(const std::vector& buf) { - BER_Decoder(buf).decode_list(m_distribution_points).verify_end(); - } + BER_Decoder(buf) + .decode_list(m_distribution_points) + .verify_end(); -void CRL_Distribution_Points::contents_to(Data_Store& info, Data_Store&) const - { for(size_t i = 0; i != m_distribution_points.size(); ++i) { auto point = m_distribution_points[i].point().contents(); auto uris = point.equal_range("URI"); - for(auto uri = uris.first; uri != uris.second; ++uri) - info.add("CRL.DistributionPoint", uri->second); + m_crl_distribution_urls.push_back(uri->second); } } +void CRL_Distribution_Points::contents_to(Data_Store& subject, Data_Store&) const + { + for(const std::string& crl_url : m_crl_distribution_urls) + subject.add("CRL.DistributionPoint", crl_url); + } + void CRL_Distribution_Points::Distribution_Point::encode_into(class DER_Encoder&) const { throw Not_Implemented("CRL_Distribution_Points encoding"); @@ -880,17 +878,20 @@ void CRL_Distribution_Points::Distribution_Point::decode_from(class BER_Decoder& .end_cons().end_cons(); } -std::vector Unknown_Critical_Extension::encode_inner() const +std::vector Unknown_Extension::encode_inner() const { - throw Not_Implemented("Unknown_Critical_Extension encoding"); + return m_bytes; } -void Unknown_Critical_Extension::decode_inner(const std::vector&) +void Unknown_Extension::decode_inner(const std::vector& bytes) { + // Just treat as an opaque blob at this level + m_bytes = bytes; } -void Unknown_Critical_Extension::contents_to(Data_Store&, Data_Store&) const +void Unknown_Extension::contents_to(Data_Store&, Data_Store&) const { + // No information store } } diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 69647616fb..2243d6deb1 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include @@ -20,6 +19,7 @@ namespace Botan { +class Data_Store; class X509_Certificate; /** @@ -31,7 +31,15 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Extension /** * @return OID representing this extension */ - virtual OID oid_of() const; + virtual OID oid_of() const = 0; + + /* + * @return specific OID name + * If possible OIDS table should match oid_name to OIDS, ie + * OIDS::lookup(ext->oid_name()) == ext->oid_of() + * Should return empty string if OID is not known + */ + virtual std::string oid_name() const = 0; /** * Make a copy of this extension @@ -48,11 +56,6 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Extension virtual void contents_to(Data_Store& subject, Data_Store& issuer) const = 0; - /* - * @return specific OID name - */ - virtual std::string oid_name() const = 0; - /* * Callback visited during path validation. * @@ -87,13 +90,65 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Extension class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object { public: + /** + * Look up an object in the extensions, based on OID Returns + * nullptr if not set, if the extension was either absent or not + * handled. The pointer returned is owned by the Extensions + * object. + * This would be better with an optional return value + */ + const Certificate_Extension* get_extension_object(const OID& oid) const; + + template + const T* get_extension_object_as(const OID& oid = T::static_oid()) const + { + if(const Certificate_Extension* extn = get_extension_object(oid)) + { + if(const T* extn_as_T = dynamic_cast(extn)) + { + return extn_as_T; + } + else + { + throw Exception("Exception::get_extension_object_as dynamic_cast failed"); + } + } + + return nullptr; + } + + /** + * Return the set of extensions in the order they appeared in the certificate + * (or as they were added, if constructed) + */ + const std::vector& get_extension_oids() const + { + return m_extension_oids; + } + + /** + * Return true if an extension was set + */ + bool extension_set(const OID& oid) const; + + /** + * Return true if an extesion was set and marked critical + */ + bool critical_extension_set(const OID& oid) const; + + /** + * Return the raw bytes of the extension + * Will throw if OID was not set as an extension. + */ + std::vector get_extension_bits(const OID& oid) const; + void encode_into(class DER_Encoder&) const override; void decode_from(class BER_Decoder&) override; void contents_to(Data_Store&, Data_Store&) const; /** * Adds a new extension to the list. - * @param extn the certificate extension + * @param extn pointer to the certificate extension (Extensions takes ownership) * @param critical whether this extension should be marked as critical * @throw Invalid_Argument if the extension is already present in the list */ @@ -110,67 +165,103 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object * Searches for an extension by OID and returns the result. * Only the known extensions types declared in this header * are searched for by this function. - * @return Pointer to extension with oid, nullptr if not found. + * @return Copy of extension with oid, nullptr if not found. + * Can avoid creating a copy by using get_extension_object function */ std::unique_ptr get(const OID& oid) const; /** - * Searches for an extension by OID and returns the result. - * Only the unknown extensions, that is, extensions - * types that are not declared in this header, are searched - * for by this function. - * @return Pointer to extension with oid, nullptr if not found. + * Searches for an extension by OID and returns the result decoding + * it to some arbitrary extension type chosen by the application. + * + * Only the unknown extensions, that is, extensions types that + * are not declared in this header, are searched for by this + * function. + * + * @return Pointer to new extension with oid, nullptr if not found. */ template - std::unique_ptr get_raw(const OID& oid) - { - try + std::unique_ptr get_raw(const OID& oid) const { - if(m_extensions_raw.count(oid) > 0) + auto extn_info = m_extension_info.find(oid); + + if(extn_info != m_extension_info.end()) { - std::unique_ptr ext(new T); - ext->decode_inner(m_extensions_raw[oid].first); - return std::move(ext); + // Unknown_Extension oid_name is empty + if(extn_info->second.obj().oid_name() == "") + { + std::unique_ptr ext(new T); + ext->decode_inner(extn_info->second.bits()); + return std::move(ext); + } } + return nullptr; } - catch(std::exception& e) - { - throw Decoding_Error("Exception while decoding extension " + - oid.as_string() + ": " + e.what()); - } - return nullptr; - } /** - * Returns the list of extensions together with the corresponding - * criticality flag. Only contains the known extensions - * types declared in this header. + * Returns a copy of the list of extensions together with the corresponding + * criticality flag. All extensions are encoded as some object, falling back + * to Unknown_Extension class which simply allows reading the bytes as well + * as the criticality flag. */ std::vector, bool>> extensions() const; /** * Returns the list of extensions as raw, encoded bytes * together with the corresponding criticality flag. - * Contains all extensions, known as well as unknown extensions. + * Contains all extensions, including any extensions encoded as Unknown_Extension */ std::map, bool>> extensions_raw() const; - Extensions& operator=(const Extensions&); + Extensions() {} - Extensions(const Extensions&); + Extensions(const Extensions&) = default; + Extensions& operator=(const Extensions&) = default; - /** - * @param st whether to throw an exception when encountering an unknown - * extension type during decoding - */ - explicit Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} +#if !defined(BOTAN_BUILD_COMPILER_IS_MSVC_2013) + Extensions(Extensions&&) = default; + Extensions& operator=(Extensions&&) = default; +#endif private: - static Certificate_Extension* create_extension(const OID&, bool); + static Certificate_Extension* create_extn_obj(const OID& oid, + bool critical, + const std::vector& body); - std::vector, bool>> m_extensions; - bool m_throw_on_unknown_critical; - std::map, bool>> m_extensions_raw; + class Extensions_Info + { + public: + Extensions_Info(bool critical, + Certificate_Extension* ext) : + m_critical(critical), + m_bits(ext->encode_inner()), + m_obj(ext) + {} + + Extensions_Info(bool critical, + const std::vector& encoding, + Certificate_Extension* ext) : + m_critical(critical), + m_bits(encoding), + m_obj(ext) + {} + + bool is_critical() const { return m_critical; } + const std::vector& bits() const { return m_bits; } + const Certificate_Extension& obj() const + { + BOTAN_ASSERT_NONNULL(m_obj.get()); + return *m_obj.get(); + } + + private: + bool m_critical = false; + std::vector m_bits; + std::shared_ptr m_obj; + }; + + std::vector m_extension_oids; + std::map m_extension_info; }; namespace Cert_Extension { @@ -192,6 +283,9 @@ class BOTAN_PUBLIC_API(2,0) Basic_Constraints final : public Certificate_Extensi bool get_is_ca() const { return m_is_ca; } size_t get_path_limit() const; + static OID static_oid() { return OID("2.5.29.19"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.BasicConstraints"; } @@ -216,6 +310,9 @@ class BOTAN_PUBLIC_API(2,0) Key_Usage final : public Certificate_Extension Key_Constraints get_constraints() const { return m_constraints; } + static OID static_oid() { return OID("2.5.29.15"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.KeyUsage"; } @@ -234,13 +331,21 @@ class BOTAN_PUBLIC_API(2,0) Key_Usage final : public Certificate_Extension class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension { public: + Subject_Key_ID() = default; + + explicit Subject_Key_ID(const std::vector& k) : m_key_id(k) {} + + Subject_Key_ID(const std::vector& public_key, + const std::string& hash_fn); + Subject_Key_ID* copy() const override { return new Subject_Key_ID(m_key_id); } - Subject_Key_ID() = default; - explicit Subject_Key_ID(const std::vector&); + const std::vector& get_key_id() const { return m_key_id; } + + static OID static_oid() { return OID("2.5.29.14"); } + OID oid_of() const override { return static_oid(); } - std::vector get_key_id() const { return m_key_id; } private: std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } @@ -265,7 +370,10 @@ class BOTAN_PUBLIC_API(2,0) Authority_Key_ID final : public Certificate_Extensio Authority_Key_ID() = default; explicit Authority_Key_ID(const std::vector& k) : m_key_id(k) {} - std::vector get_key_id() const { return m_key_id; } + const std::vector& get_key_id() const { return m_key_id; } + + static OID static_oid() { return OID("2.5.29.35"); } + OID oid_of() const override { return static_oid(); } private: std::string oid_name() const override @@ -280,52 +388,59 @@ class BOTAN_PUBLIC_API(2,0) Authority_Key_ID final : public Certificate_Extensio }; /** -* Alternative Name Extension Base Class +* Subject Alternative Name Extension */ -class BOTAN_PUBLIC_API(2,0) Alternative_Name : public Certificate_Extension +class BOTAN_PUBLIC_API(2,4) Subject_Alternative_Name final : public Certificate_Extension { public: - AlternativeName get_alt_name() const { return m_alt_name; } + const AlternativeName& get_alt_name() const { return m_alt_name; } - protected: - Alternative_Name(const AlternativeName&, const std::string& oid_name); + static OID static_oid() { return OID("2.5.29.17"); } + OID oid_of() const override { return static_oid(); } + + Subject_Alternative_Name* copy() const override + { return new Subject_Alternative_Name(get_alt_name()); } - Alternative_Name(const std::string&, const std::string&); + explicit Subject_Alternative_Name(const AlternativeName& name = AlternativeName()) : + m_alt_name(name) {} private: - std::string oid_name() const override { return m_oid_name_str; } + std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; } bool should_encode() const override { return m_alt_name.has_items(); } std::vector encode_inner() const override; void decode_inner(const std::vector&) override; void contents_to(Data_Store&, Data_Store&) const override; - std::string m_oid_name_str; AlternativeName m_alt_name; }; /** -* Subject Alternative Name Extension +* Issuer Alternative Name Extension */ -class BOTAN_PUBLIC_API(2,0) Subject_Alternative_Name final : public Alternative_Name +class BOTAN_PUBLIC_API(2,0) Issuer_Alternative_Name final : public Certificate_Extension { public: - Subject_Alternative_Name* copy() const override - { return new Subject_Alternative_Name(get_alt_name()); } + const AlternativeName& get_alt_name() const { return m_alt_name; } - explicit Subject_Alternative_Name(const AlternativeName& = AlternativeName()); - }; + static OID static_oid() { return OID("2.5.29.18"); } + OID oid_of() const override { return static_oid(); } -/** -* Issuer Alternative Name Extension -*/ -class BOTAN_PUBLIC_API(2,0) Issuer_Alternative_Name final : public Alternative_Name - { - public: Issuer_Alternative_Name* copy() const override { return new Issuer_Alternative_Name(get_alt_name()); } - explicit Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); + explicit Issuer_Alternative_Name(const AlternativeName& name = AlternativeName()) : + m_alt_name(name) {} + + private: + std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; } + + bool should_encode() const override { return m_alt_name.has_items(); } + std::vector encode_inner() const override; + void decode_inner(const std::vector&) override; + void contents_to(Data_Store&, Data_Store&) const override; + + AlternativeName m_alt_name; }; /** @@ -340,11 +455,13 @@ class BOTAN_PUBLIC_API(2,0) Extended_Key_Usage final : public Certificate_Extens Extended_Key_Usage() = default; explicit Extended_Key_Usage(const std::vector& o) : m_oids(o) {} - std::vector get_oids() const { return m_oids; } + const std::vector& get_oids() const { return m_oids; } + + static OID static_oid() { return OID("2.5.29.37"); } + OID oid_of() const override { return static_oid(); } private: - std::string oid_name() const override - { return "X509v3.ExtendedKeyUsage"; } + std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; } bool should_encode() const override { return (m_oids.size() > 0); } std::vector encode_inner() const override; @@ -371,6 +488,11 @@ class BOTAN_PUBLIC_API(2,0) Name_Constraints final : public Certificate_Extensio std::vector>& cert_status, size_t pos) override; + const NameConstraints& get_name_constraints() const { return m_name_constraints; } + + static OID static_oid() { return OID("2.5.29.30"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.NameConstraints"; } @@ -395,8 +517,14 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Policies final : public Certificate_Exte Certificate_Policies() = default; explicit Certificate_Policies(const std::vector& o) : m_oids(o) {} + BOTAN_DEPRECATED("Use get_policy_oids") std::vector get_oids() const { return m_oids; } + const std::vector& get_policy_oids() const { return m_oids; } + + static OID static_oid() { return OID("2.5.29.32"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.CertificatePolicies"; } @@ -420,6 +548,11 @@ class BOTAN_PUBLIC_API(2,0) Authority_Information_Access final : public Certific explicit Authority_Information_Access(const std::string& ocsp) : m_ocsp_responder(ocsp) {} + std::string ocsp_responder() const { return m_ocsp_responder; } + + static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "PKIX.AuthorityInformationAccess"; } @@ -447,6 +580,9 @@ class BOTAN_PUBLIC_API(2,0) CRL_Number final : public Certificate_Extension size_t get_crl_number() const; + static OID static_oid() { return OID("2.5.29.20"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.CRLNumber"; } @@ -472,6 +608,9 @@ class BOTAN_PUBLIC_API(2,0) CRL_ReasonCode final : public Certificate_Extension CRL_Code get_reason() const { return m_reason; } + static OID static_oid() { return OID("2.5.29.21"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.ReasonCode"; } @@ -508,9 +647,15 @@ class BOTAN_PUBLIC_API(2,0) CRL_Distribution_Points final : public Certificate_E explicit CRL_Distribution_Points(const std::vector& points) : m_distribution_points(points) {} - std::vector distribution_points() const + const std::vector& distribution_points() const { return m_distribution_points; } + const std::vector& crl_distribution_urls() const + { return m_crl_distribution_urls; } + + static OID static_oid() { return OID("2.5.29.31"); } + OID oid_of() const override { return static_oid(); } + private: std::string oid_name() const override { return "X509v3.CRLDistributionPoints"; } @@ -523,44 +668,65 @@ class BOTAN_PUBLIC_API(2,0) CRL_Distribution_Points final : public Certificate_E void contents_to(Data_Store&, Data_Store&) const override; std::vector m_distribution_points; + std::vector m_crl_distribution_urls; }; /** -* An unknown X.509 extension marked as critical -* Will always add a failure to the path validation result. +* An unknown X.509 extension +* Will add a failure to the path validation result, if critical */ -class BOTAN_PUBLIC_API(2,0) Unknown_Critical_Extension final : public Certificate_Extension +class BOTAN_PUBLIC_API(2,4) Unknown_Extension final : public Certificate_Extension { public: - explicit Unknown_Critical_Extension(OID oid) : m_oid(oid) {} + Unknown_Extension(const OID& oid, bool critical) : + m_oid(oid), m_critical(critical) {} - Unknown_Critical_Extension* copy() const override - { return new Unknown_Critical_Extension(m_oid); } + Unknown_Extension* copy() const override + { return new Unknown_Extension(m_oid, m_critical); } + /** + * Return the OID of this unknown extension + */ OID oid_of() const override { return m_oid; } + //static_oid not defined for Unknown_Extension + + /** + * Return the extension contents + */ + const std::vector& extension_contents() const { return m_bytes; } + + /** + * Return if this extension was marked critical + */ + bool is_critical_extension() const { return m_critical; } + void validate(const X509_Certificate&, const X509_Certificate&, const std::vector>&, std::vector>& cert_status, size_t pos) override { - cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION); + if(m_critical) + { + cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION); + } } private: - std::string oid_name() const override - { return "Unknown OID name"; } + std::string oid_name() const override { return ""; } - bool should_encode() const override { return false; } + bool should_encode() const override { return true; } std::vector encode_inner() const override; void decode_inner(const std::vector&) override; void contents_to(Data_Store&, Data_Store&) const override; OID m_oid; + bool m_critical; + std::vector m_bytes; }; -} + } } From 9f8e50700367bc7775f5cb1fee9dab787316411f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:20:09 -0500 Subject: [PATCH 0166/1008] Store PKCS10 request data in structure --- src/lib/x509/pkcs10.cpp | 133 +++++++++++++++++++++++----------------- src/lib/x509/pkcs10.h | 17 ++--- 2 files changed, 85 insertions(+), 65 deletions(-) diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 911d6958c7..cdcb5e9859 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -1,6 +1,6 @@ /* * PKCS #10 -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -14,6 +14,15 @@ namespace Botan { +struct PKCS10_Data + { + X509_DN m_subject_dn; + std::vector m_public_key_bits; + AlternativeName m_alt_name; + std::string m_challenge; + Extensions m_extensions; + }; + /* * PKCS10_Request Constructor */ @@ -46,9 +55,13 @@ PKCS10_Request::PKCS10_Request(const std::vector& in) : /* * Decode the CertificateRequestInfo */ -void PKCS10_Request::force_decode() +namespace { + +std::unique_ptr decode_pkcs10(const std::vector& body) { - BER_Decoder cert_req_info(signed_body()); + std::unique_ptr data(new PKCS10_Data); + + BER_Decoder cert_req_info(body); size_t version; cert_req_info.decode(version); @@ -56,22 +69,14 @@ void PKCS10_Request::force_decode() throw Decoding_Error("Unknown version code in PKCS #10 request: " + std::to_string(version)); - X509_DN dn_subject; - cert_req_info.decode(dn_subject); - - m_info.add(dn_subject.contents()); + cert_req_info.decode(data->m_subject_dn); BER_Object public_key = cert_req_info.get_next_object(); if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - m_info.add("X509.Certificate.public_key", - PEM_Code::encode( - ASN1::put_in_sequence(unlock(public_key.value)), - "PUBLIC KEY" - ) - ); + data->m_public_key_bits = ASN1::put_in_sequence(unlock(public_key.value)); BER_Object attr_bits = cert_req_info.get_next_object(); @@ -83,7 +88,24 @@ void PKCS10_Request::force_decode() { Attribute attr; attributes.decode(attr); - handle_attribute(attr); + BER_Decoder value(attr.parameters); + + if(attr.oid == OIDS::lookup("PKCS9.EmailAddress")) + { + ASN1_String email; + value.decode(email); + data->m_alt_name.add_attribute("RFC822", email.value()); + } + else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) + { + ASN1_String challenge_password; + value.decode(challenge_password); + data->m_challenge = challenge_password.value(); + } + else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest")) + { + value.decode(data->m_extensions).verify_end(); + } } attributes.verify_end(); } @@ -93,33 +115,31 @@ void PKCS10_Request::force_decode() cert_req_info.verify_end(); + // TODO pull AlternativeName out of extensions and merge with m_alt_name + + + return data; + } + +} + +void PKCS10_Request::force_decode() + { + m_data.reset(); + + std::unique_ptr data = decode_pkcs10(signed_body()); + + m_data.reset(data.release()); + if(!this->check_signature(subject_public_key())) throw Decoding_Error("PKCS #10 request: Bad signature detected"); } -/* -* Handle attributes in a PKCS #10 request -*/ -void PKCS10_Request::handle_attribute(const Attribute& attr) +const PKCS10_Data& PKCS10_Request::data() const { - BER_Decoder value(attr.parameters); - - if(attr.oid == OIDS::lookup("PKCS9.EmailAddress")) - { - ASN1_String email; - value.decode(email); - m_info.add("RFC822", email.value()); - } - else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) - { - ASN1_String challenge_password; - value.decode(challenge_password); - m_info.add("PKCS9.ChallengePassword", challenge_password.value()); - } - else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest")) - { - value.decode(m_extensions).verify_end(); - } + if(m_data == nullptr) + throw Decoding_Error("PKCS10_Request decoding failed"); + return *m_data.get(); } /* @@ -127,24 +147,23 @@ void PKCS10_Request::handle_attribute(const Attribute& attr) */ std::string PKCS10_Request::challenge_password() const { - return m_info.get1("PKCS9.ChallengePassword"); + return data().m_challenge; } /* * Return the name of the requestor */ -X509_DN PKCS10_Request::subject_dn() const +const X509_DN& PKCS10_Request::subject_dn() const { - return create_dn(m_info); + return data().m_subject_dn; } /* * Return the public key of the requestor */ -std::vector PKCS10_Request::raw_public_key() const +const std::vector& PKCS10_Request::raw_public_key() const { - DataSource_Memory source(m_info.get1("X509.Certificate.public_key")); - return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY")); + return data().m_public_key_bits; } /* @@ -152,16 +171,24 @@ std::vector PKCS10_Request::raw_public_key() const */ Public_Key* PKCS10_Request::subject_public_key() const { - DataSource_Memory source(m_info.get1("X509.Certificate.public_key")); + DataSource_Memory source(raw_public_key()); return X509::load_key(source); } /* * Return the alternative names of the requestor */ -AlternativeName PKCS10_Request::subject_alt_name() const +const AlternativeName& PKCS10_Request::subject_alt_name() const + { + return data().m_alt_name; + } + +/* +* Return the X509v3 extensions +*/ +const Extensions& PKCS10_Request::extensions() const { - return create_alt_name(m_info); + return data().m_extensions; } /* @@ -169,7 +196,7 @@ AlternativeName PKCS10_Request::subject_alt_name() const */ Key_Constraints PKCS10_Request::constraints() const { - if(auto ext = m_extensions.get(OIDS::lookup("X509v3.KeyUsage"))) + if(auto ext = extensions().get(OIDS::lookup("X509v3.KeyUsage"))) { return dynamic_cast(*ext).get_constraints(); } @@ -182,7 +209,7 @@ Key_Constraints PKCS10_Request::constraints() const */ std::vector PKCS10_Request::ex_constraints() const { - if(auto ext = m_extensions.get(OIDS::lookup("X509v3.ExtendedKeyUsage"))) + if(auto ext = extensions().get(OIDS::lookup("X509v3.ExtendedKeyUsage"))) { return dynamic_cast(*ext).get_oids(); } @@ -195,7 +222,7 @@ std::vector PKCS10_Request::ex_constraints() const */ bool PKCS10_Request::is_CA() const { - if(auto ext = m_extensions.get(OIDS::lookup("X509v3.BasicConstraints"))) + if(auto ext = extensions().get(OIDS::lookup("X509v3.BasicConstraints"))) { return dynamic_cast(*ext).get_is_ca(); } @@ -208,7 +235,7 @@ bool PKCS10_Request::is_CA() const */ size_t PKCS10_Request::path_limit() const { - if(auto ext = m_extensions.get(OIDS::lookup("X509v3.BasicConstraints"))) + if(auto ext = extensions().get(OIDS::lookup("X509v3.BasicConstraints"))) { Cert_Extension::Basic_Constraints& basic_constraints = dynamic_cast(*ext); if(basic_constraints.get_is_ca()) @@ -220,12 +247,4 @@ size_t PKCS10_Request::path_limit() const return 0; } -/* -* Return the X509v3 extensions -*/ -Extensions PKCS10_Request::extensions() const - { - return m_extensions; - } - } diff --git a/src/lib/x509/pkcs10.h b/src/lib/x509/pkcs10.h index 973b91b8a8..abed5fa759 100644 --- a/src/lib/x509/pkcs10.h +++ b/src/lib/x509/pkcs10.h @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include @@ -20,6 +19,8 @@ namespace Botan { +struct PKCS10_Data; + /** * PKCS #10 Certificate Request. */ @@ -36,19 +37,19 @@ class BOTAN_PUBLIC_API(2,0) PKCS10_Request final : public X509_Object * Get the raw DER encoded public key. * @return raw DER encoded public key */ - std::vector raw_public_key() const; + const std::vector& raw_public_key() const; /** * Get the subject DN. * @return subject DN */ - X509_DN subject_dn() const; + const X509_DN& subject_dn() const; /** * Get the subject alternative name. * @return subject alternative name. */ - AlternativeName subject_alt_name() const; + const AlternativeName& subject_alt_name() const; /** * Get the key constraints for the key associated with this @@ -86,7 +87,7 @@ class BOTAN_PUBLIC_API(2,0) PKCS10_Request final : public X509_Object * Get the X509v3 extensions. * @return X509v3 extensions */ - Extensions extensions() const; + const Extensions& extensions() const; /** * Create a PKCS#10 Request from a data source. @@ -110,10 +111,10 @@ class BOTAN_PUBLIC_API(2,0) PKCS10_Request final : public X509_Object explicit PKCS10_Request(const std::vector& vec); private: void force_decode() override; - void handle_attribute(const Attribute&); - Data_Store m_info; - Extensions m_extensions; + const PKCS10_Data& data() const; + + std::shared_ptr m_data; }; } From bc552d5ced2a3727c93070c82a87a4338f95e0db Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:20:28 -0500 Subject: [PATCH 0167/1008] Store X509_CRL data in shared_ptr --- src/lib/x509/x509_crl.cpp | 133 ++++++++++++++++++++++++-------------- src/lib/x509/x509_crl.h | 38 ++++++----- 2 files changed, 102 insertions(+), 69 deletions(-) diff --git a/src/lib/x509/x509_crl.cpp b/src/lib/x509/x509_crl.cpp index e27733d32e..4a6c4249ae 100644 --- a/src/lib/x509/x509_crl.cpp +++ b/src/lib/x509/x509_crl.cpp @@ -12,11 +12,24 @@ namespace Botan { +struct CRL_Data + { + X509_DN m_issuer; + X509_Time m_this_update; + X509_Time m_next_update; + std::vector m_entries; + Extensions m_extensions; + + // cached values from extensions + size_t m_crl_number = 0; + std::vector m_auth_key_id; + }; + /* * Load a X.509 CRL */ -X509_CRL::X509_CRL(DataSource& in, bool touc) : - X509_Object(in, "X509 CRL/CRL"), m_throw_on_unknown_critical(touc) +X509_CRL::X509_CRL(DataSource& in) : + X509_Object(in, "X509 CRL/CRL") { do_decode(); } @@ -25,26 +38,30 @@ X509_CRL::X509_CRL(DataSource& in, bool touc) : /* * Load a X.509 CRL */ -X509_CRL::X509_CRL(const std::string& fsname, bool touc) : - X509_Object(fsname, "CRL/X509 CRL"), m_throw_on_unknown_critical(touc) +X509_CRL::X509_CRL(const std::string& fsname) : + X509_Object(fsname, "CRL/X509 CRL") { do_decode(); } #endif -X509_CRL::X509_CRL(const std::vector& in, bool touc) : - X509_Object(in, "CRL/X509 CRL"), m_throw_on_unknown_critical(touc) +X509_CRL::X509_CRL(const std::vector& in) : + X509_Object(in, "CRL/X509 CRL") { do_decode(); } -X509_CRL::X509_CRL(const X509_DN& issuer, const X509_Time& thisUpdate, - const X509_Time& nextUpdate, const std::vector& revoked) : - X509_Object(), m_throw_on_unknown_critical(false), m_revoked(revoked) +X509_CRL::X509_CRL(const X509_DN& issuer, + const X509_Time& this_update, + const X509_Time& next_update, + const std::vector& revoked) : + X509_Object() { - m_info.add(issuer.contents()); - m_info.add("X509.CRL.start", thisUpdate.to_string()); - m_info.add("X509.CRL.end", nextUpdate.to_string()); + m_data.reset(new CRL_Data); + m_data->m_issuer = issuer; + m_data->m_this_update = this_update; + m_data->m_next_update = next_update; + m_data->m_entries = revoked; } /** @@ -63,18 +80,21 @@ bool X509_CRL::is_revoked(const X509_Certificate& cert) const std::vector cert_akid = cert.authority_key_id(); if(!crl_akid.empty() && !cert_akid.empty()) + { if(crl_akid != cert_akid) return false; + } std::vector cert_serial = cert.serial_number(); bool is_revoked = false; - for(size_t i = 0; i != m_revoked.size(); ++i) + // FIXME would be nice to avoid a linear scan here - maybe sort the entries? + for(const CRL_Entry& entry : get_revoked()) { - if(cert_serial == m_revoked[i].serial_number()) + if(cert_serial == entry.serial_number()) { - if(m_revoked[i].reason_code() == REMOVE_FROM_CRL) + if(entry.reason_code() == REMOVE_FROM_CRL) is_revoked = false; else is_revoked = true; @@ -87,31 +107,31 @@ bool X509_CRL::is_revoked(const X509_Certificate& cert) const /* * Decode the TBSCertList data */ -void X509_CRL::force_decode() +namespace { + +std::unique_ptr decode_crl_body(const std::vector& body, + const AlgorithmIdentifier& sig_algo) { - BER_Decoder tbs_crl(signed_body()); + std::unique_ptr data(new CRL_Data); + + BER_Decoder tbs_crl(body); size_t version; tbs_crl.decode_optional(version, INTEGER, UNIVERSAL); if(version != 0 && version != 1) - throw X509_CRL_Error("Unknown X.509 CRL version " + + throw X509_CRL::X509_CRL_Error("Unknown X.509 CRL version " + std::to_string(version+1)); AlgorithmIdentifier sig_algo_inner; tbs_crl.decode(sig_algo_inner); - if(signature_algorithm() != sig_algo_inner) - throw X509_CRL_Error("Algorithm identifier mismatch"); - - X509_DN dn_issuer; - tbs_crl.decode(dn_issuer); - m_info.add(dn_issuer.contents()); + if(sig_algo != sig_algo_inner) + throw X509_CRL::X509_CRL_Error("Algorithm identifier mismatch"); - X509_Time start, end; - tbs_crl.decode(start).decode(end); - m_info.add("X509.CRL.start", start.to_string()); - m_info.add("X509.CRL.end", end.to_string()); + tbs_crl.decode(data->m_issuer) + .decode(data->m_this_update) + .decode(data->m_next_update); BER_Object next = tbs_crl.get_next_object(); @@ -121,9 +141,9 @@ void X509_CRL::force_decode() while(cert_list.more_items()) { - CRL_Entry entry(m_throw_on_unknown_critical); + CRL_Entry entry; cert_list.decode(entry); - m_revoked.push_back(entry); + data->m_entries.push_back(entry); } next = tbs_crl.get_next_object(); } @@ -132,44 +152,59 @@ void X509_CRL::force_decode() next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) { BER_Decoder crl_options(next.value); - - Extensions extensions(m_throw_on_unknown_critical); - - crl_options.decode(extensions).verify_end(); - - extensions.contents_to(m_info, m_info); - + crl_options.decode(data->m_extensions).verify_end(); next = tbs_crl.get_next_object(); } if(next.type_tag != NO_OBJECT) - throw X509_CRL_Error("Unknown tag in CRL"); + throw X509_CRL::X509_CRL_Error("Unknown tag in CRL"); tbs_crl.verify_end(); + + return data; + } + +} + +void X509_CRL::force_decode() + { + m_data.reset(decode_crl_body(signed_body(), signature_algorithm()).release()); + } + +const CRL_Data& X509_CRL::data() const + { + if(!m_data) + throw Decoding_Error("Error decoding X509 CRL"); + return *m_data.get(); + } + +const Extensions& X509_CRL::extensions() const + { + return data().m_extensions; } /* * Return the list of revoked certificates */ -std::vector X509_CRL::get_revoked() const +const std::vector& X509_CRL::get_revoked() const { - return m_revoked; + return data().m_entries; } /* * Return the distinguished name of the issuer */ -X509_DN X509_CRL::issuer_dn() const +const X509_DN& X509_CRL::issuer_dn() const { - return create_dn(m_info); + return data().m_issuer; } /* * Return the key identifier of the issuer */ -std::vector X509_CRL::authority_key_id() const +const std::vector& X509_CRL::authority_key_id() const { - return m_info.get1_memvec("X509v3.AuthorityKeyIdentifier"); + return data().m_auth_key_id; } /* @@ -177,23 +212,23 @@ std::vector X509_CRL::authority_key_id() const */ uint32_t X509_CRL::crl_number() const { - return m_info.get1_uint32("X509v3.CRLNumber"); + return data().m_crl_number; } /* * Return the issue data of the CRL */ -X509_Time X509_CRL::this_update() const +const X509_Time& X509_CRL::this_update() const { - return X509_Time(m_info.get1("X509.CRL.start"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); + return data().m_this_update; } /* * Return the date when a new CRL will be issued */ -X509_Time X509_CRL::next_update() const +const X509_Time& X509_CRL::next_update() const { - return X509_Time(m_info.get1("X509.CRL.end"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); + return data().m_next_update; } } diff --git a/src/lib/x509/x509_crl.h b/src/lib/x509/x509_crl.h index 8651173007..c3c986cc1c 100644 --- a/src/lib/x509/x509_crl.h +++ b/src/lib/x509/x509_crl.h @@ -11,11 +11,12 @@ #include #include #include -#include #include namespace Botan { +class CRL_Data; +class Extensions; class X509_Certificate; /** @@ -43,19 +44,24 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object * Get the entries of this CRL in the form of a vector. * @return vector containing the entries of this CRL. */ - std::vector get_revoked() const; + const std::vector& get_revoked() const; /** * Get the issuer DN of this CRL. * @return CRLs issuer DN */ - X509_DN issuer_dn() const; + const X509_DN& issuer_dn() const; + + /** + * @return extension data for this CRL + */ + const Extensions& extensions() const; /** * Get the AuthorityKeyIdentifier of this CRL. * @return this CRLs AuthorityKeyIdentifier */ - std::vector authority_key_id() const; + const std::vector& authority_key_id() const; /** * Get the serial number of this CRL. @@ -67,41 +73,33 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object * Get the CRL's thisUpdate value. * @return CRLs thisUpdate */ - X509_Time this_update() const; + const X509_Time& this_update() const; /** * Get the CRL's nextUpdate value. * @return CRLs nextdUpdate */ - X509_Time next_update() const; + const X509_Time& next_update() const; /** * Construct a CRL from a data source. * @param source the data source providing the DER or PEM encoded CRL. - * @param throw_on_unknown_critical should we throw an exception - * if an unknown CRL extension marked as critical is encountered. */ - X509_CRL(DataSource& source, bool throw_on_unknown_critical = false); + X509_CRL(DataSource& source); #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) /** * Construct a CRL from a file containing the DER or PEM encoded CRL. * @param filename the name of the CRL file - * @param throw_on_unknown_critical should we throw an exception - * if an unknown CRL extension marked as critical is encountered. */ - X509_CRL(const std::string& filename, - bool throw_on_unknown_critical = false); + X509_CRL(const std::string& filename); #endif /** * Construct a CRL from a binary vector * @param vec the binary (DER) representation of the CRL - * @param throw_on_unknown_critical should we throw an exception - * if an unknown CRL extension marked as critical is encountered. */ - X509_CRL(const std::vector& vec, - bool throw_on_unknown_critical = false); + X509_CRL(const std::vector& vec); /** * Construct a CRL @@ -116,9 +114,9 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object private: void force_decode() override; - bool m_throw_on_unknown_critical; - std::vector m_revoked; - Data_Store m_info; + const CRL_Data& data() const; + + std::shared_ptr m_data; }; } From c2239949daf06c1e3b47ac9652750aca8e344796 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:20:51 -0500 Subject: [PATCH 0168/1008] Store CRL_Entry data in shared_ptr --- src/lib/x509/crl_ent.cpp | 94 +++++++++++++++++++++++++++------------- src/lib/x509/crl_ent.h | 28 +++++++----- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/src/lib/x509/crl_ent.cpp b/src/lib/x509/crl_ent.cpp index fabd883260..61fd5d31ff 100644 --- a/src/lib/x509/crl_ent.cpp +++ b/src/lib/x509/crl_ent.cpp @@ -14,24 +14,28 @@ namespace Botan { -/* -* Create a CRL_Entry -*/ -CRL_Entry::CRL_Entry(bool t_on_unknown_crit) : - m_throw_on_unknown_critical(t_on_unknown_crit) +struct CRL_Entry_Data { - m_reason = UNSPECIFIED; - } + std::vector m_serial; + X509_Time m_time; + CRL_Code m_reason; + Extensions m_extensions; + }; /* * Create a CRL_Entry */ -CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) : - m_throw_on_unknown_critical(false) +CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) { - m_serial = cert.serial_number(); - m_time = X509_Time(std::chrono::system_clock::now()); - m_reason = why; + m_data.reset(new CRL_Entry_Data); + m_data->m_serial = cert.serial_number(); + m_data->m_time = X509_Time(std::chrono::system_clock::now()); + m_data->m_reason = why; + + if(why != UNSPECIFIED) + { + m_data->m_extensions.add(new Cert_Extension::CRL_ReasonCode(why)); + } } /* @@ -61,17 +65,13 @@ bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2) */ void CRL_Entry::encode_into(DER_Encoder& der) const { - Extensions extensions; - - extensions.add(new Cert_Extension::CRL_ReasonCode(m_reason)); - der.start_cons(SEQUENCE) - .encode(BigInt::decode(m_serial)) - .encode(m_time) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_cons(); + .encode(BigInt::decode(serial_number())) + .encode(expire_time()) + .start_cons(SEQUENCE) + .encode(extensions()) + .end_cons() + .end_cons(); } /* @@ -80,24 +80,58 @@ void CRL_Entry::encode_into(DER_Encoder& der) const void CRL_Entry::decode_from(BER_Decoder& source) { BigInt serial_number_bn; - m_reason = UNSPECIFIED; + + std::unique_ptr data(new CRL_Entry_Data); BER_Decoder entry = source.start_cons(SEQUENCE); - entry.decode(serial_number_bn).decode(m_time); + entry.decode(serial_number_bn).decode(data->m_time); + data->m_serial = BigInt::encode(serial_number_bn); if(entry.more_items()) { - Extensions extensions(m_throw_on_unknown_critical); - entry.decode(extensions); - Data_Store info; - extensions.contents_to(info, info); - m_reason = CRL_Code(info.get1_uint32("X509v3.CRLReasonCode")); + entry.decode(data->m_extensions); + if(auto ext = data->m_extensions.get_extension_object_as()) + { + data->m_reason = ext->get_reason(); + } + else + { + data->m_reason = UNSPECIFIED; + } } entry.end_cons(); - m_serial = BigInt::encode(serial_number_bn); + m_data.reset(data.release()); + } + +const CRL_Entry_Data& CRL_Entry::data() const + { + if(!m_data) + throw Decoding_Error("Uninitialized CRL_Entry"); + return *m_data.get(); + } + +const std::vector& CRL_Entry::serial_number() const + { + return data().m_serial; } +const X509_Time& CRL_Entry::expire_time() const + { + return data().m_time; + } + +CRL_Code CRL_Entry::reason_code() const + { + return data().m_reason; + } + +const Extensions& CRL_Entry::extensions() const + { + return data().m_extensions; + } + + } diff --git a/src/lib/x509/crl_ent.h b/src/lib/x509/crl_ent.h index cf509d3c1a..967dc92d29 100644 --- a/src/lib/x509/crl_ent.h +++ b/src/lib/x509/crl_ent.h @@ -12,7 +12,9 @@ namespace Botan { +class Extensions; class X509_Certificate; +struct CRL_Entry_Data; /** * X.509v2 CRL Reason Code. @@ -47,26 +49,29 @@ class BOTAN_PUBLIC_API(2,0) CRL_Entry final : public ASN1_Object * Get the serial number of the certificate associated with this entry. * @return certificate's serial number */ - std::vector serial_number() const { return m_serial; } + const std::vector& serial_number() const; /** * Get the revocation date of the certificate associated with this entry * @return certificate's revocation date */ - X509_Time expire_time() const { return m_time; } + const X509_Time& expire_time() const; /** * Get the entries reason code * @return reason code */ - CRL_Code reason_code() const { return m_reason; } + CRL_Code reason_code() const; /** - * Construct an empty CRL entry. - * @param throw_on_unknown_critical_extension should we throw an exception - * if an unknown CRL extension marked as critical is encountered + * Get the extensions on this CRL entry */ - explicit CRL_Entry(bool throw_on_unknown_critical_extension = false); + const Extensions& extensions() const; + + /** + * Create uninitialized CRL_Entry object + */ + CRL_Entry() {} /** * Construct an CRL entry. @@ -77,10 +82,11 @@ class BOTAN_PUBLIC_API(2,0) CRL_Entry final : public ASN1_Object CRL_Code reason = UNSPECIFIED); private: - bool m_throw_on_unknown_critical; - std::vector m_serial; - X509_Time m_time; - CRL_Code m_reason; + friend class X509_CRL; + + const CRL_Entry_Data& data() const; + + std::shared_ptr m_data; }; /** From 69886de61e73c5a5d507c660281124db84bede62 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:21:18 -0500 Subject: [PATCH 0169/1008] Use new APIs in path validation and name constraint handling --- src/lib/x509/name_constraint.cpp | 13 +++++++++---- src/lib/x509/x509path.cpp | 7 +++++-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/lib/x509/name_constraint.cpp b/src/lib/x509/name_constraint.cpp index e098bcd8d6..21145824b3 100644 --- a/src/lib/x509/name_constraint.cpp +++ b/src/lib/x509/name_constraint.cpp @@ -6,6 +6,7 @@ */ #include +#include #include #include #include @@ -105,14 +106,18 @@ GeneralName::MatchResult GeneralName::matches(const X509_Certificate& cert) cons std::vector nam; std::function match_fn; + const X509_DN& dn = cert.subject_dn(); + const AlternativeName& alt_name = cert.subject_alt_name(); + if(type() == "DNS") { match_fn = std::mem_fn(&GeneralName::matches_dns); - nam = cert.subject_info("DNS"); + + nam = alt_name.get_attribute("DNS"); if(nam.empty()) { - nam = cert.subject_info("CN"); + nam = dn.get_attribute("CN"); } } else if(type() == "DN") @@ -120,13 +125,13 @@ GeneralName::MatchResult GeneralName::matches(const X509_Certificate& cert) cons match_fn = std::mem_fn(&GeneralName::matches_dn); std::stringstream ss; - ss << cert.subject_dn(); + ss << dn; nam.push_back(ss.str()); } else if(type() == "IP") { match_fn = std::mem_fn(&GeneralName::matches_ip); - nam = cert.subject_info("IP"); + nam = alt_name.get_attribute("IP"); } else { diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index fcc5bf0ba5..c10b15715f 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -6,6 +6,7 @@ */ #include +#include #include #include #include @@ -67,10 +68,10 @@ PKIX::check_chain(const std::vector>& ce } // Check all certs for valid time range - if(validation_time < X509_Time(subject->start_time(), ASN1_Tag::UTC_OR_GENERALIZED_TIME)) + if(validation_time < subject->not_before()) status.insert(Certificate_Status_Code::CERT_NOT_YET_VALID); - if(validation_time > X509_Time(subject->end_time(), ASN1_Tag::UTC_OR_GENERALIZED_TIME)) + if(validation_time > subject->not_after()) status.insert(Certificate_Status_Code::CERT_HAS_EXPIRED); // Check issuer constraints @@ -495,7 +496,9 @@ PKIX::build_certificate_path(std::vector const std::string fprint = issuer->fingerprint("SHA-256"); if(certs_seen.count(fprint) > 0) // already seen? + { return Certificate_Status_Code::CERT_CHAIN_LOOP; + } certs_seen.insert(fprint); cert_path.push_back(issuer); From c71af3e2cf78db668eec1ea039cfb7f92eefdc72 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:21:33 -0500 Subject: [PATCH 0170/1008] Avoid deprecated functions in FFI --- src/lib/ffi/ffi_cert.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/ffi/ffi_cert.cpp b/src/lib/ffi/ffi_cert.cpp index 2ac9c69af3..17b78cc7c7 100644 --- a/src/lib/ffi/ffi_cert.cpp +++ b/src/lib/ffi/ffi_cert.cpp @@ -55,7 +55,7 @@ int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t* key) *key = nullptr; #if defined(BOTAN_HAS_RSA) - std::unique_ptr publicKey(safe_get(cert).subject_public_key()); + std::unique_ptr publicKey = safe_get(cert).load_subject_public_key(); *key = new botan_pubkey_struct(publicKey.release()); return BOTAN_FFI_SUCCESS; #else @@ -100,12 +100,12 @@ int botan_x509_cert_destroy(botan_x509_cert_t cert) int botan_x509_cert_get_time_starts(botan_x509_cert_t cert, char out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.start_time()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.not_before().to_string()); }); } int botan_x509_cert_get_time_expires(botan_x509_cert_t cert, char out[], size_t* out_len) { - return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.end_time()); }); + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_str_output(out, out_len, c.not_after().to_string()); }); } int botan_x509_cert_get_serial_number(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) From dafbe9848eb4386207bf5a7a6fdb86e34d720edf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 09:22:07 -0500 Subject: [PATCH 0171/1008] Small cleanups in X509 tests --- src/tests/unit_x509.cpp | 63 +++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index d635f7fe1b..aab0b83d56 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -379,10 +379,12 @@ Test::Result test_x509_utf8() const std::string location = "\xD0\x9C\xD0\xBE\xD1\x81\xD0\xBA\xD0\xB2\xD0\xB0"; - result.test_eq("O", utf8_cert.issuer_info("O").at(0), organization); - result.test_eq("OU", utf8_cert.issuer_info("OU").at(0), organization_unit); - result.test_eq("CN", utf8_cert.issuer_info("CN").at(0), common_name); - result.test_eq("L", utf8_cert.issuer_info("L").at(0), location); + const Botan::X509_DN& issuer_dn = utf8_cert.issuer_dn(); + + result.test_eq("O", issuer_dn.get_first_attribute("O"), organization); + result.test_eq("OU", issuer_dn.get_first_attribute("OU"), organization_unit); + result.test_eq("CN", issuer_dn.get_first_attribute("CN"), common_name); + result.test_eq("L", issuer_dn.get_first_attribute("L"), location); } catch (const Botan::Decoding_Error &ex) { @@ -409,9 +411,11 @@ Test::Result test_x509_bmpstring() // UTF-8 encoded fields of test certificate (contains only ASCII characters) const std::string location = "Berlin"; - result.test_eq("O", ucs2_cert.issuer_info("O").at(0), organization); - result.test_eq("CN", ucs2_cert.issuer_info("CN").at(0), common_name); - result.test_eq("L", ucs2_cert.issuer_info("L").at(0), location); + const Botan::X509_DN& issuer_dn = ucs2_cert.issuer_dn(); + + result.test_eq("O", issuer_dn.get_first_attribute("O"), organization); + result.test_eq("CN", issuer_dn.get_first_attribute("CN"), common_name); + result.test_eq("L", issuer_dn.get_first_attribute("L"), location); } catch (const Botan::Decoding_Error &ex) { @@ -503,10 +507,11 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash /* Get cert data */ result.test_eq("x509 version", user1_cert.x509_version(), size_t(3)); - result.test_eq("issuer info CN", user1_cert.issuer_info("CN").at(0), ca_opts().common_name); - result.test_eq("issuer info Country", user1_cert.issuer_info("C").at(0), ca_opts().country); - result.test_eq("issuer info Orga", user1_cert.issuer_info("O").at(0), ca_opts().organization); - result.test_eq("issuer info OrgaUnit", user1_cert.issuer_info("OU").at(0), ca_opts().org_unit); + const Botan::X509_DN& user1_issuer_dn = user1_cert.issuer_dn(); + result.test_eq("issuer info CN", user1_issuer_dn.get_first_attribute("CN"), ca_opts().common_name); + result.test_eq("issuer info Country", user1_issuer_dn.get_first_attribute("C"), ca_opts().country); + result.test_eq("issuer info Orga", user1_issuer_dn.get_first_attribute("O"), ca_opts().organization); + result.test_eq("issuer info OrgaUnit", user1_issuer_dn.get_first_attribute("OU"), ca_opts().org_unit); const Botan::X509_CRL crl1 = ca.new_crl(Test::rng()); @@ -952,6 +957,12 @@ class String_Extension final : public Botan::Certificate_Extension { return m_oid; } + + bool should_encode() const override + { + return true; + } + std::string oid_name() const override { return "String Extension"; @@ -1005,16 +1016,19 @@ Test::Result test_x509_extensions(const std::string& sig_algo, const std::string // include a custom extension in the request Botan::Extensions req_extensions; - Botan::OID oid("1.2.3.4.5.6.7.8.9.1"); - req_extensions.add(new String_Extension("1Test"), false); + const Botan::OID oid("1.2.3.4.5.6.7.8.9.1"); + const Botan::OID ku_oid = Botan::OIDS::lookup("X509v3.KeyUsage"); + req_extensions.add(new String_Extension("AAAAAAAAAAAAAABCDEF"), false); opts.extensions = req_extensions; /* Create a self-signed certificate */ const Botan::X509_Certificate self_signed_cert = Botan::X509::create_self_signed_cert( opts, *user_key, hash_fn, Test::rng()); + result.confirm("Extensions::extension_set true for Key_Usage", self_signed_cert.v3_extensions().extension_set(ku_oid)); + // check if known Key_Usage extension is present in self-signed cert - auto key_usage_ext = self_signed_cert.v3_extensions().get(Botan::OIDS::lookup("X509v3.KeyUsage")); + auto key_usage_ext = self_signed_cert.v3_extensions().get(ku_oid); if(result.confirm("Key_Usage extension present in self-signed certificate", key_usage_ext != nullptr)) { result.confirm("Key_Usage extension value matches in self-signed certificate", @@ -1025,29 +1039,34 @@ Test::Result test_x509_extensions(const std::string& sig_algo, const std::string auto string_ext = self_signed_cert.v3_extensions().get_raw(oid); if(result.confirm("Custom extension present in self-signed certificate", string_ext != nullptr)) { - result.test_eq("Custom extension value matches in self-signed certificate", string_ext->value(), "1Test"); + result.test_eq("Custom extension value matches in self-signed certificate", string_ext->value(), "AAAAAAAAAAAAAABCDEF"); } const Botan::PKCS10_Request user_req = Botan::X509::create_cert_req(opts, *user_key, hash_fn, Test::rng()); /* Create a CA-signed certificate */ - const Botan::X509_Certificate user_cert = ca.sign_request( - user_req, Test::rng(), from_date(2008, 01, 01), from_date(2033, 01, 01)); + const Botan::X509_Certificate ca_signed_cert = + ca.sign_request(user_req, Test::rng(), + from_date(2008, 01, 01), + from_date(2033, 01, 01)); // check if known Key_Usage extension is present in CA-signed cert - key_usage_ext = self_signed_cert.v3_extensions().get(Botan::OIDS::lookup("X509v3.KeyUsage")); - if(result.confirm("Key_Usage extension present in user certificate", key_usage_ext != nullptr)) + result.confirm("Extensions::extension_set true for Key_Usage", ca_signed_cert.v3_extensions().extension_set(ku_oid)); + + key_usage_ext = ca_signed_cert.v3_extensions().get(ku_oid); + if(result.confirm("Key_Usage extension present in CA-signed certificate", key_usage_ext != nullptr)) { result.confirm("Key_Usage extension value matches in user certificate", dynamic_cast(*key_usage_ext).get_constraints() == Botan::DIGITAL_SIGNATURE); } // check if custom extension is present in CA-signed cert - string_ext = user_cert.v3_extensions().get_raw(oid); - if(result.confirm("Custom extension present in user certificate", string_ext != nullptr)) + result.confirm("Extensions::extension_set true for String_Extension", ca_signed_cert.v3_extensions().extension_set(oid)); + string_ext = ca_signed_cert.v3_extensions().get_raw(oid); + if(result.confirm("Custom extension present in CA-signed certificate", string_ext != nullptr)) { - result.test_eq("Custom extension value matches in user certificate", string_ext->value(), "1Test"); + result.test_eq("Custom extension value matches in CA-signed certificate", string_ext->value(), "AAAAAAAAAAAAAABCDEF"); } return result; From cd7866e3ec00beff057228cf3fb87b72df02f88f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 12:33:03 -0500 Subject: [PATCH 0172/1008] Add a test for GH #1252 --- src/lib/x509/x509_dn.cpp | 8 ++++++- src/tests/data/misc_certs/opcuactt_ca.der | Bin 0 -> 1072 bytes src/tests/data/misc_certs/opcuactt_ca.pem | 28 ++++++++++++++++++++++ src/tests/unit_x509.cpp | 26 ++++++++++++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 src/tests/data/misc_certs/opcuactt_ca.der create mode 100644 src/tests/data/misc_certs/opcuactt_ca.pem diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index ce1300e536..e705fe74d7 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -79,7 +79,13 @@ std::multimap X509_DN::contents() const { std::multimap retval; for(auto i = m_dn_info.begin(); i != m_dn_info.end(); ++i) - multimap_insert(retval, OIDS::lookup(i->first), i->second.value()); + { + std::string str_value = OIDS::oid2str(i->first); + + if(str_value.empty()) + str_value = i->first.as_string(); + multimap_insert(retval, str_value, i->second.value()); + } return retval; } diff --git a/src/tests/data/misc_certs/opcuactt_ca.der b/src/tests/data/misc_certs/opcuactt_ca.der new file mode 100644 index 0000000000000000000000000000000000000000..35e8e5cb0418dbb33c4fecc2a16e2337113796ed GIT binary patch literal 1072 zcmXqLV$m^ZVisAz%*4pV#K>U4%f_kI=F#?@mywa1mBAp+klTQhjX9KsO_(V(*igWL z55(c%VRtObtjfuZ~vL#>w$ZHo_0J7-0fxHRG{E@ z@ta%xgm3EN&Kfa`*%opAYZlvmeyXgG#_5d{WfFv}|KMq<$W29aquKYwDWdRL$j%>Mj`sQt8E z@2u}h_R4K3{Fw4r{^DZSqXIuAnOF1+U008BytwX#=wun~_ion<_gLCJ%sE(gL&M8) zo`_h~9Rc+XC1*Moem3fmTXB`mrqr`VN_w@>!|a&16Qyq{$gJzU?0YTDp{+`NLU71a z2BQhTCNVBwc2$PIdyT`>5RoHV#(HUv`<@+VVrFDuT-^A@pz))D4jX4en+Idt4<|-m z7I`sQ|AN%K;9wsG_td=9qQsKa6b0whqLR$C%w!&a)q`_g4B@pD}0^&G(H;IP~mDgtRN0H^ZNx!_D89H;b#B zxStuG#C&hw=@WnXZR8sgZe4$9a`YAd@1+hLGAy6YR?lY0>5b>y%#dQRuVu=N%%;q| zys#;gvd&c<*X^IdeAubbYmMSUyB5iP3N5$v560~5i1cVkYSY}@ykPRZe^>pb7ICCy cBtJPmWk&w&lYgc=cP6@Aw2x`n$UV^o04{BKcmMzZ literal 0 HcmV?d00001 diff --git a/src/tests/data/misc_certs/opcuactt_ca.pem b/src/tests/data/misc_certs/opcuactt_ca.pem new file mode 100644 index 0000000000..1987a0a078 --- /dev/null +++ b/src/tests/data/misc_certs/opcuactt_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMAXkiTXQ8mQnY +n+99br/MU9dRvUzliOZRu0owQnAgTtH2Rl+Q9icXQyhcowaiCv6DFrvPlR1MKMux +kJngiOYLI10gLgXjiO4pd53IPNa60+6j4Xgobl7lfCGnSwbYVE8OYl0MyjfrC8Ca +OmbYYVLvgBSW2fPyBHrucCBTB+f4FT+Wuu473hmNHrRx8WT9H9GjRcUQ+RkDqI8S +1ydcQdGu6BWTHCvvRtdxvDk+4WzBdtgoSkGeFBZa3BAnsHTMiKHzMogeqNUGPHVJ +hBobqxLha1ztkRvaIByuidNN1lZAhnonkFNU5QAykPqSAaem1RwPi6xA5VQUxCoz +LmZBvubHAgMBAAECggEBAJtOM82tcWQAjcJgX436FgGTgkQz/KpxggWOs3fx3DJ8 +TtNR18cf3bqT4dJEOfR6si9Ry0DIoDkuhYN0NfD9x0OLdIXfA5So1cazzWZ3CnHI +jdAtAbCl9ZB245fcQiXGaTjmIThvagqCM+o1s73euaiitQnyewgv6PZEXhdX2Xy+ +Mqm1gXi0edyegSdjVRYd1vfx0S52R1TfoLWUy471VlOsKTo+ukUARryB36VA8iNh +0Wn2419zMyjt1ocOIU0RGFFag7wjZ7rGhv+p9Bb92gBrKkbC/2UWgJRpO4OZ17zX +R3AajPW30e4iUYgFqvDpEhi48N9G7zAxia1FWF0VR8ECgYEA/KVK6trcbxy8Ohqd +hBQUkElCAnBvkIY+OStAieLMppVEvQfMgTWiOCzub4hiGKkPZUK9ibmQgDzcXbZy +bB1cXVK6nwAEfABTYzifu2ADJCDOBd3B1PXW2waLHuMVI0CEnySmADDUJ5+LmZm/ +um6j4iGcJIGZjGNVMQTdTampcs8CgYEAzrbcOMBaQZMW5fDD21x/tGwiNmyIBpNC +M865xHjRHFvGdVkWoIvm2wLV5O7AZMzqc5h6sOxCTj2E4dlWnshn0pTBR48epyXl +cv287G2czafQsttyEJq83InV3JlwycyOy2/EJOCuL/T2O8nGJlNTTUEQbC6Udu8v +/r/HGkO9qokCgYB0LaqCzzwY2FTyPzT5/KXsJ9Pz/TJAeor4jRwzjBjh7bhbWM/B +ByHexUKsBUJe5rdOsF8qiyuY3OPVMEXz05iazaVF4qMtRpUSBoLljmRDY9Z5uh0d +SiOQOrUU8gXRXSTfbeHsKogU5Hg0nRAesiwom54K55HtjewqC3uc8A0c3wKBgQDC +XNNiFRKIN7o/CAvQFQAKb+YXUCLyM8H6nnSzFHph9LT8n4CUAhdVdCwTrp196eLE +P+mUswCBOnzYMpesgniEWtQE6cADn7FHVuctUr8t641irs1oaWYM4xkP68JOLCVT +iUpe9lcxxl1DyCuk25ImwHelkIKN9cYl/MJDotASKQKBgFMX48y7qyqYTZUnXHza +g8yVwpU3DaynPNd7IHwC2/Nj1jZW79Tg8YHzKxujvHSByyqt7UOY8oMTdywzqAh5 +JH3Z9JfPKFTp18cNk8Z0vhPnNV5lQPPXKaWsW7YW62AuDYTX/CwL9+Z+sCIQ/WBz +MMcuPWIKk0t5acScslBtLdk3 +-----END PRIVATE KEY----- diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index aab0b83d56..da60348c84 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -11,6 +11,7 @@ #include #include + #include #include #include #include @@ -358,6 +359,30 @@ Test::Result test_x509_dates() return result; } +Test::Result test_crl_dn_name() + { + Test::Result result("CRL DN name"); + + // See GH #1252 + + const Botan::OID dc_oid("0.9.2342.19200300.100.1.25"); + + Botan::X509_Certificate cert(Test::data_file("misc_certs/opcuactt_ca.der")); + + Botan::DataSource_Stream key_input(Test::data_file("misc_certs/opcuactt_ca.pem")); + std::unique_ptr key = Botan::PKCS8::load_key(key_input); + Botan::X509_CA ca(cert, *key, "SHA-256", Test::rng()); + + Botan::X509_CRL crl = ca.new_crl(Test::rng()); + + result.confirm("matches issuer cert", crl.issuer_dn() == cert.subject_dn()); + + result.confirm("contains DC component", + crl.issuer_dn().get_attributes().count(dc_oid) == 1); + + return result; + } + Test::Result test_x509_utf8() { Test::Result result("X509 with UTF-8 encoded fields"); @@ -1219,6 +1244,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_hashes("ECDSA")); results.push_back(test_x509_utf8()); results.push_back(test_x509_bmpstring()); + results.push_back(test_crl_dn_name()); return results; } From 50ebb336e119eacfacd20c4b005295cac986cdf2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 14:03:16 -0500 Subject: [PATCH 0173/1008] Fix PKCS10 subject alt name usage GH #1010 --- src/lib/x509/asn1_alt_name.cpp | 9 +++++++++ src/lib/x509/asn1_alt_name.h | 2 ++ src/lib/x509/pkcs10.cpp | 15 ++++++++++++--- src/lib/x509/x509_dn.cpp | 7 +++---- src/tests/unit_x509.cpp | 5 +++++ 5 files changed, 31 insertions(+), 7 deletions(-) diff --git a/src/lib/x509/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp index 8b3d2d6e95..04e11bbcdb 100644 --- a/src/lib/x509/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -98,6 +98,15 @@ bool AlternativeName::has_field(const std::string& attr) const return (range.first != range.second); } +std::string AlternativeName::get_first_attribute(const std::string& attr) const + { + auto i = m_alt_info.lower_bound(attr); + if(i != m_alt_info.end() && i->first == attr) + return i->second; + + return ""; + } + std::vector AlternativeName::get_attribute(const std::string& attr) const { std::vector results; diff --git a/src/lib/x509/asn1_alt_name.h b/src/lib/x509/asn1_alt_name.h index 81f933ea08..83ac215baa 100644 --- a/src/lib/x509/asn1_alt_name.h +++ b/src/lib/x509/asn1_alt_name.h @@ -29,6 +29,8 @@ class BOTAN_PUBLIC_API(2,0) AlternativeName final : public ASN1_Object bool has_field(const std::string& attr) const; std::vector get_attribute(const std::string& attr) const; + std::string get_first_attribute(const std::string& attr) const; + void add_attribute(const std::string& type, const std::string& value); void add_othername(const OID& oid, const std::string& value, ASN1_Tag type); diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index cdcb5e9859..82ef0945d0 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -80,6 +80,8 @@ std::unique_ptr decode_pkcs10(const std::vector& body) BER_Object attr_bits = cert_req_info.get_next_object(); + std::set pkcs9_email; + if(attr_bits.type_tag == 0 && attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) { @@ -94,7 +96,7 @@ std::unique_ptr decode_pkcs10(const std::vector& body) { ASN1_String email; value.decode(email); - data->m_alt_name.add_attribute("RFC822", email.value()); + pkcs9_email.insert(email.value()); } else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) { @@ -115,9 +117,16 @@ std::unique_ptr decode_pkcs10(const std::vector& body) cert_req_info.verify_end(); - // TODO pull AlternativeName out of extensions and merge with m_alt_name + if(auto ext = data->m_extensions.get_extension_object_as()) + { + data->m_alt_name = ext->get_alt_name(); + } + + for(std::string email : pkcs9_email) + { + data->m_alt_name.add_attribute("RFC882", email); + } - return data; } diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index e705fe74d7..d07344aae9 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -100,10 +100,9 @@ std::string X509_DN::get_first_attribute(const std::string& attr) const { const OID oid = OIDS::lookup(deref_info_field(attr)); - auto range = m_dn_info.equal_range(oid); - - if(range.first != m_dn_info.end()) - return range.first->second.value(); + auto i = m_dn_info.lower_bound(oid); + if(i != m_dn_info.end() && i->first == oid) + return i->second.value(); return ""; } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index da60348c84..d2156cf607 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -538,6 +538,11 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash result.test_eq("issuer info Orga", user1_issuer_dn.get_first_attribute("O"), ca_opts().organization); result.test_eq("issuer info OrgaUnit", user1_issuer_dn.get_first_attribute("OU"), ca_opts().org_unit); + const Botan::AlternativeName& user1_altname = user1_cert.subject_alt_name(); + result.test_eq("subject alt email", user1_altname.get_first_attribute("RFC822"), "testing@randombit.net"); + result.test_eq("subject alt email", user1_altname.get_first_attribute("DNS"), "botan.randombit.net"); + result.test_eq("subject alt email", user1_altname.get_first_attribute("URI"), "https://botan.randombit.net"); + const Botan::X509_CRL crl1 = ca.new_crl(Test::rng()); /* Verify the certs */ From 583741096b47b49e067e88fbf03575cdf86e7967 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 16:55:07 -0500 Subject: [PATCH 0174/1008] Catch exceptions in NIST validation tests --- src/tests/test_x509_path.cpp | 74 ++++++++++++++++++++---------------- 1 file changed, 41 insertions(+), 33 deletions(-) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index cb08953698..c1d8a5b172 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -182,55 +182,63 @@ std::vector NIST_Path_Validation_Tests::run() for(auto i = expected.begin(); i != expected.end(); ++i) { - const std::string test_name = i->first; - const std::string expected_result = i->second; - - const std::string test_dir = nist_test_dir + "/" + test_name; - Test::Result result("NIST path validation"); result.start_timer(); - const std::vector all_files = Botan::get_files_recursive(test_dir); + const std::string test_name = i->first; - if(all_files.empty()) + try { - result.test_failure("No test files found in " + test_dir); - results.push_back(result); - continue; - } + const std::string expected_result = i->second; - Botan::Certificate_Store_In_Memory store; + const std::string test_dir = nist_test_dir + "/" + test_name; - store.add_certificate(root_cert); - store.add_crl(root_crl); + const std::vector all_files = Botan::get_files_recursive(test_dir); - for(auto const& file : all_files) - { - if(file.find(".crt") != std::string::npos && file != "end.crt") + if(all_files.empty()) { - store.add_certificate(Botan::X509_Certificate(file)); + result.test_failure("No test files found in " + test_dir); + results.push_back(result); + continue; } - else if(file.find(".crl") != std::string::npos) + + Botan::Certificate_Store_In_Memory store; + + store.add_certificate(root_cert); + store.add_crl(root_crl); + + for(auto const& file : all_files) { - Botan::DataSource_Stream in(file, true); - Botan::X509_CRL crl(in); - store.add_crl(crl); + if(file.find(".crt") != std::string::npos && file != "end.crt") + { + store.add_certificate(Botan::X509_Certificate(file)); + } + else if(file.find(".crl") != std::string::npos) + { + Botan::DataSource_Stream in(file, true); + Botan::X509_CRL crl(in); + store.add_crl(crl); + } } - } - Botan::X509_Certificate end_user(test_dir + "/end.crt"); + Botan::X509_Certificate end_user(test_dir + "/end.crt"); - // 1024 bit root cert - Botan::Path_Validation_Restrictions restrictions(true, 80); + // 1024 bit root cert + Botan::Path_Validation_Restrictions restrictions(true, 80); - Botan::Path_Validation_Result validation_result = - Botan::x509_path_validate(end_user, - restrictions, - store); + Botan::Path_Validation_Result validation_result = + Botan::x509_path_validate(end_user, + restrictions, + store); - result.test_eq(test_name + " path validation result", - validation_result.result_string(), - expected_result); + result.test_eq(test_name + " path validation result", + validation_result.result_string(), + expected_result); + } + catch(std::exception& e) + { + result.test_failure(test_name, e.what()); + } result.end_timer(); results.push_back(result); From 6ff498730653d9837af32efaa5d4298d302cec73 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 16:58:37 -0500 Subject: [PATCH 0175/1008] Check for keyCertSign on non-CA certificates during validation GH #1089 --- src/lib/x509/x509path.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index c10b15715f..11bcdbb125 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -47,6 +47,20 @@ PKIX::check_chain(const std::vector>& ce if(!cert_path[0]->allowed_usage(usage)) cert_status[0].insert(Certificate_Status_Code::INVALID_USAGE); + if(cert_path[0]->is_CA_cert() == false && + cert_path[0]->has_constraints(KEY_CERT_SIGN)) + { + /* + "If the keyCertSign bit is asserted, then the cA bit in the + basic constraints extension (Section 4.2.1.9) MUST also be + asserted." - RFC 5280 + + We don't bother doing this check on the rest of the path since they + must have the cA bit asserted or the validation will fail anyway. + */ + cert_status[0].insert(Certificate_Status_Code::INVALID_USAGE); + } + for(size_t i = 0; i != cert_path.size(); ++i) { std::set& status = cert_status.at(i); From 76fd273cadcdeebd6f9e0f79f47c21971088a37a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 17:30:05 -0500 Subject: [PATCH 0176/1008] Consolidate function for testing for ASN.1 string types --- src/cli/asn1.cpp | 8 +------- src/lib/asn1/asn1_str.cpp | 23 +++++++++++++++-------- src/lib/asn1/asn1_str.h | 6 ++++++ src/lib/x509/asn1_alt_name.cpp | 22 +++------------------- 4 files changed, 25 insertions(+), 34 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 234cbd6e6f..08c2562ba5 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -336,13 +336,7 @@ void decode(std::ostream& output, emit(output, type_name(type_tag), level, length, bit_str); } - else if(type_tag == Botan::PRINTABLE_STRING || - type_tag == Botan::NUMERIC_STRING || - type_tag == Botan::IA5_STRING || - type_tag == Botan::T61_STRING || - type_tag == Botan::VISIBLE_STRING || - type_tag == Botan::UTF8_STRING || - type_tag == Botan::BMP_STRING) + else if(Botan::ASN1_String::is_string_type(type_tag)) { Botan::ASN1_String str; data.decode(str); diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index d90aa215be..8b9524de21 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -55,14 +55,7 @@ ASN1_Tag choose_encoding(const std::string& str) void assert_is_string_type(ASN1_Tag tag) { - if(tag != NUMERIC_STRING && - tag != PRINTABLE_STRING && - tag != VISIBLE_STRING && - tag != T61_STRING && - tag != IA5_STRING && - tag != UTF8_STRING && - tag != BMP_STRING && - tag != UNIVERSAL_STRING) + if(!ASN1_String::is_string_type(tag)) { throw Invalid_Argument("ASN1_String: Unknown string type " + std::to_string(tag)); @@ -71,6 +64,20 @@ void assert_is_string_type(ASN1_Tag tag) } +//static +bool ASN1_String::is_string_type(ASN1_Tag tag) + { + return (tag == NUMERIC_STRING || + tag == PRINTABLE_STRING || + tag == VISIBLE_STRING || + tag == T61_STRING || + tag == IA5_STRING || + tag == UTF8_STRING || + tag == BMP_STRING || + tag == UNIVERSAL_STRING); + } + + /* * Create an ASN1_String */ diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index f19265494a..77e2fc145d 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -29,6 +29,12 @@ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object std::string BOTAN_DEPRECATED("Use value() to get UTF-8 string instead") iso_8859() const; + /** + * Return true iff this is a tag for a known string type we can handle. + * This ignores string types that are not supported, eg teletexString + */ + static bool is_string_type(ASN1_Tag tag); + explicit ASN1_String(const std::string& utf8 = ""); ASN1_String(const std::string& utf8, ASN1_Tag tag); private: diff --git a/src/lib/x509/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp index 04e11bbcdb..6b3eda9179 100644 --- a/src/lib/x509/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -16,24 +16,6 @@ namespace Botan { -namespace { - -/* -* Check if type is a known ASN.1 string type -*/ -bool is_string_type(ASN1_Tag tag) - { - return (tag == NUMERIC_STRING || - tag == PRINTABLE_STRING || - tag == VISIBLE_STRING || - tag == T61_STRING || - tag == IA5_STRING || - tag == UTF8_STRING || - tag == BMP_STRING); - } - -} - /* * Create an AlternativeName */ @@ -219,8 +201,10 @@ void AlternativeName::decode_from(BER_Decoder& source) const ASN1_Tag value_type = value.type_tag; - if(is_string_type(value_type) && value.class_tag == UNIVERSAL) + if(ASN1_String::is_string_type(value_type) && value.class_tag == UNIVERSAL) + { add_othername(oid, ASN1::to_string(value), value_type); + } } } else if(tag == 1 || tag == 2 || tag == 6) From f816295c8512214daa7c59f07d96f0737c06ece8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 20:25:44 -0500 Subject: [PATCH 0177/1008] Remove debug abort [ci skip] --- src/lib/x509/x509cert.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 808d4b2b20..6814f54c1a 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -295,7 +295,6 @@ const X509_Certificate_Data& X509_Certificate::data() const { if(m_data == nullptr) { - abort(); throw Decoding_Error("Failed to parse X509 certificate"); } return *m_data.get(); From 3b4a2c547a948b421d73ae7e1bc0ad9430cce465 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 20:48:42 -0500 Subject: [PATCH 0178/1008] Documentation updates --- doc/manual/x509.rst | 141 ++++++++++++++++++++++++++++---------------- 1 file changed, 89 insertions(+), 52 deletions(-) diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index 1fb6d90f5c..66b7b62b34 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -15,43 +15,96 @@ in the :doc:`tls` protocol. A X.509 certificate is represented by .. cpp:class:: X509_Certificate - .. cpp:function:: Public_Key* subject_public_key() const + .. cpp:function:: X509_Certificate(const std::string& filename) - Returns the public key of the subject + Load a certificate from a file. PEM or DER is accepted. - .. cpp:function:: X509_DN issuer_dn() const + .. cpp:function:: X509_Certificate(const std::vector& in) - Returns the distinguished name (DN) of the certificate's issuer + Load a certificate from a byte string. + + .. cpp:function:: X509_Certificate(DataSource& source) + + Load a certificate from an abstract ``DataSource``. + + .. cpp:function:: std::unique_ptr load_subject_public_key() const + + Deserialize the stored public key and return a new object. This + might throw, if it happens that the public key object stored in + the certificate is malformed in some way, or in the case that the + public key algorithm used is not supported by the library. + + See :ref:`serializing_public_keys` for more information about what to do + with the returned object. It may be any type of key, in principle, though + RSA and ECDSA are most common. + + .. cpp:function:: std::vector serial_number() const + + Return the certificates serial number. The tuple of issuer DN and + serial number should be unique. .. cpp:function:: X509_DN subject_dn() const - Returns the distinguished name (DN) of the certificate's subject + Returns the distinguished name (DN) of the certificate's subject. - .. cpp:function:: std::string start_time() const + .. cpp:function:: X509_DN issuer_dn() const + + Returns the distinguished name (DN) of the certificate's issuer + + .. cpp:function:: X509_Time not_before() const Returns the point in time the certificate becomes valid - .. cpp:function:: std::string end_time() const + .. cpp:function:: X509_Time not_after() const Returns the point in time the certificate expires - .. cpp:function:: Extensions v3_extensions() const + .. cpp:function:: const Extensions& v3_extensions() const + + Returns all extensions of this certificate. You can use this + to examine any extension data associated with the certificate, + including custom extensions the library doesn't know about. + + .. cpp:function:: const AlternativeName& subject_alt_name() const + + Return the subjects alternative name. This is used to store + values like associated URIs, DNS addresses, and email addresses. + + .. cpp:function:: const AlternativeName& issuer_alt_name() const + + Return alternative names for the issuer. - Returns all extensions of this certificate + .. cpp:function:: std::string fingerprint(const std::string& hash_name = "SHA-1") const -When working with certificates, the main class to remember is -``X509_Certificate``. You can read an object of this type, but you -can't create one on the fly; a CA object is necessary for making a new -certificate. So for the most part, you only have to worry about -reading them in, verifying the signatures, and getting the bits of -data in them (most commonly the public key, and the information about -the user of that key). An X.509v3 certificate can contain a literally -infinite number of items related to all kinds of things. Botan doesn't -support a lot of them, because nobody uses them and they're an -impossible mess to work with. This section only documents the most -commonly used ones of the ones that are supported; for the rest, read -``x509cert.h`` and ``asn1_obj.h`` (which has the definitions of -various common ASN.1 constructs used in X.509). + Return a fingerprint for the certificate. + + .. cpp:function:: Key_Constraints constraints() const + + Returns either an enumeration listing key constraints (what the + associated key can be used for) or ``NO_CONSTRAINTS`` if the + relevent extension was not included. Example values are + ``DIGITAL_SIGNATURE`` and ``KEY_CERT_SIGN``. More than one value + might be specified. + + .. cpp:function:: bool allowed_extended_usage(const OID& usage) const + + Returns true if the OID is included in the extended usage extension. + + .. cpp:function:: bool matches_dns_name(const std::string& name) const + + Check if the certificate's subject alternative name DNS fields + match ``name``. This function also handles wildcard certificates. + + .. cpp:function:: std::string to_string() const + + Returns a free-form human readable string describing the certificate. + +The ``X509_Certificate`` class has several other functions not described here. +See the header ``x509cert.h`` for details. + +The data of an X.509 certificate is stored as a ``shared_ptr`` to a structure +containing the decoded information. So copying ``X509_Certificate`` objects is +quite cheap. So what's in an X.509 certificate? ----------------------------------- @@ -140,8 +193,7 @@ functions are provided to search them. .. note:: - Validation of custom extensions during path validation - is currently not supported. + Validation of custom extensions during path validation is currently not supported. .. cpp:class:: Extensions @@ -178,7 +230,7 @@ functions are provided to search them. together with the corresponding criticality flag. Contains all extensions, known as well as unknown extensions. -Revocation Lists +Certificate Revocation Lists ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It will occasionally happen that a certificate must be revoked before @@ -209,22 +261,7 @@ with .. cpp:function:: void Certificate_Store::add_crl(const X509_CRL& crl) -and all future verifications will take into account the certificates -listed. - -Reading Certificates -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -``X509_Certificate`` has two constructors, each of which takes a source of -data; a filename to read, and a ``DataSource&``:: - - X509_Certificate cert1("cert1.pem"); - - /* This file contains two certificates, concatenated */ - DataSource_Stream in("certs2_and_3.pem"); - - X509_Certificate cert2(in); // read the first cert - X509_Certificate cert3(in); // read the second cert +and all future verifications will take into account the provided CRL. Certificate Stores ---------------------------------------- @@ -302,9 +339,9 @@ later. SQL-backed Certificate Stores ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The SQL-backed certificate stores store all objects in an SQL -database. They also additionally provide private key storage -and revocation of individual certificates. +The SQL-backed certificate stores store all objects in an SQL database. They +also additionally provide private key storage and revocation of individual +certificates. .. cpp:class:: Certificate_Store_In_SQL @@ -324,7 +361,6 @@ and revocation of individual certificates. Removes ``cert`` from the store. Returns `false` if the certificate could not be found and `true` if removal was successful. - .. cpp:function:: std::shared_ptr find_key(const X509_Certificate&) const Returns the private key for "cert" or an empty shared_ptr if none was found @@ -357,8 +393,10 @@ and revocation of individual certificates. Generates CRLs for all certificates marked as revoked. A CRL is returned for each unique issuer DN. -Botan currently only provides one SQL-backed certificate store using -sqlite. +The ``Certificate_Store_In_SQL`` class operates on an abstract ``SQL_Database`` +object. If support for sqlite3 was enabled at build time, Botan includes an +implementation of this interface for sqlite3, and a subclass of +``Certificate_Store_In_SQL`` which creates or opens a sqlite3 database. .. cpp:class:: Certificate_Store_In_SQLite @@ -475,7 +513,7 @@ step. The two constructors are: and, if `minimum_key_strength` is less than or equal to 80, then SHA-1 signatures will also be accepted. -Certificate Authorities +Creating New Certificates --------------------------------- A CA is represented by the type ``X509_CA``, which can be found in @@ -523,10 +561,9 @@ be issued. To generate a new, empty CRL, just call .. cpp:function:: X509_CRL X509_CA::new_crl(RandomNumberGenerator& rng, \ uint32_t next_update = 0) - This function will return a new, empty CRL. The - ``next_update`` parameter is the number of seconds before - the CRL expires. If it is set to the (default) value of zero, then a - reasonable default (currently 7 days) will be used. + This function will return a new, empty CRL. The ``next_update`` parameter is + the number of seconds before the CRL expires. If it is set to the (default) + value of zero, then a reasonable default (currently 7 days) will be used. On the other hand, you may have issued a CRL before. In that case, you will want to issue a new CRL that contains all previously revoked From 122ceb41f0366a48e84eac3e69e940db2a00eb28 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 14 Nov 2017 20:58:18 -0500 Subject: [PATCH 0179/1008] Update manual to avoid use of old integer typedefs. --- doc/manual/bigint.rst | 6 +- doc/manual/compression.rst | 8 +-- doc/manual/credentials_manager.rst | 2 +- doc/manual/cryptobox.rst | 4 +- doc/manual/ffi.rst | 2 +- doc/manual/filters.rst | 24 ++++---- doc/manual/fpe.rst | 4 +- doc/manual/hash.rst | 8 +-- doc/manual/kdf.rst | 20 +++--- doc/manual/lowlevel.rst | 2 +- doc/manual/mceliece.rst | 12 ++-- doc/manual/passhash.rst | 4 +- doc/manual/pbkdf.rst | 4 +- doc/manual/pkcs11.rst | 24 ++++---- doc/manual/pubkey.rst | 60 +++++++++--------- doc/manual/rng.rst | 12 ++-- doc/manual/srp.rst | 4 +- doc/manual/symmetric_crypto.rst | 98 +++++++++++++++--------------- doc/manual/tls.rst | 30 ++++----- doc/manual/versions.rst | 8 +-- doc/manual/x509.rst | 10 +-- 21 files changed, 174 insertions(+), 172 deletions(-) diff --git a/doc/manual/bigint.rst b/doc/manual/bigint.rst index 04af0c6db3..421ed27c58 100644 --- a/doc/manual/bigint.rst +++ b/doc/manual/bigint.rst @@ -13,13 +13,13 @@ Encoding Functions These transform the normal representation of a ``BigInt`` into some other form, such as a decimal string: -.. cpp:function:: secure_vector BigInt::encode(const BigInt& n, Encoding enc = Binary) +.. cpp:function:: secure_vector BigInt::encode(const BigInt& n, Encoding enc = Binary) This function encodes the BigInt n into a memory vector. ``Encoding`` is an enum that has values ``Binary``, ``Decimal``, and ``Hexadecimal``. -.. cpp:function:: BigInt BigInt::decode(const std::vector& vec, Encoding enc) +.. cpp:function:: BigInt BigInt::decode(const std::vector& vec, Encoding enc) Decode the integer from ``vec`` using the encoding specified. @@ -27,7 +27,7 @@ These functions are static member functions, so they would be called like this:: BigInt n1 = ...; // some number - secure_vector n1_encoded = BigInt::encode(n1); + secure_vector n1_encoded = BigInt::encode(n1); BigInt n2 = BigInt::decode(n1_encoded); assert(n1 == n2); diff --git a/doc/manual/compression.rst b/doc/manual/compression.rst index 2d1f4c142b..4a40b24c71 100644 --- a/doc/manual/compression.rst +++ b/doc/manual/compression.rst @@ -29,7 +29,7 @@ finally completing processing the stream (``finish``). CPU time consumed by the compression process. The decompressor can always handle input from any compressor. - .. cpp:function:: void update(secure_vector& buf, \ + .. cpp:function:: void update(secure_vector& buf, \ size_t offset = 0, bool flush = false) Compress the material in the in/out parameter ``buf``. The leading @@ -39,7 +39,7 @@ finally completing processing the stream (``finish``). entire message up to this point without having the see the rest of the compressed stream. - .. cpp::function:: void finish(secure_vector& buf, size_t offset = 0) + .. cpp::function:: void finish(secure_vector& buf, size_t offset = 0) Finish compressing a message. The ``buf`` and ``offset`` parameters are treated as in ``update``. It is acceptable to call ``start`` followed by @@ -54,7 +54,7 @@ finally completing processing the stream (``finish``). ``update`` or ``finish``. No level is provided here; the decompressor can accept input generated by any compression parameters. - .. cpp:function:: void update(secure_vector& buf, \ + .. cpp:function:: void update(secure_vector& buf, \ size_t offset = 0) Decompress the material in the in/out parameter ``buf``. The leading @@ -63,7 +63,7 @@ finally completing processing the stream (``finish``). This function may throw if the data seems to be invalid. - .. cpp::function:: void finish(secure_vector& buf, size_t offset = 0) + .. cpp::function:: void finish(secure_vector& buf, size_t offset = 0) Finish decompressing a message. The ``buf`` and ``offset`` parameters are treated as in ``update``. It is acceptable to call ``start`` followed by diff --git a/doc/manual/credentials_manager.rst b/doc/manual/credentials_manager.rst index 006d473439..e694f7efd0 100644 --- a/doc/manual/credentials_manager.rst +++ b/doc/manual/credentials_manager.rst @@ -89,7 +89,7 @@ servers for SRP authentication. const std::string& identifier, \ std::string& group_name, \ BigInt& verifier, \ - std::vector& salt, \ + std::vector& salt, \ bool generate_fake_on_unknown) Returns the SRP verifier information for *identifier* (used by server) diff --git a/doc/manual/cryptobox.rst b/doc/manual/cryptobox.rst index a3a0d02b0b..dbade88af5 100644 --- a/doc/manual/cryptobox.rst +++ b/doc/manual/cryptobox.rst @@ -15,13 +15,13 @@ It generates cipher and MAC keys using 8192 iterations of PBKDF2 with HMAC(SHA-512), then encrypts using Serpent in CTR mode and authenticates using a HMAC(SHA-512) mac of the ciphertext, truncated to 160 bits. - .. cpp:function:: std::string encrypt(const byte input[], size_t input_len, \ + .. cpp:function:: std::string encrypt(const uint8_t input[], size_t input_len, \ const std::string& passphrase, \ RandomNumberGenerator& rng) Encrypt the contents using *passphrase*. - .. cpp:function:: std::string decrypt(const byte input[], size_t input_len, \ + .. cpp:function:: std::string decrypt(const uint8_t input[], size_t input_len, \ const std::string& passphrase) Decrypts something encrypted with encrypt. diff --git a/doc/manual/ffi.rst b/doc/manual/ffi.rst index db3bd8d532..e0643974b8 100644 --- a/doc/manual/ffi.rst +++ b/doc/manual/ffi.rst @@ -323,7 +323,7 @@ Multiple Precision Integers Return the size of ``n`` in bits. -.. cpp:function:: int botan_mp_num_bytes(botan_mp_t n, size_t* bytes) +.. cpp:function:: int botan_mp_num_bytes(botan_mp_t n, size_t* uint8_ts) Return the size of ``n`` in bytes. diff --git a/doc/manual/filters.rst b/doc/manual/filters.rst index a28db11534..cae50cc338 100644 --- a/doc/manual/filters.rst +++ b/doc/manual/filters.rst @@ -74,9 +74,9 @@ Here's code that uses one of them to encrypt a string with AES:: pipe.process_msg("secrets"); pipe.process_msg("more secrets"); - secure_vector c1 = pipe.read_all(0); + secure_vector c1 = pipe.read_all(0); - byte c2[4096] = { 0 }; + uint8_t c2[4096] = { 0 }; size_t got_out = pipe.read(c2, sizeof(c2), 1); // use c2[0...got_out] @@ -150,7 +150,7 @@ allows you to bound the amount of memory that is in use at any one time. A common idiom for this is:: pipe.start_msg(); - SecureBuffer buffer; + std::vector buffer(4096); // arbitrary size while(infile.good()) { infile.read((char*)&buffer[0], buffer.size()); @@ -231,7 +231,7 @@ a case where that is useful:: pipe.process_msg(ciphertext); std::string plaintext = pipe.read_all_as_string(0); - secure_vector mac = pipe.read_all(1); + secure_vector mac = pipe.read_all(1); if(mac != auth_code) error(); @@ -393,15 +393,15 @@ another message, without either read affecting any other messages). Starts a new message; if a message was already running, an exception is thrown. After this function returns, you can call ``write``. -.. cpp:function:: void Pipe::write(const byte* input, size_t length) +.. cpp:function:: void Pipe::write(const uint8_t* input, size_t length) -.. cpp:function:: void Pipe::write(const std::vector& input) +.. cpp:function:: void Pipe::write(const std::vector& input) .. cpp:function:: void Pipe::write(const std::string& input) .. cpp:function:: void Pipe::write(DataSource& input) -.. cpp:function:: void Pipe::write(byte input) +.. cpp:function:: void Pipe::write(uint8_t input) All versions of ``write`` write the input into the filter sequence. If a message is not currently active, an exception is thrown. @@ -434,17 +434,17 @@ specifies what message to read from. If this parameter is set to Functions in ``Pipe`` related to reading include: -.. cpp:function:: size_t Pipe::read(byte* out, size_t len) +.. cpp:function:: size_t Pipe::read(uint8_t* out, size_t len) Reads up to ``len`` bytes into ``out``, and returns the number of bytes actually read. -.. cpp:function:: size_t Pipe::peek(byte* out, size_t len) +.. cpp:function:: size_t Pipe::peek(uint8_t* out, size_t len) Acts exactly like `read`, except the data is not actually read; the next read will return the same data. -.. cpp:function:: secure_vector Pipe::read_all() +.. cpp:function:: secure_vector Pipe::read_all() Reads the entire message into a buffer and returns it @@ -686,7 +686,7 @@ as simple as possible to write new filter types. There are four functions that need to be implemented by a class deriving from ``Filter``: -.. cpp:function:: void Filter::write(const byte* input, size_t length) +.. cpp:function:: void Filter::write(const uint8_t* input, size_t length) This function is what is called when a filter receives input for it to process. The filter is not required to process the data right @@ -694,7 +694,7 @@ functions that need to be implemented by a class deriving from filter will usually have ``write`` called many times during its lifetime. -.. cpp:function:: void Filter::send(byte* output, size_t length) +.. cpp:function:: void Filter::send(uint8_t* output, size_t length) Eventually, a filter will want to produce some output to send along to the next filter in the pipeline. It does so by calling ``send`` diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst index 3ce5415587..283d6c1a7a 100644 --- a/doc/manual/fpe.rst +++ b/doc/manual/fpe.rst @@ -21,7 +21,7 @@ included in the future. To use FE1, use these functions, from ``fpe_fe1.h``: .. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \ - const SymmetricKey& key, const std::vector& tweak) + const SymmetricKey& key, const std::vector& tweak) Encrypts the value *X* modulo the value *n* using the *key* and *tweak* specified. Returns an integer less than *n*. The *tweak* is @@ -39,7 +39,7 @@ To use FE1, use these functions, from ``fpe_fe1.h``: checksum is for the new (ciphertext) number. .. cpp:function:: BigInt FPE::fe1_decrypt(const BigInt& n, const BigInt& X, \ - const SymmetricKey& key, const std::vector& tweak) + const SymmetricKey& key, const std::vector& tweak) Decrypts an FE1 ciphertext produced by :cpp:func:`fe1_encrypt`; the *n*, *key* and *tweak* should be the same as that provided to the diff --git a/doc/manual/hash.rst b/doc/manual/hash.rst index fb711fa8d9..80eefbe21d 100644 --- a/doc/manual/hash.rst +++ b/doc/manual/hash.rst @@ -15,17 +15,17 @@ A Botan :cpp:class:`BufferedComputation` is split into three stages: Return the size of the output of this function. - .. cpp:function:: void update(const byte* input, size_t length) + .. cpp:function:: void update(const uint8_t* input, size_t length) - .. cpp:function:: void update(byte input) + .. cpp:function:: void update(uint8_t input) .. cpp:function:: void update(const std::string& input) Updates the computation with *input*. - .. cpp:function:: void final(byte* out) + .. cpp:function:: void final(uint8_t* out) - .. cpp:function:: secure_vector final() + .. cpp:function:: secure_vector final() Finalize the calculation and place the result into ``out``. For the argument taking an array, exactly ``output_length`` bytes will diff --git a/doc/manual/kdf.rst b/doc/manual/kdf.rst index 4ab2fd5dc3..e5d6a99d75 100644 --- a/doc/manual/kdf.rst +++ b/doc/manual/kdf.rst @@ -11,20 +11,20 @@ shared secret created using Diffie-Hellman key agreement. .. cpp:class:: KDF - .. cpp:function:: secure_vector derive_key( \ - size_t key_len, const std::vector& secret, \ + .. cpp:function:: secure_vector derive_key( \ + size_t key_len, const std::vector& secret, \ const std::string& salt = "") const - .. cpp:function:: secure_vector derive_key( \ - size_t key_len, const std::vector& secret, \ - const std::vector& salt) const + .. cpp:function:: secure_vector derive_key( \ + size_t key_len, const std::vector& secret, \ + const std::vector& salt) const - .. cpp:function:: secure_vector derive_key( \ - size_t key_len, const std::vector& secret, \ - const byte* salt, size_t salt_len) const + .. cpp:function:: secure_vector derive_key( \ + size_t key_len, const std::vector& secret, \ + const uint8_t* salt, size_t salt_len) const - .. cpp:function:: secure_vector derive_key( \ - size_t key_len, const byte* secret, size_t secret_len, \ + .. cpp:function:: secure_vector derive_key( \ + size_t key_len, const uint8_t* secret, size_t secret_len, \ const std::string& salt) const All variations on the same theme. Deterministically creates a diff --git a/doc/manual/lowlevel.rst b/doc/manual/lowlevel.rst index 5d5fbea7bf..bcffcd6323 100644 --- a/doc/manual/lowlevel.rst +++ b/doc/manual/lowlevel.rst @@ -63,7 +63,7 @@ Both symmetric keys and initialization values can be considered byte The argument *str* is assumed to be a hex string; it is converted to binary and stored. Whitespace is ignored. - .. cpp:function:: OctetString(const byte* input, size_t length) + .. cpp:function:: OctetString(const uint8_t* input, size_t length) This constructor copies its input. diff --git a/doc/manual/mceliece.rst b/doc/manual/mceliece.rst index 92873dd588..204e0726f2 100644 --- a/doc/manual/mceliece.rst +++ b/doc/manual/mceliece.rst @@ -39,15 +39,15 @@ data), CCA2 security is provided. In ``mcies.h`` there are functions for this combination: -.. cpp:function:: secure_vector mceies_encrypt(const McEliece_PublicKey& pubkey, \ - const secure_vector& pt, \ - byte ad[], size_t ad_len, \ +.. cpp:function:: secure_vector mceies_encrypt(const McEliece_PublicKey& pubkey, \ + const secure_vector& pt, \ + uint8_t ad[], size_t ad_len, \ RandomNumberGenerator& rng, \ const std::string& aead = "AES-256/OCB") -.. cpp:function:: secure_vector mceies_decrypt(const McEliece_PrivateKey& privkey, \ - const secure_vector& ct, \ - byte ad[], size_t ad_len, \ +.. cpp:function:: secure_vector mceies_decrypt(const McEliece_PrivateKey& privkey, \ + const secure_vector& ct, \ + uint8_t ad[], size_t ad_len, \ const std::string& aead = "AES-256/OCB") For a given security level (SL) a McEliece key would use diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst index 725fc55354..99af4a7ea6 100644 --- a/doc/manual/passhash.rst +++ b/doc/manual/passhash.rst @@ -88,7 +88,7 @@ Bcrypt provides outputs that look like this:: Currently only the `2a` bcrypt format is supported. .. cpp:function:: std::string generate_bcrypt(const std::string& password, \ - RandomNumberGenerator& rng, u16bit work_factor = 10) + RandomNumberGenerator& rng, uint16_t work_factor = 10) Takes the password to hash, a rng, and a work factor. Higher work factors increase the amount of time the algorithm runs, increasing @@ -131,7 +131,7 @@ being a widely used password hash. Prefer bcrypt. for scrypt password hashes on Cisco systems. .. cpp:function:: std::string generate_passhash9(const std::string& password, \ - RandomNumberGenerator& rng, u16bit work_factor = 10, byte alg_id = 1) + RandomNumberGenerator& rng, uint16_t work_factor = 10, uint8_t alg_id = 1) Functions much like ``generate_bcrypt``. The last parameter, ``alg_id``, specifies which PRF to use. Currently defined values are diff --git a/doc/manual/pbkdf.rst b/doc/manual/pbkdf.rst index 079a598ff4..d22f6872c7 100644 --- a/doc/manual/pbkdf.rst +++ b/doc/manual/pbkdf.rst @@ -26,7 +26,7 @@ is recommend for new applications. .. cpp:function:: OctetString PBKDF::derive_key( \ size_t output_len, const std::string& passphrase, \ - const byte* salt, size_t salt_len, \ + const uint8_t* salt, size_t salt_len, \ size_t iterations) const Computes a key from *passphrase* and the *salt* (of length @@ -46,7 +46,7 @@ is recommend for new applications. PBKDF* pbkdf = get_pbkdf("PBKDF2(SHA-256)"); AutoSeeded_RNG rng; - secure_vector salt = rng.random_vec(16); + secure_vector salt = rng.random_vec(16); OctetString aes256_key = pbkdf->derive_key(32, "password", &salt[0], salt.size(), 10000); diff --git a/doc/manual/pkcs11.rst b/doc/manual/pkcs11.rst index a95e126bfc..ef62d771fd 100644 --- a/doc/manual/pkcs11.rst +++ b/doc/manual/pkcs11.rst @@ -90,9 +90,9 @@ to call the method twice in order to determine the number of elements first. Another example is the :cpp:func:`C_InitPIN` overload: - .. cpp:function:: template bool C_InitPIN( SessionHandle session, const std::vector& pin, ReturnValue* return_value = ThrowException ) const + .. cpp:function:: template bool C_InitPIN( SessionHandle session, const std::vector& pin, ReturnValue* return_value = ThrowException ) const -The templated ``pin`` parameter allows to pass the PIN as a ``std::vector`` or a ``secure_vector``. +The templated ``pin`` parameter allows to pass the PIN as a ``std::vector`` or a ``secure_vector``. If used with a ``secure_vector`` it is assured that the memory is securely erased when the ``pin`` object is no longer needed. Error Handling @@ -434,11 +434,11 @@ Attributes can be set in an :cpp:class:`AttributeContainer` by various ``add_`` Add a string attribute (e.g. :c:macro:`CKA_LABEL` / :cpp:enumerator:`AttributeType::Label`). - .. cpp:function:: void AttributeContainer::add_binary(AttributeType attribute, const byte* value, size_t length) + .. cpp:function:: void AttributeContainer::add_binary(AttributeType attribute, const uint8_t* value, size_t length) Add a binary attribute (e.g. :c:macro:`CKA_ID` / :cpp:enumerator:`AttributeType::Id`). - .. cpp:function:: template void AttributeContainer::add_binary(AttributeType attribute, const std::vector& binary) + .. cpp:function:: template void AttributeContainer::add_binary(AttributeType attribute, const std::vector& binary) Add a binary attribute by passing a ``vector``/``secure_vector`` (e.g. :c:macro:`CKA_ID` / :cpp:enumerator:`AttributeType::Id`). @@ -510,11 +510,11 @@ Following constructors are defined: The other methods are: - .. cpp:function:: secure_vector get_attribute_value(AttributeType attribute) const + .. cpp:function:: secure_vector get_attribute_value(AttributeType attribute) const Returns the value of the given attribute (using :cpp:func:`C_GetAttributeValue`) - .. cpp:function:: void set_attribute_value(AttributeType attribute, const secure_vector& value) const + .. cpp:function:: void set_attribute_value(AttributeType attribute, const secure_vector& value) const Sets the given value for the attribute (using :cpp:func:`C_SetAttributeValue`) @@ -536,11 +536,11 @@ And static methods to search for objects: Searches for all objects of the given type using the label (:c:macro:`CKA_LABEL`). - .. cpp:function:: template static std::vector search(Session& session, const std::vector& id) + .. cpp:function:: template static std::vector search(Session& session, const std::vector& id) Searches for all objects of the given type using the id (:c:macro:`CKA_ID`). - .. cpp:function:: template static std::vector search(Session& session, const std::string& label, const std::vector& id) + .. cpp:function:: template static std::vector search(Session& session, const std::string& label, const std::vector& id) Searches for all objects of the given type using the label (:c:macro:`CKA_LABEL`) and id (:c:macro:`CKA_ID`). @@ -814,7 +814,7 @@ and import: :cpp:class:`EC_PrivateKeyGenerationProperties` and :cpp:class:`EC_Pr This constructor can be used to import an existing ECDSA private key with the :cpp:class:`EC_PrivateKeyImportProperties` passed in ``props`` to the token. - .. cpp:function:: PKCS11_ECDSA_PrivateKey(Session& session, const std::vector& ec_params, const EC_PrivateKeyGenerationProperties& props) + .. cpp:function:: PKCS11_ECDSA_PrivateKey(Session& session, const std::vector& ec_params, const EC_PrivateKeyGenerationProperties& props) This constructor can be used to generate a new ECDSA private key with the :cpp:class:`EC_PrivateKeyGenerationProperties` passed in ``props`` on the token. The ``ec_params`` parameter is the DER-encoding of an @@ -965,7 +965,7 @@ property classes. One for key generation and one for import: :cpp:class:`EC_Priv This constructor can be used to import an existing ECDH private key with the :cpp:class:`EC_PrivateKeyImportProperties` passed in ``props`` to the token. - .. cpp:function:: PKCS11_ECDH_PrivateKey(Session& session, const std::vector& ec_params, const EC_PrivateKeyGenerationProperties& props) + .. cpp:function:: PKCS11_ECDH_PrivateKey(Session& session, const std::vector& ec_params, const EC_PrivateKeyGenerationProperties& props) This constructor can be used to generate a new ECDH private key with the :cpp:class:`EC_PrivateKeyGenerationProperties` passed in ``props`` on the token. The ``ec_params`` parameter is the DER-encoding of an @@ -1091,11 +1091,11 @@ implements the :cpp:class:`Hardware_RNG` interface. A PKCS#11 :cpp:class:`Session` must be passed to instantiate a ``PKCS11_RNG``. - .. cpp:function:: void randomize(Botan::byte output[], std::size_t length) override + .. cpp:function:: void randomize(uint8_t output[], std::size_t length) override Calls :cpp:func:`C_GenerateRandom` to generate random data. - .. cpp:function:: void add_entropy(const Botan::byte in[], std::size_t length) override + .. cpp:function:: void add_entropy(const uint8_t in[], std::size_t length) override Calls :cpp:func:`C_SeedRandom` to add entropy to the random generation function of the token/middleware. diff --git a/doc/manual/pubkey.rst b/doc/manual/pubkey.rst index 1e13cd1bce..c72793d89d 100644 --- a/doc/manual/pubkey.rst +++ b/doc/manual/pubkey.rst @@ -94,7 +94,7 @@ The standard format for serializing a private key is PKCS #8, the operations for which are defined in ``pkcs8.h``. It supports both unencrypted and encrypted storage. -.. cpp:function:: secure_vector PKCS8::BER_encode(const Private_Key& key, \ +.. cpp:function:: secure_vector PKCS8::BER_encode(const Private_Key& key, \ RandomNumberGenerator& rng, const std::string& password, const std::string& pbe_algo = "") Takes any private key object, serializes it, encrypts it using @@ -125,7 +125,7 @@ Unencrypted serialization is also supported. security requirements, always use the versions that encrypt the key based on a passphrase, described above. -.. cpp:function:: secure_vector PKCS8::BER_encode(const Private_Key& key) +.. cpp:function:: secure_vector PKCS8::BER_encode(const Private_Key& key) Serializes the private key and returns the result. @@ -205,13 +205,13 @@ Serializing Public Keys To import and export public keys, use: -.. cpp:function:: std::vector X509::BER_encode(const Public_Key& key) +.. cpp:function:: std::vector X509::BER_encode(const Public_Key& key) .. cpp:function:: std::string X509::PEM_encode(const Public_Key& key) .. cpp:function:: Public_Key* X509::load_key(DataSource& in) -.. cpp:function:: Public_Key* X509::load_key(const secure_vector& buffer) +.. cpp:function:: Public_Key* X509::load_key(const secure_vector& buffer) .. cpp:function:: Public_Key* X509::load_key(const std::string& filename) @@ -264,7 +264,7 @@ You can generate a new random group using You can serialize a ``DL_Group`` using -.. cpp:function:: secure_vector DL_Group::DER_Encode(Format format) +.. cpp:function:: secure_vector DL_Group::DER_Encode(Format format) or @@ -374,11 +374,11 @@ The primary interface for encryption is .. cpp:class:: PK_Encryptor - .. cpp:function:: secure_vector encrypt( \ - const byte* in, size_t length, RandomNumberGenerator& rng) const + .. cpp:function:: secure_vector encrypt( \ + const uint8_t* in, size_t length, RandomNumberGenerator& rng) const - .. cpp:function:: secure_vector encrypt( \ - const std::vector& in, RandomNumberGenerator& rng) const + .. cpp:function:: secure_vector encrypt( \ + const std::vector& in, RandomNumberGenerator& rng) const These encrypt a message, returning the ciphertext. @@ -546,23 +546,23 @@ Signature generation is performed using ``DER_SEQUENCE``, which will format the signature as an ASN.1 SEQUENCE value. - .. cpp:function:: void update(const byte* in, size_t length) - .. cpp:function:: void update(const std::vector& in) - .. cpp:function:: void update(byte in) + .. cpp:function:: void update(const uint8_t* in, size_t length) + .. cpp:function:: void update(const std::vector& in) + .. cpp:function:: void update(uint8_t in) These add more data to be included in the signature computation. Typically, the input will be provided directly to a hash function. - .. cpp:function:: secure_vector signature(RandomNumberGenerator& rng) + .. cpp:function:: secure_vector signature(RandomNumberGenerator& rng) Creates the signature and returns it - .. cpp:function:: secure_vector sign_message( \ - const byte* in, size_t length, RandomNumberGenerator& rng) + .. cpp:function:: secure_vector sign_message( \ + const uint8_t* in, size_t length, RandomNumberGenerator& rng) - .. cpp:function:: secure_vector sign_message( \ - const std::vector& in, RandomNumberGenerator& rng) + .. cpp:function:: secure_vector sign_message( \ + const std::vector& in, RandomNumberGenerator& rng) These functions are equivalent to calling :cpp:func:`PK_Signer::update` and then @@ -580,15 +580,15 @@ Signatures are verified using key *pub_key*. The *emsa* and *format* should be the same as that used by the signer. - .. cpp:function:: void update(const byte* in, size_t length) - .. cpp:function:: void update(const std::vector& in) - .. cpp:function:: void update(byte in) + .. cpp:function:: void update(const uint8_t* in, size_t length) + .. cpp:function:: void update(const std::vector& in) + .. cpp:function:: void update(uint8_t in) Add further message data that is purportedly assocated with the signature that will be checked. - .. cpp:function:: bool check_signature(const byte* sig, size_t length) - .. cpp:function:: bool check_signature(const std::vector& sig) + .. cpp:function:: bool check_signature(const uint8_t* sig, size_t length) + .. cpp:function:: bool check_signature(const std::vector& sig) Check to see if *sig* is a valid signature for the message data that was written in. Return true if so. This function clears the @@ -596,11 +596,11 @@ Signatures are verified using :cpp:func:`PK_Verifier::update` to start verifying another message. - .. cpp:function:: bool verify_message(const byte* msg, size_t msg_length, \ - const byte* sig, size_t sig_length) + .. cpp:function:: bool verify_message(const uint8_t* msg, size_t msg_length, \ + const uint8_t* sig, size_t sig_length) - .. cpp:function:: bool verify_message(const std::vector& msg, \ - const std::vector& sig) + .. cpp:function:: bool verify_message(const std::vector& msg, \ + const std::vector& sig) These are equivalent to calling :cpp:func:`PK_Verifier::update` on *msg* and then calling :cpp:func:`PK_Verifier::check_signature` @@ -674,7 +674,7 @@ other party, and then each of you runs a computation with the other's value and your key (this should return the same result to both parties). This computation can be called by using ``derive_key`` with either a byte array/length pair, or a -``secure_vector`` than holds the public value of the other +``secure_vector`` than holds the public value of the other party. The last argument to either call is a number that specifies how long a key you want. @@ -689,7 +689,7 @@ symmetric algorithm. The public value that should be used can be obtained by calling ``public_data``, which exists for any key that is associated with a -key agreement algorithm. It returns a ``secure_vector``. +key agreement algorithm. It returns a ``secure_vector``. "KDF2(SHA-256)" is by far the preferred algorithm for key derivation in new applications. The X9.42 algorithm may be useful in some @@ -798,9 +798,9 @@ public/private key pair and how to use these keys to create and verify a signatu private_key.create_signature_op(rng, "", ""); // create and sign a message using the signature operation. - Botan::secure_vector msg { 0x01, 0x02, 0x03, 0x04 }; + Botan::secure_vector msg { 0x01, 0x02, 0x03, 0x04 }; sig_op->update(msg.data(), msg.size()); - Botan::secure_vector sig = sig_op->sign(rng); + Botan::secure_vector sig = sig_op->sign(rng); // create verification operation using the public key std::unique_ptr ver_op = diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst index 592f319fa5..11094d8322 100644 --- a/doc/manual/rng.rst +++ b/doc/manual/rng.rst @@ -7,29 +7,29 @@ The base class ``RandomNumberGenerator`` is in the header ``botan/rng.h``. The major interfaces are -.. cpp:function:: void RandomNumberGenerator::randomize(byte* output_array, size_t length) +.. cpp:function:: void RandomNumberGenerator::randomize(uint8_t* output_array, size_t length) Places *length* random bytes into the provided buffer. -.. cpp:function:: void RandomNumberGenerator::add_entropy(const byte* data, size_t length) +.. cpp:function:: void RandomNumberGenerator::add_entropy(const uint8_t* data, size_t length) Incorporates provided data into the state of the PRNG, if at all possible. This works for most RNG types, including the system and TPM RNGs. But if the RNG doesn't support this operation, the data is dropped, no error is indicated. -.. cpp:function:: void RandomNumberGenerator::randomize_with_input(byte* data, size_t length, \ - const byte* ad, size_t ad_len) +.. cpp:function:: void RandomNumberGenerator::randomize_with_input(uint8_t* data, size_t length, \ + const uint8_t* ad, size_t ad_len) Like randomize, but first incorporates the additional input field into the state of the RNG. The additional input could be anything which parameterizes this request. -.. cpp:function:: void RandomNumberGenerator::randomize_with_ts_input(byte* data, size_t length) +.. cpp:function:: void RandomNumberGenerator::randomize_with_ts_input(uint8_t* data, size_t length) Creates a buffer with some timestamp values and calls ``randomize_with_input`` -.. cpp:function:: byte RandomNumberGenerator::next_byte() +.. cpp:function:: uint8_t RandomNumberGenerator::next_byte() Generates a single random byte and returns it. Note that calling this function several times is much slower than calling ``randomize`` once diff --git a/doc/manual/srp.rst b/doc/manual/srp.rst index 071f3ea193..3419488a38 100644 --- a/doc/manual/srp.rst +++ b/doc/manual/srp.rst @@ -24,7 +24,7 @@ example "modp/srp/2048". .. cpp:function:: BigInt generate_srp6_verifier( \ const std::string& identifier, \ const std::string& password, \ - const std::vector& salt, \ + const std::vector& salt, \ const std::string& group_id, \ const std::string& hash_id) @@ -54,7 +54,7 @@ example "modp/srp/2048". const std::string& password, \ const std::string& group_id, \ const std::string& hash_id, \ - const std::vector& salt, \ + const std::vector& salt, \ const BigInt& B, \ RandomNumberGenerator& rng) diff --git a/doc/manual/symmetric_crypto.rst b/doc/manual/symmetric_crypto.rst index dd4c8f4e85..605d329fbd 100644 --- a/doc/manual/symmetric_crypto.rst +++ b/doc/manual/symmetric_crypto.rst @@ -15,7 +15,7 @@ restrictions on the size of the key. .. cpp:class:: SymmetricAlgorithm - .. cpp:function:: void set_key(const byte* key, size_t length) + .. cpp:function:: void set_key(const uint8_t* key, size_t length) .. cpp:function:: void set_key(const SymmetricKey& key) @@ -58,54 +58,54 @@ When processing data larger than a single block, a block cipher mode should be u Returns the block size of the cipher in bytes. - .. cpp:function:: void encrypt_n(const byte* in, \ - byte* out, size_t n) const + .. cpp:function:: void encrypt_n(const uint8_t* in, \ + uint8_t* out, size_t n) const Encrypt *n* blocks of data, taking the input from the array *in* and placing the ciphertext into *out*. The two pointers may be identical, but should not overlap ranges. - .. cpp:function:: void encrypt(const byte* in, byte* out) const + .. cpp:function:: void encrypt(const uint8_t* in, uint8_t* out) const Encrypt a single block, taking the input from *in* and placing it in *out*. Acts like :cpp:func:`encrypt_n`\ (in, out, 1). - .. cpp:function:: void encrypt(const std::vector in, std::vector out) const + .. cpp:function:: void encrypt(const std::vector in, std::vector out) const Encrypt a single or multiple full blocks, taking the input from *in* and placing it in *out*. Acts like :cpp:func:`encrypt_n`\ (in.data(), out.data(), in.size()/ block_size()). - .. cpp:function:: void encrypt(std::vector inout) const + .. cpp:function:: void encrypt(std::vector inout) const Encrypt a single or multiple full blocks in place. Acts like :cpp:func:`encrypt_n`\ (inout.data(), inout.data(), inout.size()/ block_size()). - .. cpp:function:: void encrypt(byte* block) const + .. cpp:function:: void encrypt(uint8_t* block) const Identical to :cpp:func:`encrypt`\ (block, block) - .. cpp:function:: void decrypt_n(const byte* in, byte out, size_t n) const + .. cpp:function:: void decrypt_n(const uint8_t* in, uint8_t out, size_t n) const Decrypt *n* blocks of data, taking the input from *in* and placing the plaintext in *out*. The two pointers may be identical, but should not overlap ranges. - .. cpp:function:: void decrypt(const byte* in, byte* out) const + .. cpp:function:: void decrypt(const uint8_t* in, uint8_t* out) const Decrypt a single block, taking the input from *in* and placing it in *out*. Acts like :cpp:func:`decrypt_n`\ (in, out, 1). - .. cpp:function:: void decrypt(const std::vector in, std::vector out) const + .. cpp:function:: void decrypt(const std::vector in, std::vector out) const Decrypt a single or multiple full blocks, taking the input from *in* and placing it in *out*. Acts like :cpp:func:`decrypt_n`\ (in.data(), out.data(), in.size()/ block_size()). - .. cpp:function:: void decrypt(std::vector inout) const + .. cpp:function:: void decrypt(std::vector inout) const Decrypt a single or multiple full blocks in place. Acts like :cpp:func:`decrypt_n`\ (inout.data(), inout.data(), inout.size()/ block_size()). - .. cpp:function:: void decrypt(byte* block) const + .. cpp:function:: void decrypt(uint8_t* block) const Identical to :cpp:func:`decrypt`\ (block, block) @@ -118,24 +118,26 @@ When processing data larger than a single block, a block cipher mode should be u The following block ciphers are implemented in Botan: #. AES (AES-128, AES-192, AES-256) -#. Serpent -#. Twofish -#. Threefish-512 +#. ARIA #. Blowfish +#. CAST (CAST-128, CAST-256) #. Camellia (Camellia-128, Camellia-192, Camellia-256) -#. DES -#. 3DES +#. Cascade +#. DES/3DES #. DESX -#. Noekeon -#. CAST (CAST-128, CAST-256) +#. GOST-28147-89 #. IDEA #. Kasumi +#. Lion #. MISTY1 +#. Noekeon #. SEED +#. SHACAL2 +#. SM4 +#. Serpent +#. Threefish-512 +#. Twofish #. XTEA -#. GOST-28147-89 -#. Cascade -#. Lion Code Example """"""""""""""" @@ -195,19 +197,19 @@ are derived from the base class :cpp:class:`Cipher_Mode`, which is declared in ` .. cpp:class:: Cipher_Mode .. cpp:function:: void set_key(const SymmetricKey& key) - .. cpp:function:: void set_key(const byte* key, size_t length) + .. cpp:function:: void set_key(const uint8_t* key, size_t length) Set the symmetric key to be used. - .. cpp:function:: void start_msg(const byte* nonce, size_t nonce_len) + .. cpp:function:: void start_msg(const uint8_t* nonce, size_t nonce_len) Set the IV (unique per-message nonce) of the mode of operation and prepare for message processing. - .. cpp:function:: void start(const std::vector nonce) + .. cpp:function:: void start(const std::vector nonce) Acts like :cpp:func:`start_msg`\ (nonce.data(), nonce.size()). - .. cpp:function:: void start(const byte* nonce, size_t nonce_len) + .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) Acts like :cpp:func:`start_msg`\ (nonce, nonce_len). @@ -216,11 +218,11 @@ are derived from the base class :cpp:class:`Cipher_Mode`, which is declared in ` The :cpp:class:`Cipher_Mode` interface requires message processing in multiples of the block size. Returns size of required blocks to update and 1, if the mode can process messages of any length. - .. cpp:function:: virtual size_t process(byte* msg, size_t msg_len) + .. cpp:function:: virtual size_t process(uint8_t* msg, size_t msg_len) Process msg in place and returns bytes written. msg must be a multiple of :cpp:func:`update_granularity`. - .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) + .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) Continue processing a message in the buffer in place. The passed buffer's size must be a multiple of :cpp:func:`update_granularity`. The first *offset* bytes of the buffer will be ignored. @@ -229,7 +231,7 @@ are derived from the base class :cpp:class:`Cipher_Mode`, which is declared in ` Returns the minimum size needed for :cpp:func:`finish`. - .. cpp:function:: void finish(secure_vector& final_block, size_t offset = 0) + .. cpp:function:: void finish(secure_vector& final_block, size_t offset = 0) Finalize the message processing with a final block of at least :cpp:func:`minimum_final_size` size. The first *offset* bytes of the passed final block will be ignored. @@ -297,7 +299,7 @@ support a 128-bit block cipher such as AES. EAX and OCB also support Return the key length specification - .. cpp:function:: void set_associated_data(const byte ad[], size_t ad_len) + .. cpp:function:: void set_associated_data(const uint8_t ad[], size_t ad_len) Set any associated data for this message. For maximum portability between different modes, this must be called after :cpp:func:`set_key` and before @@ -307,12 +309,12 @@ support a 128-bit block cipher such as AES. EAX and OCB also support function more than once, even across multiple calls to :cpp:func:`start` and :cpp:func:`finish`. - .. cpp:function:: void start(const byte nonce[], size_t nonce_len) + .. cpp:function:: void start(const uint8_t nonce[], size_t nonce_len) Start processing a message, using *nonce* as the unique per-message value. - .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) + .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) Continue processing a message. The *buffer* is an in/out parameter and may be resized. In particular, some modes require that all input be @@ -326,7 +328,7 @@ support a 128-bit block cipher such as AES. EAX and OCB also support The first *offset* bytes of *buffer* will be ignored (this allows in place processing of a buffer that contains an initial plaintext header) - .. cpp:function:: void finish(secure_vector& buffer, size_t offset = 0) + .. cpp:function:: void finish(secure_vector& buffer, size_t offset = 0) Complete processing a message with a final input of *buffer*, which is treated the same as with :cpp:func:`update`. It must contain at least @@ -384,27 +386,27 @@ stream ciphers require a fresh initialisation vector. This function returns true if and only if *length* is a valid IV length for the stream cipher. - .. cpp:function:: void set_iv(const byte*, size_t len) + .. cpp:function:: void set_iv(const uint8_t*, size_t len) Load IV into the stream cipher state. This should happen after the key is set and before any operation (encrypt/decrypt/seek) is called. - .. cpp:function:: void seek(u64bit offset) + .. cpp:function:: void seek(uint64_t offset) Sets the state of the stream cipher and keystream according to the passed *offset*. Therefore the key and the IV (if required) have to be set beforehand. - .. cpp:function:: void cipher(const byte* in, byte* out, size_t n) + .. cpp:function:: void cipher(const uint8_t* in, uint8_t* out, size_t n) Processes *n* bytes plain/ciphertext from *in* and writes the result to *out*. - .. cpp:function:: void cipher1(byte* inout, size_t n) + .. cpp:function:: void cipher1(uint8_t* inout, size_t n) Processes *n* bytes plain/ciphertext in place. Acts like :cpp:func:`cipher`\ (inout, inout, n). - .. cpp:function:: void encipher(std::vector inout) - .. cpp:function:: void encrypt(std::vector inout) - .. cpp:function:: void decrypt(std::vector inout) + .. cpp:function:: void encipher(std::vector inout) + .. cpp:function:: void encrypt(std::vector inout) + .. cpp:function:: void decrypt(std::vector inout) Processes plain/ciphertext *inout* in place. Acts like :cpp:func:`cipher`\ (inout.data(), inout.data(), inout.size()). @@ -483,33 +485,33 @@ The Botan MAC computation is split into five stages. .. cpp:class:: MessageAuthenticationCode - .. cpp:function:: void set_key(const byte* key, size_t length) + .. cpp:function:: void set_key(const uint8_t* key, size_t length) Set the shared MAC key for the calculation. This function has to be called before the data is processed. - .. cpp:function:: void start(const byte* nonce, size_t nonce_len) + .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) Set the IV for the MAC calculation. Note that not all MAC algorithms require an IV. If an IV is required, the function has to be called before the data is processed. - .. cpp:function:: void update(const byte* input, size_t length) - .. cpp:function:: void update(const secure_vector& in) + .. cpp:function:: void update(const uint8_t* input, size_t length) + .. cpp:function:: void update(const secure_vector& in) Process the passed data. - .. cpp:function:: void update(byte in) + .. cpp:function:: void update(uint8_t in) Process a single byte. - .. cpp:function:: void final(byte* out) + .. cpp:function:: void final(uint8_t* out) Complete the MAC computation and write the calculated tag to the passed byte array. - .. cpp:function:: secure_vector final() + .. cpp:function:: secure_vector final() Complete the MAC computation and return the calculated tag. - .. cpp:function:: bool verify_mac(const byte* mac, size_t length) + .. cpp:function:: bool verify_mac(const uint8_t* mac, size_t length) Finalize the current MAC computation and compare the result to the passed ``mac``. Returns ``true``, if the verification is successfull and false otherwise. diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index aa075141d1..32f6c5fb24 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -36,7 +36,7 @@ Starting in 1.11.31, the application callbacks are encapsulated as the class mandatory for using TLS, all others are optional and provide additional information about the connection. - .. cpp:function:: void tls_emit_data(const byte data[], size_t data_len) + .. cpp:function:: void tls_emit_data(const uint8_t data[], size_t data_len) Mandatory. The TLS stack requests that all bytes of *data* be queued up to send to the counterparty. After this function returns, the buffer containing *data* will @@ -50,7 +50,7 @@ information about the connection. For TLS all writes must occur *in the order requested*. For DTLS this ordering is not strictly required, but is still recommended. - .. cpp:function:: void tls_record_received(uint64_t rec_no, const byte data[], size_t data_len) + .. cpp:function:: void tls_record_received(uint64_t rec_no, const uint8_t data[], size_t data_len) Mandatory. Called once for each application_data record which is received, with the matching (TLS level) record sequence number. @@ -165,8 +165,8 @@ available: .. cpp:class:: TLS::Channel - .. cpp:function:: size_t received_data(const byte buf[], size_t buf_size) - .. cpp:function:: size_t received_data(const std::vector& buf) + .. cpp:function:: size_t received_data(const uint8_t buf[], size_t buf_size) + .. cpp:function:: size_t received_data(const std::vector& buf) This function is used to provide data sent by the counterparty (eg data that you read off the socket layer). Depending on the @@ -179,9 +179,9 @@ available: the data fell exactly on a message boundary, in which case it will return 0 instead. - .. cpp:function:: void send(const byte buf[], size_t buf_size) + .. cpp:function:: void send(const uint8_t buf[], size_t buf_size) .. cpp:function:: void send(const std::string& str) - .. cpp:function:: void send(const std::vector& vec) + .. cpp:function:: void send(const std::vector& vec) Create one or more new TLS application records containing the provided data and send them. This will eventually result in at @@ -650,7 +650,7 @@ information about that session: Returns ``true`` if the connection was negotiated with the correct extensions to prevent the renegotiation attack. - .. cpp:function:: std::vector encrypt(const SymmetricKey& key, \ + .. cpp:function:: std::vector encrypt(const SymmetricKey& key, \ RandomNumberGenerator& rng) Encrypts a session using a symmetric key *key* and returns a raw @@ -660,14 +660,14 @@ information about that session: Currently the implementation encrypts the session using AES-256 in GCM mode with a random nonce. - .. cpp:function:: static Session decrypt(const byte ciphertext[], \ + .. cpp:function:: static Session decrypt(const uint8_t ciphertext[], \ size_t length, \ const SymmetricKey& key) Decrypts a session that was encrypted previously with ``encrypt`` and ``key``, or throws an exception if decryption fails. - .. cpp:function:: secure_vector DER_encode() const + .. cpp:function:: secure_vector DER_encode() const Returns a serialized version of the session. @@ -693,12 +693,12 @@ implementation to the ``TLS::Client`` or ``TLS::Server`` constructor. ID will replicate a session ID already stored, in which case the new session information should overwrite the previous information. - .. cpp:function:: void remove_entry(const std::vector& session_id) + .. cpp:function:: void remove_entry(const std::vector& session_id) Remove the session identified by *session_id*. Future attempts at resumption should fail for this session. - .. cpp:function:: bool load_from_session_id(const std::vector& session_id, \ + .. cpp:function:: bool load_from_session_id(const std::vector& session_id, \ Session& session) Attempt to resume a session identified by *session_id*. If @@ -923,7 +923,7 @@ policy settings from a file. Default: false - .. cpp:function:: std::vector compression() const + .. cpp:function:: std::vector compression() const Return the list of compression methods we are willing to use, in order of preference. Default is null compression only. @@ -1073,7 +1073,7 @@ TLS Ciphersuites .. cpp:class:: TLS::Ciphersuite - .. cpp:function:: u16bit ciphersuite_code() const + .. cpp:function:: uint16_t ciphersuite_code() const Return the numerical code for this ciphersuite @@ -1141,11 +1141,11 @@ The ``TLS::Protocol_Version`` class represents a specific version: Create a specific version - .. cpp:function:: byte major_version() const + .. cpp:function:: uint8_t major_version() const Returns major number of the protocol version - .. cpp:function:: byte minor_version() const + .. cpp:function:: uint8_t minor_version() const Returns minor number of the protocol version diff --git a/doc/manual/versions.rst b/doc/manual/versions.rst index 14a7dfec59..60fe58e9da 100644 --- a/doc/manual/versions.rst +++ b/doc/manual/versions.rst @@ -57,19 +57,19 @@ version checks, are included in `botan/version.h` Returns a single-line string containing relevant information about this build and version of the library in an unspecified format. -.. cpp:function:: u32bit version_major() +.. cpp:function:: uint32_t version_major() Returns the major part of the version. -.. cpp:function:: u32bit version_minor() +.. cpp:function:: uint32_t version_minor() Returns the minor part of the version. -.. cpp:function:: u32bit version_patch() +.. cpp:function:: uint32_t version_patch() Returns the patch part of the version. -.. cpp:function:: u32bit version_datestamp() +.. cpp:function:: uint32_t version_datestamp() Return the datestamp of the release (or 0 if the current version is not an official release). diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index 1fb6d90f5c..d82dbccf27 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -172,7 +172,7 @@ functions are provided to search them. criticality flag. Only contains the supported extension types listed above. - .. cpp:function:: std::map, bool>> extensions_raw() const + .. cpp:function:: std::map, bool>> extensions_raw() const Returns the list of extensions as raw, encoded bytes together with the corresponding criticality flag. @@ -246,7 +246,7 @@ The certificate lookup methods are ``find_cert`` (by Subject Distinguished Name and optional Subject Key Identifier) and ``find_cert_by_pubkey_sha1`` (by SHA-1 hash of the certificate's public key). The Subject Distinguished Name is given as a ``X509_DN``, -while the SKID parameter takes a ``std::vector`` containing +while the SKID parameter takes a ``std::vector`` containing the subject key identifier in raw binary. Both lookup methods are mandatory to implement. @@ -545,7 +545,7 @@ The ``CRL_Entry`` type is a structure that contains, at a minimum, the serial number of the revoked certificate. As serial numbers are never repeated, the pairing of an issuer and a serial number (should) distinctly identify any certificate. In this case, we represent the serial number as a -``secure_vector`` called ``serial``. There are two additional (optional) +``secure_vector`` called ``serial``. There are two additional (optional) values, an enumeration called ``CRL_Code`` that specifies the reason for revocation (``reason``), and an object that represents the time that the certificate became invalid (if this information is known). @@ -696,7 +696,7 @@ the subject's issuing certificate. Variant of the above, using serial number from ``subject_cert``. - .. cpp:function:: std::vector BER_encode() const + .. cpp:function:: std::vector BER_encode() const Encode the current OCSP request as a binary string. @@ -767,7 +767,7 @@ for certificate status information. This field is optional in OCSP responses, and may not be set. - .. cpp:function:: const std::vector& raw_bits() const + .. cpp:function:: const std::vector& raw_bits() const Return the entire raw ASN.1 blob (for debugging or specialized decoding needs) From 3c027f1f455e6201173c1e207970b27db52d4ef7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 11:39:44 -0500 Subject: [PATCH 0180/1008] Remove SIMD perf test from speed As written it is very bogus and produces wildly incorrect results. --- src/cli/speed.cpp | 116 ---------------------------------------------- 1 file changed, 116 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index eb8eeb00fe..0c15b74d57 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -28,12 +28,6 @@ #include #include -//#define INCLUDE_SIMD_PERF - -#if defined(BOTAN_HAS_SIMD_32) && defined(INCLUDE_SIMD_PERF) - #include -#endif - #if defined(BOTAN_HAS_AUTO_SEEDING_RNG) #include #endif @@ -855,19 +849,6 @@ class Speed final : public Command #endif } -#if defined(BOTAN_HAS_SIMD_32) && defined(INCLUDE_SIMD_PERF) - else if(algo == "simd") - { - if(Botan::CPUID::has_simd_32()) - { - bench_simd32(msec); - } - else - { - error_output() << "Skipping simd perf test, CPUID indicates SIMD not supported"; - } - } -#endif else if(algo == "entropy") { bench_entropy_sources(msec); @@ -1106,103 +1087,6 @@ class Speed final : public Command } } -#if defined(BOTAN_HAS_SIMD_32) && defined(INCLUDE_SIMD_PERF) - void bench_simd32(const std::chrono::milliseconds msec) - { - const size_t SIMD_par = 32; - static_assert(SIMD_par % 4 == 0, "SIMD input is multiple of 4"); - - Botan::SIMD_4x32 simd[SIMD_par]; - - Timer total_time(""); - - Timer load_le_op("SIMD_4x32", SIMD_par, "load_le"); - Timer load_be_op("SIMD_4x32", SIMD_par, "load_be"); - Timer add_op("SIMD_4x32", SIMD_par, "add"); - Timer sub_op("SIMD_4x32", SIMD_par, "sub"); - Timer xor_op("SIMD_4x32", SIMD_par, "xor"); - Timer bswap_op("SIMD_4x32", SIMD_par, "bswap"); - Timer transpose_op("SIMD_4x32", SIMD_par / 4, "transpose4"); - - std::chrono::milliseconds msec_part = msec / 5; - - uint8_t rnd[16 + SIMD_par]; - rng().randomize(rnd, sizeof(rnd)); - - while(total_time.under(msec)) - { - total_time.start(); - - load_le_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; ++i) - { - // Test that unaligned loads work ok - simd[i].load_le(rnd + i); - } - }); - - load_be_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; ++i) - { - simd[i].load_be(rnd + i); - } - }); - - add_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; ++i) - { - simd[i] += simd[(i + 8) % SIMD_par]; - } - }); - - xor_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; ++i) - { - simd[i] ^= simd[(i + 8) % SIMD_par]; - } - }); - - transpose_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; i += 4) - { - Botan::SIMD_4x32::transpose(simd[i], simd[i + 1], simd[i + 2], simd[i + 3]); - } - }); - - sub_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; ++i) - { - simd[i] -= simd[(i + 8) % SIMD_par]; - } - }); - - bswap_op.run([&]() - { - for(size_t i = 0; i != SIMD_par; ++i) - { - simd[i] = simd[i].bswap(); - } - }); - - total_time.stop(); - } - - record_result(add_op); - record_result(sub_op); - record_result(xor_op); - record_result(bswap_op); - record_result(load_le_op); - record_result(load_be_op); - record_result(transpose_op); - } -#endif - void bench_entropy_sources(const std::chrono::milliseconds) { Botan::Entropy_Sources& srcs = Botan::Entropy_Sources::global_sources(); From 0bc3991616917745cbd78df2bf03f5c7b9c5e8ca Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 12:59:31 -0500 Subject: [PATCH 0181/1008] Update the roadmap --- doc/roadmap.rst | 98 +++++++++++++++++++++++++++++-------------------- 1 file changed, 59 insertions(+), 39 deletions(-) diff --git a/doc/roadmap.rst b/doc/roadmap.rst index deb0069523..f5bb392531 100644 --- a/doc/roadmap.rst +++ b/doc/roadmap.rst @@ -5,26 +5,68 @@ Botan Development Roadmap Near Term Plans ---------------------------------------- -Here are the development plans for the next 12-18 months, as of January 2017. +Here is an outline for the development plans over the next 12-18 months, as of +November 2017. TLS Hardening/Testing ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Improve testing of TLS: leverage TLS-Attacker better, for example using custom -workflows. Add tests using BoringSSL's hacked Go TLS stack. +Leverage TLS-Attacker better, for example using custom workflows. Add tests +using BoringSSL's hacked Go TLS stack. Add interop testing with OpenSSL as part +of CI. Improve fuzzer coverage. -X509_Certificate Refactor +Expose TLS to C89 and Python +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Exposing TLS to C would allow for many new applications to make use of Botan. + +Interface to PSK and SRP databases +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Adding support for databases storing encrypted PSKs and SRP credentials. + +ECC Refactoring +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Refactoring how elliptic curve groups are stored, sharing representation and +allowing better precomputations (eg precomputing base point multiples). + +Performance Improvements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The eventual goal would be performance parity with OpenSSL, but initial +target is probably more like "no worse than 30% slower for any algorithm". + +Elliptic Curve Pairings +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +These are useful in many interesting protocols. Initially BN curves are the main +target (particularly BN-256 for compatability with Go's bn256 module) but likely +we'll also want BLS curves. + +TLS 1.3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The certificate classes use a type called Data_Store which ends up shoving -everything (DN values, extension info, etc) into a single std::multimap. -This was a bad design. Instead the certificate type should contain X509_DN -objects for the subject and issuer, an int value for the format version, and so on. -The Data_Store type should be removed entirely. +The RFC process seems to be approaching consensus so hopefully there will be a +final spec soon. The handshake differences are quite substantial, it's an open +question how to implement that without overly complicating the existing TLS +v1.0-v1.2 handshake code. There will also be some API extensions required to +support 0-RTT data. + +Initial work is focused on features which are included in TLS v1.3 but also +available for TLS v1.2 (such as PSS signatures and FFDHE) as well as +refactorings which will make the eventual implementation of v1.3 simpler. +Assuming no source of dedicated funding appears, a full v1.3 implementation will +likely not available until late in 2018. ASN.1 Redesign ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. note:: + + This project has been deferred to 3.x as constexpr will likely make it + much easier to implement. + The current ASN.1 library (DER_Encoder/BER_Decoder) does make it roughly possible to write C++ code matching the ASN.1 structures. But it is not flexible enough for all cases and makes many unnecessary @@ -44,38 +86,16 @@ copies. It will probably be easier to be consistently allocation free in machine generated code, so the two goals of the redesign seem to reinforce each other. -Expose TLS to C89 and Python -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Exposing TLS to C would allow for many new applications to make use of Botan. - -Interface to PSK and SRP databases -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Adding support for databases storing encrypted PSKs and SRP credentials. - -TLS 1.3 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The RFC process seems to be approaching consensus so hopefully there will be a -final spec soon. - -The handshake differences are quite substantial, it's an open question how to -implement that without overly complicating the existing TLS v1.0-v1.2 handshake -code. There will also be some API extensions required to support 0-RTT data. - -This is a major project, and probably will not start until late in 2017. - Longer View (Future Major Release) ---------------------------------------- -Eventually (target is early 2019), Botan 3.x will be released. This -schedule allows some substantial time with Botan 2.x and 3.x supported -simultaneously, to allow for application switch over. +Eventually (currently estimated for summer 2019), Botan 3.x will be +released. This schedule allows some substantial time with Botan 2.x and 3.x +supported simultaneously, to allow for application switch over. -This version will adopt C++17 and use new std types such as -string_view, optional, and any, along with adopting memory span and -guarded integer types. Likely C++17 constexpr will also be leveraged. +This version will adopt C++17 and use new std types such as string_view, +optional, and any, along with adopting memory span and guarded integer +types. Likely C++17 constexpr will also be leveraged. -In this future 3.x release, all deprecated features/APIs of 2.x will -be removed. +In this future 3.x release, all deprecated features/APIs of 2.x will be removed. +However outside of that, breaking API changes should be relatively minimal. From be4415ebb69a4232605d71f2a6b7df2d1cb114ee Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 16:49:29 -0500 Subject: [PATCH 0182/1008] Increase the size of an ASN.1 tag enum to 32-bits Fixes GH #751 --- src/lib/asn1/asn1_obj.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 95b84c5c14..da065ff6d5 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -19,7 +19,7 @@ class DER_Encoder; /** * ASN.1 Type and Class Tags */ -enum ASN1_Tag { +enum ASN1_Tag : uint32_t { UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, From e2217197ac766d11a28ee1389e414ca8bbb0b294 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 11:29:06 -0500 Subject: [PATCH 0183/1008] Encapsulate ASN1 printer logic in a class --- src/cli/asn1.cpp | 296 ++++++++++++++++++++++++++--------------------- 1 file changed, 163 insertions(+), 133 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 08c2562ba5..13bcb94a9f 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -16,90 +16,15 @@ #include #include #include -#include #include #include -#include +#include namespace Botan_CLI { namespace { -std::string url_encode(const std::vector& in) - { - std::ostringstream out; - - size_t unprintable = 0; - - for(size_t i = 0; i != in.size(); ++i) - { - const int c = in[i]; - if(::isprint(c)) - { - out << static_cast(c); - } - else - { - out << "%" << std::hex << static_cast(c) << std::dec; - ++unprintable; - } - } - - if(unprintable >= in.size() / 4) - { - return Botan::hex_encode(in); - } - - return out.str(); - } - -void emit(std::ostream& out, - const std::string& type, - size_t level, size_t length, - const std::string& value = "") - { - // TODO make these configurable - const size_t LIMIT = 4 * 1024; - const size_t BIN_LIMIT = 1024; - - std::streampos starting_pos = out.tellp(); - - out << " d=" << std::setw(2) << level - << ", l=" << std::setw(4) << length << ": "; - - for(size_t i = 0; i != level; ++i) - { - out << ' '; - } - - out << type; - - bool should_skip = false; - - if(value.length() > LIMIT) - { - should_skip = true; - } - - if((type == "OCTET STRING" || type == "BIT STRING") && value.length() > BIN_LIMIT) - { - should_skip = true; - } - - if(value != "" && !should_skip) - { - while(out.tellp() - starting_pos < 50) - { - out << ' '; - } - - out << value; - } - - out << "\n"; - } - std::string type_name(Botan::ASN1_Tag type) { switch(type) @@ -157,9 +82,139 @@ std::string type_name(Botan::ASN1_Tag type) } } -void decode(std::ostream& output, - Botan::BER_Decoder& decoder, - size_t level) +class ASN1_Pretty_Printer + { + public: + ASN1_Pretty_Printer(size_t print_limit = 256, + size_t print_binary_limit = 256, + bool print_context_specific = true, + size_t initial_level = 0, + size_t value_column = 50) : + m_print_limit(print_limit), + m_print_binary_limit(print_binary_limit), + m_initial_level(initial_level), + m_value_column(value_column), + m_print_context_specific(print_context_specific) + {} + + void print_to_stream(std::ostream& out, + const uint8_t in[], + size_t len) const; + + std::string print(const uint8_t in[], size_t len) const; + + template + std::string print(const std::vector& vec) const + { + return print(vec.data(), vec.size()); + } + + private: + void emit(std::ostream& out, + const std::string& type, + size_t level, size_t length, + const std::string& value = "") const; + + void decode(std::ostream& output, + Botan::BER_Decoder& decoder, + size_t level) const; + + std::string format_binary(const std::vector& in) const; + + const size_t m_print_limit; + const size_t m_print_binary_limit; + const size_t m_initial_level; + const size_t m_value_column; + const bool m_print_context_specific; + }; + +std::string ASN1_Pretty_Printer::print(const uint8_t in[], size_t len) const + { + std::ostringstream out; + print_to_stream(out, in, len); + return out.str(); + } + +void ASN1_Pretty_Printer::print_to_stream(std::ostream& out, + const uint8_t in[], + size_t len) const + { + Botan::BER_Decoder dec(in, len); + this->decode(out, dec, m_initial_level); + } + +std::string ASN1_Pretty_Printer::format_binary(const std::vector& in) const + { + std::ostringstream out; + + size_t unprintable = 0; + + for(size_t i = 0; i != in.size(); ++i) + { + const int c = in[i]; + if(std::isalnum(c)) + { + out << static_cast(c); + } + else + { + out << "%" << std::hex << static_cast(c) << std::dec; + ++unprintable; + if(unprintable >= in.size() / 4) + { + return Botan::hex_encode(in); + } + } + } + + return out.str(); + } + +void ASN1_Pretty_Printer::emit(std::ostream& out, + const std::string& type, + size_t level, size_t length, + const std::string& value) const + { + std::streampos starting_pos = out.tellp(); + + out << " d=" << std::setw(2) << level + << ", l=" << std::setw(4) << length << ": "; + + for(size_t i = 0; i != level; ++i) + { + out << ' '; + } + + out << type; + + bool should_skip = false; + + if(value.length() > m_print_limit) + { + should_skip = true; + } + + if((type == "OCTET STRING" || type == "BIT STRING") && value.length() > m_print_binary_limit) + { + should_skip = true; + } + + if(value != "" && !should_skip) + { + while(static_cast(out.tellp() - starting_pos) < m_value_column) + { + out << ' '; + } + + out << value; + } + + out << "\n"; + } + +void ASN1_Pretty_Printer::decode(std::ostream& output, + Botan::BER_Decoder& decoder, + size_t level) const { Botan::BER_Object obj = decoder.get_next_object(); @@ -218,22 +273,25 @@ void decode(std::ostream& output, } else if((class_tag & Botan::APPLICATION) || (class_tag & Botan::CONTEXT_SPECIFIC)) { -#if 0 - std::vector bits; - data.decode(out, bits, type_tag); - - try + if(m_print_context_specific) { - Botan::BER_Decoder inner(bits); - decode(output, inner, level + 1); // recurse + std::vector bits; + data.decode(bits, type_tag); + + try + { + Botan::BER_Decoder inner(bits); + decode(output, inner, level + 1); // recurse + } + catch(...) + { + emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); + } } - catch(...) + else { - emit(output, "[" + std::to_string(type_tag) + "]", level, length, url_encode(bits)); + emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); } -#else - emit(output, "[" + std::to_string(type_tag) + "]", level, length, url_encode(bits)); -#endif } else if(type_tag == Botan::OBJECT_ID) { @@ -241,7 +299,11 @@ void decode(std::ostream& output, data.decode(oid); std::string out = Botan::OIDS::lookup(oid); - if(out != oid.as_string()) + if(out.empty()) + { + out = oid.as_string(); + } + else { out += " [" + oid.as_string() + "]"; } @@ -291,7 +353,7 @@ void decode(std::ostream& output, { emit(output, type_name(type_tag), level, length); } - else if(type_tag == Botan::OCTET_STRING) + else if(type_tag == Botan::OCTET_STRING || type_tag == Botan::BIT_STRING) { std::vector decoded_bits; data.decode(decoded_bits, type_tag); @@ -303,39 +365,9 @@ void decode(std::ostream& output, } catch(...) { - emit(output, type_name(type_tag), level, length, url_encode(decoded_bits)); + emit(output, type_name(type_tag), level, length, format_binary(decoded_bits)); } } - else if(type_tag == Botan::BIT_STRING) - { - std::vector decoded_bits; - data.decode(decoded_bits, type_tag); - - std::vector bit_set; - - for(size_t i = 0; i != decoded_bits.size(); ++i) - { - for(size_t j = 0; j != 8; ++j) - { - const bool bit = static_cast((decoded_bits[decoded_bits.size() - i - 1] >> (7 - j)) & 1); - bit_set.push_back(bit); - } - } - - std::string bit_str; - for(size_t i = 0; i != bit_set.size(); ++i) - { - bool the_bit = bit_set[bit_set.size() - i - 1]; - - if(!the_bit && bit_str.size() == 0) - { - continue; - } - bit_str += (the_bit ? "1" : "0"); - } - - emit(output, type_name(type_tag), level, length, bit_str); - } else if(Botan::ASN1_String::is_string_type(type_tag)) { Botan::ASN1_String str; @@ -358,14 +390,6 @@ void decode(std::ostream& output, } } -std::string format_asn1(const uint8_t in[], size_t len) - { - std::ostringstream out; - Botan::BER_Decoder dec(in, len); - decode(out, dec, 0); - return out.str(); - } - } class ASN1_Printer final : public Command @@ -389,7 +413,13 @@ class ASN1_Printer final : public Command contents = slurp_file(input); } - output() << format_asn1(contents.data(), contents.size()); + // TODO make these configurable + const size_t LIMIT = 4 * 1024; + const size_t BIN_LIMIT = 1024; + const bool PRINT_CONTEXT_SPECIFIC = true; + + ASN1_Pretty_Printer printer(LIMIT, BIN_LIMIT, PRINT_CONTEXT_SPECIFIC); + output() << printer.print(contents); } }; From a94a462f6ddab82bae2e42ca19aa9d7e5780a5b0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 16:08:57 -0500 Subject: [PATCH 0184/1008] Move ASN1 printer to the library --- src/cli/asn1.cpp | 385 +----------------------------------- src/lib/asn1/asn1_obj.cpp | 57 ++++++ src/lib/asn1/asn1_obj.h | 2 + src/lib/asn1/asn1_print.cpp | 279 ++++++++++++++++++++++++++ src/lib/asn1/asn1_print.h | 77 ++++++++ 5 files changed, 418 insertions(+), 382 deletions(-) create mode 100644 src/lib/asn1/asn1_print.cpp create mode 100644 src/lib/asn1/asn1_print.h diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 13bcb94a9f..6460d55876 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -8,390 +8,11 @@ #if defined(BOTAN_HAS_ASN1) && defined(BOTAN_HAS_PEM_CODEC) -#include -#include -#include -#include -#include -#include -#include #include - -#include -#include -#include +#include namespace Botan_CLI { -namespace { - -std::string type_name(Botan::ASN1_Tag type) - { - switch(type) - { - case Botan::PRINTABLE_STRING: - return "PRINTABLE STRING"; - - case Botan::NUMERIC_STRING: - return "NUMERIC STRING"; - - case Botan::IA5_STRING: - return "IA5 STRING"; - - case Botan::T61_STRING: - return "T61 STRING"; - - case Botan::UTF8_STRING: - return "UTF8 STRING"; - - case Botan::VISIBLE_STRING: - return "VISIBLE STRING"; - - case Botan::BMP_STRING: - return "BMP STRING"; - - case Botan::UTC_TIME: - return "UTC TIME"; - - case Botan::GENERALIZED_TIME: - return "GENERALIZED TIME"; - - case Botan::OCTET_STRING: - return "OCTET STRING"; - - case Botan::BIT_STRING: - return "BIT STRING"; - - case Botan::ENUMERATED: - return "ENUMERATED"; - - case Botan::INTEGER: - return "INTEGER"; - - case Botan::NULL_TAG: - return "NULL"; - - case Botan::OBJECT_ID: - return "OBJECT"; - - case Botan::BOOLEAN: - return "BOOLEAN"; - - default: - return "TAG(" + std::to_string(static_cast(type)) + ")"; - } - } - -class ASN1_Pretty_Printer - { - public: - ASN1_Pretty_Printer(size_t print_limit = 256, - size_t print_binary_limit = 256, - bool print_context_specific = true, - size_t initial_level = 0, - size_t value_column = 50) : - m_print_limit(print_limit), - m_print_binary_limit(print_binary_limit), - m_initial_level(initial_level), - m_value_column(value_column), - m_print_context_specific(print_context_specific) - {} - - void print_to_stream(std::ostream& out, - const uint8_t in[], - size_t len) const; - - std::string print(const uint8_t in[], size_t len) const; - - template - std::string print(const std::vector& vec) const - { - return print(vec.data(), vec.size()); - } - - private: - void emit(std::ostream& out, - const std::string& type, - size_t level, size_t length, - const std::string& value = "") const; - - void decode(std::ostream& output, - Botan::BER_Decoder& decoder, - size_t level) const; - - std::string format_binary(const std::vector& in) const; - - const size_t m_print_limit; - const size_t m_print_binary_limit; - const size_t m_initial_level; - const size_t m_value_column; - const bool m_print_context_specific; - }; - -std::string ASN1_Pretty_Printer::print(const uint8_t in[], size_t len) const - { - std::ostringstream out; - print_to_stream(out, in, len); - return out.str(); - } - -void ASN1_Pretty_Printer::print_to_stream(std::ostream& out, - const uint8_t in[], - size_t len) const - { - Botan::BER_Decoder dec(in, len); - this->decode(out, dec, m_initial_level); - } - -std::string ASN1_Pretty_Printer::format_binary(const std::vector& in) const - { - std::ostringstream out; - - size_t unprintable = 0; - - for(size_t i = 0; i != in.size(); ++i) - { - const int c = in[i]; - if(std::isalnum(c)) - { - out << static_cast(c); - } - else - { - out << "%" << std::hex << static_cast(c) << std::dec; - ++unprintable; - if(unprintable >= in.size() / 4) - { - return Botan::hex_encode(in); - } - } - } - - return out.str(); - } - -void ASN1_Pretty_Printer::emit(std::ostream& out, - const std::string& type, - size_t level, size_t length, - const std::string& value) const - { - std::streampos starting_pos = out.tellp(); - - out << " d=" << std::setw(2) << level - << ", l=" << std::setw(4) << length << ": "; - - for(size_t i = 0; i != level; ++i) - { - out << ' '; - } - - out << type; - - bool should_skip = false; - - if(value.length() > m_print_limit) - { - should_skip = true; - } - - if((type == "OCTET STRING" || type == "BIT STRING") && value.length() > m_print_binary_limit) - { - should_skip = true; - } - - if(value != "" && !should_skip) - { - while(static_cast(out.tellp() - starting_pos) < m_value_column) - { - out << ' '; - } - - out << value; - } - - out << "\n"; - } - -void ASN1_Pretty_Printer::decode(std::ostream& output, - Botan::BER_Decoder& decoder, - size_t level) const - { - Botan::BER_Object obj = decoder.get_next_object(); - - while(obj.type_tag != Botan::NO_OBJECT) - { - const Botan::ASN1_Tag type_tag = obj.type_tag; - const Botan::ASN1_Tag class_tag = obj.class_tag; - const size_t length = obj.value.size(); - - /* hack to insert the tag+length back in front of the stuff now - that we've gotten the type info */ - Botan::DER_Encoder encoder; - encoder.add_object(type_tag, class_tag, obj.value); - std::vector bits = encoder.get_contents_unlocked(); - - Botan::BER_Decoder data(bits); - - if(class_tag & Botan::CONSTRUCTED) - { - Botan::BER_Decoder cons_info(obj.value); - if(type_tag == Botan::SEQUENCE) - { - emit(output, "SEQUENCE", level, length); - decode(output, cons_info, level + 1); // recurse - } - else if(type_tag == Botan::SET) - { - emit(output, "SET", level, length); - decode(output, cons_info, level + 1); // recurse - } - else - { - std::string name; - - if((class_tag & Botan::APPLICATION) || (class_tag & Botan::CONTEXT_SPECIFIC)) - { - name = "cons [" + std::to_string(type_tag) + "]"; - - if(class_tag & Botan::APPLICATION) - { - name += " appl"; - } - if(class_tag & Botan::CONTEXT_SPECIFIC) - { - name += " context"; - } - } - else - { - name = type_name(type_tag) + " (cons)"; - } - - emit(output, name, level, length); - decode(output, cons_info, level + 1); // recurse - } - } - else if((class_tag & Botan::APPLICATION) || (class_tag & Botan::CONTEXT_SPECIFIC)) - { - if(m_print_context_specific) - { - std::vector bits; - data.decode(bits, type_tag); - - try - { - Botan::BER_Decoder inner(bits); - decode(output, inner, level + 1); // recurse - } - catch(...) - { - emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); - } - } - else - { - emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); - } - } - else if(type_tag == Botan::OBJECT_ID) - { - Botan::OID oid; - data.decode(oid); - - std::string out = Botan::OIDS::lookup(oid); - if(out.empty()) - { - out = oid.as_string(); - } - else - { - out += " [" + oid.as_string() + "]"; - } - - emit(output, type_name(type_tag), level, length, out); - } - else if(type_tag == Botan::INTEGER || type_tag == Botan::ENUMERATED) - { - Botan::BigInt number; - - if(type_tag == Botan::INTEGER) - { - data.decode(number); - } - else if(type_tag == Botan::ENUMERATED) - { - data.decode(number, Botan::ENUMERATED, class_tag); - } - - std::vector rep; - - /* If it's small, it's probably a number, not a hash */ - if(number.bits() <= 20) - { - rep = Botan::BigInt::encode(number, Botan::BigInt::Decimal); - } - else - { - rep = Botan::BigInt::encode(number, Botan::BigInt::Hexadecimal); - } - - std::string str; - for(size_t i = 0; i != rep.size(); ++i) - { - str += static_cast(rep[i]); - } - - emit(output, type_name(type_tag), level, length, str); - } - else if(type_tag == Botan::BOOLEAN) - { - bool boolean; - data.decode(boolean); - emit(output, type_name(type_tag), level, length, (boolean ? "true" : "false")); - } - else if(type_tag == Botan::NULL_TAG) - { - emit(output, type_name(type_tag), level, length); - } - else if(type_tag == Botan::OCTET_STRING || type_tag == Botan::BIT_STRING) - { - std::vector decoded_bits; - data.decode(decoded_bits, type_tag); - - try - { - Botan::BER_Decoder inner(decoded_bits); - decode(output, inner, level + 1); - } - catch(...) - { - emit(output, type_name(type_tag), level, length, format_binary(decoded_bits)); - } - } - else if(Botan::ASN1_String::is_string_type(type_tag)) - { - Botan::ASN1_String str; - data.decode(str); - emit(output, type_name(type_tag), level, length, str.value()); - } - else if(type_tag == Botan::UTC_TIME || type_tag == Botan::GENERALIZED_TIME) - { - Botan::X509_Time time; - data.decode(time); - emit(output, type_name(type_tag), level, length, time.readable_string()); - } - else - { - output << "Unknown ASN.1 tag class=" << static_cast(class_tag) - << " type=" << static_cast(type_tag) << "\n";; - } - - obj = decoder.get_next_object(); - } - } - -} - class ASN1_Printer final : public Command { public: @@ -418,8 +39,8 @@ class ASN1_Printer final : public Command const size_t BIN_LIMIT = 1024; const bool PRINT_CONTEXT_SPECIFIC = true; - ASN1_Pretty_Printer printer(LIMIT, BIN_LIMIT, PRINT_CONTEXT_SPECIFIC); - output() << printer.print(contents); + Botan::ASN1_Pretty_Printer printer(LIMIT, BIN_LIMIT, PRINT_CONTEXT_SPECIFIC); + printer.print_to_stream(output(), contents.data(), contents.size()); } }; diff --git a/src/lib/asn1/asn1_obj.cpp b/src/lib/asn1/asn1_obj.cpp index 2dc73738ce..1f93a4b8b9 100644 --- a/src/lib/asn1/asn1_obj.cpp +++ b/src/lib/asn1/asn1_obj.cpp @@ -12,6 +12,63 @@ namespace Botan { +std::string asn1_tag_to_string(ASN1_Tag type) + { + switch(type) + { + case Botan::PRINTABLE_STRING: + return "PRINTABLE STRING"; + + case Botan::NUMERIC_STRING: + return "NUMERIC STRING"; + + case Botan::IA5_STRING: + return "IA5 STRING"; + + case Botan::T61_STRING: + return "T61 STRING"; + + case Botan::UTF8_STRING: + return "UTF8 STRING"; + + case Botan::VISIBLE_STRING: + return "VISIBLE STRING"; + + case Botan::BMP_STRING: + return "BMP STRING"; + + case Botan::UTC_TIME: + return "UTC TIME"; + + case Botan::GENERALIZED_TIME: + return "GENERALIZED TIME"; + + case Botan::OCTET_STRING: + return "OCTET STRING"; + + case Botan::BIT_STRING: + return "BIT STRING"; + + case Botan::ENUMERATED: + return "ENUMERATED"; + + case Botan::INTEGER: + return "INTEGER"; + + case Botan::NULL_TAG: + return "NULL"; + + case Botan::OBJECT_ID: + return "OBJECT"; + + case Botan::BOOLEAN: + return "BOOLEAN"; + + default: + return "TAG(" + std::to_string(static_cast(type)) + ")"; + } + } + /* * BER Decoding Exceptions */ diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index da065ff6d5..a785a5807d 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -56,6 +56,8 @@ enum ASN1_Tag : uint32_t { DIRECTORY_STRING = 0xFF01 }; +std::string BOTAN_DLL asn1_tag_to_string(ASN1_Tag type); + /** * Basic ASN.1 Object Interface */ diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp new file mode 100644 index 0000000000..e314b5c995 --- /dev/null +++ b/src/lib/asn1/asn1_print.cpp @@ -0,0 +1,279 @@ +/* +* (C) 2014,2015,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace Botan { + +std::string ASN1_Pretty_Printer::print(const uint8_t in[], size_t len) const + { + std::ostringstream output; + print_to_stream(output, in, len); + return output.str(); + } + +void ASN1_Pretty_Printer::print_to_stream(std::ostream& output, + const uint8_t in[], + size_t len) const + { + BER_Decoder dec(in, len); + decode(output, dec, m_initial_level); + } + +std::string ASN1_Pretty_Printer::format_binary(const std::vector& in) const + { + std::ostringstream out; + + size_t unprintable = 0; + + for(size_t i = 0; i != in.size(); ++i) + { + const int c = in[i]; + if(std::isalnum(c)) + { + out << static_cast(c); + } + else + { + out << "%" << std::hex << static_cast(c) << std::dec; + ++unprintable; + if(unprintable >= in.size() / 4) + { + return hex_encode(in); + } + } + } + + return out.str(); + } + +void ASN1_Pretty_Printer::emit(std::ostream& output, + const std::string& type, + size_t level, size_t length, + const std::string& value) const + { + std::ostringstream oss; + + oss << " d=" << std::setw(2) << level + << ", l=" << std::setw(4) << length << ":" + << std::string(level + 1, ' ') << type; + + bool should_skip = false; + + if(value.length() > m_print_limit) + { + should_skip = true; + } + + if((type == "OCTET STRING" || type == "BIT STRING") && value.length() > m_print_binary_limit) + { + should_skip = true; + } + + const std::string s = oss.str(); + + output << s; + + if(value != "" && !should_skip) + { + const size_t spaces_to_align = + (s.size() >= m_value_column) ? 1 : (m_value_column - s.size()); + + output << std::string(spaces_to_align, ' ') << value; + } + + output << "\n"; + } + +void ASN1_Pretty_Printer::decode(std::ostream& output, + BER_Decoder& decoder, + size_t level) const + { + BER_Object obj = decoder.get_next_object(); + + while(obj.type_tag != NO_OBJECT) + { + const ASN1_Tag type_tag = obj.type_tag; + const ASN1_Tag class_tag = obj.class_tag; + const size_t length = obj.value.size(); + + /* hack to insert the tag+length back in front of the stuff now + that we've gotten the type info */ + DER_Encoder encoder; + encoder.add_object(type_tag, class_tag, obj.value); + std::vector bits = encoder.get_contents_unlocked(); + + BER_Decoder data(bits); + + if(class_tag & CONSTRUCTED) + { + BER_Decoder cons_info(obj.value); + if(type_tag == SEQUENCE) + { + emit(output, "SEQUENCE", level, length); + decode(output, cons_info, level + 1); // recurse + } + else if(type_tag == SET) + { + emit(output, "SET", level, length); + decode(output, cons_info, level + 1); // recurse + } + else + { + std::string name; + + if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC)) + { + name = "cons [" + std::to_string(type_tag) + "]"; + + if(class_tag & APPLICATION) + { + name += " appl"; + } + if(class_tag & CONTEXT_SPECIFIC) + { + name += " context"; + } + } + else + { + name = asn1_tag_to_string(type_tag) + " (cons)"; + } + + emit(output, name, level, length); + decode(output, cons_info, level + 1); // recurse + } + } + else if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC)) + { + if(m_print_context_specific) + { + std::vector bits; + data.decode(bits, type_tag); + + try + { + BER_Decoder inner(bits); + decode(output, inner, level + 1); // recurse + } + catch(...) + { + emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); + } + } + else + { + emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); + } + } + else if(type_tag == OBJECT_ID) + { + OID oid; + data.decode(oid); + + std::string out = OIDS::lookup(oid); + if(out.empty()) + { + out = oid.as_string(); + } + else + { + out += " [" + oid.as_string() + "]"; + } + + emit(output, asn1_tag_to_string(type_tag), level, length, out); + } + else if(type_tag == INTEGER || type_tag == ENUMERATED) + { + BigInt number; + + if(type_tag == INTEGER) + { + data.decode(number); + } + else if(type_tag == ENUMERATED) + { + data.decode(number, ENUMERATED, class_tag); + } + + std::vector rep; + + /* If it's small, it's probably a number, not a hash */ + if(number.bits() <= 20) + { + rep = BigInt::encode(number, BigInt::Decimal); + } + else + { + rep = BigInt::encode(number, BigInt::Hexadecimal); + } + + std::string str; + for(size_t i = 0; i != rep.size(); ++i) + { + str += static_cast(rep[i]); + } + + emit(output, asn1_tag_to_string(type_tag), level, length, str); + } + else if(type_tag == BOOLEAN) + { + bool boolean; + data.decode(boolean); + emit(output, asn1_tag_to_string(type_tag), level, length, (boolean ? "true" : "false")); + } + else if(type_tag == NULL_TAG) + { + emit(output, asn1_tag_to_string(type_tag), level, length); + } + else if(type_tag == OCTET_STRING || type_tag == BIT_STRING) + { + std::vector decoded_bits; + data.decode(decoded_bits, type_tag); + + try + { + BER_Decoder inner(decoded_bits); + decode(output, inner, level + 1); + } + catch(...) + { + emit(output, asn1_tag_to_string(type_tag), level, length, format_binary(decoded_bits)); + } + } + else if(ASN1_String::is_string_type(type_tag)) + { + ASN1_String str; + data.decode(str); + emit(output, asn1_tag_to_string(type_tag), level, length, str.value()); + } + else if(type_tag == UTC_TIME || type_tag == GENERALIZED_TIME) + { + X509_Time time; + data.decode(time); + emit(output, asn1_tag_to_string(type_tag), level, length, time.readable_string()); + } + else + { + output << "Unknown ASN.1 tag class=" << static_cast(class_tag) + << " type=" << static_cast(type_tag) << "\n";; + } + + obj = decoder.get_next_object(); + } + } + +} diff --git a/src/lib/asn1/asn1_print.h b/src/lib/asn1/asn1_print.h new file mode 100644 index 0000000000..0fd760e89b --- /dev/null +++ b/src/lib/asn1/asn1_print.h @@ -0,0 +1,77 @@ +/* +* (C) 2014,2015,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_ASN1_PRINT_H_ +#define BOTAN_ASN1_PRINT_H_ + +#include +#include +#include +#include + +namespace Botan { + +class BER_Decoder; + +/** +* Format ASN.1 data into human readable strings +*/ +class BOTAN_DLL ASN1_Pretty_Printer + { + public: + /** + * @param print_limit strings larger than this are not printed + * @param print_binary_limit binary strings larger than this are not printed + * @param print_context_specific if true, try to parse nested context specific data. + * @param initial_level the initial depth (0 or 1 are the only reasonable values) + * @param value_column ASN.1 values are lined up at this column in output + */ + ASN1_Pretty_Printer(size_t print_limit = 256, + size_t print_binary_limit = 256, + bool print_context_specific = true, + size_t initial_level = 0, + size_t value_column = 60) : + m_print_limit(print_limit), + m_print_binary_limit(print_binary_limit), + m_initial_level(initial_level), + m_value_column(value_column), + m_print_context_specific(print_context_specific) + {} + + void print_to_stream(std::ostream& out, + const uint8_t in[], + size_t len) const; + + std::string print(const uint8_t in[], size_t len) const; + + template + std::string print(const std::vector& vec) const + { + return print(vec.data(), vec.size()); + } + + private: + void emit(std::ostream& out, + const std::string& type, + size_t level, size_t length, + const std::string& value = "") const; + + void decode(std::ostream& output, + BER_Decoder& decoder, + size_t level) const; + + std::string format_binary(const std::vector& in) const; + + const size_t m_print_limit; + const size_t m_print_binary_limit; + const size_t m_initial_level; + const size_t m_value_column; + const bool m_print_context_specific; + }; + +} + +#endif From 2dc3e2286c811830f5bbc1da62cda087e9a80cb3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 16:12:01 -0500 Subject: [PATCH 0185/1008] Correct handling of nested context specific --- src/lib/asn1/asn1_print.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index e314b5c995..ccd06a3806 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -48,7 +48,7 @@ std::string ASN1_Pretty_Printer::format_binary(const std::vector& in) c } else { - out << "%" << std::hex << static_cast(c) << std::dec; + out << "x" << std::hex << static_cast(c) << std::dec; ++unprintable; if(unprintable >= in.size() / 4) { @@ -161,11 +161,10 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, { if(m_print_context_specific) { - std::vector bits; - data.decode(bits, type_tag); - try { + std::vector bits; + data.decode(bits, type_tag); BER_Decoder inner(bits); decode(output, inner, level + 1); // recurse } From e1b828559c5a96248d4ccfc77899ecfe22ba13c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 15:07:37 -0500 Subject: [PATCH 0186/1008] Update ASN.1 fuzzer --- src/fuzzer/asn1.cpp | 18 +++++++++--------- src/lib/asn1/asn1_print.cpp | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/fuzzer/asn1.cpp b/src/fuzzer/asn1.cpp index b0ea553e50..8fabad5eda 100644 --- a/src/fuzzer/asn1.cpp +++ b/src/fuzzer/asn1.cpp @@ -5,20 +5,20 @@ */ #include "fuzzers.h" -#include +#include +#include void fuzz(const uint8_t in[], size_t len) { try { - Botan::DataSource_Memory input(in, len); - Botan::BER_Decoder dec(input); - - while(dec.more_items()) - { - Botan::BER_Object obj; - dec.get_next(obj); - } + /* + * Here we use an uninitialized ofstream so the fuzzer doesn't spend time + * on actual output formatting, no memory is allocated, etc. + */ + std::ofstream out; + Botan::ASN1_Pretty_Printer printer; + printer.print_to_stream(out, in, len); } catch(Botan::Exception& e) { } } diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index ccd06a3806..3452e91c4b 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -163,9 +163,9 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, { try { - std::vector bits; - data.decode(bits, type_tag); - BER_Decoder inner(bits); + std::vector inner_bits; + data.decode(inner_bits, type_tag); + BER_Decoder inner(inner_bits); decode(output, inner, level + 1); // recurse } catch(...) From 40a0a03655e51c3d335dca49da1d96ec0123897e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 15 Nov 2017 17:06:30 -0500 Subject: [PATCH 0187/1008] Update news --- news.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/news.rst b/news.rst index e79f3e4441..0734ca84e5 100644 --- a/news.rst +++ b/news.rst @@ -22,10 +22,21 @@ Version 2.4.0, Not Yet Released * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, CRC24 (GH #1281) +* Salsa20 now supports the seek operation. + * Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a key was set before accepting data. Previously attempting to use an unkeyed object would instead result in either a crash or invalid outputs. (GH #1279) +* The X509 certificate, CRL and PKCS10 types have been heavily refactored + internally. Previously all data of these types was serialized to strings, then + in the event a more complicated data structure (such as X509_DN) was needed, + it would be recreated from the string representation. However the round trip + process was not perfect and could cause fields to become lost. This approach + is no longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The + internal data is now stored in a ``shared_ptr``, so copying such objects is + now very cheap. (GH #884) + * ASN.1 string objects previously held their contents as ISO 8859-1 codepoints. However this led to certificates which contained strings outside of this character set (eg in Cyrillic, Greek, or Chinese) being rejected. Now the @@ -78,6 +89,13 @@ Version 2.4.0, Not Yet Released could be used was by manually constructing a ``CTR_BE`` object and setting the second parameter to something in the range of 1 to 3. +* A new mechanism for formatting ASN.1 data is included in ``asn1_print.h``. + This is the same functionality used by the command line ``asn1print`` util, + now cleaned up and moved to the library. + +* The size of ASN1_Tag is increased to 32 bits. This avoids a problem + with UbSan (GH #751) + * In 2.3.0, final annotations were added to many classes including the TLS policies (like ``Strict_Policy`` and ``BSI_TR_02102_2``). However it is reasonable and useful for an application to derive from one of these policies, so From 7737fd2d35dcdc3995b5c8a664f3b64964a0f8b0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 02:55:09 -0500 Subject: [PATCH 0188/1008] Optimize Blowfish Doing two blocks at a time exposes more ILP and substantially improves performance. Idea from http://jultika.oulu.fi/files/nbnfioulu-201305311409.pdf --- news.rst | 2 +- src/lib/block/blowfish/blowfish.cpp | 123 ++++++++++++++++++---------- 2 files changed, 83 insertions(+), 42 deletions(-) diff --git a/news.rst b/news.rst index 0734ca84e5..1d7a753370 100644 --- a/news.rst +++ b/news.rst @@ -20,7 +20,7 @@ Version 2.4.0, Not Yet Released and pmull. (GH #1253 #1263) * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, - CRC24 (GH #1281) + Blowfish, and CRC24 (GH #1281) * Salsa20 now supports the seek operation. diff --git a/src/lib/block/blowfish/blowfish.cpp b/src/lib/block/blowfish/blowfish.cpp index c2634bba48..11a96cdb50 100644 --- a/src/lib/block/blowfish/blowfish.cpp +++ b/src/lib/block/blowfish/blowfish.cpp @@ -190,6 +190,12 @@ const uint32_t S_INIT[1024] = { 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F, 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6 }; +inline uint32_t BFF(uint32_t X, const secure_vector& S) + { + return ((S[ get_byte(0, X)] + S[256+get_byte(1, X)]) ^ + S[512+get_byte(2, X)]) + S[768+get_byte(3, X)]; + } + } /* @@ -199,30 +205,51 @@ void Blowfish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { verify_key_set(m_S.empty() == false); - const uint32_t* S1 = &m_S[0]; - const uint32_t* S2 = &m_S[256]; - const uint32_t* S3 = &m_S[512]; - const uint32_t* S4 = &m_S[768]; + while(blocks >= 2) + { + uint32_t L0, R0, L1, R1; + load_be(in, L0, R0, L1, R1); + + for(size_t r = 0; r != 16; r += 2) + { + L0 ^= m_P[r]; + L1 ^= m_P[r]; + R0 ^= BFF(L0, m_S); + R1 ^= BFF(L1, m_S); + + R0 ^= m_P[r+1]; + R1 ^= m_P[r+1]; + L0 ^= BFF(R0, m_S); + L1 ^= BFF(R1, m_S); + } + + L0 ^= m_P[16]; R0 ^= m_P[17]; + L1 ^= m_P[16]; R1 ^= m_P[17]; + + store_be(out, R0, L0, R1, L1); + + in += 2*BLOCK_SIZE; + out += 2*BLOCK_SIZE; + blocks -= 2; + } - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + if(blocks) { uint32_t L, R; - load_be(in + BLOCK_SIZE*i, L, R); + load_be(in, L, R); - for(size_t j = 0; j != 16; j += 2) + for(size_t r = 0; r != 16; r += 2) { - L ^= m_P[j]; - R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ - S3[get_byte(2, L)]) + S4[get_byte(3, L)]; + L ^= m_P[r]; + R ^= BFF(L, m_S); - R ^= m_P[j+1]; - L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ - S3[get_byte(2, R)]) + S4[get_byte(3, R)]; + R ^= m_P[r+1]; + L ^= BFF(R, m_S); } L ^= m_P[16]; R ^= m_P[17]; - store_be(out + BLOCK_SIZE*i, R, L); + store_be(out, R, L); } } @@ -233,30 +260,51 @@ void Blowfish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { verify_key_set(m_S.empty() == false); - const uint32_t* S1 = &m_S[0]; - const uint32_t* S2 = &m_S[256]; - const uint32_t* S3 = &m_S[512]; - const uint32_t* S4 = &m_S[768]; + while(blocks >= 2) + { + uint32_t L0, R0, L1, R1; + load_be(in, L0, R0, L1, R1); + + for(size_t r = 17; r != 1; r -= 2) + { + L0 ^= m_P[r]; + L1 ^= m_P[r]; + R0 ^= BFF(L0, m_S); + R1 ^= BFF(L1, m_S); + + R0 ^= m_P[r-1]; + R1 ^= m_P[r-1]; + L0 ^= BFF(R0, m_S); + L1 ^= BFF(R1, m_S); + } + + L0 ^= m_P[1]; R0 ^= m_P[0]; + L1 ^= m_P[1]; R1 ^= m_P[0]; + + store_be(out, R0, L0, R1, L1); - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + in += 2*BLOCK_SIZE; + out += 2*BLOCK_SIZE; + blocks -= 2; + } + + if(blocks) { uint32_t L, R; - load_be(in + BLOCK_SIZE*i, L, R); + load_be(in, L, R); - for(size_t j = 17; j != 1; j -= 2) + for(size_t r = 17; r != 1; r -= 2) { - L ^= m_P[j]; - R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ - S3[get_byte(2, L)]) + S4[get_byte(3, L)]; + L ^= m_P[r]; + R ^= BFF(L, m_S); - R ^= m_P[j-1]; - L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ - S3[get_byte(2, R)]) + S4[get_byte(3, R)]; + R ^= m_P[r-1]; + L ^= BFF(R, m_S); } L ^= m_P[1]; R ^= m_P[0]; - store_be(out + BLOCK_SIZE*i, R, L); + store_be(out, R, L); } } @@ -282,7 +330,7 @@ void Blowfish::key_expansion(const uint8_t key[], { for(size_t i = 0, j = 0; i != 18; ++i, j += 4) m_P[i] ^= make_uint32(key[(j ) % length], key[(j+1) % length], - key[(j+2) % length], key[(j+3) % length]); + key[(j+2) % length], key[(j+3) % length]); uint32_t L = 0, R = 0; generate_sbox(m_P, L, R, salt, 0); @@ -340,25 +388,18 @@ void Blowfish::generate_sbox(secure_vector& box, const uint8_t salt[16], size_t salt_off) const { - const uint32_t* S1 = &m_S[0]; - const uint32_t* S2 = &m_S[256]; - const uint32_t* S3 = &m_S[512]; - const uint32_t* S4 = &m_S[768]; - for(size_t i = 0; i != box.size(); i += 2) { L ^= load_be(salt, (i + salt_off) % 4); R ^= load_be(salt, (i + salt_off + 1) % 4); - for(size_t j = 0; j != 16; j += 2) + for(size_t r = 0; r != 16; r += 2) { - L ^= m_P[j]; - R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ - S3[get_byte(2, L)]) + S4[get_byte(3, L)]; + L ^= m_P[r]; + R ^= BFF(L, m_S); - R ^= m_P[j+1]; - L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ - S3[get_byte(2, R)]) + S4[get_byte(3, R)]; + R ^= m_P[r+1]; + L ^= BFF(R, m_S); } uint32_t T = R; R = L ^ m_P[16]; L = T ^ m_P[17]; From 59a8be2a65e74574aa2113636f9c8849afeb219e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 03:10:59 -0500 Subject: [PATCH 0189/1008] Optimizations for CAST-128 Similarly to Blowfish, 2x unrolling produces a 50-60% perf boost due to increased ILP. --- news.rst | 2 +- src/lib/block/cast/cast128.cpp | 180 ++++++++++++++++++++++++--------- 2 files changed, 136 insertions(+), 46 deletions(-) diff --git a/news.rst b/news.rst index 1d7a753370..c5a9fcd04a 100644 --- a/news.rst +++ b/news.rst @@ -20,7 +20,7 @@ Version 2.4.0, Not Yet Released and pmull. (GH #1253 #1263) * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, - Blowfish, and CRC24 (GH #1281) + Blowfish, CAST-128, and CRC24 (GH #1281) * Salsa20 now supports the seek operation. diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index f7910f0340..584cd988a5 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -16,7 +16,7 @@ namespace { /* * CAST-128 Round Type 1 */ -inline uint32_t R1(uint32_t R, uint32_t MK, uint8_t RK) +inline uint32_t F1(uint32_t R, uint32_t MK, uint8_t RK) { const uint32_t T = rotl_var(MK + R, RK); return (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - @@ -26,7 +26,7 @@ inline uint32_t R1(uint32_t R, uint32_t MK, uint8_t RK) /* * CAST-128 Round Type 2 */ -inline uint32_t R2(uint32_t R, uint32_t MK, uint8_t RK) +inline uint32_t F2(uint32_t R, uint32_t MK, uint8_t RK) { const uint32_t T = rotl_var(MK ^ R, RK); return (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + @@ -36,7 +36,7 @@ inline uint32_t R2(uint32_t R, uint32_t MK, uint8_t RK) /* * CAST-128 Round Type 3 */ -inline uint32_t R3(uint32_t R, uint32_t MK, uint8_t RK) +inline uint32_t F3(uint32_t R, uint32_t MK, uint8_t RK) { const uint32_t T = rotl_var(MK - R, RK); return ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ @@ -52,29 +52,74 @@ void CAST_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { verify_key_set(m_RK.empty() == false); - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + while(blocks >= 2) + { + uint32_t L0, R0, L1, R1; + load_be(in, L0, R0, L1, R1); + + L0 ^= F1(R0, m_MK[ 0], m_RK[ 0]); + L1 ^= F1(R1, m_MK[ 0], m_RK[ 0]); + R0 ^= F2(L0, m_MK[ 1], m_RK[ 1]); + R1 ^= F2(L1, m_MK[ 1], m_RK[ 1]); + L0 ^= F3(R0, m_MK[ 2], m_RK[ 2]); + L1 ^= F3(R1, m_MK[ 2], m_RK[ 2]); + R0 ^= F1(L0, m_MK[ 3], m_RK[ 3]); + R1 ^= F1(L1, m_MK[ 3], m_RK[ 3]); + L0 ^= F2(R0, m_MK[ 4], m_RK[ 4]); + L1 ^= F2(R1, m_MK[ 4], m_RK[ 4]); + R0 ^= F3(L0, m_MK[ 5], m_RK[ 5]); + R1 ^= F3(L1, m_MK[ 5], m_RK[ 5]); + L0 ^= F1(R0, m_MK[ 6], m_RK[ 6]); + L1 ^= F1(R1, m_MK[ 6], m_RK[ 6]); + R0 ^= F2(L0, m_MK[ 7], m_RK[ 7]); + R1 ^= F2(L1, m_MK[ 7], m_RK[ 7]); + L0 ^= F3(R0, m_MK[ 8], m_RK[ 8]); + L1 ^= F3(R1, m_MK[ 8], m_RK[ 8]); + R0 ^= F1(L0, m_MK[ 9], m_RK[ 9]); + R1 ^= F1(L1, m_MK[ 9], m_RK[ 9]); + L0 ^= F2(R0, m_MK[10], m_RK[10]); + L1 ^= F2(R1, m_MK[10], m_RK[10]); + R0 ^= F3(L0, m_MK[11], m_RK[11]); + R1 ^= F3(L1, m_MK[11], m_RK[11]); + L0 ^= F1(R0, m_MK[12], m_RK[12]); + L1 ^= F1(R1, m_MK[12], m_RK[12]); + R0 ^= F2(L0, m_MK[13], m_RK[13]); + R1 ^= F2(L1, m_MK[13], m_RK[13]); + L0 ^= F3(R0, m_MK[14], m_RK[14]); + L1 ^= F3(R1, m_MK[14], m_RK[14]); + R0 ^= F1(L0, m_MK[15], m_RK[15]); + R1 ^= F1(L1, m_MK[15], m_RK[15]); + + store_be(out, R0, L0, R1, L1); + + blocks -= 2; + out += 2 * BLOCK_SIZE; + in += 2 * BLOCK_SIZE; + } + + if(blocks) { uint32_t L, R; - load_be(in + BLOCK_SIZE*i, L, R); - - L ^= R1(R, m_MK[ 0], m_RK[ 0]); - R ^= R2(L, m_MK[ 1], m_RK[ 1]); - L ^= R3(R, m_MK[ 2], m_RK[ 2]); - R ^= R1(L, m_MK[ 3], m_RK[ 3]); - L ^= R2(R, m_MK[ 4], m_RK[ 4]); - R ^= R3(L, m_MK[ 5], m_RK[ 5]); - L ^= R1(R, m_MK[ 6], m_RK[ 6]); - R ^= R2(L, m_MK[ 7], m_RK[ 7]); - L ^= R3(R, m_MK[ 8], m_RK[ 8]); - R ^= R1(L, m_MK[ 9], m_RK[ 9]); - L ^= R2(R, m_MK[10], m_RK[10]); - R ^= R3(L, m_MK[11], m_RK[11]); - L ^= R1(R, m_MK[12], m_RK[12]); - R ^= R2(L, m_MK[13], m_RK[13]); - L ^= R3(R, m_MK[14], m_RK[14]); - R ^= R1(L, m_MK[15], m_RK[15]); - - store_be(out + BLOCK_SIZE*i, R, L); + load_be(in, L, R); + + L ^= F1(R, m_MK[ 0], m_RK[ 0]); + R ^= F2(L, m_MK[ 1], m_RK[ 1]); + L ^= F3(R, m_MK[ 2], m_RK[ 2]); + R ^= F1(L, m_MK[ 3], m_RK[ 3]); + L ^= F2(R, m_MK[ 4], m_RK[ 4]); + R ^= F3(L, m_MK[ 5], m_RK[ 5]); + L ^= F1(R, m_MK[ 6], m_RK[ 6]); + R ^= F2(L, m_MK[ 7], m_RK[ 7]); + L ^= F3(R, m_MK[ 8], m_RK[ 8]); + R ^= F1(L, m_MK[ 9], m_RK[ 9]); + L ^= F2(R, m_MK[10], m_RK[10]); + R ^= F3(L, m_MK[11], m_RK[11]); + L ^= F1(R, m_MK[12], m_RK[12]); + R ^= F2(L, m_MK[13], m_RK[13]); + L ^= F3(R, m_MK[14], m_RK[14]); + R ^= F1(L, m_MK[15], m_RK[15]); + + store_be(out, R, L); } } @@ -85,29 +130,74 @@ void CAST_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { verify_key_set(m_RK.empty() == false); - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + while(blocks >= 2) + { + uint32_t L0, R0, L1, R1; + load_be(in, L0, R0, L1, R1); + + R0 ^= F1(L0, m_MK[15], m_RK[15]); + R1 ^= F1(L1, m_MK[15], m_RK[15]); + L0 ^= F3(R0, m_MK[14], m_RK[14]); + L1 ^= F3(R1, m_MK[14], m_RK[14]); + R0 ^= F2(L0, m_MK[13], m_RK[13]); + R1 ^= F2(L1, m_MK[13], m_RK[13]); + L0 ^= F1(R0, m_MK[12], m_RK[12]); + L1 ^= F1(R1, m_MK[12], m_RK[12]); + R0 ^= F3(L0, m_MK[11], m_RK[11]); + R1 ^= F3(L1, m_MK[11], m_RK[11]); + L0 ^= F2(R0, m_MK[10], m_RK[10]); + L1 ^= F2(R1, m_MK[10], m_RK[10]); + R0 ^= F1(L0, m_MK[ 9], m_RK[ 9]); + R1 ^= F1(L1, m_MK[ 9], m_RK[ 9]); + L0 ^= F3(R0, m_MK[ 8], m_RK[ 8]); + L1 ^= F3(R1, m_MK[ 8], m_RK[ 8]); + R0 ^= F2(L0, m_MK[ 7], m_RK[ 7]); + R1 ^= F2(L1, m_MK[ 7], m_RK[ 7]); + L0 ^= F1(R0, m_MK[ 6], m_RK[ 6]); + L1 ^= F1(R1, m_MK[ 6], m_RK[ 6]); + R0 ^= F3(L0, m_MK[ 5], m_RK[ 5]); + R1 ^= F3(L1, m_MK[ 5], m_RK[ 5]); + L0 ^= F2(R0, m_MK[ 4], m_RK[ 4]); + L1 ^= F2(R1, m_MK[ 4], m_RK[ 4]); + R0 ^= F1(L0, m_MK[ 3], m_RK[ 3]); + R1 ^= F1(L1, m_MK[ 3], m_RK[ 3]); + L0 ^= F3(R0, m_MK[ 2], m_RK[ 2]); + L1 ^= F3(R1, m_MK[ 2], m_RK[ 2]); + R0 ^= F2(L0, m_MK[ 1], m_RK[ 1]); + R1 ^= F2(L1, m_MK[ 1], m_RK[ 1]); + L0 ^= F1(R0, m_MK[ 0], m_RK[ 0]); + L1 ^= F1(R1, m_MK[ 0], m_RK[ 0]); + + store_be(out, R0, L0, R1, L1); + + blocks -= 2; + out += 2 * BLOCK_SIZE; + in += 2 * BLOCK_SIZE; + } + + if(blocks) { uint32_t L, R; - load_be(in + BLOCK_SIZE*i, L, R); - - L ^= R1(R, m_MK[15], m_RK[15]); - R ^= R3(L, m_MK[14], m_RK[14]); - L ^= R2(R, m_MK[13], m_RK[13]); - R ^= R1(L, m_MK[12], m_RK[12]); - L ^= R3(R, m_MK[11], m_RK[11]); - R ^= R2(L, m_MK[10], m_RK[10]); - L ^= R1(R, m_MK[ 9], m_RK[ 9]); - R ^= R3(L, m_MK[ 8], m_RK[ 8]); - L ^= R2(R, m_MK[ 7], m_RK[ 7]); - R ^= R1(L, m_MK[ 6], m_RK[ 6]); - L ^= R3(R, m_MK[ 5], m_RK[ 5]); - R ^= R2(L, m_MK[ 4], m_RK[ 4]); - L ^= R1(R, m_MK[ 3], m_RK[ 3]); - R ^= R3(L, m_MK[ 2], m_RK[ 2]); - L ^= R2(R, m_MK[ 1], m_RK[ 1]); - R ^= R1(L, m_MK[ 0], m_RK[ 0]); - - store_be(out + BLOCK_SIZE*i, R, L); + load_be(in, L, R); + + L ^= F1(R, m_MK[15], m_RK[15]); + R ^= F3(L, m_MK[14], m_RK[14]); + L ^= F2(R, m_MK[13], m_RK[13]); + R ^= F1(L, m_MK[12], m_RK[12]); + L ^= F3(R, m_MK[11], m_RK[11]); + R ^= F2(L, m_MK[10], m_RK[10]); + L ^= F1(R, m_MK[ 9], m_RK[ 9]); + R ^= F3(L, m_MK[ 8], m_RK[ 8]); + L ^= F2(R, m_MK[ 7], m_RK[ 7]); + R ^= F1(L, m_MK[ 6], m_RK[ 6]); + L ^= F3(R, m_MK[ 5], m_RK[ 5]); + R ^= F2(L, m_MK[ 4], m_RK[ 4]); + L ^= F1(R, m_MK[ 3], m_RK[ 3]); + R ^= F3(L, m_MK[ 2], m_RK[ 2]); + L ^= F2(R, m_MK[ 1], m_RK[ 1]); + R ^= F1(L, m_MK[ 0], m_RK[ 0]); + + store_be(out, R, L); } } From f1b54cb3895f1b0007d29bcba90ad693bb7c898d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 03:25:00 -0500 Subject: [PATCH 0190/1008] Correct CAST-128 decryption with more than 1 block --- src/lib/block/cast/cast128.cpp | 64 ++++++++++++++++---------------- src/tests/data/block/cast128.vec | 4 ++ 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index 584cd988a5..442c6fc582 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -135,38 +135,38 @@ void CAST_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint32_t L0, R0, L1, R1; load_be(in, L0, R0, L1, R1); - R0 ^= F1(L0, m_MK[15], m_RK[15]); - R1 ^= F1(L1, m_MK[15], m_RK[15]); - L0 ^= F3(R0, m_MK[14], m_RK[14]); - L1 ^= F3(R1, m_MK[14], m_RK[14]); - R0 ^= F2(L0, m_MK[13], m_RK[13]); - R1 ^= F2(L1, m_MK[13], m_RK[13]); - L0 ^= F1(R0, m_MK[12], m_RK[12]); - L1 ^= F1(R1, m_MK[12], m_RK[12]); - R0 ^= F3(L0, m_MK[11], m_RK[11]); - R1 ^= F3(L1, m_MK[11], m_RK[11]); - L0 ^= F2(R0, m_MK[10], m_RK[10]); - L1 ^= F2(R1, m_MK[10], m_RK[10]); - R0 ^= F1(L0, m_MK[ 9], m_RK[ 9]); - R1 ^= F1(L1, m_MK[ 9], m_RK[ 9]); - L0 ^= F3(R0, m_MK[ 8], m_RK[ 8]); - L1 ^= F3(R1, m_MK[ 8], m_RK[ 8]); - R0 ^= F2(L0, m_MK[ 7], m_RK[ 7]); - R1 ^= F2(L1, m_MK[ 7], m_RK[ 7]); - L0 ^= F1(R0, m_MK[ 6], m_RK[ 6]); - L1 ^= F1(R1, m_MK[ 6], m_RK[ 6]); - R0 ^= F3(L0, m_MK[ 5], m_RK[ 5]); - R1 ^= F3(L1, m_MK[ 5], m_RK[ 5]); - L0 ^= F2(R0, m_MK[ 4], m_RK[ 4]); - L1 ^= F2(R1, m_MK[ 4], m_RK[ 4]); - R0 ^= F1(L0, m_MK[ 3], m_RK[ 3]); - R1 ^= F1(L1, m_MK[ 3], m_RK[ 3]); - L0 ^= F3(R0, m_MK[ 2], m_RK[ 2]); - L1 ^= F3(R1, m_MK[ 2], m_RK[ 2]); - R0 ^= F2(L0, m_MK[ 1], m_RK[ 1]); - R1 ^= F2(L1, m_MK[ 1], m_RK[ 1]); - L0 ^= F1(R0, m_MK[ 0], m_RK[ 0]); - L1 ^= F1(R1, m_MK[ 0], m_RK[ 0]); + L0 ^= F1(R0, m_MK[15], m_RK[15]); + L1 ^= F1(R1, m_MK[15], m_RK[15]); + R0 ^= F3(L0, m_MK[14], m_RK[14]); + R1 ^= F3(L1, m_MK[14], m_RK[14]); + L0 ^= F2(R0, m_MK[13], m_RK[13]); + L1 ^= F2(R1, m_MK[13], m_RK[13]); + R0 ^= F1(L0, m_MK[12], m_RK[12]); + R1 ^= F1(L1, m_MK[12], m_RK[12]); + L0 ^= F3(R0, m_MK[11], m_RK[11]); + L1 ^= F3(R1, m_MK[11], m_RK[11]); + R0 ^= F2(L0, m_MK[10], m_RK[10]); + R1 ^= F2(L1, m_MK[10], m_RK[10]); + L0 ^= F1(R0, m_MK[ 9], m_RK[ 9]); + L1 ^= F1(R1, m_MK[ 9], m_RK[ 9]); + R0 ^= F3(L0, m_MK[ 8], m_RK[ 8]); + R1 ^= F3(L1, m_MK[ 8], m_RK[ 8]); + L0 ^= F2(R0, m_MK[ 7], m_RK[ 7]); + L1 ^= F2(R1, m_MK[ 7], m_RK[ 7]); + R0 ^= F1(L0, m_MK[ 6], m_RK[ 6]); + R1 ^= F1(L1, m_MK[ 6], m_RK[ 6]); + L0 ^= F3(R0, m_MK[ 5], m_RK[ 5]); + L1 ^= F3(R1, m_MK[ 5], m_RK[ 5]); + R0 ^= F2(L0, m_MK[ 4], m_RK[ 4]); + R1 ^= F2(L1, m_MK[ 4], m_RK[ 4]); + L0 ^= F1(R0, m_MK[ 3], m_RK[ 3]); + L1 ^= F1(R1, m_MK[ 3], m_RK[ 3]); + R0 ^= F3(L0, m_MK[ 2], m_RK[ 2]); + R1 ^= F3(L1, m_MK[ 2], m_RK[ 2]); + L0 ^= F2(R0, m_MK[ 1], m_RK[ 1]); + L1 ^= F2(R1, m_MK[ 1], m_RK[ 1]); + R0 ^= F1(L0, m_MK[ 0], m_RK[ 0]); + R1 ^= F1(L1, m_MK[ 0], m_RK[ 0]); store_be(out, R0, L0, R1, L1); diff --git a/src/tests/data/block/cast128.vec b/src/tests/data/block/cast128.vec index 8412831bd3..c10ebacc11 100644 --- a/src/tests/data/block/cast128.vec +++ b/src/tests/data/block/cast128.vec @@ -3,6 +3,10 @@ Key = 0123456712345678234567893456789A In = 0123456789ABCDEF Out = 238B4FE5847E44B2 +Key = 0123456712345678234567893456789A +In = 0123456789ABCDEF0123456789ABCDEF +Out = 238B4FE5847E44B2238B4FE5847E44B2 + Key = 51D35D2CFC978231CC8D404C05F20778 In = 0D5ED4BF2C101A00 Out = 851769123481EEBD From 966498893af60a1474ea10f1dc3bfbd5b1f43d00 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 12:16:50 -0500 Subject: [PATCH 0191/1008] Fix a memory leak in the case where certificate extension decoding fails. Introduced in #884 Found by OSS-Fuzz (bug 4249) --- src/lib/x509/x509_ext.cpp | 36 ++++++++++++++++++------------------ src/lib/x509/x509_ext.h | 27 +++++++++++++++------------ 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 682cc1cc7a..a7e3c8f616 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -22,71 +22,71 @@ namespace Botan { /* * Create a Certificate_Extension object of some kind to handle */ -Certificate_Extension* +std::unique_ptr Extensions::create_extn_obj(const OID& oid, bool critical, const std::vector& body) { const std::string oid_str = oid.as_string(); - Certificate_Extension* extn = nullptr; + std::unique_ptr extn; if(oid == Cert_Extension::Subject_Key_ID::static_oid()) { - extn = new Cert_Extension::Subject_Key_ID; + extn.reset(new Cert_Extension::Subject_Key_ID); } else if(oid == Cert_Extension::Key_Usage::static_oid()) { - extn = new Cert_Extension::Key_Usage; + extn.reset(new Cert_Extension::Key_Usage); } else if(oid == Cert_Extension::Subject_Alternative_Name::static_oid()) { - extn = new Cert_Extension::Subject_Alternative_Name; + extn.reset(new Cert_Extension::Subject_Alternative_Name); } else if(oid == Cert_Extension::Issuer_Alternative_Name::static_oid()) { - extn = new Cert_Extension::Issuer_Alternative_Name; + extn.reset(new Cert_Extension::Issuer_Alternative_Name); } else if(oid == Cert_Extension::Basic_Constraints::static_oid()) { - extn = new Cert_Extension::Basic_Constraints; + extn.reset(new Cert_Extension::Basic_Constraints); } else if(oid == Cert_Extension::CRL_Number::static_oid()) { - extn = new Cert_Extension::CRL_Number; + extn.reset(new Cert_Extension::CRL_Number); } else if(oid == Cert_Extension::CRL_ReasonCode::static_oid()) { - extn = new Cert_Extension::CRL_ReasonCode; + extn.reset(new Cert_Extension::CRL_ReasonCode); } else if(oid == Cert_Extension::Authority_Key_ID::static_oid()) { - extn = new Cert_Extension::Authority_Key_ID; + extn.reset(new Cert_Extension::Authority_Key_ID); } else if(oid == Cert_Extension::Name_Constraints::static_oid()) { - extn = new Cert_Extension::Name_Constraints; + extn.reset(new Cert_Extension::Name_Constraints); } else if(oid == Cert_Extension::CRL_Distribution_Points::static_oid()) { - extn = new Cert_Extension::CRL_Distribution_Points; + extn.reset(new Cert_Extension::CRL_Distribution_Points); } else if(oid == Cert_Extension::Certificate_Policies::static_oid()) { - extn = new Cert_Extension::Certificate_Policies; + extn.reset(new Cert_Extension::Certificate_Policies); } else if(oid == Cert_Extension::Extended_Key_Usage::static_oid()) { - extn = new Cert_Extension::Extended_Key_Usage; + extn.reset(new Cert_Extension::Extended_Key_Usage); } else if(oid == Cert_Extension::Authority_Information_Access::static_oid()) { - extn = new Cert_Extension::Authority_Information_Access; + extn.reset(new Cert_Extension::Authority_Information_Access); } else { // some other unknown extension type - extn = new Cert_Extension::Unknown_Extension(oid, critical); + extn.reset(new Cert_Extension::Unknown_Extension(oid, critical)); } try @@ -239,8 +239,8 @@ void Extensions::decode_from(BER_Decoder& from_source) .decode(bits, OCTET_STRING) .end_cons(); - Extensions_Info info(critical, bits, - create_extn_obj(oid, critical, bits)); + std::unique_ptr obj = create_extn_obj(oid, critical, bits); + Extensions_Info info(critical, bits, obj.release()); m_extension_oids.push_back(oid); m_extension_info.emplace(oid, info); diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 2243d6deb1..2cc0115ff3 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -224,27 +224,30 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object #endif private: - static Certificate_Extension* create_extn_obj(const OID& oid, - bool critical, - const std::vector& body); + static std::unique_ptr + create_extn_obj(const OID& oid, + bool critical, + const std::vector& body); class Extensions_Info { public: Extensions_Info(bool critical, Certificate_Extension* ext) : - m_critical(critical), - m_bits(ext->encode_inner()), - m_obj(ext) - {} + m_obj(ext), + m_bits(m_obj->encode_inner()), + m_critical(critical) + { + } Extensions_Info(bool critical, const std::vector& encoding, Certificate_Extension* ext) : - m_critical(critical), + m_obj(ext), m_bits(encoding), - m_obj(ext) - {} + m_critical(critical) + { + } bool is_critical() const { return m_critical; } const std::vector& bits() const { return m_bits; } @@ -255,9 +258,9 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object } private: - bool m_critical = false; + std::shared_ptr m_obj; std::vector m_bits; - std::shared_ptr m_obj; + bool m_critical = false; }; std::vector m_extension_oids; From 24173844eb629f6316ea0523a97b2f9561fee9e6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 13:19:29 -0500 Subject: [PATCH 0192/1008] Add todos --- doc/todo.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/todo.rst b/doc/todo.rst index b33a7b1f16..e0958dcb7f 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -163,6 +163,7 @@ Build/Test debug info during CI * Run the TPM tests against an emulator (https://github.com/PeterHuewe/tpm-emulator) +* Add clang-tidy, clang-analyzer, cppcheck to CI FIPS 140 Build --------------------------------------- From f458becc9c2ecb004557daad63623b8dafefe163 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 13:34:51 -0500 Subject: [PATCH 0193/1008] Move all the various X509 test data files under src/tests/data/x509 --- src/tests/data/{ => x509}/certstor/cert1.crt | 0 src/tests/data/{ => x509}/certstor/cert2.crt | 0 src/tests/data/{ => x509}/certstor/cert3.crt | 0 src/tests/data/{ => x509}/certstor/cert4.crt | 0 src/tests/data/{ => x509}/certstor/cert5a.crt | 0 src/tests/data/{ => x509}/certstor/cert5b.crt | 0 src/tests/data/{ => x509}/certstor/key01.pem | 0 src/tests/data/{ => x509}/certstor/key03.pem | 0 src/tests/data/{ => x509}/certstor/key04.pem | 0 src/tests/data/{ => x509}/certstor/key05.pem | 0 src/tests/data/{ => x509}/certstor/key06.pem | 0 .../ecc/CSCA.CSCA.csca-germany.1.crt | Bin .../ecc/ecc_private_with_rfc5915_ext.pem | 0 .../ecc_private_with_rfc5915_parameters.pem | 0 .../data/{ => x509}/ecc/link_SHA1.166.crt | Bin src/tests/data/{ => x509}/ecc/link_SHA256.cer | Bin .../{ => x509}/ecc/nodompar_private.pkcs8.pem | 0 .../data/{ => x509}/ecc/root2_SHA256.cer | Bin .../data/{ => x509}/ecc/root_SHA1.163.crt | Bin .../ecc/withdompar_private.pkcs8.pem | 0 .../extended}/01/end.crt | 0 .../extended}/01/int.crt | 0 .../extended}/01/root.crt | 0 .../extended}/02/end.crt | 0 .../extended}/02/int1-2.crt | 0 .../extended}/02/int1.crt | 0 .../extended}/02/root.crt | 0 .../extended}/03/end.crt | 0 .../extended}/03/int1.crt | 0 .../extended}/03/root.crt | 0 .../extended}/expected.txt | 0 .../misc}/contains_bmpstring.pem | 0 .../misc}/contains_utf8string.pem | 0 .../{misc_certs => x509/misc}/opcuactt_ca.der | Bin .../{misc_certs => x509/misc}/opcuactt_ca.pem | 0 .../Invalid_DN_Name_Constraint.crt | 0 .../Invalid_Email_Name_Constraint.crt | 0 .../Invalid_IP_Name_Constraint.crt | 0 .../Root_DNS_Name_Constraint.crt | 0 .../Root_DN_Name_Constraint.crt | 0 .../Root_Email_Name_Constraint.crt | 0 .../Root_IP_Name_Constraint.crt | 0 .../Valid_DNS_Name_Constraint.crt | 0 .../Valid_DN_Name_Constraint.crt | 0 .../Valid_IP_Name_Constraint.crt | 0 .../{nist_x509 => x509/nist}/expected.txt | 0 .../data/{nist_x509 => x509/nist}/root.crl | Bin .../data/{nist_x509 => x509/nist}/root.crt | Bin .../{nist_x509 => x509/nist}/test01/end.crt | Bin .../{nist_x509 => x509/nist}/test02/end.crt | Bin .../{nist_x509 => x509/nist}/test02/int.crl | Bin .../{nist_x509 => x509/nist}/test02/int.crt | Bin .../{nist_x509 => x509/nist}/test03/end.crt | Bin .../{nist_x509 => x509/nist}/test03/int.crl | Bin .../{nist_x509 => x509/nist}/test03/int.crt | Bin .../{nist_x509 => x509/nist}/test04/end.crt | Bin .../{nist_x509 => x509/nist}/test04/int1.crl | Bin .../{nist_x509 => x509/nist}/test04/int1.crt | Bin .../{nist_x509 => x509/nist}/test04/int2.crl | Bin .../{nist_x509 => x509/nist}/test04/int2.crt | Bin .../{nist_x509 => x509/nist}/test05/end.crt | Bin .../{nist_x509 => x509/nist}/test05/int.crl | Bin .../{nist_x509 => x509/nist}/test05/int.crt | Bin .../{nist_x509 => x509/nist}/test06/end.crt | Bin .../{nist_x509 => x509/nist}/test06/int.crl | Bin .../{nist_x509 => x509/nist}/test06/int.crt | Bin .../{nist_x509 => x509/nist}/test07/end.crt | Bin .../{nist_x509 => x509/nist}/test07/int.crl | Bin .../{nist_x509 => x509/nist}/test07/int.crt | Bin .../{nist_x509 => x509/nist}/test08/end.crt | Bin .../{nist_x509 => x509/nist}/test08/int.crl | Bin .../{nist_x509 => x509/nist}/test08/int.crt | Bin .../{nist_x509 => x509/nist}/test09/end.crt | Bin .../{nist_x509 => x509/nist}/test09/int.crl | Bin .../{nist_x509 => x509/nist}/test09/int.crt | Bin .../{nist_x509 => x509/nist}/test10/end.crt | Bin .../{nist_x509 => x509/nist}/test10/int.crl | Bin .../{nist_x509 => x509/nist}/test10/int.crt | Bin .../{nist_x509 => x509/nist}/test11/end.crt | Bin .../{nist_x509 => x509/nist}/test11/int.crl | Bin .../{nist_x509 => x509/nist}/test11/int.crt | Bin .../{nist_x509 => x509/nist}/test12/end.crt | Bin .../{nist_x509 => x509/nist}/test12/int.crl | Bin .../{nist_x509 => x509/nist}/test12/int.crt | Bin .../{nist_x509 => x509/nist}/test13/end.crt | Bin .../{nist_x509 => x509/nist}/test13/int.crl | Bin .../{nist_x509 => x509/nist}/test13/int.crt | Bin .../{nist_x509 => x509/nist}/test14/end.crt | Bin .../{nist_x509 => x509/nist}/test14/int.crl | Bin .../{nist_x509 => x509/nist}/test14/int.crt | Bin .../{nist_x509 => x509/nist}/test15/end.crt | Bin .../{nist_x509 => x509/nist}/test15/int.crl | Bin .../{nist_x509 => x509/nist}/test15/int.crt | Bin .../{nist_x509 => x509/nist}/test16/end.crt | Bin .../{nist_x509 => x509/nist}/test16/int.crl | Bin .../{nist_x509 => x509/nist}/test16/int.crt | Bin .../{nist_x509 => x509/nist}/test17/end.crt | Bin .../{nist_x509 => x509/nist}/test17/int.crl | Bin .../{nist_x509 => x509/nist}/test17/int.crt | Bin .../{nist_x509 => x509/nist}/test18/end.crt | Bin .../{nist_x509 => x509/nist}/test18/int.crl | Bin .../{nist_x509 => x509/nist}/test18/int.crt | Bin .../{nist_x509 => x509/nist}/test19/end.crt | Bin .../{nist_x509 => x509/nist}/test19/int.crt | Bin .../{nist_x509 => x509/nist}/test20/end.crt | Bin .../{nist_x509 => x509/nist}/test20/int.crl | Bin .../{nist_x509 => x509/nist}/test20/int.crt | Bin .../{nist_x509 => x509/nist}/test21/end.crt | Bin .../{nist_x509 => x509/nist}/test21/int.crl | Bin .../{nist_x509 => x509/nist}/test21/int.crt | Bin .../{nist_x509 => x509/nist}/test22/end.crt | Bin .../{nist_x509 => x509/nist}/test22/int.crl | Bin .../{nist_x509 => x509/nist}/test22/int.crt | Bin .../{nist_x509 => x509/nist}/test23/end.crt | Bin .../{nist_x509 => x509/nist}/test23/int.crl | Bin .../{nist_x509 => x509/nist}/test23/int.crt | Bin .../{nist_x509 => x509/nist}/test24/end.crt | Bin .../{nist_x509 => x509/nist}/test24/int.crl | Bin .../{nist_x509 => x509/nist}/test24/int.crt | Bin .../{nist_x509 => x509/nist}/test25/end.crt | Bin .../{nist_x509 => x509/nist}/test25/int.crl | Bin .../{nist_x509 => x509/nist}/test25/int.crt | Bin .../{nist_x509 => x509/nist}/test26/end.crt | Bin .../{nist_x509 => x509/nist}/test26/int.crl | Bin .../{nist_x509 => x509/nist}/test26/int.crt | Bin .../{nist_x509 => x509/nist}/test27/end.crt | Bin .../{nist_x509 => x509/nist}/test27/int.crl | Bin .../{nist_x509 => x509/nist}/test27/int.crt | Bin .../{nist_x509 => x509/nist}/test28/end.crt | Bin .../{nist_x509 => x509/nist}/test28/int.crl | Bin .../{nist_x509 => x509/nist}/test28/int.crt | Bin .../{nist_x509 => x509/nist}/test29/end.crt | Bin .../{nist_x509 => x509/nist}/test29/int.crl | Bin .../{nist_x509 => x509/nist}/test29/int.crt | Bin .../{nist_x509 => x509/nist}/test30/end.crt | Bin .../{nist_x509 => x509/nist}/test30/int.crl | Bin .../{nist_x509 => x509/nist}/test30/int.crt | Bin .../{nist_x509 => x509/nist}/test31/end.crt | Bin .../{nist_x509 => x509/nist}/test31/int.crl | Bin .../{nist_x509 => x509/nist}/test31/int.crt | Bin .../{nist_x509 => x509/nist}/test32/end.crt | Bin .../{nist_x509 => x509/nist}/test32/int.crl | Bin .../{nist_x509 => x509/nist}/test32/int.crt | Bin .../{nist_x509 => x509/nist}/test33/end.crt | Bin .../{nist_x509 => x509/nist}/test33/int.crl | Bin .../{nist_x509 => x509/nist}/test33/int.crt | Bin .../{nist_x509 => x509/nist}/test34/end.crt | Bin .../{nist_x509 => x509/nist}/test34/int.crl | Bin .../{nist_x509 => x509/nist}/test34/int.crt | Bin .../{nist_x509 => x509/nist}/test35/end.crt | Bin .../{nist_x509 => x509/nist}/test35/int.crl | Bin .../{nist_x509 => x509/nist}/test35/int.crt | Bin .../{nist_x509 => x509/nist}/test36/end.crt | Bin .../{nist_x509 => x509/nist}/test36/int1.crl | Bin .../{nist_x509 => x509/nist}/test36/int1.crt | Bin .../{nist_x509 => x509/nist}/test36/int2.crl | Bin .../{nist_x509 => x509/nist}/test36/int2.crt | Bin .../{nist_x509 => x509/nist}/test37/end.crt | Bin .../{nist_x509 => x509/nist}/test37/int1.crl | Bin .../{nist_x509 => x509/nist}/test37/int1.crt | Bin .../{nist_x509 => x509/nist}/test37/int2.crl | Bin .../{nist_x509 => x509/nist}/test37/int2.crt | Bin .../{nist_x509 => x509/nist}/test38/end.crt | Bin .../{nist_x509 => x509/nist}/test38/int1.crl | Bin .../{nist_x509 => x509/nist}/test38/int1.crt | Bin .../{nist_x509 => x509/nist}/test38/int2.crl | Bin .../{nist_x509 => x509/nist}/test38/int2.crt | Bin .../{nist_x509 => x509/nist}/test39/end.crt | Bin .../{nist_x509 => x509/nist}/test39/int1.crl | Bin .../{nist_x509 => x509/nist}/test39/int1.crt | Bin .../{nist_x509 => x509/nist}/test39/int2.crl | Bin .../{nist_x509 => x509/nist}/test39/int2.crt | Bin .../{nist_x509 => x509/nist}/test39/int3.crl | Bin .../{nist_x509 => x509/nist}/test39/int3.crt | Bin .../{nist_x509 => x509/nist}/test40/end.crt | Bin .../{nist_x509 => x509/nist}/test40/int1.crl | Bin .../{nist_x509 => x509/nist}/test40/int1.crt | Bin .../{nist_x509 => x509/nist}/test40/int2.crl | Bin .../{nist_x509 => x509/nist}/test40/int2.crt | Bin .../{nist_x509 => x509/nist}/test40/int3.crl | Bin .../{nist_x509 => x509/nist}/test40/int3.crt | Bin .../{nist_x509 => x509/nist}/test41/end.crt | Bin .../{nist_x509 => x509/nist}/test41/int1.crl | Bin .../{nist_x509 => x509/nist}/test41/int1.crt | Bin .../{nist_x509 => x509/nist}/test41/int2.crl | Bin .../{nist_x509 => x509/nist}/test41/int2.crt | Bin .../{nist_x509 => x509/nist}/test41/int3.crl | Bin .../{nist_x509 => x509/nist}/test41/int3.crt | Bin .../{nist_x509 => x509/nist}/test42/end.crt | Bin .../{nist_x509 => x509/nist}/test42/int1.crl | Bin .../{nist_x509 => x509/nist}/test42/int1.crt | Bin .../{nist_x509 => x509/nist}/test42/int2.crl | Bin .../{nist_x509 => x509/nist}/test42/int2.crt | Bin .../{nist_x509 => x509/nist}/test42/int3.crl | Bin .../{nist_x509 => x509/nist}/test42/int3.crt | Bin .../{nist_x509 => x509/nist}/test42/int4.crl | Bin .../{nist_x509 => x509/nist}/test42/int4.crt | Bin .../{nist_x509 => x509/nist}/test43/end.crt | Bin .../{nist_x509 => x509/nist}/test43/int1.crl | Bin .../{nist_x509 => x509/nist}/test43/int1.crt | Bin .../{nist_x509 => x509/nist}/test43/int2.crl | Bin .../{nist_x509 => x509/nist}/test43/int2.crt | Bin .../{nist_x509 => x509/nist}/test43/int3.crl | Bin .../{nist_x509 => x509/nist}/test43/int3.crt | Bin .../{nist_x509 => x509/nist}/test43/int4.crl | Bin .../{nist_x509 => x509/nist}/test43/int4.crt | Bin .../{nist_x509 => x509/nist}/test44/end.crt | Bin .../{nist_x509 => x509/nist}/test44/int1.crl | Bin .../{nist_x509 => x509/nist}/test44/int1.crt | Bin .../{nist_x509 => x509/nist}/test44/int2.crl | Bin .../{nist_x509 => x509/nist}/test44/int2.crt | Bin .../{nist_x509 => x509/nist}/test44/int3.crl | Bin .../{nist_x509 => x509/nist}/test44/int3.crt | Bin .../{nist_x509 => x509/nist}/test44/int4.crl | Bin .../{nist_x509 => x509/nist}/test44/int4.crt | Bin .../{nist_x509 => x509/nist}/test45/end.crt | Bin .../{nist_x509 => x509/nist}/test45/int1.crl | Bin .../{nist_x509 => x509/nist}/test45/int1.crt | Bin .../{nist_x509 => x509/nist}/test45/int2.crl | Bin .../{nist_x509 => x509/nist}/test45/int2.crt | Bin .../{nist_x509 => x509/nist}/test45/int3.crl | Bin .../{nist_x509 => x509/nist}/test45/int3.crt | Bin .../{nist_x509 => x509/nist}/test45/int4.crl | Bin .../{nist_x509 => x509/nist}/test45/int4.crt | Bin .../{nist_x509 => x509/nist}/test46/end.crt | Bin .../{nist_x509 => x509/nist}/test46/int1.crl | Bin .../{nist_x509 => x509/nist}/test46/int1.crt | Bin .../{nist_x509 => x509/nist}/test46/int2.crl | Bin .../{nist_x509 => x509/nist}/test46/int2.crt | Bin .../{nist_x509 => x509/nist}/test46/int3.crl | Bin .../{nist_x509 => x509/nist}/test46/int3.crt | Bin .../{nist_x509 => x509/nist}/test46/int4.crl | Bin .../{nist_x509 => x509/nist}/test46/int4.crt | Bin .../{nist_x509 => x509/nist}/test47/end.crt | Bin .../{nist_x509 => x509/nist}/test47/int1.crl | Bin .../{nist_x509 => x509/nist}/test47/int1.crt | Bin .../{nist_x509 => x509/nist}/test47/int2.crl | Bin .../{nist_x509 => x509/nist}/test47/int2.crt | Bin .../{nist_x509 => x509/nist}/test47/int3.crl | Bin .../{nist_x509 => x509/nist}/test47/int3.crt | Bin .../{nist_x509 => x509/nist}/test47/int4.crl | Bin .../{nist_x509 => x509/nist}/test47/int4.crt | Bin .../{nist_x509 => x509/nist}/test48/end.crt | Bin .../{nist_x509 => x509/nist}/test48/int.crl | Bin .../{nist_x509 => x509/nist}/test48/int.crt | Bin .../{nist_x509 => x509/nist}/test49/end.crt | Bin .../{nist_x509 => x509/nist}/test49/int.crl | Bin .../{nist_x509 => x509/nist}/test49/int.crt | Bin .../{nist_x509 => x509/nist}/test50/end.crt | Bin .../{nist_x509 => x509/nist}/test50/int.crl | Bin .../{nist_x509 => x509/nist}/test50/int.crt | Bin .../{nist_x509 => x509/nist}/test51/end.crt | Bin .../{nist_x509 => x509/nist}/test51/int.crl | Bin .../{nist_x509 => x509/nist}/test51/int.crt | Bin .../{nist_x509 => x509/nist}/test52/end.crt | Bin .../{nist_x509 => x509/nist}/test52/int.crl | Bin .../{nist_x509 => x509/nist}/test52/int.crt | Bin .../{nist_x509 => x509/nist}/test53/end.crt | Bin .../{nist_x509 => x509/nist}/test53/int.crl | Bin .../{nist_x509 => x509/nist}/test53/int.crt | Bin .../{nist_x509 => x509/nist}/test54/end.crt | Bin .../{nist_x509 => x509/nist}/test54/int1.crl | Bin .../{nist_x509 => x509/nist}/test54/int1.crt | Bin .../{nist_x509 => x509/nist}/test54/int2.crl | Bin .../{nist_x509 => x509/nist}/test54/int2.crt | Bin .../{nist_x509 => x509/nist}/test55/end.crt | Bin .../{nist_x509 => x509/nist}/test55/int1.crl | Bin .../{nist_x509 => x509/nist}/test55/int1.crt | Bin .../{nist_x509 => x509/nist}/test55/int2.crl | Bin .../{nist_x509 => x509/nist}/test55/int2.crt | Bin .../{nist_x509 => x509/nist}/test56/end.crt | Bin .../{nist_x509 => x509/nist}/test56/int.crl | Bin .../{nist_x509 => x509/nist}/test56/int.crt | Bin .../{nist_x509 => x509/nist}/test57/end.crt | Bin .../{nist_x509 => x509/nist}/test57/int.crl | Bin .../{nist_x509 => x509/nist}/test57/int.crt | Bin .../{nist_x509 => x509/nist}/test58/end.crt | Bin .../{nist_x509 => x509/nist}/test58/int1.crl | Bin .../{nist_x509 => x509/nist}/test58/int1.crt | Bin .../{nist_x509 => x509/nist}/test58/int2.crl | Bin .../{nist_x509 => x509/nist}/test58/int2.crt | Bin .../{nist_x509 => x509/nist}/test58/int3.crl | Bin .../{nist_x509 => x509/nist}/test58/int3.crt | Bin .../{nist_x509 => x509/nist}/test59/end.crt | Bin .../{nist_x509 => x509/nist}/test59/int1.crl | Bin .../{nist_x509 => x509/nist}/test59/int1.crt | Bin .../{nist_x509 => x509/nist}/test59/int2.crl | Bin .../{nist_x509 => x509/nist}/test59/int2.crt | Bin .../{nist_x509 => x509/nist}/test59/int3.crl | Bin .../{nist_x509 => x509/nist}/test59/int3.crt | Bin .../{nist_x509 => x509/nist}/test60/end.crt | Bin .../{nist_x509 => x509/nist}/test60/int1.crl | Bin .../{nist_x509 => x509/nist}/test60/int1.crt | Bin .../{nist_x509 => x509/nist}/test60/int2.crl | Bin .../{nist_x509 => x509/nist}/test60/int2.crt | Bin .../{nist_x509 => x509/nist}/test60/int3.crl | Bin .../{nist_x509 => x509/nist}/test60/int3.crt | Bin .../{nist_x509 => x509/nist}/test60/int4.crl | Bin .../{nist_x509 => x509/nist}/test60/int4.crt | Bin .../{nist_x509 => x509/nist}/test61/end.crt | Bin .../{nist_x509 => x509/nist}/test61/int1.crl | Bin .../{nist_x509 => x509/nist}/test61/int1.crt | Bin .../{nist_x509 => x509/nist}/test61/int2.crl | Bin .../{nist_x509 => x509/nist}/test61/int2.crt | Bin .../{nist_x509 => x509/nist}/test61/int3.crl | Bin .../{nist_x509 => x509/nist}/test61/int3.crt | Bin .../{nist_x509 => x509/nist}/test61/int4.crl | Bin .../{nist_x509 => x509/nist}/test61/int4.crt | Bin .../{nist_x509 => x509/nist}/test62/end.crt | Bin .../{nist_x509 => x509/nist}/test62/int1.crl | Bin .../{nist_x509 => x509/nist}/test62/int1.crt | Bin .../{nist_x509 => x509/nist}/test62/int2.crl | Bin .../{nist_x509 => x509/nist}/test62/int2.crt | Bin .../{nist_x509 => x509/nist}/test62/int3.crl | Bin .../{nist_x509 => x509/nist}/test62/int3.crt | Bin .../{nist_x509 => x509/nist}/test62/int4.crl | Bin .../{nist_x509 => x509/nist}/test62/int4.crt | Bin .../{nist_x509 => x509/nist}/test63/end.crt | Bin .../{nist_x509 => x509/nist}/test63/int1.crl | Bin .../{nist_x509 => x509/nist}/test63/int1.crt | Bin .../{nist_x509 => x509/nist}/test63/int2.crl | Bin .../{nist_x509 => x509/nist}/test63/int2.crt | Bin .../{nist_x509 => x509/nist}/test63/int3.crl | Bin .../{nist_x509 => x509/nist}/test63/int3.crt | Bin .../{nist_x509 => x509/nist}/test63/int4.crl | Bin .../{nist_x509 => x509/nist}/test63/int4.crt | Bin .../{nist_x509 => x509/nist}/test64/end.crt | Bin .../{nist_x509 => x509/nist}/test64/int.crl | Bin .../{nist_x509 => x509/nist}/test64/int.crt | Bin .../{nist_x509 => x509/nist}/test65/end.crt | Bin .../{nist_x509 => x509/nist}/test65/int.crl | Bin .../{nist_x509 => x509/nist}/test65/int1.crt | Bin .../{nist_x509 => x509/nist}/test65/int2.crt | Bin .../{nist_x509 => x509/nist}/test66/end.crt | Bin .../{nist_x509 => x509/nist}/test66/int.crl | Bin .../{nist_x509 => x509/nist}/test66/int.crt | Bin .../{nist_x509 => x509/nist}/test67/end.crt | Bin .../{nist_x509 => x509/nist}/test67/int.crt | Bin .../{nist_x509 => x509/nist}/test67/int1.crl | Bin .../{nist_x509 => x509/nist}/test67/int2.crl | Bin .../{nist_x509 => x509/nist}/test68/end.crt | Bin .../{nist_x509 => x509/nist}/test68/int1.crl | Bin .../{nist_x509 => x509/nist}/test68/int1.crt | Bin .../{nist_x509 => x509/nist}/test68/int2.crl | Bin .../{nist_x509 => x509/nist}/test68/int2.crt | Bin .../{nist_x509 => x509/nist}/test69/end.crt | Bin .../{nist_x509 => x509/nist}/test69/int.crl | Bin .../{nist_x509 => x509/nist}/test69/int.crt | Bin .../{nist_x509 => x509/nist}/test70/end.crt | Bin .../{nist_x509 => x509/nist}/test70/int1.crl | Bin .../{nist_x509 => x509/nist}/test70/int1.crt | Bin .../{nist_x509 => x509/nist}/test70/int2.crl | Bin .../{nist_x509 => x509/nist}/test70/int2.crt | Bin .../{nist_x509 => x509/nist}/test71/end.crt | Bin .../{nist_x509 => x509/nist}/test71/int.crl | Bin .../{nist_x509 => x509/nist}/test71/int.crt | Bin .../{nist_x509 => x509/nist}/test72/end.crt | Bin .../{nist_x509 => x509/nist}/test72/int.crl | Bin .../{nist_x509 => x509/nist}/test72/int.crt | Bin .../{nist_x509 => x509/nist}/test73/end.crt | Bin .../{nist_x509 => x509/nist}/test73/int.crl | Bin .../{nist_x509 => x509/nist}/test73/int.crt | Bin .../{nist_x509 => x509/nist}/test74/end.crt | Bin .../{nist_x509 => x509/nist}/test74/int.crl | Bin .../{nist_x509 => x509/nist}/test74/int.crt | Bin .../{nist_x509 => x509/nist}/test75/end.crt | Bin .../{nist_x509 => x509/nist}/test75/int.crl | Bin .../{nist_x509 => x509/nist}/test75/int.crt | Bin .../{nist_x509 => x509/nist}/test76/end.crt | Bin .../{nist_x509 => x509/nist}/test76/int.crl | Bin .../{nist_x509 => x509/nist}/test76/int.crt | Bin src/tests/data/{ => x509}/ocsp/geotrust.pem | 0 src/tests/data/{ => x509}/ocsp/gmail.pem | 0 src/tests/data/{ => x509}/ocsp/google_g2.pem | 0 src/tests/data/{ => x509}/ocsp/identrust.pem | 0 .../data/{ => x509}/ocsp/letsencrypt.pem | 0 src/tests/data/{ => x509}/ocsp/randombit.pem | 0 .../data/{ => x509}/ocsp/randombit_ocsp.der | Bin src/tests/data/{ => x509}/ocsp/resp1.der | Bin src/tests/data/{ => x509}/ocsp/resp2.der | Bin src/tests/data/{ => x509}/ocsp/resp3.der | Bin .../pss_certs}/01/README.txt | 0 .../{pss_x509 => x509/pss_certs}/01/end.crt | 0 .../{pss_x509 => x509/pss_certs}/01/root.crt | 0 .../pss_certs}/02/README.txt | 0 .../{pss_x509 => x509/pss_certs}/02/end.crt | 0 .../{pss_x509 => x509/pss_certs}/02/root.crt | 0 .../{pss_x509 => x509/pss_certs}/03/end.crt | 0 .../{pss_x509 => x509/pss_certs}/03/root.crt | 0 .../{pss_x509 => x509/pss_certs}/04/end.crt | 0 .../{pss_x509 => x509/pss_certs}/04/root.crt | 0 .../{pss_x509 => x509/pss_certs}/05/end.crt | 0 .../{pss_x509 => x509/pss_certs}/05/root.crt | 0 .../{pss_x509 => x509/pss_certs}/06/end.crt | 0 .../{pss_x509 => x509/pss_certs}/06/root.crt | 0 .../{pss_x509 => x509/pss_certs}/07/end.crt | 0 .../{pss_x509 => x509/pss_certs}/07/root.crt | 0 .../{pss_x509 => x509/pss_certs}/08/end.crt | 0 .../{pss_x509 => x509/pss_certs}/08/root.crt | 0 .../{pss_x509 => x509/pss_certs}/09/end.crt | 0 .../{pss_x509 => x509/pss_certs}/09/root.crt | 0 .../{pss_x509 => x509/pss_certs}/10/end.crt | 0 .../{pss_x509 => x509/pss_certs}/10/root.crt | 0 .../{pss_x509 => x509/pss_certs}/100/end.crt | 0 .../{pss_x509 => x509/pss_certs}/100/root.crt | 0 .../{pss_x509 => x509/pss_certs}/101/end.crt | 0 .../{pss_x509 => x509/pss_certs}/101/root.crt | 0 .../{pss_x509 => x509/pss_certs}/102/end.crt | 0 .../{pss_x509 => x509/pss_certs}/102/root.crt | 0 .../{pss_x509 => x509/pss_certs}/103/end.crt | 0 .../{pss_x509 => x509/pss_certs}/103/root.crt | 0 .../{pss_x509 => x509/pss_certs}/104/end.crt | 0 .../{pss_x509 => x509/pss_certs}/104/root.crt | 0 .../{pss_x509 => x509/pss_certs}/105/end.crt | 0 .../{pss_x509 => x509/pss_certs}/105/root.crt | 0 .../{pss_x509 => x509/pss_certs}/106/end.crt | 0 .../{pss_x509 => x509/pss_certs}/106/root.crt | 0 .../{pss_x509 => x509/pss_certs}/107/end.crt | 0 .../pss_certs}/108/crl-rsa-pss-sha1.crl | 0 .../{pss_x509 => x509/pss_certs}/108/end.crt | 0 .../{pss_x509 => x509/pss_certs}/108/root.crt | 0 .../pss_certs}/109/README.txt | 0 .../109/crl-rsa-pss-sha1-badsign.crl | 0 .../{pss_x509 => x509/pss_certs}/109/end.crt | 0 .../{pss_x509 => x509/pss_certs}/109/root.crt | 0 .../{pss_x509 => x509/pss_certs}/11/end.crt | 0 .../{pss_x509 => x509/pss_certs}/11/root.crt | 0 .../pss_certs}/110/crl-rsa-pss-sha224.crl | 0 .../{pss_x509 => x509/pss_certs}/110/end.crt | 0 .../{pss_x509 => x509/pss_certs}/110/root.crt | 0 .../pss_certs}/111/crl-rsa-pss-sha256.crl | 0 .../{pss_x509 => x509/pss_certs}/111/end.crt | 0 .../{pss_x509 => x509/pss_certs}/111/root.crt | 0 .../pss_certs}/112/crl-rsa-pss-sha384.crl | 0 .../{pss_x509 => x509/pss_certs}/112/end.crt | 0 .../{pss_x509 => x509/pss_certs}/112/root.crt | 0 .../pss_certs}/113/crl-rsa-pss-sha512.crl | 0 .../{pss_x509 => x509/pss_certs}/113/end.crt | 0 .../{pss_x509 => x509/pss_certs}/113/root.crt | 0 .../pss_certs}/114/server9.req.sha1.csr | 0 .../pss_certs}/115/server9.req.sha224.csr | 0 .../pss_certs}/116/server9.req.sha256.csr | 0 .../pss_certs}/117/server9.req.sha384.csr | 0 .../pss_certs}/118/server9.req.sha512.csr | 0 .../{pss_x509 => x509/pss_certs}/12/end.crt | 0 .../{pss_x509 => x509/pss_certs}/12/root.crt | 0 .../{pss_x509 => x509/pss_certs}/13/end.crt | 0 .../{pss_x509 => x509/pss_certs}/13/root.crt | 0 .../{pss_x509 => x509/pss_certs}/14/end.crt | 0 .../{pss_x509 => x509/pss_certs}/14/root.crt | 0 .../{pss_x509 => x509/pss_certs}/15/end.crt | 0 .../{pss_x509 => x509/pss_certs}/15/root.crt | 0 .../{pss_x509 => x509/pss_certs}/16/end.crt | 0 .../{pss_x509 => x509/pss_certs}/16/root.crt | 0 .../{pss_x509 => x509/pss_certs}/17/end.crt | 0 .../{pss_x509 => x509/pss_certs}/17/root.crt | 0 .../{pss_x509 => x509/pss_certs}/18/end.crt | 0 .../{pss_x509 => x509/pss_certs}/18/root.crt | 0 .../{pss_x509 => x509/pss_certs}/19/end.crt | 0 .../{pss_x509 => x509/pss_certs}/19/root.crt | 0 .../{pss_x509 => x509/pss_certs}/20/end.crt | 0 .../{pss_x509 => x509/pss_certs}/20/root.crt | 0 .../{pss_x509 => x509/pss_certs}/21/end.crt | 0 .../{pss_x509 => x509/pss_certs}/21/root.crt | 0 .../{pss_x509 => x509/pss_certs}/22/end.crt | 0 .../{pss_x509 => x509/pss_certs}/22/root.crt | 0 .../{pss_x509 => x509/pss_certs}/23/end.crt | 0 .../{pss_x509 => x509/pss_certs}/23/root.crt | 0 .../{pss_x509 => x509/pss_certs}/24/end.crt | 0 .../{pss_x509 => x509/pss_certs}/24/root.crt | 0 .../{pss_x509 => x509/pss_certs}/25/end.crt | 0 .../{pss_x509 => x509/pss_certs}/25/root.crt | 0 .../{pss_x509 => x509/pss_certs}/26/end.crt | 0 .../{pss_x509 => x509/pss_certs}/26/root.crt | 0 .../{pss_x509 => x509/pss_certs}/27/end.crt | 0 .../{pss_x509 => x509/pss_certs}/27/root.crt | 0 .../{pss_x509 => x509/pss_certs}/28/end.crt | 0 .../{pss_x509 => x509/pss_certs}/28/root.crt | 0 .../{pss_x509 => x509/pss_certs}/29/end.crt | 0 .../{pss_x509 => x509/pss_certs}/29/root.crt | 0 .../{pss_x509 => x509/pss_certs}/30/end.crt | 0 .../{pss_x509 => x509/pss_certs}/30/root.crt | 0 .../{pss_x509 => x509/pss_certs}/31/end.crt | 0 .../{pss_x509 => x509/pss_certs}/31/root.crt | 0 .../{pss_x509 => x509/pss_certs}/32/end.crt | 0 .../{pss_x509 => x509/pss_certs}/32/root.crt | 0 .../{pss_x509 => x509/pss_certs}/33/end.crt | 0 .../{pss_x509 => x509/pss_certs}/33/root.crt | 0 .../{pss_x509 => x509/pss_certs}/34/end.crt | 0 .../{pss_x509 => x509/pss_certs}/34/root.crt | 0 .../{pss_x509 => x509/pss_certs}/35/end.crt | 0 .../{pss_x509 => x509/pss_certs}/35/root.crt | 0 .../{pss_x509 => x509/pss_certs}/36/end.crt | 0 .../{pss_x509 => x509/pss_certs}/36/root.crt | 0 .../{pss_x509 => x509/pss_certs}/37/end.crt | 0 .../{pss_x509 => x509/pss_certs}/37/root.crt | 0 .../{pss_x509 => x509/pss_certs}/38/end.crt | 0 .../{pss_x509 => x509/pss_certs}/38/root.crt | 0 .../{pss_x509 => x509/pss_certs}/39/end.crt | 0 .../{pss_x509 => x509/pss_certs}/39/root.crt | 0 .../{pss_x509 => x509/pss_certs}/40/end.crt | 0 .../{pss_x509 => x509/pss_certs}/40/root.crt | 0 .../{pss_x509 => x509/pss_certs}/41/end.crt | 0 .../{pss_x509 => x509/pss_certs}/41/root.crt | 0 .../{pss_x509 => x509/pss_certs}/42/end.crt | 0 .../{pss_x509 => x509/pss_certs}/42/root.crt | 0 .../{pss_x509 => x509/pss_certs}/43/end.crt | 0 .../{pss_x509 => x509/pss_certs}/43/root.crt | 0 .../{pss_x509 => x509/pss_certs}/44/end.crt | 0 .../{pss_x509 => x509/pss_certs}/44/root.crt | 0 .../{pss_x509 => x509/pss_certs}/45/end.crt | 0 .../{pss_x509 => x509/pss_certs}/45/root.crt | 0 .../{pss_x509 => x509/pss_certs}/46/end.crt | 0 .../{pss_x509 => x509/pss_certs}/46/root.crt | 0 .../{pss_x509 => x509/pss_certs}/47/end.crt | 0 .../{pss_x509 => x509/pss_certs}/47/root.crt | 0 .../{pss_x509 => x509/pss_certs}/48/end.crt | 0 .../{pss_x509 => x509/pss_certs}/48/root.crt | 0 .../{pss_x509 => x509/pss_certs}/49/end.crt | 0 .../{pss_x509 => x509/pss_certs}/49/root.crt | 0 .../{pss_x509 => x509/pss_certs}/50/end.crt | 0 .../{pss_x509 => x509/pss_certs}/50/root.crt | 0 .../{pss_x509 => x509/pss_certs}/51/end.crt | 0 .../{pss_x509 => x509/pss_certs}/51/root.crt | 0 .../{pss_x509 => x509/pss_certs}/52/end.crt | 0 .../{pss_x509 => x509/pss_certs}/52/root.crt | 0 .../{pss_x509 => x509/pss_certs}/53/end.crt | 0 .../{pss_x509 => x509/pss_certs}/53/root.crt | 0 .../{pss_x509 => x509/pss_certs}/54/end.crt | 0 .../{pss_x509 => x509/pss_certs}/54/root.crt | 0 .../{pss_x509 => x509/pss_certs}/55/end.crt | 0 .../{pss_x509 => x509/pss_certs}/55/root.crt | 0 .../{pss_x509 => x509/pss_certs}/56/end.crt | 0 .../{pss_x509 => x509/pss_certs}/56/root.crt | 0 .../{pss_x509 => x509/pss_certs}/57/end.crt | 0 .../{pss_x509 => x509/pss_certs}/57/root.crt | 0 .../{pss_x509 => x509/pss_certs}/58/end.crt | 0 .../{pss_x509 => x509/pss_certs}/58/root.crt | 0 .../{pss_x509 => x509/pss_certs}/59/end.crt | 0 .../{pss_x509 => x509/pss_certs}/59/root.crt | 0 .../{pss_x509 => x509/pss_certs}/60/end.crt | 0 .../{pss_x509 => x509/pss_certs}/60/root.crt | 0 .../{pss_x509 => x509/pss_certs}/61/end.crt | 0 .../{pss_x509 => x509/pss_certs}/61/root.crt | 0 .../{pss_x509 => x509/pss_certs}/62/end.crt | 0 .../{pss_x509 => x509/pss_certs}/62/root.crt | 0 .../{pss_x509 => x509/pss_certs}/63/end.crt | 0 .../{pss_x509 => x509/pss_certs}/63/root.crt | 0 .../{pss_x509 => x509/pss_certs}/64/end.crt | 0 .../{pss_x509 => x509/pss_certs}/64/root.crt | 0 .../{pss_x509 => x509/pss_certs}/65/end.crt | 0 .../{pss_x509 => x509/pss_certs}/65/root.crt | 0 .../{pss_x509 => x509/pss_certs}/66/end.crt | 0 .../{pss_x509 => x509/pss_certs}/66/root.crt | 0 .../{pss_x509 => x509/pss_certs}/67/end.crt | 0 .../{pss_x509 => x509/pss_certs}/67/root.crt | 0 .../{pss_x509 => x509/pss_certs}/68/end.crt | 0 .../{pss_x509 => x509/pss_certs}/68/root.crt | 0 .../{pss_x509 => x509/pss_certs}/69/end.crt | 0 .../{pss_x509 => x509/pss_certs}/69/root.crt | 0 .../{pss_x509 => x509/pss_certs}/70/end.crt | 0 .../{pss_x509 => x509/pss_certs}/70/root.crt | 0 .../{pss_x509 => x509/pss_certs}/71/end.crt | 0 .../{pss_x509 => x509/pss_certs}/71/root.crt | 0 .../{pss_x509 => x509/pss_certs}/72/end.crt | 0 .../{pss_x509 => x509/pss_certs}/72/root.crt | 0 .../{pss_x509 => x509/pss_certs}/73/end.crt | 0 .../{pss_x509 => x509/pss_certs}/73/root.crt | 0 .../{pss_x509 => x509/pss_certs}/74/end.crt | 0 .../{pss_x509 => x509/pss_certs}/74/root.crt | 0 .../{pss_x509 => x509/pss_certs}/75/end.crt | 0 .../{pss_x509 => x509/pss_certs}/75/root.crt | 0 .../{pss_x509 => x509/pss_certs}/76/end.crt | 0 .../{pss_x509 => x509/pss_certs}/76/root.crt | 0 .../{pss_x509 => x509/pss_certs}/77/end.crt | 0 .../{pss_x509 => x509/pss_certs}/77/root.crt | 0 .../{pss_x509 => x509/pss_certs}/78/end.crt | 0 .../{pss_x509 => x509/pss_certs}/78/root.crt | 0 .../{pss_x509 => x509/pss_certs}/79/end.crt | 0 .../{pss_x509 => x509/pss_certs}/79/root.crt | 0 .../{pss_x509 => x509/pss_certs}/80/end.crt | 0 .../{pss_x509 => x509/pss_certs}/80/root.crt | 0 .../{pss_x509 => x509/pss_certs}/81/end.crt | 0 .../{pss_x509 => x509/pss_certs}/81/root.crt | 0 .../{pss_x509 => x509/pss_certs}/82/end.crt | 0 .../{pss_x509 => x509/pss_certs}/83/end.crt | 0 .../{pss_x509 => x509/pss_certs}/84/end.crt | 0 .../{pss_x509 => x509/pss_certs}/85/end.crt | 0 .../{pss_x509 => x509/pss_certs}/86/end.crt | 0 .../{pss_x509 => x509/pss_certs}/87/end.crt | 0 .../{pss_x509 => x509/pss_certs}/88/end.crt | 0 .../{pss_x509 => x509/pss_certs}/89/end.crt | 0 .../{pss_x509 => x509/pss_certs}/90/end.crt | 0 .../{pss_x509 => x509/pss_certs}/91/end.crt | 0 .../{pss_x509 => x509/pss_certs}/92/end.crt | 0 .../{pss_x509 => x509/pss_certs}/93/end.crt | 0 .../{pss_x509 => x509/pss_certs}/94/end.crt | 0 .../{pss_x509 => x509/pss_certs}/95/end.crt | 0 .../{pss_x509 => x509/pss_certs}/96/end.crt | Bin .../pss_certs}/97/README.txt | 0 .../{pss_x509 => x509/pss_certs}/97/end.crt | 0 .../{pss_x509 => x509/pss_certs}/97/root.crt | 0 .../pss_certs}/98/README.txt | 0 .../{pss_x509 => x509/pss_certs}/98/end.crt | 0 .../{pss_x509 => x509/pss_certs}/98/root.crt | 0 .../pss_certs}/99/README.txt | 0 .../{pss_x509 => x509/pss_certs}/99/end.crt | 0 .../{pss_x509 => x509/pss_certs}/99/root.crt | 0 .../{pss_x509 => x509/pss_certs}/Sources.txt | 0 .../{pss_x509 => x509/pss_certs}/expected.txt | 0 .../pss_certs}/validation_times.txt | 0 .../x509test/InvalidExtendedKeyUsage.pem | 0 .../{ => x509}/x509test/InvalidIntCAFlag.pem | 0 .../x509test/InvalidIntCAKeyUsage.pem | 0 .../{ => x509}/x509test/InvalidIntCALen.pem | 0 .../{ => x509}/x509test/InvalidIntCALoop.pem | 0 .../x509test/InvalidIntCASelfSign.pem | 0 .../x509test/InvalidIntCAVersionOne.pem | 0 .../x509test/InvalidIntCAVersionTwo.pem | 0 .../{ => x509}/x509test/InvalidKeyUsage.pem | 0 .../data/{ => x509}/x509test/InvalidName.pem | 0 .../x509test/InvalidNameAltName.pem | 0 .../x509test/InvalidNameAltNameWithSubj.pem | 0 .../x509test/InvalidNameConstraintExclude.pem | 0 .../x509test/InvalidNameConstraintPermit.pem | 0 .../InvalidNameConstraintPermitRight.pem | 0 ...InvalidNameConstraintPermitThenExclude.pem | 0 .../{ => x509}/x509test/InvalidNotAfter.pem | 0 .../x509test/InvalidNotAfterChained.pem | 0 .../{ => x509}/x509test/InvalidNotBefore.pem | 0 .../x509test/InvalidNotBeforeChained.pem | 0 .../{ => x509}/x509test/InvalidSelfSign.pem | 0 .../x509test/InvalidWildcardAll.pem | 0 .../x509test/InvalidWildcardAllAltName.pem | 0 .../x509test/InvalidWildcardLeft.pem | 0 .../x509test/InvalidWildcardLeftAltName.pem | 0 .../x509test/InvalidWildcardMid.pem | 0 .../x509test/InvalidWildcardMidAltName.pem | 0 .../x509test/InvalidWildcardMidMixed.pem | 0 .../InvalidWildcardMidMixedAltName.pem | 0 .../x509test/InvalidWildcardSingle.pem | 0 .../x509test/InvalidWildcardSingleAltName.pem | 0 ...issingIntCABasicConstraintWithCertSign.pem | 0 .../x509test/MissingIntCAExtensions.pem | 0 .../data/{ => x509}/x509test/ValidAltName.pem | 0 .../data/{ => x509}/x509test/ValidCert.pem | 0 .../data/{ => x509}/x509test/ValidChained.pem | 0 .../{ => x509}/x509test/ValidIntCALen.pem | 0 .../x509test/ValidNameConstraint.pem | 0 .../{ => x509}/x509test/ValidWildcard.pem | 0 .../data/{ => x509}/x509test/expected.txt | 0 src/tests/data/{ => x509}/x509test/root.pem | 0 src/tests/test_certstor.cpp | 2 +- src/tests/test_ffi.cpp | 2 +- src/tests/test_name_constraint.cpp | 4 +-- src/tests/test_ocsp.cpp | 28 +++++++++--------- src/tests/test_x509_path.cpp | 20 ++++++------- src/tests/unit_ecdsa.cpp | 18 +++++------ src/tests/unit_x509.cpp | 8 ++--- 659 files changed, 41 insertions(+), 41 deletions(-) rename src/tests/data/{ => x509}/certstor/cert1.crt (100%) rename src/tests/data/{ => x509}/certstor/cert2.crt (100%) rename src/tests/data/{ => x509}/certstor/cert3.crt (100%) rename src/tests/data/{ => x509}/certstor/cert4.crt (100%) rename src/tests/data/{ => x509}/certstor/cert5a.crt (100%) rename src/tests/data/{ => x509}/certstor/cert5b.crt (100%) rename src/tests/data/{ => x509}/certstor/key01.pem (100%) rename src/tests/data/{ => x509}/certstor/key03.pem (100%) rename src/tests/data/{ => x509}/certstor/key04.pem (100%) rename src/tests/data/{ => x509}/certstor/key05.pem (100%) rename src/tests/data/{ => x509}/certstor/key06.pem (100%) rename src/tests/data/{ => x509}/ecc/CSCA.CSCA.csca-germany.1.crt (100%) rename src/tests/data/{ => x509}/ecc/ecc_private_with_rfc5915_ext.pem (100%) rename src/tests/data/{ => x509}/ecc/ecc_private_with_rfc5915_parameters.pem (100%) rename src/tests/data/{ => x509}/ecc/link_SHA1.166.crt (100%) rename src/tests/data/{ => x509}/ecc/link_SHA256.cer (100%) rename src/tests/data/{ => x509}/ecc/nodompar_private.pkcs8.pem (100%) rename src/tests/data/{ => x509}/ecc/root2_SHA256.cer (100%) rename src/tests/data/{ => x509}/ecc/root_SHA1.163.crt (100%) rename src/tests/data/{ => x509}/ecc/withdompar_private.pkcs8.pem (100%) rename src/tests/data/{extended_x509 => x509/extended}/01/end.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/01/int.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/01/root.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/02/end.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/02/int1-2.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/02/int1.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/02/root.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/03/end.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/03/int1.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/03/root.crt (100%) rename src/tests/data/{extended_x509 => x509/extended}/expected.txt (100%) rename src/tests/data/{x509test => x509/misc}/contains_bmpstring.pem (100%) rename src/tests/data/{x509test => x509/misc}/contains_utf8string.pem (100%) rename src/tests/data/{misc_certs => x509/misc}/opcuactt_ca.der (100%) rename src/tests/data/{misc_certs => x509/misc}/opcuactt_ca.pem (100%) rename src/tests/data/{ => x509}/name_constraint/Invalid_DN_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Invalid_Email_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Invalid_IP_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Root_DNS_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Root_DN_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Root_Email_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Root_IP_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Valid_DNS_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Valid_DN_Name_Constraint.crt (100%) rename src/tests/data/{ => x509}/name_constraint/Valid_IP_Name_Constraint.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/expected.txt (100%) rename src/tests/data/{nist_x509 => x509/nist}/root.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/root.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test01/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test02/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test02/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test02/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test03/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test03/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test03/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test04/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test04/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test04/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test04/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test04/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test05/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test05/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test05/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test06/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test06/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test06/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test07/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test07/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test07/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test08/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test08/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test08/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test09/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test09/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test09/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test10/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test10/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test10/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test11/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test11/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test11/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test12/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test12/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test12/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test13/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test13/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test13/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test14/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test14/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test14/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test15/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test15/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test15/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test16/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test16/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test16/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test17/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test17/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test17/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test18/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test18/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test18/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test19/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test19/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test20/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test20/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test20/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test21/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test21/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test21/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test22/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test22/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test22/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test23/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test23/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test23/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test24/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test24/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test24/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test25/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test25/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test25/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test26/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test26/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test26/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test27/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test27/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test27/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test28/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test28/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test28/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test29/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test29/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test29/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test30/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test30/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test30/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test31/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test31/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test31/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test32/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test32/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test32/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test33/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test33/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test33/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test34/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test34/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test34/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test35/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test35/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test35/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test36/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test36/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test36/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test36/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test36/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test37/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test37/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test37/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test37/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test37/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test38/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test38/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test38/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test38/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test38/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test39/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test40/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test41/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test42/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test43/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test44/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test45/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test46/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test47/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test48/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test48/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test48/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test49/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test49/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test49/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test50/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test50/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test50/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test51/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test51/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test51/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test52/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test52/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test52/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test53/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test53/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test53/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test54/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test54/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test54/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test54/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test54/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test55/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test55/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test55/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test55/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test55/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test56/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test56/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test56/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test57/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test57/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test57/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test58/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test59/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test60/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test61/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test62/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int3.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int3.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int4.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test63/int4.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test64/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test64/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test64/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test65/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test65/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test65/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test65/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test66/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test66/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test66/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test67/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test67/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test67/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test67/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test68/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test68/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test68/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test68/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test68/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test69/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test69/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test69/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test70/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test70/int1.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test70/int1.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test70/int2.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test70/int2.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test71/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test71/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test71/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test72/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test72/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test72/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test73/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test73/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test73/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test74/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test74/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test74/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test75/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test75/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test75/int.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test76/end.crt (100%) rename src/tests/data/{nist_x509 => x509/nist}/test76/int.crl (100%) rename src/tests/data/{nist_x509 => x509/nist}/test76/int.crt (100%) rename src/tests/data/{ => x509}/ocsp/geotrust.pem (100%) rename src/tests/data/{ => x509}/ocsp/gmail.pem (100%) rename src/tests/data/{ => x509}/ocsp/google_g2.pem (100%) rename src/tests/data/{ => x509}/ocsp/identrust.pem (100%) rename src/tests/data/{ => x509}/ocsp/letsencrypt.pem (100%) rename src/tests/data/{ => x509}/ocsp/randombit.pem (100%) rename src/tests/data/{ => x509}/ocsp/randombit_ocsp.der (100%) rename src/tests/data/{ => x509}/ocsp/resp1.der (100%) rename src/tests/data/{ => x509}/ocsp/resp2.der (100%) rename src/tests/data/{ => x509}/ocsp/resp3.der (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/01/README.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/01/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/01/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/02/README.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/02/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/02/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/03/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/03/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/04/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/04/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/05/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/05/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/06/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/06/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/07/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/07/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/08/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/08/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/09/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/09/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/10/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/10/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/100/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/100/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/101/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/101/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/102/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/102/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/103/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/103/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/104/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/104/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/105/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/105/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/106/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/106/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/107/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/108/crl-rsa-pss-sha1.crl (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/108/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/108/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/109/README.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/109/crl-rsa-pss-sha1-badsign.crl (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/109/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/109/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/11/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/11/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/110/crl-rsa-pss-sha224.crl (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/110/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/110/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/111/crl-rsa-pss-sha256.crl (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/111/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/111/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/112/crl-rsa-pss-sha384.crl (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/112/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/112/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/113/crl-rsa-pss-sha512.crl (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/113/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/113/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/114/server9.req.sha1.csr (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/115/server9.req.sha224.csr (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/116/server9.req.sha256.csr (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/117/server9.req.sha384.csr (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/118/server9.req.sha512.csr (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/12/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/12/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/13/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/13/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/14/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/14/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/15/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/15/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/16/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/16/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/17/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/17/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/18/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/18/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/19/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/19/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/20/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/20/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/21/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/21/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/22/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/22/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/23/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/23/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/24/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/24/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/25/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/25/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/26/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/26/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/27/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/27/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/28/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/28/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/29/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/29/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/30/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/30/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/31/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/31/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/32/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/32/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/33/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/33/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/34/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/34/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/35/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/35/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/36/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/36/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/37/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/37/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/38/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/38/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/39/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/39/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/40/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/40/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/41/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/41/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/42/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/42/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/43/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/43/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/44/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/44/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/45/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/45/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/46/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/46/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/47/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/47/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/48/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/48/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/49/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/49/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/50/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/50/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/51/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/51/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/52/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/52/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/53/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/53/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/54/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/54/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/55/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/55/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/56/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/56/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/57/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/57/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/58/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/58/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/59/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/59/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/60/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/60/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/61/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/61/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/62/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/62/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/63/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/63/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/64/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/64/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/65/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/65/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/66/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/66/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/67/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/67/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/68/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/68/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/69/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/69/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/70/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/70/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/71/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/71/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/72/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/72/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/73/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/73/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/74/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/74/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/75/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/75/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/76/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/76/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/77/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/77/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/78/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/78/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/79/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/79/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/80/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/80/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/81/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/81/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/82/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/83/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/84/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/85/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/86/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/87/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/88/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/89/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/90/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/91/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/92/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/93/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/94/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/95/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/96/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/97/README.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/97/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/97/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/98/README.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/98/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/98/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/99/README.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/99/end.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/99/root.crt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/Sources.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/expected.txt (100%) rename src/tests/data/{pss_x509 => x509/pss_certs}/validation_times.txt (100%) rename src/tests/data/{ => x509}/x509test/InvalidExtendedKeyUsage.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCAFlag.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCAKeyUsage.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCALen.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCALoop.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCASelfSign.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCAVersionOne.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidIntCAVersionTwo.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidKeyUsage.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidName.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNameAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNameAltNameWithSubj.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNameConstraintExclude.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNameConstraintPermit.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNameConstraintPermitRight.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNameConstraintPermitThenExclude.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNotAfter.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNotAfterChained.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNotBefore.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidNotBeforeChained.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidSelfSign.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardAll.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardAllAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardLeft.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardLeftAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardMid.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardMidAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardMidMixed.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardMidMixedAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardSingle.pem (100%) rename src/tests/data/{ => x509}/x509test/InvalidWildcardSingleAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/MissingIntCABasicConstraintWithCertSign.pem (100%) rename src/tests/data/{ => x509}/x509test/MissingIntCAExtensions.pem (100%) rename src/tests/data/{ => x509}/x509test/ValidAltName.pem (100%) rename src/tests/data/{ => x509}/x509test/ValidCert.pem (100%) rename src/tests/data/{ => x509}/x509test/ValidChained.pem (100%) rename src/tests/data/{ => x509}/x509test/ValidIntCALen.pem (100%) rename src/tests/data/{ => x509}/x509test/ValidNameConstraint.pem (100%) rename src/tests/data/{ => x509}/x509test/ValidWildcard.pem (100%) rename src/tests/data/{ => x509}/x509test/expected.txt (100%) rename src/tests/data/{ => x509}/x509test/root.pem (100%) diff --git a/src/tests/data/certstor/cert1.crt b/src/tests/data/x509/certstor/cert1.crt similarity index 100% rename from src/tests/data/certstor/cert1.crt rename to src/tests/data/x509/certstor/cert1.crt diff --git a/src/tests/data/certstor/cert2.crt b/src/tests/data/x509/certstor/cert2.crt similarity index 100% rename from src/tests/data/certstor/cert2.crt rename to src/tests/data/x509/certstor/cert2.crt diff --git a/src/tests/data/certstor/cert3.crt b/src/tests/data/x509/certstor/cert3.crt similarity index 100% rename from src/tests/data/certstor/cert3.crt rename to src/tests/data/x509/certstor/cert3.crt diff --git a/src/tests/data/certstor/cert4.crt b/src/tests/data/x509/certstor/cert4.crt similarity index 100% rename from src/tests/data/certstor/cert4.crt rename to src/tests/data/x509/certstor/cert4.crt diff --git a/src/tests/data/certstor/cert5a.crt b/src/tests/data/x509/certstor/cert5a.crt similarity index 100% rename from src/tests/data/certstor/cert5a.crt rename to src/tests/data/x509/certstor/cert5a.crt diff --git a/src/tests/data/certstor/cert5b.crt b/src/tests/data/x509/certstor/cert5b.crt similarity index 100% rename from src/tests/data/certstor/cert5b.crt rename to src/tests/data/x509/certstor/cert5b.crt diff --git a/src/tests/data/certstor/key01.pem b/src/tests/data/x509/certstor/key01.pem similarity index 100% rename from src/tests/data/certstor/key01.pem rename to src/tests/data/x509/certstor/key01.pem diff --git a/src/tests/data/certstor/key03.pem b/src/tests/data/x509/certstor/key03.pem similarity index 100% rename from src/tests/data/certstor/key03.pem rename to src/tests/data/x509/certstor/key03.pem diff --git a/src/tests/data/certstor/key04.pem b/src/tests/data/x509/certstor/key04.pem similarity index 100% rename from src/tests/data/certstor/key04.pem rename to src/tests/data/x509/certstor/key04.pem diff --git a/src/tests/data/certstor/key05.pem b/src/tests/data/x509/certstor/key05.pem similarity index 100% rename from src/tests/data/certstor/key05.pem rename to src/tests/data/x509/certstor/key05.pem diff --git a/src/tests/data/certstor/key06.pem b/src/tests/data/x509/certstor/key06.pem similarity index 100% rename from src/tests/data/certstor/key06.pem rename to src/tests/data/x509/certstor/key06.pem diff --git a/src/tests/data/ecc/CSCA.CSCA.csca-germany.1.crt b/src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt similarity index 100% rename from src/tests/data/ecc/CSCA.CSCA.csca-germany.1.crt rename to src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt diff --git a/src/tests/data/ecc/ecc_private_with_rfc5915_ext.pem b/src/tests/data/x509/ecc/ecc_private_with_rfc5915_ext.pem similarity index 100% rename from src/tests/data/ecc/ecc_private_with_rfc5915_ext.pem rename to src/tests/data/x509/ecc/ecc_private_with_rfc5915_ext.pem diff --git a/src/tests/data/ecc/ecc_private_with_rfc5915_parameters.pem b/src/tests/data/x509/ecc/ecc_private_with_rfc5915_parameters.pem similarity index 100% rename from src/tests/data/ecc/ecc_private_with_rfc5915_parameters.pem rename to src/tests/data/x509/ecc/ecc_private_with_rfc5915_parameters.pem diff --git a/src/tests/data/ecc/link_SHA1.166.crt b/src/tests/data/x509/ecc/link_SHA1.166.crt similarity index 100% rename from src/tests/data/ecc/link_SHA1.166.crt rename to src/tests/data/x509/ecc/link_SHA1.166.crt diff --git a/src/tests/data/ecc/link_SHA256.cer b/src/tests/data/x509/ecc/link_SHA256.cer similarity index 100% rename from src/tests/data/ecc/link_SHA256.cer rename to src/tests/data/x509/ecc/link_SHA256.cer diff --git a/src/tests/data/ecc/nodompar_private.pkcs8.pem b/src/tests/data/x509/ecc/nodompar_private.pkcs8.pem similarity index 100% rename from src/tests/data/ecc/nodompar_private.pkcs8.pem rename to src/tests/data/x509/ecc/nodompar_private.pkcs8.pem diff --git a/src/tests/data/ecc/root2_SHA256.cer b/src/tests/data/x509/ecc/root2_SHA256.cer similarity index 100% rename from src/tests/data/ecc/root2_SHA256.cer rename to src/tests/data/x509/ecc/root2_SHA256.cer diff --git a/src/tests/data/ecc/root_SHA1.163.crt b/src/tests/data/x509/ecc/root_SHA1.163.crt similarity index 100% rename from src/tests/data/ecc/root_SHA1.163.crt rename to src/tests/data/x509/ecc/root_SHA1.163.crt diff --git a/src/tests/data/ecc/withdompar_private.pkcs8.pem b/src/tests/data/x509/ecc/withdompar_private.pkcs8.pem similarity index 100% rename from src/tests/data/ecc/withdompar_private.pkcs8.pem rename to src/tests/data/x509/ecc/withdompar_private.pkcs8.pem diff --git a/src/tests/data/extended_x509/01/end.crt b/src/tests/data/x509/extended/01/end.crt similarity index 100% rename from src/tests/data/extended_x509/01/end.crt rename to src/tests/data/x509/extended/01/end.crt diff --git a/src/tests/data/extended_x509/01/int.crt b/src/tests/data/x509/extended/01/int.crt similarity index 100% rename from src/tests/data/extended_x509/01/int.crt rename to src/tests/data/x509/extended/01/int.crt diff --git a/src/tests/data/extended_x509/01/root.crt b/src/tests/data/x509/extended/01/root.crt similarity index 100% rename from src/tests/data/extended_x509/01/root.crt rename to src/tests/data/x509/extended/01/root.crt diff --git a/src/tests/data/extended_x509/02/end.crt b/src/tests/data/x509/extended/02/end.crt similarity index 100% rename from src/tests/data/extended_x509/02/end.crt rename to src/tests/data/x509/extended/02/end.crt diff --git a/src/tests/data/extended_x509/02/int1-2.crt b/src/tests/data/x509/extended/02/int1-2.crt similarity index 100% rename from src/tests/data/extended_x509/02/int1-2.crt rename to src/tests/data/x509/extended/02/int1-2.crt diff --git a/src/tests/data/extended_x509/02/int1.crt b/src/tests/data/x509/extended/02/int1.crt similarity index 100% rename from src/tests/data/extended_x509/02/int1.crt rename to src/tests/data/x509/extended/02/int1.crt diff --git a/src/tests/data/extended_x509/02/root.crt b/src/tests/data/x509/extended/02/root.crt similarity index 100% rename from src/tests/data/extended_x509/02/root.crt rename to src/tests/data/x509/extended/02/root.crt diff --git a/src/tests/data/extended_x509/03/end.crt b/src/tests/data/x509/extended/03/end.crt similarity index 100% rename from src/tests/data/extended_x509/03/end.crt rename to src/tests/data/x509/extended/03/end.crt diff --git a/src/tests/data/extended_x509/03/int1.crt b/src/tests/data/x509/extended/03/int1.crt similarity index 100% rename from src/tests/data/extended_x509/03/int1.crt rename to src/tests/data/x509/extended/03/int1.crt diff --git a/src/tests/data/extended_x509/03/root.crt b/src/tests/data/x509/extended/03/root.crt similarity index 100% rename from src/tests/data/extended_x509/03/root.crt rename to src/tests/data/x509/extended/03/root.crt diff --git a/src/tests/data/extended_x509/expected.txt b/src/tests/data/x509/extended/expected.txt similarity index 100% rename from src/tests/data/extended_x509/expected.txt rename to src/tests/data/x509/extended/expected.txt diff --git a/src/tests/data/x509test/contains_bmpstring.pem b/src/tests/data/x509/misc/contains_bmpstring.pem similarity index 100% rename from src/tests/data/x509test/contains_bmpstring.pem rename to src/tests/data/x509/misc/contains_bmpstring.pem diff --git a/src/tests/data/x509test/contains_utf8string.pem b/src/tests/data/x509/misc/contains_utf8string.pem similarity index 100% rename from src/tests/data/x509test/contains_utf8string.pem rename to src/tests/data/x509/misc/contains_utf8string.pem diff --git a/src/tests/data/misc_certs/opcuactt_ca.der b/src/tests/data/x509/misc/opcuactt_ca.der similarity index 100% rename from src/tests/data/misc_certs/opcuactt_ca.der rename to src/tests/data/x509/misc/opcuactt_ca.der diff --git a/src/tests/data/misc_certs/opcuactt_ca.pem b/src/tests/data/x509/misc/opcuactt_ca.pem similarity index 100% rename from src/tests/data/misc_certs/opcuactt_ca.pem rename to src/tests/data/x509/misc/opcuactt_ca.pem diff --git a/src/tests/data/name_constraint/Invalid_DN_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Invalid_DN_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Invalid_DN_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Invalid_DN_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Invalid_Email_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Invalid_Email_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Invalid_Email_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Invalid_Email_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Invalid_IP_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Invalid_IP_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Invalid_IP_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Invalid_IP_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Root_DNS_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Root_DNS_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Root_DNS_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Root_DNS_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Root_DN_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Root_DN_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Root_DN_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Root_DN_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Root_Email_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Root_Email_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Root_Email_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Root_Email_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Root_IP_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Root_IP_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Root_IP_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Root_IP_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Valid_DNS_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Valid_DNS_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Valid_DNS_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Valid_DNS_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Valid_DN_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Valid_DN_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Valid_DN_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Valid_DN_Name_Constraint.crt diff --git a/src/tests/data/name_constraint/Valid_IP_Name_Constraint.crt b/src/tests/data/x509/name_constraint/Valid_IP_Name_Constraint.crt similarity index 100% rename from src/tests/data/name_constraint/Valid_IP_Name_Constraint.crt rename to src/tests/data/x509/name_constraint/Valid_IP_Name_Constraint.crt diff --git a/src/tests/data/nist_x509/expected.txt b/src/tests/data/x509/nist/expected.txt similarity index 100% rename from src/tests/data/nist_x509/expected.txt rename to src/tests/data/x509/nist/expected.txt diff --git a/src/tests/data/nist_x509/root.crl b/src/tests/data/x509/nist/root.crl similarity index 100% rename from src/tests/data/nist_x509/root.crl rename to src/tests/data/x509/nist/root.crl diff --git a/src/tests/data/nist_x509/root.crt b/src/tests/data/x509/nist/root.crt similarity index 100% rename from src/tests/data/nist_x509/root.crt rename to src/tests/data/x509/nist/root.crt diff --git a/src/tests/data/nist_x509/test01/end.crt b/src/tests/data/x509/nist/test01/end.crt similarity index 100% rename from src/tests/data/nist_x509/test01/end.crt rename to src/tests/data/x509/nist/test01/end.crt diff --git a/src/tests/data/nist_x509/test02/end.crt b/src/tests/data/x509/nist/test02/end.crt similarity index 100% rename from src/tests/data/nist_x509/test02/end.crt rename to src/tests/data/x509/nist/test02/end.crt diff --git a/src/tests/data/nist_x509/test02/int.crl b/src/tests/data/x509/nist/test02/int.crl similarity index 100% rename from src/tests/data/nist_x509/test02/int.crl rename to src/tests/data/x509/nist/test02/int.crl diff --git a/src/tests/data/nist_x509/test02/int.crt b/src/tests/data/x509/nist/test02/int.crt similarity index 100% rename from src/tests/data/nist_x509/test02/int.crt rename to src/tests/data/x509/nist/test02/int.crt diff --git a/src/tests/data/nist_x509/test03/end.crt b/src/tests/data/x509/nist/test03/end.crt similarity index 100% rename from src/tests/data/nist_x509/test03/end.crt rename to src/tests/data/x509/nist/test03/end.crt diff --git a/src/tests/data/nist_x509/test03/int.crl b/src/tests/data/x509/nist/test03/int.crl similarity index 100% rename from src/tests/data/nist_x509/test03/int.crl rename to src/tests/data/x509/nist/test03/int.crl diff --git a/src/tests/data/nist_x509/test03/int.crt b/src/tests/data/x509/nist/test03/int.crt similarity index 100% rename from src/tests/data/nist_x509/test03/int.crt rename to src/tests/data/x509/nist/test03/int.crt diff --git a/src/tests/data/nist_x509/test04/end.crt b/src/tests/data/x509/nist/test04/end.crt similarity index 100% rename from src/tests/data/nist_x509/test04/end.crt rename to src/tests/data/x509/nist/test04/end.crt diff --git a/src/tests/data/nist_x509/test04/int1.crl b/src/tests/data/x509/nist/test04/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test04/int1.crl rename to src/tests/data/x509/nist/test04/int1.crl diff --git a/src/tests/data/nist_x509/test04/int1.crt b/src/tests/data/x509/nist/test04/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test04/int1.crt rename to src/tests/data/x509/nist/test04/int1.crt diff --git a/src/tests/data/nist_x509/test04/int2.crl b/src/tests/data/x509/nist/test04/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test04/int2.crl rename to src/tests/data/x509/nist/test04/int2.crl diff --git a/src/tests/data/nist_x509/test04/int2.crt b/src/tests/data/x509/nist/test04/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test04/int2.crt rename to src/tests/data/x509/nist/test04/int2.crt diff --git a/src/tests/data/nist_x509/test05/end.crt b/src/tests/data/x509/nist/test05/end.crt similarity index 100% rename from src/tests/data/nist_x509/test05/end.crt rename to src/tests/data/x509/nist/test05/end.crt diff --git a/src/tests/data/nist_x509/test05/int.crl b/src/tests/data/x509/nist/test05/int.crl similarity index 100% rename from src/tests/data/nist_x509/test05/int.crl rename to src/tests/data/x509/nist/test05/int.crl diff --git a/src/tests/data/nist_x509/test05/int.crt b/src/tests/data/x509/nist/test05/int.crt similarity index 100% rename from src/tests/data/nist_x509/test05/int.crt rename to src/tests/data/x509/nist/test05/int.crt diff --git a/src/tests/data/nist_x509/test06/end.crt b/src/tests/data/x509/nist/test06/end.crt similarity index 100% rename from src/tests/data/nist_x509/test06/end.crt rename to src/tests/data/x509/nist/test06/end.crt diff --git a/src/tests/data/nist_x509/test06/int.crl b/src/tests/data/x509/nist/test06/int.crl similarity index 100% rename from src/tests/data/nist_x509/test06/int.crl rename to src/tests/data/x509/nist/test06/int.crl diff --git a/src/tests/data/nist_x509/test06/int.crt b/src/tests/data/x509/nist/test06/int.crt similarity index 100% rename from src/tests/data/nist_x509/test06/int.crt rename to src/tests/data/x509/nist/test06/int.crt diff --git a/src/tests/data/nist_x509/test07/end.crt b/src/tests/data/x509/nist/test07/end.crt similarity index 100% rename from src/tests/data/nist_x509/test07/end.crt rename to src/tests/data/x509/nist/test07/end.crt diff --git a/src/tests/data/nist_x509/test07/int.crl b/src/tests/data/x509/nist/test07/int.crl similarity index 100% rename from src/tests/data/nist_x509/test07/int.crl rename to src/tests/data/x509/nist/test07/int.crl diff --git a/src/tests/data/nist_x509/test07/int.crt b/src/tests/data/x509/nist/test07/int.crt similarity index 100% rename from src/tests/data/nist_x509/test07/int.crt rename to src/tests/data/x509/nist/test07/int.crt diff --git a/src/tests/data/nist_x509/test08/end.crt b/src/tests/data/x509/nist/test08/end.crt similarity index 100% rename from src/tests/data/nist_x509/test08/end.crt rename to src/tests/data/x509/nist/test08/end.crt diff --git a/src/tests/data/nist_x509/test08/int.crl b/src/tests/data/x509/nist/test08/int.crl similarity index 100% rename from src/tests/data/nist_x509/test08/int.crl rename to src/tests/data/x509/nist/test08/int.crl diff --git a/src/tests/data/nist_x509/test08/int.crt b/src/tests/data/x509/nist/test08/int.crt similarity index 100% rename from src/tests/data/nist_x509/test08/int.crt rename to src/tests/data/x509/nist/test08/int.crt diff --git a/src/tests/data/nist_x509/test09/end.crt b/src/tests/data/x509/nist/test09/end.crt similarity index 100% rename from src/tests/data/nist_x509/test09/end.crt rename to src/tests/data/x509/nist/test09/end.crt diff --git a/src/tests/data/nist_x509/test09/int.crl b/src/tests/data/x509/nist/test09/int.crl similarity index 100% rename from src/tests/data/nist_x509/test09/int.crl rename to src/tests/data/x509/nist/test09/int.crl diff --git a/src/tests/data/nist_x509/test09/int.crt b/src/tests/data/x509/nist/test09/int.crt similarity index 100% rename from src/tests/data/nist_x509/test09/int.crt rename to src/tests/data/x509/nist/test09/int.crt diff --git a/src/tests/data/nist_x509/test10/end.crt b/src/tests/data/x509/nist/test10/end.crt similarity index 100% rename from src/tests/data/nist_x509/test10/end.crt rename to src/tests/data/x509/nist/test10/end.crt diff --git a/src/tests/data/nist_x509/test10/int.crl b/src/tests/data/x509/nist/test10/int.crl similarity index 100% rename from src/tests/data/nist_x509/test10/int.crl rename to src/tests/data/x509/nist/test10/int.crl diff --git a/src/tests/data/nist_x509/test10/int.crt b/src/tests/data/x509/nist/test10/int.crt similarity index 100% rename from src/tests/data/nist_x509/test10/int.crt rename to src/tests/data/x509/nist/test10/int.crt diff --git a/src/tests/data/nist_x509/test11/end.crt b/src/tests/data/x509/nist/test11/end.crt similarity index 100% rename from src/tests/data/nist_x509/test11/end.crt rename to src/tests/data/x509/nist/test11/end.crt diff --git a/src/tests/data/nist_x509/test11/int.crl b/src/tests/data/x509/nist/test11/int.crl similarity index 100% rename from src/tests/data/nist_x509/test11/int.crl rename to src/tests/data/x509/nist/test11/int.crl diff --git a/src/tests/data/nist_x509/test11/int.crt b/src/tests/data/x509/nist/test11/int.crt similarity index 100% rename from src/tests/data/nist_x509/test11/int.crt rename to src/tests/data/x509/nist/test11/int.crt diff --git a/src/tests/data/nist_x509/test12/end.crt b/src/tests/data/x509/nist/test12/end.crt similarity index 100% rename from src/tests/data/nist_x509/test12/end.crt rename to src/tests/data/x509/nist/test12/end.crt diff --git a/src/tests/data/nist_x509/test12/int.crl b/src/tests/data/x509/nist/test12/int.crl similarity index 100% rename from src/tests/data/nist_x509/test12/int.crl rename to src/tests/data/x509/nist/test12/int.crl diff --git a/src/tests/data/nist_x509/test12/int.crt b/src/tests/data/x509/nist/test12/int.crt similarity index 100% rename from src/tests/data/nist_x509/test12/int.crt rename to src/tests/data/x509/nist/test12/int.crt diff --git a/src/tests/data/nist_x509/test13/end.crt b/src/tests/data/x509/nist/test13/end.crt similarity index 100% rename from src/tests/data/nist_x509/test13/end.crt rename to src/tests/data/x509/nist/test13/end.crt diff --git a/src/tests/data/nist_x509/test13/int.crl b/src/tests/data/x509/nist/test13/int.crl similarity index 100% rename from src/tests/data/nist_x509/test13/int.crl rename to src/tests/data/x509/nist/test13/int.crl diff --git a/src/tests/data/nist_x509/test13/int.crt b/src/tests/data/x509/nist/test13/int.crt similarity index 100% rename from src/tests/data/nist_x509/test13/int.crt rename to src/tests/data/x509/nist/test13/int.crt diff --git a/src/tests/data/nist_x509/test14/end.crt b/src/tests/data/x509/nist/test14/end.crt similarity index 100% rename from src/tests/data/nist_x509/test14/end.crt rename to src/tests/data/x509/nist/test14/end.crt diff --git a/src/tests/data/nist_x509/test14/int.crl b/src/tests/data/x509/nist/test14/int.crl similarity index 100% rename from src/tests/data/nist_x509/test14/int.crl rename to src/tests/data/x509/nist/test14/int.crl diff --git a/src/tests/data/nist_x509/test14/int.crt b/src/tests/data/x509/nist/test14/int.crt similarity index 100% rename from src/tests/data/nist_x509/test14/int.crt rename to src/tests/data/x509/nist/test14/int.crt diff --git a/src/tests/data/nist_x509/test15/end.crt b/src/tests/data/x509/nist/test15/end.crt similarity index 100% rename from src/tests/data/nist_x509/test15/end.crt rename to src/tests/data/x509/nist/test15/end.crt diff --git a/src/tests/data/nist_x509/test15/int.crl b/src/tests/data/x509/nist/test15/int.crl similarity index 100% rename from src/tests/data/nist_x509/test15/int.crl rename to src/tests/data/x509/nist/test15/int.crl diff --git a/src/tests/data/nist_x509/test15/int.crt b/src/tests/data/x509/nist/test15/int.crt similarity index 100% rename from src/tests/data/nist_x509/test15/int.crt rename to src/tests/data/x509/nist/test15/int.crt diff --git a/src/tests/data/nist_x509/test16/end.crt b/src/tests/data/x509/nist/test16/end.crt similarity index 100% rename from src/tests/data/nist_x509/test16/end.crt rename to src/tests/data/x509/nist/test16/end.crt diff --git a/src/tests/data/nist_x509/test16/int.crl b/src/tests/data/x509/nist/test16/int.crl similarity index 100% rename from src/tests/data/nist_x509/test16/int.crl rename to src/tests/data/x509/nist/test16/int.crl diff --git a/src/tests/data/nist_x509/test16/int.crt b/src/tests/data/x509/nist/test16/int.crt similarity index 100% rename from src/tests/data/nist_x509/test16/int.crt rename to src/tests/data/x509/nist/test16/int.crt diff --git a/src/tests/data/nist_x509/test17/end.crt b/src/tests/data/x509/nist/test17/end.crt similarity index 100% rename from src/tests/data/nist_x509/test17/end.crt rename to src/tests/data/x509/nist/test17/end.crt diff --git a/src/tests/data/nist_x509/test17/int.crl b/src/tests/data/x509/nist/test17/int.crl similarity index 100% rename from src/tests/data/nist_x509/test17/int.crl rename to src/tests/data/x509/nist/test17/int.crl diff --git a/src/tests/data/nist_x509/test17/int.crt b/src/tests/data/x509/nist/test17/int.crt similarity index 100% rename from src/tests/data/nist_x509/test17/int.crt rename to src/tests/data/x509/nist/test17/int.crt diff --git a/src/tests/data/nist_x509/test18/end.crt b/src/tests/data/x509/nist/test18/end.crt similarity index 100% rename from src/tests/data/nist_x509/test18/end.crt rename to src/tests/data/x509/nist/test18/end.crt diff --git a/src/tests/data/nist_x509/test18/int.crl b/src/tests/data/x509/nist/test18/int.crl similarity index 100% rename from src/tests/data/nist_x509/test18/int.crl rename to src/tests/data/x509/nist/test18/int.crl diff --git a/src/tests/data/nist_x509/test18/int.crt b/src/tests/data/x509/nist/test18/int.crt similarity index 100% rename from src/tests/data/nist_x509/test18/int.crt rename to src/tests/data/x509/nist/test18/int.crt diff --git a/src/tests/data/nist_x509/test19/end.crt b/src/tests/data/x509/nist/test19/end.crt similarity index 100% rename from src/tests/data/nist_x509/test19/end.crt rename to src/tests/data/x509/nist/test19/end.crt diff --git a/src/tests/data/nist_x509/test19/int.crt b/src/tests/data/x509/nist/test19/int.crt similarity index 100% rename from src/tests/data/nist_x509/test19/int.crt rename to src/tests/data/x509/nist/test19/int.crt diff --git a/src/tests/data/nist_x509/test20/end.crt b/src/tests/data/x509/nist/test20/end.crt similarity index 100% rename from src/tests/data/nist_x509/test20/end.crt rename to src/tests/data/x509/nist/test20/end.crt diff --git a/src/tests/data/nist_x509/test20/int.crl b/src/tests/data/x509/nist/test20/int.crl similarity index 100% rename from src/tests/data/nist_x509/test20/int.crl rename to src/tests/data/x509/nist/test20/int.crl diff --git a/src/tests/data/nist_x509/test20/int.crt b/src/tests/data/x509/nist/test20/int.crt similarity index 100% rename from src/tests/data/nist_x509/test20/int.crt rename to src/tests/data/x509/nist/test20/int.crt diff --git a/src/tests/data/nist_x509/test21/end.crt b/src/tests/data/x509/nist/test21/end.crt similarity index 100% rename from src/tests/data/nist_x509/test21/end.crt rename to src/tests/data/x509/nist/test21/end.crt diff --git a/src/tests/data/nist_x509/test21/int.crl b/src/tests/data/x509/nist/test21/int.crl similarity index 100% rename from src/tests/data/nist_x509/test21/int.crl rename to src/tests/data/x509/nist/test21/int.crl diff --git a/src/tests/data/nist_x509/test21/int.crt b/src/tests/data/x509/nist/test21/int.crt similarity index 100% rename from src/tests/data/nist_x509/test21/int.crt rename to src/tests/data/x509/nist/test21/int.crt diff --git a/src/tests/data/nist_x509/test22/end.crt b/src/tests/data/x509/nist/test22/end.crt similarity index 100% rename from src/tests/data/nist_x509/test22/end.crt rename to src/tests/data/x509/nist/test22/end.crt diff --git a/src/tests/data/nist_x509/test22/int.crl b/src/tests/data/x509/nist/test22/int.crl similarity index 100% rename from src/tests/data/nist_x509/test22/int.crl rename to src/tests/data/x509/nist/test22/int.crl diff --git a/src/tests/data/nist_x509/test22/int.crt b/src/tests/data/x509/nist/test22/int.crt similarity index 100% rename from src/tests/data/nist_x509/test22/int.crt rename to src/tests/data/x509/nist/test22/int.crt diff --git a/src/tests/data/nist_x509/test23/end.crt b/src/tests/data/x509/nist/test23/end.crt similarity index 100% rename from src/tests/data/nist_x509/test23/end.crt rename to src/tests/data/x509/nist/test23/end.crt diff --git a/src/tests/data/nist_x509/test23/int.crl b/src/tests/data/x509/nist/test23/int.crl similarity index 100% rename from src/tests/data/nist_x509/test23/int.crl rename to src/tests/data/x509/nist/test23/int.crl diff --git a/src/tests/data/nist_x509/test23/int.crt b/src/tests/data/x509/nist/test23/int.crt similarity index 100% rename from src/tests/data/nist_x509/test23/int.crt rename to src/tests/data/x509/nist/test23/int.crt diff --git a/src/tests/data/nist_x509/test24/end.crt b/src/tests/data/x509/nist/test24/end.crt similarity index 100% rename from src/tests/data/nist_x509/test24/end.crt rename to src/tests/data/x509/nist/test24/end.crt diff --git a/src/tests/data/nist_x509/test24/int.crl b/src/tests/data/x509/nist/test24/int.crl similarity index 100% rename from src/tests/data/nist_x509/test24/int.crl rename to src/tests/data/x509/nist/test24/int.crl diff --git a/src/tests/data/nist_x509/test24/int.crt b/src/tests/data/x509/nist/test24/int.crt similarity index 100% rename from src/tests/data/nist_x509/test24/int.crt rename to src/tests/data/x509/nist/test24/int.crt diff --git a/src/tests/data/nist_x509/test25/end.crt b/src/tests/data/x509/nist/test25/end.crt similarity index 100% rename from src/tests/data/nist_x509/test25/end.crt rename to src/tests/data/x509/nist/test25/end.crt diff --git a/src/tests/data/nist_x509/test25/int.crl b/src/tests/data/x509/nist/test25/int.crl similarity index 100% rename from src/tests/data/nist_x509/test25/int.crl rename to src/tests/data/x509/nist/test25/int.crl diff --git a/src/tests/data/nist_x509/test25/int.crt b/src/tests/data/x509/nist/test25/int.crt similarity index 100% rename from src/tests/data/nist_x509/test25/int.crt rename to src/tests/data/x509/nist/test25/int.crt diff --git a/src/tests/data/nist_x509/test26/end.crt b/src/tests/data/x509/nist/test26/end.crt similarity index 100% rename from src/tests/data/nist_x509/test26/end.crt rename to src/tests/data/x509/nist/test26/end.crt diff --git a/src/tests/data/nist_x509/test26/int.crl b/src/tests/data/x509/nist/test26/int.crl similarity index 100% rename from src/tests/data/nist_x509/test26/int.crl rename to src/tests/data/x509/nist/test26/int.crl diff --git a/src/tests/data/nist_x509/test26/int.crt b/src/tests/data/x509/nist/test26/int.crt similarity index 100% rename from src/tests/data/nist_x509/test26/int.crt rename to src/tests/data/x509/nist/test26/int.crt diff --git a/src/tests/data/nist_x509/test27/end.crt b/src/tests/data/x509/nist/test27/end.crt similarity index 100% rename from src/tests/data/nist_x509/test27/end.crt rename to src/tests/data/x509/nist/test27/end.crt diff --git a/src/tests/data/nist_x509/test27/int.crl b/src/tests/data/x509/nist/test27/int.crl similarity index 100% rename from src/tests/data/nist_x509/test27/int.crl rename to src/tests/data/x509/nist/test27/int.crl diff --git a/src/tests/data/nist_x509/test27/int.crt b/src/tests/data/x509/nist/test27/int.crt similarity index 100% rename from src/tests/data/nist_x509/test27/int.crt rename to src/tests/data/x509/nist/test27/int.crt diff --git a/src/tests/data/nist_x509/test28/end.crt b/src/tests/data/x509/nist/test28/end.crt similarity index 100% rename from src/tests/data/nist_x509/test28/end.crt rename to src/tests/data/x509/nist/test28/end.crt diff --git a/src/tests/data/nist_x509/test28/int.crl b/src/tests/data/x509/nist/test28/int.crl similarity index 100% rename from src/tests/data/nist_x509/test28/int.crl rename to src/tests/data/x509/nist/test28/int.crl diff --git a/src/tests/data/nist_x509/test28/int.crt b/src/tests/data/x509/nist/test28/int.crt similarity index 100% rename from src/tests/data/nist_x509/test28/int.crt rename to src/tests/data/x509/nist/test28/int.crt diff --git a/src/tests/data/nist_x509/test29/end.crt b/src/tests/data/x509/nist/test29/end.crt similarity index 100% rename from src/tests/data/nist_x509/test29/end.crt rename to src/tests/data/x509/nist/test29/end.crt diff --git a/src/tests/data/nist_x509/test29/int.crl b/src/tests/data/x509/nist/test29/int.crl similarity index 100% rename from src/tests/data/nist_x509/test29/int.crl rename to src/tests/data/x509/nist/test29/int.crl diff --git a/src/tests/data/nist_x509/test29/int.crt b/src/tests/data/x509/nist/test29/int.crt similarity index 100% rename from src/tests/data/nist_x509/test29/int.crt rename to src/tests/data/x509/nist/test29/int.crt diff --git a/src/tests/data/nist_x509/test30/end.crt b/src/tests/data/x509/nist/test30/end.crt similarity index 100% rename from src/tests/data/nist_x509/test30/end.crt rename to src/tests/data/x509/nist/test30/end.crt diff --git a/src/tests/data/nist_x509/test30/int.crl b/src/tests/data/x509/nist/test30/int.crl similarity index 100% rename from src/tests/data/nist_x509/test30/int.crl rename to src/tests/data/x509/nist/test30/int.crl diff --git a/src/tests/data/nist_x509/test30/int.crt b/src/tests/data/x509/nist/test30/int.crt similarity index 100% rename from src/tests/data/nist_x509/test30/int.crt rename to src/tests/data/x509/nist/test30/int.crt diff --git a/src/tests/data/nist_x509/test31/end.crt b/src/tests/data/x509/nist/test31/end.crt similarity index 100% rename from src/tests/data/nist_x509/test31/end.crt rename to src/tests/data/x509/nist/test31/end.crt diff --git a/src/tests/data/nist_x509/test31/int.crl b/src/tests/data/x509/nist/test31/int.crl similarity index 100% rename from src/tests/data/nist_x509/test31/int.crl rename to src/tests/data/x509/nist/test31/int.crl diff --git a/src/tests/data/nist_x509/test31/int.crt b/src/tests/data/x509/nist/test31/int.crt similarity index 100% rename from src/tests/data/nist_x509/test31/int.crt rename to src/tests/data/x509/nist/test31/int.crt diff --git a/src/tests/data/nist_x509/test32/end.crt b/src/tests/data/x509/nist/test32/end.crt similarity index 100% rename from src/tests/data/nist_x509/test32/end.crt rename to src/tests/data/x509/nist/test32/end.crt diff --git a/src/tests/data/nist_x509/test32/int.crl b/src/tests/data/x509/nist/test32/int.crl similarity index 100% rename from src/tests/data/nist_x509/test32/int.crl rename to src/tests/data/x509/nist/test32/int.crl diff --git a/src/tests/data/nist_x509/test32/int.crt b/src/tests/data/x509/nist/test32/int.crt similarity index 100% rename from src/tests/data/nist_x509/test32/int.crt rename to src/tests/data/x509/nist/test32/int.crt diff --git a/src/tests/data/nist_x509/test33/end.crt b/src/tests/data/x509/nist/test33/end.crt similarity index 100% rename from src/tests/data/nist_x509/test33/end.crt rename to src/tests/data/x509/nist/test33/end.crt diff --git a/src/tests/data/nist_x509/test33/int.crl b/src/tests/data/x509/nist/test33/int.crl similarity index 100% rename from src/tests/data/nist_x509/test33/int.crl rename to src/tests/data/x509/nist/test33/int.crl diff --git a/src/tests/data/nist_x509/test33/int.crt b/src/tests/data/x509/nist/test33/int.crt similarity index 100% rename from src/tests/data/nist_x509/test33/int.crt rename to src/tests/data/x509/nist/test33/int.crt diff --git a/src/tests/data/nist_x509/test34/end.crt b/src/tests/data/x509/nist/test34/end.crt similarity index 100% rename from src/tests/data/nist_x509/test34/end.crt rename to src/tests/data/x509/nist/test34/end.crt diff --git a/src/tests/data/nist_x509/test34/int.crl b/src/tests/data/x509/nist/test34/int.crl similarity index 100% rename from src/tests/data/nist_x509/test34/int.crl rename to src/tests/data/x509/nist/test34/int.crl diff --git a/src/tests/data/nist_x509/test34/int.crt b/src/tests/data/x509/nist/test34/int.crt similarity index 100% rename from src/tests/data/nist_x509/test34/int.crt rename to src/tests/data/x509/nist/test34/int.crt diff --git a/src/tests/data/nist_x509/test35/end.crt b/src/tests/data/x509/nist/test35/end.crt similarity index 100% rename from src/tests/data/nist_x509/test35/end.crt rename to src/tests/data/x509/nist/test35/end.crt diff --git a/src/tests/data/nist_x509/test35/int.crl b/src/tests/data/x509/nist/test35/int.crl similarity index 100% rename from src/tests/data/nist_x509/test35/int.crl rename to src/tests/data/x509/nist/test35/int.crl diff --git a/src/tests/data/nist_x509/test35/int.crt b/src/tests/data/x509/nist/test35/int.crt similarity index 100% rename from src/tests/data/nist_x509/test35/int.crt rename to src/tests/data/x509/nist/test35/int.crt diff --git a/src/tests/data/nist_x509/test36/end.crt b/src/tests/data/x509/nist/test36/end.crt similarity index 100% rename from src/tests/data/nist_x509/test36/end.crt rename to src/tests/data/x509/nist/test36/end.crt diff --git a/src/tests/data/nist_x509/test36/int1.crl b/src/tests/data/x509/nist/test36/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test36/int1.crl rename to src/tests/data/x509/nist/test36/int1.crl diff --git a/src/tests/data/nist_x509/test36/int1.crt b/src/tests/data/x509/nist/test36/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test36/int1.crt rename to src/tests/data/x509/nist/test36/int1.crt diff --git a/src/tests/data/nist_x509/test36/int2.crl b/src/tests/data/x509/nist/test36/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test36/int2.crl rename to src/tests/data/x509/nist/test36/int2.crl diff --git a/src/tests/data/nist_x509/test36/int2.crt b/src/tests/data/x509/nist/test36/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test36/int2.crt rename to src/tests/data/x509/nist/test36/int2.crt diff --git a/src/tests/data/nist_x509/test37/end.crt b/src/tests/data/x509/nist/test37/end.crt similarity index 100% rename from src/tests/data/nist_x509/test37/end.crt rename to src/tests/data/x509/nist/test37/end.crt diff --git a/src/tests/data/nist_x509/test37/int1.crl b/src/tests/data/x509/nist/test37/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test37/int1.crl rename to src/tests/data/x509/nist/test37/int1.crl diff --git a/src/tests/data/nist_x509/test37/int1.crt b/src/tests/data/x509/nist/test37/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test37/int1.crt rename to src/tests/data/x509/nist/test37/int1.crt diff --git a/src/tests/data/nist_x509/test37/int2.crl b/src/tests/data/x509/nist/test37/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test37/int2.crl rename to src/tests/data/x509/nist/test37/int2.crl diff --git a/src/tests/data/nist_x509/test37/int2.crt b/src/tests/data/x509/nist/test37/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test37/int2.crt rename to src/tests/data/x509/nist/test37/int2.crt diff --git a/src/tests/data/nist_x509/test38/end.crt b/src/tests/data/x509/nist/test38/end.crt similarity index 100% rename from src/tests/data/nist_x509/test38/end.crt rename to src/tests/data/x509/nist/test38/end.crt diff --git a/src/tests/data/nist_x509/test38/int1.crl b/src/tests/data/x509/nist/test38/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test38/int1.crl rename to src/tests/data/x509/nist/test38/int1.crl diff --git a/src/tests/data/nist_x509/test38/int1.crt b/src/tests/data/x509/nist/test38/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test38/int1.crt rename to src/tests/data/x509/nist/test38/int1.crt diff --git a/src/tests/data/nist_x509/test38/int2.crl b/src/tests/data/x509/nist/test38/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test38/int2.crl rename to src/tests/data/x509/nist/test38/int2.crl diff --git a/src/tests/data/nist_x509/test38/int2.crt b/src/tests/data/x509/nist/test38/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test38/int2.crt rename to src/tests/data/x509/nist/test38/int2.crt diff --git a/src/tests/data/nist_x509/test39/end.crt b/src/tests/data/x509/nist/test39/end.crt similarity index 100% rename from src/tests/data/nist_x509/test39/end.crt rename to src/tests/data/x509/nist/test39/end.crt diff --git a/src/tests/data/nist_x509/test39/int1.crl b/src/tests/data/x509/nist/test39/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test39/int1.crl rename to src/tests/data/x509/nist/test39/int1.crl diff --git a/src/tests/data/nist_x509/test39/int1.crt b/src/tests/data/x509/nist/test39/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test39/int1.crt rename to src/tests/data/x509/nist/test39/int1.crt diff --git a/src/tests/data/nist_x509/test39/int2.crl b/src/tests/data/x509/nist/test39/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test39/int2.crl rename to src/tests/data/x509/nist/test39/int2.crl diff --git a/src/tests/data/nist_x509/test39/int2.crt b/src/tests/data/x509/nist/test39/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test39/int2.crt rename to src/tests/data/x509/nist/test39/int2.crt diff --git a/src/tests/data/nist_x509/test39/int3.crl b/src/tests/data/x509/nist/test39/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test39/int3.crl rename to src/tests/data/x509/nist/test39/int3.crl diff --git a/src/tests/data/nist_x509/test39/int3.crt b/src/tests/data/x509/nist/test39/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test39/int3.crt rename to src/tests/data/x509/nist/test39/int3.crt diff --git a/src/tests/data/nist_x509/test40/end.crt b/src/tests/data/x509/nist/test40/end.crt similarity index 100% rename from src/tests/data/nist_x509/test40/end.crt rename to src/tests/data/x509/nist/test40/end.crt diff --git a/src/tests/data/nist_x509/test40/int1.crl b/src/tests/data/x509/nist/test40/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test40/int1.crl rename to src/tests/data/x509/nist/test40/int1.crl diff --git a/src/tests/data/nist_x509/test40/int1.crt b/src/tests/data/x509/nist/test40/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test40/int1.crt rename to src/tests/data/x509/nist/test40/int1.crt diff --git a/src/tests/data/nist_x509/test40/int2.crl b/src/tests/data/x509/nist/test40/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test40/int2.crl rename to src/tests/data/x509/nist/test40/int2.crl diff --git a/src/tests/data/nist_x509/test40/int2.crt b/src/tests/data/x509/nist/test40/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test40/int2.crt rename to src/tests/data/x509/nist/test40/int2.crt diff --git a/src/tests/data/nist_x509/test40/int3.crl b/src/tests/data/x509/nist/test40/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test40/int3.crl rename to src/tests/data/x509/nist/test40/int3.crl diff --git a/src/tests/data/nist_x509/test40/int3.crt b/src/tests/data/x509/nist/test40/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test40/int3.crt rename to src/tests/data/x509/nist/test40/int3.crt diff --git a/src/tests/data/nist_x509/test41/end.crt b/src/tests/data/x509/nist/test41/end.crt similarity index 100% rename from src/tests/data/nist_x509/test41/end.crt rename to src/tests/data/x509/nist/test41/end.crt diff --git a/src/tests/data/nist_x509/test41/int1.crl b/src/tests/data/x509/nist/test41/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test41/int1.crl rename to src/tests/data/x509/nist/test41/int1.crl diff --git a/src/tests/data/nist_x509/test41/int1.crt b/src/tests/data/x509/nist/test41/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test41/int1.crt rename to src/tests/data/x509/nist/test41/int1.crt diff --git a/src/tests/data/nist_x509/test41/int2.crl b/src/tests/data/x509/nist/test41/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test41/int2.crl rename to src/tests/data/x509/nist/test41/int2.crl diff --git a/src/tests/data/nist_x509/test41/int2.crt b/src/tests/data/x509/nist/test41/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test41/int2.crt rename to src/tests/data/x509/nist/test41/int2.crt diff --git a/src/tests/data/nist_x509/test41/int3.crl b/src/tests/data/x509/nist/test41/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test41/int3.crl rename to src/tests/data/x509/nist/test41/int3.crl diff --git a/src/tests/data/nist_x509/test41/int3.crt b/src/tests/data/x509/nist/test41/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test41/int3.crt rename to src/tests/data/x509/nist/test41/int3.crt diff --git a/src/tests/data/nist_x509/test42/end.crt b/src/tests/data/x509/nist/test42/end.crt similarity index 100% rename from src/tests/data/nist_x509/test42/end.crt rename to src/tests/data/x509/nist/test42/end.crt diff --git a/src/tests/data/nist_x509/test42/int1.crl b/src/tests/data/x509/nist/test42/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test42/int1.crl rename to src/tests/data/x509/nist/test42/int1.crl diff --git a/src/tests/data/nist_x509/test42/int1.crt b/src/tests/data/x509/nist/test42/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test42/int1.crt rename to src/tests/data/x509/nist/test42/int1.crt diff --git a/src/tests/data/nist_x509/test42/int2.crl b/src/tests/data/x509/nist/test42/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test42/int2.crl rename to src/tests/data/x509/nist/test42/int2.crl diff --git a/src/tests/data/nist_x509/test42/int2.crt b/src/tests/data/x509/nist/test42/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test42/int2.crt rename to src/tests/data/x509/nist/test42/int2.crt diff --git a/src/tests/data/nist_x509/test42/int3.crl b/src/tests/data/x509/nist/test42/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test42/int3.crl rename to src/tests/data/x509/nist/test42/int3.crl diff --git a/src/tests/data/nist_x509/test42/int3.crt b/src/tests/data/x509/nist/test42/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test42/int3.crt rename to src/tests/data/x509/nist/test42/int3.crt diff --git a/src/tests/data/nist_x509/test42/int4.crl b/src/tests/data/x509/nist/test42/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test42/int4.crl rename to src/tests/data/x509/nist/test42/int4.crl diff --git a/src/tests/data/nist_x509/test42/int4.crt b/src/tests/data/x509/nist/test42/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test42/int4.crt rename to src/tests/data/x509/nist/test42/int4.crt diff --git a/src/tests/data/nist_x509/test43/end.crt b/src/tests/data/x509/nist/test43/end.crt similarity index 100% rename from src/tests/data/nist_x509/test43/end.crt rename to src/tests/data/x509/nist/test43/end.crt diff --git a/src/tests/data/nist_x509/test43/int1.crl b/src/tests/data/x509/nist/test43/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test43/int1.crl rename to src/tests/data/x509/nist/test43/int1.crl diff --git a/src/tests/data/nist_x509/test43/int1.crt b/src/tests/data/x509/nist/test43/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test43/int1.crt rename to src/tests/data/x509/nist/test43/int1.crt diff --git a/src/tests/data/nist_x509/test43/int2.crl b/src/tests/data/x509/nist/test43/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test43/int2.crl rename to src/tests/data/x509/nist/test43/int2.crl diff --git a/src/tests/data/nist_x509/test43/int2.crt b/src/tests/data/x509/nist/test43/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test43/int2.crt rename to src/tests/data/x509/nist/test43/int2.crt diff --git a/src/tests/data/nist_x509/test43/int3.crl b/src/tests/data/x509/nist/test43/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test43/int3.crl rename to src/tests/data/x509/nist/test43/int3.crl diff --git a/src/tests/data/nist_x509/test43/int3.crt b/src/tests/data/x509/nist/test43/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test43/int3.crt rename to src/tests/data/x509/nist/test43/int3.crt diff --git a/src/tests/data/nist_x509/test43/int4.crl b/src/tests/data/x509/nist/test43/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test43/int4.crl rename to src/tests/data/x509/nist/test43/int4.crl diff --git a/src/tests/data/nist_x509/test43/int4.crt b/src/tests/data/x509/nist/test43/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test43/int4.crt rename to src/tests/data/x509/nist/test43/int4.crt diff --git a/src/tests/data/nist_x509/test44/end.crt b/src/tests/data/x509/nist/test44/end.crt similarity index 100% rename from src/tests/data/nist_x509/test44/end.crt rename to src/tests/data/x509/nist/test44/end.crt diff --git a/src/tests/data/nist_x509/test44/int1.crl b/src/tests/data/x509/nist/test44/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test44/int1.crl rename to src/tests/data/x509/nist/test44/int1.crl diff --git a/src/tests/data/nist_x509/test44/int1.crt b/src/tests/data/x509/nist/test44/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test44/int1.crt rename to src/tests/data/x509/nist/test44/int1.crt diff --git a/src/tests/data/nist_x509/test44/int2.crl b/src/tests/data/x509/nist/test44/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test44/int2.crl rename to src/tests/data/x509/nist/test44/int2.crl diff --git a/src/tests/data/nist_x509/test44/int2.crt b/src/tests/data/x509/nist/test44/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test44/int2.crt rename to src/tests/data/x509/nist/test44/int2.crt diff --git a/src/tests/data/nist_x509/test44/int3.crl b/src/tests/data/x509/nist/test44/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test44/int3.crl rename to src/tests/data/x509/nist/test44/int3.crl diff --git a/src/tests/data/nist_x509/test44/int3.crt b/src/tests/data/x509/nist/test44/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test44/int3.crt rename to src/tests/data/x509/nist/test44/int3.crt diff --git a/src/tests/data/nist_x509/test44/int4.crl b/src/tests/data/x509/nist/test44/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test44/int4.crl rename to src/tests/data/x509/nist/test44/int4.crl diff --git a/src/tests/data/nist_x509/test44/int4.crt b/src/tests/data/x509/nist/test44/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test44/int4.crt rename to src/tests/data/x509/nist/test44/int4.crt diff --git a/src/tests/data/nist_x509/test45/end.crt b/src/tests/data/x509/nist/test45/end.crt similarity index 100% rename from src/tests/data/nist_x509/test45/end.crt rename to src/tests/data/x509/nist/test45/end.crt diff --git a/src/tests/data/nist_x509/test45/int1.crl b/src/tests/data/x509/nist/test45/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test45/int1.crl rename to src/tests/data/x509/nist/test45/int1.crl diff --git a/src/tests/data/nist_x509/test45/int1.crt b/src/tests/data/x509/nist/test45/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test45/int1.crt rename to src/tests/data/x509/nist/test45/int1.crt diff --git a/src/tests/data/nist_x509/test45/int2.crl b/src/tests/data/x509/nist/test45/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test45/int2.crl rename to src/tests/data/x509/nist/test45/int2.crl diff --git a/src/tests/data/nist_x509/test45/int2.crt b/src/tests/data/x509/nist/test45/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test45/int2.crt rename to src/tests/data/x509/nist/test45/int2.crt diff --git a/src/tests/data/nist_x509/test45/int3.crl b/src/tests/data/x509/nist/test45/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test45/int3.crl rename to src/tests/data/x509/nist/test45/int3.crl diff --git a/src/tests/data/nist_x509/test45/int3.crt b/src/tests/data/x509/nist/test45/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test45/int3.crt rename to src/tests/data/x509/nist/test45/int3.crt diff --git a/src/tests/data/nist_x509/test45/int4.crl b/src/tests/data/x509/nist/test45/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test45/int4.crl rename to src/tests/data/x509/nist/test45/int4.crl diff --git a/src/tests/data/nist_x509/test45/int4.crt b/src/tests/data/x509/nist/test45/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test45/int4.crt rename to src/tests/data/x509/nist/test45/int4.crt diff --git a/src/tests/data/nist_x509/test46/end.crt b/src/tests/data/x509/nist/test46/end.crt similarity index 100% rename from src/tests/data/nist_x509/test46/end.crt rename to src/tests/data/x509/nist/test46/end.crt diff --git a/src/tests/data/nist_x509/test46/int1.crl b/src/tests/data/x509/nist/test46/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test46/int1.crl rename to src/tests/data/x509/nist/test46/int1.crl diff --git a/src/tests/data/nist_x509/test46/int1.crt b/src/tests/data/x509/nist/test46/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test46/int1.crt rename to src/tests/data/x509/nist/test46/int1.crt diff --git a/src/tests/data/nist_x509/test46/int2.crl b/src/tests/data/x509/nist/test46/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test46/int2.crl rename to src/tests/data/x509/nist/test46/int2.crl diff --git a/src/tests/data/nist_x509/test46/int2.crt b/src/tests/data/x509/nist/test46/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test46/int2.crt rename to src/tests/data/x509/nist/test46/int2.crt diff --git a/src/tests/data/nist_x509/test46/int3.crl b/src/tests/data/x509/nist/test46/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test46/int3.crl rename to src/tests/data/x509/nist/test46/int3.crl diff --git a/src/tests/data/nist_x509/test46/int3.crt b/src/tests/data/x509/nist/test46/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test46/int3.crt rename to src/tests/data/x509/nist/test46/int3.crt diff --git a/src/tests/data/nist_x509/test46/int4.crl b/src/tests/data/x509/nist/test46/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test46/int4.crl rename to src/tests/data/x509/nist/test46/int4.crl diff --git a/src/tests/data/nist_x509/test46/int4.crt b/src/tests/data/x509/nist/test46/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test46/int4.crt rename to src/tests/data/x509/nist/test46/int4.crt diff --git a/src/tests/data/nist_x509/test47/end.crt b/src/tests/data/x509/nist/test47/end.crt similarity index 100% rename from src/tests/data/nist_x509/test47/end.crt rename to src/tests/data/x509/nist/test47/end.crt diff --git a/src/tests/data/nist_x509/test47/int1.crl b/src/tests/data/x509/nist/test47/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test47/int1.crl rename to src/tests/data/x509/nist/test47/int1.crl diff --git a/src/tests/data/nist_x509/test47/int1.crt b/src/tests/data/x509/nist/test47/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test47/int1.crt rename to src/tests/data/x509/nist/test47/int1.crt diff --git a/src/tests/data/nist_x509/test47/int2.crl b/src/tests/data/x509/nist/test47/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test47/int2.crl rename to src/tests/data/x509/nist/test47/int2.crl diff --git a/src/tests/data/nist_x509/test47/int2.crt b/src/tests/data/x509/nist/test47/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test47/int2.crt rename to src/tests/data/x509/nist/test47/int2.crt diff --git a/src/tests/data/nist_x509/test47/int3.crl b/src/tests/data/x509/nist/test47/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test47/int3.crl rename to src/tests/data/x509/nist/test47/int3.crl diff --git a/src/tests/data/nist_x509/test47/int3.crt b/src/tests/data/x509/nist/test47/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test47/int3.crt rename to src/tests/data/x509/nist/test47/int3.crt diff --git a/src/tests/data/nist_x509/test47/int4.crl b/src/tests/data/x509/nist/test47/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test47/int4.crl rename to src/tests/data/x509/nist/test47/int4.crl diff --git a/src/tests/data/nist_x509/test47/int4.crt b/src/tests/data/x509/nist/test47/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test47/int4.crt rename to src/tests/data/x509/nist/test47/int4.crt diff --git a/src/tests/data/nist_x509/test48/end.crt b/src/tests/data/x509/nist/test48/end.crt similarity index 100% rename from src/tests/data/nist_x509/test48/end.crt rename to src/tests/data/x509/nist/test48/end.crt diff --git a/src/tests/data/nist_x509/test48/int.crl b/src/tests/data/x509/nist/test48/int.crl similarity index 100% rename from src/tests/data/nist_x509/test48/int.crl rename to src/tests/data/x509/nist/test48/int.crl diff --git a/src/tests/data/nist_x509/test48/int.crt b/src/tests/data/x509/nist/test48/int.crt similarity index 100% rename from src/tests/data/nist_x509/test48/int.crt rename to src/tests/data/x509/nist/test48/int.crt diff --git a/src/tests/data/nist_x509/test49/end.crt b/src/tests/data/x509/nist/test49/end.crt similarity index 100% rename from src/tests/data/nist_x509/test49/end.crt rename to src/tests/data/x509/nist/test49/end.crt diff --git a/src/tests/data/nist_x509/test49/int.crl b/src/tests/data/x509/nist/test49/int.crl similarity index 100% rename from src/tests/data/nist_x509/test49/int.crl rename to src/tests/data/x509/nist/test49/int.crl diff --git a/src/tests/data/nist_x509/test49/int.crt b/src/tests/data/x509/nist/test49/int.crt similarity index 100% rename from src/tests/data/nist_x509/test49/int.crt rename to src/tests/data/x509/nist/test49/int.crt diff --git a/src/tests/data/nist_x509/test50/end.crt b/src/tests/data/x509/nist/test50/end.crt similarity index 100% rename from src/tests/data/nist_x509/test50/end.crt rename to src/tests/data/x509/nist/test50/end.crt diff --git a/src/tests/data/nist_x509/test50/int.crl b/src/tests/data/x509/nist/test50/int.crl similarity index 100% rename from src/tests/data/nist_x509/test50/int.crl rename to src/tests/data/x509/nist/test50/int.crl diff --git a/src/tests/data/nist_x509/test50/int.crt b/src/tests/data/x509/nist/test50/int.crt similarity index 100% rename from src/tests/data/nist_x509/test50/int.crt rename to src/tests/data/x509/nist/test50/int.crt diff --git a/src/tests/data/nist_x509/test51/end.crt b/src/tests/data/x509/nist/test51/end.crt similarity index 100% rename from src/tests/data/nist_x509/test51/end.crt rename to src/tests/data/x509/nist/test51/end.crt diff --git a/src/tests/data/nist_x509/test51/int.crl b/src/tests/data/x509/nist/test51/int.crl similarity index 100% rename from src/tests/data/nist_x509/test51/int.crl rename to src/tests/data/x509/nist/test51/int.crl diff --git a/src/tests/data/nist_x509/test51/int.crt b/src/tests/data/x509/nist/test51/int.crt similarity index 100% rename from src/tests/data/nist_x509/test51/int.crt rename to src/tests/data/x509/nist/test51/int.crt diff --git a/src/tests/data/nist_x509/test52/end.crt b/src/tests/data/x509/nist/test52/end.crt similarity index 100% rename from src/tests/data/nist_x509/test52/end.crt rename to src/tests/data/x509/nist/test52/end.crt diff --git a/src/tests/data/nist_x509/test52/int.crl b/src/tests/data/x509/nist/test52/int.crl similarity index 100% rename from src/tests/data/nist_x509/test52/int.crl rename to src/tests/data/x509/nist/test52/int.crl diff --git a/src/tests/data/nist_x509/test52/int.crt b/src/tests/data/x509/nist/test52/int.crt similarity index 100% rename from src/tests/data/nist_x509/test52/int.crt rename to src/tests/data/x509/nist/test52/int.crt diff --git a/src/tests/data/nist_x509/test53/end.crt b/src/tests/data/x509/nist/test53/end.crt similarity index 100% rename from src/tests/data/nist_x509/test53/end.crt rename to src/tests/data/x509/nist/test53/end.crt diff --git a/src/tests/data/nist_x509/test53/int.crl b/src/tests/data/x509/nist/test53/int.crl similarity index 100% rename from src/tests/data/nist_x509/test53/int.crl rename to src/tests/data/x509/nist/test53/int.crl diff --git a/src/tests/data/nist_x509/test53/int.crt b/src/tests/data/x509/nist/test53/int.crt similarity index 100% rename from src/tests/data/nist_x509/test53/int.crt rename to src/tests/data/x509/nist/test53/int.crt diff --git a/src/tests/data/nist_x509/test54/end.crt b/src/tests/data/x509/nist/test54/end.crt similarity index 100% rename from src/tests/data/nist_x509/test54/end.crt rename to src/tests/data/x509/nist/test54/end.crt diff --git a/src/tests/data/nist_x509/test54/int1.crl b/src/tests/data/x509/nist/test54/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test54/int1.crl rename to src/tests/data/x509/nist/test54/int1.crl diff --git a/src/tests/data/nist_x509/test54/int1.crt b/src/tests/data/x509/nist/test54/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test54/int1.crt rename to src/tests/data/x509/nist/test54/int1.crt diff --git a/src/tests/data/nist_x509/test54/int2.crl b/src/tests/data/x509/nist/test54/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test54/int2.crl rename to src/tests/data/x509/nist/test54/int2.crl diff --git a/src/tests/data/nist_x509/test54/int2.crt b/src/tests/data/x509/nist/test54/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test54/int2.crt rename to src/tests/data/x509/nist/test54/int2.crt diff --git a/src/tests/data/nist_x509/test55/end.crt b/src/tests/data/x509/nist/test55/end.crt similarity index 100% rename from src/tests/data/nist_x509/test55/end.crt rename to src/tests/data/x509/nist/test55/end.crt diff --git a/src/tests/data/nist_x509/test55/int1.crl b/src/tests/data/x509/nist/test55/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test55/int1.crl rename to src/tests/data/x509/nist/test55/int1.crl diff --git a/src/tests/data/nist_x509/test55/int1.crt b/src/tests/data/x509/nist/test55/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test55/int1.crt rename to src/tests/data/x509/nist/test55/int1.crt diff --git a/src/tests/data/nist_x509/test55/int2.crl b/src/tests/data/x509/nist/test55/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test55/int2.crl rename to src/tests/data/x509/nist/test55/int2.crl diff --git a/src/tests/data/nist_x509/test55/int2.crt b/src/tests/data/x509/nist/test55/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test55/int2.crt rename to src/tests/data/x509/nist/test55/int2.crt diff --git a/src/tests/data/nist_x509/test56/end.crt b/src/tests/data/x509/nist/test56/end.crt similarity index 100% rename from src/tests/data/nist_x509/test56/end.crt rename to src/tests/data/x509/nist/test56/end.crt diff --git a/src/tests/data/nist_x509/test56/int.crl b/src/tests/data/x509/nist/test56/int.crl similarity index 100% rename from src/tests/data/nist_x509/test56/int.crl rename to src/tests/data/x509/nist/test56/int.crl diff --git a/src/tests/data/nist_x509/test56/int.crt b/src/tests/data/x509/nist/test56/int.crt similarity index 100% rename from src/tests/data/nist_x509/test56/int.crt rename to src/tests/data/x509/nist/test56/int.crt diff --git a/src/tests/data/nist_x509/test57/end.crt b/src/tests/data/x509/nist/test57/end.crt similarity index 100% rename from src/tests/data/nist_x509/test57/end.crt rename to src/tests/data/x509/nist/test57/end.crt diff --git a/src/tests/data/nist_x509/test57/int.crl b/src/tests/data/x509/nist/test57/int.crl similarity index 100% rename from src/tests/data/nist_x509/test57/int.crl rename to src/tests/data/x509/nist/test57/int.crl diff --git a/src/tests/data/nist_x509/test57/int.crt b/src/tests/data/x509/nist/test57/int.crt similarity index 100% rename from src/tests/data/nist_x509/test57/int.crt rename to src/tests/data/x509/nist/test57/int.crt diff --git a/src/tests/data/nist_x509/test58/end.crt b/src/tests/data/x509/nist/test58/end.crt similarity index 100% rename from src/tests/data/nist_x509/test58/end.crt rename to src/tests/data/x509/nist/test58/end.crt diff --git a/src/tests/data/nist_x509/test58/int1.crl b/src/tests/data/x509/nist/test58/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test58/int1.crl rename to src/tests/data/x509/nist/test58/int1.crl diff --git a/src/tests/data/nist_x509/test58/int1.crt b/src/tests/data/x509/nist/test58/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test58/int1.crt rename to src/tests/data/x509/nist/test58/int1.crt diff --git a/src/tests/data/nist_x509/test58/int2.crl b/src/tests/data/x509/nist/test58/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test58/int2.crl rename to src/tests/data/x509/nist/test58/int2.crl diff --git a/src/tests/data/nist_x509/test58/int2.crt b/src/tests/data/x509/nist/test58/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test58/int2.crt rename to src/tests/data/x509/nist/test58/int2.crt diff --git a/src/tests/data/nist_x509/test58/int3.crl b/src/tests/data/x509/nist/test58/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test58/int3.crl rename to src/tests/data/x509/nist/test58/int3.crl diff --git a/src/tests/data/nist_x509/test58/int3.crt b/src/tests/data/x509/nist/test58/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test58/int3.crt rename to src/tests/data/x509/nist/test58/int3.crt diff --git a/src/tests/data/nist_x509/test59/end.crt b/src/tests/data/x509/nist/test59/end.crt similarity index 100% rename from src/tests/data/nist_x509/test59/end.crt rename to src/tests/data/x509/nist/test59/end.crt diff --git a/src/tests/data/nist_x509/test59/int1.crl b/src/tests/data/x509/nist/test59/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test59/int1.crl rename to src/tests/data/x509/nist/test59/int1.crl diff --git a/src/tests/data/nist_x509/test59/int1.crt b/src/tests/data/x509/nist/test59/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test59/int1.crt rename to src/tests/data/x509/nist/test59/int1.crt diff --git a/src/tests/data/nist_x509/test59/int2.crl b/src/tests/data/x509/nist/test59/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test59/int2.crl rename to src/tests/data/x509/nist/test59/int2.crl diff --git a/src/tests/data/nist_x509/test59/int2.crt b/src/tests/data/x509/nist/test59/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test59/int2.crt rename to src/tests/data/x509/nist/test59/int2.crt diff --git a/src/tests/data/nist_x509/test59/int3.crl b/src/tests/data/x509/nist/test59/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test59/int3.crl rename to src/tests/data/x509/nist/test59/int3.crl diff --git a/src/tests/data/nist_x509/test59/int3.crt b/src/tests/data/x509/nist/test59/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test59/int3.crt rename to src/tests/data/x509/nist/test59/int3.crt diff --git a/src/tests/data/nist_x509/test60/end.crt b/src/tests/data/x509/nist/test60/end.crt similarity index 100% rename from src/tests/data/nist_x509/test60/end.crt rename to src/tests/data/x509/nist/test60/end.crt diff --git a/src/tests/data/nist_x509/test60/int1.crl b/src/tests/data/x509/nist/test60/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test60/int1.crl rename to src/tests/data/x509/nist/test60/int1.crl diff --git a/src/tests/data/nist_x509/test60/int1.crt b/src/tests/data/x509/nist/test60/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test60/int1.crt rename to src/tests/data/x509/nist/test60/int1.crt diff --git a/src/tests/data/nist_x509/test60/int2.crl b/src/tests/data/x509/nist/test60/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test60/int2.crl rename to src/tests/data/x509/nist/test60/int2.crl diff --git a/src/tests/data/nist_x509/test60/int2.crt b/src/tests/data/x509/nist/test60/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test60/int2.crt rename to src/tests/data/x509/nist/test60/int2.crt diff --git a/src/tests/data/nist_x509/test60/int3.crl b/src/tests/data/x509/nist/test60/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test60/int3.crl rename to src/tests/data/x509/nist/test60/int3.crl diff --git a/src/tests/data/nist_x509/test60/int3.crt b/src/tests/data/x509/nist/test60/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test60/int3.crt rename to src/tests/data/x509/nist/test60/int3.crt diff --git a/src/tests/data/nist_x509/test60/int4.crl b/src/tests/data/x509/nist/test60/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test60/int4.crl rename to src/tests/data/x509/nist/test60/int4.crl diff --git a/src/tests/data/nist_x509/test60/int4.crt b/src/tests/data/x509/nist/test60/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test60/int4.crt rename to src/tests/data/x509/nist/test60/int4.crt diff --git a/src/tests/data/nist_x509/test61/end.crt b/src/tests/data/x509/nist/test61/end.crt similarity index 100% rename from src/tests/data/nist_x509/test61/end.crt rename to src/tests/data/x509/nist/test61/end.crt diff --git a/src/tests/data/nist_x509/test61/int1.crl b/src/tests/data/x509/nist/test61/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test61/int1.crl rename to src/tests/data/x509/nist/test61/int1.crl diff --git a/src/tests/data/nist_x509/test61/int1.crt b/src/tests/data/x509/nist/test61/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test61/int1.crt rename to src/tests/data/x509/nist/test61/int1.crt diff --git a/src/tests/data/nist_x509/test61/int2.crl b/src/tests/data/x509/nist/test61/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test61/int2.crl rename to src/tests/data/x509/nist/test61/int2.crl diff --git a/src/tests/data/nist_x509/test61/int2.crt b/src/tests/data/x509/nist/test61/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test61/int2.crt rename to src/tests/data/x509/nist/test61/int2.crt diff --git a/src/tests/data/nist_x509/test61/int3.crl b/src/tests/data/x509/nist/test61/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test61/int3.crl rename to src/tests/data/x509/nist/test61/int3.crl diff --git a/src/tests/data/nist_x509/test61/int3.crt b/src/tests/data/x509/nist/test61/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test61/int3.crt rename to src/tests/data/x509/nist/test61/int3.crt diff --git a/src/tests/data/nist_x509/test61/int4.crl b/src/tests/data/x509/nist/test61/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test61/int4.crl rename to src/tests/data/x509/nist/test61/int4.crl diff --git a/src/tests/data/nist_x509/test61/int4.crt b/src/tests/data/x509/nist/test61/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test61/int4.crt rename to src/tests/data/x509/nist/test61/int4.crt diff --git a/src/tests/data/nist_x509/test62/end.crt b/src/tests/data/x509/nist/test62/end.crt similarity index 100% rename from src/tests/data/nist_x509/test62/end.crt rename to src/tests/data/x509/nist/test62/end.crt diff --git a/src/tests/data/nist_x509/test62/int1.crl b/src/tests/data/x509/nist/test62/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test62/int1.crl rename to src/tests/data/x509/nist/test62/int1.crl diff --git a/src/tests/data/nist_x509/test62/int1.crt b/src/tests/data/x509/nist/test62/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test62/int1.crt rename to src/tests/data/x509/nist/test62/int1.crt diff --git a/src/tests/data/nist_x509/test62/int2.crl b/src/tests/data/x509/nist/test62/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test62/int2.crl rename to src/tests/data/x509/nist/test62/int2.crl diff --git a/src/tests/data/nist_x509/test62/int2.crt b/src/tests/data/x509/nist/test62/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test62/int2.crt rename to src/tests/data/x509/nist/test62/int2.crt diff --git a/src/tests/data/nist_x509/test62/int3.crl b/src/tests/data/x509/nist/test62/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test62/int3.crl rename to src/tests/data/x509/nist/test62/int3.crl diff --git a/src/tests/data/nist_x509/test62/int3.crt b/src/tests/data/x509/nist/test62/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test62/int3.crt rename to src/tests/data/x509/nist/test62/int3.crt diff --git a/src/tests/data/nist_x509/test62/int4.crl b/src/tests/data/x509/nist/test62/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test62/int4.crl rename to src/tests/data/x509/nist/test62/int4.crl diff --git a/src/tests/data/nist_x509/test62/int4.crt b/src/tests/data/x509/nist/test62/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test62/int4.crt rename to src/tests/data/x509/nist/test62/int4.crt diff --git a/src/tests/data/nist_x509/test63/end.crt b/src/tests/data/x509/nist/test63/end.crt similarity index 100% rename from src/tests/data/nist_x509/test63/end.crt rename to src/tests/data/x509/nist/test63/end.crt diff --git a/src/tests/data/nist_x509/test63/int1.crl b/src/tests/data/x509/nist/test63/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test63/int1.crl rename to src/tests/data/x509/nist/test63/int1.crl diff --git a/src/tests/data/nist_x509/test63/int1.crt b/src/tests/data/x509/nist/test63/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test63/int1.crt rename to src/tests/data/x509/nist/test63/int1.crt diff --git a/src/tests/data/nist_x509/test63/int2.crl b/src/tests/data/x509/nist/test63/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test63/int2.crl rename to src/tests/data/x509/nist/test63/int2.crl diff --git a/src/tests/data/nist_x509/test63/int2.crt b/src/tests/data/x509/nist/test63/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test63/int2.crt rename to src/tests/data/x509/nist/test63/int2.crt diff --git a/src/tests/data/nist_x509/test63/int3.crl b/src/tests/data/x509/nist/test63/int3.crl similarity index 100% rename from src/tests/data/nist_x509/test63/int3.crl rename to src/tests/data/x509/nist/test63/int3.crl diff --git a/src/tests/data/nist_x509/test63/int3.crt b/src/tests/data/x509/nist/test63/int3.crt similarity index 100% rename from src/tests/data/nist_x509/test63/int3.crt rename to src/tests/data/x509/nist/test63/int3.crt diff --git a/src/tests/data/nist_x509/test63/int4.crl b/src/tests/data/x509/nist/test63/int4.crl similarity index 100% rename from src/tests/data/nist_x509/test63/int4.crl rename to src/tests/data/x509/nist/test63/int4.crl diff --git a/src/tests/data/nist_x509/test63/int4.crt b/src/tests/data/x509/nist/test63/int4.crt similarity index 100% rename from src/tests/data/nist_x509/test63/int4.crt rename to src/tests/data/x509/nist/test63/int4.crt diff --git a/src/tests/data/nist_x509/test64/end.crt b/src/tests/data/x509/nist/test64/end.crt similarity index 100% rename from src/tests/data/nist_x509/test64/end.crt rename to src/tests/data/x509/nist/test64/end.crt diff --git a/src/tests/data/nist_x509/test64/int.crl b/src/tests/data/x509/nist/test64/int.crl similarity index 100% rename from src/tests/data/nist_x509/test64/int.crl rename to src/tests/data/x509/nist/test64/int.crl diff --git a/src/tests/data/nist_x509/test64/int.crt b/src/tests/data/x509/nist/test64/int.crt similarity index 100% rename from src/tests/data/nist_x509/test64/int.crt rename to src/tests/data/x509/nist/test64/int.crt diff --git a/src/tests/data/nist_x509/test65/end.crt b/src/tests/data/x509/nist/test65/end.crt similarity index 100% rename from src/tests/data/nist_x509/test65/end.crt rename to src/tests/data/x509/nist/test65/end.crt diff --git a/src/tests/data/nist_x509/test65/int.crl b/src/tests/data/x509/nist/test65/int.crl similarity index 100% rename from src/tests/data/nist_x509/test65/int.crl rename to src/tests/data/x509/nist/test65/int.crl diff --git a/src/tests/data/nist_x509/test65/int1.crt b/src/tests/data/x509/nist/test65/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test65/int1.crt rename to src/tests/data/x509/nist/test65/int1.crt diff --git a/src/tests/data/nist_x509/test65/int2.crt b/src/tests/data/x509/nist/test65/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test65/int2.crt rename to src/tests/data/x509/nist/test65/int2.crt diff --git a/src/tests/data/nist_x509/test66/end.crt b/src/tests/data/x509/nist/test66/end.crt similarity index 100% rename from src/tests/data/nist_x509/test66/end.crt rename to src/tests/data/x509/nist/test66/end.crt diff --git a/src/tests/data/nist_x509/test66/int.crl b/src/tests/data/x509/nist/test66/int.crl similarity index 100% rename from src/tests/data/nist_x509/test66/int.crl rename to src/tests/data/x509/nist/test66/int.crl diff --git a/src/tests/data/nist_x509/test66/int.crt b/src/tests/data/x509/nist/test66/int.crt similarity index 100% rename from src/tests/data/nist_x509/test66/int.crt rename to src/tests/data/x509/nist/test66/int.crt diff --git a/src/tests/data/nist_x509/test67/end.crt b/src/tests/data/x509/nist/test67/end.crt similarity index 100% rename from src/tests/data/nist_x509/test67/end.crt rename to src/tests/data/x509/nist/test67/end.crt diff --git a/src/tests/data/nist_x509/test67/int.crt b/src/tests/data/x509/nist/test67/int.crt similarity index 100% rename from src/tests/data/nist_x509/test67/int.crt rename to src/tests/data/x509/nist/test67/int.crt diff --git a/src/tests/data/nist_x509/test67/int1.crl b/src/tests/data/x509/nist/test67/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test67/int1.crl rename to src/tests/data/x509/nist/test67/int1.crl diff --git a/src/tests/data/nist_x509/test67/int2.crl b/src/tests/data/x509/nist/test67/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test67/int2.crl rename to src/tests/data/x509/nist/test67/int2.crl diff --git a/src/tests/data/nist_x509/test68/end.crt b/src/tests/data/x509/nist/test68/end.crt similarity index 100% rename from src/tests/data/nist_x509/test68/end.crt rename to src/tests/data/x509/nist/test68/end.crt diff --git a/src/tests/data/nist_x509/test68/int1.crl b/src/tests/data/x509/nist/test68/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test68/int1.crl rename to src/tests/data/x509/nist/test68/int1.crl diff --git a/src/tests/data/nist_x509/test68/int1.crt b/src/tests/data/x509/nist/test68/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test68/int1.crt rename to src/tests/data/x509/nist/test68/int1.crt diff --git a/src/tests/data/nist_x509/test68/int2.crl b/src/tests/data/x509/nist/test68/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test68/int2.crl rename to src/tests/data/x509/nist/test68/int2.crl diff --git a/src/tests/data/nist_x509/test68/int2.crt b/src/tests/data/x509/nist/test68/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test68/int2.crt rename to src/tests/data/x509/nist/test68/int2.crt diff --git a/src/tests/data/nist_x509/test69/end.crt b/src/tests/data/x509/nist/test69/end.crt similarity index 100% rename from src/tests/data/nist_x509/test69/end.crt rename to src/tests/data/x509/nist/test69/end.crt diff --git a/src/tests/data/nist_x509/test69/int.crl b/src/tests/data/x509/nist/test69/int.crl similarity index 100% rename from src/tests/data/nist_x509/test69/int.crl rename to src/tests/data/x509/nist/test69/int.crl diff --git a/src/tests/data/nist_x509/test69/int.crt b/src/tests/data/x509/nist/test69/int.crt similarity index 100% rename from src/tests/data/nist_x509/test69/int.crt rename to src/tests/data/x509/nist/test69/int.crt diff --git a/src/tests/data/nist_x509/test70/end.crt b/src/tests/data/x509/nist/test70/end.crt similarity index 100% rename from src/tests/data/nist_x509/test70/end.crt rename to src/tests/data/x509/nist/test70/end.crt diff --git a/src/tests/data/nist_x509/test70/int1.crl b/src/tests/data/x509/nist/test70/int1.crl similarity index 100% rename from src/tests/data/nist_x509/test70/int1.crl rename to src/tests/data/x509/nist/test70/int1.crl diff --git a/src/tests/data/nist_x509/test70/int1.crt b/src/tests/data/x509/nist/test70/int1.crt similarity index 100% rename from src/tests/data/nist_x509/test70/int1.crt rename to src/tests/data/x509/nist/test70/int1.crt diff --git a/src/tests/data/nist_x509/test70/int2.crl b/src/tests/data/x509/nist/test70/int2.crl similarity index 100% rename from src/tests/data/nist_x509/test70/int2.crl rename to src/tests/data/x509/nist/test70/int2.crl diff --git a/src/tests/data/nist_x509/test70/int2.crt b/src/tests/data/x509/nist/test70/int2.crt similarity index 100% rename from src/tests/data/nist_x509/test70/int2.crt rename to src/tests/data/x509/nist/test70/int2.crt diff --git a/src/tests/data/nist_x509/test71/end.crt b/src/tests/data/x509/nist/test71/end.crt similarity index 100% rename from src/tests/data/nist_x509/test71/end.crt rename to src/tests/data/x509/nist/test71/end.crt diff --git a/src/tests/data/nist_x509/test71/int.crl b/src/tests/data/x509/nist/test71/int.crl similarity index 100% rename from src/tests/data/nist_x509/test71/int.crl rename to src/tests/data/x509/nist/test71/int.crl diff --git a/src/tests/data/nist_x509/test71/int.crt b/src/tests/data/x509/nist/test71/int.crt similarity index 100% rename from src/tests/data/nist_x509/test71/int.crt rename to src/tests/data/x509/nist/test71/int.crt diff --git a/src/tests/data/nist_x509/test72/end.crt b/src/tests/data/x509/nist/test72/end.crt similarity index 100% rename from src/tests/data/nist_x509/test72/end.crt rename to src/tests/data/x509/nist/test72/end.crt diff --git a/src/tests/data/nist_x509/test72/int.crl b/src/tests/data/x509/nist/test72/int.crl similarity index 100% rename from src/tests/data/nist_x509/test72/int.crl rename to src/tests/data/x509/nist/test72/int.crl diff --git a/src/tests/data/nist_x509/test72/int.crt b/src/tests/data/x509/nist/test72/int.crt similarity index 100% rename from src/tests/data/nist_x509/test72/int.crt rename to src/tests/data/x509/nist/test72/int.crt diff --git a/src/tests/data/nist_x509/test73/end.crt b/src/tests/data/x509/nist/test73/end.crt similarity index 100% rename from src/tests/data/nist_x509/test73/end.crt rename to src/tests/data/x509/nist/test73/end.crt diff --git a/src/tests/data/nist_x509/test73/int.crl b/src/tests/data/x509/nist/test73/int.crl similarity index 100% rename from src/tests/data/nist_x509/test73/int.crl rename to src/tests/data/x509/nist/test73/int.crl diff --git a/src/tests/data/nist_x509/test73/int.crt b/src/tests/data/x509/nist/test73/int.crt similarity index 100% rename from src/tests/data/nist_x509/test73/int.crt rename to src/tests/data/x509/nist/test73/int.crt diff --git a/src/tests/data/nist_x509/test74/end.crt b/src/tests/data/x509/nist/test74/end.crt similarity index 100% rename from src/tests/data/nist_x509/test74/end.crt rename to src/tests/data/x509/nist/test74/end.crt diff --git a/src/tests/data/nist_x509/test74/int.crl b/src/tests/data/x509/nist/test74/int.crl similarity index 100% rename from src/tests/data/nist_x509/test74/int.crl rename to src/tests/data/x509/nist/test74/int.crl diff --git a/src/tests/data/nist_x509/test74/int.crt b/src/tests/data/x509/nist/test74/int.crt similarity index 100% rename from src/tests/data/nist_x509/test74/int.crt rename to src/tests/data/x509/nist/test74/int.crt diff --git a/src/tests/data/nist_x509/test75/end.crt b/src/tests/data/x509/nist/test75/end.crt similarity index 100% rename from src/tests/data/nist_x509/test75/end.crt rename to src/tests/data/x509/nist/test75/end.crt diff --git a/src/tests/data/nist_x509/test75/int.crl b/src/tests/data/x509/nist/test75/int.crl similarity index 100% rename from src/tests/data/nist_x509/test75/int.crl rename to src/tests/data/x509/nist/test75/int.crl diff --git a/src/tests/data/nist_x509/test75/int.crt b/src/tests/data/x509/nist/test75/int.crt similarity index 100% rename from src/tests/data/nist_x509/test75/int.crt rename to src/tests/data/x509/nist/test75/int.crt diff --git a/src/tests/data/nist_x509/test76/end.crt b/src/tests/data/x509/nist/test76/end.crt similarity index 100% rename from src/tests/data/nist_x509/test76/end.crt rename to src/tests/data/x509/nist/test76/end.crt diff --git a/src/tests/data/nist_x509/test76/int.crl b/src/tests/data/x509/nist/test76/int.crl similarity index 100% rename from src/tests/data/nist_x509/test76/int.crl rename to src/tests/data/x509/nist/test76/int.crl diff --git a/src/tests/data/nist_x509/test76/int.crt b/src/tests/data/x509/nist/test76/int.crt similarity index 100% rename from src/tests/data/nist_x509/test76/int.crt rename to src/tests/data/x509/nist/test76/int.crt diff --git a/src/tests/data/ocsp/geotrust.pem b/src/tests/data/x509/ocsp/geotrust.pem similarity index 100% rename from src/tests/data/ocsp/geotrust.pem rename to src/tests/data/x509/ocsp/geotrust.pem diff --git a/src/tests/data/ocsp/gmail.pem b/src/tests/data/x509/ocsp/gmail.pem similarity index 100% rename from src/tests/data/ocsp/gmail.pem rename to src/tests/data/x509/ocsp/gmail.pem diff --git a/src/tests/data/ocsp/google_g2.pem b/src/tests/data/x509/ocsp/google_g2.pem similarity index 100% rename from src/tests/data/ocsp/google_g2.pem rename to src/tests/data/x509/ocsp/google_g2.pem diff --git a/src/tests/data/ocsp/identrust.pem b/src/tests/data/x509/ocsp/identrust.pem similarity index 100% rename from src/tests/data/ocsp/identrust.pem rename to src/tests/data/x509/ocsp/identrust.pem diff --git a/src/tests/data/ocsp/letsencrypt.pem b/src/tests/data/x509/ocsp/letsencrypt.pem similarity index 100% rename from src/tests/data/ocsp/letsencrypt.pem rename to src/tests/data/x509/ocsp/letsencrypt.pem diff --git a/src/tests/data/ocsp/randombit.pem b/src/tests/data/x509/ocsp/randombit.pem similarity index 100% rename from src/tests/data/ocsp/randombit.pem rename to src/tests/data/x509/ocsp/randombit.pem diff --git a/src/tests/data/ocsp/randombit_ocsp.der b/src/tests/data/x509/ocsp/randombit_ocsp.der similarity index 100% rename from src/tests/data/ocsp/randombit_ocsp.der rename to src/tests/data/x509/ocsp/randombit_ocsp.der diff --git a/src/tests/data/ocsp/resp1.der b/src/tests/data/x509/ocsp/resp1.der similarity index 100% rename from src/tests/data/ocsp/resp1.der rename to src/tests/data/x509/ocsp/resp1.der diff --git a/src/tests/data/ocsp/resp2.der b/src/tests/data/x509/ocsp/resp2.der similarity index 100% rename from src/tests/data/ocsp/resp2.der rename to src/tests/data/x509/ocsp/resp2.der diff --git a/src/tests/data/ocsp/resp3.der b/src/tests/data/x509/ocsp/resp3.der similarity index 100% rename from src/tests/data/ocsp/resp3.der rename to src/tests/data/x509/ocsp/resp3.der diff --git a/src/tests/data/pss_x509/01/README.txt b/src/tests/data/x509/pss_certs/01/README.txt similarity index 100% rename from src/tests/data/pss_x509/01/README.txt rename to src/tests/data/x509/pss_certs/01/README.txt diff --git a/src/tests/data/pss_x509/01/end.crt b/src/tests/data/x509/pss_certs/01/end.crt similarity index 100% rename from src/tests/data/pss_x509/01/end.crt rename to src/tests/data/x509/pss_certs/01/end.crt diff --git a/src/tests/data/pss_x509/01/root.crt b/src/tests/data/x509/pss_certs/01/root.crt similarity index 100% rename from src/tests/data/pss_x509/01/root.crt rename to src/tests/data/x509/pss_certs/01/root.crt diff --git a/src/tests/data/pss_x509/02/README.txt b/src/tests/data/x509/pss_certs/02/README.txt similarity index 100% rename from src/tests/data/pss_x509/02/README.txt rename to src/tests/data/x509/pss_certs/02/README.txt diff --git a/src/tests/data/pss_x509/02/end.crt b/src/tests/data/x509/pss_certs/02/end.crt similarity index 100% rename from src/tests/data/pss_x509/02/end.crt rename to src/tests/data/x509/pss_certs/02/end.crt diff --git a/src/tests/data/pss_x509/02/root.crt b/src/tests/data/x509/pss_certs/02/root.crt similarity index 100% rename from src/tests/data/pss_x509/02/root.crt rename to src/tests/data/x509/pss_certs/02/root.crt diff --git a/src/tests/data/pss_x509/03/end.crt b/src/tests/data/x509/pss_certs/03/end.crt similarity index 100% rename from src/tests/data/pss_x509/03/end.crt rename to src/tests/data/x509/pss_certs/03/end.crt diff --git a/src/tests/data/pss_x509/03/root.crt b/src/tests/data/x509/pss_certs/03/root.crt similarity index 100% rename from src/tests/data/pss_x509/03/root.crt rename to src/tests/data/x509/pss_certs/03/root.crt diff --git a/src/tests/data/pss_x509/04/end.crt b/src/tests/data/x509/pss_certs/04/end.crt similarity index 100% rename from src/tests/data/pss_x509/04/end.crt rename to src/tests/data/x509/pss_certs/04/end.crt diff --git a/src/tests/data/pss_x509/04/root.crt b/src/tests/data/x509/pss_certs/04/root.crt similarity index 100% rename from src/tests/data/pss_x509/04/root.crt rename to src/tests/data/x509/pss_certs/04/root.crt diff --git a/src/tests/data/pss_x509/05/end.crt b/src/tests/data/x509/pss_certs/05/end.crt similarity index 100% rename from src/tests/data/pss_x509/05/end.crt rename to src/tests/data/x509/pss_certs/05/end.crt diff --git a/src/tests/data/pss_x509/05/root.crt b/src/tests/data/x509/pss_certs/05/root.crt similarity index 100% rename from src/tests/data/pss_x509/05/root.crt rename to src/tests/data/x509/pss_certs/05/root.crt diff --git a/src/tests/data/pss_x509/06/end.crt b/src/tests/data/x509/pss_certs/06/end.crt similarity index 100% rename from src/tests/data/pss_x509/06/end.crt rename to src/tests/data/x509/pss_certs/06/end.crt diff --git a/src/tests/data/pss_x509/06/root.crt b/src/tests/data/x509/pss_certs/06/root.crt similarity index 100% rename from src/tests/data/pss_x509/06/root.crt rename to src/tests/data/x509/pss_certs/06/root.crt diff --git a/src/tests/data/pss_x509/07/end.crt b/src/tests/data/x509/pss_certs/07/end.crt similarity index 100% rename from src/tests/data/pss_x509/07/end.crt rename to src/tests/data/x509/pss_certs/07/end.crt diff --git a/src/tests/data/pss_x509/07/root.crt b/src/tests/data/x509/pss_certs/07/root.crt similarity index 100% rename from src/tests/data/pss_x509/07/root.crt rename to src/tests/data/x509/pss_certs/07/root.crt diff --git a/src/tests/data/pss_x509/08/end.crt b/src/tests/data/x509/pss_certs/08/end.crt similarity index 100% rename from src/tests/data/pss_x509/08/end.crt rename to src/tests/data/x509/pss_certs/08/end.crt diff --git a/src/tests/data/pss_x509/08/root.crt b/src/tests/data/x509/pss_certs/08/root.crt similarity index 100% rename from src/tests/data/pss_x509/08/root.crt rename to src/tests/data/x509/pss_certs/08/root.crt diff --git a/src/tests/data/pss_x509/09/end.crt b/src/tests/data/x509/pss_certs/09/end.crt similarity index 100% rename from src/tests/data/pss_x509/09/end.crt rename to src/tests/data/x509/pss_certs/09/end.crt diff --git a/src/tests/data/pss_x509/09/root.crt b/src/tests/data/x509/pss_certs/09/root.crt similarity index 100% rename from src/tests/data/pss_x509/09/root.crt rename to src/tests/data/x509/pss_certs/09/root.crt diff --git a/src/tests/data/pss_x509/10/end.crt b/src/tests/data/x509/pss_certs/10/end.crt similarity index 100% rename from src/tests/data/pss_x509/10/end.crt rename to src/tests/data/x509/pss_certs/10/end.crt diff --git a/src/tests/data/pss_x509/10/root.crt b/src/tests/data/x509/pss_certs/10/root.crt similarity index 100% rename from src/tests/data/pss_x509/10/root.crt rename to src/tests/data/x509/pss_certs/10/root.crt diff --git a/src/tests/data/pss_x509/100/end.crt b/src/tests/data/x509/pss_certs/100/end.crt similarity index 100% rename from src/tests/data/pss_x509/100/end.crt rename to src/tests/data/x509/pss_certs/100/end.crt diff --git a/src/tests/data/pss_x509/100/root.crt b/src/tests/data/x509/pss_certs/100/root.crt similarity index 100% rename from src/tests/data/pss_x509/100/root.crt rename to src/tests/data/x509/pss_certs/100/root.crt diff --git a/src/tests/data/pss_x509/101/end.crt b/src/tests/data/x509/pss_certs/101/end.crt similarity index 100% rename from src/tests/data/pss_x509/101/end.crt rename to src/tests/data/x509/pss_certs/101/end.crt diff --git a/src/tests/data/pss_x509/101/root.crt b/src/tests/data/x509/pss_certs/101/root.crt similarity index 100% rename from src/tests/data/pss_x509/101/root.crt rename to src/tests/data/x509/pss_certs/101/root.crt diff --git a/src/tests/data/pss_x509/102/end.crt b/src/tests/data/x509/pss_certs/102/end.crt similarity index 100% rename from src/tests/data/pss_x509/102/end.crt rename to src/tests/data/x509/pss_certs/102/end.crt diff --git a/src/tests/data/pss_x509/102/root.crt b/src/tests/data/x509/pss_certs/102/root.crt similarity index 100% rename from src/tests/data/pss_x509/102/root.crt rename to src/tests/data/x509/pss_certs/102/root.crt diff --git a/src/tests/data/pss_x509/103/end.crt b/src/tests/data/x509/pss_certs/103/end.crt similarity index 100% rename from src/tests/data/pss_x509/103/end.crt rename to src/tests/data/x509/pss_certs/103/end.crt diff --git a/src/tests/data/pss_x509/103/root.crt b/src/tests/data/x509/pss_certs/103/root.crt similarity index 100% rename from src/tests/data/pss_x509/103/root.crt rename to src/tests/data/x509/pss_certs/103/root.crt diff --git a/src/tests/data/pss_x509/104/end.crt b/src/tests/data/x509/pss_certs/104/end.crt similarity index 100% rename from src/tests/data/pss_x509/104/end.crt rename to src/tests/data/x509/pss_certs/104/end.crt diff --git a/src/tests/data/pss_x509/104/root.crt b/src/tests/data/x509/pss_certs/104/root.crt similarity index 100% rename from src/tests/data/pss_x509/104/root.crt rename to src/tests/data/x509/pss_certs/104/root.crt diff --git a/src/tests/data/pss_x509/105/end.crt b/src/tests/data/x509/pss_certs/105/end.crt similarity index 100% rename from src/tests/data/pss_x509/105/end.crt rename to src/tests/data/x509/pss_certs/105/end.crt diff --git a/src/tests/data/pss_x509/105/root.crt b/src/tests/data/x509/pss_certs/105/root.crt similarity index 100% rename from src/tests/data/pss_x509/105/root.crt rename to src/tests/data/x509/pss_certs/105/root.crt diff --git a/src/tests/data/pss_x509/106/end.crt b/src/tests/data/x509/pss_certs/106/end.crt similarity index 100% rename from src/tests/data/pss_x509/106/end.crt rename to src/tests/data/x509/pss_certs/106/end.crt diff --git a/src/tests/data/pss_x509/106/root.crt b/src/tests/data/x509/pss_certs/106/root.crt similarity index 100% rename from src/tests/data/pss_x509/106/root.crt rename to src/tests/data/x509/pss_certs/106/root.crt diff --git a/src/tests/data/pss_x509/107/end.crt b/src/tests/data/x509/pss_certs/107/end.crt similarity index 100% rename from src/tests/data/pss_x509/107/end.crt rename to src/tests/data/x509/pss_certs/107/end.crt diff --git a/src/tests/data/pss_x509/108/crl-rsa-pss-sha1.crl b/src/tests/data/x509/pss_certs/108/crl-rsa-pss-sha1.crl similarity index 100% rename from src/tests/data/pss_x509/108/crl-rsa-pss-sha1.crl rename to src/tests/data/x509/pss_certs/108/crl-rsa-pss-sha1.crl diff --git a/src/tests/data/pss_x509/108/end.crt b/src/tests/data/x509/pss_certs/108/end.crt similarity index 100% rename from src/tests/data/pss_x509/108/end.crt rename to src/tests/data/x509/pss_certs/108/end.crt diff --git a/src/tests/data/pss_x509/108/root.crt b/src/tests/data/x509/pss_certs/108/root.crt similarity index 100% rename from src/tests/data/pss_x509/108/root.crt rename to src/tests/data/x509/pss_certs/108/root.crt diff --git a/src/tests/data/pss_x509/109/README.txt b/src/tests/data/x509/pss_certs/109/README.txt similarity index 100% rename from src/tests/data/pss_x509/109/README.txt rename to src/tests/data/x509/pss_certs/109/README.txt diff --git a/src/tests/data/pss_x509/109/crl-rsa-pss-sha1-badsign.crl b/src/tests/data/x509/pss_certs/109/crl-rsa-pss-sha1-badsign.crl similarity index 100% rename from src/tests/data/pss_x509/109/crl-rsa-pss-sha1-badsign.crl rename to src/tests/data/x509/pss_certs/109/crl-rsa-pss-sha1-badsign.crl diff --git a/src/tests/data/pss_x509/109/end.crt b/src/tests/data/x509/pss_certs/109/end.crt similarity index 100% rename from src/tests/data/pss_x509/109/end.crt rename to src/tests/data/x509/pss_certs/109/end.crt diff --git a/src/tests/data/pss_x509/109/root.crt b/src/tests/data/x509/pss_certs/109/root.crt similarity index 100% rename from src/tests/data/pss_x509/109/root.crt rename to src/tests/data/x509/pss_certs/109/root.crt diff --git a/src/tests/data/pss_x509/11/end.crt b/src/tests/data/x509/pss_certs/11/end.crt similarity index 100% rename from src/tests/data/pss_x509/11/end.crt rename to src/tests/data/x509/pss_certs/11/end.crt diff --git a/src/tests/data/pss_x509/11/root.crt b/src/tests/data/x509/pss_certs/11/root.crt similarity index 100% rename from src/tests/data/pss_x509/11/root.crt rename to src/tests/data/x509/pss_certs/11/root.crt diff --git a/src/tests/data/pss_x509/110/crl-rsa-pss-sha224.crl b/src/tests/data/x509/pss_certs/110/crl-rsa-pss-sha224.crl similarity index 100% rename from src/tests/data/pss_x509/110/crl-rsa-pss-sha224.crl rename to src/tests/data/x509/pss_certs/110/crl-rsa-pss-sha224.crl diff --git a/src/tests/data/pss_x509/110/end.crt b/src/tests/data/x509/pss_certs/110/end.crt similarity index 100% rename from src/tests/data/pss_x509/110/end.crt rename to src/tests/data/x509/pss_certs/110/end.crt diff --git a/src/tests/data/pss_x509/110/root.crt b/src/tests/data/x509/pss_certs/110/root.crt similarity index 100% rename from src/tests/data/pss_x509/110/root.crt rename to src/tests/data/x509/pss_certs/110/root.crt diff --git a/src/tests/data/pss_x509/111/crl-rsa-pss-sha256.crl b/src/tests/data/x509/pss_certs/111/crl-rsa-pss-sha256.crl similarity index 100% rename from src/tests/data/pss_x509/111/crl-rsa-pss-sha256.crl rename to src/tests/data/x509/pss_certs/111/crl-rsa-pss-sha256.crl diff --git a/src/tests/data/pss_x509/111/end.crt b/src/tests/data/x509/pss_certs/111/end.crt similarity index 100% rename from src/tests/data/pss_x509/111/end.crt rename to src/tests/data/x509/pss_certs/111/end.crt diff --git a/src/tests/data/pss_x509/111/root.crt b/src/tests/data/x509/pss_certs/111/root.crt similarity index 100% rename from src/tests/data/pss_x509/111/root.crt rename to src/tests/data/x509/pss_certs/111/root.crt diff --git a/src/tests/data/pss_x509/112/crl-rsa-pss-sha384.crl b/src/tests/data/x509/pss_certs/112/crl-rsa-pss-sha384.crl similarity index 100% rename from src/tests/data/pss_x509/112/crl-rsa-pss-sha384.crl rename to src/tests/data/x509/pss_certs/112/crl-rsa-pss-sha384.crl diff --git a/src/tests/data/pss_x509/112/end.crt b/src/tests/data/x509/pss_certs/112/end.crt similarity index 100% rename from src/tests/data/pss_x509/112/end.crt rename to src/tests/data/x509/pss_certs/112/end.crt diff --git a/src/tests/data/pss_x509/112/root.crt b/src/tests/data/x509/pss_certs/112/root.crt similarity index 100% rename from src/tests/data/pss_x509/112/root.crt rename to src/tests/data/x509/pss_certs/112/root.crt diff --git a/src/tests/data/pss_x509/113/crl-rsa-pss-sha512.crl b/src/tests/data/x509/pss_certs/113/crl-rsa-pss-sha512.crl similarity index 100% rename from src/tests/data/pss_x509/113/crl-rsa-pss-sha512.crl rename to src/tests/data/x509/pss_certs/113/crl-rsa-pss-sha512.crl diff --git a/src/tests/data/pss_x509/113/end.crt b/src/tests/data/x509/pss_certs/113/end.crt similarity index 100% rename from src/tests/data/pss_x509/113/end.crt rename to src/tests/data/x509/pss_certs/113/end.crt diff --git a/src/tests/data/pss_x509/113/root.crt b/src/tests/data/x509/pss_certs/113/root.crt similarity index 100% rename from src/tests/data/pss_x509/113/root.crt rename to src/tests/data/x509/pss_certs/113/root.crt diff --git a/src/tests/data/pss_x509/114/server9.req.sha1.csr b/src/tests/data/x509/pss_certs/114/server9.req.sha1.csr similarity index 100% rename from src/tests/data/pss_x509/114/server9.req.sha1.csr rename to src/tests/data/x509/pss_certs/114/server9.req.sha1.csr diff --git a/src/tests/data/pss_x509/115/server9.req.sha224.csr b/src/tests/data/x509/pss_certs/115/server9.req.sha224.csr similarity index 100% rename from src/tests/data/pss_x509/115/server9.req.sha224.csr rename to src/tests/data/x509/pss_certs/115/server9.req.sha224.csr diff --git a/src/tests/data/pss_x509/116/server9.req.sha256.csr b/src/tests/data/x509/pss_certs/116/server9.req.sha256.csr similarity index 100% rename from src/tests/data/pss_x509/116/server9.req.sha256.csr rename to src/tests/data/x509/pss_certs/116/server9.req.sha256.csr diff --git a/src/tests/data/pss_x509/117/server9.req.sha384.csr b/src/tests/data/x509/pss_certs/117/server9.req.sha384.csr similarity index 100% rename from src/tests/data/pss_x509/117/server9.req.sha384.csr rename to src/tests/data/x509/pss_certs/117/server9.req.sha384.csr diff --git a/src/tests/data/pss_x509/118/server9.req.sha512.csr b/src/tests/data/x509/pss_certs/118/server9.req.sha512.csr similarity index 100% rename from src/tests/data/pss_x509/118/server9.req.sha512.csr rename to src/tests/data/x509/pss_certs/118/server9.req.sha512.csr diff --git a/src/tests/data/pss_x509/12/end.crt b/src/tests/data/x509/pss_certs/12/end.crt similarity index 100% rename from src/tests/data/pss_x509/12/end.crt rename to src/tests/data/x509/pss_certs/12/end.crt diff --git a/src/tests/data/pss_x509/12/root.crt b/src/tests/data/x509/pss_certs/12/root.crt similarity index 100% rename from src/tests/data/pss_x509/12/root.crt rename to src/tests/data/x509/pss_certs/12/root.crt diff --git a/src/tests/data/pss_x509/13/end.crt b/src/tests/data/x509/pss_certs/13/end.crt similarity index 100% rename from src/tests/data/pss_x509/13/end.crt rename to src/tests/data/x509/pss_certs/13/end.crt diff --git a/src/tests/data/pss_x509/13/root.crt b/src/tests/data/x509/pss_certs/13/root.crt similarity index 100% rename from src/tests/data/pss_x509/13/root.crt rename to src/tests/data/x509/pss_certs/13/root.crt diff --git a/src/tests/data/pss_x509/14/end.crt b/src/tests/data/x509/pss_certs/14/end.crt similarity index 100% rename from src/tests/data/pss_x509/14/end.crt rename to src/tests/data/x509/pss_certs/14/end.crt diff --git a/src/tests/data/pss_x509/14/root.crt b/src/tests/data/x509/pss_certs/14/root.crt similarity index 100% rename from src/tests/data/pss_x509/14/root.crt rename to src/tests/data/x509/pss_certs/14/root.crt diff --git a/src/tests/data/pss_x509/15/end.crt b/src/tests/data/x509/pss_certs/15/end.crt similarity index 100% rename from src/tests/data/pss_x509/15/end.crt rename to src/tests/data/x509/pss_certs/15/end.crt diff --git a/src/tests/data/pss_x509/15/root.crt b/src/tests/data/x509/pss_certs/15/root.crt similarity index 100% rename from src/tests/data/pss_x509/15/root.crt rename to src/tests/data/x509/pss_certs/15/root.crt diff --git a/src/tests/data/pss_x509/16/end.crt b/src/tests/data/x509/pss_certs/16/end.crt similarity index 100% rename from src/tests/data/pss_x509/16/end.crt rename to src/tests/data/x509/pss_certs/16/end.crt diff --git a/src/tests/data/pss_x509/16/root.crt b/src/tests/data/x509/pss_certs/16/root.crt similarity index 100% rename from src/tests/data/pss_x509/16/root.crt rename to src/tests/data/x509/pss_certs/16/root.crt diff --git a/src/tests/data/pss_x509/17/end.crt b/src/tests/data/x509/pss_certs/17/end.crt similarity index 100% rename from src/tests/data/pss_x509/17/end.crt rename to src/tests/data/x509/pss_certs/17/end.crt diff --git a/src/tests/data/pss_x509/17/root.crt b/src/tests/data/x509/pss_certs/17/root.crt similarity index 100% rename from src/tests/data/pss_x509/17/root.crt rename to src/tests/data/x509/pss_certs/17/root.crt diff --git a/src/tests/data/pss_x509/18/end.crt b/src/tests/data/x509/pss_certs/18/end.crt similarity index 100% rename from src/tests/data/pss_x509/18/end.crt rename to src/tests/data/x509/pss_certs/18/end.crt diff --git a/src/tests/data/pss_x509/18/root.crt b/src/tests/data/x509/pss_certs/18/root.crt similarity index 100% rename from src/tests/data/pss_x509/18/root.crt rename to src/tests/data/x509/pss_certs/18/root.crt diff --git a/src/tests/data/pss_x509/19/end.crt b/src/tests/data/x509/pss_certs/19/end.crt similarity index 100% rename from src/tests/data/pss_x509/19/end.crt rename to src/tests/data/x509/pss_certs/19/end.crt diff --git a/src/tests/data/pss_x509/19/root.crt b/src/tests/data/x509/pss_certs/19/root.crt similarity index 100% rename from src/tests/data/pss_x509/19/root.crt rename to src/tests/data/x509/pss_certs/19/root.crt diff --git a/src/tests/data/pss_x509/20/end.crt b/src/tests/data/x509/pss_certs/20/end.crt similarity index 100% rename from src/tests/data/pss_x509/20/end.crt rename to src/tests/data/x509/pss_certs/20/end.crt diff --git a/src/tests/data/pss_x509/20/root.crt b/src/tests/data/x509/pss_certs/20/root.crt similarity index 100% rename from src/tests/data/pss_x509/20/root.crt rename to src/tests/data/x509/pss_certs/20/root.crt diff --git a/src/tests/data/pss_x509/21/end.crt b/src/tests/data/x509/pss_certs/21/end.crt similarity index 100% rename from src/tests/data/pss_x509/21/end.crt rename to src/tests/data/x509/pss_certs/21/end.crt diff --git a/src/tests/data/pss_x509/21/root.crt b/src/tests/data/x509/pss_certs/21/root.crt similarity index 100% rename from src/tests/data/pss_x509/21/root.crt rename to src/tests/data/x509/pss_certs/21/root.crt diff --git a/src/tests/data/pss_x509/22/end.crt b/src/tests/data/x509/pss_certs/22/end.crt similarity index 100% rename from src/tests/data/pss_x509/22/end.crt rename to src/tests/data/x509/pss_certs/22/end.crt diff --git a/src/tests/data/pss_x509/22/root.crt b/src/tests/data/x509/pss_certs/22/root.crt similarity index 100% rename from src/tests/data/pss_x509/22/root.crt rename to src/tests/data/x509/pss_certs/22/root.crt diff --git a/src/tests/data/pss_x509/23/end.crt b/src/tests/data/x509/pss_certs/23/end.crt similarity index 100% rename from src/tests/data/pss_x509/23/end.crt rename to src/tests/data/x509/pss_certs/23/end.crt diff --git a/src/tests/data/pss_x509/23/root.crt b/src/tests/data/x509/pss_certs/23/root.crt similarity index 100% rename from src/tests/data/pss_x509/23/root.crt rename to src/tests/data/x509/pss_certs/23/root.crt diff --git a/src/tests/data/pss_x509/24/end.crt b/src/tests/data/x509/pss_certs/24/end.crt similarity index 100% rename from src/tests/data/pss_x509/24/end.crt rename to src/tests/data/x509/pss_certs/24/end.crt diff --git a/src/tests/data/pss_x509/24/root.crt b/src/tests/data/x509/pss_certs/24/root.crt similarity index 100% rename from src/tests/data/pss_x509/24/root.crt rename to src/tests/data/x509/pss_certs/24/root.crt diff --git a/src/tests/data/pss_x509/25/end.crt b/src/tests/data/x509/pss_certs/25/end.crt similarity index 100% rename from src/tests/data/pss_x509/25/end.crt rename to src/tests/data/x509/pss_certs/25/end.crt diff --git a/src/tests/data/pss_x509/25/root.crt b/src/tests/data/x509/pss_certs/25/root.crt similarity index 100% rename from src/tests/data/pss_x509/25/root.crt rename to src/tests/data/x509/pss_certs/25/root.crt diff --git a/src/tests/data/pss_x509/26/end.crt b/src/tests/data/x509/pss_certs/26/end.crt similarity index 100% rename from src/tests/data/pss_x509/26/end.crt rename to src/tests/data/x509/pss_certs/26/end.crt diff --git a/src/tests/data/pss_x509/26/root.crt b/src/tests/data/x509/pss_certs/26/root.crt similarity index 100% rename from src/tests/data/pss_x509/26/root.crt rename to src/tests/data/x509/pss_certs/26/root.crt diff --git a/src/tests/data/pss_x509/27/end.crt b/src/tests/data/x509/pss_certs/27/end.crt similarity index 100% rename from src/tests/data/pss_x509/27/end.crt rename to src/tests/data/x509/pss_certs/27/end.crt diff --git a/src/tests/data/pss_x509/27/root.crt b/src/tests/data/x509/pss_certs/27/root.crt similarity index 100% rename from src/tests/data/pss_x509/27/root.crt rename to src/tests/data/x509/pss_certs/27/root.crt diff --git a/src/tests/data/pss_x509/28/end.crt b/src/tests/data/x509/pss_certs/28/end.crt similarity index 100% rename from src/tests/data/pss_x509/28/end.crt rename to src/tests/data/x509/pss_certs/28/end.crt diff --git a/src/tests/data/pss_x509/28/root.crt b/src/tests/data/x509/pss_certs/28/root.crt similarity index 100% rename from src/tests/data/pss_x509/28/root.crt rename to src/tests/data/x509/pss_certs/28/root.crt diff --git a/src/tests/data/pss_x509/29/end.crt b/src/tests/data/x509/pss_certs/29/end.crt similarity index 100% rename from src/tests/data/pss_x509/29/end.crt rename to src/tests/data/x509/pss_certs/29/end.crt diff --git a/src/tests/data/pss_x509/29/root.crt b/src/tests/data/x509/pss_certs/29/root.crt similarity index 100% rename from src/tests/data/pss_x509/29/root.crt rename to src/tests/data/x509/pss_certs/29/root.crt diff --git a/src/tests/data/pss_x509/30/end.crt b/src/tests/data/x509/pss_certs/30/end.crt similarity index 100% rename from src/tests/data/pss_x509/30/end.crt rename to src/tests/data/x509/pss_certs/30/end.crt diff --git a/src/tests/data/pss_x509/30/root.crt b/src/tests/data/x509/pss_certs/30/root.crt similarity index 100% rename from src/tests/data/pss_x509/30/root.crt rename to src/tests/data/x509/pss_certs/30/root.crt diff --git a/src/tests/data/pss_x509/31/end.crt b/src/tests/data/x509/pss_certs/31/end.crt similarity index 100% rename from src/tests/data/pss_x509/31/end.crt rename to src/tests/data/x509/pss_certs/31/end.crt diff --git a/src/tests/data/pss_x509/31/root.crt b/src/tests/data/x509/pss_certs/31/root.crt similarity index 100% rename from src/tests/data/pss_x509/31/root.crt rename to src/tests/data/x509/pss_certs/31/root.crt diff --git a/src/tests/data/pss_x509/32/end.crt b/src/tests/data/x509/pss_certs/32/end.crt similarity index 100% rename from src/tests/data/pss_x509/32/end.crt rename to src/tests/data/x509/pss_certs/32/end.crt diff --git a/src/tests/data/pss_x509/32/root.crt b/src/tests/data/x509/pss_certs/32/root.crt similarity index 100% rename from src/tests/data/pss_x509/32/root.crt rename to src/tests/data/x509/pss_certs/32/root.crt diff --git a/src/tests/data/pss_x509/33/end.crt b/src/tests/data/x509/pss_certs/33/end.crt similarity index 100% rename from src/tests/data/pss_x509/33/end.crt rename to src/tests/data/x509/pss_certs/33/end.crt diff --git a/src/tests/data/pss_x509/33/root.crt b/src/tests/data/x509/pss_certs/33/root.crt similarity index 100% rename from src/tests/data/pss_x509/33/root.crt rename to src/tests/data/x509/pss_certs/33/root.crt diff --git a/src/tests/data/pss_x509/34/end.crt b/src/tests/data/x509/pss_certs/34/end.crt similarity index 100% rename from src/tests/data/pss_x509/34/end.crt rename to src/tests/data/x509/pss_certs/34/end.crt diff --git a/src/tests/data/pss_x509/34/root.crt b/src/tests/data/x509/pss_certs/34/root.crt similarity index 100% rename from src/tests/data/pss_x509/34/root.crt rename to src/tests/data/x509/pss_certs/34/root.crt diff --git a/src/tests/data/pss_x509/35/end.crt b/src/tests/data/x509/pss_certs/35/end.crt similarity index 100% rename from src/tests/data/pss_x509/35/end.crt rename to src/tests/data/x509/pss_certs/35/end.crt diff --git a/src/tests/data/pss_x509/35/root.crt b/src/tests/data/x509/pss_certs/35/root.crt similarity index 100% rename from src/tests/data/pss_x509/35/root.crt rename to src/tests/data/x509/pss_certs/35/root.crt diff --git a/src/tests/data/pss_x509/36/end.crt b/src/tests/data/x509/pss_certs/36/end.crt similarity index 100% rename from src/tests/data/pss_x509/36/end.crt rename to src/tests/data/x509/pss_certs/36/end.crt diff --git a/src/tests/data/pss_x509/36/root.crt b/src/tests/data/x509/pss_certs/36/root.crt similarity index 100% rename from src/tests/data/pss_x509/36/root.crt rename to src/tests/data/x509/pss_certs/36/root.crt diff --git a/src/tests/data/pss_x509/37/end.crt b/src/tests/data/x509/pss_certs/37/end.crt similarity index 100% rename from src/tests/data/pss_x509/37/end.crt rename to src/tests/data/x509/pss_certs/37/end.crt diff --git a/src/tests/data/pss_x509/37/root.crt b/src/tests/data/x509/pss_certs/37/root.crt similarity index 100% rename from src/tests/data/pss_x509/37/root.crt rename to src/tests/data/x509/pss_certs/37/root.crt diff --git a/src/tests/data/pss_x509/38/end.crt b/src/tests/data/x509/pss_certs/38/end.crt similarity index 100% rename from src/tests/data/pss_x509/38/end.crt rename to src/tests/data/x509/pss_certs/38/end.crt diff --git a/src/tests/data/pss_x509/38/root.crt b/src/tests/data/x509/pss_certs/38/root.crt similarity index 100% rename from src/tests/data/pss_x509/38/root.crt rename to src/tests/data/x509/pss_certs/38/root.crt diff --git a/src/tests/data/pss_x509/39/end.crt b/src/tests/data/x509/pss_certs/39/end.crt similarity index 100% rename from src/tests/data/pss_x509/39/end.crt rename to src/tests/data/x509/pss_certs/39/end.crt diff --git a/src/tests/data/pss_x509/39/root.crt b/src/tests/data/x509/pss_certs/39/root.crt similarity index 100% rename from src/tests/data/pss_x509/39/root.crt rename to src/tests/data/x509/pss_certs/39/root.crt diff --git a/src/tests/data/pss_x509/40/end.crt b/src/tests/data/x509/pss_certs/40/end.crt similarity index 100% rename from src/tests/data/pss_x509/40/end.crt rename to src/tests/data/x509/pss_certs/40/end.crt diff --git a/src/tests/data/pss_x509/40/root.crt b/src/tests/data/x509/pss_certs/40/root.crt similarity index 100% rename from src/tests/data/pss_x509/40/root.crt rename to src/tests/data/x509/pss_certs/40/root.crt diff --git a/src/tests/data/pss_x509/41/end.crt b/src/tests/data/x509/pss_certs/41/end.crt similarity index 100% rename from src/tests/data/pss_x509/41/end.crt rename to src/tests/data/x509/pss_certs/41/end.crt diff --git a/src/tests/data/pss_x509/41/root.crt b/src/tests/data/x509/pss_certs/41/root.crt similarity index 100% rename from src/tests/data/pss_x509/41/root.crt rename to src/tests/data/x509/pss_certs/41/root.crt diff --git a/src/tests/data/pss_x509/42/end.crt b/src/tests/data/x509/pss_certs/42/end.crt similarity index 100% rename from src/tests/data/pss_x509/42/end.crt rename to src/tests/data/x509/pss_certs/42/end.crt diff --git a/src/tests/data/pss_x509/42/root.crt b/src/tests/data/x509/pss_certs/42/root.crt similarity index 100% rename from src/tests/data/pss_x509/42/root.crt rename to src/tests/data/x509/pss_certs/42/root.crt diff --git a/src/tests/data/pss_x509/43/end.crt b/src/tests/data/x509/pss_certs/43/end.crt similarity index 100% rename from src/tests/data/pss_x509/43/end.crt rename to src/tests/data/x509/pss_certs/43/end.crt diff --git a/src/tests/data/pss_x509/43/root.crt b/src/tests/data/x509/pss_certs/43/root.crt similarity index 100% rename from src/tests/data/pss_x509/43/root.crt rename to src/tests/data/x509/pss_certs/43/root.crt diff --git a/src/tests/data/pss_x509/44/end.crt b/src/tests/data/x509/pss_certs/44/end.crt similarity index 100% rename from src/tests/data/pss_x509/44/end.crt rename to src/tests/data/x509/pss_certs/44/end.crt diff --git a/src/tests/data/pss_x509/44/root.crt b/src/tests/data/x509/pss_certs/44/root.crt similarity index 100% rename from src/tests/data/pss_x509/44/root.crt rename to src/tests/data/x509/pss_certs/44/root.crt diff --git a/src/tests/data/pss_x509/45/end.crt b/src/tests/data/x509/pss_certs/45/end.crt similarity index 100% rename from src/tests/data/pss_x509/45/end.crt rename to src/tests/data/x509/pss_certs/45/end.crt diff --git a/src/tests/data/pss_x509/45/root.crt b/src/tests/data/x509/pss_certs/45/root.crt similarity index 100% rename from src/tests/data/pss_x509/45/root.crt rename to src/tests/data/x509/pss_certs/45/root.crt diff --git a/src/tests/data/pss_x509/46/end.crt b/src/tests/data/x509/pss_certs/46/end.crt similarity index 100% rename from src/tests/data/pss_x509/46/end.crt rename to src/tests/data/x509/pss_certs/46/end.crt diff --git a/src/tests/data/pss_x509/46/root.crt b/src/tests/data/x509/pss_certs/46/root.crt similarity index 100% rename from src/tests/data/pss_x509/46/root.crt rename to src/tests/data/x509/pss_certs/46/root.crt diff --git a/src/tests/data/pss_x509/47/end.crt b/src/tests/data/x509/pss_certs/47/end.crt similarity index 100% rename from src/tests/data/pss_x509/47/end.crt rename to src/tests/data/x509/pss_certs/47/end.crt diff --git a/src/tests/data/pss_x509/47/root.crt b/src/tests/data/x509/pss_certs/47/root.crt similarity index 100% rename from src/tests/data/pss_x509/47/root.crt rename to src/tests/data/x509/pss_certs/47/root.crt diff --git a/src/tests/data/pss_x509/48/end.crt b/src/tests/data/x509/pss_certs/48/end.crt similarity index 100% rename from src/tests/data/pss_x509/48/end.crt rename to src/tests/data/x509/pss_certs/48/end.crt diff --git a/src/tests/data/pss_x509/48/root.crt b/src/tests/data/x509/pss_certs/48/root.crt similarity index 100% rename from src/tests/data/pss_x509/48/root.crt rename to src/tests/data/x509/pss_certs/48/root.crt diff --git a/src/tests/data/pss_x509/49/end.crt b/src/tests/data/x509/pss_certs/49/end.crt similarity index 100% rename from src/tests/data/pss_x509/49/end.crt rename to src/tests/data/x509/pss_certs/49/end.crt diff --git a/src/tests/data/pss_x509/49/root.crt b/src/tests/data/x509/pss_certs/49/root.crt similarity index 100% rename from src/tests/data/pss_x509/49/root.crt rename to src/tests/data/x509/pss_certs/49/root.crt diff --git a/src/tests/data/pss_x509/50/end.crt b/src/tests/data/x509/pss_certs/50/end.crt similarity index 100% rename from src/tests/data/pss_x509/50/end.crt rename to src/tests/data/x509/pss_certs/50/end.crt diff --git a/src/tests/data/pss_x509/50/root.crt b/src/tests/data/x509/pss_certs/50/root.crt similarity index 100% rename from src/tests/data/pss_x509/50/root.crt rename to src/tests/data/x509/pss_certs/50/root.crt diff --git a/src/tests/data/pss_x509/51/end.crt b/src/tests/data/x509/pss_certs/51/end.crt similarity index 100% rename from src/tests/data/pss_x509/51/end.crt rename to src/tests/data/x509/pss_certs/51/end.crt diff --git a/src/tests/data/pss_x509/51/root.crt b/src/tests/data/x509/pss_certs/51/root.crt similarity index 100% rename from src/tests/data/pss_x509/51/root.crt rename to src/tests/data/x509/pss_certs/51/root.crt diff --git a/src/tests/data/pss_x509/52/end.crt b/src/tests/data/x509/pss_certs/52/end.crt similarity index 100% rename from src/tests/data/pss_x509/52/end.crt rename to src/tests/data/x509/pss_certs/52/end.crt diff --git a/src/tests/data/pss_x509/52/root.crt b/src/tests/data/x509/pss_certs/52/root.crt similarity index 100% rename from src/tests/data/pss_x509/52/root.crt rename to src/tests/data/x509/pss_certs/52/root.crt diff --git a/src/tests/data/pss_x509/53/end.crt b/src/tests/data/x509/pss_certs/53/end.crt similarity index 100% rename from src/tests/data/pss_x509/53/end.crt rename to src/tests/data/x509/pss_certs/53/end.crt diff --git a/src/tests/data/pss_x509/53/root.crt b/src/tests/data/x509/pss_certs/53/root.crt similarity index 100% rename from src/tests/data/pss_x509/53/root.crt rename to src/tests/data/x509/pss_certs/53/root.crt diff --git a/src/tests/data/pss_x509/54/end.crt b/src/tests/data/x509/pss_certs/54/end.crt similarity index 100% rename from src/tests/data/pss_x509/54/end.crt rename to src/tests/data/x509/pss_certs/54/end.crt diff --git a/src/tests/data/pss_x509/54/root.crt b/src/tests/data/x509/pss_certs/54/root.crt similarity index 100% rename from src/tests/data/pss_x509/54/root.crt rename to src/tests/data/x509/pss_certs/54/root.crt diff --git a/src/tests/data/pss_x509/55/end.crt b/src/tests/data/x509/pss_certs/55/end.crt similarity index 100% rename from src/tests/data/pss_x509/55/end.crt rename to src/tests/data/x509/pss_certs/55/end.crt diff --git a/src/tests/data/pss_x509/55/root.crt b/src/tests/data/x509/pss_certs/55/root.crt similarity index 100% rename from src/tests/data/pss_x509/55/root.crt rename to src/tests/data/x509/pss_certs/55/root.crt diff --git a/src/tests/data/pss_x509/56/end.crt b/src/tests/data/x509/pss_certs/56/end.crt similarity index 100% rename from src/tests/data/pss_x509/56/end.crt rename to src/tests/data/x509/pss_certs/56/end.crt diff --git a/src/tests/data/pss_x509/56/root.crt b/src/tests/data/x509/pss_certs/56/root.crt similarity index 100% rename from src/tests/data/pss_x509/56/root.crt rename to src/tests/data/x509/pss_certs/56/root.crt diff --git a/src/tests/data/pss_x509/57/end.crt b/src/tests/data/x509/pss_certs/57/end.crt similarity index 100% rename from src/tests/data/pss_x509/57/end.crt rename to src/tests/data/x509/pss_certs/57/end.crt diff --git a/src/tests/data/pss_x509/57/root.crt b/src/tests/data/x509/pss_certs/57/root.crt similarity index 100% rename from src/tests/data/pss_x509/57/root.crt rename to src/tests/data/x509/pss_certs/57/root.crt diff --git a/src/tests/data/pss_x509/58/end.crt b/src/tests/data/x509/pss_certs/58/end.crt similarity index 100% rename from src/tests/data/pss_x509/58/end.crt rename to src/tests/data/x509/pss_certs/58/end.crt diff --git a/src/tests/data/pss_x509/58/root.crt b/src/tests/data/x509/pss_certs/58/root.crt similarity index 100% rename from src/tests/data/pss_x509/58/root.crt rename to src/tests/data/x509/pss_certs/58/root.crt diff --git a/src/tests/data/pss_x509/59/end.crt b/src/tests/data/x509/pss_certs/59/end.crt similarity index 100% rename from src/tests/data/pss_x509/59/end.crt rename to src/tests/data/x509/pss_certs/59/end.crt diff --git a/src/tests/data/pss_x509/59/root.crt b/src/tests/data/x509/pss_certs/59/root.crt similarity index 100% rename from src/tests/data/pss_x509/59/root.crt rename to src/tests/data/x509/pss_certs/59/root.crt diff --git a/src/tests/data/pss_x509/60/end.crt b/src/tests/data/x509/pss_certs/60/end.crt similarity index 100% rename from src/tests/data/pss_x509/60/end.crt rename to src/tests/data/x509/pss_certs/60/end.crt diff --git a/src/tests/data/pss_x509/60/root.crt b/src/tests/data/x509/pss_certs/60/root.crt similarity index 100% rename from src/tests/data/pss_x509/60/root.crt rename to src/tests/data/x509/pss_certs/60/root.crt diff --git a/src/tests/data/pss_x509/61/end.crt b/src/tests/data/x509/pss_certs/61/end.crt similarity index 100% rename from src/tests/data/pss_x509/61/end.crt rename to src/tests/data/x509/pss_certs/61/end.crt diff --git a/src/tests/data/pss_x509/61/root.crt b/src/tests/data/x509/pss_certs/61/root.crt similarity index 100% rename from src/tests/data/pss_x509/61/root.crt rename to src/tests/data/x509/pss_certs/61/root.crt diff --git a/src/tests/data/pss_x509/62/end.crt b/src/tests/data/x509/pss_certs/62/end.crt similarity index 100% rename from src/tests/data/pss_x509/62/end.crt rename to src/tests/data/x509/pss_certs/62/end.crt diff --git a/src/tests/data/pss_x509/62/root.crt b/src/tests/data/x509/pss_certs/62/root.crt similarity index 100% rename from src/tests/data/pss_x509/62/root.crt rename to src/tests/data/x509/pss_certs/62/root.crt diff --git a/src/tests/data/pss_x509/63/end.crt b/src/tests/data/x509/pss_certs/63/end.crt similarity index 100% rename from src/tests/data/pss_x509/63/end.crt rename to src/tests/data/x509/pss_certs/63/end.crt diff --git a/src/tests/data/pss_x509/63/root.crt b/src/tests/data/x509/pss_certs/63/root.crt similarity index 100% rename from src/tests/data/pss_x509/63/root.crt rename to src/tests/data/x509/pss_certs/63/root.crt diff --git a/src/tests/data/pss_x509/64/end.crt b/src/tests/data/x509/pss_certs/64/end.crt similarity index 100% rename from src/tests/data/pss_x509/64/end.crt rename to src/tests/data/x509/pss_certs/64/end.crt diff --git a/src/tests/data/pss_x509/64/root.crt b/src/tests/data/x509/pss_certs/64/root.crt similarity index 100% rename from src/tests/data/pss_x509/64/root.crt rename to src/tests/data/x509/pss_certs/64/root.crt diff --git a/src/tests/data/pss_x509/65/end.crt b/src/tests/data/x509/pss_certs/65/end.crt similarity index 100% rename from src/tests/data/pss_x509/65/end.crt rename to src/tests/data/x509/pss_certs/65/end.crt diff --git a/src/tests/data/pss_x509/65/root.crt b/src/tests/data/x509/pss_certs/65/root.crt similarity index 100% rename from src/tests/data/pss_x509/65/root.crt rename to src/tests/data/x509/pss_certs/65/root.crt diff --git a/src/tests/data/pss_x509/66/end.crt b/src/tests/data/x509/pss_certs/66/end.crt similarity index 100% rename from src/tests/data/pss_x509/66/end.crt rename to src/tests/data/x509/pss_certs/66/end.crt diff --git a/src/tests/data/pss_x509/66/root.crt b/src/tests/data/x509/pss_certs/66/root.crt similarity index 100% rename from src/tests/data/pss_x509/66/root.crt rename to src/tests/data/x509/pss_certs/66/root.crt diff --git a/src/tests/data/pss_x509/67/end.crt b/src/tests/data/x509/pss_certs/67/end.crt similarity index 100% rename from src/tests/data/pss_x509/67/end.crt rename to src/tests/data/x509/pss_certs/67/end.crt diff --git a/src/tests/data/pss_x509/67/root.crt b/src/tests/data/x509/pss_certs/67/root.crt similarity index 100% rename from src/tests/data/pss_x509/67/root.crt rename to src/tests/data/x509/pss_certs/67/root.crt diff --git a/src/tests/data/pss_x509/68/end.crt b/src/tests/data/x509/pss_certs/68/end.crt similarity index 100% rename from src/tests/data/pss_x509/68/end.crt rename to src/tests/data/x509/pss_certs/68/end.crt diff --git a/src/tests/data/pss_x509/68/root.crt b/src/tests/data/x509/pss_certs/68/root.crt similarity index 100% rename from src/tests/data/pss_x509/68/root.crt rename to src/tests/data/x509/pss_certs/68/root.crt diff --git a/src/tests/data/pss_x509/69/end.crt b/src/tests/data/x509/pss_certs/69/end.crt similarity index 100% rename from src/tests/data/pss_x509/69/end.crt rename to src/tests/data/x509/pss_certs/69/end.crt diff --git a/src/tests/data/pss_x509/69/root.crt b/src/tests/data/x509/pss_certs/69/root.crt similarity index 100% rename from src/tests/data/pss_x509/69/root.crt rename to src/tests/data/x509/pss_certs/69/root.crt diff --git a/src/tests/data/pss_x509/70/end.crt b/src/tests/data/x509/pss_certs/70/end.crt similarity index 100% rename from src/tests/data/pss_x509/70/end.crt rename to src/tests/data/x509/pss_certs/70/end.crt diff --git a/src/tests/data/pss_x509/70/root.crt b/src/tests/data/x509/pss_certs/70/root.crt similarity index 100% rename from src/tests/data/pss_x509/70/root.crt rename to src/tests/data/x509/pss_certs/70/root.crt diff --git a/src/tests/data/pss_x509/71/end.crt b/src/tests/data/x509/pss_certs/71/end.crt similarity index 100% rename from src/tests/data/pss_x509/71/end.crt rename to src/tests/data/x509/pss_certs/71/end.crt diff --git a/src/tests/data/pss_x509/71/root.crt b/src/tests/data/x509/pss_certs/71/root.crt similarity index 100% rename from src/tests/data/pss_x509/71/root.crt rename to src/tests/data/x509/pss_certs/71/root.crt diff --git a/src/tests/data/pss_x509/72/end.crt b/src/tests/data/x509/pss_certs/72/end.crt similarity index 100% rename from src/tests/data/pss_x509/72/end.crt rename to src/tests/data/x509/pss_certs/72/end.crt diff --git a/src/tests/data/pss_x509/72/root.crt b/src/tests/data/x509/pss_certs/72/root.crt similarity index 100% rename from src/tests/data/pss_x509/72/root.crt rename to src/tests/data/x509/pss_certs/72/root.crt diff --git a/src/tests/data/pss_x509/73/end.crt b/src/tests/data/x509/pss_certs/73/end.crt similarity index 100% rename from src/tests/data/pss_x509/73/end.crt rename to src/tests/data/x509/pss_certs/73/end.crt diff --git a/src/tests/data/pss_x509/73/root.crt b/src/tests/data/x509/pss_certs/73/root.crt similarity index 100% rename from src/tests/data/pss_x509/73/root.crt rename to src/tests/data/x509/pss_certs/73/root.crt diff --git a/src/tests/data/pss_x509/74/end.crt b/src/tests/data/x509/pss_certs/74/end.crt similarity index 100% rename from src/tests/data/pss_x509/74/end.crt rename to src/tests/data/x509/pss_certs/74/end.crt diff --git a/src/tests/data/pss_x509/74/root.crt b/src/tests/data/x509/pss_certs/74/root.crt similarity index 100% rename from src/tests/data/pss_x509/74/root.crt rename to src/tests/data/x509/pss_certs/74/root.crt diff --git a/src/tests/data/pss_x509/75/end.crt b/src/tests/data/x509/pss_certs/75/end.crt similarity index 100% rename from src/tests/data/pss_x509/75/end.crt rename to src/tests/data/x509/pss_certs/75/end.crt diff --git a/src/tests/data/pss_x509/75/root.crt b/src/tests/data/x509/pss_certs/75/root.crt similarity index 100% rename from src/tests/data/pss_x509/75/root.crt rename to src/tests/data/x509/pss_certs/75/root.crt diff --git a/src/tests/data/pss_x509/76/end.crt b/src/tests/data/x509/pss_certs/76/end.crt similarity index 100% rename from src/tests/data/pss_x509/76/end.crt rename to src/tests/data/x509/pss_certs/76/end.crt diff --git a/src/tests/data/pss_x509/76/root.crt b/src/tests/data/x509/pss_certs/76/root.crt similarity index 100% rename from src/tests/data/pss_x509/76/root.crt rename to src/tests/data/x509/pss_certs/76/root.crt diff --git a/src/tests/data/pss_x509/77/end.crt b/src/tests/data/x509/pss_certs/77/end.crt similarity index 100% rename from src/tests/data/pss_x509/77/end.crt rename to src/tests/data/x509/pss_certs/77/end.crt diff --git a/src/tests/data/pss_x509/77/root.crt b/src/tests/data/x509/pss_certs/77/root.crt similarity index 100% rename from src/tests/data/pss_x509/77/root.crt rename to src/tests/data/x509/pss_certs/77/root.crt diff --git a/src/tests/data/pss_x509/78/end.crt b/src/tests/data/x509/pss_certs/78/end.crt similarity index 100% rename from src/tests/data/pss_x509/78/end.crt rename to src/tests/data/x509/pss_certs/78/end.crt diff --git a/src/tests/data/pss_x509/78/root.crt b/src/tests/data/x509/pss_certs/78/root.crt similarity index 100% rename from src/tests/data/pss_x509/78/root.crt rename to src/tests/data/x509/pss_certs/78/root.crt diff --git a/src/tests/data/pss_x509/79/end.crt b/src/tests/data/x509/pss_certs/79/end.crt similarity index 100% rename from src/tests/data/pss_x509/79/end.crt rename to src/tests/data/x509/pss_certs/79/end.crt diff --git a/src/tests/data/pss_x509/79/root.crt b/src/tests/data/x509/pss_certs/79/root.crt similarity index 100% rename from src/tests/data/pss_x509/79/root.crt rename to src/tests/data/x509/pss_certs/79/root.crt diff --git a/src/tests/data/pss_x509/80/end.crt b/src/tests/data/x509/pss_certs/80/end.crt similarity index 100% rename from src/tests/data/pss_x509/80/end.crt rename to src/tests/data/x509/pss_certs/80/end.crt diff --git a/src/tests/data/pss_x509/80/root.crt b/src/tests/data/x509/pss_certs/80/root.crt similarity index 100% rename from src/tests/data/pss_x509/80/root.crt rename to src/tests/data/x509/pss_certs/80/root.crt diff --git a/src/tests/data/pss_x509/81/end.crt b/src/tests/data/x509/pss_certs/81/end.crt similarity index 100% rename from src/tests/data/pss_x509/81/end.crt rename to src/tests/data/x509/pss_certs/81/end.crt diff --git a/src/tests/data/pss_x509/81/root.crt b/src/tests/data/x509/pss_certs/81/root.crt similarity index 100% rename from src/tests/data/pss_x509/81/root.crt rename to src/tests/data/x509/pss_certs/81/root.crt diff --git a/src/tests/data/pss_x509/82/end.crt b/src/tests/data/x509/pss_certs/82/end.crt similarity index 100% rename from src/tests/data/pss_x509/82/end.crt rename to src/tests/data/x509/pss_certs/82/end.crt diff --git a/src/tests/data/pss_x509/83/end.crt b/src/tests/data/x509/pss_certs/83/end.crt similarity index 100% rename from src/tests/data/pss_x509/83/end.crt rename to src/tests/data/x509/pss_certs/83/end.crt diff --git a/src/tests/data/pss_x509/84/end.crt b/src/tests/data/x509/pss_certs/84/end.crt similarity index 100% rename from src/tests/data/pss_x509/84/end.crt rename to src/tests/data/x509/pss_certs/84/end.crt diff --git a/src/tests/data/pss_x509/85/end.crt b/src/tests/data/x509/pss_certs/85/end.crt similarity index 100% rename from src/tests/data/pss_x509/85/end.crt rename to src/tests/data/x509/pss_certs/85/end.crt diff --git a/src/tests/data/pss_x509/86/end.crt b/src/tests/data/x509/pss_certs/86/end.crt similarity index 100% rename from src/tests/data/pss_x509/86/end.crt rename to src/tests/data/x509/pss_certs/86/end.crt diff --git a/src/tests/data/pss_x509/87/end.crt b/src/tests/data/x509/pss_certs/87/end.crt similarity index 100% rename from src/tests/data/pss_x509/87/end.crt rename to src/tests/data/x509/pss_certs/87/end.crt diff --git a/src/tests/data/pss_x509/88/end.crt b/src/tests/data/x509/pss_certs/88/end.crt similarity index 100% rename from src/tests/data/pss_x509/88/end.crt rename to src/tests/data/x509/pss_certs/88/end.crt diff --git a/src/tests/data/pss_x509/89/end.crt b/src/tests/data/x509/pss_certs/89/end.crt similarity index 100% rename from src/tests/data/pss_x509/89/end.crt rename to src/tests/data/x509/pss_certs/89/end.crt diff --git a/src/tests/data/pss_x509/90/end.crt b/src/tests/data/x509/pss_certs/90/end.crt similarity index 100% rename from src/tests/data/pss_x509/90/end.crt rename to src/tests/data/x509/pss_certs/90/end.crt diff --git a/src/tests/data/pss_x509/91/end.crt b/src/tests/data/x509/pss_certs/91/end.crt similarity index 100% rename from src/tests/data/pss_x509/91/end.crt rename to src/tests/data/x509/pss_certs/91/end.crt diff --git a/src/tests/data/pss_x509/92/end.crt b/src/tests/data/x509/pss_certs/92/end.crt similarity index 100% rename from src/tests/data/pss_x509/92/end.crt rename to src/tests/data/x509/pss_certs/92/end.crt diff --git a/src/tests/data/pss_x509/93/end.crt b/src/tests/data/x509/pss_certs/93/end.crt similarity index 100% rename from src/tests/data/pss_x509/93/end.crt rename to src/tests/data/x509/pss_certs/93/end.crt diff --git a/src/tests/data/pss_x509/94/end.crt b/src/tests/data/x509/pss_certs/94/end.crt similarity index 100% rename from src/tests/data/pss_x509/94/end.crt rename to src/tests/data/x509/pss_certs/94/end.crt diff --git a/src/tests/data/pss_x509/95/end.crt b/src/tests/data/x509/pss_certs/95/end.crt similarity index 100% rename from src/tests/data/pss_x509/95/end.crt rename to src/tests/data/x509/pss_certs/95/end.crt diff --git a/src/tests/data/pss_x509/96/end.crt b/src/tests/data/x509/pss_certs/96/end.crt similarity index 100% rename from src/tests/data/pss_x509/96/end.crt rename to src/tests/data/x509/pss_certs/96/end.crt diff --git a/src/tests/data/pss_x509/97/README.txt b/src/tests/data/x509/pss_certs/97/README.txt similarity index 100% rename from src/tests/data/pss_x509/97/README.txt rename to src/tests/data/x509/pss_certs/97/README.txt diff --git a/src/tests/data/pss_x509/97/end.crt b/src/tests/data/x509/pss_certs/97/end.crt similarity index 100% rename from src/tests/data/pss_x509/97/end.crt rename to src/tests/data/x509/pss_certs/97/end.crt diff --git a/src/tests/data/pss_x509/97/root.crt b/src/tests/data/x509/pss_certs/97/root.crt similarity index 100% rename from src/tests/data/pss_x509/97/root.crt rename to src/tests/data/x509/pss_certs/97/root.crt diff --git a/src/tests/data/pss_x509/98/README.txt b/src/tests/data/x509/pss_certs/98/README.txt similarity index 100% rename from src/tests/data/pss_x509/98/README.txt rename to src/tests/data/x509/pss_certs/98/README.txt diff --git a/src/tests/data/pss_x509/98/end.crt b/src/tests/data/x509/pss_certs/98/end.crt similarity index 100% rename from src/tests/data/pss_x509/98/end.crt rename to src/tests/data/x509/pss_certs/98/end.crt diff --git a/src/tests/data/pss_x509/98/root.crt b/src/tests/data/x509/pss_certs/98/root.crt similarity index 100% rename from src/tests/data/pss_x509/98/root.crt rename to src/tests/data/x509/pss_certs/98/root.crt diff --git a/src/tests/data/pss_x509/99/README.txt b/src/tests/data/x509/pss_certs/99/README.txt similarity index 100% rename from src/tests/data/pss_x509/99/README.txt rename to src/tests/data/x509/pss_certs/99/README.txt diff --git a/src/tests/data/pss_x509/99/end.crt b/src/tests/data/x509/pss_certs/99/end.crt similarity index 100% rename from src/tests/data/pss_x509/99/end.crt rename to src/tests/data/x509/pss_certs/99/end.crt diff --git a/src/tests/data/pss_x509/99/root.crt b/src/tests/data/x509/pss_certs/99/root.crt similarity index 100% rename from src/tests/data/pss_x509/99/root.crt rename to src/tests/data/x509/pss_certs/99/root.crt diff --git a/src/tests/data/pss_x509/Sources.txt b/src/tests/data/x509/pss_certs/Sources.txt similarity index 100% rename from src/tests/data/pss_x509/Sources.txt rename to src/tests/data/x509/pss_certs/Sources.txt diff --git a/src/tests/data/pss_x509/expected.txt b/src/tests/data/x509/pss_certs/expected.txt similarity index 100% rename from src/tests/data/pss_x509/expected.txt rename to src/tests/data/x509/pss_certs/expected.txt diff --git a/src/tests/data/pss_x509/validation_times.txt b/src/tests/data/x509/pss_certs/validation_times.txt similarity index 100% rename from src/tests/data/pss_x509/validation_times.txt rename to src/tests/data/x509/pss_certs/validation_times.txt diff --git a/src/tests/data/x509test/InvalidExtendedKeyUsage.pem b/src/tests/data/x509/x509test/InvalidExtendedKeyUsage.pem similarity index 100% rename from src/tests/data/x509test/InvalidExtendedKeyUsage.pem rename to src/tests/data/x509/x509test/InvalidExtendedKeyUsage.pem diff --git a/src/tests/data/x509test/InvalidIntCAFlag.pem b/src/tests/data/x509/x509test/InvalidIntCAFlag.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCAFlag.pem rename to src/tests/data/x509/x509test/InvalidIntCAFlag.pem diff --git a/src/tests/data/x509test/InvalidIntCAKeyUsage.pem b/src/tests/data/x509/x509test/InvalidIntCAKeyUsage.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCAKeyUsage.pem rename to src/tests/data/x509/x509test/InvalidIntCAKeyUsage.pem diff --git a/src/tests/data/x509test/InvalidIntCALen.pem b/src/tests/data/x509/x509test/InvalidIntCALen.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCALen.pem rename to src/tests/data/x509/x509test/InvalidIntCALen.pem diff --git a/src/tests/data/x509test/InvalidIntCALoop.pem b/src/tests/data/x509/x509test/InvalidIntCALoop.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCALoop.pem rename to src/tests/data/x509/x509test/InvalidIntCALoop.pem diff --git a/src/tests/data/x509test/InvalidIntCASelfSign.pem b/src/tests/data/x509/x509test/InvalidIntCASelfSign.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCASelfSign.pem rename to src/tests/data/x509/x509test/InvalidIntCASelfSign.pem diff --git a/src/tests/data/x509test/InvalidIntCAVersionOne.pem b/src/tests/data/x509/x509test/InvalidIntCAVersionOne.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCAVersionOne.pem rename to src/tests/data/x509/x509test/InvalidIntCAVersionOne.pem diff --git a/src/tests/data/x509test/InvalidIntCAVersionTwo.pem b/src/tests/data/x509/x509test/InvalidIntCAVersionTwo.pem similarity index 100% rename from src/tests/data/x509test/InvalidIntCAVersionTwo.pem rename to src/tests/data/x509/x509test/InvalidIntCAVersionTwo.pem diff --git a/src/tests/data/x509test/InvalidKeyUsage.pem b/src/tests/data/x509/x509test/InvalidKeyUsage.pem similarity index 100% rename from src/tests/data/x509test/InvalidKeyUsage.pem rename to src/tests/data/x509/x509test/InvalidKeyUsage.pem diff --git a/src/tests/data/x509test/InvalidName.pem b/src/tests/data/x509/x509test/InvalidName.pem similarity index 100% rename from src/tests/data/x509test/InvalidName.pem rename to src/tests/data/x509/x509test/InvalidName.pem diff --git a/src/tests/data/x509test/InvalidNameAltName.pem b/src/tests/data/x509/x509test/InvalidNameAltName.pem similarity index 100% rename from src/tests/data/x509test/InvalidNameAltName.pem rename to src/tests/data/x509/x509test/InvalidNameAltName.pem diff --git a/src/tests/data/x509test/InvalidNameAltNameWithSubj.pem b/src/tests/data/x509/x509test/InvalidNameAltNameWithSubj.pem similarity index 100% rename from src/tests/data/x509test/InvalidNameAltNameWithSubj.pem rename to src/tests/data/x509/x509test/InvalidNameAltNameWithSubj.pem diff --git a/src/tests/data/x509test/InvalidNameConstraintExclude.pem b/src/tests/data/x509/x509test/InvalidNameConstraintExclude.pem similarity index 100% rename from src/tests/data/x509test/InvalidNameConstraintExclude.pem rename to src/tests/data/x509/x509test/InvalidNameConstraintExclude.pem diff --git a/src/tests/data/x509test/InvalidNameConstraintPermit.pem b/src/tests/data/x509/x509test/InvalidNameConstraintPermit.pem similarity index 100% rename from src/tests/data/x509test/InvalidNameConstraintPermit.pem rename to src/tests/data/x509/x509test/InvalidNameConstraintPermit.pem diff --git a/src/tests/data/x509test/InvalidNameConstraintPermitRight.pem b/src/tests/data/x509/x509test/InvalidNameConstraintPermitRight.pem similarity index 100% rename from src/tests/data/x509test/InvalidNameConstraintPermitRight.pem rename to src/tests/data/x509/x509test/InvalidNameConstraintPermitRight.pem diff --git a/src/tests/data/x509test/InvalidNameConstraintPermitThenExclude.pem b/src/tests/data/x509/x509test/InvalidNameConstraintPermitThenExclude.pem similarity index 100% rename from src/tests/data/x509test/InvalidNameConstraintPermitThenExclude.pem rename to src/tests/data/x509/x509test/InvalidNameConstraintPermitThenExclude.pem diff --git a/src/tests/data/x509test/InvalidNotAfter.pem b/src/tests/data/x509/x509test/InvalidNotAfter.pem similarity index 100% rename from src/tests/data/x509test/InvalidNotAfter.pem rename to src/tests/data/x509/x509test/InvalidNotAfter.pem diff --git a/src/tests/data/x509test/InvalidNotAfterChained.pem b/src/tests/data/x509/x509test/InvalidNotAfterChained.pem similarity index 100% rename from src/tests/data/x509test/InvalidNotAfterChained.pem rename to src/tests/data/x509/x509test/InvalidNotAfterChained.pem diff --git a/src/tests/data/x509test/InvalidNotBefore.pem b/src/tests/data/x509/x509test/InvalidNotBefore.pem similarity index 100% rename from src/tests/data/x509test/InvalidNotBefore.pem rename to src/tests/data/x509/x509test/InvalidNotBefore.pem diff --git a/src/tests/data/x509test/InvalidNotBeforeChained.pem b/src/tests/data/x509/x509test/InvalidNotBeforeChained.pem similarity index 100% rename from src/tests/data/x509test/InvalidNotBeforeChained.pem rename to src/tests/data/x509/x509test/InvalidNotBeforeChained.pem diff --git a/src/tests/data/x509test/InvalidSelfSign.pem b/src/tests/data/x509/x509test/InvalidSelfSign.pem similarity index 100% rename from src/tests/data/x509test/InvalidSelfSign.pem rename to src/tests/data/x509/x509test/InvalidSelfSign.pem diff --git a/src/tests/data/x509test/InvalidWildcardAll.pem b/src/tests/data/x509/x509test/InvalidWildcardAll.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardAll.pem rename to src/tests/data/x509/x509test/InvalidWildcardAll.pem diff --git a/src/tests/data/x509test/InvalidWildcardAllAltName.pem b/src/tests/data/x509/x509test/InvalidWildcardAllAltName.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardAllAltName.pem rename to src/tests/data/x509/x509test/InvalidWildcardAllAltName.pem diff --git a/src/tests/data/x509test/InvalidWildcardLeft.pem b/src/tests/data/x509/x509test/InvalidWildcardLeft.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardLeft.pem rename to src/tests/data/x509/x509test/InvalidWildcardLeft.pem diff --git a/src/tests/data/x509test/InvalidWildcardLeftAltName.pem b/src/tests/data/x509/x509test/InvalidWildcardLeftAltName.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardLeftAltName.pem rename to src/tests/data/x509/x509test/InvalidWildcardLeftAltName.pem diff --git a/src/tests/data/x509test/InvalidWildcardMid.pem b/src/tests/data/x509/x509test/InvalidWildcardMid.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardMid.pem rename to src/tests/data/x509/x509test/InvalidWildcardMid.pem diff --git a/src/tests/data/x509test/InvalidWildcardMidAltName.pem b/src/tests/data/x509/x509test/InvalidWildcardMidAltName.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardMidAltName.pem rename to src/tests/data/x509/x509test/InvalidWildcardMidAltName.pem diff --git a/src/tests/data/x509test/InvalidWildcardMidMixed.pem b/src/tests/data/x509/x509test/InvalidWildcardMidMixed.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardMidMixed.pem rename to src/tests/data/x509/x509test/InvalidWildcardMidMixed.pem diff --git a/src/tests/data/x509test/InvalidWildcardMidMixedAltName.pem b/src/tests/data/x509/x509test/InvalidWildcardMidMixedAltName.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardMidMixedAltName.pem rename to src/tests/data/x509/x509test/InvalidWildcardMidMixedAltName.pem diff --git a/src/tests/data/x509test/InvalidWildcardSingle.pem b/src/tests/data/x509/x509test/InvalidWildcardSingle.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardSingle.pem rename to src/tests/data/x509/x509test/InvalidWildcardSingle.pem diff --git a/src/tests/data/x509test/InvalidWildcardSingleAltName.pem b/src/tests/data/x509/x509test/InvalidWildcardSingleAltName.pem similarity index 100% rename from src/tests/data/x509test/InvalidWildcardSingleAltName.pem rename to src/tests/data/x509/x509test/InvalidWildcardSingleAltName.pem diff --git a/src/tests/data/x509test/MissingIntCABasicConstraintWithCertSign.pem b/src/tests/data/x509/x509test/MissingIntCABasicConstraintWithCertSign.pem similarity index 100% rename from src/tests/data/x509test/MissingIntCABasicConstraintWithCertSign.pem rename to src/tests/data/x509/x509test/MissingIntCABasicConstraintWithCertSign.pem diff --git a/src/tests/data/x509test/MissingIntCAExtensions.pem b/src/tests/data/x509/x509test/MissingIntCAExtensions.pem similarity index 100% rename from src/tests/data/x509test/MissingIntCAExtensions.pem rename to src/tests/data/x509/x509test/MissingIntCAExtensions.pem diff --git a/src/tests/data/x509test/ValidAltName.pem b/src/tests/data/x509/x509test/ValidAltName.pem similarity index 100% rename from src/tests/data/x509test/ValidAltName.pem rename to src/tests/data/x509/x509test/ValidAltName.pem diff --git a/src/tests/data/x509test/ValidCert.pem b/src/tests/data/x509/x509test/ValidCert.pem similarity index 100% rename from src/tests/data/x509test/ValidCert.pem rename to src/tests/data/x509/x509test/ValidCert.pem diff --git a/src/tests/data/x509test/ValidChained.pem b/src/tests/data/x509/x509test/ValidChained.pem similarity index 100% rename from src/tests/data/x509test/ValidChained.pem rename to src/tests/data/x509/x509test/ValidChained.pem diff --git a/src/tests/data/x509test/ValidIntCALen.pem b/src/tests/data/x509/x509test/ValidIntCALen.pem similarity index 100% rename from src/tests/data/x509test/ValidIntCALen.pem rename to src/tests/data/x509/x509test/ValidIntCALen.pem diff --git a/src/tests/data/x509test/ValidNameConstraint.pem b/src/tests/data/x509/x509test/ValidNameConstraint.pem similarity index 100% rename from src/tests/data/x509test/ValidNameConstraint.pem rename to src/tests/data/x509/x509test/ValidNameConstraint.pem diff --git a/src/tests/data/x509test/ValidWildcard.pem b/src/tests/data/x509/x509test/ValidWildcard.pem similarity index 100% rename from src/tests/data/x509test/ValidWildcard.pem rename to src/tests/data/x509/x509test/ValidWildcard.pem diff --git a/src/tests/data/x509test/expected.txt b/src/tests/data/x509/x509test/expected.txt similarity index 100% rename from src/tests/data/x509test/expected.txt rename to src/tests/data/x509/x509test/expected.txt diff --git a/src/tests/data/x509test/root.pem b/src/tests/data/x509/x509test/root.pem similarity index 100% rename from src/tests/data/x509test/root.pem rename to src/tests/data/x509/x509test/root.pem diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index fff1ff8ccf..9b3848f21a 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -267,7 +267,7 @@ class Certstor_Tests final : public Test public: std::vector run() override { - const std::string test_dir = Test::data_dir() + "/certstor"; + const std::string test_dir = Test::data_dir() + "/x509/certstor"; struct CertificateAndKeyFilenames { const std::string certificate; diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index d1879ff937..26325d21f4 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -269,7 +269,7 @@ class FFI_Unit_Tests final : public Test #if defined(BOTAN_HAS_ECDSA) // x509 cert test botan_x509_cert_t cert; - if(TEST_FFI_OK(botan_x509_cert_load_file, (&cert, Test::data_file("ecc/CSCA.CSCA.csca-germany.1.crt").c_str()))) + if(TEST_FFI_OK(botan_x509_cert_load_file, (&cert, Test::data_file("x509/ecc/CSCA.CSCA.csca-germany.1.crt").c_str()))) { size_t date_len = 0; TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_x509_cert_get_time_starts, (cert, nullptr, &date_len)); diff --git a/src/tests/test_name_constraint.cpp b/src/tests/test_name_constraint.cpp index 62c014fdee..93fb66a6bd 100644 --- a/src/tests/test_name_constraint.cpp +++ b/src/tests/test_name_constraint.cpp @@ -65,8 +65,8 @@ class Name_Constraint_Tests final : public Test for(const auto& t : test_cases) { - Botan::X509_Certificate root(Test::data_file("name_constraint/" + std::get<0>(t))); - Botan::X509_Certificate sub(Test::data_file("name_constraint/" + std::get<1>(t))); + Botan::X509_Certificate root(Test::data_file("x509/name_constraint/" + std::get<0>(t))); + Botan::X509_Certificate sub(Test::data_file("x509/name_constraint/" + std::get<1>(t))); Botan::Certificate_Store_In_Memory trusted; Test::Result result("X509v3 Name Constraints: " + std::get<1>(t)); diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index b0384acb8d..1d64018ccf 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -66,9 +66,9 @@ class OCSP_Tests final : public Test // Simple parsing tests const std::vector ocsp_input_paths = { - "ocsp/resp1.der", - "ocsp/resp2.der", - "ocsp/resp3.der" + "x509/ocsp/resp1.der", + "x509/ocsp/resp2.der", + "x509/ocsp/resp3.der" }; for(std::string ocsp_input_path : ocsp_input_paths) @@ -93,7 +93,7 @@ class OCSP_Tests final : public Test try { - Botan::OCSP::Response resp1(slurp_data_file("ocsp/resp1.der")); + Botan::OCSP::Response resp1(slurp_data_file("x509/ocsp/resp1.der")); const auto &certs1 = resp1.certificates(); if(result.test_eq("Expected count of certificates", certs1.size(), 1)) { @@ -105,7 +105,7 @@ class OCSP_Tests final : public Test result.test_eq("CN matches expected", matches, true); } - Botan::OCSP::Response resp2(slurp_data_file("ocsp/resp2.der")); + Botan::OCSP::Response resp2(slurp_data_file("x509/ocsp/resp2.der")); const auto &certs2 = resp2.certificates(); result.test_eq("Expect no certificates", certs2.size(), 0); } @@ -121,8 +121,8 @@ class OCSP_Tests final : public Test { Test::Result result("OCSP request encoding"); - const Botan::X509_Certificate end_entity(Test::data_file("ocsp/gmail.pem")); - const Botan::X509_Certificate issuer(Test::data_file("ocsp/google_g2.pem")); + const Botan::X509_Certificate end_entity(Test::data_file("x509/ocsp/gmail.pem")); + const Botan::X509_Certificate issuer(Test::data_file("x509/ocsp/google_g2.pem")); try { @@ -155,13 +155,13 @@ class OCSP_Tests final : public Test { Test::Result result("OCSP request check"); - std::shared_ptr ee = load_test_X509_cert("ocsp/randombit.pem"); - std::shared_ptr ca = load_test_X509_cert("ocsp/letsencrypt.pem"); - std::shared_ptr trust_root = load_test_X509_cert("ocsp/geotrust.pem"); + std::shared_ptr ee = load_test_X509_cert("x509/ocsp/randombit.pem"); + std::shared_ptr ca = load_test_X509_cert("x509/ocsp/letsencrypt.pem"); + std::shared_ptr trust_root = load_test_X509_cert("x509/ocsp/geotrust.pem"); const std::vector> cert_path = { ee, ca, trust_root }; - std::shared_ptr ocsp = load_test_OCSP_resp("ocsp/randombit_ocsp.der"); + std::shared_ptr ocsp = load_test_OCSP_resp("x509/ocsp/randombit_ocsp.der"); Botan::Certificate_Store_In_Memory certstore; certstore.add_certificate(trust_root); @@ -187,9 +187,9 @@ class OCSP_Tests final : public Test Test::Result result("OCSP online check"); // Expired end-entity certificate: - std::shared_ptr ee = load_test_X509_cert("ocsp/randombit.pem"); - std::shared_ptr ca = load_test_X509_cert("ocsp/letsencrypt.pem"); - std::shared_ptr trust_root = load_test_X509_cert("ocsp/identrust.pem"); + std::shared_ptr ee = load_test_X509_cert("x509/ocsp/randombit.pem"); + std::shared_ptr ca = load_test_X509_cert("x509/ocsp/letsencrypt.pem"); + std::shared_ptr trust_root = load_test_X509_cert("x509/ocsp/identrust.pem"); const std::vector> cert_path = { ee, ca, trust_root }; diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index c1d8a5b172..2ac4a3fcea 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -72,12 +72,12 @@ class X509test_Path_Validation_Tests final : public Test // Test certs generated by https://github.com/yymax/x509test std::map expected = - read_results(Test::data_file("x509test/expected.txt")); + read_results(Test::data_file("x509/x509test/expected.txt")); // Current tests use SHA-1 const Botan::Path_Validation_Restrictions restrictions(false, 80); - Botan::X509_Certificate root(Test::data_file("x509test/root.pem")); + Botan::X509_Certificate root(Test::data_file("x509/x509test/root.pem")); Botan::Certificate_Store_In_Memory trusted; trusted.add_certificate(root); @@ -91,7 +91,7 @@ class X509test_Path_Validation_Tests final : public Test const std::string expected_result = i->second; std::vector certs = - load_cert_file(Test::data_file("x509test/" + filename)); + load_cert_file(Test::data_file("x509/x509test/" + filename)); if(certs.empty()) { @@ -159,7 +159,7 @@ std::vector NIST_Path_Validation_Tests::run() * - Tests #75 and #76 are skipped as they make use of relatively * obscure CRL extensions which are not supported. */ - const std::string nist_test_dir = Test::data_dir() + "/nist_x509"; + const std::string nist_test_dir = Test::data_dir() + "/x509/nist"; try { @@ -175,7 +175,7 @@ std::vector NIST_Path_Validation_Tests::run() } std::map expected = - read_results(Test::data_file("nist_x509/expected.txt")); + read_results(Test::data_file("x509/nist/expected.txt")); const Botan::X509_Certificate root_cert(nist_test_dir + "/root.crt"); const Botan::X509_CRL root_crl(nist_test_dir + "/root.crl"); @@ -259,7 +259,7 @@ std::vector Extended_Path_Validation_Tests::run() { std::vector results; - const std::string extended_x509_test_dir = Test::data_dir() + "/extended_x509"; + const std::string extended_x509_test_dir = Test::data_dir() + "/x509/extended"; try { @@ -275,7 +275,7 @@ std::vector Extended_Path_Validation_Tests::run() } std::map expected = - read_results(Test::data_file("extended_x509/expected.txt")); + read_results(Test::data_file("x509/extended/expected.txt")); for(auto i = expected.begin(); i != expected.end(); ++i) { @@ -337,7 +337,7 @@ std::vector PSS_Path_Validation_Tests::run() { std::vector results; - const std::string pss_x509_test_dir = Test::data_dir() + "/pss_x509"; + const std::string pss_x509_test_dir = Test::data_dir() + "/x509/pss_certs"; try { @@ -353,10 +353,10 @@ std::vector PSS_Path_Validation_Tests::run() } std::map expected = - read_results(Test::data_file("pss_x509/expected.txt")); + read_results(Test::data_file("x509/pss_certs/expected.txt")); std::map validation_times = - read_results(Test::data_file("pss_x509/validation_times.txt")); + read_results(Test::data_file("x509/pss_certs/validation_times.txt")); auto validation_times_iter = validation_times.begin(); for(auto i = expected.begin(); i != expected.end(); ++i) diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 584fa5e1d6..a406878fbf 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -80,7 +80,7 @@ Test::Result test_hash_larger_than_n() Test::Result test_decode_ecdsa_X509() { Test::Result result("ECDSA Unit"); - Botan::X509_Certificate cert(Test::data_file("ecc/CSCA.CSCA.csca-germany.1.crt")); + Botan::X509_Certificate cert(Test::data_file("x509/ecc/CSCA.CSCA.csca-germany.1.crt")); result.test_eq("correct signature oid", Botan::OIDS::lookup(cert.signature_algorithm().oid), "ECDSA/EMSA1(SHA-224)"); @@ -98,8 +98,8 @@ Test::Result test_decode_ecdsa_X509() Test::Result test_decode_ver_link_SHA256() { Test::Result result("ECDSA Unit"); - Botan::X509_Certificate root_cert(Test::data_file("ecc/root2_SHA256.cer")); - Botan::X509_Certificate link_cert(Test::data_file("ecc/link_SHA256.cer")); + Botan::X509_Certificate root_cert(Test::data_file("x509/ecc/root2_SHA256.cer")); + Botan::X509_Certificate link_cert(Test::data_file("x509/ecc/link_SHA256.cer")); std::unique_ptr pubkey(root_cert.subject_public_key()); result.confirm("verified self-signed signature", link_cert.check_signature(*pubkey)); @@ -108,8 +108,8 @@ Test::Result test_decode_ver_link_SHA256() Test::Result test_decode_ver_link_SHA1() { - Botan::X509_Certificate root_cert(Test::data_file("ecc/root_SHA1.163.crt")); - Botan::X509_Certificate link_cert(Test::data_file("ecc/link_SHA1.166.crt")); + Botan::X509_Certificate root_cert(Test::data_file("x509/ecc/root_SHA1.163.crt")); + Botan::X509_Certificate link_cert(Test::data_file("x509/ecc/link_SHA1.166.crt")); Test::Result result("ECDSA Unit"); std::unique_ptr pubkey(root_cert.subject_public_key()); @@ -269,7 +269,7 @@ Test::Result test_read_pkcs8() try { std::unique_ptr loaded_key_nodp(Botan::PKCS8::load_key( - Test::data_file("ecc/nodompar_private.pkcs8.pem"), Test::rng())); + Test::data_file("x509/ecc/nodompar_private.pkcs8.pem"), Test::rng())); // anew in each test with unregistered domain-parameters Botan::ECDSA_PrivateKey* ecdsa_nodp = dynamic_cast(loaded_key_nodp.get()); if(!ecdsa_nodp) @@ -287,7 +287,7 @@ Test::Result test_read_pkcs8() try { std::unique_ptr loaded_key_withdp( - Botan::PKCS8::load_key(Test::data_file("ecc/withdompar_private.pkcs8.pem"), Test::rng())); + Botan::PKCS8::load_key(Test::data_file("x509/ecc/withdompar_private.pkcs8.pem"), Test::rng())); result.test_failure("loaded key with unknown OID"); } @@ -369,7 +369,7 @@ Test::Result test_ecc_key_with_rfc5915_extensions() try { std::unique_ptr pkcs8( - Botan::PKCS8::load_key(Test::data_file("ecc/ecc_private_with_rfc5915_ext.pem"), Test::rng())); + Botan::PKCS8::load_key(Test::data_file("x509/ecc/ecc_private_with_rfc5915_ext.pem"), Test::rng())); result.confirm("loaded RFC 5915 key", pkcs8.get()); result.test_eq("key is ECDSA", pkcs8->algo_name(), "ECDSA"); @@ -390,7 +390,7 @@ Test::Result test_ecc_key_with_rfc5915_parameters() try { std::unique_ptr pkcs8( - Botan::PKCS8::load_key(Test::data_file("ecc/ecc_private_with_rfc5915_parameters.pem"), Test::rng())); + Botan::PKCS8::load_key(Test::data_file("x509/ecc/ecc_private_with_rfc5915_parameters.pem"), Test::rng())); result.confirm("loaded RFC 5915 key", pkcs8.get()); result.test_eq("key is ECDSA", pkcs8->algo_name(), "ECDSA"); diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index d2156cf607..72c497ca72 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -367,9 +367,9 @@ Test::Result test_crl_dn_name() const Botan::OID dc_oid("0.9.2342.19200300.100.1.25"); - Botan::X509_Certificate cert(Test::data_file("misc_certs/opcuactt_ca.der")); + Botan::X509_Certificate cert(Test::data_file("x509/misc/opcuactt_ca.der")); - Botan::DataSource_Stream key_input(Test::data_file("misc_certs/opcuactt_ca.pem")); + Botan::DataSource_Stream key_input(Test::data_file("x509/misc/opcuactt_ca.pem")); std::unique_ptr key = Botan::PKCS8::load_key(key_input); Botan::X509_CA ca(cert, *key, "SHA-256", Test::rng()); @@ -389,7 +389,7 @@ Test::Result test_x509_utf8() try { - Botan::X509_Certificate utf8_cert(Test::data_file("x509test/contains_utf8string.pem")); + Botan::X509_Certificate utf8_cert(Test::data_file("x509/misc/contains_utf8string.pem")); // UTF-8 encoded fields of test certificate (contains cyrillic letters) const std::string organization = @@ -425,7 +425,7 @@ Test::Result test_x509_bmpstring() try { - Botan::X509_Certificate ucs2_cert(Test::data_file("x509test/contains_bmpstring.pem")); + Botan::X509_Certificate ucs2_cert(Test::data_file("x509/misc/contains_bmpstring.pem")); // UTF-8 encoded fields of test certificate (contains cyrillic and greek letters) const std::string organization = From 4e619d418353dbee933dee1cf05471162118cc9f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 13:57:21 -0500 Subject: [PATCH 0194/1008] Fix Python tests --- src/python/botan2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/python/botan2.py b/src/python/botan2.py index d1c56702b1..a489a4b34c 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -918,7 +918,7 @@ def test_dh(): (dh_grp, hex_encode(a_key), hex_encode(b_key))) def test_certs(): - cert = x509_cert(filename="src/tests/data/ecc/CSCA.CSCA.csca-germany.1.crt") + cert = x509_cert(filename="src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt") print("CSCA (Germany) Certificate\nDetails:") print("SHA-1 fingerprint: %s" % cert.fingerprint("SHA-1")) print("Expected: 32:42:1C:C3:EC:54:D7:E9:43:EC:51:F0:19:23:BD:85:1D:F2:1B:B9") From ce397a06d1285f38195f91f08e2712307277df62 Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Thu, 16 Nov 2017 19:58:20 +0100 Subject: [PATCH 0195/1008] Fix secure_allocator with std::string on VS2013 Closes #1295 --- src/lib/base/secmem.h | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/lib/base/secmem.h b/src/lib/base/secmem.h index 80dc69c140..9449d015e7 100644 --- a/src/lib/base/secmem.h +++ b/src/lib/base/secmem.h @@ -40,6 +40,22 @@ class secure_allocator secure_allocator(const secure_allocator&) = default; secure_allocator& operator=(const secure_allocator&) = default; ~secure_allocator() = default; + + template + struct rebind + { + typedef secure_allocator other; + }; + + void construct(value_type* mem, const value_type& value) + { + std::_Construct(mem, value); + } + + void destroy(value_type* mem) + { + std::_Destroy(mem); + } #else secure_allocator() BOTAN_NOEXCEPT = default; secure_allocator(const secure_allocator&) BOTAN_NOEXCEPT = default; @@ -90,7 +106,7 @@ size_t buffer_insert(std::vector& buf, size_t input_length) { const size_t to_copy = std::min(input_length, buf.size() - buf_offset); - if (to_copy > 0) + if(to_copy > 0) { copy_mem(&buf[buf_offset], input, to_copy); } @@ -103,7 +119,7 @@ size_t buffer_insert(std::vector& buf, const std::vector& input) { const size_t to_copy = std::min(input.size(), buf.size() - buf_offset); - if (to_copy > 0) + if(to_copy > 0) { copy_mem(&buf[buf_offset], input.data(), to_copy); } @@ -117,7 +133,7 @@ operator+=(std::vector& out, { const size_t copy_offset = out.size(); out.resize(out.size() + in.size()); - if (in.size() > 0) + if(in.size() > 0) { copy_mem(&out[copy_offset], in.data(), in.size()); } @@ -137,7 +153,7 @@ std::vector& operator+=(std::vector& out, { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); - if (in.second > 0) + if(in.second > 0) { copy_mem(&out[copy_offset], in.first, in.second); } @@ -150,7 +166,7 @@ std::vector& operator+=(std::vector& out, { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); - if (in.second > 0) + if(in.second > 0) { copy_mem(&out[copy_offset], in.first, in.second); } From 89a8317e3fce81df54c5664c19807e7fd416053f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 16:51:52 -0500 Subject: [PATCH 0196/1008] Fix path to cert test data --- src/tests/test_pkcs11_high_level.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 1ae7f55275..950171d9c0 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -1552,7 +1552,7 @@ Test::Result test_x509_import() TestSession test_session(true); - X509_Certificate root(Test::data_file("nist_x509/test01/end.crt")); + X509_Certificate root(Test::data_file("x509/nist/test01/end.crt")); X509_CertificateProperties props(DER_Encoder().encode(root.subject_dn()).get_contents_unlocked(), root.BER_encode()); props.set_label("Botan PKCS#11 test certificate"); props.set_private(false); From 5620a20509ba51b67d8329f2acab4242a733d2a5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 17:19:11 -0500 Subject: [PATCH 0197/1008] Optimize Twofish Interleaving two blocks is 40-50% faster for any mode that supports parallel operation. --- news.rst | 2 +- src/lib/block/twofish/twofish.cpp | 232 ++++++++++++++++++++---------- src/tests/data/block/twofish.vec | 20 +-- 3 files changed, 159 insertions(+), 95 deletions(-) diff --git a/news.rst b/news.rst index c5a9fcd04a..8be2b3476a 100644 --- a/news.rst +++ b/news.rst @@ -20,7 +20,7 @@ Version 2.4.0, Not Yet Released and pmull. (GH #1253 #1263) * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, - Blowfish, CAST-128, and CRC24 (GH #1281) + Blowfish, Twofish, CAST-128, and CRC24 (GH #1281) * Salsa20 now supports the seek operation. diff --git a/src/lib/block/twofish/twofish.cpp b/src/lib/block/twofish/twofish.cpp index 496c31a36c..3a508dc9d5 100644 --- a/src/lib/block/twofish/twofish.cpp +++ b/src/lib/block/twofish/twofish.cpp @@ -1,6 +1,6 @@ /* * Twofish -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2017 Jack Lloyd * * The key schedule implemenation is based on a public domain * implementation by Matthew Skala @@ -14,6 +14,48 @@ namespace Botan { +namespace { + +inline void TF_E(uint32_t A, uint32_t B, uint32_t& C, uint32_t& D, + uint32_t RK1, uint32_t RK2, + const secure_vector& SB) + { + uint32_t X = SB[ get_byte(3, A)] ^ SB[256+get_byte(2, A)] ^ + SB[512+get_byte(1, A)] ^ SB[768+get_byte(0, A)]; + uint32_t Y = SB[ get_byte(0, B)] ^ SB[256+get_byte(3, B)] ^ + SB[512+get_byte(2, B)] ^ SB[768+get_byte(1, B)]; + + X += Y; + Y += X; + + X += RK1; + Y += RK2; + + C = rotr<1>(C ^ X); + D = rotl<1>(D) ^ Y; + } + +inline void TF_D(uint32_t A, uint32_t B, uint32_t& C, uint32_t& D, + uint32_t RK1, uint32_t RK2, + const secure_vector& SB) + { + uint32_t X = SB[ get_byte(3, A)] ^ SB[256+get_byte(2, A)] ^ + SB[512+get_byte(1, A)] ^ SB[768+get_byte(0, A)]; + uint32_t Y = SB[ get_byte(0, B)] ^ SB[256+get_byte(3, B)] ^ + SB[512+get_byte(2, B)] ^ SB[768+get_byte(1, B)]; + + X += Y; + Y += X; + + X += RK1; + Y += RK2; + + C = rotl<1>(C) ^ X; + D = rotr<1>(D ^ Y); + } + +} + /* * Twofish Encryption */ @@ -21,41 +63,60 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { verify_key_set(m_SB.empty() == false); - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + while(blocks >= 2) + { + uint32_t A0, B0, C0, D0; + uint32_t A1, B1, C1, D1; + load_le(in, A0, B0, C0, D0, A1, B1, C1, D1); + + A0 ^= m_RK[0]; + A1 ^= m_RK[0]; + B0 ^= m_RK[1]; + B1 ^= m_RK[1]; + C0 ^= m_RK[2]; + C1 ^= m_RK[2]; + D0 ^= m_RK[3]; + D1 ^= m_RK[3]; + + for(size_t k = 8; k != 40; k += 4) + { + TF_E(A0, B0, C0, D0, m_RK[k+0], m_RK[k+1], m_SB); + TF_E(A1, B1, C1, D1, m_RK[k+0], m_RK[k+1], m_SB); + + TF_E(C0, D0, A0, B0, m_RK[k+2], m_RK[k+3], m_SB); + TF_E(C1, D1, A1, B1, m_RK[k+2], m_RK[k+3], m_SB); + } + + C0 ^= m_RK[4]; + C1 ^= m_RK[4]; + D0 ^= m_RK[5]; + D1 ^= m_RK[5]; + A0 ^= m_RK[6]; + A1 ^= m_RK[6]; + B0 ^= m_RK[7]; + B1 ^= m_RK[7]; + + store_le(out, C0, D0, A0, B0, C1, D1, A1, B1); + + blocks -= 2; + out += 2*BLOCK_SIZE; + in += 2*BLOCK_SIZE; + } + + if(blocks) { uint32_t A, B, C, D; - load_le(in + BLOCK_SIZE*i, A, B, C, D); + load_le(in, A, B, C, D); A ^= m_RK[0]; B ^= m_RK[1]; C ^= m_RK[2]; D ^= m_RK[3]; - for(size_t j = 0; j != 16; j += 2) + for(size_t k = 8; k != 40; k += 4) { - uint32_t X, Y; - - X = m_SB[ get_byte(3, A)] ^ m_SB[256+get_byte(2, A)] ^ - m_SB[512+get_byte(1, A)] ^ m_SB[768+get_byte(0, A)]; - Y = m_SB[ get_byte(0, B)] ^ m_SB[256+get_byte(3, B)] ^ - m_SB[512+get_byte(2, B)] ^ m_SB[768+get_byte(1, B)]; - X += Y; - Y += X + m_RK[2*j + 9]; - X += m_RK[2*j + 8]; - - C = rotr<1>(C ^ X); - D = rotl<1>(D) ^ Y; - - X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ - m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; - Y = m_SB[ get_byte(0, D)] ^ m_SB[256+get_byte(3, D)] ^ - m_SB[512+get_byte(2, D)] ^ m_SB[768+get_byte(1, D)]; - X += Y; - Y += X + m_RK[2*j + 11]; - X += m_RK[2*j + 10]; - - A = rotr<1>(A ^ X); - B = rotl<1>(B) ^ Y; + TF_E(A, B, C, D, m_RK[k ], m_RK[k+1], m_SB); + TF_E(C, D, A, B, m_RK[k+2], m_RK[k+3], m_SB); } C ^= m_RK[4]; @@ -63,7 +124,7 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const A ^= m_RK[6]; B ^= m_RK[7]; - store_le(out + BLOCK_SIZE*i, C, D, A, B); + store_le(out, C, D, A, B); } } @@ -74,41 +135,60 @@ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { verify_key_set(m_SB.empty() == false); - BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks; ++i) + while(blocks >= 2) + { + uint32_t A0, B0, C0, D0; + uint32_t A1, B1, C1, D1; + load_le(in, A0, B0, C0, D0, A1, B1, C1, D1); + + A0 ^= m_RK[4]; + A1 ^= m_RK[4]; + B0 ^= m_RK[5]; + B1 ^= m_RK[5]; + C0 ^= m_RK[6]; + C1 ^= m_RK[6]; + D0 ^= m_RK[7]; + D1 ^= m_RK[7]; + + for(size_t k = 40; k != 8; k -= 4) + { + TF_D(A0, B0, C0, D0, m_RK[k-2], m_RK[k-1], m_SB); + TF_D(A1, B1, C1, D1, m_RK[k-2], m_RK[k-1], m_SB); + + TF_D(C0, D0, A0, B0, m_RK[k-4], m_RK[k-3], m_SB); + TF_D(C1, D1, A1, B1, m_RK[k-4], m_RK[k-3], m_SB); + } + + C0 ^= m_RK[0]; + C1 ^= m_RK[0]; + D0 ^= m_RK[1]; + D1 ^= m_RK[1]; + A0 ^= m_RK[2]; + A1 ^= m_RK[2]; + B0 ^= m_RK[3]; + B1 ^= m_RK[3]; + + store_le(out, C0, D0, A0, B0, C1, D1, A1, B1); + + blocks -= 2; + out += 2*BLOCK_SIZE; + in += 2*BLOCK_SIZE; + } + + if(blocks) { uint32_t A, B, C, D; - load_le(in + BLOCK_SIZE*i, A, B, C, D); + load_le(in, A, B, C, D); A ^= m_RK[4]; B ^= m_RK[5]; C ^= m_RK[6]; D ^= m_RK[7]; - for(size_t j = 0; j != 16; j += 2) + for(size_t k = 40; k != 8; k -= 4) { - uint32_t X, Y; - - X = m_SB[ get_byte(3, A)] ^ m_SB[256+get_byte(2, A)] ^ - m_SB[512+get_byte(1, A)] ^ m_SB[768+get_byte(0, A)]; - Y = m_SB[ get_byte(0, B)] ^ m_SB[256+get_byte(3, B)] ^ - m_SB[512+get_byte(2, B)] ^ m_SB[768+get_byte(1, B)]; - X += Y; - Y += X + m_RK[39 - 2*j]; - X += m_RK[38 - 2*j]; - - C = rotl<1>(C) ^ X; - D = rotr<1>(D ^ Y); - - X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ - m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; - Y = m_SB[ get_byte(0, D)] ^ m_SB[256+get_byte(3, D)] ^ - m_SB[512+get_byte(2, D)] ^ m_SB[768+get_byte(1, D)]; - X += Y; - Y += X + m_RK[37 - 2*j]; - X += m_RK[36 - 2*j]; - - A = rotl<1>(A) ^ X; - B = rotr<1>(B ^ Y); + TF_D(A, B, C, D, m_RK[k-2], m_RK[k-1], m_SB); + TF_D(C, D, A, B, m_RK[k-4], m_RK[k-3], m_SB); } C ^= m_RK[0]; @@ -116,7 +196,7 @@ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const A ^= m_RK[2]; B ^= m_RK[3]; - store_le(out + BLOCK_SIZE*i, C, D, A, B); + store_le(out, C, D, A, B); } } @@ -161,16 +241,16 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) m_SB[768+i] = MDS3[Q1[Q1[i]^S[ 3]]^S[ 7]]; } - BOTAN_PARALLEL_FOR(size_t i = 0; i < 40; i += 2) + for(size_t i = 0; i < 40; i += 2) { uint32_t X = MDS0[Q0[Q0[i ]^key[ 8]]^key[ 0]] ^ - MDS1[Q0[Q1[i ]^key[ 9]]^key[ 1]] ^ - MDS2[Q1[Q0[i ]^key[10]]^key[ 2]] ^ - MDS3[Q1[Q1[i ]^key[11]]^key[ 3]]; + MDS1[Q0[Q1[i ]^key[ 9]]^key[ 1]] ^ + MDS2[Q1[Q0[i ]^key[10]]^key[ 2]] ^ + MDS3[Q1[Q1[i ]^key[11]]^key[ 3]]; uint32_t Y = MDS0[Q0[Q0[i+1]^key[12]]^key[ 4]] ^ - MDS1[Q0[Q1[i+1]^key[13]]^key[ 5]] ^ - MDS2[Q1[Q0[i+1]^key[14]]^key[ 6]] ^ - MDS3[Q1[Q1[i+1]^key[15]]^key[ 7]]; + MDS1[Q0[Q1[i+1]^key[13]]^key[ 5]] ^ + MDS2[Q1[Q0[i+1]^key[14]]^key[ 6]] ^ + MDS3[Q1[Q1[i+1]^key[15]]^key[ 7]]; Y = rotl<8>(Y); X += Y; Y += X; @@ -188,16 +268,16 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) m_SB[768+i] = MDS3[Q1[Q1[Q0[i]^S[ 3]]^S[ 7]]^S[11]]; } - BOTAN_PARALLEL_FOR(size_t i = 0; i < 40; i += 2) + for(size_t i = 0; i < 40; i += 2) { uint32_t X = MDS0[Q0[Q0[Q1[i ]^key[16]]^key[ 8]]^key[ 0]] ^ - MDS1[Q0[Q1[Q1[i ]^key[17]]^key[ 9]]^key[ 1]] ^ - MDS2[Q1[Q0[Q0[i ]^key[18]]^key[10]]^key[ 2]] ^ - MDS3[Q1[Q1[Q0[i ]^key[19]]^key[11]]^key[ 3]]; + MDS1[Q0[Q1[Q1[i ]^key[17]]^key[ 9]]^key[ 1]] ^ + MDS2[Q1[Q0[Q0[i ]^key[18]]^key[10]]^key[ 2]] ^ + MDS3[Q1[Q1[Q0[i ]^key[19]]^key[11]]^key[ 3]]; uint32_t Y = MDS0[Q0[Q0[Q1[i+1]^key[20]]^key[12]]^key[ 4]] ^ - MDS1[Q0[Q1[Q1[i+1]^key[21]]^key[13]]^key[ 5]] ^ - MDS2[Q1[Q0[Q0[i+1]^key[22]]^key[14]]^key[ 6]] ^ - MDS3[Q1[Q1[Q0[i+1]^key[23]]^key[15]]^key[ 7]]; + MDS1[Q0[Q1[Q1[i+1]^key[21]]^key[13]]^key[ 5]] ^ + MDS2[Q1[Q0[Q0[i+1]^key[22]]^key[14]]^key[ 6]] ^ + MDS3[Q1[Q1[Q0[i+1]^key[23]]^key[15]]^key[ 7]]; Y = rotl<8>(Y); X += Y; Y += X; @@ -215,16 +295,16 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) m_SB[768+i] = MDS3[Q1[Q1[Q0[Q1[i]^S[ 3]]^S[ 7]]^S[11]]^S[15]]; } - BOTAN_PARALLEL_FOR(size_t i = 0; i < 40; i += 2) + for(size_t i = 0; i < 40; i += 2) { uint32_t X = MDS0[Q0[Q0[Q1[Q1[i ]^key[24]]^key[16]]^key[ 8]]^key[ 0]] ^ - MDS1[Q0[Q1[Q1[Q0[i ]^key[25]]^key[17]]^key[ 9]]^key[ 1]] ^ - MDS2[Q1[Q0[Q0[Q0[i ]^key[26]]^key[18]]^key[10]]^key[ 2]] ^ - MDS3[Q1[Q1[Q0[Q1[i ]^key[27]]^key[19]]^key[11]]^key[ 3]]; + MDS1[Q0[Q1[Q1[Q0[i ]^key[25]]^key[17]]^key[ 9]]^key[ 1]] ^ + MDS2[Q1[Q0[Q0[Q0[i ]^key[26]]^key[18]]^key[10]]^key[ 2]] ^ + MDS3[Q1[Q1[Q0[Q1[i ]^key[27]]^key[19]]^key[11]]^key[ 3]]; uint32_t Y = MDS0[Q0[Q0[Q1[Q1[i+1]^key[28]]^key[20]]^key[12]]^key[ 4]] ^ - MDS1[Q0[Q1[Q1[Q0[i+1]^key[29]]^key[21]]^key[13]]^key[ 5]] ^ - MDS2[Q1[Q0[Q0[Q0[i+1]^key[30]]^key[22]]^key[14]]^key[ 6]] ^ - MDS3[Q1[Q1[Q0[Q1[i+1]^key[31]]^key[23]]^key[15]]^key[ 7]]; + MDS1[Q0[Q1[Q1[Q0[i+1]^key[29]]^key[21]]^key[13]]^key[ 5]] ^ + MDS2[Q1[Q0[Q0[Q0[i+1]^key[30]]^key[22]]^key[14]]^key[ 6]] ^ + MDS3[Q1[Q1[Q0[Q1[i+1]^key[31]]^key[23]]^key[15]]^key[ 7]]; Y = rotl<8>(Y); X += Y; Y += X; diff --git a/src/tests/data/block/twofish.vec b/src/tests/data/block/twofish.vec index 363b43839c..84b190e90c 100644 --- a/src/tests/data/block/twofish.vec +++ b/src/tests/data/block/twofish.vec @@ -3916,24 +3916,8 @@ In = 00000000000000000000000000000001 Out = 64F1DBD3C79EE69AC9E0ED5F554F4AB6 Key = 0000000000000000000000000000000000000000000000000000000000000000 -In = 80000000000000000000000000000000 -Out = 23A385F617F313DAC05BCB7EABD61807 - -Key = 0000000000000000000000000000000000000000000000000000000000000000 -In = 40000000000000000000000000000000 -Out = 35BE2B4738602A1DA3DE5C9E7E871923 - -Key = 0000000000000000000000000000000000000000000000000000000000000000 -In = 20000000000000000000000000000000 -Out = 03E8BB7A568E95BA792DCE77D5523C2B - -Key = 0000000000000000000000000000000000000000000000000000000000000000 -In = 10000000000000000000000000000000 -Out = D3ACBE92C482D2E806FD837E41DBB288 - -Key = 0000000000000000000000000000000000000000000000000000000000000000 -In = 08000000000000000000000000000000 -Out = DC3B1C37C69B4059EAADF03FCD016EB4 +In = 8000000000000000000000000000000040000000000000000000000000000000200000000000000000000000000000001000000000000000000000000000000008000000000000000000000000000000 +Out = 23A385F617F313DAC05BCB7EABD6180735BE2B4738602A1DA3DE5C9E7E87192303E8BB7A568E95BA792DCE77D5523C2BD3ACBE92C482D2E806FD837E41DBB288DC3B1C37C69B4059EAADF03FCD016EB4 Key = 0000000000000000000000000000000000000000000000000000000000000000 In = 04000000000000000000000000000000 From d1954b4702694f0d95e29fabde6c9d88b379e29c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 19:46:52 -0500 Subject: [PATCH 0198/1008] Fix encoding of subject key identifier Changed in #884 - we were copying the entire public key as the public key id. Instead hash it with whatever hash we are using to sign the certificate. --- src/lib/x509/x509_ca.cpp | 2 +- src/lib/x509/x509_ext.cpp | 41 +++++++++++++++++++++------------------ src/lib/x509/x509_ext.h | 4 ++-- src/lib/x509/x509cert.cpp | 1 + src/lib/x509/x509self.cpp | 2 +- 5 files changed, 27 insertions(+), 23 deletions(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 6820021116..6569f506b6 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -75,7 +75,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, } extensions.replace(new Cert_Extension::Authority_Key_ID(m_ca_cert.subject_key_id())); - extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); + extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key(), m_hash_fn)); extensions.replace( new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index a7e3c8f616..1b13d36e13 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -594,6 +594,9 @@ void Name_Constraints::validate(const X509_Certificate& subject, const X509_Cert if(!subject.is_CA_cert() || !subject.is_critical("X509v3.NameConstraints")) cert_status.at(pos).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR); + const bool issuer_name_constraint_critical = + issuer.is_critical("X509v3.NameConstraints"); + const bool at_self_signed_root = (pos == cert_path.size() - 1); // Check that all subordinate certs pass the name constraint @@ -609,16 +612,16 @@ void Name_Constraints::validate(const X509_Certificate& subject, const X509_Cert { switch(c.base().matches(*cert_path.at(j))) { - case GeneralName::MatchResult::NotFound: - case GeneralName::MatchResult::All: - permitted = true; - break; - case GeneralName::MatchResult::UnknownType: - failed = issuer.is_critical("X509v3.NameConstraints"); - permitted = true; - break; - default: - break; + case GeneralName::MatchResult::NotFound: + case GeneralName::MatchResult::All: + permitted = true; + break; + case GeneralName::MatchResult::UnknownType: + failed = issuer_name_constraint_critical; + permitted = true; + break; + default: + break; } } @@ -626,15 +629,15 @@ void Name_Constraints::validate(const X509_Certificate& subject, const X509_Cert { switch(c.base().matches(*cert_path.at(j))) { - case GeneralName::MatchResult::All: - case GeneralName::MatchResult::Some: - failed = true; - break; - case GeneralName::MatchResult::UnknownType: - failed = issuer.is_critical("X509v3.NameConstraints"); - break; - default: - break; + case GeneralName::MatchResult::All: + case GeneralName::MatchResult::Some: + failed = true; + break; + case GeneralName::MatchResult::UnknownType: + failed = issuer_name_constraint_critical; + break; + default: + break; } } diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 2cc0115ff3..1680bd9dd4 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -336,8 +336,6 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension public: Subject_Key_ID() = default; - explicit Subject_Key_ID(const std::vector& k) : m_key_id(k) {} - Subject_Key_ID(const std::vector& public_key, const std::string& hash_fn); @@ -350,6 +348,8 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension OID oid_of() const override { return static_oid(); } private: + explicit Subject_Key_ID(const std::vector& k) : m_key_id(k) {} + std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 6814f54c1a..74bd17811f 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -771,6 +771,7 @@ std::string X509_Certificate::to_string() const } NameConstraints name_constraints = this->name_constraints(); + if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty()) { diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index b8f8fbdc8d..ad0e9af946 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -76,7 +76,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, extensions.add(new Cert_Extension::Key_Usage(constraints), true); } - extensions.add(new Cert_Extension::Subject_Key_ID(pub_key)); + extensions.add(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn)); extensions.add( new Cert_Extension::Subject_Alternative_Name(subject_alt)); From 198cd0dda6d0944244b6166bc7aabb8d8268a683 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 16 Nov 2017 21:01:48 -0500 Subject: [PATCH 0199/1008] Prefix execution of install.py with Python binary Fixes GH #1297 This is done even on GNU make builds, since the same issue affects MinGW --- configure.py | 1 + src/build-data/makefile/gmake.in | 2 +- src/build-data/makefile/header.in | 2 ++ src/build-data/makefile/nmake.in | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/configure.py b/configure.py index 88a21a6c7d..49d2b2ce2c 100755 --- a/configure.py +++ b/configure.py @@ -2050,6 +2050,7 @@ def configure_command_line(): 'fuzzer_type': '#define BOTAN_FUZZER_IS_%s' % (options.build_fuzzers.upper()) if options.build_fuzzers else '', 'fuzzer_libs': '' if options.fuzzer_lib is None else '%s%s' % (cc.add_lib_option, options.fuzzer_lib), + 'python_exe': sys.executable, 'ar_command': cc.ar_command or osinfo.ar_command, 'ranlib_command': osinfo.ranlib_command(), 'install_cmd_exec': osinfo.install_cmd_exec, diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index 70b5345032..a943392ba6 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -79,4 +79,4 @@ docs: %{build_doc_commands} install: $(CLI) docs - $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} + $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index a63a83f3ab..6757abbade 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -2,6 +2,8 @@ CXX = %{cxx} %{cxx_abi_flags} LINKER = %{linker} +PYTHON_EXE = %{python_exe} + CXXFLAGS = %{cc_compile_flags} WARN_FLAGS = %{cc_warning_flags} SO_OBJ_FLAGS = %{shared_flags} diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index f5ecde3411..b721ffd677 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -102,4 +102,4 @@ distclean: clean $(RM) Makefile $(LIB_BASENAME).* $(CLI).* install: $(CLI) docs - $(SCRIPTS_DIR)\install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} + $(PYTHON_EXE) $(SCRIPTS_DIR)\install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} From d7c6164dc9f5b33a3de5d2c2a3570e05f8e80082 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 18 Nov 2017 16:30:00 -0500 Subject: [PATCH 0200/1008] Add feature macro for Sqlite3 being enabled in build --- src/lib/utils/sqlite3/info.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/utils/sqlite3/info.txt b/src/lib/utils/sqlite3/info.txt index 98ce5f7964..9611944323 100644 --- a/src/lib/utils/sqlite3/info.txt +++ b/src/lib/utils/sqlite3/info.txt @@ -1,3 +1,6 @@ + +SQLITE3 -> 20171118 + load_on vendor From 5f7a90fd7c3eecc83c2e17b85a7082f052954bd6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 18 Nov 2017 16:30:15 -0500 Subject: [PATCH 0201/1008] Add timings for RFC 3394 keywrap --- src/cli/speed.cpp | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 0c15b74d57..894fc3ef47 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -52,6 +52,10 @@ #include #endif +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + #include +#endif + #if defined(BOTAN_HAS_COMPRESSION) #include #endif @@ -805,6 +809,14 @@ class Speed final : public Command bench_fpe_fe1(msec); } #endif + +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + else if(algo == "rfc3394") + { + bench_rfc3394(msec); + } +#endif + #if defined(BOTAN_HAS_ECC_GROUP) else if(algo == "ecc_mult") { @@ -1225,6 +1237,34 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + + void bench_rfc3394(const std::chrono::milliseconds runtime) + { + Timer wrap_timer("RFC3394 AES-256 key wrap"); + Timer unwrap_timer("RFC3394 AES-256 key unwrap"); + + const Botan::SymmetricKey kek(rng(), 32); + Botan::secure_vector key(64, 0); + + while(wrap_timer.under(runtime)) + { + wrap_timer.start(); + key = Botan::rfc3394_keywrap(key, kek); + wrap_timer.stop(); + + unwrap_timer.start(); + key = Botan::rfc3394_keyunwrap(key, kek); + unwrap_timer.stop(); + + key[0] += 1; + } + + record_result(wrap_timer); + record_result(unwrap_timer); + } +#endif + #if defined(BOTAN_HAS_DL_GROUP) void bench_modexp(const std::chrono::milliseconds runtime) From c8f026ef5958f2e4732c406f45b9d070e98be2c0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 18 Nov 2017 16:37:02 -0500 Subject: [PATCH 0202/1008] Allow parsing and printing certificates with unknown public key algos --- src/lib/x509/x509cert.cpp | 32 ++++++++++++++++++++++++++------ src/lib/x509/x509cert.h | 5 +++++ 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 74bd17811f..ca1fe8e3c4 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -257,9 +257,16 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o // Check for self-signed vs self-issued certificates if(data->m_subject_dn == data->m_issuer_dn) { - std::unique_ptr pub_key( - X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits))); - data->m_self_signed = obj.check_signature(*pub_key); + try + { + std::unique_ptr pub_key( + X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits))); + data->m_self_signed = obj.check_signature(*pub_key); + } + catch(Decoding_Error&) + { + // ignore errors here to allow parsing to continue + } } std::unique_ptr sha1(HashFunction::create("SHA-1")); @@ -320,6 +327,11 @@ const X509_Time& X509_Certificate::not_after() const return data().m_not_after; } +const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const + { + return data().m_subject_public_key_algid; + } + const std::vector& X509_Certificate::v2_issuer_key_id() const { return data().m_v2_issuer_key_id; @@ -814,9 +826,17 @@ std::string X509_Certificate::to_string() const if(this->subject_key_id().size()) out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n"; - std::unique_ptr pubkey(this->subject_public_key()); - out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n"; - out << X509::PEM_encode(*pubkey); + try + { + std::unique_ptr pubkey(this->subject_public_key()); + out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n"; + out << X509::PEM_encode(*pubkey); + } + catch(Decoding_Error&) + { + const AlgorithmIdentifier& alg_id = this->subject_public_key_algo(); + out << "Failed to decode key with oid " << alg_id.oid.as_string() << "\n"; + } return out.str(); } diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index c9cf8bb7b6..3b35c65756 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -69,6 +69,11 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ const std::vector& subject_public_key_bits() const; + /** + * Return the algorithm identifier of the public key + */ + const AlgorithmIdentifier& subject_public_key_algo() const; + /** * Get the bit string of the public key associated with this certificate * @return public key bits From f926f14095873df0a59aea5c398b7519a196b316 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 18 Nov 2017 17:03:06 -0500 Subject: [PATCH 0203/1008] Add a function for checking if poly_double_n supports a particular size --- src/lib/mac/cmac/cmac.cpp | 3 +-- src/lib/modes/xts/xts.cpp | 5 +---- src/lib/utils/poly_dbl/poly_dbl.h | 8 ++++++++ 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/lib/mac/cmac/cmac.cpp b/src/lib/mac/cmac/cmac.cpp index 18f7c151c0..bd2a53a721 100644 --- a/src/lib/mac/cmac/cmac.cpp +++ b/src/lib/mac/cmac/cmac.cpp @@ -121,8 +121,7 @@ CMAC::CMAC(BlockCipher* cipher) : m_cipher(cipher), m_block_size(m_cipher->block_size()) { - if(m_block_size != 8 && m_block_size != 16 && - m_block_size != 32 && m_block_size != 64) + if(poly_double_supported_size(m_block_size) == false) { throw Invalid_Argument("CMAC cannot use the " + std::to_string(m_block_size * 8) + diff --git a/src/lib/modes/xts/xts.cpp b/src/lib/modes/xts/xts.cpp index 496b71c5fb..0b10faa920 100644 --- a/src/lib/modes/xts/xts.cpp +++ b/src/lib/modes/xts/xts.cpp @@ -13,10 +13,7 @@ namespace Botan { XTS_Mode::XTS_Mode(BlockCipher* cipher) : m_cipher(cipher) { - if(m_cipher->block_size() != 8 && - m_cipher->block_size() != 16 && - m_cipher->block_size() != 32 && - m_cipher->block_size() != 64) + if(poly_double_supported_size(m_cipher->block_size()) == false) { throw Invalid_Argument("Cannot use " + cipher->name() + " with XTS"); } diff --git a/src/lib/utils/poly_dbl/poly_dbl.h b/src/lib/utils/poly_dbl/poly_dbl.h index 10c85c5679..8f9c0d3aa1 100644 --- a/src/lib/utils/poly_dbl/poly_dbl.h +++ b/src/lib/utils/poly_dbl/poly_dbl.h @@ -16,6 +16,14 @@ namespace Botan { */ void BOTAN_PUBLIC_API(2,3) poly_double_n(uint8_t out[], const uint8_t in[], size_t n); +/** +* Returns true iff poly_double_n is implemented for this size. +*/ +inline bool poly_double_supported_size(size_t n) + { + return (n == 8 || n == 16 || n == 24 || n == 32 || n == 64); + } + inline void poly_double_n(uint8_t buf[], size_t n) { return poly_double_n(buf, buf, n); From bfa63529991ab239c9ac2b008c0e89f23782693e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 18 Nov 2017 22:08:24 -0500 Subject: [PATCH 0204/1008] Constify variables in AES-NI code --- src/lib/block/aes/aes_ni/aes_ni.cpp | 208 ++++++++++++++-------------- 1 file changed, 104 insertions(+), 104 deletions(-) diff --git a/src/lib/block/aes/aes_ni/aes_ni.cpp b/src/lib/block/aes/aes_ni/aes_ni.cpp index 65c1dc3006..9f1ba8fcc2 100644 --- a/src/lib/block/aes/aes_ni/aes_ni.cpp +++ b/src/lib/block/aes/aes_ni/aes_ni.cpp @@ -116,17 +116,17 @@ void AES_128::aesni_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const __m128i* key_mm = reinterpret_cast(m_EK.data()); - __m128i K0 = _mm_loadu_si128(key_mm); - __m128i K1 = _mm_loadu_si128(key_mm + 1); - __m128i K2 = _mm_loadu_si128(key_mm + 2); - __m128i K3 = _mm_loadu_si128(key_mm + 3); - __m128i K4 = _mm_loadu_si128(key_mm + 4); - __m128i K5 = _mm_loadu_si128(key_mm + 5); - __m128i K6 = _mm_loadu_si128(key_mm + 6); - __m128i K7 = _mm_loadu_si128(key_mm + 7); - __m128i K8 = _mm_loadu_si128(key_mm + 8); - __m128i K9 = _mm_loadu_si128(key_mm + 9); - __m128i K10 = _mm_loadu_si128(key_mm + 10); + const __m128i K0 = _mm_loadu_si128(key_mm); + const __m128i K1 = _mm_loadu_si128(key_mm + 1); + const __m128i K2 = _mm_loadu_si128(key_mm + 2); + const __m128i K3 = _mm_loadu_si128(key_mm + 3); + const __m128i K4 = _mm_loadu_si128(key_mm + 4); + const __m128i K5 = _mm_loadu_si128(key_mm + 5); + const __m128i K6 = _mm_loadu_si128(key_mm + 6); + const __m128i K7 = _mm_loadu_si128(key_mm + 7); + const __m128i K8 = _mm_loadu_si128(key_mm + 8); + const __m128i K9 = _mm_loadu_si128(key_mm + 9); + const __m128i K10 = _mm_loadu_si128(key_mm + 10); while(blocks >= 4) { @@ -195,17 +195,17 @@ void AES_128::aesni_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const __m128i* key_mm = reinterpret_cast(m_DK.data()); - __m128i K0 = _mm_loadu_si128(key_mm); - __m128i K1 = _mm_loadu_si128(key_mm + 1); - __m128i K2 = _mm_loadu_si128(key_mm + 2); - __m128i K3 = _mm_loadu_si128(key_mm + 3); - __m128i K4 = _mm_loadu_si128(key_mm + 4); - __m128i K5 = _mm_loadu_si128(key_mm + 5); - __m128i K6 = _mm_loadu_si128(key_mm + 6); - __m128i K7 = _mm_loadu_si128(key_mm + 7); - __m128i K8 = _mm_loadu_si128(key_mm + 8); - __m128i K9 = _mm_loadu_si128(key_mm + 9); - __m128i K10 = _mm_loadu_si128(key_mm + 10); + const __m128i K0 = _mm_loadu_si128(key_mm); + const __m128i K1 = _mm_loadu_si128(key_mm + 1); + const __m128i K2 = _mm_loadu_si128(key_mm + 2); + const __m128i K3 = _mm_loadu_si128(key_mm + 3); + const __m128i K4 = _mm_loadu_si128(key_mm + 4); + const __m128i K5 = _mm_loadu_si128(key_mm + 5); + const __m128i K6 = _mm_loadu_si128(key_mm + 6); + const __m128i K7 = _mm_loadu_si128(key_mm + 7); + const __m128i K8 = _mm_loadu_si128(key_mm + 8); + const __m128i K9 = _mm_loadu_si128(key_mm + 9); + const __m128i K10 = _mm_loadu_si128(key_mm + 10); while(blocks >= 4) { @@ -273,17 +273,17 @@ void AES_128::aesni_key_schedule(const uint8_t key[], size_t) #define AES_128_key_exp(K, RCON) \ aes_128_key_expansion(K, _mm_aeskeygenassist_si128(K, RCON)) - __m128i K0 = _mm_loadu_si128(reinterpret_cast(key)); - __m128i K1 = AES_128_key_exp(K0, 0x01); - __m128i K2 = AES_128_key_exp(K1, 0x02); - __m128i K3 = AES_128_key_exp(K2, 0x04); - __m128i K4 = AES_128_key_exp(K3, 0x08); - __m128i K5 = AES_128_key_exp(K4, 0x10); - __m128i K6 = AES_128_key_exp(K5, 0x20); - __m128i K7 = AES_128_key_exp(K6, 0x40); - __m128i K8 = AES_128_key_exp(K7, 0x80); - __m128i K9 = AES_128_key_exp(K8, 0x1B); - __m128i K10 = AES_128_key_exp(K9, 0x36); + const __m128i K0 = _mm_loadu_si128(reinterpret_cast(key)); + const __m128i K1 = AES_128_key_exp(K0, 0x01); + const __m128i K2 = AES_128_key_exp(K1, 0x02); + const __m128i K3 = AES_128_key_exp(K2, 0x04); + const __m128i K4 = AES_128_key_exp(K3, 0x08); + const __m128i K5 = AES_128_key_exp(K4, 0x10); + const __m128i K6 = AES_128_key_exp(K5, 0x20); + const __m128i K7 = AES_128_key_exp(K6, 0x40); + const __m128i K8 = AES_128_key_exp(K7, 0x80); + const __m128i K9 = AES_128_key_exp(K8, 0x1B); + const __m128i K10 = AES_128_key_exp(K9, 0x36); __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); _mm_storeu_si128(EK_mm , K0); @@ -327,19 +327,19 @@ void AES_192::aesni_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const __m128i* key_mm = reinterpret_cast(m_EK.data()); - __m128i K0 = _mm_loadu_si128(key_mm); - __m128i K1 = _mm_loadu_si128(key_mm + 1); - __m128i K2 = _mm_loadu_si128(key_mm + 2); - __m128i K3 = _mm_loadu_si128(key_mm + 3); - __m128i K4 = _mm_loadu_si128(key_mm + 4); - __m128i K5 = _mm_loadu_si128(key_mm + 5); - __m128i K6 = _mm_loadu_si128(key_mm + 6); - __m128i K7 = _mm_loadu_si128(key_mm + 7); - __m128i K8 = _mm_loadu_si128(key_mm + 8); - __m128i K9 = _mm_loadu_si128(key_mm + 9); - __m128i K10 = _mm_loadu_si128(key_mm + 10); - __m128i K11 = _mm_loadu_si128(key_mm + 11); - __m128i K12 = _mm_loadu_si128(key_mm + 12); + const __m128i K0 = _mm_loadu_si128(key_mm); + const __m128i K1 = _mm_loadu_si128(key_mm + 1); + const __m128i K2 = _mm_loadu_si128(key_mm + 2); + const __m128i K3 = _mm_loadu_si128(key_mm + 3); + const __m128i K4 = _mm_loadu_si128(key_mm + 4); + const __m128i K5 = _mm_loadu_si128(key_mm + 5); + const __m128i K6 = _mm_loadu_si128(key_mm + 6); + const __m128i K7 = _mm_loadu_si128(key_mm + 7); + const __m128i K8 = _mm_loadu_si128(key_mm + 8); + const __m128i K9 = _mm_loadu_si128(key_mm + 9); + const __m128i K10 = _mm_loadu_si128(key_mm + 10); + const __m128i K11 = _mm_loadu_si128(key_mm + 11); + const __m128i K12 = _mm_loadu_si128(key_mm + 12); while(blocks >= 4) { @@ -412,19 +412,19 @@ void AES_192::aesni_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const __m128i* key_mm = reinterpret_cast(m_DK.data()); - __m128i K0 = _mm_loadu_si128(key_mm); - __m128i K1 = _mm_loadu_si128(key_mm + 1); - __m128i K2 = _mm_loadu_si128(key_mm + 2); - __m128i K3 = _mm_loadu_si128(key_mm + 3); - __m128i K4 = _mm_loadu_si128(key_mm + 4); - __m128i K5 = _mm_loadu_si128(key_mm + 5); - __m128i K6 = _mm_loadu_si128(key_mm + 6); - __m128i K7 = _mm_loadu_si128(key_mm + 7); - __m128i K8 = _mm_loadu_si128(key_mm + 8); - __m128i K9 = _mm_loadu_si128(key_mm + 9); - __m128i K10 = _mm_loadu_si128(key_mm + 10); - __m128i K11 = _mm_loadu_si128(key_mm + 11); - __m128i K12 = _mm_loadu_si128(key_mm + 12); + const __m128i K0 = _mm_loadu_si128(key_mm); + const __m128i K1 = _mm_loadu_si128(key_mm + 1); + const __m128i K2 = _mm_loadu_si128(key_mm + 2); + const __m128i K3 = _mm_loadu_si128(key_mm + 3); + const __m128i K4 = _mm_loadu_si128(key_mm + 4); + const __m128i K5 = _mm_loadu_si128(key_mm + 5); + const __m128i K6 = _mm_loadu_si128(key_mm + 6); + const __m128i K7 = _mm_loadu_si128(key_mm + 7); + const __m128i K8 = _mm_loadu_si128(key_mm + 8); + const __m128i K9 = _mm_loadu_si128(key_mm + 9); + const __m128i K10 = _mm_loadu_si128(key_mm + 10); + const __m128i K11 = _mm_loadu_si128(key_mm + 11); + const __m128i K12 = _mm_loadu_si128(key_mm + 12); while(blocks >= 4) { @@ -547,21 +547,21 @@ void AES_256::aesni_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const __m128i* key_mm = reinterpret_cast(m_EK.data()); - __m128i K0 = _mm_loadu_si128(key_mm); - __m128i K1 = _mm_loadu_si128(key_mm + 1); - __m128i K2 = _mm_loadu_si128(key_mm + 2); - __m128i K3 = _mm_loadu_si128(key_mm + 3); - __m128i K4 = _mm_loadu_si128(key_mm + 4); - __m128i K5 = _mm_loadu_si128(key_mm + 5); - __m128i K6 = _mm_loadu_si128(key_mm + 6); - __m128i K7 = _mm_loadu_si128(key_mm + 7); - __m128i K8 = _mm_loadu_si128(key_mm + 8); - __m128i K9 = _mm_loadu_si128(key_mm + 9); - __m128i K10 = _mm_loadu_si128(key_mm + 10); - __m128i K11 = _mm_loadu_si128(key_mm + 11); - __m128i K12 = _mm_loadu_si128(key_mm + 12); - __m128i K13 = _mm_loadu_si128(key_mm + 13); - __m128i K14 = _mm_loadu_si128(key_mm + 14); + const __m128i K0 = _mm_loadu_si128(key_mm); + const __m128i K1 = _mm_loadu_si128(key_mm + 1); + const __m128i K2 = _mm_loadu_si128(key_mm + 2); + const __m128i K3 = _mm_loadu_si128(key_mm + 3); + const __m128i K4 = _mm_loadu_si128(key_mm + 4); + const __m128i K5 = _mm_loadu_si128(key_mm + 5); + const __m128i K6 = _mm_loadu_si128(key_mm + 6); + const __m128i K7 = _mm_loadu_si128(key_mm + 7); + const __m128i K8 = _mm_loadu_si128(key_mm + 8); + const __m128i K9 = _mm_loadu_si128(key_mm + 9); + const __m128i K10 = _mm_loadu_si128(key_mm + 10); + const __m128i K11 = _mm_loadu_si128(key_mm + 11); + const __m128i K12 = _mm_loadu_si128(key_mm + 12); + const __m128i K13 = _mm_loadu_si128(key_mm + 13); + const __m128i K14 = _mm_loadu_si128(key_mm + 14); while(blocks >= 4) { @@ -638,21 +638,21 @@ void AES_256::aesni_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const __m128i* key_mm = reinterpret_cast(m_DK.data()); - __m128i K0 = _mm_loadu_si128(key_mm); - __m128i K1 = _mm_loadu_si128(key_mm + 1); - __m128i K2 = _mm_loadu_si128(key_mm + 2); - __m128i K3 = _mm_loadu_si128(key_mm + 3); - __m128i K4 = _mm_loadu_si128(key_mm + 4); - __m128i K5 = _mm_loadu_si128(key_mm + 5); - __m128i K6 = _mm_loadu_si128(key_mm + 6); - __m128i K7 = _mm_loadu_si128(key_mm + 7); - __m128i K8 = _mm_loadu_si128(key_mm + 8); - __m128i K9 = _mm_loadu_si128(key_mm + 9); - __m128i K10 = _mm_loadu_si128(key_mm + 10); - __m128i K11 = _mm_loadu_si128(key_mm + 11); - __m128i K12 = _mm_loadu_si128(key_mm + 12); - __m128i K13 = _mm_loadu_si128(key_mm + 13); - __m128i K14 = _mm_loadu_si128(key_mm + 14); + const __m128i K0 = _mm_loadu_si128(key_mm); + const __m128i K1 = _mm_loadu_si128(key_mm + 1); + const __m128i K2 = _mm_loadu_si128(key_mm + 2); + const __m128i K3 = _mm_loadu_si128(key_mm + 3); + const __m128i K4 = _mm_loadu_si128(key_mm + 4); + const __m128i K5 = _mm_loadu_si128(key_mm + 5); + const __m128i K6 = _mm_loadu_si128(key_mm + 6); + const __m128i K7 = _mm_loadu_si128(key_mm + 7); + const __m128i K8 = _mm_loadu_si128(key_mm + 8); + const __m128i K9 = _mm_loadu_si128(key_mm + 9); + const __m128i K10 = _mm_loadu_si128(key_mm + 10); + const __m128i K11 = _mm_loadu_si128(key_mm + 11); + const __m128i K12 = _mm_loadu_si128(key_mm + 12); + const __m128i K13 = _mm_loadu_si128(key_mm + 13); + const __m128i K14 = _mm_loadu_si128(key_mm + 14); while(blocks >= 4) { @@ -725,28 +725,28 @@ void AES_256::aesni_key_schedule(const uint8_t key[], size_t) m_EK.resize(60); m_DK.resize(60); - __m128i K0 = _mm_loadu_si128(reinterpret_cast(key)); - __m128i K1 = _mm_loadu_si128(reinterpret_cast(key + 16)); + const __m128i K0 = _mm_loadu_si128(reinterpret_cast(key)); + const __m128i K1 = _mm_loadu_si128(reinterpret_cast(key + 16)); - __m128i K2 = aes_128_key_expansion(K0, _mm_aeskeygenassist_si128(K1, 0x01)); - __m128i K3 = aes_256_key_expansion(K1, K2); + const __m128i K2 = aes_128_key_expansion(K0, _mm_aeskeygenassist_si128(K1, 0x01)); + const __m128i K3 = aes_256_key_expansion(K1, K2); - __m128i K4 = aes_128_key_expansion(K2, _mm_aeskeygenassist_si128(K3, 0x02)); - __m128i K5 = aes_256_key_expansion(K3, K4); + const __m128i K4 = aes_128_key_expansion(K2, _mm_aeskeygenassist_si128(K3, 0x02)); + const __m128i K5 = aes_256_key_expansion(K3, K4); - __m128i K6 = aes_128_key_expansion(K4, _mm_aeskeygenassist_si128(K5, 0x04)); - __m128i K7 = aes_256_key_expansion(K5, K6); + const __m128i K6 = aes_128_key_expansion(K4, _mm_aeskeygenassist_si128(K5, 0x04)); + const __m128i K7 = aes_256_key_expansion(K5, K6); - __m128i K8 = aes_128_key_expansion(K6, _mm_aeskeygenassist_si128(K7, 0x08)); - __m128i K9 = aes_256_key_expansion(K7, K8); + const __m128i K8 = aes_128_key_expansion(K6, _mm_aeskeygenassist_si128(K7, 0x08)); + const __m128i K9 = aes_256_key_expansion(K7, K8); - __m128i K10 = aes_128_key_expansion(K8, _mm_aeskeygenassist_si128(K9, 0x10)); - __m128i K11 = aes_256_key_expansion(K9, K10); + const __m128i K10 = aes_128_key_expansion(K8, _mm_aeskeygenassist_si128(K9, 0x10)); + const __m128i K11 = aes_256_key_expansion(K9, K10); - __m128i K12 = aes_128_key_expansion(K10, _mm_aeskeygenassist_si128(K11, 0x20)); - __m128i K13 = aes_256_key_expansion(K11, K12); + const __m128i K12 = aes_128_key_expansion(K10, _mm_aeskeygenassist_si128(K11, 0x20)); + const __m128i K13 = aes_256_key_expansion(K11, K12); - __m128i K14 = aes_128_key_expansion(K12, _mm_aeskeygenassist_si128(K13, 0x40)); + const __m128i K14 = aes_128_key_expansion(K12, _mm_aeskeygenassist_si128(K13, 0x40)); __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); _mm_storeu_si128(EK_mm , K0); From 148f43b60917d5c6b8d0ad1204cd51e1841a2855 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 19 Nov 2017 00:07:55 -0500 Subject: [PATCH 0205/1008] Avoid OCSPing on the Let's Encrypt CA cert Their issuing CA seems to have some performance problems with OCSP (https://github.com/letsencrypt/boulder/issues/1929) and it's currently causing timeouts in the tests. --- src/tests/test_ocsp.cpp | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 1d64018ccf..ef4c5634b8 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -198,18 +198,14 @@ class OCSP_Tests final : public Test typedef std::chrono::system_clock Clock; const auto ocspTimeout = std::chrono::milliseconds(3000); - auto ocsp_status = Botan::PKIX::check_ocsp_online(cert_path, { &certstore }, Clock::now(), ocspTimeout, true); + auto ocsp_status = Botan::PKIX::check_ocsp_online(cert_path, { &certstore }, Clock::now(), ocspTimeout, false); - if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 2)) + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1)) { if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) { result.confirm("Status expired", ocsp_status[0].count(Botan::Certificate_Status_Code::OCSP_HAS_EXPIRED)); } - if(result.test_eq("Expected size of ocsp_status[1]", ocsp_status[1].size(), 1)) - { - result.confirm("Status good", ocsp_status[1].count(Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD)); - } } return result; From fea9c14d9696615f9d1cf52e0bb578c8a54c2c6a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 19 Nov 2017 13:11:17 -0500 Subject: [PATCH 0206/1008] Add AES key wrap with padding --- news.rst | 3 + src/lib/misc/nist_keywrap/info.txt | 3 + src/lib/misc/nist_keywrap/nist_keywrap.cpp | 209 +++++++ src/lib/misc/nist_keywrap/nist_keywrap.h | 67 +++ src/lib/misc/rfc3394/info.txt | 1 + src/lib/misc/rfc3394/rfc3394.cpp | 76 +-- src/lib/misc/rfc3394/rfc3394.h | 8 +- src/tests/data/keywrap/nist_key_wrap.vec | 550 ++++++++++++++++++ .../data/keywrap/nist_key_wrap_invalid.vec | 36 ++ src/tests/data/{ => keywrap}/rfc3394.vec | 0 src/tests/test_keywrap.cpp | 130 ++++- 11 files changed, 1008 insertions(+), 75 deletions(-) create mode 100644 src/lib/misc/nist_keywrap/info.txt create mode 100644 src/lib/misc/nist_keywrap/nist_keywrap.cpp create mode 100644 src/lib/misc/nist_keywrap/nist_keywrap.h create mode 100644 src/tests/data/keywrap/nist_key_wrap.vec create mode 100644 src/tests/data/keywrap/nist_key_wrap_invalid.vec rename src/tests/data/{ => keywrap}/rfc3394.vec (100%) diff --git a/news.rst b/news.rst index 8be2b3476a..945556855d 100644 --- a/news.rst +++ b/news.rst @@ -13,6 +13,9 @@ Version 2.4.0, Not Yet Released * Add support for verifying X.509 objects (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270) +* Add support for AES key wrapping with padding, as specified in RFC 5649 + and NIST SP 800-38F + * Optimize GCM mode on systems both with and without carryless multiply support. This includes a new base case implementation (still constant time), a new SSSE3 implementation for systems with diff --git a/src/lib/misc/nist_keywrap/info.txt b/src/lib/misc/nist_keywrap/info.txt new file mode 100644 index 0000000000..3fb3639f08 --- /dev/null +++ b/src/lib/misc/nist_keywrap/info.txt @@ -0,0 +1,3 @@ + +NIST_KEYWRAP -> 20171119 + diff --git a/src/lib/misc/nist_keywrap/nist_keywrap.cpp b/src/lib/misc/nist_keywrap/nist_keywrap.cpp new file mode 100644 index 0000000000..c349f97aa0 --- /dev/null +++ b/src/lib/misc/nist_keywrap/nist_keywrap.cpp @@ -0,0 +1,209 @@ +/* +* (C) 2011,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include + +namespace Botan { + +namespace { + +std::vector +raw_nist_key_wrap(const uint8_t input[], + size_t input_len, + const BlockCipher& bc, + uint64_t ICV) + { + const size_t n = (input_len + 7) / 8; + + secure_vector R((n + 1) * 8); + secure_vector A(16); + + store_be(ICV, A.data()); + + copy_mem(&R[8], input, input_len); + + for(size_t j = 0; j <= 5; ++j) + { + for(size_t i = 1; i <= n; ++i) + { + const uint32_t t = static_cast((n * j) + i); + + copy_mem(&A[8], &R[8*i], 8); + + bc.encrypt(A.data()); + copy_mem(&R[8*i], &A[8], 8); + + uint8_t t_buf[4] = { 0 }; + store_be(t, t_buf); + xor_buf(&A[4], t_buf, 4); + } + } + + copy_mem(R.data(), A.data(), 8); + + return std::vector(R.begin(), R.end()); + } + +secure_vector +raw_nist_key_unwrap(const uint8_t input[], + size_t input_len, + const BlockCipher& bc, + uint64_t& ICV_out) + { + if(input_len < 16 || input_len % 8 != 0) + throw Invalid_Argument("Bad input size for NIST key unwrap"); + + const size_t n = (input_len - 8) / 8; + + secure_vector R(n * 8); + secure_vector A(16); + + for(size_t i = 0; i != 8; ++i) + A[i] = input[i]; + + copy_mem(R.data(), input + 8, input_len - 8); + + for(size_t j = 0; j <= 5; ++j) + { + for(size_t i = n; i != 0; --i) + { + const uint32_t t = static_cast((5 - j) * n + i); + + uint8_t t_buf[4] = { 0 }; + store_be(t, t_buf); + + xor_buf(&A[4], t_buf, 4); + + copy_mem(&A[8], &R[8*(i-1)], 8); + + bc.decrypt(A.data()); + + copy_mem(&R[8*(i-1)], &A[8], 8); + } + } + + ICV_out = load_be(A.data(), 0); + + return R; + } + +} + +std::vector +nist_key_wrap(const uint8_t input[], + size_t input_len, + const BlockCipher& bc) + { + if(bc.block_size() != 16) + throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher"); + + if(input_len % 8 != 0) + throw Invalid_Argument("Bad input size for NIST key wrap"); + + return raw_nist_key_wrap(input, input_len, bc, 0xA6A6A6A6A6A6A6A6); + } + +secure_vector +nist_key_unwrap(const uint8_t input[], + size_t input_len, + const BlockCipher& bc) + { + if(bc.block_size() != 16) + throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher"); + + if(input_len < 16 || input_len % 8 != 0) + throw Invalid_Argument("Bad input size for NIST key unwrap"); + + uint64_t ICV_out = 0; + + secure_vector R = raw_nist_key_unwrap(input, input_len, bc, ICV_out); + + if(ICV_out != 0xA6A6A6A6A6A6A6A6) + throw Integrity_Failure("NIST key unwrap failed"); + + return R; + } + +std::vector +nist_key_wrap_padded(const uint8_t input[], + size_t input_len, + const BlockCipher& bc) + { + if(bc.block_size() != 16) + throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher"); + + const uint64_t ICV = 0xA65959A600000000 | static_cast(input_len); + + if(input_len <= 8) + { + /* + * Special case for small inputs: if input <= 8 bytes just use ECB + */ + std::vector block(16); + store_be(ICV, block.data()); + copy_mem(block.data() + 8, input, input_len); + bc.encrypt(block); + return block; + } + else + { + return raw_nist_key_wrap(input, input_len, bc, ICV); + } + } + +secure_vector +nist_key_unwrap_padded(const uint8_t input[], + size_t input_len, + const BlockCipher& bc) + { + if(bc.block_size() != 16) + throw Invalid_Argument("NIST key wrap algorithm requires a 128-bit cipher"); + + if(input_len < 16 || input_len % 8 != 0) + throw Invalid_Argument("Bad input size for NIST key unwrap"); + + uint64_t ICV_out = 0; + secure_vector R; + + if(input_len == 16) + { + secure_vector block(input, input + input_len); + bc.decrypt(block); + + ICV_out = load_be(block.data(), 0); + R.resize(8); + copy_mem(R.data(), block.data() + 8, 8); + } + else + { + R = raw_nist_key_unwrap(input, input_len, bc, ICV_out); + } + + if((ICV_out >> 32) != 0xA65959A6) + throw Integrity_Failure("NIST key unwrap failed"); + + const size_t len = (ICV_out & 0xFFFFFFFF); + + if(len > R.size() || len < R.size() - 8) + throw Integrity_Failure("NIST key unwrap failed"); + + const size_t padding = R.size() - len; + + for(size_t i = 0; i != padding; ++i) + { + if(R[R.size() - i - 1] != 0) + throw Integrity_Failure("NIST key unwrap failed"); + } + + R.resize(R.size() - padding); + + return R; + } + +} diff --git a/src/lib/misc/nist_keywrap/nist_keywrap.h b/src/lib/misc/nist_keywrap/nist_keywrap.h new file mode 100644 index 0000000000..022b4016f5 --- /dev/null +++ b/src/lib/misc/nist_keywrap/nist_keywrap.h @@ -0,0 +1,67 @@ +/* +* (C) 2011,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_NIST_KEY_WRAP_H_ +#define BOTAN_NIST_KEY_WRAP_H_ + +#include + +namespace Botan { + +class BlockCipher; + +/** +* Key wrap. See RFC 3394 and NIST SP800-38F +* @param input the value to be encrypted +* @param input_len length of input, must be a multiple of 8 +* @param bc a keyed 128-bit block cipher that will be used to encrypt input +* @return input encrypted under NIST key wrap algorithm +*/ +std::vector BOTAN_PUBLIC_API(2,4) +nist_key_wrap(const uint8_t input[], + size_t input_len, + const BlockCipher& bc); + +/** +* @param input the value to be decrypted, output of nist_key_wrap +* @param input_len length of input +* @param bc a keyed 128-bit block cipher that will be used to decrypt input +* @return input decrypted under NIST key wrap algorithm +* Throws an exception if decryption fails. +*/ +secure_vector BOTAN_PUBLIC_API(2,4) +nist_key_unwrap(const uint8_t input[], + size_t input_len, + const BlockCipher& bc); + +/** +* KWP (key wrap with padding). See RFC 5649 and NIST SP800-38F +* @param input the value to be encrypted +* @param input_len length of input +* @param bc a keyed 128-bit block cipher that will be used to encrypt input +* @return input encrypted under NIST key wrap algorithm +*/ +std::vector BOTAN_PUBLIC_API(2,4) +nist_key_wrap_padded(const uint8_t input[], + size_t input_len, + const BlockCipher& bc); + +/** +* @param input the value to be decrypted, output of nist_key_wrap +* @param input_len length of input +* @param bc a keyed 128-bit block cipher that will be used to decrypt input +* @return input decrypted under NIST key wrap algorithm +* Throws an exception if decryption fails. +*/ +secure_vector BOTAN_PUBLIC_API(2,4) +nist_key_unwrap_padded(const uint8_t input[], + size_t input_len, + const BlockCipher& bc); + + +} + +#endif diff --git a/src/lib/misc/rfc3394/info.txt b/src/lib/misc/rfc3394/info.txt index ac56ee8332..075834219a 100644 --- a/src/lib/misc/rfc3394/info.txt +++ b/src/lib/misc/rfc3394/info.txt @@ -4,4 +4,5 @@ RFC3394_KEYWRAP -> 20131128 aes +nist_keywrap diff --git a/src/lib/misc/rfc3394/rfc3394.cpp b/src/lib/misc/rfc3394/rfc3394.cpp index 3bb7927231..8e69933c71 100644 --- a/src/lib/misc/rfc3394/rfc3394.cpp +++ b/src/lib/misc/rfc3394/rfc3394.cpp @@ -6,18 +6,14 @@ */ #include +#include #include -#include -#include namespace Botan { secure_vector rfc3394_keywrap(const secure_vector& key, - const SymmetricKey& kek) + const SymmetricKey& kek) { - if(key.size() % 8 != 0) - throw Invalid_Argument("Bad input key size for NIST key wrap"); - if(kek.size() != 16 && kek.size() != 24 && kek.size() != 32) throw Invalid_Argument("Bad KEK length " + std::to_string(kek.size()) + " for NIST key wrap"); @@ -25,40 +21,12 @@ secure_vector rfc3394_keywrap(const secure_vector& key, std::unique_ptr aes(BlockCipher::create_or_throw(cipher_name)); aes->set_key(kek); - const size_t n = key.size() / 8; - - secure_vector R((n + 1) * 8); - secure_vector A(16); - - for(size_t i = 0; i != 8; ++i) - A[i] = 0xA6; - - copy_mem(&R[8], key.data(), key.size()); - - for(size_t j = 0; j <= 5; ++j) - { - for(size_t i = 1; i <= n; ++i) - { - const uint32_t t = static_cast((n * j) + i); - - copy_mem(&A[8], &R[8*i], 8); - - aes->encrypt(A.data()); - copy_mem(&R[8*i], &A[8], 8); - - uint8_t t_buf[4] = { 0 }; - store_be(t, t_buf); - xor_buf(&A[4], t_buf, 4); - } - } - - copy_mem(R.data(), A.data(), 8); - - return R; + std::vector wrapped = nist_key_wrap(key.data(), key.size(), *aes); + return secure_vector(wrapped.begin(), wrapped.end()); } secure_vector rfc3394_keyunwrap(const secure_vector& key, - const SymmetricKey& kek) + const SymmetricKey& kek) { if(key.size() < 16 || key.size() % 8 != 0) throw Invalid_Argument("Bad input key size for NIST key unwrap"); @@ -70,39 +38,7 @@ secure_vector rfc3394_keyunwrap(const secure_vector& key, std::unique_ptr aes(BlockCipher::create_or_throw(cipher_name)); aes->set_key(kek); - const size_t n = (key.size() - 8) / 8; - - secure_vector R(n * 8); - secure_vector A(16); - - for(size_t i = 0; i != 8; ++i) - A[i] = key[i]; - - copy_mem(R.data(), &key[8], key.size() - 8); - - for(size_t j = 0; j <= 5; ++j) - { - for(size_t i = n; i != 0; --i) - { - const uint32_t t = static_cast((5 - j) * n + i); - - uint8_t t_buf[4] = { 0 }; - store_be(t, t_buf); - - xor_buf(&A[4], t_buf, 4); - - copy_mem(&A[8], &R[8*(i-1)], 8); - - aes->decrypt(A.data()); - - copy_mem(&R[8*(i-1)], &A[8], 8); - } - } - - if(load_be(A.data(), 0) != 0xA6A6A6A6A6A6A6A6) - throw Integrity_Failure("NIST key unwrap failed"); - - return R; + return nist_key_unwrap(key.data(), key.size(), *aes); } } diff --git a/src/lib/misc/rfc3394/rfc3394.h b/src/lib/misc/rfc3394/rfc3394.h index 77e602fdac..9cfcfaaf6d 100644 --- a/src/lib/misc/rfc3394/rfc3394.h +++ b/src/lib/misc/rfc3394/rfc3394.h @@ -5,8 +5,8 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_AES_KEY_WRAP_H_ -#define BOTAN_AES_KEY_WRAP_H_ +#ifndef BOTAN_RFC3394_H_ +#define BOTAN_RFC3394_H_ #include @@ -21,7 +21,7 @@ namespace Botan { * @return key encrypted under kek */ secure_vector BOTAN_PUBLIC_API(2,0) rfc3394_keywrap(const secure_vector& key, - const SymmetricKey& kek); + const SymmetricKey& kek); /** * Decrypt a key under a key encryption key using the algorithm @@ -32,7 +32,7 @@ secure_vector BOTAN_PUBLIC_API(2,0) rfc3394_keywrap(const secure_vector * @return key decrypted under kek */ secure_vector BOTAN_PUBLIC_API(2,0) rfc3394_keyunwrap(const secure_vector& key, - const SymmetricKey& kek); + const SymmetricKey& kek); } diff --git a/src/tests/data/keywrap/nist_key_wrap.vec b/src/tests/data/keywrap/nist_key_wrap.vec new file mode 100644 index 0000000000..5846ce0e9d --- /dev/null +++ b/src/tests/data/keywrap/nist_key_wrap.vec @@ -0,0 +1,550 @@ + +[KW] + +Input = 00112233445566778899AABBCCDDEEFF +Key = 000102030405060708090A0B0C0D0E0F +Output = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 + +Input = 00112233445566778899AABBCCDDEEFF +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Output = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D + +Input = 00112233445566778899AABBCCDDEEFF +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Output = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 + +Input = 00112233445566778899AABBCCDDEEFF0001020304050607 +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Output = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 + +Input = 00112233445566778899AABBCCDDEEFF0001020304050607 +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Output = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 + +Input = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Output = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 + +[KWP] + +# From RFC 5649 + +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Input = c37b7e6492584340bed12207808941155068f738 +Output = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a + +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Input = 466f7250617369 +Output = afbeb0f07dfbf5419200f2ccb50bb24f + +# Following values generated by OpenSSL + +Key = 00000000000000000000000000000000 +Input = 00 +Output = A9D2D4394815D53F2799ABD7E51D2C8B + +Key = 00000000000000000000000000000000 +Input = 0001 +Output = 36D0CA197F638BF478D022C7E543B699 + +Key = 00000000000000000000000000000000 +Input = 000102 +Output = DAB4EE2853E1C44C5E553E644143902B + +Key = 00000000000000000000000000000000 +Input = 00010203 +Output = 446C037F831092B147C372616357BF7D + +Key = 00000000000000000000000000000000 +Input = 0001020304 +Output = 9ED0AF6457B82E0DDADBD2240A303D74 + +Key = 00000000000000000000000000000000 +Input = 000102030405 +Output = D863A8CE0DF301A564945259B4F74E7D + +Key = 00000000000000000000000000000000 +Input = 00010203040506 +Output = E8387E5456242B0C30BE77FC1FF0C1FD + +Key = 00000000000000000000000000000000 +Input = 0001020304050607 +Output = 01FF4C430CDF3D2D815B0972B23D7C35 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708 +Output = C06E2163E0CC845B348E012AC9413DEEE40C8C3B030A3681 + +Key = 00000000000000000000000000000000 +Input = 00010203040506070809 +Output = 3DFD2F643C38B07E121C77C2CA0EF82DA742B0989B6D848E + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A +Output = AFAEF390634E21E754FD09F55A4EDD918A1D23ECA9B76F2B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B +Output = A42D14C830F64F0A73570BFA7FDF8DDDD5E3AD3065A09FB0 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C +Output = 83F23527625FC643942279D090C1B61D10FC978B54D778CD + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D +Output = E073C30E0DAC595F9FD28A0CB9E53945B26D1E1DE4E66D04 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E +Output = 64E3C2F7E0F7CB297C6B8C4CAF665F9F0A3F7082D2522635 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F +Output = 8F5982C7D265A0A40FC81D2326429A0A65BCD1368F0E16CB + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F10 +Output = E29EC6664BCBA00986DD9845F8C4B26472BFDDF98522E537B5D23D5D2A8D02C5 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F1011 +Output = 9451ABCA0B9756A183F8C9ADA834E1AD2400B693C33624E59F26C35AC1586E2B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112 +Output = F03CB49A65FD3EF8FC83C52F029A3D73667D5B84DB429C38436619ED8320D12E + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F10111213 +Output = 759524B855037849812D62979A18F24D3E672C2663DEA9204BA5A639FB7DB292 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F1011121314 +Output = F352B8228FBFA0769C2E3858D7451FA603E9B751CFE780ED0F93C850C7870259 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415 +Output = 3491F4C8D916A1BC3824D1478EC746BE8C837415017ED52A1ABC30FB14DDE825 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F10111213141516 +Output = 0E6E35C5B9D706C2FF2C4C6CFCF254849879D6C1CB577E0A73BB12CBC7AC9740 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F1011121314151617 +Output = E7DB580663B113B57489E1107F2DCAF7CF80629E7CE1839E1ED044ECD0299E79 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718 +Output = 883500DB91747BAD8C5E122ED2338F3BCB6B43064F5DA9D1303E165815EC8CC4C5BFD31AEAE1B6A3 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F10111213141516171819 +Output = 24099AAAD4F19BF614ECC35DA9E3646F73AAFAA9C46975D4B56D72A332AF7EC4850B8294D94B7E1A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A +Output = C24F8CCE3425AC9638145A0DAC28B59368583FF3A7AAD85FBE1AEAAB5D23C0B128A1F9BC575B785A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B +Output = EFD0BC7612331A98F2D68F86E606717197BF57E35114234C675D40E9462ACF00DE7860C0F38677F7 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C +Output = 89171C602A315AD27EE1C7F903DCD08F48FF02D97EC59A079E9180B26F17BB010D8E56B3CDBF9006 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D +Output = 0AC1B4937C438DDE64E6733A70D3F1BF99393B2A3E6B42ABBCE6A8ECBB1F0665DCDC62530739E8FD + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E +Output = 3A4553B4613F602B0BFC11609616744CC99CAD4B1CA1FFC6568DF20FD2DC0B020CFC1E6ABD2820D4 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Output = 353B0F55E3569A4F11AC5434F94D9C4ADFAC2E289F98B6564FB7DF0EC116E77493C176868DBA1F6C + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20 +Output = B42ECF577992FFE257548A1BD920E8A2648EED647675B407A0E730C658AB3E917C284A6C4DF847E4D783A3BC614A2630 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021 +Output = 06D4BA477CD212C49B78C00D231FCCF7DAAE65742D889EE6C828D87D3C604EF3A14A95DE45EC537B7AC83B78C1CCACA3 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122 +Output = B056D034313D327E2A39E0930C0E43D79CA0A28F3323CD70AB19B381A0D71BB1AF7AB177B0D66B8DBE32178714917A7D + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Output = DE3AD3A933A842B574767B7C6A7FB28F442EA3C94DF7BB81C38F392CFEB8B313E999E3A8248204499A051CE50EDEC5AA + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324 +Output = 3F6EB078FAF08FA5D3BE87EE047CF1ECBAE7FC70753DB67EB63B0A073E73847AD200BD241C91CB87BED689CF8F75C93B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425 +Output = 445C7209CD605AAEF330EA0C5A6469728AD6B10C510F0CC59DDF26927E11FC5F2D0DC1375541A1F55BAF356D7EE53500 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526 +Output = 122A43F6FCF53F48127FB59F3F9CE1C6621F6B6342569908796AE1CF6E5F27BEA025E35ADDBC3B055DD365AB61485905 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Output = EAA9E4B5B6372DE37C283D751F0376E4BEAAED1F98FE31DA171910D66CF839AB8FE11AB892806F04AE4E217847802FD1 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728 +Output = 8DABB66ADB361581E5D68EF8A17A09D74A685F7507298362103F5853F9475F21434019F2E92485DA19D2B11F75CF90734231C1421290975C + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526272829 +Output = FC8D65BBCB5912874DF58EA60DD63D0E16951C10B05AC069A9764A11276D6AB8C968DA01674F230376F8FE6BEA8473A14D3C79EAEC52E003 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A +Output = 603C4F13DB9F651AC3DD6A3AC6CE056BE605C6D72E708A8424C451BD2C24F63352FA2BB693947689D2626CF273762E5FAEE361D793AF819F + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B +Output = CA10E89057844F6E968DC6A75125621FB6FA779D3D1773ED99891694B19D28B9C9B234EC7135A585AFFDBFA85E813EE54A22938D2B89FCD1 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C +Output = 6C64643E7386B22E2D0BDDE6E812DCAC90F3417D933E057725BDCA8253EF1868AC7152DE08668515DD136E476B00BDFA2F5DEEE0FA23D42D + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D +Output = 2FB135455B08C6EF5C7E835F09DC55078B3BF0B79C72308A25F5437DAD770A59D4E63EFBBA77E7C6A6316005E35082DDE15FD616A3EACEC1 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E +Output = EFDB7BC1EC888B698FA3190BDA302D68E4C854CE38E67790CF661BBC394AB2113BDE3AE202259490253B08FC7BDA36DF0C8DF62E0BBD3AEC + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F +Output = 6FB04EFCAE2CDC3B46A8A9C9834A28B1437C2E755BC594460E0621B46BBE0F5D4BBE181502EC9142F71A4A5B0871EE62E8BD5DF4BAF87357 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30 +Output = F0410A66EE0E4B9913243184284A7473B5E80E59149F23D2F85D5C58329678ADD62EF6038E1153B61772E3F5A7D2E2A65066663FE3B30D3F6D79F0EACBFFB307 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031 +Output = 9EA24A531B21B1D12AA0EF0CD620E46CCF557142ABC2DA7601C6D9C597D16C0CAD842ED4C791EEAAE9AC06AD66B58A44ACA0989B4ED09D9B1D1C07FF705E775C + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132 +Output = A3946C7481A0439B552DAAC3C804A9F9909CD5DAF5D5EC3EDA0D31AE5D99B541FB4D487C7588A786143E36002050C5F8E2DF0864708296F7CA1178588D252D66 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233 +Output = 3389BE82398B80DC86C88B506654437B51528119C26BCDF1F3A6470DF96B5A89D012B7ED0E58508BD244622E3AD919E22A2DB902A53336CF69ACD362194EF788 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334 +Output = 2E206446A99B6F07DB75253AEB0ACA89CE55811509AA969BFE2952720FE1BD8CE840C2FE6E3E48E730B7B9856AC28D2941EADBC39F829567EECF8EE70A9FEA20 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435 +Output = EB6ECD5B0DEAEB3D61B9DF8581202E272591BF19F3EE052FAA217C5CD96AE15882ECD934D1CF15F2CD5CAD48E46DF1B889C756834FC9067B4BBCE71EF7FBE2CE + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233343536 +Output = 09EA967289A07CD184AB68484799B58A1AD4E47DD0FC1612480695F0CEA62A019D7DB9184DCBA2FA871B8D7F0A21B07DDB1D79A9912C4278A6C10517D6FE7607 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 +Output = B7B16D760E94318547FDCED193613311BB4C228544EB0D0026A3BFF85440411CECED8E9B72B2B088446E792058C5BEDEEAE42B622C97E7305DB06F49C06DBEEF + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738 +Output = D90841D6B936480461BF2D77FCC3FADF20177A3707FE0A47153271F05BEE51AF1D5B9EC466B1B43A45DC8E439924B6CE3BFD28EA33337036713FEFA82164986696ED78F14E9C3965 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233343536373839 +Output = 1EF61764EEF8B3A532C0CD60D01078719EA74AF30DCAE28A7508A30CB3EFE4352C315DD68C329C967975A8344C99D3234A056040860390416B387DC263396F7EFDEF5A5B92A6C4AD + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A +Output = A591BB3882464EDC11416ECA7995B7488EA8F1B89AFFCDE6FCDDDE60FDD45F51BB238A9503C7AACF750D8024F5B1DD39655558958585BDC842D07A34C35BB04719CC784212DED785 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B +Output = DCB4F791FB0C1867D90AF107256020B66E8ED09B898E626CCDCD55F5503774CADDC3B84E87A91E3CE749EC35A47E25F0C19B9C4C7D9705EA36EDF0D748471849AD61A8769685B2D7 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C +Output = 0AA8C1E34B37FDC58A1A9934BD14B523F20B6AB32F3AAC273E625081015A6E8CE95C891F522AFE87E580AB393CB8942E24DBE812DF74DB93029744184D144692701188BFFEB6E141 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D +Output = 9EEC100B358284F4E24AEECD3F3A87ACF45A67FB9FA46D5F77BC4F7272E544B2D7329A56AEAFBC668FABA50D73A37B00300DE3186AAD77949E28C12A04B65192225A9ED929FCF5E1 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E +Output = E5D51A1C59E955797CD79E962851315E788A72AFC17B003963A64D4713EF93D370129780ECACD566A9DE9AF289ECDF46FDA257D73658383C0C052EB9C70D034E29209568BF144D72 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 3199D2B70CE5CDC5DD62F0CB48B1DE3EF07C836C49975841C7B972E661899A1CDA28253BCA33FEB3697C434CECF3EC76D979A3DFC3D862E22758A6B2468752249D2AA0B30EA2A447 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F40 +Output = C1C6E77BF5D31BC960ED2045165DB2D6A73283B5511121055773EF2A241E7FD0CE61A71F11CA6488C73945970CB684F5E009CC86A1D3EB0BA5F294ABEE29B3D4424005F21E096EDF105088BF69908455 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041 +Output = 59C0B44AF3C63A77E8010B03463C261C03960B4BD0F1AEE7EB0EC2D0E7EBDD08E28FB8C41F24DD4FFC3EEA78C5800714CB4A963A9489E8017362BE33AEB2CF6D9231AE39641A2760E9E5265780FAC82A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142 +Output = 72F38DBAE62DF7CB17D0E1BAF464224BC54A1C49D10FCAA70877F40B429384C8BEFC18EDBD9A65713A984151F97C3B0F2FA4D6127AE4FC8BED3DBD3A7073CBA8F174284DECE60D1556F8E5957D7881BC + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F40414243 +Output = 1EADC50143A9A33DF1901C1BE115B9EE408561B03A7D0BACA7EE2698FA16485699BBC0D1C8BC74D87ADABB50CBB87976965CB01CFBA67035DC3189E98550B0C3902E1271313C81265F4521A732451E7B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041424344 +Output = 4182301DA5BE6417C384943AFFF69A8B80AA7B2DECB55C1A9C29328B8CD16BC9540DB5B5FA751CE1B217E66E51E7168D269DCDB3E6130929DCB5E1741B31E439FC87D2AD81556E1E788BE8F0B370323A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445 +Output = CD07B672EF635F47FD386FA62A8879FC304C8C2454CFAEAD21FB47FE30E4A4EC4ADD7C1EAB44D261B5DC18FB4EFFCDC56074D7B395E6559E9D5280B523E84A99862AD0BFE66D6980D0F59C56FC229773 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F40414243444546 +Output = 69DBA0FB08140943E3FE98E4178646C6CC0B1B44585187CC1688AF21A140CB4BCFA8D370EBC00B612C21FF95FC32FDB3D089BC2F5812139864500D30D8F25D2DCA579439542906CF0C1AFB424A7A2D95 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041424344454647 +Output = E852B1E41E680E45CA8428DDE1A4B4D77C620E6F4EB4EB757C69BBB44EB66EE09F5EE6271F6933253C3D2BA20CDA9C5F22E7445DFFE598790C6BF1E3DB70A2B42707CB8CA0A0D28CD3ED32DFD1E1227E + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748 +Output = 5FD7FE77D721DA369BA9CFEB4548AF21518A088DF3951960A6ECA5CD52FFF0A5A89E3A0BD6609C7B40230E31173898A82B685F40E001A67D1F4B8619C6E537A9E03D8D620BF8086CE2F6A81322A6026C1A6585CC12D41D58 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F40414243444546474849 +Output = 775509D94509D50839D8D4BCA6624F1DFC873CEC61EAF254DDC5BEDE233026E10625D7D5CF8BEB1C8518829E659F816FF1BE2D029390FE57FCEEBE1E3208C0D250C1F966C8E3FF27A4964E250AB7D732FF670B0E54EA4676 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A +Output = 862892008B4E499C6C6635CE7BA728DD25A6A83C043B66B6B5CE36028B72D3245F5B84BF22D7415BCE41F21D2104A43EBDBEEBD8D138AC4D15E32AD27A7FA88B91AEDFC382194ED728F09738B24F5413A74C0E0B13B4277F + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B +Output = 8F4F512116100D0ED926D1645ABFE94E00D126F0E9429A00CA69E8CCA1C8E70A7F4DF6F9B0AE1CBCB40BE2B05086B4A6F1B101E65187C71B91401B49AF313A593EF01B96855DB1ACDFD809D60DA8B1A682543D7F6AD6C337 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C +Output = F9DD0B7980B4114126972D2ED6208E3FDD95B2A767C4050C16063E7433E3085C148221376F5209FD6AACC359653D2ED254A987C35F1D440F00A39E2B14A8D8DD11ACBBD635C0A76B6628A63B12183F2138A0DA32C074AA82 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D +Output = 863710066B206EBF4035E0B8413D6A94872766EE52155624E9719A16769A975A5EF0595F3816B7993BAF035AE10D205DA4DEC0EE3AF5210582DFA063D347565B332ADF99459BB718928478F334F249B4B38FF8F7B2D2E813 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E +Output = 6E1C71E71669D7CCC469DBA5342B6C14192A0E25A086352A3DD4558A12E1C348FDB1923C31C63F560C08F963B50D4BE52C21989B7A6D83AA14CA8A6089124734734AC4CF4F4C6AC2721D76BCB811F91507E975E4058F1FAF + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F +Output = 518BF14BE0D60D53D184D05068C0795E6AB1846949937546886552F23581A4A934DB2496731E93BDCFD43A78343FBEFDBC8A8B55D5E1A94AD03EEF07BFD32CEECA1A8816BEE47B846E4A368A30D64C10B993CC041EA69073 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F50 +Output = B1BC96690224BEAF3F51EE319CE697E8DAF7A666B676239F7C32B7FFE63040F601B8EDEF54D90B243A39C9CD56CDD3AC14CBE89F45D5958798F7DAB6B6F2092FC38F1D5BDA51F06ED67B75AF2587015B1AD21C10C63ACBFB0707D5CC651F8458 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051 +Output = 649D67FEF0AE7432B793DE16B3C27598088E87DFD1A4CDA952703412B3828DBA04F9188FD823C03F6221DDBAD16C3728D40FFA2FD88DB52964E556B28D5CE532A52DAC53C7C3258FF2EE12CE901825372A01DCFCAA07C0B55773532838D9CDF0 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152 +Output = 997555B6E7CBDF2D1A010AA7865CA84781A2FA2C4F32762D234A0895BC62004B6BDEE39953B6236B0889147398A8BFDD609D92531325E4B7926DA0B06CD9026B032A929F6172DDCB99C6D42D35F9FC94D6C3ADAF0522D5F3D05217405645FB16 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F50515253 +Output = 7B8582D74051A6DB1B7483D26E0612B86E55ED0CBB7BA88A676049F6DE0EF4C9C4D719B66DECF1A5E6F23653B705E6BF9BDBF423F905944E51D65D1DC792A2D3554B4C427E9CA40B4C406AAF58ED611109F97DE8B05B1ACA8F9C76118F2AA925 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051525354 +Output = BA9D1128654C32AC040C7B8460774CADB9E38D9EA07D034FA83516D9E06802FB55F5872C16EF5695EAF6C6A9DAEEE83748793843F213C54A778D4524C72C5ADF5F02801FB2F6C2FC9EC4B8299A42BC33BEA4C7DDEB6A5CF492F4F757ED9A3A86 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455 +Output = DBEB24A8A1198084F973517C8457DB028ED6DB5D1E3D97AE75F1E33EF7D63148DD60AF68F6378E04CE46D6B466C46F4089AA94C36FB0BE591E8D41547A55534E3B004CE4AABE1890B258317EEA581682D9DA7891B2A3AD5186E579B7403A6910 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F50515253545556 +Output = 9325A7B4B743ADBDEB4F8E9BF92672CBD3E6D29AED20B24415B8D8ADFF2C7652573401BBF7C45386AC6D93F70BFCFF2351489EFDA6720EB9C1BAADFE1D52CED1D0754B5F00EDC1CD8AE4654EB2E0215FC694E64B32A09CF7DA0FCCE5875E0A90 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051525354555657 +Output = D3CB65301588CB2820595CE0C0BA899E5A530A4BEEB29DAAB1D26BBAFE35A0A010E3D17A7BF87B3910465FCDA89BDF4EF564A4D801F31878A56625BCA8F55C2EE3ECDB754060DEADCFDDB8F9D11FBD6B7D2B44F6B016C350D04666584C1547CE + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758 +Output = 2DD836C8BDE95C111E549F7199096ADB2F7452E6986B8E736BD89EC01ABA1E8EC2DE7FD9F65FEFD42E5C572C61C5308CA673CD24C499037D8B7A33A35277526E83719D205E3DB0E79815D322D6A14388661D5B6A31D831AC76593D27944539C1FCC5440E0E42E53B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F50515253545556575859 +Output = DDB5299481F0419C5672D08DD6AFD92781D05095A9CB9F5F978A892D77615ED7ADF00B9A4B038E450EAF3BC12A38567E3A7732DA9DFFA6B18B341EBA79299C5855138B70DA6E5D3D859F510ECA7F9E0921E433C8814C5B07BEFEB48301A4F3945D7AC995DDDC529F + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A +Output = 4DB58952C398ED8D77C3B4E3677E4E2A282CA36C30B0590765061A2D849884738EE94521B3DEAC18CA8908C6BA8198ED8879BB7EA1B09E06E3770C2F92F1AFCE547DC30F761E568F496D5569FA9540D721F273B789919F3FA0BB10AF07D4C540DBEB8BDF2F939917 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B +Output = BB64F4A30DB269B6EC84E406E5C4706EEEA94370AD65736BEBDD945F5FD3AA85C22D74B47EC086093AEBFBF7A1E671ECA57A3E055AEB0C4B622B81A38EC6C3A1B5341E176AA8ABE20170C5A2B4CAAAF83E55DBC6B4E12339A53C116016EC806432E8198786EB4F4F + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C +Output = C293A47B576F6FCFC00A6E46D0C3BECAA9B2EAE0C043980AA45C87A8CF26472A6925F0EC62F18FC782D69FC9CDE34B8385E6EF343B7BC9BFBD5C6D9FFDF5E49649984C1E8D4238D5F15E75D928610E02BD590F5247EF85486BF327E59D2078E002C9207EF714E705 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D +Output = 3D4522574E9F3E495ADF7154555128FF59252FB5BB992568E3E9D7D22D9FAA288DB70C931CBFC5A2DA5FB89AF6BEBB0B703101E885677E885D8AA921E05689615E98A00182CF683BB36F2CF29A7C7432CA389587B6AB0AEE4165DDD3988A84B207F5FF22E12319FC + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E +Output = ADC07AD97AF4791C34CDCA604E787EF8519B1E82B69FA76F8BD561ADD476AD5C5ED35E9E2D4E5A8F69DBD5A4AF7F3B7C1C719F153BDF740B7C93C104FA44E9A695BF1AAFF7EA153A12CA7C2F7F09E7FF82D9934585347D2821D6D881AF14BFD4A596D2A5175E992D + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Output = E3A87C98F63177B4AEBCD213BB5599EE5691FD97A642D5F952DDF6DA711E3CFE64A8C04F348FEF20CDA5310DAD3214F0205749EF8AAC76C46CC9699C86EFEC02678DA53C6B1F2B72FC3FA3A8F6BA9B73E23E351F924831E8D7FBA13F9124CCC03D0383C092656027 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60 +Output = 1FD0A6C2E7496670A1FC367BBADAF2F1662E99837DBE2D65D8FE395B195CCBC07B34E843277562E13F908889D727EFCC45C13B90F87E7E6F4E4C8B2A51D4E085D221CE31B9E6EF1DDC68E832F510CD25B3043908A45C3E13F303C25491CCF3684D4E61FC1B2A0C5AF84A1CDE26CCD430 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061 +Output = 50E0D46EF0669E88808EB80B40B7E7A5BC93A4AE5DCE984BF3F6B8578441DF3236B8E9EA832B17F31E35105B0C3E66268D5749D9120C7D44655C8B318329FC41282BD3E776F0349138CD4B0ECCEB19D9F81BB5C095E8E115D6CC1438CA87922B2B40BCA4C84E501769066EF392B37DC0 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162 +Output = 1B69450C2540AA9FAACF0620A1F17565FE19D5C9150F4669E0B0D4B653FBA06DCF2291F9DB3B0BA9A9C00DAC7183AD9C4E0193F941C9451B2B9F80A89A4269525EFBE65D378AE2214EC3494A1A3029A0DE632C293ADEAD59AF250AC5604FCE40729BA7AE11407AB45382DB4A70F7B409 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = 4AB48AAF9B1A82C1A41DEF775C4FDBB2AFA918B12607F8A27B91CEADA784DBEA27D3A427AC44436B9377632FCD0AD89D61F090C98A4055811ABE99D24137BBDDEBC8AA6D9781871CDDFBF35868E22FF7FB2167E6B08931C4BD8992DE6EB9A050D58DF8747550136BE664A9E5D410E90B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364 +Output = 9F3DBCF9DF717D45E73B834ED3C82D3DA01CCC566F8DD7CBC1946383660C1CD7748C9CB8E8C50D11D94E9B4F2BEAE2DE8AFED2864F6601FA479A77359BB77493C2DDC2D7F1480882DB03140E716765A6A0483C53557609EE9D378EC53A9901B7ABF08B088B77B8F4729C81965E8C777C + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465 +Output = 00D45FE14E3D338187B9119EE7672BC31425BB5983CED91A7F417A0A449D5A813EDC86ACE59A09654D1F3BC05A9E32DA138E8D1D206F58468291DE5943DB9133C5E47BA79E0BC665E839E01000C4317260E5EAD914C3B3FFA15C9638734CA71EAC37AF1B80F1C1045D49933E43B93FD1 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263646566 +Output = 9EAE24ED81F3B829763EBA904EAFE5A12A7212526DAF6441A53C8E9EF1608E0C8AB69BD5DB988105FF6029904CDC26357F53DD96457723748FE23E1DAE0B68692C8320CC62AFCE75C4D1BC6DDA07219F745AAC398960CE494CBE683B11DD49011B5E0CB353DF37E34D48278C06E3B9CB + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364656667 +Output = 103E6859FA00EBBDF653FFEDEB45E8630A827D6E07B149ADC1DF74B41B3A4C3A2615E128E13610994A99EBA68A3F0B70964738AB9A4BFE5E057BABE30EE1FC9C4CD683CEC27DF9A20C72B5CAFC95400E7AC1BC951412C0E345A085662726780C132C7AA5C1CDE3B62D2647A346CF65D3 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768 +Output = 3074F4F18FDF69EBB6D9A9BD5D4E69D01E5EB2F061E291A496D45FAB0DA4A473DC29606493331A928938B6DDB99A6550B03993E673D769FDC0180734A5929445AD607930676BFD50D76453BC1C9B5842B0E05AFF04843BA444302BC7C12CC068D4C0EA5AB686558956CE2568F76CC7B950923C022188DE1A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263646566676869 +Output = 24216B02FD43B829FF427C5141B2518DEA38E2374E8DC75647B0CACCCDDE3795219DAA28DC538A62A661553827120459EA88856CF1A74C9BA569D0689087E3EA5FA2AD8D359032D2EDC84823F5FCE389E09D5543DC1AC387AB9022F9B2FFC8C088231D5052D9CC2C5756496E65E55ABCA3667851A842714C + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A +Output = 59039CDBE79604BC8ACC0B5D6EC5725F96E65980F9FBF450772632ECE1EEF9CDDC634D97AF621299F084FB19D63203F35470614DFFFF84D96368A4006FD5FBF20D9D75B0CC4FF80BD0614327757664670B1E8DCA038BD5BF65C3DBC7FDB619E65E0DD3FA1BBE24AD9313A4EB2F15F54C74167C6C73ED6516 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B +Output = 0A51B1C2AC0406C5BE85E5F8727309DE78C6124FD917D12C8EEA624527D42FD9615F2E0697E10A129BDDE1F1E38128A4C3AEA8B910A0F8406C31C79986825EFD9F09D80DB0B91EACF0F4AAAC0032EF1CB6CBC0F548BAAEFB218B5D1634D7369B1D77F197BB2E7498ED0A3CB141D77336B642DACF31D5457A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C +Output = F664CE868579486A99025A42697622757287A581D93624868D38ABF4373E7EEF4E12D1A76396A0C0F4D7CBD21E4CB1D98EF8BBD4926C96EDC48A7880050D16BD5A957CA3B140ED14BF66F9A377F34992DBAF39BE45B99C0325C09D272912B9004192E233F43D35BE68610E130D8C8C1488F1F0EBDBD6134A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D +Output = 9082A582F7757F130DEDAE224FB38D1CFB0C21D2381A5D85052197217B1866769EB3B2B54B213CC8F8790DFF6A17AE2F88BE707AE27526367AE44A95926C7390F8EB36F473BD682FB5980015745F0999006A7BD5C0518965CF333F5A991A541B9D84AF8A0518573D9842D13BE4A7F7188F2619FDCD7A0379 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E +Output = 0EB4964ABCAAFC30588410830C84DBFACEB03244DDBEA08E4461CE01BED1EFC6AE641D73BF5F74B149A4849E584E3EB42470B6501EF20B45B378BA9ED031EAAD108440CF8DBD614CAB59EA67193CFF630311FDB802C285A08D5ED138C02E348062411F6B704676056BB7EEF6D33972B8573BF3320E2D979D + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F +Output = CD20F890025A664BDBC6530D9C790CC35A80B260BFA12D052816C394D5090735B9462B4B480C8ED1A44E2E416A14646000726496597F2BBE534570DE00678C0EB477B12E5D12E3660A2A87FE9F3981BEBB7A5E799145315D0E655188607AF187811DFB114A625BBACFFDF7028324FEB78E405A8AB7992AB0 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70 +Output = 1D4155755C898D95C6A9DF5CD5F1A3B787A116F9260BD2A69D0B0FD303306F6644D20C850511C40C310A7D4B43AA640BAC12C6038E136916055FC78179B3FC160B7DC87616EB423B5B1E355B1FE081DB8273A2CA508E974FDEB04CA9FBEC14A7029D18EA58C6AFCB081E261B06C4A5088EDAE1269FAD6439BD4DCE7F2A7DD3FC + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 +Output = DA0AAD85CD857E0A4A6897B82A2A11EC9A5BAB108EF73D615424BA9A3E5CFA850AD9469096829AB8618E5967A7AF3AFE1FA583C650A95D0FFCE7EDEE48A7B935A49FE39EB0C1DB52CB6EBAA9C69829BC5E45340AA2FD149007283793E47FAF97BD45657C40411BEF86DBD0E9ACA6F49BE97734C26FB64CC1625895678C6DBF91 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172 +Output = 83F99171340C092801A8482B2FAC5CA3405135D2760503AF3897C08F4217A3BCC08C2E8ECA5230E7D5E48B65EAC41A1DD3F43B8082DAC23EF161C6DF3E88706DC31104FA970227740097F2DF3C0576E70918064B2739B330F35DD7D02A3D144D4F9A5808C33FA98ED56BF3DD25D67CA986CDB14F5DC11BCE798761E7C849AA9D + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273 +Output = 6DD9D141E47A6948E60AF60A31FB955B7358FD843849B03798F3F8B3B28C4BB009FB55EA321F349E844526FDC183FEDC49FC2C6B54D260FBB3D7E20B3E1BE66B0C37ADF9E7F5EDEDEFB238162A01C59421CC8412637E9E9EE59D26C859BBBD7993B27C78084247D4CA894BFC4338952F2AE4669FE3456BE8F0591F5C92882649 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374 +Output = FBFCDEDB9E03C58077E12BFC87F86B7CD3FCACF0DB9D9A31FDDC36E4ECB2B23DFA7974055F3F5A1FF6E8136CF9C708F66F12994087C866E3F85504A3B9724D17938C199F6503BE6A30170296CAB00A2DB1E6CF0963780E58E1FA56E569244369EECC24B4B92FA2B349B8841626DFCE53FE4C36746086F1974ADAF2BA3DBACE2F + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475 +Output = D1A1F1F7C2995DBD4BDB66CB367D6AA995B45CEB202EBD939EFA50D635336855AAFF2E7C548496A259CB4B34795B8099FA086AC00880EA25F3C345A77F40AC967DC91F181E19FCD4E3A5FB73B15B1FA83232DB970F7B30BE98E88BFD4CA0B475C1B7AA831078AC37160D581717E6D546FEA5FAA8EA99C9AEDA4EA471F33B3194 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576 +Output = D376E69BC513EFBB8CA8FBCC2635965E295CCD1C0C27CC6EB5DFE443A585F4DDDA6DAE207A56BCFD1362E4ACE1BFA975AF1212824D65B732E41A1D92D2CFE57F2A0198EBCF862ECFA9D22F024F47CCAE41178382FEC37A39088B94875B739EC64998F62A6417106A9C78BA28D70D06A93F90884AF6A30DD2FC6A21D9FAEE2064 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677 +Output = B04E30E501339A530360D9A845CAE9548E0F27E36DB3950A1CBE927A5ED8B855F78E86E1429C1AC5206BB7DE4F4A08D90E166D35F7583C38E59C4A56B962D1800D79C7AD4C8561FA366EC9C0C9EAC00B5AA3C3C16DF1647E73A8C64F14989D2D6FBB4642C12EB19DC7B5A18F531BFDF92434238660B1BE43CA5821ADA82EBE75 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778 +Output = 260635AE31634020B6E488F6C95ABD2CCFB11510C1BD96C093608762F214057815ADBBFB2DE2BCE3027A4ECC1DA4C7A2F8CBCEA25D916ECA621671A9275C6C5E60ADD32C203F995C97C5531A86488D8E3BDD7968C35EC61C2CDFA861C8879B6B32F8D5979FCD5ED1C2E0365547397FA4DF1B60E64FA4A8AA0981DD2A1A9965DF081557F8BF43CD6B + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576777879 +Output = C7F38CB064D26263CDCD274AE9F35613FF1A2A4641591F6E946251FBBC64CA16039CA649F58995241AB67037563972DB55B9D12CFAD6E4128C361C353FFD8AC890D0D1C29991236AAB6C27DF09C24B6955A82777CD5F30BA372D46CB8A848B7AF91683B87EFC80EEF65C9404D2098E6218375D18920C7358E5AD2A1573440FA59F56FA7DBA5D40FC + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A +Output = 2D15CBC166B3EDFB652B09120251DFC5092756E66AE810B1957A9425B2A592D4D21C9E5DC63FBAF0F5079E94F11326599C8D9E71BCA4E9EA6FE11FBFB6901D6A7E2106C1354B18FF6329C6B3E76FDE3A01CC268B7A01562C55CE3B3BF261CDE406750CDAA016FA990951494E54B13469AA6143F205F8D86544C672EB8369A5F363CB0E8355D92083 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B +Output = 19BC8957D0E3C941EBDE22B87A81AE8B422BF122C0C4AD133DC11FF43529039DC9D8671CC4B073C9A1C52A86C0B8F917A0D747224671F87CF3CFFAC440A2843398311A12EEDE2709C4C75C9955BBD9B7D3B2E58B7BBB428D62F20C58C6985CB3292CD82D1E2350071C91FFA08F3C27AAC312B47BBCB5ADE3877F4AB64DA88C1F82D89E78A76E73F6 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C +Output = 80C4B26C03B3FC542BD0674E46BE692606D7D0107EAF03E4AC3DB176D9CE0CE5104A9E5E9CA94BBB402C35643FEB6D08D5C9B7496141033CDFAB7D02FA6293D2EF001354C9565B875CA781872D922B4A4BFC2948295D7FB7C6874DAF9D0F10F24FA07338E08054A02A30D4E27F1C4A7BE139971CF4F5F1862AD7E0C170F5ABFE13EC19F5D7E37CA2 + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D +Output = 0321201DA921361D45A6F9BF613CE15316945C2C3D52D9DDB2D6FA33549CFC4C0837FEBAB65E9AEB2777E4B4D367BC9F0A15683A1BB5805A3292A7DAC59CD1E73524F561FF1E2BDE898FB2605648B385F9A1AA38A10581F4F5DDB31DD54A777F91F21C1B8F61FCD5D3884AE083A5C90545B807FB3EEBD472A81B574718CEE428D5A0FAF776A5229A + +Key = 00000000000000000000000000000000 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E +Output = AF2187578A2495DB2A746058D04E2902C83134D727E750C37681015921A852D1E796D2B6D352C86A1F31B891C7EF5A7BB03CF2D61C941D6DC51F5DEDA91C512921E631C8287175EF9D49365F86B4D27160B0CDCC7755E1C60E52C60579014BD705BFEA6323CED9F4072A06CA00BD8A57F69BB87966CC34811DADAA52CC92823AC5DB2AFBA20369D8 + +[KWP.INVALID] diff --git a/src/tests/data/keywrap/nist_key_wrap_invalid.vec b/src/tests/data/keywrap/nist_key_wrap_invalid.vec new file mode 100644 index 0000000000..97f2a18afe --- /dev/null +++ b/src/tests/data/keywrap/nist_key_wrap_invalid.vec @@ -0,0 +1,36 @@ + +# From CAVS + +[KW] +Key = a377331672bf423c0e523d39bb549493 +Input = 1f3c7f161fa59b93b3df55ffa092b0e557f92397a0d40159 + +Key = accc4b014123f9e95d3c6f92d07da9fd +Input = 020cc7c82b6b7cd2ff4d28186930305edce13d65cc36d8d1 + +Key = 25be3d1d7fa0d1e6d7c97d78f80f538e +Input = 5913a3d046449f5a7ceb5e1e8576e2744b96f179978edcb8 + +Key = 95af5484f263f99346fc45578b651f0a +Input = ed6d3a9014809c0024d0b066e8a9850b6b27f5d320986a6c + +Key = 58f3ac243b1f937e6b131fb06b723277 +Input = d542544d8ff9d1454ecd2104b17d5f13756b2a6c8b15f5f3 + +Key = c5cbee63ff4ec496d7a4c4f2c09554ed +Input = e53da2e62d1a358678f91ff8e421eb84ab00b93239023ba4 + +Key = 5148bdfb74e1a52f5c8cb24c36981019 +Input = f39c78376db84fc611ef8566dfdb7ce42258abf6d9b73c581c61b23072d20b7a0aa3867bc8358c02d52a48f79a3a5996eda5942f7ac5c56b1ff04bde63948461100709f9a4fadbbb28daff6075c547ac0b575b5e34830a1fa0741bac2a4da4a51369289b6d8b2813dd181cb43a7524de145c1b32742e7b57d919d8b61d8487acc596121bcbbc18fd6fae7ba0c3dc6c177cc575a8c0d6b97e145ab9624bed55102aa0fbdd016d49cf284ace156f02a10402800bbe073f73a4a2d8d2d1f5327466a180033d6b7318d4179b9875b00875eb90f2eaf08d05e44e74192cc192aa2f5560a5718c0404560cc09ae09024984338c9b94e9df89ace66aedd8bce938f8fabaed3f31bb4960d85c626613f51b834442559c32e05d527b81c0f23998df7a511b2c45b994d3bbb46f822b22c1da212e33cdbcc625134e3b6e1b10fb8b9e84323067754c21906d555079bf48bc5b6942e4aac282800a2120c4bd4856e94f854a30a6042b9678a80210f3ed821992c5c9707db6e9ba38d58d694916aba87bf8ea6af6a0734924325e1ec996708b36bca5dd78aa7a6fffd7c123dc2f68f11ce36e1542421b532cac45d6863e07de4928e7c3ad8c24517b89df546e86eaa37d6412bb37416ecd0f8c1df43d67f0a93b655f1b27e24d7d1281e2c4b268acbaeb0ceb8ebcbfb56e55e7b703c714db84063c16eeda3477ce5d53736ff38e5436e68e735708faa11bbb96cc7 + +[KWP] + +Key = 659fc41b910ed045a76707d722ff6fa8 +Input = 4d4b37f9ca2416b2942f34f702f0cd37 + +Key = 49ba2b4ac8919de4e7e4cb2648b5dab6 +Input = 3d9afc5661d9c8e0343e1c362b9b2bc5 + +Key = 6801637408f46b912c14330a88ce02d9 +Input = 31f78f54d749e02014a8580f600ae1de796e08efa4f6b60230b979f133a0b735967304b67e280cf25805ab55a16765ba209a4eb66eeb902b90db633d9df1e71e1f707e8fc938adc415b051b6bfb452816f51cd820197b79d16816bd5263b10cd6ceec3239aa1288c731e146a9c8e7bd0 + diff --git a/src/tests/data/rfc3394.vec b/src/tests/data/keywrap/rfc3394.vec similarity index 100% rename from src/tests/data/rfc3394.vec rename to src/tests/data/keywrap/rfc3394.vec diff --git a/src/tests/test_keywrap.cpp b/src/tests/test_keywrap.cpp index d710dfc68c..a5b216562b 100644 --- a/src/tests/test_keywrap.cpp +++ b/src/tests/test_keywrap.cpp @@ -10,6 +10,11 @@ #include #endif +#if defined(BOTAN_HAS_NIST_KEYWRAP) + #include + #include +#endif + namespace Botan_Tests { namespace { @@ -18,7 +23,7 @@ namespace { class RFC3394_Keywrap_Tests final : public Text_Based_Test { public: - RFC3394_Keywrap_Tests() : Text_Based_Test("rfc3394.vec", "Key,KEK,Output") {} + RFC3394_Keywrap_Tests() : Text_Based_Test("keywrap/rfc3394.vec", "Key,KEK,Output") {} Test::Result run_one_test(const std::string&, const VarMap& vars) override { @@ -50,6 +55,129 @@ class RFC3394_Keywrap_Tests final : public Text_Based_Test BOTAN_REGISTER_TEST("rfc3394", RFC3394_Keywrap_Tests); #endif +#if defined(BOTAN_HAS_NIST_KEYWRAP) && defined(BOTAN_HAS_AES) + +class NIST_Keywrap_Tests final : public Text_Based_Test + { + public: + NIST_Keywrap_Tests() : Text_Based_Test("keywrap/nist_key_wrap.vec", "Input,Key,Output") {} + + Test::Result run_one_test(const std::string& typ, const VarMap& vars) override + { + Test::Result result("NIST keywrap"); + + try + { + if(typ != "KW" && typ != "KWP") + throw Test_Error("Unknown type in NIST key wrap tests"); + + const std::vector expected = get_req_bin(vars, "Output"); + const std::vector input = get_req_bin(vars, "Input"); + const std::vector key = get_req_bin(vars, "Key"); + + std::unique_ptr bc = + Botan::BlockCipher::create_or_throw("AES-" + std::to_string(key.size()*8)); + + bc->set_key(key); + + std::vector wrapped; + + if(typ == "KW") + { + wrapped = nist_key_wrap(input.data(), input.size(), *bc); + } + else if(typ == "KWP") + { + wrapped = nist_key_wrap_padded(input.data(), input.size(), *bc); + } + + result.test_eq("key wrap", wrapped, expected); + + try + { + Botan::secure_vector unwrapped; + if(typ == "KW") + { + unwrapped = nist_key_unwrap(expected.data(), expected.size(), *bc); + } + else if(typ == "KWP") + { + unwrapped = nist_key_unwrap_padded(expected.data(), expected.size(), *bc); + } + + result.test_eq("key unwrap", unwrapped, input); + } + catch(Botan::Integrity_Failure& e) + { + result.test_failure("NIST key unwrap failed with integrity failure", e.what()); + } + } + catch(std::exception& e) + { + result.test_failure("", e.what()); + } + + return result; + } + + }; + +BOTAN_REGISTER_TEST("nist_key_wrap", NIST_Keywrap_Tests); + +class NIST_Keywrap_Invalid_Tests final : public Text_Based_Test + { + public: + NIST_Keywrap_Invalid_Tests() : Text_Based_Test("keywrap/nist_key_wrap_invalid.vec", "Key,Input") {} + + Test::Result run_one_test(const std::string& typ, const VarMap& vars) override + { + Test::Result result("NIST keywrap (invalid inputs)"); + + try + { + if(typ != "KW" && typ != "KWP") + throw Test_Error("Unknown type in NIST key wrap tests"); + + const std::vector input = get_req_bin(vars, "Input"); + const std::vector key = get_req_bin(vars, "Key"); + + std::unique_ptr bc = + Botan::BlockCipher::create_or_throw("AES-" + std::to_string(key.size()*8)); + + bc->set_key(key); + + try + { + Botan::secure_vector unwrapped; + if(typ == "KW") + { + unwrapped = nist_key_unwrap(input.data(), input.size(), *bc); + } + else if(typ == "KWP") + { + unwrapped = nist_key_unwrap_padded(input.data(), input.size(), *bc); + } + + result.test_failure("Was able to unwrap invalid keywrap input"); + } + catch(Botan::Integrity_Failure) + { + result.test_success("Rejected invalid input"); + } + } + catch(std::exception& e) + { + result.test_failure("", e.what()); + } + + return result; + } + + }; + +BOTAN_REGISTER_TEST("nist_key_wrap_invalid", NIST_Keywrap_Invalid_Tests); +#endif + } } From abc85f2515b2fc2b847c4d6e9c2c3717f2391d3a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 19 Nov 2017 21:57:41 -0500 Subject: [PATCH 0207/1008] Add keywrap documentation --- doc/manual/contents.rst | 1 + doc/manual/keywrap.rst | 60 +++++++++++++++++++++++++++++++++++++++++ news.rst | 2 +- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 doc/manual/keywrap.rst diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index f3b11f7b09..0c9ac4b7f2 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -23,6 +23,7 @@ Contents lowlevel kdf pbkdf + keywrap passhash cryptobox srp diff --git a/doc/manual/keywrap.rst b/doc/manual/keywrap.rst new file mode 100644 index 0000000000..ae1172701f --- /dev/null +++ b/doc/manual/keywrap.rst @@ -0,0 +1,60 @@ +AES Key Wrapping +================================= + +NIST specifies two mechanisms for wrapping (encrypting) symmetric keys using +another key. The first (and older, more widely supported) methd requres the +input be a multiple of 8 bytes long. The other allows any length input, though +only up to 2**32 bytes. + +These algorithms are described in NIST SP 800-38F, and RFCs 3394 and 5694. + +This API, defined in ``nist_keywrap.h``, first became available in version 2.4.0 + +These functions take an arbitrary 128-bit block cipher object, which must +already have been keyed with the key encryption key. NIST only allows these +functions with AES, but any 128-bit cipher will do and some other implementations +(such as in OpenSSL) do also allow other ciphers. Use AES for best interop. + +.. cpp:function:: std::vector nist_key_wrap(const uint8_t input[], \ + size_t input_len, const BlockCipher& bc) + + This performs KW (key wrap) mode. The input must be a multiple of 8 bytes long. + +.. cpp:function:: secure_vector nist_key_unwrap(const uint8_t input[], \ + size_t input_len, const BlockCipher& bc) + + This unwraps the result of nist_key_wrap, or throw Integrity_Failure on error. + +.. cpp:function:: std::vector nist_key_wrap_padded(const uint8_t input[], \ + size_t input_len, const BlockCipher& bc) + + This performs KWP (key wrap with padding) mode. The input can be any length. + +.. cpp:function:: secure_vector nist_key_unwrap_padded(const uint8_t input[], \ + size_t input_len, const BlockCipher& bc) + + This unwraps the result of nist_key_wrap_padded, or throws Integrity_Failure + on error. + +RFC 3394 Interface +----------------------------- + +This is an older interface that was first available (with slight changes) in +1.10, and available in its current form since 2.0 release. It uses a 128-bit, +192-bit, or 256-bit key to encrypt an input key. AES is always used. The input +must be a multiple of 8 bytes; if not an exception is thrown. + +This interface is defined in ``rfc3394.h``. + +.. cpp:function:: secure_vector rfc3394_keywrap(const secure_vector& key, \ + const SymmetricKey& kek) + + Wrap the input key using kek (the key encryption key), and return the result. It will + be 8 bytes longer than the input key. + +.. cpp:function:: secure_vector rfc3394_keyunwrap(const secure_vector& key, \ + const SymmetricKey& kek) + + Unwrap a key wrapped wtih rfc3394_keywrap. + + diff --git a/news.rst b/news.rst index 945556855d..5bfb024289 100644 --- a/news.rst +++ b/news.rst @@ -14,7 +14,7 @@ Version 2.4.0, Not Yet Released RSA-PSS signatures (GH #1270) * Add support for AES key wrapping with padding, as specified in RFC 5649 - and NIST SP 800-38F + and NIST SP 800-38F (GH #1301) * Optimize GCM mode on systems both with and without carryless multiply support. This includes a new base case implementation From 41990691884d7cc04d9045442f7c01419faf947b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 20 Nov 2017 12:17:12 -0500 Subject: [PATCH 0208/1008] Link to distro wiki page from index [ci skip] --- readme.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/readme.rst b/readme.rst index 1125297eec..d09f7689d7 100644 --- a/readme.rst +++ b/readme.rst @@ -91,15 +91,15 @@ All releases are signed with a Key fingerprint = 621D AF64 11E1 851C 4CF9 A2E1 6211 EBF1 EFBA DFBC uid Botan Distribution Key -Some distributions such as Arch, Fedora and Debian include packages -for Botan. However these are often out of date; using the latest -source release is recommended. +Some `distributions `_ +such as Arch, Fedora and Debian include packages for Botan. However +these are often out of date; using the latest source release is recommended. Current Stable Release ---------------------------------------- Version 2 requires a C++11 compiler; GCC 4.8 and later, Clang 3.5 and -later, and MSVC 2015 are regularly tested. +later, and MSVC 2015/2017 are regularly tested. The latest 2.x release is `2.3.0 `_ From 2ec2098e2752772609ee421985d794e2448f2849 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 20 Nov 2017 17:05:55 -0500 Subject: [PATCH 0209/1008] Avoid uncontrolled recusion on indefinite length encodings A sufficiently nested indefinite length construction would cause stack exhaustion and a crash. Found by OSS-Fuzz - issue 4353 --- src/lib/asn1/ber_dec.cpp | 43 ++++++++++++++++++++++++---------------- src/tests/test_asn1.cpp | 43 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 17 deletions(-) diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index dd83e24463..515f7352fd 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -1,7 +1,6 @@ - /* * BER Decoder -* (C) 1999-2008,2015 Jack Lloyd +* (C) 1999-2008,2015,2017 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -15,6 +14,13 @@ namespace Botan { namespace { +/* +* This value is somewhat arbitrary. OpenSSL allows up to 128 nested +* indefinite length sequences. If you increase this, also increase the +* limit in the test in test_asn1.cpp +*/ +const size_t ALLOWED_EOC_NESTINGS = 16; + /* * BER decode an ASN.1 type tag */ @@ -55,12 +61,12 @@ size_t decode_tag(DataSource* ber, ASN1_Tag& type_tag, ASN1_Tag& class_tag) /* * Find the EOC marker */ -size_t find_eoc(DataSource*); +size_t find_eoc(DataSource* src, size_t allow_indef); /* * BER decode an ASN.1 length field */ -size_t decode_length(DataSource* ber, size_t& field_size) +size_t decode_length(DataSource* ber, size_t& field_size, size_t allow_indef) { uint8_t b; if(!ber->read_byte(b)) @@ -70,10 +76,21 @@ size_t decode_length(DataSource* ber, size_t& field_size) return b; field_size += (b & 0x7F); - if(field_size == 1) return find_eoc(ber); if(field_size > 5) throw BER_Decoding_Error("Length field is too large"); + if(field_size == 1) + { + if(allow_indef == 0) + { + throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion"); + } + else + { + return find_eoc(ber, allow_indef - 1); + } + } + size_t length = 0; for(size_t i = 0; i != field_size - 1; ++i) @@ -87,19 +104,10 @@ size_t decode_length(DataSource* ber, size_t& field_size) return length; } -/* -* BER decode an ASN.1 length field -*/ -size_t decode_length(DataSource* ber) - { - size_t dummy; - return decode_length(ber, dummy); - } - /* * Find the EOC marker */ -size_t find_eoc(DataSource* ber) +size_t find_eoc(DataSource* ber, size_t allow_indef) { secure_vector buffer(DEFAULT_BUFFERSIZE), data; @@ -124,7 +132,7 @@ size_t find_eoc(DataSource* ber) break; size_t length_size = 0; - size_t item_size = decode_length(&source, length_size); + size_t item_size = decode_length(&source, length_size, allow_indef); source.discard_next(item_size); length = BOTAN_CHECKED_ADD(length, item_size); @@ -224,7 +232,8 @@ BER_Object BER_Decoder::get_next_object() if(next.type_tag == NO_OBJECT) return next; - const size_t length = decode_length(m_source); + size_t field_size; + const size_t length = decode_length(m_source, field_size, ALLOWED_EOC_NESTINGS); if(!m_source->check_available(length)) throw BER_Decoding_Error("Value truncated"); diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index c99fa41d9d..633f576024 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -10,6 +10,7 @@ #include #include #include + #include #endif namespace Botan_Tests { @@ -45,6 +46,47 @@ Test::Result test_ber_stack_recursion() return result; } +Test::Result test_ber_eoc_decoding_limits() + { + Test::Result result("BER nested indefinite length"); + + // OSS-Fuzz #4353 + + Botan::ASN1_Pretty_Printer printer; + + size_t max_eoc_allowed = 0; + + for(size_t len = 1; len < 1024; ++len) + { + std::vector buf(4*len); + + /* + This constructs a len deep sequence of SEQUENCES each with + an indefinite length + */ + for(size_t i = 0; i != 2*len; i += 2) + { + buf[i ] = 0x30; + buf[i+1] = 0x80; + } + // remainder of values left as zeros (EOC markers) + + try + { + printer.print(buf); + } + catch(Botan::BER_Decoding_Error&) + { + max_eoc_allowed = len - 1; + break; + } + } + + result.test_eq("EOC limited to prevent stack exhaustion", max_eoc_allowed, 16); + + return result; + } + Test::Result test_asn1_utf8_ascii_parsing() { Test::Result result("ASN.1 ASCII parsing"); @@ -234,6 +276,7 @@ class ASN1_Tests final : public Test std::vector results; results.push_back(test_ber_stack_recursion()); + results.push_back(test_ber_eoc_decoding_limits()); results.push_back(test_asn1_utf8_ascii_parsing()); results.push_back(test_asn1_utf8_parsing()); results.push_back(test_asn1_ucs2_parsing()); From 103479a7ca4d2a2df18201bf5ee0f6acc2af9cf3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 21 Nov 2017 01:32:45 -0500 Subject: [PATCH 0210/1008] Allow building asn1print even if PEM is disabled Just throws if --pem arg is used. --- src/cli/asn1.cpp | 11 +++++++++-- src/cli/cli_exceptions.h | 3 +++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 6460d55876..ca8f5f89f5 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -6,11 +6,14 @@ #include "cli.h" -#if defined(BOTAN_HAS_ASN1) && defined(BOTAN_HAS_PEM_CODEC) +#if defined(BOTAN_HAS_ASN1) -#include #include +#if defined(BOTAN_HAS_PEM_CODEC) + #include +#endif + namespace Botan_CLI { class ASN1_Printer final : public Command @@ -26,8 +29,12 @@ class ASN1_Printer final : public Command if(flag_set("pem")) { +#if defined(BOTAN_HAS_PEM_CODEC) std::string pem_label; contents = unlock(Botan::PEM_Code::decode(slurp_file_as_str(input), pem_label)); +#else + throw CLI_Error_Unsupported("PEM decoding not available in this build"); +#endif } else { diff --git a/src/cli/cli_exceptions.h b/src/cli/cli_exceptions.h index ed7be31373..38459b8dd3 100644 --- a/src/cli/cli_exceptions.h +++ b/src/cli/cli_exceptions.h @@ -34,6 +34,9 @@ class CLI_Usage_Error : public CLI_Error class CLI_Error_Unsupported : public CLI_Error { public: + + CLI_Error_Unsupported(const std::string& msg) : CLI_Error(msg) {} + CLI_Error_Unsupported(const std::string& what, const std::string& who) : CLI_Error(what + " with '" + who + "' unsupported or not available") {} From f1b1c6e3506fea734bc41cdb7794bf26666d293a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 21 Nov 2017 01:36:55 -0500 Subject: [PATCH 0211/1008] Update news --- news.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/news.rst b/news.rst index 5bfb024289..ac6fe0fe2e 100644 --- a/news.rst +++ b/news.rst @@ -47,6 +47,15 @@ Version 2.4.0, Not Yet Released character. In addition, UCS-4 strings are now supported. (GH #1113 #1250 #1287 #1289) +* In BER decoder, avoid unbounded stack recursion when parsing nested + indefinite length values. Now at most 16 nested indefinite length + values are accepted, anything deeper resulting in a decoding error. + (GH #1304 OSS-Fuzz 4353). + +* A new ASN.1 printer API allows generating a string representation of arbitrary + BER data. This is used in the ``asn1print`` command line utility and may be + useful in other applications, for instance for debugging. + * New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows better optimizations in both cases. Notably performance of CAST-128 From 306a665f07e21eefa19f1f9c047ed9e5bd9ba224 Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Mon, 9 Oct 2017 23:23:28 +0200 Subject: [PATCH 0212/1008] Implements multithreading support for XMSS --- src/lib/pubkey/xmss/xmss_common_ops.cpp | 16 +- src/lib/pubkey/xmss/xmss_common_ops.h | 64 +++++++- src/lib/pubkey/xmss/xmss_hash.cpp | 4 +- src/lib/pubkey/xmss/xmss_hash.h | 14 +- src/lib/pubkey/xmss/xmss_parameters.cpp | 26 ++- src/lib/pubkey/xmss/xmss_privatekey.cpp | 153 ++++++++++++++++-- src/lib/pubkey/xmss/xmss_privatekey.h | 42 +++-- src/lib/pubkey/xmss/xmss_publickey.cpp | 4 +- src/lib/pubkey/xmss/xmss_publickey.h | 4 +- src/lib/pubkey/xmss/xmss_signature.cpp | 8 +- .../pubkey/xmss/xmss_signature_operation.cpp | 5 +- .../pubkey/xmss/xmss_signature_operation.h | 2 +- src/lib/pubkey/xmss/xmss_tools.h | 4 +- .../xmss/xmss_verification_operation.cpp | 6 +- .../xmss/xmss_wots_addressed_publickey.h | 4 +- src/lib/pubkey/xmss/xmss_wots_common_ops.cpp | 7 +- src/lib/pubkey/xmss/xmss_wots_common_ops.h | 36 ++++- src/lib/pubkey/xmss/xmss_wots_parameters.cpp | 13 +- src/lib/pubkey/xmss/xmss_wots_privatekey.cpp | 22 +-- src/lib/pubkey/xmss/xmss_wots_privatekey.h | 117 ++++++++++++-- src/lib/pubkey/xmss/xmss_wots_publickey.cpp | 15 +- src/lib/pubkey/xmss/xmss_wots_publickey.h | 37 ++++- .../xmss/xmss_wots_signature_operation.cpp | 4 +- .../xmss/xmss_wots_signature_operation.h | 2 +- .../xmss/xmss_wots_verification_operation.cpp | 2 +- .../xmss/xmss_wots_verification_operation.h | 2 +- 26 files changed, 477 insertions(+), 136 deletions(-) diff --git a/src/lib/pubkey/xmss/xmss_common_ops.cpp b/src/lib/pubkey/xmss/xmss_common_ops.cpp index a66a413bd0..2aca59817b 100644 --- a/src/lib/pubkey/xmss/xmss_common_ops.cpp +++ b/src/lib/pubkey/xmss/xmss_common_ops.cpp @@ -15,16 +15,17 @@ XMSS_Common_Ops::randomize_tree_hash(secure_vector& result, const secure_vector& left, const secure_vector& right, XMSS_Address& adrs, - const secure_vector& seed) + const secure_vector& seed, + XMSS_Hash& hash) { adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode); - secure_vector key { m_hash.prf(seed, adrs.bytes()) }; + secure_vector key { hash.prf(seed, adrs.bytes()) }; adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode); - secure_vector bitmask_l { m_hash.prf(seed, adrs.bytes()) }; + secure_vector bitmask_l { hash.prf(seed, adrs.bytes()) }; adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode); - secure_vector bitmask_r { m_hash.prf(seed, adrs.bytes()) }; + secure_vector bitmask_r { hash.prf(seed, adrs.bytes()) }; BOTAN_ASSERT(bitmask_l.size() == left.size() && bitmask_r.size() == right.size(), @@ -37,7 +38,7 @@ XMSS_Common_Ops::randomize_tree_hash(secure_vector& result, concat_xor[i + left.size()] = right[i] ^ bitmask_r[i]; } - m_hash.h(result, key, concat_xor); + hash.h(result, key, concat_xor); } @@ -45,7 +46,8 @@ void XMSS_Common_Ops::create_l_tree(secure_vector& result, wots_keysig_t pk, XMSS_Address& adrs, - const secure_vector& seed) + const secure_vector& seed, + XMSS_Hash& hash) { size_t l = m_xmss_params.len(); adrs.set_tree_height(0); @@ -55,7 +57,7 @@ XMSS_Common_Ops::create_l_tree(secure_vector& result, for(size_t i = 0; i < l >> 1; i++) { adrs.set_tree_index(i); - randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed); + randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash); } if(l & 0x01) { diff --git a/src/lib/pubkey/xmss/xmss_common_ops.h b/src/lib/pubkey/xmss/xmss_common_ops.h index 176582efe8..1f12b6debd 100644 --- a/src/lib/pubkey/xmss/xmss_common_ops.h +++ b/src/lib/pubkey/xmss/xmss_common_ops.h @@ -33,18 +33,68 @@ class XMSS_Common_Ops * * Generates a randomized hash. * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. + * * @param[out] result The resulting randomized hash. * @param[in] left Left half of the hash function input. * @param[in] right Right half of the hash function input. * @param[in] adrs Adress of the hash function call. * @param[in] seed The seed for G. + * @param[in] hash Instance of XMSS_Hash, that may only by the thead + * executing generate_public_key. **/ void randomize_tree_hash( secure_vector& result, const secure_vector& left, const secure_vector& right, XMSS_Address& adrs, - const secure_vector& seed); + const secure_vector& seed, + XMSS_Hash& hash); + + /** + * Algorithm 7: "RAND_HASH" + * + * Generates a randomized hash. + * + * @param[out] result The resulting randomized hash. + * @param[in] left Left half of the hash function input. + * @param[in] right Right half of the hash function input. + * @param[in] adrs Adress of the hash function call. + * @param[in] seed The seed for G. + **/ + inline void randomize_tree_hash( + secure_vector& result, + const secure_vector& left, + const secure_vector& right, + XMSS_Address& adrs, + const secure_vector& seed) + { + randomize_tree_hash(result, left, right, adrs, seed, m_hash); + } + + /** + * Algorithm 8: "ltree" + * Create an L-tree used to compute the leaves of the binary hash tree. + * Takes a WOTS+ public key and compresses it to a single n-byte value. + * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each thread. + * + * @param[out] result Public key compressed to a single n-byte value + * pk[0]. + * @param[in] pk Winternitz One Time Signatures+ public key. + * @param[in] adrs Address encoding the address of the L-Tree + * @param[in] seed The seed generated during the public key generation. + * @param[in] hash Instance of XMSS_Hash, that may only be used by the + * thead executing create_l_tree. + **/ + void create_l_tree(secure_vector& result, + wots_keysig_t pk, + XMSS_Address& adrs, + const secure_vector& seed, + XMSS_Hash& hash); /** * Algorithm 8: "ltree" @@ -57,11 +107,13 @@ class XMSS_Common_Ops * @param[in] adrs Address encoding the address of the L-Tree * @param[in] seed The seed generated during the public key generation. **/ - void create_l_tree( - secure_vector& result, - wots_keysig_t pk, - XMSS_Address& adrs, - const secure_vector& seed); + inline void create_l_tree(secure_vector& result, + wots_keysig_t pk, + XMSS_Address& adrs, + const secure_vector& seed) + { + create_l_tree(result, pk, adrs, seed, m_hash); + } protected: XMSS_Parameters m_xmss_params; diff --git a/src/lib/pubkey/xmss/xmss_hash.cpp b/src/lib/pubkey/xmss/xmss_hash.cpp index 27352b0e1b..f103874381 100644 --- a/src/lib/pubkey/xmss/xmss_hash.cpp +++ b/src/lib/pubkey/xmss/xmss_hash.cpp @@ -18,8 +18,8 @@ XMSS_Hash::XMSS_Hash(const XMSS_Hash& hash) } XMSS_Hash::XMSS_Hash(const std::string& h_func_name) : - m_hash_func_name(h_func_name), - m_hash(HashFunction::create(h_func_name)) + m_hash(HashFunction::create(h_func_name)), + m_hash_func_name(h_func_name) { if(!m_hash) throw Lookup_Error("XMSS cannot use hash " + h_func_name + diff --git a/src/lib/pubkey/xmss/xmss_hash.h b/src/lib/pubkey/xmss/xmss_hash.h index 16380f8f19..b2a18c0e50 100644 --- a/src/lib/pubkey/xmss/xmss_hash.h +++ b/src/lib/pubkey/xmss/xmss_hash.h @@ -50,7 +50,7 @@ class XMSS_Hash final * @return result The hash calculated using key and data. **/ inline secure_vector prf(const secure_vector& key, - const secure_vector& data) + const secure_vector& data) { m_hash->update(m_zero_padding); m_hash->update(m_id_prf); @@ -101,9 +101,9 @@ class XMSS_Hash final * @return hash value of n-bytes length. **/ secure_vector h_msg(const secure_vector& randomness, - const secure_vector& root, - const secure_vector& index_bytes, - const secure_vector& data); + const secure_vector& root, + const secure_vector& index_bytes, + const secure_vector& data); /** * Initializes buffered h_msg computation with prefix data. @@ -147,13 +147,13 @@ class XMSS_Hash final static const uint8_t m_id_hmsg = 0x02; static const uint8_t m_id_prf = 0x03; - const std::string m_hash_func_name; std::unique_ptr m_hash; std::unique_ptr m_msg_hash; - size_t m_output_length; - //32 byte id prefixes prepended to the hash input. std::vector m_zero_padding; + size_t m_output_length; + const std::string m_hash_func_name; + }; } diff --git a/src/lib/pubkey/xmss/xmss_parameters.cpp b/src/lib/pubkey/xmss/xmss_parameters.cpp index f6d6308759..5daa6516f7 100644 --- a/src/lib/pubkey/xmss/xmss_parameters.cpp +++ b/src/lib/pubkey/xmss/xmss_parameters.cpp @@ -17,33 +17,32 @@ namespace Botan { -//static XMSS_Parameters::xmss_algorithm_t XMSS_Parameters::xmss_id_from_string(const std::string& param_set) { if(param_set == "XMSS_SHA2-256_W16_H10") - return XMSS_SHA2_256_W16_H10; + { return XMSS_SHA2_256_W16_H10; } if(param_set == "XMSS_SHA2-256_W16_H16") - return XMSS_SHA2_256_W16_H16; + { return XMSS_SHA2_256_W16_H16; } if(param_set == "XMSS_SHA2-256_W16_H20") - return XMSS_SHA2_256_W16_H20; + { return XMSS_SHA2_256_W16_H20; } if(param_set == "XMSS_SHA2-512_W16_H10") - return XMSS_SHA2_512_W16_H10; + { return XMSS_SHA2_512_W16_H10; } if(param_set == "XMSS_SHA2-512_W16_H16") - return XMSS_SHA2_512_W16_H16; + { return XMSS_SHA2_512_W16_H16; } if(param_set == "XMSS_SHA2-512_W16_H20") - return XMSS_SHA2_512_W16_H20; + { return XMSS_SHA2_512_W16_H20; } if(param_set == "XMSS_SHAKE128_W16_H10") - return XMSS_SHAKE128_W16_H10; + { return XMSS_SHAKE128_W16_H10; } if(param_set == "XMSS_SHAKE128_W16_H16") - return XMSS_SHAKE128_W16_H16; + { return XMSS_SHAKE128_W16_H16; } if(param_set == "XMSS_SHAKE128_W16_H20") - return XMSS_SHAKE128_W16_H20; + { return XMSS_SHAKE128_W16_H20; } if(param_set == "XMSS_SHAKE256_W16_H10") - return XMSS_SHAKE256_W16_H10; + { return XMSS_SHAKE256_W16_H10; } if(param_set == "XMSS_SHAKE256_W16_H16") - return XMSS_SHAKE256_W16_H16; + { return XMSS_SHAKE256_W16_H16; } if(param_set == "XMSS_SHAKE256_W16_H20") - return XMSS_SHAKE256_W16_H20; + { return XMSS_SHAKE256_W16_H20; } throw Lookup_Error("Unknown XMSS algorithm param '" + param_set + "'"); } @@ -52,7 +51,6 @@ XMSS_Parameters::XMSS_Parameters(const std::string& param_set) { } - XMSS_Parameters::XMSS_Parameters(xmss_algorithm_t oid) : m_oid(oid) { diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp index 0cb167f613..cb1afbb54a 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp @@ -18,6 +18,7 @@ #include #include #include +#include namespace Botan { @@ -43,9 +44,12 @@ XMSS_PrivateKey::XMSS_PrivateKey(const secure_vector& raw_key) auto end = raw_key.begin() + XMSS_PublicKey::size() + sizeof(uint64_t); for(auto& i = begin; i != end; i++) + { unused_leaf = ((unused_leaf << 8) | *i); + } - if(unused_leaf >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - 1))) + if(unused_leaf >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - + 1))) { throw Integrity_Failure("XMSS private key leaf index out of " "bounds."); @@ -85,25 +89,144 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, size_t target_node_height, XMSS_Address& adrs) { - const secure_vector& seed = this->public_seed(); - BOTAN_ASSERT((start_idx % (1 << target_node_height)) == 0, "Start index must be divisible by 2^{target node height}."); + // dertermine number of parallel tasks to split the tree_hashing into. + size_t split_level = std::min( + { + target_node_height, + static_cast( + std::ceil(std::log2(std::thread::hardware_concurrency()))) + }); + + // skip parallelization overhead for leaf nodes. + if(split_level == 0) + { + secure_vector result; + tree_hash_subtree(result, start_idx, target_node_height, adrs); + return result; + } + + size_t subtrees = 1 << split_level; + size_t last_idx = static_cast(1 << (target_node_height)) + start_idx; + size_t offs = (last_idx - start_idx) / subtrees; + uint8_t level = split_level; // current level in the tree + + BOTAN_ASSERT((last_idx - start_idx) % subtrees == 0, + "Number of worker threads in tree_hash need to divide range " + "of calculated nodes."); + std::vector> nodes( - XMSS_PublicKey::m_xmss_params.tree_height() + 1, - secure_vector(XMSS_PublicKey::m_xmss_params.element_size())); + subtrees, + secure_vector(XMSS_PublicKey::m_xmss_params.element_size())); + std::vector node_addresses(subtrees, adrs); + std::vector xmss_hash(subtrees, m_hash); + std::vector threads; + threads.reserve(subtrees); + + // Calculate multiple subtrees in parallel. + for(size_t i = 0; i < subtrees; i++) + { + using tree_hash_subtree_fn_t = + void (XMSS_PrivateKey::*)(secure_vector&, + size_t, + size_t, + XMSS_Address&, + XMSS_Hash&); + + threads.emplace_back( + std::thread( + static_cast( + &XMSS_PrivateKey::tree_hash_subtree), + this, + std::ref(nodes[i]), + start_idx + i * offs, + target_node_height - split_level, + std::ref(node_addresses[i]), + std::ref(xmss_hash[i]))); + } + + for(auto& t : threads) + { + t.join(); + } + + threads.clear(); + + // Parallelize the top tree levels horizontally + while(level-- > 1) + { + std::vector> ro_nodes( + nodes.begin(), nodes.begin() + (1 << (level+1))); + + for(size_t i = 0; i < (1 << level); i++) + { + node_addresses[i].set_tree_height(target_node_height - (level + 1)); + node_addresses[i].set_tree_index( + (node_addresses[2 * i + 1].get_tree_index() - 1) >> 1); + using rnd_tree_hash_fn_t = + void (XMSS_Common_Ops::*)(secure_vector&, + const secure_vector&, + const secure_vector&, + XMSS_Address& adrs, + const secure_vector&, + XMSS_Hash&); + + threads.emplace_back( + std::thread( + static_cast( + &XMSS_Common_Ops::randomize_tree_hash), + this, + std::ref(nodes[i]), + std::ref(ro_nodes[2 * i]), + std::ref(ro_nodes[2 * i + 1]), + std::ref(node_addresses[i]), + std::ref(this->public_seed()), + std::ref(xmss_hash[i]))); + } + for(auto &t : threads) + { + t.join(); + } + threads.clear(); + } + + // Avoid creation an extra thread to calculate root node. + node_addresses[0].set_tree_height(target_node_height - 1); + node_addresses[0].set_tree_index( + (node_addresses[1].get_tree_index() - 1) >> 1); + randomize_tree_hash(nodes[0], + nodes[0], + nodes[1], + node_addresses[0], + this->public_seed()); + return nodes[0]; + } + +void +XMSS_PrivateKey::tree_hash_subtree(secure_vector& result, + size_t start_idx, + size_t target_node_height, + XMSS_Address& adrs, + XMSS_Hash& hash) + { + const secure_vector& seed = this->public_seed(); + + std::vector> nodes( + target_node_height + 1, + secure_vector(XMSS_PublicKey::m_xmss_params.element_size())); // node stack, holds all nodes on stack and one extra "pending" node. This // temporary node referred to as "node" in the XMSS standard document stays // a pending element, meaning it is not regarded as element on the stack // until level is increased. - std::vector node_levels(XMSS_PublicKey::m_xmss_params.tree_height() + 1); + std::vector node_levels(target_node_height + 1); - uint8_t level = 0; + uint8_t level = 0; // current level on the node stack. XMSS_WOTS_PublicKey pk(m_wots_priv_key.wots_parameters().oid(), seed); - size_t last_idx = static_cast(1 << target_node_height) + start_idx; + for(size_t i = start_idx; i < last_idx; i++) { adrs.set_type(XMSS_Address::Type::OTS_Hash_Address); @@ -112,11 +235,12 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, pk, // getWOTS_SK(SK, s + i), reference implementation uses adrs // instead of zero padded index s + i. - this->wots_private_key()[adrs], - adrs); + this->wots_private_key().at(adrs, hash), + adrs, + hash); adrs.set_type(XMSS_Address::Type::LTree_Address); adrs.set_ltree_address(i); - create_l_tree(nodes[level], pk, adrs, seed); + create_l_tree(nodes[level], pk, adrs, seed, hash); node_levels[level] = 0; adrs.set_type(XMSS_Address::Type::Hash_Tree_Address); @@ -131,14 +255,15 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, nodes[level - 1], nodes[level], adrs, - seed); + seed, + hash); node_levels[level - 1]++; level--; //Pop stack top element adrs.set_tree_height(adrs.get_tree_height() + 1); } level++; //push temporary node to stack } - return nodes[level - 1]; + result = nodes[level - 1]; } std::shared_ptr> @@ -181,7 +306,7 @@ XMSS_PrivateKey::create_signature_op(RandomNumberGenerator&, { if(provider == "base" || provider.empty()) return std::unique_ptr( - new XMSS_Signature_Operation(*this)); + new XMSS_Signature_Operation(*this)); throw Provider_Not_Found(algo_name(), provider); } diff --git a/src/lib/pubkey/xmss/xmss_privatekey.h b/src/lib/pubkey/xmss/xmss_privatekey.h index b5ddc1a91d..1a5dd3b878 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_privatekey.h @@ -36,8 +36,8 @@ namespace Botan { * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 **/ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKey, - public XMSS_Common_Ops, - public virtual Private_Key + public XMSS_Common_Ops, + public virtual Private_Key { public: /** @@ -128,7 +128,7 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKe { current = index.load(); if(current > idx) - return; + { return; } } while(!index.compare_exchange_strong(current, idx)); } @@ -137,12 +137,12 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKe size_t reserve_unused_leaf_index() { size_t idx = (static_cast&>( - *recover_global_leaf_index())).fetch_add(1); + *recover_global_leaf_index())).fetch_add(1); if(idx >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - 1))) - { - throw Integrity_Failure("XMSS private key, one time signatures " - "exhausted."); - } + { + throw Integrity_Failure("XMSS private key, one time signatures " + "exhausted."); + } return idx; } @@ -197,9 +197,9 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKe } std::unique_ptr - create_signature_op(RandomNumberGenerator&, - const std::string&, - const std::string& provider) const override; + create_signature_op(RandomNumberGenerator&, + const std::string&, + const std::string& provider) const override; secure_vector private_key_bits() const override { @@ -241,10 +241,28 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKe private: /** - * Fetches shared unused leaf index fromt the index registry + * Fetches shared unused leaf index from the index registry **/ std::shared_ptr> recover_global_leaf_index() const; + inline void tree_hash_subtree(secure_vector& result, + size_t start_idx, + size_t target_node_height, + XMSS_Address& adrs) + { + return tree_hash_subtree(result, start_idx, target_node_height, adrs, m_hash); + } + + + /** + * Helper for multithreaded tree hashing. + */ + void tree_hash_subtree(secure_vector& result, + size_t start_idx, + size_t target_node_height, + XMSS_Address& adrs, + XMSS_Hash& hash); + XMSS_WOTS_PrivateKey m_wots_priv_key; secure_vector m_prf; XMSS_Index_Registry& m_index_reg; diff --git a/src/lib/pubkey/xmss/xmss_publickey.cpp b/src/lib/pubkey/xmss/xmss_publickey.cpp index 801388253c..53c325442f 100644 --- a/src/lib/pubkey/xmss/xmss_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_publickey.cpp @@ -55,7 +55,7 @@ XMSS_PublicKey::deserialize_xmss_oid(const std::vector& raw_key) // extract and convert algorithm id to enum type uint32_t raw_id = 0; for(size_t i = 0; i < 4; i++) - raw_id = ((raw_id << 8) | raw_key[i]); + { raw_id = ((raw_id << 8) | raw_key[i]); } return static_cast(raw_id); } @@ -67,7 +67,7 @@ XMSS_PublicKey::create_verification_op(const std::string&, if(provider == "base" || provider.empty()) { return std::unique_ptr( - new XMSS_Verification_Operation(*this)); + new XMSS_Verification_Operation(*this)); } throw Provider_Not_Found(algo_name(), provider); } diff --git a/src/lib/pubkey/xmss/xmss_publickey.h b/src/lib/pubkey/xmss/xmss_publickey.h index b415f0a59b..0cbb814d7c 100644 --- a/src/lib/pubkey/xmss/xmss_publickey.h +++ b/src/lib/pubkey/xmss/xmss_publickey.h @@ -198,8 +198,8 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PublicKey : public virtual Public_Key } std::unique_ptr - create_verification_op(const std::string&, - const std::string& provider) const override; + create_verification_op(const std::string&, + const std::string& provider) const override; size_t estimated_strength() const override { diff --git a/src/lib/pubkey/xmss/xmss_signature.cpp b/src/lib/pubkey/xmss/xmss_signature.cpp index 8dbb179094..c5d6a3d8b5 100644 --- a/src/lib/pubkey/xmss/xmss_signature.cpp +++ b/src/lib/pubkey/xmss/xmss_signature.cpp @@ -16,13 +16,13 @@ XMSS_Signature::XMSS_Signature(XMSS_Parameters::xmss_algorithm_t oid, { BOTAN_ASSERT(sizeof(size_t) >= std::ceil(static_cast( (XMSS_Parameters(oid)).tree_height()) / 8.f), - "System type \"size_t\" not big enough to support" - " leaf index."); + "System type \"size_t\" not big enough to support" + " leaf index."); XMSS_Parameters xmss_params(oid); uint64_t leaf_idx = 0; for(size_t i = 0; i < 8; i++) - leaf_idx = ((leaf_idx << 8) | raw_sig[i]); + { leaf_idx = ((leaf_idx << 8) | raw_sig[i]); } if(leaf_idx >= (1ull << (xmss_params.tree_height() - 1))) { @@ -71,7 +71,7 @@ secure_vector XMSS_Signature::bytes() const static_cast(static_cast(m_leaf_idx) >> 24U), static_cast(static_cast(m_leaf_idx) >> 16U), static_cast(static_cast(m_leaf_idx) >> 8U), - static_cast(static_cast(m_leaf_idx) ) + static_cast(static_cast(m_leaf_idx)) }; std::copy(m_randomness.begin(), diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_signature_operation.cpp index bf7588abe3..89e66495b4 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_signature_operation.cpp @@ -74,13 +74,12 @@ void XMSS_Signature_Operation::update(const uint8_t msg[], size_t msg_len) m_hash.h_msg_update(msg, msg_len); } - secure_vector XMSS_Signature_Operation::sign(RandomNumberGenerator&) { initialize(); secure_vector signature(sign(m_hash.h_msg_final(), - m_priv_key).bytes()); + m_priv_key).bytes()); m_is_initialized = false; return signature; } @@ -89,7 +88,7 @@ void XMSS_Signature_Operation::initialize() { // return if we already initialized and reserved a leaf index for signing. if(m_is_initialized) - return; + { return; } secure_vector index_bytes; // reserve leaf index so it can not be reused in by another signature diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.h b/src/lib/pubkey/xmss/xmss_signature_operation.h index 6bda810365..ca434ddcd0 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.h +++ b/src/lib/pubkey/xmss/xmss_signature_operation.h @@ -33,7 +33,7 @@ namespace Botan { * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 **/ class XMSS_Signature_Operation final : public virtual PK_Ops::Signature, - public XMSS_Common_Ops + public XMSS_Common_Ops { public: XMSS_Signature_Operation(const XMSS_PrivateKey& private_key); diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index 3065981875..13e178ca17 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -19,7 +19,7 @@ namespace Botan { * Helper tools for low level byte operations required * for the XMSS implementation. **/ - class XMSS_Tools final +class XMSS_Tools final { public: XMSS_Tools(const XMSS_Tools&) = delete; @@ -35,7 +35,7 @@ namespace Botan { **/ template::value, - void>::type> + void>::type> static void concat(secure_vector& target, const T& src); /** diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_verification_operation.cpp index 5f8c3a7217..adb031fe42 100644 --- a/src/lib/pubkey/xmss/xmss_verification_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_verification_operation.cpp @@ -87,9 +87,9 @@ XMSS_Verification_Operation::verify(const XMSS_Signature& sig, msg); secure_vector node = root_from_signature(sig, - msg_digest, - adrs, - public_key.public_seed()); + msg_digest, + adrs, + public_key.public_seed()); return (node == public_key.root()); } diff --git a/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h b/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h index 7d4ee68709..e8310d0b70 100644 --- a/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h @@ -60,8 +60,8 @@ class XMSS_WOTS_Addressed_PublicKey : public virtual Public_Key } std::unique_ptr - create_verification_op(const std::string& params, - const std::string& provider) const override + create_verification_op(const std::string& params, + const std::string& provider) const override { return m_pub_key.create_verification_op(params, provider); } diff --git a/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp b/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp index 4472b38814..4c354861ec 100644 --- a/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp @@ -17,7 +17,8 @@ XMSS_WOTS_Common_Ops::chain(secure_vector& result, size_t start_idx, size_t steps, XMSS_Address& adrs, - const secure_vector& seed) + const secure_vector& seed, + XMSS_Hash& hash) { for(size_t i = start_idx; i < (start_idx + steps) && i < m_wots_params.wots_parameter(); @@ -27,13 +28,13 @@ XMSS_WOTS_Common_Ops::chain(secure_vector& result, //Calculate tmp XOR bitmask adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode); - xor_buf(result, m_hash.prf(seed, adrs.bytes()), result.size()); + xor_buf(result, hash.prf(seed, adrs.bytes()), result.size()); // Calculate key adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode); //Calculate f(key, tmp XOR bitmask) - m_hash.f(result, m_hash.prf(seed, adrs.bytes()), result); + hash.f(result, hash.prf(seed, adrs.bytes()), result); } } diff --git a/src/lib/pubkey/xmss/xmss_wots_common_ops.h b/src/lib/pubkey/xmss/xmss_wots_common_ops.h index a880b669f7..b0a4460cb1 100644 --- a/src/lib/pubkey/xmss/xmss_wots_common_ops.h +++ b/src/lib/pubkey/xmss/xmss_wots_common_ops.h @@ -32,19 +32,47 @@ class XMSS_WOTS_Common_Ops * Algorithm 2: Chaining Function. * * @param[out] result Contains the n-byte input string "x" upon call to chain(), - * that will be replaced with the value obtained by iterating - * the cryptographic hash function "F" steps times on the - * input x using the outputs of the PRNG "G". + * that will be replaced with the value obtained by iterating + * the cryptographic hash function "F" steps times on the + * input x using the outputs of the PRNG "G". * @param[in] start_idx The start index. * @param[in] steps A number of steps. * @param[in] adrs An OTS Hash Address. * @param[in] seed A Seed. **/ + inline void chain(secure_vector& result, + size_t start_idx, + size_t steps, + XMSS_Address& adrs, + const secure_vector& seed) + { + chain(result, start_idx, steps, adrs, seed, m_hash); + } + + /** + * Algorithm 2: Chaining Function. + * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. + * + * @param[out] result Contains the n-byte input string "x" upon call to chain(), + * that will be replaced with the value obtained by iterating + * the cryptographic hash function "F" steps times on the + * input x using the outputs of the PRNG "G". + * @param[in] start_idx The start index. + * @param[in] steps A number of steps. + * @param[in] adrs An OTS Hash Address. + * @param[in] seed A Seed. + * @param[in] hash Instance of XMSS_Hash, that may only by the thead + * executing chain. + **/ void chain(secure_vector& result, size_t start_idx, size_t steps, XMSS_Address& adrs, - const secure_vector& seed); + const secure_vector& seed, + XMSS_Hash& hash); XMSS_WOTS_Parameters m_wots_params; XMSS_Hash m_hash; diff --git a/src/lib/pubkey/xmss/xmss_wots_parameters.cpp b/src/lib/pubkey/xmss/xmss_wots_parameters.cpp index 20f758ed23..3d11739ebd 100644 --- a/src/lib/pubkey/xmss/xmss_wots_parameters.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_parameters.cpp @@ -19,18 +19,17 @@ namespace Botan { -//static XMSS_WOTS_Parameters::ots_algorithm_t XMSS_WOTS_Parameters::xmss_wots_id_from_string(const std::string& param_set) { if(param_set == "WOTSP_SHA2-256_W16") - return WOTSP_SHA2_256_W16; + { return WOTSP_SHA2_256_W16; } if(param_set == "WOTSP_SHA2-512_W16") - return WOTSP_SHA2_512_W16; + { return WOTSP_SHA2_512_W16; } if(param_set == "WOTSP_SHAKE128_W16") - return WOTSP_SHAKE128_W16; + { return WOTSP_SHAKE128_W16; } if(param_set == "WOTSP_SHAKE256_W16") - return WOTSP_SHAKE256_W16; + { return WOTSP_SHAKE256_W16; } throw Invalid_Argument("Unknown XMSS-WOTS algorithm param '" + param_set + "'"); } @@ -84,7 +83,7 @@ XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(ots_algorithm_t oid) m_w == 16 ? m_lg_w = 4 : m_lg_w = 2; m_len_1 = static_cast(std::ceil((8 * element_size()) / m_lg_w)); m_len_2 = static_cast( - floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1); + floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1); BOTAN_ASSERT(m_len == m_len_1 + m_len_2, "Invalid XMSS WOTS parameter " "\"len\" detedted."); } @@ -116,7 +115,7 @@ XMSS_WOTS_Parameters::base_w(size_t value) const { value <<= (8 - ((m_len_2 * m_lg_w) % 8)); size_t len_2_bytes = static_cast( - std::ceil(static_cast(m_len_2 * m_lg_w) / 8.f)); + std::ceil(static_cast(m_len_2 * m_lg_w) / 8.f)); secure_vector result; XMSS_Tools::concat(result, value, len_2_bytes); return base_w(result, m_len_2); diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp index d7cd3479cf..2e85cf4bf8 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp @@ -14,7 +14,8 @@ namespace Botan { wots_keysig_t -XMSS_WOTS_PrivateKey::generate(const secure_vector& priv_seed) +XMSS_WOTS_PrivateKey::generate(const secure_vector& priv_seed, + XMSS_Hash& hash) { wots_keysig_t priv_key(m_wots_params.len(), secure_vector(0)); @@ -22,7 +23,7 @@ XMSS_WOTS_PrivateKey::generate(const secure_vector& priv_seed) for(size_t i = 0; i < m_wots_params.len(); i++) { XMSS_Tools::concat(priv_key[i], i, 32); - m_hash.prf(priv_key[i], priv_seed, priv_key[i]); + hash.prf(priv_key[i], priv_seed, priv_key[i]); } return priv_key; } @@ -39,8 +40,9 @@ XMSS_WOTS_PrivateKey::generate_public_key(XMSS_Address& adrs) void XMSS_WOTS_PrivateKey::generate_public_key(XMSS_WOTS_PublicKey& pub_key, - wots_keysig_t&& in_key_data, - XMSS_Address& adrs) + wots_keysig_t&& in_key_data, + XMSS_Address& adrs, + XMSS_Hash& hash) { BOTAN_ASSERT(wots_parameters() == pub_key.wots_parameters() && public_seed() == pub_key.public_seed(), @@ -51,14 +53,14 @@ XMSS_WOTS_PrivateKey::generate_public_key(XMSS_WOTS_PublicKey& pub_key, { adrs.set_chain_address(i); chain(pub_key[i], 0, m_wots_params.wots_parameter() - 1, adrs, - public_seed()); + public_seed(), hash); } } wots_keysig_t -XMSS_WOTS_PrivateKey::sign( - const secure_vector& msg, - XMSS_Address& adrs) +XMSS_WOTS_PrivateKey::sign(const secure_vector& msg, + XMSS_Address& adrs, + XMSS_Hash& hash) { secure_vector msg_digest @@ -67,12 +69,12 @@ XMSS_WOTS_PrivateKey::sign( }; m_wots_params.append_checksum(msg_digest); - wots_keysig_t sig((*this)[adrs]); + wots_keysig_t sig(this->at(adrs, hash)); for(size_t i = 0; i < m_wots_params.len(); i++) { adrs.set_chain_address(i); - chain(sig[i], 0 , msg_digest[i], adrs, m_public_seed); + chain(sig[i], 0 , msg_digest[i], adrs, m_public_seed, hash); } return sig; diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_privatekey.h index 686162911e..b0cb427c92 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.h @@ -24,7 +24,7 @@ namespace Botan { * Signatures. **/ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOTS_PublicKey, - public virtual Private_Key + public virtual Private_Key { public: /** @@ -65,7 +65,7 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOT **/ XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector& public_seed, - RandomNumberGenerator &rng) + RandomNumberGenerator& rng) : XMSS_WOTS_PublicKey(oid, public_seed), m_private_seed(rng.random_vec(m_wots_params.element_size())) { @@ -111,31 +111,61 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOT * Retrieves the i-th WOTS private key using pseudo random key * (re-)generation. * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. + * * @param i Index of the key to retrieve. + * @param hash Instance of XMSS_Hash, that may only be used by the + * thead executing at. * * @return WOTS secret key. **/ - wots_keysig_t operator[](size_t i) + wots_keysig_t at(size_t i, XMSS_Hash& hash) { secure_vector idx_bytes; XMSS_Tools::concat(idx_bytes, i, m_wots_params.element_size()); - m_hash.h(idx_bytes, m_private_seed, idx_bytes); - return generate(idx_bytes); + hash.h(idx_bytes, m_private_seed, idx_bytes); + return generate(idx_bytes, hash); + } + + /** + * Retrieves the i-th WOTS private key using pseudo random key + * (re-)generation. + * + * @param i Index of the key to retrieve. + * + * @return WOTS secret key. + **/ + inline wots_keysig_t operator[](size_t i) + { + return this->at(i, m_hash); } /** * Retrieves the i-th WOTS private key using pseudo random key * (re-)generation. * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. + * * @param adrs The address of the key to retrieve. + * @param hash Instance of XMSS_Hash, that may only be used by the + * thead executing at. * * @return WOTS secret key. **/ - wots_keysig_t operator[](const XMSS_Address& adrs) + wots_keysig_t at(const XMSS_Address& adrs, XMSS_Hash& hash) { secure_vector result; - m_hash.prf(result, m_private_seed, adrs.bytes()); - return generate(result); + hash.prf(result, m_private_seed, adrs.bytes()); + return generate(result, hash); + } + + inline wots_keysig_t operator[](const XMSS_Address& adrs) + { + return this->at(adrs, m_hash); } wots_keysig_t generate_private_key(const secure_vector& priv_seed); @@ -158,15 +188,40 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOT * key_data() member, with data derived from in_key_data using the * WOTS chaining function. * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. + * * @param[out] pub_key Public key to initialize key_data() member on. * @param in_key_data Input key material from private key used for * public key generation. * @param adrs Hash function address encoding the address of * the WOTS+ key pair within a greater structure. + * @param hash Instance of XMSS_Hash, that may only by the thead + * executing generate_public_key. **/ void generate_public_key(XMSS_WOTS_PublicKey& pub_key, wots_keysig_t&& in_key_data, - XMSS_Address& adrs); + XMSS_Address& adrs, + XMSS_Hash& hash); + /** + * Algorithm 4: "WOTS_genPK" + * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's + * key_data() member, with data derived from in_key_data using the + * WOTS chaining function. + * + * @param[out] pub_key Public key to initialize key_data() member on. + * @param in_key_data Input key material from private key used for + * public key generation. + * @param adrs Hash function address encoding the address of + * the WOTS+ key pair within a greater structure. + **/ + inline void generate_public_key(XMSS_WOTS_PublicKey& pub_key, + wots_keysig_t&& in_key_data, + XMSS_Address& adrs) + { + generate_public_key(pub_key, std::forward(in_key_data), adrs, m_hash); + } /** * Algorithm 5: "WOTS_sign" @@ -178,8 +233,31 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOT * * @return signature for msg. **/ + inline wots_keysig_t sign(const secure_vector& msg, + XMSS_Address& adrs) + { + return sign(msg, adrs, m_hash); + } + + /** + * Algorithm 5: "WOTS_sign" + * Generates a signature from a private key and a message. + * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. + * + * @param msg A message to sign. + * @param adrs An OTS hash address identifying the WOTS+ key pair + * used for signing. + * @param hash Instance of XMSS_Hash, that may only be used by the + * thead executing sign. + * + * @return signature for msg. + **/ wots_keysig_t sign(const secure_vector& msg, - XMSS_Address& adrs); + XMSS_Address& adrs, + XMSS_Hash& hash); /** * Retrieves the secret seed used to generate WOTS+ chains. The seed @@ -221,9 +299,9 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOT } std::unique_ptr - create_signature_op(RandomNumberGenerator&, - const std::string&, - const std::string& provider) const override; + create_signature_op(RandomNumberGenerator&, + const std::string&, + const std::string& provider) const override; secure_vector private_key_bits() const override { @@ -235,12 +313,23 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOT * Algorithm 3: "Generating a WOTS+ Private Key". * Generates a private key. * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each thread. + * * @param private_seed Uniformly random n-byte value. + * @param[in] hash Instance of XMSS_Hash, that may only be used by the + * thead executing generate. * * @returns a vector of length key_size() of vectors of n bytes length * containing uniformly random data. **/ - wots_keysig_t generate(const secure_vector& private_seed); + wots_keysig_t generate(const secure_vector& private_seed, + XMSS_Hash& hash); + + inline wots_keysig_t generate(const secure_vector& private_seed) + { + return generate(private_seed, m_hash); + } secure_vector m_private_seed; }; diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp index 5ae04e71f1..82a6d9c125 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp @@ -18,7 +18,8 @@ XMSS_WOTS_PublicKey::chain(secure_vector& result, size_t start_idx, size_t steps, XMSS_Address& adrs, - const secure_vector& seed) + const secure_vector& seed, + XMSS_Hash& hash) { for(size_t i = start_idx; i < (start_idx + steps) && i < m_wots_params.wots_parameter(); @@ -28,21 +29,21 @@ XMSS_WOTS_PublicKey::chain(secure_vector& result, //Calculate tmp XOR bitmask adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode); - xor_buf(result, m_hash.prf(seed, adrs.bytes()), result.size()); + xor_buf(result, hash.prf(seed, adrs.bytes()), result.size()); // Calculate key adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode); //Calculate f(key, tmp XOR bitmask) - m_hash.f(result, m_hash.prf(seed, adrs.bytes()), result); + hash.f(result, hash.prf(seed, adrs.bytes()), result); } } wots_keysig_t XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector& msg, - const wots_keysig_t& sig, - XMSS_Address& adrs, - const secure_vector& seed) + const wots_keysig_t& sig, + XMSS_Address& adrs, + const secure_vector& seed) { secure_vector msg_digest { @@ -71,7 +72,7 @@ XMSS_WOTS_PublicKey::create_verification_op(const std::string&, if(provider == "base" || provider.empty()) { return std::unique_ptr( - new XMSS_WOTS_Verification_Operation(*this)); + new XMSS_WOTS_Verification_Operation(*this)); } throw Provider_Not_Found(algo_name(), provider); } diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.h b/src/lib/pubkey/xmss/xmss_wots_publickey.h index 1c7366f0bc..58fb5ae36c 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.h @@ -247,8 +247,8 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PublicKey : virtual public Public_Key } std::unique_ptr - create_verification_op(const std::string&, - const std::string& provider) const override; + create_verification_op(const std::string&, + const std::string& provider) const override; size_t estimated_strength() const override { @@ -283,6 +283,9 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PublicKey : virtual public Public_Key * result iterating the cryptographic hash function "F" steps times on * the input x using the outputs of the PRNG "G". * + * This overload is used in multithreaded scenarios, where it is + * required to provide seperate instances of XMSS_Hash to each + * thread. * * @param[out] x An n-byte input string, that will be transformed into * the chaining function result. @@ -290,17 +293,41 @@ class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PublicKey : virtual public Public_Key * @param steps A number of steps. * @param adrs An OTS Hash Address. * @param public_seed A public seed. - * + * @param hash Instance of XMSS_Hash, that may only by the thead + * executing chain. **/ void chain(secure_vector& x, size_t start_idx, size_t steps, XMSS_Address& adrs, - const secure_vector& public_seed); + const secure_vector& public_seed, + XMSS_Hash& hash); + + /** + * Algorithm 2: Chaining Function. + * + * Takes an n-byte input string and transforms it into a the function + * result iterating the cryptographic hash function "F" steps times on + * the input x using the outputs of the PRNG "G". + * + * @param[out] x An n-byte input string, that will be transformed into + * the chaining function result. + * @param start_idx The start index. + * @param steps A number of steps. + * @param adrs An OTS Hash Address. + * @param public_seed A public seed. + **/ + inline void chain(secure_vector& x, + size_t start_idx, + size_t steps, + XMSS_Address& adrs, + const secure_vector& public_seed) + { + chain(x, start_idx, steps, adrs, public_seed, m_hash); + } XMSS_WOTS_Parameters m_wots_params; XMSS_Hash m_hash; - wots_keysig_t m_key; secure_vector m_public_seed; diff --git a/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp index 07d43e3bb9..1e7e4f17e1 100644 --- a/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp @@ -29,12 +29,12 @@ void XMSS_WOTS_Signature_Operation::update(const uint8_t msg[], size_t msg_len) { BOTAN_ASSERT(msg_len == m_priv_key.private_key().wots_parameters(). - element_size() && + element_size() && m_msg_buf.size() == 0, "XMSS WOTS only supports one message part of size n."); for(size_t i = 0; i < msg_len; i++) - m_msg_buf.push_back(msg[i]); + { m_msg_buf.push_back(msg[i]); } } secure_vector diff --git a/src/lib/pubkey/xmss/xmss_wots_signature_operation.h b/src/lib/pubkey/xmss/xmss_wots_signature_operation.h index 5873c4ec43..ddf05ae891 100644 --- a/src/lib/pubkey/xmss/xmss_wots_signature_operation.h +++ b/src/lib/pubkey/xmss/xmss_wots_signature_operation.h @@ -25,7 +25,7 @@ namespace Botan { * in the Botan algorithm registry. ***/ class XMSS_WOTS_Signature_Operation final : public virtual PK_Ops::Signature, - public XMSS_WOTS_Common_Ops + public XMSS_WOTS_Common_Ops { public: XMSS_WOTS_Signature_Operation( diff --git a/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp index cab33870a8..83ef737acd 100644 --- a/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp @@ -29,7 +29,7 @@ void XMSS_WOTS_Verification_Operation::update(const uint8_t msg[], size_t msg_len) { BOTAN_ASSERT(msg_len == m_pub_key.public_key().wots_parameters(). - element_size() && + element_size() && m_msg_buf.size() == 0, "XMSS WOTS only supports one message part of size n."); diff --git a/src/lib/pubkey/xmss/xmss_wots_verification_operation.h b/src/lib/pubkey/xmss/xmss_wots_verification_operation.h index a7758bee9a..5ecc2fc8b1 100644 --- a/src/lib/pubkey/xmss/xmss_wots_verification_operation.h +++ b/src/lib/pubkey/xmss/xmss_wots_verification_operation.h @@ -26,7 +26,7 @@ namespace Botan { **/ class XMSS_WOTS_Verification_Operation final : public virtual PK_Ops::Verification, - public XMSS_WOTS_Common_Ops + public XMSS_WOTS_Common_Ops { public: XMSS_WOTS_Verification_Operation( From 407760dc7876ed1af47233cd1f523f514c9be75e Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Sat, 21 Oct 2017 01:15:41 +0200 Subject: [PATCH 0213/1008] Adds guards for environments without threads --- src/lib/pubkey/xmss/xmss_privatekey.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp index cb1afbb54a..51e67bc185 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp @@ -18,7 +18,9 @@ #include #include #include -#include +#if defined(BOTAN_TARGET_OS_HAS_THREADS) + #include +#endif namespace Botan { @@ -92,6 +94,7 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, BOTAN_ASSERT((start_idx % (1 << target_node_height)) == 0, "Start index must be divisible by 2^{target node height}."); +#if defined(BOTAN_TARGET_OS_HAS_THREADS) // dertermine number of parallel tasks to split the tree_hashing into. size_t split_level = std::min( { @@ -103,9 +106,11 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, // skip parallelization overhead for leaf nodes. if(split_level == 0) { +#endif secure_vector result; tree_hash_subtree(result, start_idx, target_node_height, adrs); return result; +#if defined(BOTAN_TARGET_OS_HAS_THREADS) } size_t subtrees = 1 << split_level; @@ -202,6 +207,7 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, node_addresses[0], this->public_seed()); return nodes[0]; +#endif } void From f0af55db4e0f3b4424a56f36e2d1885445ce9535 Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Sun, 19 Nov 2017 20:23:47 +0100 Subject: [PATCH 0214/1008] Updates documentation, news and copyright notices. - Adds XMSS to the index of supported signature schemes. - Adds XMSS multithreading support to news.rst - Updates copyright notices of edited files. --- news.rst | 2 +- src/lib/pubkey/xmss/xmss.h | 19 +++++++++++++++---- src/lib/pubkey/xmss/xmss_common_ops.cpp | 2 +- src/lib/pubkey/xmss/xmss_common_ops.h | 2 +- src/lib/pubkey/xmss/xmss_hash.cpp | 2 +- src/lib/pubkey/xmss/xmss_hash.h | 2 +- src/lib/pubkey/xmss/xmss_parameters.cpp | 2 +- src/lib/pubkey/xmss/xmss_privatekey.cpp | 2 +- src/lib/pubkey/xmss/xmss_privatekey.h | 2 +- src/lib/pubkey/xmss/xmss_publickey.cpp | 2 +- src/lib/pubkey/xmss/xmss_publickey.h | 2 +- src/lib/pubkey/xmss/xmss_signature.cpp | 2 +- .../pubkey/xmss/xmss_signature_operation.cpp | 2 +- .../pubkey/xmss/xmss_signature_operation.h | 2 +- src/lib/pubkey/xmss/xmss_tools.h | 4 ++-- .../xmss/xmss_verification_operation.cpp | 2 +- .../xmss/xmss_wots_addressed_publickey.h | 2 +- src/lib/pubkey/xmss/xmss_wots_common_ops.cpp | 2 +- src/lib/pubkey/xmss/xmss_wots_common_ops.h | 2 +- src/lib/pubkey/xmss/xmss_wots_parameters.cpp | 2 +- src/lib/pubkey/xmss/xmss_wots_privatekey.cpp | 2 +- src/lib/pubkey/xmss/xmss_wots_privatekey.h | 4 ++-- src/lib/pubkey/xmss/xmss_wots_publickey.cpp | 2 +- src/lib/pubkey/xmss/xmss_wots_publickey.h | 4 ++-- .../xmss/xmss_wots_signature_operation.cpp | 2 +- .../xmss/xmss_wots_signature_operation.h | 2 +- .../xmss/xmss_wots_verification_operation.cpp | 2 +- .../xmss/xmss_wots_verification_operation.h | 2 +- src/lib/utils/types.h | 2 +- 29 files changed, 46 insertions(+), 35 deletions(-) diff --git a/news.rst b/news.rst index ac6fe0fe2e..42ff2adbad 100644 --- a/news.rst +++ b/news.rst @@ -119,7 +119,7 @@ Version 2.4.0, Not Yet Released * Fixes for CMake build (GH #1251) -* Avoid some signed overflow warnings (GH #1220 #1245) +* Add multithreading support for XMSS Version 2.3.0, 2017-10-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/lib/pubkey/xmss/xmss.h b/src/lib/pubkey/xmss/xmss.h index dd43f82843..3e7588dff1 100644 --- a/src/lib/pubkey/xmss/xmss.h +++ b/src/lib/pubkey/xmss/xmss.h @@ -1,7 +1,18 @@ -/* - * XMSS - * Includes XMSS headers. - * (C) 2016 Matthias Gierlings +/** + * @file xmss.h + * Includes headers required for Extended Hash-Based Signatures (XMSS) + * as described in [1]. @see Botan::XMSS_PublicKey and @see + * Botan::XMSS_PrivateKey for further + * details. + * + * 
+ * [1] XMSS: Extended Hash-Based Signatures,
+ *     draft-itrf-cfrg-xmss-hash-based-signatures-06
+ *     Release: July 2016.
+ *     https://datatracker.ietf.org/doc/draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
+ *
+ * + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_common_ops.cpp b/src/lib/pubkey/xmss/xmss_common_ops.cpp index 2aca59817b..7b1ed057bc 100644 --- a/src/lib/pubkey/xmss/xmss_common_ops.cpp +++ b/src/lib/pubkey/xmss/xmss_common_ops.cpp @@ -1,7 +1,7 @@ /* * XMSS Common Ops * Operations shared by XMSS signature generation and verification operations. - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_common_ops.h b/src/lib/pubkey/xmss/xmss_common_ops.h index 1f12b6debd..065a727d9e 100644 --- a/src/lib/pubkey/xmss/xmss_common_ops.h +++ b/src/lib/pubkey/xmss/xmss_common_ops.h @@ -1,6 +1,6 @@ /* * XMSS Common Ops - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_hash.cpp b/src/lib/pubkey/xmss/xmss_hash.cpp index f103874381..a691453dc9 100644 --- a/src/lib/pubkey/xmss/xmss_hash.cpp +++ b/src/lib/pubkey/xmss/xmss_hash.cpp @@ -2,7 +2,7 @@ * XMSS Hash * A collection of pseudorandom hash functions required for XMSS and WOTS * computations. - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_hash.h b/src/lib/pubkey/xmss/xmss_hash.h index b2a18c0e50..85cebdc916 100644 --- a/src/lib/pubkey/xmss/xmss_hash.h +++ b/src/lib/pubkey/xmss/xmss_hash.h @@ -1,6 +1,6 @@ /* * XMSS Hash - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_parameters.cpp b/src/lib/pubkey/xmss/xmss_parameters.cpp index 5daa6516f7..288b50fdc7 100644 --- a/src/lib/pubkey/xmss/xmss_parameters.cpp +++ b/src/lib/pubkey/xmss/xmss_parameters.cpp @@ -7,7 +7,7 @@ * https://datatracker.ietf.org/doc/ * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp index 51e67bc185..9ac89a5710 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp @@ -10,7 +10,7 @@ * https://datatracker.ietf.org/doc/ * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_privatekey.h b/src/lib/pubkey/xmss/xmss_privatekey.h index 1a5dd3b878..3cd9f75f4a 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_privatekey.h @@ -1,6 +1,6 @@ /* * XMSS_PrivateKey.h - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_publickey.cpp b/src/lib/pubkey/xmss/xmss_publickey.cpp index 53c325442f..425c657cad 100644 --- a/src/lib/pubkey/xmss/xmss_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_publickey.cpp @@ -10,7 +10,7 @@ * https://datatracker.ietf.org/doc/ * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_publickey.h b/src/lib/pubkey/xmss/xmss_publickey.h index 0cbb814d7c..79d0f99a71 100644 --- a/src/lib/pubkey/xmss/xmss_publickey.h +++ b/src/lib/pubkey/xmss/xmss_publickey.h @@ -1,6 +1,6 @@ /* * XMSS Public Key - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_signature.cpp b/src/lib/pubkey/xmss/xmss_signature.cpp index c5d6a3d8b5..88ef426550 100644 --- a/src/lib/pubkey/xmss/xmss_signature.cpp +++ b/src/lib/pubkey/xmss/xmss_signature.cpp @@ -1,6 +1,6 @@ /* * XMSS Signature - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_signature_operation.cpp index 89e66495b4..c3e43bfc92 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_signature_operation.cpp @@ -9,7 +9,7 @@ * https://datatracker.ietf.org/doc/ * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.h b/src/lib/pubkey/xmss/xmss_signature_operation.h index ca434ddcd0..5c1a146626 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.h +++ b/src/lib/pubkey/xmss/xmss_signature_operation.h @@ -1,6 +1,6 @@ /* * XMSS Signature Operation - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index 13e178ca17..bbd31fd9f2 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -1,6 +1,6 @@ /* - * XMSS Address - * (C) 2016 Matthias Gierlings + * XMSS Tools + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_verification_operation.cpp index adb031fe42..6a757633ed 100644 --- a/src/lib/pubkey/xmss/xmss_verification_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_verification_operation.cpp @@ -3,7 +3,7 @@ * Provides signature verification capabilities for Extended Hash-Based * Signatures (XMSS). * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h b/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h index e8310d0b70..090916e636 100644 --- a/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_addressed_publickey.h @@ -1,6 +1,6 @@ /** * XMSS WOTS Addressed Public Key - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp b/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp index 4c354861ec..d147949c66 100644 --- a/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp @@ -3,7 +3,7 @@ * Operations shared by XMSS WOTS signature generation and verification * operations. * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_common_ops.h b/src/lib/pubkey/xmss/xmss_wots_common_ops.h index b0a4460cb1..9e0b5991df 100644 --- a/src/lib/pubkey/xmss/xmss_wots_common_ops.h +++ b/src/lib/pubkey/xmss/xmss_wots_common_ops.h @@ -1,6 +1,6 @@ /** * XMSS WOTS Common Operations - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_parameters.cpp b/src/lib/pubkey/xmss/xmss_wots_parameters.cpp index 3d11739ebd..7ba3dad583 100644 --- a/src/lib/pubkey/xmss/xmss_wots_parameters.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_parameters.cpp @@ -8,7 +8,7 @@ * https://datatracker.ietf.org/doc/ * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp index 2e85cf4bf8..8a1ac05ef6 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp @@ -3,7 +3,7 @@ * A Winternitz One Time Signature private key for use with Extended Hash-Based * Signatures. * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_privatekey.h index b0cb427c92..24459def15 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.h @@ -1,6 +1,6 @@ /* * XMSS WOTS Private Key - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ @@ -23,7 +23,7 @@ namespace Botan { /** A Winternitz One Time Signature private key for use with Extended Hash-Based * Signatures. **/ -class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PrivateKey final : public virtual XMSS_WOTS_PublicKey, +class XMSS_WOTS_PrivateKey final : public virtual XMSS_WOTS_PublicKey, public virtual Private_Key { public: diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp index 82a6d9c125..04b4c352b6 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp @@ -3,7 +3,7 @@ * A Winternitz One Time Signature public key for use with Extended Hash-Based * Signatures. * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.h b/src/lib/pubkey/xmss/xmss_wots_publickey.h index 58fb5ae36c..97c7bd3e23 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.h @@ -1,6 +1,6 @@ /* * XMSS WOTS Public Key - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ @@ -29,7 +29,7 @@ typedef std::vector> wots_keysig_t; * A Winternitz One Time Signature public key for use with Extended Hash-Based * Signatures. **/ -class BOTAN_PUBLIC_API(2,0) XMSS_WOTS_PublicKey : virtual public Public_Key +class XMSS_WOTS_PublicKey : virtual public Public_Key { public: class TreeSignature final diff --git a/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp index 1e7e4f17e1..54473b7003 100644 --- a/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp @@ -6,7 +6,7 @@ * This operation is not intended for stand-alone use and thus not registered * in the Botan algorithm registry. * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_signature_operation.h b/src/lib/pubkey/xmss/xmss_wots_signature_operation.h index ddf05ae891..6cfe4521bc 100644 --- a/src/lib/pubkey/xmss/xmss_wots_signature_operation.h +++ b/src/lib/pubkey/xmss/xmss_wots_signature_operation.h @@ -1,6 +1,6 @@ /** * XMSS WOTS Signature Operation - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp index 83ef737acd..480fbdff75 100644 --- a/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp @@ -6,7 +6,7 @@ * This operation is not intended for stand-alone use and thus not registered * in the Botan algorithm registry. * - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/pubkey/xmss/xmss_wots_verification_operation.h b/src/lib/pubkey/xmss/xmss_wots_verification_operation.h index 5ecc2fc8b1..3dce165b01 100644 --- a/src/lib/pubkey/xmss/xmss_wots_verification_operation.h +++ b/src/lib/pubkey/xmss/xmss_wots_verification_operation.h @@ -1,6 +1,6 @@ /** * XMSS_WOTS_Verification_Operation.h - * (C) 2016 Matthias Gierlings + * (C) 2016,2017 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) **/ diff --git a/src/lib/utils/types.h b/src/lib/utils/types.h index f3164e05ab..953471fb64 100644 --- a/src/lib/utils/types.h +++ b/src/lib/utils/types.h @@ -59,7 +59,7 @@ namespace Botan { * @ref sm2_enc.h "SM2" *
Public Key Signature Schemes
* @ref dsa.h "DSA", @ref ecdsa.h "ECDSA", @ref ecgdsa.h "ECGDSA", @ref eckcdsa.h "ECKCDSA", -* @ref gost_3410.h "GOST 34.10-2001", @ref sm2.h "SM2" +* @ref gost_3410.h "GOST 34.10-2001", @ref sm2.h "SM2", @ref xmss.h "XMSS" *
Key Agreement
* @ref dh.h "DH", @ref ecdh.h "ECDH" *
Compression
From f3f67a69a0d22b68b5d23991cb20981a4910b1fa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 22 Nov 2017 06:45:03 -0500 Subject: [PATCH 0215/1008] Update Sonarcloud badge URLs [ci skip] --- readme.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/readme.rst b/readme.rst index d09f7689d7..4e389505e4 100644 --- a/readme.rst +++ b/readme.rst @@ -70,9 +70,9 @@ external build systems, see the manual for details. :target: https://scan.coverity.com/projects/624 :alt: Coverity results -.. image:: https://sonarqube.com/api/badges/gate?key=botan - :target: https://sonarqube.com/dashboard/index/botan - :alt: Sonarqube analysis +.. image:: https://sonarcloud.io/api/badges/gate?key=botan + :target: https://sonarcloud.io/dashboard/index/botan + :alt: Sonarcloud analysis .. image:: https://bestpractices.coreinfrastructure.org/projects/531/badge :target: https://bestpractices.coreinfrastructure.org/projects/531 From 0e28426ca870e1e560b0f89baad92071f6813c4e Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Tue, 21 Nov 2017 19:34:41 +0100 Subject: [PATCH 0216/1008] Adds runtime benchmark to guess phys. core count. Adds a small runtime benchmark to prevent performance degradation by overprovisioning SMT CPUs with too many threads. This is a temporary workaround until a hardware and OS independent detection of the physical core count through Botan::CPUID is in place. --- src/lib/pubkey/xmss/xmss_privatekey.cpp | 6 +- src/lib/pubkey/xmss/xmss_tools.cpp | 79 +++++++++++++++++++++++++ src/lib/pubkey/xmss/xmss_tools.h | 40 +++++++++++++ 3 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 src/lib/pubkey/xmss/xmss_tools.cpp diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp index 9ac89a5710..8cfab7f752 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp @@ -100,7 +100,7 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, { target_node_height, static_cast( - std::ceil(std::log2(std::thread::hardware_concurrency()))) + std::ceil(std::log2(XMSS_Tools::max_threads()))) }); // skip parallelization overhead for leaf nodes. @@ -171,7 +171,7 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, node_addresses[i].set_tree_index( (node_addresses[2 * i + 1].get_tree_index() - 1) >> 1); using rnd_tree_hash_fn_t = - void (XMSS_Common_Ops::*)(secure_vector&, + void (XMSS_PrivateKey::*)(secure_vector&, const secure_vector&, const secure_vector&, XMSS_Address& adrs, @@ -181,7 +181,7 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, threads.emplace_back( std::thread( static_cast( - &XMSS_Common_Ops::randomize_tree_hash), + &XMSS_PrivateKey::randomize_tree_hash), this, std::ref(nodes[i]), std::ref(ro_nodes[2 * i]), diff --git a/src/lib/pubkey/xmss/xmss_tools.cpp b/src/lib/pubkey/xmss/xmss_tools.cpp new file mode 100644 index 0000000000..24553b1445 --- /dev/null +++ b/src/lib/pubkey/xmss/xmss_tools.cpp @@ -0,0 +1,79 @@ +/* + * XMSS Tools + * (C) 2017 Matthias Gierlings + * + * Botan is released under the Simplified BSD License (see license.txt) + **/ + +#include + +namespace Botan { + +#if defined(BOTAN_TARGET_OS_HAS_THREADS) + +size_t XMSS_Tools::max_threads() + { + static const size_t threads { bench_threads() }; + return threads; + } + +size_t XMSS_Tools::bench_threads() + { + if(std::thread::hardware_concurrency() <= 1) + { + return 1; + } + const size_t BENCH_ITERATIONS = 1000; + std::vector threads; + threads.reserve(std::thread::hardware_concurrency()); + std::vector durations; + + std::vector concurrency { std::thread::hardware_concurrency(), + std::thread::hardware_concurrency() / 2 }; + + for(const auto& cc : concurrency) + { + AutoSeeded_RNG rng; + std::vector hash(std::thread::hardware_concurrency(), + XMSS_Hash("SHA-256")); + std::vector> data( + std::thread::hardware_concurrency(), + rng.random_vec(hash[0].output_length())); + auto start = std::chrono::high_resolution_clock::now(); + for(size_t i = 0; i < cc; ++i) + { + threads.emplace_back( + std::thread([&i, &cc, &hs = hash[i], &d = data[i]]() + { + for(size_t n = 0; + n < BENCH_ITERATIONS * (std::thread::hardware_concurrency() / + cc); + n++) + { + hs.h(d, d, d); + } + } + )); + } + durations.emplace_back(std::chrono::duration_cast(std::chrono::high_resolution_clock::now() - start)); + for(auto& t : threads) + { + t.join(); + } + threads.clear(); + } + + if(durations[0].count() < durations[1].count()) + { + return concurrency[0]; + } + else + { + return concurrency[1]; + } + } + +#endif + +} + diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index bbd31fd9f2..6e45e882d0 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -12,6 +12,12 @@ #include #include #include +#if defined(BOTAN_TARGET_OS_HAS_THREADS) + #include + #include + #include + #include +#endif namespace Botan { @@ -53,8 +59,42 @@ class XMSS_Tools final void>::type> static void concat(secure_vector& target, const T& src, size_t len); + /** + * @deprecated Determines the maximum number of threads to be used + * efficiently, based on runtime timining measurements. Ideally the + * result will correspond to the physical number of cores. On systems + * supporting simultaneous multi threading (SMT) + * std::thread::hardware_concurrency() usually reports a supported + * number of threads which is bigger (typically by a factor of 2) than + * the number of physical cores available. Using more threads than + * physically available cores for computationally intesive tasks + * resulted in slowdowns compared to using a number of threads equal to + * the number of physical cores on test systems. This function is a + * temporary workaround to prevent performance degradation due to + * overstressing the CPU with too many threads. + * + * @return Presumed number of physical cores based on timing measurements. + **/ + static size_t max_threads(); // TODO: Remove max_threads() and use + // Botan::CPUID once proper plattform + // independent detection of physical cores is + // available. + private: XMSS_Tools(); + /** + * @deprecated Measures the time t1 it takes to calculate hashes using + * std::thread::hardware_concurrency() many threads and the time t2 + * calculating the same number of hashes using + * std::thread::hardware_concurrency() / 2 threads. + * + * @return std::thread::hardware_concurrency() if t1 < t2 + * std::thread::hardware_concurrency() / 2 otherwise. + **/ + static size_t bench_threads(); // TODO: Remove bench_threads() and use + // Botan::CPUID once proper plattform + // independent detection of physical cores + // is //available. }; template From f504a76e3409e16da9701adaa4a297724ae0e4b1 Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Thu, 23 Nov 2017 00:21:32 +0100 Subject: [PATCH 0217/1008] Fixes lambda capture error in MSVC MSVC seems to not allow defining aliases inside lambda capture expressions. Defining the aliases beforehand, outside the lambda fixes the issue. --- src/lib/pubkey/xmss/xmss_tools.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/xmss/xmss_tools.cpp b/src/lib/pubkey/xmss/xmss_tools.cpp index 24553b1445..7a34dc0a9d 100644 --- a/src/lib/pubkey/xmss/xmss_tools.cpp +++ b/src/lib/pubkey/xmss/xmss_tools.cpp @@ -42,8 +42,10 @@ size_t XMSS_Tools::bench_threads() auto start = std::chrono::high_resolution_clock::now(); for(size_t i = 0; i < cc; ++i) { + auto& hs = hash[i]; + auto& d = data[i]; threads.emplace_back( - std::thread([&i, &cc, &hs = hash[i], &d = data[i]]() + std::thread([&BENCH_ITERATIONS, &i, &cc, &hs, &d]() { for(size_t n = 0; n < BENCH_ITERATIONS * (std::thread::hardware_concurrency() / From d36213c9af8aa575a1a805a105e7bb3ddb647689 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 24 Nov 2017 12:04:40 -0500 Subject: [PATCH 0218/1008] Update support EOL dates Extend lifetime of 1.10 through end of 2018; some of the slower distros are still shipping only 1.10 so we need to give some additional support coverage. Also add one year to expected 2.x lifetime, and add expected dates wrt botan-3. --- doc/manual/support.rst | 22 ++++++++++++++-------- readme.rst | 9 ++++----- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/doc/manual/support.rst b/doc/manual/support.rst index 15a2b153fd..8813e03594 100644 --- a/doc/manual/support.rst +++ b/doc/manual/support.rst @@ -1,15 +1,21 @@ Support Information ------------------------- -Following table provides the support status for Botan branches. All older -branches, including 1.8.x and 1.11.x, are no longer supported in any way. +Following table provides the support status for Botan branches. Any branch not +listed here (including 1.11) is no longer supported. Dates in the future are +approximate. -============== ============== ============== -Branch First Release End of Life -============== ============== ============== -1.10 2011-06-20 2017-12-31 -2 2017-01-06 2020-12-31 -============== ============== ============== +============== ============== ========================== ============ +Branch First Release End of Active Development End of Life +============== ============== ========================== ============ +1.8 2008-12-08 2010-08-31 2016-02-13 +1.10 2011-06-20 2012-07-10 2018-12-31 +2 2017-01-06 2019-01-01 2021-12-31 +3 (planned) 2019-04-01 2022-01-01 2023-12-31 +============== ============== ========================== ============ + +"Active development" refers to adding new features and optimizations. At the +conclusion of the active development phase, only bugfixes are applied. Getting Support ------------------ diff --git a/readme.rst b/readme.rst index 4e389505e4..7d2d42231f 100644 --- a/readme.rst +++ b/readme.rst @@ -106,13 +106,12 @@ The latest 2.x release is `(sig) `_ released on 2017-10-02 -Old Stable Release +Old Release ---------------------------------------- -The 1.10 branch is the last version of the library written in C++98 and is still -the most commonly packaged version. It is no longer supported except for -critical security updates (with all support ending on 2018-1-1), and the -developers do not recommend its use anymore. +The 1.10 branch is the last version of the library written in C++98. It is no +longer supported except for critical security updates (with all support ending +in 2018), and the developers do not recommend its use anymore. The latest 1.10 release is `1.10.17 `_ From e39593993e28019edc09724705adc04ecd9671cb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 24 Nov 2017 16:58:41 -0500 Subject: [PATCH 0219/1008] Add Pipe::append_filter Similar to append but it only allows modfication before start_msg. See GH #1306 --- src/lib/filters/pipe.cpp | 24 ++++++++++++------------ src/lib/filters/pipe.h | 12 +++++++++++- src/tests/test_filters.cpp | 13 +++++++++++++ 3 files changed, 36 insertions(+), 13 deletions(-) diff --git a/src/lib/filters/pipe.cpp b/src/lib/filters/pipe.cpp index ff3cb599b9..ed6abbad84 100644 --- a/src/lib/filters/pipe.cpp +++ b/src/lib/filters/pipe.cpp @@ -40,7 +40,10 @@ Pipe::Pipe(Filter* f1, Filter* f2, Filter* f3, Filter* f4) : */ Pipe::Pipe(std::initializer_list args) { - init(); + m_outputs.reset(new Output_Buffers); + m_pipe = nullptr; + m_default_read = 0; + m_inside_msg = false; for(auto i = args.begin(); i != args.end(); ++i) do_append(*i); @@ -54,17 +57,6 @@ Pipe::~Pipe() destruct(m_pipe); } -/* -* Initialize the Pipe -*/ -void Pipe::init() - { - m_outputs.reset(new Output_Buffers); - m_pipe = nullptr; - m_default_read = 0; - m_inside_msg = false; - } - /* * Reset the Pipe */ @@ -214,6 +206,14 @@ void Pipe::append(Filter* filter) do_append(filter); } +void Pipe::append_filter(Filter* filter) + { + if(m_outputs->message_count() != 0) + throw Invalid_State("Cannot call Pipe::append_filter after start_msg"); + + do_append(filter); + } + /* * Append a Filter to the Pipe */ diff --git a/src/lib/filters/pipe.h b/src/lib/filters/pipe.h index cd446bd7e5..9ba299024d 100644 --- a/src/lib/filters/pipe.h +++ b/src/lib/filters/pipe.h @@ -294,6 +294,17 @@ class BOTAN_PUBLIC_API(2,0) Pipe final : public DataSource BOTAN_DEPRECATED("Runtime modification of Pipe deprecated") void reset(); + /** + * Append a new filter onto the filter sequence. This may only be + * called immediately after initial construction, before _any_ + * calls to start_msg have been made. + * + * This function (unlike append) is not deprecated, as it allows + * only modification of the pipe at initialization (before use) + * rather than after messages have been processed. + */ + void append_filter(Filter* filt); + /** * Construct a Pipe of up to four filters. The filters are set up * in the same order as the arguments. @@ -312,7 +323,6 @@ class BOTAN_PUBLIC_API(2,0) Pipe final : public DataSource ~Pipe(); private: - void init(); void destruct(Filter*); void do_append(Filter* filt); void find_endpoints(Filter*); diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index 26d13e0bc2..b8a4ee9f01 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -198,6 +198,7 @@ class Filter_Tests final : public Test Botan::Pipe pipe; + pipe.append_filter(nullptr); // ignored pipe.append(nullptr); // ignored pipe.prepend(nullptr); // ignored pipe.pop(); // empty pipe, so ignored @@ -213,11 +214,19 @@ class Filter_Tests final : public Test "Invalid argument Pipe::prepend: SecureQueue cannot be used", [&]() { pipe.prepend(queue_filter.get()); }); + pipe.append_filter(new Botan::BitBucket); // succeeds + pipe.pop(); + pipe.start_msg(); std::unique_ptr filter(new Botan::BitBucket); // now inside a message, cannot modify pipe structure + + result.test_throws("pipe error", + "Cannot call Pipe::append_filter after start_msg", + [&]() { pipe.append_filter(filter.get()); }); + result.test_throws("pipe error", "Cannot append to a Pipe while it is processing", [&]() { pipe.append(filter.get()); }); @@ -232,6 +241,10 @@ class Filter_Tests final : public Test pipe.end_msg(); + result.test_throws("pipe error", + "Cannot call Pipe::append_filter after start_msg", + [&]() { pipe.append_filter(filter.get()); }); + result.test_throws("pipe error", "Invalid argument Pipe::read: Invalid message number 100", [&]() { uint8_t b; size_t got = pipe.read(&b, 1, 100); BOTAN_UNUSED(got); }); From c23eb5eb3463459654e0f6601a3b2304eb2076ee Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 24 Nov 2017 22:10:47 -0500 Subject: [PATCH 0220/1008] Update news Mention #1307 and reformat. --- news.rst | 78 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 38 deletions(-) diff --git a/news.rst b/news.rst index ac6fe0fe2e..d8ba8fe207 100644 --- a/news.rst +++ b/news.rst @@ -4,26 +4,25 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Support for negotiating the DH group as specified in RFC 7919 is now - available in TLS (GH #1263) +* Support for negotiating the DH group as specified in RFC 7919 is now available + in TLS (GH #1263) -* Support for ARIA-GCM ciphersuites are now available in TLS. They - are disabled by default. (GH #1284) +* Support for ARIA-GCM ciphersuites are now available in TLS. They are disabled + by default. (GH #1284) * Add support for verifying X.509 objects (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270) -* Add support for AES key wrapping with padding, as specified in RFC 5649 - and NIST SP 800-38F (GH #1301) +* Add support for AES key wrapping with padding, as specified in RFC 5649 and + NIST SP 800-38F (GH #1301) -* Optimize GCM mode on systems both with and without carryless - multiply support. This includes a new base case implementation - (still constant time), a new SSSE3 implementation for systems with - SSSE3 but not clmul, and better algorithms for systems with clmul - and pmull. (GH #1253 #1263) +* Optimize GCM mode on systems both with and without carryless multiply + support. This includes a new base case implementation (still constant time), a + new SSSE3 implementation for systems with SSSE3 but not clmul, and better + algorithms for systems with clmul and pmull. (GH #1253 #1263) -* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, - Blowfish, Twofish, CAST-128, and CRC24 (GH #1281) +* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, Blowfish, + Twofish, CAST-128, and CRC24 (GH #1281) * Salsa20 now supports the seek operation. @@ -47,31 +46,30 @@ Version 2.4.0, Not Yet Released character. In addition, UCS-4 strings are now supported. (GH #1113 #1250 #1287 #1289) -* In BER decoder, avoid unbounded stack recursion when parsing nested - indefinite length values. Now at most 16 nested indefinite length - values are accepted, anything deeper resulting in a decoding error. - (GH #1304 OSS-Fuzz 4353). +* In BER decoder, avoid unbounded stack recursion when parsing nested indefinite + length values. Now at most 16 nested indefinite length values are accepted, + anything deeper resulting in a decoding error. (GH #1304 OSS-Fuzz 4353). * A new ASN.1 printer API allows generating a string representation of arbitrary BER data. This is used in the ``asn1print`` command line utility and may be useful in other applications, for instance for debugging. -* New functions for bit rotations that distinguish rotating by a - compile-time constant vs a runtime variable rotation. This allows - better optimizations in both cases. Notably performance of CAST-128 - and CAST-256 are substantially improved. (GH #1247) +* New functions for bit rotations that distinguish rotating by a compile-time + constant vs a runtime variable rotation. This allows better optimizations in + both cases. Notably performance of CAST-128 and CAST-256 are substantially + improved. (GH #1247) -* TLS CBC ciphersuites now are implemented using the standard CBC - code, instead of reimplementing CBC inside the TLS stack. This - allows for parallel decryption of TLS CBC ciphertexts, and improves - performance especially when using AES hardware support. (GH #1269) +* TLS CBC ciphersuites now are implemented using the standard CBC code, instead + of reimplementing CBC inside the TLS stack. This allows for parallel + decryption of TLS CBC ciphertexts, and improves performance especially when + using AES hardware support. (GH #1269) -* Fix a bug in the amalgamation generation which could cause build - failures on some systems including macOS. (GH #1264 #1265) +* Fix a bug in the amalgamation generation which could cause build failures on + some systems including macOS. (GH #1264 #1265) * A particular code sequence in TLS handshake would always (with an ECC - ciphersuite) result in an exception being thrown and then caught. - This has changed so no exception is thrown. (GH #1275) + ciphersuite) result in an exception being thrown and then caught. This has + changed so no exception is thrown. (GH #1275) * The code for byteswapping has been improved for ARMv7 and for Windows x86-64 systems using MSVC. (GH #1274) @@ -90,21 +88,25 @@ Version 2.4.0, Not Yet Released * The overhead of making a call through the FFI layer has been reduced. -* The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. - They have been changed to use the correct encoding, and a test added - to ensure such errors do not recur. +* The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. They have + been changed to use the correct encoding, and a test added to ensure such + errors do not recur. -* Counter mode allows setting a configurable width of the counter. - Previously it was allowed for a counter of even 8 bits wide, which - would mean the keystream would repeat after just 256 blocks. Now it - requires the width be at least 32 bits. The only way this feature - could be used was by manually constructing a ``CTR_BE`` object and - setting the second parameter to something in the range of 1 to 3. +* Counter mode allows setting a configurable width of the counter. Previously it + was allowed for a counter of even 8 bits wide, which would mean the keystream + would repeat after just 256 blocks. Now it requires the width be at least 32 + bits. The only way this feature could be used was by manually constructing a + ``CTR_BE`` object and setting the second parameter to something in the range + of 1 to 3. * A new mechanism for formatting ASN.1 data is included in ``asn1_print.h``. This is the same functionality used by the command line ``asn1print`` util, now cleaned up and moved to the library. +* Add ``Pipe::append_filter``. This is like the existing (deprecated) + ``Pipe::append``, the difference being that ``append_filter`` only + allows modification before the first call to ``start_msg``. (GH #1306 #1307) + * The size of ASN1_Tag is increased to 32 bits. This avoids a problem with UbSan (GH #751) From 3f8c4add59f4db347f8594a49c846c85ce1e296d Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Sat, 25 Nov 2017 17:18:21 +0100 Subject: [PATCH 0221/1008] Add test case for bzip2 compression filter. --- src/tests/test_filters.cpp | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index b8a4ee9f01..84e74e12d1 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -57,6 +57,7 @@ class Filter_Tests final : public Test results.push_back(test_pipe_cbc()); results.push_back(test_pipe_cfb()); results.push_back(test_pipe_compress()); + results.push_back(test_pipe_compress_bzip2()); results.push_back(test_pipe_codec()); results.push_back(test_fork()); results.push_back(test_chain()); @@ -495,6 +496,41 @@ class Filter_Tests final : public Test return result; } + Test::Result test_pipe_compress_bzip2() + { + Test::Result result("Pipe"); + +#if defined(BOTAN_HAS_BZIP2) + + std::unique_ptr comp_f(new Botan::Compression_Filter("bzip2", 9)); + + result.test_eq("Compressor filter name", comp_f->name(), "Bzip2_Compression"); + Botan::Pipe pipe(comp_f.release()); + + const std::string input_str = "foo\n"; + + pipe.start_msg(); + pipe.write(input_str); + pipe.end_msg(); + + auto compr = pipe.read_all(0); + // Can't do equality check on compression because output may differ + result.test_lt("Compressed is shorter", compr.size(), input_str.size()); + + std::unique_ptr decomp_f(new Botan::Decompression_Filter("bzip2")); + result.test_eq("Decompressor name", decomp_f->name(), "Bzip2_Decompression"); + pipe.append(decomp_f.release()); + pipe.pop(); // remove compressor + + pipe.process_msg(compr); + + std::string decomp = pipe.read_all_as_string(1); + result.test_eq("Decompressed ok", decomp, input_str); +#endif + + return result; + } + Test::Result test_pipe_codec() { Test::Result result("Pipe"); From 121f8bee6c2c6891bfb855d39aad66703e0ae35e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 25 Nov 2017 12:50:17 -0500 Subject: [PATCH 0222/1008] Fix bzip2 compression issue. When finishing, bzip2 returns BZ_STREAM_END when it has produced all output. If we end up calling the compression routine again (even with avail_in == 0), bzip2 returns an error. --- src/lib/compression/compress_utils.cpp | 10 ++++- src/tests/test_compression.cpp | 55 +++++++++++++++++--------- src/tests/test_filters.cpp | 7 ++-- 3 files changed, 48 insertions(+), 24 deletions(-) diff --git a/src/lib/compression/compress_utils.cpp b/src/lib/compression/compress_utils.cpp index f4b41fd5bd..6bdf3d0fd3 100644 --- a/src/lib/compression/compress_utils.cpp +++ b/src/lib/compression/compress_utils.cpp @@ -84,9 +84,15 @@ void Stream_Compression::process(secure_vector& buf, size_t offset, uin while(true) { - m_stream->run(flags); + const bool stream_end = m_stream->run(flags); - if(m_stream->avail_out() == 0) + if(stream_end) + { + BOTAN_ASSERT(m_stream->avail_in() == 0, "After stream is done, no input remains to be processed"); + m_buffer.resize(m_buffer.size() - m_stream->avail_out()); + break; + } + else if(m_stream->avail_out() == 0) { const size_t added = 8 + m_buffer.size(); m_buffer.resize(m_buffer.size() + added); diff --git a/src/tests/test_compression.cpp b/src/tests/test_compression.cpp index 04eb26200e..c85dd5a5d4 100644 --- a/src/tests/test_compression.cpp +++ b/src/tests/test_compression.cpp @@ -80,6 +80,7 @@ class Compression_Tests final : public Test const Botan::secure_vector empty; const Botan::secure_vector all_zeros(text_len, 0); const Botan::secure_vector random_binary = Test::rng().random_vec(text_len); + const Botan::secure_vector short_text = { 'f', 'o', 'o', '\n' }; const uint8_t* textb = reinterpret_cast(text_str); const Botan::secure_vector text(textb, textb + text_len); @@ -92,6 +93,8 @@ class Compression_Tests final : public Test const size_t c9_r = run_compression(result, 9, *c, *d, random_binary); const size_t c1_t = run_compression(result, 1, *c, *d, text); const size_t c9_t = run_compression(result, 9, *c, *d, text); + const size_t c1_s = run_compression(result, 1, *c, *d, short_text); + const size_t c9_s = run_compression(result, 9, *c, *d, short_text); result.test_gte("Empty input L1 compresses to non-empty output", c1_e, 1); result.test_gte("Empty input L9 compresses to non-empty output", c9_e, 1); @@ -100,6 +103,7 @@ class Compression_Tests final : public Test result.test_gte("Level 9 compresses zeros at least as well as level 1", c1_z, c9_z); result.test_gte("Level 9 compresses random at least as well as level 1", c1_r, c9_r); result.test_gte("Level 9 compresses text at least as well as level 1", c1_t, c9_t); + result.test_gte("Level 9 compresses short text at least as well as level 1", c1_s, c9_s); result.test_lt("Zeros compresses much better than text", c1_z / 8, c1_t); result.test_lt("Text compresses much better than random", c1_t / 2, c1_r); @@ -124,31 +128,46 @@ class Compression_Tests final : public Test Botan::Decompression_Algorithm& d, const Botan::secure_vector& msg) { - Botan::secure_vector compressed = msg; - Botan::secure_vector flush_bits; - Botan::secure_vector final_bits; + Botan::secure_vector compressed(2*msg.size()); - c.start(level); - c.update(compressed); - c.update(flush_bits, 0, true); - c.finish(final_bits); + for(bool with_flush : { true, false }) + { + try + { + compressed = msg; - compressed += flush_bits; - compressed += final_bits; + c.start(level); + c.update(compressed, 0, false); + + if(with_flush) + { + Botan::secure_vector flush_bits; + c.update(flush_bits, 0, true); + compressed += flush_bits; + } - const size_t c_size = compressed.size(); + Botan::secure_vector final_bits; + c.finish(final_bits); + compressed += final_bits; - Botan::secure_vector decompressed = compressed; - d.start(); - d.update(decompressed); + Botan::secure_vector decompressed = compressed; + d.start(); + d.update(decompressed); - Botan::secure_vector final_outputs; - d.finish(final_outputs); + Botan::secure_vector final_outputs; + d.finish(final_outputs); - decompressed += final_outputs; + decompressed += final_outputs; + + result.test_eq("compression round tripped", msg, decompressed); + } + catch(Botan::Exception& e) + { + result.test_failure(e.what()); + } + } - result.test_eq("compression round tripped", msg, decompressed); - return c_size; + return compressed.size(); } }; diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index 84e74e12d1..8133e4bc9b 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -463,7 +463,7 @@ class Filter_Tests final : public Test Test::Result test_pipe_compress() { - Test::Result result("Pipe"); + Test::Result result("Pipe compress zlib"); #if defined(BOTAN_HAS_ZLIB) @@ -498,7 +498,7 @@ class Filter_Tests final : public Test Test::Result test_pipe_compress_bzip2() { - Test::Result result("Pipe"); + Test::Result result("Pipe compress bzip2"); #if defined(BOTAN_HAS_BZIP2) @@ -514,8 +514,7 @@ class Filter_Tests final : public Test pipe.end_msg(); auto compr = pipe.read_all(0); - // Can't do equality check on compression because output may differ - result.test_lt("Compressed is shorter", compr.size(), input_str.size()); + // Here the output is actually longer than the input as input is so short std::unique_ptr decomp_f(new Botan::Decompression_Filter("bzip2")); result.test_eq("Decompressor name", decomp_f->name(), "Bzip2_Decompression"); From fa5254e8982644b6b69d617b5fa2755a236cf028 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 25 Nov 2017 13:31:38 -0500 Subject: [PATCH 0223/1008] Update news --- news.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/news.rst b/news.rst index d8ba8fe207..4cfbf2e1ee 100644 --- a/news.rst +++ b/news.rst @@ -110,6 +110,10 @@ Version 2.4.0, Not Yet Released * The size of ASN1_Tag is increased to 32 bits. This avoids a problem with UbSan (GH #751) +* Fix a bug affecting bzip2 compression. In certain circumstances, compression + would fail with ``BZ_SEQUENCE_ERROR`` due to calling bzlib in an way it does + not support. (GH #1308 #1309) + * In 2.3.0, final annotations were added to many classes including the TLS policies (like ``Strict_Policy`` and ``BSI_TR_02102_2``). However it is reasonable and useful for an application to derive from one of these policies, so From 34aa73d0f9c3bf817a0a46889206003f0becd3f1 Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Sat, 25 Nov 2017 20:22:57 +0100 Subject: [PATCH 0224/1008] Add create and create_or_throw factories for Compression_Algorithm and Decompression_Algorithm. --- src/lib/compression/compression.cpp | 39 +++++++++++++++++++ src/lib/compression/compression.h | 32 ++++++++++++++++ src/tests/test_compression.cpp | 58 +++++++++++++++++++++++++++++ 3 files changed, 129 insertions(+) diff --git a/src/lib/compression/compression.cpp b/src/lib/compression/compression.cpp index ded6b3b089..361bf7dd3c 100644 --- a/src/lib/compression/compression.cpp +++ b/src/lib/compression/compression.cpp @@ -7,6 +7,7 @@ #include #include +#include #include #if defined(BOTAN_HAS_ZLIB) @@ -48,6 +49,25 @@ Compression_Algorithm* make_compressor(const std::string& name) return nullptr; } +//static +std::unique_ptr +Compression_Algorithm::create(const std::string& algo) + { + std::unique_ptr compressor(make_compressor(algo)); + return compressor; + } + +//static +std::unique_ptr +Compression_Algorithm::create_or_throw(const std::string& algo) + { + if(auto compressor = Compression_Algorithm::create(algo)) + { + return compressor; + } + throw Lookup_Error("Compression", algo, ""); + } + Decompression_Algorithm* make_decompressor(const std::string& name) { #if defined(BOTAN_HAS_ZLIB) @@ -73,5 +93,24 @@ Decompression_Algorithm* make_decompressor(const std::string& name) return nullptr; } +//static +std::unique_ptr +Decompression_Algorithm::create(const std::string& algo) + { + std::unique_ptr decompressor(make_decompressor(algo)); + return decompressor; + } + +//static +std::unique_ptr +Decompression_Algorithm::create_or_throw(const std::string& algo) + { + if(auto decompressor = Decompression_Algorithm::create(algo)) + { + return decompressor; + } + throw Lookup_Error("Decompression", algo, ""); + } } + diff --git a/src/lib/compression/compression.h b/src/lib/compression/compression.h index 2ebde3f2f3..403b335e15 100644 --- a/src/lib/compression/compression.h +++ b/src/lib/compression/compression.h @@ -19,6 +19,22 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) Compression_Algorithm { public: + /** + * Create an instance based on a name, or return null if the + * algo/provider combination cannot be found. If provider is + * empty then best available is chosen. + */ + static std::unique_ptr + create(const std::string& algo_spec); + + /** + * Create an instance based on a name + * @param algo_spec algorithm name + * Throws Lookup_Error if not not found. + */ + static std::unique_ptr + create_or_throw(const std::string& algo_spec); + /** * Begin compressing. Most compression algorithms offer a tunable * time/compression tradeoff parameter generally represented by @@ -65,6 +81,22 @@ class BOTAN_PUBLIC_API(2,0) Compression_Algorithm class BOTAN_PUBLIC_API(2,0) Decompression_Algorithm { public: + /** + * Create an instance based on a name, or return null if the + * algo/provider combination cannot be found. If provider is + * empty then best available is chosen. + */ + static std::unique_ptr + create(const std::string& algo_spec); + + /** + * Create an instance based on a name + * @param algo_spec algorithm name + * Throws Lookup_Error if not not found. + */ + static std::unique_ptr + create_or_throw(const std::string& algo_spec); + /** * Begin decompressing. * Decompression does not support levels, as compression does. diff --git a/src/tests/test_compression.cpp b/src/tests/test_compression.cpp index 04eb26200e..d9045b23e5 100644 --- a/src/tests/test_compression.cpp +++ b/src/tests/test_compression.cpp @@ -154,6 +154,64 @@ class Compression_Tests final : public Test BOTAN_REGISTER_TEST("compression", Compression_Tests); +class CompressionCreate_Tests final : public Test + { + public: + std::vector run() override + { + std::vector results; + + for(std::string algo : { "zlib", "deflate", "gzip", "bz2", "lzma" }) + { + try + { + Test::Result result(algo + " create compression"); + + std::unique_ptr c1(Botan::Compression_Algorithm::create(algo)); + std::unique_ptr d1(Botan::Decompression_Algorithm::create(algo)); + + if(!c1 || !d1) + { + result.note_missing(algo); + continue; + } + result.test_ne("Not the same name after create", c1->name(), d1->name()); + + std::unique_ptr c2(Botan::Compression_Algorithm::create_or_throw(algo)); + std::unique_ptr d2(Botan::Decompression_Algorithm::create_or_throw(algo)); + + if(!c2 || !d2) + { + result.note_missing(algo); + continue; + } + result.test_ne("Not the same name after create_or_throw", c2->name(), d2->name()); + + results.push_back(result); + } + catch(std::exception& e) + { + results.push_back(Test::Result::Failure("testing " + algo, e.what())); + } + } + + { + Test::Result result("create invalid compression"); + result.test_throws("lookup error", + "Unavailable Compression bogocompress", + [&]() { Botan::Compression_Algorithm::create_or_throw("bogocompress"); }); + result.test_throws("lookup error", + "Unavailable Decompression bogocompress", + [&]() { Botan::Decompression_Algorithm::create_or_throw("bogocompress"); }); + results.push_back(result); + } + + return results; + } + }; + +BOTAN_REGISTER_TEST("create_compression", CompressionCreate_Tests); + } #endif From aeeeebbde6aa0108663b42a13087168eb555c1fc Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Sun, 26 Nov 2017 03:00:24 +0100 Subject: [PATCH 0225/1008] Fix documentation of compression/decompression update function. --- src/lib/compression/compression.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/compression/compression.h b/src/lib/compression/compression.h index 2ebde3f2f3..052eb1ef46 100644 --- a/src/lib/compression/compression.h +++ b/src/lib/compression/compression.h @@ -30,7 +30,7 @@ class BOTAN_PUBLIC_API(2,0) Compression_Algorithm virtual void start(size_t comp_level = 0) = 0; /** - * Process some data. Input must be in size update_granularity() uint8_t blocks. + * Process some data. * @param buf in/out parameter which will possibly be resized or swapped * @param offset an offset into blocks to begin processing * @param flush if true the compressor will be told to flush state @@ -72,7 +72,7 @@ class BOTAN_PUBLIC_API(2,0) Decompression_Algorithm virtual void start() = 0; /** - * Process some data. Input must be in size update_granularity() uint8_t blocks. + * Process some data. * @param buf in/out parameter which will possibly be resized or swapped * @param offset an offset into blocks to begin processing */ From c6411a8e484a5180a81cbc091498c0c395758cac Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Sun, 26 Nov 2017 03:04:55 +0100 Subject: [PATCH 0226/1008] Documentation fix in compression create/create_or_throw functions. --- src/lib/compression/compression.h | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/lib/compression/compression.h b/src/lib/compression/compression.h index 403b335e15..c207b8bdb4 100644 --- a/src/lib/compression/compression.h +++ b/src/lib/compression/compression.h @@ -21,8 +21,7 @@ class BOTAN_PUBLIC_API(2,0) Compression_Algorithm public: /** * Create an instance based on a name, or return null if the - * algo/provider combination cannot be found. If provider is - * empty then best available is chosen. + * algo combination cannot be found. */ static std::unique_ptr create(const std::string& algo_spec); @@ -30,7 +29,7 @@ class BOTAN_PUBLIC_API(2,0) Compression_Algorithm /** * Create an instance based on a name * @param algo_spec algorithm name - * Throws Lookup_Error if not not found. + * Throws Lookup_Error if not found. */ static std::unique_ptr create_or_throw(const std::string& algo_spec); @@ -83,8 +82,7 @@ class BOTAN_PUBLIC_API(2,0) Decompression_Algorithm public: /** * Create an instance based on a name, or return null if the - * algo/provider combination cannot be found. If provider is - * empty then best available is chosen. + * algo combination cannot be found. */ static std::unique_ptr create(const std::string& algo_spec); @@ -92,7 +90,7 @@ class BOTAN_PUBLIC_API(2,0) Decompression_Algorithm /** * Create an instance based on a name * @param algo_spec algorithm name - * Throws Lookup_Error if not not found. + * Throws Lookup_Error if not found. */ static std::unique_ptr create_or_throw(const std::string& algo_spec); From 21c314237c6869fd5f8c6ed18f3c5769e7338237 Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Sun, 26 Nov 2017 03:06:06 +0100 Subject: [PATCH 0227/1008] Minor documentation fix in HashFunction::create_or_throw. --- src/lib/hash/hash.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/hash/hash.h b/src/lib/hash/hash.h index 01e52e9b6e..8c6440e650 100644 --- a/src/lib/hash/hash.h +++ b/src/lib/hash/hash.h @@ -34,7 +34,7 @@ class BOTAN_PUBLIC_API(2,0) HashFunction : public Buffered_Computation * If provider is empty then best available is chosen. * @param algo_spec algorithm name * @param provider provider implementation to use - * Throws Lookup_Error if not not found. + * Throws Lookup_Error if not found. */ static std::unique_ptr create_or_throw(const std::string& algo_spec, From 9df1c8dab0c3b7218cbf40d743d73e9bd36c24cd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 19 Nov 2017 13:11:17 -0500 Subject: [PATCH 0228/1008] PSK Database --- doc/manual/cli.rst | 36 ++++- doc/manual/contents.rst | 1 + doc/manual/psk_db.rst | 108 +++++++++++++ src/cli/psk.cpp | 86 +++++++++++ src/lib/psk_db/info.txt | 10 ++ src/lib/psk_db/psk_db.cpp | 104 +++++++++++++ src/lib/psk_db/psk_db.h | 146 ++++++++++++++++++ src/lib/psk_db/psk_db_sql.cpp | 69 +++++++++ src/lib/psk_db/psk_db_sql.h | 34 ++++ src/lib/utils/database.h | 2 + src/lib/utils/sqlite3/sqlite3.cpp | 13 +- src/lib/utils/sqlite3/sqlite3.h | 1 + src/tests/test_psk_db.cpp | 248 ++++++++++++++++++++++++++++++ 13 files changed, 853 insertions(+), 5 deletions(-) create mode 100644 doc/manual/psk_db.rst create mode 100644 src/cli/psk.cpp create mode 100644 src/lib/psk_db/info.txt create mode 100644 src/lib/psk_db/psk_db.cpp create mode 100644 src/lib/psk_db/psk_db.h create mode 100644 src/lib/psk_db/psk_db_sql.cpp create mode 100644 src/lib/psk_db/psk_db_sql.h create mode 100644 src/tests/test_psk_db.cpp diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index 71e3b17c63..72e3d3b31b 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -14,15 +14,16 @@ The CLI offers access to the following functionalities: - TLS server/client - Primality testing, prime factorization and prime sampling +.. highlight:: sh + General Command Usage --------------------------------- -All commands follow the predefined syntax - -.. code-block:: sh +All commands follow the predefined syntax:: $ botan -and are listed whith their available arguments when botan is called with an invalid or without a command. +and are listed with their available arguments when ``botan`` is called +with an unknown command, or without any command, or with ``--help``. Hash ---------------- @@ -128,6 +129,33 @@ Number Theory ``gen_prime --count=1 bits`` Samples *count* primes with a length of *bits* bits. +PSK Database +-------------------- + +Only available if sqlite3 support was compiled in. + +``psk_set db db_key name psk`` + + Using the PSK database named db and encrypting under the (hex) key ``db_key``, + save the provided psk (also hex) under ``name``:: + + $ botan psk_set psk.db deadba55 bunny f00fee + +``psk_get db db_key name`` + + Get back a value saved with ``psk_set``:: + + $ botan psk_get psk.db deadba55 bunny + f00fee + +``psk_list db db_key`` + + List all values saved to the database under the given key:: + + $ botan psk_list psk.db deadba55 + bunny + + Miscellaneous Commands ------------------------------------- ``version --full`` diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index 0c9ac4b7f2..48e6edbfeb 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -27,6 +27,7 @@ Contents passhash cryptobox srp + psk_db fpe compression pkcs11 diff --git a/doc/manual/psk_db.rst b/doc/manual/psk_db.rst new file mode 100644 index 0000000000..2668c6badc --- /dev/null +++ b/doc/manual/psk_db.rst @@ -0,0 +1,108 @@ +PSK Database +====================== + +.. versionadded:: 2.4.0 + +Many applications need to store pre-shared keys (hereafter PSKs) for +authentication purposes. + +An abstract interface to PSK stores is provided in ``psk_db.h`` + +.. cpp:class:: PSK_Database + + .. cpp:function:: bool is_encrypted() const + + Returns true if (at least) the PSKs themselves are encrypted. Returns + false if PSKs are stored in plaintext. + + .. cpp:function:: std::set list_names() const + + Return the set of valid names stored in the database, ie values for which + ``get`` will return a value. + + .. cpp:function:: void set(const std::string& name, const uint8_t psk[], size_t psk_len) + + Save a PSK. If ``name`` already exists, the current value will be + overwritten. + + .. cpp:function:: secure_vector get(const std::string& name) const + + Return a value saved with ``set``. Throws an exception if ``name`` doesn't + exist. + + .. cpp:function:: void remove(const std::string& name) + + Remove ``name`` from the database. If ``name`` doesn't exist, ignores the request. + + .. cpp::function:: std::string get_str(const std::string& name) const + + Like ``get`` but casts the return value to a string. + + .. cpp:function:: void set_str(const std::string& name, const std::string& psk) + + Like ``set`` but accepts the psk as a string (eg for a password). + + .. cpp:function:: template void set_vec(const std::string& name, \ + const std::vector& psk) + + Like ``set`` but accepting a vector. + +The same header also provides a specific instantiation of ``PSK_Database`` which +encrypts both names and PSKs. It must be subclassed to provide the storage. + +.. cpp:class:: Encrypted_PSK_Database : public PSK_Database + + .. cpp:function:: Encrypted_PSK_Database(const secure_vector& master_key) + + Initializes or opens a PSK database. The master key is used the secure the + contents. It may be of any length. If encrypting PSKs under a passphrase, + use a suitable key derivation scheme (such as PBKDF2) to derive the secret + key. If the master key is lost, all PSKs stored are unrecoverable. + + Both names and values are encrypted using NIST key wrapping (see NIST + SP800-38F) with AES-256. First the master key is used with HMAC(SHA-256) + to derive two 256-bit keys, one for encrypting all names and the other to + key an instance of HMAC(SHA-256). Values are each encrypted under an + individual key created by hashing the encrypted name with HMAC. This + associates the encrypted key with the name, and prevents an attacker with + write access to the data store from taking an encrypted key associated + with one entity and copying it to another entity. + + Names and PSKs are both padded to the next multiple of 8 bytes, providing + some obfuscation of the length. + + One artifact of the names being encrypted is that is is possible to use + multiple different master keys with the same underlying storage. Each + master key will be responsible for a subset of the keys. An attacker who + knows one of the keys will be able to tell there are other values + encrypted under another key. + + .. cpp:function:: virtual void kv_set(const std::string& index, const std::string& value) = 0 + + Save an encrypted value. Both ``index`` and ``value`` will be non-empty + base64 encoded strings. + + .. cpp:function:: virtual std::string kv_get(const std::string& index) const = 0 + + Return a value saved with ``kv_set``, or return the empty string. + + .. cpp:function:: virtual void kv_del(const std::string& index) = 0 + + Remove a value saved with ``kv_set``. + + .. cpp:function:: virtual std::set kv_get_all() const = 0 + + Return all active names (ie values for which ``kv_get`` will return a + non-empty string). + +A subclass of ``Encrypted_PSK_Database`` which stores data in a SQL database +is also available. This class is declared in ``psk_db_sql.h``: + +.. cpp:class:: Encrypted_PSK_Database_SQL : public Encrypted_PSK_Database + + .. cpp:function:: Encrypted_PSK_Database_SQL(const secure_vector& master_key, \ + std::shared_ptr db, \ + const std::string& table_name) + + Creates or uses the named table in ``db``. The SQL schema of the table is + ``(psk_name TEXT PRIMARY KEY, psk_value TEXT)``. diff --git a/src/cli/psk.cpp b/src/cli/psk.cpp new file mode 100644 index 0000000000..d244acd8d3 --- /dev/null +++ b/src/cli/psk.cpp @@ -0,0 +1,86 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "cli.h" + +#if defined(BOTAN_HAS_PSK_DB) && defined(BOTAN_HAS_SQLITE3) + +#include +#include +#include + +namespace Botan_CLI { + +class PSK_Tool_Base : public Command + { + public: + PSK_Tool_Base(const std::string& spec) : Command(spec) {} + + void go() override + { + const std::string db_filename = get_arg("db"); + const Botan::secure_vector db_key = Botan::hex_decode_locked(get_arg("db_key")); + + std::shared_ptr db = std::make_shared(db_filename); + Botan::Encrypted_PSK_Database_SQL psk(db_key, db, "psk"); + + psk_operation(psk); + } + + private: + virtual void psk_operation(Botan::PSK_Database& db) = 0; + }; + +class PSK_Tool_Set final : public PSK_Tool_Base + { + public: + PSK_Tool_Set() : PSK_Tool_Base("psk_set db db_key name psk") {} + + private: + void psk_operation(Botan::PSK_Database& db) override + { + const std::string name = get_arg("name"); + Botan::secure_vector key = Botan::hex_decode_locked(get_arg("psk")); + db.set_vec(name, key); + } + }; + +class PSK_Tool_Get final : public PSK_Tool_Base + { + public: + PSK_Tool_Get() : PSK_Tool_Base("psk_get db db_key name") {} + + private: + void psk_operation(Botan::PSK_Database& db) override + { + const std::string name = get_arg("name"); + const Botan::secure_vector val = db.get(name); + output() << Botan::hex_encode(val) << "\n"; + } + }; + +class PSK_Tool_List final : public PSK_Tool_Base + { + public: + PSK_Tool_List() : PSK_Tool_Base("psk_list db db_key") {} + + private: + void psk_operation(Botan::PSK_Database& db) override + { + const std::set names = db.list_names(); + + for(std::string name : names) + output() << name << "\n"; + } + }; + +BOTAN_REGISTER_COMMAND("psk_set", PSK_Tool_Set); +BOTAN_REGISTER_COMMAND("psk_get", PSK_Tool_Get); +BOTAN_REGISTER_COMMAND("psk_list", PSK_Tool_List); + +} + +#endif diff --git a/src/lib/psk_db/info.txt b/src/lib/psk_db/info.txt new file mode 100644 index 0000000000..814a304715 --- /dev/null +++ b/src/lib/psk_db/info.txt @@ -0,0 +1,10 @@ + +PSK_DB -> 20171119 + + + +aes +hmac +sha2_32 +nist_keywrap + diff --git a/src/lib/psk_db/psk_db.cpp b/src/lib/psk_db/psk_db.cpp new file mode 100644 index 0000000000..af59d2954a --- /dev/null +++ b/src/lib/psk_db/psk_db.cpp @@ -0,0 +1,104 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include +#include + +namespace Botan { + +Encrypted_PSK_Database::Encrypted_PSK_Database(const secure_vector& master_key) + { + m_cipher = BlockCipher::create_or_throw("AES-256"); + m_hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); + m_hmac->set_key(master_key); + + m_cipher->set_key(m_hmac->process("wrap")); + m_hmac->set_key(m_hmac->process("hmac")); + } + +Encrypted_PSK_Database::~Encrypted_PSK_Database() + { + // for ~unique_ptr + } + +std::set Encrypted_PSK_Database::list_names() const + { + const std::set encrypted_names = kv_get_all(); + + std::set names; + + for(std::string enc_name : encrypted_names) + { + try + { + const secure_vector raw_name = base64_decode(enc_name); + const secure_vector name_bits = + nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher); + + std::string pt_name(cast_uint8_ptr_to_char(name_bits.data()), name_bits.size()); + names.insert(pt_name); + } + catch(Integrity_Failure&) + { + } + } + + return names; + } + +void Encrypted_PSK_Database::remove(const std::string& name) + { + const std::vector wrapped_name = + nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), + name.size(), + *m_cipher); + + this->kv_del(base64_encode(wrapped_name)); + } + +secure_vector Encrypted_PSK_Database::get(const std::string& name) const + { + const std::vector wrapped_name = + nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), + name.size(), + *m_cipher); + + const std::string val_base64 = kv_get(base64_encode(wrapped_name)); + + if(val_base64.empty()) + throw Invalid_Argument("Named PSK not located"); + + const secure_vector val = base64_decode(val_base64); + + std::unique_ptr wrap_cipher(m_cipher->clone()); + wrap_cipher->set_key(m_hmac->process(wrapped_name)); + + return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher); + } + +void Encrypted_PSK_Database::set(const std::string& name, const uint8_t val[], size_t len) + { + /* + * Both as a basic precaution wrt key seperation, and specifically to prevent + * cut-and-paste attacks against the database, each PSK is encrypted with a + * distinct key which is derived by hashing the wrapped key name with HMAC. + */ + const std::vector wrapped_name = + nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), + name.size(), + *m_cipher); + + std::unique_ptr wrap_cipher(m_cipher->clone()); + wrap_cipher->set_key(m_hmac->process(wrapped_name)); + const std::vector wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher); + + this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key)); + } + +} diff --git a/src/lib/psk_db/psk_db.h b/src/lib/psk_db/psk_db.h new file mode 100644 index 0000000000..fb20e94379 --- /dev/null +++ b/src/lib/psk_db/psk_db.h @@ -0,0 +1,146 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PSK_DB_H_ +#define BOTAN_PSK_DB_H_ + +#include +#include +#include +#include + +namespace Botan { + +class BlockCipher; +class MessageAuthenticationCode; + +/** +* This is an interface to a generic PSK (pre-shared key) database. +* It might be implemented as a plaintext storage or via some mechanism +* that encrypts the keys and/or values. +*/ +class BOTAN_PUBLIC_API(2,4) PSK_Database + { + public: + /** + * Return the set of names for which get() will return a value. + */ + virtual std::set list_names() const = 0; + + /** + * Return the value associated with the specified @param name, or otherwise + * throw an exception. + */ + virtual secure_vector get(const std::string& name) const = 0; + + /** + * Set a value that can later be accessed with get(). + * If name already exists in the database, the old value will be overwritten. + */ + virtual void set(const std::string& name, const uint8_t psk[], size_t psk_len) = 0; + + /** + * Remove a PSK from the database + */ + virtual void remove(const std::string& name) = 0; + + /** + * Returns if the values in the PSK database are encrypted. If + * false, saved values are being stored in plaintext. + */ + virtual bool is_encrypted() const = 0; + + /** + * Get a PSK in the form of a string (eg if the PSK is a password) + */ + std::string get_str(const std::string& name) const + { + secure_vector psk = get(name); + return std::string(reinterpret_cast(psk.data()), psk.size()); + } + + void set_str(const std::string& name, const std::string& psk) + { + set(name, reinterpret_cast(psk.data()), psk.size()); + } + + template + void set_vec(const std::string& name, + const std::vector& psk) + + { + set(name, psk.data(), psk.size()); + } + + virtual ~PSK_Database() = default; + }; + +/** +* A mixin for an encrypted PSK database. +* Both keys and values are encrypted with NIST AES-256 key wrapping. +* Values are padded to obscure their length before encryption, allowing +* it to be used as a password vault. +* +* Subclasses must implement the virtual calls to handle storing and +* getting raw (base64 encoded) values. +*/ +class BOTAN_PUBLIC_API(2,4) Encrypted_PSK_Database : public PSK_Database + { + public: + /** + * @param master_key specifies the master key used to encrypt all + * keys and value. It can be of any length, but should be at least 256 bits. + * + * Subkeys for the cryptographic algorithms used are derived from this + * master key. No key stretching is performed; if encrypting a PSK database + * using a password, it is recommended to use PBKDF2 to derive the database + * master key. + */ + Encrypted_PSK_Database(const secure_vector& master_key); + + ~Encrypted_PSK_Database(); + + std::set list_names() const override; + + secure_vector get(const std::string& name) const override; + + void set(const std::string& name, const uint8_t psk[], size_t psk_len) override; + + void remove(const std::string& name) override; + + bool is_encrypted() const override { return true; } + + protected: + /** + * Save a encrypted (name.value) pair to the database. Both will be base64 encoded strings. + */ + virtual void kv_set(const std::string& index, const std::string& value) = 0; + + /** + * Get a value previously saved with set_raw_value. Should return an empty + * string if index is not found. + */ + virtual std::string kv_get(const std::string& index) const = 0; + + /** + * Remove an index + */ + virtual void kv_del(const std::string& index) = 0; + + /** + * Return all indexes in the table. + */ + virtual std::set kv_get_all() const = 0; + + private: + std::unique_ptr m_cipher; + std::unique_ptr m_hmac; + secure_vector m_wrap_key; + }; + +} + +#endif diff --git a/src/lib/psk_db/psk_db_sql.cpp b/src/lib/psk_db/psk_db_sql.cpp new file mode 100644 index 0000000000..3a43e7380b --- /dev/null +++ b/src/lib/psk_db/psk_db_sql.cpp @@ -0,0 +1,69 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include + +namespace Botan { + +Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL(const secure_vector& master_key, + std::shared_ptr db, + const std::string& table_name) : + Encrypted_PSK_Database(master_key), + m_db(db), + m_table_name(table_name) + { + m_db->create_table( + "create table if not exists " + m_table_name + + "(psk_name TEXT PRIMARY KEY, psk_value TEXT)"); + } + +void Encrypted_PSK_Database_SQL::kv_del(const std::string& name) + { + auto stmt = m_db->new_statement("delete from " + m_table_name + " where psk_name=?1"); + stmt->bind(1, name); + stmt->spin(); + } + +void Encrypted_PSK_Database_SQL::kv_set(const std::string& name, const std::string& value) + { + auto stmt = m_db->new_statement("insert or replace into " + m_table_name + " values(?1, ?2)"); + + stmt->bind(1, name); + stmt->bind(2, value); + + stmt->spin(); + } + +std::string Encrypted_PSK_Database_SQL::kv_get(const std::string& name) const + { + auto stmt = m_db->new_statement("select psk_value from " + m_table_name + + " where psk_name = ?1"); + + stmt->bind(1, name); + + while(stmt->step()) + { + return stmt->get_str(0); + } + return ""; + } + +std::set Encrypted_PSK_Database_SQL::kv_get_all() const + { + std::set names; + + auto stmt = m_db->new_statement("select psk_name from " + m_table_name); + + while(stmt->step()) + { + names.insert(stmt->get_str(0)); + } + + return names; + } + +} + diff --git a/src/lib/psk_db/psk_db_sql.h b/src/lib/psk_db/psk_db_sql.h new file mode 100644 index 0000000000..fddadfc30d --- /dev/null +++ b/src/lib/psk_db/psk_db_sql.h @@ -0,0 +1,34 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PSK_DB_SQL_H_ +#define BOTAN_PSK_DB_SQL_H_ + +#include +#include + +namespace Botan { + +class BOTAN_PUBLIC_API(2,4) Encrypted_PSK_Database_SQL : public Encrypted_PSK_Database + { + public: + Encrypted_PSK_Database_SQL(const secure_vector& master_key, + std::shared_ptr db, + const std::string& table_name); + + private: + void kv_set(const std::string& index, const std::string& value) override; + std::string kv_get(const std::string& index) const override; + void kv_del(const std::string& index) override; + std::set kv_get_all() const override; + + std::shared_ptr m_db; + const std::string m_table_name; + }; + +} + +#endif diff --git a/src/lib/utils/database.h b/src/lib/utils/database.h index a90e9fbfd2..21a207445a 100644 --- a/src/lib/utils/database.h +++ b/src/lib/utils/database.h @@ -43,6 +43,8 @@ class BOTAN_PUBLIC_API(2,0) SQL_Database /* Get output */ virtual std::pair get_blob(int column) = 0; + virtual std::string get_str(int column) = 0; + virtual size_t get_size_t(int column) = 0; /* Run to completion */ diff --git a/src/lib/utils/sqlite3/sqlite3.cpp b/src/lib/utils/sqlite3/sqlite3.cpp index 09a964a462..a1fdfaa21e 100644 --- a/src/lib/utils/sqlite3/sqlite3.cpp +++ b/src/lib/utils/sqlite3/sqlite3.cpp @@ -7,6 +7,7 @@ #include #include +#include #include namespace Botan { @@ -108,7 +109,7 @@ void Sqlite3_Database::Sqlite3_Statement::bind(int column, const uint8_t* p, siz std::pair Sqlite3_Database::Sqlite3_Statement::get_blob(int column) { - BOTAN_ASSERT(::sqlite3_column_type(m_stmt, 0) == SQLITE_BLOB, + BOTAN_ASSERT(::sqlite3_column_type(m_stmt, column) == SQLITE_BLOB, "Return value is a blob"); const void* session_blob = ::sqlite3_column_blob(m_stmt, column); @@ -120,6 +121,16 @@ std::pair Sqlite3_Database::Sqlite3_Statement::get_blob( static_cast(session_blob_size)); } +std::string Sqlite3_Database::Sqlite3_Statement::get_str(int column) + { + BOTAN_ASSERT(::sqlite3_column_type(m_stmt, column) == SQLITE_TEXT, + "Return value is text"); + + const unsigned char* str = ::sqlite3_column_text(m_stmt, column); + + return std::string(cast_uint8_ptr_to_char(str)); + } + size_t Sqlite3_Database::Sqlite3_Statement::get_size_t(int column) { BOTAN_ASSERT(::sqlite3_column_type(m_stmt, column) == SQLITE_INTEGER, diff --git a/src/lib/utils/sqlite3/sqlite3.h b/src/lib/utils/sqlite3/sqlite3.h index 3f11b60e22..08a0f0ae7c 100644 --- a/src/lib/utils/sqlite3/sqlite3.h +++ b/src/lib/utils/sqlite3/sqlite3.h @@ -38,6 +38,7 @@ class BOTAN_PUBLIC_API(2,0) Sqlite3_Database final : public SQL_Database void bind(int column, const uint8_t* data, size_t len) override; std::pair get_blob(int column) override; + std::string get_str(int column) override; size_t get_size_t(int column) override; size_t spin() override; diff --git a/src/tests/test_psk_db.cpp b/src/tests/test_psk_db.cpp new file mode 100644 index 0000000000..f9eb9d7e87 --- /dev/null +++ b/src/tests/test_psk_db.cpp @@ -0,0 +1,248 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_PSK_DB) + +#include + +#if defined(BOTAN_HAS_SQLITE3) + #include + #include +#endif + +namespace Botan_Tests { + +namespace { + +class Test_Map_PSK_Db : public Botan::Encrypted_PSK_Database + { + public: + Test_Map_PSK_Db(const Botan::secure_vector& master_key) : + Botan::Encrypted_PSK_Database(master_key) + {} + + void test_entry(Test::Result& result, + const std::string& index, const std::string& value) + { + auto i = m_vals.find(index); + + if(i == m_vals.end()) + { + result.test_failure("Expected to find encrypted name " + index); + } + else + { + result.test_eq("Encrypted value", i->second, value); + } + } + + void kv_set(const std::string& index, const std::string& value) override + { + m_vals[index] = value; + } + + std::string kv_get(const std::string& index) const override + { + auto i = m_vals.find(index); + if(i == m_vals.end()) + return ""; + return i->second; + } + + void kv_del(const std::string& index) override + { + auto i = m_vals.find(index); + if(i != m_vals.end()) + { + m_vals.erase(i); + } + } + + std::set kv_get_all() const override + { + std::set names; + + for(auto kv : m_vals) + { + names.insert(kv.first); + } + + return names; + } + + private: + std::map m_vals; + }; + +} + +class PSK_DB_Tests final : public Test + { + public: + + std::vector run() override + { + std::vector results; + + results.push_back(test_psk_db()); + +#if defined(BOTAN_HAS_SQLITE3) + results.push_back(test_psk_sql_db()); +#endif + + return results; + } + + private: + + Test::Result test_psk_db() + { + Test::Result result("PSK_DB"); + + const Botan::secure_vector zeros(32); + Test_Map_PSK_Db db(zeros); + + db.set_str("name", "value"); + db.test_entry(result, "CUCJjJgWSa079ubutJQwlw==", "clYJSAf9CThuL96CP+rAfA=="); + result.test_eq("DB read", db.get_str("name"), "value"); + + db.set_str("name", "value1"); + db.test_entry(result, "CUCJjJgWSa079ubutJQwlw==", "7R8am3x/gLawOzMp5WwIJg=="); + result.test_eq("DB read", db.get_str("name"), "value1"); + + db.set_str("name", "value"); + db.test_entry(result, "CUCJjJgWSa079ubutJQwlw==", "clYJSAf9CThuL96CP+rAfA=="); + result.test_eq("DB read", db.get_str("name"), "value"); + + db.set_str("name2", "value"); + db.test_entry(result, "7CvsM7HDCZsV6VsFwWylNg==", "BqVQo4rdwOmf+ItCzEmjAg=="); + result.test_eq("DB read", db.get_str("name2"), "value"); + + db.set_vec("name2", zeros); + db.test_entry(result, "7CvsM7HDCZsV6VsFwWylNg==", "x+I1bUF/fJYPOTvKwOihEPWGR1XGzVuyRdsw4n5gpBRzNR7LjH7vjw=="); + result.test_eq("DB read", db.get("name2"), zeros); + + // Test longer names + db.set_str("leroy jeeeeeeeenkins", "chicken"); + db.test_entry(result, "KyYo272vlSjClM2F0OZBMlRYjr33ZXv2jN1oY8OfCEs=", "tCl1qShSTsXi9tA5Kpo9vg=="); + result.test_eq("DB read", db.get_str("leroy jeeeeeeeenkins"), "chicken"); + + std::set all_names = db.list_names(); + + result.test_eq("Expected number of names", all_names.size(), 3); + result.test_eq("Have expected name", all_names.count("name"), 1); + result.test_eq("Have expected name", all_names.count("name2"), 1); + result.test_eq("Have expected name", all_names.count("leroy jeeeeeeeenkins"), 1); + + db.remove("name2"); + + all_names = db.list_names(); + + result.test_eq("Expected number of names", all_names.size(), 2); + result.test_eq("Have expected name", all_names.count("name"), 1); + result.test_eq("Have expected name", all_names.count("leroy jeeeeeeeenkins"), 1); + + result.test_throws("exception if get called on non-existent PSK", + "Invalid argument Named PSK not located", + [&]() { db.get("name2"); }); + + // test that redundant remove calls accepted + db.remove("name2"); + + return result; + } + +#if defined(BOTAN_HAS_SQLITE3) + + void test_entry(Test::Result& result, + std::shared_ptr db, + const std::string& table, + const std::string& expected_name, + const std::string& expected_value) + { + auto stmt = db->new_statement("select psk_value from " + table + " where psk_name='" + expected_name + "'"); + + bool got_it = stmt->step(); + result.confirm("Had expected name", got_it); + + if(got_it) + { + result.test_eq("Had expected value", stmt->get_str(0), expected_value); + } + } + + Test::Result test_psk_sql_db() + { + Test::Result result("PSK_DB SQL"); + + const Botan::secure_vector zeros(32); + const std::string table_name = "bobby"; + std::shared_ptr sqldb = std::make_shared(":memory:"); + + Botan::Encrypted_PSK_Database_SQL db(zeros, sqldb, table_name); + db.set_str("name", "value"); + + test_entry(result, sqldb, table_name, "CUCJjJgWSa079ubutJQwlw==", "clYJSAf9CThuL96CP+rAfA=="); + result.test_eq("DB read", db.get_str("name"), "value"); + + db.set_str("name", "value1"); + test_entry(result, sqldb, table_name, "CUCJjJgWSa079ubutJQwlw==", "7R8am3x/gLawOzMp5WwIJg=="); + result.test_eq("DB read", db.get_str("name"), "value1"); + + db.set_str("name", "value"); + test_entry(result, sqldb, table_name, "CUCJjJgWSa079ubutJQwlw==", "clYJSAf9CThuL96CP+rAfA=="); + result.test_eq("DB read", db.get_str("name"), "value"); + + db.set_str("name2", "value"); + test_entry(result, sqldb, table_name, "7CvsM7HDCZsV6VsFwWylNg==", "BqVQo4rdwOmf+ItCzEmjAg=="); + result.test_eq("DB read", db.get_str("name2"), "value"); + + db.set_vec("name2", zeros); + test_entry(result, sqldb, table_name, "7CvsM7HDCZsV6VsFwWylNg==", "x+I1bUF/fJYPOTvKwOihEPWGR1XGzVuyRdsw4n5gpBRzNR7LjH7vjw=="); + result.test_eq("DB read", db.get("name2"), zeros); + + // Test longer names + db.set_str("leroy jeeeeeeeenkins", "chicken"); + test_entry(result, sqldb, table_name, "KyYo272vlSjClM2F0OZBMlRYjr33ZXv2jN1oY8OfCEs=", "tCl1qShSTsXi9tA5Kpo9vg=="); + result.test_eq("DB read", db.get_str("leroy jeeeeeeeenkins"), "chicken"); + + std::set all_names = db.list_names(); + + result.test_eq("Expected number of names", all_names.size(), 3); + result.test_eq("Have expected name", all_names.count("name"), 1); + result.test_eq("Have expected name", all_names.count("name2"), 1); + result.test_eq("Have expected name", all_names.count("leroy jeeeeeeeenkins"), 1); + + db.remove("name2"); + + all_names = db.list_names(); + + result.test_eq("Expected number of names", all_names.size(), 2); + result.test_eq("Have expected name", all_names.count("name"), 1); + result.test_eq("Have expected name", all_names.count("leroy jeeeeeeeenkins"), 1); + + result.test_throws("exception if get called on non-existent PSK", + "Invalid argument Named PSK not located", + [&]() { db.get("name2"); }); + + // test that redundant remove calls accepted + db.remove("name2"); + + + return result; + } +#endif + + + }; + +BOTAN_REGISTER_TEST("psk_db", PSK_DB_Tests); + +} + +#endif From d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 26 Nov 2017 20:54:12 -0500 Subject: [PATCH 0229/1008] Fix errors caught with tlsfuzzer Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.) --- src/lib/tls/msg_server_hello.cpp | 2 +- src/lib/tls/tls_handshake_state.cpp | 6 ++++-- src/lib/tls/tls_server.cpp | 7 ------- src/tests/data/tls-policy/compat.txt | 1 + 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index d44fb5bc66..67c3d530f5 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -47,7 +47,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } - if(c.ecc_ciphersuite()) + if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS)) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 5fcfb08c7f..442d499d11 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -74,7 +74,8 @@ const char* handshake_type_to_string(Handshake_Type type) return "invalid"; } - throw Internal_Error("Unknown TLS handshake message type " + std::to_string(type)); + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Unknown TLS handshake message type " + std::to_string(type)); } namespace { @@ -133,7 +134,8 @@ uint32_t bitmask_for_handshake_type(Handshake_Type type) return 0; } - throw Internal_Error("Unknown handshake type " + std::to_string(type)); + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Unknown TLS handshake message type " + std::to_string(type)); } std::string handshake_mask_to_string(uint32_t mask) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 9f1dfe1d1f..f20e363cf3 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -168,13 +168,9 @@ uint16_t choose_ciphersuite( const bool have_shared_ecc_curve = (policy.choose_curve(client_hello.supported_ecc_curves()) != ""); - const bool have_shared_dh_group = - (policy.choose_dh_group(client_hello.supported_dh_groups()) != ""); - /* Walk down one list in preference order */ - std::vector pref_list = server_suites; std::vector other_list = client_suites; @@ -196,9 +192,6 @@ uint16_t choose_ciphersuite( if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false) continue; - if(suite.kex_algo() == "DH" && have_shared_dh_group == false) - continue; - // For non-anon ciphersuites if(suite.sig_algo() != "") { diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt index 1890b12b50..39564b51b7 100644 --- a/src/tests/data/tls-policy/compat.txt +++ b/src/tests/data/tls-policy/compat.txt @@ -17,6 +17,7 @@ key_exchange_methods = CECPQ1 ECDH DH RSA ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 allow_insecure_renegotiation = false include_time_in_hello_random = true +allow_client_initiated_renegotiation = true allow_server_initiated_renegotiation = false hide_unknown_users = false server_uses_own_ciphersuite_preferences = true From b7ec3e0811cbb9ee13b9ad96f80d0992be65ed15 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 24 Nov 2017 00:08:54 -0500 Subject: [PATCH 0230/1008] Add tls_http_server cmd util It parses just enough of an HTTP message that it can be used to test against a browser, or tlsfuzzer. --- src/cli/tls_http_server.cpp | 543 ++++++++++++++++++++++++++++++++++++ 1 file changed, 543 insertions(+) create mode 100644 src/cli/tls_http_server.cpp diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp new file mode 100644 index 0000000000..9669ee27cb --- /dev/null +++ b/src/cli/tls_http_server.cpp @@ -0,0 +1,543 @@ +/* +* (C) 2014,2015,2017 Jack Lloyd +* (C) 2016 Matthias Gierlings +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "cli.h" + +#if defined(BOTAN_HAS_TLS) && defined(BOTAN_HAS_BOOST_ASIO) + +#include +#include +#include +#include +#include +#include + +#define _GLIBCXX_HAVE_GTHR_DEFAULT +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) + #include +#endif + +#include "credentials.h" + +namespace Botan_CLI { + +namespace { + +using boost::asio::ip::tcp; + +inline void log_exception(const char* where, const std::exception& e) + { + std::cout << where << ' ' << e.what() << std::endl; + } + +/* +* This is an incomplete and highly buggy HTTP request parser. It is just +* barely sufficient to handle a GET request sent by a browser. +*/ +class HTTP_Parser + { + public: + class Request + { + public: + const std::string& verb() const { return m_verb; } + const std::string& location() const { return m_location; } + const std::map& headers() const { return m_headers; } + + Request(const std::string& verb, + const std::string& location, + const std::map& headers) : + m_verb(verb), + m_location(location), + m_headers(headers) + {} + + private: + std::string m_verb; + std::string m_location; + std::map m_headers; + }; + + class Callbacks + { + public: + virtual void handle_http_request(const Request& request) = 0; + virtual ~Callbacks() = default; + }; + + HTTP_Parser(Callbacks& cb) : m_cb(cb) {} + + void consume_input(const uint8_t buf[], size_t buf_len) + { + m_req_buf.append(reinterpret_cast(buf), buf_len); + + std::istringstream strm(m_req_buf); + + std::string http_version; + std::string verb; + std::string location; + std::map headers; + + strm >> verb >> location >> http_version; + + if(verb.empty() || location.empty()) + return; + + while(true) + { + std::string header_line; + std::getline(strm, header_line); + + if(header_line == "\r") + { + continue; + } + + auto delim = header_line.find(": "); + if(delim == std::string::npos) + { + break; + } + + const std::string hdr_name = header_line.substr(0, delim); + const std::string hdr_val = header_line.substr(delim + 2, std::string::npos); + + headers[hdr_name] = hdr_val; + + if(headers.size() > 1024) + throw std::runtime_error("That's an awful lot of headers"); + } + + if(verb != "" && location != "") + { + Request req(verb, location, headers); + m_cb.handle_http_request(req); + m_req_buf.clear(); + } + else + printf("ignoring\n"); + } + private: + Callbacks& m_cb; + std::string m_req_buf; + }; + +static const size_t READBUF_SIZE = 4096; + +class TLS_Asio_HTTP_Session final : public boost::enable_shared_from_this, + public Botan::TLS::Callbacks, + public HTTP_Parser::Callbacks + { + public: + typedef boost::shared_ptr pointer; + + static pointer create( + boost::asio::io_service& io, + Botan::TLS::Session_Manager& session_manager, + Botan::Credentials_Manager& credentials, + Botan::TLS::Policy& policy) + { + return pointer(new TLS_Asio_HTTP_Session(io, session_manager, credentials, policy)); + } + + tcp::socket& client_socket() + { + return m_client_socket; + } + + void start() + { + m_c2s.resize(READBUF_SIZE); + client_read(boost::system::error_code(), 0); // start read loop + } + + void stop() + { + m_tls.close(); + } + + private: + TLS_Asio_HTTP_Session(boost::asio::io_service& io, + Botan::TLS::Session_Manager& session_manager, + Botan::Credentials_Manager& credentials, + Botan::TLS::Policy& policy) + : m_strand(io) + , m_client_socket(io) + , m_tls(*this, session_manager, credentials, policy, m_rng) {} + + void client_read(const boost::system::error_code& error, + size_t bytes_transferred) + { + if(error) + { + stop(); + return; + } + + try + { + m_tls.received_data(&m_c2s[0], bytes_transferred); + } + catch(Botan::Exception& e) + { + log_exception("TLS connection failed", e); + stop(); + return; + } + + m_client_socket.async_read_some( + boost::asio::buffer(&m_c2s[0], m_c2s.size()), + m_strand.wrap( + boost::bind( + &TLS_Asio_HTTP_Session::client_read, shared_from_this(), + boost::asio::placeholders::error, + boost::asio::placeholders::bytes_transferred))); + } + + void handle_client_write_completion(const boost::system::error_code& error) + { + if(error) + { + stop(); + return; + } + + m_s2c.clear(); + + if(m_s2c_pending.empty() && m_tls.is_closed()) + { + m_client_socket.close(); + } + tls_emit_data(nullptr, 0); // initiate another write if needed + } + + std::string tls_server_choose_app_protocol(const std::vector& client_protos) override + { + return "http/1.1"; + } + + void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override + { + if(!m_http_parser) + m_http_parser.reset(new HTTP_Parser(*this)); + + m_http_parser->consume_input(buf, buf_len); + } + + std::string summarize_request(const HTTP_Parser::Request& request) + { + std::ostringstream strm; + + strm << "Client " << client_socket().remote_endpoint().address().to_string() + << " requested " << request.verb() << " " << request.location() << "\n"; + + if(request.headers().empty() == false) + { + strm << "Client HTTP headers:\n"; + for(auto kv : request.headers()) + strm << " " << kv.first << ": " << kv.second << "\n"; + } + + return strm.str(); + } + + void handle_http_request(const HTTP_Parser::Request& request) override + { + std::ostringstream response; + if(request.verb() != "GET") + { + response << "HTTP/1.0 405 Method Not Allowed\r\n\r\nNo POST for you"; + } + else + { + if(request.location() == "/" || request.location() == "/status") + { + const std::string http_summary = summarize_request(request); + + const std::string report = http_summary + m_session_summary + m_chello_summary; + + response << "HTTP/1.0 200 OK\r\n"; + response << "Server: " << Botan::version_string() << "\r\n"; + response << "Content-Type: text/plain\r\n"; + response << "Content-Length: " << report.size() << "\r\n"; + response << "\r\n"; + + response << report; + } + else + { + response << "HTTP/1.0 404 Not Found\r\n\r\nSorry, no"; + } + } + + const std::string response_str = response.str(); + m_tls.send(response_str); + m_tls.close(); + } + + void tls_emit_data(const uint8_t buf[], size_t buf_len) override + { + if(buf_len > 0) + { + m_s2c_pending.insert(m_s2c_pending.end(), buf, buf + buf_len); + } + + // no write now active and we still have output pending + if(m_s2c.empty() && !m_s2c_pending.empty()) + { + std::swap(m_s2c_pending, m_s2c); + + boost::asio::async_write( + m_client_socket, + boost::asio::buffer(&m_s2c[0], m_s2c.size()), + m_strand.wrap( + boost::bind( + &TLS_Asio_HTTP_Session::handle_client_write_completion, + shared_from_this(), + boost::asio::placeholders::error))); + } + } + + bool tls_session_established(const Botan::TLS::Session& session) override + { + std::ostringstream strm; + + strm << "TLS negotiation with " << Botan::version_string() << " test server\n\n"; + + strm << "Version: " << session.version().to_string() << "\n"; + strm << "Ciphersuite: " << session.ciphersuite().to_string() << "\n"; + if(session.session_id().empty() == false) + { + strm << "SessionID: " << Botan::hex_encode(session.session_id()) << "\n"; + } + if(session.server_info().hostname() != "") + { + strm << "SNI: " << session.server_info().hostname() << "\n"; + } + + m_session_summary = strm.str(); + return true; + } + + void tls_inspect_handshake_msg(const Botan::TLS::Handshake_Message& message) + { + if(message.type() == Botan::TLS::CLIENT_HELLO) + { + const Botan::TLS::Client_Hello& client_hello = dynamic_cast(message); + + std::ostringstream strm; + + strm << "Client random: " << Botan::hex_encode(client_hello.random()) << "\n"; + + strm << "Client offered following ciphersuites:\n"; + for(uint16_t suite_id : client_hello.ciphersuites()) + { + Botan::TLS::Ciphersuite ciphersuite = Botan::TLS::Ciphersuite::by_id(suite_id); + + strm << " - 0x" + << std::hex << std::setfill('0') << std::setw(4) << suite_id + << std::dec << std::setfill(' ') << std::setw(0) << " "; + + if(ciphersuite.valid()) + strm << ciphersuite.to_string() << "\n"; + else if(suite_id == 0x00FF) + strm << "Renegotiation SCSV\n"; + else + strm << "Unknown ciphersuite\n"; + } + + m_chello_summary = strm.str(); + } + + } + + void tls_alert(Botan::TLS::Alert alert) override + { + if(alert.type() == Botan::TLS::Alert::CLOSE_NOTIFY) + { + m_tls.close(); + return; + } + else + { + std::cout << "Alert " << alert.type_string() << std::endl; + } + } + + boost::asio::io_service::strand m_strand; + + tcp::socket m_client_socket; + + Botan::AutoSeeded_RNG m_rng; // RNG per connection + Botan::TLS::Server m_tls; + std::string m_chello_summary; + std::string m_session_summary; + std::unique_ptr m_http_parser; + + std::vector m_c2s; + std::vector m_s2c; + std::vector m_s2c_pending; + }; + +class TLS_Asio_HTTP_Server final + { + public: + typedef TLS_Asio_HTTP_Session session; + + TLS_Asio_HTTP_Server( + boost::asio::io_service& io, unsigned short port, + Botan::Credentials_Manager& creds, + Botan::TLS::Policy& policy, + Botan::TLS::Session_Manager& session_mgr) + : m_acceptor(io, tcp::endpoint(tcp::v4(), port)) + , m_creds(creds) + , m_policy(policy) + , m_session_manager(session_mgr) + { + session::pointer new_session = make_session(); + + m_acceptor.async_accept( + new_session->client_socket(), + boost::bind( + &TLS_Asio_HTTP_Server::handle_accept, + this, + new_session, + boost::asio::placeholders::error)); + } + + private: + session::pointer make_session() + { + return session::create( + m_acceptor.get_io_service(), + m_session_manager, + m_creds, + m_policy); + } + + void handle_accept(session::pointer new_session, + const boost::system::error_code& error) + { + if(!error) + { + new_session->start(); + new_session = make_session(); + + m_acceptor.async_accept( + new_session->client_socket(), + boost::bind( + &TLS_Asio_HTTP_Server::handle_accept, + this, + new_session, + boost::asio::placeholders::error)); + } + } + + tcp::acceptor m_acceptor; + + Botan::Credentials_Manager& m_creds; + Botan::TLS::Policy& m_policy; + Botan::TLS::Session_Manager& m_session_manager; + }; + +} + +class TLS_HTTP_Server final : public Command + { + public: + TLS_HTTP_Server() : Command("tls_http_server server_cert server_key " + "--port=443 --policy= --threads=0 " + "--session-db= --session-db-pass=") {} + + void go() override + { + const size_t listen_port = get_arg_sz("port"); + + const std::string server_crt = get_arg("server_cert"); + const std::string server_key = get_arg("server_key"); + + const size_t num_threads = get_arg_sz("threads") || std::thread::hardware_concurrency() || 2; + + Basic_Credentials_Manager creds(rng(), server_crt, server_key); + + std::unique_ptr policy; + + const std::string policy_file = get_arg("policy"); + if(policy_file.size() > 0) + { + std::ifstream policy_stream(policy_file); + if(!policy_stream.good()) + { + error_output() << "Failed reading policy file\n"; + return; + } + policy.reset(new Botan::TLS::Text_Policy(policy_stream)); + } + + if(!policy) + { + policy.reset(new Botan::TLS::Policy); + } + + std::unique_ptr session_mgr; + + const std::string sessions_db = get_arg("session-db"); + + if(!sessions_db.empty()) + { +#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) + const std::string sessions_passphrase = get_arg("session-db-pass"); + session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng(), sessions_db)); +#else + throw CLI_Error_Unsupported("Sqlite3 support not available"); +#endif + } + + if(!session_mgr) + { + session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng())); + } + + boost::asio::io_service io; + + TLS_Asio_HTTP_Server server(io, listen_port, creds, *policy, *session_mgr); + + std::vector> threads; + + // run forever... first thread is main calling io.run below + for(size_t i = 2; i <= num_threads; ++i) + { + threads.push_back(std::make_shared([&io]() { io.run(); })); + } + + io.run(); + + for(size_t i = 0; i < threads.size(); ++i) + { + threads[i]->join(); + } + } + }; + +BOTAN_REGISTER_COMMAND("tls_http_server", TLS_HTTP_Server); + +} + +#endif From a4bb3ceba2063b1f704c8e72aee78288f5a7e74f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 26 Nov 2017 22:06:16 -0500 Subject: [PATCH 0231/1008] Throw a Decoding_Error if TLS AEAD packet is shorter than the tag. Otherwise this ended up as an assertion failure which translated to internal_error alert. --- src/lib/tls/tls_record.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 4986a7103f..996abbfc4a 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -302,6 +302,9 @@ void decrypt_record(secure_vector& output, const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()]; const size_t msg_length = record_len - cs.nonce_bytes_from_record(); + if(msg_length < aead->minimum_final_size()) + throw Decoding_Error("AEAD packet is shorter than the tag"); + const size_t ptext_size = aead->output_length(msg_length); aead->set_associated_data_vec( From b9f31bf1878119e964e4c1d3a4adec009bc6d35a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 26 Nov 2017 22:16:07 -0500 Subject: [PATCH 0232/1008] Update news --- news.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/news.rst b/news.rst index 4cfbf2e1ee..adc5279f24 100644 --- a/news.rst +++ b/news.rst @@ -16,6 +16,16 @@ Version 2.4.0, Not Yet Released * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) +* Fix several minor bugs in the TLS code caught by tlsfuzzer, mostly related to + sending the wrong alert type in various circumstances. + +* Add support for a ``tls_http_server`` command line utility which responds to + simple GET requests. This is useful for testing against a browser, or various + TLS test tools which expect the underlying protocol to be HTTP. (GH #1315) + +* Add an interface for generic PSK data stores, as well as an implementation + which encrypts stored values with AES key wrapping. (GH #1302) + * Optimize GCM mode on systems both with and without carryless multiply support. This includes a new base case implementation (still constant time), a new SSSE3 implementation for systems with SSSE3 but not clmul, and better From 0c399f264095baf9b225e26f5a56a8724d3e5b1e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 26 Nov 2017 22:26:09 -0500 Subject: [PATCH 0233/1008] Fix Doxygen --- src/lib/psk_db/psk_db.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/psk_db/psk_db.h b/src/lib/psk_db/psk_db.h index fb20e94379..2a573c7d5e 100644 --- a/src/lib/psk_db/psk_db.h +++ b/src/lib/psk_db/psk_db.h @@ -31,7 +31,7 @@ class BOTAN_PUBLIC_API(2,4) PSK_Database virtual std::set list_names() const = 0; /** - * Return the value associated with the specified @param name, or otherwise + * Return the value associated with the specified @param name or otherwise * throw an exception. */ virtual secure_vector get(const std::string& name) const = 0; From e093d94b1aad8e11236fb82c211665a7f2d97c7c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 14:14:13 -0500 Subject: [PATCH 0234/1008] Correct definition of FFDHE 4096 group Was a copy+paste of FFDHE 3072 --- src/lib/pubkey/dl_group/dl_named.cpp | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index fc5cf4fd29..6750984060 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -395,23 +395,28 @@ std::string DL_Group::PEM_for_named_group(const std::string& name) if(name == "ffdhe/ietf/4096") return "-----BEGIN DSA PARAMETERS-----" - "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" + "MIIEDAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" - "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu" - "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" - "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" - "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" - "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" - "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" - "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" - "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" - "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" - "lbNjFxv//////////wIBAg==" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" + "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" + "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" + "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CggIAf///" + "///////W/CosUV2lTVfuKxATnp547FziwecWm0rU8JsgijIZ/eZJzucSTZ98vpfx" + "sbGGOux7QNkBV2IwvWnvj2rq/rKwkhn6j6+DN2hCsbKqnvaNedqria8/q+SazCeG" + "OHBzRbvxU0Tteff0OQ74rFCbVvOamFZlJ6QdPL1eBVjBWZJ9sOiEVKXZZHH93LVt" + "W7Br+jQOp6FR7xym+lcrdvOxuV2MhYPT5HcFNrhPAX5w5vvxdmAaAmaUGhewyLl/" + "TnTCwf/HJ4kZd3lAweH/HY2mN9a5ndr+XhdhEALix3jBvotB2WN5pRNg2Xf9RDWh" + "HDCP5+5vGq2dsoyBrd4aem98zgEcMNo35OtzZIO9bI6TSPv79yzGWH1gw2yOV38J" + "hMKJyThaCYZJ3iG8onp+oilxa6bpsnlxDzj6pf+uV0FVzk77T3Q2leKRGx0G1eKQ" + "y82G9W0O380hauIkJwVeaDX9Ke73ng2Qdx/qzr4S8g6Vs08PeLc3qWGLJvp9vJh0" + "8nLEK9tWPq+ha0+2jDux546qgaACQ/qt0r8Y5j04muRDd9oYxXa1DwCWzzQZVIOw" + "BUjAmGI247x8uNaAHASUzNGZ5cW9DQ7cnrigAB4VJ2dU/MaFZgVBSObnZL7nx2Ta" + "rT/EUjWm2tQo+iDBcONFAD8vMq+1f/////////8CAQI=" "-----END DSA PARAMETERS-----"; if(name == "ffdhe/ietf/6144") From c56cc4a056c8a442ed31ea2f47bb7e933569fcd4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 14:14:49 -0500 Subject: [PATCH 0235/1008] Increase HMAC key size limit to 4096 bytes. The previous limit of 512 bytes meant that TLS was unable to negotiate using FFDHE-6144 or FFDHE-8192 groups. --- src/lib/mac/hmac/hmac.cpp | 6 ++++++ src/lib/mac/hmac/hmac.h | 6 +----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/lib/mac/hmac/hmac.cpp b/src/lib/mac/hmac/hmac.cpp index 244946d884..532c982742 100644 --- a/src/lib/mac/hmac/hmac.cpp +++ b/src/lib/mac/hmac/hmac.cpp @@ -32,6 +32,12 @@ void HMAC::final_result(uint8_t mac[]) m_hash->update(m_ikey); } +Key_Length_Specification HMAC::key_spec() const + { + // Support very long lengths for things like PBKDF2 and the TLS PRF + return Key_Length_Specification(0, 4096); + } + /* * HMAC Key Schedule */ diff --git a/src/lib/mac/hmac/hmac.h b/src/lib/mac/hmac/hmac.h index 253184895d..8001594324 100644 --- a/src/lib/mac/hmac/hmac.h +++ b/src/lib/mac/hmac/hmac.h @@ -25,11 +25,7 @@ class BOTAN_PUBLIC_API(2,0) HMAC final : public MessageAuthenticationCode size_t output_length() const override { return m_hash->output_length(); } - Key_Length_Specification key_spec() const override - { - // Absurd max length here is to support PBKDF2 - return Key_Length_Specification(0, 512); - } + Key_Length_Specification key_spec() const override; /** * @param hash the hash to use for HMACing From 14499ea0f9494208ae184ee74b4a71e2fe84a404 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 14:15:56 -0500 Subject: [PATCH 0236/1008] Return correct alert type on malformed DH/ECDH messages. In the client key exchange if the message was malformed (eg an completely empty ECDH share) a Decoding_Error would be thrown, then caught and a fake pre master secret generated. Move the parsing of the message out of the try/catch block, so the correct error is reported. --- src/lib/tls/msg_client_kex.cpp | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 742fee6b54..51040e479d 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -403,17 +403,21 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, throw Internal_Error("Expected key agreement key type but got " + private_key.algo_name()); + std::vector client_pubkey; + + if(ka_key->algo_name() == "DH") + { + client_pubkey = reader.get_range(2, 0, 65535); + } + else + { + client_pubkey = reader.get_range(1, 1, 255); + } + try { PK_Key_Agreement ka(*ka_key, rng, "Raw"); - std::vector client_pubkey; - - if(ka_key->algo_name() == "DH") - client_pubkey = reader.get_range(2, 0, 65535); - else - client_pubkey = reader.get_range(1, 0, 255); - secure_vector shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") From 7ff369a0a26cfd9803d58eeb0206204890779b79 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 14:17:40 -0500 Subject: [PATCH 0237/1008] Tighten up checks on signature key exchange message An empty extension is not allowed, but was previously accepted. --- src/lib/tls/tls_extensions.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 8f13b2c6d8..d521f6bf86 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -586,7 +586,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, { uint16_t len = reader.get_uint16_t(); - if(len + 2 != extension_size) + if(len + 2 != extension_size || len % 2 == 1 || len == 0) throw Decoding_Error("Bad encoding on signature algorithms extension"); while(len) From bf59cc53a768cd0ea1deb78a9a75c3bc92d466e6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 14:18:39 -0500 Subject: [PATCH 0238/1008] Correct version selection logic in TLS server Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert. --- src/lib/tls/tls_server.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index f20e363cf3..66a0e0e1de 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -405,6 +405,11 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, pending_state.client_hello(new Client_Hello(contents)); const Protocol_Version client_version = pending_state.client_hello()->version(); + if(client_version.major_version() < 3) + throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client offered version with major version under 3"); + if(client_version.major_version() == 3 && client_version.minor_version() == 0) + throw TLS_Exception(Alert::PROTOCOL_VERSION, "SSLv3 is not supported"); + Protocol_Version negotiated_version; const Protocol_Version latest_supported = From 5205df88f44b3d52854688ae790dafe33811ec4b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 14:27:36 -0500 Subject: [PATCH 0239/1008] Add an explicit catch for a server trying to negotiate SSLv3 This was already caught with the policy check later but it's better to be explicit. (And in theory an application might implement their policy version check to be "return true", which would lead to us actually attempting to negotiate SSLv3). --- src/lib/tls/tls_client.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index ce19f04c9c..0e620a2796 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -330,7 +330,13 @@ void Client::process_handshake_msg(const Handshake_State* active_state, if(state.version() > state.client_hello()->version()) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server replied with later version than in hello"); + "Server replied with later version than client offered"); + } + + if(state.version().major_version() == 3 && state.version().minor_version() == 0) + { + throw TLS_Exception(Alert::PROTOCOL_VERSION, + "Server attempting to negotiate SSLv3 which is not supported"); } if(!policy().acceptable_protocol_version(state.version())) From bf5b2f471eebf58ccc5eced12e5a5ea64810d679 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 18:40:01 -0500 Subject: [PATCH 0240/1008] Run TLS hello random fields through SHA-256 Avoids exposing RNG output on the wire. Cheap precaution. --- src/lib/tls/msg_client_hello.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index e0d3c8b657..3b13cf21d1 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -10,6 +10,8 @@ #include #include #include +#include + #include #include #include @@ -27,11 +29,15 @@ enum { }; std::vector make_hello_random(RandomNumberGenerator& rng, - const Policy& policy) + const Policy& policy) { std::vector buf(32); rng.randomize(buf.data(), buf.size()); + std::unique_ptr sha256 = HashFunction::create_or_throw("SHA-256"); + sha256->update(buf); + sha256->final(buf); + if(policy.include_time_in_hello_random()) { const uint32_t time32 = static_cast( From 07bc7ad6d6189575ae16fb5d87d257d93277eb3e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 18:45:09 -0500 Subject: [PATCH 0241/1008] Update news --- news.rst | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/news.rst b/news.rst index adc5279f24..e8abd5669a 100644 --- a/news.rst +++ b/news.rst @@ -16,8 +16,15 @@ Version 2.4.0, Not Yet Released * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) -* Fix several minor bugs in the TLS code caught by tlsfuzzer, mostly related to - sending the wrong alert type in various circumstances. +* Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows + using a DH key exchange with a group greater than 4096 bits. (GH #1316) + +* Fix a bug in the TLS server where, on receiving an SSLv3 client hello, it + would attempt to negotiate TLS v1.2. Now a protocol_version alert is sent. + Found with tlsfuzzer. (GH #1316) + +* Fix several bugs related to sending the wrong alert type in various error + scenarious, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various From a2ae90739a43c7afaf72c15efc0f5843698b73d1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 20:25:52 -0500 Subject: [PATCH 0242/1008] Split the language flags out of CXXFLAGS Allows distributor to override CFLAGS without having to worry about what -std=c++xx options we are using. See GH #1237 --- configure.py | 16 ++++++++++------ src/build-data/makefile/gmake_fuzzers.in | 2 +- src/build-data/makefile/header.in | 7 ++++--- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/configure.py b/configure.py index 49d2b2ce2c..4040f895cd 100755 --- a/configure.py +++ b/configure.py @@ -1206,10 +1206,11 @@ def gen_flags(): return (' '.join(gen_flags())).strip() + def cc_lang_flags(self, options): + return self.lang_flags + def cc_compile_flags(self, options): def gen_flags(): - yield self.lang_flags - if options.with_debug_info: yield self.debug_info_flags @@ -1628,12 +1629,14 @@ def _write_footer(self, fd, library_link, cli_link, tests_link): fd.write('option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warning policy will be used" OFF)\n') fd.write('option(ENABLED_LTO "If enabled link time optimization will be used" OFF)\n\n') - fd.write('set(COMPILER_FEATURES_RELEASE %s %s)\n' - % (self._cc.cc_compile_flags(self._options_release), + fd.write('set(COMPILER_FEATURES_RELEASE %s %s %s)\n' + % (self._cc.cc_lang_flags(self._options_release), + self._cc.cc_compile_flags(self._options_release), self._cc.mach_abi_link_flags(self._options_release))) - fd.write('set(COMPILER_FEATURES_DEBUG %s %s)\n' - % (self._cc.cc_compile_flags(self._options_debug), + fd.write('set(COMPILER_FEATURES_DEBUG %s %s %s)\n' + % (self._cc.cc_lang_flags(self._options_debug), + self._cc.cc_compile_flags(self._options_debug), self._cc.mach_abi_link_flags(self._options_debug))) fd.write('set(COMPILER_FEATURES $<$>:${COMPILER_FEATURES_RELEASE}>' @@ -2018,6 +2021,7 @@ def configure_command_line(): 'cxx_abi_flags': cc.mach_abi_link_flags(options), 'linker': cc.linker_name or '$(CXX)', + 'cc_lang_flags': cc.cc_lang_flags(options), 'cc_compile_flags': cc.cc_compile_flags(options), 'cc_warning_flags': cc.cc_warning_flags(options), diff --git a/src/build-data/makefile/gmake_fuzzers.in b/src/build-data/makefile/gmake_fuzzers.in index 62f7cdd295..61acdad4d9 100644 --- a/src/build-data/makefile/gmake_fuzzers.in +++ b/src/build-data/makefile/gmake_fuzzers.in @@ -3,7 +3,7 @@ FUZZER_LINK_CMD = %{fuzzer_link_cmd} FUZZER_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) %{fuzzer_libs} -FUZZER_FLAGS = $(CXXFLAGS) $(WARN_FLAGS) +FUZZER_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) %{fuzzer_build_cmds} diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index 6757abbade..9929bc4ba0 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -4,6 +4,7 @@ LINKER = %{linker} PYTHON_EXE = %{python_exe} +LANG_FLAGS = %{cc_lang_flags} CXXFLAGS = %{cc_compile_flags} WARN_FLAGS = %{cc_warning_flags} SO_OBJ_FLAGS = %{shared_flags} @@ -16,9 +17,9 @@ LIB_LINKS_TO = %{link_to} CLI_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) TEST_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) -LIB_FLAGS = $(SO_OBJ_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) -CLI_FLAGS = $(CXXFLAGS) $(WARN_FLAGS) -TEST_FLAGS = $(CXXFLAGS) $(WARN_FLAGS) +LIB_FLAGS = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) +CLI_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) +TEST_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) SCRIPTS_DIR = %{scripts_dir} INSTALLED_LIB_DIR = %{prefix}/%{libdir} From 77beb29372dfc301041e257a2290e7f69a2bf723 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 28 Nov 2017 21:02:41 -0500 Subject: [PATCH 0243/1008] Add flags to disable building/installing documentation --- configure.py | 20 +++++++++++++++++++- src/scripts/install.py | 24 ++++++++++++------------ 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/configure.py b/configure.py index 4040f895cd..03f935e35f 100755 --- a/configure.py +++ b/configure.py @@ -268,6 +268,10 @@ def src_info(self, typ): def make_build_doc_commands(source_paths, build_paths, options): + + if options.with_documentation == False: + return "" + def build_manual_command(src_dir, dst_dir): if options.with_sphinx: sphinx = 'sphinx-build -c $(SPHINX_CONFIG) $(SPHINX_OPTS) ' @@ -448,6 +452,13 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--without-doxygen', action='store_false', dest='with_doxygen', help=optparse.SUPPRESS_HELP) + build_group.add_option('--with-documentation', action='store_true', + help=optparse.SUPPRESS_HELP) + + build_group.add_option('--without-documentation', action='store_false', + default=True, dest='with_documentation', + help='Skip building/installing documentation') + build_group.add_option('--maintainer-mode', dest='maintainer_mode', action='store_true', default=False, help="Enable extra warnings") @@ -1987,6 +1998,7 @@ def configure_command_line(): 'libdir': options.libdir or osinfo.lib_dir, 'includedir': options.includedir or osinfo.header_dir, 'docdir': options.docdir or osinfo.doc_dir, + 'with_documentation': options.with_documentation, 'out_dir': options.with_build_dir or os.path.curdir, 'build_dir': build_config.build_dir, @@ -2952,7 +2964,7 @@ def deduce_compiler_type_from_cc_bin(cc_bin): logging.info('Guessing target processor is a %s/%s (use --cpu to set)' % ( options.arch, options.cpu)) - if options.with_sphinx is None: + if options.with_sphinx is None and options.with_documentation == True: if have_program('sphinx-build'): logging.info('Found sphinx-build (use --without-sphinx to disable)') options.with_sphinx = True @@ -3031,6 +3043,12 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.build_fuzzers == 'klee' and options.os != 'llvm': raise UserError('Building for KLEE requires targetting LLVM') + if options.with_documentation == False: + if options.with_doxygen: + raise UserError('Using --with-doxygen plus --without-documentation makes no sense') + if options.with_sphinx: + raise UserError('Using --with-sphinx plus --without-documentation makes no sense') + # Warnings if options.os == 'windows' and options.compiler == 'gcc': logging.warning('Detected GCC on Windows; use --os=cygwin or --os=mingw?') diff --git a/src/scripts/install.py b/src/scripts/install.py index 9f7363a48e..46dc6e09a6 100755 --- a/src/scripts/install.py +++ b/src/scripts/install.py @@ -168,9 +168,6 @@ class PercentSignTemplate(string.Template): bin_dir = os.path.join(options.prefix, options.bindir) lib_dir = os.path.join(options.prefix, options.libdir) - target_doc_dir = os.path.join(options.prefix, - options.docdir, - 'botan-%d.%d.%d' % (ver_major, ver_minor, ver_patch)) target_include_dir = os.path.join(options.prefix, options.includedir, 'botan-%d' % (ver_major), @@ -182,7 +179,7 @@ class PercentSignTemplate(string.Template): else: app_exe = process_template('botan%{program_suffix}') - for d in [options.prefix, lib_dir, bin_dir, target_doc_dir, target_include_dir]: + for d in [options.prefix, lib_dir, bin_dir, target_include_dir]: makedirs(prepend_destdir(d)) build_include_dir = os.path.join(options.build_dir, 'include', 'botan') @@ -259,16 +256,19 @@ class PercentSignTemplate(string.Template): for py in os.listdir(py_dir): copy_file(os.path.join(py_dir, py), prepend_destdir(os.path.join(py_lib_path, py))) - shutil.rmtree(prepend_destdir(target_doc_dir), True) - shutil.copytree(cfg['doc_output_dir'], prepend_destdir(target_doc_dir)) + if cfg['with_documentation']: + target_doc_dir = os.path.join(options.prefix, options.docdir, + 'botan-%d.%d.%d' % (ver_major, ver_minor, ver_patch)) - for f in [f for f in os.listdir(cfg['doc_dir']) if f.endswith('.txt')]: - copy_file(os.path.join(cfg['doc_dir'], f), prepend_destdir(os.path.join(target_doc_dir, f))) + shutil.rmtree(prepend_destdir(target_doc_dir), True) + shutil.copytree(cfg['doc_output_dir'], prepend_destdir(target_doc_dir)) - copy_file(os.path.join(cfg['base_dir'], 'license.txt'), - prepend_destdir(os.path.join(target_doc_dir, 'license.txt'))) - copy_file(os.path.join(cfg['base_dir'], 'news.rst'), - prepend_destdir(os.path.join(target_doc_dir, 'news.txt'))) + copy_file(os.path.join(cfg['base_dir'], 'license.txt'), + prepend_destdir(os.path.join(target_doc_dir, 'license.txt'))) + copy_file(os.path.join(cfg['base_dir'], 'news.rst'), + prepend_destdir(os.path.join(target_doc_dir, 'news.txt'))) + for f in [f for f in os.listdir(cfg['doc_dir']) if f.endswith('.txt')]: + copy_file(os.path.join(cfg['doc_dir'], f), prepend_destdir(os.path.join(target_doc_dir, f))) logging.info('Botan %s installation complete', cfg['version']) return 0 From fb3dc25afb12024aeabe879da02f5f3bbf2a32f9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 10:20:04 -0500 Subject: [PATCH 0244/1008] Lint fixes [ci skip] --- configure.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configure.py b/configure.py index 03f935e35f..2d831b4478 100755 --- a/configure.py +++ b/configure.py @@ -269,7 +269,7 @@ def src_info(self, typ): def make_build_doc_commands(source_paths, build_paths, options): - if options.with_documentation == False: + if options.with_documentation is False: return "" def build_manual_command(src_dir, dst_dir): @@ -1217,7 +1217,7 @@ def gen_flags(): return (' '.join(gen_flags())).strip() - def cc_lang_flags(self, options): + def cc_lang_flags(self): return self.lang_flags def cc_compile_flags(self, options): @@ -1641,12 +1641,12 @@ def _write_footer(self, fd, library_link, cli_link, tests_link): fd.write('option(ENABLED_LTO "If enabled link time optimization will be used" OFF)\n\n') fd.write('set(COMPILER_FEATURES_RELEASE %s %s %s)\n' - % (self._cc.cc_lang_flags(self._options_release), + % (self._cc.cc_lang_flags(), self._cc.cc_compile_flags(self._options_release), self._cc.mach_abi_link_flags(self._options_release))) fd.write('set(COMPILER_FEATURES_DEBUG %s %s %s)\n' - % (self._cc.cc_lang_flags(self._options_debug), + % (self._cc.cc_lang_flags(), self._cc.cc_compile_flags(self._options_debug), self._cc.mach_abi_link_flags(self._options_debug))) @@ -2033,7 +2033,7 @@ def configure_command_line(): 'cxx_abi_flags': cc.mach_abi_link_flags(options), 'linker': cc.linker_name or '$(CXX)', - 'cc_lang_flags': cc.cc_lang_flags(options), + 'cc_lang_flags': cc.cc_lang_flags(), 'cc_compile_flags': cc.cc_compile_flags(options), 'cc_warning_flags': cc.cc_warning_flags(options), @@ -2964,7 +2964,7 @@ def deduce_compiler_type_from_cc_bin(cc_bin): logging.info('Guessing target processor is a %s/%s (use --cpu to set)' % ( options.arch, options.cpu)) - if options.with_sphinx is None and options.with_documentation == True: + if options.with_sphinx is None and options.with_documentation is True: if have_program('sphinx-build'): logging.info('Found sphinx-build (use --without-sphinx to disable)') options.with_sphinx = True @@ -3043,7 +3043,7 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.build_fuzzers == 'klee' and options.os != 'llvm': raise UserError('Building for KLEE requires targetting LLVM') - if options.with_documentation == False: + if options.with_documentation is False: if options.with_doxygen: raise UserError('Using --with-doxygen plus --without-documentation makes no sense') if options.with_sphinx: From 5118e34332b47b756ba4ff555661580fc7dbdfa3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 12:08:00 -0500 Subject: [PATCH 0245/1008] Start using Travis default XCode image (8.3) --- src/scripts/ci/travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/scripts/ci/travis.yml b/src/scripts/ci/travis.yml index 397a88029d..499f222861 100644 --- a/src/scripts/ci/travis.yml +++ b/src/scripts/ci/travis.yml @@ -6,7 +6,6 @@ os: dist: trusty sudo: required -osx_image: xcode8.2 compiler: - clang From 83f52e906d15cadae8bd491359768ef3ca6bf958 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 11:52:53 -0500 Subject: [PATCH 0246/1008] Allow overriding ar command Splits up the ar command and ar options to make this possible. Removes support for calling `ranlib` after `ar`: testing in #1317 confirms that all platforms we support no longer need it. See #1237. Also fixes #455 --- configure.py | 32 ++++++++++++++++------- src/build-data/cc/clang.txt | 8 ------ src/build-data/cc/ekopath.txt | 10 ++----- src/build-data/cc/gcc.txt | 7 ----- src/build-data/cc/hpcc.txt | 8 ------ src/build-data/cc/icc.txt | 7 ----- src/build-data/cc/msvc.txt | 1 + src/build-data/cc/pgi.txt | 7 ----- src/build-data/cc/sunstudio.txt | 10 ++----- src/build-data/cc/xlc.txt | 7 ----- src/build-data/makefile/gmake.in | 3 +-- src/build-data/makefile/gmake_commands.in | 1 - src/build-data/makefile/nmake.in | 2 +- src/build-data/os/darwin.txt | 4 --- src/build-data/os/ios.txt | 4 --- src/build-data/os/llvm.txt | 3 ++- src/build-data/os/mingw.txt | 3 --- src/scripts/ci_build.py | 2 +- 18 files changed, 32 insertions(+), 87 deletions(-) diff --git a/configure.py b/configure.py index 2d831b4478..23cc1f14b6 100755 --- a/configure.py +++ b/configure.py @@ -331,6 +331,9 @@ def process_command_line(args): # pylint: disable=too-many-locals help='set compiler ABI flags', default='') + target_group.add_option('--ar-command', dest='ar_command', metavar='AR', default=None, + help='set path to static archive creator') + target_group.add_option('--with-endian', metavar='ORDER', default=None, help='override byte order guess') @@ -615,6 +618,13 @@ def parse_multiple_enable(modules): options.disable_intrinsics = parse_multiple_enable(options.disable_intrinsics) + # Take some values from environment, if not set on command line + + if options.ar_command is None: + options.ar_command = os.getenv('AR') + if options.compiler_binary is None: + options.compiler_binary = os.getenv('CXX') + return options @@ -1088,8 +1098,8 @@ def __init__(self, infofile): 'add_lib_dir_option': '-L', 'add_lib_option': '-l', 'add_framework_option': '-framework ', - 'compile_flags': '', - 'debug_info_flags': '', + 'compile_flags': '-c', + 'debug_info_flags': '-g', 'optimization_flags': '', 'size_optimization_flags': '', 'coverage_flags': '', @@ -1102,6 +1112,7 @@ def __init__(self, infofile): 'visibility_build_flags': '', 'visibility_attribute': '', 'ar_command': None, + 'ar_options': None, 'makefile_style': '' }) @@ -1110,6 +1121,7 @@ def __init__(self, infofile): self.add_lib_option = lex.add_lib_option self.add_lib_dir_option = lex.add_lib_dir_option self.ar_command = lex.ar_command + self.ar_options = lex.ar_options self.binary_link_commands = force_to_dict(lex.binary_link_commands) self.binary_name = lex.binary_name self.compile_flags = lex.compile_flags @@ -1306,8 +1318,8 @@ def __init__(self, infofile): 'soname_pattern_abi': '', 'soname_pattern_base': '', 'static_suffix': 'a', - 'ar_command': 'ar crs', - 'ar_needs_ranlib': False, + 'ar_command': 'ar', + 'ar_options': '', 'install_root': '/usr/local', 'header_dir': 'include', 'bin_dir': 'bin', @@ -1318,6 +1330,9 @@ def __init__(self, infofile): 'install_cmd_exec': 'install -m 755' }) + if lex.ar_command == 'ar' and lex.ar_options == '': + lex.ar_options = 'crs' + if lex.soname_pattern_base: self.soname_pattern_base = lex.soname_pattern_base if lex.soname_pattern_patch == '' and lex.soname_pattern_abi == '': @@ -1343,7 +1358,7 @@ def __init__(self, infofile): self.aliases = lex.aliases self.ar_command = lex.ar_command - self.ar_needs_ranlib = bool(lex.ar_needs_ranlib) + self.ar_options = lex.ar_options self.bin_dir = lex.bin_dir self.building_shared_supported = (True if lex.building_shared_supported == 'yes' else False) self.doc_dir = lex.doc_dir @@ -1358,9 +1373,6 @@ def __init__(self, infofile): self.static_suffix = lex.static_suffix self.target_features = lex.target_features - def ranlib_command(self): - return 'ranlib' if self.ar_needs_ranlib else 'true' - def defines(self, options): r = [] r += ['TARGET_OS_IS_%s' % (self.basename.upper())] @@ -2067,8 +2079,8 @@ def configure_command_line(): 'fuzzer_libs': '' if options.fuzzer_lib is None else '%s%s' % (cc.add_lib_option, options.fuzzer_lib), 'python_exe': sys.executable, - 'ar_command': cc.ar_command or osinfo.ar_command, - 'ranlib_command': osinfo.ranlib_command(), + 'ar_command': options.ar_command or cc.ar_command or osinfo.ar_command, + 'ar_options': cc.ar_options or osinfo.ar_options, 'install_cmd_exec': osinfo.install_cmd_exec, 'install_cmd_data': osinfo.install_cmd_data, diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 992748de74..cfff2e2eb3 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -2,19 +2,11 @@ macro_name CLANG binary_name clang++ -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l -add_framework_option "-framework " - lang_flags "-std=c++11 -D_REENTRANT" warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual" maintainer_warning_flags "-Wunreachable-code -Wdocumentation -Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unreachable-code -Wno-error=deprecated-declarations" -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-O3" size_optimization_flags "-Os" #sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" diff --git a/src/build-data/cc/ekopath.txt b/src/build-data/cc/ekopath.txt index 549c21a23d..c127b78f81 100644 --- a/src/build-data/cc/ekopath.txt +++ b/src/build-data/cc/ekopath.txt @@ -2,19 +2,13 @@ macro_name PATHSCALE binary_name pathCC -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-O3" lang_flags "-D_REENTRANT -ansi -Wno-long-long" warning_flags "-W -Wall" -ar_command "pathCC -ar -o" +ar_command pathCC +ar_options "-ar -o" shared_flags "-fPIC" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 7249fae8e5..88e7089ce3 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -2,11 +2,6 @@ macro_name GCC binary_name g++ -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - lang_flags "-std=c++11 -D_REENTRANT" # This should only contain flags which are included in GCC 4.8 @@ -14,8 +9,6 @@ warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wstrict-overflow=5 -W maintainer_warning_flags "-Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=strict-overflow -Wno-error=deprecated-declarations" -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-O3" size_optimization_flags "-Os" diff --git a/src/build-data/cc/hpcc.txt b/src/build-data/cc/hpcc.txt index 2f2686d101..aa305bf82a 100644 --- a/src/build-data/cc/hpcc.txt +++ b/src/build-data/cc/hpcc.txt @@ -2,15 +2,7 @@ macro_name HP_ACC binary_name aCC -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - lang_flags "-AA -ext +eh -z" - -compile_flags "-c" -debug_info_flags "-g" optimization_flags "+O2" warning_flags "+w" shared_flags "+Z" diff --git a/src/build-data/cc/icc.txt b/src/build-data/cc/icc.txt index f1b7e5a159..cdc250187c 100644 --- a/src/build-data/cc/icc.txt +++ b/src/build-data/cc/icc.txt @@ -2,13 +2,6 @@ macro_name INTEL binary_name icpc -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-O2" size_optimization_flags "-Os" diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 4d97f9d57e..3f7f360e4d 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -26,6 +26,7 @@ visibility_build_flags "/DBOTAN_DLL=__declspec(dllexport)" visibility_attribute "__declspec(dllimport)" ar_command lib +ar_options "" makefile_style nmake diff --git a/src/build-data/cc/pgi.txt b/src/build-data/cc/pgi.txt index 06b2f84005..e8c65ea3a8 100644 --- a/src/build-data/cc/pgi.txt +++ b/src/build-data/cc/pgi.txt @@ -2,13 +2,6 @@ macro_name PORTLAND_GROUP binary_name pgCC -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-fast -Minline" shared_flags "-fPIC" diff --git a/src/build-data/cc/sunstudio.txt b/src/build-data/cc/sunstudio.txt index c2fc97a01b..fd87533a5d 100644 --- a/src/build-data/cc/sunstudio.txt +++ b/src/build-data/cc/sunstudio.txt @@ -2,20 +2,14 @@ macro_name SUN_STUDIO binary_name CC -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-xO2" shared_flags "-KPIC" warning_flags "+w -erroff=truncwarn,wnoretvalue" lang_flags "-std=c++11 +p -features=extensions -D__FUNCTION__=__func__" -ar_command "CC -xar -o" +ar_command CC +ar_options "-xar -o" makefile_style gmake diff --git a/src/build-data/cc/xlc.txt b/src/build-data/cc/xlc.txt index 36eaf29d22..28620b7e14 100644 --- a/src/build-data/cc/xlc.txt +++ b/src/build-data/cc/xlc.txt @@ -2,13 +2,6 @@ macro_name XLC binary_name xlC -output_to_option "-o " -add_include_dir_option -I -add_lib_dir_option -L -add_lib_option -l - -compile_flags "-c" -debug_info_flags "-g" optimization_flags "-O2" lang_flags "-std=c++11" diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index a943392ba6..c8e7017e5d 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -47,8 +47,7 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) $(STATIC_LIB): $(LIBOBJS) $(RM) $(STATIC_LIB) - $(AR) $(STATIC_LIB) $(LIBOBJS) - $(RANLIB) $(STATIC_LIB) + $(AR) %{ar_options} $(STATIC_LIB) $(LIBOBJS) # Fake targets .PHONY: clean distclean docs install valgrind lcov diff --git a/src/build-data/makefile/gmake_commands.in b/src/build-data/makefile/gmake_commands.in index 33c6634c32..ae05864436 100644 --- a/src/build-data/makefile/gmake_commands.in +++ b/src/build-data/makefile/gmake_commands.in @@ -9,6 +9,5 @@ INSTALL_CMD_DATA = %{install_cmd_data} LN = ln -fs MKDIR = @mkdir MKDIR_INSTALL = @umask 022; mkdir -p -m 755 -RANLIB = %{ranlib_command} RM = @rm -f RM_R = @rm -rf diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index b721ffd677..8ed1625f52 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -67,7 +67,7 @@ tests: $(TEST) !If "$(SO_OBJ_FLAGS)" == "" # static lib $(LIB_FILENAME): $(LIBOBJS) - $(AR) /OUT:$@ $(LIBOBJS) + $(AR) %{ar_options} /OUT:$@ $(LIBOBJS) !Else # shared lib # Creates the DLL $(SO_FILENAME) and the .lib $(LIB_FILENAME) diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index 6b02bd8dda..78ad4a948c 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -4,10 +4,6 @@ soname_pattern_base "libbotan-{version_major}.dylib" soname_pattern_abi "libbotan-{version_major}.{abi_rev}.dylib" soname_pattern_patch "libbotan-{version_major}.{abi_rev}.{version_minor}.{version_patch}.dylib" -# It doesn't have the 's' option; you need to use needs ranlib -ar_command "ar cr" -ar_needs_ranlib yes - doc_dir doc diff --git a/src/build-data/os/ios.txt b/src/build-data/os/ios.txt index 5ac6824a49..ddd283cd93 100644 --- a/src/build-data/os/ios.txt +++ b/src/build-data/os/ios.txt @@ -4,10 +4,6 @@ soname_pattern_base "libbotan-{version_major}.{version_minor}.dylib" soname_pattern_abi "libbotan-{version_major}.{version_minor}.{abi_rev}.dylib" soname_pattern_patch "libbotan-{version_major}.{version_minor}.{abi_rev}.{version_patch}.dylib" -# It doesn't have the 's' option; you need to use needs ranlib -ar_command "ar cr" -ar_needs_ranlib yes - doc_dir doc diff --git a/src/build-data/os/llvm.txt b/src/build-data/os/llvm.txt index 119d641e4b..9eeff5cbaf 100644 --- a/src/build-data/os/llvm.txt +++ b/src/build-data/os/llvm.txt @@ -2,7 +2,8 @@ obj_suffix bc building_shared_supported no -ar_command "llvm-link -o" +ar_command llvm-link +ar_options -o filesystem diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index 45fad382d2..bf4333ec00 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -6,9 +6,6 @@ static_suffix a building_shared_supported no -ar_command "ar crs" -ar_needs_ranlib yes - install_root /mingw header_dir include lib_dir lib diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 1294921db7..e7fd1e80c8 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -129,8 +129,8 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro else: raise Exception("Unknown cross target '%s' for iOS" % (target)) elif target == 'cross-win32': - flags += ['--cpu=x86_32', '--cc-abi-flags=-static'] cc_bin = 'i686-w64-mingw32-g++' + flags += ['--cpu=x86_32', '--cc-abi-flags=-static', '--ar-command=i686-w64-mingw32-ar'] test_cmd = [os.path.join(root_dir, 'botan-test.exe')] # No runtime prefix required for Wine else: From 934f904f5e1ea6280eb294cc72bbc525eac53250 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 12:05:31 -0500 Subject: [PATCH 0247/1008] Remove unused command variables in makefiles --- src/build-data/makefile/gmake_commands.in | 8 -------- src/build-data/makefile/header.in | 7 +++++-- src/build-data/makefile/nmake.in | 8 +------- 3 files changed, 6 insertions(+), 17 deletions(-) diff --git a/src/build-data/makefile/gmake_commands.in b/src/build-data/makefile/gmake_commands.in index ae05864436..3d492ae51b 100644 --- a/src/build-data/makefile/gmake_commands.in +++ b/src/build-data/makefile/gmake_commands.in @@ -1,13 +1,5 @@ # Program aliases -AR = %{ar_command} COPY = cp -COPY_R = cp -r -CD = @cd -ECHO = @echo -INSTALL_CMD_EXEC = %{install_cmd_exec} -INSTALL_CMD_DATA = %{install_cmd_data} LN = ln -fs -MKDIR = @mkdir -MKDIR_INSTALL = @umask 022; mkdir -p -m 755 RM = @rm -f RM_R = @rm -rf diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index 9929bc4ba0..de31c8a0b9 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -1,9 +1,12 @@ -# Compiler Options +# Paths to relevant programs + CXX = %{cxx} %{cxx_abi_flags} LINKER = %{linker} - +AR = %{ar_command} PYTHON_EXE = %{python_exe} +# Compiler Flags + LANG_FLAGS = %{cc_lang_flags} CXXFLAGS = %{cc_compile_flags} WARN_FLAGS = %{cc_warning_flags} diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index 8ed1625f52..eba3a774dc 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -1,14 +1,8 @@ %{header_in} ### Aliases for Common Programs -AR = %{ar_command} + COPY = copy -CD = @cd -ECHO = @echo -INSTALL = %{install_cmd_exec} -INSTALL_CMD = %{install_cmd_exec} -MKDIR = @md -MKDIR_INSTALL = @md RM = @del /Q RM_R = $(RM) /S RMDIR = @rmdir From 9dd419140c06724fa9347e916fcc9d864f2fcf58 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 12:18:48 -0500 Subject: [PATCH 0248/1008] Add a script to handle `make clean` target This removes a lot of logic that cannot be shared between the nmake (Windows environment) and gnumake (Unix env) makefiles. Also it cleans up inconsistencies, eg nmake's make distclean did not remove amalgamation files, but gnumake version did. --- configure.py | 18 +++- src/build-data/makefile/gmake.in | 52 +--------- src/build-data/makefile/gmake_commands.in | 5 - src/build-data/makefile/header.in | 40 ++++++++ src/build-data/makefile/nmake.in | 58 +---------- src/scripts/ci_build.py | 4 + src/scripts/cleanup.py | 115 ++++++++++++++++++++++ 7 files changed, 177 insertions(+), 115 deletions(-) delete mode 100644 src/build-data/makefile/gmake_commands.in create mode 100755 src/scripts/cleanup.py diff --git a/configure.py b/configure.py index 23cc1f14b6..15018a27a0 100755 --- a/configure.py +++ b/configure.py @@ -2096,6 +2096,9 @@ def configure_command_line(): if options.house_curve else '' } + variables['test_exe'] = os.path.join(variables['out_dir'], + 'botan-test' + variables['program_suffix']) + if options.build_shared_lib: if osinfo.soname_pattern_base != None: @@ -2137,6 +2140,9 @@ def configure_command_line(): variables['libname'] = 'botand' else: variables['libname'] = 'botan' + + variables['lib_basename'] = variables['libname'] + variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan-cli' + variables['program_suffix']) else: variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) @@ -2144,6 +2150,9 @@ def configure_command_line(): # This can be made consistent over all platforms in the future variables['libname'] = 'botan-%d' % (Version.major()) + variables['lib_basename'] = 'lib' + variables['libname'] + variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) + if options.os == 'llvm': # llvm-link doesn't understand -L or -l flags variables['link_to_botan'] = '%s/lib%s.a' % (variables['out_dir'], variables['libname']) @@ -2159,7 +2168,6 @@ def configure_command_line(): if variables["makefile_style"] == "gmake": templates = [ - ('gmake_commands.in', True), ('gmake_dso.in', options.build_shared_lib), ('gmake_coverage.in', options.with_coverage_info), ('gmake_fuzzers.in', options.build_fuzzers) @@ -3160,14 +3168,16 @@ def link_headers(headers, visibility, directory): link_headers(build_config.external_headers, 'external', build_config.external_include_dir) - with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: - json.dump(template_vars, f, sort_keys=True, indent=2) - if options.amalgamation: amalgamation_cpp_files = AmalgamationGenerator(build_config, using_mods, options).generate() build_config.lib_sources = sorted(amalgamation_cpp_files) template_vars.update(MakefileListsGenerator(build_config, options, using_mods, cc, arch, osinfo).generate()) + template_vars['generated_files'] = ' '.join(build_config.lib_sources) + + with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: + json.dump(template_vars, f, sort_keys=True, indent=2) + if options.with_bakefile: gen_bakefile(build_config, options, template_vars['link_to']) diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index c8e7017e5d..15e0277e6c 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -1,41 +1,17 @@ %{header_in} -%{gmake_commands_in} - -# Executable targets -CLI = %{out_dir}/botan%{program_suffix} -TEST = %{out_dir}/botan-test%{program_suffix} +COPY = cp +LN = ln -fs # Library targets -LIB_BASENAME = %{lib_prefix}%{libname} +LIB_BASENAME = %{lib_basename} STATIC_LIB = %{out_dir}/$(LIB_BASENAME).%{static_suffix} LIBRARIES = $(STATIC_LIB) -# File Lists -INCLUDE_DIR = %{botan_include_dir} - -LIBOBJS = %{lib_objs} - -CLIOBJS = %{cli_objs} - -TESTOBJS = %{test_objs} - -# First make target. Will be used by default -all: libs cli tests - -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - # Link Commands %{gmake_dso_in} libs: $(LIBRARIES) -cli: $(CLI) -tests: $(TEST) $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(CLI_LINKS_TO) -o $(CLI) @@ -46,7 +22,6 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) $(TEST_POST_LINK_CMD) $(STATIC_LIB): $(LIBOBJS) - $(RM) $(STATIC_LIB) $(AR) %{ar_options} $(STATIC_LIB) $(LIBOBJS) # Fake targets @@ -56,26 +31,5 @@ $(STATIC_LIB): $(LIBOBJS) %{gmake_fuzzers_in} -SPHINX_CONFIG = %{sphinx_config_dir} -SPHINX_OPTS = -b html - -clean: - -$(RM) %{libobj_dir}/* - -$(RM) %{testobj_dir}/* - -$(RM) %{cliobj_dir}/* - -$(RM) $(SONAME_ABI) $(SONAME_BASE) - -$(RM) $(LIBRARIES) $(CLI) $(TEST) - -distclean: clean - $(RM) Makefile - $(RM_R) %{build_dir} - $(RM) botan_all.cpp botan_all.h - valgrind: valgrind --log-file=botan.%%p.log -v --track-origins=yes --leak-check=full --show-reachable=yes ./botan-test - -docs: -%{build_doc_commands} - -install: $(CLI) docs - $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} diff --git a/src/build-data/makefile/gmake_commands.in b/src/build-data/makefile/gmake_commands.in deleted file mode 100644 index 3d492ae51b..0000000000 --- a/src/build-data/makefile/gmake_commands.in +++ /dev/null @@ -1,5 +0,0 @@ -# Program aliases -COPY = cp -LN = ln -fs -RM = @rm -f -RM_R = @rm -rf diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index de31c8a0b9..9469600537 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -29,3 +29,43 @@ INSTALLED_LIB_DIR = %{prefix}/%{libdir} CLI_POST_LINK_CMD = %{cli_post_link_cmd} TEST_POST_LINK_CMD = %{test_post_link_cmd} + +# Executable targets +CLI = %{cli_exe} +TEST = %{test_exe} + +# The primary target +all: libs cli tests + +cli: $(CLI) +tests: $(TEST) + +# Object Files +LIBOBJS = %{lib_objs} + +CLIOBJS = %{cli_objs} + +TESTOBJS = %{test_objs} + +# Build Commands +%{lib_build_cmds} + +%{cli_build_cmds} + +%{test_build_cmds} + +# Misc targets +SPHINX_CONFIG = %{sphinx_config_dir} +SPHINX_OPTS = -b html + +docs: +%{build_doc_commands} + +clean: + $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" + +distclean: + $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" --distclean + +install: $(CLI) docs + $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index eba3a774dc..c44fd33aa5 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -3,19 +3,12 @@ ### Aliases for Common Programs COPY = copy -RM = @del /Q -RM_R = $(RM) /S -RMDIR = @rmdir - -# Executable targets -CLI = %{out_dir}\botan-cli%{program_suffix} -TEST = %{out_dir}\botan-test%{program_suffix} # Library targets # # LIB_FILENAME is always the .lib file, that is either a static lib or a # by-product of the DLL creation used to link the DLL into applications -LIB_BASENAME = %{libname} +LIB_BASENAME = %{lib_basename} LIB_FILENAME = %{out_dir}\$(LIB_BASENAME).lib !If "$(SO_OBJ_FLAGS)" == "" @@ -27,24 +20,6 @@ SO_FILENAME = %{out_dir}\$(LIB_BASENAME).dll LIBRARIES = $(SO_FILENAME) !Endif - -# File Lists -LIBOBJS = %{lib_objs} - -CLIOBJS = %{cli_objs} - -TESTOBJS = %{test_objs} - -# First make target. Will be used by default -all: libs cli tests - -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - # Link Commands $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) /OUT:$@ $(CLIOBJS) $(LIB_FILENAME) $(CLI_LINKS_TO) @@ -55,8 +30,6 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) $(TEST_POST_LINK_CMD) libs: $(LIBRARIES) -cli: $(CLI) -tests: $(TEST) !If "$(SO_OBJ_FLAGS)" == "" # static lib @@ -68,32 +41,3 @@ $(LIB_FILENAME): $(LIBOBJS) $(SO_FILENAME): $(LIBOBJS) $(LIB_LINK_CMD) /OUT:$@ $(LIBOBJS) $(LIB_LINKS_TO) !Endif - -# Fake Targets - -SPHINX_CONFIG = %{sphinx_config_dir} -SPHINX_OPTS = -b html - -docs: -%{build_doc_commands} - -clean: - -$(RM) %{libobj_dir}\* - -$(RM) %{cliobj_dir}\* - -$(RM) %{testobj_dir}\* - -$(RM) %{out_dir}\*.manifest - -$(RM) %{out_dir}\*.exp - -$(RM) %{out_dir}\*.dll - -$(RM) $(LIBRARIES) $(CLI) $(TEST) - -distclean: clean - $(RM_R) %{build_dir} - $(RMDIR) %{build_dir}\include\botan\internal - $(RMDIR) %{build_dir}\include\botan - $(RMDIR) %{build_dir}\include - $(RMDIR) %{build_dir}\lib %{build_dir}\tests - $(RMDIR) %{build_dir} - $(RM) Makefile $(LIB_BASENAME).* $(CLI).* - -install: $(CLI) docs - $(PYTHON_EXE) $(SCRIPTS_DIR)\install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index e7fd1e80c8..b4ae98a0ac 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -362,6 +362,7 @@ def main(args=None): 'src/python/botan2.py', 'src/scripts/ci_build.py', 'src/scripts/install.py', + 'src/scripts/cleanup.py', 'src/scripts/website.py', 'src/scripts/python_unittests.py', 'src/scripts/python_unittests_unix.py'] @@ -476,6 +477,9 @@ def main(args=None): # Otherwise generate a local HTML report cmds.append(['genhtml', cov_file, '--output-directory', 'lcov-out']) + cmds.append(make_cmd + ['clean']) + cmds.append(make_cmd + ['distclean']) + for cmd in cmds: if options.dry_run: print('$ ' + ' '.join(cmd)) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py new file mode 100755 index 0000000000..36d35d3ecd --- /dev/null +++ b/src/scripts/cleanup.py @@ -0,0 +1,115 @@ +#!/usr/bin/env python + +""" +Implements the "make clean" target + +(C) 2017 Jack Lloyd + +Botan is released under the Simplified BSD License (see license.txt) +""" + +import os +import sys +import re +import optparse # pylint: disable=deprecated-module +import logging +import json +import shutil + +def remove_dir(d): + try: + if os.access(d, os.X_OK): + logging.debug('Removing directory "%s"', d) + shutil.rmtree(d) + except Exception as e: # pylint: disable=broad-except + logging.error('Failed removing directory "%s": %s', d, e) + +def remove_file(f): + try: + if os.access(f, os.R_OK): + logging.debug('Removing file "%s"', f) + os.unlink(f) + except Exception as e: # pylint: disable=broad-except + logging.error('Failed removing file "%s": %s', f, e) + +def remove_all_in_dir(d): + if os.access(d, os.X_OK): + logging.debug('Removing all files in directory "%s"', d) + + for f in os.listdir(d): + remove_file(os.path.join(d, f)) + +def main(args=None): + if args is None: + args = sys.argv + + parser = optparse.OptionParser() + parser.add_option('--build-dir', default='build', metavar='DIR', + help='specify build dir to clean (default %default)') + + parser.add_option('--distclean', action='store_true', default=False, + help='clean everything') + parser.add_option('--verbose', action='store_true', default=False, + help='noisy logging') + + (options, args) = parser.parse_args(args) + + logging.basicConfig(stream=sys.stderr, + format='%(levelname) 7s: %(message)s', + level=logging.DEBUG if options.verbose else logging.INFO) + + if len(args) > 1: + logging.error("Unknown arguments") + return 1 + + build_dir = options.build_dir + + if os.access(build_dir, os.X_OK) != True: + logging.error("Unable to access build directory") + return 1 + + build_config_path = os.path.join(build_dir, 'build_config.json') + build_config_str = None + + try: + build_config_file = open(build_config_path) + build_config_str = build_config_file.read() + build_config_file.close() + except Exception: # pylint: disable=broad-except + # Ugh have to do generic catch as different exception type thrown in Python2 + logging.error("Unable to access build_config.json in build dir") + return 1 + + build_config = json.loads(build_config_str) + + #print(json.dumps(build_config, sort_keys=True, indent=3)) + + if options.distclean: + build_dir = build_config['build_dir'] + remove_dir(build_dir) + else: + for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir']: + dir_path = build_config[dir_type] + remove_all_in_dir(dir_path) + + remove_file(build_config['cli_exe']) + remove_file(build_config['test_exe']) + + matches_libname = re.compile('^' + build_config['lib_basename'] + '.([a-z]+)') + + known_suffix = ['a', 'so', 'dll', 'manifest', 'exp'] + + for f in os.listdir(build_config['out_dir']): + match = matches_libname.match(f) + if match and match.group(1) in known_suffix: + remove_file(f) + + if options.distclean: + if 'generated_files' in build_config: + for f in build_config['generated_files'].split(' '): + remove_file(f) + + remove_file(build_config['makefile_path']) + +if __name__ == '__main__': + sys.exit(main()) From 77607df3bb71d996c37f6dd5aaed085df1e8d5d7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 16:09:16 -0500 Subject: [PATCH 0249/1008] Deprecate PathScale and HP aCC support [ci skip] PathScale is out of business, and HP is untested and almost certainly doesn't work. --- doc/deprecated.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/deprecated.txt b/doc/deprecated.txt index 291675aef4..2190dd072e 100644 --- a/doc/deprecated.txt +++ b/doc/deprecated.txt @@ -15,6 +15,8 @@ in the source. - Platform support for BeOS and IRIX operating systems +- Support for PathScale and HP compilers + - TLS: 3DES and SEED ciphersuites - TLS: Anonymous DH/ECDH ciphersuites From 33e468711d09430520d2404fbc7edaa6350cdfdc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 16:42:11 -0500 Subject: [PATCH 0250/1008] Use this to prevent fallback to Unix ar default args --- src/build-data/cc/msvc.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 3f7f360e4d..51608dcfae 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -26,7 +26,7 @@ visibility_build_flags "/DBOTAN_DLL=__declspec(dllexport)" visibility_attribute "__declspec(dllimport)" ar_command lib -ar_options "" +ar_options "/nologo" makefile_style nmake From f3d9988ec6e0f5be0ae7f5881e7101d2eb275074 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 16:58:02 -0500 Subject: [PATCH 0251/1008] Add the build commands back to the main makefiles The header is processed early, but when doing an amalgamation we need to regenerate the makefile template. But we only do that for the main makefile not the include inputs. Should fix this but for now just just get it to work. --- src/build-data/makefile/gmake.in | 14 ++++++++++++++ src/build-data/makefile/header.in | 14 -------------- src/build-data/makefile/nmake.in | 14 ++++++++++++++ 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index 15e0277e6c..9f37dd43b0 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -13,6 +13,20 @@ LIBRARIES = $(STATIC_LIB) libs: $(LIBRARIES) +# Object Files +LIBOBJS = %{lib_objs} + +CLIOBJS = %{cli_objs} + +TESTOBJS = %{test_objs} + +# Build Commands +%{lib_build_cmds} + +%{cli_build_cmds} + +%{test_build_cmds} + $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(CLI_LINKS_TO) -o $(CLI) $(CLI_POST_LINK_CMD) diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index 9469600537..0d7197eaf7 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -40,20 +40,6 @@ all: libs cli tests cli: $(CLI) tests: $(TEST) -# Object Files -LIBOBJS = %{lib_objs} - -CLIOBJS = %{cli_objs} - -TESTOBJS = %{test_objs} - -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - # Misc targets SPHINX_CONFIG = %{sphinx_config_dir} SPHINX_OPTS = -b html diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index c44fd33aa5..31b86c0003 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -20,6 +20,20 @@ SO_FILENAME = %{out_dir}\$(LIB_BASENAME).dll LIBRARIES = $(SO_FILENAME) !Endif +# Object Files +LIBOBJS = %{lib_objs} + +CLIOBJS = %{cli_objs} + +TESTOBJS = %{test_objs} + +# Build Commands +%{lib_build_cmds} + +%{cli_build_cmds} + +%{test_build_cmds} + # Link Commands $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) /OUT:$@ $(CLIOBJS) $(LIB_FILENAME) $(CLI_LINKS_TO) From db6a06c3ba303e65e1236324ec773bfce15764be Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 17:31:18 -0500 Subject: [PATCH 0252/1008] Fix dependencies --- src/build-data/makefile/gmake.in | 28 +++++++++++++----------- src/build-data/makefile/gmake_dso.in | 2 ++ src/build-data/makefile/header.in | 3 --- src/build-data/makefile/nmake.in | 32 +++++++++++++++------------- 4 files changed, 34 insertions(+), 31 deletions(-) diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index 9f37dd43b0..5346e2eec9 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -1,18 +1,5 @@ %{header_in} -COPY = cp -LN = ln -fs - -# Library targets -LIB_BASENAME = %{lib_basename} -STATIC_LIB = %{out_dir}/$(LIB_BASENAME).%{static_suffix} -LIBRARIES = $(STATIC_LIB) - -# Link Commands -%{gmake_dso_in} - -libs: $(LIBRARIES) - # Object Files LIBOBJS = %{lib_objs} @@ -27,6 +14,21 @@ TESTOBJS = %{test_objs} %{test_build_cmds} +COPY = cp + +docs: +%{build_doc_commands} + +# Library targets +LIB_BASENAME = %{lib_basename} +STATIC_LIB = %{out_dir}/$(LIB_BASENAME).%{static_suffix} +LIBRARIES = $(STATIC_LIB) + +# Link Commands +%{gmake_dso_in} + +libs: $(LIBRARIES) + $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(CLI_LINKS_TO) -o $(CLI) $(CLI_POST_LINK_CMD) diff --git a/src/build-data/makefile/gmake_dso.in b/src/build-data/makefile/gmake_dso.in index 13f7b0a3bd..abfe1e95f3 100644 --- a/src/build-data/makefile/gmake_dso.in +++ b/src/build-data/makefile/gmake_dso.in @@ -7,6 +7,8 @@ DARWIN_CURRENT_VER = %{version_packed}.%{so_abi_rev}.%{version_patch} SHARED_LIB = %{out_dir}/$(SONAME_PATCH) +LN = ln -fs + $(SHARED_LIB): $(LIBOBJS) $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $(SHARED_LIB) $(LN) $(SONAME_PATCH) %{out_dir}/$(SONAME_ABI) diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index 0d7197eaf7..f72b728825 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -44,9 +44,6 @@ tests: $(TEST) SPHINX_CONFIG = %{sphinx_config_dir} SPHINX_OPTS = -b html -docs: -%{build_doc_commands} - clean: $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index 31b86c0003..0eca6d6b4a 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -1,9 +1,25 @@ %{header_in} -### Aliases for Common Programs +# Object Files +LIBOBJS = %{lib_objs} + +CLIOBJS = %{cli_objs} + +TESTOBJS = %{test_objs} + +# Build Commands +%{lib_build_cmds} + +%{cli_build_cmds} + +%{test_build_cmds} + COPY = copy +docs: +%{build_doc_commands} + # Library targets # # LIB_FILENAME is always the .lib file, that is either a static lib or a @@ -20,20 +36,6 @@ SO_FILENAME = %{out_dir}\$(LIB_BASENAME).dll LIBRARIES = $(SO_FILENAME) !Endif -# Object Files -LIBOBJS = %{lib_objs} - -CLIOBJS = %{cli_objs} - -TESTOBJS = %{test_objs} - -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - # Link Commands $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) /OUT:$@ $(CLIOBJS) $(LIB_FILENAME) $(CLI_LINKS_TO) From 80c7a8bb6c93665dcdc9e2100b8b123c3af772b4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 17:39:25 -0500 Subject: [PATCH 0253/1008] CRL_Data is a struct not a class --- src/lib/x509/x509_crl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/x509/x509_crl.h b/src/lib/x509/x509_crl.h index c3c986cc1c..7c510712ac 100644 --- a/src/lib/x509/x509_crl.h +++ b/src/lib/x509/x509_crl.h @@ -15,10 +15,11 @@ namespace Botan { -class CRL_Data; class Extensions; class X509_Certificate; +struct CRL_Data; + /** * This class represents X.509 Certificate Revocation Lists (CRLs). */ From 5f96c5b87656ed967f1ef9ba6c313d7d886dabc5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 19:02:56 -0500 Subject: [PATCH 0254/1008] Fix missing header This caused a build failure when compiling with amalgamation + minimized. --- src/lib/utils/assert.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/utils/assert.h b/src/lib/utils/assert.h index 3f5f0231d2..8211ec262c 100644 --- a/src/lib/utils/assert.h +++ b/src/lib/utils/assert.h @@ -9,6 +9,7 @@ #ifndef BOTAN_ASSERTION_CHECKING_H_ #define BOTAN_ASSERTION_CHECKING_H_ +#include #include namespace Botan { From 027ff147d6ac50ddf934da7386912c3d091efdfc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 29 Nov 2017 23:33:40 -0500 Subject: [PATCH 0255/1008] Fixes for make clean --- configure.py | 8 ++++---- src/scripts/cleanup.py | 9 ++++++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/configure.py b/configure.py index 15018a27a0..4c8352e84a 100755 --- a/configure.py +++ b/configure.py @@ -2749,7 +2749,7 @@ def _generate_sources(self, amalgamation_headers, included_in_headers): #pylint: def generate(self): amalgamation_headers, included_in_headers = self._generate_headers() amalgamation_sources = self._generate_sources(amalgamation_headers, included_in_headers) - return amalgamation_sources + return (sorted(amalgamation_sources), sorted(amalgamation_headers)) class CompilerDetector(object): @@ -3169,11 +3169,11 @@ def link_headers(headers, visibility, directory): build_config.external_include_dir) if options.amalgamation: - amalgamation_cpp_files = AmalgamationGenerator(build_config, using_mods, options).generate() - build_config.lib_sources = sorted(amalgamation_cpp_files) + (amalgamation_cpp_files, amalgamation_headers) = AmalgamationGenerator(build_config, using_mods, options).generate() + build_config.lib_sources = amalgamation_cpp_files template_vars.update(MakefileListsGenerator(build_config, options, using_mods, cc, arch, osinfo).generate()) - template_vars['generated_files'] = ' '.join(build_config.lib_sources) + template_vars['generated_files'] = ' '.join(amalgamation_cpp_files + amalgamation_headers) with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: json.dump(template_vars, f, sort_keys=True, indent=2) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 36d35d3ecd..de64edde8c 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -21,6 +21,8 @@ def remove_dir(d): if os.access(d, os.X_OK): logging.debug('Removing directory "%s"', d) shutil.rmtree(d) + else: + logging.debug('Directory %s was missing', f) except Exception as e: # pylint: disable=broad-except logging.error('Failed removing directory "%s": %s', d, e) @@ -29,6 +31,8 @@ def remove_file(f): if os.access(f, os.R_OK): logging.debug('Removing file "%s"', f) os.unlink(f) + else: + logging.debug('File %s was missing', f) except Exception as e: # pylint: disable=broad-except logging.error('Failed removing file "%s": %s', f, e) @@ -86,6 +90,7 @@ def main(args=None): if options.distclean: build_dir = build_config['build_dir'] + remove_file(build_config['makefile_path']) remove_dir(build_dir) else: for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir']: @@ -102,14 +107,12 @@ def main(args=None): for f in os.listdir(build_config['out_dir']): match = matches_libname.match(f) if match and match.group(1) in known_suffix: - remove_file(f) + remove_file(os.path.join(build_config['out_dir'], f)) if options.distclean: if 'generated_files' in build_config: for f in build_config['generated_files'].split(' '): remove_file(f) - remove_file(build_config['makefile_path']) - if __name__ == '__main__': sys.exit(main()) From 347d9a86a3c97b59c7c5b8d761f10a8d3a984c0a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 30 Nov 2017 00:18:09 -0500 Subject: [PATCH 0256/1008] Lint fixes [ci skip] --- configure.py | 6 +++--- src/scripts/cleanup.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.py b/configure.py index 4c8352e84a..3ac4c82dd4 100755 --- a/configure.py +++ b/configure.py @@ -3169,11 +3169,11 @@ def link_headers(headers, visibility, directory): build_config.external_include_dir) if options.amalgamation: - (amalgamation_cpp_files, amalgamation_headers) = AmalgamationGenerator(build_config, using_mods, options).generate() - build_config.lib_sources = amalgamation_cpp_files + (amalg_cpp_files, amalg_headers) = AmalgamationGenerator(build_config, using_mods, options).generate() + build_config.lib_sources = amalg_cpp_files template_vars.update(MakefileListsGenerator(build_config, options, using_mods, cc, arch, osinfo).generate()) - template_vars['generated_files'] = ' '.join(amalgamation_cpp_files + amalgamation_headers) + template_vars['generated_files'] = ' '.join(amalg_cpp_files + amalg_headers) with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: json.dump(template_vars, f, sort_keys=True, indent=2) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index de64edde8c..6e46890037 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -22,7 +22,7 @@ def remove_dir(d): logging.debug('Removing directory "%s"', d) shutil.rmtree(d) else: - logging.debug('Directory %s was missing', f) + logging.debug('Directory %s was missing', d) except Exception as e: # pylint: disable=broad-except logging.error('Failed removing directory "%s": %s', d, e) From 69a519395949a1f816df022e4a09532f3c790166 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 30 Nov 2017 11:16:01 -0500 Subject: [PATCH 0257/1008] Remove support for setting install command Unused since the Python install script was introduced. --- configure.py | 8 +------- src/build-data/os/solaris.txt | 3 --- src/build-data/os/windows.txt | 3 --- src/build-data/os/winphone.txt | 3 --- 4 files changed, 1 insertion(+), 16 deletions(-) diff --git a/configure.py b/configure.py index 3ac4c82dd4..63038ee80e 100755 --- a/configure.py +++ b/configure.py @@ -1325,9 +1325,7 @@ def __init__(self, infofile): 'bin_dir': 'bin', 'lib_dir': 'lib', 'doc_dir': 'share/doc', - 'building_shared_supported': 'yes', - 'install_cmd_data': 'install -m 644', - 'install_cmd_exec': 'install -m 755' + 'building_shared_supported': 'yes' }) if lex.ar_command == 'ar' and lex.ar_options == '': @@ -1363,8 +1361,6 @@ def __init__(self, infofile): self.building_shared_supported = (True if lex.building_shared_supported == 'yes' else False) self.doc_dir = lex.doc_dir self.header_dir = lex.header_dir - self.install_cmd_data = lex.install_cmd_data - self.install_cmd_exec = lex.install_cmd_exec self.install_root = lex.install_root self.lib_dir = lex.lib_dir self.os_type = lex.os_type @@ -2081,8 +2077,6 @@ def configure_command_line(): 'python_exe': sys.executable, 'ar_command': options.ar_command or cc.ar_command or osinfo.ar_command, 'ar_options': cc.ar_options or osinfo.ar_options, - 'install_cmd_exec': osinfo.install_cmd_exec, - 'install_cmd_data': osinfo.install_cmd_data, 'lib_prefix': 'lib' if options.os != 'windows' else '', diff --git a/src/build-data/os/solaris.txt b/src/build-data/os/solaris.txt index 4e51f92697..893b7b5686 100644 --- a/src/build-data/os/solaris.txt +++ b/src/build-data/os/solaris.txt @@ -2,9 +2,6 @@ os_type unix soname_suffix "so" -install_cmd_data '/usr/ucb/install -m 644' -install_cmd_exec '/usr/ucb/install -m 755' - posix_mlock gettimeofday diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index 2a5e9bd965..daaf3916e7 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -9,9 +9,6 @@ soname_pattern_base "botan.dll" install_root c:\\Botan doc_dir docs -install_cmd_data "copy" -install_cmd_exec "copy" - cryptgenrandom gmtime_s diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt index ee43ee7022..bedcc9d2c2 100644 --- a/src/build-data/os/winphone.txt +++ b/src/build-data/os/winphone.txt @@ -9,9 +9,6 @@ building_shared_supported no install_root c:\\Botan doc_dir docs -install_cmd_data "copy" -install_cmd_exec "copy" - crypto_ng gmtime_s From f9b7b4df49b28ead21b1919597811f3968c1f843 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 30 Nov 2017 21:09:55 -0500 Subject: [PATCH 0258/1008] Describe cross builds [ci skip] --- doc/manual/building.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/doc/manual/building.rst b/doc/manual/building.rst index b3dbc97bb1..db24bbe72d 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -106,6 +106,24 @@ variant commonly used by Microsoft compilers. To add a new variant (eg, a build script for VMS), you will need to create a new template file in ``src/build-data/makefile``. +Cross Compiling +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Cross compiling refers to building software on one type of host (say Linux +x86-64) but creating a binary for some other type (say MinGW x86-32). This is +completely supported by the build system. To extend the example, we must tell +`configure.py` to use the MinGW tools: + + $ ./configure.py --os=mingw --cpu=x86_32 --cc-bin=i686-w64-mingw32-g++ --ar=i686-w64-mingw32-ar + ... + $ make + ... + $ file botan.exe + botan.exe: PE32 executable (console) Intel 80386, for MS Windows + +You can also specify the alternate tools by setting the `CXX` and `AR` +environment variables, as is commonly done with autoconf builds. + On Unix ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 20821ec08da3bb5c1431a633b0e7d46e744971f4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 30 Nov 2017 23:41:25 -0500 Subject: [PATCH 0259/1008] Add ability to disable static library build --- configure.py | 124 +++++++++++++++++----- src/build-data/makefile/gmake.in | 58 ++++++---- src/build-data/makefile/gmake_coverage.in | 6 -- src/build-data/makefile/gmake_dso.in | 17 --- src/build-data/makefile/gmake_fuzzers.in | 18 ---- src/build-data/makefile/header.in | 13 ++- src/build-data/makefile/nmake.in | 41 +++---- src/scripts/ci_build.py | 3 +- 8 files changed, 156 insertions(+), 124 deletions(-) delete mode 100644 src/build-data/makefile/gmake_coverage.in delete mode 100644 src/build-data/makefile/gmake_dso.in delete mode 100644 src/build-data/makefile/gmake_fuzzers.in diff --git a/configure.py b/configure.py index 63038ee80e..8a26a735a0 100755 --- a/configure.py +++ b/configure.py @@ -29,7 +29,6 @@ import re import shlex import shutil -import string import subprocess import traceback import logging @@ -266,7 +265,6 @@ def src_info(self, typ): PKG_CONFIG_FILENAME = 'botan-%d.pc' % (Version.major()) - def make_build_doc_commands(source_paths, build_paths, options): if options.with_documentation is False: @@ -274,13 +272,14 @@ def make_build_doc_commands(source_paths, build_paths, options): def build_manual_command(src_dir, dst_dir): if options.with_sphinx: - sphinx = 'sphinx-build -c $(SPHINX_CONFIG) $(SPHINX_OPTS) ' + sphinx = 'sphinx-build -b html -c %s ' % (source_paths.sphinx_config_dir) if options.quiet: sphinx += '-q ' sphinx += '%s %s' % (src_dir, dst_dir) return sphinx else: - return '$(COPY) %s%s*.rst %s' % (src_dir, os.sep, dst_dir) + cp_command = 'copy' if options.os == 'windows' else 'cp' + return '%s %s%s*.rst %s' % (cp_command, src_dir, os.sep, dst_dir) cmds = [ build_manual_command(os.path.join(source_paths.doc_dir, 'manual'), build_paths.doc_output_dir_manual) @@ -378,12 +377,19 @@ def process_command_line(args): # pylint: disable=too-many-locals help='add coverage info') build_group.add_option('--enable-shared-library', dest='build_shared_lib', - action='store_true', default=True, + action='store_true', default=None, help=optparse.SUPPRESS_HELP) - build_group.add_option('--disable-shared', dest='build_shared_lib', + build_group.add_option('--disable-shared-library', dest='build_shared_lib', action='store_false', help='disable building shared library') + build_group.add_option('--enable-static-library', dest='build_static_lib', + action='store_true', default=None, + help=optparse.SUPPRESS_HELP) + build_group.add_option('--disable-static-library', dest='build_static_lib', + action='store_false', + help='disable building static library') + build_group.add_option('--optimize-for-size', dest='optimize_for_size', action='store_true', default=False, help='optimize for code size') @@ -1473,14 +1479,57 @@ def read_textfile(filepath): def process_template(template_file, variables): """ Perform template substitution + + The template language supports (un-nested) conditionals. """ + class SimpleTemplate(object): + + def __init__(self, vals): + self.vals = vals + self.value_pattern = re.compile(r'%{([a-z][a-z_0-9]+)}') + self.cond_pattern = re.compile('%{(if|unless) ([a-z][a-z_0-9]+)}') + + def substitute(self, template): + def insert_value(match): + v = match.group(1) + if v in self.vals: + return str(self.vals.get(v)) + raise KeyError("Unknown template variable '%s'" % (v)) + + lines = template.splitlines() + + output = [] + idx = 0 + + while idx < len(lines): + cond = self.cond_pattern.match(lines[idx]) + + if cond: + cond_type = cond.group(1) + cond_var = cond.group(2) + + include_cond = False + + if cond_type == 'if' and cond_var in self.vals and self.vals.get(cond_var): + include_cond = True + elif cond_type == 'unless' and (cond_var not in self.vals or (not self.vals.get(cond_var))): + include_cond = True + + idx += 1 + while idx < len(lines): + if lines[idx] == '%{endif}': + break + if include_cond: + output.append(lines[idx]) + idx += 1 + else: + output.append(lines[idx]) + idx += 1 - class PercentSignTemplate(string.Template): - delimiter = '%' + return self.value_pattern.sub(insert_value, '\n'.join(output)) + '\n' try: - template = PercentSignTemplate(read_textfile(template_file)) - return template.substitute(variables) + return SimpleTemplate(variables).substitute(read_textfile(template_file)) except KeyError as e: raise InternalError('Unbound var %s in template %s' % (e, template_file)) except Exception as e: @@ -2013,7 +2062,9 @@ def configure_command_line(): 'scripts_dir': source_paths.scripts_dir, + 'build_static_lib': options.build_static_lib, 'build_shared_lib': options.build_shared_lib, + 'build_fuzzers': options.build_fuzzers, 'libobj_dir': build_config.libobj_dir, 'cliobj_dir': build_config.cliobj_dir, @@ -2027,7 +2078,6 @@ def configure_command_line(): 'build_doc_commands': make_build_doc_commands(source_paths, build_config, options), 'python_dir': source_paths.python_dir, - 'sphinx_config_dir': source_paths.sphinx_config_dir, 'os': options.os, 'arch': options.arch, @@ -2101,6 +2151,7 @@ def configure_command_line(): version_minor=Version.minor(), version_patch=Version.patch(), abi_rev=Version.so_rev()) + variables['shared_lib_name'] = variables['soname_base'] if osinfo.soname_pattern_abi != None: variables['soname_abi'] = osinfo.soname_pattern_abi.format( @@ -2108,6 +2159,7 @@ def configure_command_line(): version_minor=Version.minor(), version_patch=Version.patch(), abi_rev=Version.so_rev()) + variables['shared_lib_name'] = variables['soname_abi'] if osinfo.soname_pattern_patch != None: variables['soname_patch'] = osinfo.soname_pattern_patch.format( @@ -2147,6 +2199,8 @@ def configure_command_line(): variables['lib_basename'] = 'lib' + variables['libname'] variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) + variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] + if options.os == 'llvm': # llvm-link doesn't understand -L or -l flags variables['link_to_botan'] = '%s/lib%s.a' % (variables['out_dir'], variables['libname']) @@ -2158,24 +2212,15 @@ def configure_command_line(): cc.add_lib_dir_option, variables['out_dir'], cc.add_lib_option, variables['libname']) - variables["header_in"] = process_template(os.path.join(source_paths.makefile_dir, 'header.in'), variables) - - if variables["makefile_style"] == "gmake": - templates = [ - ('gmake_dso.in', options.build_shared_lib), - ('gmake_coverage.in', options.with_coverage_info), - ('gmake_fuzzers.in', options.build_fuzzers) - ] - - for (template, build_it) in templates: - template_file = os.path.join(source_paths.makefile_dir, template) + lib_targets = [] + if options.build_shared_lib: + lib_targets.append('shared_lib_name') + if options.build_static_lib: + lib_targets.append('static_lib_name') - var_name = template.replace('.', '_') + variables['library_targets'] = ' '.join([os.path.join(variables['out_dir'], variables[t]) for t in lib_targets]) - if build_it: - variables[var_name] = process_template(template_file, variables) - else: - variables[var_name] = '' + variables["header_in"] = process_template(os.path.join(source_paths.makefile_dir, 'header.in'), variables) return variables @@ -3004,6 +3049,25 @@ def find_canonical_os_name(os_name_variant): else: raise UserError('Unknown or unidentifiable processor "%s"' % (options.cpu)) + if options.build_shared_lib and not info_os[options.os].building_shared_supported: + logging.warning('Shared libs not supported on %s, disabling shared lib support' % (options.os)) + options.build_shared_lib = False + + if options.os == 'windows' and options.build_shared_lib is None and options.build_static_lib is None: + options.build_shared_lib = True + + if options.build_shared_lib is None: + if options.os == 'windows' and options.build_static_lib: + pass + else: + options.build_shared_lib = info_os[options.os].building_shared_supported + + if options.build_static_lib is None: + if options.os == 'windows' and options.build_shared_lib: + pass + else: + options.build_static_lib = True + # Set default fuzzing lib if options.build_fuzzers == 'libfuzzer' and options.fuzzer_lib is None: options.fuzzer_lib = 'Fuzzer' @@ -3057,6 +3121,12 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.build_fuzzers == 'klee' and options.os != 'llvm': raise UserError('Building for KLEE requires targetting LLVM') + if options.build_static_lib is False and options.build_shared_lib is False: + raise UserError('With both --disable-static-library and --disable-shared-library, nothing to do') + + if options.os == 'windows' and options.build_static_lib is True and options.build_shared_lib is True: + raise UserError('On Windows only one of static lib and DLL can be selected') + if options.with_documentation is False: if options.with_doxygen: raise UserError('Using --with-doxygen plus --without-documentation makes no sense') diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index 5346e2eec9..19852be25a 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -14,20 +14,7 @@ TESTOBJS = %{test_objs} %{test_build_cmds} -COPY = cp - -docs: -%{build_doc_commands} - # Library targets -LIB_BASENAME = %{lib_basename} -STATIC_LIB = %{out_dir}/$(LIB_BASENAME).%{static_suffix} -LIBRARIES = $(STATIC_LIB) - -# Link Commands -%{gmake_dso_in} - -libs: $(LIBRARIES) $(CLI): $(LIBRARIES) $(CLIOBJS) $(CLI_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(CLI_LINKS_TO) -o $(CLI) @@ -37,15 +24,44 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) $(TEST_LINK_CMD) $(LDFLAGS) $(TESTOBJS) $(TEST_LINKS_TO) -o $(TEST) $(TEST_POST_LINK_CMD) -$(STATIC_LIB): $(LIBOBJS) - $(AR) %{ar_options} $(STATIC_LIB) $(LIBOBJS) +%{if build_static_lib} + +%{out_dir}/%{static_lib_name}: $(LIBOBJS) + $(AR) %{ar_options} $@ $(LIBOBJS) + +%{endif} + +%{if build_shared_lib} + +SONAME_ABI = %{soname_abi} +DARWIN_COMPATIBILITY_VER = %{version_packed}.%{so_abi_rev}.0 +DARWIN_CURRENT_VER = %{version_packed}.%{so_abi_rev}.%{version_patch} + +%{out_dir}/%{shared_lib_name}: $(LIBOBJS) + $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $@ + cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_base} + cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_patch} + +%{endif} + +%{if build_fuzzers} + +# Fuzzer build commands + +FUZZER_LINK_CMD = %{fuzzer_link_cmd} +FUZZER_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) %{fuzzer_libs} +FUZZER_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) + +%{fuzzer_build_cmds} + +FUZZERS=%{fuzzer_bin} -# Fake targets -.PHONY: clean distclean docs install valgrind lcov +fuzzers: libs $(FUZZERS) -%{gmake_coverage_in} +fuzzer_corpus: + git clone --depth=1 https://github.com/randombit/crypto-corpus.git fuzzer_corpus -%{gmake_fuzzers_in} +fuzzer_corpus_zip: fuzzer_corpus + ./src/scripts/create_corpus_zip.py fuzzer_corpus %{fuzzobj_dir} -valgrind: - valgrind --log-file=botan.%%p.log -v --track-origins=yes --leak-check=full --show-reachable=yes ./botan-test +%{endif} diff --git a/src/build-data/makefile/gmake_coverage.in b/src/build-data/makefile/gmake_coverage.in deleted file mode 100644 index 2656069e3a..0000000000 --- a/src/build-data/makefile/gmake_coverage.in +++ /dev/null @@ -1,6 +0,0 @@ -%{out_dir}/coverage/index.html: $(TEST) - LD_LIBRARY_PATH=%{out_dir} $(TEST) - lcov --directory "%{build_dir}/obj/lib" --base-directory "%{src_dir}" --no-external --capture --output-file "%{out_dir}/coverage.info" - genhtml "%{out_dir}/coverage.info" -o "%{out_dir}/coverage" - -lcov: %{out_dir}/coverage/index.html diff --git a/src/build-data/makefile/gmake_dso.in b/src/build-data/makefile/gmake_dso.in deleted file mode 100644 index abfe1e95f3..0000000000 --- a/src/build-data/makefile/gmake_dso.in +++ /dev/null @@ -1,17 +0,0 @@ -SONAME_PATCH = %{soname_patch} -SONAME_ABI = %{soname_abi} -SONAME_BASE = %{soname_base} - -DARWIN_COMPATIBILITY_VER = %{version_packed}.%{so_abi_rev}.0 -DARWIN_CURRENT_VER = %{version_packed}.%{so_abi_rev}.%{version_patch} - -SHARED_LIB = %{out_dir}/$(SONAME_PATCH) - -LN = ln -fs - -$(SHARED_LIB): $(LIBOBJS) - $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $(SHARED_LIB) - $(LN) $(SONAME_PATCH) %{out_dir}/$(SONAME_ABI) - $(LN) $(SONAME_PATCH) %{out_dir}/$(SONAME_BASE) - -LIBRARIES += $(SHARED_LIB) diff --git a/src/build-data/makefile/gmake_fuzzers.in b/src/build-data/makefile/gmake_fuzzers.in deleted file mode 100644 index 61acdad4d9..0000000000 --- a/src/build-data/makefile/gmake_fuzzers.in +++ /dev/null @@ -1,18 +0,0 @@ - -# Fuzzer build commands - -FUZZER_LINK_CMD = %{fuzzer_link_cmd} -FUZZER_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) %{fuzzer_libs} -FUZZER_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) - -%{fuzzer_build_cmds} - -FUZZERS=%{fuzzer_bin} - -fuzzers: libs $(FUZZERS) - -fuzzer_corpus: - git clone --depth=1 https://github.com/randombit/crypto-corpus.git fuzzer_corpus - -fuzzer_corpus_zip: fuzzer_corpus - ./src/scripts/create_corpus_zip.py fuzzer_corpus %{fuzzobj_dir} diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in index f72b728825..95f39aca52 100644 --- a/src/build-data/makefile/header.in +++ b/src/build-data/makefile/header.in @@ -30,19 +30,19 @@ INSTALLED_LIB_DIR = %{prefix}/%{libdir} CLI_POST_LINK_CMD = %{cli_post_link_cmd} TEST_POST_LINK_CMD = %{test_post_link_cmd} +# The primary target +all: libs cli tests + # Executable targets CLI = %{cli_exe} TEST = %{test_exe} - -# The primary target -all: libs cli tests +LIBRARIES = %{library_targets} cli: $(CLI) tests: $(TEST) +libs: $(LIBRARIES) # Misc targets -SPHINX_CONFIG = %{sphinx_config_dir} -SPHINX_OPTS = -b html clean: $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" @@ -52,3 +52,6 @@ distclean: install: $(CLI) docs $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} + +docs: +%{build_doc_commands} diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index 0eca6d6b4a..dbd1a5af73 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -14,27 +14,9 @@ TESTOBJS = %{test_objs} %{test_build_cmds} - -COPY = copy - -docs: -%{build_doc_commands} - -# Library targets -# # LIB_FILENAME is always the .lib file, that is either a static lib or a # by-product of the DLL creation used to link the DLL into applications -LIB_BASENAME = %{lib_basename} -LIB_FILENAME = %{out_dir}\$(LIB_BASENAME).lib - -!If "$(SO_OBJ_FLAGS)" == "" -# static lib -LIBRARIES = $(LIB_FILENAME) -!Else -# shared lib -SO_FILENAME = %{out_dir}\$(LIB_BASENAME).dll -LIBRARIES = $(SO_FILENAME) -!Endif +LIB_FILENAME = %{out_dir}/%{static_lib_name} # Link Commands $(CLI): $(LIBRARIES) $(CLIOBJS) @@ -45,15 +27,16 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) $(TEST_LINK_CMD) /OUT:$@ $(TESTOBJS) $(LIB_FILENAME) $(TEST_LINKS_TO) $(TEST_POST_LINK_CMD) -libs: $(LIBRARIES) +%{if build_shared_lib} -!If "$(SO_OBJ_FLAGS)" == "" -# static lib -$(LIB_FILENAME): $(LIBOBJS) - $(AR) %{ar_options} /OUT:$@ $(LIBOBJS) -!Else -# shared lib -# Creates the DLL $(SO_FILENAME) and the .lib $(LIB_FILENAME) -$(SO_FILENAME): $(LIBOBJS) +%{out_dir}/%{shared_lib_name}: $(LIBOBJS) $(LIB_LINK_CMD) /OUT:$@ $(LIBOBJS) $(LIB_LINKS_TO) -!Endif + +%{endif} + +%{if build_static_lib} + +%{out_dir}/%{static_lib_name}: $(LIBOBJS) + $(AR) %{ar_options} /OUT:$@ $(LIBOBJS) + +%{endif} diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index b4ae98a0ac..84deec8bec 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -73,7 +73,8 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro flags += ['--amalgamation'] if target in ['bsi', 'nist']: - flags += ['--module-policy=%s' % (target)] + # Arbitrarily test disable static on module policy builds + flags += ['--module-policy=%s' % (target), '--disable-static'] if target == 'docs': flags += ['--with-doxygen', '--with-sphinx'] From 4e2ad46cd58bc273bea919de6691988540b1ed16 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 1 Dec 2017 01:29:50 -0500 Subject: [PATCH 0260/1008] Avoid naming Windows library botand if in debug mode Apparently introduced in #584 but unnecessary afaict as the CLI was renamed at the same time. --- configure.py | 56 ++++++++++++-------------------- src/build-data/makefile/gmake.in | 4 +-- src/build-data/os/windows.txt | 2 +- 3 files changed, 23 insertions(+), 39 deletions(-) diff --git a/configure.py b/configure.py index 8a26a735a0..24283d8b35 100755 --- a/configure.py +++ b/configure.py @@ -2030,7 +2030,8 @@ def configure_command_line(): 'version_minor': Version.minor(), 'version_patch': Version.patch(), 'version_vc_rev': Version.vc_rev(), - 'so_abi_rev': Version.so_rev(), + 'abi_rev': Version.so_rev(), + 'version': Version.as_string(), 'version_packed': Version.packed(), 'release_type': Version.release_type(), @@ -2143,30 +2144,33 @@ def configure_command_line(): variables['test_exe'] = os.path.join(variables['out_dir'], 'botan-test' + variables['program_suffix']) + if options.os == 'windows': + # For historical reasons? the library does not have the major number on Windows + # This should probably be fixed in a future major release. + variables['libname'] = 'botan' + variables['lib_basename'] = variables['libname'] + variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan-cli' + variables['program_suffix']) + else: + variables['libname'] = 'botan-%d' % (Version.major()) + variables['lib_basename'] = 'lib' + variables['libname'] + variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) + + variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) + + variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] + if options.build_shared_lib: if osinfo.soname_pattern_base != None: - variables['soname_base'] = osinfo.soname_pattern_base.format( - version_major=Version.major(), - version_minor=Version.minor(), - version_patch=Version.patch(), - abi_rev=Version.so_rev()) + variables['soname_base'] = osinfo.soname_pattern_base.format(**variables) variables['shared_lib_name'] = variables['soname_base'] if osinfo.soname_pattern_abi != None: - variables['soname_abi'] = osinfo.soname_pattern_abi.format( - version_major=Version.major(), - version_minor=Version.minor(), - version_patch=Version.patch(), - abi_rev=Version.so_rev()) + variables['soname_abi'] = osinfo.soname_pattern_abi.format(**variables) variables['shared_lib_name'] = variables['soname_abi'] if osinfo.soname_pattern_patch != None: - variables['soname_patch'] = osinfo.soname_pattern_patch.format( - version_major=Version.major(), - version_minor=Version.minor(), - version_patch=Version.patch(), - abi_rev=Version.so_rev()) + variables['soname_patch'] = osinfo.soname_pattern_patch.format(**variables) if options.os == 'darwin' and options.build_shared_lib: # In order that these executables work from the build directory, @@ -2181,26 +2185,6 @@ def configure_command_line(): variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) - if options.os == 'windows': - if options.with_debug_info: - variables['libname'] = 'botand' - else: - variables['libname'] = 'botan' - - variables['lib_basename'] = variables['libname'] - variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan-cli' + variables['program_suffix']) - else: - variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) - - # 'botan' or 'botan-2'. Used in Makefile and install script - # This can be made consistent over all platforms in the future - variables['libname'] = 'botan-%d' % (Version.major()) - - variables['lib_basename'] = 'lib' + variables['libname'] - variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) - - variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] - if options.os == 'llvm': # llvm-link doesn't understand -L or -l flags variables['link_to_botan'] = '%s/lib%s.a' % (variables['out_dir'], variables['libname']) diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index 19852be25a..97084c7d82 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -34,8 +34,8 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) %{if build_shared_lib} SONAME_ABI = %{soname_abi} -DARWIN_COMPATIBILITY_VER = %{version_packed}.%{so_abi_rev}.0 -DARWIN_CURRENT_VER = %{version_packed}.%{so_abi_rev}.%{version_patch} +DARWIN_COMPATIBILITY_VER = %{version_packed}.%{abi_rev}.0 +DARWIN_CURRENT_VER = %{version_packed}.%{abi_rev}.%{version_patch} %{out_dir}/%{shared_lib_name}: $(LIBOBJS) $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $@ diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index daaf3916e7..efc9733c98 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -4,7 +4,7 @@ program_suffix .exe obj_suffix obj static_suffix lib -soname_pattern_base "botan.dll" +soname_pattern_base "{libname}.dll" install_root c:\\Botan doc_dir docs From 7e5ce9d4df54da881417bdbf2b9c4329081f10f6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 1 Dec 2017 00:19:58 -0500 Subject: [PATCH 0261/1008] Merge the gnumake and nmake makefiles --- configure.py | 113 ++++++++++++++++------------- src/build-data/cc/clang.txt | 6 +- src/build-data/cc/ekopath.txt | 4 +- src/build-data/cc/gcc.txt | 10 +-- src/build-data/cc/hpcc.txt | 4 +- src/build-data/cc/icc.txt | 4 +- src/build-data/cc/msvc.txt | 7 +- src/build-data/cc/pgi.txt | 6 +- src/build-data/cc/sunstudio.txt | 4 +- src/build-data/cc/xlc.txt | 2 - src/build-data/makefile.in | 117 ++++++++++++++++++++++++++++++ src/build-data/makefile/gmake.in | 67 ----------------- src/build-data/makefile/header.in | 57 --------------- src/build-data/makefile/nmake.in | 42 ----------- 14 files changed, 195 insertions(+), 248 deletions(-) create mode 100644 src/build-data/makefile.in delete mode 100644 src/build-data/makefile/gmake.in delete mode 100644 src/build-data/makefile/header.in delete mode 100644 src/build-data/makefile/nmake.in diff --git a/configure.py b/configure.py index 24283d8b35..10b91dfad6 100755 --- a/configure.py +++ b/configure.py @@ -175,7 +175,6 @@ def __init__(self, base_dir): # subdirs of src/ self.sphinx_config_dir = os.path.join(self.configs_dir, 'sphinx') - self.makefile_dir = os.path.join(self.build_data_dir, 'makefile') class BuildPaths(object): # pylint: disable=too-many-instance-attributes @@ -436,11 +435,6 @@ def process_command_line(args): # pylint: disable=too-many-locals choices=link_methods, help='choose how links to include headers are created (%s)' % ', '.join(link_methods)) - makefile_styles = ['gmake', 'nmake'] - build_group.add_option('--makefile-style', metavar='STYLE', default=None, - choices=makefile_styles, - help='makefile type (%s)' % ' or '.join(makefile_styles)) - build_group.add_option('--with-local-config', dest='local_config', metavar='FILE', help='include the contents of FILE into build.h') @@ -1099,7 +1093,8 @@ def __init__(self, infofile): 'binary_name': None, 'linker_name': None, 'macro_name': None, - 'output_to_option': '-o ', + 'output_to_object': '-o ', + 'output_to_exe': '-o ', 'add_include_dir_option': '-I', 'add_lib_dir_option': '-L', 'add_lib_option': '-l', @@ -1117,9 +1112,9 @@ def __init__(self, infofile): 'maintainer_warning_flags': '', 'visibility_build_flags': '', 'visibility_attribute': '', - 'ar_command': None, - 'ar_options': None, - 'makefile_style': '' + 'ar_command': '', + 'ar_options': '', + 'ar_output_to': '', }) self.add_framework_option = lex.add_framework_option @@ -1128,6 +1123,7 @@ def __init__(self, infofile): self.add_lib_dir_option = lex.add_lib_dir_option self.ar_command = lex.ar_command self.ar_options = lex.ar_options + self.ar_output_to = lex.ar_output_to self.binary_link_commands = force_to_dict(lex.binary_link_commands) self.binary_name = lex.binary_name self.compile_flags = lex.compile_flags @@ -1139,9 +1135,9 @@ def __init__(self, infofile): self.mach_abi_linking = force_to_dict(lex.mach_abi_linking) self.macro_name = lex.macro_name self.maintainer_warning_flags = lex.maintainer_warning_flags - self.makefile_style = lex.makefile_style self.optimization_flags = lex.optimization_flags - self.output_to_option = lex.output_to_option + self.output_to_object = lex.output_to_object + self.output_to_exe = lex.output_to_exe self.sanitizer_flags = lex.sanitizer_flags self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags @@ -1326,6 +1322,7 @@ def __init__(self, infofile): 'static_suffix': 'a', 'ar_command': 'ar', 'ar_options': '', + 'ar_output_to': '', 'install_root': '/usr/local', 'header_dir': 'include', 'bin_dir': 'bin', @@ -1494,7 +1491,7 @@ def insert_value(match): v = match.group(1) if v in self.vals: return str(self.vals.get(v)) - raise KeyError("Unknown template variable '%s'" % (v)) + raise KeyError(v) lines = template.splitlines() @@ -1531,9 +1528,9 @@ def insert_value(match): try: return SimpleTemplate(variables).substitute(read_textfile(template_file)) except KeyError as e: - raise InternalError('Unbound var %s in template %s' % (e, template_file)) - except Exception as e: - raise InternalError('Exception %s in template %s' % (e, template_file)) + logging.error('Unbound var %s in template %s' % (e, template_file)) + except Exception as e: # pylint: disable=broad-except + logging.error('Exception %s during template processing file %s' % (e, template_file)) def makefile_list(items): separator = " \\\n" + 16*" " @@ -1891,7 +1888,7 @@ def remove_dups(parts): name = name.replace('.cpp', obj_suffix) yield os.path.join(obj_dir, name) - def _build_commands(self, sources, obj_dir, objects, flags): + def _build_commands(self, sources, obj_dir, objects, is_lib): """ Form snippets of makefile for building each source file """ @@ -1902,19 +1899,22 @@ def _build_commands(self, sources, obj_dir, objects, flags): includes += ' ' + self._cc.add_include_dir_option + self._options.with_external_includedir is_fuzzer = obj_dir.find('fuzzer') != -1 + fuzzer_link = '' if self._options.fuzzer_lib is None \ + else '%s%s' % (self._cc.add_lib_option, self._options.fuzzer_lib) for (obj_file, src) in zip(objects, sources): isa_specific_flags_str = "".join([" %s" % flagset for flagset in sorted(self._isa_specific_flags(src))]) yield '%s: %s\n\t$(CXX)%s $(%s_FLAGS) %s %s %s %s$@\n' % ( - obj_file, src, isa_specific_flags_str, flags, - includes, self._cc.compile_flags, src, self._cc.output_to_option) + obj_file, src, isa_specific_flags_str, 'LIB' if is_lib else 'EXE', + includes, self._cc.compile_flags, src, self._cc.output_to_object) if is_fuzzer: fuzz_basename = os.path.basename(obj_file).replace('.' + self._osinfo.obj_suffix, '') fuzz_bin = self._build_paths.fuzzer_output_dir - yield '%s: %s $(LIBRARIES)\n\t$(FUZZER_LINK_CMD) %s $(FUZZER_LINKS_TO) %s$@\n' % ( - os.path.join(fuzz_bin, fuzz_basename), obj_file, obj_file, self._cc.output_to_option) + yield '%s: %s $(LIBRARIES)\n\t$(EXE_LINK_CMD) %s $(EXE_LINKS_TO) %s %s$@\n' % ( + os.path.join(fuzz_bin, fuzz_basename), obj_file, obj_file, fuzzer_link, + self._cc.output_to_object) def generate(self): out = {} @@ -1934,7 +1934,7 @@ def generate(self): out['fuzzer_bin'] = makefile_list(self._fuzzer_bin_list(objects, self._build_paths.fuzzer_output_dir)) build_key = '%s_build_cmds' % (t) - out[build_key] = '\n'.join(self._build_commands(src_list, src_dir, objects, t.upper())) + out[build_key] = '\n'.join(self._build_commands(src_list, src_dir, objects, t == 'lib')) return out @@ -1971,7 +1971,7 @@ def _read_pem(filepath): return "\\\n" + ' \\\n'.join(lines) -def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches +def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches,too-many-statements """ Create the template variables needed to process the makefile, build.h, etc """ @@ -1980,7 +1980,7 @@ def make_cpp_macros(macros): return '\n'.join(['#define BOTAN_' + macro for macro in macros]) def external_link_cmd(): - return ' ' + cc.add_lib_dir_option + options.with_external_libdir if options.with_external_libdir else '' + return (' ' + cc.add_lib_dir_option + options.with_external_libdir) if options.with_external_libdir else '' def link_to(module_member_name): """ @@ -2023,8 +2023,6 @@ def configure_command_line(): main_executable = os.path.basename(sys.argv[0]) return ' '.join([main_executable] + sys.argv[1:]) - bin_link_cmd = cc.binary_link_command_for(osinfo.basename, options) + external_link_cmd() - variables = { 'version_major': Version.major(), 'version_minor': Version.minor(), @@ -2033,19 +2031,20 @@ def configure_command_line(): 'abi_rev': Version.so_rev(), 'version': Version.as_string(), - 'version_packed': Version.packed(), 'release_type': Version.release_type(), 'version_datestamp': Version.datestamp(), 'distribution_info': options.distribution_info, + 'darwin_so_compat_ver': '%s.%s.0' % (Version.packed(), Version.so_rev()), + 'darwin_so_current_ver': '%s.%s.%s' % (Version.packed(), Version.so_rev(), Version.patch()), + 'base_dir': source_paths.base_dir, 'src_dir': source_paths.src_dir, 'doc_dir': source_paths.doc_dir, 'command_line': configure_command_line(), 'local_config': read_textfile(options.local_config), - 'makefile_style': options.makefile_style or cc.makefile_style, 'makefile_path': os.path.join(build_config.build_dir, '..', 'Makefile'), @@ -2064,9 +2063,12 @@ def configure_command_line(): 'scripts_dir': source_paths.scripts_dir, 'build_static_lib': options.build_static_lib, - 'build_shared_lib': options.build_shared_lib, 'build_fuzzers': options.build_fuzzers, + 'build_shared_lib': options.build_shared_lib, + 'build_unix_shared_lib': options.build_shared_lib and options.compiler != 'msvc', + 'build_msvc_shared_lib': options.build_shared_lib and options.compiler == 'msvc', + 'libobj_dir': build_config.libobj_dir, 'cliobj_dir': build_config.cliobj_dir, 'testobj_dir': build_config.testobj_dir, @@ -2095,14 +2097,13 @@ def configure_command_line(): 'cc_lang_flags': cc.cc_lang_flags(), 'cc_compile_flags': cc.cc_compile_flags(options), 'cc_warning_flags': cc.cc_warning_flags(options), + 'output_to_exe': cc.output_to_exe, 'shared_flags': cc.gen_shared_flags(options), 'visibility_attribute': cc.gen_visibility_attribute(options), 'lib_link_cmd': cc.so_link_command_for(osinfo.basename, options) + external_link_cmd(), - 'cli_link_cmd': bin_link_cmd, - 'test_link_cmd': bin_link_cmd, - 'fuzzer_link_cmd': bin_link_cmd, + 'exe_link_cmd': cc.binary_link_command_for(osinfo.basename, options) + external_link_cmd(), 'link_to': ' '.join( [cc.add_lib_option + lib for lib in link_to('libs')] + @@ -2123,11 +2124,11 @@ def configure_command_line(): 'unsafe_fuzzer_mode_define': '#define BOTAN_UNSAFE_FUZZER_MODE' if options.unsafe_fuzzer_mode else '', 'fuzzer_type': '#define BOTAN_FUZZER_IS_%s' % (options.build_fuzzers.upper()) if options.build_fuzzers else '', - 'fuzzer_libs': '' if options.fuzzer_lib is None else '%s%s' % (cc.add_lib_option, options.fuzzer_lib), 'python_exe': sys.executable, 'ar_command': options.ar_command or cc.ar_command or osinfo.ar_command, 'ar_options': cc.ar_options or osinfo.ar_options, + 'ar_output_to': cc.ar_output_to, 'lib_prefix': 'lib' if options.os != 'windows' else '', @@ -2160,7 +2161,6 @@ def configure_command_line(): variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] if options.build_shared_lib: - if osinfo.soname_pattern_base != None: variables['soname_base'] = osinfo.soname_pattern_base.format(**variables) variables['shared_lib_name'] = variables['soname_base'] @@ -2172,6 +2172,10 @@ def configure_command_line(): if osinfo.soname_pattern_patch != None: variables['soname_patch'] = osinfo.soname_pattern_patch.format(**variables) + variables['lib_link_cmd'] = variables['lib_link_cmd'].format(**variables) + else: + variables['lib_link_cmd'] = '' + if options.os == 'darwin' and options.build_shared_lib: # In order that these executables work from the build directory, # we need to change the install names @@ -2185,12 +2189,23 @@ def configure_command_line(): variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) - if options.os == 'llvm': - # llvm-link doesn't understand -L or -l flags - variables['link_to_botan'] = '%s/lib%s.a' % (variables['out_dir'], variables['libname']) - elif options.compiler == 'msvc': - # Nmake makefiles do something completely different here... - variables['link_to_botan'] = '' + if options.os == 'windows': + # For historical reasons? the library does not have the major number on Windows + # This should probably be fixed in a future major release. + variables['libname'] = 'botan' + variables['lib_basename'] = variables['libname'] + variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan-cli' + variables['program_suffix']) + else: + variables['libname'] = 'botan-%d' % (Version.major()) + variables['lib_basename'] = 'lib' + variables['libname'] + variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) + variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) + + variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] + + if options.os == 'llvm' or options.compiler == 'msvc': + # llvm-link and msvc require just naming the file directly + variables['link_to_botan'] = os.path.join(variables['out_dir'], variables['static_lib_name']) else: variables['link_to_botan'] = '%s%s %s%s' % ( cc.add_lib_dir_option, variables['out_dir'], @@ -2204,8 +2219,6 @@ def configure_command_line(): variables['library_targets'] = ' '.join([os.path.join(variables['out_dir'], variables[t]) for t in lib_targets]) - variables["header_in"] = process_template(os.path.join(source_paths.makefile_dir, 'header.in'), variables) - return variables class ModulesChooser(object): @@ -3033,7 +3046,9 @@ def find_canonical_os_name(os_name_variant): else: raise UserError('Unknown or unidentifiable processor "%s"' % (options.cpu)) - if options.build_shared_lib and not info_os[options.os].building_shared_supported: + shared_libs_supported = options.os in info_os and info_os[options.os].building_shared_supported + + if options.build_shared_lib and not shared_libs_supported: logging.warning('Shared libs not supported on %s, disabling shared lib support' % (options.os)) options.build_shared_lib = False @@ -3044,7 +3059,7 @@ def find_canonical_os_name(os_name_variant): if options.os == 'windows' and options.build_static_lib: pass else: - options.build_shared_lib = info_os[options.os].building_shared_supported + options.build_shared_lib = shared_libs_supported if options.build_static_lib is None: if options.os == 'windows' and options.build_shared_lib: @@ -3118,8 +3133,8 @@ def validate_options(options, info_os, info_cc, available_module_policies): raise UserError('Using --with-sphinx plus --without-documentation makes no sense') # Warnings - if options.os == 'windows' and options.compiler == 'gcc': - logging.warning('Detected GCC on Windows; use --os=cygwin or --os=mingw?') + if options.os == 'windows' and options.compiler != 'msvc': + logging.warning('The windows target is oriented towards MSVC; maybe you want cygwin or mingw') def prepare_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy): @@ -3131,7 +3146,7 @@ def prepare_configure_build(info_modules, source_paths, options, template_vars = create_template_vars(source_paths, build_config, options, using_mods, cc, arch, osinfo) - makefile_template = os.path.join(source_paths.makefile_dir, '%s.in' % (template_vars['makefile_style'])) + makefile_template = os.path.join(source_paths.build_data_dir, 'makefile.in') logging.debug('Using makefile template %s' % (makefile_template)) return using_mods, build_config, template_vars, makefile_template @@ -3301,10 +3316,6 @@ def main(argv): logging.info('Target is %s:%s-%s-%s-%s' % ( options.compiler, cc_min_version, options.os, options.arch, options.cpu)) - if options.build_shared_lib and not osinfo.building_shared_supported: - logging.warning('Shared libs not supported on %s, disabling shared lib support' % (osinfo.basename)) - options.build_shared_lib = False - main_action_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy) return 0 diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index cfff2e2eb3..ec4da317d8 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -19,13 +19,11 @@ stack_protector_flags "-fstack-protector" visibility_build_flags "-fvisibility=hidden" visibility_attribute '__attribute__((visibility("default")))' -makefile_style gmake - -darwin -> "$(CXX) -dynamiclib -fPIC -install_name $(INSTALLED_LIB_DIR)/$(SONAME_ABI) -current_version $(DARWIN_CURRENT_VER) -compatibility_version $(DARWIN_COMPATIBILITY_VER)" +darwin -> "$(CXX) -dynamiclib -fPIC -install_name $(INSTALLED_LIB_DIR)/{soname_abi} -current_version {darwin_so_current_ver} -compatibility_version {darwin_so_compat_ver}" # The default works for GNU ld and several other Unix linkers -default -> "$(CXX) -shared -fPIC -Wl,-soname,$(SONAME_ABI)" +default -> "$(CXX) -shared -fPIC -Wl,-soname,{soname_abi}" diff --git a/src/build-data/cc/ekopath.txt b/src/build-data/cc/ekopath.txt index c127b78f81..dedbaaf615 100644 --- a/src/build-data/cc/ekopath.txt +++ b/src/build-data/cc/ekopath.txt @@ -12,10 +12,8 @@ ar_options "-ar -o" shared_flags "-fPIC" -makefile_style gmake - -default -> "$(CXX) -shared -fPIC -Wl,-soname,$(SONAME_ABI)" +default -> "$(CXX) -shared -fPIC -Wl,-soname,{soname_abi}" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 88e7089ce3..17b477db8e 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -25,16 +25,14 @@ sanitizer_flags "-D_GLIBCXX_DEBUG -fsanitize=address" visibility_build_flags "-fvisibility=hidden" visibility_attribute '__attribute__((visibility("default")))' -makefile_style gmake - # The default works for GNU ld and several other Unix linkers -default -> "$(CXX) -shared -fPIC -Wl,-soname,$(SONAME_ABI)" +default -> "$(CXX) -shared -fPIC -Wl,-soname,{soname_abi}" # Darwin, HP-UX and Solaris linkers use different syntax -darwin -> "$(CXX) -dynamiclib -fPIC -install_name $(LIBDIR)/$(SONAME_ABI)" -hpux -> "$(CXX) -shared -fPIC -Wl,+h,$(SONAME_ABI)" -solaris -> "$(CXX) -shared -fPIC -Wl,-h,$(SONAME_ABI)" +darwin -> "$(CXX) -dynamiclib -fPIC -install_name $(INSTALLED_LIB_DIR)/{soname_abi}" +hpux -> "$(CXX) -shared -fPIC -Wl,+h,{soname_abi}" +solaris -> "$(CXX) -shared -fPIC -Wl,-h,{soname_abi}" # AIX and OpenBSD don't use sonames at all aix -> "$(CXX) -shared -fPIC" diff --git a/src/build-data/cc/hpcc.txt b/src/build-data/cc/hpcc.txt index aa305bf82a..cbe50c37d9 100644 --- a/src/build-data/cc/hpcc.txt +++ b/src/build-data/cc/hpcc.txt @@ -7,8 +7,6 @@ optimization_flags "+O2" warning_flags "+w" shared_flags "+Z" -makefile_style gmake - hppa1.0 -> "+DAportable" hppa1.1 -> "+DA1.1" @@ -16,5 +14,5 @@ hppa2.0 -> "+DA2.0W" -default -> "$(CXX) +Z -b -Wl,+h,$(SONAME_ABI)" # Documented in cc(1), but not CC(1) (?) +default -> "$(CXX) +Z -b -Wl,+h,{soname_abi}" # Documented in cc(1), but not CC(1) (?) diff --git a/src/build-data/cc/icc.txt b/src/build-data/cc/icc.txt index cdc250187c..f50ea6d111 100644 --- a/src/build-data/cc/icc.txt +++ b/src/build-data/cc/icc.txt @@ -9,8 +9,6 @@ lang_flags "-std=c++0x" warning_flags "-w1" shared_flags "-fPIC" -makefile_style gmake - pentium3 -> "-march=pentium3" pentium4 -> "-march=pentium4" @@ -23,5 +21,5 @@ westmere -> "-march=core2" -default -> "$(CXX) -fPIC -shared -Wl,-soname,$(SONAME_ABI)" +default -> "$(CXX) -fPIC -shared -Wl,-soname,{soname_abi}" diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 51608dcfae..6df218a4fb 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -3,7 +3,9 @@ macro_name MSVC binary_name cl linker_name link -output_to_option "/Fo" +output_to_object "/Fo" +output_to_exe "/OUT:" + add_include_dir_option "/I" add_lib_dir_option "/LIBPATH:" add_lib_option "" @@ -27,8 +29,7 @@ visibility_attribute "__declspec(dllimport)" ar_command lib ar_options "/nologo" - -makefile_style nmake +ar_output_to "/OUT:" sse2 -> "" diff --git a/src/build-data/cc/pgi.txt b/src/build-data/cc/pgi.txt index e8c65ea3a8..213a69d27c 100644 --- a/src/build-data/cc/pgi.txt +++ b/src/build-data/cc/pgi.txt @@ -5,11 +5,9 @@ binary_name pgCC optimization_flags "-fast -Minline" shared_flags "-fPIC" -makefile_style gmake - -linux -> "$(CXX) -shared -fPIC -Wl,-soname,$(SONAME_ABI)" -solaris -> "$(CXX) -G -fPIC -Wl,-h,$(SONAME_ABI)" +linux -> "$(CXX) -shared -fPIC -Wl,-soname,{soname_abi}" +solaris -> "$(CXX) -G -fPIC -Wl,-h,{soname_abi}" diff --git a/src/build-data/cc/sunstudio.txt b/src/build-data/cc/sunstudio.txt index fd87533a5d..38f9d828c5 100644 --- a/src/build-data/cc/sunstudio.txt +++ b/src/build-data/cc/sunstudio.txt @@ -11,10 +11,8 @@ lang_flags "-std=c++11 +p -features=extensions -D__FUNCTION__=__func__" ar_command CC ar_options "-xar -o" -makefile_style gmake - -default -> "$(CXX) -G -h$(SONAME_ABI)" +default -> "$(CXX) -G -h{soname_abi}" diff --git a/src/build-data/cc/xlc.txt b/src/build-data/cc/xlc.txt index 28620b7e14..c28fdb1a0f 100644 --- a/src/build-data/cc/xlc.txt +++ b/src/build-data/cc/xlc.txt @@ -6,8 +6,6 @@ optimization_flags "-O2" lang_flags "-std=c++11" -makefile_style gmake - power8 -> "-qarch=pwr8" power9 -> "-qarch=pwr9" diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in new file mode 100644 index 0000000000..d89d1cccdc --- /dev/null +++ b/src/build-data/makefile.in @@ -0,0 +1,117 @@ +# Paths to relevant programs + +CXX = %{cxx} %{cxx_abi_flags} +LINKER = %{linker} +AR = %{ar_command} +PYTHON_EXE = %{python_exe} + +# Compiler Flags + +LANG_FLAGS = %{cc_lang_flags} +CXXFLAGS = %{cc_compile_flags} +WARN_FLAGS = %{cc_warning_flags} +SO_OBJ_FLAGS = %{shared_flags} + +LIB_LINK_CMD = %{lib_link_cmd} +EXE_LINK_CMD = %{exe_link_cmd} + +LIB_LINKS_TO = %{link_to} +EXE_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) + +LIB_FLAGS = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) +EXE_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) + +SCRIPTS_DIR = %{scripts_dir} +INSTALLED_LIB_DIR = %{prefix}/%{libdir} + +CLI_POST_LINK_CMD = %{cli_post_link_cmd} +TEST_POST_LINK_CMD = %{test_post_link_cmd} + +# The primary target +all: libs cli tests + +# Executable targets +CLI = %{cli_exe} +TEST = %{test_exe} +LIBRARIES = %{library_targets} + +cli: $(CLI) +tests: $(TEST) +libs: $(LIBRARIES) + +# Misc targets + +clean: + $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" + +distclean: + $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" --distclean + +install: $(CLI) docs + $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} + +docs: +%{build_doc_commands} + +# Object Files +LIBOBJS = %{lib_objs} + +CLIOBJS = %{cli_objs} + +TESTOBJS = %{test_objs} + +# Build Commands +%{lib_build_cmds} + +%{cli_build_cmds} + +%{test_build_cmds} + +# Library targets + +$(CLI): $(LIBRARIES) $(CLIOBJS) + $(EXE_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ + $(CLI_POST_LINK_CMD) + +$(TEST): $(LIBRARIES) $(TESTOBJS) + $(EXE_LINK_CMD) $(LDFLAGS) $(TESTOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ + $(TEST_POST_LINK_CMD) + +%{if build_static_lib} + +%{out_dir}/%{static_lib_name}: $(LIBOBJS) + $(AR) %{ar_options} %{ar_output_to}$@ $(LIBOBJS) + +%{endif} + +%{if build_unix_shared_lib} + +%{out_dir}/%{shared_lib_name}: $(LIBOBJS) + $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) %{output_to_exe}$@ + cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_base} + cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_patch} + +%{endif} + +%{if build_msvc_shared_lib} + +%{out_dir}/%{shared_lib_name}: $(LIBOBJS) + $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) %{output_to_exe}$@ + +%{endif} + +%{if build_fuzzers} + +%{fuzzer_build_cmds} + +FUZZERS=%{fuzzer_bin} + +fuzzers: libs $(FUZZERS) + +fuzzer_corpus: + git clone --depth=1 https://github.com/randombit/crypto-corpus.git fuzzer_corpus + +fuzzer_corpus_zip: fuzzer_corpus + ./src/scripts/create_corpus_zip.py fuzzer_corpus %{fuzzobj_dir} + +%{endif} diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in deleted file mode 100644 index 97084c7d82..0000000000 --- a/src/build-data/makefile/gmake.in +++ /dev/null @@ -1,67 +0,0 @@ -%{header_in} - -# Object Files -LIBOBJS = %{lib_objs} - -CLIOBJS = %{cli_objs} - -TESTOBJS = %{test_objs} - -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - -# Library targets - -$(CLI): $(LIBRARIES) $(CLIOBJS) - $(CLI_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(CLI_LINKS_TO) -o $(CLI) - $(CLI_POST_LINK_CMD) - -$(TEST): $(LIBRARIES) $(TESTOBJS) - $(TEST_LINK_CMD) $(LDFLAGS) $(TESTOBJS) $(TEST_LINKS_TO) -o $(TEST) - $(TEST_POST_LINK_CMD) - -%{if build_static_lib} - -%{out_dir}/%{static_lib_name}: $(LIBOBJS) - $(AR) %{ar_options} $@ $(LIBOBJS) - -%{endif} - -%{if build_shared_lib} - -SONAME_ABI = %{soname_abi} -DARWIN_COMPATIBILITY_VER = %{version_packed}.%{abi_rev}.0 -DARWIN_CURRENT_VER = %{version_packed}.%{abi_rev}.%{version_patch} - -%{out_dir}/%{shared_lib_name}: $(LIBOBJS) - $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $@ - cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_base} - cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_patch} - -%{endif} - -%{if build_fuzzers} - -# Fuzzer build commands - -FUZZER_LINK_CMD = %{fuzzer_link_cmd} -FUZZER_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) %{fuzzer_libs} -FUZZER_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) - -%{fuzzer_build_cmds} - -FUZZERS=%{fuzzer_bin} - -fuzzers: libs $(FUZZERS) - -fuzzer_corpus: - git clone --depth=1 https://github.com/randombit/crypto-corpus.git fuzzer_corpus - -fuzzer_corpus_zip: fuzzer_corpus - ./src/scripts/create_corpus_zip.py fuzzer_corpus %{fuzzobj_dir} - -%{endif} diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in deleted file mode 100644 index 95f39aca52..0000000000 --- a/src/build-data/makefile/header.in +++ /dev/null @@ -1,57 +0,0 @@ -# Paths to relevant programs - -CXX = %{cxx} %{cxx_abi_flags} -LINKER = %{linker} -AR = %{ar_command} -PYTHON_EXE = %{python_exe} - -# Compiler Flags - -LANG_FLAGS = %{cc_lang_flags} -CXXFLAGS = %{cc_compile_flags} -WARN_FLAGS = %{cc_warning_flags} -SO_OBJ_FLAGS = %{shared_flags} - -LIB_LINK_CMD = %{lib_link_cmd} -CLI_LINK_CMD = %{cli_link_cmd} -TEST_LINK_CMD = %{test_link_cmd} - -LIB_LINKS_TO = %{link_to} -CLI_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) -TEST_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) - -LIB_FLAGS = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) -CLI_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) -TEST_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) - -SCRIPTS_DIR = %{scripts_dir} -INSTALLED_LIB_DIR = %{prefix}/%{libdir} - -CLI_POST_LINK_CMD = %{cli_post_link_cmd} -TEST_POST_LINK_CMD = %{test_post_link_cmd} - -# The primary target -all: libs cli tests - -# Executable targets -CLI = %{cli_exe} -TEST = %{test_exe} -LIBRARIES = %{library_targets} - -cli: $(CLI) -tests: $(TEST) -libs: $(LIBRARIES) - -# Misc targets - -clean: - $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" - -distclean: - $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" --distclean - -install: $(CLI) docs - $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} - -docs: -%{build_doc_commands} diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in deleted file mode 100644 index dbd1a5af73..0000000000 --- a/src/build-data/makefile/nmake.in +++ /dev/null @@ -1,42 +0,0 @@ -%{header_in} - -# Object Files -LIBOBJS = %{lib_objs} - -CLIOBJS = %{cli_objs} - -TESTOBJS = %{test_objs} - -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - -# LIB_FILENAME is always the .lib file, that is either a static lib or a -# by-product of the DLL creation used to link the DLL into applications -LIB_FILENAME = %{out_dir}/%{static_lib_name} - -# Link Commands -$(CLI): $(LIBRARIES) $(CLIOBJS) - $(CLI_LINK_CMD) /OUT:$@ $(CLIOBJS) $(LIB_FILENAME) $(CLI_LINKS_TO) - $(CLI_POST_LINK_CMD) - -$(TEST): $(LIBRARIES) $(TESTOBJS) - $(TEST_LINK_CMD) /OUT:$@ $(TESTOBJS) $(LIB_FILENAME) $(TEST_LINKS_TO) - $(TEST_POST_LINK_CMD) - -%{if build_shared_lib} - -%{out_dir}/%{shared_lib_name}: $(LIBOBJS) - $(LIB_LINK_CMD) /OUT:$@ $(LIBOBJS) $(LIB_LINKS_TO) - -%{endif} - -%{if build_static_lib} - -%{out_dir}/%{static_lib_name}: $(LIBOBJS) - $(AR) %{ar_options} /OUT:$@ $(LIBOBJS) - -%{endif} From ba843d795772f72a4f3ecf9649c9b58f6422b3d3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 1 Dec 2017 09:41:28 -0500 Subject: [PATCH 0262/1008] Fix macOS dynamic link --- configure.py | 12 +++++------- src/build-data/makefile.in | 7 +++---- src/build-data/os/darwin.txt | 2 ++ 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/configure.py b/configure.py index 10b91dfad6..76887a4d18 100755 --- a/configure.py +++ b/configure.py @@ -1328,7 +1328,8 @@ def __init__(self, infofile): 'bin_dir': 'bin', 'lib_dir': 'lib', 'doc_dir': 'share/doc', - 'building_shared_supported': 'yes' + 'building_shared_supported': 'yes', + 'so_post_link_command': '', }) if lex.ar_command == 'ar' and lex.ar_options == '': @@ -1371,6 +1372,7 @@ def __init__(self, infofile): self.program_suffix = lex.program_suffix self.static_suffix = lex.static_suffix self.target_features = lex.target_features + self.so_post_link_command = lex.so_post_link_command def defines(self, options): r = [] @@ -2179,13 +2181,9 @@ def configure_command_line(): if options.os == 'darwin' and options.build_shared_lib: # In order that these executables work from the build directory, # we need to change the install names - variables['cli_post_link_cmd'] = \ - 'install_name_tool -change "$(INSTALLED_LIB_DIR)/$(SONAME_ABI)" "@executable_path/$(SONAME_ABI)" $(CLI)' - variables['test_post_link_cmd'] = \ - 'install_name_tool -change "$(INSTALLED_LIB_DIR)/$(SONAME_ABI)" "@executable_path/$(SONAME_ABI)" $(TEST)' + variables['post_link_cmd'] = osinfo.so_post_link_command.format(**variables) else: - variables['cli_post_link_cmd'] = '' - variables['test_post_link_cmd'] = '' + variables['post_link_cmd'] = '' variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index d89d1cccdc..89098c4660 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -24,8 +24,7 @@ EXE_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) SCRIPTS_DIR = %{scripts_dir} INSTALLED_LIB_DIR = %{prefix}/%{libdir} -CLI_POST_LINK_CMD = %{cli_post_link_cmd} -TEST_POST_LINK_CMD = %{test_post_link_cmd} +POST_LINK_CMD = %{post_link_cmd} # The primary target all: libs cli tests @@ -71,11 +70,11 @@ TESTOBJS = %{test_objs} $(CLI): $(LIBRARIES) $(CLIOBJS) $(EXE_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ - $(CLI_POST_LINK_CMD) + $(POST_LINK_CMD) $(TEST): $(LIBRARIES) $(TESTOBJS) $(EXE_LINK_CMD) $(LDFLAGS) $(TESTOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ - $(TEST_POST_LINK_CMD) + $(POST_LINK_CMD) %{if build_static_lib} diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index 78ad4a948c..4c8ba2c470 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -4,6 +4,8 @@ soname_pattern_base "libbotan-{version_major}.dylib" soname_pattern_abi "libbotan-{version_major}.{abi_rev}.dylib" soname_pattern_patch "libbotan-{version_major}.{abi_rev}.{version_minor}.{version_patch}.dylib" +so_post_link_command "install_name_tool -change '$(INSTALLED_LIB_DIR)/{soname_abi}' '@executable_path/{soname_abi}' $@" + doc_dir doc From d7d0b4bf346a9cb383ad42c61a599140a4d8a269 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 1 Dec 2017 13:13:43 -0500 Subject: [PATCH 0263/1008] Update news --- news.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/news.rst b/news.rst index e8abd5669a..371440570f 100644 --- a/news.rst +++ b/news.rst @@ -4,6 +4,12 @@ Release Notes Version 2.4.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Several build improvements requested by downstream packagers, including the + ability to disable building the static library. All makefile constructs that + were specific to nmake or GNU make have been eliminated, thus the option + ``--makefile-style`` which was previously used to select the makefile type has + also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 and #1325) + * Support for negotiating the DH group as specified in RFC 7919 is now available in TLS (GH #1263) From fb44cc8b188f4399cf1e7ee4953cfeb1507f6ad9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 2 Dec 2017 07:04:29 -0500 Subject: [PATCH 0264/1008] Remove unaligned mem check This previously enabled doing something unsafe (misaligned reads), but it turns out even on hardware that supports this, it is not safe to do because the compiler may do something unfortunate. Now memcpy is used, which is safe on any platform. Should provide a noticable speedup for ARM and PPC64, which previously used the byte-at-a-time fallback code. --- configure.py | 19 ------------- src/build-data/arch/m68k.txt | 3 -- src/build-data/arch/ppc32.txt | 1 - src/build-data/arch/s390.txt | 1 - src/build-data/arch/s390x.txt | 1 - src/build-data/arch/x86_32.txt | 1 - src/build-data/arch/x86_64.txt | 1 - src/lib/utils/loadstor.h | 51 +++++++++++++++------------------- 8 files changed, 22 insertions(+), 56 deletions(-) diff --git a/configure.py b/configure.py index 76887a4d18..2f2f8c11f2 100755 --- a/configure.py +++ b/configure.py @@ -335,15 +335,6 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--with-endian', metavar='ORDER', default=None, help='override byte order guess') - target_group.add_option('--with-unaligned-mem', - dest='unaligned_mem', action='store_true', - default=None, - help='use unaligned memory accesses') - - target_group.add_option('--without-unaligned-mem', - dest='unaligned_mem', action='store_false', - help=optparse.SUPPRESS_HELP) - target_group.add_option('--with-os-features', action='append', metavar='FEAT', help='specify OS features to use') target_group.add_option('--without-os-features', action='append', metavar='FEAT', @@ -998,7 +989,6 @@ def __init__(self, infofile): { 'endian': None, 'family': None, - 'unaligned': 'no', 'wordsize': 32 }) @@ -1006,7 +996,6 @@ def __init__(self, infofile): self.endian = lex.endian self.family = lex.family self.isa_extensions = lex.isa_extensions - self.unaligned_ok = (1 if lex.unaligned == 'ok' else 0) self.submodels = lex.submodels self.submodel_aliases = force_to_dict(lex.submodel_aliases) self.wordsize = int(lex.wordsize) @@ -1053,12 +1042,6 @@ def form_macro(cpu_name): macros.append('TARGET_CPU_IS_%s_ENDIAN' % (endian.upper())) logging.info('Assuming CPU is %s endian' % (endian)) - unaligned_ok = options.unaligned_mem - if unaligned_ok is None: - unaligned_ok = self.unaligned_ok - if unaligned_ok: - logging.info('Assuming unaligned memory access works') - if self.family is not None: macros.append('TARGET_CPU_IS_%s_FAMILY' % (self.family.upper())) @@ -1067,8 +1050,6 @@ def form_macro(cpu_name): if self.wordsize == 64: macros.append('TARGET_CPU_HAS_NATIVE_64BIT') - macros.append('TARGET_UNALIGNED_MEMORY_ACCESS_OK %d' % (unaligned_ok)) - if options.with_valgrind: macros.append('HAS_VALGRIND') diff --git a/src/build-data/arch/m68k.txt b/src/build-data/arch/m68k.txt index 691c45b92c..26dac5331b 100644 --- a/src/build-data/arch/m68k.txt +++ b/src/build-data/arch/m68k.txt @@ -1,8 +1,5 @@ endian big -# Except for Coldfire -#unaligned ok - 680x0 68k diff --git a/src/build-data/arch/ppc32.txt b/src/build-data/arch/ppc32.txt index 2f4ca6723b..7d0ce5e240 100644 --- a/src/build-data/arch/ppc32.txt +++ b/src/build-data/arch/ppc32.txt @@ -1,5 +1,4 @@ endian big -unaligned ok family ppc diff --git a/src/build-data/arch/s390.txt b/src/build-data/arch/s390.txt index 6e9f99f12c..a5c35637f6 100644 --- a/src/build-data/arch/s390.txt +++ b/src/build-data/arch/s390.txt @@ -1,5 +1,4 @@ endian big -unaligned ok s390 diff --git a/src/build-data/arch/s390x.txt b/src/build-data/arch/s390x.txt index 0fec592b47..6ed2ec079b 100644 --- a/src/build-data/arch/s390x.txt +++ b/src/build-data/arch/s390x.txt @@ -1,5 +1,4 @@ endian big -unaligned ok wordsize 64 diff --git a/src/build-data/arch/x86_32.txt b/src/build-data/arch/x86_32.txt index beaf60a41b..20401e034b 100644 --- a/src/build-data/arch/x86_32.txt +++ b/src/build-data/arch/x86_32.txt @@ -1,5 +1,4 @@ endian little -unaligned ok family x86 diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt index b162d0ab41..49f8a6a55d 100644 --- a/src/build-data/arch/x86_64.txt +++ b/src/build-data/arch/x86_64.txt @@ -1,5 +1,4 @@ endian little -unaligned ok wordsize 64 family x86 diff --git a/src/lib/utils/loadstor.h b/src/lib/utils/loadstor.h index ca75969fab..70ad20591c 100644 --- a/src/lib/utils/loadstor.h +++ b/src/lib/utils/loadstor.h @@ -1,6 +1,6 @@ /* * Load/Store Operators -* (C) 1999-2007,2015 Jack Lloyd +* (C) 1999-2007,2015,2017 Jack Lloyd * 2007 Yves Jerschow * * Botan is released under the Simplified BSD License (see license.txt) @@ -14,25 +14,17 @@ #include #include -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK - #if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN) - -#define BOTAN_ENDIAN_N2B(x) (x) -#define BOTAN_ENDIAN_B2N(x) (x) - -#define BOTAN_ENDIAN_N2L(x) reverse_bytes(x) -#define BOTAN_ENDIAN_L2N(x) reverse_bytes(x) + #define BOTAN_ENDIAN_N2L(x) reverse_bytes(x) + #define BOTAN_ENDIAN_L2N(x) reverse_bytes(x) + #define BOTAN_ENDIAN_N2B(x) (x) + #define BOTAN_ENDIAN_B2N(x) (x) #elif defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN) - -#define BOTAN_ENDIAN_N2L(x) (x) -#define BOTAN_ENDIAN_L2N(x) (x) - -#define BOTAN_ENDIAN_N2B(x) reverse_bytes(x) -#define BOTAN_ENDIAN_B2N(x) reverse_bytes(x) - -#endif + #define BOTAN_ENDIAN_N2L(x) (x) + #define BOTAN_ENDIAN_L2N(x) (x) + #define BOTAN_ENDIAN_N2B(x) reverse_bytes(x) + #define BOTAN_ENDIAN_B2N(x) reverse_bytes(x) #endif @@ -146,7 +138,7 @@ inline uint16_t load_be(const uint8_t in[], size_t off) { in += off * sizeof(uint16_t); -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2B) uint16_t x; std::memcpy(&x, in, sizeof(x)); return BOTAN_ENDIAN_N2B(x); @@ -166,7 +158,7 @@ inline uint16_t load_le(const uint8_t in[], size_t off) { in += off * sizeof(uint16_t); -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2L) uint16_t x; std::memcpy(&x, in, sizeof(x)); return BOTAN_ENDIAN_N2L(x); @@ -185,7 +177,7 @@ template<> inline uint32_t load_be(const uint8_t in[], size_t off) { in += off * sizeof(uint32_t); -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2B) uint32_t x; std::memcpy(&x, in, sizeof(x)); return BOTAN_ENDIAN_N2B(x); @@ -204,7 +196,7 @@ template<> inline uint32_t load_le(const uint8_t in[], size_t off) { in += off * sizeof(uint32_t); -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2L) uint32_t x; std::memcpy(&x, in, sizeof(x)); return BOTAN_ENDIAN_N2L(x); @@ -223,7 +215,7 @@ template<> inline uint64_t load_be(const uint8_t in[], size_t off) { in += off * sizeof(uint64_t); -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2B) uint64_t x; std::memcpy(&x, in, sizeof(x)); return BOTAN_ENDIAN_N2B(x); @@ -243,7 +235,7 @@ template<> inline uint64_t load_le(const uint8_t in[], size_t off) { in += off * sizeof(uint64_t); -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2L) uint64_t x; std::memcpy(&x, in, sizeof(x)); return BOTAN_ENDIAN_N2L(x); @@ -416,6 +408,7 @@ inline void load_be(T out[], { #if defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN) std::memcpy(out, in, sizeof(T)*count); + #elif defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN) std::memcpy(out, in, sizeof(T)*count); const size_t blocks = count - (count % 4); @@ -440,7 +433,7 @@ inline void load_be(T out[], */ inline void store_be(uint16_t in, uint8_t out[2]) { -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2B) uint16_t o = BOTAN_ENDIAN_N2B(in); std::memcpy(out, &o, sizeof(o)); #else @@ -456,7 +449,7 @@ inline void store_be(uint16_t in, uint8_t out[2]) */ inline void store_le(uint16_t in, uint8_t out[2]) { -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_N2L) uint16_t o = BOTAN_ENDIAN_N2L(in); std::memcpy(out, &o, sizeof(o)); #else @@ -472,7 +465,7 @@ inline void store_le(uint16_t in, uint8_t out[2]) */ inline void store_be(uint32_t in, uint8_t out[4]) { -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_B2N) uint32_t o = BOTAN_ENDIAN_B2N(in); std::memcpy(out, &o, sizeof(o)); #else @@ -490,7 +483,7 @@ inline void store_be(uint32_t in, uint8_t out[4]) */ inline void store_le(uint32_t in, uint8_t out[4]) { -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_L2N) uint32_t o = BOTAN_ENDIAN_L2N(in); std::memcpy(out, &o, sizeof(o)); #else @@ -508,7 +501,7 @@ inline void store_le(uint32_t in, uint8_t out[4]) */ inline void store_be(uint64_t in, uint8_t out[8]) { -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_B2N) uint64_t o = BOTAN_ENDIAN_B2N(in); std::memcpy(out, &o, sizeof(o)); #else @@ -530,7 +523,7 @@ inline void store_be(uint64_t in, uint8_t out[8]) */ inline void store_le(uint64_t in, uint8_t out[8]) { -#if BOTAN_TARGET_UNALIGNED_MEMORY_ACCESS_OK +#if defined(BOTAN_ENDIAN_L2N) uint64_t o = BOTAN_ENDIAN_L2N(in); std::memcpy(out, &o, sizeof(o)); #else From 35add1e69f380eeb3010e1d0cda5225fc8c5a0bf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 2 Dec 2017 07:46:59 -0500 Subject: [PATCH 0265/1008] Drop support for Cilk+ It's been dropped from GCC, appears OpenACC is the new hotness for this kind of thing. --- configure.py | 9 --------- src/build-data/cc/gcc.txt | 3 +-- src/lib/utils/compiler.h | 34 ++-------------------------------- src/scripts/ci_build.py | 5 +---- 4 files changed, 4 insertions(+), 47 deletions(-) diff --git a/configure.py b/configure.py index 76887a4d18..320c62ec16 100755 --- a/configure.py +++ b/configure.py @@ -427,8 +427,6 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--with-openmp', default=False, action='store_true', help='enable use of OpenMP') - build_group.add_option('--with-cilkplus', default=False, action='store_true', - help='enable use of Cilk Plus') link_methods = ['symlink', 'hardlink', 'copy'] build_group.add_option('--link-method', default=None, metavar='METHOD', @@ -1074,8 +1072,6 @@ def form_macro(cpu_name): if options.with_openmp: macros.append('TARGET_HAS_OPENMP') - if options.with_cilkplus: - macros.append('TARGET_HAS_CILKPLUS') return macros @@ -1211,11 +1207,6 @@ def all_group(): raise UserError('No support for OpenMP for %s' % (self.basename)) abi_link.append(self.mach_abi_linking['openmp']) - if options.with_cilkplus: - if 'cilkplus' not in self.mach_abi_linking: - raise UserError('No support for Cilk Plus for %s' % (self.basename)) - abi_link.append(self.mach_abi_linking['cilkplus']) - abi_flags = ' '.join(sorted(abi_link)) if options.cc_abi_flags != '': diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 17b477db8e..94cdd9e254 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -114,8 +114,7 @@ all_x86_64 -> "-momit-leaf-frame-pointer" all -> "-pthread" -cilkplus -> "-fcilkplus" -openmp -> "-fopenmp" +openmp -> "-fopenmp" mips64 -> "-mabi=64" s390 -> "-m31" diff --git a/src/lib/utils/compiler.h b/src/lib/utils/compiler.h index 9ef0f75b31..0115ae00c2 100644 --- a/src/lib/utils/compiler.h +++ b/src/lib/utils/compiler.h @@ -168,9 +168,7 @@ */ #if !defined(BOTAN_PARALLEL_FOR) -#if defined(BOTAN_TARGET_HAS_CILKPLUS) - #define BOTAN_PARALLEL_FOR _Cilk_for -#elif defined(BOTAN_TARGET_HAS_OPENMP) +#if defined(BOTAN_TARGET_HAS_OPENMP) #define BOTAN_PARALLEL_FOR _Pragma("omp parallel for") for #else #define BOTAN_PARALLEL_FOR for @@ -183,9 +181,7 @@ */ #if !defined(BOTAN_PARALLEL_SIMD_FOR) -#if defined(BOTAN_TARGET_HAS_CILKPLUS) - #define BOTAN_PARALLEL_SIMD_FOR _Pragma("simd") for -#elif defined(BOTAN_TARGET_HAS_OPENMP) +#if defined(BOTAN_TARGET_HAS_OPENMP) #define BOTAN_PARALLEL_SIMD_FOR _Pragma("omp simd") for #elif defined(BOTAN_BUILD_COMPILER_IS_GCC) && (BOTAN_GCC_VERSION >= 490) #define BOTAN_PARALLEL_SIMD_FOR _Pragma("GCC ivdep") for @@ -195,30 +191,4 @@ #endif -/* -* Define BOTAN_PARALLEL_SPAWN -*/ -#if !defined(BOTAN_PARALLEL_SPAWN) - -#if defined(BOTAN_TARGET_HAS_CILKPLUS) - #define BOTAN_PARALLEL_SPAWN _Cilk_spawn -#else - #define BOTAN_PARALLEL_SPAWN -#endif - -#endif - -/* -* Define BOTAN_PARALLEL_SYNC -*/ -#if !defined(BOTAN_PARALLEL_SYNC) - -#if defined(BOTAN_TARGET_HAS_CILKPLUS) - #define BOTAN_PARALLEL_SYNC _Cilk_sync -#else - #define BOTAN_PARALLEL_SYNC BOTAN_FORCE_SEMICOLON -#endif - -#endif - #endif diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 84deec8bec..72e9d8e629 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -104,10 +104,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro flags += ['--disable-modules=locking_allocator'] if target == 'parallel': - if target_cc == 'gcc': - flags += ['--with-cilkplus'] - else: - flags += ['--with-openmp'] + flags += ['--with-openmp'] if target == 'sonar': if target_os != 'linux' or target_cc != 'clang': From 70e88d6d5b8179e1bc0d96b20aa0f63e0960a900 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 2 Dec 2017 05:46:59 -0500 Subject: [PATCH 0266/1008] Fix install when static lib is disabled Add a test in CI to cover this --- src/scripts/ci_build.py | 5 ++++- src/scripts/install.py | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 72e9d8e629..74c6a7bfb3 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -62,6 +62,9 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro if target_cpu != None: flags += ['--cpu=%s' % (target_cpu)] + if target in ['shared', 'mini-shared']: + flags += ['--disable-static'] + if target in ['static', 'mini-static', 'fuzzers'] or target_os in ['ios', 'mingw']: flags += ['--disable-shared'] @@ -431,7 +434,7 @@ def main(args=None): if use_python3: cmds.append(['python3', botan_py]) - if target == 'shared': + if target in ['shared', 'static', 'bsi', 'nist']: cmds.append(make_cmd + ['install']) if target in ['sonar']: diff --git a/src/scripts/install.py b/src/scripts/install.py index 46dc6e09a6..7a5659b47b 100755 --- a/src/scripts/install.py +++ b/src/scripts/install.py @@ -165,6 +165,7 @@ class PercentSignTemplate(string.Template): ver_patch = int(cfg['version_patch']) target_os = cfg['os'] build_shared_lib = bool(cfg['build_shared_lib']) + build_static_lib = bool(cfg['build_static_lib']) bin_dir = os.path.join(options.prefix, options.bindir) lib_dir = os.path.join(options.prefix, options.libdir) @@ -196,9 +197,10 @@ class PercentSignTemplate(string.Template): copy_file(os.path.join(build_external_include_dir, include), prepend_destdir(os.path.join(target_include_dir, include))) - static_lib = process_template('%{lib_prefix}%{libname}.%{static_suffix}') - copy_file(os.path.join(out_dir, static_lib), - prepend_destdir(os.path.join(lib_dir, os.path.basename(static_lib)))) + if build_static_lib: + static_lib = process_template('%{lib_prefix}%{libname}.%{static_suffix}') + copy_file(os.path.join(out_dir, static_lib), + prepend_destdir(os.path.join(lib_dir, os.path.basename(static_lib)))) if build_shared_lib: if target_os == "windows": From 3415a93a774f631e156ee8a187e376ff2789f27d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 2 Dec 2017 05:50:46 -0500 Subject: [PATCH 0267/1008] Accept CXXFLAGS and LDFLAGS from environment (GH #1237) Also remove a duplicated block (rebase error) --- configure.py | 41 ++++++++++++++---------------------- src/build-data/makefile.in | 11 +++++----- src/build-data/os/darwin.txt | 2 ++ 3 files changed, 24 insertions(+), 30 deletions(-) diff --git a/configure.py b/configure.py index 320c62ec16..74c4e78bc4 100755 --- a/configure.py +++ b/configure.py @@ -329,6 +329,12 @@ def process_command_line(args): # pylint: disable=too-many-locals help='set compiler ABI flags', default='') + target_group.add_option('--cxxflags', metavar='FLAG', + help='set compiler flags', default=None) + + target_group.add_option('--ldflags', metavar='FLAG', + help='set linker flags', default=None) + target_group.add_option('--ar-command', dest='ar_command', metavar='AR', default=None, help='set path to static archive creator') @@ -622,6 +628,10 @@ def parse_multiple_enable(modules): options.ar_command = os.getenv('AR') if options.compiler_binary is None: options.compiler_binary = os.getenv('CXX') + if options.cxxflags is None: + options.cxxflags = os.getenv('CXXFLAGS') + if options.ldflags is None: + options.ldflags = os.getenv('LDFLAGS') return options @@ -2088,7 +2098,8 @@ def configure_command_line(): 'linker': cc.linker_name or '$(CXX)', 'cc_lang_flags': cc.cc_lang_flags(), - 'cc_compile_flags': cc.cc_compile_flags(options), + 'cc_compile_flags': options.cxxflags or cc.cc_compile_flags(options), + 'ldflags': options.ldflags or '', 'cc_warning_flags': cc.cc_warning_flags(options), 'output_to_exe': cc.output_to_exe, @@ -2138,6 +2149,8 @@ def configure_command_line(): variables['test_exe'] = os.path.join(variables['out_dir'], 'botan-test' + variables['program_suffix']) + variables['post_link_cmd'] = osinfo.so_post_link_command.format(**variables) if options.build_shared_lib else '' + if options.os == 'windows': # For historical reasons? the library does not have the major number on Windows # This should probably be fixed in a future major release. @@ -2148,7 +2161,6 @@ def configure_command_line(): variables['libname'] = 'botan-%d' % (Version.major()) variables['lib_basename'] = 'lib' + variables['libname'] variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) - variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] @@ -2169,29 +2181,6 @@ def configure_command_line(): else: variables['lib_link_cmd'] = '' - if options.os == 'darwin' and options.build_shared_lib: - # In order that these executables work from the build directory, - # we need to change the install names - variables['post_link_cmd'] = osinfo.so_post_link_command.format(**variables) - else: - variables['post_link_cmd'] = '' - - variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) - - if options.os == 'windows': - # For historical reasons? the library does not have the major number on Windows - # This should probably be fixed in a future major release. - variables['libname'] = 'botan' - variables['lib_basename'] = variables['libname'] - variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan-cli' + variables['program_suffix']) - else: - variables['libname'] = 'botan-%d' % (Version.major()) - variables['lib_basename'] = 'lib' + variables['libname'] - variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) - variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) - - variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] - if options.os == 'llvm' or options.compiler == 'msvc': # llvm-link and msvc require just naming the file directly variables['link_to_botan'] = os.path.join(variables['out_dir'], variables['static_lib_name']) @@ -2208,6 +2197,8 @@ def configure_command_line(): variables['library_targets'] = ' '.join([os.path.join(variables['out_dir'], variables[t]) for t in lib_targets]) + variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) + return variables class ModulesChooser(object): diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 89098c4660..2c97ef7925 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -11,6 +11,7 @@ LANG_FLAGS = %{cc_lang_flags} CXXFLAGS = %{cc_compile_flags} WARN_FLAGS = %{cc_warning_flags} SO_OBJ_FLAGS = %{shared_flags} +LDFLAGS = %{ldflags} LIB_LINK_CMD = %{lib_link_cmd} EXE_LINK_CMD = %{exe_link_cmd} @@ -27,7 +28,7 @@ INSTALLED_LIB_DIR = %{prefix}/%{libdir} POST_LINK_CMD = %{post_link_cmd} # The primary target -all: libs cli tests +all: libs cli tests docs # Executable targets CLI = %{cli_exe} @@ -40,18 +41,18 @@ libs: $(LIBRARIES) # Misc targets +docs: +%{build_doc_commands} + clean: $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" distclean: $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" --distclean -install: $(CLI) docs +install: libs cli docs $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} -docs: -%{build_doc_commands} - # Object Files LIBOBJS = %{lib_objs} diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index 4c8ba2c470..41716e21ab 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -4,6 +4,8 @@ soname_pattern_base "libbotan-{version_major}.dylib" soname_pattern_abi "libbotan-{version_major}.{abi_rev}.dylib" soname_pattern_patch "libbotan-{version_major}.{abi_rev}.{version_minor}.{version_patch}.dylib" +# In order that these executables work from the build directory, +# we need to change the install names so_post_link_command "install_name_tool -change '$(INSTALLED_LIB_DIR)/{soname_abi}' '@executable_path/{soname_abi}' $@" doc_dir doc From 1891809fd886ef15aa8935f48dcc7d829003d4be Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 2 Dec 2017 06:08:09 -0500 Subject: [PATCH 0268/1008] Build simplifications --- configure.py | 75 +++++++++++++++++------------------ src/build-data/os/windows.txt | 7 ++++ src/scripts/cleanup.py | 3 +- 3 files changed, 46 insertions(+), 39 deletions(-) diff --git a/configure.py b/configure.py index 74c4e78bc4..22d246f06c 100755 --- a/configure.py +++ b/configure.py @@ -1331,6 +1331,9 @@ def __init__(self, infofile): 'doc_dir': 'share/doc', 'building_shared_supported': 'yes', 'so_post_link_command': '', + 'cli_exe_name': 'botan', + 'lib_prefix': 'lib', + 'library_name': 'botan-{major}', }) if lex.ar_command == 'ar' and lex.ar_options == '': @@ -1363,17 +1366,20 @@ def __init__(self, infofile): self.ar_command = lex.ar_command self.ar_options = lex.ar_options self.bin_dir = lex.bin_dir - self.building_shared_supported = (True if lex.building_shared_supported == 'yes' else False) + self.building_shared_supported = (lex.building_shared_supported == 'yes') + self.cli_exe_name = lex.cli_exe_name self.doc_dir = lex.doc_dir self.header_dir = lex.header_dir self.install_root = lex.install_root self.lib_dir = lex.lib_dir - self.os_type = lex.os_type + self.lib_prefix = lex.lib_prefix + self.library_name = lex.library_name self.obj_suffix = lex.obj_suffix + self.os_type = lex.os_type self.program_suffix = lex.program_suffix + self.so_post_link_command = lex.so_post_link_command self.static_suffix = lex.static_suffix self.target_features = lex.target_features - self.so_post_link_command = lex.so_post_link_command def defines(self, options): r = [] @@ -2026,6 +2032,9 @@ def configure_command_line(): main_executable = os.path.basename(sys.argv[0]) return ' '.join([main_executable] + sys.argv[1:]) + build_dir = options.with_build_dir or os.path.curdir + program_suffix = options.program_suffix or osinfo.program_suffix + variables = { 'version_major': Version.major(), 'version_minor': Version.minor(), @@ -2046,12 +2055,19 @@ def configure_command_line(): 'src_dir': source_paths.src_dir, 'doc_dir': source_paths.doc_dir, + 'cli_exe': os.path.join(build_dir, osinfo.cli_exe_name + program_suffix), + 'test_exe': os.path.join(build_dir, 'botan-test' + program_suffix), + + 'lib_prefix': osinfo.lib_prefix, + 'static_suffix': osinfo.static_suffix, + 'libname': osinfo.library_name.format(major=Version.major(), minor=Version.minor()), + 'command_line': configure_command_line(), 'local_config': read_textfile(options.local_config), 'makefile_path': os.path.join(build_config.build_dir, '..', 'Makefile'), - 'program_suffix': options.program_suffix or osinfo.program_suffix, + 'program_suffix': program_suffix, 'prefix': options.prefix or osinfo.install_root, 'bindir': options.bindir or osinfo.bin_dir, @@ -2108,6 +2124,7 @@ def configure_command_line(): 'lib_link_cmd': cc.so_link_command_for(osinfo.basename, options) + external_link_cmd(), 'exe_link_cmd': cc.binary_link_command_for(osinfo.basename, options) + external_link_cmd(), + 'post_link_cmd': '', 'link_to': ' '.join( [cc.add_lib_option + lib for lib in link_to('libs')] + @@ -2134,36 +2151,20 @@ def configure_command_line(): 'ar_options': cc.ar_options or osinfo.ar_options, 'ar_output_to': cc.ar_output_to, - 'lib_prefix': 'lib' if options.os != 'windows' else '', - - 'static_suffix': osinfo.static_suffix, - 'mod_list': '\n'.join(sorted([m.basename for m in modules])), 'python_version': options.python_version, 'with_sphinx': options.with_sphinx, 'house_ecc_curve_defines': make_cpp_macros(HouseEccCurve(options.house_curve).defines()) \ - if options.house_curve else '' + if options.house_curve else '', } - variables['test_exe'] = os.path.join(variables['out_dir'], - 'botan-test' + variables['program_suffix']) - - variables['post_link_cmd'] = osinfo.so_post_link_command.format(**variables) if options.build_shared_lib else '' - - if options.os == 'windows': - # For historical reasons? the library does not have the major number on Windows - # This should probably be fixed in a future major release. - variables['libname'] = 'botan' - variables['lib_basename'] = variables['libname'] - variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan-cli' + variables['program_suffix']) - else: - variables['libname'] = 'botan-%d' % (Version.major()) - variables['lib_basename'] = 'lib' + variables['libname'] - variables['cli_exe'] = os.path.join(variables['out_dir'], 'botan' + variables['program_suffix']) + if options.os != 'windows': variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) - variables['static_lib_name'] = variables['lib_basename'] + '.' + variables['static_suffix'] + # The name is always set because Windows build needs it + variables['static_lib_name'] = '%s%s.%s' % (variables['lib_prefix'], variables['libname'], + variables['static_suffix']) if options.build_shared_lib: if osinfo.soname_pattern_base != None: @@ -2178,24 +2179,22 @@ def configure_command_line(): variables['soname_patch'] = osinfo.soname_pattern_patch.format(**variables) variables['lib_link_cmd'] = variables['lib_link_cmd'].format(**variables) - else: - variables['lib_link_cmd'] = '' - - if options.os == 'llvm' or options.compiler == 'msvc': - # llvm-link and msvc require just naming the file directly - variables['link_to_botan'] = os.path.join(variables['out_dir'], variables['static_lib_name']) - else: - variables['link_to_botan'] = '%s%s %s%s' % ( - cc.add_lib_dir_option, variables['out_dir'], - cc.add_lib_option, variables['libname']) + variables['post_link_cmd'] = osinfo.so_post_link_command.format(**variables) if options.build_shared_lib else '' lib_targets = [] - if options.build_shared_lib: - lib_targets.append('shared_lib_name') if options.build_static_lib: lib_targets.append('static_lib_name') + if options.build_shared_lib: + lib_targets.append('shared_lib_name') + + variables['library_targets'] = ' '.join([os.path.join(build_dir, variables[t]) for t in lib_targets]) - variables['library_targets'] = ' '.join([os.path.join(variables['out_dir'], variables[t]) for t in lib_targets]) + if options.os == 'llvm' or options.compiler == 'msvc': + # llvm-link and msvc require just naming the file directly + variables['link_to_botan'] = os.path.join(build_dir, variables['static_lib_name']) + else: + variables['link_to_botan'] = '%s%s %s%s' % (cc.add_lib_dir_option, build_dir, + cc.add_lib_option, variables['libname']) variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index efc9733c98..898dfc65f9 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -1,8 +1,15 @@ os_type windows +cli_exe_name botan-cli + program_suffix .exe obj_suffix obj static_suffix lib +lib_prefix '' + +# For historical reasons? the library does not have the major number on Windows +# This should probably be fixed in a future major release. +library_name 'botan' soname_pattern_base "{libname}.dll" diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 6e46890037..33ae18a5ef 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -100,7 +100,8 @@ def main(args=None): remove_file(build_config['cli_exe']) remove_file(build_config['test_exe']) - matches_libname = re.compile('^' + build_config['lib_basename'] + '.([a-z]+)') + lib_basename = build_config['lib_prefix'] + build_config['libname'] + matches_libname = re.compile('^' + lib_basename + '.([a-z]+)') known_suffix = ['a', 'so', 'dll', 'manifest', 'exp'] From 17049025bc00fbbae901a2622c28c6f04f9186a8 Mon Sep 17 00:00:00 2001 From: Felix Yan Date: Sun, 3 Dec 2017 02:31:09 +0800 Subject: [PATCH 0269/1008] Fix a typo in sha1_sse2.cpp --- src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp b/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp index 0b7f8f8379..88e5a0d2c7 100644 --- a/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp +++ b/src/lib/hash/sha1/sha1_sse2/sha1_sse2.cpp @@ -71,7 +71,7 @@ W0 = W[t]..W[t+3] * r0 = paddd r0,r0 * r0 = psub r0,r1 * -* because pcmpltd and paddd are availabe in both MMX units on +* because pcmpltd and paddd are available in both MMX units on * efficeon, pentium-m, and opteron but shifts are available in * only one unit. */ From 9f6ce97470adad5bf5840f3a569e37f9a01ec831 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 12:36:51 -0500 Subject: [PATCH 0270/1008] Create two macros for CAST-128 vs CAST-256 Since eventually CAST-256 is going away. --- src/lib/block/block_cipher.cpp | 9 +++++++-- src/lib/block/cast/info.txt | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/lib/block/block_cipher.cpp b/src/lib/block/block_cipher.cpp index a3e17be4c3..8be2de6640 100644 --- a/src/lib/block/block_cipher.cpp +++ b/src/lib/block/block_cipher.cpp @@ -24,8 +24,11 @@ #include #endif -#if defined(BOTAN_HAS_CAST) +#if defined(BOTAN_HAS_CAST_128) #include +#endif + +#if defined(BOTAN_HAS_CAST_256) #include #endif @@ -229,12 +232,14 @@ BlockCipher::create(const std::string& algo, } #endif -#if defined(BOTAN_HAS_CAST) +#if defined(BOTAN_HAS_CAST_128) if(algo == "CAST-128" || algo == "CAST5") { return std::unique_ptr(new CAST_128); } +#endif +#if defined(BOTAN_HAS_CAST_256) if(algo == "CAST-256") { return std::unique_ptr(new CAST_256); diff --git a/src/lib/block/cast/info.txt b/src/lib/block/cast/info.txt index 75d7e4ca3a..3f2749953d 100644 --- a/src/lib/block/cast/info.txt +++ b/src/lib/block/cast/info.txt @@ -1,5 +1,7 @@ CAST -> 20131128 +CAST_128 -> 20171203 +CAST_256 -> 20171203 From 4030efb9af679fde3b259b46a8bb9163d75bb9c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 12:37:26 -0500 Subject: [PATCH 0271/1008] Avoid calling lookup("DES") twice when clone will do the job. --- src/lib/mac/x919_mac/x919_mac.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/mac/x919_mac/x919_mac.cpp b/src/lib/mac/x919_mac/x919_mac.cpp index ef1e78602f..0cbf087959 100644 --- a/src/lib/mac/x919_mac/x919_mac.cpp +++ b/src/lib/mac/x919_mac/x919_mac.cpp @@ -91,7 +91,7 @@ MessageAuthenticationCode* ANSI_X919_MAC::clone() const */ ANSI_X919_MAC::ANSI_X919_MAC() : m_des1(BlockCipher::create("DES")), - m_des2(BlockCipher::create("DES")), + m_des2(m_des1->clone()), m_position(0) { } From 47a8b46b63127829ceb1fd8cd42aba55c0fa8dd0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 12:37:40 -0500 Subject: [PATCH 0272/1008] Code formatting tweak in Poly1305 code --- src/lib/mac/poly1305/poly1305.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib/mac/poly1305/poly1305.cpp b/src/lib/mac/poly1305/poly1305.cpp index 639aa88c02..b912220926 100644 --- a/src/lib/mac/poly1305/poly1305.cpp +++ b/src/lib/mac/poly1305/poly1305.cpp @@ -72,11 +72,11 @@ void poly1305_blocks(secure_vector& X, const uint8_t *m, size_t blocks uint128_t d2 = uint128_t(h0) * r2 + uint128_t(h1) * r1 + uint128_t(h2) * r0; /* (partial) h %= p */ - uint64_t c = carry_shift(d0, 44); h0 = d0 & 0xfffffffffff; - d1 += c; c = carry_shift(d1, 44); h1 = d1 & 0xfffffffffff; - d2 += c; c = carry_shift(d2, 42); h2 = d2 & 0x3ffffffffff; - h0 += c * 5; c = carry_shift(h0, 44); h0 = h0 & 0xfffffffffff; - h1 += c; + uint64_t c = carry_shift(d0, 44); h0 = d0 & 0xfffffffffff; + d1 += c; c = carry_shift(d1, 44); h1 = d1 & 0xfffffffffff; + d2 += c; c = carry_shift(d2, 42); h2 = d2 & 0x3ffffffffff; + h0 += c * 5; c = carry_shift(h0, 44); h0 = h0 & 0xfffffffffff; + h1 += c; m += 16; } From fccea4e003906d7dd0c44b91415b4651220d74b9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 12:37:51 -0500 Subject: [PATCH 0273/1008] Have make clean also delete the documentation dir --- src/scripts/cleanup.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 33ae18a5ef..e14f7ec176 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -41,7 +41,8 @@ def remove_all_in_dir(d): logging.debug('Removing all files in directory "%s"', d) for f in os.listdir(d): - remove_file(os.path.join(d, f)) + full_path = os.path.join(d, f) + shutil.rmtree(full_path) def main(args=None): if args is None: @@ -93,7 +94,7 @@ def main(args=None): remove_file(build_config['makefile_path']) remove_dir(build_dir) else: - for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir']: + for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir', 'doc_output_dir']: dir_path = build_config[dir_type] remove_all_in_dir(dir_path) From 2bd958a68e7e9651c12996caddf049a4dc747212 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 13:22:21 -0500 Subject: [PATCH 0274/1008] Simplify pkg-config file generation --- configure.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/configure.py b/configure.py index 53001b856b..12b9aaeb02 100755 --- a/configure.py +++ b/configure.py @@ -262,8 +262,6 @@ def src_info(self, typ): raise InternalError("Unknown src info type '%s'" % (typ)) -PKG_CONFIG_FILENAME = 'botan-%d.pc' % (Version.major()) - def make_build_doc_commands(source_paths, build_paths, options): if options.with_documentation is False: @@ -2141,7 +2139,7 @@ def configure_command_line(): } if options.os != 'windows': - variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, PKG_CONFIG_FILENAME) + variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, 'botan-%d.pc' % (Version.major())) # The name is always set because Windows build needs it variables['static_lib_name'] = '%s%s.%s' % (variables['lib_prefix'], variables['libname'], @@ -3164,8 +3162,8 @@ def in_build_data(p): write_template(in_build_dir('build.h'), in_build_data('buildh.in')) write_template(in_build_dir('botan.doxy'), in_build_data('botan.doxy.in')) - if options.os != 'windows': - write_template(in_build_dir(PKG_CONFIG_FILENAME), in_build_data('botan.pc.in')) + if 'botan_pkgconfig' in template_vars: + write_template(template_vars['botan_pkgconfig'], in_build_data('botan.pc.in')) if options.os == 'windows': write_template(in_build_dir('botan.iss'), in_build_data('innosetup.in')) From cb063792ae7fb1d267b3d6861ba8e4adfe072054 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 13:24:33 -0500 Subject: [PATCH 0275/1008] Remove (undocumented) --dirty-tree option I used to use this during development but a ccache'd clean build takes under a second. --- configure.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/configure.py b/configure.py index 12b9aaeb02..cda6a90191 100755 --- a/configure.py +++ b/configure.py @@ -459,10 +459,6 @@ def process_command_line(args): # pylint: disable=too-many-locals action='store_true', default=False, help="Enable extra warnings") - build_group.add_option('--dirty-tree', dest='clean_build_tree', - action='store_false', default=True, - help=optparse.SUPPRESS_HELP) - build_group.add_option('--with-python-versions', dest='python_version', metavar='N.M', default='%d.%d' % (sys.version_info[0], sys.version_info[1]), @@ -3137,8 +3133,7 @@ def main_action_configure_build(info_modules, source_paths, options, # Now we start writing to disk try: - if options.clean_build_tree: - robust_rmtree(build_config.build_dir) + robust_rmtree(build_config.build_dir) except OSError as e: if e.errno != errno.ENOENT: logging.error('Problem while removing build dir: %s' % (e)) From 788fd2bacb19fcf630c7857a10c72ec4067b50f6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 13:34:04 -0500 Subject: [PATCH 0276/1008] Avoid code duplication in configure parse_lex_dict is force_to_dict + error checking. --- configure.py | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/configure.py b/configure.py index cda6a90191..ee26d0320e 100755 --- a/configure.py +++ b/configure.py @@ -638,8 +638,7 @@ def __str__(self): def parse_lex_dict(as_list): if len(as_list) % 3 != 0: - raise InternalError( - "Lex dictionary has invalid format (input not divisible by 3): %s" % as_list) + raise InternalError("Lex dictionary has invalid format (input not divisible by 3): %s" % as_list) result = {} for key, sep, value in [as_list[3*i:3*i+3] for i in range(0, len(as_list)//3)]: @@ -707,16 +706,6 @@ def lexed_tokens(): # Convert to an interator return out - -def force_to_dict(l): - """ - Convert a lex'ed map (from build-data files) from a list to a dict - TODO: Add error checking of input... - """ - - return dict(zip(l[::3], l[2::3])) - - class InfoObject(object): def __init__(self, infofile): """ @@ -999,7 +988,7 @@ def __init__(self, infofile): self.family = lex.family self.isa_extensions = lex.isa_extensions self.submodels = lex.submodels - self.submodel_aliases = force_to_dict(lex.submodel_aliases) + self.submodel_aliases = parse_lex_dict(lex.submodel_aliases) self.wordsize = int(lex.wordsize) def all_submodels(self): @@ -1105,15 +1094,15 @@ def __init__(self, infofile): self.ar_command = lex.ar_command self.ar_options = lex.ar_options self.ar_output_to = lex.ar_output_to - self.binary_link_commands = force_to_dict(lex.binary_link_commands) + self.binary_link_commands = parse_lex_dict(lex.binary_link_commands) self.binary_name = lex.binary_name self.compile_flags = lex.compile_flags self.coverage_flags = lex.coverage_flags self.debug_info_flags = lex.debug_info_flags - self.isa_flags = force_to_dict(lex.isa_flags) + self.isa_flags = parse_lex_dict(lex.isa_flags) self.lang_flags = lex.lang_flags self.linker_name = lex.linker_name - self.mach_abi_linking = force_to_dict(lex.mach_abi_linking) + self.mach_abi_linking = parse_lex_dict(lex.mach_abi_linking) self.macro_name = lex.macro_name self.maintainer_warning_flags = lex.maintainer_warning_flags self.optimization_flags = lex.optimization_flags @@ -1122,7 +1111,7 @@ def __init__(self, infofile): self.sanitizer_flags = lex.sanitizer_flags self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags - self.so_link_commands = force_to_dict(lex.so_link_commands) + self.so_link_commands = parse_lex_dict(lex.so_link_commands) self.stack_protector_flags = lex.stack_protector_flags self.visibility_build_flags = lex.visibility_build_flags self.visibility_attribute = lex.visibility_attribute From d41b7abdeed4e832e1aa6805f2eec725974649c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 14:51:55 -0500 Subject: [PATCH 0277/1008] Fix make clean --- src/scripts/cleanup.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index e14f7ec176..d246f766c6 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -41,8 +41,7 @@ def remove_all_in_dir(d): logging.debug('Removing all files in directory "%s"', d) for f in os.listdir(d): - full_path = os.path.join(d, f) - shutil.rmtree(full_path) + remove_file(os.path.join(d, f)) def main(args=None): if args is None: @@ -94,10 +93,12 @@ def main(args=None): remove_file(build_config['makefile_path']) remove_dir(build_dir) else: - for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir', 'doc_output_dir']: + for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir']: dir_path = build_config[dir_type] remove_all_in_dir(dir_path) + shutil.rmtree(build_config['doc_output_dir']) + remove_file(build_config['cli_exe']) remove_file(build_config['test_exe']) From cfd137da35488edb573cb670bedc314671d206f0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 2 Dec 2017 15:13:43 -0500 Subject: [PATCH 0278/1008] Hash function doc refresh --- doc/deprecated.txt | 5 + doc/manual/hash.rst | 275 ++++++++++++++++++++++++++++++++++++-------- 2 files changed, 234 insertions(+), 46 deletions(-) diff --git a/doc/deprecated.txt b/doc/deprecated.txt index 2190dd072e..0d750ec650 100644 --- a/doc/deprecated.txt +++ b/doc/deprecated.txt @@ -13,6 +13,11 @@ in the source. - The TLS constructors taking `std::function` for callbacks. Instead use the TLS::Callbacks interface. +- The Buffered_Computation class. In a future release the class will be removed, + and all of member functions instead declared directly on MessageAuthenticationCode + and HashFunction. So this only affects you if you are directly referencing + `Botan::Buffered_Computation` in some way. + - Platform support for BeOS and IRIX operating systems - Support for PathScale and HP compilers diff --git a/doc/manual/hash.rst b/doc/manual/hash.rst index 80eefbe21d..abf9d7a70a 100644 --- a/doc/manual/hash.rst +++ b/doc/manual/hash.rst @@ -1,77 +1,260 @@ Hash Functions and Checksums ============================= -Hash functions are one-way functions, which map data of arbitrary size -to a fixed output length. The class :cpp:class:`HashFunction` is derived from -the base class :cpp:class:`BufferedComputation` and defined in `botan/hash.h`. -A Botan :cpp:class:`BufferedComputation` is split into three stages: -1. Instantiation. -2. Data processing. -3. Finalization. +Hash functions are one-way functions, which map data of arbitrary size to a +fixed output length. Most of the hash functions in Botan are designed to be +cryptographically secure, which means that it is computationally infeasible to +create a collision (finding two inputs with the same hash) or preimages (given a +hash output, generating an arbitrary input with the same hash). But note that +not all such hash functions meet their goals, in particular MD4 and MD5 are +trivially broken. However they are still included due to their wide adoption in +various protocols. -.. cpp:class:: BufferedComputation +The class :cpp:class:`HashFunction` is defined in `botan/hash.h`. + +Using a hash function is typically split into three stages: initialization, +update, and finalization (often referred to as a IUF interface). The +initialization stage is implicit: after creating a hash function object, it is +ready to process data. Then update is called one or more times. Calling update +several times is equivalent to calling it once with all of the arguments +concatenated. After completing a hash computation (eg using ``final``), the +internal state is reset to begin hashing a new message. + +.. cpp:class:: HashFunction .. cpp:function:: size_t output_length() - Return the size of the output of this function. + Return the size (in *bytes*) of the output of this function. .. cpp:function:: void update(const uint8_t* input, size_t length) + Updates the computation with *input*. + .. cpp:function:: void update(uint8_t input) + Updates the computation with *input*. + + .. cpp:function:: void update(const std::vector& input) + + Updates the computation with *input*. + .. cpp:function:: void update(const std::string& input) Updates the computation with *input*. .. cpp:function:: void final(uint8_t* out) - .. cpp:function:: secure_vector final() - Finalize the calculation and place the result into ``out``. For the argument taking an array, exactly ``output_length`` bytes will be written. After you call ``final``, the algorithm is reset to its initial state, so it may be reused immediately. - The second method of using final is to call it with no arguments at - all, as shown in the second prototype. It will return the result - value in a memory buffer. - - There is also a pair of functions called ``process``. They are a - combination of a single ``update``, and ``final``. Both versions - return the final value, rather than placing it an array. Calling - ``process`` with a single byte value isn't available, mostly because - it would rarely be useful. - -Botan implements the following hash algorithms: - -1. Checksums: - - Adler32 - - CRC24 - - CRC32 -#. Cryptographic hash functions: - - BLAKE2b - - GOST-34.11 - - Keccak-1600 - - MD4 - - MD5 - - RIPEMD-160 - - SHA-1 - - SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512-256) - - SHA-3 - - SHAKE (SHAKE-128, SHAKE-256) - - SM3 - - Skein-512 - - Streebog (Streebog-256, Streebog-512) - - Tiger - - Whirlpool -#. Hash Function Combiners - - Parallel - - Comb4P + .. cpp:function:: secure_vector final() + + Similar to the other function of the same name, except it returns + the result in a newly allocated vector. + + .. cpp:function:: secure_vector process(const uint8_t in[], size_t length) + + Equivalent to calling ``update`` followed by ``final``. + + .. cpp:function:: secure_vector process(const std::string& in) + + Equivalent to calling ``update`` followed by ``final``. + +Cryptographic Hash Functions +------------------------------ + +The following cryptographic hash functions are implemented. + +BLAKE2b +^^^^^^^^^ + +Available if ``BOTAN_HAS_BLAKE2B`` is defined. + +A recently designed hash function. Very fast on 64-bit processors. Can output a +hash of any length between 1 and 64 bytes, this is specified by passing a value +to the constructor with the desired length. + +GOST-34.11 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_GOST_34_11`` is defined. + +Russian national standard hash. It is old, slow, and has some weaknesses. Avoid +it unless you must. + +Keccak-1600 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_KECCAK`` is defined. + +An older (and incompatible) variant of SHA-3, but sometime used. Prefer SHA-3 in +new code. + +MD4 +^^^^^^^^^ + +Available if ``BOTAN_HAS_MD4`` is defined. + +An old hash function that is now known to be trivially breakable. It is very +fast, and may still be suitable as a (non-cryptographic) checksum. + +MD5 +^^^^^^^^^ + +Available if ``BOTAN_HAS_MD5`` is defined. + +Widely used, now known to be broken. + +RIPEMD-160 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_RIPEMD160`` is defined. + +A 160 bit hash function, quite old but still thought to be secure. +Somewhat deprecated these days. + +SHA-1 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_SHA1`` is defined. + +Widely adopted NSA designed hash function. Starting to show significant signs of +weakness, and collisions can now be generated. Avoid in new designs. + +SHA-256 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_SHA2_32`` is defined. + +Relatively fast 256 bit hash function, thought to be secure. + +Also includes the variant SHA-224. There is no real reason to use SHA-224. + +SHA-512 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_SHA2_64`` is defined. + +SHA-512 is faster than SHA-256 on 64-bit processors. Also includes +the truncated variants SHA-384 and SHA-512/256. + +SHA-3 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_SHA3`` is defined. + +The new NIST standard hash. Fairly slow. + +SHAKE (SHAKE-128, SHAKE-256) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6 + +Available if ``BOTAN_HAS_SHAKE`` is defined. + +These are actually XOFs (extensible output functions) based on SHA-3, which can +output a value of any length. + +SM3 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_SM3`` is defined. + +Chinese national hash function, 256 bit output. Widely used in industry there. +Fast and seemingly secure. + +Skein-512 +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_SKEIN_512`` is defined. + +A contender for the NIST SHA-3 competition. Very fast on 64-bit systems. Can +output a hash of any length between 1 and 64 bytes. It also accepts a +"personalization string" which can create variants of the hash. This is useful +for domain separation. + +Streebog (Streebog-256, Streebog-512) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_STREEBOG`` is defined. + +Newly designed Russian national hash function. Seemingly secure, but there is no +real reason to use it unless compatibility is needed. + +Tiger +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_TIGER`` is defined. + +An older 192-bit hash function, optimized for 64-bit systems. Seemingly secure +but not widely used. Prefer Skein-512 or BLAKE2b in new code. + +Whirlpool +^^^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_WHIRLPOOL`` is defined. + +A 512-bit hash function standarized by ISO and NESSIE. Relatively slow. +Prefer Skein-512 or BLAKE2b in new code. + +Hash Function Combiners +--------------------------- + +These are functions which combine multiple hash functions to create a new hash +function. They are typically only used in specialized applications. + +Parallel +^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_PARALLEL_HASH`` is defined. + +Parallel simply concatenated multiple hash functions. For example +"Parallel(SHA-256,SHA-512)" outputs a 256+512 bit hash created by hashing the +input with both SHA-256 and SHA-512 and concatenating the outputs. + +Note that due to the "multicollision attack" it turns out that generating a +collision for multiple parallel hash functions is no harder than generating a +collision for the strongest hash function. + +Comp4P +^^^^^^^^^^^^^ + +Available if ``BOTAN_HAS_COMB4P`` is defined. + +This combines two cryptographic hashes in such a way that preimage and collision +attacks are provably at least as hard as a preimage or collision attack on the +strongest hash. + +Checksums +---------------- .. note:: Checksums are not suitable for cryptographic use, but can be used for error checking purposes. +Adler32 +^^^^^^^^^^^ + +Available if ``BOTAN_HAS_ADLER32`` is defined. + +The Adler32 checksum is used in the zlib format. 32 bit output. + +CRC24 +^^^^^^^^^^^ + +Available if ``BOTAN_HAS_CRC24`` is defined. + +This is the CRC function used in OpenPGP. 24 bit output. + +CRC32 +^^^^^^^^^^^ + +Available if ``BOTAN_HAS_CRC32`` is defined. + +This is some kind of 32 bit CRC (which one?). + + Code Example ------------ + Assume we want to calculate the SHA-1, Whirlpool and SHA-3 hash digests of the STDIN stream using the Botan library. .. code-block:: cpp From 57128566bd57649f7d3a128944e3bde66d415309 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 12:33:42 -0500 Subject: [PATCH 0279/1008] Split up symmetric crypto page into MAC, stream, block and mode pages --- doc/deprecated.txt | 13 +- doc/manual/block_cipher.rst | 340 ++++++++++++++++++ doc/manual/cipher_modes.rst | 305 ++++++++++++++++ doc/manual/contents.rst | 8 +- doc/manual/hash.rst | 85 ++--- doc/manual/lowlevel.rst | 72 ---- doc/manual/message_auth_codes.rst | 217 +++++++++++ doc/manual/pubkey.rst | 2 +- doc/manual/rng.rst | 9 +- doc/manual/stream_ciphers.rst | 171 +++++++++ doc/manual/symmetric_crypto.rst | 574 ------------------------------ doc/manual/tpm.rst | 2 +- doc/todo.rst | 2 - 13 files changed, 1091 insertions(+), 709 deletions(-) create mode 100644 doc/manual/block_cipher.rst create mode 100644 doc/manual/cipher_modes.rst delete mode 100644 doc/manual/lowlevel.rst create mode 100644 doc/manual/message_auth_codes.rst create mode 100644 doc/manual/stream_ciphers.rst delete mode 100644 doc/manual/symmetric_crypto.rst diff --git a/doc/deprecated.txt b/doc/deprecated.txt index 0d750ec650..cbb48c797f 100644 --- a/doc/deprecated.txt +++ b/doc/deprecated.txt @@ -13,10 +13,15 @@ in the source. - The TLS constructors taking `std::function` for callbacks. Instead use the TLS::Callbacks interface. -- The Buffered_Computation class. In a future release the class will be removed, - and all of member functions instead declared directly on MessageAuthenticationCode - and HashFunction. So this only affects you if you are directly referencing - `Botan::Buffered_Computation` in some way. +- The Buffered_Computation base class. In a future release the class will be + removed, and all of member functions instead declared directly on + MessageAuthenticationCode and HashFunction. So this only affects you if you + are directly referencing `Botan::Buffered_Computation` in some way. + +- The SymmetricAlgorithm base class. Similarly to Buffered_Computation, in a + future release the class will be removed and its member functions copied to + classes which currently subclass it. This only affects your code if you + are referencing `Botan::SymmetricAlgorithm` directly. - Platform support for BeOS and IRIX operating systems diff --git a/doc/manual/block_cipher.rst b/doc/manual/block_cipher.rst new file mode 100644 index 0000000000..3168846822 --- /dev/null +++ b/doc/manual/block_cipher.rst @@ -0,0 +1,340 @@ +Block Ciphers +======================= + +Block ciphers are a n-bit permutation for some small n, typically 64 or 128 +bits. They are a cryptographic primitive used to generate higher level +operations such as authenticated encryption. + +.. note:: + + In general a bare block cipher is not what you should be using. You probably + want a cipher mode instead (see :ref:`cipher_modes`) + +.. cpp:class:: BlockCipher + + .. cpp:function:: static std::unique_ptr create(const std::string& algo_spec, \ + const std::string& provider = "") + + Create a new block cipher object, or else return null. + + .. cpp:function:: static std::unique_ptr create_or_throw(const std::string& algo_spec, \ + const std::string& provider = "") + + Like ``create``, except instead of returning null an exception is thrown + if the cipher is not known. + + .. cpp:function:: void set_key(const uint8_t* key, size_t length) + + This sets the key to the value specified. Most algorithms only accept keys + of certain lengths. If you attempt to call ``set_key`` with a key length + that is not supported, the exception ``Invalid_Key_Length`` will be + thrown. + + In all cases, ``set_key`` must be called on an object before any data + processing (encryption, decryption, etc) is done by that object. If this + is not done, an exception will be thrown. + thrown. + + .. cpp:function:: bool valid_keylength(size_t length) const + + This function returns true if and only if *length* is a valid keylength for + this algorithm. + + .. cpp:function:: size_t minimum_keylength() const + + Return the smallest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: size_t maximum_keylength() const + + Return the largest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: std::string name() const + + Return a human readable name for this algorithm. This is guaranteed to round-trip with + ``create`` and ``create_or_throw`` calls, ie create("Foo")->name() == "Foo" + + .. cpp:function:: void clear() + + Zero out the key. The key must be reset before the cipher object can be used. + + .. cpp:function:: BlockCipher* clone() const + + Return a newly allocated BlockCipher object of the same type as this one. + + .. cpp:function:: size_t block_size() const + + Return the size (in *bytes*) of the cipher. + + .. cpp:function:: size_t parallelism() const + + Return the parallelism underlying this implementation of the cipher. This + value can vary across versions and machines. A return value of N means that + encrypting or decrypting with N blocks can operate in parallel. + + .. cpp:function:: size_t parallel_bytes() const + + Returns ``parallelism`` multiplied by the block size as well as a small + fudge factor. That's because even ciphers that have no implicit parallism + typically see a small speedup for being called with several blocks due to + caching effects. + + .. cpp:function:: std::string provider() const + + Return the provider type. Default value is "base" but can be any arbitrary string. + Other example values are "sse2", "avx2", "openssl". + + .. cpp:function:: void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + + Encrypt *blocks* blocks of data, taking the input from the array *in* and + placing the ciphertext into *out*. The two pointers may be identical, but + should not overlap ranges. + + .. cpp:function:: void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + + Decrypt *blocks* blocks of data, taking the input from the array *in* and + placing the plaintext into *out*. The two pointers may be identical, but + should not overlap ranges. + + .. cpp:function:: void encrypt(const uint8_t in[], uint8_t out[]) const + + Encrypt a single block. Equivalent to :cpp:func:`encrypt_n`\ (in, out, 1). + + .. cpp:function:: void encrypt(uint8_t block[]) const + + Encrypt a single block. Equivalent to :cpp:func:`encrypt_n`\ (block, block, 1) + + .. cpp:function:: void decrypt(const uint8_t in[], uint8_t out[]) const + + Decrypt a single block. Equivalent to :cpp:func:`decrypt_n`\ (in, out, 1) + + .. cpp:function:: void decrypt(uint8_t block[]) const + + Decrypt a single block. Equivalent to :cpp:func:`decrypt_n`\ (block, block, 1) + + .. cpp:function:: template void encrypt(std::vector& block) const + + Assumes ``block`` is of a multiple of the block size. + + .. cpp:function:: template void decrypt(std::vector& block) const + + Assumes ``block`` is of a multiple of the block size. + +Code Example +----------------- + +For sheer demonstrative purposes, the following code encrypts a provided single +block of plaintext with AES-256 using two different keys. + +.. code-block:: cpp + + #include + #include + #include + int main () + { + std::vector key = Botan::hex_decode("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); + std::vector block = Botan::hex_decode("00112233445566778899AABBCCDDEEFF"); + std::unique_ptr cipher(Botan::BlockCipher::create("AES-256")); + cipher->set_key(key); + cipher->encrypt(block); + std::cout << std::endl <name() << "single block encrypt: " << Botan::hex_encode(block); + + //clear cipher for 2nd encryption with other key + cipher->clear(); + key = Botan::hex_decode("1337133713371337133713371337133713371337133713371337133713371337"); + cipher->set_key(key); + cipher->encrypt(block); + + std::cout << std::endl << cipher->name() << "single block encrypt: " << Botan::hex_encode(block); + return 0; + } + +Available Ciphers +--------------------- + +Botan includes a number of block ciphers that are specific to particular +countries, as well as a few that are included mostly due to their use in +specific protocols such as PGP but not widely used elsewhere. The ciphers that +seem best for new code are AES, Serpent, and Threefish-512. + +Avoid any 64-bit cipher in new code. There are combinatoric issues that affect +any 64-bit cipher that render it insecure when large amounts of data are +processed. + +AES +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Comes in three variants, AES-128, AES-192, and AES-256. + +The standard 128-bit block cipher. Many modern platforms offer hardware +acceleration. However, on platforms without hardware support, AES +implementations typically are vulnerable to side channel attacks. + +If you are developing new code and have no particular opinion, pick AES. + +Available if ``BOTAN_HAS_AES`` is defined. + +ARIA +~~~~~~ + +South Korean cipher used in industry there. No reason to use it otherwise. + +Available if ``BOTAN_HAS_ARIA`` is defined. + +Blowfish +~~~~~~~~~ + +A 64-bit cipher popular in the pre-AES era. Very slow key setup. Also used (with +bcrypt) for password hashing. + +Available if ``BOTAN_HAS_BLOWFISH`` is defined. + +CAST-128 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 64-bit cipher, commonly used in OpenPGP. + +Available if ``BOTAN_HAS_CAST128`` is defined. + +CAST-256 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 128-bit cipher that was a contestent in the NIST AES competition. +Rarely used, and now deprecated in Botan. Use AES or Serpent instead. + +Available if ``BOTAN_HAS_CAST256`` is defined. + +Camellia +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Comes in three variants, Camellia-128, Camellia-192, and Camellia-256. + +A Japanese design standardized by ISO, NESSIE and CRYPTREC. Somewhat common. +Prefer AES or Serpent in new designs. + +Available if ``BOTAN_HAS_CAMELLIA`` is defined. + +Cascade +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Creates a block cipher cascade, where each block is encrypted by two ciphers +with independent keys. Useful if you're very paranoid. In practice any single +good cipher (such as Serpent, SHACAL2, or AES-256) is more than sufficient. + +Available if ``BOTAN_HAS_CASCADE`` is defined. + +DES, 3DES, DESX +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Originally designed by IBM and NSA in the 1970s. Very slow, but still common in +some industries such as finance. Avoid in new code. + +Available if ``BOTAN_HAS_DES`` is defined. + +GOST-28147-89 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A old 64-bit Russian cipher. Possible security issues. Avoid unless +compatability is needed. + +Available if ``BOTAN_HAS_GOST_28147_89`` is defined. + +IDEA +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +An older but still unbroken 64-bit cipher with a 128-bit key. Somewhat common +due to its use in PGP. Avoid in new designs. + +Available if ``BOTAN_HAS_IDEA`` is defined. + +Kasumi +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 64-bit cipher used in 3GPP mobile phone protocols. There is no reason to use +it outside of this context. + +Available if ``BOTAN_HAS_KASUMI`` is defined. + +Lion +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A "block cipher construction" which can encrypt blocks of nearly arbitrary +length. Built from a stream cipher and a hash function. Useful in certain +protocols where being able to encrypt large or arbitrary length blocks is +necessary. + +Available if ``BOTAN_HAS_LION`` is defined. + +MISTY1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 64-bit Japanese cipher standardized by NESSIE and ISO. Seemingly secure, but +quite slow and saw little adoption. No reason to use it in new code. The +implementation in Botan is deprecated, and it is likely to be removed in a +future release. + +Available if ``BOTAN_HAS_MISTY1`` is defined. + +Noekeon +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A fast 128-bit cipher by the designers of AES. Easily secured against side +channels. + +Available if ``BOTAN_HAS_NOEKEON`` is defined. + +SEED +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A older South Korean cipher, widely used in industry there. + +Available if ``BOTAN_HAS_SEED`` is defined. + +SHACAL2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The 256-bit block cipher used inside SHA-256. Accepts up to a 512-bit key. +Fast and seemingly very secure, but obscure. Standardized by NESSIE. + +Available if ``BOTAN_HAS_SHACAL2`` is defined. + +SM4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 128-bit Chinese national cipher, required for use in certain commercial +applications in China. Quite slow. Probably no reason to use it outside of legal +requirements. + +Available if ``BOTAN_HAS_SM4`` is defined. + +Serpent +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +An AES contender. Widely considered the most conservative design. Fairly slow, +especially if no SIMD instruction set is available. + +Available if ``BOTAN_HAS_SERPENT`` is defined. + +Threefish-512 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 512-bit tweakable block cipher that was used in the Skein hash function. +Very fast on 64-bit processors. + +Available if ``BOTAN_HAS_THREEFISH_512`` is defined. + +Twofish +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +An AES contender. Somewhat complicated key setup and a "kitchen sink" design. + +Available if ``BOTAN_HAS_TWOFISH`` is defined. + +XTEA +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A 64-bit cipher popular for its simple implementation. Avoid in new code. + +Available if ``BOTAN_HAS_XTEA`` is defined. diff --git a/doc/manual/cipher_modes.rst b/doc/manual/cipher_modes.rst new file mode 100644 index 0000000000..ffd36a218e --- /dev/null +++ b/doc/manual/cipher_modes.rst @@ -0,0 +1,305 @@ +.. _cipher_modes: + +Cipher Modes +===================== + +A block cipher by itself, is only able to securely encrypt a single data block. +To be able to securely encrypt data of arbitrary length, a mode of operation +applies the block cipher's single block operation repeatedly to encrypt +an entire message. + +All cipher mode implementations are are derived from the base class +:cpp:class:`Cipher_Mode`, which is declared in ``botan/cipher_mode.h``. + +.. warning:: + Using an unauthenticted cipher mode without combining it with a + :ref:`mac` is insecure. Prefer using an :ref:`aead`. + +.. cpp:class:: Cipher_Mode + + .. cpp:function:: void set_key(const uint8_t* key, size_t length) + + Set the symmetric key to be used. + + .. cpp:function:: bool valid_keylength(size_t length) const + + This function returns true if and only if *length* is a valid + keylength for the algorithm. + + .. cpp:function:: size_t minimum_keylength() const + + Return the smallest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: size_t maximum_keylength() const + + Return the largest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: void start_msg(const uint8_t* nonce, size_t nonce_len) + + Set the IV (unique per-message nonce) of the mode of operation and prepare for message processing. + + .. cpp:function:: void start(const std::vector nonce) + + Acts like :cpp:func:`start_msg`\ (nonce.data(), nonce.size()). + + .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) + + Acts like :cpp:func:`start_msg`\ (nonce, nonce_len). + + .. cpp:function:: virtual size_t update_granularity() const + + The :cpp:class:`Cipher_Mode` interface requires message processing in multiples of the block size. + Returns size of required blocks to update and 1, if the mode can process messages of any length. + + .. cpp:function:: virtual size_t process(uint8_t* msg, size_t msg_len) + + Process msg in place and returns bytes written. msg must be a multiple of :cpp:func:`update_granularity`. + + .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) + + Continue processing a message in the buffer in place. The passed buffer's size must be a multiple of :cpp:func:`update_granularity`. + The first *offset* bytes of the buffer will be ignored. + + .. cpp:function:: size_t minimum_final_size() const + + Returns the minimum size needed for :cpp:func:`finish`. + + .. cpp:function:: void finish(secure_vector& final_block, size_t offset = 0) + + Finalize the message processing with a final block of at least :cpp:func:`minimum_final_size` size. + The first *offset* bytes of the passed final block will be ignored. + +Code Example +--------------------- + +The following code encrypts the specified plaintext using AES-128/CBC +with PKCS#7 padding. + +.. warning:: + This example ignores the requirement to authenticate the ciphertext + +.. code-block:: cpp + + #include + #include + #include + #include + #include + + int main() + { + Botan::AutoSeeded_RNG rng; + + const std::string plaintext("Your great-grandfather gave this watch to your granddad for good luck. Unfortunately, Dane's luck wasn't as good as his old man's."); + const std::vector key = Botan::hex_decode("2B7E151628AED2A6ABF7158809CF4F3C"); + + std::unique_ptr enc(Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); + enc->set_key(key); + + Botan::secure_vector pt(plaintext.data(), plaintext.data()+plaintext.length()); + + //generate fresh nonce (IV) + enc->start(rng.random_vec(enc->default_nonce_length())); + enc->finish(pt); + + std::cout << enc->name() << " with iv " << Botan::hex_encode(iv) << " " << Botan::hex_encode(pt) << "\n"; + return 0; + } + + +Available Unauthenticated Cipher Modes +----------------------------------------- + +.. note:: + CTR and OFB modes are also implemented, but these are treated as + :cpp:class:`Stream_Cipher`\s instead. + +CBC +~~~~~~~~~~~~ + +Available if ``BOTAN_HAS_MODE_CBC`` is defined. + +CBC requires the plaintext be padded using a reversible rule. The following +padding schemes are implemented + +PKCS#7 (RFC5652) + The last byte in the padded block defines the padding length p, the remaining padding bytes are set to p as well. +ANSI X9.23 + The last byte in the padded block defines the padding length, the remaining padding is filled with 0x00. +OneAndZeros (ISO/IEC 7816-4) + The first padding byte is set to 0x80, the remaining padding bytes are set to 0x00. + +CFB +~~~~~~~~~~~~ + +Available if ``BOTAN_HAS_MODE_CFB`` is defined. + +CFB uses a block cipher to create a self-syncronizing stream cipher. It is used +for example in the OpenPGP protocol. There is no reason to prefer it. + +XTS +~~~~~~~~~ + +Available if ``BOTAN_HAS_MODE_XTS`` is defined. + +XTS is a mode specialized for encrypting disk storage. XTS requires all inputs +be at least 1 byte longer than the native block size of the cipher. + +.. _aead: + +AEAD Mode +--------------------------- + +AEAD (Authenticated Encryption with Associated Data) modes provide message +encryption, message authentication, and the ability to authenticate additional +data that is not included in the ciphertext (such as a sequence number or +header). It is a subclass of :cpp:class:`Cipher_Mode`. + +The AEAD interface can be used directly, or as part of the filter system by +using :cpp:class:`AEAD_Filter` (a subclass of :cpp:class:`Keyed_Filter` which +will be returned by :cpp:func:`get_cipher` if the named cipher is an AEAD mode). + +.. cpp:class:: AEAD_Mode + + .. cpp:function:: void set_key(const SymmetricKey& key) + + Set the key + + .. cpp:function:: Key_Length_Specification key_spec() const + + Return the key length specification + + .. cpp:function:: void set_associated_data(const uint8_t ad[], size_t ad_len) + + Set any associated data for this message. For maximum portability between + different modes, this must be called after :cpp:func:`set_key` and before + :cpp:func:`start`. + + If the associated data does not change, it is not necessary to call this + function more than once, even across multiple calls to :cpp:func:`start` + and :cpp:func:`finish`. + + .. cpp:function:: void start(const uint8_t nonce[], size_t nonce_len) + + Start processing a message, using *nonce* as the unique per-message + value. + + .. warning:: + With most AEADs, if the same nonce is ever used to encrypt two + different messages under the same key, all security is lost. + + .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) + + Continue processing a message. The *buffer* is an in/out parameter and + may be resized. In particular, some modes require that all input be + consumed before any output is produced; with these modes, *buffer* will + be returned empty. + + On input, the buffer must be sized in blocks of size + :cpp:func:`update_granularity`. For instance if the update granularity + was 64, then *buffer* could be 64, 128, 192, ... bytes. + + The first *offset* bytes of *buffer* will be ignored (this allows in + place processing of a buffer that contains an initial plaintext header) + + .. cpp:function:: void finish(secure_vector& buffer, size_t offset = 0) + + Complete processing a message with a final input of *buffer*, which is + treated the same as with :cpp:func:`update`. It must contain at least + :cpp:func:`final_minimum_size` bytes. + + Note that if you have the entire message in hand, calling finish without + ever calling update is both efficient and convenient. + + .. note:: + During decryption, finish will throw an instance of Integrity_Failure + if the MAC does not validate. If this occurs, all plaintext previously + output via calls to update must be destroyed and not used in any + way that an attacker could observe the effects of. + + One simply way to assure this could never happen is to never + call update, and instead always marshall the entire message + into a single buffer and call finish on it when decrypting. + + .. cpp:function:: size_t update_granularity() const + + The AEAD interface requires :cpp:func:`update` be called with blocks of + this size. This will be 1, if the mode can process any length inputs. + + .. cpp:function:: size_t final_minimum_size() const + + The AEAD interface requires :cpp:func:`finish` be called with at least + this many bytes (which may be zero, or greater than + :cpp:func:`update_granularity`) + + .. cpp:function:: bool valid_nonce_length(size_t nonce_len) const + + Returns true if *nonce_len* is a valid nonce length for this scheme. For + EAX and GCM, any length nonces are allowed. OCB allows any value between + 8 and 15 bytes. + + .. cpp:function:: size_t default_nonce_length() const + + Returns a reasonable length for the nonce, typically either 96 + bits, or the only supported length for modes which don't + support 96 bit nonces. + + +Available AEAD Modes +------------------------- + +ChaCha20Poly1305 +~~~~~~~~~~~~~~~~~~ + +Available if ``BOTAN_HAS_AEAD_CHACHA20_POLY1305`` is defined. + +Unlike the other AEADs which are based on block ciphers, this mode is based on +the ChaCha stream cipher and the Poly1305 authentication code. It is very fast +on all modern platforms. + +GCM +~~~~~ + +Available if ``BOTAN_HAS_AEAD_GCM`` is defined. + +NIST standard, commonly used. Requires a 128-bit block cipher. Fairly slow, +unless hardware support for carryless multiplies is available. + +OCB +~~~~~ + +Available if ``BOTAN_HAS_AEAD_OCB`` is defined. + +A block cipher based AEAD. Supports 128-bit, 256-bit and 512-bit block ciphers. +This mode is very fast and easily secured against side channels. Adoption has +been poor because it is patented in the United States, though a license is +available allowing it to be freely used by open source software. + +EAX +~~~~~ + +Available if ``BOTAN_HAS_AEAD_EAX`` is defined. + +A secure composition of CTR mode and CMAC. Supports 128-bit, 256-bit and 512-bit +block ciphers. + +SIV +~~~~~~ + +Available if ``BOTAN_HAS_AEAD_SIV`` is defined. + +Requires a 128-bit block cipher. Unlike other AEADs, SIV is "misuse resistent"; +if a nonce is repeated, SIV retains security, with the exception that if the +same nonce is used to encrypt the same message multiple times, an attacker can +detect the duplicated message (this is because for identical plaintexts SIV +will output the same ciphertext each time, in the case the nonce is repeated.) + +CCM +~~~~~ + +Available if ``BOTAN_HAS_AEAD_CCM`` is defined. + +Requires a 128-bit block cipher. This is a NIST standard mode but that is about +all to recommenmd it. Prefer EAX. diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index 48e6edbfeb..d4e06f82d2 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -11,16 +11,17 @@ Contents versions secmem rng - filters hash - symmetric_crypto + block_cipher + stream_ciphers + message_auth_codes + cipher_modes pubkey mceliece x509 tls credentials_manager bigint - lowlevel kdf pbkdf keywrap @@ -28,6 +29,7 @@ Contents cryptobox srp psk_db + filters fpe compression pkcs11 diff --git a/doc/manual/hash.rst b/doc/manual/hash.rst index abf9d7a70a..7b317f4987 100644 --- a/doc/manual/hash.rst +++ b/doc/manual/hash.rst @@ -62,7 +62,40 @@ internal state is reset to begin hashing a new message. Equivalent to calling ``update`` followed by ``final``. -Cryptographic Hash Functions +Code Example +------------ + +Assume we want to calculate the SHA-1, Whirlpool and SHA-3 hash digests of the STDIN stream using the Botan library. + +.. code-block:: cpp + + #include + #include + #include + int main () + { + std::unique_ptr hash1(Botan::HashFunction::create("SHA-1")); + std::unique_ptr hash2(Botan::HashFunction::create("Whirlpool")); + std::unique_ptr hash3(Botan::HashFunction::create("SHA-3")); + std::vector buf(2048); + + while(std::cin.good()) + { + //read STDIN to buffer + std::cin.read(reinterpret_cast(buf.data()), buf.size()); + size_t readcount = std::cin.gcount(); + //update hash computations with read data + hash1->update(buf.data(),readcount); + hash2->update(buf.data(),readcount); + hash3->update(buf.data(),readcount); + } + std::cout << "SHA-1: " << Botan::hex_encode(hash1->final()) << std::endl; + std::cout << "Whirlpool: " << Botan::hex_encode(hash2->final()) << std::endl; + std::cout << "SHA-3: " << Botan::hex_encode(hash3->final()) << std::endl; + return 0; + } + +Available Hash Functions ------------------------------ The following cryptographic hash functions are implemented. @@ -148,7 +181,7 @@ Available if ``BOTAN_HAS_SHA3`` is defined. The new NIST standard hash. Fairly slow. SHAKE (SHAKE-128, SHAKE-256) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Available if ``BOTAN_HAS_SHAKE`` is defined. @@ -249,50 +282,4 @@ CRC32 Available if ``BOTAN_HAS_CRC32`` is defined. -This is some kind of 32 bit CRC (which one?). - - -Code Example ------------- - -Assume we want to calculate the SHA-1, Whirlpool and SHA-3 hash digests of the STDIN stream using the Botan library. - -.. code-block:: cpp - - #include - #include - #include - int main () - { - std::unique_ptr hash1(Botan::HashFunction::create("SHA-1")); - std::unique_ptr hash2(Botan::HashFunction::create("Whirlpool")); - std::unique_ptr hash3(Botan::HashFunction::create("SHA-3")); - std::vector buf(2048); - - while(std::cin.good()) - { - //read STDIN to buffer - std::cin.read(reinterpret_cast(buf.data()), buf.size()); - size_t readcount = std::cin.gcount(); - //update hash computations with read data - hash1->update(buf.data(),readcount); - hash2->update(buf.data(),readcount); - hash3->update(buf.data(),readcount); - } - std::cout << "SHA-1: " << Botan::hex_encode(hash1->final()) << std::endl; - std::cout << "Whirlpool: " << Botan::hex_encode(hash2->final()) << std::endl; - std::cout << "SHA-3: " << Botan::hex_encode(hash3->final()) << std::endl; - return 0; - } - - -A Note on Checksums --------------------- - -Checksums are very similar to hash functions, and in fact share the -same interface. But there are some significant differences, the major -ones being that the output size is very small (usually in the range of -2 to 4 bytes), and is not cryptographically secure. But for their -intended purpose (error checking), they perform very well. Some -examples of checksums included in Botan are the Adler32 and CRC32 -checksums. +This is the 32-bit CRC used in protocols such as Ethernet, gzip, PNG, etc. diff --git a/doc/manual/lowlevel.rst b/doc/manual/lowlevel.rst deleted file mode 100644 index bcffcd6323..0000000000 --- a/doc/manual/lowlevel.rst +++ /dev/null @@ -1,72 +0,0 @@ - -The Low-Level Interface -================================= - -Botan has two different interfaces. The one documented in this section -is meant more for implementing higher-level types (see the section on -filters, earlier in this manual) than for use by applications. Using -it safely requires a solid knowledge of encryption techniques and best -practices, so unless you know, for example, what CBC mode and nonces -are, and why PKCS #1 padding is important, you should avoid this -interface in favor of something working at a higher level. - -Basic Algorithm Abilities ---------------------------------- - -There are a small handful of functions implemented by most of Botan's -algorithm objects. Among these are: - -.. cpp:function:: std::string name() - -Returns a human-readable string of the name of this -algorithm. Examples of names returned are "AES-128" and -"HMAC(SHA-512)". You can turn names back into algorithm objects using -the functions in ``lookup.h``. - -.. cpp:function:: void clear() - -Clear out the algorithm's internal state. A block cipher object will -"forget" its key, a hash function will "forget" any data put into it, -etc. The object will look and behave as it did when you initially -allocated it. - -.. cpp:function:: T* clone() - -The ``clone`` has many different return types, such as -``BlockCipher``\* and ``HashFunction``\*, depending on what kind of -object it is called on. Note that unlike Java's clone, this returns a -new object in a "pristine" state; that is, operations done on the -initial object before calling ``clone`` do not affect the initial -state of the new clone. - -Cloned objects can (and should) be deallocated with the C++ ``delete`` -operator. - -Keys and IVs ---------------------------------- - -Both symmetric keys and initialization values can be considered byte -(or octet) strings. These are represented by - -.. cpp:class:: OctetString - - Also known as ``SymmetricKey`` and ``InitializationVector``, when - you want to express intent. - - .. cpp:function:: OctetString(RandomNumberGenerator& rng, size_t length) - - This constructor creates a new random key *length* bytes long - using the random number generator. - - .. cpp:function:: OctetString(std::string str) - - The argument *str* is assumed to be a hex string; it is - converted to binary and stored. Whitespace is ignored. - - .. cpp:function:: OctetString(const uint8_t* input, size_t length) - - This constructor copies its input. - - .. cpp:function:: as_string() const - - Returns the hex representation of the key or IV diff --git a/doc/manual/message_auth_codes.rst b/doc/manual/message_auth_codes.rst new file mode 100644 index 0000000000..31ab5f3484 --- /dev/null +++ b/doc/manual/message_auth_codes.rst @@ -0,0 +1,217 @@ + +.. _mac: + +Message Authentication Codes (MAC) +=================================== + +A Message Authentication Code algorithm computes a tag over a message utilizing +a shared secret key. Thus a valid tag confirms the authenticity and integrity of +the message. Only entities in possession of the shared secret key are able to +verify the tag. + +.. note:: + + When combining a MAC with unauthenticated encryption mode, prefer to first + encrypt the message and then MAC the ciphertext. The alternative is to MAC + the plaintext, which depending on exact usage can suffer serious security + issues. For a detailed discussion of this issue see the paper "The Order of + Encryption and Authentication for Protecting Communications" by Hugo + Krawczyk + +The Botan MAC computation is split into five stages. + +#. Instantiate the MAC algorithm. +#. Set the secret key. +#. Process IV. +#. Process data. +#. Finalize the MAC computation. + +.. cpp:class:: MessageAuthenticationCode + + .. cpp:function:: std::string name() const + + Returns a human-readable string of the name of this algorithm. + + .. cpp:function:: void clear() + + Clear the key. + + .. cpp:function:: MessageAuthenticationCode* clone() const + + Return a newly allocated object of the same type as this one. + + .. cpp:function:: void set_key(const uint8_t* key, size_t length) + + Set the shared MAC key for the calculation. This function has to be called before the data is processed. + + .. cpp:function:: bool valid_keylength(size_t length) const + + This function returns true if and only if *length* is a valid + keylength for the algorithm. + + .. cpp:function:: size_t minimum_keylength() const + + Return the smallest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: size_t maximum_keylength() const + + Return the largest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) + + Set the IV for the MAC calculation. Note that not all MAC algorithms require an IV. + If an IV is required, the function has to be called before the data is processed. + For algorithms that don't require it, the call can be omitted, or else called + with ``nonce_len`` of zero. + + .. cpp:function:: void update(const uint8_t* input, size_t length) + + Process the passed data. + + .. cpp:function:: void update(const secure_vector& in) + + Process the passed data. + + .. cpp:function:: void update(uint8_t in) + + Process a single byte. + + .. cpp:function:: void final(uint8_t* out) + + Complete the MAC computation and write the calculated tag to the passed byte array. + + .. cpp:function:: secure_vector final() + + Complete the MAC computation and return the calculated tag. + + .. cpp:function:: bool verify_mac(const uint8_t* mac, size_t length) + + Finalize the current MAC computation and compare the result to the passed + ``mac``. Returns ``true``, if the verification is successful and false + otherwise. + + +Code Example +------------------------ + +The following example code computes a AES-256 GMAC and subsequently verifies the tag. + +.. code-block:: cpp + + #include + #include + #include + + int main() + { + const std::vector key = Botan::hex_decode("1337133713371337133713371337133713371337133713371337133713371337"); + const std::vector iv = Botan::hex_decode("FFFFFFFFFFFFFFFFFFFFFFFF"); + const std::vector data = Botan::hex_decode("6BC1BEE22E409F96E93D7E117393172A"); + std::unique_ptr mac(Botan::MessageAuthenticationCode::create("GMAC(AES-256)")); + if(!mac) + return 1; + mac->set_key(key); + mac->start(iv); + mac->update(data); + Botan::secure_vector tag = mac->final(); + std::cout << mac->name() << ": " << Botan::hex_encode(tag) << std::endl; + + //Verify created MAC + mac->start(iv); + mac->update(data); + std::cout << "Verification: " << (mac->verify_mac(tag) ? "success" : "failure"); + return 0; + } + +The following example code computes a valid AES-128 CMAC tag and modifies the +data to demonstrate a MAC verification failure. + +.. code-block:: cpp + + #include + #include + #include + + int main() + { + const std::vector key = Botan::hex_decode("2B7E151628AED2A6ABF7158809CF4F3C"); + std::vector data = Botan::hex_decode("6BC1BEE22E409F96E93D7E117393172A"); + std::unique_ptr mac(Botan::MessageAuthenticationCode::create("CMAC(AES-128)")); + if(!mac) + return 1; + mac->set_key(key); + mac->update(data); + Botan::secure_vector tag = mac->final(); + //Corrupting data + data.back()++; + //Verify with corrupted data + mac->update(data); + std::cout << "Verification with malformed data: " << (mac->verify_mac(tag) ? "success" : "failure"); + return 0; + } + +Available MACs +------------------------------------------ + +Currently the following MAC algorithms are available in Botan. In new code, +default to HMAC or CMAC. + +CBC-MAC +~~~~~~~~~~~~ + +An older authentication code based on a block cipher. Serious security problems, +in particular **insecure** if messages of several different lengths are +authenticated. Avoid unless required for compatability. + +Available if ``BOTAN_HAS_CBC_MAC`` is defined. + +CMAC +~~~~~~~~~~~~ + +A modern CBC-MAC variant that avoids the security problems of plain CBC-MAC. +Approved by NIST. Also sometimes called OMAC. + +Available if ``BOTAN_HAS_CMAC`` is defined. + +GMAC +~~~~~~~~~~~~ + +GMAC is related to the GCM authenticated cipher mode. It is quite slow unless +hardware support for carryless multiplications is available. A new nonce must be +used with each message authenticated, or otherwise all security is lost. + +Available if ``BOTAN_HAS_GMAC`` is defined. + +HMAC +~~~~~~~~~~~~ + +A message authentication code based on a hash function. Very commonly used. + +Available if ``BOTAN_HAS_HMAC`` is defined. + +Poly1305 +~~~~~~~~~~~~ + +A polynomial mac (similar to GMAC). Very fast, but tricky to use safely. Forms +part of the ChaCha20Poly1305 AEAD mode. A new key must be used for *each* +message, or all security is lost. + +Available if ``BOTAN_HAS_POLY1305`` is defined. + +SipHash +~~~~~~~~~~~~ + +A modern and very fast PRF. Produces only a 64-bit output. + +Available if ``BOTAN_HAS_SIPHASH`` is defined. + +X9.19-MAC +~~~~~~~~~~~~ + +A CBC-MAC variant sometimes used in finance. Always uses DES. Avoid unless +required. + +Available if ``BOTAN_HAS_X919_MAC`` is defined. + diff --git a/doc/manual/pubkey.rst b/doc/manual/pubkey.rst index c72793d89d..8a7991e53f 100644 --- a/doc/manual/pubkey.rst +++ b/doc/manual/pubkey.rst @@ -436,7 +436,7 @@ ElGamal; these use the EME class: Parameters for encryption and decryption are set by the :cpp:class:`ECIES_System_Params` class which stores the EC domain parameters, the KDF (see :ref:`key_derivation_function`), the cipher (see - :ref:`symmetric_crypto`) and the MAC. + :ref:`cipher_modes`) and the MAC. .. cpp:function:: ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, \ const ECIES_System_Params& ecies_params, \ diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst index 11094d8322..99cc839143 100644 --- a/doc/manual/rng.rst +++ b/doc/manual/rng.rst @@ -67,7 +67,8 @@ AutoSeeded_RNG AutoSeeded_RNG is type naming a 'best available' userspace PRNG. The exact definition of this has changed over time and may change in the future, fortunately there is no compatability concerns when changing -such an RNG. +any RNG since the only expectation is it produces bits +indistinguishable from random. Note well: like most other classes in Botan, it is not safe to share an instance of ``AutoSeeded_RNG`` among multiple threads without @@ -139,5 +140,7 @@ spawns a new child process himself. If the PID wrapped around, the second child process may get assigned the process ID of it's grandparent and the fork safety can not be ensured. -Therefore, it is strongly recommended to explicitly reseed the -random generator after forking a new process. +Therefore, it is strongly recommended to explicitly reseed any +userspace random generators after forking a new process. If this is +not possible in your application, prefer using the system PRNG +instead. diff --git a/doc/manual/stream_ciphers.rst b/doc/manual/stream_ciphers.rst new file mode 100644 index 0000000000..80dfa77297 --- /dev/null +++ b/doc/manual/stream_ciphers.rst @@ -0,0 +1,171 @@ +Stream Ciphers +======================== + +In contrast to block ciphers, stream ciphers operate on a plaintext stream +instead of blocks. Thus encrypting data results in changing the internal state +of the cipher and encryption of plaintext with arbitrary length is possible in +one go (in byte amounts). All implemented stream ciphers derive from the base +class :cpp:class:`StreamCipher` (`botan/stream_cipher.h`). + +Note that some of the implemented stream ciphers require a fresh initialisation +vector. + +.. cpp:class:: StreamCipher + + .. cpp:function:: std::string name() const + + Returns a human-readable string of the name of this algorithm. + + .. cpp:function:: void clear() + + Clear the key. + + .. cpp:function:: StreamCipher* clone() const + + Return a newly allocated object of the same type as this one. + + .. cpp:function:: void set_key(const uint8_t* key, size_t length) + + Set the stream cipher key. If the length is not accepted, an + ``Invalid_Key_Length`` exception is thrown. + + .. cpp:function:: bool valid_keylength(size_t length) const + + This function returns true if and only if *length* is a valid + keylength for the algorithm. + + .. cpp:function:: size_t minimum_keylength() const + + Return the smallest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: size_t maximum_keylength() const + + Return the largest key length (in bytes) that is acceptible for the + algorithm. + + .. cpp:function:: bool valid_iv_length(size_t iv_len) const + + This function returns true if and only if *length* is a valid IV length for + the stream cipher. Some ciphers do not support IVs at all, and will return + false for any value except zero. + + .. cpp:function:: void set_iv(const uint8_t*, size_t len) + + Load IV into the stream cipher state. This should happen after the key is + set and before any operation (encrypt/decrypt/seek) is called. + + .. cpp:function:: void seek(uint64_t offset) + + Sets the state of the stream cipher and keystream according to the passed + *offset*. Therefore the key and the IV (if required) have to be set + beforehand. + + .. cpp:function:: void cipher(const uint8_t* in, uint8_t* out, size_t n) + + Processes *n* bytes plain/ciphertext from *in* and writes the result to *out*. + + .. cpp:function:: void cipher1(uint8_t* inout, size_t n) + + Processes *n* bytes plain/ciphertext in place. Acts like :cpp:func:`cipher`\ (inout, inout, n). + + .. cpp:function:: void encipher(std::vector inout) + .. cpp:function:: void encrypt(std::vector inout) + .. cpp:function:: void decrypt(std::vector inout) + + Processes plain/ciphertext *inout* in place. Acts like :cpp:func:`cipher`\ (inout.data(), inout.data(), inout.size()). + +Code Example +----------------- + +The following code encrypts a provided plaintext using ChaCha20. + +.. code-block:: cpp + + #include + #include + #include + #include + + int main() + { + std::string plaintext("This is a tasty burger!"); + std::vector pt(plaintext.data(),plaintext.data()+plaintext.length()); + const std::vector key = Botan::hex_decode("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); + std::unique_ptr cipher(Botan::StreamCipher::create("ChaCha(20)")); + + //generate fresh nonce (IV) + std::unique_ptr rng(new Botan::AutoSeeded_RNG); + std::vector iv(8); + rng->randomize(iv.data(),iv.size()); + + //set key and IV + cipher->set_key(key); + cipher->set_iv(iv.data(),iv.size()); + cipher->encipher(pt); + + std::cout << cipher->name() << " with iv " << Botan::hex_encode(iv) << ": " + << Botan::hex_encode(pt) << "\n"; + return 0; + } + +Available Stream Ciphers +---------------------------- + +Botan provides the following stream ciphers. If in doubt use CTR or ChaCha. + +CTR-BE +~~~~~~~ + +A cipher mode that converts a block cipher into a stream cipher. It offers +parallel execution and can seek within the output stream. + +(The ``-BE`` suffix refers to big-endian convention for the counter. +This is the most common case.) + +OFB +~~~~~ + +Another stream cipher based on a block cipher. Unlike CTR mode, it does not +allow parallel execution or seeking within the output stream. Prefer CTR. + +Available if ``BOTAN_HAS_OFB`` is defined. + +ChaCha +~~~~~~~~ + +A very fast cipher, now widely deployed in TLS as part of the ChaCha20Poly1305 +AEAD. Can be used with 8 (fast but dangerous), 12 (balance, or 20 rounds +(conservative). Even with 20 rounds, ChaCha is very fast. Use 20 rounds. + +Available if ``BOTAN_HAS_CHACHA`` is defined. + +Salsa20 +~~~~~~~~~ + +An earlier iteration of the ChaCha design, this cipher is popular due to its use +in the libsodium library. Prefer ChaCha. + +.. note:: + + The 'XSalsa20' variant of Salsa20 is also supported by the same class; this + is selected by using a 192-bit nonce instead of Salsa20's 64-bit nonce. + +Available if ``BOTAN_HAS_SALSA20`` is defined. + +SHAKE-128 +~~~~~~~~~~~~ + +This is the SHAKE-128 XOF exposed as a stream cipher. It is slower than ChaCha +and somewhat obscure. + +Available if ``BOTAN_HAS_SHAKE_CIPHER`` is defined. + +RC4 +~~~~ + +An old and very widely deployed stream cipher notable for its +simplicity. Now broken. **Avoid in new code** + +Available if ``BOTAN_HAS_RC4`` is defined. + diff --git a/doc/manual/symmetric_crypto.rst b/doc/manual/symmetric_crypto.rst deleted file mode 100644 index 605d329fbd..0000000000 --- a/doc/manual/symmetric_crypto.rst +++ /dev/null @@ -1,574 +0,0 @@ -.. _symmetric_crypto: - -Symmetric Key Cryptography -=========================================== -Block ciphers, stream ciphers and MACs are all keyed operations. -They require a particular key, which is a chosen, sampled or computed -string of bits of a specified length. The length required by any particular algorithm -may vary, depending on both the algorithm specification and the implementation. -You can query any Botan object to find out what key length(s) it supports. - -To make this similarity in terms of keying explicit, all algorithms of -those types are derived from the :cpp:class:`SymmetricAlgorithm` base. -This type provides functions for setting the key, and querying -restrictions on the size of the key. - -.. cpp:class:: SymmetricAlgorithm - - .. cpp:function:: void set_key(const uint8_t* key, size_t length) - - .. cpp:function:: void set_key(const SymmetricKey& key) - - This sets the key to the value specified. Most algorithms only - accept keys of certain lengths. If you attempt to call - ``set_key`` with a key length that is not supported, the - exception ``Invalid_Key_Length`` will be thrown. - - In all cases, ``set_key`` must be called on an object before any - data processing (encryption, decryption, etc) is done by that - object. If this is not done, the results are undefined. - - .. cpp:function:: bool valid_keylength(size_t length) const - - This function returns true if and only if *length* is a valid - keylength for the algorithm. - - .. cpp:function:: size_t minimum_keylength() const - - Return the smallest key length (in bytes) that is acceptible for the - algorithm. - - .. cpp:function:: size_t maximum_keylength() const - - Return the largest key length (in bytes) that is acceptible for the - algorithm. - -Block Ciphers ---------------------------------- -A block cipher is a deterministic symmetric encryption algorithm, which -encrypts data of a fixed length, called block size. All block ciphers classes -in Botan are subclasses of :cpp:class:`BlockCipher` defined in `botan/block_cipher.h`. -As a symmetrically keyed algorithm, it subclasses the :cpp:class:`SymmetricAlgorithm` interface. -Note that a block cipher by itself is only secure for plaintext with the length of a single block. -When processing data larger than a single block, a block cipher mode should be used for data processing. - -.. cpp:class:: BlockCipher - - .. cpp:function:: size_t block_size() const - - Returns the block size of the cipher in bytes. - - .. cpp:function:: void encrypt_n(const uint8_t* in, \ - uint8_t* out, size_t n) const - - Encrypt *n* blocks of data, taking the input from the array *in* - and placing the ciphertext into *out*. The two pointers may be - identical, but should not overlap ranges. - - .. cpp:function:: void encrypt(const uint8_t* in, uint8_t* out) const - - Encrypt a single block, taking the input from *in* and placing - it in *out*. Acts like :cpp:func:`encrypt_n`\ (in, out, 1). - - .. cpp:function:: void encrypt(const std::vector in, std::vector out) const - - Encrypt a single or multiple full blocks, taking the input from *in* and placing it in *out*. - Acts like :cpp:func:`encrypt_n`\ (in.data(), out.data(), in.size()/ block_size()). - - .. cpp:function:: void encrypt(std::vector inout) const - - Encrypt a single or multiple full blocks in place. - Acts like :cpp:func:`encrypt_n`\ (inout.data(), inout.data(), inout.size()/ block_size()). - - .. cpp:function:: void encrypt(uint8_t* block) const - - Identical to :cpp:func:`encrypt`\ (block, block) - - .. cpp:function:: void decrypt_n(const uint8_t* in, uint8_t out, size_t n) const - - Decrypt *n* blocks of data, taking the input from *in* and - placing the plaintext in *out*. The two pointers may be - identical, but should not overlap ranges. - - .. cpp:function:: void decrypt(const uint8_t* in, uint8_t* out) const - - Decrypt a single block, taking the input from *in* and placing it - in *out*. Acts like :cpp:func:`decrypt_n`\ (in, out, 1). - - .. cpp:function:: void decrypt(const std::vector in, std::vector out) const - - Decrypt a single or multiple full blocks, taking the input from *in* and placing it in *out*. - Acts like :cpp:func:`decrypt_n`\ (in.data(), out.data(), in.size()/ block_size()). - - .. cpp:function:: void decrypt(std::vector inout) const - - Decrypt a single or multiple full blocks in place. - Acts like :cpp:func:`decrypt_n`\ (inout.data(), inout.data(), inout.size()/ block_size()). - - .. cpp:function:: void decrypt(uint8_t* block) const - - Identical to :cpp:func:`decrypt`\ (block, block) - - .. cpp:function:: size_t parallelism() const - - Returns the native parallelism of this implementation, ie how - many blocks can be processed in parallel if sufficient data is - passed to :cpp:func:`encrypt_n` or :cpp:func:`decrypt_n`. - -The following block ciphers are implemented in Botan: - -#. AES (AES-128, AES-192, AES-256) -#. ARIA -#. Blowfish -#. CAST (CAST-128, CAST-256) -#. Camellia (Camellia-128, Camellia-192, Camellia-256) -#. Cascade -#. DES/3DES -#. DESX -#. GOST-28147-89 -#. IDEA -#. Kasumi -#. Lion -#. MISTY1 -#. Noekeon -#. SEED -#. SHACAL2 -#. SM4 -#. Serpent -#. Threefish-512 -#. Twofish -#. XTEA - -Code Example -""""""""""""""" -For sheer demonstrative purposes, the following code encrypts a provided single block of -plaintext with AES-256 using two different keys. - -.. code-block:: cpp - - #include - #include - #include - int main () - { - std::vector key = Botan::hex_decode("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); - std::vector block = Botan::hex_decode("00112233445566778899AABBCCDDEEFF"); - std::unique_ptr cipher(Botan::BlockCipher::create("AES-256")); - cipher->set_key(key); - cipher->encrypt(block); - std::cout << std::endl <name() << "single block encrypt: " << Botan::hex_encode(block); - - //clear cipher for 2nd encryption with other key - cipher->clear(); - key = Botan::hex_decode("1337133713371337133713371337133713371337133713371337133713371337"); - cipher->set_key(key); - cipher->encrypt(block); - - std::cout << std::endl << cipher->name() << "single block encrypt: " << Botan::hex_encode(block); - return 0; - } - -Modes of Operation ---------------------------- -A block cipher by itself, is only able to securely encrypt a single data block. -To be able to securely encrypt data of arbitrary length, a mode of operation applies -the block cipher's single block operation repeatedly on a padded plaintext. -Botan implements the following block cipher padding schemes - -PKCS#7 [RFC5652] - The last byte in the padded block defines the padding length p, the remaining padding bytes are set to p as well. -ANSI X9.23 - The last byte in the padded block defines the padding length, the remaining padding is filled with 0x00. -ISO/IEC 7816-4 - The first padding byte is set to 0x80, the remaining padding bytes are set to 0x00. - -and offers the following unauthenticated modes of operation: - -#. ECB (Electronic Codebook Mode) -#. CBC (Cipher Block Chaining Mode) -#. CFB (Cipher Feedback Mode) -#. XTS (XEX-based tweaked-codebook mode with ciphertext stealing) -#. OFB (Output Feedback Mode) -#. CTR (Counter Mode) - -The classes :cpp:class:`ECB_Mode`, :cpp:class:`CBC_Mode`, :cpp:class:`CFB_Mode` and :cpp:class:`XTS_Mode` are -are derived from the base class :cpp:class:`Cipher_Mode`, which is declared in ``botan/cipher_mode.h``. - -.. cpp:class:: Cipher_Mode - - .. cpp:function:: void set_key(const SymmetricKey& key) - .. cpp:function:: void set_key(const uint8_t* key, size_t length) - - Set the symmetric key to be used. - - .. cpp:function:: void start_msg(const uint8_t* nonce, size_t nonce_len) - - Set the IV (unique per-message nonce) of the mode of operation and prepare for message processing. - - .. cpp:function:: void start(const std::vector nonce) - - Acts like :cpp:func:`start_msg`\ (nonce.data(), nonce.size()). - - .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) - - Acts like :cpp:func:`start_msg`\ (nonce, nonce_len). - - .. cpp:function:: virtual size_t update_granularity() const - - The :cpp:class:`Cipher_Mode` interface requires message processing in multiples of the block size. - Returns size of required blocks to update and 1, if the mode can process messages of any length. - - .. cpp:function:: virtual size_t process(uint8_t* msg, size_t msg_len) - - Process msg in place and returns bytes written. msg must be a multiple of :cpp:func:`update_granularity`. - - .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) - - Continue processing a message in the buffer in place. The passed buffer's size must be a multiple of :cpp:func:`update_granularity`. - The first *offset* bytes of the buffer will be ignored. - - .. cpp:function:: size_t minimum_final_size() const - - Returns the minimum size needed for :cpp:func:`finish`. - - .. cpp:function:: void finish(secure_vector& final_block, size_t offset = 0) - - Finalize the message processing with a final block of at least :cpp:func:`minimum_final_size` size. - The first *offset* bytes of the passed final block will be ignored. - -Note that :cpp:class:`CTR_BE` and :cpp:class:`OFB` are derived from the base class :cpp:class:`StreamCipher` and thus act like a stream cipher. -The class :cpp:class:`StreamCipher` is described in the respective section. - - -Code Example -""""""""""""""""""""" -The following code encrypts the specified plaintext using AES-128/CBC with PKCS#7 padding. - -.. code-block:: cpp - - #include - #include - #include - #include - #include - - int main() - { - std::string plaintext("Your great-grandfather gave this watch to your granddad for good luck. Unfortunately, Dane's luck wasn't as good as his old man's."); - Botan::secure_vector pt(plaintext.data(),plaintext.data()+plaintext.length()); - const std::vector key = Botan::hex_decode("2B7E151628AED2A6ABF7158809CF4F3C"); - std::unique_ptr enc(Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); - enc->set_key(key); - - //generate fresh nonce (IV) - std::unique_ptr rng(new Botan::AutoSeeded_RNG); - std::vector iv(enc->default_nonce_length()); - rng->randomize(iv.data(),iv.size()); - enc->start(iv); - enc->finish(pt); - std::cout << std::endl << enc->name() << " with iv " << Botan::hex_encode(iv) << std::endl << Botan::hex_encode(pt); - return 0; - } - - -AEAD Modes of Operation ---------------------------- - -.. versionadded:: 1.11.3 - -AEAD (Authenticated Encryption with Associated Data) modes provide message -encryption, message authentication, and the ability to authenticate additional -data that is not included in the ciphertext (such as a sequence number or -header). It is a subclass of :cpp:class:`Symmetric_Algorithm`. - -The AEAD interface can be used directly, or as part of the filter system by -using :cpp:class:`AEAD_Filter` (a subclass of :cpp:class:`Keyed_Filter` which -will be returned by :cpp:func:`get_cipher` if the named cipher is an AEAD mode). - -AEAD modes currently available include GCM, OCB, EAX, SIV and CCM. All -support a 128-bit block cipher such as AES. EAX and OCB also support -256 and 512 bit block ciphers. - -.. cpp:class:: AEAD_Mode - - .. cpp:function:: void set_key(const SymmetricKey& key) - - Set the key - - .. cpp:function:: Key_Length_Specification key_spec() const - - Return the key length specification - - .. cpp:function:: void set_associated_data(const uint8_t ad[], size_t ad_len) - - Set any associated data for this message. For maximum portability between - different modes, this must be called after :cpp:func:`set_key` and before - :cpp:func:`start`. - - If the associated data does not change, it is not necessary to call this - function more than once, even across multiple calls to :cpp:func:`start` - and :cpp:func:`finish`. - - .. cpp:function:: void start(const uint8_t nonce[], size_t nonce_len) - - Start processing a message, using *nonce* as the unique per-message - value. - - .. cpp:function:: void update(secure_vector& buffer, size_t offset = 0) - - Continue processing a message. The *buffer* is an in/out parameter and - may be resized. In particular, some modes require that all input be - consumed before any output is produced; with these modes, *buffer* will - be returned empty. - - On input, the buffer must be sized in blocks of size - :cpp:func:`update_granularity`. For instance if the update granularity - was 64, then *buffer* could be 64, 128, 192, ... bytes. - - The first *offset* bytes of *buffer* will be ignored (this allows in - place processing of a buffer that contains an initial plaintext header) - - .. cpp:function:: void finish(secure_vector& buffer, size_t offset = 0) - - Complete processing a message with a final input of *buffer*, which is - treated the same as with :cpp:func:`update`. It must contain at least - :cpp:func:`final_minimum_size` bytes. - - Note that if you have the entire message in hand, calling finish without - ever calling update is both efficient and convenient. - - .. note:: - During decryption, finish will throw an instance of Integrity_Failure - if the MAC does not validate. If this occurs, all plaintext previously - output via calls to update must be destroyed and not used in any - way that an attacker could observe the effects of. - - One simply way to assure this could never happen is to never - call update, and instead always marshall the entire message - into a single buffer and call finish on it when decrypting. - - .. cpp:function:: size_t update_granularity() const - - The AEAD interface requires :cpp:func:`update` be called with blocks of - this size. This will be 1, if the mode can process any length inputs. - - .. cpp:function:: size_t final_minimum_size() const - - The AEAD interface requires :cpp:func:`finish` be called with at least - this many bytes (which may be zero, or greater than - :cpp:func:`update_granularity`) - - .. cpp:function:: bool valid_nonce_length(size_t nonce_len) const - - Returns true if *nonce_len* is a valid nonce length for this scheme. For - EAX and GCM, any length nonces are allowed. OCB allows any value between - 8 and 15 bytes. - - .. cpp:function:: size_t default_nonce_length() const - - Returns a reasonable length for the nonce, typically either 96 - bits, or the only supported length for modes which don't - support 96 bit nonces. - -Stream Ciphers ---------------------------------- -In contrast to block ciphers, stream ciphers operate on a plaintext stream instead -of blocks. Thus encrypting data results in changing the internal state of the -cipher and encryption of plaintext with arbitrary length is possible in one go (in byte -amounts). All implemented stream ciphers derive from the base class :cpp:class:`StreamCipher` (`botan/stream_cipher.h`), which -implements the :cpp:class:`SymmetricAlgorithm` interface. Note that some of the implemented -stream ciphers require a fresh initialisation vector. - -.. cpp:class:: StreamCipher - - .. cpp:function:: bool valid_iv_length(size_t iv_len) const - - This function returns true if and only if *length* is a valid - IV length for the stream cipher. - - .. cpp:function:: void set_iv(const uint8_t*, size_t len) - - Load IV into the stream cipher state. This should happen after the key is - set and before any operation (encrypt/decrypt/seek) is called. - - .. cpp:function:: void seek(uint64_t offset) - - Sets the state of the stream cipher and keystream according to the passed *offset*. - Therefore the key and the IV (if required) have to be set beforehand. - - .. cpp:function:: void cipher(const uint8_t* in, uint8_t* out, size_t n) - - Processes *n* bytes plain/ciphertext from *in* and writes the result to *out*. - - .. cpp:function:: void cipher1(uint8_t* inout, size_t n) - - Processes *n* bytes plain/ciphertext in place. Acts like :cpp:func:`cipher`\ (inout, inout, n). - - .. cpp:function:: void encipher(std::vector inout) - .. cpp:function:: void encrypt(std::vector inout) - .. cpp:function:: void decrypt(std::vector inout) - - Processes plain/ciphertext *inout* in place. Acts like :cpp:func:`cipher`\ (inout.data(), inout.data(), inout.size()). - -Botan provides the following stream ciphers: - -#. ChaCha -#. Salsa20 -#. SHAKE-128 -#. RC4 - -Code Example -"""""""""""""" -The following code encrypts a provided plaintext using ChaCha20. - -.. code-block:: cpp - - #include - #include - #include - #include - #include - - - int main() - { - std::string plaintext("This is a tasty burger!"); - std::vector pt(plaintext.data(),plaintext.data()+plaintext.length()); - const std::vector key = Botan::hex_decode("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); - std::unique_ptr cipher(Botan::StreamCipher::create("ChaCha")); - - //generate fresh nonce (IV) - std::unique_ptr rng(new Botan::AutoSeeded_RNG); - std::vector iv(8); - rng->randomize(iv.data(),iv.size()); - - //set key and IV - cipher->set_key(key); - cipher->set_iv(iv.data(),iv.size()); - std::cout << std::endl << cipher->name() << " with iv " << Botan::hex_encode(iv) << std::endl; - cipher->encipher(pt); - std::cout << Botan::hex_encode(pt); - - return 0; - } - - - -Message Authentication Codes (MAC) ----------------------------------- -A Message Authentication Code algorithm computes a tag over a message utilizing a shared secret key. -Thus a valid tag confirms the authenticity and integrity of the associated data. -Only entities in possesion of the shared secret key are able to verify the tag. -The base class ``MessageAuthenticationCode`` (in ``botan/mac.h``) implements the interfaces -:cpp:class:`SymmetricAlgorithm` and :cpp:class:`BufferedComputation` (see Hash). - -.. note:: - Avoid MAC-then-encrypt if possible and use encrypt-then-MAC. - -Currently the following MAC algorithms are available in Botan: - -- CBC-MAC (with AES-128/DES) -- CMAC / OMAC (with AES-128/AES-192/AES-256/Blowfish/Threefish-512) -- GMAC (with AES-128/AES-192/AES-256) -- HMAC (with MD5, RIPEMD-160, SHA-1, SHA-256) -- Poly1305 -- SipHash -- x9.19-MAC - -The Botan MAC computation is split into five stages. - -#. Instantiate the MAC algorithm. -#. Set the secret key. -#. Process IV. -#. Process data. -#. Finalize the MAC computation. - -.. cpp:class:: MessageAuthenticationCode - - .. cpp:function:: void set_key(const uint8_t* key, size_t length) - - Set the shared MAC key for the calculation. This function has to be called before the data is processed. - - .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) - - Set the IV for the MAC calculation. Note that not all MAC algorithms require an IV. - If an IV is required, the function has to be called before the data is processed. - - .. cpp:function:: void update(const uint8_t* input, size_t length) - .. cpp:function:: void update(const secure_vector& in) - - Process the passed data. - - .. cpp:function:: void update(uint8_t in) - - Process a single byte. - - .. cpp:function:: void final(uint8_t* out) - - Complete the MAC computation and write the calculated tag to the passed byte array. - - .. cpp:function:: secure_vector final() - - Complete the MAC computation and return the calculated tag. - - .. cpp:function:: bool verify_mac(const uint8_t* mac, size_t length) - - Finalize the current MAC computation and compare the result to the passed ``mac``. Returns ``true``, if the verification is successfull and false otherwise. - - -Code Example -"""""""""""""""""""""" -The following example code computes a AES-256 GMAC and subsequently verifies the tag. - -.. code-block:: cpp - - #include - #include - #include - - int main() - { - const std::vector key = Botan::hex_decode("1337133713371337133713371337133713371337133713371337133713371337"); - const std::vector iv = Botan::hex_decode("FFFFFFFFFFFFFFFFFFFFFFFF"); - const std::vector data = Botan::hex_decode("6BC1BEE22E409F96E93D7E117393172A"); - std::unique_ptr mac(Botan::MessageAuthenticationCode::create("GMAC(AES-256)")); - if(!mac) - return 1; - mac->set_key(key); - mac->start(iv); - mac->update(data); - Botan::secure_vector tag = mac->final(); - std::cout << mac->name() << ": " << Botan::hex_encode(tag) << std::endl; - - //Verify created MAC - mac->start(iv); - mac->update(data); - std::cout << "Verification: " << (mac->verify_mac(tag) ? "success" : "failure"); - return 0; - } - -The following example code computes a valid AES-128 CMAC tag and modifies the data to demonstrate a MAC verification failure. - -.. code-block:: cpp - - #include - #include - #include - - int main() - { - const std::vector key = Botan::hex_decode("2B7E151628AED2A6ABF7158809CF4F3C"); - std::vector data = Botan::hex_decode("6BC1BEE22E409F96E93D7E117393172A"); - std::unique_ptr mac(Botan::MessageAuthenticationCode::create("CMAC(AES-128)")); - if(!mac) - return 1; - mac->set_key(key); - mac->update(data); - Botan::secure_vector tag = mac->final(); - //Corrupting data - data.back()++; - //Verify with corrupted data - mac->update(data); - std::cout << "Verification with malformed data: " << (mac->verify_mac(tag) ? "success" : "failure"); - return 0; - } diff --git a/doc/manual/tpm.rst b/doc/manual/tpm.rst index de9e170f89..ddf615d033 100644 --- a/doc/manual/tpm.rst +++ b/doc/manual/tpm.rst @@ -1,4 +1,4 @@ -Trusted Platform Module (TPM) Support +Trusted Platform Module (TPM) ========================================== .. versionadded:: 1.11.26 diff --git a/doc/todo.rst b/doc/todo.rst index e0958dcb7f..84e78d6aa8 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -193,8 +193,6 @@ Documentation * X.509 certs, path validation * Specific docs covering one major topic (RSA, ECDSA, AES/GCM, ...) * Some howto style docs (setting up CA, ...) -* List each cipher, hash, etc, describe its usage, and give the - header file and BOTAN_HAS_X macro associated with it. Packaging ------------ From 71d82507bf6c8aa928108d2f45c7b4afcbaa0fa3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 04:13:55 -0500 Subject: [PATCH 0280/1008] Documentation tweaks --- doc/downloads.rst | 0 doc/manual/contents.rst | 3 ++- doc/manual/ffi.rst | 25 +++++++++++++------------ doc/manual/rng.rst | 2 +- doc/manual/support.rst | 4 ++-- 5 files changed, 18 insertions(+), 16 deletions(-) delete mode 100644 doc/downloads.rst diff --git a/doc/downloads.rst b/doc/downloads.rst deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index d4e06f82d2..941bf014e3 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -6,6 +6,7 @@ Contents index goals + support building platforms versions @@ -41,4 +42,4 @@ Contents side_channels packaging fuzzing - support + diff --git a/doc/manual/ffi.rst b/doc/manual/ffi.rst index e0643974b8..4671363161 100644 --- a/doc/manual/ffi.rst +++ b/doc/manual/ffi.rst @@ -1,12 +1,12 @@ -FFI Interface +FFI (C89) Interface ======================================== .. versionadded:: 1.11.14 Botan's ffi module provides a C89 API intended to be easily usable with other language's foreign function interface (FFI) libraries. For instance the included -Python module uses the ``ctypes`` module for all library access. This API is of +Python wrapper uses Python's ``ctypes`` module and the C89 API. This API is of course also useful for programs written directly in C. Code examples can be found in `src/tests/test_ffi.cpp`. @@ -99,7 +99,7 @@ need to implement custom primitives using a PRP. .. cpp:type:: opaque* botan_block_cipher_t - An opauqe data type for a block cipher. Don't mess with it. + An opaque data type for a block cipher. Don't mess with it. .. cpp:function:: int botan_block_cipher_init(botan_block_cipher_t* bc, const char* cipher_name) @@ -119,12 +119,13 @@ need to implement custom primitives using a PRP. .. cpp:function:: int botan_block_cipher_encrypt_blocks(botan_block_cipher_t bc, const uint8_t in[], uint8_t out[], size_t blocks) - The key must have been set first with + The key must have been set first with :cpp:func:`botan_block_cipher_set_key`. Encrypt *blocks* blocks of data stored in *in* and place the ciphertext into *out*. The two parameters may be the same buffer, but must not overlap. .. cpp:function:: int botan_block_cipher_decrypt_blocks(botan_block_cipher_t bc, const uint8_t in[], uint8_t out[], size_t blocks) + The key must have been set first with :cpp:func:`botan_block_cipher_set_key`. Decrypt *blocks* blocks of data stored in *in* and place the ciphertext into *out*. The two parameters may be the same buffer, but must not overlap. @@ -430,14 +431,14 @@ Multiple Precision Integers .. cpp:function:: int botan_mp_gcd(botan_mp_t out, botan_mp_t x, botan_mp_t y) - Compute the greated common divisor of ``x`` and ``y``. + Compute the greatest common divisor of ``x`` and ``y``. .. cpp:function:: int botan_mp_is_prime(botan_mp_t n, botan_rng_t rng, size_t test_prob) - Test if ``n`` is prime. The algorithm used (Miller-Rabin) is probabalistic, + Test if ``n`` is prime. The algorithm used (Miller-Rabin) is probabilistic, set ``test_prob`` to the desired assurance level. For example if ``test_prob`` is 64, then sufficient Miller-Rabin iterations will run to - assure there is at most a ``1/2**64`` chance that ``n`` is composit. + assure there is at most a ``1/2**64`` chance that ``n`` is composite. .. cpp:function:: int botan_mp_get_bit(botan_mp_t n, size_t bit) @@ -565,14 +566,14 @@ Public Key Creation, Import and Export const char* field_name) Read an algorithm specific field from the public key object, placing it into output. - For exampe "n" or "e" for RSA keys or "p", "q", "g", and "y" for DSA keys. + For example "n" or "e" for RSA keys or "p", "q", "g", and "y" for DSA keys. .. cpp:function:: int botan_privkey_get_field(botan_mp_t output, \ botan_privkey_t key, \ const char* field_name) Read an algorithm specific field from the private key object, placing it into output. - For exampe "p" or "q" for RSA keys, or "x" for DSA keys or ECC keys. + For example "p" or "q" for RSA keys, or "x" for DSA keys or ECC keys. RSA specific functions @@ -642,18 +643,18 @@ ElGamal specific functions Initialize a public ElGamal key using group parameters p and g and public key y. -Diffie Hellmann specific functions +Diffie-Hellman specific functions ---------------------------------------- .. cpp:function:: int botan_privkey_load_dh(botan_privkey_t* key, \ botan_mp_t p, botan_mp_t g, botan_mp_t x) - Initialize a private Diffie Hellmann key using group parameters p and g and private key x. + Initialize a private Diffie-Hellman key using group parameters p and g and private key x. .. cpp:function:: int botan_pubkey_load_dh(botan_pubkey_t* key, \ botan_mp_t p, botan_mp_t g, botan_mp_t y) - Initialize a public Diffie Hellmann key using group parameters p and g and public key y. + Initialize a public Diffie-Hellman key using group parameters p and g and public key y. Public Key Encryption/Decryption ---------------------------------------- diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst index 99cc839143..7e80e2ed95 100644 --- a/doc/manual/rng.rst +++ b/doc/manual/rng.rst @@ -23,7 +23,7 @@ The major interfaces are Like randomize, but first incorporates the additional input field into the state of the RNG. The additional input could be anything which - parameterizes this request. + parameterizes this request. Not all RNG types accept additional inputs. .. cpp:function:: void RandomNumberGenerator::randomize_with_ts_input(uint8_t* data, size_t length) diff --git a/doc/manual/support.rst b/doc/manual/support.rst index 8813e03594..ca7166fbcf 100644 --- a/doc/manual/support.rst +++ b/doc/manual/support.rst @@ -1,5 +1,5 @@ Support Information -------------------------- +======================= Following table provides the support status for Botan branches. Any branch not listed here (including 1.11) is no longer supported. Dates in the future are @@ -17,7 +17,7 @@ Branch First Release End of Active Development End of Life "Active development" refers to adding new features and optimizations. At the conclusion of the active development phase, only bugfixes are applied. -Getting Support +Getting Help ------------------ To get help with Botan, open an issue on From c0a5a5863acc13a2d863d5bb9cabfaee0b30442d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 04:27:52 -0500 Subject: [PATCH 0281/1008] Move deprecated and ABI notices to the handbook Probably easier to find for most users since the handbook is packaged but the other stuff in doc isn't. --- doc/abi.rst | 16 -------------- doc/manual/abi.rst | 21 +++++++++++++++++++ doc/manual/contents.rst | 3 ++- doc/{deprecated.txt => manual/deprecated.rst} | 7 +++++-- 4 files changed, 28 insertions(+), 19 deletions(-) delete mode 100644 doc/abi.rst create mode 100644 doc/manual/abi.rst rename doc/{deprecated.txt => manual/deprecated.rst} (91%) diff --git a/doc/abi.rst b/doc/abi.rst deleted file mode 100644 index 0fa26d21bf..0000000000 --- a/doc/abi.rst +++ /dev/null @@ -1,16 +0,0 @@ - -API/ABI Stability -==================== - -API of release branches is stable; that is to say code that compiles and works -against 2.0.0 should also compile with all later 2.x.x versions. The API on -master is completely fair game and may change at any time. - -Maintaining a consistent ABI while evolving a complex C++ API is exceedingly -expensive in development time. It is likely ABI breakage will occur at least -occasionally even in release branches. In these cases, the soname revision will -increase to prevent applications from linking against a potentially incompatible -version at runtime. - -You can review a report on ABI changes to Botan at -https://abi-laboratory.pro/tracker/timeline/botan/ diff --git a/doc/manual/abi.rst b/doc/manual/abi.rst new file mode 100644 index 0000000000..888f0c33a0 --- /dev/null +++ b/doc/manual/abi.rst @@ -0,0 +1,21 @@ + +ABI Stability +==================== + +Botan uses semantic versioning for the API; if API features are added the minor +version increases, whereas if API compatability breaks occur the major version +is increased. + +However no guarantees about ABI are made between releases. Maintaining an ABI +compatible release in a complex C++ API is exceedingly expensive in development +time; just adding a single member variable or virtual function is enough to +cause ABI issues. + +If ABI changes, the soname revision will increase to prevent applications from +linking against a potentially incompatible version at runtime. + +If you are concerned about long-term ABI issues, considering using the C API +instead; this subset *is* ABI stable. + +You can review a report on ABI changes to Botan at +https://abi-laboratory.pro/tracker/timeline/botan/ diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index 941bf014e3..e33876b9eb 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -42,4 +42,5 @@ Contents side_channels packaging fuzzing - + deprecated + abi diff --git a/doc/deprecated.txt b/doc/manual/deprecated.rst similarity index 91% rename from doc/deprecated.txt rename to doc/manual/deprecated.rst index cbb48c797f..8cfe7e590a 100644 --- a/doc/deprecated.txt +++ b/doc/manual/deprecated.rst @@ -1,3 +1,6 @@ +Deprecated Features +======================== + The following functionality is currently deprecated, and will likely be removed in a future release. If you think you have a good reason to be using one of the following, contact the developers to explain your @@ -6,9 +9,9 @@ use case if you want to make sure your code continues to work. This is in addition to specific API calls marked with BOTAN_DEPRECATED in the source. -- The headers botan.h, init.h, lookup.h +- The headers ``botan.h``, ``init.h``, ``lookup.h`` -- All or nothing package transform +- All or nothing package transform (``package.h``) - The TLS constructors taking `std::function` for callbacks. Instead use the TLS::Callbacks interface. From b236a8aa0803bac4fba3c1de840379fb01f54ca1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 04:29:01 -0500 Subject: [PATCH 0282/1008] Remove completed todo --- doc/todo.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/todo.rst b/doc/todo.rst index 84e78d6aa8..551c24aac2 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -181,8 +181,6 @@ CLI * Change `tls_server` to be a tty<->socket app, like `tls_client` is, instead of a bogus echo server. -* Add a basic HTTP server mode to tls_server, as some tools like - https://github.com/tomato42/tlsfuzzer require this. * `encrypt` / `decrypt` tools providing password and/or public key based file encryption * Make help output more helpful From 805bb27dff20e491e76142db2b5fe1bd586d4788 Mon Sep 17 00:00:00 2001 From: Harry Reimann Date: Wed, 29 Nov 2017 08:35:27 +0100 Subject: [PATCH 0283/1008] Make support for certificate status messages optional via policy Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message. --- src/lib/tls/msg_client_hello.cpp | 3 ++- src/lib/tls/msg_server_hello.cpp | 9 ++------- src/lib/tls/tls_client.cpp | 24 ++++++++++++++++++++++-- src/lib/tls/tls_policy.cpp | 2 ++ src/lib/tls/tls_policy.h | 7 +++++++ src/lib/tls/tls_text_policy.cpp | 5 +++++ src/tests/unit_tls.cpp | 3 +++ 7 files changed, 43 insertions(+), 10 deletions(-) diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 3b13cf21d1..bcd8397e8e 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -105,7 +105,8 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Renegotiation_Extension(reneg_info)); m_extensions.add(new Server_Name_Indicator(client_settings.hostname())); - m_extensions.add(new Certificate_Status_Request({}, {})); + if(policy.support_cert_status_message()) + m_extensions.add(new Certificate_Status_Request({}, {})); if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 67c3d530f5..81f9e1f623 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -37,7 +37,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Extended_Master_Secret); // Sending the extension back does not commit us to sending a stapled response - if(client_hello.supports_cert_status_message()) + if(client_hello.supports_cert_status_message() && policy.support_cert_status_message()) m_extensions.add(new Certificate_Status_Request); Ciphersuite c = Ciphersuite::by_id(m_ciphersuite); @@ -105,7 +105,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Extended_Master_Secret); // Sending the extension back does not commit us to sending a stapled response - if(client_hello.supports_cert_status_message()) + if(client_hello.supports_cert_status_message() && policy.support_cert_status_message()) m_extensions.add(new Certificate_Status_Request); if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) @@ -115,11 +115,6 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } - if(client_hello.supports_cert_status_message()) - { - m_extensions.add(new Certificate_Status_Request); - } - if(resumed_session.ciphersuite().ecc_ciphersuite()) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 0e620a2796..a1b71841df 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -386,7 +386,8 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Client: No certificates sent by server"); /* - Certificate verification happens after we receive the server hello done, + If the server supports certificate status messages, + certificate verification happens after we receive the server hello done, in case an OCSP response was also available */ @@ -412,6 +413,24 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { state.set_expected_next(CERTIFICATE_STATUS); // optional } + else + { + try + { + auto trusted_CAs = m_creds.trusted_certificate_authorities("tls-client", m_info.hostname()); + + callbacks().tls_verify_cert_chain(server_certs, + {}, + trusted_CAs, + Usage_Type::TLS_SERVER_AUTH, + m_info.hostname(), + policy()); + } + catch(std::exception& e) + { + throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); + } + } } else if(type == CERTIFICATE_STATUS) { @@ -459,7 +478,8 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { state.server_hello_done(new Server_Hello_Done(contents)); - if(state.server_certs() != nullptr) + if(state.server_certs() != nullptr && + state.server_hello()->supports_certificate_status_message()) { try { diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 5d82eee0c7..1c6be66203 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -341,6 +341,7 @@ bool Policy::include_time_in_hello_random() const { return true; } bool Policy::hide_unknown_users() const { return false; } bool Policy::server_uses_own_ciphersuite_preferences() const { return true; } bool Policy::negotiate_encrypt_then_mac() const { return true; } +bool Policy::support_cert_status_message() const { return true; } // 1 second initial timeout, 60 second max - see RFC 6347 sec 4.2.4.1 size_t Policy::dtls_initial_timeout() const { return 1*1000; } @@ -552,6 +553,7 @@ void Policy::print(std::ostream& o) const print_bool(o, "hide_unknown_users", hide_unknown_users()); print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences()); print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac()); + print_bool(o, "support_cert_status_message", support_cert_status_message()); o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n'; o << "dh_group = " << dh_group() << '\n'; o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n'; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index db2cbb3bb4..fe7e50f8dc 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -287,6 +287,11 @@ class BOTAN_PUBLIC_API(2,0) Policy */ virtual bool negotiate_encrypt_then_mac() const; + /** + * Indicates whether certificate status messages should be supported + */ + virtual bool support_cert_status_message() const; + /** * Return allowed ciphersuites, in order of preference */ @@ -502,6 +507,8 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy bool negotiate_encrypt_then_mac() const override; + bool support_cert_status_message() const override; + std::string dh_group() const override; size_t minimum_ecdh_group_size() const override; diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 345e6005f6..1f93b1e0f1 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -103,6 +103,11 @@ bool Text_Policy::negotiate_encrypt_then_mac() const return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac()); } +bool Text_Policy::support_cert_status_message() const + { + return get_bool("support_cert_status_message", Policy::support_cert_status_message()); + } + std::string Text_Policy::dh_group() const { return get_str("dh_group", Policy::dh_group()); diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index b22028a0eb..026eeb62d4 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1308,6 +1308,9 @@ class TLS_Unit_Tests final : public Test test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", { { "signature_methods", "RSA" } }); + test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "support_cert_status_message", "false" } }); + #if defined(BOTAN_HAS_DSA) test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD", { { "signature_methods", "DSA" } }); From 6299685d6c118bd2125fd532e6f5d2258efd9f0d Mon Sep 17 00:00:00 2001 From: Harry Reimann Date: Thu, 30 Nov 2017 15:22:11 +0100 Subject: [PATCH 0284/1008] Move TLS signature and key exchange code into callbacks Give applications using an external crypto device for signature generation and/or verification and/or (ec)dh key exchange while establishing a TLS session hooks to implement the corresponding functionality. --- src/lib/tls/msg_cert_verify.cpp | 11 ++- src/lib/tls/msg_client_kex.cpp | 94 ++++------------------ src/lib/tls/msg_server_kex.cpp | 23 +++--- src/lib/tls/tls_callbacks.cpp | 116 ++++++++++++++++++++++++++++ src/lib/tls/tls_callbacks.h | 85 ++++++++++++++++++++ src/lib/tls/tls_handshake_state.cpp | 1 - src/lib/tls/tls_handshake_state.h | 3 + 7 files changed, 237 insertions(+), 96 deletions(-) diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index 4b7ba56621..e4b764b29f 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -29,9 +29,9 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io, std::pair format = state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy); - PK_Signer signer(*priv_key, rng, format.first, format.second); - - m_signature = signer.sign_message(state.hash().get_contents(), rng); + m_signature = + state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second, + state.hash().get_contents()); state.hash().update(io.send(*this)); } @@ -89,10 +89,9 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, true, policy); - PK_Verifier verifier(*key, format.first, format.second); - const bool signature_valid = - verifier.verify_message(state.hash().get_contents(), m_signature); + state.callbacks().tls_verify_message(*key, format.first, format.second, + state.hash().get_contents(), m_signature); #if defined(BOTAN_UNSAFE_FUZZER_MODE) return true; diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 51040e479d..64e39a840a 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -7,7 +7,6 @@ #include #include -#include #include #include @@ -17,16 +16,8 @@ #include #include -#include - -#include -#include #include -#if defined(BOTAN_HAS_CURVE_25519) - #include -#endif - #if defined(BOTAN_HAS_CECPQ1) #include #endif @@ -94,49 +85,25 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - BigInt p = BigInt::decode(reader.get_range(2, 1, 65535)); - BigInt g = BigInt::decode(reader.get_range(2, 1, 65535)); - BigInt Y = BigInt::decode(reader.get_range(2, 1, 65535)); + const std::vector modulus = reader.get_range(2, 1, 65535); + const std::vector generator = reader.get_range(2, 1, 65535); + const std::vector peer_public_value = reader.get_range(2, 1, 65535); if(reader.remaining_bytes()) throw Decoding_Error("Bad params size for DH key exchange"); - /* - * A basic check for key validity. As we do not know q here we - * cannot check that Y is in the right subgroup. However since - * our key is ephemeral there does not seem to be any - * advantage to bogus keys anyway. - */ - if(Y <= 1 || Y >= p - 1) - throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, - "Server sent bad DH key for DHE exchange"); - - DL_Group group(p, g); - - if(!group.verify_group(rng, false)) - throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, - "DH group validation failed"); - - DH_PublicKey counterparty_key(group, Y); - - policy.check_peer_key_acceptable(counterparty_key); - - DH_PrivateKey priv_key(rng, group); - - PK_Key_Agreement ka(priv_key, rng, "Raw"); - - secure_vector dh_secret = CT::strip_leading_zeros( - ka.derive_key(0, counterparty_key.public_value()).bits_of()); + const std::pair, std::vector> dh_result = + state.callbacks().tls_dh_agree(modulus, generator, peer_public_value, policy, rng); if(kex_algo == "DH") - m_pre_master = dh_secret; + m_pre_master = dh_result.first; else { - append_tls_length_value(m_pre_master, dh_secret, 2); + append_tls_length_value(m_pre_master, dh_result.first, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); } - append_tls_length_value(m_key_material, priv_key.public_value(), 2); + append_tls_length_value(m_key_material, dh_result.second, 2); } else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") { @@ -158,51 +125,20 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, "Server sent ECC curve prohibited by policy"); } - const std::vector ecdh_key = reader.get_range(1, 1, 255); - std::vector our_ecdh_public; - secure_vector ecdh_secret; - - if(curve_name == "x25519") - { -#if defined(BOTAN_HAS_CURVE_25519) - if(ecdh_key.size() != 32) - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Invalid X25519 key size"); - - Curve25519_PublicKey counterparty_key(ecdh_key); - policy.check_peer_key_acceptable(counterparty_key); - Curve25519_PrivateKey priv_key(rng); - PK_Key_Agreement ka(priv_key, rng, "Raw"); - ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); - - // X25519 is always compressed but sent as "uncompressed" in TLS - our_ecdh_public = priv_key.public_value(); -#else - throw Internal_Error("Negotiated X25519 somehow, but it is disabled"); -#endif - } - else - { - EC_Group group(OIDS::lookup(curve_name)); - ECDH_PublicKey counterparty_key(group, OS2ECP(ecdh_key, group.get_curve())); - policy.check_peer_key_acceptable(counterparty_key); - ECDH_PrivateKey priv_key(rng, group); - PK_Key_Agreement ka(priv_key, rng, "Raw"); - ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); - - // follow server's preference for point compression - our_ecdh_public = priv_key.public_value( - state.server_hello()->prefers_compressed_ec_points() ? PointGFp::COMPRESSED : PointGFp::UNCOMPRESSED); - } + const std::vector peer_public_value = reader.get_range(1, 1, 255); + const std::pair, std::vector> ecdh_result = + state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng, + state.server_hello()->prefers_compressed_ec_points()); if(kex_algo == "ECDH") - m_pre_master = ecdh_secret; + m_pre_master = ecdh_result.first; else { - append_tls_length_value(m_pre_master, ecdh_secret, 2); + append_tls_length_value(m_pre_master, ecdh_result.first, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); } - append_tls_length_value(m_key_material, our_ecdh_public, 1); + append_tls_length_value(m_key_material, ecdh_result.second, 1); } #if defined(BOTAN_HAS_SRP6) else if(kex_algo == "SRP_SHA") diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index ab75d3a9b5..4f90cc8b35 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -185,12 +185,14 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, std::pair format = state.choose_sig_format(*signing_key, m_hash_algo, m_sig_algo, false, policy); - PK_Signer signer(*signing_key, rng, format.first, format.second); + std::vector buf = state.client_hello()->random(); - signer.update(state.client_hello()->random()); - signer.update(state.server_hello()->random()); - signer.update(params()); - m_signature = signer.signature(rng); + buf += state.server_hello()->random(); + buf += params(); + + m_signature = + state.callbacks().tls_sign_message(*signing_key, rng, + format.first, format.second, buf); } state.hash().update(io.send(*this)); @@ -300,13 +302,14 @@ bool Server_Key_Exchange::verify(const Public_Key& server_key, state.parse_sig_format(server_key, m_hash_algo, m_sig_algo, false, policy); - PK_Verifier verifier(server_key, format.first, format.second); + std::vector buf = state.client_hello()->random(); - verifier.update(state.client_hello()->random()); - verifier.update(state.server_hello()->random()); - verifier.update(params()); + buf += state.server_hello()->random(); + buf += params(); - const bool signature_valid = verifier.check_signature(m_signature); + const bool signature_valid = + state.callbacks().tls_verify_message(server_key, format.first, format.second, + buf, m_signature); #if defined(BOTAN_UNSAFE_FUZZER_MODE) return true; diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 59620aec24..b4ffc81a5d 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -9,6 +9,15 @@ #include #include #include +#include +#include +#include +#include +#include + +#if defined(BOTAN_HAS_CURVE_25519) + #include +#endif namespace Botan { @@ -50,4 +59,111 @@ void TLS::Callbacks::tls_verify_cert_chain( throw Exception("Certificate validation failure: " + result.result_string()); } +std::vector TLS::Callbacks::tls_sign_message( + const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& emsa, + Signature_Format format, + const std::vector& msg) + { + PK_Signer signer(key, rng, emsa, format); + + return signer.sign_message(msg, rng); + } + +bool TLS::Callbacks::tls_verify_message( + const Public_Key& key, + const std::string& emsa, + Signature_Format format, + const std::vector& msg, + const std::vector& sig) + { + PK_Verifier verifier(key, emsa, format); + + return verifier.verify_message(msg, sig); + } + +std::pair, std::vector> TLS::Callbacks::tls_dh_agree( + const std::vector& modulus, + const std::vector& generator, + const std::vector& peer_public_value, + const Policy& policy, + RandomNumberGenerator& rng) + { + BigInt p = BigInt::decode(modulus); + BigInt g = BigInt::decode(generator); + BigInt Y = BigInt::decode(peer_public_value); + + /* + * A basic check for key validity. As we do not know q here we + * cannot check that Y is in the right subgroup. However since + * our key is ephemeral there does not seem to be any + * advantage to bogus keys anyway. + */ + if(Y <= 1 || Y >= p - 1) + throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, + "Server sent bad DH key for DHE exchange"); + + DL_Group group(p, g); + + if(!group.verify_group(rng, false)) + throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, + "DH group validation failed"); + + DH_PublicKey peer_key(group, Y); + + policy.check_peer_key_acceptable(peer_key); + + DH_PrivateKey priv_key(rng, group); + PK_Key_Agreement ka(priv_key, rng, "Raw"); + secure_vector dh_secret = CT::strip_leading_zeros( + ka.derive_key(0, peer_key.public_value()).bits_of()); + + return std::make_pair(dh_secret, priv_key.public_value()); + } + +std::pair, std::vector> TLS::Callbacks::tls_ecdh_agree( + const std::string& curve_name, + const std::vector& peer_public_value, + const Policy& policy, + RandomNumberGenerator& rng, + bool compressed) + { + secure_vector ecdh_secret; + std::vector our_public_value; + + if(curve_name == "x25519") + { +#if defined(BOTAN_HAS_CURVE_25519) + if(peer_public_value.size() != 32) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Invalid X25519 key size"); + } + + Curve25519_PublicKey peer_key(peer_public_value); + policy.check_peer_key_acceptable(peer_key); + Curve25519_PrivateKey priv_key(rng); + PK_Key_Agreement ka(priv_key, rng, "Raw"); + ecdh_secret = ka.derive_key(0, peer_key.public_value()).bits_of(); + + // X25519 is always compressed but sent as "uncompressed" in TLS + our_public_value = priv_key.public_value(); +#else + throw Internal_Error("Negotiated X25519 somehow, but it is disabled"); +#endif + } + else + { + EC_Group group(OIDS::lookup(curve_name)); + ECDH_PublicKey peer_key(group, OS2ECP(peer_public_value, group.get_curve())); + policy.check_peer_key_acceptable(peer_key); + ECDH_PrivateKey priv_key(rng, group); + PK_Key_Agreement ka(priv_key, rng, "Raw"); + ecdh_secret = ka.derive_key(0, peer_key.public_value()).bits_of(); + our_public_value = priv_key.public_value(compressed ? PointGFp::COMPRESSED : PointGFp::UNCOMPRESSED); + } + + return std::make_pair(ecdh_secret, our_public_value); + } + } diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 962bb2489d..cbd514050d 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -11,6 +11,7 @@ #include #include +#include #include namespace Botan { @@ -139,6 +140,90 @@ class BOTAN_PUBLIC_API(2,0) Callbacks return std::chrono::milliseconds(0); } + /** + * Optional callback with default impl: sign a message + * + * Default implementation uses PK_Signer::sign_message(). + * Override to provide a different approach, e.g. using an external device. + * + * @param key the private key of the signer + * @param rng a random number generator + * @param emsa the encoding method to be applied to the message + * @param format the signature format + * @param msg the input data for the signature + * + * @return the signature + */ + virtual std::vector tls_sign_message( + const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& emsa, + Signature_Format format, + const std::vector& msg); + + /** + * Optional callback with default impl: verify a message signature + * + * Default implementation uses PK_Verifier::verify_message(). + * Override to provide a different approach, e.g. using an external device. + * + * @param key the public key of the signer + * @param emsa the encoding method to be applied to the message + * @param format the signature format + * @param msg the input data for the signature + * @param sig the signature to be checked + * + * @return true if the signature is valid, false otherwise + */ + virtual bool tls_verify_message( + const Public_Key& key, + const std::string& emsa, + Signature_Format format, + const std::vector& msg, + const std::vector& sig); + + /** + * Optional callback with default impl: client side DH agreement + * + * Default implementation uses PK_Key_Agreement::derive_key(). + * Override to provide a different approach, e.g. using an external device. + * + * @param modulus the modulus p of the discrete logarithm group + * @param generator the generator of the DH subgroup + * @param peer_public_value the public value of the peer + * @param policy the TLS policy associated with the session being established + * @param rng a random number generator + * + * @return a pair consisting of the agreed raw secret and our public value + */ + virtual std::pair, std::vector> tls_dh_agree( + const std::vector& modulus, + const std::vector& generator, + const std::vector& peer_public_value, + const Policy& policy, + RandomNumberGenerator& rng); + + /** + * Optional callback with default impl: client side ECDH agreement + * + * Default implementation uses PK_Key_Agreement::derive_key(). + * Override to provide a different approach, e.g. using an external device. + * + * @param curve_name the name of the elliptic curve + * @param peer_public_value the public value of the peer + * @param policy the TLS policy associated with the session being established + * @param rng a random number generator + * @param compressed the compression preference for our public value + * + * @return a pair consisting of the agreed raw secret and our public value + */ + virtual std::pair, std::vector> tls_ecdh_agree( + const std::string& curve_name, + const std::vector& peer_public_value, + const Policy& policy, + RandomNumberGenerator& rng, + bool compressed); + /** * Optional callback: inspect handshake message * Throw an exception to abort the handshake. diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 442d499d11..8cf16b1fc6 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -8,7 +8,6 @@ #include #include #include -#include #include #include diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index e15e3a92fb..2b03670f9c 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -160,6 +161,8 @@ class Handshake_State const Session_Keys& session_keys() const { return m_session_keys; } + Callbacks& callbacks() const { return m_callbacks; } + void compute_session_keys(); void compute_session_keys(const secure_vector& resume_master_secret); From deed48efb1a1c3c66aead08b0a49124b94aba7d8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 05:11:29 -0500 Subject: [PATCH 0285/1008] Cleanup install target There is no reason to process template language in here, all we need to do is look up values in the build JSON. --- configure.py | 1 + src/scripts/install.py | 39 ++++++++++----------------------------- 2 files changed, 11 insertions(+), 29 deletions(-) diff --git a/configure.py b/configure.py index ee26d0320e..1fca0c49bc 100755 --- a/configure.py +++ b/configure.py @@ -2019,6 +2019,7 @@ def configure_command_line(): 'src_dir': source_paths.src_dir, 'doc_dir': source_paths.doc_dir, + 'cli_exe_name': osinfo.cli_exe_name + program_suffix, 'cli_exe': os.path.join(build_dir, osinfo.cli_exe_name + program_suffix), 'test_exe': os.path.join(build_dir, 'botan-test' + program_suffix), diff --git a/src/scripts/install.py b/src/scripts/install.py index 7a5659b47b..c6e4ec2cd3 100755 --- a/src/scripts/install.py +++ b/src/scripts/install.py @@ -14,7 +14,6 @@ import optparse # pylint: disable=deprecated-module import os import shutil -import string import sys import subprocess @@ -148,24 +147,13 @@ def copy_executable(src, dst): with open(os.path.join(options.build_dir, 'build_config.json')) as f: cfg = json.load(f) - def process_template(template_str): - class PercentSignTemplate(string.Template): - delimiter = '%' - - try: - template = PercentSignTemplate(template_str) - return template.substitute(cfg) - except KeyError as e: - raise Exception('Unbound var %s in template' % (e)) - except Exception as e: - raise Exception('Exception %s in template' % (e)) - ver_major = int(cfg['version_major']) ver_minor = int(cfg['version_minor']) ver_patch = int(cfg['version_patch']) target_os = cfg['os'] build_shared_lib = bool(cfg['build_shared_lib']) build_static_lib = bool(cfg['build_static_lib']) + out_dir = cfg['out_dir'] bin_dir = os.path.join(options.prefix, options.bindir) lib_dir = os.path.join(options.prefix, options.libdir) @@ -174,12 +162,6 @@ class PercentSignTemplate(string.Template): 'botan-%d' % (ver_major), 'botan') - out_dir = process_template('%{out_dir}') - if target_os == "windows": - app_exe = 'botan-cli.exe' - else: - app_exe = process_template('botan%{program_suffix}') - for d in [options.prefix, lib_dir, bin_dir, target_include_dir]: makedirs(prepend_destdir(d)) @@ -197,21 +179,21 @@ class PercentSignTemplate(string.Template): copy_file(os.path.join(build_external_include_dir, include), prepend_destdir(os.path.join(target_include_dir, include))) - if build_static_lib: - static_lib = process_template('%{lib_prefix}%{libname}.%{static_suffix}') + if build_static_lib or target_os == 'windows': + static_lib = cfg['static_lib_name'] copy_file(os.path.join(out_dir, static_lib), prepend_destdir(os.path.join(lib_dir, os.path.basename(static_lib)))) if build_shared_lib: if target_os == "windows": - libname = process_template('%{libname}') + libname = cfg['libname'] soname_base = libname + '.dll' copy_executable(os.path.join(out_dir, soname_base), prepend_destdir(os.path.join(lib_dir, soname_base))) else: - soname_patch = process_template('%{soname_patch}') - soname_abi = process_template('%{soname_abi}') - soname_base = process_template('%{soname_base}') + soname_patch = cfg['soname_patch'] + soname_abi = cfg['soname_abi'] + soname_base = cfg['soname_base'] copy_executable(os.path.join(out_dir, soname_patch), prepend_destdir(os.path.join(lib_dir, soname_patch))) @@ -225,8 +207,7 @@ class PercentSignTemplate(string.Template): finally: os.chdir(prev_cwd) - copy_executable(os.path.join(out_dir, app_exe), - prepend_destdir(os.path.join(bin_dir, app_exe))) + copy_executable(cfg['cli_exe'], prepend_destdir(os.path.join(bin_dir, cfg['cli_exe_name']))) # On Darwin, if we are using shared libraries and we install, we should fix # up the library name, otherwise the botan command won't work; ironically @@ -234,13 +215,13 @@ class PercentSignTemplate(string.Template): # that would be correct for installation to one that lets us run it from # the build directory if target_os == 'darwin' and build_shared_lib: - soname_abi = process_template('%{soname_abi}') + soname_abi = cfg['soname_abi'] subprocess.check_call(['install_name_tool', '-change', os.path.join('@executable_path', soname_abi), os.path.join(lib_dir, soname_abi), - os.path.join(bin_dir, app_exe)]) + os.path.join(bin_dir, cfg['cli_exe_name'])]) if 'botan_pkgconfig' in cfg: pkgconfig_dir = os.path.join(options.prefix, options.libdir, options.pkgconfigdir) From 20563db49fb823ef331822e6795849d01ce0df3b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 3 Dec 2017 13:20:30 -0500 Subject: [PATCH 0286/1008] Add a script for generating the documentation --- configure.py | 55 ++++---------- doc/contributing.rst | 12 +-- src/build-data/makefile.in | 51 +++++++------ src/scripts/build_docs.py | 145 +++++++++++++++++++++++++++++++++++++ src/scripts/ci_build.py | 1 + src/scripts/cleanup.py | 14 ++-- 6 files changed, 205 insertions(+), 73 deletions(-) create mode 100755 src/scripts/build_docs.py diff --git a/configure.py b/configure.py index ee26d0320e..b15ef4a1c3 100755 --- a/configure.py +++ b/configure.py @@ -261,31 +261,6 @@ def src_info(self, typ): else: raise InternalError("Unknown src info type '%s'" % (typ)) - -def make_build_doc_commands(source_paths, build_paths, options): - - if options.with_documentation is False: - return "" - - def build_manual_command(src_dir, dst_dir): - if options.with_sphinx: - sphinx = 'sphinx-build -b html -c %s ' % (source_paths.sphinx_config_dir) - if options.quiet: - sphinx += '-q ' - sphinx += '%s %s' % (src_dir, dst_dir) - return sphinx - else: - cp_command = 'copy' if options.os == 'windows' else 'cp' - return '%s %s%s*.rst %s' % (cp_command, src_dir, os.sep, dst_dir) - - cmds = [ - build_manual_command(os.path.join(source_paths.doc_dir, 'manual'), build_paths.doc_output_dir_manual) - ] - if options.with_doxygen: - cmds += ['doxygen %s%sbotan.doxy' % (build_paths.build_dir, os.sep)] - return '\n'.join(['\t' + cmd for cmd in cmds]) - - def process_command_line(args): # pylint: disable=too-many-locals """ Handle command line options @@ -2018,6 +1993,8 @@ def configure_command_line(): 'base_dir': source_paths.base_dir, 'src_dir': source_paths.src_dir, 'doc_dir': source_paths.doc_dir, + 'scripts_dir': source_paths.scripts_dir, + 'python_dir': source_paths.python_dir, 'cli_exe': os.path.join(build_dir, osinfo.cli_exe_name + program_suffix), 'test_exe': os.path.join(build_dir, 'botan-test' + program_suffix), @@ -2029,8 +2006,6 @@ def configure_command_line(): 'command_line': configure_command_line(), 'local_config': read_textfile(options.local_config), - 'makefile_path': os.path.join(build_config.build_dir, '..', 'Makefile'), - 'program_suffix': program_suffix, 'prefix': options.prefix or osinfo.install_root, @@ -2038,12 +2013,17 @@ def configure_command_line(): 'libdir': options.libdir or osinfo.lib_dir, 'includedir': options.includedir or osinfo.header_dir, 'docdir': options.docdir or osinfo.doc_dir, + 'with_documentation': options.with_documentation, + 'with_sphinx': options.with_sphinx, + 'sphinx_config_dir': source_paths.sphinx_config_dir, + 'with_doxygen': options.with_doxygen, 'out_dir': options.with_build_dir or os.path.curdir, 'build_dir': build_config.build_dir, - 'scripts_dir': source_paths.scripts_dir, + 'doc_stamp_file': os.path.join(build_config.build_dir, 'doc.stamp'), + 'makefile_path': os.path.join(build_config.build_dir, '..', 'Makefile'), 'build_static_lib': options.build_static_lib, 'build_fuzzers': options.build_fuzzers, @@ -2058,13 +2038,8 @@ def configure_command_line(): 'fuzzobj_dir': build_config.fuzzobj_dir, 'fuzzer_output_dir': build_config.fuzzer_output_dir if build_config.fuzzer_output_dir else '', - 'doc_output_dir': build_config.doc_output_dir, - 'build_doc_commands': make_build_doc_commands(source_paths, build_config, options), - - 'python_dir': source_paths.python_dir, - 'os': options.os, 'arch': options.arch, 'submodel': options.cpu, @@ -2073,6 +2048,9 @@ def configure_command_line(): 'mp_bits': choose_mp_bits(), + 'python_exe': sys.executable, + 'python_version': options.python_version, + 'cxx': (options.compiler_binary or cc.binary_name), 'cxx_abi_flags': cc.mach_abi_link_flags(options), 'linker': cc.linker_name or '$(CXX)', @@ -2090,6 +2068,10 @@ def configure_command_line(): 'exe_link_cmd': cc.binary_link_command_for(osinfo.basename, options) + external_link_cmd(), 'post_link_cmd': '', + 'ar_command': options.ar_command or cc.ar_command or osinfo.ar_command, + 'ar_options': cc.ar_options or osinfo.ar_options, + 'ar_output_to': cc.ar_output_to, + 'link_to': ' '.join( [cc.add_lib_option + lib for lib in link_to('libs')] + [cc.add_framework_option + fw for fw in link_to('frameworks')] @@ -2110,15 +2092,8 @@ def configure_command_line(): 'unsafe_fuzzer_mode_define': '#define BOTAN_UNSAFE_FUZZER_MODE' if options.unsafe_fuzzer_mode else '', 'fuzzer_type': '#define BOTAN_FUZZER_IS_%s' % (options.build_fuzzers.upper()) if options.build_fuzzers else '', - 'python_exe': sys.executable, - 'ar_command': options.ar_command or cc.ar_command or osinfo.ar_command, - 'ar_options': cc.ar_options or osinfo.ar_options, - 'ar_output_to': cc.ar_output_to, - 'mod_list': '\n'.join(sorted([m.basename for m in modules])), - 'python_version': options.python_version, - 'with_sphinx': options.with_sphinx, 'house_ecc_curve_defines': make_cpp_macros(HouseEccCurve(options.house_curve).defines()) \ if options.house_curve else '', } diff --git a/doc/contributing.rst b/doc/contributing.rst index 31e8cb39f6..0ce0cd9f6b 100644 --- a/doc/contributing.rst +++ b/doc/contributing.rst @@ -97,12 +97,12 @@ Python Scripts should be in Python whenever possible. -For configure.py (and install.py) the target is stock (no modules outside the -standard library) CPython 2.7 plus latest CPython 3.x. Support for CPython 2.6, -PyPy, etc is great when viable (in the sense of not causing problems for 2.7 or -3.x, and not requiring huge blocks of version dependent code). As running this -program succesfully is required for a working build making it as portable as -possible is considered key. +For configure.py (and helper scripts install.py, cleanup.py and build_docs.py) +the target is stock (no modules outside the standard library) CPython 2.7 plus +latest CPython 3.x. Support for CPython 2.6, PyPy, etc is great when viable (in +the sense of not causing problems for 2.7 or 3.x, and not requiring huge blocks +of version dependent code). As running this program succesfully is required for +a working build, making it as portable as possible is considered key. The python wrapper botan2.py targets CPython 2.7, 3.x, and latest PyPy. Note that a single file is used to avoid dealing with any of Python's various crazy module diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 2c97ef7925..614e5bb555 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -28,7 +28,7 @@ INSTALLED_LIB_DIR = %{prefix}/%{libdir} POST_LINK_CMD = %{post_link_cmd} # The primary target -all: libs cli tests docs +all: libs cli docs tests # Executable targets CLI = %{cli_exe} @@ -38,11 +38,14 @@ LIBRARIES = %{library_targets} cli: $(CLI) tests: $(TEST) libs: $(LIBRARIES) +docs: %{doc_stamp_file} # Misc targets -docs: -%{build_doc_commands} +.PHONY = all cli libs tests docs clean distclean + +%{doc_stamp_file}: %{doc_dir}/manual/*.rst + $(PYTHON_EXE) $(SCRIPTS_DIR)/build_docs.py --build-dir="%{build_dir}" clean: $(PYTHON_EXE) $(SCRIPTS_DIR)/cleanup.py --build-dir="%{build_dir}" @@ -60,14 +63,7 @@ CLIOBJS = %{cli_objs} TESTOBJS = %{test_objs} -# Build Commands -%{lib_build_cmds} - -%{cli_build_cmds} - -%{test_build_cmds} - -# Library targets +# Executable targets $(CLI): $(LIBRARIES) $(CLIOBJS) $(EXE_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ @@ -77,6 +73,22 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) $(EXE_LINK_CMD) $(LDFLAGS) $(TESTOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ $(POST_LINK_CMD) +%{if build_fuzzers} + +FUZZERS=%{fuzzer_bin} + +fuzzers: libs $(FUZZERS) + +fuzzer_corpus: + git clone --depth=1 https://github.com/randombit/crypto-corpus.git fuzzer_corpus + +fuzzer_corpus_zip: fuzzer_corpus + ./src/scripts/create_corpus_zip.py fuzzer_corpus %{fuzzobj_dir} + +%{endif} + +# Library targets + %{if build_static_lib} %{out_dir}/%{static_lib_name}: $(LIBOBJS) @@ -100,18 +112,13 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) %{endif} -%{if build_fuzzers} - -%{fuzzer_build_cmds} - -FUZZERS=%{fuzzer_bin} - -fuzzers: libs $(FUZZERS) +# Build Commands +%{lib_build_cmds} -fuzzer_corpus: - git clone --depth=1 https://github.com/randombit/crypto-corpus.git fuzzer_corpus +%{cli_build_cmds} -fuzzer_corpus_zip: fuzzer_corpus - ./src/scripts/create_corpus_zip.py fuzzer_corpus %{fuzzobj_dir} +%{test_build_cmds} +%{if build_fuzzers} +%{fuzzer_build_cmds} %{endif} diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py new file mode 100755 index 0000000000..b30e3d3e1e --- /dev/null +++ b/src/scripts/build_docs.py @@ -0,0 +1,145 @@ +#!/usr/bin/env python + +""" +Botan doc generation script + +(C) 2014,2015,2017 Jack Lloyd + +Botan is released under the Simplified BSD License (see license.txt) +""" + +import sys +import optparse # pylint: disable=deprecated-module +import subprocess +import shutil +import logging +import json +import os + +def get_concurrency(): + """ + Get default concurrency level of build + """ + def_concurrency = 2 + + try: + import multiprocessing + return max(def_concurrency, multiprocessing.cpu_count()) + except ImportError: + return def_concurrency + +def touch(fname): + try: + os.utime(fname, None) + except OSError: + open(fname, 'a').close() + +def copy_files(src_dir, dest_dir): + for f in os.listdir(src_dir): + src_file = os.path.join(src_dir, f) + dest_file = os.path.join(dest_dir, f) + logging.debug("Copying from %s to %s", src_file, dest_file) + shutil.copyfile(src_file, dest_file) + +def run_and_check(cmd_line): + + logging.debug("Executing %s", ' '.join(cmd_line)) + + proc = subprocess.Popen(cmd_line, + close_fds=True) + + (stdout, stderr) = proc.communicate() + + if proc.returncode != 0: + logging.error("Error running %s", ' '.join(cmd_line)) + sys.exit(1) + + +def parse_options(args): + parser = optparse.OptionParser() + + parser.add_option('--verbose', action='store_true', default=False, + help='Show debug messages') + parser.add_option('--quiet', action='store_true', default=False, + help='Show only warnings and errors') + + parser.add_option('--build-dir', metavar='DIR', default='build', + help='Location of build output (default \'%default\')') + parser.add_option('--dry-run', default=False, action='store_true', + help='Just display what would be done') + + (options, args) = parser.parse_args(args) + + if len(args) > 1: + logging.error("Unknown arguments") + return None + + def log_level(): + if options.verbose: + return logging.DEBUG + if options.quiet: + return logging.WARNING + return logging.INFO + + logging.getLogger().setLevel(log_level()) + + return options + + +def main(args=None): + if args is None: + args = sys.argv + + logging.basicConfig(stream=sys.stdout, + format='%(levelname) 7s: %(message)s') + + options = parse_options(args) + + if options is None: + return 1 + + with open(os.path.join(options.build_dir, 'build_config.json')) as f: + cfg = json.load(f) + + with_docs = bool(cfg['with_documentation']) + with_sphinx = bool(cfg['with_sphinx']) + with_doxygen = bool(cfg['with_doxygen']) + + doc_stamp_file = cfg['doc_stamp_file'] + + manual_src = os.path.join(cfg['doc_dir'], 'manual') + manual_output = os.path.join(cfg['doc_output_dir'], 'manual') + + if with_docs is False: + logging.debug('Documentation build disabled') + return 0 + + cmds = [] + + if with_doxygen: + cmds.append(['doxygen', os.path.join(cfg['build_dir'], 'botan.doxy')]) + + if with_sphinx: + cmds.append(['sphinx-build', '-q', '-b', 'html', '-c', cfg['sphinx_config_dir'], + '-j', str(get_concurrency()), manual_src, manual_output]) + else: + # otherwise just copy it + cmds.append(['cp', manual_src, manual_output]) + + cmds.append(['touch', doc_stamp_file]) + + for cmd in cmds: + if options.dry_run: + print(' '.join(cmd)) + else: + if cmd[0] == 'cp': + assert len(cmd) == 3 + copy_files(cmd[1], cmd[2]) + elif cmd[0] == 'touch': + assert len(cmd) == 2 + touch(cmd[1]) + else: + run_and_check(cmd) + +if __name__ == '__main__': + sys.exit(main()) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 74c6a7bfb3..c81c867954 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -364,6 +364,7 @@ def main(args=None): 'src/scripts/ci_build.py', 'src/scripts/install.py', 'src/scripts/cleanup.py', + 'src/scripts/build_docs.py', 'src/scripts/website.py', 'src/scripts/python_unittests.py', 'src/scripts/python_unittests_unix.py'] diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index d246f766c6..71c59609e0 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -69,8 +69,9 @@ def main(args=None): build_dir = options.build_dir if os.access(build_dir, os.X_OK) != True: - logging.error("Unable to access build directory") - return 1 + logging.debug('No build directory found') + # No build dir: clean enough! + return 0 build_config_path = os.path.join(build_dir, 'build_config.json') build_config_str = None @@ -86,8 +87,6 @@ def main(args=None): build_config = json.loads(build_config_str) - #print(json.dumps(build_config, sort_keys=True, indent=3)) - if options.distclean: build_dir = build_config['build_dir'] remove_file(build_config['makefile_path']) @@ -97,7 +96,12 @@ def main(args=None): dir_path = build_config[dir_type] remove_all_in_dir(dir_path) - shutil.rmtree(build_config['doc_output_dir']) + try: + shutil.rmtree(build_config['doc_output_dir']) + except OSError as e: + pass + + #remove_file(build_config['doc_stamp_file']) remove_file(build_config['cli_exe']) remove_file(build_config['test_exe']) From 4cbc0b40bbb72518d9ded0f30ac26e5a96e89909 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 07:13:34 -0500 Subject: [PATCH 0287/1008] Reduce the AppVeyor build matrix Test MSVC 2013/2015 only with x86-64 Test the amalgamation under "shared" instead of "static"; on Windows for whatever reason compiling the amalgamation is much faster than compiling individual files. --- src/scripts/ci/appveyor.yml | 24 +++++------------------- src/scripts/ci_build.py | 6 ++++-- 2 files changed, 9 insertions(+), 21 deletions(-) diff --git a/src/scripts/ci/appveyor.yml b/src/scripts/ci/appveyor.yml index 26a977ad1f..aa2b22c464 100644 --- a/src/scripts/ci/appveyor.yml +++ b/src/scripts/ci/appveyor.yml @@ -1,36 +1,22 @@ -# Let's call MSVS 2017 the default compiler, 64 bit the default architecture, -# release the default configuration and --enable-shared the default mode. -# -# Build jobs -# 1. six basic builds: 32/64bit on MSVS2013/2015/2017 -# 2. MSVC2017 static lib with with amalgamation -# 3. MSVC2017 with debug/sanitizers -# 4. MSVC2015 for Windows RT (TODO) clone_depth: 5 environment: matrix: - # 1 - - MSVS: 2013 - PLATFORM: x86 - TARGET: shared - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 + # MSVC 2013 DLL x86-64 - MSVS: 2013 PLATFORM: x86_amd64 TARGET: shared APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 - - MSVS: 2015 - PLATFORM: x86 - TARGET: shared - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 + # MSVC 2015 DLL x86-64 - MSVS: 2015 PLATFORM: x86_amd64 TARGET: shared APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015 + # MSVC 2017 DLL x86-32 + x86-64 - MSVS: 2017 PLATFORM: x86 TARGET: shared @@ -40,13 +26,13 @@ environment: TARGET: shared APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2017 - # 2 + # MSVC 2017 static x86-64 - MSVS: 2017 PLATFORM: x86_amd64 TARGET: static APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2017 - # 3 + # MSVC 2017 w/debug iterators - MSVS: 2017 PLATFORM: x86_amd64 TARGET: sanitizer diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 74c6a7bfb3..9a8b2fafc8 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -71,8 +71,10 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro if target in ['mini-static', 'mini-shared']: flags += ['--minimized-build', '--enable-modules=system_rng,sha2_32,sha2_64,aes'] - if target == 'static': - # Arbitrarily test amalgamation on static lib builds + if target == 'shared': + # Enabling amalgamation build for shared is somewhat arbitrary, but we want to test it + # somewhere. In addition the majority of the Windows builds are shared, and MSVC is + # much faster compiling via the amalgamation than individual files. flags += ['--amalgamation'] if target in ['bsi', 'nist']: From 44a570bab8cb15f104687affa12e2bc85e8cdf9a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 07:17:47 -0500 Subject: [PATCH 0288/1008] Fix lint error [ci skip] --- src/scripts/cleanup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 71c59609e0..f14f6d9c17 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -98,7 +98,7 @@ def main(args=None): try: shutil.rmtree(build_config['doc_output_dir']) - except OSError as e: + except OSError: pass #remove_file(build_config['doc_stamp_file']) From 4477a88dcfa49075fa49a520c429fc1a6c0a3849 Mon Sep 17 00:00:00 2001 From: Harry Reimann Date: Mon, 4 Dec 2017 13:55:45 +0100 Subject: [PATCH 0289/1008] Add copyright statements to files modified in the preceding 2 commits --- src/lib/tls/msg_cert_verify.cpp | 1 + src/lib/tls/msg_client_hello.cpp | 1 + src/lib/tls/msg_client_kex.cpp | 1 + src/lib/tls/msg_server_hello.cpp | 1 + src/lib/tls/msg_server_kex.cpp | 1 + src/lib/tls/tls_callbacks.cpp | 1 + src/lib/tls/tls_callbacks.h | 1 + src/lib/tls/tls_client.cpp | 1 + src/lib/tls/tls_handshake_state.cpp | 1 + src/lib/tls/tls_handshake_state.h | 1 + src/lib/tls/tls_policy.cpp | 1 + src/lib/tls/tls_policy.h | 1 + src/lib/tls/tls_text_policy.cpp | 1 + src/tests/unit_tls.cpp | 1 + 14 files changed, 14 insertions(+) diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index e4b764b29f..ce7a303744 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -1,6 +1,7 @@ /* * Certificate Verify Message * (C) 2004,2006,2011,2012 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index bcd8397e8e..cde2b737aa 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -2,6 +2,7 @@ * TLS Hello Request and Client Hello Messages * (C) 2004-2011,2015,2016 Jack Lloyd * 2016 Matthias Gierlings +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 64e39a840a..0ff99462c1 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -1,6 +1,7 @@ /* * Client Key Exchange Message * (C) 2004-2010,2016 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 81f9e1f623..9eb33645b0 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -2,6 +2,7 @@ * TLS Server Hello and Server Hello Done * (C) 2004-2011,2015,2016 Jack Lloyd * 2016 Matthias Gierlings +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 4f90cc8b35..631273eb79 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -1,6 +1,7 @@ /* * Server Key Exchange Message * (C) 2004-2010,2012,2015,2016 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index b4ffc81a5d..b8f38589ee 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -1,6 +1,7 @@ /* * TLS Callbacks * (C) 2016 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index cbd514050d..4437a222a7 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -2,6 +2,7 @@ * TLS Callbacks * (C) 2016 Matthias Gierlings * 2016 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index a1b71841df..ad8fdfa2dc 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -2,6 +2,7 @@ * TLS Client * (C) 2004-2011,2012,2015,2016 Jack Lloyd * 2016 Matthias Gierlings +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 8cf16b1fc6..0fcf0d2abe 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -1,6 +1,7 @@ /* * TLS Handshaking * (C) 2004-2006,2011,2012,2015,2016 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index 2b03670f9c..437625cedd 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -1,6 +1,7 @@ /* * TLS Handshake State * (C) 2004-2006,2011,2012 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 1c6be66203..d849faf9df 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -2,6 +2,7 @@ * Policies for TLS * (C) 2004-2010,2012,2015,2016 Jack Lloyd * 2016 Christian Mainka +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index fe7e50f8dc..786cdeea87 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -1,6 +1,7 @@ /* * Hooks for application level policies on TLS connections * (C) 2004-2006,2013 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 1f93b1e0f1..97a6da31a3 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -1,6 +1,7 @@ /* * Text-Based TLS Policy * (C) 2016,2017 Jack Lloyd +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 026eeb62d4..a154d2e180 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -2,6 +2,7 @@ * (C) 2014,2015 Jack Lloyd * 2016 Matthias Gierlings * 2017 René Korthaus, Rohde & Schwarz Cybersecurity +* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ From f95c75d0b39dc2990738313591f0d3ae3174de1a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 08:05:29 -0500 Subject: [PATCH 0290/1008] Fix ReST formatting error in old chanelog entry --- news.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/news.rst b/news.rst index 371440570f..852dbd2e74 100644 --- a/news.rst +++ b/news.rst @@ -4891,11 +4891,11 @@ Version 0.7.8, 2002-02-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * More capabilities for Pipe, inspired by SysV STREAMS, including peeking, - better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION + better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION * Added a BufferingFilter class * Added popen() based EntropySource for generic Unix systems (unix_rnd) * Moved 'devrand' module into main distribution (ent_file.h), renamed to - File_EntropySource, and changed interface somewhat. + File_EntropySource, and changed interface somewhat. * Made Randpool somewhat more conservative and also 25% faster * Minor fixes and updates for the configure script * Added some tweaks for memory allocation From 6289204717f39cb7e5d292cb419afbb86af5dbab Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 09:46:42 -0500 Subject: [PATCH 0291/1008] Argh nmake doesn't know about .PHONY --- configure.py | 1 + src/build-data/makefile.in | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index b15ef4a1c3..a54d382235 100755 --- a/configure.py +++ b/configure.py @@ -2054,6 +2054,7 @@ def configure_command_line(): 'cxx': (options.compiler_binary or cc.binary_name), 'cxx_abi_flags': cc.mach_abi_link_flags(options), 'linker': cc.linker_name or '$(CXX)', + 'make_supports_phony': cc.basename != 'msvc', 'cc_lang_flags': cc.cc_lang_flags(), 'cc_compile_flags': options.cxxflags or cc.cc_compile_flags(options), diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 614e5bb555..9262bfd06a 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -42,7 +42,9 @@ docs: %{doc_stamp_file} # Misc targets -.PHONY = all cli libs tests docs clean distclean +%{if make_supports_phony} +.PHONY = all cli libs tests docs clean distclean install +%{endif} %{doc_stamp_file}: %{doc_dir}/manual/*.rst $(PYTHON_EXE) $(SCRIPTS_DIR)/build_docs.py --build-dir="%{build_dir}" From 6713f6363033ed45d7ced49c2e8cb6240334ea7a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 10:59:50 -0500 Subject: [PATCH 0292/1008] Lint fixes --- src/scripts/build_docs.py | 2 +- src/scripts/cleanup.py | 22 ++++++++++++---------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index b30e3d3e1e..c6b8e9f67d 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -48,7 +48,7 @@ def run_and_check(cmd_line): proc = subprocess.Popen(cmd_line, close_fds=True) - (stdout, stderr) = proc.communicate() + proc.communicate() if proc.returncode != 0: logging.error("Error running %s", ' '.join(cmd_line)) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index f14f6d9c17..ae2f588f54 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -43,10 +43,7 @@ def remove_all_in_dir(d): for f in os.listdir(d): remove_file(os.path.join(d, f)) -def main(args=None): - if args is None: - args = sys.argv - +def parse_options(args): parser = optparse.OptionParser() parser.add_option('--build-dir', default='build', metavar='DIR', help='specify build dir to clean (default %default)') @@ -58,14 +55,21 @@ def main(args=None): (options, args) = parser.parse_args(args) + if len(args) > 1: + raise Exception("Unknown arguments") + + return options + +def main(args=None): + if args is None: + args = sys.argv + + options = parse_options(args) + logging.basicConfig(stream=sys.stderr, format='%(levelname) 7s: %(message)s', level=logging.DEBUG if options.verbose else logging.INFO) - if len(args) > 1: - logging.error("Unknown arguments") - return 1 - build_dir = options.build_dir if os.access(build_dir, os.X_OK) != True: @@ -101,8 +105,6 @@ def main(args=None): except OSError: pass - #remove_file(build_config['doc_stamp_file']) - remove_file(build_config['cli_exe']) remove_file(build_config['test_exe']) From 697fdc8fcb7f4ada4699ccad80def4673270d133 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 14:00:47 -0500 Subject: [PATCH 0293/1008] Support uninitialized certificate objects Issued raised by @securitykernel on Slack, there was no non-hacky way to decode a list of certificate objects because creating an uninitialized one wasn't allowed. However after #884 that got much closer to being viable, this is the last pieces. --- src/lib/x509/crl_ent.cpp | 5 +- src/lib/x509/crl_ent.h | 2 +- src/lib/x509/pkcs10.cpp | 40 +++++------ src/lib/x509/pkcs10.h | 4 ++ src/lib/x509/x509_crl.cpp | 41 ++++++----- src/lib/x509/x509_crl.h | 10 +++ src/lib/x509/x509_obj.cpp | 95 +++++++++----------------- src/lib/x509/x509_obj.h | 28 ++++---- src/lib/x509/x509cert.cpp | 38 +++++------ src/lib/x509/x509cert.h | 13 +++- src/tests/data/x509/misc/cert_seq.der | Bin 0 -> 1271 bytes src/tests/unit_x509.cpp | 37 ++++++++++ 12 files changed, 177 insertions(+), 136 deletions(-) create mode 100644 src/tests/data/x509/misc/cert_seq.der diff --git a/src/lib/x509/crl_ent.cpp b/src/lib/x509/crl_ent.cpp index 61fd5d31ff..0466596613 100644 --- a/src/lib/x509/crl_ent.cpp +++ b/src/lib/x509/crl_ent.cpp @@ -109,7 +109,10 @@ void CRL_Entry::decode_from(BER_Decoder& source) const CRL_Entry_Data& CRL_Entry::data() const { if(!m_data) - throw Decoding_Error("Uninitialized CRL_Entry"); + { + throw Invalid_State("CRL_Entry_Data uninitialized"); + } + return *m_data.get(); } diff --git a/src/lib/x509/crl_ent.h b/src/lib/x509/crl_ent.h index 967dc92d29..b902eecfa9 100644 --- a/src/lib/x509/crl_ent.h +++ b/src/lib/x509/crl_ent.h @@ -71,7 +71,7 @@ class BOTAN_PUBLIC_API(2,0) CRL_Entry final : public ASN1_Object /** * Create uninitialized CRL_Entry object */ - CRL_Entry() {} + CRL_Entry() = default; /** * Construct an CRL entry. diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 82ef0945d0..a17ffeb0f6 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -23,35 +23,35 @@ struct PKCS10_Data Extensions m_extensions; }; -/* -* PKCS10_Request Constructor -*/ -PKCS10_Request::PKCS10_Request(DataSource& in) : - X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") +std::string PKCS10_Request::PEM_label() const { - do_decode(); + return "CERTIFICATE REQUEST"; } -#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) -/* -* PKCS10_Request Constructor -*/ -PKCS10_Request::PKCS10_Request(const std::string& fsname) : - X509_Object(fsname, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") +std::vector PKCS10_Request::alternate_PEM_labels() const { - do_decode(); + return { "NEW CERTIFICATE REQUEST" }; } -#endif -/* -* PKCS10_Request Constructor -*/ -PKCS10_Request::PKCS10_Request(const std::vector& in) : - X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") +PKCS10_Request::PKCS10_Request(DataSource& src) { - do_decode(); + load_data(src); } +PKCS10_Request::PKCS10_Request(const std::vector& vec) + { + DataSource_Memory src(vec.data(), vec.size()); + load_data(src); + } + +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) +PKCS10_Request::PKCS10_Request(const std::string& fsname) + { + DataSource_Stream src(fsname); + load_data(src); + } +#endif + /* * Decode the CertificateRequestInfo */ diff --git a/src/lib/x509/pkcs10.h b/src/lib/x509/pkcs10.h index abed5fa759..731402960b 100644 --- a/src/lib/x509/pkcs10.h +++ b/src/lib/x509/pkcs10.h @@ -110,6 +110,10 @@ class BOTAN_PUBLIC_API(2,0) PKCS10_Request final : public X509_Object */ explicit PKCS10_Request(const std::vector& vec); private: + std::string PEM_label() const override; + + std::vector alternate_PEM_labels() const override; + void force_decode() override; const PKCS10_Data& data() const; diff --git a/src/lib/x509/x509_crl.cpp b/src/lib/x509/x509_crl.cpp index 4a6c4249ae..4fa5df44f6 100644 --- a/src/lib/x509/x509_crl.cpp +++ b/src/lib/x509/x509_crl.cpp @@ -25,31 +25,34 @@ struct CRL_Data std::vector m_auth_key_id; }; -/* -* Load a X.509 CRL -*/ -X509_CRL::X509_CRL(DataSource& in) : - X509_Object(in, "X509 CRL/CRL") +std::string X509_CRL::PEM_label() const { - do_decode(); + return "X509 CRL"; } -#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) -/* -* Load a X.509 CRL -*/ -X509_CRL::X509_CRL(const std::string& fsname) : - X509_Object(fsname, "CRL/X509 CRL") +std::vector X509_CRL::alternate_PEM_labels() const { - do_decode(); + return { "CRL" }; + } + +X509_CRL::X509_CRL(DataSource& src) + { + load_data(src); + } + +X509_CRL::X509_CRL(const std::vector& vec) + { + DataSource_Memory src(vec.data(), vec.size()); + load_data(src); } -#endif -X509_CRL::X509_CRL(const std::vector& in) : - X509_Object(in, "CRL/X509 CRL") +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) +X509_CRL::X509_CRL(const std::string& fsname) { - do_decode(); + DataSource_Stream src(fsname); + load_data(src); } +#endif X509_CRL::X509_CRL(const X509_DN& issuer, const X509_Time& this_update, @@ -174,7 +177,9 @@ void X509_CRL::force_decode() const CRL_Data& X509_CRL::data() const { if(!m_data) - throw Decoding_Error("Error decoding X509 CRL"); + { + throw Invalid_State("X509_CRL uninitialized"); + } return *m_data.get(); } diff --git a/src/lib/x509/x509_crl.h b/src/lib/x509/x509_crl.h index 7c510712ac..fb8307d5a3 100644 --- a/src/lib/x509/x509_crl.h +++ b/src/lib/x509/x509_crl.h @@ -82,6 +82,12 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object */ const X509_Time& next_update() const; + /** + * Create an uninitialized CRL object. Any attempts to access + * this object will throw an exception. + */ + X509_CRL() = default; + /** * Construct a CRL from a data source. * @param source the data source providing the DER or PEM encoded CRL. @@ -113,6 +119,10 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object const X509_Time& nextUpdate, const std::vector& revoked); private: + std::string PEM_label() const override; + + std::vector alternate_PEM_labels() const override; + void force_decode() override; const CRL_Data& data() const; diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index dad27d6ff4..019bac0b11 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -46,46 +46,11 @@ Pss_params decode_pss_params(const std::vector& encoded_pss_params) } } -/* -* Create a generic X.509 object -*/ -X509_Object::X509_Object(DataSource& stream, const std::string& labels) - { - init(stream, labels); - } - -#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) -/* -* Create a generic X.509 object -*/ -X509_Object::X509_Object(const std::string& file, const std::string& labels) - { - DataSource_Stream stream(file, true); - init(stream, labels); - } -#endif - -/* -* Create a generic X.509 object -*/ -X509_Object::X509_Object(const std::vector& vec, const std::string& labels) - { - DataSource_Memory stream(vec.data(), vec.size()); - init(stream, labels); - } - /* * Read a PEM or BER X.509 object */ -void X509_Object::init(DataSource& in, const std::string& labels) +void X509_Object::load_data(DataSource& in) { - m_PEM_labels_allowed = split_on(labels, '/'); - if(m_PEM_labels_allowed.size() < 1) - throw Invalid_Argument("Bad labels argument to X509_Object"); - - m_PEM_label_pref = m_PEM_labels_allowed[0]; - std::sort(m_PEM_labels_allowed.begin(), m_PEM_labels_allowed.end()); - try { if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) { @@ -97,9 +62,21 @@ void X509_Object::init(DataSource& in, const std::string& labels) std::string got_label; DataSource_Memory ber(PEM_Code::decode(in, got_label)); - if(!std::binary_search(m_PEM_labels_allowed.begin(), - m_PEM_labels_allowed.end(), got_label)) - throw Decoding_Error("Invalid PEM label: " + got_label); + if(got_label != PEM_label()) + { + bool is_alternate = false; + for(std::string alt_label : alternate_PEM_labels()) + { + if(got_label == alt_label) + { + is_alternate = true; + break; + } + } + + if(!is_alternate) + throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label); + } BER_Decoder dec(ber); decode_from(dec); @@ -107,7 +84,7 @@ void X509_Object::init(DataSource& in, const std::string& labels) } catch(Decoding_Error& e) { - throw Decoding_Error(m_PEM_label_pref + " decoding failed: " + e.what()); + throw Decoding_Error(PEM_label() + " decoding failed: " + e.what()); } } @@ -135,6 +112,18 @@ void X509_Object::decode_from(BER_Decoder& from) .decode(m_sig_algo) .decode(m_sig, BIT_STRING) .end_cons(); + + try { + force_decode(); + } + catch(Decoding_Error& e) + { + throw Decoding_Error(PEM_label() + " decoding failed", e.what()); + } + catch(Invalid_Argument& e) + { + throw Decoding_Error(PEM_label() + " decoding failed", e.what()); + } } /* @@ -152,7 +141,7 @@ std::vector X509_Object::BER_encode() const */ std::string X509_Object::PEM_encode() const { - return PEM_Code::encode(BER_encode(), m_PEM_label_pref); + return PEM_Code::encode(BER_encode(), PEM_label()); } /* @@ -199,7 +188,7 @@ std::string X509_Object::hash_used_for_signature() const bool X509_Object::check_signature(const Public_Key* pub_key) const { if(!pub_key) - throw Exception("No key provided for " + m_PEM_label_pref + " signature check"); + throw Exception("No key provided for " + PEM_label() + " signature check"); std::unique_ptr key(pub_key); return check_signature(*key); } @@ -280,31 +269,15 @@ std::vector X509_Object::make_signed(PK_Signer* signer, const AlgorithmIdentifier& algo, const secure_vector& tbs_bits) { + const std::vector signature = signer->sign_message(tbs_bits, rng); + return DER_Encoder() .start_cons(SEQUENCE) .raw_bytes(tbs_bits) .encode(algo) - .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) + .encode(signature, BIT_STRING) .end_cons() .get_contents_unlocked(); } -/* -* Try to decode the actual information -*/ -void X509_Object::do_decode() - { - try { - force_decode(); - } - catch(Decoding_Error& e) - { - throw Decoding_Error(m_PEM_label_pref + " decoding failed", e.what()); - } - catch(Invalid_Argument& e) - { - throw Decoding_Error(m_PEM_label_pref + " decoding failed", e.what()); - } - } - } diff --git a/src/lib/x509/x509_obj.h b/src/lib/x509/x509_obj.h index 720cd1a393..c9ff0f7618 100644 --- a/src/lib/x509/x509_obj.h +++ b/src/lib/x509/x509_obj.h @@ -18,8 +18,8 @@ class Public_Key; class RandomNumberGenerator; /** -* This class represents abstract X.509 signed objects as -* in the X.500 SIGNED macro +* This class represents abstract X.509 signed objects as in the X.500 +* SIGNED macro */ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object { @@ -102,26 +102,28 @@ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object X509_Object(const X509_Object&) = default; X509_Object& operator=(const X509_Object&) = default; + + virtual std::string PEM_label() const = 0; + + virtual std::vector alternate_PEM_labels() const + { return std::vector(); } + virtual ~X509_Object() = default; protected: - X509_Object(DataSource& src, const std::string& pem_labels); - X509_Object(const std::vector& vec, const std::string& labels); - -#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) - X509_Object(const std::string& file, const std::string& pem_labels); -#endif - void do_decode(); X509_Object() = default; + /** + * Decodes from src as either DER or PEM data, then calls force_decode() + */ + void load_data(DataSource& src); + private: virtual void force_decode() = 0; - void init(DataSource&, const std::string&); AlgorithmIdentifier m_sig_algo; - std::vector m_tbs_bits, m_sig; - std::vector m_PEM_labels_allowed; - std::string m_PEM_label_pref; + std::vector m_tbs_bits; + std::vector m_sig; }; } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index ca1fe8e3c4..35dbd4c38e 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -60,32 +60,32 @@ struct X509_Certificate_Data Data_Store m_issuer_ds; }; -/* -* X509_Certificate Constructor -*/ -X509_Certificate::X509_Certificate(DataSource& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") +std::string X509_Certificate::PEM_label() const { - do_decode(); + return "CERTIFICATE"; } -/* -* X509_Certificate Constructor -*/ -X509_Certificate::X509_Certificate(const std::vector& in) : - X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") +std::vector X509_Certificate::alternate_PEM_labels() const + { + return { "X509 CERTIFICATE" }; + } + +X509_Certificate::X509_Certificate(DataSource& src) + { + load_data(src); + } + +X509_Certificate::X509_Certificate(const std::vector& vec) { - do_decode(); + DataSource_Memory src(vec.data(), vec.size()); + load_data(src); } #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) -/* -* X509_Certificate Constructor -*/ -X509_Certificate::X509_Certificate(const std::string& fsname) : - X509_Object(fsname, "CERTIFICATE/X509 CERTIFICATE") +X509_Certificate::X509_Certificate(const std::string& fsname) { - do_decode(); + DataSource_Stream src(fsname); + load_data(src); } #endif @@ -302,7 +302,7 @@ const X509_Certificate_Data& X509_Certificate::data() const { if(m_data == nullptr) { - throw Decoding_Error("Failed to parse X509 certificate"); + throw Invalid_State("X509_Certificate uninitialized"); } return *m_data.get(); } diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 3b35c65756..dc32e70c19 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -395,15 +395,22 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ explicit X509_Certificate(const std::vector& in); + /** + * Create an uninitialized certificate object. Any attempts to + * access this object will throw an exception. + */ + X509_Certificate() = default; + X509_Certificate(const X509_Certificate& other) = default; X509_Certificate& operator=(const X509_Certificate& other) = default; private: - void force_decode() override; - friend class X509_CA; + std::string PEM_label() const override; - X509_Certificate() = default; + std::vector alternate_PEM_labels() const override; + + void force_decode() override; const X509_Certificate_Data& data() const; diff --git a/src/tests/data/x509/misc/cert_seq.der b/src/tests/data/x509/misc/cert_seq.der new file mode 100644 index 0000000000000000000000000000000000000000..4d93ccaff1ae35c9ebe336dd4c4c8aa8345f70ec GIT binary patch literal 1271 zcmXqLV)<;)#8hk0#Q1ChGZP~d6QipEFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgF zU_%K5F%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%)Lf^(e~K%%~B43OZ?|uGbjy^VhF5s?l=}%x;L;ol$sL z`NOnz>;Fdh2RxWl8=fQ0QaMNM%S_|-VcQFfPsp*gC$YX~eK=+7-0Q6yCP~c~d3nm9gi89~}MbUw?V~qT5^hJt}KFzUEd|R_@PQb*i%>L`Qyw`2AO=PnB+d z&|T{i`A&j8*KEz9{Y>el2E|LFCu@9@$mn@FUq>V6ZQ}H!ClZoOeB^y?jWS&YUcUAa zTl`M{-zvRd(`SA5KN9x0$>jLoHE;eL_k|=uD+3GE6vz4iDaA#{A9PW>clRtxii0OZ z)ba$B;%sJ^JzDpH)1N6U##Q%3M)mH(HlG8_TzwSgyZvN&zINf^`3^I^S1&Ko<~)3I zwaRVNm3asRfw p+;O0I*8; certs; + dec.decode_list(certs); + + result.test_eq("Expected number of certs in list", certs.size(), 2); + + result.test_eq("Expected cert 1 CN", certs[0].subject_dn().get_first_attribute("CN"), "CA1-PP.01.02"); + result.test_eq("Expected cert 2 CN", certs[1].subject_dn().get_first_attribute("CN"), "User1-PP.01.02"); + + return result; + } + using Botan::Key_Constraints; @@ -1250,6 +1285,8 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_x509_utf8()); results.push_back(test_x509_bmpstring()); results.push_back(test_crl_dn_name()); + results.push_back(test_x509_uninit()); + results.push_back(test_x509_decode_list()); return results; } From 5022191613a44f6d603294abfa79b2faf5a175ed Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 15:57:31 -0500 Subject: [PATCH 0294/1008] Need binary IO for Windows --- src/lib/x509/pkcs10.cpp | 2 +- src/lib/x509/x509_crl.cpp | 2 +- src/lib/x509/x509_obj.cpp | 12 +----------- src/lib/x509/x509cert.cpp | 2 +- src/tests/unit_x509.cpp | 2 +- 5 files changed, 5 insertions(+), 15 deletions(-) diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index a17ffeb0f6..1f7e915ff0 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -47,7 +47,7 @@ PKCS10_Request::PKCS10_Request(const std::vector& vec) #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) PKCS10_Request::PKCS10_Request(const std::string& fsname) { - DataSource_Stream src(fsname); + DataSource_Stream src(fsname, true); load_data(src); } #endif diff --git a/src/lib/x509/x509_crl.cpp b/src/lib/x509/x509_crl.cpp index 4fa5df44f6..a739d2f60e 100644 --- a/src/lib/x509/x509_crl.cpp +++ b/src/lib/x509/x509_crl.cpp @@ -49,7 +49,7 @@ X509_CRL::X509_CRL(const std::vector& vec) #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) X509_CRL::X509_CRL(const std::string& fsname) { - DataSource_Stream src(fsname); + DataSource_Stream src(fsname, true); load_data(src); } #endif diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 019bac0b11..4450df7bba 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -113,17 +113,7 @@ void X509_Object::decode_from(BER_Decoder& from) .decode(m_sig, BIT_STRING) .end_cons(); - try { - force_decode(); - } - catch(Decoding_Error& e) - { - throw Decoding_Error(PEM_label() + " decoding failed", e.what()); - } - catch(Invalid_Argument& e) - { - throw Decoding_Error(PEM_label() + " decoding failed", e.what()); - } + force_decode(); } /* diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 35dbd4c38e..acd6b33624 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -84,7 +84,7 @@ X509_Certificate::X509_Certificate(const std::vector& vec) #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) X509_Certificate::X509_Certificate(const std::string& fsname) { - DataSource_Stream src(fsname); + DataSource_Stream src(fsname, true); load_data(src); } #endif diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 5fbea2f4f2..da5439a05e 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -776,7 +776,7 @@ Test::Result test_x509_decode_list() { Test::Result result("X509_Certificate list decode"); - Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der")); + Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der"), true); Botan::BER_Decoder dec(input); std::vector certs; From e5f39dd483a08accc8a12e8b322a48037c5b3bf4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 15:58:11 -0500 Subject: [PATCH 0295/1008] Better debug output in date conversion tests [ci skip] --- src/tests/test_utils.cpp | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index d102a3e468..b8df9c270b 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -266,19 +266,20 @@ class Date_Format_Tests final : public Text_Based_Test Test::Result run_one_test(const std::string& type, const VarMap& vars) override { + const std::string date_str = get_req_str(vars, "Date"); Test::Result result("Date parsing"); - const std::vector d = parse_date(get_req_str(vars, "Date")); + const std::vector d = parse_date(date_str); if(type == "valid" || type == "valid.not_std" || type == "valid.64_bit_time_t") { Botan::calendar_point c(d[0], d[1], d[2], d[3], d[4], d[5]); - result.test_is_eq("year", c.year, d[0]); - result.test_is_eq("month", c.month, d[1]); - result.test_is_eq("day", c.day, d[2]); - result.test_is_eq("hour", c.hour, d[3]); - result.test_is_eq("minute", c.minutes, d[4]); - result.test_is_eq("second", c.seconds, d[5]); + result.test_is_eq(date_str + " year", c.year, d[0]); + result.test_is_eq(date_str + " month", c.month, d[1]); + result.test_is_eq(date_str + " day", c.day, d[2]); + result.test_is_eq(date_str + " hour", c.hour, d[3]); + result.test_is_eq(date_str + " minute", c.minutes, d[4]); + result.test_is_eq(date_str + " second", c.seconds, d[5]); if(type == "valid.not_std" || (type == "valid.64_bit_time_t" && c.year > 2037 && sizeof(std::time_t) == 4)) { @@ -287,12 +288,12 @@ class Date_Format_Tests final : public Text_Based_Test else { Botan::calendar_point c2 = Botan::calendar_value(c.to_std_timepoint()); - result.test_is_eq("year", c2.year, d[0]); - result.test_is_eq("month", c2.month, d[1]); - result.test_is_eq("day", c2.day, d[2]); - result.test_is_eq("hour", c2.hour, d[3]); - result.test_is_eq("minute", c2.minutes, d[4]); - result.test_is_eq("second", c2.seconds, d[5]); + result.test_is_eq(date_str + " year", c2.year, d[0]); + result.test_is_eq(date_str + " month", c2.month, d[1]); + result.test_is_eq(date_str + " day", c2.day, d[2]); + result.test_is_eq(date_str + " hour", c2.hour, d[3]); + result.test_is_eq(date_str + " minute", c2.minutes, d[4]); + result.test_is_eq(date_str + " second", c2.seconds, d[5]); } } else if(type == "invalid") From f82ee841f719926e91eb4a5533c964821f08488d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 16:58:19 -0500 Subject: [PATCH 0296/1008] Simplify date conversion by avoiding OS utilities We have to rely on non-portable OS calls to convert UTC times, and they are not available on many systems (including Solaris and MinGW). But instead there is a simple algorithm due to Howard Hinnant that does the same job. Woo. --- doc/manual/deprecated.rst | 2 + src/build-data/os/cygwin.txt | 1 - src/build-data/os/darwin.txt | 1 - src/build-data/os/freebsd.txt | 1 - src/build-data/os/ios.txt | 1 - src/build-data/os/linux.txt | 1 - src/build-data/os/mingw.txt | 1 - src/build-data/os/netbsd.txt | 1 - src/build-data/os/openbsd.txt | 1 - src/build-data/os/windows.txt | 1 - src/build-data/os/winphone.txt | 1 - src/lib/asn1/asn1_time.cpp | 12 +-- src/lib/utils/boost/info.txt | 1 - src/lib/utils/calendar.cpp | 139 +++++++++------------------------ src/lib/utils/calendar.h | 26 ++++-- src/tests/test_utils.cpp | 28 +++---- 16 files changed, 77 insertions(+), 141 deletions(-) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 8cfe7e590a..a7dc4bf123 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -55,3 +55,5 @@ in the source. - All built in MODP groups < 2048 bits - All pre-created DSA groups + +- Directly accessing the member variables of calendar_point diff --git a/src/build-data/os/cygwin.txt b/src/build-data/os/cygwin.txt index a1234dc132..06f6d60f84 100644 --- a/src/build-data/os/cygwin.txt +++ b/src/build-data/os/cygwin.txt @@ -12,7 +12,6 @@ doc_dir docs gettimeofday -timegm readdir threads filesystem diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index 41716e21ab..6568a9783b 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -20,7 +20,6 @@ memset_s readdir sockets threads -timegm diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt index 0e60abd2e7..fb869dfd07 100644 --- a/src/build-data/os/freebsd.txt +++ b/src/build-data/os/freebsd.txt @@ -9,7 +9,6 @@ posix_mlock gmtime_r dlopen readdir -timegm sockets threads filesystem diff --git a/src/build-data/os/ios.txt b/src/build-data/os/ios.txt index ddd283cd93..96ac73721e 100644 --- a/src/build-data/os/ios.txt +++ b/src/build-data/os/ios.txt @@ -16,7 +16,6 @@ memset_s readdir sockets threads -timegm diff --git a/src/build-data/os/linux.txt b/src/build-data/os/linux.txt index 59f995fc2e..80ea3e63a5 100644 --- a/src/build-data/os/linux.txt +++ b/src/build-data/os/linux.txt @@ -10,7 +10,6 @@ gmtime_r dlopen getauxval readdir -timegm sockets threads filesystem diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index bf4333ec00..8d4e94249c 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -19,7 +19,6 @@ mingw32 cryptgenrandom loadlibrary -mkgmtime win32_virtual_lock win32_get_systemtime threads diff --git a/src/build-data/os/netbsd.txt b/src/build-data/os/netbsd.txt index 4c82e62399..50d97fd8f1 100644 --- a/src/build-data/os/netbsd.txt +++ b/src/build-data/os/netbsd.txt @@ -9,7 +9,6 @@ posix_mlock gmtime_r dlopen readdir -timegm threads filesystem diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt index 5c7ff32598..b858d497ca 100644 --- a/src/build-data/os/openbsd.txt +++ b/src/build-data/os/openbsd.txt @@ -13,7 +13,6 @@ posix_mlock gmtime_r dlopen readdir -timegm sockets threads filesystem diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index 898dfc65f9..639b0512d1 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -20,7 +20,6 @@ doc_dir docs cryptgenrandom gmtime_s loadlibrary -mkgmtime query_perf_counter virtual_lock rtlsecurezeromemory diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt index bedcc9d2c2..0b0318fed9 100644 --- a/src/build-data/os/winphone.txt +++ b/src/build-data/os/winphone.txt @@ -13,7 +13,6 @@ doc_dir docs crypto_ng gmtime_s loadlibrary -mkgmtime query_perf_counter rtlsecurezeromemory #stl_filesystem_msvc diff --git a/src/lib/asn1/asn1_time.cpp b/src/lib/asn1/asn1_time.cpp index f6a0c414e8..daa0c4e7d5 100644 --- a/src/lib/asn1/asn1_time.cpp +++ b/src/lib/asn1/asn1_time.cpp @@ -20,12 +20,12 @@ X509_Time::X509_Time(const std::chrono::system_clock::time_point& time) { calendar_point cal = calendar_value(time); - m_year = cal.year; - m_month = cal.month; - m_day = cal.day; - m_hour = cal.hour; - m_minute = cal.minutes; - m_second = cal.seconds; + m_year = cal.get_year(); + m_month = cal.get_month(); + m_day = cal.get_day(); + m_hour = cal.get_hour(); + m_minute = cal.get_minutes(); + m_second = cal.get_seconds(); m_tag = (m_year >= 2050) ? GENERALIZED_TIME : UTC_TIME; } diff --git a/src/lib/utils/boost/info.txt b/src/lib/utils/boost/info.txt index c12b99a28d..d544211471 100644 --- a/src/lib/utils/boost/info.txt +++ b/src/lib/utils/boost/info.txt @@ -1,7 +1,6 @@ BOOST_FILESYSTEM -> 20131228 BOOST_ASIO -> 20131228 -BOOST_DATETIME -> 20150720 load_on vendor diff --git a/src/lib/utils/calendar.cpp b/src/lib/utils/calendar.cpp index db933e648f..d39e52823e 100644 --- a/src/lib/utils/calendar.cpp +++ b/src/lib/utils/calendar.cpp @@ -1,6 +1,6 @@ /* * Calendar Functions -* (C) 1999-2010 Jack Lloyd +* (C) 1999-2010,2017 Jack Lloyd * (C) 2015 Simon Warta (Kullo GmbH) * * Botan is released under the Simplified BSD License (see license.txt) @@ -11,13 +11,8 @@ #include #include #include -#include #include -#if defined(BOTAN_HAS_BOOST_DATETIME) -#include -#endif - namespace Botan { namespace { @@ -40,119 +35,57 @@ std::tm do_gmtime(std::time_t time_val) return tm; } -#if !defined(BOTAN_TARGET_OS_HAS_TIMEGM) && !(defined(BOTAN_TARGET_OS_HAS_MKGMTIME) && defined(BOTAN_BUILD_COMPILER_IS_MSVC)) +/* +Portable replacement for timegm, _mkgmtime, etc -#if defined(BOTAN_HAS_BOOST_DATETIME) +Algorithm due to Howard Hinnant -std::time_t boost_timegm(std::tm *tm) +See https://howardhinnant.github.io/date_algorithms.html#days_from_civil +for details and explaination. The code is slightly simplified by our assumption +that the date is at least 1970, which is sufficient for our purposes. +*/ +size_t days_since_epoch(uint32_t year, uint32_t month, uint32_t day) { - const int sec = tm->tm_sec; - const int min = tm->tm_min; - const int hour = tm->tm_hour; - const int day = tm->tm_mday; - const int mon = tm->tm_mon + 1; - const int year = tm->tm_year + 1900; - - using namespace boost::posix_time; - using namespace boost::gregorian; - const auto epoch = ptime(date(1970, 01, 01)); - const auto time = ptime(date(year, mon, day), - hours(hour) + minutes(min) + seconds(sec)); - const time_duration diff(time - epoch); - std::time_t out = diff.ticks() / diff.ticks_per_second(); - - return out; + if(month <= 2) + year -= 1; + const uint32_t era = year / 400; + const uint32_t yoe = year - era * 400; // [0, 399] + const uint32_t doy = (153*(month + (month > 2 ? -3 : 9)) + 2)/5 + day-1; // [0, 365] + const uint32_t doe = yoe * 365 + yoe/4 - yoe/100 + doy; // [0, 146096] + return era * 146097 + doe - 719468; } -#elif defined(BOTAN_OS_TYPE_IS_UNIX) - -#pragma message "Caution! A fallback version of timegm() is used which is not thread-safe" - -mutex_type ENV_TZ; +} -std::time_t fallback_timegm(std::tm *tm) +std::chrono::system_clock::time_point calendar_point::to_std_timepoint() const { - std::time_t out; - std::string tz_backup; - - ENV_TZ.lock(); - - // Store current value of env variable TZ - const char* tz_env_pointer = ::getenv("TZ"); - if (tz_env_pointer != nullptr) - tz_backup = std::string(tz_env_pointer); - - // Clear value of TZ - ::setenv("TZ", "", 1); - ::tzset(); + if(get_year() < 1970) + throw Invalid_Argument("calendar_point::to_std_timepoint() does not support years before 1970"); - out = ::mktime(tm); - - // Restore TZ - if (!tz_backup.empty()) + // 32 bit time_t ends at January 19, 2038 + // https://msdn.microsoft.com/en-us/library/2093ets1.aspx + // Throw after 2037 if 32 bit time_t is used + if(get_year() > 2037 && sizeof(std::time_t) == 4) { - // setenv makes a copy of the second argument - ::setenv("TZ", tz_backup.data(), 1); + throw Invalid_Argument("calendar_point::to_std_timepoint() does not support years after 2037 on this system"); } - else + else if(get_year() >= 2400) { - ::unsetenv("TZ"); + // This upper bound is somewhat arbitrary + throw Invalid_Argument("calendar_point::to_std_timepoint() does not support years after 2400"); } - ::tzset(); - - ENV_TZ.unlock(); - return out; -} -#endif // BOTAN_HAS_BOOST_DATETIME + const uint64_t seconds_64 = (days_since_epoch(get_year(), get_month(), get_day()) * 86400) + + (get_hour() * 60 * 60) + (get_minutes() * 60) + get_seconds(); -#endif + const time_t seconds_time_t = static_cast(seconds_64); -} - -std::chrono::system_clock::time_point calendar_point::to_std_timepoint() const - { - if (year < 1970) - throw Invalid_Argument("calendar_point::to_std_timepoint() does not support years before 1970."); - - // 32 bit time_t ends at January 19, 2038 - // https://msdn.microsoft.com/en-us/library/2093ets1.aspx - // Throw after 2037 if 32 bit time_t is used - if (year > 2037 && sizeof(std::time_t) == 4) + if(seconds_64 - seconds_time_t != 0) { - throw Invalid_Argument("calendar_point::to_std_timepoint() does not support years after 2037."); + throw Invalid_Argument("calendar_point::to_std_timepoint time_t overflow"); } - // std::tm: struct without any timezone information - std::tm tm; - tm.tm_isdst = -1; // i.e. no DST information available - tm.tm_sec = seconds; - tm.tm_min = minutes; - tm.tm_hour = hour; - tm.tm_mday = day; - tm.tm_mon = month - 1; - tm.tm_year = year - 1900; - - // Define a function alias `botan_timegm` - #if defined(BOTAN_TARGET_OS_HAS_TIMEGM) - std::time_t (&botan_timegm)(std::tm *tm) = ::timegm; - #elif defined(BOTAN_TARGET_OS_HAS_MKGMTIME) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) - // https://stackoverflow.com/questions/16647819/timegm-cross-platform - std::time_t (&botan_timegm)(std::tm *tm) = ::_mkgmtime; - #elif defined(BOTAN_HAS_BOOST_DATETIME) - std::time_t (&botan_timegm)(std::tm *tm) = boost_timegm; - #elif defined(BOTAN_OS_TYPE_IS_UNIX) - std::time_t (&botan_timegm)(std::tm *tm) = fallback_timegm; - #else - std::time_t (&botan_timegm)(std::tm *tm) = ::mktime; // localtime instead... - #endif - - // Convert std::tm to std::time_t - std::time_t tt = botan_timegm(&tm); - if (tt == -1) - throw Invalid_Argument("calendar_point couldn't be converted: " + to_string()); - - return std::chrono::system_clock::from_time_t(tt); + return std::chrono::system_clock::from_time_t(seconds_time_t); } std::string calendar_point::to_string() const @@ -162,9 +95,9 @@ std::string calendar_point::to_string() const { using namespace std; output << setfill('0') - << setw(4) << year << "-" << setw(2) << month << "-" << setw(2) << day + << setw(4) << get_year() << "-" << setw(2) << get_month() << "-" << setw(2) << get_day() << "T" - << setw(2) << hour << ":" << setw(2) << minutes << ":" << setw(2) << seconds; + << setw(2) << get_hour() << ":" << setw(2) << get_minutes() << ":" << setw(2) << get_seconds(); } return output.str(); } diff --git a/src/lib/utils/calendar.h b/src/lib/utils/calendar.h index 665022599b..3f6952524a 100644 --- a/src/lib/utils/calendar.h +++ b/src/lib/utils/calendar.h @@ -21,25 +21,26 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) calendar_point { public: + /** The year */ - uint32_t year; + uint32_t get_year() const { return year; } /** The month, 1 through 12 for Jan to Dec */ - uint32_t month; + uint32_t get_month() const { return month; } /** The day of the month, 1 through 31 (or 28 or 30 based on month */ - uint32_t day; + uint32_t get_day() const { return day; } /** Hour in 24-hour form, 0 to 23 */ - uint32_t hour; + uint32_t get_hour() const { return hour; } /** Minutes in the hour, 0 to 60 */ - uint32_t minutes; + uint32_t get_minutes() const { return minutes; } /** Seconds in the minute, 0 to 60, but might be slightly - larger to deal with leap seconds on some systems + larger to deal with leap seconds on some systems */ - uint32_t seconds; + uint32_t get_seconds() const { return seconds; } /** * Initialize a calendar_point @@ -63,6 +64,17 @@ class BOTAN_PUBLIC_API(2,0) calendar_point * Formatting might change over time. Currently it is RFC339 'iso-date-time'. */ std::string to_string() const; + + /* + The member variables are public for historical reasons. Use the get_xxx() functions + defined above. These members will be made private in a future major release. + */ + uint32_t year; + uint32_t month; + uint32_t day; + uint32_t hour; + uint32_t minutes; + uint32_t seconds; }; /** diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index b8df9c270b..3c4accab2d 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -274,26 +274,26 @@ class Date_Format_Tests final : public Text_Based_Test if(type == "valid" || type == "valid.not_std" || type == "valid.64_bit_time_t") { Botan::calendar_point c(d[0], d[1], d[2], d[3], d[4], d[5]); - result.test_is_eq(date_str + " year", c.year, d[0]); - result.test_is_eq(date_str + " month", c.month, d[1]); - result.test_is_eq(date_str + " day", c.day, d[2]); - result.test_is_eq(date_str + " hour", c.hour, d[3]); - result.test_is_eq(date_str + " minute", c.minutes, d[4]); - result.test_is_eq(date_str + " second", c.seconds, d[5]); - - if(type == "valid.not_std" || (type == "valid.64_bit_time_t" && c.year > 2037 && sizeof(std::time_t) == 4)) + result.test_is_eq(date_str + " year", c.get_year(), d[0]); + result.test_is_eq(date_str + " month", c.get_month(), d[1]); + result.test_is_eq(date_str + " day", c.get_day(), d[2]); + result.test_is_eq(date_str + " hour", c.get_hour(), d[3]); + result.test_is_eq(date_str + " minute", c.get_minutes(), d[4]); + result.test_is_eq(date_str + " second", c.get_seconds(), d[5]); + + if(type == "valid.not_std" || (type == "valid.64_bit_time_t" && c.get_year() > 2037 && sizeof(std::time_t) == 4)) { result.test_throws("valid but out of std::timepoint range", [c]() { c.to_std_timepoint(); }); } else { Botan::calendar_point c2 = Botan::calendar_value(c.to_std_timepoint()); - result.test_is_eq(date_str + " year", c2.year, d[0]); - result.test_is_eq(date_str + " month", c2.month, d[1]); - result.test_is_eq(date_str + " day", c2.day, d[2]); - result.test_is_eq(date_str + " hour", c2.hour, d[3]); - result.test_is_eq(date_str + " minute", c2.minutes, d[4]); - result.test_is_eq(date_str + " second", c2.seconds, d[5]); + result.test_is_eq(date_str + " year", c2.get_year(), d[0]); + result.test_is_eq(date_str + " month", c2.get_month(), d[1]); + result.test_is_eq(date_str + " day", c2.get_day(), d[2]); + result.test_is_eq(date_str + " hour", c2.get_hour(), d[3]); + result.test_is_eq(date_str + " minute", c2.get_minutes(), d[4]); + result.test_is_eq(date_str + " second", c2.get_seconds(), d[5]); } } else if(type == "invalid") From 26b13bf4662f8ccbf35295f77cb3b3d482c0e1e1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 4 Dec 2017 17:07:23 -0500 Subject: [PATCH 0297/1008] Remove use of "using namespace std" --- src/lib/asn1/asn1_time.cpp | 18 ++++++++++-------- src/lib/utils/calendar.cpp | 14 +++++++------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/src/lib/asn1/asn1_time.cpp b/src/lib/asn1/asn1_time.cpp index daa0c4e7d5..aca7fdca06 100644 --- a/src/lib/asn1/asn1_time.cpp +++ b/src/lib/asn1/asn1_time.cpp @@ -97,14 +97,16 @@ std::string X509_Time::readable_string() const // desired format: "%04d/%02d/%02d %02d:%02d:%02d UTC" std::stringstream output; - { - using namespace std; - output << setfill('0') - << setw(4) << m_year << "/" << setw(2) << m_month << "/" << setw(2) << m_day - << " " - << setw(2) << m_hour << ":" << setw(2) << m_minute << ":" << setw(2) << m_second - << " UTC"; - } + output << std::setfill('0') + << std::setw(4) << m_year << "/" + << std::setw(2) << m_month << "/" + << std::setw(2) << m_day + << " " + << std::setw(2) << m_hour << ":" + << std::setw(2) << m_minute << ":" + << std::setw(2) << m_second + << " UTC"; + return output.str(); } diff --git a/src/lib/utils/calendar.cpp b/src/lib/utils/calendar.cpp index d39e52823e..e902e411da 100644 --- a/src/lib/utils/calendar.cpp +++ b/src/lib/utils/calendar.cpp @@ -92,13 +92,13 @@ std::string calendar_point::to_string() const { // desired format: --
T:: std::stringstream output; - { - using namespace std; - output << setfill('0') - << setw(4) << get_year() << "-" << setw(2) << get_month() << "-" << setw(2) << get_day() - << "T" - << setw(2) << get_hour() << ":" << setw(2) << get_minutes() << ":" << setw(2) << get_seconds(); - } + output << std::setfill('0') + << std::setw(4) << get_year() << "-" + << std::setw(2) << get_month() << "-" + << std::setw(2) << get_day() << "T" + << std::setw(2) << get_hour() << ":" + << std::setw(2) << get_minutes() << ":" + << std::setw(2) << get_seconds(); return output.str(); } From 13e46150a52f89360deee133aa59ddf53c062e13 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 5 Dec 2017 12:44:49 -0500 Subject: [PATCH 0298/1008] Update news --- news.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 798f13d3e1..2adc90249b 100644 --- a/news.rst +++ b/news.rst @@ -22,6 +22,8 @@ Version 2.4.0, Not Yet Released * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) +* XMSS signatures now are multithreaded for improved performance (GH #1267) + * Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows using a DH key exchange with a group greater than 4096 bits. (GH #1316) @@ -69,6 +71,9 @@ Version 2.4.0, Not Yet Released character. In addition, UCS-4 strings are now supported. (GH #1113 #1250 #1287 #1289) +* It is now possible to create an uninitialized X509_Certificate object. Such an + object will throw if any attempt to access its members is made. (GH #1335) + * In BER decoder, avoid unbounded stack recursion when parsing nested indefinite length values. Now at most 16 nested indefinite length values are accepted, anything deeper resulting in a decoding error. (GH #1304 OSS-Fuzz 4353). @@ -87,6 +92,13 @@ Version 2.4.0, Not Yet Released decryption of TLS CBC ciphertexts, and improves performance especially when using AES hardware support. (GH #1269) +* Add callbacks to make it possible for an application using TLS to provide + custom implementations of signature schemes, eg when offloading the + computations to another device. (GH #1332) + +* Use a direct calculation for calender computations instead of relying on + non-portable operating system interfaces. (GH #1336) + * Fix a bug in the amalgamation generation which could cause build failures on some systems including macOS. (GH #1264 #1265) @@ -148,7 +160,7 @@ Version 2.4.0, Not Yet Released * Fixes for CMake build (GH #1251) -* Add multithreading support for XMSS +* Avoid some signed overflow warnings (GH #1220 #1245) Version 2.3.0, 2017-10-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From b66a98f3c79489c39c239a4e8697ac7ab00ea902 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 5 Dec 2017 12:45:06 -0500 Subject: [PATCH 0299/1008] Mention other language bindings in readme --- readme.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/readme.rst b/readme.rst index 7d2d42231f..cb8b0423d6 100644 --- a/readme.rst +++ b/readme.rst @@ -10,7 +10,9 @@ offering the tools necessary to implement a range of practical systems, such as TLS/DTLS, PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. In addition to the C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python -binding using ctypes calling the C89 API is included. +binding using ctypes is included, and several other +`language bindings `_ +are available. Find the full feature list below. From c95061c946aa77537c687c5e1dbe281feb98615b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 5 Dec 2017 14:09:57 -0500 Subject: [PATCH 0300/1008] Cryptobox doesn't require filters anymore --- src/lib/misc/cryptobox/info.txt | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/lib/misc/cryptobox/info.txt b/src/lib/misc/cryptobox/info.txt index ba9e752b80..21f0ce0a3d 100644 --- a/src/lib/misc/cryptobox/info.txt +++ b/src/lib/misc/cryptobox/info.txt @@ -3,14 +3,11 @@ CRYPTO_BOX -> 20131128 -filters +base64 ctr -serpent hmac -rng -serpent -sha2_64 -base64 pbkdf2 pem +serpent +sha2_64 From 4564871b18ddbc4f08dc71607b1acc05541444ba Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 5 Dec 2017 14:10:08 -0500 Subject: [PATCH 0301/1008] Fix signed vs unsigned comparison warning --- src/lib/pubkey/xmss/xmss_privatekey.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp index 8cfab7f752..37dbd61e34 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp @@ -165,7 +165,7 @@ XMSS_PrivateKey::tree_hash(size_t start_idx, std::vector> ro_nodes( nodes.begin(), nodes.begin() + (1 << (level+1))); - for(size_t i = 0; i < (1 << level); i++) + for(size_t i = 0; i < (1U << level); i++) { node_addresses[i].set_tree_height(target_node_height - (level + 1)); node_addresses[i].set_tree_index( From 6b13db9408d6f0a723fb7b8c053c67e4f986c132 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 5 Dec 2017 22:41:59 +0100 Subject: [PATCH 0302/1008] Add known_named_groups to EC_Group to list known curves. Fixes GX #1338. --- src/lib/pubkey/ec_group/ec_group.h | 6 ++++ src/lib/pubkey/ec_group/ec_named.cpp | 35 +++++++++++++++++++++ src/tests/unit_ecc.cpp | 46 +++++++++------------------- 3 files changed, 56 insertions(+), 31 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index ccd69a4dc2..18ffed12c8 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -13,6 +13,7 @@ #include #include #include +#include namespace Botan { @@ -134,6 +135,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ static std::string PEM_for_named_group(const std::string& name); + /** + * Return a set of known named EC groups + */ + static const std::set& known_named_groups(); + private: CurveGFp m_curve; PointGFp m_base_point; diff --git a/src/lib/pubkey/ec_group/ec_named.cpp b/src/lib/pubkey/ec_group/ec_named.cpp index fc4a67fc62..2a8e1a1869 100644 --- a/src/lib/pubkey/ec_group/ec_named.cpp +++ b/src/lib/pubkey/ec_group/ec_named.cpp @@ -284,4 +284,39 @@ std::string EC_Group::PEM_for_named_group(const std::string& name) return ""; } +const std::set& EC_Group::known_named_groups() + { + static const std::set named_groups = { + "secp160k1", + "secp160r1", + "secp160r2", + "secp192k1", + "secp192r1", + "secp224k1", + "secp224r1", + "secp256k1", + "secp256r1", + "secp384r1", + "secp521r1", + "brainpool160r1", + "brainpool192r1", + "brainpool224r1", + "brainpool256r1", + "brainpool320r1", + "brainpool384r1", + "brainpool512r1", + "x962_p192v2", + "x962_p192v3", + "x962_p239v1", + "x962_p239v2", + "x962_p239v3", + "gost_256A", + "frp256v1", + "sm2p256v1" +#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) + ,BOTAN_HOUSE_ECC_CURVE_NAME +#endif + }; + return named_groups; + } } diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 74592d0a8c..83e429af76 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -29,36 +29,6 @@ namespace { #if defined(BOTAN_HAS_ECC_GROUP) -const std::vector ec_groups = - { - "brainpool160r1", - "brainpool192r1", - "brainpool224r1", - "brainpool256r1", - "brainpool320r1", - "brainpool384r1", - "brainpool512r1", - "gost_256A", - "secp160k1", - "secp160r1", - "secp160r2", - "secp192k1", - "secp192r1", - "secp224k1", - "secp224r1", - "secp256k1", - "secp256r1", - "secp384r1", - "secp521r1", - "x962_p192v2", - "x962_p192v3", - "x962_p239v1", - "x962_p239v2", - "x962_p239v3", - "sm2p256v1", - "frp256v1" - }; - Botan::BigInt test_integer(Botan::RandomNumberGenerator& rng, size_t bits, BigInt max) { /* @@ -145,7 +115,8 @@ class ECC_Randomized_Tests final : public Test std::vector ECC_Randomized_Tests::run() { std::vector results; - for(auto const& group_name : ec_groups) + std::set named_groups = Botan::EC_Group::known_named_groups(); + for(auto const& group_name : named_groups) { Test::Result result("ECC randomized " + group_name); @@ -268,6 +239,18 @@ class NIST_Curve_Reduction_Tests final : public Test BOTAN_REGISTER_TEST("nist_redc", NIST_Curve_Reduction_Tests); +Test::Result test_groups() + { + Test::Result result("ECC Unit"); + std::set named_groups = Botan::EC_Group::known_named_groups(); + for(auto const& group_name : named_groups) + { + const Botan::EC_Group group(group_name); + result.confirm("EC_Group is known", !group.get_oid().empty()); + } + return result; + } + Test::Result test_coordinates() { Test::Result result("ECC Unit"); @@ -831,6 +814,7 @@ class ECC_Unit_Tests final : public Test { std::vector results; + results.push_back(test_groups()); results.push_back(test_coordinates()); results.push_back(test_point_transformation()); results.push_back(test_point_mult()); From 353f7bb4dcca9053f10b0dfc32c6e291bcf2ecbf Mon Sep 17 00:00:00 2001 From: Felix Yan Date: Wed, 6 Dec 2017 13:28:01 +0800 Subject: [PATCH 0303/1008] Fix typos in configure.py --- configure.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.py b/configure.py index fd9545d5c2..ffc675f2c6 100755 --- a/configure.py +++ b/configure.py @@ -2385,7 +2385,7 @@ def choose(self): def choose_link_method(options): """ - Choose the link method based on system availablity and user request + Choose the link method based on system availability and user request """ req = options.link_method @@ -3038,7 +3038,7 @@ def validate_options(options, info_os, info_cc, available_module_policies): raise UserError('Bad value to --build-fuzzers') if options.build_fuzzers == 'klee' and options.os != 'llvm': - raise UserError('Building for KLEE requires targetting LLVM') + raise UserError('Building for KLEE requires targeting LLVM') if options.build_static_lib is False and options.build_shared_lib is False: raise UserError('With both --disable-static-library and --disable-shared-library, nothing to do') From f79c17ac2a9f5ea27ee07398631de36d07e51842 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 04:27:13 -0500 Subject: [PATCH 0304/1008] Add an option to generate PDF version of the documentation Fixes #1337 --- configure.py | 53 +++++++++++++++++++++++++-------------- src/scripts/build_docs.py | 47 ++++++++++++++++++++++++++-------- 2 files changed, 70 insertions(+), 30 deletions(-) diff --git a/configure.py b/configure.py index ffc675f2c6..75ee136b02 100755 --- a/configure.py +++ b/configure.py @@ -411,25 +411,6 @@ def process_command_line(args): # pylint: disable=too-many-locals help='distribution specific version', default='unspecified') - build_group.add_option('--with-sphinx', action='store_true', - default=None, help='Use Sphinx') - - build_group.add_option('--without-sphinx', action='store_false', - dest='with_sphinx', help=optparse.SUPPRESS_HELP) - - build_group.add_option('--with-doxygen', action='store_true', - default=False, help='Use Doxygen') - - build_group.add_option('--without-doxygen', action='store_false', - dest='with_doxygen', help=optparse.SUPPRESS_HELP) - - build_group.add_option('--with-documentation', action='store_true', - help=optparse.SUPPRESS_HELP) - - build_group.add_option('--without-documentation', action='store_false', - default=True, dest='with_documentation', - help='Skip building/installing documentation') - build_group.add_option('--maintainer-mode', dest='maintainer_mode', action='store_true', default=False, help="Enable extra warnings") @@ -460,6 +441,33 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--with-fuzzer-lib=', metavar='LIB', default=None, dest='fuzzer_lib', help='additionally link in LIB') + docs_group = optparse.OptionGroup(parser, 'Documentation Options') + + docs_group.add_option('--with-documentation', action='store_true', + help=optparse.SUPPRESS_HELP) + + docs_group.add_option('--without-documentation', action='store_false', + default=True, dest='with_documentation', + help='Skip building/installing documentation') + + docs_group.add_option('--with-sphinx', action='store_true', + default=None, help='Use Sphinx') + + docs_group.add_option('--without-sphinx', action='store_false', + dest='with_sphinx', help=optparse.SUPPRESS_HELP) + + docs_group.add_option('--with-pdf', action='store_true', + default=False, help='Use Sphinx to generate PDF doc') + + docs_group.add_option('--without-pdf', action='store_false', + dest='with_pdf', help=optparse.SUPPRESS_HELP) + + docs_group.add_option('--with-doxygen', action='store_true', + default=False, help='Use Doxygen') + + docs_group.add_option('--without-doxygen', action='store_false', + dest='with_doxygen', help=optparse.SUPPRESS_HELP) + mods_group = optparse.OptionGroup(parser, 'Module selection') mods_group.add_option('--module-policy', dest='module_policy', @@ -525,6 +533,7 @@ def process_command_line(args): # pylint: disable=too-many-locals parser.add_option_group(target_group) parser.add_option_group(build_group) + parser.add_option_group(docs_group) parser.add_option_group(mods_group) parser.add_option_group(install_group) parser.add_option_group(misc_group) @@ -2017,6 +2026,7 @@ def configure_command_line(): 'with_documentation': options.with_documentation, 'with_sphinx': options.with_sphinx, + 'with_pdf': options.with_pdf, 'sphinx_config_dir': source_paths.sphinx_config_dir, 'with_doxygen': options.with_doxygen, @@ -3051,6 +3061,11 @@ def validate_options(options, info_os, info_cc, available_module_policies): raise UserError('Using --with-doxygen plus --without-documentation makes no sense') if options.with_sphinx: raise UserError('Using --with-sphinx plus --without-documentation makes no sense') + if options.with_pdf: + raise UserError('Using --with-pdf plus --without-documentation makes no sense') + + if options.with_pdf and not options.with_sphinx: + raise UserError('Option --with-pdf requires --with-sphinx') # Warnings if options.os == 'windows' and options.compiler != 'msvc': diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index c6b8e9f67d..5d7181decf 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -14,7 +14,9 @@ import shutil import logging import json +import tempfile import os +import stat def get_concurrency(): """ @@ -34,21 +36,34 @@ def touch(fname): except OSError: open(fname, 'a').close() -def copy_files(src_dir, dest_dir): - for f in os.listdir(src_dir): - src_file = os.path.join(src_dir, f) - dest_file = os.path.join(dest_dir, f) - logging.debug("Copying from %s to %s", src_file, dest_file) - shutil.copyfile(src_file, dest_file) +def copy_files(src_path, dest_dir): -def run_and_check(cmd_line): + file_mode = os.stat(src_path).st_mode + + if stat.S_ISREG(file_mode): + logging.debug("Copying file %s to %s", src_path, dest_dir) + shutil.copy(src_path, dest_dir) + else: + for f in os.listdir(src_path): + src_file = os.path.join(src_path, f) + dest_file = os.path.join(dest_dir, f) + logging.debug("Copying dir %s to %s", src_file, dest_file) + shutil.copyfile(src_file, dest_file) + +def run_and_check(cmd_line, cwd=None): logging.debug("Executing %s", ' '.join(cmd_line)) proc = subprocess.Popen(cmd_line, - close_fds=True) + close_fds=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=cwd) - proc.communicate() + (stdout, stderr) = proc.communicate() + + logging.debug(stdout) + logging.debug(stderr) if proc.returncode != 0: logging.error("Error running %s", ' '.join(cmd_line)) @@ -103,6 +118,7 @@ def main(args=None): with_docs = bool(cfg['with_documentation']) with_sphinx = bool(cfg['with_sphinx']) + with_pdf = bool(cfg['with_pdf']) with_doxygen = bool(cfg['with_doxygen']) doc_stamp_file = cfg['doc_stamp_file'] @@ -120,8 +136,17 @@ def main(args=None): cmds.append(['doxygen', os.path.join(cfg['build_dir'], 'botan.doxy')]) if with_sphinx: - cmds.append(['sphinx-build', '-q', '-b', 'html', '-c', cfg['sphinx_config_dir'], - '-j', str(get_concurrency()), manual_src, manual_output]) + sphinx_build = ['sphinx-build', + '-c', cfg['sphinx_config_dir'], + '-j', str(get_concurrency())] + + cmds.append(sphinx_build + ['-b', 'html', manual_src, manual_output]) + + if with_pdf: + latex_output = tempfile.mkdtemp(prefix='botan_latex_') + cmds.append(sphinx_build + ['-b', 'latex', manual_src, latex_output]) + cmds.append(['make', '-C', latex_output]) + cmds.append(['cp', os.path.join(latex_output, 'botan.pdf'), manual_output]) else: # otherwise just copy it cmds.append(['cp', manual_src, manual_output]) From f08d8a8a175996c0bdafc2c226b1f6fdf69a2c16 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 04:31:00 -0500 Subject: [PATCH 0305/1008] Fix uninitialized warning closes #927 [ci skip] --- src/contrib/sqlite/codecext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/contrib/sqlite/codecext.c b/src/contrib/sqlite/codecext.c index f44c04a2e1..4b61f016dd 100644 --- a/src/contrib/sqlite/codecext.c +++ b/src/contrib/sqlite/codecext.c @@ -80,7 +80,7 @@ void* sqlite3Codec(void *pCodec, void *data, Pgno nPageNum, int nMode) int sqlite3CodecAttach(sqlite3 *db, int nDb, const void *zKey, int nKey) { - void *pCodec; + void *pCodec = NULL; if (zKey == NULL || nKey <= 0) { From 9036321248e152f0c233af0a1241bbef894c1203 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 05:13:44 -0500 Subject: [PATCH 0306/1008] Merge a couple of docs where appropriate --- doc/manual/contents.rst | 2 - doc/manual/mceliece.rst | 73 ---------------------------------- doc/manual/passhash.rst | 2 +- doc/manual/pbkdf.rst | 14 ++++++- doc/manual/platforms.rst | 44 --------------------- doc/manual/pubkey.rst | 74 +++++++++++++++++++++++++++++++++++ doc/manual/rng.rst | 7 ++++ doc/manual/stream_ciphers.rst | 2 +- doc/manual/support.rst | 48 +++++++++++++++++++++++ 9 files changed, 144 insertions(+), 122 deletions(-) delete mode 100644 doc/manual/mceliece.rst delete mode 100644 doc/manual/platforms.rst diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index e33876b9eb..f3c89cc198 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -8,7 +8,6 @@ Contents goals support building - platforms versions secmem rng @@ -18,7 +17,6 @@ Contents message_auth_codes cipher_modes pubkey - mceliece x509 tls credentials_manager diff --git a/doc/manual/mceliece.rst b/doc/manual/mceliece.rst deleted file mode 100644 index 204e0726f2..0000000000 --- a/doc/manual/mceliece.rst +++ /dev/null @@ -1,73 +0,0 @@ -McEliece -======================================== - -McEliece is a cryptographic scheme based on error correcting codes which is -thought to be resistent to quantum computers. First proposed in 1978, it is fast -and patent-free. Variants have been proposed and broken, but with suitable -parameters the original scheme remains secure. However the public keys are quite -large, which has hindered deployment in the past. - -The implementation of McEliece in Botan was contributed by cryptosource GmbH. It -is based on the implementation HyMES, with the kind permission of Nicolas -Sendrier and INRIA to release a C++ adaption of their original C code under the -Botan license. It was then modified by Falko Strenzke to add side channel and -fault attack countermeasures. You can read more about the implementation at -http://www.cryptosource.de/docs/mceliece_in_botan.pdf - -Encryption in the McEliece scheme consists of choosing a message block of size -`n`, encoding it in the error correcting code which is the public key, then -adding `t` bit errors. The code is created such that knowing only the public -key, decoding `t` errors is intractible, but with the additional knowledge of -the secret structure of the code a fast decoding technique exists. - -The McEliece implementation in HyMES, and also in Botan, uses an optimization to -reduce the public key size, by converting the public key into a systemic code. -This means a portion of the public key is a identity matrix, and can be excluded -from the published public key. However it also means that in McEliece the -plaintext is represented directly in the ciphertext, with only a small number of -bit errors. Thus it is absolutely essential to only use McEliece with a CCA2 -secure scheme. - -One such scheme, KEM, is provided in Botan currently. It it a somewhat unusual -scheme in that it outputs two values, a symmetric key for use with an AEAD, and -an encrypted key. It does this by choosing a random plaintext (n - log2(n)*t -bits) using ``McEliece_PublicKey::random_plaintext_element``. Then a random -error mask is chosen and the message is coded and masked. The symmetric key is -SHA-512(plaintext || error_mask). As long as the resulting key is used with a -secure AEAD scheme (which can be used for transporting arbitrary amounts of -data), CCA2 security is provided. - -In ``mcies.h`` there are functions for this combination: - -.. cpp:function:: secure_vector mceies_encrypt(const McEliece_PublicKey& pubkey, \ - const secure_vector& pt, \ - uint8_t ad[], size_t ad_len, \ - RandomNumberGenerator& rng, \ - const std::string& aead = "AES-256/OCB") - -.. cpp:function:: secure_vector mceies_decrypt(const McEliece_PrivateKey& privkey, \ - const secure_vector& ct, \ - uint8_t ad[], size_t ad_len, \ - const std::string& aead = "AES-256/OCB") - -For a given security level (SL) a McEliece key would use -parameters n and t, and have the cooresponding key sizes listed: - -+-----+------+-----+---------------+----------------+ -| SL | n | t | public key KB | private key KB | -+=====+======+=====+===============+================+ -| 80 | 1632 | 33 | 59 | 140 | -+-----+------+-----+---------------+----------------+ -| 107 | 2280 | 45 | 128 | 300 | -+-----+------+-----+---------------+----------------+ -| 128 | 2960 | 57 | 195 | 459 | -+-----+------+-----+---------------+----------------+ -| 147 | 3408 | 67 | 265 | 622 | -+-----+------+-----+---------------+----------------+ -| 191 | 4624 | 95 | 516 | 1234 | -+-----+------+-----+---------------+----------------+ -| 256 | 6624 | 115 | 942 | 2184 | -+-----+------+-----+---------------+----------------+ - -You can check the speed of McEliece with the suggested parameters above -using ``botan speed McEliece`` diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst index 99af4a7ea6..3af67e125c 100644 --- a/doc/manual/passhash.rst +++ b/doc/manual/passhash.rst @@ -70,7 +70,7 @@ passhash9. .. _bcrypt: -Bcrypt Password Hashing +Bcrypt ---------------------------------------- :wikipedia:`Bcrypt` is a password hashing scheme originally designed diff --git a/doc/manual/pbkdf.rst b/doc/manual/pbkdf.rst index d22f6872c7..c2a6f95c4e 100644 --- a/doc/manual/pbkdf.rst +++ b/doc/manual/pbkdf.rst @@ -51,9 +51,21 @@ is recommend for new applications. &salt[0], salt.size(), 10000); +PBKDF1 +------------ + +PBKDF1 is an old scheme that can only produce an output length at most +as long as the hash function. It is deprecated and will be removed in +a future release. + +PBKDF2 +------------ + +PBKDF2 is a the "standard" password derivation scheme, widely +implemented in many different libraries. OpenPGP S2K ----------------------------------------- +------------- There are some oddities about OpenPGP's S2K algorithms that are documented here. For one thing, it uses the iteration count in a diff --git a/doc/manual/platforms.rst b/doc/manual/platforms.rst deleted file mode 100644 index 67120e930f..0000000000 --- a/doc/manual/platforms.rst +++ /dev/null @@ -1,44 +0,0 @@ -Supported Platforms -============================== - -For Botan 2, the tier-1 supported platforms are - -* Linux x86-64, GCC 4.8 or higher -* Linux x86-64, Clang 3.5 or higher -* Linux aarch64, GCC 4.8+ -* Linux ppc64le, GCC 4.8+ -* Windows x86-64, Visual C++ 2013 and 2015 - -These platforms are all tested by continuous integration, and the developers -have access to hardware in order to test patches. Problems affecting these -platforms are considered release blockers. - -For Botan 2, the tier-2 supported platforms are - -* Linux x86-32, GCC 4.8+ -* Linux arm32, GCC 4.8+ -* Windows x86-64, MinGW GCC -* Apple OS X x86-64, XCode Clang -* iOS arm32/arm64, XCode Clang -* Android arm32, NDK Clang -* FreeBSD x86-64, Clang 3.8+ -* IncludeOS x86-32, Clang 3.8+ - -Some (but not all) of the tier-2 platforms are tested by CI. Things should -mostly work, and if problems are encountered, the Botan devs will probably be -able to help. But they are not as well tested as tier-1. - -Of course many other modern OSes such as OpenBSD, NetBSD, AIX, Solaris or QNX -are also probably fine (Botan has been tested on all of them successfully in the -past), but none of the core developers run these OSes and may not be able to -help so much in debugging problems. Patches to improve the build for these -platforms are welcome. Note that as a policy Botan does not support any OS which -is not supported by its original vendor; any such EOLed systems that are still -running are unpatched and insecure. - -In theory any working C++11 compiler is fine but in practice, we only test with -GCC, Clang, and Visual C++. There is support in the build system for several -commercial C++ compilers (Intel, PGI, Sun Studio, Ekopath, etc) all of which -worked with older (C++98) versions of both the code and the compilers, but it is -not known if the latest versions of these compilers can compile the library -properly. diff --git a/doc/manual/pubkey.rst b/doc/manual/pubkey.rst index 8a7991e53f..f6bbca4122 100644 --- a/doc/manual/pubkey.rst +++ b/doc/manual/pubkey.rst @@ -744,6 +744,80 @@ applies the key derivation function KDF2(SHA-256) with 256 bit output length to } +McEliece +-------------------------- + +McEliece is a cryptographic scheme based on error correcting codes which is +thought to be resistent to quantum computers. First proposed in 1978, it is fast +and patent-free. Variants have been proposed and broken, but with suitable +parameters the original scheme remains secure. However the public keys are quite +large, which has hindered deployment in the past. + +The implementation of McEliece in Botan was contributed by cryptosource GmbH. It +is based on the implementation HyMES, with the kind permission of Nicolas +Sendrier and INRIA to release a C++ adaption of their original C code under the +Botan license. It was then modified by Falko Strenzke to add side channel and +fault attack countermeasures. You can read more about the implementation at +http://www.cryptosource.de/docs/mceliece_in_botan.pdf + +Encryption in the McEliece scheme consists of choosing a message block of size +`n`, encoding it in the error correcting code which is the public key, then +adding `t` bit errors. The code is created such that knowing only the public +key, decoding `t` errors is intractible, but with the additional knowledge of +the secret structure of the code a fast decoding technique exists. + +The McEliece implementation in HyMES, and also in Botan, uses an optimization to +reduce the public key size, by converting the public key into a systemic code. +This means a portion of the public key is a identity matrix, and can be excluded +from the published public key. However it also means that in McEliece the +plaintext is represented directly in the ciphertext, with only a small number of +bit errors. Thus it is absolutely essential to only use McEliece with a CCA2 +secure scheme. + +One such scheme, KEM, is provided in Botan currently. It it a somewhat unusual +scheme in that it outputs two values, a symmetric key for use with an AEAD, and +an encrypted key. It does this by choosing a random plaintext (n - log2(n)*t +bits) using ``McEliece_PublicKey::random_plaintext_element``. Then a random +error mask is chosen and the message is coded and masked. The symmetric key is +SHA-512(plaintext || error_mask). As long as the resulting key is used with a +secure AEAD scheme (which can be used for transporting arbitrary amounts of +data), CCA2 security is provided. + +In ``mcies.h`` there are functions for this combination: + +.. cpp:function:: secure_vector mceies_encrypt(const McEliece_PublicKey& pubkey, \ + const secure_vector& pt, \ + uint8_t ad[], size_t ad_len, \ + RandomNumberGenerator& rng, \ + const std::string& aead = "AES-256/OCB") + +.. cpp:function:: secure_vector mceies_decrypt(const McEliece_PrivateKey& privkey, \ + const secure_vector& ct, \ + uint8_t ad[], size_t ad_len, \ + const std::string& aead = "AES-256/OCB") + +For a given security level (SL) a McEliece key would use +parameters n and t, and have the cooresponding key sizes listed: + ++-----+------+-----+---------------+----------------+ +| SL | n | t | public key KB | private key KB | ++=====+======+=====+===============+================+ +| 80 | 1632 | 33 | 59 | 140 | ++-----+------+-----+---------------+----------------+ +| 107 | 2280 | 45 | 128 | 300 | ++-----+------+-----+---------------+----------------+ +| 128 | 2960 | 57 | 195 | 459 | ++-----+------+-----+---------------+----------------+ +| 147 | 3408 | 67 | 265 | 622 | ++-----+------+-----+---------------+----------------+ +| 191 | 4624 | 95 | 516 | 1234 | ++-----+------+-----+---------------+----------------+ +| 256 | 6624 | 115 | 942 | 2184 | ++-----+------+-----+---------------+----------------+ + +You can check the speed of McEliece with the suggested parameters above +using ``botan speed McEliece`` + eXtended Merkle Signature Scheme (XMSS) ---------------------------------------- diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst index 7e80e2ed95..715f9f5894 100644 --- a/doc/manual/rng.rst +++ b/doc/manual/rng.rst @@ -92,6 +92,13 @@ simple and well studied way (the extract-then-expand paradigm), but is still an ad-hoc and non-standard construction. It is included because it is roughly 20x faster then HMAC_DRBG, and certain applications need access to a very fast RNG. +RDRAND_RNG +^^^^^^^^^^^^^^^^^ + +This RNG type directly calls the x86 ``rdrand`` instruction. If the instruction +is not available it will throw at runtime, you can check beforehand by calling +``Botan::CPUID::has_rdrand()``. + TPM_RNG ^^^^^^^^^^^^^^^^^ diff --git a/doc/manual/stream_ciphers.rst b/doc/manual/stream_ciphers.rst index 80dfa77297..e7b9f00261 100644 --- a/doc/manual/stream_ciphers.rst +++ b/doc/manual/stream_ciphers.rst @@ -135,7 +135,7 @@ ChaCha ~~~~~~~~ A very fast cipher, now widely deployed in TLS as part of the ChaCha20Poly1305 -AEAD. Can be used with 8 (fast but dangerous), 12 (balance, or 20 rounds +AEAD. Can be used with 8 (fast but dangerous), 12 (balance), or 20 rounds (conservative). Even with 20 rounds, ChaCha is very fast. Use 20 rounds. Available if ``BOTAN_HAS_CHACHA`` is defined. diff --git a/doc/manual/support.rst b/doc/manual/support.rst index ca7166fbcf..5ba4d0612c 100644 --- a/doc/manual/support.rst +++ b/doc/manual/support.rst @@ -1,6 +1,54 @@ Support Information ======================= +Supported Platforms +------------------------ + +For Botan 2, the tier-1 supported platforms are + +* Linux x86-64, GCC 4.8 or higher +* Linux x86-64, Clang 3.5 or higher +* Linux aarch64, GCC 4.8+ +* Linux ppc64le, GCC 4.8+ +* Windows x86-64, Visual C++ 2013 and 2015 + +These platforms are all tested by continuous integration, and the developers +have access to hardware in order to test patches. Problems affecting these +platforms are considered release blockers. + +For Botan 2, the tier-2 supported platforms are + +* Linux x86-32, GCC 4.8+ +* Linux arm32, GCC 4.8+ +* Windows x86-64, MinGW GCC +* Apple OS X x86-64, XCode Clang +* iOS arm32/arm64, XCode Clang +* Android arm32, NDK Clang +* FreeBSD x86-64, Clang 3.8+ +* IncludeOS x86-32, Clang 3.8+ + +Some (but not all) of the tier-2 platforms are tested by CI. Things should +mostly work, and if problems are encountered, the Botan devs will probably be +able to help. But they are not as well tested as tier-1. + +Of course many other modern OSes such as OpenBSD, NetBSD, AIX, Solaris or QNX +are also probably fine (Botan has been tested on all of them successfully in the +past), but none of the core developers run these OSes and may not be able to +help so much in debugging problems. Patches to improve the build for these +platforms are welcome. Note that as a policy Botan does not support any OS which +is not supported by its original vendor; any such EOLed systems that are still +running are unpatched and insecure. + +In theory any working C++11 compiler is fine but in practice, we only test with +GCC, Clang, and Visual C++. There is support in the build system for several +commercial C++ compilers (Intel, PGI, Sun Studio, Ekopath, etc) all of which +worked with older (C++98) versions of both the code and the compilers, but it is +not known if the latest versions of these compilers can compile the library +properly. + +Branch Support Status +------------------------- + Following table provides the support status for Botan branches. Any branch not listed here (including 1.11) is no longer supported. Dates in the future are approximate. From 5d101ca94e2a53ebd9313d35669320e87835c618 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 05:31:48 -0500 Subject: [PATCH 0307/1008] Add some basic tests of CPUID class --- src/tests/test_utils.cpp | 44 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index 3c4accab2d..c17acac57a 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -547,6 +547,50 @@ class Hostname_Tests final : public Text_Based_Test BOTAN_REGISTER_TEST("hostname", Hostname_Tests); +class CPUID_Tests final : public Test + { + public: + + std::vector run() override + { + Test::Result result("CPUID"); + + result.confirm("Endian is either little or big", + Botan::CPUID::is_big_endian() || Botan::CPUID::is_little_endian()); + + if(Botan::CPUID::is_little_endian()) + { + result.test_eq("If endian is little, it is not also big endian", Botan::CPUID::is_big_endian(), false); + } + else + { + result.test_eq("If endian is big, it is not also little endian", Botan::CPUID::is_little_endian(), false); + } + + const std::string cpuid_string = Botan::CPUID::to_string(); + result.test_success("CPUID::to_string doesn't crash"); + +#if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) + + if(Botan::CPUID::has_sse2()) + { + result.confirm("Output string includes sse2", cpuid_string.find("sse2") != std::string::npos); + + Botan::CPUID::clear_cpuid_bit(Botan::CPUID::CPUID_SSE2_BIT); + + result.test_eq("After clearing cpuid bit, has_sse2 returns false", Botan::CPUID::has_sse2(), false); + + Botan::CPUID::initialize(); // reset state + result.test_eq("After reinitializing, has_sse2 returns true", Botan::CPUID::has_sse2(), true); + } +#endif + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("cpuid", CPUID_Tests); + } } From dd9b4462b1319719128fb20e2cbffcafd13b9b36 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 05:34:39 -0500 Subject: [PATCH 0308/1008] Add a new version function returning just the version without extras --- src/cli/utils.cpp | 4 +--- src/lib/utils/version.cpp | 40 +++++++++++++++++++++++---------------- src/lib/utils/version.h | 16 ++++++++++++++++ 3 files changed, 41 insertions(+), 19 deletions(-) diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 602035c8c7..094665a00e 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -119,9 +119,7 @@ class Version_Info final : public Command } else { - output() << Botan::version_major() << "." - << Botan::version_minor() << "." - << Botan::version_patch() << "\n"; + output() << Botan::short_version_string() << "\n"; } } }; diff --git a/src/lib/utils/version.cpp b/src/lib/utils/version.cpp index ff4c4f0f32..d04856d37b 100644 --- a/src/lib/utils/version.cpp +++ b/src/lib/utils/version.cpp @@ -16,18 +16,18 @@ namespace Botan { version they are running against. */ -/* -* Return the version as a string -*/ -std::string version_string() +#define QUOTE(name) #name +#define STR(macro) QUOTE(macro) + +const char* short_version_cstr() { - return std::string(version_cstr()); + return STR(BOTAN_VERSION_MAJOR) "." + STR(BOTAN_VERSION_MINOR) "." + STR(BOTAN_VERSION_PATCH); } const char* version_cstr() { -#define QUOTE(name) #name -#define STR(macro) QUOTE(macro) /* It is intentional that this string is a compile-time constant; @@ -46,9 +46,22 @@ const char* version_cstr() #endif ", revision " BOTAN_VERSION_VC_REVISION ", distribution " BOTAN_DISTRIBUTION_INFO ")"; + } #undef STR #undef QUOTE + +/* +* Return the version as a string +*/ +std::string version_string() + { + return std::string(version_cstr()); + } + +std::string short_version_string() + { + return std::string(short_version_cstr()); } uint32_t version_datestamp() { return BOTAN_VERSION_DATESTAMP; } @@ -66,16 +79,11 @@ std::string runtime_version_check(uint32_t major, { std::ostringstream oss; - if(major != version_major() || - minor != version_minor() || - patch != version_patch()) + if(major != version_major() || minor != version_minor() || patch != version_patch()) { - oss << "Warning: linked version (" - << Botan::version_major() << '.' - << Botan::version_minor() << '.' - << Botan::version_patch() - << ") does not match version built against (" - << major << '.' << minor << '.' << patch << ")\n"; + oss << "Warning: linked version (" << short_version_string() << ")" + << " does not match version built against " + << "(" << major << '.' << minor << '.' << patch << ")\n"; } return oss.str(); diff --git a/src/lib/utils/version.h b/src/lib/utils/version.h index f82916607f..fe59de625c 100644 --- a/src/lib/utils/version.h +++ b/src/lib/utils/version.h @@ -24,8 +24,24 @@ namespace Botan { */ BOTAN_PUBLIC_API(2,0) std::string version_string(); +/** +* Same as version_string() except returning a pointer to a statically +* allocated string. +* @return version string +*/ BOTAN_PUBLIC_API(2,0) const char* version_cstr(); +/** +* Return a version string of the form "MAJOR.MINOR.PATCH" where +* each of the values is an integer. +*/ +BOTAN_PUBLIC_API(2,4) std::string short_version_string(); + +/** +* Same as version_short_string except returning a pointer to the string. +*/ +BOTAN_PUBLIC_API(2,4) const char* short_version_cstr(); + /** * Return the date this version of botan was released, in an integer of * the form YYYYMMDD. For instance a version released on May 21, 2013 From e2b20a0803d1a7e2803ddddb13d981293d4ee162 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 11:22:50 -0500 Subject: [PATCH 0309/1008] Fix seeding of test RNG If no explicit seed was provided, it ended up ignoring the timestamp derived seed. --- src/tests/test_runner.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index d6b612ded7..11df727c9b 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -55,12 +55,11 @@ class Testsuite_RNG final : public Botan::RandomNumberGenerator } } - Testsuite_RNG(const std::string& drbg_seed, size_t test_counter = 0) + Testsuite_RNG(const std::vector& seed, size_t test_counter = 0) { m_d = static_cast(test_counter); - add_entropy(reinterpret_cast(drbg_seed.data()), - drbg_seed.size()); + add_entropy(seed.data(), seed.size()); } private: void mix() @@ -187,7 +186,7 @@ int Test_Runner::run(const std::vector& requested_tests, for(size_t i = 0; i != runs; ++i) { std::unique_ptr rng = - std::unique_ptr(new Testsuite_RNG(drbg_seed, i)); + std::unique_ptr(new Testsuite_RNG(seed, i)); Botan_Tests::Test::set_test_rng(std::move(rng)); From 2ff5d004c95f69cc29a1ac832c29be4d411bc66a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 6 Dec 2017 16:53:35 -0500 Subject: [PATCH 0310/1008] Fix make clean target - didn't remove libbotan-2.so symlink files [ci skip] --- src/scripts/cleanup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index ae2f588f54..6dc7d24080 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -109,7 +109,7 @@ def main(args=None): remove_file(build_config['test_exe']) lib_basename = build_config['lib_prefix'] + build_config['libname'] - matches_libname = re.compile('^' + lib_basename + '.([a-z]+)') + matches_libname = re.compile('^' + lib_basename + '.([a-z]+)((\\.[0-9\\.]+)|$)') known_suffix = ['a', 'so', 'dll', 'manifest', 'exp'] From 03d2d6057b2f2a3ce38c2af3bf18dadee684714f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 7 Dec 2017 10:12:06 -0500 Subject: [PATCH 0311/1008] Remove the doc.stamp file in make clean target [ci skip] Otherwise make docs followed by make clean leaves docs unbuilt and make won't rebuild them. GH #1337 --- src/scripts/cleanup.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 6dc7d24080..7660076dca 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -100,6 +100,8 @@ def main(args=None): dir_path = build_config[dir_type] remove_all_in_dir(dir_path) + remove_file(build_config['doc_stamp_file']) + try: shutil.rmtree(build_config['doc_output_dir']) except OSError: From e581ec624ba31f1134fb746731c3957d669050da Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 7 Dec 2017 15:54:22 -0500 Subject: [PATCH 0312/1008] Fix formatting in TLS server code [ci skip] --- src/lib/tls/tls_server.cpp | 372 ++++++++++++++++++------------------- 1 file changed, 179 insertions(+), 193 deletions(-) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 66a0e0e1de..5bc5410f51 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -131,16 +131,14 @@ bool check_for_resume(Session& session_info, } // Checking encrypt_then_mac on resume (RFC 7366 section 3.1) - if( !client_hello->supports_encrypt_then_mac() && session_info.supports_encrypt_then_mac()) + if(!client_hello->supports_encrypt_then_mac() && session_info.supports_encrypt_then_mac()) { - /* Client previously negotiated session with Encrypt-then-MAC, but has now attempted to resume without the extension: abort */ throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Client resumed Encrypt-then-MAC session without sending extension"); - } return true; @@ -511,153 +509,147 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, { this->session_create(pending_state, have_session_ticket_key); } -} + } void Server::process_certificate_msg(Server_Handshake_State& pending_state, const std::vector& contents) -{ + { pending_state.client_certs(new Certificate(contents, policy())); pending_state.set_expected_next(CLIENT_KEX); -} + } void Server::process_client_key_exchange_msg(Server_Handshake_State& pending_state, const std::vector& contents) -{ + { if(pending_state.received_handshake_msg(CERTIFICATE) && !pending_state.client_certs()->empty()) pending_state.set_expected_next(CERTIFICATE_VERIFY); else pending_state.set_expected_next(HANDSHAKE_CCS); - pending_state.client_kex( - new Client_Key_Exchange(contents, pending_state, - pending_state.server_rsa_kex_key(), - m_creds, policy(), rng()) - ); + pending_state.client_kex(new Client_Key_Exchange(contents, pending_state, + pending_state.server_rsa_kex_key(), + m_creds, policy(), rng())); pending_state.compute_session_keys(); -} + } void Server::process_change_cipher_spec_msg(Server_Handshake_State& pending_state) -{ + { pending_state.set_expected_next(FINISHED); change_cipher_spec_reader(SERVER); -} + } void Server::process_certificate_verify_msg(Server_Handshake_State& pending_state, Handshake_Type type, const std::vector& contents) -{ - pending_state.client_verify ( new Certificate_Verify ( contents, pending_state.version() ) ); - - const std::vector& client_certs = - pending_state.client_certs()->cert_chain(); - - const bool sig_valid = - pending_state.client_verify()->verify ( client_certs[0], pending_state, policy() ); - - pending_state.hash().update ( pending_state.handshake_io().format ( contents, type ) ); - - /* - * Using DECRYPT_ERROR looks weird here, but per RFC 4346 is for - * "A handshake cryptographic operation failed, including being - * unable to correctly verify a signature, ..." - */ - if ( !sig_valid ) - throw TLS_Exception ( Alert::DECRYPT_ERROR, "Client cert verify failed" ); - - try - { - const std::string sni_hostname = pending_state.client_hello()->sni_hostname(); - auto trusted_CAs = m_creds.trusted_certificate_authorities("tls-server", sni_hostname); - - callbacks().tls_verify_cert_chain(client_certs, - {}, // ocsp - trusted_CAs, - Usage_Type::TLS_CLIENT_AUTH, - sni_hostname, - policy()); - } - catch ( std::exception& e ) - { - throw TLS_Exception ( Alert::BAD_CERTIFICATE, e.what() ); - } - - pending_state.set_expected_next ( HANDSHAKE_CCS ); -} + { + pending_state.client_verify(new Certificate_Verify(contents, pending_state.version())); + + const std::vector& client_certs = + pending_state.client_certs()->cert_chain(); + + const bool sig_valid = + pending_state.client_verify()->verify(client_certs[0], pending_state, policy()); + + pending_state.hash().update(pending_state.handshake_io().format(contents, type)); + + /* + * Using DECRYPT_ERROR looks weird here, but per RFC 4346 is for + * "A handshake cryptographic operation failed, including being + * unable to correctly verify a signature, ..." + */ + if(!sig_valid) + throw TLS_Exception(Alert::DECRYPT_ERROR, "Client cert verify failed"); + + try + { + const std::string sni_hostname = pending_state.client_hello()->sni_hostname(); + auto trusted_CAs = m_creds.trusted_certificate_authorities("tls-server", sni_hostname); + + callbacks().tls_verify_cert_chain(client_certs, + {}, // ocsp + trusted_CAs, + Usage_Type::TLS_CLIENT_AUTH, + sni_hostname, + policy()); + } + catch(std::exception& e) + { + throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); + } + + pending_state.set_expected_next(HANDSHAKE_CCS); + } void Server::process_finished_msg(Server_Handshake_State& pending_state, Handshake_Type type, const std::vector& contents) -{ - pending_state.set_expected_next ( HANDSHAKE_NONE ); - - pending_state.client_finished ( new Finished ( contents ) ); - - if ( !pending_state.client_finished()->verify ( pending_state, CLIENT ) ) - throw TLS_Exception ( Alert::DECRYPT_ERROR, - "Finished message didn't verify" ); - - if ( !pending_state.server_finished() ) - { - // already sent finished if resuming, so this is a new session - - pending_state.hash().update ( pending_state.handshake_io().format ( contents, type ) ); - - Session session_info( - pending_state.server_hello()->session_id(), - pending_state.session_keys().master_secret(), - pending_state.server_hello()->version(), - pending_state.server_hello()->ciphersuite(), - pending_state.server_hello()->compression_method(), - SERVER, - pending_state.server_hello()->supports_extended_master_secret(), - pending_state.server_hello()->supports_encrypt_then_mac(), - get_peer_cert_chain ( pending_state ), - std::vector(), - Server_Information(pending_state.client_hello()->sni_hostname()), - pending_state.srp_identifier(), - pending_state.server_hello()->srtp_profile() - ); - - if ( save_session ( session_info ) ) - { - if ( pending_state.server_hello()->supports_session_ticket() ) - { - try - { - const SymmetricKey ticket_key = m_creds.psk ( "tls-server", "session-ticket", "" ); - - pending_state.new_session_ticket ( - new New_Session_Ticket ( pending_state.handshake_io(), - pending_state.hash(), - session_info.encrypt ( ticket_key, rng() ), - policy().session_ticket_lifetime() ) - ); - } - catch ( ... ) {} - } - else - session_manager().save ( session_info ); - } + { + pending_state.set_expected_next(HANDSHAKE_NONE); + + pending_state.client_finished(new Finished(contents)); - if ( !pending_state.new_session_ticket() && - pending_state.server_hello()->supports_session_ticket() ) + if(!pending_state.client_finished()->verify(pending_state, CLIENT)) + throw TLS_Exception(Alert::DECRYPT_ERROR, + "Finished message didn't verify"); + + if(!pending_state.server_finished()) + { + // already sent finished if resuming, so this is a new session + + pending_state.hash().update(pending_state.handshake_io().format(contents, type)); + + Session session_info( + pending_state.server_hello()->session_id(), + pending_state.session_keys().master_secret(), + pending_state.server_hello()->version(), + pending_state.server_hello()->ciphersuite(), + pending_state.server_hello()->compression_method(), + SERVER, + pending_state.server_hello()->supports_extended_master_secret(), + pending_state.server_hello()->supports_encrypt_then_mac(), + get_peer_cert_chain(pending_state), + std::vector(), + Server_Information(pending_state.client_hello()->sni_hostname()), + pending_state.srp_identifier(), + pending_state.server_hello()->srtp_profile()); + + if(save_session(session_info)) + { + if(pending_state.server_hello()->supports_session_ticket()) { - pending_state.new_session_ticket ( - new New_Session_Ticket ( pending_state.handshake_io(), pending_state.hash() ) - ); + try + { + const SymmetricKey ticket_key = m_creds.psk("tls-server", "session-ticket", ""); + + pending_state.new_session_ticket( + new New_Session_Ticket(pending_state.handshake_io(), + pending_state.hash(), + session_info.encrypt(ticket_key, rng()), + policy().session_ticket_lifetime())); + } + catch(...) {} } + else + session_manager().save(session_info); + } - pending_state.handshake_io().send ( Change_Cipher_Spec() ); + if(!pending_state.new_session_ticket() && + pending_state.server_hello()->supports_session_ticket()) + { + pending_state.new_session_ticket( + new New_Session_Ticket(pending_state.handshake_io(), pending_state.hash())); + } - change_cipher_spec_writer ( SERVER ); + pending_state.handshake_io().send(Change_Cipher_Spec()); - pending_state.server_finished ( new Finished ( pending_state.handshake_io(), pending_state, SERVER ) ); - } + change_cipher_spec_writer(SERVER); - activate_session(); + pending_state.server_finished(new Finished(pending_state.handshake_io(), pending_state, SERVER)); + } -} + activate_session(); + } /* * Process a handshake message @@ -711,72 +703,68 @@ void Server::session_resume(Server_Handshake_State& pending_state, bool have_session_ticket_key, Session& session_info) { - // Only offer a resuming client a new ticket if they didn't send one this time, - // ie, resumed via server-side resumption. TODO: also send one if expiring soon? - - const bool offer_new_session_ticket = - (pending_state.client_hello()->supports_session_ticket() && - pending_state.client_hello()->session_ticket().empty() && - have_session_ticket_key); - - pending_state.server_hello(new Server_Hello( - pending_state.handshake_io(), - pending_state.hash(), - policy(), - rng(), - secure_renegotiation_data_for_server_hello(), - *pending_state.client_hello(), - session_info, - offer_new_session_ticket, - m_next_protocol - )); - - secure_renegotiation_check(pending_state.server_hello()); - - pending_state.compute_session_keys(session_info.master_secret()); - - if(!save_session(session_info)) - { - session_manager().remove_entry(session_info.session_id()); + // Only offer a resuming client a new ticket if they didn't send one this time, + // ie, resumed via server-side resumption. TODO: also send one if expiring soon? - if(pending_state.server_hello()->supports_session_ticket()) // send an empty ticket - { - pending_state.new_session_ticket( - new New_Session_Ticket(pending_state.handshake_io(), - pending_state.hash()) - ); - } + const bool offer_new_session_ticket = + (pending_state.client_hello()->supports_session_ticket() && + pending_state.client_hello()->session_ticket().empty() && + have_session_ticket_key); + + pending_state.server_hello(new Server_Hello( + pending_state.handshake_io(), + pending_state.hash(), + policy(), + rng(), + secure_renegotiation_data_for_server_hello(), + *pending_state.client_hello(), + session_info, + offer_new_session_ticket, + m_next_protocol)); + + secure_renegotiation_check(pending_state.server_hello()); + + pending_state.compute_session_keys(session_info.master_secret()); + + if(!save_session(session_info)) + { + session_manager().remove_entry(session_info.session_id()); + + if(pending_state.server_hello()->supports_session_ticket()) // send an empty ticket + { + pending_state.new_session_ticket( + new New_Session_Ticket(pending_state.handshake_io(), + pending_state.hash())); } + } - if(pending_state.server_hello()->supports_session_ticket() && !pending_state.new_session_ticket()) + if(pending_state.server_hello()->supports_session_ticket() && !pending_state.new_session_ticket()) + { + try { - try - { - const SymmetricKey ticket_key = m_creds.psk("tls-server", "session-ticket", ""); - - pending_state.new_session_ticket( - new New_Session_Ticket(pending_state.handshake_io(), - pending_state.hash(), - session_info.encrypt(ticket_key, rng()), - policy().session_ticket_lifetime()) - ); - } - catch(...) {} + const SymmetricKey ticket_key = m_creds.psk("tls-server", "session-ticket", ""); - if(!pending_state.new_session_ticket()) - { - pending_state.new_session_ticket( - new New_Session_Ticket(pending_state.handshake_io(), pending_state.hash()) - ); - } + pending_state.new_session_ticket( + new New_Session_Ticket(pending_state.handshake_io(), + pending_state.hash(), + session_info.encrypt(ticket_key, rng()), + policy().session_ticket_lifetime())); } + catch(...) {} - pending_state.handshake_io().send(Change_Cipher_Spec()); + if(!pending_state.new_session_ticket()) + { + pending_state.new_session_ticket( + new New_Session_Ticket(pending_state.handshake_io(), pending_state.hash())); + } + } - change_cipher_spec_writer(SERVER); + pending_state.handshake_io().send(Change_Cipher_Spec()); - pending_state.server_finished(new Finished(pending_state.handshake_io(), pending_state, SERVER)); - pending_state.set_expected_next(HANDSHAKE_CCS); + change_cipher_spec_writer(SERVER); + + pending_state.server_finished(new Finished(pending_state.handshake_io(), pending_state, SERVER)); + pending_state.set_expected_next(HANDSHAKE_CCS); } void Server::session_create(Server_Handshake_State& pending_state, @@ -803,28 +791,26 @@ void Server::session_create(Server_Handshake_State& pending_state, send_alert(Alert(Alert::UNRECOGNIZED_NAME)); } - Server_Hello::Settings srv_settings( - make_hello_random(rng(), policy()), // new session ID - pending_state.version(), - choose_ciphersuite(policy(), - pending_state.version(), - m_creds, - cert_chains, - *pending_state.client_hello()), - choose_compression(policy(), - pending_state.client_hello()->compression_methods()), - have_session_ticket_key); + const uint16_t ciphersuite = choose_ciphersuite(policy(), pending_state.version(), + m_creds, cert_chains, + *pending_state.client_hello()); + + Server_Hello::Settings srv_settings( + make_hello_random(rng(), policy()), // new session ID + pending_state.version(), + ciphersuite, + choose_compression(policy(), pending_state.client_hello()->compression_methods()), + have_session_ticket_key); pending_state.server_hello(new Server_Hello( - pending_state.handshake_io(), - pending_state.hash(), - policy(), - rng(), - secure_renegotiation_data_for_server_hello(), - *pending_state.client_hello(), - srv_settings, - m_next_protocol) - ); + pending_state.handshake_io(), + pending_state.hash(), + policy(), + rng(), + secure_renegotiation_data_for_server_hello(), + *pending_state.client_hello(), + srv_settings, + m_next_protocol)); secure_renegotiation_check(pending_state.server_hello()); @@ -834,7 +820,7 @@ void Server::session_create(Server_Handshake_State& pending_state, if(sig_algo != "") { BOTAN_ASSERT(!cert_chains[sig_algo].empty(), - "Attempting to send empty certificate chain"); + "Attempting to send empty certificate chain"); pending_state.server_certs(new Certificate(pending_state.handshake_io(), pending_state.hash(), From d27f5a1ec8a4c239d4526fcccd2054e729f71c8c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 24 Nov 2017 00:09:38 -0500 Subject: [PATCH 0313/1008] On resuming a client session, save the certificates that were used. GH #1303 --- src/lib/tls/tls_channel.cpp | 5 +++++ src/lib/tls/tls_channel.h | 2 +- src/lib/tls/tls_client.cpp | 13 +++++++++++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 892e1a3991..f56cff24b0 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -117,6 +117,11 @@ std::vector Channel::peer_cert_chain() const return std::vector(); } +bool Channel::save_session(const Session& session) + { + return callbacks().tls_session_established(session); + } + Handshake_State& Channel::create_handshake_state(Protocol_Version version) { if(pending_state()) diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 070a190ddb..0362faaa8d 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -237,7 +237,7 @@ class BOTAN_PUBLIC_API(2,0) Channel const Policy& policy() const { return m_policy; } - bool save_session(const Session& session) const { return callbacks().tls_session_established(session); } + bool save_session(const Session& session); Callbacks& callbacks() const { return m_callbacks; } private: diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index ad8fdfa2dc..ed3821ed25 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -33,10 +33,11 @@ class Client_Handshake_State final : public Handshake_State return *server_public_key.get(); } + std::unique_ptr server_public_key; + // Used during session resumption secure_vector resume_master_secret; - - std::unique_ptr server_public_key; + std::vector resume_peer_certs; }; } @@ -119,6 +120,10 @@ Handshake_State* Client::new_handshake_state(Handshake_IO* io) std::vector Client::get_peer_cert_chain(const Handshake_State& state) const { + const Client_Handshake_State& cstate = dynamic_cast(state); + if(cstate.resume_peer_certs.size() > 0) + return cstate.resume_peer_certs; + if(state.server_certs()) return state.server_certs()->cert_chain(); return std::vector(); @@ -168,6 +173,7 @@ void Client::send_client_hello(Handshake_State& state_base, next_protocols)); state.resume_master_secret = session_info.master_secret(); + state.resume_peer_certs = session_info.peer_certs(); } } } @@ -321,6 +327,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { // new session + state.resume_master_secret.clear(); + state.resume_peer_certs.clear(); + if(state.client_hello()->version().is_datagram_protocol() != state.server_hello()->version().is_datagram_protocol()) { From b2ea1923e2f8d7b1d45f9362cb279ad9342191dc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 7 Dec 2017 16:42:31 -0500 Subject: [PATCH 0314/1008] Handle #1303 on the server side --- src/lib/tls/tls_server.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 5bc5410f51..cd52c92f2b 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -31,6 +31,11 @@ class Server_Handshake_State final : public Handshake_State void set_allow_session_resumption(bool allow_session_resumption) { m_allow_session_resumption = allow_session_resumption; } + const std::vector& resume_peer_certs() const + { return m_resume_peer_certs; } + + void set_resume_certs(const std::vector& certs) + { m_resume_peer_certs = certs; } private: // Used by the server only, in case of RSA key exchange. Not owned @@ -41,6 +46,8 @@ class Server_Handshake_State final : public Handshake_State * a server-initiated renegotiation */ bool m_allow_session_resumption = true; + + std::vector m_resume_peer_certs; }; namespace { @@ -359,8 +366,12 @@ Handshake_State* Server::new_handshake_state(Handshake_IO* io) } std::vector -Server::get_peer_cert_chain(const Handshake_State& state) const +Server::get_peer_cert_chain(const Handshake_State& state_base) const { + const Server_Handshake_State& state = dynamic_cast(state_base); + if(state.resume_peer_certs().size() > 0) + return state.resume_peer_certs(); + if(state.client_certs()) return state.client_certs()->cert_chain(); return std::vector(); @@ -725,6 +736,7 @@ void Server::session_resume(Server_Handshake_State& pending_state, secure_renegotiation_check(pending_state.server_hello()); pending_state.compute_session_keys(session_info.master_secret()); + pending_state.set_resume_certs(session_info.peer_certs()); if(!save_session(session_info)) { From 968d2a5fcdd9c6e2943eabbd67eb6372c1b62d77 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 7 Dec 2017 16:42:47 -0500 Subject: [PATCH 0315/1008] Avoid saving a resumed session multiple times --- src/lib/tls/tls_client.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index ed3821ed25..631779e998 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -33,6 +33,8 @@ class Client_Handshake_State final : public Handshake_State return *server_public_key.get(); } + bool is_a_resumption() const { return (resume_master_secret.empty() == false); } + std::unique_ptr server_public_key; // Used during session resumption @@ -620,7 +622,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, const bool should_save = save_session(session_info); - if(!session_id.empty()) + if(session_id.size() > 0 && state.is_a_resumption() == false) { if(should_save) session_manager().save(session_info); From 6284d7507130288fa8cc7ece096ecac56a81f8cd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 9 Dec 2017 16:58:14 -0500 Subject: [PATCH 0316/1008] Move -Wstrict-overflow to maintainer mode [ci skip] It tends to have false positives, and is deprecated starting in GCC 8 --- src/build-data/cc/gcc.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 94cdd9e254..64c52f076e 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -5,9 +5,9 @@ binary_name g++ lang_flags "-std=c++11 -D_REENTRANT" # This should only contain flags which are included in GCC 4.8 -warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" +warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" -maintainer_warning_flags "-Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=strict-overflow -Wno-error=deprecated-declarations" +maintainer_warning_flags "-Wstrict-overflow=5 -Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=strict-overflow -Wno-error=deprecated-declarations" optimization_flags "-O3" size_optimization_flags "-Os" From 5e69b9a4e4b703247189e46652a41b901de06dae Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 11:25:22 -0500 Subject: [PATCH 0317/1008] Enable using NEON on Clang Clang doesn't like the way SIMD shifts were implemented, I guess it fails to inline the constant. Make it a template parameter instead. --- src/build-data/cc/clang.txt | 3 ++ .../serpent/serpent_simd/serpent_simd.cpp | 8 ++--- src/lib/utils/simd/simd_32.h | 29 ++++++++++--------- src/tests/test_simd.cpp | 4 +-- 4 files changed, 24 insertions(+), 20 deletions(-) diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index ec4da317d8..44dd654f31 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -46,6 +46,9 @@ rdrand -> "-mrdrnd" rdseed -> "-mrdseed" sha -> "-msha" altivec -> "-maltivec" + +arm32:neon -> "-mfpu=neon" +arm64:neon -> "" diff --git a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp index ad4871cf68..8148e321f9 100644 --- a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp +++ b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp @@ -27,11 +27,11 @@ namespace Botan { B0 = B0.rotl<13>(); \ B2 = B2.rotl<3>(); \ B1 ^= B0 ^ B2; \ - B3 ^= B2 ^ (B0 << 3); \ + B3 ^= B2 ^ B0.shl<3>(); \ B1 = B1.rotl<1>(); \ B3 = B3.rotl<7>(); \ B0 ^= B1 ^ B3; \ - B2 ^= B3 ^ (B1 << 7); \ + B2 ^= B3 ^ B1.shl<7>(); \ B0 = B0.rotl<5>(); \ B2 = B2.rotl<22>(); \ } while(0) @@ -40,11 +40,11 @@ namespace Botan { do { \ B2 = B2.rotr<22>(); \ B0 = B0.rotr<5>(); \ - B2 ^= B3 ^ (B1 << 7); \ + B2 ^= B3 ^ B1.shl<7>(); \ B0 ^= B1 ^ B3; \ B3 = B3.rotr<7>(); \ B1 = B1.rotr<1>(); \ - B3 ^= B2 ^ (B0 << 3); \ + B3 ^= B2 ^ B0.shl<3>(); \ B1 ^= B0 ^ B2; \ B2 = B2.rotr<3>(); \ B0 = B0.rotr<13>(); \ diff --git a/src/lib/utils/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index aca7a8e9a7..d9a41c8004 100644 --- a/src/lib/utils/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h @@ -508,37 +508,38 @@ class SIMD_4x32 final #endif } - SIMD_4x32 operator<<(size_t shift) const + + template SIMD_4x32 shl() const { #if defined(BOTAN_SIMD_USE_SSE2) - return SIMD_4x32(_mm_slli_epi32(m_sse, static_cast(shift))); + return SIMD_4x32(_mm_slli_epi32(m_sse, SHIFT)); #elif defined(BOTAN_SIMD_USE_ALTIVEC) - const unsigned int s = static_cast(shift); + const unsigned int s = static_cast(SHIFT); return SIMD_4x32(vec_sl(m_vmx, (__vector unsigned int){s, s, s, s})); #elif defined(BOTAN_SIMD_USE_NEON) - return SIMD_4x32(vshlq_n_u32(m_neon, static_cast(shift))); + return SIMD_4x32(vshlq_n_u32(m_neon, SHIFT)); #else - return SIMD_4x32(m_scalar[0] << shift, - m_scalar[1] << shift, - m_scalar[2] << shift, - m_scalar[3] << shift); + return SIMD_4x32(m_scalar[0] << SHIFT, + m_scalar[1] << SHIFT, + m_scalar[2] << SHIFT, + m_scalar[3] << SHIFT); #endif } - SIMD_4x32 operator>>(size_t shift) const + template SIMD_4x32 shr() const { #if defined(BOTAN_SIMD_USE_SSE2) - return SIMD_4x32(_mm_srli_epi32(m_sse, static_cast(shift))); + return SIMD_4x32(_mm_srli_epi32(m_sse, SHIFT)); #elif defined(BOTAN_SIMD_USE_ALTIVEC) - const unsigned int s = static_cast(shift); + const unsigned int s = static_cast(SHIFT); return SIMD_4x32(vec_sr(m_vmx, (__vector unsigned int){s, s, s, s})); #elif defined(BOTAN_SIMD_USE_NEON) - return SIMD_4x32(vshrq_n_u32(m_neon, static_cast(shift))); + return SIMD_4x32(vshrq_n_u32(m_neon, SHIFT)); #else - return SIMD_4x32(m_scalar[0] >> shift, m_scalar[1] >> shift, - m_scalar[2] >> shift, m_scalar[3] >> shift); + return SIMD_4x32(m_scalar[0] >> SHIFT, m_scalar[1] >> SHIFT, + m_scalar[2] >> SHIFT, m_scalar[3] >> SHIFT); #endif } diff --git a/src/tests/test_simd.cpp b/src/tests/test_simd.cpp index 1f192c6b66..60c46fc67a 100644 --- a/src/tests/test_simd.cpp +++ b/src/tests/test_simd.cpp @@ -82,10 +82,10 @@ class SIMD_32_Tests final : public Test blender = ~blender; test_eq(result, "~", blender, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF); - blender = blender >> 23; + blender = blender.shr<23>(); test_eq(result, ">>", blender, 0x1FF, 0x1FF, 0x1FF, 0x1FF); - blender = blender << 27; + blender = blender.shl<27>(); test_eq(result, "<<", blender, 0xF8000000, 0xF8000000, 0xF8000000, 0xF8000000); blender = ~blender; From da5db8c7220d1d0d71f7778628ae82d73ebdb013 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 05:33:49 -0500 Subject: [PATCH 0318/1008] Add basic iteration constructs to template files Eliminates the last bits of makefile-specific syntax from configure.py --- configure.py | 143 +++++++++++++++++++++++++------------ src/build-data/makefile.in | 34 ++++++--- 2 files changed, 121 insertions(+), 56 deletions(-) diff --git a/configure.py b/configure.py index 75ee136b02..00b8cb0a24 100755 --- a/configure.py +++ b/configure.py @@ -249,6 +249,15 @@ def build_dirs(self): out += [self.fuzzer_output_dir] return out + def format_include_paths(self, cc, external_include): + dash_i = cc.add_include_dir_option + output = dash_i + self.include_dir + if self.external_headers: + output += ' ' + dash_i + self.external_include_dir + if external_include: + output += ' ' + dash_i + external_include + return output + def src_info(self, typ): if typ == 'lib': return (self.lib_sources, self.libobj_dir) @@ -1431,6 +1440,8 @@ def read_textfile(filepath): def process_template(template_file, variables): + # pylint: disable=too-many-branches,too-many-statements + """ Perform template substitution @@ -1442,8 +1453,11 @@ def __init__(self, vals): self.vals = vals self.value_pattern = re.compile(r'%{([a-z][a-z_0-9]+)}') self.cond_pattern = re.compile('%{(if|unless) ([a-z][a-z_0-9]+)}') + self.for_pattern = re.compile('(.*)%{for ([a-z][a-z_0-9]+)}') + self.join_pattern = re.compile('(.*)%{join ([a-z][a-z_0-9]+)}') def substitute(self, template): + # pylint: disable=too-many-locals def insert_value(match): v = match.group(1) if v in self.vals: @@ -1452,15 +1466,17 @@ def insert_value(match): lines = template.splitlines() - output = [] + output = "" idx = 0 while idx < len(lines): - cond = self.cond_pattern.match(lines[idx]) + cond_match = self.cond_pattern.match(lines[idx]) + join_match = self.join_pattern.match(lines[idx]) + for_match = self.for_pattern.match(lines[idx]) - if cond: - cond_type = cond.group(1) - cond_var = cond.group(2) + if cond_match: + cond_type = cond_match.group(1) + cond_var = cond_match.group(2) include_cond = False @@ -1474,13 +1490,47 @@ def insert_value(match): if lines[idx] == '%{endif}': break if include_cond: - output.append(lines[idx]) + output += lines[idx] + "\n" idx += 1 + elif join_match: + join_var = join_match.group(2) + join_str = ' ' + join_line = '%%{join %s}' % (join_var) + output += lines[idx].replace(join_line, join_str.join(self.vals[join_var])) + "\n" + elif for_match: + for_prefix = for_match.group(1) + output += for_prefix + for_var = for_match.group(2) + + if for_var not in self.vals: + raise InternalError("Unknown for loop iteration variable '%s'" % (for_var)) + + var = self.vals[for_var] + if not isinstance(var, list): + raise InternalError("For loop iteration variable '%s' is not a list" % (for_var)) + idx += 1 + + for_body = "" + while idx < len(lines): + if lines[idx] == '%{endfor}': + break + for_body += lines[idx] + "\n" + idx += 1 + + for v in var: + if isinstance(v, dict): + for_val = for_body + for ik, iv in v.items(): + for_val = for_val.replace('%{' + ik + '}', iv) + output += for_val + "\n" + else: + output += for_body.replace('%{i}', v) + output += "\n" else: - output.append(lines[idx]) + output += lines[idx] + "\n" idx += 1 - return self.value_pattern.sub(insert_value, '\n'.join(output)) + '\n' + return self.value_pattern.sub(insert_value, output) + '\n' try: return SimpleTemplate(variables).substitute(read_textfile(template_file)) @@ -1489,10 +1539,6 @@ def insert_value(match): except Exception as e: # pylint: disable=broad-except logging.error('Exception %s during template processing file %s' % (e, template_file)) -def makefile_list(items): - separator = " \\\n" + 16*" " - return separator.join(items) - def gen_bakefile(build_config, options, external_libs): def bakefile_sources(fd, sources): @@ -1845,53 +1891,52 @@ def remove_dups(parts): name = name.replace('.cpp', obj_suffix) yield os.path.join(obj_dir, name) - def _build_commands(self, sources, obj_dir, objects, is_lib): - """ - Form snippets of makefile for building each source file - """ - includes = self._cc.add_include_dir_option + self._build_paths.include_dir - if self._build_paths.external_headers: - includes += ' ' + self._cc.add_include_dir_option + self._build_paths.external_include_dir - if self._options.with_external_includedir: - includes += ' ' + self._cc.add_include_dir_option + self._options.with_external_includedir - - is_fuzzer = obj_dir.find('fuzzer') != -1 - fuzzer_link = '' if self._options.fuzzer_lib is None \ - else '%s%s' % (self._cc.add_lib_option, self._options.fuzzer_lib) - + def _build_info(self, sources, objects, target_type): + output = [] for (obj_file, src) in zip(objects, sources): - isa_specific_flags_str = "".join([" %s" % flagset for flagset in sorted(self._isa_specific_flags(src))]) + isa_specific_flags_str = ("".join([" %s" % flagset for flagset in + sorted(self._isa_specific_flags(src))])).strip() - yield '%s: %s\n\t$(CXX)%s $(%s_FLAGS) %s %s %s %s$@\n' % ( - obj_file, src, isa_specific_flags_str, 'LIB' if is_lib else 'EXE', - includes, self._cc.compile_flags, src, self._cc.output_to_object) + info = { + 'src': src, + 'obj': obj_file, + 'isa_flags': isa_specific_flags_str, + 'target_type': 'LIB' if target_type == 'lib' else 'EXE', + } - if is_fuzzer: + if target_type == 'fuzzer': fuzz_basename = os.path.basename(obj_file).replace('.' + self._osinfo.obj_suffix, '') - fuzz_bin = self._build_paths.fuzzer_output_dir - yield '%s: %s $(LIBRARIES)\n\t$(EXE_LINK_CMD) %s $(EXE_LINKS_TO) %s %s$@\n' % ( - os.path.join(fuzz_bin, fuzz_basename), obj_file, obj_file, fuzzer_link, - self._cc.output_to_object) + info['exe'] = os.path.join(self._build_paths.fuzzer_output_dir, fuzz_basename) + + output.append(info) + + return output def generate(self): out = {} - targets = ['lib', 'cli', 'test'] + \ - (['fuzzer'] if self._options.build_fuzzers else []) + targets = ['lib', 'cli', 'test', 'fuzzer'] for t in targets: src_list, src_dir = self._build_paths.src_info(t) - src_list.sort() - objects = list(self._objectfile_list(src_list, src_dir)) obj_key = '%s_objs' % (t) - out[obj_key] = makefile_list(objects) + build_key = '%s_build_info' % (t) + + objects = [] + build_info = [] + + if src_list is not None: + src_list.sort() + objects = list(self._objectfile_list(src_list, src_dir)) + build_info = self._build_info(src_list, objects, t) + + out[obj_key] = objects + out[build_key] = build_info if t == 'fuzzer': - out['fuzzer_bin'] = makefile_list(self._fuzzer_bin_list(objects, self._build_paths.fuzzer_output_dir)) + out['fuzzer_bin'] = ' '.join(self._fuzzer_bin_list(objects, self._build_paths.fuzzer_output_dir)) - build_key = '%s_build_cmds' % (t) - out[build_key] = '\n'.join(self._build_commands(src_list, src_dir, objects, t == 'lib')) return out @@ -1928,7 +1973,9 @@ def _read_pem(filepath): return "\\\n" + ' \\\n'.join(lines) -def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches,too-many-statements +def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): + #pylint: disable=too-many-locals,too-many-branches,too-many-statements + """ Create the template variables needed to process the makefile, build.h, etc """ @@ -2067,6 +2114,9 @@ def configure_command_line(): 'linker': cc.linker_name or '$(CXX)', 'make_supports_phony': cc.basename != 'msvc', + 'dash_o': cc.output_to_object, + 'dash_c': cc.compile_flags, + 'cc_lang_flags': cc.cc_lang_flags(), 'cc_compile_flags': options.cxxflags or cc.cc_compile_flags(options), 'ldflags': options.ldflags or '', @@ -2089,6 +2139,9 @@ def configure_command_line(): [cc.add_framework_option + fw for fw in link_to('frameworks')] ), + 'fuzzer_lib': (cc.add_lib_option + options.fuzzer_lib) if options.fuzzer_lib else '', + + 'include_paths': build_config.format_include_paths(cc, options.with_external_includedir), 'module_defines': make_cpp_macros(sorted(flatten([m.defines() for m in modules]))), 'target_os_defines': make_cpp_macros(osinfo.defines(options)), @@ -2099,8 +2152,6 @@ def configure_command_line(): 'botan_include_dir': build_config.botan_include_dir, - 'include_files': makefile_list(build_config.public_headers), - 'unsafe_fuzzer_mode_define': '#define BOTAN_UNSAFE_FUZZER_MODE' if options.unsafe_fuzzer_mode else '', 'fuzzer_type': '#define BOTAN_FUZZER_IS_%s' % (options.build_fuzzers.upper()) if options.build_fuzzers else '', diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 9262bfd06a..86a2f4f3f7 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -59,11 +59,11 @@ install: libs cli docs $(PYTHON_EXE) $(SCRIPTS_DIR)/install.py --prefix=%{prefix} --build-dir="%{build_dir}" --bindir=%{bindir} --libdir=%{libdir} --docdir=%{docdir} --includedir=%{includedir} # Object Files -LIBOBJS = %{lib_objs} +LIBOBJS = %{join lib_objs} -CLIOBJS = %{cli_objs} +CLIOBJS = %{join cli_objs} -TESTOBJS = %{test_objs} +TESTOBJS = %{join test_objs} # Executable targets @@ -77,7 +77,7 @@ $(TEST): $(LIBRARIES) $(TESTOBJS) %{if build_fuzzers} -FUZZERS=%{fuzzer_bin} +FUZZERS = %{fuzzer_bin} fuzzers: libs $(FUZZERS) @@ -115,12 +115,26 @@ fuzzer_corpus_zip: fuzzer_corpus %{endif} # Build Commands -%{lib_build_cmds} -%{cli_build_cmds} +%{for lib_build_info} +%{obj}: %{src} + $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ +%{endfor} -%{test_build_cmds} +%{for cli_build_info} +%{obj}: %{src} + $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ +%{endfor} -%{if build_fuzzers} -%{fuzzer_build_cmds} -%{endif} +%{for test_build_info} +%{obj}: %{src} + $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ +%{endfor} + +%{for fuzzer_build_info} +%{obj}: %{src} + $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + +%{exe}: %{obj} $(LIBRARIES) + $(EXE_LINK_CMD) %{obj} $(EXE_LINKS_TO) %{fuzzer_lib} %{output_to_exe}$@ +%{endfor} From bfcf7075e158b18411dfd7661bd0c5d1ab429e59 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 9 Dec 2017 18:13:58 -0500 Subject: [PATCH 0319/1008] Generate the CMake using a template file Less code in configure.py == betters --- configure.py | 245 +++++++++++----------------------------- src/build-data/cmake.in | 62 ++++++++++ 2 files changed, 131 insertions(+), 176 deletions(-) create mode 100644 src/build-data/cmake.in diff --git a/configure.py b/configure.py index 00b8cb0a24..c441b258da 100755 --- a/configure.py +++ b/configure.py @@ -1140,13 +1140,16 @@ def gen_visibility_attribute(self, options): return self.visibility_attribute return '' - def mach_abi_link_flags(self, options): + def mach_abi_link_flags(self, options, with_debug_info=None): """ Return the machine specific ABI flags """ + if with_debug_info is None: + with_debug_info = options.with_debug_info + def all_group(): - if options.with_debug_info and 'all-debug' in self.mach_abi_linking: + if with_debug_info and 'all-debug' in self.mach_abi_linking: return 'all-debug' return 'all' @@ -1192,12 +1195,17 @@ def gen_flags(): def cc_lang_flags(self): return self.lang_flags - def cc_compile_flags(self, options): - def gen_flags(): - if options.with_debug_info: + def cc_compile_flags(self, options, with_debug_info=None, enable_optimizations=None): + def gen_flags(with_debug_info, enable_optimizations): + if with_debug_info is None: + with_debug_info = options.with_debug_info + if enable_optimizations is None: + enable_optimizations = not options.no_optimizations + + if with_debug_info: yield self.debug_info_flags - if not options.no_optimizations: + if enable_optimizations: if options.optimize_for_size: if self.size_optimization_flags != '': yield self.size_optimization_flags @@ -1222,7 +1230,7 @@ def submodel_fixup(full_cpu, mach_opt_flags_tupel): if all_arch in self.mach_opt_flags: yield self.mach_opt_flags[all_arch][0] - return (' '.join(gen_flags())).strip() + return (' '.join(gen_flags(with_debug_info, enable_optimizations))).strip() @staticmethod def _so_link_search(osname, debug_info): @@ -1618,185 +1626,69 @@ def bakefile_test_sources(fd, sources): f.close() -class CmakeGenerator(object): - def __init__(self, build_paths, using_mods, cc, options, template_vars): - self._build_paths = build_paths - self._using_mods = using_mods - self._cc = cc - - self._options_release = copy.deepcopy(options) - self._options_release.no_optimizations = False - self._options_release.with_debug_info = False - - self._options_debug = copy.deepcopy(options) - self._options_debug.no_optimizations = True - self._options_debug.with_debug_info = True - - self._template_vars = template_vars +def generate_cmake(source_paths, build_paths, using_mods, cc, options, template_vars): - @staticmethod - def _escape(input_str): + def escape(input_str): return input_str.replace('(', '\\(').replace(')', '\\)').replace('#', '\\#').replace('$', '\\$') - @staticmethod - def _cmake_normalize(source): + def cmake_normalize(source): return os.path.normpath(source).replace('\\', '/') - @staticmethod - def _create_target_rules(sources): - target = {'sources': {}, 'frameworks': set(), 'libs': set()} - for source in sources: - target['sources'][source] = {'isa_flags': set()} - return target - - def _add_target_details(self, target, using_mod): - libs_or_frameworks_needed = False - for source_path in target['sources']: - for mod_source in using_mod.source: - if source_path == mod_source: - libs_or_frameworks_needed = True - for isa in using_mod.need_isa: - isa_flag = self._cc.isa_flags_for(isa, self._template_vars['arch']) - target['sources'][source_path]['isa_flags'].add(isa_flag) - if libs_or_frameworks_needed: - if self._options_release.os in using_mod.libs: - for lib in using_mod.libs[self._options_release.os]: - target['libs'].add(lib) - if self._options_release.os in using_mod.frameworks: - for framework in using_mod.frameworks[self._options_release.os]: - target['frameworks'].add('"-framework %s"' % framework) - - @staticmethod - def _generate_target_sources_list(fd, target_name, target): - fd.write('set(%s\n' % target_name) - sorted_sources = sorted(target['sources'].keys()) - for source in sorted_sources: - fd.write(' "${CMAKE_CURRENT_LIST_DIR}/%s"\n' % CmakeGenerator._cmake_normalize(source)) - fd.write(')\n\n') - - @staticmethod - def _generate_target_source_files_isa_properties(fd, target): - sorted_sources = sorted(target['sources'].keys()) - for source in sorted_sources: - joined_isa_flags = ' '.join(target['sources'][source]['isa_flags']) - if joined_isa_flags: - fd.write('set_source_files_properties("${CMAKE_CURRENT_LIST_DIR}/%s" PROPERTIES COMPILE_FLAGS "%s")\n' - % (CmakeGenerator._cmake_normalize(source), joined_isa_flags)) + def generate_source_list(src_list): + s = "" + for source in sorted(src_list): + s += ' "${CMAKE_CURRENT_LIST_DIR}/%s"\n' % cmake_normalize(source) + return s + + def generate_isa_properties(mods): + isa_map = {} # map from src file -> ISA flags + for mod in mods: + + isa_flags = set() + for isa in mod.need_isa: + flag = cc.isa_flags_for(isa, template_vars['arch']) + if flag != "": + isa_flags.add(flag) + + if isa_flags: + isa_flags = ' '.join(isa_flags) + for src_file in mod.source: + isa_map[src_file] = isa_flags + + output = "" + prop_template = 'set_source_files_properties("${CMAKE_CURRENT_LIST_DIR}/%s" PROPERTIES COMPILE_FLAGS "%s")\n' + for k in sorted(isa_map.keys()): + output += prop_template % (os.path.normpath(k), isa_map[k]) + return output - @staticmethod - def _write_header(fd): - fd.write('cmake_minimum_required(VERSION 2.8.0)\n') - fd.write('project(botan)\n\n') - fd.write('if(POLICY CMP0042)\n') - fd.write('cmake_policy(SET CMP0042 NEW)\n') - fd.write('endif()\n\n') - - def _write_footer(self, fd, library_link, cli_link, tests_link): - fd.write('\n') - - fd.write('option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warning policy will be used" OFF)\n') - fd.write('option(ENABLED_LTO "If enabled link time optimization will be used" OFF)\n\n') - - fd.write('set(COMPILER_FEATURES_RELEASE %s %s %s)\n' - % (self._cc.cc_lang_flags(), - self._cc.cc_compile_flags(self._options_release), - self._cc.mach_abi_link_flags(self._options_release))) - - fd.write('set(COMPILER_FEATURES_DEBUG %s %s %s)\n' - % (self._cc.cc_lang_flags(), - self._cc.cc_compile_flags(self._options_debug), - self._cc.mach_abi_link_flags(self._options_debug))) - - fd.write('set(COMPILER_FEATURES $<$>:${COMPILER_FEATURES_RELEASE}>' - +' $<$:${COMPILER_FEATURES_DEBUG}>)\n') - - fd.write('set(SHARED_FEATURES %s)\n' % self._escape(self._template_vars['shared_flags'])) - fd.write('set(STATIC_FEATURES -DBOTAN_DLL=)\n') - - fd.write('set(COMPILER_WARNINGS %s)\n' % self._cc.cc_warning_flags(self._options_release)) - fd.write('set(COMPILER_INCLUDE_DIRS build/include build/include/external)\n') - fd.write('if(ENABLED_LTO)\n') - fd.write(' set(COMPILER_FEATURES ${COMPILER_FEATURES} -lto)\n') - fd.write('endif()\n') - fd.write('if(ENABLED_OPTIONAL_WARINIGS)\n') - fd.write(' set(COMPILER_OPTIONAL_WARNINGS -Wsign-promo -Wctor-dtor-privacy -Wdeprecated -Winit-self' + - ' -Wnon-virtual-dtor -Wunused-macros -Wold-style-cast -Wuninitialized)\n') - fd.write('endif()\n\n') - - fd.write('add_library(${PROJECT_NAME} STATIC ${BOTAN_SOURCES})\n') - fd.write('target_link_libraries(${PROJECT_NAME} PUBLIC %s)\n' - % library_link) - fd.write('target_compile_options(${PROJECT_NAME} PUBLIC ${COMPILER_WARNINGS} ${COMPILER_FEATURES}' + - ' ${COMPILER_OPTIONAL_WARNINGS} PRIVATE ${STATIC_FEATURES})\n') - - fd.write('target_include_directories(${PROJECT_NAME} PUBLIC ${COMPILER_INCLUDE_DIRS})\n\n') - fd.write('set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${PROJECT_NAME}-static)\n\n') - - fd.write('add_library(${PROJECT_NAME}_shared SHARED ${BOTAN_SOURCES})\n') - fd.write('target_link_libraries(${PROJECT_NAME}_shared PUBLIC %s)\n' - % library_link) - fd.write('target_compile_options(${PROJECT_NAME}_shared PUBLIC ${COMPILER_WARNINGS}' + - ' ${COMPILER_FEATURES} ${COMPILER_OPTIONAL_WARNINGS} PRIVATE ${SHARED_FEATURES})\n') - fd.write('target_include_directories(${PROJECT_NAME}_shared PUBLIC ${COMPILER_INCLUDE_DIRS})\n') - fd.write('set_target_properties(${PROJECT_NAME}_shared PROPERTIES OUTPUT_NAME ${PROJECT_NAME})\n\n') - - fd.write('add_executable(${PROJECT_NAME}_cli ${BOTAN_CLI})\n') - fd.write('target_link_libraries(${PROJECT_NAME}_cli PRIVATE ${PROJECT_NAME}_shared %s)\n' - % cli_link) - fd.write('set_target_properties(${PROJECT_NAME}_cli PROPERTIES OUTPUT_NAME ${PROJECT_NAME}-cli)\n\n') - - fd.write('add_executable(${PROJECT_NAME}_tests ${BOTAN_TESTS})\n') - fd.write('target_link_libraries(${PROJECT_NAME}_tests PRIVATE ${PROJECT_NAME}_shared %s)\n' - % tests_link) - fd.write('set_target_properties(${PROJECT_NAME}_tests PROPERTIES OUTPUT_NAME botan-test)\n\n') - - fd.write('set(GLOBAL_CONFIGURATION_FILES configure.py .gitignore news.rst readme.rst)\n') - fd.write('file(GLOB_RECURSE CONFIGURATION_FILES src/configs/* )\n') - fd.write('file(GLOB_RECURSE DOCUMENTATION_FILES doc/* )\n') - fd.write('file(GLOB_RECURSE HEADER_FILES src/*.h )\n') - fd.write('file(GLOB_RECURSE INFO_FILES src/lib/*info.txt )\n') - fd.write('add_custom_target(CONFIGURATION_DUMMY SOURCES ' + - '${GLOBAL_CONFIGURATION_FILES} ${CONFIGURATION_FILES} ' + - '${DOCUMENTATION_FILES} ${INFO_FILES} ${HEADER_FILES})\n') + def libs_used(mods): + libs = set() + for mod in mods: + if options.os in mod.libs: + for lib in mod.libs[options.os]: + libs.add(lib) + if options.os in mod.frameworks: + for framework in mod.frameworks[options.os]: + libs.add('"-framework %s"' % framework) - def generate(self): - library_target_configuration = self._create_target_rules(self._build_paths.lib_sources) - tests_target_configuration = self._create_target_rules(self._build_paths.test_sources) - cli_target_configuration = self._create_target_rules(self._build_paths.cli_sources) - - for module in self._using_mods: - self._add_target_details(library_target_configuration, module) - self._add_target_details(tests_target_configuration, module) - self._add_target_details(cli_target_configuration, module) - - library_target_libs_and_frameworks = '%s %s' % ( - ' '.join(library_target_configuration['frameworks']), - ' '.join(library_target_configuration['libs']), - ) - tests_target_libs_and_frameworks = '%s %s' % ( - ' '.join(tests_target_configuration['frameworks']), - ' '.join(tests_target_configuration['libs']) - ) - cli_target_libs_and_frameworks = '%s %s' % ( - ' '.join(cli_target_configuration['frameworks']), - ' '.join(cli_target_configuration['libs']) - ) + return ' '.join(sorted(libs)) - with open('CMakeLists.txt', 'w') as f: - self._write_header(f) - self._generate_target_sources_list(f, 'BOTAN_SOURCES', library_target_configuration) - self._generate_target_sources_list(f, 'BOTAN_CLI', cli_target_configuration) - self._generate_target_sources_list(f, 'BOTAN_TESTS', tests_target_configuration) - self._generate_target_source_files_isa_properties(f, library_target_configuration) - self._generate_target_source_files_isa_properties(f, cli_target_configuration) - self._generate_target_source_files_isa_properties(f, tests_target_configuration) + cmake_template = os.path.join(source_paths.build_data_dir, 'cmake.in') - self._write_footer(f, - library_target_libs_and_frameworks, - tests_target_libs_and_frameworks, - cli_target_libs_and_frameworks) + # Create cmake-specific variables + cmake_vars = copy.deepcopy(template_vars) + cmake_vars['cmake_shared_flags'] = escape(template_vars['shared_flags']) + cmake_vars['cc_compile_flags'] = cc.cc_compile_flags(options, False, True) + cmake_vars['cc_compile_debug_flags'] = cc.cc_compile_flags(options, True, False) + cmake_vars['cxx_abi_debug_flags'] = cc.mach_abi_link_flags(options, True) + cmake_vars['cmake_lib_sources'] = generate_source_list(build_paths.lib_sources) + cmake_vars['cmake_cli_sources'] = generate_source_list(build_paths.cli_sources) + cmake_vars['cmake_test_sources'] = generate_source_list(build_paths.test_sources) + cmake_vars['cmake_compile_properties'] = generate_isa_properties(using_mods) + cmake_vars['cmake_libs_used'] = libs_used(using_mods) + return process_template(cmake_template, cmake_vars) class MakefileListsGenerator(object): def __init__(self, build_paths, options, modules, cc, arch, osinfo): @@ -3230,7 +3122,8 @@ def link_headers(headers, visibility, directory): gen_bakefile(build_config, options, template_vars['link_to']) if options.with_cmake: - CmakeGenerator(build_config, using_mods, cc, options, template_vars).generate() + with open('CMakeLists.txt', 'w') as f: + f.write(generate_cmake(source_paths, build_config, using_mods, cc, options, template_vars)) write_template(template_vars['makefile_path'], makefile_template) diff --git a/src/build-data/cmake.in b/src/build-data/cmake.in new file mode 100644 index 0000000000..4fa9060088 --- /dev/null +++ b/src/build-data/cmake.in @@ -0,0 +1,62 @@ +cmake_minimum_required(VERSION 2.8.0) +project(botan) + +if(POLICY CMP0042) +cmake_policy(SET CMP0042 NEW) +endif() + +set(BOTAN_SOURCES +%{cmake_lib_sources}) + +set(BOTAN_CLI +%{cmake_cli_sources}) + +set(BOTAN_TESTS +%{cmake_test_sources}) + +%{cmake_compile_properties} + +option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warning policy will be used" OFF) +option(ENABLED_LTO "If enabled link time optimization will be used" OFF) + +set(COMPILER_FEATURES_RELEASE %{cc_lang_flags} %{cc_compile_flags} %{cxx_abi_flags}) +set(COMPILER_FEATURES_DEBUG %{cc_lang_flags} %{cc_compile_debug_flags} %{cxx_abi_debug_flags}) +set(COMPILER_FEATURES $<$>:${COMPILER_FEATURES_RELEASE}> $<$:${COMPILER_FEATURES_DEBUG}>) +set(SHARED_FEATURES %{cmake_shared_flags}) +set(STATIC_FEATURES -DBOTAN_DLL=) +set(COMPILER_WARNINGS %{cc_warning_flags}) +set(COMPILER_INCLUDE_DIRS build/include build/include/external) +if(ENABLED_LTO) + set(COMPILER_FEATURES ${COMPILER_FEATURES} -lto) +endif() +if(ENABLED_OPTIONAL_WARINIGS) + set(COMPILER_OPTIONAL_WARNINGS -Wsign-promo -Wctor-dtor-privacy -Wdeprecated -Winit-self -Wnon-virtual-dtor -Wunused-macros -Wold-style-cast -Wuninitialized) +endif() + +add_library(${PROJECT_NAME} STATIC ${BOTAN_SOURCES}) +target_link_libraries(${PROJECT_NAME} PUBLIC %{cmake_libs_used}) +target_compile_options(${PROJECT_NAME} PUBLIC ${COMPILER_WARNINGS} ${COMPILER_FEATURES} ${COMPILER_OPTIONAL_WARNINGS} PRIVATE ${STATIC_FEATURES}) +target_include_directories(${PROJECT_NAME} PUBLIC ${COMPILER_INCLUDE_DIRS}) + +set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${PROJECT_NAME}-static) + +add_library(${PROJECT_NAME}_shared SHARED ${BOTAN_SOURCES}) +target_link_libraries(${PROJECT_NAME}_shared PUBLIC %{cmake_libs_used}) +target_compile_options(${PROJECT_NAME}_shared PUBLIC ${COMPILER_WARNINGS} ${COMPILER_FEATURES} ${COMPILER_OPTIONAL_WARNINGS} PRIVATE ${SHARED_FEATURES}) +target_include_directories(${PROJECT_NAME}_shared PUBLIC ${COMPILER_INCLUDE_DIRS}) +set_target_properties(${PROJECT_NAME}_shared PROPERTIES OUTPUT_NAME ${PROJECT_NAME}) + +add_executable(${PROJECT_NAME}_cli ${BOTAN_CLI}) +target_link_libraries(${PROJECT_NAME}_cli PRIVATE ${PROJECT_NAME}_shared ) +set_target_properties(${PROJECT_NAME}_cli PROPERTIES OUTPUT_NAME ${PROJECT_NAME}-cli) + +add_executable(${PROJECT_NAME}_tests ${BOTAN_TESTS}) +target_link_libraries(${PROJECT_NAME}_tests PRIVATE ${PROJECT_NAME}_shared ) +set_target_properties(${PROJECT_NAME}_tests PROPERTIES OUTPUT_NAME botan-test) + +set(GLOBAL_CONFIGURATION_FILES configure.py .gitignore news.rst readme.rst) +file(GLOB_RECURSE CONFIGURATION_FILES src/configs/* ) +file(GLOB_RECURSE DOCUMENTATION_FILES doc/* ) +file(GLOB_RECURSE HEADER_FILES src/*.h ) +file(GLOB_RECURSE INFO_FILES src/lib/*info.txt ) +add_custom_target(CONFIGURATION_DUMMY SOURCES ${GLOBAL_CONFIGURATION_FILES} ${CONFIGURATION_FILES} ${DOCUMENTATION_FILES} ${INFO_FILES} ${HEADER_FILES}) From bb54aa2479af5389b350e70fdfb274e2945d9092 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 9 Dec 2017 18:39:57 -0500 Subject: [PATCH 0320/1008] Use template file to generate bakefile --- configure.py | 100 ++++++++++--------------------------- src/build-data/bakefile.in | 28 +++++++++++ 2 files changed, 54 insertions(+), 74 deletions(-) create mode 100644 src/build-data/bakefile.in diff --git a/configure.py b/configure.py index c441b258da..e0f9ea5289 100755 --- a/configure.py +++ b/configure.py @@ -432,14 +432,13 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--with-valgrind', help='use valgrind API', dest='with_valgrind', action='store_true', default=False) - build_group.add_option('--with-bakefile', action='store_true', - default=False, - help='Generate bakefile which can be used to create Visual Studio or Xcode project files') - build_group.add_option('--with-cmake', action='store_true', default=False, help='Generate CMakeLists.txt which can be used to create many IDEs project files') + build_group.add_option('--with-bakefile', action='store_true', + default=False, help=optparse.SUPPRESS_HELP) + build_group.add_option('--unsafe-fuzzer-mode', action='store_true', default=False, help='Disable essential checks for testing') @@ -1547,84 +1546,32 @@ def insert_value(match): except Exception as e: # pylint: disable=broad-except logging.error('Exception %s during template processing file %s' % (e, template_file)) -def gen_bakefile(build_config, options, external_libs): +def gen_bakefile(build_config, options, template_vars): - def bakefile_sources(fd, sources): + def bakefile_sources(sources, typ_str='sources'): + out = "" for src in sources: (directory, filename) = os.path.split(os.path.normpath(src)) directory = directory.replace('\\', '/') _, directory = directory.split('src/', 1) - fd.write('\tsources { src/%s/%s } \n' % (directory, filename)) + out += '\t%s { src/%s/%s } \n' % (typ_str, directory, filename) + return out - def bakefile_cli_headers(fd, headers): - for header in headers: - (directory, filename) = os.path.split(os.path.normpath(header)) - directory = directory.replace('\\', '/') - _, directory = directory.split('src/', 1) - fd.write('\theaders { src/%s/%s } \n' % (directory, filename)) + bakefile_template = os.path.join(source_paths.build_data_dir, 'bakefile.in') - def bakefile_test_sources(fd, sources): - for src in sources: - (_, filename) = os.path.split(os.path.normpath(src)) - fd.write('\tsources { src/tests/%s } \n' %filename) - - f = open('botan.bkl', 'w') - f.write('toolsets = vs2013;\n') - - # shared library project - f.write('shared-library botan {\n') - f.write('\tdefines = "BOTAN_DLL=__declspec(dllexport)";\n') - bakefile_sources(f, build_config.lib_sources) - f.write('}\n') - - # cli project - f.write('program cli {\n') - f.write('\tdeps = botan;\n') - bakefile_sources(f, build_config.cli_sources) - bakefile_cli_headers(f, build_config.cli_headers) - f.write('}\n') - - # tests project - f.write('program tests {\n') - f.write('\tdeps = botan;\n') - bakefile_test_sources(f, build_config.test_sources) - f.write('}\n') - - # global options - f.write('includedirs += build/include/;\n') - - for lib in external_libs.split(" "): - f.write('libs += "%s";\n' %lib.replace('.lib', '')) - - if options.with_external_includedir: - external_inc_dir = options.with_external_includedir.replace('\\', '/') - # Attention: bakefile supports only relative paths - f.write('includedirs += "%s";\n' %external_inc_dir) - - if options.with_external_libdir: - external_lib_dir = options.with_external_libdir.replace('\\', '/') - # Attention: bakefile supports only relative paths - f.write('libdirs += "%s";\n' %external_lib_dir) - - if build_config.external_headers: - f.write('includedirs += build/include/external;\n') - - if options.cpu in "x86_64": - f.write('archs = x86_64;\n') - else: - f.write('archs = x86;\n') + bakefile_vars = copy.deepcopy(template_vars) + bakefile_vars['bakefile_source_list'] = bakefile_sources(build_config.lib_sources) + bakefile_vars['bakefile_cli_list'] = bakefile_sources(build_config.cli_sources) + \ + bakefile_sources(build_config.cli_headers, 'headers') + bakefile_vars['bakefile_tests_list'] = bakefile_sources(build_config.test_sources) - # vs2013 options - f.write('vs2013.option.ClCompile.DisableSpecificWarnings = "4250;4251;4275";\n') - f.write('vs2013.option.ClCompile.WarningLevel = Level4;\n') - f.write('vs2013.option.ClCompile.ExceptionHandling = SyncCThrow;\n') - f.write('vs2013.option.ClCompile.RuntimeTypeInfo = true;\n') - f.write('if ( $(config) == Release ) {\n') - f.write('vs2013.option.Configuration.WholeProgramOptimization = true;\n') - f.write('}\n') + bakefile_vars['cpu'] = options.cpu - f.close() + print(template_vars['link_to']) + bakefile_vars['bakefile_libs'] = '\n'.join( + ['libs += "%s";' % lib.replace('.lib', '') for lib in template_vars['link_to'].split(' ')]) + return process_template(bakefile_template, bakefile_vars) def generate_cmake(source_paths, build_paths, using_mods, cc, options, template_vars): @@ -3010,7 +2957,11 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.with_pdf and not options.with_sphinx: raise UserError('Option --with-pdf requires --with-sphinx') - # Warnings + if options.with_bakefile: + if options.os != 'windows' or options.compiler != 'msvc' or options.build_shared_lib is False: + raise UserError("Building via bakefile is only supported for MSVC DLL build") + + # Warnings if options.os == 'windows' and options.compiler != 'msvc': logging.warning('The windows target is oriented towards MSVC; maybe you want cygwin or mingw') @@ -3119,7 +3070,8 @@ def link_headers(headers, visibility, directory): json.dump(template_vars, f, sort_keys=True, indent=2) if options.with_bakefile: - gen_bakefile(build_config, options, template_vars['link_to']) + with open('botan.bkl', 'w') as f: + f.write(gen_bakefile(source_paths, build_config, options, template_vars)) if options.with_cmake: with open('CMakeLists.txt', 'w') as f: diff --git a/src/build-data/bakefile.in b/src/build-data/bakefile.in new file mode 100644 index 0000000000..0cd9eb5811 --- /dev/null +++ b/src/build-data/bakefile.in @@ -0,0 +1,28 @@ +toolsets = vs2013; +shared-library botan { + defines = "BOTAN_DLL=__declspec(dllexport)"; +%{bakefile_source_list} +} +program cli { + deps = botan; +%{bakefile_cli_list} +} +program tests { + deps = botan; +%{bakefile_tests_list} +} + +includedirs += build/include/; +includedirs += build/include/external; + +%{bakefile_libs} + +archs = %{cpu}; + +vs2013.option.ClCompile.DisableSpecificWarnings = "4250;4251;4275"; +vs2013.option.ClCompile.WarningLevel = Level4; +vs2013.option.ClCompile.ExceptionHandling = SyncCThrow; +vs2013.option.ClCompile.RuntimeTypeInfo = true; +if ( $(config) == Release ) { +vs2013.option.Configuration.WholeProgramOptimization = true; +} From c55cced61a86f9d212243a9cedfa2a554af8be4d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 07:32:59 -0500 Subject: [PATCH 0321/1008] Use for loops in cmake and bakefile builds --- configure.py | 181 +++++++++++-------------------------- src/build-data/bakefile.in | 22 ++++- src/build-data/cmake.in | 27 ++++-- 3 files changed, 89 insertions(+), 141 deletions(-) diff --git a/configure.py b/configure.py index e0f9ea5289..8b53a3080e 100755 --- a/configure.py +++ b/configure.py @@ -50,6 +50,12 @@ class InternalError(Exception): def flatten(l): return sum(l, []) +def normalize_source_path(source): + """ + cmake needs this, and nothing else minds + """ + return os.path.normpath(source).replace('\\', '/') + def parse_version_file(version_path): version_file = open(version_path) key_and_val = re.compile(r"([a-z_]+) = ([a-zA-Z0-9:\-\']+)") @@ -203,7 +209,7 @@ def __init__(self, source_paths, options, modules): if options.amalgamation: self.lib_sources = ['botan_all.cpp'] else: - self.lib_sources = sorted(flatten([mod.sources() for mod in modules])) + self.lib_sources = [normalize_source_path(s) for s in sorted(flatten([mod.sources() for mod in modules]))] self.public_headers = sorted(flatten([m.public_headers() for m in modules])) @@ -219,9 +225,9 @@ def find_headers_in(basedir, srcdir): if filename.endswith('.h') and not filename.startswith('.'): yield os.path.join(dirpath, filename) - self.cli_sources = list(find_sources_in(source_paths.src_dir, 'cli')) - self.cli_headers = list(find_headers_in(source_paths.src_dir, 'cli')) - self.test_sources = list(find_sources_in(source_paths.src_dir, 'tests')) + self.cli_sources = [normalize_source_path(s) for s in find_sources_in(source_paths.src_dir, 'cli')] + self.cli_headers = [normalize_source_path(s) for s in find_headers_in(source_paths.src_dir, 'cli')] + self.test_sources = [normalize_source_path(s) for s in find_sources_in(source_paths.src_dir, 'tests')] if options.build_fuzzers: self.fuzzer_sources = list(find_sources_in(source_paths.src_dir, 'fuzzer')) @@ -288,14 +294,11 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group = optparse.OptionGroup(parser, 'Target options') - target_group.add_option('--cpu', - help='set the target CPU type/model') + target_group.add_option('--cpu', help='set the target CPU type/model') - target_group.add_option('--os', - help='set the target operating system') + target_group.add_option('--os', help='set the target operating system') - target_group.add_option('--cc', dest='compiler', - help='set the desired build compiler') + target_group.add_option('--cc', dest='compiler', help='set the desired build compiler') target_group.add_option('--cc-min-version', dest='cc_min_version', default=None, metavar='MAJOR.MINOR', @@ -303,16 +306,14 @@ def process_command_line(args): # pylint: disable=too-many-locals 'Use --cc-min-version=0.0 to support all compiler versions. ' \ 'Default is auto detection.') - target_group.add_option('--cc-bin', dest='compiler_binary', - metavar='BINARY', + target_group.add_option('--cc-bin', dest='compiler_binary', metavar='BINARY', help='set path to compiler binary') - target_group.add_option('--cc-abi-flags', metavar='FLAG', - help='set compiler ABI flags', - default='') + target_group.add_option('--cc-abi-flags', metavar='FLAG', default='', + help='set compiler ABI flags') - target_group.add_option('--cxxflags', metavar='FLAG', - help='set compiler flags', default=None) + target_group.add_option('--cxxflags', metavar='FLAG', default=None, + help='set compiler flags') target_group.add_option('--ldflags', metavar='FLAG', help='set linker flags', default=None) @@ -805,7 +806,7 @@ def add_dir_name(filename): *filename.split(':')) # Modify members - self.source = [add_dir_name(s) for s in self.source] + self.source = [normalize_source_path(add_dir_name(s)) for s in self.source] self.header_internal = [add_dir_name(s) for s in self.header_internal] self.header_public = [add_dir_name(s) for s in self.header_public] self.header_external = [add_dir_name(s) for s in self.header_external] @@ -1546,97 +1547,6 @@ def insert_value(match): except Exception as e: # pylint: disable=broad-except logging.error('Exception %s during template processing file %s' % (e, template_file)) -def gen_bakefile(build_config, options, template_vars): - - def bakefile_sources(sources, typ_str='sources'): - out = "" - for src in sources: - (directory, filename) = os.path.split(os.path.normpath(src)) - directory = directory.replace('\\', '/') - _, directory = directory.split('src/', 1) - out += '\t%s { src/%s/%s } \n' % (typ_str, directory, filename) - return out - - bakefile_template = os.path.join(source_paths.build_data_dir, 'bakefile.in') - - bakefile_vars = copy.deepcopy(template_vars) - bakefile_vars['bakefile_source_list'] = bakefile_sources(build_config.lib_sources) - bakefile_vars['bakefile_cli_list'] = bakefile_sources(build_config.cli_sources) + \ - bakefile_sources(build_config.cli_headers, 'headers') - bakefile_vars['bakefile_tests_list'] = bakefile_sources(build_config.test_sources) - - bakefile_vars['cpu'] = options.cpu - - print(template_vars['link_to']) - bakefile_vars['bakefile_libs'] = '\n'.join( - ['libs += "%s";' % lib.replace('.lib', '') for lib in template_vars['link_to'].split(' ')]) - - return process_template(bakefile_template, bakefile_vars) - -def generate_cmake(source_paths, build_paths, using_mods, cc, options, template_vars): - - def escape(input_str): - return input_str.replace('(', '\\(').replace(')', '\\)').replace('#', '\\#').replace('$', '\\$') - - def cmake_normalize(source): - return os.path.normpath(source).replace('\\', '/') - - def generate_source_list(src_list): - s = "" - for source in sorted(src_list): - s += ' "${CMAKE_CURRENT_LIST_DIR}/%s"\n' % cmake_normalize(source) - return s - - def generate_isa_properties(mods): - isa_map = {} # map from src file -> ISA flags - for mod in mods: - - isa_flags = set() - for isa in mod.need_isa: - flag = cc.isa_flags_for(isa, template_vars['arch']) - if flag != "": - isa_flags.add(flag) - - if isa_flags: - isa_flags = ' '.join(isa_flags) - for src_file in mod.source: - isa_map[src_file] = isa_flags - - output = "" - prop_template = 'set_source_files_properties("${CMAKE_CURRENT_LIST_DIR}/%s" PROPERTIES COMPILE_FLAGS "%s")\n' - for k in sorted(isa_map.keys()): - output += prop_template % (os.path.normpath(k), isa_map[k]) - return output - - def libs_used(mods): - libs = set() - for mod in mods: - if options.os in mod.libs: - for lib in mod.libs[options.os]: - libs.add(lib) - if options.os in mod.frameworks: - for framework in mod.frameworks[options.os]: - libs.add('"-framework %s"' % framework) - - return ' '.join(sorted(libs)) - - - cmake_template = os.path.join(source_paths.build_data_dir, 'cmake.in') - - # Create cmake-specific variables - cmake_vars = copy.deepcopy(template_vars) - - cmake_vars['cmake_shared_flags'] = escape(template_vars['shared_flags']) - cmake_vars['cc_compile_flags'] = cc.cc_compile_flags(options, False, True) - cmake_vars['cc_compile_debug_flags'] = cc.cc_compile_flags(options, True, False) - cmake_vars['cxx_abi_debug_flags'] = cc.mach_abi_link_flags(options, True) - cmake_vars['cmake_lib_sources'] = generate_source_list(build_paths.lib_sources) - cmake_vars['cmake_cli_sources'] = generate_source_list(build_paths.cli_sources) - cmake_vars['cmake_test_sources'] = generate_source_list(build_paths.test_sources) - cmake_vars['cmake_compile_properties'] = generate_isa_properties(using_mods) - cmake_vars['cmake_libs_used'] = libs_used(using_mods) - return process_template(cmake_template, cmake_vars) - class MakefileListsGenerator(object): def __init__(self, build_paths, options, modules, cc, arch, osinfo): self._build_paths = build_paths @@ -1756,9 +1666,12 @@ def generate(self): targets = ['lib', 'cli', 'test', 'fuzzer'] + out['isa_build_info'] = [] + for t in targets: src_list, src_dir = self._build_paths.src_info(t) + src_key = '%s_srcs' % (t) obj_key = '%s_objs' % (t) build_key = '%s_build_info' % (t) @@ -1770,12 +1683,19 @@ def generate(self): objects = list(self._objectfile_list(src_list, src_dir)) build_info = self._build_info(src_list, objects, t) + for b in build_info: + if b['isa_flags'] != '': + out['isa_build_info'].append(b) + + out[src_key] = src_list if src_list else [] out[obj_key] = objects out[build_key] = build_info if t == 'fuzzer': out['fuzzer_bin'] = ' '.join(self._fuzzer_bin_list(objects, self._build_paths.fuzzer_output_dir)) + out['cli_headers'] = self._build_paths.cli_headers + return out @@ -1953,6 +1873,11 @@ def configure_command_line(): 'linker': cc.linker_name or '$(CXX)', 'make_supports_phony': cc.basename != 'msvc', + 'cc_compile_opt_flags': cc.cc_compile_flags(options, False, True), + 'cc_compile_debug_flags': cc.cc_compile_flags(options, True, False), + 'cxx_abi_opt_flags': cc.mach_abi_link_flags(options, False), + 'cxx_abi_debug_flags': cc.mach_abi_link_flags(options, True), + 'dash_o': cc.output_to_object, 'dash_c': cc.compile_flags, @@ -1978,7 +1903,13 @@ def configure_command_line(): [cc.add_framework_option + fw for fw in link_to('frameworks')] ), + 'cmake_link_to': ' '.join( + [lib for lib in link_to('libs')] + + [('"' + cc.add_framework_option + fw + '"') for fw in link_to('frameworks')] + ), + 'fuzzer_lib': (cc.add_lib_option + options.fuzzer_lib) if options.fuzzer_lib else '', + 'libs_used': [lib.replace('.lib', '') for lib in link_to('libs')], 'include_paths': build_config.format_include_paths(cc, options.with_external_includedir), 'module_defines': make_cpp_macros(sorted(flatten([m.defines() for m in modules]))), @@ -2975,10 +2906,7 @@ def prepare_configure_build(info_modules, source_paths, options, template_vars = create_template_vars(source_paths, build_config, options, using_mods, cc, arch, osinfo) - makefile_template = os.path.join(source_paths.build_data_dir, 'makefile.in') - logging.debug('Using makefile template %s' % (makefile_template)) - - return using_mods, build_config, template_vars, makefile_template + return using_mods, build_config, template_vars def calculate_cc_min_version(options, cc, osinfo): @@ -3002,7 +2930,7 @@ def main_action_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy): # pylint: disable=too-many-locals - using_mods, build_config, template_vars, makefile_template = prepare_configure_build( + using_mods, build_config, template_vars = prepare_configure_build( info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy) # Now we start writing to disk @@ -3069,26 +2997,23 @@ def link_headers(headers, visibility, directory): with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: json.dump(template_vars, f, sort_keys=True, indent=2) - if options.with_bakefile: - with open('botan.bkl', 'w') as f: - f.write(gen_bakefile(source_paths, build_config, options, template_vars)) - if options.with_cmake: - with open('CMakeLists.txt', 'w') as f: - f.write(generate_cmake(source_paths, build_config, using_mods, cc, options, template_vars)) - - write_template(template_vars['makefile_path'], makefile_template) - - def release_date(datestamp): - if datestamp == 0: - return 'undated' - return 'dated %d' % (datestamp) + logging.warning("CMake build is only for development: use make for production builds") + cmake_template = os.path.join(source_paths.build_data_dir, 'cmake.in') + write_template('CMakeLists.txt', cmake_template) + elif options.with_bakefile: + logging.warning("Bakefile build is only for development: use make for production builds") + bakefile_template = os.path.join(source_paths.build_data_dir, 'bakefile.in') + write_template('botan.bkl', bakefile_template) + else: + makefile_template = os.path.join(source_paths.build_data_dir, 'makefile.in') + write_template(template_vars['makefile_path'], makefile_template) logging.info('Botan %s (revision %s) (%s %s) build setup is complete' % ( Version.as_string(), Version.vc_rev(), Version.release_type(), - release_date(Version.datestamp()))) + ('dated ' + Version.datestamp()) if Version.datestamp() != 0 else 'undated')) if options.unsafe_fuzzer_mode: logging.warning("The fuzzer mode flag is labeled unsafe for a reason, this version is for testing only") diff --git a/src/build-data/bakefile.in b/src/build-data/bakefile.in index 0cd9eb5811..3e808faacb 100644 --- a/src/build-data/bakefile.in +++ b/src/build-data/bakefile.in @@ -1,23 +1,35 @@ toolsets = vs2013; shared-library botan { defines = "BOTAN_DLL=__declspec(dllexport)"; -%{bakefile_source_list} +%{for lib_srcs} + sources { %{i} } +%{endfor} } program cli { deps = botan; -%{bakefile_cli_list} +%{for cli_srcs} + sources { %{i} } +%{endfor} +%{for cli_headers} + headers { %{i} } +%{endfor} + } program tests { deps = botan; -%{bakefile_tests_list} +%{for test_srcs} + sources { %{i} } +%{endfor} } includedirs += build/include/; includedirs += build/include/external; -%{bakefile_libs} +%{for libs_used} +libs += "%{i}"; +%{endfor} -archs = %{cpu}; +archs = %{arch}; vs2013.option.ClCompile.DisableSpecificWarnings = "4250;4251;4275"; vs2013.option.ClCompile.WarningLevel = Level4; diff --git a/src/build-data/cmake.in b/src/build-data/cmake.in index 4fa9060088..33c6cb9625 100644 --- a/src/build-data/cmake.in +++ b/src/build-data/cmake.in @@ -6,23 +6,34 @@ cmake_policy(SET CMP0042 NEW) endif() set(BOTAN_SOURCES -%{cmake_lib_sources}) +%{for lib_srcs} + "${CMAKE_CURRENT_LIST_DIR}/%{i}" +%{endfor} +) set(BOTAN_CLI -%{cmake_cli_sources}) +%{for cli_srcs} + "${CMAKE_CURRENT_LIST_DIR}/%{i}" +%{endfor} +) set(BOTAN_TESTS -%{cmake_test_sources}) +%{for test_srcs} + "${CMAKE_CURRENT_LIST_DIR}/%{i}" +%{endfor} +) -%{cmake_compile_properties} +%{for isa_build_info} +set_source_files_properties("${CMAKE_CURRENT_LIST_DIR}/%{src}" PROPERTIES COMPILE_FLAGS "%{isa_flags}") +%{endfor} option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warning policy will be used" OFF) option(ENABLED_LTO "If enabled link time optimization will be used" OFF) -set(COMPILER_FEATURES_RELEASE %{cc_lang_flags} %{cc_compile_flags} %{cxx_abi_flags}) +set(COMPILER_FEATURES_RELEASE %{cc_lang_flags} %{cc_compile_opt_flags} %{cxx_abi_opt_flags}) set(COMPILER_FEATURES_DEBUG %{cc_lang_flags} %{cc_compile_debug_flags} %{cxx_abi_debug_flags}) set(COMPILER_FEATURES $<$>:${COMPILER_FEATURES_RELEASE}> $<$:${COMPILER_FEATURES_DEBUG}>) -set(SHARED_FEATURES %{cmake_shared_flags}) +set(SHARED_FEATURES %{shared_flags}) set(STATIC_FEATURES -DBOTAN_DLL=) set(COMPILER_WARNINGS %{cc_warning_flags}) set(COMPILER_INCLUDE_DIRS build/include build/include/external) @@ -34,14 +45,14 @@ if(ENABLED_OPTIONAL_WARINIGS) endif() add_library(${PROJECT_NAME} STATIC ${BOTAN_SOURCES}) -target_link_libraries(${PROJECT_NAME} PUBLIC %{cmake_libs_used}) +target_link_libraries(${PROJECT_NAME} PUBLIC %{cmake_link_to}) target_compile_options(${PROJECT_NAME} PUBLIC ${COMPILER_WARNINGS} ${COMPILER_FEATURES} ${COMPILER_OPTIONAL_WARNINGS} PRIVATE ${STATIC_FEATURES}) target_include_directories(${PROJECT_NAME} PUBLIC ${COMPILER_INCLUDE_DIRS}) set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${PROJECT_NAME}-static) add_library(${PROJECT_NAME}_shared SHARED ${BOTAN_SOURCES}) -target_link_libraries(${PROJECT_NAME}_shared PUBLIC %{cmake_libs_used}) +target_link_libraries(${PROJECT_NAME}_shared PUBLIC %{cmake_link_to}) target_compile_options(${PROJECT_NAME}_shared PUBLIC ${COMPILER_WARNINGS} ${COMPILER_FEATURES} ${COMPILER_OPTIONAL_WARNINGS} PRIVATE ${SHARED_FEATURES}) target_include_directories(${PROJECT_NAME}_shared PUBLIC ${COMPILER_INCLUDE_DIRS}) set_target_properties(${PROJECT_NAME}_shared PROPERTIES OUTPUT_NAME ${PROJECT_NAME}) From ddffec7ecad306c964b8ef16f84319e7706ebe00 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 07:50:26 -0500 Subject: [PATCH 0322/1008] Simplify house ECC curve code, and remove redundant fuzzer logic --- configure.py | 55 +++++++++++++++++++++------------------------------- 1 file changed, 22 insertions(+), 33 deletions(-) diff --git a/configure.py b/configure.py index 8b53a3080e..49e1a346f2 100755 --- a/configure.py +++ b/configure.py @@ -1596,12 +1596,6 @@ def _isa_specific_flags(self, src): return set() - def _fuzzer_bin_list(self, fuzzer_objs, bin_dir): - for obj in fuzzer_objs: - (_, name) = os.path.split(os.path.normpath(obj)) - name = name.replace('.' + self._osinfo.obj_suffix, '') - yield os.path.join(bin_dir, name) - def _objectfile_list(self, sources, obj_dir): obj_suffix = '.' + self._osinfo.obj_suffix @@ -1668,6 +1662,7 @@ def generate(self): out['isa_build_info'] = [] + fuzzer_bin = [] for t in targets: src_list, src_dir = self._build_paths.src_info(t) @@ -1687,39 +1682,19 @@ def generate(self): if b['isa_flags'] != '': out['isa_build_info'].append(b) + if t == 'fuzzer': + fuzzer_bin = [b['exe'] for b in build_info] + out[src_key] = src_list if src_list else [] out[obj_key] = objects out[build_key] = build_info - if t == 'fuzzer': - out['fuzzer_bin'] = ' '.join(self._fuzzer_bin_list(objects, self._build_paths.fuzzer_output_dir)) - + out['fuzzer_bin'] = ' '.join(fuzzer_bin) out['cli_headers'] = self._build_paths.cli_headers return out - -class HouseEccCurve(object): - def __init__(self, house_curve): - p = house_curve.split(",") - if len(p) != 4: - raise UserError('--house-curve must have 4 comma separated parameters. See --help') - # make sure TLS curve id is in reserved for private use range (0xFE00..0xFEFF) - curve_id = int(p[3], 16) - if curve_id < 0xfe00 or curve_id > 0xfeff: - raise UserError('TLS curve ID not in reserved range (see RFC 4492)') - - self._defines = [ - 'HOUSE_ECC_CURVE_NAME \"' + p[1] + '\"', - 'HOUSE_ECC_CURVE_OID \"' + p[2] + '\"', - 'HOUSE_ECC_CURVE_PEM ' + self._read_pem(filepath=p[0]), - 'HOUSE_ECC_CURVE_TLS_ID ' + hex(curve_id), - ] - - def defines(self): - return self._defines - - @staticmethod +def house_ecc_curve_macros(house_curve): def _read_pem(filepath): try: with open(filepath) as f: @@ -1731,6 +1706,21 @@ def _read_pem(filepath): lines[ndx] = ' \"%s\"' % lines[ndx] return "\\\n" + ' \\\n'.join(lines) + if house_curve is None: + return [] + else: + p = house_curve.split(",") + if len(p) != 4: + raise UserError('--house-curve must have 4 comma separated parameters. See --help') + # make sure TLS curve id is in reserved for private use range (0xFE00..0xFEFF) + curve_id = int(p[3], 16) + if curve_id < 0xfe00 or curve_id > 0xfeff: + raise UserError('TLS curve ID not in reserved range (see RFC 4492)') + + return ['HOUSE_ECC_CURVE_NAME \"' + p[1] + '\"', + 'HOUSE_ECC_CURVE_OID \"' + p[2] + '\"', + 'HOUSE_ECC_CURVE_PEM ' + _read_pem(filepath=p[0]), + 'HOUSE_ECC_CURVE_TLS_ID ' + hex(curve_id)] def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches,too-many-statements @@ -1927,8 +1917,7 @@ def configure_command_line(): 'mod_list': '\n'.join(sorted([m.basename for m in modules])), - 'house_ecc_curve_defines': make_cpp_macros(HouseEccCurve(options.house_curve).defines()) \ - if options.house_curve else '', + 'house_ecc_curve_defines': make_cpp_macros(house_ecc_curve_macros(options.house_curve)) } if options.os != 'windows': From 0ef7a671f578e804a2309ce14d1e581b2ca9eca1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 08:35:26 -0500 Subject: [PATCH 0323/1008] Simplify how the build info is generated --- configure.py | 212 ++++++++++++++++++++++++--------------------------- 1 file changed, 101 insertions(+), 111 deletions(-) diff --git a/configure.py b/configure.py index 49e1a346f2..3a8dc76456 100755 --- a/configure.py +++ b/configure.py @@ -1123,6 +1123,30 @@ def isa_flags_for(self, isa, arch): return self.isa_flags[arch_isa] return None + def get_isa_specific_flags(self, isas, arch): + flags = set() + + def simd32_impl(): + for simd_isa in ['sse2', 'altivec', 'neon']: + if simd_isa in arch.isa_extensions and self.isa_flags_for(simd_isa, arch.basename): + return simd_isa + return None + + for isa in isas: + + if isa == 'simd': + isa = simd32_impl() + + if isa is None: + continue + + flagset = self.isa_flags_for(isa, arch.basename) + if flagset is None: + raise UserError('Compiler %s does not support %s' % (self.basename, isa)) + flags.add(flagset) + + return ("".join([" %s" % f for f in sorted(flags)])).strip() + def gen_shared_flags(self, options): """ Return the shared library build flags, if any @@ -1547,152 +1571,120 @@ def insert_value(match): except Exception as e: # pylint: disable=broad-except logging.error('Exception %s during template processing file %s' % (e, template_file)) -class MakefileListsGenerator(object): - def __init__(self, build_paths, options, modules, cc, arch, osinfo): - self._build_paths = build_paths - self._options = options - self._modules = modules - self._cc = cc - self._arch = arch - self._osinfo = osinfo - - def _simd_implementation(self): - for simd32_impl in ['sse2', 'altivec', 'neon']: - if simd32_impl in self._arch.isa_extensions \ - and self._cc.isa_flags_for(simd32_impl, self._arch.basename) is not None: - return simd32_impl - return None - - def _get_isa_specific_flags(self, isas): - flags = set() - for isa in isas: - # a flagset is a string that may contain multiple command - # line arguments, e.g. "-maes -mpclmul -mssse3" - flagset = self._cc.isa_flags_for(isa, self._arch.basename) - if flagset is None: - raise UserError('Compiler %s does not support %s' % (self._cc.basename, isa)) - flags.add(flagset) - return flags - - def _isa_specific_flags(self, src): - simd_impl = self._simd_implementation() +def yield_objectfile_list(sources, obj_dir, obj_suffix): + obj_suffix = '.' + obj_suffix - if os.path.basename(src) == 'test_simd.cpp': - isas = [simd_impl] if simd_impl else [] - return self._get_isa_specific_flags(isas) + for src in sources: + (directory, filename) = os.path.split(os.path.normpath(src)) + parts = directory.split(os.sep) - for mod in self._modules: - if src in mod.sources(): - isas = mod.need_isa - if 'simd' in mod.dependencies(): - if simd_impl: - isas.append(simd_impl) + if 'src' in parts: + parts = parts[parts.index('src')+2:] + elif filename.find('botan_all') != -1: + parts = [] + else: + raise InternalError("Unexpected file '%s/%s'" % (directory, filename)) - return self._get_isa_specific_flags(isas) + if parts != []: + # Handle src/X/X.cpp -> X.o + if filename == parts[-1] + '.cpp': + name = '_'.join(parts) + '.cpp' + else: + name = '_'.join(parts) + '_' + filename - if src.startswith('botan_all_'): - isas = src.replace('botan_all_', '').replace('.cpp', '').split('_') - return self._get_isa_specific_flags(isas) + def fixup_obj_name(name): + def remove_dups(parts): + last = None + for part in parts: + if last is None or part != last: + last = part + yield part - return set() + return '_'.join(remove_dups(name.split('_'))) - def _objectfile_list(self, sources, obj_dir): - obj_suffix = '.' + self._osinfo.obj_suffix + name = fixup_obj_name(name) + else: + name = filename - for src in sources: - (directory, filename) = os.path.split(os.path.normpath(src)) - parts = directory.split(os.sep) + name = name.replace('.cpp', obj_suffix) + yield os.path.join(obj_dir, name) - if 'src' in parts: - parts = parts[parts.index('src')+2:] - elif filename.find('botan_all') != -1: - parts = [] - else: - raise InternalError("Unexpected file '%s/%s'" % (directory, filename)) +def generate_build_info(build_paths, modules, cc, arch, osinfo): + # pylint: disable=too-many-locals - if parts != []: - # Handle src/X/X.cpp -> X.o - if filename == parts[-1] + '.cpp': - name = '_'.join(parts) + '.cpp' - else: - name = '_'.join(parts) + '_' + filename + def _isa_specific_flags(src): + if os.path.basename(src) == 'test_simd.cpp': + return cc.get_isa_specific_flags(['simd'], arch) - def fixup_obj_name(name): - def remove_dups(parts): - last = None - for part in parts: - if last is None or part != last: - last = part - yield part + for mod in modules: + if src in mod.sources(): + isas = mod.need_isa + if 'simd' in mod.dependencies(): + isas.append('simd') - return '_'.join(remove_dups(name.split('_'))) + return cc.get_isa_specific_flags(isas, arch) - name = fixup_obj_name(name) - else: - name = filename + if src.startswith('botan_all_'): + isas = src.replace('botan_all_', '').replace('.cpp', '').split('_') + return cc.get_isa_specific_flags(isas, arch) - name = name.replace('.cpp', obj_suffix) - yield os.path.join(obj_dir, name) + return '' - def _build_info(self, sources, objects, target_type): + def _build_info(sources, objects, target_type): output = [] for (obj_file, src) in zip(objects, sources): - isa_specific_flags_str = ("".join([" %s" % flagset for flagset in - sorted(self._isa_specific_flags(src))])).strip() - info = { 'src': src, 'obj': obj_file, - 'isa_flags': isa_specific_flags_str, + 'isa_flags': _isa_specific_flags(src), 'target_type': 'LIB' if target_type == 'lib' else 'EXE', } if target_type == 'fuzzer': - fuzz_basename = os.path.basename(obj_file).replace('.' + self._osinfo.obj_suffix, '') - info['exe'] = os.path.join(self._build_paths.fuzzer_output_dir, fuzz_basename) + fuzz_basename = os.path.basename(obj_file).replace('.' + osinfo.obj_suffix, '') + info['exe'] = os.path.join(build_paths.fuzzer_output_dir, fuzz_basename) output.append(info) return output - def generate(self): - out = {} + out = {} - targets = ['lib', 'cli', 'test', 'fuzzer'] + targets = ['lib', 'cli', 'test', 'fuzzer'] - out['isa_build_info'] = [] + out['isa_build_info'] = [] - fuzzer_bin = [] - for t in targets: - src_list, src_dir = self._build_paths.src_info(t) + fuzzer_bin = [] + for t in targets: + src_list, src_dir = build_paths.src_info(t) - src_key = '%s_srcs' % (t) - obj_key = '%s_objs' % (t) - build_key = '%s_build_info' % (t) + src_key = '%s_srcs' % (t) + obj_key = '%s_objs' % (t) + build_key = '%s_build_info' % (t) - objects = [] - build_info = [] + objects = [] + build_info = [] - if src_list is not None: - src_list.sort() - objects = list(self._objectfile_list(src_list, src_dir)) - build_info = self._build_info(src_list, objects, t) + if src_list is not None: + src_list.sort() + objects = list(yield_objectfile_list(src_list, src_dir, osinfo.obj_suffix)) + build_info = _build_info(src_list, objects, t) - for b in build_info: - if b['isa_flags'] != '': - out['isa_build_info'].append(b) + for b in build_info: + if b['isa_flags'] != '': + out['isa_build_info'].append(b) - if t == 'fuzzer': - fuzzer_bin = [b['exe'] for b in build_info] + if t == 'fuzzer': + fuzzer_bin = [b['exe'] for b in build_info] - out[src_key] = src_list if src_list else [] - out[obj_key] = objects - out[build_key] = build_info + out[src_key] = src_list if src_list else [] + out[obj_key] = objects + out[build_key] = build_info - out['fuzzer_bin'] = ' '.join(fuzzer_bin) - out['cli_headers'] = self._build_paths.cli_headers + out['fuzzer_bin'] = ' '.join(fuzzer_bin) + out['cli_headers'] = build_paths.cli_headers - return out + return out def house_ecc_curve_macros(house_curve): def _read_pem(filepath): @@ -1957,8 +1949,6 @@ def configure_command_line(): variables['link_to_botan'] = '%s%s %s%s' % (cc.add_lib_dir_option, build_dir, cc.add_lib_option, variables['libname']) - variables.update(MakefileListsGenerator(build_config, options, modules, cc, arch, osinfo).generate()) - return variables class ModulesChooser(object): @@ -2979,10 +2969,10 @@ def link_headers(headers, visibility, directory): if options.amalgamation: (amalg_cpp_files, amalg_headers) = AmalgamationGenerator(build_config, using_mods, options).generate() build_config.lib_sources = amalg_cpp_files - template_vars.update(MakefileListsGenerator(build_config, options, using_mods, cc, arch, osinfo).generate()) - template_vars['generated_files'] = ' '.join(amalg_cpp_files + amalg_headers) + template_vars.update(generate_build_info(build_config, using_mods, cc, arch, osinfo)) + with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: json.dump(template_vars, f, sort_keys=True, indent=2) From c03fbef1ada3e1c87edba7ca725ad3592d185b25 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 11:02:43 -0500 Subject: [PATCH 0324/1008] A couple of simple optimizations Weirdly, copy.deepcopy of a set of str is much slower than just creating a new set - maybe because it is also copying the strings? But there is no need for that because while we edit the set we don't edit any members. Saves about 1.5 seconds on Pi2. --- configure.py | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/configure.py b/configure.py index 3a8dc76456..ccc7bfbf0b 100755 --- a/configure.py +++ b/configure.py @@ -20,7 +20,6 @@ """ import collections -import copy import json import sys import os @@ -1612,17 +1611,25 @@ def remove_dups(parts): def generate_build_info(build_paths, modules, cc, arch, osinfo): # pylint: disable=too-many-locals + # first create a map of src_file->owning module + + module_that_owns = {} + + for mod in modules: + for src in mod.sources(): + module_that_owns[src] = mod + def _isa_specific_flags(src): if os.path.basename(src) == 'test_simd.cpp': return cc.get_isa_specific_flags(['simd'], arch) - for mod in modules: - if src in mod.sources(): - isas = mod.need_isa - if 'simd' in mod.dependencies(): - isas.append('simd') + if src in module_that_owns: + module = module_that_owns[src] + isas = module.need_isa + if 'simd' in module.dependencies(): + isas.append('simd') - return cc.get_isa_specific_flags(isas, arch) + return cc.get_isa_specific_flags(isas, arch) if src.startswith('botan_all_'): isas = src.replace('botan_all_', '').replace('.cpp', '').split('_') @@ -2073,7 +2080,7 @@ def resolve_dependencies(available_modules, dependency_table, module, loaded_mod if loaded_modules is None: loaded_modules = set([]) else: - loaded_modules = copy.deepcopy(loaded_modules) + loaded_modules = set(loaded_modules) if module not in available_modules: return False, None @@ -2379,7 +2386,7 @@ class AmalgamationGenerator(object): @staticmethod def strip_header_goop(header_name, header_lines): - lines = copy.deepcopy(header_lines) # defensive copy: don't mutate argument + lines = header_lines start_header_guard_index = None for index, line in enumerate(lines): From b08863db1ac2514d2ce9bab4f7606e4ce21d2139 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 12:58:34 -0500 Subject: [PATCH 0325/1008] Escape the shared build flags for CMake It needs this for Windows with its declspec syntax --- configure.py | 4 ++++ src/build-data/cmake.in | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index ccc7bfbf0b..93bddaad96 100755 --- a/configure.py +++ b/configure.py @@ -1775,6 +1775,9 @@ def configure_command_line(): main_executable = os.path.basename(sys.argv[0]) return ' '.join([main_executable] + sys.argv[1:]) + def cmake_escape(s): + return s.replace('(', '\\(').replace(')', '\\)') + build_dir = options.with_build_dir or os.path.curdir program_suffix = options.program_suffix or osinfo.program_suffix @@ -1877,6 +1880,7 @@ def configure_command_line(): 'output_to_exe': cc.output_to_exe, 'shared_flags': cc.gen_shared_flags(options), + 'cmake_shared_flags': cmake_escape(cc.gen_shared_flags(options)), 'visibility_attribute': cc.gen_visibility_attribute(options), 'lib_link_cmd': cc.so_link_command_for(osinfo.basename, options) + external_link_cmd(), diff --git a/src/build-data/cmake.in b/src/build-data/cmake.in index 33c6cb9625..eadf7d471a 100644 --- a/src/build-data/cmake.in +++ b/src/build-data/cmake.in @@ -33,7 +33,7 @@ option(ENABLED_LTO "If enabled link time optimization will be used" OFF) set(COMPILER_FEATURES_RELEASE %{cc_lang_flags} %{cc_compile_opt_flags} %{cxx_abi_opt_flags}) set(COMPILER_FEATURES_DEBUG %{cc_lang_flags} %{cc_compile_debug_flags} %{cxx_abi_debug_flags}) set(COMPILER_FEATURES $<$>:${COMPILER_FEATURES_RELEASE}> $<$:${COMPILER_FEATURES_DEBUG}>) -set(SHARED_FEATURES %{shared_flags}) +set(SHARED_FEATURES %{cmake_shared_flags}) set(STATIC_FEATURES -DBOTAN_DLL=) set(COMPILER_WARNINGS %{cc_warning_flags}) set(COMPILER_INCLUDE_DIRS build/include build/include/external) From 95c5eae4ed34331d0e54496d783b6b46e9077a47 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 13:59:09 -0500 Subject: [PATCH 0326/1008] Rename CRC24 tables These conflict with name of temp variables and MSVC gets noisy. --- src/lib/hash/checksum/crc24/crc24.cpp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/lib/hash/checksum/crc24/crc24.cpp b/src/lib/hash/checksum/crc24/crc24.cpp index 9aef3e76ec..a89bbb2e8e 100644 --- a/src/lib/hash/checksum/crc24/crc24.cpp +++ b/src/lib/hash/checksum/crc24/crc24.cpp @@ -14,7 +14,7 @@ namespace Botan { namespace { -const uint32_t T0[256] = { +const uint32_t CRC24_T0[256] = { 0x00000000, 0x00FB4C86, 0x000DD58A, 0x00F6990C, 0x00E1E693, 0x001AAA15, 0x00EC3319, 0x00177F9F, 0x003981A1, 0x00C2CD27, 0x0034542B, 0x00CF18AD, 0x00D86732, 0x00232BB4, 0x00D5B2B8, 0x002EFE3E, 0x00894EC5, 0x00720243, 0x00849B4F, 0x007FD7C9, 0x0068A856, @@ -53,7 +53,7 @@ const uint32_t T0[256] = { 0x000CD1F6, 0x00FA48FA, 0x0001047C, 0x002FFA42, 0x00D4B6C4, 0x00222FC8, 0x00D9634E, 0x00CE1CD1, 0x00355057, 0x00C3C95B, 0x003885DD }; -const uint32_t T1[256] = { +const uint32_t CRC24_T1[256] = { 0x00000000, 0x00488F66, 0x00901ECD, 0x00D891AB, 0x00DB711C, 0x0093FE7A, 0x004B6FD1, 0x0003E0B7, 0x00B6E338, 0x00FE6C5E, 0x0026FDF5, 0x006E7293, 0x006D9224, 0x00251D42, 0x00FD8CE9, 0x00B5038F, 0x006CC771, 0x00244817, 0x00FCD9BC, 0x00B456DA, 0x00B7B66D, @@ -92,7 +92,7 @@ const uint32_t T1[256] = { 0x00FA442B, 0x0022D580, 0x006A5AE6, 0x00DF5969, 0x0097D60F, 0x004F47A4, 0x0007C8C2, 0x00042875, 0x004CA713, 0x009436B8, 0x00DCB9DE }; -const uint32_t T2[256] = { +const uint32_t CRC24_T2[256] = { 0x00000000, 0x00D70983, 0x00555F80, 0x00825603, 0x0051F286, 0x0086FB05, 0x0004AD06, 0x00D3A485, 0x0059A88B, 0x008EA108, 0x000CF70B, 0x00DBFE88, 0x00085A0D, 0x00DF538E, 0x005D058D, 0x008A0C0E, 0x00491C91, 0x009E1512, 0x001C4311, 0x00CB4A92, 0x0018EE17, @@ -131,7 +131,7 @@ const uint32_t T2[256] = { 0x002633E5, 0x00A465E6, 0x00736C65, 0x00F9606B, 0x002E69E8, 0x00AC3FEB, 0x007B3668, 0x00A892ED, 0x007F9B6E, 0x00FDCD6D, 0x002AC4EE }; -const uint32_t T3[256] = { +const uint32_t CRC24_T3[256] = { 0x00000000, 0x00520936, 0x00A4126C, 0x00F61B5A, 0x004825D8, 0x001A2CEE, 0x00EC37B4, 0x00BE3E82, 0x006B0636, 0x00390F00, 0x00CF145A, 0x009D1D6C, 0x002323EE, 0x00712AD8, 0x00873182, 0x00D538B4, 0x00D60C6C, 0x0084055A, 0x00721E00, 0x00201736, 0x009E29B4, @@ -172,16 +172,16 @@ const uint32_t T3[256] = { inline uint32_t process8(uint32_t crc, uint8_t data) { - return (crc >> 8) ^ T0[(crc & 0xff) ^ data]; + return (crc >> 8) ^ CRC24_T0[(crc & 0xff) ^ data]; } inline uint32_t process32(uint32_t crc, uint32_t word) { crc ^= word; - crc = T3[(crc >> 0) & 0xff] - ^ T2[(crc >> 8) & 0xff] - ^ T1[(crc >> 16) & 0xff] - ^ T0[(crc >> 24) & 0xff]; + crc = CRC24_T3[(crc >> 0) & 0xff] + ^ CRC24_T2[(crc >> 8) & 0xff] + ^ CRC24_T1[(crc >> 16) & 0xff] + ^ CRC24_T0[(crc >> 24) & 0xff]; return crc; } } From 7bb0f13450a95a2a816e78f277e31edd230f7f89 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 16:05:45 -0500 Subject: [PATCH 0327/1008] Use copy.copy Faster than deepcopy and sufficient for our purposes. --- configure.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/configure.py b/configure.py index 93bddaad96..daa29552cd 100755 --- a/configure.py +++ b/configure.py @@ -20,6 +20,7 @@ """ import collections +import copy import json import sys import os @@ -2084,7 +2085,7 @@ def resolve_dependencies(available_modules, dependency_table, module, loaded_mod if loaded_modules is None: loaded_modules = set([]) else: - loaded_modules = set(loaded_modules) + loaded_modules = copy.copy(loaded_modules) if module not in available_modules: return False, None @@ -2390,7 +2391,7 @@ class AmalgamationGenerator(object): @staticmethod def strip_header_goop(header_name, header_lines): - lines = header_lines + lines = copy.copy(header_lines) # defensive copy start_header_guard_index = None for index, line in enumerate(lines): From 538226ac37d2b54702830fc96abd7e374f0fdc9c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 16:10:12 -0500 Subject: [PATCH 0328/1008] Fix bakefile arch setting for x86-32 Restrict bakefile to x86 since thats all that is supported. --- configure.py | 5 +++++ src/build-data/bakefile.in | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index daa29552cd..abcaa66196 100755 --- a/configure.py +++ b/configure.py @@ -1854,6 +1854,8 @@ def cmake_escape(s): 'arch': options.arch, 'submodel': options.cpu, + 'bakefile_arch': 'x86' if options.arch == 'x86_32' else 'x86_64', + 'innosetup_arch': innosetup_arch(options.os, options.arch), 'mp_bits': choose_mp_bits(), @@ -2883,6 +2885,9 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.os != 'windows' or options.compiler != 'msvc' or options.build_shared_lib is False: raise UserError("Building via bakefile is only supported for MSVC DLL build") + if options.arch not in ['x86_64', 'x86_32']: + raise UserError("Bakefile only supports x86 targets") + # Warnings if options.os == 'windows' and options.compiler != 'msvc': logging.warning('The windows target is oriented towards MSVC; maybe you want cygwin or mingw') diff --git a/src/build-data/bakefile.in b/src/build-data/bakefile.in index 3e808faacb..5592ec488c 100644 --- a/src/build-data/bakefile.in +++ b/src/build-data/bakefile.in @@ -29,7 +29,7 @@ includedirs += build/include/external; libs += "%{i}"; %{endfor} -archs = %{arch}; +archs = %{bakefile_arch}; vs2013.option.ClCompile.DisableSpecificWarnings = "4250;4251;4275"; vs2013.option.ClCompile.WarningLevel = Level4; From a299f08b004460a93fd89156c1e20807ad35645d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 16:23:09 -0500 Subject: [PATCH 0329/1008] Tweak the bakefile output a bit Multiple files can be listed in the sources {} block, so do that. --- src/build-data/bakefile.in | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/build-data/bakefile.in b/src/build-data/bakefile.in index 5592ec488c..a1c0ff134e 100644 --- a/src/build-data/bakefile.in +++ b/src/build-data/bakefile.in @@ -1,25 +1,36 @@ toolsets = vs2013; shared-library botan { - defines = "BOTAN_DLL=__declspec(dllexport)"; + defines = "BOTAN_DLL=__declspec(dllexport)"; + sources { %{for lib_srcs} - sources { %{i} } + %{i} %{endfor} + } } + program cli { - deps = botan; + deps = botan; + sources { %{for cli_srcs} - sources { %{i} } + %{i} %{endfor} + } + + headers { %{for cli_headers} - headers { %{i} } + %{i} %{endfor} + } } + program tests { - deps = botan; + deps = botan; + sources { %{for test_srcs} - sources { %{i} } + %{i} %{endfor} + } } includedirs += build/include/; @@ -36,5 +47,5 @@ vs2013.option.ClCompile.WarningLevel = Level4; vs2013.option.ClCompile.ExceptionHandling = SyncCThrow; vs2013.option.ClCompile.RuntimeTypeInfo = true; if ( $(config) == Release ) { -vs2013.option.Configuration.WholeProgramOptimization = true; + vs2013.option.Configuration.WholeProgramOptimization = true; } From 4f2ad34ea2cb24e2310dce4e7b3f3f9b19c090f5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 10 Dec 2017 16:28:22 -0500 Subject: [PATCH 0330/1008] Simplify this construct --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index abcaa66196..0874db8798 100755 --- a/configure.py +++ b/configure.py @@ -1145,7 +1145,7 @@ def simd32_impl(): raise UserError('Compiler %s does not support %s' % (self.basename, isa)) flags.add(flagset) - return ("".join([" %s" % f for f in sorted(flags)])).strip() + return " ".join(sorted(flags)) def gen_shared_flags(self, options): """ From 972f1e7e9f3faa12d35993624a0681ddc1fe643b Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Mon, 11 Dec 2017 23:21:56 +0100 Subject: [PATCH 0331/1008] Clarify platform log during configuration - make clear that the logged platform is just the computer running the script and independent of configuration options - hide logging in non-verbose mode as user knows the machine running this --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 0874db8798..f5b874505a 100755 --- a/configure.py +++ b/configure.py @@ -3034,7 +3034,7 @@ def main(argv): return 0 logging.info('%s invoked with options "%s"' % (argv[0], ' '.join(argv[1:]))) - logging.info('Platform: OS="%s" machine="%s" proc="%s"' % ( + logging.debug('Platform running configuration (autodetected): OS="%s" machine="%s" proc="%s"' % ( platform.system(), platform.machine(), platform.processor())) info_arch = load_build_data_info_files(source_paths, 'CPU info', 'arch', ArchInfo) From c40ba649ea54ae5658864e45146fde56d60663ba Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 18:17:45 -0500 Subject: [PATCH 0332/1008] Avoid a warning under AIX make It doesn't like variables that don't expand to anything. --- src/build-data/makefile.in | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 86a2f4f3f7..3db5beed80 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -25,8 +25,6 @@ EXE_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) SCRIPTS_DIR = %{scripts_dir} INSTALLED_LIB_DIR = %{prefix}/%{libdir} -POST_LINK_CMD = %{post_link_cmd} - # The primary target all: libs cli docs tests @@ -69,11 +67,11 @@ TESTOBJS = %{join test_objs} $(CLI): $(LIBRARIES) $(CLIOBJS) $(EXE_LINK_CMD) $(LDFLAGS) $(CLIOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ - $(POST_LINK_CMD) + %{post_link_cmd} $(TEST): $(LIBRARIES) $(TESTOBJS) $(EXE_LINK_CMD) $(LDFLAGS) $(TESTOBJS) $(EXE_LINKS_TO) %{output_to_exe}$@ - $(POST_LINK_CMD) + %{post_link_cmd} %{if build_fuzzers} From f46c944c92a055f28d3eb8e838d7ea810dd18479 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 18:18:05 -0500 Subject: [PATCH 0333/1008] Improve debug output of the build_docs script Only log if there was output, and convert the binary string to Unicode string. --- src/scripts/build_docs.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index 5d7181decf..94c61afdf0 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -62,8 +62,11 @@ def run_and_check(cmd_line, cwd=None): (stdout, stderr) = proc.communicate() - logging.debug(stdout) - logging.debug(stderr) + if stdout: + logging.debug(stdout.decode()) + + if stderr: + logging.debug(stderr.decode()) if proc.returncode != 0: logging.error("Error running %s", ' '.join(cmd_line)) From 5094c0c88398ed98758e22f9d46ea6efa7d0e910 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 18:18:35 -0500 Subject: [PATCH 0334/1008] Fix make clean target It removed the doc output dir, so this sequence: $ ./configure.py $ make clean $ make docs would fail --- configure.py | 2 ++ src/scripts/cleanup.py | 10 +++------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/configure.py b/configure.py index f5b874505a..bfd1a01029 100755 --- a/configure.py +++ b/configure.py @@ -1849,6 +1849,8 @@ def cmake_escape(s): 'fuzzer_output_dir': build_config.fuzzer_output_dir if build_config.fuzzer_output_dir else '', 'doc_output_dir': build_config.doc_output_dir, + 'doc_output_dir_manual': build_config.doc_output_dir_manual, + 'doc_output_dir_doxygen': build_config.doc_output_dir_doxygen, 'os': options.os, 'arch': options.arch, diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 7660076dca..d2aaf43033 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -96,17 +96,13 @@ def main(args=None): remove_file(build_config['makefile_path']) remove_dir(build_dir) else: - for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir']: + for dir_type in ['libobj_dir', 'cliobj_dir', 'testobj_dir', 'doc_output_dir_manual', 'doc_output_dir_doxygen']: dir_path = build_config[dir_type] - remove_all_in_dir(dir_path) + if dir_path: + remove_all_in_dir(dir_path) remove_file(build_config['doc_stamp_file']) - try: - shutil.rmtree(build_config['doc_output_dir']) - except OSError: - pass - remove_file(build_config['cli_exe']) remove_file(build_config['test_exe']) From e9671863382f3fbba73685fbeb2d78b7c04155ff Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 18:33:58 -0500 Subject: [PATCH 0335/1008] Add compiler language flags in build.h header [ci skip] Fixes #1353 --- src/build-data/buildh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 3df1a1fc9b..822a73c44e 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -6,7 +6,7 @@ * '%{command_line}' * * Target -* - Compiler: %{cxx} %{cxx_abi_flags} %{cc_compile_flags} +* - Compiler: %{cxx} %{cxx_abi_flags} %{cc_lang_flags} %{cc_compile_flags} * - Arch: %{submodel}/%{arch} * - OS: %{os} */ From 48502ed20525e631f5a565877747d0fa1debbfcc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 18:54:16 -0500 Subject: [PATCH 0336/1008] Fix missing comma in test runner [ci skip] This ended up trying to run the "aeadkdf" suite first, and then the actual aead and kdf suites didn't end up running until later. --- src/tests/test_runner.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 11df727c9b..321a1e1da9 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -104,7 +104,7 @@ int Test_Runner::run(const std::vector& requested_tests, run the "essentials" to smoke test, then everything else in alphabetical order. */ - req = {"block", "stream", "hash", "mac", "modes", "aead" + req = {"block", "stream", "hash", "mac", "modes", "aead", "kdf", "pbkdf", "hmac_drbg", "util" }; From 6c7b3fc30ede3f78cc91868e496ff9b4476423a6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 16:25:06 -0500 Subject: [PATCH 0337/1008] Clean up macro generation --- configure.py | 24 ++++++++---------------- src/build-data/buildh.in | 30 +++++++++++++++++++++++------- src/scripts/install.py | 2 +- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/configure.py b/configure.py index bfd1a01029..f9092108a2 100755 --- a/configure.py +++ b/configure.py @@ -1029,8 +1029,6 @@ def form_macro(cpu_name): if self.family is not None: macros.append('TARGET_CPU_IS_%s_FAMILY' % (self.family.upper())) - macros.append('TARGET_CPU_NATIVE_WORD_SIZE %d' % (self.wordsize)) - if self.wordsize == 64: macros.append('TARGET_CPU_HAS_NATIVE_64BIT') @@ -1729,9 +1727,6 @@ def create_template_vars(source_paths, build_config, options, modules, cc, arch, Create the template variables needed to process the makefile, build.h, etc """ - def make_cpp_macros(macros): - return '\n'.join(['#define BOTAN_' + macro for macro in macros]) - def external_link_cmd(): return (' ' + cc.add_lib_dir_option + options.with_external_libdir) if options.with_external_libdir else '' @@ -1910,22 +1905,19 @@ def cmake_escape(s): 'libs_used': [lib.replace('.lib', '') for lib in link_to('libs')], 'include_paths': build_config.format_include_paths(cc, options.with_external_includedir), - 'module_defines': make_cpp_macros(sorted(flatten([m.defines() for m in modules]))), - - 'target_os_defines': make_cpp_macros(osinfo.defines(options)), + 'module_defines': sorted(flatten([m.defines() for m in modules])), - 'target_compiler_defines': make_cpp_macros(cc.defines()), - - 'target_cpu_defines': make_cpp_macros(arch.defines(cc, options)), + 'os_defines': osinfo.defines(options), + 'cc_defines': cc.defines(), + 'cpu_defines': arch.defines(cc, options), + 'house_ecc_curve_defines': house_ecc_curve_macros(options.house_curve), 'botan_include_dir': build_config.botan_include_dir, - 'unsafe_fuzzer_mode_define': '#define BOTAN_UNSAFE_FUZZER_MODE' if options.unsafe_fuzzer_mode else '', - 'fuzzer_type': '#define BOTAN_FUZZER_IS_%s' % (options.build_fuzzers.upper()) if options.build_fuzzers else '', - - 'mod_list': '\n'.join(sorted([m.basename for m in modules])), + 'fuzzer_mode': options.unsafe_fuzzer_mode, + 'fuzzer_type': options.build_fuzzers.upper() if options.build_fuzzers else '', - 'house_ecc_curve_defines': make_cpp_macros(house_ecc_curve_macros(options.house_curve)) + 'mod_list': sorted([m.basename for m in modules]) } if options.os != 'windows': diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 822a73c44e..aeae12cecb 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -24,8 +24,13 @@ /* How many bits per limb in a BigInt */ #define BOTAN_MP_WORD_BITS %{mp_bits} -%{unsafe_fuzzer_mode_define} -%{fuzzer_type} + +%{if fuzzer_mode} +#define BOTAN_UNSAFE_FUZZER_MODE +%{endif} +%{if fuzzer_type} +#define BOTAN_FUZZER_IS_%{fuzzer_type} +%{endif} #define BOTAN_INSTALL_PREFIX R"(%{prefix})" #define BOTAN_INSTALL_HEADER_DIR "%{includedir}/botan-%{version_major}" @@ -38,22 +43,33 @@ #endif /* Target identification and feature test macros */ -%{target_os_defines} +%{for os_defines} +#define BOTAN_%{i} +%{endfor} -%{target_cpu_defines} +%{for cc_defines} +#define BOTAN_%{i} +%{endfor} -%{target_compiler_defines} +%{for cpu_defines} +#define BOTAN_%{i} +%{endfor} /* * Module availability definitions */ -%{module_defines} +%{for module_defines} +#define BOTAN_%{i} +%{endfor} /* * Local/misc configuration options (if any) follow */ %{local_config} -%{house_ecc_curve_defines} + +%{for house_ecc_curve_defines} +%{i} +%{endfor} /* * Things you can edit (but probably shouldn't) diff --git a/src/scripts/install.py b/src/scripts/install.py index c6e4ec2cd3..d30493ebef 100755 --- a/src/scripts/install.py +++ b/src/scripts/install.py @@ -229,7 +229,7 @@ def copy_executable(src, dst): copy_file(cfg['botan_pkgconfig'], prepend_destdir(os.path.join(pkgconfig_dir, os.path.basename(cfg['botan_pkgconfig'])))) - if 'ffi' in cfg['mod_list'].split('\n'): + if 'ffi' in cfg['mod_list']: for ver in cfg['python_version'].split(','): py_lib_path = os.path.join(lib_dir, 'python%s' % (ver), 'site-packages') logging.debug('Installing python module to %s' % (py_lib_path)) From d01025961ffe8b928be751d5adc3000dd34739a4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 16:38:31 -0500 Subject: [PATCH 0338/1008] More simplifications --- configure.py | 18 +++++++++--------- src/build-data/buildh.in | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/configure.py b/configure.py index f9092108a2..c116c5f08e 100755 --- a/configure.py +++ b/configure.py @@ -863,7 +863,7 @@ def external_headers(self): return self.header_external def defines(self): - return ['HAS_%s %s' % (key, value) for key, value in self._defines.items()] + return [(key + ' ' + value) for key, value in self._defines.items()] def compatible_cpu(self, archinfo, options): arch_name = archinfo.basename @@ -1370,18 +1370,18 @@ def __init__(self, infofile): def defines(self, options): r = [] - r += ['TARGET_OS_IS_%s' % (self.basename.upper())] + r += ['IS_%s' % (self.basename.upper())] if self.os_type != None: - r += ['TARGET_OS_TYPE_IS_%s' % (self.os_type.upper())] + r += ['TYPE_IS_%s' % (self.os_type.upper())] def feat_macros(): for feat in self.target_features: if feat not in options.without_os_features: - yield 'TARGET_OS_HAS_' + feat.upper() + yield 'HAS_' + feat.upper() for feat in options.with_os_features: if feat not in self.target_features: - yield 'TARGET_OS_HAS_' + feat.upper() + yield 'HAS_' + feat.upper() r += sorted(feat_macros()) return r @@ -1715,10 +1715,10 @@ def _read_pem(filepath): if curve_id < 0xfe00 or curve_id > 0xfeff: raise UserError('TLS curve ID not in reserved range (see RFC 4492)') - return ['HOUSE_ECC_CURVE_NAME \"' + p[1] + '\"', - 'HOUSE_ECC_CURVE_OID \"' + p[2] + '\"', - 'HOUSE_ECC_CURVE_PEM ' + _read_pem(filepath=p[0]), - 'HOUSE_ECC_CURVE_TLS_ID ' + hex(curve_id)] + return ['NAME \"' + p[1] + '\"', + 'OID \"' + p[2] + '\"', + 'PEM ' + _read_pem(filepath=p[0]), + 'TLS_ID ' + hex(curve_id)] def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches,too-many-statements diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index aeae12cecb..6d814398c0 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -44,7 +44,7 @@ /* Target identification and feature test macros */ %{for os_defines} -#define BOTAN_%{i} +#define BOTAN_TARGET_OS_%{i} %{endfor} %{for cc_defines} @@ -59,7 +59,7 @@ * Module availability definitions */ %{for module_defines} -#define BOTAN_%{i} +#define BOTAN_HAS_%{i} %{endfor} /* @@ -68,7 +68,7 @@ %{local_config} %{for house_ecc_curve_defines} -%{i} +#define BOTAN_HOUSE_ECC_CURVE_%{i} %{endfor} /* From 3a527421fef669690b610286f35aec0d8498939d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 19:52:13 -0500 Subject: [PATCH 0339/1008] Further cleanup of macro generation in build.h --- configure.py | 114 +++++++++++++++------------------------ src/build-data/buildh.in | 33 ++++++++++-- 2 files changed, 70 insertions(+), 77 deletions(-) diff --git a/configure.py b/configure.py index c116c5f08e..794eb2ecce 100755 --- a/configure.py +++ b/configure.py @@ -574,10 +574,9 @@ def process_command_line(args): # pylint: disable=too-many-locals if args != []: raise UserError('Unhandled option(s): ' + ' '.join(args)) - if options.with_endian != None and \ - options.with_endian not in ['little', 'big']: - raise UserError('Bad value to --with-endian "%s"' % ( - options.with_endian)) + + if options.with_endian not in [None, 'little', 'big']: + raise UserError('Bad value to --with-endian "%s"' % (options.with_endian)) if options.debug_mode: options.no_optimizations = True @@ -798,6 +797,8 @@ def add_dir_name(filename): if filename.count(':') == 0: return os.path.join(self.lives_in, filename) + # TODO is this used anymore??? Probably can be removed. + # modules can request to add files of the form # MODULE_NAME:FILE_NAME to add a file from another module # For these, assume other module is always in a @@ -994,6 +995,16 @@ def all_submodels(self): [k for k in self.submodel_aliases.items()], key=lambda k: len(k[0]), reverse=True) + def supported_isa_extensions(self, cc, options): + isas = [] + + for isa in self.isa_extensions: + if isa not in options.disable_intrinsics: + if cc.isa_flags_for(isa, self.basename) is not None: + isas.append(isa) + + return sorted(isas) + def defines(self, cc, options): """ Return CPU-specific defines for build.h @@ -1002,43 +1013,7 @@ def defines(self, cc, options): def form_macro(cpu_name): return cpu_name.upper().replace('.', '').replace('-', '_') - macros = [] - - macros.append('TARGET_ARCH_IS_%s' % (form_macro(self.basename.upper()))) - - if self.basename != options.cpu: - macros.append('TARGET_CPU_IS_%s' % (form_macro(options.cpu))) - - enabled_isas = set(self.isa_extensions) - disabled_isas = set(options.disable_intrinsics) - - isa_extensions = sorted(enabled_isas - disabled_isas) - - for isa in isa_extensions: - if cc.isa_flags_for(isa, self.basename) is not None: - macros.append('TARGET_SUPPORTS_%s' % (form_macro(isa))) - else: - logging.warning("Disabling support for %s intrinsics due to missing flag for compiler" % (isa)) - - endian = options.with_endian or self.endian - - if endian != None: - macros.append('TARGET_CPU_IS_%s_ENDIAN' % (endian.upper())) - logging.info('Assuming CPU is %s endian' % (endian)) - - if self.family is not None: - macros.append('TARGET_CPU_IS_%s_FAMILY' % (self.family.upper())) - - if self.wordsize == 64: - macros.append('TARGET_CPU_HAS_NATIVE_64BIT') - - if options.with_valgrind: - macros.append('HAS_VALGRIND') - - if options.with_openmp: - macros.append('TARGET_HAS_OPENMP') - - return macros + return ['TARGET_SUPPORTS_' + form_macro(isa) for isa in self.supported_isa_extensions(cc, options)] MachOptFlags = collections.namedtuple('MachOptFlags', ['flags', 'submodel_prefix']) @@ -1285,14 +1260,6 @@ def binary_link_command_for(self, osname, options): return '$(LINKER)' - def defines(self): - """ - Return defines for build.h - """ - - return ['BUILD_COMPILER_IS_' + self.macro_name] - - class OsInfo(InfoObject): # pylint: disable=too-many-instance-attributes def __init__(self, infofile): super(OsInfo, self).__init__(infofile) @@ -1368,24 +1335,16 @@ def __init__(self, infofile): self.static_suffix = lex.static_suffix self.target_features = lex.target_features - def defines(self, options): - r = [] - r += ['IS_%s' % (self.basename.upper())] - - if self.os_type != None: - r += ['TYPE_IS_%s' % (self.os_type.upper())] - - def feat_macros(): - for feat in self.target_features: - if feat not in options.without_os_features: - yield 'HAS_' + feat.upper() - for feat in options.with_os_features: - if feat not in self.target_features: - yield 'HAS_' + feat.upper() - - r += sorted(feat_macros()) - return r + def enabled_features(self, options): + feats = [] + for feat in self.target_features: + if feat not in options.without_os_features: + feats.append(feat) + for feat in options.with_os_features: + if feat not in self.target_features: + feats.append(feat) + return sorted(feats) def fixup_proc_name(proc): proc = proc.lower().replace(' ', '') @@ -1481,7 +1440,7 @@ class SimpleTemplate(object): def __init__(self, vals): self.vals = vals - self.value_pattern = re.compile(r'%{([a-z][a-z_0-9]+)}') + self.value_pattern = re.compile(r'%{([a-z][a-z_0-9\|]+)}') self.cond_pattern = re.compile('%{(if|unless) ([a-z][a-z_0-9]+)}') self.for_pattern = re.compile('(.*)%{for ([a-z][a-z_0-9]+)}') self.join_pattern = re.compile('(.*)%{join ([a-z][a-z_0-9]+)}') @@ -1492,6 +1451,11 @@ def insert_value(match): v = match.group(1) if v in self.vals: return str(self.vals.get(v)) + if v.endswith('|upper'): + v = v.replace('|upper', '') + if v in self.vals: + return str(self.vals.get(v)).upper() + raise KeyError(v) lines = template.splitlines() @@ -1554,7 +1518,7 @@ def insert_value(match): for_val = for_val.replace('%{' + ik + '}', iv) output += for_val + "\n" else: - output += for_body.replace('%{i}', v) + output += for_body.replace('%{i}', v).replace('%{i|upper}', v.upper()) output += "\n" else: output += lines[idx] + "\n" @@ -1849,7 +1813,10 @@ def cmake_escape(s): 'os': options.os, 'arch': options.arch, + 'cpu_family': arch.family, 'submodel': options.cpu, + 'endian': options.with_endian or arch.endian, + 'cpu_is_64bit': arch.wordsize == 64, 'bakefile_arch': 'x86' if options.arch == 'x86_32' else 'x86_64', @@ -1878,6 +1845,7 @@ def cmake_escape(s): 'ldflags': options.ldflags or '', 'cc_warning_flags': cc.cc_warning_flags(options), 'output_to_exe': cc.output_to_exe, + 'cc_macro': cc.macro_name, 'shared_flags': cc.gen_shared_flags(options), 'cmake_shared_flags': cmake_escape(cc.gen_shared_flags(options)), @@ -1907,16 +1875,18 @@ def cmake_escape(s): 'include_paths': build_config.format_include_paths(cc, options.with_external_includedir), 'module_defines': sorted(flatten([m.defines() for m in modules])), - 'os_defines': osinfo.defines(options), - 'cc_defines': cc.defines(), + 'os_features': osinfo.enabled_features(options), + 'os_name': osinfo.basename, + 'os_type': osinfo.os_type, 'cpu_defines': arch.defines(cc, options), 'house_ecc_curve_defines': house_ecc_curve_macros(options.house_curve), - 'botan_include_dir': build_config.botan_include_dir, - 'fuzzer_mode': options.unsafe_fuzzer_mode, 'fuzzer_type': options.build_fuzzers.upper() if options.build_fuzzers else '', + 'with_valgrind': options.with_valgrind, + 'with_openmp': options.with_openmp, + 'mod_list': sorted([m.basename for m in modules]) } diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 6d814398c0..1e32532dbf 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -43,18 +43,41 @@ #endif /* Target identification and feature test macros */ -%{for os_defines} -#define BOTAN_TARGET_OS_%{i} -%{endfor} -%{for cc_defines} -#define BOTAN_%{i} +#define BOTAN_TARGET_OS_IS_%{os_name|upper} +%{if os_type} +#define BOTAN_TARGET_OS_TYPE_IS_%{os_type|upper} +%{endif} + +%{for os_features} +#define BOTAN_TARGET_OS_HAS_%{i|upper} %{endfor} +#define BOTAN_BUILD_COMPILER_IS_%{cc_macro} + +#define BOTAN_TARGET_ARCH_IS_%{arch|upper} +%{if endian} +#define BOTAN_TARGET_CPU_IS_%{endian|upper}_ENDIAN +%{endif} +%{if cpu_family} +#define BOTAN_TARGET_CPU_IS_%{cpu_family|upper}_FAMILY +%{endif} +%{if cpu_is_64bit} +#define BOTAN_TARGET_CPU_HAS_NATIVE_64BIT +%{endif} + %{for cpu_defines} #define BOTAN_%{i} %{endfor} +%{if with_valgrind} +#define BOTAN_HAS_VALGRIND +%{endif} + +%{if with_openmp} +#define BOTAN_TARGET_HAS_OPENMP +%{endif} + /* * Module availability definitions */ From f2a663bbb74b18026aee07fe58e5ae29fc10d97c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 19:53:37 -0500 Subject: [PATCH 0340/1008] Rename the SSE4 ISA extensions Simplifies macro generation --- src/build-data/arch/x86_32.txt | 4 ++-- src/build-data/arch/x86_64.txt | 4 ++-- src/build-data/cc/clang.txt | 4 ++-- src/build-data/cc/gcc.txt | 4 ++-- src/build-data/cc/msvc.txt | 4 ++-- src/build-data/cc/sunstudio.txt | 4 ++-- src/lib/hash/sha1/sha1_x86/info.txt | 2 +- src/lib/hash/sha2_32/sha2_32_x86/info.txt | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/build-data/arch/x86_32.txt b/src/build-data/arch/x86_32.txt index 20401e034b..b523d9ce46 100644 --- a/src/build-data/arch/x86_32.txt +++ b/src/build-data/arch/x86_32.txt @@ -68,7 +68,7 @@ rdrand rdseed sha sse2 -sse4.1 -sse4.2 +sse4_1 +sse4_2 ssse3 diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt index 49f8a6a55d..9e3e74b9b9 100644 --- a/src/build-data/arch/x86_64.txt +++ b/src/build-data/arch/x86_64.txt @@ -47,7 +47,7 @@ rdrand rdseed sha sse2 -sse4.1 -sse4.2 +sse4_1 +sse4_2 ssse3 diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 44dd654f31..6fc3db6a1e 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -37,8 +37,8 @@ llvm -> "llvm-link" sse2 -> "-msse2" ssse3 -> "-mssse3" -sse4.1 -> "-msse4.1" -sse4.2 -> "-msse4.2" +sse4_1 -> "-msse4.1" +sse4_2 -> "-msse4.2" avx2 -> "-mavx2" bmi2 -> "-mbmi2" aesni -> "-maes -mpclmul -mssse3" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 64c52f076e..b89432ea5c 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -47,8 +47,8 @@ default -> "$(LINKER)" sse2 -> "-msse2" ssse3 -> "-mssse3" -sse4.1 -> "-msse4.1" -sse4.2 -> "-msse4.2" +sse4_1 -> "-msse4.1" +sse4_2 -> "-msse4.2" avx2 -> "-mavx2" bmi2 -> "-mbmi2" aesni -> "-maes -mpclmul -mssse3" diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 6df218a4fb..2d6cb1a571 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -34,8 +34,8 @@ ar_output_to "/OUT:" sse2 -> "" ssse3 -> "" -sse4.1 -> "" -sse4.2 -> "" +sse4_1 -> "" +sse4_2 -> "" x86_64:avx2 -> "" bmi2 -> "" aesni -> "" diff --git a/src/build-data/cc/sunstudio.txt b/src/build-data/cc/sunstudio.txt index 38f9d828c5..4b15a8d631 100644 --- a/src/build-data/cc/sunstudio.txt +++ b/src/build-data/cc/sunstudio.txt @@ -54,8 +54,8 @@ x86_64 -> "-m64" # https://docs.oracle.com/cd/E37069_01/html/E37074/bjapp.html#OSSCGbkazd sse2 -> "-xarch=sse2" ssse3 -> "-xarch=ssse3" -sse4.1 -> "-xarch=sse4_1" -sse4.2 -> "-xarch=sse4_2" +sse4_1 -> "-xarch=sse4.1" +sse4_2 -> "-xarch=sse4.2" aesni -> "-xarch=aes" avx -> "-xarch=avx" rdrand -> "-xarch=avx_i" diff --git a/src/lib/hash/sha1/sha1_x86/info.txt b/src/lib/hash/sha1/sha1_x86/info.txt index 9cddd40a21..2f48f76278 100644 --- a/src/lib/hash/sha1/sha1_x86/info.txt +++ b/src/lib/hash/sha1/sha1_x86/info.txt @@ -2,7 +2,7 @@ SHA1_X86_SHA_NI -> 20170518 -need_isa sha,ssse3,sse4.1 +need_isa sha,ssse3,sse4_1 clang:3.9 diff --git a/src/lib/hash/sha2_32/sha2_32_x86/info.txt b/src/lib/hash/sha2_32/sha2_32_x86/info.txt index bf34e73a3a..f3964e4411 100644 --- a/src/lib/hash/sha2_32/sha2_32_x86/info.txt +++ b/src/lib/hash/sha2_32/sha2_32_x86/info.txt @@ -2,7 +2,7 @@ SHA2_32_X86 -> 20170518 -need_isa sha,sse4.1 +need_isa sha,sse4_1 gcc:5.0 From b6f51a9be08df03d54411c65f9271b9a62ab5554 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 20:07:05 -0500 Subject: [PATCH 0341/1008] Finish with the CPU feature macros --- configure.py | 14 ++------------ src/build-data/buildh.in | 4 ++-- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/configure.py b/configure.py index 794eb2ecce..1cde6d2674 100755 --- a/configure.py +++ b/configure.py @@ -335,7 +335,7 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--disable-%s' % (isa_extn), help='disable %s intrinsics' % (isa_extn_name), action='append_const', - const=isa_extn.replace('-', ''), + const=isa_extn.replace('-', '').replace('.', '_'), dest='disable_intrinsics') build_group = optparse.OptionGroup(parser, 'Build options') @@ -1005,16 +1005,6 @@ def supported_isa_extensions(self, cc, options): return sorted(isas) - def defines(self, cc, options): - """ - Return CPU-specific defines for build.h - """ - - def form_macro(cpu_name): - return cpu_name.upper().replace('.', '').replace('-', '_') - - return ['TARGET_SUPPORTS_' + form_macro(isa) for isa in self.supported_isa_extensions(cc, options)] - MachOptFlags = collections.namedtuple('MachOptFlags', ['flags', 'submodel_prefix']) @@ -1878,7 +1868,7 @@ def cmake_escape(s): 'os_features': osinfo.enabled_features(options), 'os_name': osinfo.basename, 'os_type': osinfo.os_type, - 'cpu_defines': arch.defines(cc, options), + 'cpu_features': arch.supported_isa_extensions(cc, options), 'house_ecc_curve_defines': house_ecc_curve_macros(options.house_curve), 'fuzzer_mode': options.unsafe_fuzzer_mode, diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 1e32532dbf..cacc01ed0e 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -66,8 +66,8 @@ #define BOTAN_TARGET_CPU_HAS_NATIVE_64BIT %{endif} -%{for cpu_defines} -#define BOTAN_%{i} +%{for cpu_features} +#define BOTAN_TARGET_SUPPORTS_%{i|upper} %{endfor} %{if with_valgrind} From 8517b97cbeec0ca5ff2aa12ff16d04473679aee2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 20:08:13 -0500 Subject: [PATCH 0342/1008] Remove an unused feature allowing one module to pull in a file from another The last use of this was removed in #549 --- configure.py | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/configure.py b/configure.py index 1cde6d2674..0a95961680 100755 --- a/configure.py +++ b/configure.py @@ -793,24 +793,11 @@ def convert_lib_list(l): self.requires = lex.requires self.warning = ' '.join(lex.warning) if lex.warning else None - def add_dir_name(filename): - if filename.count(':') == 0: - return os.path.join(self.lives_in, filename) - - # TODO is this used anymore??? Probably can be removed. - - # modules can request to add files of the form - # MODULE_NAME:FILE_NAME to add a file from another module - # For these, assume other module is always in a - # neighboring directory; this is true for all current uses - return os.path.join(os.path.split(self.lives_in)[0], - *filename.split(':')) - # Modify members - self.source = [normalize_source_path(add_dir_name(s)) for s in self.source] - self.header_internal = [add_dir_name(s) for s in self.header_internal] - self.header_public = [add_dir_name(s) for s in self.header_public] - self.header_external = [add_dir_name(s) for s in self.header_external] + self.source = [normalize_source_path(os.path.join(self.lives_in, s)) for s in self.source] + self.header_internal = [os.path.join(self.lives_in, s) for s in self.header_internal] + self.header_public = [os.path.join(self.lives_in, s) for s in self.header_public] + self.header_external = [os.path.join(self.lives_in, s) for s in self.header_external] # Filesystem read access check for src in self.source + self.header_internal + self.header_public + self.header_external: From 4cc5e2fe991d4233f053abedf73a5dc22594330b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 20:49:45 -0500 Subject: [PATCH 0343/1008] Rename SSE4.x names to avoid underscores This breaks how we determine the ISA flags for amalgamation files. The code for doing that is kind of a hack but I don't want to mess with it right now, easier to just rename the ISA internally. --- configure.py | 7 ++++++- src/build-data/arch/x86_32.txt | 4 ++-- src/build-data/arch/x86_64.txt | 4 ++-- src/build-data/cc/clang.txt | 4 ++-- src/build-data/cc/gcc.txt | 4 ++-- src/build-data/cc/msvc.txt | 4 ++-- src/build-data/cc/sunstudio.txt | 4 ++-- src/lib/hash/sha1/sha1_x86/info.txt | 2 +- src/lib/hash/sha2_32/sha2_32_x86/info.txt | 2 +- 9 files changed, 20 insertions(+), 15 deletions(-) diff --git a/configure.py b/configure.py index 0a95961680..d7b03f8c12 100755 --- a/configure.py +++ b/configure.py @@ -335,7 +335,7 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--disable-%s' % (isa_extn), help='disable %s intrinsics' % (isa_extn_name), action='append_const', - const=isa_extn.replace('-', '').replace('.', '_'), + const=isa_extn.replace('-', '').replace('.', ''), dest='disable_intrinsics') build_group = optparse.OptionGroup(parser, 'Build options') @@ -972,6 +972,11 @@ def __init__(self, infofile): self.submodel_aliases = parse_lex_dict(lex.submodel_aliases) self.wordsize = int(lex.wordsize) + alphanumeric = re.compile('^[a-z0-9]+$') + for isa in self.isa_extensions: + if alphanumeric.match(isa) is None: + logging.error('Invalid name for ISA extension "%s"', isa) + def all_submodels(self): """ Return a list of all submodels for this arch, ordered longest diff --git a/src/build-data/arch/x86_32.txt b/src/build-data/arch/x86_32.txt index b523d9ce46..0aa9b6683b 100644 --- a/src/build-data/arch/x86_32.txt +++ b/src/build-data/arch/x86_32.txt @@ -68,7 +68,7 @@ rdrand rdseed sha sse2 -sse4_1 -sse4_2 +sse41 +sse42 ssse3 diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt index 9e3e74b9b9..1757e4f424 100644 --- a/src/build-data/arch/x86_64.txt +++ b/src/build-data/arch/x86_64.txt @@ -47,7 +47,7 @@ rdrand rdseed sha sse2 -sse4_1 -sse4_2 +sse41 +sse42 ssse3 diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 6fc3db6a1e..aaef4357a3 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -37,8 +37,8 @@ llvm -> "llvm-link" sse2 -> "-msse2" ssse3 -> "-mssse3" -sse4_1 -> "-msse4.1" -sse4_2 -> "-msse4.2" +sse41 -> "-msse4.1" +sse42 -> "-msse4.2" avx2 -> "-mavx2" bmi2 -> "-mbmi2" aesni -> "-maes -mpclmul -mssse3" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index b89432ea5c..ce1f47ae00 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -47,8 +47,8 @@ default -> "$(LINKER)" sse2 -> "-msse2" ssse3 -> "-mssse3" -sse4_1 -> "-msse4.1" -sse4_2 -> "-msse4.2" +sse41 -> "-msse4.1" +sse42 -> "-msse4.2" avx2 -> "-mavx2" bmi2 -> "-mbmi2" aesni -> "-maes -mpclmul -mssse3" diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 2d6cb1a571..b816d33f8f 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -34,8 +34,8 @@ ar_output_to "/OUT:" sse2 -> "" ssse3 -> "" -sse4_1 -> "" -sse4_2 -> "" +sse41 -> "" +sse42 -> "" x86_64:avx2 -> "" bmi2 -> "" aesni -> "" diff --git a/src/build-data/cc/sunstudio.txt b/src/build-data/cc/sunstudio.txt index 4b15a8d631..e983bf7019 100644 --- a/src/build-data/cc/sunstudio.txt +++ b/src/build-data/cc/sunstudio.txt @@ -54,8 +54,8 @@ x86_64 -> "-m64" # https://docs.oracle.com/cd/E37069_01/html/E37074/bjapp.html#OSSCGbkazd sse2 -> "-xarch=sse2" ssse3 -> "-xarch=ssse3" -sse4_1 -> "-xarch=sse4.1" -sse4_2 -> "-xarch=sse4.2" +sse41 -> "-xarch=sse4.1" +sse42 -> "-xarch=sse4.2" aesni -> "-xarch=aes" avx -> "-xarch=avx" rdrand -> "-xarch=avx_i" diff --git a/src/lib/hash/sha1/sha1_x86/info.txt b/src/lib/hash/sha1/sha1_x86/info.txt index 2f48f76278..cfa1750c23 100644 --- a/src/lib/hash/sha1/sha1_x86/info.txt +++ b/src/lib/hash/sha1/sha1_x86/info.txt @@ -2,7 +2,7 @@ SHA1_X86_SHA_NI -> 20170518 -need_isa sha,ssse3,sse4_1 +need_isa sha,ssse3,sse41 clang:3.9 diff --git a/src/lib/hash/sha2_32/sha2_32_x86/info.txt b/src/lib/hash/sha2_32/sha2_32_x86/info.txt index f3964e4411..838d2a4a81 100644 --- a/src/lib/hash/sha2_32/sha2_32_x86/info.txt +++ b/src/lib/hash/sha2_32/sha2_32_x86/info.txt @@ -2,7 +2,7 @@ SHA2_32_X86 -> 20170518 -need_isa sha,sse4_1 +need_isa sha,sse41 gcc:5.0 From 44c34416c7c10b69e45f255785c11ec063614c52 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 20:55:19 -0500 Subject: [PATCH 0344/1008] Avoid a shadow warning under old Clang [ci skip] Bogus warning but whatever. --- src/cli/argparse.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cli/argparse.h b/src/cli/argparse.h index 4577160954..ebedfefb1c 100644 --- a/src/cli/argparse.h +++ b/src/cli/argparse.h @@ -207,8 +207,8 @@ Argument_Parser::Argument_Parser(const std::string& spec, class CLI_Error_Invalid_Spec : public CLI_Error { public: - explicit CLI_Error_Invalid_Spec(const std::string& spec) - : CLI_Error("Invalid command spec '" + spec + "'") {} + explicit CLI_Error_Invalid_Spec(const std::string& bad_spec) + : CLI_Error("Invalid command spec '" + bad_spec + "'") {} }; const std::vector parts = Botan::split_on(spec, ' '); From 4206f35cad8488f96c7236b6d07b982fd56923b1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 21:17:12 -0500 Subject: [PATCH 0345/1008] Handle map conversion within the lexer function --- configure.py | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/configure.py b/configure.py index bfd1a01029..713302a32d 100755 --- a/configure.py +++ b/configure.py @@ -641,7 +641,7 @@ def parse_lex_dict(as_list): return result -def lex_me_harder(infofile, allowed_groups, name_val_pairs): +def lex_me_harder(infofile, allowed_groups, allowed_maps, name_val_pairs): """ Generic lexer function for info.txt and src/build-data files """ @@ -654,7 +654,8 @@ def py_var(group): lexer = shlex.shlex(open(infofile), infofile, posix=True) lexer.wordchars += '|:.<>/,-!+' # handle various funky chars in info.txt - for group in allowed_groups: + groups = allowed_groups + allowed_maps + for group in groups: out.__dict__[py_var(group)] = [] for (key, val) in name_val_pairs.items(): out.__dict__[key] = val @@ -674,7 +675,7 @@ def lexed_tokens(): # Convert to an interator if match is not None: group = match.group(1) - if group not in allowed_groups: + if group not in groups: raise LexerError('Unknown group "%s"' % (group), infofile, lexer.lineno) @@ -697,6 +698,9 @@ def lexed_tokens(): # Convert to an interator else: # No match -> error raise LexerError('Bad token "%s"' % (token), infofile, lexer.lineno) + for group in allowed_maps: + out.__dict__[group] = parse_lex_dict(out.__dict__[group]) + return out class InfoObject(object): @@ -727,10 +731,10 @@ def __init__(self, infofile): super(ModuleInfo, self).__init__(infofile) lex = lex_me_harder( infofile, - [ - 'defines', 'header:internal', 'header:public', 'header:external', 'requires', - 'os', 'arch', 'cc', 'libs', 'frameworks', 'comment', 'warning' + ['header:internal', 'header:public', 'header:external', 'requires', + 'os', 'arch', 'cc', 'libs', 'frameworks', 'comment', 'warning' ], + ['defines'], { 'load_on': 'auto', 'need_isa': '' @@ -784,7 +788,7 @@ def convert_lib_list(l): self.arch = lex.arch self.cc = lex.cc self.comment = ' '.join(lex.comment) if lex.comment else None - self._defines = parse_lex_dict(lex.defines) + self._defines = lex.defines self._validate_defines_content(self._defines) self.frameworks = convert_lib_list(lex.frameworks) self.libs = convert_lib_list(lex.libs) @@ -946,6 +950,7 @@ def __init__(self, infofile): lex = lex_me_harder( infofile, ['required', 'if_available', 'prohibited'], + [], {}) self.if_available = lex.if_available @@ -969,7 +974,8 @@ def __init__(self, infofile): super(ArchInfo, self).__init__(infofile) lex = lex_me_harder( infofile, - ['aliases', 'submodels', 'submodel_aliases', 'isa_extensions'], + ['aliases', 'submodels', 'isa_extensions'], + ['submodel_aliases'], { 'endian': None, 'family': None, @@ -981,7 +987,7 @@ def __init__(self, infofile): self.family = lex.family self.isa_extensions = lex.isa_extensions self.submodels = lex.submodels - self.submodel_aliases = parse_lex_dict(lex.submodel_aliases) + self.submodel_aliases = lex.submodel_aliases self.wordsize = int(lex.wordsize) def all_submodels(self): @@ -1051,7 +1057,8 @@ def __init__(self, infofile): super(CompilerInfo, self).__init__(infofile) lex = lex_me_harder( infofile, - ['so_link_commands', 'binary_link_commands', 'mach_opt', 'mach_abi_linking', 'isa_flags'], + ['mach_opt'], + ['so_link_commands', 'binary_link_commands', 'mach_abi_linking', 'isa_flags'], { 'binary_name': None, 'linker_name': None, @@ -1082,32 +1089,32 @@ def __init__(self, infofile): self.add_framework_option = lex.add_framework_option self.add_include_dir_option = lex.add_include_dir_option - self.add_lib_option = lex.add_lib_option self.add_lib_dir_option = lex.add_lib_dir_option + self.add_lib_option = lex.add_lib_option self.ar_command = lex.ar_command self.ar_options = lex.ar_options self.ar_output_to = lex.ar_output_to - self.binary_link_commands = parse_lex_dict(lex.binary_link_commands) + self.binary_link_commands = lex.binary_link_commands self.binary_name = lex.binary_name self.compile_flags = lex.compile_flags self.coverage_flags = lex.coverage_flags self.debug_info_flags = lex.debug_info_flags - self.isa_flags = parse_lex_dict(lex.isa_flags) + self.isa_flags = lex.isa_flags self.lang_flags = lex.lang_flags self.linker_name = lex.linker_name - self.mach_abi_linking = parse_lex_dict(lex.mach_abi_linking) + self.mach_abi_linking = lex.mach_abi_linking self.macro_name = lex.macro_name self.maintainer_warning_flags = lex.maintainer_warning_flags self.optimization_flags = lex.optimization_flags - self.output_to_object = lex.output_to_object self.output_to_exe = lex.output_to_exe + self.output_to_object = lex.output_to_object self.sanitizer_flags = lex.sanitizer_flags self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags - self.so_link_commands = parse_lex_dict(lex.so_link_commands) + self.so_link_commands = lex.so_link_commands self.stack_protector_flags = lex.stack_protector_flags - self.visibility_build_flags = lex.visibility_build_flags self.visibility_attribute = lex.visibility_attribute + self.visibility_build_flags = lex.visibility_build_flags self.warning_flags = lex.warning_flags self.mach_opt_flags = {} @@ -1301,6 +1308,7 @@ def __init__(self, infofile): lex = lex_me_harder( infofile, ['aliases', 'target_features'], + [], { 'os_type': None, 'program_suffix': '', From 5594497449d5572e0459aed741db87e5255ef5ea Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 23:49:03 -0500 Subject: [PATCH 0346/1008] Fix make clean --- src/scripts/cleanup.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index d2aaf43033..39a505852e 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -10,6 +10,7 @@ import os import sys +import stat import re import optparse # pylint: disable=deprecated-module import logging @@ -41,7 +42,13 @@ def remove_all_in_dir(d): logging.debug('Removing all files in directory "%s"', d) for f in os.listdir(d): - remove_file(os.path.join(d, f)) + full_path = os.path.join(d, f) + mode = os.lstat(full_path).st_mode + + if stat.S_ISDIR(mode): + remove_dir(full_path) + else: + remove_file(full_path) def parse_options(args): parser = optparse.OptionParser() From 3a6a92332f808de1eb507a073d8b71e689152fee Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 23:49:34 -0500 Subject: [PATCH 0347/1008] Update news --- news.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/news.rst b/news.rst index 2adc90249b..81c341b3a9 100644 --- a/news.rst +++ b/news.rst @@ -24,6 +24,9 @@ Version 2.4.0, Not Yet Released * XMSS signatures now are multithreaded for improved performance (GH #1267) +* Fix a bug that caused the peer cert list to be empty on a resumed session. + (GH #1303 #1342) + * Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows using a DH key exchange with a group greater than 4096 bits. (GH #1316) @@ -156,6 +159,11 @@ Version 2.4.0, Not Yet Released policy, but with a few tweaks. So the final annotations have been removed on these classes. (GH #1292) +* A new option ``--with-pdf`` enables building a PDF copy of the handbook. + (GH #1337) + +* Support for NEON is now enabled under Clang. + * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) From a4b39d62ffd933f5056d8d94d6e16054986d2d01 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 23:42:50 -0500 Subject: [PATCH 0348/1008] Add ability to generate man page with rst2man fixing #1349 --- configure.py | 28 +++-- doc/manual/cli.rst | 216 ++++++++++++++++++++++++-------------- src/scripts/build_docs.py | 7 ++ src/scripts/install.py | 7 ++ 4 files changed, 171 insertions(+), 87 deletions(-) diff --git a/configure.py b/configure.py index 7237cb9b05..ae23aed1e3 100755 --- a/configure.py +++ b/configure.py @@ -378,7 +378,7 @@ def process_command_line(args): # pylint: disable=too-many-locals help='disable all optimizations (for debugging)') build_group.add_option('--debug-mode', action='store_true', default=False, dest='debug_mode', - help='enable debug info and disable optimizations') + help='enable debug info, disable optimizations') build_group.add_option('--gen-amalgamation', dest='gen_amalgamation', default=False, action='store_true', @@ -390,7 +390,7 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--amalgamation', dest='amalgamation', default=False, action='store_true', - help='generate amalgamation files and build via amalgamation') + help='use amalgamation to build') build_group.add_option('--single-amalgamation-file', default=False, action='store_true', @@ -443,11 +443,11 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--unsafe-fuzzer-mode', action='store_true', default=False, help='Disable essential checks for testing') - build_group.add_option('--build-fuzzers=', dest='build_fuzzers', + build_group.add_option('--build-fuzzers', dest='build_fuzzers', metavar='TYPE', default=None, help='Build fuzzers (afl, libfuzzer, klee, test)') - build_group.add_option('--with-fuzzer-lib=', metavar='LIB', default=None, dest='fuzzer_lib', + build_group.add_option('--with-fuzzer-lib', metavar='LIB', default=None, dest='fuzzer_lib', help='additionally link in LIB') docs_group = optparse.OptionGroup(parser, 'Documentation Options') @@ -471,6 +471,12 @@ def process_command_line(args): # pylint: disable=too-many-locals docs_group.add_option('--without-pdf', action='store_false', dest='with_pdf', help=optparse.SUPPRESS_HELP) + docs_group.add_option('--with-rst2man', action='store_true', + default=None, help='Use rst2man to generate man page') + + docs_group.add_option('--without-rst2man', action='store_false', + dest='with_rst2man', help=optparse.SUPPRESS_HELP) + docs_group.add_option('--with-doxygen', action='store_true', default=False, help='Use Doxygen') @@ -532,6 +538,8 @@ def process_command_line(args): # pylint: disable=too-many-locals help='set the binary install dir') install_group.add_option('--libdir', metavar='DIR', help='set the library install dir') + install_group.add_option('--mandir', metavar='DIR', + help='set the install dir for man pages') install_group.add_option('--includedir', metavar='DIR', help='set the include file install dir') @@ -558,7 +566,6 @@ def process_command_line(args): # pylint: disable=too-many-locals 'libexecdir', 'localedir', 'localstatedir', - 'mandir', 'oldincludedir', 'pdfdir', 'psdir', @@ -1273,6 +1280,7 @@ def __init__(self, infofile): 'bin_dir': 'bin', 'lib_dir': 'lib', 'doc_dir': 'share/doc', + 'man_dir': 'share/man', 'building_shared_supported': 'yes', 'so_post_link_command': '', 'cli_exe_name': 'botan', @@ -1318,6 +1326,7 @@ def __init__(self, infofile): self.lib_dir = lex.lib_dir self.lib_prefix = lex.lib_prefix self.library_name = lex.library_name + self.man_dir = lex.man_dir self.obj_suffix = lex.obj_suffix self.os_type = lex.os_type self.program_suffix = lex.program_suffix @@ -1769,12 +1778,14 @@ def cmake_escape(s): 'prefix': options.prefix or osinfo.install_root, 'bindir': options.bindir or osinfo.bin_dir, 'libdir': options.libdir or osinfo.lib_dir, + 'mandir': options.mandir or osinfo.man_dir, 'includedir': options.includedir or osinfo.header_dir, 'docdir': options.docdir or osinfo.doc_dir, 'with_documentation': options.with_documentation, 'with_sphinx': options.with_sphinx, 'with_pdf': options.with_pdf, + 'with_rst2man': options.with_rst2man, 'sphinx_config_dir': source_paths.sphinx_config_dir, 'with_doxygen': options.with_doxygen, @@ -2718,10 +2729,13 @@ def deduce_compiler_type_from_cc_bin(cc_bin): logging.info('Guessing target processor is a %s/%s (use --cpu to set)' % ( options.arch, options.cpu)) - if options.with_sphinx is None and options.with_documentation is True: - if have_program('sphinx-build'): + if options.with_documentation is True: + if options.with_sphinx is None and have_program('sphinx-build'): logging.info('Found sphinx-build (use --without-sphinx to disable)') options.with_sphinx = True + if options.with_rst2man is None and have_program('rst2man'): + logging.info('Found rst2man (use --without-rst2man to disable)') + options.with_rst2man = True # Mutates `options` diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index 72e3d3b31b..85b93d5e1f 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -1,55 +1,54 @@ -The Command Line Interface +botan ======================================== -The botan program is a command line tool for using a broad variety of functions of the Botan library in the shell. -The CLI offers access to the following functionalities: -- Data en- and decoding -- Creation and administration of public key parameters and keypairs -- Calculation of message digests -- Calculation and verification of public key signatures -- Access to random number generators -- Creation of X.509 certificates and certificate signing requests -- OCSP certificate checking -- Performance measurements of implemented algorithms -- TLS server/client -- Primality testing, prime factorization and prime sampling +:Subtitle: Botan command line util +:Manual section: 1 -.. highlight:: sh +Outline +------------ -General Command Usage ---------------------------------- -All commands follow the predefined syntax:: +The ``botan`` program is a command line tool for using a broad variety +of functions of the Botan library in the shell. - $ botan +All commands follow the syntax ``botan ``. -and are listed with their available arguments when ``botan`` is called -with an unknown command, or without any command, or with ``--help``. +If ``botan`` is run with an unknown command, or without any command, or with the +``--help`` option, all available commands with their options will be printed. -Hash +Hash Function ---------------- ``hash --algo=SHA-256 --buf-size=4096 files`` - Compute the *algo* digest over the data in *files*. *files* defaults to STDIN. - + Compute the *algo* digest over the data in any number of *files*. If + no files are listed on the command line, the input source defaults + to standard input. + Password Hash ---------------- ``gen_bcrypt --work-factor=12 password`` - Calculate the bcrypt password digest of *file*. *work-factor* is an integer between 1 and 18. - A higher *work-factor* value results in a more expensive hash calculation. + Calculate the bcrypt password digest of *password*. *work-factor* is an + integer between 4 and 18. A higher *work-factor* value results in a + more expensive hash calculation. + ``check_bcrypt password hash`` Checks if the bcrypt hash of the passed *password* equals the passed *hash* value. HMAC ---------------- ``hmac --hash=SHA-256 --buf-size=4096 key files`` - Compute the HMAC tag with the cryptographic hash function *hash* using the key in file *key* over the data in *files*. *files* defaults to STDIN. + Compute the HMAC tag with the cryptographic hash function *hash* + using the key in file *key* over the data in *files*. *files* + defaults to STDIN. Public Key Cryptography ------------------------------------- ``keygen --algo=RSA --params= --passphrase= --pbe= --pbe-millis=300 --der-out`` - Generate a PKCS #8 *algo* private key. If *der-out* is passed, the pair is BER encoded. - Otherwise, PEM encoding is used. To protect the PKCS #8 formatted key, it is recommended to encrypt it with a provided - *passphrase*. *pbe* is the name of the desired encryption algorithm, which uses *pbe-millis* milliseconds to derive the encryption key from - the passed *passphrase*. Algorithm specific parameters, as the desired bitlength of an RSA key, can be passed with *params*. + Generate a PKCS #8 *algo* private key. If *der-out* is passed, the pair is BER + encoded. Otherwise, PEM encoding is used. To protect the PKCS #8 formatted + key, it is recommended to encrypt it with a provided *passphrase*. *pbe* is + the name of the desired encryption algorithm, which uses *pbe-millis* + milliseconds to derive the encryption key from the passed + *passphrase*. Algorithm specific parameters, as the desired bitlength of an + RSA key, can be passed with *params*. - For RSA *params* specifies the bit length of the RSA modulus. It defaults to 3072. - For DH *params* specifies the DH parameters. It defaults to modp/ietf/2048. @@ -57,66 +56,110 @@ Public Key Cryptography - For EC algorithms *params* specifies the elliptic curve. It defaults to secp256r1. ``pkcs8 --pass-in= --pub-out --der-out --pass-out= --pbe= --pbe-millis=300 key`` - Open a PKCS #8 formatted key at *key*. If *key* is encrypted, the passphrase must be passed as - *pass-in*. It is possible to (re)encrypt the read key with the passphrase passed as *pass-out*. The - parameters *pbe-millis* and *pbe* work similarly to ``keygen``. + Open a PKCS #8 formatted key at *key*. If *key* is encrypted, the passphrase + must be passed as *pass-in*. It is possible to (re)encrypt the read key with + the passphrase passed as *pass-out*. The parameters *pbe-millis* and *pbe* + work similarly to ``keygen``. ``sign --passphrase= --hash=SHA-256 --emsa= key file`` - Sign the data in *file* using the PKCS #8 private key *key*. If *key* is encrypted, the used passphrase must - be passed as *pass-in*. *emsa* specifies the signature scheme and *hash* the cryptographic hash function used in the scheme. + Sign the data in *file* using the PKCS #8 private key *key*. If *key* is + encrypted, the used passphrase must be passed as *pass-in*. *emsa* specifies + the signature scheme and *hash* the cryptographic hash function used in the + scheme. - For RSA signatures EMSA4 (RSA-PSS) is the default scheme. - - For ECDSA and DSA *emsa* defaults to EMSA1. + - For ECDSA and DSA *emsa* defaults to EMSA1 (signing the hash directly) ``verify --hash=SHA-256 --emsa= pubkey file signature`` - Verify the authenticity of the data in *file* with the provided signature *signature* and - the public key *pubkey*. Similarly to the signing process, *emsa* specifies the signature scheme and *hash* the cryptographic hash function used in the scheme. + Verify the authenticity of the data in *file* with the provided signature + *signature* and the public key *pubkey*. Similarly to the signing process, + *emsa* specifies the signature scheme and *hash* the cryptographic hash + function used in the scheme. + ``gen_dl_group --pbits=1024 --qbits=0 --type=subgroup`` Generate ANSI X9.42 encoded Diffie-Hellman group parameters. - - If *type=subgroup* is passed, the size of the prime subgroup q is sampled as a prime of *qbits* length and p is *pbits* long. If *qbits* is not passed, its length is estimated from *pbits* as described in RFC 3766. - - If *type=strong* is passed, p is sampled as a safe prime with length *pbits* and the prime subgroup has size q with *pbits*-1 length. + - If *type=subgroup* is passed, the size of the prime subgroup q is sampled + as a prime of *qbits* length and p is *pbits* long. If *qbits* is not + passed, its length is estimated from *pbits* as described in RFC 3766. + - If *type=strong* is passed, p is sampled as a safe prime with length + *pbits* and the prime subgroup has size q with *pbits*-1 length. ``dl_group_info --pem name`` - Print raw Diffie-Hellman parameters (p,g) of the standarized DH group *name*. If *pem* is set, the X9.42 encoded group is printed. + Print raw Diffie-Hellman parameters (p,g) of the standarized DH group + *name*. If *pem* is set, the X9.42 encoded group is printed. ``ec_group_info --pem name`` - Print raw elliptic curve domain parameters of the standarized curve *name*. If *pem* is set, the encoded domain is printed. + Print raw elliptic curve domain parameters of the standarized curve *name*. If + *pem* is set, the encoded domain is printed. X.509 ---------------------------------------------- ``gen_pkcs10 key CN --country= --organization= --email= --key-pass= --hash=SHA-256`` - Generate a PKCS #10 certificate signing request (CSR) using the passed PKCS #8 private key *key*. If the private key is - encrypted, the decryption passphrase *key-pass* has to be passed. + Generate a PKCS #10 certificate signing request (CSR) using the passed PKCS #8 + private key *key*. If the private key is encrypted, the decryption passphrase + *key-pass* has to be passed. ``gen_self_signed key CN --country= --dns= --organization= --email= --key-pass= --ca --hash=SHA-256`` - Generate a self signed X.509 certificate using the PKCS #8 private key *key*. If the private key is encrypted, the decryption - passphrase *key-pass* has to be passed. If *ca* is passed, the certificate is marked for certificate authority (CA) usage. + Generate a self signed X.509 certificate using the PKCS #8 private key + *key*. If the private key is encrypted, the decryption passphrase *key-pass* + has to be passed. If *ca* is passed, the certificate is marked for certificate + authority (CA) usage. ``sign_cert --ca-key-pass= --hash=SHA-256 --duration=365 ca_cert ca_key pkcs10_req`` - Create a CA signed X.509 certificate from the information contained in the PKCS #10 CSR *pkcs10_req*. The CA certificate is passed as - *ca_cert* and the respective PKCS #8 private key as *ca_key*. If the private key is encrypted, the decryption - passphrase *ca-key-pass* has to be passed. The created certificate has a validity period of *duration* days. + Create a CA signed X.509 certificate from the information contained in the + PKCS #10 CSR *pkcs10_req*. The CA certificate is passed as *ca_cert* and the + respective PKCS #8 private key as *ca_key*. If the private key is encrypted, + the decryption passphrase *ca-key-pass* has to be passed. The created + certificate has a validity period of *duration* days. ``ocsp_check subject issuer`` - Verify an X.509 certificate against the issuers OCSP responder. Pass the certificate to validate as *subject* and the CA certificate as *issuer*. + Verify an X.509 certificate against the issuers OCSP responder. Pass the + certificate to validate as *subject* and the CA certificate as *issuer*. -``cert_info --ber file`` - Parse X.509 PEM certificate and display data fields. +``cert_info --fingerprint --ber file`` + Parse X.509 PEM certificate and display data fields. If ``--fingerprint`` is + used, the certificate's fingerprint is also printed. -``cert_verify subject ca_certs`` - Verify if the passed X.509 certificate *subject* passes the path validation. The list of trusted CA certificates is passed with *ca_certs* +``cert_verify subject *ca_certs`` + Verify if the provided X.509 certificate *subject* can be sucessfully + validated. The list of trusted CA certificates is passed with *ca_certs*, + which is a list of one or more certificates. TLS Server/Client ----------------------- + +``tls_ciphers --policy=default --version=tls1.2`` + Prints the list of ciphersuites that will be offered under a particular + policy/version. The policy can be any of the the strings "default", "suiteb", + "strict", or "all" to denote built-in policies, or it can name a file from + which a policy description will be read. + ``tls_client host --port=443 --print-certs --policy= --tls1.0 --tls1.1 --tls1.2 --session-db= --session-db-pass= --next-protocols= --type=tcp`` - Implements a testing TLS client, which connects to *host* via TCP or UDP on port *port*. The TLS version can be set with the flags *tls1.0*, *tls1.1* and *tls1.2* of which the lowest specified version is automatically chosen. - If none of the TLS version flags is set, the latest supported version is chosen. The client honors the TLS policy defined in the *policy* file and prints all certificates in the chain, if *print-certs* is passed. - *next-protocols* is a comma seperated list and specifies the protocols to advertise with Application-Layer Protocol Negotiation (ALPN). + Implements a testing TLS client, which connects to *host* via TCP or UDP on + port *port*. The TLS version can be set with the flags *tls1.0*, *tls1.1* and + *tls1.2* of which the lowest specified version is automatically chosen. If + none of the TLS version flags is set, the latest supported version is + chosen. The client honors the TLS policy defined in the *policy* file and + prints all certificates in the chain, if *print-certs* is passed. + *next-protocols* is a comma seperated list and specifies the protocols to + advertise with Application-Layer Protocol Negotiation (ALPN). ``tls_server cert key --port=443 --type=tcp --policy=`` - Implements a testing TLS server, which allows TLS clients to connect. Binds to either TCP or UDP on port *port*. The server uses the certificate *cert* and the respective PKCS #8 - private key *key*. The server honors the TLS policy defined in the *policy* file. + Implements a testing TLS server, which allows TLS clients to connect. Binds to + either TCP or UDP on port *port*. The server uses the certificate *cert* and + the respective PKCS #8 private key *key*. The server honors the TLS policy + defined in the *policy* file. + +``tls_http_server cert key --port=443 --policy= --session-db --session-db-pass=`` + Only available if asio support was enabled. Provides a simple HTTP server + which replies to all requests with an informational text output. The server + honors the TLS policy defined in the *policy* file. + +``tls_proxy listen_port target_host target_port server_cert server_key`` + Only available if asio support was enabled. Listens on a port and + forwards all connects to a target server specified at + ``target_host`` and ``target_port``. Number Theory ----------------------- @@ -135,34 +178,47 @@ PSK Database Only available if sqlite3 support was compiled in. ``psk_set db db_key name psk`` - Using the PSK database named db and encrypting under the (hex) key ``db_key``, save the provided psk (also hex) under ``name``:: $ botan psk_set psk.db deadba55 bunny f00fee ``psk_get db db_key name`` - Get back a value saved with ``psk_set``:: $ botan psk_get psk.db deadba55 bunny f00fee ``psk_list db db_key`` - List all values saved to the database under the given key:: $ botan psk_list psk.db deadba55 bunny +Data Encoding/Decoding +------------------------ + +``base64_dec file`` + Encode *file* to Base64. + +``base64_enc file`` + Decode Base64 encoded *file*. + +``hex_dec file`` + Encode *file* to Hex. + +``hex_enc file`` + Decode Hex encoded *file*. Miscellaneous Commands ------------------------------------- ``version --full`` - Print version. Pass --full for additional details. + Print the version number. If option ``-full`` is provided additional details are printed. ``config info_type`` - Print the used prefix, cflags, ldflags or libs. + Prints build information, useful for applications which want to + build against the library. The ``info_type`` argument can be any of + ``prefix``, ``cflags``, ``ldflags``, or ``libs``. ``cpuid`` List available processor flags (aes_ni, SIMD extensions, ...). @@ -170,27 +226,27 @@ Miscellaneous Commands ``asn1print file`` Decode and print *file* with ASN.1 Basic Encoding Rules (BER). -``base64_dec file`` - Encode *file* to Base64. - -``base64_enc file`` - Decode Base64 encoded *file*. - ``http_get url`` Retrieve ressource from the passed http/https *url*. -``speed --msec=300 --provider= --buf-size=4096 algos`` - Measures the speed of the passed *algos*. If no *algos* are passed all available - speed tests are executed. *msec* (in milliseconds) sets the period of measurement for each algorithm. +``speed --msec=100 --provider= --buf-size=4096 algos`` + Measures the speed of the passed *algos*. If no *algos* are passed + all available speed tests are executed. *msec* (in milliseconds) + sets the period of measurement for each algorithm. ``rng --system --rdrand bytes`` - Sample *bytes* random bytes from the specified random number generator. If *system* is set, the Botan - System_RNG is used. If *system* is unset and *rdrand* is set, the hardware rng RDRAND_RNG is used. - If both are unset, the Botan AutoSeeded_RNG is used. + Sample *bytes* random bytes from the specified random number generator. If + *system* is set, the Botan System_RNG is used. If *system* is unset and + *rdrand* is set, the hardware rng RDRAND_RNG is used. If both are unset, the + Botan AutoSeeded_RNG is used. ``cc_encrypt CC passphrase --tweak=`` - Encrypt the passed valid credit card number *CC* using FPE encryption and the passphrase *passphrase*. The key is derived from the - passphrase using PBKDF2 with SHA256. Due to the nature of FPE, - the ciphertext is also a credit card number with a valid checksum. *tweak* is public and parameterizes the encryption function. + Encrypt the passed valid credit card number *CC* using FPE encryption and the + passphrase *passphrase*. The key is derived from the passphrase using PBKDF2 + with SHA256. Due to the nature of FPE, the ciphertext is also a credit card + number with a valid checksum. *tweak* is public and parameterizes the + encryption function. + ``cc_decrypt CC passphrase --tweak=`` - Decrypt the passed valid ciphertext *CC* using FPE decryption with the passphrase *passphrase* and the tweak *tweak*. + Decrypt the passed valid ciphertext *CC* using FPE decryption with + the passphrase *passphrase* and the tweak *tweak*. diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index 94c61afdf0..ca055ac05a 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -105,6 +105,8 @@ def log_level(): def main(args=None): + # pylint: disable=too-many-branches,too-many-locals + if args is None: args = sys.argv @@ -122,6 +124,7 @@ def main(args=None): with_docs = bool(cfg['with_documentation']) with_sphinx = bool(cfg['with_sphinx']) with_pdf = bool(cfg['with_pdf']) + with_rst2man = bool(cfg['with_rst2man']) with_doxygen = bool(cfg['with_doxygen']) doc_stamp_file = cfg['doc_stamp_file'] @@ -154,6 +157,10 @@ def main(args=None): # otherwise just copy it cmds.append(['cp', manual_src, manual_output]) + if with_rst2man: + cmds.append(['rst2man', os.path.join(manual_src, 'cli.rst'), + os.path.join(cfg['build_dir'], 'botan.1')]) + cmds.append(['touch', doc_stamp_file]) for cmd in cmds: diff --git a/src/scripts/install.py b/src/scripts/install.py index d30493ebef..243d58eda7 100755 --- a/src/scripts/install.py +++ b/src/scripts/install.py @@ -253,6 +253,13 @@ def copy_executable(src, dst): for f in [f for f in os.listdir(cfg['doc_dir']) if f.endswith('.txt')]: copy_file(os.path.join(cfg['doc_dir'], f), prepend_destdir(os.path.join(target_doc_dir, f))) + if cfg['with_rst2man']: + man1_dir = prepend_destdir(os.path.join(options.prefix, os.path.join(cfg['mandir'], 'man1'))) + makedirs(man1_dir) + + copy_file(os.path.join(cfg['build_dir'], 'botan.1'), + os.path.join(man1_dir, 'botan.1')) + logging.info('Botan %s installation complete', cfg['version']) return 0 From 9c31cb35b1d824cc4a44ba3b7c52e36f0ce379aa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Dec 2017 23:51:19 -0500 Subject: [PATCH 0349/1008] Mention rst2man in news --- news.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news.rst b/news.rst index 81c341b3a9..3ac009fe3e 100644 --- a/news.rst +++ b/news.rst @@ -162,6 +162,9 @@ Version 2.4.0, Not Yet Released * A new option ``--with-pdf`` enables building a PDF copy of the handbook. (GH #1337) +* A new option ``--with-rst2man`` enables building a man page for the + command line util using Docutils rst2man. (GH #1349) + * Support for NEON is now enabled under Clang. * Add an OID for RIPEMD-160 From 08bdefc9912101579218503c83b28db6e2cdc581 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 12 Dec 2017 00:29:50 -0500 Subject: [PATCH 0350/1008] Remove vestigial handling of removed options [ci skip] The --destdir option was removed in 2.2.0, and the amalgamation options were removed before 2.0.0 --- configure.py | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/configure.py b/configure.py index ae23aed1e3..b17b268e23 100755 --- a/configure.py +++ b/configure.py @@ -380,14 +380,6 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--debug-mode', action='store_true', default=False, dest='debug_mode', help='enable debug info, disable optimizations') - build_group.add_option('--gen-amalgamation', dest='gen_amalgamation', - default=False, action='store_true', - help='generate amalgamation files and build without amalgamation (removed)') - - build_group.add_option('--via-amalgamation', dest='via_amalgamation', - default=False, action='store_true', - help='build via amalgamation (deprecated, use --amalgamation)') - build_group.add_option('--amalgamation', dest='amalgamation', default=False, action='store_true', help='use amalgamation to build') @@ -529,9 +521,6 @@ def process_command_line(args): # pylint: disable=too-many-locals install_group.add_option('--prefix', metavar='DIR', help='set the install prefix') - install_group.add_option('--destdir', metavar='DIR', - help='set the destination prefix (REMOVED, use DESTDIR ' \ - 'environment variable when calling \'make install\')') install_group.add_option('--docdir', metavar='DIR', help='set the doc install dir') install_group.add_option('--bindir', metavar='DIR', @@ -2324,7 +2313,7 @@ def header_contents(self, name): def write_banner(fd): fd.write("""/* * Botan %s Amalgamation -* (C) 1999-2013,2014,2015,2016 Jack Lloyd and others +* (C) 1999-2017 The Botan Authors * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -2789,12 +2778,6 @@ def find_canonical_os_name(os_name_variant): def validate_options(options, info_os, info_cc, available_module_policies): # pylint: disable=too-many-branches - if options.gen_amalgamation: - raise UserError("--gen-amalgamation was removed. Migrate to --amalgamation.") - - if options.via_amalgamation: - raise UserError("--via-amalgamation was removed. Use --amalgamation instead.") - if options.single_amalgamation_file and not options.amalgamation: raise UserError("--single-amalgamation-file requires --amalgamation.") @@ -2815,10 +2798,6 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.module_policy and options.module_policy not in available_module_policies: raise UserError("Unknown module set %s" % options.module_policy) - if options.destdir: - raise UserError("--destdir was removed. Use the DESTDIR environment " - "variable instead when calling 'make install'") - if options.os == 'llvm' or options.cpu == 'llvm': if options.compiler != 'clang': raise UserError('LLVM target requires using Clang') @@ -2886,8 +2865,7 @@ def calculate_cc_min_version(options, cc, osinfo): logging.info('Auto-detected compiler version %s' % (cc_version)) return cc_version else: - logging.warning("Auto-detected compiler version failed. " \ - "Use --cc-min-version to set manually. Falling back to version 0.0") + logging.warning("Detecting compiler version failed. Use --cc-min-version to set") return "0.0" def main_action_configure_build(info_modules, source_paths, options, From 44be41a73ed6c5af722bbe1cb959d90ba2e0ac71 Mon Sep 17 00:00:00 2001 From: schregger Date: Tue, 12 Dec 2017 11:13:38 +0100 Subject: [PATCH 0351/1008] Fix pragma message to avoid warning Missing parentheses around pragma message caused warnings in Visual Studio. --- src/lib/base/botan.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/base/botan.h b/src/lib/base/botan.h index ddea0d4add..26bfa75a79 100644 --- a/src/lib/base/botan.h +++ b/src/lib/base/botan.h @@ -19,7 +19,7 @@ #if defined(__GNUC__) #warning "botan/botan.h is deprecated" #elif defined(_MSC_VER) - #pragma message "botan/botan.h is deprecated" + #pragma message ("botan/botan.h is deprecated") #endif #include From 23e0a8b6afdac8c22e062f404920b7d96bb0edff Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 12 Dec 2017 10:29:05 -0500 Subject: [PATCH 0352/1008] Try running rst2man in CI --- src/scripts/ci/setup_travis.sh | 2 +- src/scripts/ci_build.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/scripts/ci/setup_travis.sh b/src/scripts/ci/setup_travis.sh index 3ed1caeb1e..81b38eef17 100755 --- a/src/scripts/ci/setup_travis.sh +++ b/src/scripts/ci/setup_travis.sh @@ -73,7 +73,7 @@ if [ "$TRAVIS_OS_NAME" = "linux" ]; then elif [ "$BUILD_MODE" = "docs" ]; then sudo apt-get -qq update - sudo apt-get install doxygen + sudo apt-get install doxygen python-docutils # The version of Sphinx in 14.04 is too old (1.2.2) and does not support # all C++ features used in the manual. Install python-requests to avoid diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 8c1645d3e0..fdd71171f8 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -82,7 +82,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro flags += ['--module-policy=%s' % (target), '--disable-static'] if target == 'docs': - flags += ['--with-doxygen', '--with-sphinx'] + flags += ['--with-doxygen', '--with-sphinx', '--with-rst2man'] test_cmd = None if target == 'coverage': From fb01f3a6595598efd91a72710444475ec53d35e2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 12 Dec 2017 17:28:23 -0500 Subject: [PATCH 0353/1008] Simplify how make flags are set --- configure.py | 3 +-- src/build-data/makefile.in | 11 +++++------ 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/configure.py b/configure.py index b17b268e23..82f6faabfd 100755 --- a/configure.py +++ b/configure.py @@ -1594,8 +1594,7 @@ def _build_info(sources, objects, target_type): info = { 'src': src, 'obj': obj_file, - 'isa_flags': _isa_specific_flags(src), - 'target_type': 'LIB' if target_type == 'lib' else 'EXE', + 'isa_flags': _isa_specific_flags(src) } if target_type == 'fuzzer': diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 3db5beed80..dda3c2004a 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -19,8 +19,7 @@ EXE_LINK_CMD = %{exe_link_cmd} LIB_LINKS_TO = %{link_to} EXE_LINKS_TO = %{link_to_botan} $(LIB_LINKS_TO) -LIB_FLAGS = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) -EXE_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) +BUILD_FLAGS = $(LANG_FLAGS) $(CXXFLAGS) $(WARN_FLAGS) SCRIPTS_DIR = %{scripts_dir} INSTALLED_LIB_DIR = %{prefix}/%{libdir} @@ -116,22 +115,22 @@ fuzzer_corpus_zip: fuzzer_corpus %{for lib_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) %{isa_flags} $(SO_OBJ_FLAGS) $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{endfor} %{for cli_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) %{isa_flags} $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{endfor} %{for test_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) %{isa_flags} $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{endfor} %{for fuzzer_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(%{target_type}_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) %{isa_flags} $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{exe}: %{obj} $(LIBRARIES) $(EXE_LINK_CMD) %{obj} $(EXE_LINKS_TO) %{fuzzer_lib} %{output_to_exe}$@ From afcca925e4272858288ee4ac1ed95bb7cb8e1bfd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 13 Dec 2017 13:41:21 -0500 Subject: [PATCH 0354/1008] Drop IRIX support It turns out that GCC dropped support for IRIX in 4.8, so likely there was never even a C++11 compiler that could have been used to compile 2.x in any case. --- doc/manual/deprecated.rst | 2 +- news.rst | 5 +++++ src/build-data/os/irix.txt | 9 --------- src/lib/entropy/dev_random/info.txt | 1 - src/lib/entropy/proc_walk/info.txt | 1 - src/lib/filters/fd_unix/info.txt | 1 - src/lib/rng/system_rng/info.txt | 1 - 7 files changed, 6 insertions(+), 14 deletions(-) delete mode 100644 src/build-data/os/irix.txt diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index a7dc4bf123..6a90fb27f9 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -26,7 +26,7 @@ in the source. classes which currently subclass it. This only affects your code if you are referencing `Botan::SymmetricAlgorithm` directly. -- Platform support for BeOS and IRIX operating systems +- Platform support for BeOS and NaCl (Native Client) - Support for PathScale and HP compilers diff --git a/news.rst b/news.rst index 3ac009fe3e..abd106e83a 100644 --- a/news.rst +++ b/news.rst @@ -173,6 +173,11 @@ Version 2.4.0, Not Yet Released * Avoid some signed overflow warnings (GH #1220 #1245) +* As upstream support for Native Client has been deprecated by Google, support + is now also deprecated in Botan and will be removed in a future release. + +* Support for building on IRIX has been removed. + Version 2.3.0, 2017-10-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/build-data/os/irix.txt b/src/build-data/os/irix.txt deleted file mode 100644 index 70c37d39ad..0000000000 --- a/src/build-data/os/irix.txt +++ /dev/null @@ -1,9 +0,0 @@ -os_type unix - -soname_suffix "so" - - -gettimeofday -threads -filesystem - diff --git a/src/lib/entropy/dev_random/info.txt b/src/lib/entropy/dev_random/info.txt index eeffe5b850..d22f182117 100644 --- a/src/lib/entropy/dev_random/info.txt +++ b/src/lib/entropy/dev_random/info.txt @@ -16,7 +16,6 @@ freebsd haiku hpux hurd -irix linux netbsd openbsd diff --git a/src/lib/entropy/proc_walk/info.txt b/src/lib/entropy/proc_walk/info.txt index 363fa8cd9f..bb515b041c 100644 --- a/src/lib/entropy/proc_walk/info.txt +++ b/src/lib/entropy/proc_walk/info.txt @@ -15,7 +15,6 @@ dragonfly freebsd hpux hurd -irix linux netbsd qnx diff --git a/src/lib/filters/fd_unix/info.txt b/src/lib/filters/fd_unix/info.txt index a8765977da..4679cb4d51 100644 --- a/src/lib/filters/fd_unix/info.txt +++ b/src/lib/filters/fd_unix/info.txt @@ -13,7 +13,6 @@ dragonfly freebsd haiku hpux -irix linux netbsd openbsd diff --git a/src/lib/rng/system_rng/info.txt b/src/lib/rng/system_rng/info.txt index fe8e1af1c2..0c04fa21ca 100644 --- a/src/lib/rng/system_rng/info.txt +++ b/src/lib/rng/system_rng/info.txt @@ -14,7 +14,6 @@ hpux hurd includeos ios -irix linux mingw netbsd From 5e50a685750091849f59194fed9c5bef0685284c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 13 Dec 2017 17:14:36 -0500 Subject: [PATCH 0355/1008] Remove some unused OS feature flags We are unlikely to ever use gettimeofday or memset_s going forward. Also MinGW had the wrong flag for VirtualLock --- doc/os.rst | 46 ++++++++++++++++----------------- src/build-data/os/aix.txt | 1 - src/build-data/os/android.txt | 1 - src/build-data/os/cygwin.txt | 1 - src/build-data/os/darwin.txt | 2 -- src/build-data/os/dragonfly.txt | 1 - src/build-data/os/freebsd.txt | 1 - src/build-data/os/haiku.txt | 1 - src/build-data/os/hpux.txt | 1 - src/build-data/os/includeos.txt | 1 - src/build-data/os/ios.txt | 2 -- src/build-data/os/linux.txt | 1 - src/build-data/os/mingw.txt | 3 +-- src/build-data/os/nacl.txt | 1 - src/build-data/os/netbsd.txt | 1 - src/build-data/os/openbsd.txt | 1 - src/build-data/os/qnx.txt | 1 - src/build-data/os/solaris.txt | 1 - 18 files changed, 23 insertions(+), 44 deletions(-) diff --git a/doc/os.rst b/doc/os.rst index ca98456fbd..f1baa7cdee 100644 --- a/doc/os.rst +++ b/doc/os.rst @@ -19,8 +19,8 @@ A summary of OS features as defined in ``src/build-data/os``. h: hurd i: includeos i: ios - i: irix l: linux + l: llvm m: mingw n: nacl n: netbsd @@ -28,32 +28,30 @@ A summary of OS features as defined in ``src/build-data/os``. q: qnx s: solaris w: windows + w: winphone .. csv-table:: - :header: "Feature", "a", "a", "c", "d", "d", "f", "h", "h", "h", "i", "i", "i", "l", "m", "n", "n", "o", "q", "s", "w" + :header: "Feature", "a", "a", "c", "d", "d", "f", "h", "h", "h", "i", "i", "l", "l", "m", "n", "n", "o", "q", "s", "w", "w" - "clock_gettime", " ", "X", " ", " ", "X", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", "X", "X", "X", " ", " " - "cryptgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X" - "dlopen", " ", "X", " ", "X", " ", "X", " ", " ", " ", " ", "X", " ", "X", " ", " ", "X", "X", "X", " ", " " - "filesystem", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", "X", "X", " ", "X", "X", "X", "X", "X" - "gettimeofday", "X", "X", "X", "X", "X", "X", "X", "X", " ", " ", "X", "X", "X", " ", "X", "X", "X", "X", "X", " " - "gmtime_r", " ", "X", " ", "X", " ", "X", "X", " ", " ", " ", "X", " ", "X", " ", " ", "X", "X", "X", " ", " " - "gmtime_s", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" - "includeos_rng", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " ", " " - "loadlibrary", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X" - "memset_s", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " " - "mkgmtime", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X" - "posix_mlock", " ", "X", " ", " ", "X", "X", " ", " ", "X", " ", " ", " ", "X", " ", " ", "X", "X", "X", "X", " " - "query_perf_counter", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" - "readdir", " ", "X", " ", "X", " ", "X", " ", " ", " ", " ", "X", " ", "X", " ", " ", "X", "X", " ", " ", " " - "rtlsecurezeromemory", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" - "sockets", " ", " ", " ", "X", "X", "X", " ", " ", " ", " ", "X", " ", "X", " ", " ", " ", "X", " ", " ", " " - "stl_filesystem_msvc", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" - "threads", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X" - "timegm", " ", " ", "X", "X", " ", "X", " ", " ", " ", " ", "X", " ", "X", " ", " ", "X", "X", " ", " ", " " - "virtual_lock", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" - "win32_get_systemtime", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " " - "win32_virtual_lock", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " " + "arc4random", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " + "clock_gettime", "X", "X", " ", " ", "X", "X", " ", " ", " ", " ", " ", "X", " ", " ", " ", "X", "X", "X", " ", " ", " " + "cryptgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " + "crypto_ng", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" + "dlopen", "X", "X", " ", "X", "X", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", "X", "X", "X", " ", " ", " " + "explicit_bzero", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " + "filesystem", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", "X", "X", " ", "X", "X", "X", "X", "X", "X" + "getauxval", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " " + "gmtime_r", "X", "X", " ", "X", " ", "X", "X", " ", " ", " ", "X", "X", " ", " ", " ", "X", "X", "X", " ", " ", " " + "gmtime_s", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" + "loadlibrary", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", "X" + "posix_mlock", " ", "X", " ", " ", "X", "X", " ", " ", "X", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " + "query_perf_counter", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" + "readdir", "X", "X", "X", "X", "X", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", "X", "X", " ", "X", " ", " " + "rtlsecurezeromemory", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" + "sockets", "X", " ", " ", "X", "X", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", " ", "X", " ", " ", "X", "X" + "stl_filesystem_msvc", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " " + "threads", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", "X", "X", "X", "X", "X", "X", "X" + "virtual_lock", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " .. note:: This file is auto generated by ``src/scripts/update_docs.py``. Dont modify it manually. diff --git a/src/build-data/os/aix.txt b/src/build-data/os/aix.txt index e5a7bc742b..6a8a9e4d73 100644 --- a/src/build-data/os/aix.txt +++ b/src/build-data/os/aix.txt @@ -4,7 +4,6 @@ soname_suffix "so" clock_gettime -gettimeofday gmtime_r dlopen readdir diff --git a/src/build-data/os/android.txt b/src/build-data/os/android.txt index 07c980adf5..79031d4f7a 100644 --- a/src/build-data/os/android.txt +++ b/src/build-data/os/android.txt @@ -4,7 +4,6 @@ soname_suffix "so" clock_gettime -gettimeofday posix_mlock gmtime_r # getauxval is available in Android NDK for min API 18 and in Crystax NDK diff --git a/src/build-data/os/cygwin.txt b/src/build-data/os/cygwin.txt index 06f6d60f84..c5a7905958 100644 --- a/src/build-data/os/cygwin.txt +++ b/src/build-data/os/cygwin.txt @@ -11,7 +11,6 @@ install_root c:\Botan doc_dir docs -gettimeofday readdir threads filesystem diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index 6568a9783b..acc59f2c20 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -14,9 +14,7 @@ doc_dir doc arc4random dlopen filesystem -gettimeofday gmtime_r -memset_s readdir sockets threads diff --git a/src/build-data/os/dragonfly.txt b/src/build-data/os/dragonfly.txt index 1e567ffd21..9a5590d89c 100644 --- a/src/build-data/os/dragonfly.txt +++ b/src/build-data/os/dragonfly.txt @@ -4,7 +4,6 @@ soname_suffix "so" clock_gettime -gettimeofday posix_mlock sockets threads diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt index fb869dfd07..17cad3ac05 100644 --- a/src/build-data/os/freebsd.txt +++ b/src/build-data/os/freebsd.txt @@ -4,7 +4,6 @@ soname_suffix "so" clock_gettime -gettimeofday posix_mlock gmtime_r dlopen diff --git a/src/build-data/os/haiku.txt b/src/build-data/os/haiku.txt index 8b6f0641d8..c9033ff145 100644 --- a/src/build-data/os/haiku.txt +++ b/src/build-data/os/haiku.txt @@ -7,7 +7,6 @@ lib_dir system/lib doc_dir system/documentation -gettimeofday gmtime_r threads filesystem diff --git a/src/build-data/os/hpux.txt b/src/build-data/os/hpux.txt index f8c2d0d2ab..86a79e5ca1 100644 --- a/src/build-data/os/hpux.txt +++ b/src/build-data/os/hpux.txt @@ -4,7 +4,6 @@ os_type unix soname_suffix "so" -gettimeofday threads filesystem diff --git a/src/build-data/os/includeos.txt b/src/build-data/os/includeos.txt index 423575b4a3..dcac840519 100644 --- a/src/build-data/os/includeos.txt +++ b/src/build-data/os/includeos.txt @@ -3,5 +3,4 @@ os_type unikernel building_shared_supported no -includeos_rng diff --git a/src/build-data/os/ios.txt b/src/build-data/os/ios.txt index 96ac73721e..c0195fa9e1 100644 --- a/src/build-data/os/ios.txt +++ b/src/build-data/os/ios.txt @@ -10,9 +10,7 @@ doc_dir doc arc4random dlopen filesystem -gettimeofday gmtime_r -memset_s readdir sockets threads diff --git a/src/build-data/os/linux.txt b/src/build-data/os/linux.txt index 80ea3e63a5..99bcf21eb5 100644 --- a/src/build-data/os/linux.txt +++ b/src/build-data/os/linux.txt @@ -4,7 +4,6 @@ soname_suffix "so" clock_gettime -gettimeofday posix_mlock gmtime_r dlopen diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index 8d4e94249c..f1db8fb431 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -19,8 +19,7 @@ mingw32 cryptgenrandom loadlibrary -win32_virtual_lock -win32_get_systemtime +virtual_lock threads filesystem diff --git a/src/build-data/os/nacl.txt b/src/build-data/os/nacl.txt index c244136183..66ce8f34f5 100644 --- a/src/build-data/os/nacl.txt +++ b/src/build-data/os/nacl.txt @@ -2,6 +2,5 @@ building_shared_supported no -gettimeofday threads diff --git a/src/build-data/os/netbsd.txt b/src/build-data/os/netbsd.txt index 50d97fd8f1..21f388e290 100644 --- a/src/build-data/os/netbsd.txt +++ b/src/build-data/os/netbsd.txt @@ -4,7 +4,6 @@ soname_suffix "so" clock_gettime -gettimeofday posix_mlock gmtime_r dlopen diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt index b858d497ca..a5db3fd8ee 100644 --- a/src/build-data/os/openbsd.txt +++ b/src/build-data/os/openbsd.txt @@ -8,7 +8,6 @@ soname_pattern_patch "libbotan-{version_major}.so.{abi_rev}.{version_minor}" arc4random clock_gettime explicit_bzero -gettimeofday posix_mlock gmtime_r dlopen diff --git a/src/build-data/os/qnx.txt b/src/build-data/os/qnx.txt index 76a10f9517..65fd8acf0c 100644 --- a/src/build-data/os/qnx.txt +++ b/src/build-data/os/qnx.txt @@ -5,7 +5,6 @@ soname_suffix "so" clock_gettime -gettimeofday posix_mlock gmtime_r dlopen diff --git a/src/build-data/os/solaris.txt b/src/build-data/os/solaris.txt index 893b7b5686..7c89e4ad99 100644 --- a/src/build-data/os/solaris.txt +++ b/src/build-data/os/solaris.txt @@ -4,7 +4,6 @@ soname_suffix "so" posix_mlock -gettimeofday threads readdir filesystem From 5c7f3b45198655bd0fae435c428b1f9256610ac5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 14 Dec 2017 14:28:05 -0500 Subject: [PATCH 0356/1008] Default to not setting a timestamp in the gzip header But allow it to be set via a constructor arg. --- src/lib/compression/zlib/zlib.cpp | 7 +++---- src/lib/compression/zlib/zlib.h | 4 +++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/lib/compression/zlib/zlib.cpp b/src/lib/compression/zlib/zlib.cpp index 14bc12b27b..57494e2256 100644 --- a/src/lib/compression/zlib/zlib.cpp +++ b/src/lib/compression/zlib/zlib.cpp @@ -10,7 +10,6 @@ #include #include #include -#include #include namespace Botan { @@ -123,12 +122,12 @@ class Deflate_Decompression_Stream final : public Zlib_Decompression_Stream class Gzip_Compression_Stream final : public Zlib_Compression_Stream { public: - Gzip_Compression_Stream(size_t level, int wbits, uint8_t os_code) : + Gzip_Compression_Stream(size_t level, int wbits, uint8_t os_code, uint64_t hdr_time) : Zlib_Compression_Stream(level, wbits, 16) { clear_mem(&m_header, 1); m_header.os = os_code; - m_header.time = std::time(nullptr); + m_header.time = static_cast(hdr_time); int rc = deflateSetHeader(streamp(), &m_header); if(rc != Z_OK) @@ -169,7 +168,7 @@ Compression_Stream* Deflate_Decompression::make_stream() const Compression_Stream* Gzip_Compression::make_stream(size_t level) const { - return new Gzip_Compression_Stream(level, 15, m_os_code); + return new Gzip_Compression_Stream(level, 15, m_os_code, m_hdr_time); } Compression_Stream* Gzip_Decompression::make_stream() const diff --git a/src/lib/compression/zlib/zlib.h b/src/lib/compression/zlib/zlib.h index 2dd897981f..cc00603446 100644 --- a/src/lib/compression/zlib/zlib.h +++ b/src/lib/compression/zlib/zlib.h @@ -63,11 +63,13 @@ class BOTAN_PUBLIC_API(2,0) Deflate_Decompression final : public Stream_Decompre class BOTAN_PUBLIC_API(2,0) Gzip_Compression final : public Stream_Compression { public: - explicit Gzip_Compression(uint8_t os_code = 255) : m_os_code(os_code) {} + explicit Gzip_Compression(uint8_t os_code = 255, uint64_t hdr_time = 0) : + m_hdr_time(hdr_time), m_os_code(os_code) {} std::string name() const override { return "Gzip_Compression"; } private: Compression_Stream* make_stream(size_t level) const override; + const uint64_t m_hdr_time; const uint8_t m_os_code; }; From 1b6c50860a1cf7776de448f24814f01a700ef2e9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 14 Dec 2017 15:45:55 -0500 Subject: [PATCH 0357/1008] Add ability to fingerprint public keys --- src/cli/pubkey.cpp | 20 +++++++++ src/lib/pubkey/pk_keys.cpp | 49 ++++++++++++++-------- src/lib/pubkey/pk_keys.h | 25 ++++++++++- src/lib/x509/certstor_sql/certstor_sql.cpp | 6 +-- src/lib/x509/x509cert.cpp | 17 +------- 5 files changed, 79 insertions(+), 38 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index ef9585a196..a6f77fe0cc 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -27,6 +27,26 @@ namespace Botan_CLI { +class PK_Fingerprint final : public Command + { + public: + PK_Fingerprint() : Command("fingerprint --algo=SHA-256 *keys") {} + + void go() override + { + const std::string hash_algo = get_arg("algo"); + + for(std::string key_file : get_arg_list("keys")) + { + std::unique_ptr key(Botan::X509::load_key(key_file)); + + output() << key_file << ": " << key->fingerprint_public(hash_algo) << "\n"; + } + } + }; + +BOTAN_REGISTER_COMMAND("fingerprint", PK_Fingerprint); + class PK_Keygen final : public Command { public: diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index 52304eb03d..cdf8ae8ff9 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -14,6 +14,27 @@ namespace Botan { +std::string create_hex_fingerprint(const uint8_t bits[], + size_t bits_len, + const std::string& hash_name) + { + std::unique_ptr hash_fn(HashFunction::create_or_throw(hash_name)); + const std::string hex_hash = hex_encode(hash_fn->process(bits, bits_len)); + + std::string fprint; + + for(size_t i = 0; i != hex_hash.size(); i += 2) + { + if(i != 0) + fprint.push_back(':'); + + fprint.push_back(hex_hash[i]); + fprint.push_back(hex_hash[i+1]); + } + + return fprint; + } + std::vector Public_Key::subject_public_key() const { return DER_Encoder() @@ -52,27 +73,19 @@ secure_vector Private_Key::private_key_info() const } /* -* Hash of the PKCS #8 encoding for this key object +* Hash of the X.509 subjectPublicKey encoding */ -std::string Private_Key::fingerprint(const std::string& alg) const +std::string Public_Key::fingerprint_public(const std::string& hash_algo) const { - secure_vector buf = private_key_bits(); - std::unique_ptr hash(HashFunction::create(alg)); - hash->update(buf); - const auto hex_print = hex_encode(hash->final()); - - std::string formatted_print; - - for(size_t i = 0; i != hex_print.size(); i += 2) - { - formatted_print.push_back(hex_print[i]); - formatted_print.push_back(hex_print[i+1]); - - if(i != hex_print.size() - 2) - formatted_print.push_back(':'); - } + return create_hex_fingerprint(subject_public_key(), hash_algo); + } - return formatted_print; +/* +* Hash of the PKCS #8 encoding for this key object +*/ +std::string Private_Key::fingerprint_private(const std::string& hash_algo) const + { + return create_hex_fingerprint(private_key_bits(), hash_algo); } std::unique_ptr diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h index f513cea6c2..79254ea290 100644 --- a/src/lib/pubkey/pk_keys.h +++ b/src/lib/pubkey/pk_keys.h @@ -85,6 +85,11 @@ class BOTAN_PUBLIC_API(2,0) Public_Key */ std::vector subject_public_key() const; + /** + * @return Hash of the subject public key + */ + std::string fingerprint_public(const std::string& alg = "SHA-256") const; + // Internal or non-public declarations follow /** @@ -192,7 +197,13 @@ class BOTAN_PUBLIC_API(2,0) Private_Key : public virtual Public_Key /** * @return Hash of the PKCS #8 encoding for this key object */ - std::string fingerprint(const std::string& alg = "SHA") const; + std::string fingerprint_private(const std::string& alg) const; + + BOTAN_DEPRECATED("Use fingerprint_private or fingerprint_public") + inline std::string fingerprint(const std::string& alg) const + { + return fingerprint_private(alg); // match behavior in previous versions + } /** * This is an internal library function exposed on key types. @@ -289,6 +300,18 @@ typedef PK_Key_Agreement_Key PK_KA_Key; typedef Public_Key X509_PublicKey; typedef Private_Key PKCS8_PrivateKey; +std::string BOTAN_PUBLIC_API(2,4) + create_hex_fingerprint(const uint8_t bits[], size_t len, + const std::string& hash_name); + +template +std::string create_hex_fingerprint(const std::vector& vec, + const std::string& hash_name) + { + return create_hex_fingerprint(vec.data(), vec.size(), hash_name); + } + + } #endif diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp index 36acd6ce39..6acfed060c 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.cpp +++ b/src/lib/x509/certstor_sql/certstor_sql.cpp @@ -186,7 +186,7 @@ std::shared_ptr Certificate_Store_In_SQL::find_key(const X509 std::vector> Certificate_Store_In_SQL::find_certs_for_key(const Private_Key& key) const { - auto fpr = key.fingerprint("SHA-256"); + auto fpr = key.fingerprint_private("SHA-256"); auto stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE priv_fingerprint == ?1"); stmt->bind(1,fpr); @@ -209,7 +209,7 @@ bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Pr return false; auto pkcs8 = PKCS8::BER_encode(key, m_rng, m_password); - auto fpr = key.fingerprint("SHA-256"); + auto fpr = key.fingerprint_private("SHA-256"); auto stmt1 = m_database->new_statement( "INSERT OR REPLACE INTO " + m_prefix + "keys ( fingerprint, key ) VALUES ( ?1, ?2 )"); @@ -230,7 +230,7 @@ bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Pr void Certificate_Store_In_SQL::remove_key(const Private_Key& key) { - auto fpr = key.fingerprint("SHA-256"); + auto fpr = key.fingerprint_private("SHA-256"); auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "keys WHERE fingerprint == ?1"); stmt->bind(1,fpr); diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index acd6b33624..1370d52b00 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -662,22 +662,7 @@ std::vector X509_Certificate::policies() const std::string X509_Certificate::fingerprint(const std::string& hash_name) const { - std::unique_ptr hash(HashFunction::create_or_throw(hash_name)); - hash->update(this->BER_encode()); - const std::string hex_print = hex_encode(hash->final()); - - std::string formatted_print; - - for(size_t i = 0; i != hex_print.size(); i += 2) - { - formatted_print.push_back(hex_print[i]); - formatted_print.push_back(hex_print[i+1]); - - if(i != hex_print.size() - 2) - formatted_print.push_back(':'); - } - - return formatted_print; + return create_hex_fingerprint(this->BER_encode(), hash_name); } bool X509_Certificate::matches_dns_name(const std::string& name) const From d32ddca6d8858cc4974e0cc8ff8f35717c3e19ee Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 14 Dec 2017 17:57:03 -0500 Subject: [PATCH 0358/1008] Detect the compiler version using the preprocessor instead of command line Fixes #1314 --- configure.py | 134 ++++++------------ src/build-data/cc/msvc.txt | 2 + .../compiler_detection/msvc_version.c | 8 -- src/build-data/detect_version.cpp | 56 ++++++++ src/scripts/python_unittests.py | 133 ----------------- 5 files changed, 99 insertions(+), 234 deletions(-) delete mode 100644 src/build-data/compiler_detection/msvc_version.c create mode 100644 src/build-data/detect_version.cpp diff --git a/configure.py b/configure.py index 82f6faabfd..6bd27dbb06 100755 --- a/configure.py +++ b/configure.py @@ -1020,6 +1020,7 @@ def __init__(self, infofile): 'add_lib_dir_option': '-L', 'add_lib_option': '-l', 'add_framework_option': '-framework ', + 'preproc_flags': '-E', 'compile_flags': '-c', 'debug_info_flags': '-g', 'optimization_flags': '', @@ -1059,6 +1060,7 @@ def __init__(self, infofile): self.optimization_flags = lex.optimization_flags self.output_to_exe = lex.output_to_exe self.output_to_object = lex.output_to_object + self.preproc_flags = lex.preproc_flags self.sanitizer_flags = lex.sanitizer_flags self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags @@ -2485,82 +2487,6 @@ def generate(self): return (sorted(amalgamation_sources), sorted(amalgamation_headers)) -class CompilerDetector(object): - _msvc_version_source = os.path.join( - os.path.dirname(os.path.realpath(__file__)), "src", "build-data", "compiler_detection", "msvc_version.c") - _version_flags = { - 'msvc': ['/nologo', '/EP', _msvc_version_source], - 'gcc': ['-v'], - 'clang': ['-v'], - } - _version_patterns = { - 'msvc': r'^([0-9]{2})([0-9]{2})', - 'gcc': r'gcc version ([0-9]+)\.([0-9]+)\.[0-9]+', - 'clang': r'clang version ([0-9]+)\.([0-9])[ \.]', - } - - def __init__(self, cc_name, cc_bin, os_name): - self._cc_name = cc_name - self._cc_bin = cc_bin - self._os_name = os_name - - def get_version(self): - try: - cmd = self._cc_bin.split(' ') + CompilerDetector._version_flags[self._cc_name] - except KeyError: - logging.info("No compiler version detection available for %s" % (self._cc_name)) - return None - - try: - stdout, stderr = subprocess.Popen( - cmd, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - universal_newlines=True).communicate() - cc_output = stdout + "\n" + stderr - except OSError as e: - logging.warning('Could not execute %s for version check: %s' % (cmd, e)) - return None - - return self.version_from_compiler_output(cc_output) - - def version_from_compiler_output(self, cc_output): - cc_version = None - - match = re.search(CompilerDetector._version_patterns[self._cc_name], cc_output, flags=re.MULTILINE) - if match: - major = int(match.group(1)) - minor = int(match.group(2)) - cc_version = "%d.%d" % (major, minor) - - if cc_version is None and self._cc_name == 'clang' and self._os_name in ['darwin', 'ios']: - # For appleclang version >= X, return minimal clang version Y - appleclang_to_clang_version = { - 703: '3.8', - 800: '3.9', - # 802 has no support for clang 4.0 flags -Og and -MJ, 900 has. - 802: '3.9', - 900: '4.0', - } - - # All appleclang versions without "based on LLVM" note are at least clang 3.7 - # https://en.wikipedia.org/wiki/Xcode#Latest_versions - cc_version = '3.7' - match = re.search(r'Apple LLVM version [0-9\.]+ \(clang-([0-9]+)\.', cc_output) - if match: - user_appleclang = int(match.group(1)) - for appleclang, clang in sorted(appleclang_to_clang_version.items()): - if user_appleclang >= appleclang: - cc_version = clang - logging.info('Mapping Apple Clang version %s to LLVM version %s' % (user_appleclang, cc_version)) - - if not cc_version: - logging.warning("Tried to get %s version, but output '%s' does not match expected version format" % ( - self._cc_name, cc_output)) - - return cc_version - - def have_program(program): """ Test for the existence of a program @@ -2682,7 +2608,7 @@ def set_defaults_for_unset_options(options, info_arch, info_cc): # pylint: disab logging.info('Guessing target OS is %s (use --os to set)' % (options.os)) def deduce_compiler_type_from_cc_bin(cc_bin): - if cc_bin.find('clang') != -1: + if cc_bin.find('clang') != -1 or cc_bin in ['emcc', 'em++']: return 'clang' if cc_bin.find('-g++') != -1: return 'gcc' @@ -2851,21 +2777,43 @@ def prepare_configure_build(info_modules, source_paths, options, return using_mods, build_config, template_vars -def calculate_cc_min_version(options, cc, osinfo): - if options.cc_min_version: - return options.cc_min_version - else: - cc_version = CompilerDetector( - cc.basename, - options.compiler_binary or cc.binary_name, - osinfo.basename - ).get_version() - if cc_version: - logging.info('Auto-detected compiler version %s' % (cc_version)) - return cc_version - else: - logging.warning("Detecting compiler version failed. Use --cc-min-version to set") - return "0.0" +def calculate_cc_min_version(options, ccinfo, source_paths): + version_patterns = { + 'msvc': r'^MSVC ([0-9]{2})([0-9]{2})$', + 'gcc': r'^GCC ([0-9]+) ([0-9]+)$', + 'clang': r'^CLANG ([0-9]+) ([0-9])$', + } + + if ccinfo.basename not in version_patterns: + logging.info("No compiler version detection available for %s" % (ccinfo.basename)) + return "0.0" + + detect_version_source = os.path.join(source_paths.build_data_dir, "detect_version.cpp") + + cc_bin = options.compiler_binary or ccinfo.binary_name + + cmd = cc_bin.split(' ') + [ccinfo.preproc_flags, detect_version_source] + + try: + stdout, stderr = subprocess.Popen( + cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + universal_newlines=True).communicate() + cc_output = stdout + "\n" + stderr + except OSError as e: + logging.warning('Could not execute %s for version check: %s' % (cmd, e)) + return "0.0" + + match = re.search(version_patterns[ccinfo.basename], cc_output, flags=re.MULTILINE) + if match is None: + logging.warning("Tried to get %s version, but output '%s' does not match expected version format" % ( + ccinfo.basename, cc_output)) + return "0.0" + + cc_version = "%d.%d" % (int(match.group(1)), int(match.group(2))) + logging.info('Auto-detected compiler version %s' % (cc_version)) + return cc_version def main_action_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy): @@ -3007,7 +2955,7 @@ def main(argv): arch = info_arch[options.arch] osinfo = info_os[options.os] module_policy = info_module_policies[options.module_policy] if options.module_policy else None - cc_min_version = calculate_cc_min_version(options, cc, osinfo) + cc_min_version = options.cc_min_version or calculate_cc_min_version(options, cc, source_paths) logging.info('Target is %s:%s-%s-%s-%s' % ( options.compiler, cc_min_version, options.os, options.arch, options.cpu)) diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index b816d33f8f..66949970d2 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -21,6 +21,8 @@ size_optimization_flags "/O1 /Os" # for using a PDB file: debug_info_flags "/Zi /FS" +preproc_flags "/nologo /EP" + lang_flags "/EHs /GR" warning_flags "/W4 /wd4250 /wd4251 /wd4275" diff --git a/src/build-data/compiler_detection/msvc_version.c b/src/build-data/compiler_detection/msvc_version.c deleted file mode 100644 index 054f69d280..0000000000 --- a/src/build-data/compiler_detection/msvc_version.c +++ /dev/null @@ -1,8 +0,0 @@ -// _MSC_VER Defined as an integer literal that encodes the major and minor -// number elements of the compiler's version number. The major number is -// the first element of the period-delimited version number and the minor -// number is the second element. For example, if the version number of the -// Visual C++ compiler is 17.00.51106.1, the _MSC_VER macro evaluates to 1700. -// https://msdn.microsoft.com/en-us/library/b0084kay.aspx - -_MSC_VER diff --git a/src/build-data/detect_version.cpp b/src/build-data/detect_version.cpp new file mode 100644 index 0000000000..55e5db98d5 --- /dev/null +++ b/src/build-data/detect_version.cpp @@ -0,0 +1,56 @@ +/* +* This file is preprocessed to produce output that is examined by +* configure.py to determine the compilers version number. +*/ + +#if defined(_MSC_VER) + +// _MSC_VER Defined as an integer literal that encodes the major and minor +// number elements of the compiler's version number. The major number is +// the first element of the period-delimited version number and the minor +// number is the second element. For example, if the version number of the +// Visual C++ compiler is 17.00.51106.1, the _MSC_VER macro evaluates to 1700. +// https://msdn.microsoft.com/en-us/library/b0084kay.aspx + +MSVC _MSC_VER + +#elif defined(__clang__) + +#if defined(__apple_build_version__) + +/* +Map Apple XCode versions back to standard Clang + +This is not a complete map, since we don't support any versions of +Clang before 3.5 in any case, and it arbitrarily maps any version with +XCode >= 9 to Clang 4.0. This is fine because we don't currently need +any features not available in Clang 4.0 +*/ + +#if __clang_major__ >= 9 +CLANG 4 0 +#elif __clang__major__ == 8 +CLANG 3 9 +#elif __clang__major__ == 7 && __clang__minor__ == 3 +CLANG 3 8 +#elif __clang__major__ == 7 +CLANG 3 7 +#else +CLANG 3 5 +#endif + +#else + +CLANG __clang_major__ __clang_minor__ + +#endif + +#elif defined(__GNUG__) + +GCC __GNUC__ __GNUC_MINOR__ + +#else + +UNKNOWN 0 0 + +#endif diff --git a/src/scripts/python_unittests.py b/src/scripts/python_unittests.py index 337f5369e1..a6a22f3f0b 100755 --- a/src/scripts/python_unittests.py +++ b/src/scripts/python_unittests.py @@ -15,7 +15,6 @@ sys.path.append("../..") # Botan repo root from configure import AmalgamationHelper # pylint: disable=wrong-import-position -from configure import CompilerDetector # pylint: disable=wrong-import-position from configure import ModulesChooser # pylint: disable=wrong-import-position class AmalgamationHelperTests(unittest.TestCase): @@ -62,138 +61,6 @@ def test_matcher_any_includes(self): self.assertEqual(AmalgamationHelper.is_any_include("#include // comment"), "botan/oids.h") -class CompilerDetection(unittest.TestCase): - - def test_gcc_invalid(self): - detector = CompilerDetector("gcc", "g++", "linux") - - compiler_out = "" - self.assertEqual(detector.version_from_compiler_output(compiler_out), None) - compiler_out = "gcc version 20170406 (Ubuntu 6.3.0-12ubuntu2)" - self.assertEqual(detector.version_from_compiler_output(compiler_out), None) - - def test_clang_invalid(self): - detector = CompilerDetector("clang", "clang++", "linux") - - compiler_out = "" - self.assertEqual(detector.version_from_compiler_output(compiler_out), None) - compiler_out = "clang version 20170406." - self.assertEqual(detector.version_from_compiler_output(compiler_out), None) - - def test_msvc_invalid(self): - detector = CompilerDetector("msvc", "cl.exe", "windows") - - compiler_out = "" - self.assertEqual(detector.version_from_compiler_output(compiler_out), None) - compiler_out = "Microsoft (R) C/C++ Optimizing Compiler Version 19.00.24213.1 for x86" - self.assertEqual(detector.version_from_compiler_output(compiler_out), None) - - def test_gcc_version(self): - detector = CompilerDetector("gcc", "g++", "linux") - compiler_out = """Using built-in specs. -COLLECT_GCC=/usr/bin/gcc -COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper -Target: x86_64-linux-gnu -Configured with: ../src/configure -v --with-pkgversion='Ubuntu 6.3.0-12ubuntu2' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-6 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu -Thread model: posix -gcc version 6.3.0 20170406 (Ubuntu 6.3.0-12ubuntu2)""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "6.3") - - def test_clang_version(self): - detector = CompilerDetector("clang", "clang++", "linux") - compiler_out = """clang version 4.0.0-1ubuntu1 (tags/RELEASE_400/rc1) -Target: x86_64-pc-linux-gnu -Thread model: posix -InstalledDir: /usr/bin -Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/6 -Found candidate GCC installation: /usr/bin/../lib/gcc/i686-linux-gnu/6.3.0 -Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9 -Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9.4 -Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5 -Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.1 -Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6 -Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.3.0 -Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/6 -Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/6.3.0 -Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9 -Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.4 -Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5 -Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.4.1 -Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6 -Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.3.0 -Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.3.0 -Candidate multilib: .;@m64 -Selected multilib: .;@m64""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "4.0") - - def test_clang_version_two_digit(self): - # Output from Crystax NDK. Note: there is a trailing whitespace behind the version - # number for whatever reason. But let's keep the original output unchanged. - # pylint: disable=trailing-whitespace - detector = CompilerDetector("clang", "clang++", "android") - compiler_out = """clang version 3.7 -Target: i686-none-linux-android -Thread model: posix -Found candidate GCC installation: /foo/crystax-toolchains/x86/bin/../lib/gcc/i686-linux-android/4.9 -Selected GCC installation: /foo/crystax-toolchains/x86/bin/../lib/gcc/i686-linux-android/4.9 -Candidate multilib: .;@m32 -Selected multilib: .;@m32""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "3.7") - - def test_clang_version_appleclang(self): - detector = CompilerDetector("clang", "clang++", "darwin") - compiler_out = """Apple LLVM version 8.1.0 (clang-802.0.42) -Target: x86_64-apple-darwin16.7.0 -Thread model: posix -InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "3.9") - - compiler_out = """Apple LLVM version 9.0.0 (clang-900.0.35) -Target: x86_64-apple-darwin16.7.0 -Thread model: posix -InstalledDir: /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "4.0") - - def test_clang_version_appleclang_intermediate(self): - # fake versions in between the knwon ones - # clang-700.0.0 is lower than all known versions - # clang-802.1.0 is a minor update of known clang-802 - # clang-1111.9.99 is a random future value - detector = CompilerDetector("clang", "clang++", "darwin") - - compiler_out = """Apple LLVM version 7.0.0 (clang-700.0.0) -Target: x86_64-apple-darwin16.7.0 -Thread model: posix -InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "3.7") - - compiler_out = """Apple LLVM version 8.1.1 (clang-802.1.0) -Target: x86_64-apple-darwin16.7.0 -Thread model: posix -InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "3.9") - - compiler_out = """Apple LLVM version 11.11.0 (clang-1111.9.99) -Target: x86_64-apple-darwin16.7.0 -Thread model: posix -InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "4.0") - - def test_msvc_version(self): - detector = CompilerDetector("msvc", "cl.exe", "windows") - compiler_out = """msvc_version.c - -1900 -""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "19.0") - - compiler_out = """msvc_version.c - -1910 -""" - self.assertEqual(detector.version_from_compiler_output(compiler_out), "19.10") - - class ModulesChooserResolveDependencies(unittest.TestCase): def test_base(self): available_modules = set(["A", "B"]) From 1240e6d5df6f98c583099b3c984885ace89781a0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 14 Dec 2017 18:52:03 -0500 Subject: [PATCH 0359/1008] Address review comments: indent code and fix clang regex --- configure.py | 6 +-- src/build-data/detect_version.cpp | 74 +++++++++++++++---------------- 2 files changed, 39 insertions(+), 41 deletions(-) diff --git a/configure.py b/configure.py index 6bd27dbb06..5cbfab3295 100755 --- a/configure.py +++ b/configure.py @@ -2779,9 +2779,9 @@ def prepare_configure_build(info_modules, source_paths, options, def calculate_cc_min_version(options, ccinfo, source_paths): version_patterns = { - 'msvc': r'^MSVC ([0-9]{2})([0-9]{2})$', - 'gcc': r'^GCC ([0-9]+) ([0-9]+)$', - 'clang': r'^CLANG ([0-9]+) ([0-9])$', + 'msvc': r'^ *MSVC ([0-9]{2})([0-9]{2})$', + 'gcc': r'^ *GCC ([0-9]+) ([0-9]+)$', + 'clang': r'^ *CLANG ([0-9]+) ([0-9]+)$', } if ccinfo.basename not in version_patterns: diff --git a/src/build-data/detect_version.cpp b/src/build-data/detect_version.cpp index 55e5db98d5..65fe08a8b8 100644 --- a/src/build-data/detect_version.cpp +++ b/src/build-data/detect_version.cpp @@ -5,52 +5,50 @@ #if defined(_MSC_VER) -// _MSC_VER Defined as an integer literal that encodes the major and minor -// number elements of the compiler's version number. The major number is -// the first element of the period-delimited version number and the minor -// number is the second element. For example, if the version number of the -// Visual C++ compiler is 17.00.51106.1, the _MSC_VER macro evaluates to 1700. -// https://msdn.microsoft.com/en-us/library/b0084kay.aspx - -MSVC _MSC_VER + /* + _MSC_VER Defined as an integer literal that encodes the major and + minor number elements of the compiler's version number. The major + number is the first element of the period-delimited version number + and the minor number is the second element. For example, if the + version number of the Visual C++ compiler is 17.00.51106.1, the + _MSC_VER macro evaluates to 1700. + https://msdn.microsoft.com/en-us/library/b0084kay.aspx + */ + MSVC _MSC_VER + +#elif defined(__clang__) && defined(__apple_build_version__) + + /* + Map Apple XCode versions back to standard Clang + + This is not a complete map, since we don't support any versions of + Clang before 3.5 in any case, and it arbitrarily maps any version with + XCode >= 9 to Clang 4.0. This is fine because we don't currently need + any features not available in Clang 4.0 + */ + + #if __clang_major__ >= 9 + CLANG 4 0 + #elif __clang__major__ == 8 + CLANG 3 9 + #elif __clang__major__ == 7 && __clang__minor__ == 3 + CLANG 3 8 + #elif __clang__major__ == 7 + CLANG 3 7 + #else + CLANG 3 5 + #endif #elif defined(__clang__) -#if defined(__apple_build_version__) - -/* -Map Apple XCode versions back to standard Clang - -This is not a complete map, since we don't support any versions of -Clang before 3.5 in any case, and it arbitrarily maps any version with -XCode >= 9 to Clang 4.0. This is fine because we don't currently need -any features not available in Clang 4.0 -*/ - -#if __clang_major__ >= 9 -CLANG 4 0 -#elif __clang__major__ == 8 -CLANG 3 9 -#elif __clang__major__ == 7 && __clang__minor__ == 3 -CLANG 3 8 -#elif __clang__major__ == 7 -CLANG 3 7 -#else -CLANG 3 5 -#endif - -#else - -CLANG __clang_major__ __clang_minor__ - -#endif + CLANG __clang_major__ __clang_minor__ #elif defined(__GNUG__) -GCC __GNUC__ __GNUC_MINOR__ + GCC __GNUC__ __GNUC_MINOR__ #else -UNKNOWN 0 0 + UNKNOWN 0 0 #endif From 7b2f3cd974090efd07650753827bb4a7b6c4053b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 14 Dec 2017 21:44:34 -0500 Subject: [PATCH 0360/1008] Fix clang macros --- src/build-data/detect_version.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/build-data/detect_version.cpp b/src/build-data/detect_version.cpp index 65fe08a8b8..709e06c456 100644 --- a/src/build-data/detect_version.cpp +++ b/src/build-data/detect_version.cpp @@ -29,11 +29,11 @@ #if __clang_major__ >= 9 CLANG 4 0 - #elif __clang__major__ == 8 + #elif __clang_major__ == 8 CLANG 3 9 - #elif __clang__major__ == 7 && __clang__minor__ == 3 + #elif __clang_major__ == 7 && __clang_minor__ == 3 CLANG 3 8 - #elif __clang__major__ == 7 + #elif __clang_major__ == 7 CLANG 3 7 #else CLANG 3 5 From 5b6efbc5b037b160f8020a4cb3bef906310c8615 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 15 Dec 2017 10:12:34 -0500 Subject: [PATCH 0361/1008] Update comment [ci skip] --- src/build-data/detect_version.cpp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/build-data/detect_version.cpp b/src/build-data/detect_version.cpp index 709e06c456..42c4a2605c 100644 --- a/src/build-data/detect_version.cpp +++ b/src/build-data/detect_version.cpp @@ -19,12 +19,14 @@ #elif defined(__clang__) && defined(__apple_build_version__) /* - Map Apple XCode versions back to standard Clang - - This is not a complete map, since we don't support any versions of - Clang before 3.5 in any case, and it arbitrarily maps any version with - XCode >= 9 to Clang 4.0. This is fine because we don't currently need - any features not available in Clang 4.0 + Map Apple LLVM versions as used in XCode back to standard Clang. + This is not exact since the versions used in XCode are actually + forks of Clang and do not coorespond perfectly to standard Clang + releases. In addition we don't bother mapping very old versions + (anything before XCode 7 is treated like Clang 3.5, which is the + oldest version we support) and for "future" versions we simply + treat them as Clang 4.0, since we don't currenly rely on any + features not included in 4.0 */ #if __clang_major__ >= 9 From 59c24b0ed65e1fdc6f64ae07d44fb08e9059266c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 10:52:08 -0500 Subject: [PATCH 0362/1008] Fix a bug in PEM decoding If the label param was set to a non-empty string, the decoding would treat it as part of the label and then end up throwing a decoding error. The key fix here is adding the clear() call in decode. Private bug report by email. Add some basic tests for the PEM decoder. --- src/lib/pubkey/pem/pem.cpp | 6 ++-- src/lib/pubkey/pem/pem.h | 46 +++++++++++------------------- src/tests/test_pem.cpp | 58 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 31 deletions(-) create mode 100644 src/tests/test_pem.cpp diff --git a/src/lib/pubkey/pem/pem.cpp b/src/lib/pubkey/pem/pem.cpp index 1303e4ac26..d2433860dd 100644 --- a/src/lib/pubkey/pem/pem.cpp +++ b/src/lib/pubkey/pem/pem.cpp @@ -52,7 +52,7 @@ std::string encode(const uint8_t der[], size_t length, const std::string& label, * Decode PEM down to raw BER/DER */ secure_vector decode_check_label(DataSource& source, - const std::string& label_want) + const std::string& label_want) { std::string label_got; secure_vector ber = decode(source, label_got); @@ -69,6 +69,8 @@ secure_vector decode(DataSource& source, std::string& label) { const size_t RANDOM_CHAR_LIMIT = 8; + label.clear(); + const std::string PEM_HEADER1 = "-----BEGIN "; const std::string PEM_HEADER2 = "-----"; size_t position = 0; @@ -122,7 +124,7 @@ secure_vector decode(DataSource& source, std::string& label) } secure_vector decode_check_label(const std::string& pem, - const std::string& label_want) + const std::string& label_want) { DataSource_Memory src(pem); return decode_check_label(src, label_want); diff --git a/src/lib/pubkey/pem/pem.h b/src/lib/pubkey/pem/pem.h index b2b27282d7..c02294dce5 100644 --- a/src/lib/pubkey/pem/pem.h +++ b/src/lib/pubkey/pem/pem.h @@ -25,9 +25,9 @@ namespace PEM_Code { * @param line_width after this many characters, a new line is inserted */ BOTAN_PUBLIC_API(2,0) std::string encode(const uint8_t data[], - size_t data_len, - const std::string& label, - size_t line_width = 64); + size_t data_len, + const std::string& label, + size_t line_width = 64); /** * Encode some binary data in PEM format @@ -35,22 +35,10 @@ BOTAN_PUBLIC_API(2,0) std::string encode(const uint8_t data[], * @param label PEM label * @param line_width after this many characters, a new line is inserted */ -inline std::string encode(const std::vector& data, - const std::string& label, - size_t line_width = 64) - { - return encode(data.data(), data.size(), label, line_width); - } - -/** -* Encode some binary data in PEM format -* @param data binary data to encode -* @param label PEM label put after BEGIN and END -* @param line_width after this many characters, a new line is inserted -*/ -inline std::string encode(const secure_vector& data, - const std::string& label, - size_t line_width = 64) +template +std::string encode(const std::vector& data, + const std::string& label, + size_t line_width = 64) { return encode(data.data(), data.size(), label, line_width); } @@ -61,7 +49,7 @@ inline std::string encode(const secure_vector& data, * @param label is set to the PEM label found for later inspection */ BOTAN_PUBLIC_API(2,0) secure_vector decode(DataSource& pem, - std::string& label); + std::string& label); /** * Decode PEM data @@ -69,32 +57,32 @@ BOTAN_PUBLIC_API(2,0) secure_vector decode(DataSource& pem, * @param label is set to the PEM label found for later inspection */ BOTAN_PUBLIC_API(2,0) secure_vector decode(const std::string& pem, - std::string& label); + std::string& label); /** * Decode PEM data * @param pem a datasource containing PEM encoded data * @param label is what we expect the label to be */ -BOTAN_PUBLIC_API(2,0) secure_vector decode_check_label( - DataSource& pem, - const std::string& label); +BOTAN_PUBLIC_API(2,0) +secure_vector decode_check_label(DataSource& pem, + const std::string& label); /** * Decode PEM data * @param pem a string containing PEM encoded data * @param label is what we expect the label to be */ -BOTAN_PUBLIC_API(2,0) secure_vector decode_check_label( - const std::string& pem, - const std::string& label); +BOTAN_PUBLIC_API(2,0) +secure_vector decode_check_label(const std::string& pem, + const std::string& label); /** * Heuristic test for PEM data. */ BOTAN_PUBLIC_API(2,0) bool matches(DataSource& source, - const std::string& extra = "", - size_t search_range = 4096); + const std::string& extra = "", + size_t search_range = 4096); } diff --git a/src/tests/test_pem.cpp b/src/tests/test_pem.cpp new file mode 100644 index 0000000000..bf5913cedf --- /dev/null +++ b/src/tests/test_pem.cpp @@ -0,0 +1,58 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_PEM_CODEC) + +#include + +namespace Botan_Tests { + +class PEM_Tests : public Test + { + public: + std::vector run() override + { + Test::Result result("PEM encoding"); + + std::vector vec(5); + for(size_t i = 0; i != vec.size(); ++i) + vec[i] = i; + + const std::string pem1 = Botan::PEM_Code::encode(vec, "BUNNY", 3); + + result.test_eq("PEM encoding", pem1, "-----BEGIN BUNNY-----\nAAE\nCAw\nQ=\n-----END BUNNY-----\n"); + + std::string label1 = "this is overwritten"; + const Botan::secure_vector decoded1 = Botan::PEM_Code::decode(pem1, label1); + + result.test_eq("PEM decoding label", label1, "BUNNY"); + + result.test_throws("PEM decoding unexpected label", + "Invalid argument Decoding error: PEM: Label mismatch, wanted FLOOFY, got BUNNY", + [pem1]() { Botan::PEM_Code::decode_check_label(pem1, "FLOOFY"); }); + + const std::string malformed_pem1 = "---BEGIN BUNNY-----\n-----END BUNNY-----"; + result.test_throws("PEM decoding bad init label", + "Invalid argument Decoding error: PEM: No PEM header found", + [malformed_pem1]() { Botan::PEM_Code::decode_check_label(malformed_pem1, "BUNNY"); }); + + const std::string malformed_pem2 = "-----BEGIN BUNNY-----\n-----END FLOOFY-----"; + result.test_throws("PEM decoding bad init label", + "Invalid argument Decoding error: PEM: Malformed PEM trailer", + [malformed_pem2]() { Botan::PEM_Code::decode_check_label(malformed_pem2, "BUNNY"); }); + + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("pem", PEM_Tests); + +} + +#endif From b6fa65d38fa9b8a95d8028e0ec811b44808e11a8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 10:59:51 -0500 Subject: [PATCH 0363/1008] Avoid using @deprecated annotation here Clang's documentation checker complains since it's not actually annotated as deprecated. Change comment to just indicate that it is not a public API function and will be removed in the future. --- src/lib/pubkey/xmss/xmss_tools.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index 6e45e882d0..e9f877eaed 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -60,7 +60,9 @@ class XMSS_Tools final static void concat(secure_vector& target, const T& src, size_t len); /** - * @deprecated Determines the maximum number of threads to be used + * Not a public API function - will be removed in a future release. + * + * Determines the maximum number of threads to be used * efficiently, based on runtime timining measurements. Ideally the * result will correspond to the physical number of cores. On systems * supporting simultaneous multi threading (SMT) @@ -83,7 +85,7 @@ class XMSS_Tools final private: XMSS_Tools(); /** - * @deprecated Measures the time t1 it takes to calculate hashes using + * Measures the time t1 it takes to calculate hashes using * std::thread::hardware_concurrency() many threads and the time t2 * calculating the same number of hashes using * std::thread::hardware_concurrency() / 2 threads. From d420b61ec604e5117a126ea1a6c6c9f6777fd0da Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 11:02:59 -0500 Subject: [PATCH 0364/1008] Clean up XMSS self-benchmark Clang complained that the lambda was capturing unnecessary variables. --- src/lib/pubkey/xmss/xmss_tools.cpp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/xmss/xmss_tools.cpp b/src/lib/pubkey/xmss/xmss_tools.cpp index 7a34dc0a9d..9b71ab36cd 100644 --- a/src/lib/pubkey/xmss/xmss_tools.cpp +++ b/src/lib/pubkey/xmss/xmss_tools.cpp @@ -44,13 +44,11 @@ size_t XMSS_Tools::bench_threads() { auto& hs = hash[i]; auto& d = data[i]; - threads.emplace_back( - std::thread([&BENCH_ITERATIONS, &i, &cc, &hs, &d]() + + const size_t n_iters = BENCH_ITERATIONS * (std::thread::hardware_concurrency() / cc); + threads.emplace_back(std::thread([n_iters, &hs, &d]() { - for(size_t n = 0; - n < BENCH_ITERATIONS * (std::thread::hardware_concurrency() / - cc); - n++) + for(size_t n = 0; n < n_iters; n++) { hs.h(d, d, d); } From f8982aba6b1018e6ecdfb05af0780e59a3d2e31c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 11:09:19 -0500 Subject: [PATCH 0365/1008] Mention enabling features in the distributor notes --- doc/manual/packaging.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/manual/packaging.rst b/doc/manual/packaging.rst index 2e54e9717d..b077734f2a 100644 --- a/doc/manual/packaging.rst +++ b/doc/manual/packaging.rst @@ -1,10 +1,17 @@ -Info for Packagers +Notes for Distributors ======================== This document has information for anyone who is packaging copies of Botan for use by downstream developers, such as through a Linux distribution or other package management system. +Recommended Options +------------------------ + +In most environments, zlib, bzip2, and sqlite are already installed, so there is +no reason to not include support for them in Botan as well. Build with options +``--with-zlib --with-bzip2 --with-sqlite3`` to enable these features. + Set Distribution Info ------------------------ From 071e87484212239e5d607e681e2e96799043056f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 06:35:20 -0500 Subject: [PATCH 0366/1008] Latest pylint doesn't like these asserts --- src/python/botan2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/python/botan2.py b/src/python/botan2.py index a489a4b34c..700719496f 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -78,14 +78,14 @@ def _ctype_bits(s): if isinstance(s, str): return s else: - assert False + raise Exception("Internal error - unexpected type provided to _ctype_bits") else: if isinstance(s, bytes): return s elif isinstance(s, str): return s.encode('utf-8') else: - assert False + raise Exception("Internal error - unexpected type provided to _ctype_bits") def _ctype_bufout(buf): if sys.version_info[0] < 3: From 54cfe3d223e1a364e7355e7929a3303d49e6b34d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 07:08:20 -0500 Subject: [PATCH 0367/1008] More fixes with recent pylint --- src/scripts/ci_build.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index fdd71171f8..011e9b3fc6 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -285,6 +285,7 @@ def have_prog(prog): exe_file = os.path.join(path, prog) if os.path.exists(exe_file) and os.access(exe_file, os.X_OK): return True + return False def main(args=None): # pylint: disable=too-many-branches,too-many-statements,too-many-locals,too-many-return-statements @@ -343,7 +344,7 @@ def main(args=None): root_dir = options.root_dir if os.access(root_dir, os.R_OK) != True: - raise Exception('Bad root dir setting, dir %s not readable', root_dir) + raise Exception('Bad root dir setting, dir %s not readable' % (root_dir)) cmds = [] From 77d9913a97eef6efa5eb62e49269999d83a783fc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 08:14:18 -0500 Subject: [PATCH 0368/1008] Pylint --- src/scripts/build_docs.py | 1 + src/scripts/cleanup.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index ca055ac05a..1787016e0b 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -175,6 +175,7 @@ def main(args=None): touch(cmd[1]) else: run_and_check(cmd) + return 0 if __name__ == '__main__': sys.exit(main()) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 39a505852e..8c72d3eb14 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -128,5 +128,7 @@ def main(args=None): for f in build_config['generated_files'].split(' '): remove_file(f) + return 0 + if __name__ == '__main__': sys.exit(main()) From d358e9e12190c08c946c0f87dbedc55229ce11a6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 08:34:54 -0500 Subject: [PATCH 0369/1008] Fix MSVC version detection It has two flags for the preprocessor, and we were passing them as a single argument which made cl mad. --- configure.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 5cbfab3295..4bdddd6fd0 100755 --- a/configure.py +++ b/configure.py @@ -2792,9 +2792,10 @@ def calculate_cc_min_version(options, ccinfo, source_paths): cc_bin = options.compiler_binary or ccinfo.binary_name - cmd = cc_bin.split(' ') + [ccinfo.preproc_flags, detect_version_source] + cmd = cc_bin.split(' ') + ccinfo.preproc_flags.split(' ') + [detect_version_source] try: + logging.debug("Running '%s'", ' '.join(cmd)) stdout, stderr = subprocess.Popen( cmd, stdout=subprocess.PIPE, From 42ce76c89ce7858bb132a414284a27e6362f9558 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 13:00:09 -0500 Subject: [PATCH 0370/1008] Add timeouts to Asio sockets --- src/lib/utils/http_util/http_util.cpp | 2 +- src/lib/utils/http_util/http_util.h | 26 ++--- src/lib/utils/http_util/info.txt | 12 +-- src/lib/utils/socket/info.txt | 13 +++ .../utils/{http_util => socket}/socket.cpp | 98 ++++++++++++++++--- src/lib/utils/{http_util => socket}/socket.h | 5 +- 6 files changed, 117 insertions(+), 39 deletions(-) create mode 100644 src/lib/utils/socket/info.txt rename src/lib/utils/{http_util => socket}/socket.cpp (70%) rename src/lib/utils/{http_util => socket}/socket.h (90%) diff --git a/src/lib/utils/http_util/http_util.cpp b/src/lib/utils/http_util/http_util.cpp index 8dcd8d55a5..55dbd4df6b 100644 --- a/src/lib/utils/http_util/http_util.cpp +++ b/src/lib/utils/http_util/http_util.cpp @@ -31,7 +31,7 @@ std::string http_transact(const std::string& hostname, try { - socket = OS::open_socket(hostname, "http"); + socket = OS::open_socket(hostname, "http", std::chrono::milliseconds(2500)); if(!socket) throw Exception("No socket support enabled in build"); } diff --git a/src/lib/utils/http_util/http_util.h b/src/lib/utils/http_util/http_util.h index ea6122c07e..14f1688869 100644 --- a/src/lib/utils/http_util/http_util.h +++ b/src/lib/utils/http_util/http_util.h @@ -69,25 +69,25 @@ BOTAN_PUBLIC_API(2,0) std::ostream& operator<<(std::ostream& o, const Response& typedef std::function http_exch_fn; BOTAN_PUBLIC_API(2,0) Response http_sync(http_exch_fn fn, - const std::string& verb, - const std::string& url, - const std::string& content_type, - const std::vector& body, - size_t allowable_redirects); + const std::string& verb, + const std::string& url, + const std::string& content_type, + const std::vector& body, + size_t allowable_redirects); BOTAN_PUBLIC_API(2,0) Response http_sync(const std::string& verb, - const std::string& url, - const std::string& content_type, - const std::vector& body, - size_t allowable_redirects); + const std::string& url, + const std::string& content_type, + const std::vector& body, + size_t allowable_redirects); BOTAN_PUBLIC_API(2,0) Response GET_sync(const std::string& url, - size_t allowable_redirects = 1); + size_t allowable_redirects = 1); BOTAN_PUBLIC_API(2,0) Response POST_sync(const std::string& url, - const std::string& content_type, - const std::vector& body, - size_t allowable_redirects = 1); + const std::string& content_type, + const std::vector& body, + size_t allowable_redirects = 1); BOTAN_PUBLIC_API(2,0) std::string url_encode(const std::string& url); diff --git a/src/lib/utils/http_util/info.txt b/src/lib/utils/http_util/info.txt index a6cbd902f7..a3ebc249e2 100644 --- a/src/lib/utils/http_util/info.txt +++ b/src/lib/utils/http_util/info.txt @@ -6,12 +6,6 @@ HTTP_UTIL -> 20171003 http_util.h - -socket.h - - - -linux -> rt -mingw -> ws2_32 -windows -> ws2_32.lib - + +socket + diff --git a/src/lib/utils/socket/info.txt b/src/lib/utils/socket/info.txt new file mode 100644 index 0000000000..ef0d939ea8 --- /dev/null +++ b/src/lib/utils/socket/info.txt @@ -0,0 +1,13 @@ + +SOCKETS -> 20171216 + + + +socket.h + + + +linux -> rt +mingw -> ws2_32 +windows -> ws2_32.lib + diff --git a/src/lib/utils/http_util/socket.cpp b/src/lib/utils/socket/socket.cpp similarity index 70% rename from src/lib/utils/http_util/socket.cpp rename to src/lib/utils/socket/socket.cpp index a2b9d55679..e1f54a2381 100644 --- a/src/lib/utils/http_util/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -1,5 +1,4 @@ /* -* OS and machine specific utility functions * (C) 2015,2016,2017 Jack Lloyd * (C) 2016 Daniel Neus * @@ -19,6 +18,7 @@ */ #define BOOST_ASIO_DISABLE_SERIAL_PORT #include + #include #elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) #include @@ -44,36 +44,93 @@ namespace { class Asio_Socket final : public OS::Socket { public: - Asio_Socket(const std::string& hostname, const std::string& service) : - m_tcp(m_io) + Asio_Socket(const std::string& hostname, + const std::string& service, + std::chrono::milliseconds timeout) : + m_timeout(timeout), m_timer(m_io), m_tcp(m_io) { + m_timer.expires_from_now(m_timeout); + check_timeout(); + boost::asio::ip::tcp::resolver resolver(m_io); boost::asio::ip::tcp::resolver::query query(hostname, service); - boost::asio::connect(m_tcp, resolver.resolve(query)); + boost::asio::ip::tcp::resolver::iterator dns_iter = resolver.resolve(query); + + boost::system::error_code ec = boost::asio::error::would_block; + + auto connect_cb = [&ec](const boost::system::error_code& e, + boost::asio::ip::tcp::resolver::iterator) { ec = e; }; + + boost::asio::async_connect(m_tcp, dns_iter, connect_cb); + + while(ec == boost::asio::error::would_block) + { + m_io.run_one(); + } + + if(ec) + throw boost::system::system_error(ec); + if(ec || m_tcp.is_open() == false) + throw Exception("Connection to host " + hostname + " failed"); } void write(const uint8_t buf[], size_t len) override { - boost::asio::write(m_tcp, boost::asio::buffer(buf, len)); + m_timer.expires_from_now(m_timeout); + + boost::system::error_code ec = boost::asio::error::would_block; + + boost::asio::async_write(m_tcp, boost::asio::buffer(buf, len), + [&ec](boost::system::error_code e, size_t got) { printf("wrote %d\n", got); ec = e; }); + + while(ec == boost::asio::error::would_block) { m_io.run_one(); } + + if(ec) + { + throw boost::system::system_error(ec); + } } size_t read(uint8_t buf[], size_t len) override { - boost::system::error_code error; - size_t got = m_tcp.read_some(boost::asio::buffer(buf, len), error); + m_timer.expires_from_now(m_timeout); - if(error) + boost::system::error_code ec = boost::asio::error::would_block; + size_t got = 0; + + auto read_cb = [&](const boost::system::error_code cb_ec, size_t cb_got) { + ec = cb_ec; got = cb_got; + }; + + m_tcp.async_read_some(boost::asio::buffer(buf, len), read_cb); + + while(ec == boost::asio::error::would_block) { m_io.run_one(); } + + if(ec) { - if(error == boost::asio::error::eof) + if(ec == boost::asio::error::eof) return 0; - throw boost::system::system_error(error); // Some other error. + throw boost::system::system_error(ec); // Some other error. } return got; } private: + void check_timeout() + { + if(m_tcp.is_open() && m_timer.expires_at() < std::chrono::system_clock::now()) + { + boost::system::error_code err; + m_tcp.close(err); + } + + m_timer.async_wait(std::bind(&Asio_Socket::check_timeout, this)); + } + + const std::chrono::milliseconds m_timeout; boost::asio::io_service m_io; + boost::asio::system_timer m_timer; boost::asio::ip::tcp::socket m_tcp; }; @@ -180,7 +237,9 @@ class Winsock_Socket final : public OS::Socket class BSD_Socket final : public OS::Socket { public: - BSD_Socket(const std::string& hostname, const std::string& service) + BSD_Socket(const std::string& hostname, + const std::string& service, + std::chrono::microseconds timeout) : m_timeout(timeout) { addrinfo hints; ::memset(&hints, 0, sizeof(addrinfo)); @@ -228,6 +287,7 @@ class BSD_Socket final : public OS::Socket m_fd = -1; } + void write(const uint8_t buf[], size_t len) override { size_t sent_so_far = 0; @@ -254,6 +314,15 @@ class BSD_Socket final : public OS::Socket } private: + struct timeval make_timeout_tv() const + { + struct timeval tv; + tv.tv_sec = m_timeout.count() / 1000000; + tv.tv_usec = m_timeout.count() % 1000000; + return tv; + } + + const std::chrono::microseconds m_timeout; int m_fd; }; @@ -263,16 +332,17 @@ class BSD_Socket final : public OS::Socket std::unique_ptr OS::open_socket(const std::string& hostname, - const std::string& service) + const std::string& service, + std::chrono::milliseconds timeout) { #if defined(BOTAN_HAS_BOOST_ASIO) - return std::unique_ptr(new Asio_Socket(hostname, service)); + return std::unique_ptr(new Asio_Socket(hostname, service, timeout)); #elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) return std::unique_ptr(new Winsock_Socket(hostname, service)); #elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) - return std::unique_ptr(new BSD_Socket(hostname, service)); + return std::unique_ptr(new BSD_Socket(hostname, service, timeout)); #else // No sockets for you diff --git a/src/lib/utils/http_util/socket.h b/src/lib/utils/socket/socket.h similarity index 90% rename from src/lib/utils/http_util/socket.h rename to src/lib/utils/socket/socket.h index 4961738ae3..42d723ec35 100644 --- a/src/lib/utils/http_util/socket.h +++ b/src/lib/utils/socket/socket.h @@ -9,7 +9,7 @@ #define BOTAN_SOCKET_H_ #include -#include +#include namespace Botan { @@ -54,7 +54,8 @@ class BOTAN_TEST_API Socket */ std::unique_ptr BOTAN_TEST_API open_socket(const std::string& hostname, - const std::string& service); + const std::string& service, + std::chrono::milliseconds timeout); } // OS } // Botan From bcfd2761679d79471612bdf7f500b87123c1c6ab Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 13:26:00 -0500 Subject: [PATCH 0371/1008] Handle timeouts in BSD sockets --- src/lib/utils/socket/socket.cpp | 66 ++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 5 deletions(-) diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index e1f54a2381..0733ae630f 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -27,6 +27,7 @@ #include #include #include + #include #elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) #define NOMINMAX 1 @@ -256,6 +257,9 @@ class BSD_Socket final : public OS::Socket for(addrinfo* rp = res; (m_fd < 0) && (rp != nullptr); rp = rp->ai_next) { + if(rp->ai_family != AF_INET && rp->ai_family != AF_INET6) + continue; + m_fd = ::socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); if(m_fd < 0) @@ -264,11 +268,44 @@ class BSD_Socket final : public OS::Socket continue; } - if(::connect(m_fd, rp->ai_addr, rp->ai_addrlen) != 0) + if(::fcntl(m_fd, F_SETFL, O_NONBLOCK) < 0) + throw Exception("Setting socket to non-blocking state failed"); + + int err = ::connect(m_fd, rp->ai_addr, rp->ai_addrlen); + + if(err == -1) { - ::close(m_fd); - m_fd = -1; - continue; + int active = 0; + if(errno == EINPROGRESS) + { + struct timeval timeout = make_timeout_tv(); + fd_set write_set; + FD_ZERO(&write_set); + FD_SET(m_fd, &write_set); + + active = ::select(m_fd + 1, nullptr, &write_set, nullptr, &timeout); + + if(active) + { + int socket_error = 0; + socklen_t len = sizeof(socket_error); + + if(::getsockopt(m_fd, SOL_SOCKET, SO_ERROR, &socket_error, &len) < 0) + throw Exception("Error calling getsockopt"); + + if(socket_error != 0) + { + active = 0; + } + } + } + + if(active == 0) + { + ::close(m_fd); + m_fd = -1; + continue; + } } } @@ -287,12 +324,21 @@ class BSD_Socket final : public OS::Socket m_fd = -1; } - void write(const uint8_t buf[], size_t len) override { + fd_set write_set; + FD_ZERO(&write_set); + FD_SET(m_fd, &write_set); + size_t sent_so_far = 0; while(sent_so_far != len) { + struct timeval timeout = make_timeout_tv(); + int active = ::select(m_fd + 1, nullptr, &write_set, nullptr, &timeout); + + if(active == 0) + throw Exception("Timeout during socket write"); + const size_t left = len - sent_so_far; ssize_t sent = ::write(m_fd, &buf[sent_so_far], left); if(sent < 0) @@ -305,6 +351,16 @@ class BSD_Socket final : public OS::Socket size_t read(uint8_t buf[], size_t len) override { + fd_set read_set; + FD_ZERO(&read_set); + FD_SET(m_fd, &read_set); + + struct timeval timeout = make_timeout_tv(); + int active = ::select(m_fd + 1, &read_set, nullptr, nullptr, &timeout); + + if(active == 0) + throw Exception("Timeout during socket read"); + ssize_t got = ::read(m_fd, buf, len); if(got < 0) From 9a314557b1e38c63bcf8a404ebf31248a9402015 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 13:32:56 -0500 Subject: [PATCH 0372/1008] Expose timeouts to the HTTP API --- src/cli/utils.cpp | 8 ++++++-- src/lib/utils/http_util/http_util.cpp | 27 +++++++++++++++++++-------- src/lib/utils/http_util/http_util.h | 10 +++++++--- 3 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 094665a00e..161cc24bf7 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -218,11 +218,15 @@ BOTAN_REGISTER_COMMAND("rng", RNG); class HTTP_Get final : public Command { public: - HTTP_Get() : Command("http_get url") {} + HTTP_Get() : Command("http_get --redirects=1 --timeout=3000 url") {} void go() override { - output() << Botan::HTTP::GET_sync(get_arg("url")) << "\n"; + const std::string url = get_arg("url"); + const std::chrono::milliseconds timeout(get_arg_sz("timeout")); + const size_t redirects = get_arg_sz("redirects"); + + output() << Botan::HTTP::GET_sync(url, redirects, timeout) << "\n"; } }; diff --git a/src/lib/utils/http_util/http_util.cpp b/src/lib/utils/http_util/http_util.cpp index 55dbd4df6b..40e1dc9760 100644 --- a/src/lib/utils/http_util/http_util.cpp +++ b/src/lib/utils/http_util/http_util.cpp @@ -25,13 +25,14 @@ namespace { * closes the socket. */ std::string http_transact(const std::string& hostname, - const std::string& message) + const std::string& message, + std::chrono::milliseconds timeout) { std::unique_ptr socket; try { - socket = OS::open_socket(hostname, "http", std::chrono::milliseconds(2500)); + socket = OS::open_socket(hostname, "http", timeout); if(!socket) throw Exception("No socket support enabled in build"); } @@ -205,10 +206,17 @@ Response http_sync(const std::string& verb, const std::string& url, const std::string& content_type, const std::vector& body, - size_t allowable_redirects) + size_t allowable_redirects, + std::chrono::milliseconds timeout) { + auto transact_with_timeout = + [timeout](const std::string& hostname, const std::string& service) + { + return http_transact(hostname, service, timeout); + }; + return http_sync( - http_transact, + transact_with_timeout, verb, url, content_type, @@ -216,17 +224,20 @@ Response http_sync(const std::string& verb, allowable_redirects); } -Response GET_sync(const std::string& url, size_t allowable_redirects) +Response GET_sync(const std::string& url, + size_t allowable_redirects, + std::chrono::milliseconds timeout) { - return http_sync("GET", url, "", std::vector(), allowable_redirects); + return http_sync("GET", url, "", std::vector(), allowable_redirects, timeout); } Response POST_sync(const std::string& url, const std::string& content_type, const std::vector& body, - size_t allowable_redirects) + size_t allowable_redirects, + std::chrono::milliseconds timeout) { - return http_sync("POST", url, content_type, body, allowable_redirects); + return http_sync("POST", url, content_type, body, allowable_redirects, timeout); } } diff --git a/src/lib/utils/http_util/http_util.h b/src/lib/utils/http_util/http_util.h index 14f1688869..9edd3d983a 100644 --- a/src/lib/utils/http_util/http_util.h +++ b/src/lib/utils/http_util/http_util.h @@ -14,6 +14,7 @@ #include #include #include +#include namespace Botan { @@ -79,15 +80,18 @@ BOTAN_PUBLIC_API(2,0) Response http_sync(const std::string& verb, const std::string& url, const std::string& content_type, const std::vector& body, - size_t allowable_redirects); + size_t allowable_redirects, + std::chrono::milliseconds timeout = std::chrono::milliseconds(3000)); BOTAN_PUBLIC_API(2,0) Response GET_sync(const std::string& url, - size_t allowable_redirects = 1); + size_t allowable_redirects = 1, + std::chrono::milliseconds timeout = std::chrono::milliseconds(3000)); BOTAN_PUBLIC_API(2,0) Response POST_sync(const std::string& url, const std::string& content_type, const std::vector& body, - size_t allowable_redirects = 1); + size_t allowable_redirects = 1, + std::chrono::milliseconds timeout = std::chrono::milliseconds(3000)); BOTAN_PUBLIC_API(2,0) std::string url_encode(const std::string& url); From dc8355ad610634e98c59700540a52523da1ca0d7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 13:39:59 -0500 Subject: [PATCH 0373/1008] Use HTTP level timeouts instead of polling on the std::future --- src/lib/x509/x509path.cpp | 29 ++++++----------------------- src/lib/x509/x509path.h | 4 ++-- 2 files changed, 8 insertions(+), 25 deletions(-) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 11bcdbb125..237ac33a53 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -320,7 +320,9 @@ PKIX::check_ocsp_online(const std::vectorocsp_responder(), "application/ocsp-request", - req.BER_encode()); + req.BER_encode(), + /*redirects*/1, + timeout); http.throw_unless_ok(); // Check the MIME type? @@ -330,30 +332,11 @@ PKIX::check_ocsp_online(const std::vector> ocsp_responses(ocsp_response_futures.size()); + std::vector> ocsp_responses; - for(size_t pass = 1; pass < 3; ++pass) + for(size_t i = 0; i < ocsp_response_futures.size(); ++i) { - for(size_t i = 0; i < ocsp_response_futures.size(); ++i) - { - try - { - if(ocsp_responses[i] == nullptr && ocsp_response_futures[i].valid()) - { - std::future_status status = ocsp_response_futures[i].wait_for(timeout); - - if(status == std::future_status::ready || - status == std::future_status::deferred) - { - ocsp_responses[i] = ocsp_response_futures[i].get(); - } - } - } - catch(std::exception&) - { - // value is default initialized to null, no need to do anything - } - } + ocsp_responses.push_back(ocsp_response_futures[i].get()); } return PKIX::check_ocsp(cert_path, ocsp_responses, trusted_certstores, ref_time); diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 17932c8715..6898d0679e 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -207,7 +207,7 @@ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( * @param hostname if not empty, compared against the DNS name in end_cert * @param usage if not set to UNSPECIFIED, compared against the key usage in end_cert * @param validation_time what reference time to use for validation -* @param ocsp_timeout timeoutput for OCSP operations, 0 disables OCSP check +* @param ocsp_timeout timeout for OCSP operations, 0 disables OCSP check * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation */ @@ -251,7 +251,7 @@ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( * @param hostname if not empty, compared against the DNS name in end_certs[0] * @param usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0] * @param validation_time what reference time to use for validation -* @param ocsp_timeout timeoutput for OCSP operations, 0 disables OCSP check +* @param ocsp_timeout timeout for OCSP operations, 0 disables OCSP check * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation */ From 3679787e87482f96164f1fab4320d9ecacf1c6b9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 14:04:25 -0500 Subject: [PATCH 0374/1008] Add an overall timeout to the HTTP request --- src/lib/utils/http_util/http_util.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/lib/utils/http_util/http_util.cpp b/src/lib/utils/http_util/http_util.cpp index 40e1dc9760..f5f9c02132 100644 --- a/src/lib/utils/http_util/http_util.cpp +++ b/src/lib/utils/http_util/http_util.cpp @@ -30,6 +30,8 @@ std::string http_transact(const std::string& hostname, { std::unique_ptr socket; + const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now(); + try { socket = OS::open_socket(hostname, "http", timeout); @@ -45,6 +47,9 @@ std::string http_transact(const std::string& hostname, socket->write(cast_char_ptr_to_uint8(message.data()), message.size()); + if(std::chrono::system_clock::now() - start_time > timeout) + throw HTTP_Error("Timeout during writing message body"); + std::ostringstream oss; std::vector buf(BOTAN_DEFAULT_BUFFER_SIZE); while(true) @@ -53,6 +58,9 @@ std::string http_transact(const std::string& hostname, if(got == 0) // EOF break; + if(std::chrono::system_clock::now() - start_time > timeout) + throw HTTP_Error("Timeout while reading message body"); + oss.write(cast_uint8_ptr_to_char(buf.data()), static_cast(got)); } From db192f099e7cae79c391e2cec3ec26436093dcb1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 16 Dec 2017 14:09:01 -0500 Subject: [PATCH 0375/1008] Expose timeouts on the freestanding OCSP request utils --- src/cli/x509.cpp | 5 +++-- src/lib/x509/ocsp.cpp | 13 +++++++++---- src/lib/x509/ocsp.h | 17 +++++++++++++++-- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index eb09eb41d3..10e7a1c7f4 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -117,16 +117,17 @@ BOTAN_REGISTER_COMMAND("cert_info", Cert_Info); class OCSP_Check final : public Command { public: - OCSP_Check() : Command("ocsp_check subject issuer") {} + OCSP_Check() : Command("ocsp_check --timeout=3000 subject issuer") {} void go() override { Botan::X509_Certificate subject(get_arg("subject")); Botan::X509_Certificate issuer(get_arg("issuer")); + std::chrono::milliseconds timeout(get_arg_sz("timeout")); Botan::Certificate_Store_In_Memory cas; cas.add_certificate(issuer); - Botan::OCSP::Response resp = Botan::OCSP::online_check(issuer, subject, &cas); + Botan::OCSP::Response resp = Botan::OCSP::online_check(issuer, subject, &cas, timeout); auto status = resp.status_for(issuer, subject, std::chrono::system_clock::now()); diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index cf0c1064b7..6d8d666877 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -283,7 +283,8 @@ Certificate_Status_Code Response::status_for(const X509_Certificate& issuer, Response online_check(const X509_Certificate& issuer, const BigInt& subject_serial, const std::string& ocsp_responder, - Certificate_Store* trusted_roots) + Certificate_Store* trusted_roots, + std::chrono::milliseconds timeout) { if(ocsp_responder.empty()) throw Invalid_Argument("No OCSP responder specified"); @@ -292,7 +293,9 @@ Response online_check(const X509_Certificate& issuer, auto http = HTTP::POST_sync(ocsp_responder, "application/ocsp-request", - req.BER_encode()); + req.BER_encode(), + 1, + timeout); http.throw_unless_ok(); @@ -312,7 +315,8 @@ Response online_check(const X509_Certificate& issuer, Response online_check(const X509_Certificate& issuer, const X509_Certificate& subject, - Certificate_Store* trusted_roots) + Certificate_Store* trusted_roots, + std::chrono::milliseconds timeout) { if(subject.issuer_dn() != issuer.subject_dn()) throw Invalid_Argument("Invalid cert pair to OCSP::online_check (mismatched issuer,subject args?)"); @@ -320,7 +324,8 @@ Response online_check(const X509_Certificate& issuer, return online_check(issuer, BigInt::decode(subject.serial_number()), subject.ocsp_responder(), - trusted_roots); + trusted_roots, + timeout); } #endif diff --git a/src/lib/x509/ocsp.h b/src/lib/x509/ocsp.h index 33177dc59a..1b780d63f4 100644 --- a/src/lib/x509/ocsp.h +++ b/src/lib/x509/ocsp.h @@ -11,6 +11,7 @@ #include #include #include +#include namespace Botan { @@ -164,23 +165,35 @@ class BOTAN_PUBLIC_API(2,0) Response final #if defined(BOTAN_HAS_HTTP_UTIL) +/** +* Makes an online OCSP request via HTTP and returns the OCSP response. +* @param issuer issuer certificate +* @param subject_serial the subject's serial number +* @param ocsp_responder the OCSP responder to query +* @param trusted_roots trusted roots for the OCSP response +* @param timeout a timeout on the HTTP request +* @return OCSP response +*/ BOTAN_PUBLIC_API(2,1) Response online_check(const X509_Certificate& issuer, const BigInt& subject_serial, const std::string& ocsp_responder, - Certificate_Store* trusted_roots); + Certificate_Store* trusted_roots, + std::chrono::milliseconds timeout = std::chrono::milliseconds(3000)); /** * Makes an online OCSP request via HTTP and returns the OCSP response. * @param issuer issuer certificate * @param subject subject certificate * @param trusted_roots trusted roots for the OCSP response +* @param timeout a timeout on the HTTP request * @return OCSP response */ BOTAN_PUBLIC_API(2,0) Response online_check(const X509_Certificate& issuer, const X509_Certificate& subject, - Certificate_Store* trusted_roots); + Certificate_Store* trusted_roots, + std::chrono::milliseconds timeout = std::chrono::milliseconds(3000)); #endif From 33c2ea480722bd9fc3eca969e24daf601843c659 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 06:46:19 -0500 Subject: [PATCH 0376/1008] Missing include --- src/lib/utils/socket/socket.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/utils/socket/socket.h b/src/lib/utils/socket/socket.h index 42d723ec35..03a951478a 100644 --- a/src/lib/utils/socket/socket.h +++ b/src/lib/utils/socket/socket.h @@ -9,6 +9,7 @@ #define BOTAN_SOCKET_H_ #include +#include #include namespace Botan { From eb76255d74f8281f0edd6acc0df6086a29c6d1d4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 06:46:22 -0500 Subject: [PATCH 0377/1008] Try to debug Boost build failure - amalgamation problem? --- src/scripts/ci_build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 011e9b3fc6..69617dee09 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -71,7 +71,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro if target in ['mini-static', 'mini-shared']: flags += ['--minimized-build', '--enable-modules=system_rng,sha2_32,sha2_64,aes'] - if target == 'shared': + if target == 'shared' and target_os != 'osx': # Enabling amalgamation build for shared is somewhat arbitrary, but we want to test it # somewhere. In addition the majority of the Windows builds are shared, and MSVC is # much faster compiling via the amalgamation than individual files. From 08740bad13334128a0837364e4473c8a17f12dd4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 07:34:48 -0500 Subject: [PATCH 0378/1008] Merge BSD and Winsock variations together --- src/lib/utils/socket/socket.cpp | 166 ++++++++++++-------------------- 1 file changed, 61 insertions(+), 105 deletions(-) diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index 0733ae630f..55adc13191 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -135,12 +135,29 @@ class Asio_Socket final : public OS::Socket boost::asio::ip::tcp::socket m_tcp; }; -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) -class Winsock_Socket final : public OS::Socket +class BSD_Socket final : public OS::Socket { - public: - Winsock_Socket(const std::string& hostname, const std::string& service) + private: +#if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) + typedef SOCKET socket_type; + static socket_type invalid_socket() { return INVALID_SOCKET; } + static void close_socket(socket_type s) { ::closesocket(s); } + static std::string get_last_socket_error() { return std::to_string(::WSAGetLastError()); } + + static bool nonblocking_connect_in_progress() + { + return (::WSAGetLastError() == WSAEWOULDBLOCK); + } + + static void set_nonblocking(socket_type s) + { + u_long nonblocking = 1; + ::ioctlsocket(s, FIONBIO, &nonblocking); + } + + static void socket_init() { WSAData wsa_data; WORD wsa_version = MAKEWORD(2, 2); @@ -155,93 +172,37 @@ class Winsock_Socket final : public OS::Socket ::WSACleanup(); throw Exception("Could not find a usable version of Winsock.dll"); } - - addrinfo hints; - ::memset(&hints, 0, sizeof(addrinfo)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - addrinfo* res; - - if(::getaddrinfo(hostname.c_str(), service.c_str(), &hints, &res) != 0) - { - throw Exception("Name resolution failed for " + hostname); - } - - for(addrinfo* rp = res; (m_socket == INVALID_SOCKET) && (rp != nullptr); rp = rp->ai_next) - { - m_socket = ::socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); - - // unsupported socket type? - if(m_socket == INVALID_SOCKET) - continue; - - if(::connect(m_socket, rp->ai_addr, rp->ai_addrlen) != 0) - { - ::closesocket(m_socket); - m_socket = INVALID_SOCKET; - continue; - } - } - - ::freeaddrinfo(res); - - if(m_socket == INVALID_SOCKET) - { - throw Exception("Connecting to " + hostname + - " for service " + service + " failed"); - } } - ~Winsock_Socket() + static void socket_fini() { - ::closesocket(m_socket); - m_socket = INVALID_SOCKET; ::WSACleanup(); } - - void write(const uint8_t buf[], size_t len) override - { - size_t sent_so_far = 0; - while(sent_so_far != len) - { - const size_t left = len - sent_so_far; - int sent = ::send(m_socket, - cast_uint8_ptr_to_char(buf + sent_so_far), - static_cast(left), - 0); - - if(sent == SOCKET_ERROR) - throw Exception("Socket write failed with error " + - std::to_string(::WSAGetLastError())); - else - sent_so_far += static_cast(sent); - } - } - - size_t read(uint8_t buf[], size_t len) override +#else + typedef int socket_type; + static socket_type invalid_socket() { return -1; } + static void close_socket(socket_type s) { ::close(s); } + static std::string get_last_socket_error() { return ::strerror(errno); } + static bool nonblocking_connect_in_progress() { return (errno == EINPROGRESS); } + static void set_nonblocking(socket_type s) { - int got = ::recv(m_socket, - cast_uint8_ptr_to_char(buf), - static_cast(len), 0); - - if(got == SOCKET_ERROR) - throw Exception("Socket read failed with error " + - std::to_string(::WSAGetLastError())); - return static_cast(got); + if(::fcntl(s, F_SETFL, O_NONBLOCK) < 0) + throw Exception("Setting socket to non-blocking state failed"); } - private: - SOCKET m_socket = INVALID_SOCKET; - }; + static void socket_init() {} + static void socket_fini() {} +#endif -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) -class BSD_Socket final : public OS::Socket - { public: BSD_Socket(const std::string& hostname, const std::string& service, std::chrono::microseconds timeout) : m_timeout(timeout) { + socket_init(); + + m_socket = invalid_socket(); + addrinfo hints; ::memset(&hints, 0, sizeof(addrinfo)); hints.ai_family = AF_UNSPEC; @@ -253,44 +214,41 @@ class BSD_Socket final : public OS::Socket throw Exception("Name resolution failed for " + hostname); } - m_fd = -1; - - for(addrinfo* rp = res; (m_fd < 0) && (rp != nullptr); rp = rp->ai_next) + for(addrinfo* rp = res; (m_socket == invalid_socket()) && (rp != nullptr); rp = rp->ai_next) { if(rp->ai_family != AF_INET && rp->ai_family != AF_INET6) continue; - m_fd = ::socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); + m_socket = ::socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); - if(m_fd < 0) + if(m_socket == invalid_socket()) { // unsupported socket type? continue; } - if(::fcntl(m_fd, F_SETFL, O_NONBLOCK) < 0) - throw Exception("Setting socket to non-blocking state failed"); + set_nonblocking(m_socket); - int err = ::connect(m_fd, rp->ai_addr, rp->ai_addrlen); + int err = ::connect(m_socket, rp->ai_addr, rp->ai_addrlen); if(err == -1) { int active = 0; - if(errno == EINPROGRESS) + if(nonblocking_connect_in_progress()) { struct timeval timeout = make_timeout_tv(); fd_set write_set; FD_ZERO(&write_set); - FD_SET(m_fd, &write_set); + FD_SET(m_socket, &write_set); - active = ::select(m_fd + 1, nullptr, &write_set, nullptr, &timeout); + active = ::select(m_socket + 1, nullptr, &write_set, nullptr, &timeout); if(active) { int socket_error = 0; socklen_t len = sizeof(socket_error); - if(::getsockopt(m_fd, SOL_SOCKET, SO_ERROR, &socket_error, &len) < 0) + if(::getsockopt(m_socket, SOL_SOCKET, SO_ERROR, reinterpret_cast(&socket_error), &len) < 0) throw Exception("Error calling getsockopt"); if(socket_error != 0) @@ -302,8 +260,8 @@ class BSD_Socket final : public OS::Socket if(active == 0) { - ::close(m_fd); - m_fd = -1; + close_socket(m_socket); + m_socket = invalid_socket(); continue; } } @@ -311,7 +269,7 @@ class BSD_Socket final : public OS::Socket ::freeaddrinfo(res); - if(m_fd < 0) + if(m_socket == invalid_socket()) { throw Exception("Connecting to " + hostname + " for service " + service + " failed"); @@ -320,27 +278,28 @@ class BSD_Socket final : public OS::Socket ~BSD_Socket() { - ::close(m_fd); - m_fd = -1; + close_socket(m_socket); + m_socket = invalid_socket(); + socket_fini(); } void write(const uint8_t buf[], size_t len) override { fd_set write_set; FD_ZERO(&write_set); - FD_SET(m_fd, &write_set); + FD_SET(m_socket, &write_set); size_t sent_so_far = 0; while(sent_so_far != len) { struct timeval timeout = make_timeout_tv(); - int active = ::select(m_fd + 1, nullptr, &write_set, nullptr, &timeout); + int active = ::select(m_socket + 1, nullptr, &write_set, nullptr, &timeout); if(active == 0) throw Exception("Timeout during socket write"); const size_t left = len - sent_so_far; - ssize_t sent = ::write(m_fd, &buf[sent_so_far], left); + ssize_t sent = ::send(m_socket, cast_uint8_ptr_to_char(&buf[sent_so_far]), left, 0); if(sent < 0) throw Exception("Socket write failed with error '" + std::string(::strerror(errno)) + "'"); @@ -353,15 +312,15 @@ class BSD_Socket final : public OS::Socket { fd_set read_set; FD_ZERO(&read_set); - FD_SET(m_fd, &read_set); + FD_SET(m_socket, &read_set); struct timeval timeout = make_timeout_tv(); - int active = ::select(m_fd + 1, &read_set, nullptr, nullptr, &timeout); + int active = ::select(m_socket + 1, &read_set, nullptr, nullptr, &timeout); if(active == 0) throw Exception("Timeout during socket read"); - ssize_t got = ::read(m_fd, buf, len); + ssize_t got = ::recv(m_socket, cast_uint8_ptr_to_char(buf), len, 0); if(got < 0) throw Exception("Socket read failed with error '" + @@ -379,7 +338,7 @@ class BSD_Socket final : public OS::Socket } const std::chrono::microseconds m_timeout; - int m_fd; + socket_type m_socket; }; #endif @@ -394,10 +353,7 @@ OS::open_socket(const std::string& hostname, #if defined(BOTAN_HAS_BOOST_ASIO) return std::unique_ptr(new Asio_Socket(hostname, service, timeout)); -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) - return std::unique_ptr(new Winsock_Socket(hostname, service)); - -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) return std::unique_ptr(new BSD_Socket(hostname, service, timeout)); #else From 4a6879ab001428866d59c96874fa865a84661360 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 17 Dec 2017 15:01:38 -0500 Subject: [PATCH 0379/1008] Windows has a different return type --- src/lib/utils/socket/socket.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index 55adc13191..f263531ddd 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -142,6 +142,7 @@ class BSD_Socket final : public OS::Socket private: #if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) typedef SOCKET socket_type; + typedef int socket_op_ret_type; static socket_type invalid_socket() { return INVALID_SOCKET; } static void close_socket(socket_type s) { ::closesocket(s); } static std::string get_last_socket_error() { return std::to_string(::WSAGetLastError()); } @@ -180,6 +181,7 @@ class BSD_Socket final : public OS::Socket } #else typedef int socket_type; + typedef ssize_t socket_op_ret_type; static socket_type invalid_socket() { return -1; } static void close_socket(socket_type s) { ::close(s); } static std::string get_last_socket_error() { return ::strerror(errno); } @@ -299,7 +301,7 @@ class BSD_Socket final : public OS::Socket throw Exception("Timeout during socket write"); const size_t left = len - sent_so_far; - ssize_t sent = ::send(m_socket, cast_uint8_ptr_to_char(&buf[sent_so_far]), left, 0); + socket_op_ret_type sent = ::send(m_socket, cast_uint8_ptr_to_char(&buf[sent_so_far]), left, 0); if(sent < 0) throw Exception("Socket write failed with error '" + std::string(::strerror(errno)) + "'"); @@ -320,7 +322,7 @@ class BSD_Socket final : public OS::Socket if(active == 0) throw Exception("Timeout during socket read"); - ssize_t got = ::recv(m_socket, cast_uint8_ptr_to_char(buf), len, 0); + socket_op_ret_type got = ::recv(m_socket, cast_uint8_ptr_to_char(buf), len, 0); if(got < 0) throw Exception("Socket read failed with error '" + From a738ad098d35fac318a97c5d5c5c0cc329c5c043 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 18 Dec 2017 09:02:26 -0500 Subject: [PATCH 0380/1008] Correct JSON output (trailing comma) and add byte-per-second value --- src/cli/speed.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 894fc3ef47..bb4a423441 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -391,9 +391,13 @@ class JSON_Output final std::ostringstream out; out << "[\n"; - for(const Timer& t : m_results) + + for(size_t i = 0; i != m_results.size(); ++i) { - //out << t.format_json(); + if(i != 0) + out << ","; + + const Timer& t = m_results[i]; out << '{'; out << "\"algo\": \"" << t.get_name() << "\", "; @@ -403,11 +407,14 @@ class JSON_Output final if(t.cycles_consumed() > 0) out << "\"cycles\": " << t.cycles_consumed() << ", "; if(t.buf_size() > 0) + { + out << "\"bps\": " << static_cast(t.events() / (t.value() / 1000000000.0)) << ", "; out << "\"buf_size\": " << t.buf_size() << ", "; + } out << "\"nanos\": " << t.value(); - out << "},\n"; + out << "}\n"; } out << "]\n"; From 2b50c7b87374c0e3a747bd754f15921b80d6563a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 18 Dec 2017 09:02:47 -0500 Subject: [PATCH 0381/1008] Accept ChaCha20 as a name --- src/lib/stream/stream_cipher.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/stream/stream_cipher.cpp b/src/lib/stream/stream_cipher.cpp index c0e75c0a8c..77e68d129d 100644 --- a/src/lib/stream/stream_cipher.cpp +++ b/src/lib/stream/stream_cipher.cpp @@ -64,6 +64,12 @@ std::unique_ptr StreamCipher::create(const std::string& algo_spec, if(provider.empty() || provider == "base") return std::unique_ptr(new ChaCha(req.arg_as_integer(0, 20))); } + + if(req.algo_name() == "ChaCha20") + { + if(provider.empty() || provider == "base") + return std::unique_ptr(new ChaCha(20)); + } #endif #if defined(BOTAN_HAS_SALSA20) From 800ce9e88b8ab88a30480497b0524499e4d95d87 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 18 Dec 2017 09:14:32 -0500 Subject: [PATCH 0382/1008] Add a simple OpenSSL vs Botan benchmark script --- src/scripts/bench.py | 216 ++++++++++++++++++++++++++++++++++++++++ src/scripts/ci_build.py | 1 + 2 files changed, 217 insertions(+) create mode 100755 src/scripts/bench.py diff --git a/src/scripts/bench.py b/src/scripts/bench.py new file mode 100755 index 0000000000..13de0c0773 --- /dev/null +++ b/src/scripts/bench.py @@ -0,0 +1,216 @@ +#!/usr/bin/python + +""" +Compare Botan with OpenSSL using their respective benchmark utils + +(C) 2017 Jack Lloyd + +Botan is released under the Simplified BSD License (see license.txt) + +TODO + - Also compare RSA, ECDSA, ECDH + - Output pretty graphs with matplotlib +""" + +import logging +import os +import sys +import optparse # pylint: disable=deprecated-module +import subprocess +import re +import json + +def setup_logging(options): + if options.verbose: + log_level = logging.DEBUG + elif options.quiet: + log_level = logging.WARNING + else: + log_level = logging.INFO + + class LogOnErrorHandler(logging.StreamHandler, object): + def emit(self, record): + super(LogOnErrorHandler, self).emit(record) + if record.levelno >= logging.ERROR: + sys.exit(1) + + lh = LogOnErrorHandler(sys.stdout) + lh.setFormatter(logging.Formatter('%(levelname) 7s: %(message)s')) + logging.getLogger().addHandler(lh) + logging.getLogger().setLevel(log_level) + +def run_command(cmd): + logging.debug("Running '%s'", ' '.join(cmd)) + + proc = subprocess.Popen(cmd, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + universal_newlines=True) + stdout, stderr = proc.communicate() + + if proc.returncode != 0: + logging.error("Running command %s failed ret %d", ' '.join(cmd), proc.returncode) + + return stdout + stderr + +def get_openssl_version(openssl): + output = run_command([openssl, 'version']) + + openssl_version_re = re.compile(r'OpenSSL ([0-9a-z\.]+) .*') + + match = openssl_version_re.match(output) + + if match: + return match.group(1) + else: + logging.warning("Unable to parse OpenSSL version output %s", output) + return output + +def get_botan_version(botan): + return run_command([botan, 'version']).strip() + +EVP_MAP = { + 'Blowfish': 'bf-ecb', + 'AES-128/GCM': 'aes-128-gcm', + 'AES-256/GCM': 'aes-256-gcm', + 'ChaCha20': 'chacha20', + 'MD5': 'md5', + 'SHA-1': 'sha1', + 'RIPEMD-160': 'ripemd160', + 'SHA-256': 'sha256', + 'SHA-384': 'sha384', + 'SHA-512': 'sha512' + } + +def run_openssl_bench(openssl, algo): + + logging.info('Running OpenSSL benchmark for %s', algo) + + cmd = [openssl, 'speed', '-mr'] + + if algo in EVP_MAP: + cmd += ['-evp', EVP_MAP[algo]] + else: + cmd += [algo] + + output = run_command(cmd) + + buf_header = re.compile(r'\+DT:([a-z0-9-]+):([0-9]+):([0-9]+)$') + res_header = re.compile(r'\+R:([0-9]+):[a-z0-9-]+:([0-9]+\.[0-9]+)$') + ignored = re.compile(r'\+(H|F):.*') + + results = [] + + result = None + + for l in output.splitlines(): + if ignored.match(l): + continue + + if result is None: + match = buf_header.match(l) + if match is None: + logging.error("Unexpected output from OpenSSL %s", l) + + result = {'algo': algo, 'buf_size': int(match.group(3))} + else: + match = res_header.match(l) + + result['bytes'] = int(match.group(1)) * result['buf_size'] + result['runtime'] = float(match.group(2)) + result['bps'] = int(result['bytes'] / result['runtime']) + results.append(result) + result = None + + return results + +def run_botan_bench(botan, runtime, buf_sizes, algo): + + runtime = .05 + + cmd = [botan, 'speed', '--format=json', '--msec=%d' % int(runtime * 1000), + '--buf-size=%s' % (','.join(map(str, buf_sizes))), algo] + output = run_command(cmd) + output = json.loads(output) + + return output + +class BenchmarkResult(object): + def __init__(self, algo, buf_sizes, openssl_results, botan_results): + self.algo = algo + self.results = {} + + def find_result(results, sz): + for r in results: + if 'buf_size' in r and r['buf_size'] == sz: + return r['bps'] + raise Exception("Could not find expected result in data") + + for buf_size in buf_sizes: + self.results[buf_size] = { + 'openssl': find_result(openssl_results, buf_size), + 'botan': find_result(botan_results, buf_size) + } + + def result_string(self): + + out = "" + for (k, v) in self.results.items(): + out += "algo %s buf_size % 6d botan % 12d bps openssl % 12d bps adv %.02f\n" % ( + self.algo, k, v['botan'], v['openssl'], float(v['botan']) / v['openssl']) + return out + +def bench_algo(openssl, botan, algo): + openssl_results = run_openssl_bench(openssl, algo) + + buf_sizes = sorted([x['buf_size'] for x in openssl_results]) + runtime = sum(x['runtime'] for x in openssl_results) / len(openssl_results) + + botan_results = run_botan_bench(botan, runtime, buf_sizes, algo) + + return BenchmarkResult(algo, buf_sizes, openssl_results, botan_results) + +def main(args=None): + if args is None: + args = sys.argv + + parser = optparse.OptionParser() + + parser.add_option('--verbose', action='store_true', default=False, help="be noisy") + parser.add_option('--quiet', action='store_true', default=False, help="be very quiet") + + parser.add_option('--openssl-cli', metavar='PATH', + default='/usr/bin/openssl', + help='Path to openssl binary (default %default)') + + parser.add_option('--botan-cli', metavar='PATH', + default='/usr/bin/botan', + help='Path to botan binary (default %default)') + + (options, args) = parser.parse_args(args) + + setup_logging(options) + + openssl = options.openssl_cli + botan = options.botan_cli + + if os.access(openssl, os.X_OK) is False: + logging.error("Unable to access openssl binary at %s", openssl) + + if os.access(botan, os.X_OK) is False: + logging.error("Unable to access botan binary at %s", botan) + + openssl_version = get_openssl_version(openssl) + botan_version = get_botan_version(botan) + + logging.info("Comparing Botan %s with OpenSSL %s", botan_version, openssl_version) + + for algo in sorted(EVP_MAP.keys()): + result = bench_algo(openssl, botan, algo) + print(result.result_string()) + + + return 0 + +if __name__ == '__main__': + sys.exit(main()) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 69617dee09..72e90eded8 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -369,6 +369,7 @@ def main(args=None): 'src/scripts/cleanup.py', 'src/scripts/build_docs.py', 'src/scripts/website.py', + 'src/scripts/bench.py', 'src/scripts/python_unittests.py', 'src/scripts/python_unittests_unix.py'] From a29484c932bb40bd2bdd259718d0699d5e717d1a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 18 Dec 2017 10:32:02 -0500 Subject: [PATCH 0383/1008] Update news [ci skip] --- news.rst | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/news.rst b/news.rst index abd106e83a..791ae4977d 100644 --- a/news.rst +++ b/news.rst @@ -8,7 +8,7 @@ Version 2.4.0, Not Yet Released ability to disable building the static library. All makefile constructs that were specific to nmake or GNU make have been eliminated, thus the option ``--makefile-style`` which was previously used to select the makefile type has - also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 and #1325) + also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346) * Support for negotiating the DH group as specified in RFC 7919 is now available in TLS (GH #1263) @@ -22,19 +22,28 @@ Version 2.4.0, Not Yet Released * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) +* OCSP requests made during certificate verification had the potential to hang + forever. Now the sockets are non-blocking and a timeout is enforced. (GH #1360 + fixing GH #1326) + +* Add ``Public_Key::fingerprint_public`` which allows fingerprinting the public key. + The previously available ``Private_Key::fingerprint`` is deprecated, now + ``Private_Key::fingerprint_private`` should be used if this is required. + (GH #1357) + * XMSS signatures now are multithreaded for improved performance (GH #1267) -* Fix a bug that caused the peer cert list to be empty on a resumed session. +* Fix a bug that caused the TLS peer cert list to be empty on a resumed session. (GH #1303 #1342) * Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows - using a DH key exchange with a group greater than 4096 bits. (GH #1316) + using a DH key exchange in TLS with a group greater than 4096 bits. (GH #1316) * Fix a bug in the TLS server where, on receiving an SSLv3 client hello, it would attempt to negotiate TLS v1.2. Now a protocol_version alert is sent. Found with tlsfuzzer. (GH #1316) -* Fix several bugs related to sending the wrong alert type in various error +* Fix several bugs related to sending the wrong TLS alert type in various error scenarious, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to @@ -54,6 +63,8 @@ Version 2.4.0, Not Yet Released * Salsa20 now supports the seek operation. +* Add ``EC_Group::known_named_groups`` (GH #1339) + * Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a key was set before accepting data. Previously attempting to use an unkeyed object would instead result in either a crash or invalid outputs. (GH #1279) @@ -167,6 +178,14 @@ Version 2.4.0, Not Yet Released * Support for NEON is now enabled under Clang. +* Now the compiler version is detected using the preprocessor, instead of trying + to parse the output of the compiler's version string, which was subject to + problems with localization. (GH #1358) + +* By default the gzip compressor will not include a timestamp in the header. + The timestamp can be set by passing it to the ``Gzip_Compression`` + constructor. + * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) From e886e5942c1117115c72cfa0ed808af37693efab Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 18 Dec 2017 17:00:45 -0500 Subject: [PATCH 0384/1008] Avoid tying encoding of CRLs to the current system clock --- src/lib/utils/parsing.h | 3 ++- src/lib/x509/x509_ca.cpp | 47 +++++++++++++++++++++++++++------------- src/lib/x509/x509_ca.h | 38 ++++++++++++++++++++++++++++---- 3 files changed, 68 insertions(+), 20 deletions(-) diff --git a/src/lib/utils/parsing.h b/src/lib/utils/parsing.h index 1cba23bc3f..9185cfaadf 100644 --- a/src/lib/utils/parsing.h +++ b/src/lib/utils/parsing.h @@ -124,7 +124,8 @@ BOTAN_PUBLIC_API(2,3) uint16_t to_uint16(const std::string& str); * @param timespec the time specification * @return number of seconds represented by timespec */ -BOTAN_PUBLIC_API(2,0) uint32_t timespec_to_u32bit(const std::string& timespec); +BOTAN_PUBLIC_API(2,0) uint32_t BOTAN_DEPRECATED("Not used anymore") +timespec_to_u32bit(const std::string& timespec); /** * Convert a string representation of an IPv4 address to a number diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 6569f506b6..22fb8ce803 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -146,8 +146,9 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, X509_CRL X509_CA::new_crl(RandomNumberGenerator& rng, uint32_t next_update) const { - std::vector empty; - return make_crl(empty, 1, next_update, rng); + return new_crl(rng, + std::chrono::system_clock::now(), + std::chrono::seconds(next_update)); } /* @@ -158,33 +159,49 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl, RandomNumberGenerator& rng, uint32_t next_update) const { - std::vector revoked = crl.get_revoked(); + return update_crl(crl, new_revoked, rng, + std::chrono::system_clock::now(), + std::chrono::seconds(next_update)); + } + + +X509_CRL X509_CA::new_crl(RandomNumberGenerator& rng, + std::chrono::system_clock::time_point issue_time, + std::chrono::seconds next_update) const + { + std::vector empty; + return make_crl(empty, 1, rng, issue_time, next_update); + } + +X509_CRL X509_CA::update_crl(const X509_CRL& last_crl, + const std::vector& new_revoked, + RandomNumberGenerator& rng, + std::chrono::system_clock::time_point issue_time, + std::chrono::seconds next_update) const + { + std::vector revoked = last_crl.get_revoked(); std::copy(new_revoked.begin(), new_revoked.end(), std::back_inserter(revoked)); - return make_crl(revoked, crl.crl_number() + 1, next_update, rng); + return make_crl(revoked, last_crl.crl_number() + 1, rng, issue_time, next_update); } /* * Create a CRL */ X509_CRL X509_CA::make_crl(const std::vector& revoked, - uint32_t crl_number, uint32_t next_update, - RandomNumberGenerator& rng) const + uint32_t crl_number, + RandomNumberGenerator& rng, + std::chrono::system_clock::time_point issue_time, + std::chrono::seconds next_update) const { const size_t X509_CRL_VERSION = 2; - if(next_update == 0) - next_update = timespec_to_u32bit("7d"); - - // Totally stupid: ties encoding logic to the return of std::time!! - auto current_time = std::chrono::system_clock::now(); - auto expire_time = current_time + std::chrono::seconds(next_update); + auto expire_time = issue_time + next_update; Extensions extensions; - extensions.add( - new Cert_Extension::Authority_Key_ID(m_ca_cert.subject_key_id())); + extensions.add(new Cert_Extension::Authority_Key_ID(m_ca_cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); // clang-format off @@ -194,7 +211,7 @@ X509_CRL X509_CA::make_crl(const std::vector& revoked, .encode(X509_CRL_VERSION-1) .encode(m_ca_sig_algo) .encode(m_ca_cert.subject_dn()) - .encode(X509_Time(current_time)) + .encode(X509_Time(issue_time)) .encode(X509_Time(expire_time)) .encode_if(revoked.size() > 0, DER_Encoder() diff --git a/src/lib/x509/x509_ca.h b/src/lib/x509/x509_ca.h index cd122a6fc2..49005f5303 100644 --- a/src/lib/x509/x509_ca.h +++ b/src/lib/x509/x509_ca.h @@ -10,6 +10,7 @@ #include #include +#include #if defined(BOTAN_HAS_SYSTEM_RNG) #include @@ -46,6 +47,33 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final */ X509_Certificate ca_certificate() const; + /** + * Create a new and empty CRL for this CA. + * @param rng the random number generator to use + * @param issue_time the issue time (typically system_clock::now) + * @param next_update the time interval after issue_data within which + * a new CRL will be produced. + * @return new CRL + */ + X509_CRL new_crl(RandomNumberGenerator& rng, + std::chrono::system_clock::time_point issue_time, + std::chrono::seconds next_update) const; + + /** + * Create a new CRL by with additional entries. + * @param last_crl the last CRL of this CA to add the new entries to + * @param new_entries contains the new CRL entries to be added to the CRL + * @param rng the random number generator to use + * @param issue_time the issue time (typically system_clock::now) + * @param next_update the time interval after issue_data within which + * a new CRL will be produced. + */ + X509_CRL update_crl(const X509_CRL& last_crl, + const std::vector& new_entries, + RandomNumberGenerator& rng, + std::chrono::system_clock::time_point issue_time, + std::chrono::seconds next_update) const; + /** * Create a new and empty CRL for this CA. * @param rng the random number generator to use @@ -54,7 +82,7 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final * @return new CRL */ X509_CRL new_crl(RandomNumberGenerator& rng, - uint32_t next_update = 0) const; + uint32_t next_update = 604800) const; /** * Create a new CRL by with additional entries. @@ -67,7 +95,7 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final X509_CRL update_crl(const X509_CRL& last_crl, const std::vector& new_entries, RandomNumberGenerator& rng, - uint32_t next_update = 0) const; + uint32_t next_update = 604800) const; /** * Interface for creating new certificates @@ -125,8 +153,10 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final private: X509_CRL make_crl(const std::vector& entries, - uint32_t crl_number, uint32_t next_update, - RandomNumberGenerator& rng) const; + uint32_t crl_number, + RandomNumberGenerator& rng, + std::chrono::system_clock::time_point issue_time, + std::chrono::seconds next_update) const; AlgorithmIdentifier m_ca_sig_algo; X509_Certificate m_ca_cert; From 395a8ab3b1d38f545e79f4bf169c71037fa6cc18 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 19 Dec 2017 00:48:09 -0500 Subject: [PATCH 0385/1008] Simplify overloads in DER_Encoder --- src/lib/asn1/der_enc.cpp | 33 --------------------------------- src/lib/asn1/der_enc.h | 19 +++++++++++++++---- 2 files changed, 15 insertions(+), 37 deletions(-) diff --git a/src/lib/asn1/der_enc.cpp b/src/lib/asn1/der_enc.cpp index 28a9bbc9ae..1ed51d5939 100644 --- a/src/lib/asn1/der_enc.cpp +++ b/src/lib/asn1/der_enc.cpp @@ -175,19 +175,6 @@ DER_Encoder& DER_Encoder::end_explicit() return end_cons(); } -/* -* Write raw bytes into the stream -*/ -DER_Encoder& DER_Encoder::raw_bytes(const secure_vector& val) - { - return raw_bytes(val.data(), val.size()); - } - -DER_Encoder& DER_Encoder::raw_bytes(const std::vector& val) - { - return raw_bytes(val.data(), val.size()); - } - /* * Write raw bytes into the stream */ @@ -233,26 +220,6 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n) return encode(n, INTEGER, UNIVERSAL); } -/* -* DER encode an OCTET STRING or BIT STRING -*/ -DER_Encoder& DER_Encoder::encode(const secure_vector& bytes, - ASN1_Tag real_type) - { - return encode(bytes.data(), bytes.size(), - real_type, real_type, UNIVERSAL); - } - -/* -* DER encode an OCTET STRING or BIT STRING -*/ -DER_Encoder& DER_Encoder::encode(const std::vector& bytes, - ASN1_Tag real_type) - { - return encode(bytes.data(), bytes.size(), - real_type, real_type, UNIVERSAL); - } - /* * Encode this object */ diff --git a/src/lib/asn1/der_enc.h b/src/lib/asn1/der_enc.h index f1e85101c4..f76391ae5c 100644 --- a/src/lib/asn1/der_enc.h +++ b/src/lib/asn1/der_enc.h @@ -34,18 +34,29 @@ class BOTAN_PUBLIC_API(2,0) DER_Encoder final DER_Encoder& start_explicit(uint16_t type_tag); DER_Encoder& end_explicit(); + /** + * Insert raw bytes directly into the output stream + */ DER_Encoder& raw_bytes(const uint8_t val[], size_t len); - DER_Encoder& raw_bytes(const secure_vector& val); - DER_Encoder& raw_bytes(const std::vector& val); + + template + DER_Encoder& raw_bytes(const std::vector& val) + { + return raw_bytes(val.data(), val.size()); + } DER_Encoder& encode_null(); DER_Encoder& encode(bool b); DER_Encoder& encode(size_t s); DER_Encoder& encode(const BigInt& n); - DER_Encoder& encode(const secure_vector& v, ASN1_Tag real_type); - DER_Encoder& encode(const std::vector& v, ASN1_Tag real_type); DER_Encoder& encode(const uint8_t val[], size_t len, ASN1_Tag real_type); + template + DER_Encoder& encode(const std::vector& vec, ASN1_Tag real_type) + { + return encode(vec.data(), vec.size(), real_type); + } + DER_Encoder& encode(bool b, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); From ac754772afbf7be397f8631ebbb3d2921b0a7753 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 19 Dec 2017 01:01:46 -0500 Subject: [PATCH 0386/1008] Fix some other copy+paste code in BER_Decoder --- src/lib/asn1/alg_id.h | 4 +- src/lib/asn1/asn1_obj.h | 2 +- src/lib/asn1/ber_dec.cpp | 104 +++++++++++++-------------------------- src/lib/asn1/ber_dec.h | 25 ++++++++-- 4 files changed, 58 insertions(+), 77 deletions(-) diff --git a/src/lib/asn1/alg_id.h b/src/lib/asn1/alg_id.h index be862c5dd4..fdb73b1784 100644 --- a/src/lib/asn1/alg_id.h +++ b/src/lib/asn1/alg_id.h @@ -44,9 +44,9 @@ class BOTAN_PUBLIC_API(2,0) AlgorithmIdentifier final : public ASN1_Object * Comparison Operations */ bool BOTAN_PUBLIC_API(2,0) operator==(const AlgorithmIdentifier&, - const AlgorithmIdentifier&); + const AlgorithmIdentifier&); bool BOTAN_PUBLIC_API(2,0) operator!=(const AlgorithmIdentifier&, - const AlgorithmIdentifier&); + const AlgorithmIdentifier&); } diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index a785a5807d..0b9a1493e5 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -88,7 +88,7 @@ class BOTAN_PUBLIC_API(2,0) ASN1_Object class BOTAN_PUBLIC_API(2,0) BER_Object final { public: - void assert_is_a(ASN1_Tag, ASN1_Tag); + void assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) const; // public member variable: ASN1_Tag type_tag, class_tag; diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index 515f7352fd..2251972248 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -150,7 +150,7 @@ size_t find_eoc(DataSource* ber, size_t allow_indef) /* * Check a type invariant on BER data */ -void BER_Object::assert_is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_) +void BER_Object::assert_is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_) const { if(type_tag != type_tag_ || class_tag != class_tag_) throw BER_Decoding_Error("Tag mismatch when decoding got " + @@ -180,27 +180,6 @@ BER_Decoder& BER_Decoder::verify_end() return (*this); } -/* -* Save all the bytes remaining in the source -*/ -BER_Decoder& BER_Decoder::raw_bytes(secure_vector& out) - { - out.clear(); - uint8_t buf; - while(m_source->read_byte(buf)) - out.push_back(buf); - return (*this); - } - -BER_Decoder& BER_Decoder::raw_bytes(std::vector& out) - { - out.clear(); - uint8_t buf; - while(m_source->read_byte(buf)) - out.push_back(buf); - return (*this); - } - /* * Discard all the bytes remaining in the source */ @@ -208,7 +187,7 @@ BER_Decoder& BER_Decoder::discard_remaining() { uint8_t buf; while(m_source->read_byte(buf)) - ; + {} return (*this); } @@ -429,7 +408,8 @@ BER_Decoder& BER_Decoder::decode(bool& out, * Decode a small BER encoded INTEGER */ BER_Decoder& BER_Decoder::decode(size_t& out, - ASN1_Tag type_tag, ASN1_Tag class_tag) + ASN1_Tag type_tag, + ASN1_Tag class_tag) { BigInt integer; decode(integer, type_tag, class_tag); @@ -448,8 +428,8 @@ BER_Decoder& BER_Decoder::decode(size_t& out, * Decode a small BER encoded INTEGER */ uint64_t BER_Decoder::decode_constrained_integer(ASN1_Tag type_tag, - ASN1_Tag class_tag, - size_t T_bytes) + ASN1_Tag class_tag, + size_t T_bytes) { if(T_bytes > 8) throw BER_Decoding_Error("Can't decode small integer over 8 bytes"); @@ -471,7 +451,8 @@ uint64_t BER_Decoder::decode_constrained_integer(ASN1_Tag type_tag, * Decode a BER encoded INTEGER */ BER_Decoder& BER_Decoder::decode(BigInt& out, - ASN1_Tag type_tag, ASN1_Tag class_tag) + ASN1_Tag type_tag, + ASN1_Tag class_tag) { BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, class_tag); @@ -500,37 +481,21 @@ BER_Decoder& BER_Decoder::decode(BigInt& out, return (*this); } -/* -* BER decode a BIT STRING or OCTET STRING -*/ -BER_Decoder& BER_Decoder::decode(secure_vector& out, ASN1_Tag real_type) - { - return decode(out, real_type, real_type, UNIVERSAL); - } - -/* -* BER decode a BIT STRING or OCTET STRING -*/ -BER_Decoder& BER_Decoder::decode(std::vector& out, ASN1_Tag real_type) - { - return decode(out, real_type, real_type, UNIVERSAL); - } +namespace { -/* -* BER decode a BIT STRING or OCTET STRING -*/ -BER_Decoder& BER_Decoder::decode(secure_vector& buffer, - ASN1_Tag real_type, - ASN1_Tag type_tag, ASN1_Tag class_tag) +template +void asn1_decode_binary_string(std::vector& buffer, + const BER_Object& obj, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag) { - if(real_type != OCTET_STRING && real_type != BIT_STRING) - throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); - - BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, class_tag); if(real_type == OCTET_STRING) - buffer = obj.value; + { + buffer.assign(obj.value.begin(), obj.value.end()); + } else { if(obj.value.empty()) @@ -543,33 +508,32 @@ BER_Decoder& BER_Decoder::decode(secure_vector& buffer, if(obj.value.size() > 1) copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); } - return (*this); } -BER_Decoder& BER_Decoder::decode(std::vector& buffer, +} + +/* +* BER decode a BIT STRING or OCTET STRING +*/ +BER_Decoder& BER_Decoder::decode(secure_vector& buffer, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { if(real_type != OCTET_STRING && real_type != BIT_STRING) throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); - BER_Object obj = get_next_object(); - obj.assert_is_a(type_tag, class_tag); - - if(real_type == OCTET_STRING) - buffer = unlock(obj.value); - else - { - if(obj.value.empty()) - throw BER_Decoding_Error("Invalid BIT STRING"); - if(obj.value[0] >= 8) - throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); + asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag); + return (*this); + } - buffer.resize(obj.value.size() - 1); +BER_Decoder& BER_Decoder::decode(std::vector& buffer, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + if(real_type != OCTET_STRING && real_type != BIT_STRING) + throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); - if(obj.value.size() > 1) - copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); - } + asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag); return (*this); } diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index fbe62e4646..637cdc5272 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -66,15 +66,32 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final return (*this); } - BER_Decoder& raw_bytes(secure_vector& v); - BER_Decoder& raw_bytes(std::vector& v); + /* + * Save all the bytes remaining in the source + */ + template + BER_Decoder& raw_bytes(std::vector& out) + { + out.clear(); + uint8_t buf; + while(m_source->read_byte(buf)) + out.push_back(buf); + return (*this); + } BER_Decoder& decode_null(); BER_Decoder& decode(bool& v); BER_Decoder& decode(size_t& v); BER_Decoder& decode(class BigInt& v); - BER_Decoder& decode(std::vector& v, ASN1_Tag type_tag); - BER_Decoder& decode(secure_vector& v, ASN1_Tag type_tag); + + /* + * BER decode a BIT STRING or OCTET STRING + */ + template + BER_Decoder& decode(std::vector& out, ASN1_Tag real_type) + { + return decode(out, real_type, real_type, UNIVERSAL); + } BER_Decoder& decode(bool& v, ASN1_Tag type_tag, From afabd4a6b33336815614288f01b80bcbf31ba79c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 19 Dec 2017 01:18:40 -0500 Subject: [PATCH 0387/1008] Add accessors to ASN1_Attribute and AlgorithmIdentifier --- doc/manual/deprecated.rst | 5 ++-- src/lib/asn1/alg_id.cpp | 32 ++++++++++++++++---------- src/lib/asn1/alg_id.h | 19 +++++++++------ src/lib/asn1/asn1_attribute.cpp | 8 +++++-- src/lib/asn1/asn1_attribute.h | 17 +++++++++----- src/lib/pubkey/dl_algo/dl_algo.cpp | 4 ++-- src/lib/pubkey/ecc_key/ecc_key.cpp | 4 ++-- src/lib/pubkey/gost_3410/gost_3410.cpp | 2 +- src/lib/pubkey/pbes2/pbes2.cpp | 12 +++++----- src/lib/pubkey/pk_algs.cpp | 8 +++---- src/lib/pubkey/pkcs8.cpp | 12 +++++----- src/lib/x509/ocsp.cpp | 2 +- src/lib/x509/ocsp_types.cpp | 2 +- src/lib/x509/pkcs10.cpp | 10 ++++---- src/lib/x509/x509_ca.cpp | 4 ++-- src/lib/x509/x509_obj.cpp | 18 +++++++-------- src/lib/x509/x509cert.cpp | 8 +++---- src/tests/unit_ecdsa.cpp | 2 +- 18 files changed, 97 insertions(+), 72 deletions(-) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 6a90fb27f9..3c768d1cbe 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -9,6 +9,9 @@ use case if you want to make sure your code continues to work. This is in addition to specific API calls marked with BOTAN_DEPRECATED in the source. +- Directly accessing the member variables of types calendar_point, ASN1_Attribute, + and AlgorithmIdentifier + - The headers ``botan.h``, ``init.h``, ``lookup.h`` - All or nothing package transform (``package.h``) @@ -55,5 +58,3 @@ in the source. - All built in MODP groups < 2048 bits - All pre-created DSA groups - -- Directly accessing the member variables of calendar_point diff --git a/src/lib/asn1/alg_id.cpp b/src/lib/asn1/alg_id.cpp index 0b84d21377..0637a8f8d1 100644 --- a/src/lib/asn1/alg_id.cpp +++ b/src/lib/asn1/alg_id.cpp @@ -16,38 +16,46 @@ namespace Botan { * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - const std::vector& param) : oid(alg_id), parameters(param) + const std::vector& param) : + oid(alg_id), + parameters(param) {} /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - const std::vector& param) : oid(OIDS::lookup(alg_id)), parameters(param) + const std::vector& param) : + oid(OIDS::lookup(alg_id)), + parameters(param) {} /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - Encoding_Option option) : oid(alg_id), parameters() + Encoding_Option option) : + oid(alg_id), + parameters() { const uint8_t DER_NULL[] = { 0x05, 0x00 }; if(option == USE_NULL_PARAM) - parameters += std::pair(DER_NULL, sizeof(DER_NULL)); + parameters.assign(DER_NULL, DER_NULL + 2); } /* * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - Encoding_Option option) : oid(OIDS::lookup(alg_id)), parameters() + Encoding_Option option) : + oid(OIDS::lookup(alg_id)), + parameters() { const uint8_t DER_NULL[] = { 0x05, 0x00 }; if(option == USE_NULL_PARAM) - parameters += std::pair(DER_NULL, sizeof(DER_NULL)); + parameters.assign(DER_NULL, DER_NULL + 2); } /* @@ -66,14 +74,14 @@ bool param_null_or_empty(const std::vector& p) bool operator==(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2) { - if(a1.oid != a2.oid) + if(a1.get_oid() != a2.get_oid()) return false; - if(param_null_or_empty(a1.parameters) && - param_null_or_empty(a2.parameters)) + if(param_null_or_empty(a1.get_parameters()) && + param_null_or_empty(a2.get_parameters())) return true; - return (a1.parameters == a2.parameters); + return (a1.get_parameters() == a2.get_parameters()); } /* @@ -90,8 +98,8 @@ bool operator!=(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2) void AlgorithmIdentifier::encode_into(DER_Encoder& codec) const { codec.start_cons(SEQUENCE) - .encode(oid) - .raw_bytes(parameters) + .encode(get_oid()) + .raw_bytes(get_parameters()) .end_cons(); } diff --git a/src/lib/asn1/alg_id.h b/src/lib/asn1/alg_id.h index fdb73b1784..b9af37c8a7 100644 --- a/src/lib/asn1/alg_id.h +++ b/src/lib/asn1/alg_id.h @@ -27,16 +27,21 @@ class BOTAN_PUBLIC_API(2,0) AlgorithmIdentifier final : public ASN1_Object void decode_from(class BER_Decoder&) override; AlgorithmIdentifier() = default; - AlgorithmIdentifier(const OID&, Encoding_Option); - AlgorithmIdentifier(const std::string&, Encoding_Option); - AlgorithmIdentifier(const OID&, const std::vector&); - AlgorithmIdentifier(const std::string&, const std::vector&); + AlgorithmIdentifier(const OID& oid, Encoding_Option enc); + AlgorithmIdentifier(const std::string& oid_name, Encoding_Option enc); - // public member variable: - OID oid; + AlgorithmIdentifier(const OID& oid, const std::vector& params); + AlgorithmIdentifier(const std::string& oid_name, const std::vector& params); + + const OID& get_oid() const { return oid; } + const std::vector& get_parameters() const { return parameters; } - // public member variable: + /* + * These values are public for historical reasons, but in a future release + * they will be made private. Do not access them. + */ + OID oid; std::vector parameters; }; diff --git a/src/lib/asn1/asn1_attribute.cpp b/src/lib/asn1/asn1_attribute.cpp index 3093f50257..8ecd8fd5f3 100644 --- a/src/lib/asn1/asn1_attribute.cpp +++ b/src/lib/asn1/asn1_attribute.cpp @@ -15,14 +15,18 @@ namespace Botan { /* * Create an Attribute */ -Attribute::Attribute(const OID& attr_oid, const std::vector& attr_value) : oid(attr_oid), parameters(attr_value) +Attribute::Attribute(const OID& attr_oid, const std::vector& attr_value) : + oid(attr_oid), + parameters(attr_value) {} /* * Create an Attribute */ Attribute::Attribute(const std::string& attr_oid, - const std::vector& attr_value) : oid(OIDS::lookup(attr_oid)), parameters(attr_value) + const std::vector& attr_value) : + oid(OIDS::lookup(attr_oid)), + parameters(attr_value) {} /* diff --git a/src/lib/asn1/asn1_attribute.h b/src/lib/asn1/asn1_attribute.h index da0ee48d19..077850a652 100644 --- a/src/lib/asn1/asn1_attribute.h +++ b/src/lib/asn1/asn1_attribute.h @@ -23,15 +23,20 @@ class BOTAN_PUBLIC_API(2,0) Attribute final : public ASN1_Object void encode_into(class DER_Encoder& to) const override; void decode_from(class BER_Decoder& from) override; - // public member variable: - OID oid; - - // public member variable: - std::vector parameters; - Attribute() = default; Attribute(const OID&, const std::vector&); Attribute(const std::string&, const std::vector&); + + const OID& get_oid() const { return oid; } + + const std::vector& get_parameters() const { return parameters; } + + /* + * These values are public for historical reasons, but in a future release + * they will be made private. Do not access them. + */ + OID oid; + std::vector parameters; }; } diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index 4f0e38e9f4..c28ccaee0a 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -38,7 +38,7 @@ DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, const std::vector& key_bits, DL_Group::Format format) { - m_group.BER_decode(alg_id.parameters, format); + m_group.BER_decode(alg_id.get_parameters(), format); BER_Decoder(key_bits).decode(m_y); } @@ -52,7 +52,7 @@ DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector& key_bits, DL_Group::Format format) { - m_group.BER_decode(alg_id.parameters, format); + m_group.BER_decode(alg_id.get_parameters(), format); BER_Decoder(key_bits).decode(m_x); } diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 962cd3f45d..442fb41d28 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -41,7 +41,7 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, const std::vector& key_bits) : - m_domain_params{EC_Group(alg_id.parameters)}, + m_domain_params{EC_Group(alg_id.get_parameters())}, m_public_key{OS2ECP(key_bits, domain().get_curve())} { if (!domain().get_oid().empty()) @@ -162,7 +162,7 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector& key_bits, bool with_modular_inverse) { - m_domain_params = EC_Group(alg_id.parameters); + m_domain_params = EC_Group(alg_id.get_parameters()); m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; OID key_parameters; diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 324b7e985c..acd127a2df 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -54,7 +54,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, OID ecc_param_id; // The parameters also includes hash and cipher OIDs - BER_Decoder(alg_id.parameters).start_cons(SEQUENCE).decode(ecc_param_id); + BER_Decoder(alg_id.get_parameters()).start_cons(SEQUENCE).decode(ecc_param_id); m_domain_params = EC_Group(ecc_param_id); diff --git a/src/lib/pubkey/pbes2/pbes2.cpp b/src/lib/pubkey/pbes2/pbes2.cpp index 41d18a86d5..65e2cb4297 100644 --- a/src/lib/pubkey/pbes2/pbes2.cpp +++ b/src/lib/pubkey/pbes2/pbes2.cpp @@ -174,14 +174,14 @@ pbes2_decrypt(const secure_vector& key_bits, AlgorithmIdentifier prf_algo; - if(kdf_algo.oid != OIDS::lookup("PKCS5.PBKDF2")) + if(kdf_algo.get_oid() != OIDS::lookup("PKCS5.PBKDF2")) throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " + - kdf_algo.oid.as_string()); + kdf_algo.get_oid().as_string()); secure_vector salt; size_t iterations = 0, key_length = 0; - BER_Decoder(kdf_algo.parameters) + BER_Decoder(kdf_algo.get_parameters()) .start_cons(SEQUENCE) .decode(salt, OCTET_STRING) .decode(iterations) @@ -191,7 +191,7 @@ pbes2_decrypt(const secure_vector& key_bits, AlgorithmIdentifier::USE_NULL_PARAM)) .end_cons(); - const std::string cipher = OIDS::lookup(enc_algo.oid); + const std::string cipher = OIDS::lookup(enc_algo.get_oid()); const std::vector cipher_spec = split_on(cipher, '/'); if(cipher_spec.size() != 2) throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher); @@ -202,9 +202,9 @@ pbes2_decrypt(const secure_vector& key_bits, throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small"); secure_vector iv; - BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end(); + BER_Decoder(enc_algo.get_parameters()).decode(iv, OCTET_STRING).verify_end(); - const std::string prf = OIDS::lookup(prf_algo.oid); + const std::string prf = OIDS::lookup(prf_algo.get_oid()); std::unique_ptr pbkdf(get_pbkdf("PBKDF2(" + prf + ")")); diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index e2009ce0e7..d34c59ccff 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -84,10 +84,10 @@ std::unique_ptr load_public_key(const AlgorithmIdentifier& alg_id, const std::vector& key_bits) { - const std::vector alg_info = split_on(OIDS::lookup(alg_id.oid), '/'); + const std::vector alg_info = split_on(OIDS::lookup(alg_id.get_oid()), '/'); if(alg_info.empty()) - throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string()); + throw Decoding_Error("Unknown algorithm OID: " + alg_id.get_oid().as_string()); const std::string alg_name = alg_info[0]; @@ -170,9 +170,9 @@ std::unique_ptr load_private_key(const AlgorithmIdentifier& alg_id, const secure_vector& key_bits) { - const std::string alg_name = OIDS::lookup(alg_id.oid); + const std::string alg_name = OIDS::lookup(alg_id.get_oid()); if(alg_name == "") - throw Decoding_Error("Unknown algorithm OID: " + alg_id.oid.as_string()); + throw Decoding_Error("Unknown algorithm OID: " + alg_id.get_oid().as_string()); #if defined(BOTAN_HAS_RSA) if(alg_name == "RSA") diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index fe2470275b..0d13d80901 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -101,9 +101,9 @@ secure_vector PKCS8_decode( { if(is_encrypted) { - if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") - throw Exception("Unknown PBE type " + pbe_alg_id.oid.as_string()); - key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.parameters); + if(OIDS::lookup(pbe_alg_id.get_oid()) != "PBE-PKCS5v20") + throw Exception("Unknown PBE type " + pbe_alg_id.get_oid().as_string()); + key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.get_parameters()); } else key = key_data; @@ -298,10 +298,10 @@ load_key(DataSource& source, AlgorithmIdentifier alg_id; secure_vector pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted); - const std::string alg_name = OIDS::lookup(alg_id.oid); - if(alg_name.empty() || alg_name == alg_id.oid.as_string()) + const std::string alg_name = OIDS::lookup(alg_id.get_oid()); + if(alg_name.empty() || alg_name == alg_id.get_oid().as_string()) throw PKCS8_Exception("Unknown algorithm OID: " + - alg_id.oid.as_string()); + alg_id.get_oid().as_string()); return load_private_key(alg_id, pkcs8_key); } diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 6d8d666877..5a98b74953 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -148,7 +148,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue std::unique_ptr pub_key(issuer.subject_public_key()); const std::vector sig_info = - split_on(OIDS::lookup(m_sig_algo.oid), '/'); + split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name()) return Certificate_Status_Code::OCSP_RESPONSE_INVALID; diff --git a/src/lib/x509/ocsp_types.cpp b/src/lib/x509/ocsp_types.cpp index d09681fcdf..353cb100a1 100644 --- a/src/lib/x509/ocsp_types.cpp +++ b/src/lib/x509/ocsp_types.cpp @@ -39,7 +39,7 @@ bool CertID::is_id_for(const X509_Certificate& issuer, if(BigInt::decode(subject.serial_number()) != m_subject_serial) return false; - std::unique_ptr hash(HashFunction::create(OIDS::lookup(m_hash_id.oid))); + std::unique_ptr hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid()))); if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) return false; diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 1f7e915ff0..b1543e3982 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -90,21 +90,23 @@ std::unique_ptr decode_pkcs10(const std::vector& body) { Attribute attr; attributes.decode(attr); - BER_Decoder value(attr.parameters); - if(attr.oid == OIDS::lookup("PKCS9.EmailAddress")) + const OID& oid = attr.get_oid(); + BER_Decoder value(attr.get_parameters()); + + if(oid == OIDS::lookup("PKCS9.EmailAddress")) { ASN1_String email; value.decode(email); pkcs9_email.insert(email.value()); } - else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) + else if(oid == OIDS::lookup("PKCS9.ChallengePassword")) { ASN1_String challenge_password; value.decode(challenge_password); data->m_challenge = challenge_password.value(); } - else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest")) + else if(oid == OIDS::lookup("PKCS9.ExtensionRequest")) { value.decode(data->m_extensions).verify_end(); } diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 22fb8ce803..0a470762f2 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -273,8 +273,8 @@ PK_Signer* choose_sig_format(const Private_Key& key, padding = padding + "(" + hash->name() + ")"; - sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); - sig_algo.parameters = key.algorithm_identifier().parameters; + sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), + key.algorithm_identifier().get_parameters()); return new PK_Signer(key, rng, padding, format); } diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 4450df7bba..309bdb1f98 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -40,7 +40,7 @@ Pss_params decode_pss_params(const std::vector& encoded_pss_params) .decode_optional(pss_parameter.trailer_field, ASN1_Tag(3), PRIVATE, size_t(1)) .end_cons(); - BER_Decoder(pss_parameter.mask_gen_algo.parameters).decode(pss_parameter.mask_gen_hash); + BER_Decoder(pss_parameter.mask_gen_algo.get_parameters()).decode(pss_parameter.mask_gen_hash); return pss_parameter; } @@ -147,7 +147,7 @@ std::vector X509_Object::tbs_data() const */ std::string X509_Object::hash_used_for_signature() const { - const OID oid = m_sig_algo.oid; + const OID& oid = m_sig_algo.get_oid(); std::vector sig_info = split_on(OIDS::lookup(oid), '/'); if(sig_info.size() != 2) @@ -156,7 +156,7 @@ std::string X509_Object::hash_used_for_signature() const if(sig_info[1] == "EMSA4") { - return OIDS::lookup(decode_pss_params(signature_algorithm().parameters).hash_algo.oid); + return OIDS::lookup(decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid()); } else { @@ -190,7 +190,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const { try { std::vector sig_info = - split_on(OIDS::lookup(m_sig_algo.oid), '/'); + split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) return false; @@ -202,22 +202,22 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const if(padding == "EMSA4") { // "MUST contain RSASSA-PSS-params" - if(signature_algorithm().parameters.empty()) + if(signature_algorithm().get_parameters().empty()) { return false; } - Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); + Pss_params pss_parameter = decode_pss_params(signature_algorithm().get_parameters()); // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); + std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.get_oid()); if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && hash_algo != "SHA-384" && hash_algo != "SHA-512") { return false; } - std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); + std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.get_oid()); if(mgf_algo != "MGF1") { return false; @@ -225,7 +225,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid) + if(pss_parameter.mask_gen_hash.get_oid() != pss_parameter.hash_algo.get_oid()) { return false; } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 1370d52b00..da691452be 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -131,7 +131,7 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining(); std::vector public_key_info = - split_on(OIDS::oid2str(public_key_alg_id.oid), '/'); + split_on(OIDS::oid2str(public_key_alg_id.get_oid()), '/'); if(!public_key_info.empty() && public_key_info[0] == "RSA") { @@ -167,7 +167,7 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o else { // oid = rsaEncryption -> parameters field MUST contain NULL - if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.oid, AlgorithmIdentifier::USE_NULL_PARAM)) + if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM)) { throw Decoding_Error("Parameters field MUST contain NULL"); } @@ -801,7 +801,7 @@ std::string X509_Certificate::to_string() const out << "CRL " << crl_distribution_point() << "\n"; out << "Signature algorithm: " << - OIDS::oid2str(this->signature_algorithm().oid) << "\n"; + OIDS::oid2str(this->signature_algorithm().get_oid()) << "\n"; out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; @@ -820,7 +820,7 @@ std::string X509_Certificate::to_string() const catch(Decoding_Error&) { const AlgorithmIdentifier& alg_id = this->subject_public_key_algo(); - out << "Failed to decode key with oid " << alg_id.oid.as_string() << "\n"; + out << "Failed to decode key with oid " << alg_id.get_oid().as_string() << "\n"; } return out.str(); diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index a406878fbf..7ca2ff0428 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -82,7 +82,7 @@ Test::Result test_decode_ecdsa_X509() Test::Result result("ECDSA Unit"); Botan::X509_Certificate cert(Test::data_file("x509/ecc/CSCA.CSCA.csca-germany.1.crt")); - result.test_eq("correct signature oid", Botan::OIDS::lookup(cert.signature_algorithm().oid), "ECDSA/EMSA1(SHA-224)"); + result.test_eq("correct signature oid", Botan::OIDS::lookup(cert.signature_algorithm().get_oid()), "ECDSA/EMSA1(SHA-224)"); result.test_eq("serial number", cert.serial_number(), Botan::hex_decode("01")); result.test_eq("authority key id", cert.authority_key_id(), cert.subject_key_id()); From 1e9db1f1d3d4d04368a7f7da490230deb5b6431e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 19 Dec 2017 09:00:22 -0500 Subject: [PATCH 0388/1008] Enable processor specific code in module policies [ci skip] These were added more recently and weren't enabled in the policy files. --- src/build-data/policy/bsi.txt | 6 ++++++ src/build-data/policy/modern.txt | 3 +++ src/build-data/policy/nist.txt | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt index ffe0ed65a7..b02b82f84d 100644 --- a/src/build-data/policy/bsi.txt +++ b/src/build-data/policy/bsi.txt @@ -55,6 +55,12 @@ aes_ssse3 # modes clmul +clmul_ssse3 +pmull + +# hash +sha2_32_x86 +sha2_32_armv8 # entropy sources darwin_secrandom diff --git a/src/build-data/policy/modern.txt b/src/build-data/policy/modern.txt index fb435636c6..212d06b1b6 100644 --- a/src/build-data/policy/modern.txt +++ b/src/build-data/policy/modern.txt @@ -52,6 +52,9 @@ newhope ed25519 clmul +clmul_ssse3 +pmull + locking_allocator http_util # needed by x509 for OCSP online checks diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt index f29c080e89..b253ac9820 100644 --- a/src/build-data/policy/nist.txt +++ b/src/build-data/policy/nist.txt @@ -59,6 +59,12 @@ sha2_32_armv8 # modes clmul +clmul_ssse3 +pmull + +# hash +sha2_32_x86 +sha2_32_armv8 # entropy sources darwin_secrandom From 584587969d10c903bf08f4e4580ecde83cbf62a2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 19 Dec 2017 10:04:47 -0500 Subject: [PATCH 0389/1008] Expose a function returning a status code for verifing X509 objects The versions returning bool just tell us if it could be verified but don't indicate the problem, everything got binned into "signature error" during verification. Now in the event that the params were invalid, or the signature algorithm couldn't be found, report that as a specific error. See GH #1362 --- src/lib/x509/cert_status.cpp | 7 ++- src/lib/x509/cert_status.h | 2 + src/lib/x509/x509_obj.cpp | 110 ++++++++++++++++++++--------------- src/lib/x509/x509_obj.h | 18 ++++-- src/lib/x509/x509cert.cpp | 13 ++++- src/lib/x509/x509path.cpp | 8 +-- 6 files changed, 99 insertions(+), 59 deletions(-) diff --git a/src/lib/x509/cert_status.cpp b/src/lib/x509/cert_status.cpp index 76a102aefc..9561cae57c 100644 --- a/src/lib/x509/cert_status.cpp +++ b/src/lib/x509/cert_status.cpp @@ -91,7 +91,12 @@ const char* to_string(Certificate_Status_Code code) return "Signature error"; case Certificate_Status_Code::CERT_PUBKEY_INVALID: return "Certificate public key invalid"; - // intentionally no default so we are warned + case Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN: + return "Certificate signed with unknown/unavailable algorithm"; + case Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS: + return "Certificate signature has invalid parameters"; + + // intentionally no default so we are warned if new enum values are added } return nullptr; diff --git a/src/lib/x509/cert_status.h b/src/lib/x509/cert_status.h index fb246e71a6..0dd9f7b849 100644 --- a/src/lib/x509/cert_status.h +++ b/src/lib/x509/cert_status.h @@ -72,6 +72,8 @@ enum class Certificate_Status_Code { CRL_BAD_SIGNATURE = 5001, SIGNATURE_ERROR = 5002, CERT_PUBKEY_INVALID = 5003, + SIGNATURE_ALGO_UNKNOWN = 5004, + SIGNATURE_ALGO_BAD_PARAMS = 5005 }; /** diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 4450df7bba..afc6d3f23a 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -183,71 +183,85 @@ bool X509_Object::check_signature(const Public_Key* pub_key) const return check_signature(*key); } -/* -* Check the signature on an object -*/ bool X509_Object::check_signature(const Public_Key& pub_key) const { - try { - std::vector sig_info = - split_on(OIDS::lookup(m_sig_algo.oid), '/'); + const Certificate_Status_Code code = verify_signature(pub_key); + return (code == Certificate_Status_Code::VERIFIED); + } - if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) - return false; +Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) const + { + const std::vector sig_info = + split_on(OIDS::lookup(m_sig_algo.oid), '/'); - std::string padding = sig_info[1]; - Signature_Format format = - (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; + if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) + return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; - if(padding == "EMSA4") - { - // "MUST contain RSASSA-PSS-params" - if(signature_algorithm().parameters.empty()) - { - return false; - } + std::string padding = sig_info[1]; + const Signature_Format format = + (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); + if(padding == "EMSA4") + { + // "MUST contain RSASSA-PSS-params" + if(signature_algorithm().parameters.empty()) + { + return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; + } - // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); - if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && hash_algo != "SHA-384" - && hash_algo != "SHA-512") - { - return false; - } + Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); - std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); - if(mgf_algo != "MGF1") - { - return false; - } + // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 + const std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); + if(hash_algo != "SHA-160" && + hash_algo != "SHA-224" && + hash_algo != "SHA-256" && + hash_algo != "SHA-384" && + hash_algo != "SHA-512") + { + return Certificate_Status_Code::UNTRUSTED_HASH; + } - // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm - // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid) - { - return false; - } + const std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); + if(mgf_algo != "MGF1") + { + return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; + } - if(pss_parameter.trailer_field != 1) - { - return false; - } + // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm + // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 + if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid) + { + return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; + } - padding += "(" + hash_algo; - padding += "," + mgf_algo; - padding += "," + std::to_string(pss_parameter.salt_len) + - ")"; // salt_len is actually not used for verification. Length is inferred from the signature + if(pss_parameter.trailer_field != 1) + { + return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; } + // salt_len is actually not used for verification. Length is inferred from the signature + padding += "(" + hash_algo + "," + mgf_algo + "," + std::to_string(pss_parameter.salt_len) + ")"; + } + + try + { PK_Verifier verifier(pub_key, padding, format); + const bool valid = verifier.verify_message(tbs_data(), signature()); - return verifier.verify_message(tbs_data(), signature()); + if(valid) + return Certificate_Status_Code::VERIFIED; + else + return Certificate_Status_Code::SIGNATURE_ERROR; + } + catch(Algorithm_Not_Found&) + { + return Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN; } - catch(std::exception&) + catch(...) { - return false; + // This shouldn't happen, fallback to generic signature error + return Certificate_Status_Code::SIGNATURE_ERROR; } } diff --git a/src/lib/x509/x509_obj.h b/src/lib/x509/x509_obj.h index c9ff0f7618..72ba0f5347 100644 --- a/src/lib/x509/x509_obj.h +++ b/src/lib/x509/x509_obj.h @@ -10,6 +10,7 @@ #include #include +#include #include namespace Botan { @@ -59,9 +60,17 @@ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object * @return signed X509 object */ static std::vector make_signed(class PK_Signer* signer, - RandomNumberGenerator& rng, - const AlgorithmIdentifier& alg_id, - const secure_vector& tbs); + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const secure_vector& tbs); + + /** + * Check the signature on this data + * @param key the public key purportedly used to sign this data + * @return status of the signature - OK if verified or otherwise an indicator of + * the problem preventing verification. + */ + Certificate_Status_Code verify_signature(const Public_Key& key) const; /** * Check the signature on this data @@ -73,7 +82,8 @@ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object /** * Check the signature on this data * @param key the public key purportedly used to sign this data - * the pointer will be deleted after use + * the object will be deleted after use (this should have + * been a std::unique_ptr) * @return true if the signature is valid, otherwise false */ bool check_signature(const Public_Key* key) const; diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 1370d52b00..5514f0357d 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -257,13 +257,22 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o // Check for self-signed vs self-issued certificates if(data->m_subject_dn == data->m_issuer_dn) { + data->m_self_signed = false; + try { std::unique_ptr pub_key( X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits))); - data->m_self_signed = obj.check_signature(*pub_key); + + Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); + + if(sig_status == Certificate_Status_Code::OK || + sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) + { + data->m_self_signed = true; + } } - catch(Decoding_Error&) + catch(...) { // ignore errors here to allow parsing to continue } diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 237ac33a53..c2a22e7f41 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -100,10 +100,10 @@ PKIX::check_chain(const std::vector>& ce } else { - if(subject->check_signature(*issuer_key) == false) - { - status.insert(Certificate_Status_Code::SIGNATURE_ERROR); - } + const Certificate_Status_Code sig_status = subject->verify_signature(*issuer_key); + + if(sig_status != Certificate_Status_Code::VERIFIED) + status.insert(sig_status); if(issuer_key->estimated_strength() < min_signature_algo_strength) status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); From f19ab7155d746fde5ce8b811576abb5a6ee0ff28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Tue, 19 Dec 2017 18:29:41 +0100 Subject: [PATCH 0390/1008] Always set domain encoding correctly when loading an ECC key When loading an ECC key from file, the domain encoding was always set to explicit instead of depending on the encoded key file read. This resulted in different encodings and therefore different fingerprints of the same key when encoding the same key twice (once after generation, once after re-reading it). --- src/lib/pubkey/ecc_key/ecc_key.cpp | 6 +++++- src/tests/unit_ecdsa.cpp | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 962cd3f45d..6adb806eff 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -163,7 +163,11 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, bool with_modular_inverse) { m_domain_params = EC_Group(alg_id.parameters); - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + + if (!domain().get_oid().empty()) + m_domain_encoding = EC_DOMPAR_ENC_OID; + else + m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; OID key_parameters; secure_vector public_key_bits; diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index a406878fbf..c8e879f979 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -216,6 +216,8 @@ Test::Result test_ecdsa_create_save_load() std::unique_ptr loaded_key(Botan::PKCS8::load_key(pem_src, Test::rng())); Botan::ECDSA_PrivateKey* loaded_ec_key = dynamic_cast(loaded_key.get()); result.confirm("the loaded key could be converted into an ECDSA_PrivateKey", loaded_ec_key); + result.confirm("the loaded key produces equal encoding", + (ecc_private_key_pem == Botan::PKCS8::PEM_encode(*loaded_ec_key))); if(loaded_ec_key) { From 2918801d97ccdad5327320ee29bdc2cf666fb08a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 19 Dec 2017 14:21:53 -0500 Subject: [PATCH 0391/1008] Correct expected PSS error --- src/tests/data/x509/pss_certs/expected.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/data/x509/pss_certs/expected.txt b/src/tests/data/x509/pss_certs/expected.txt index 45fffd4336..96192d4d6d 100644 --- a/src/tests/data/x509/pss_certs/expected.txt +++ b/src/tests/data/x509/pss_certs/expected.txt @@ -94,7 +94,7 @@ 94:1 95:1 96:1 -97:Signature error +97:Certificate signature has invalid parameters 98:Verified 99:Signature error 100:Verified @@ -115,4 +115,4 @@ 115:1 116:1 117:1 -118:1 \ No newline at end of file +118:1 From 55ba0cab3fa98516f63acf3a8579b2e2e2cf66a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Wed, 20 Dec 2017 10:57:15 +0100 Subject: [PATCH 0392/1008] Don't encode AlgorithmIdentifier parameters for ECDSA in X.509 objects RFC 5758 and 4491 mandate that for DSA, ECDSA and GOST, the algorithm identifier "encoding MUST omit the parameters field". --- src/lib/x509/x509_ca.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 0a470762f2..f8daaf79ab 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -252,9 +252,12 @@ PK_Signer* choose_sig_format(const Private_Key& key, std::unique_ptr hash(HashFunction::create_or_throw(hash_fn)); std::string padding; + std::vector algo_params; if(algo_name == "RSA") { padding = "EMSA3"; + // for RSA PKCSv1.5 parameters "SHALL" be NULL + algo_params = key.algorithm_identifier().get_parameters(); } else if(algo_name == "DSA" || algo_name == "ECDSA" || @@ -262,6 +265,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, algo_name == "ECKCDSA" || algo_name == "GOST-34.10") { + // for DSA, ECDSA, GOST parameters "SHALL" be empty padding = "EMSA1"; } else @@ -273,8 +277,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, padding = padding + "(" + hash->name() + ")"; - sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), - key.algorithm_identifier().get_parameters()); + sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), algo_params); return new PK_Signer(key, rng, padding, format); } From 02e756dba4c1001b790c3496049f40ebfe89539b Mon Sep 17 00:00:00 2001 From: Fabian Weissberg Date: Wed, 29 Nov 2017 12:29:56 +0100 Subject: [PATCH 0393/1008] Fix various x509 path validation bugs + path building with ambiguous DNs Signed-off-by: Fabian Weissberg --- src/build-data/oids.txt | 34 +- src/lib/asn1/oids.cpp | 4 +- src/lib/x509/asn1_alt_name.cpp | 22 ++ src/lib/x509/cert_status.cpp | 13 + src/lib/x509/cert_status.h | 9 + src/lib/x509/certstor.cpp | 23 ++ src/lib/x509/certstor.h | 16 + src/lib/x509/certstor_sql/certstor_sql.cpp | 37 +- src/lib/x509/certstor_sql/certstor_sql.h | 7 + src/lib/x509/x509_crl.cpp | 30 ++ src/lib/x509/x509_crl.h | 6 + src/lib/x509/x509_dn.cpp | 1 + src/lib/x509/x509_dn_ub.cpp | 58 +++ src/lib/x509/x509_dn_ub.h | 24 ++ src/lib/x509/x509_ext.cpp | 56 ++- src/lib/x509/x509_ext.h | 38 ++ src/lib/x509/x509cert.cpp | 9 + src/lib/x509/x509cert.h | 6 + src/lib/x509/x509path.cpp | 358 ++++++++++++++++-- src/lib/x509/x509path.h | 18 + src/scripts/oids.py | 86 ++++- .../cert_path_CRL_01_ee.TC.pem.crt | 21 + .../cert_path_CRL_01/cert_path_CRL_01_ee.pem | 28 ++ .../cert_path_CRL_01_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_01_root_ca.pem | 28 ++ .../cert_path_CRL_01_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_01_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_CRL_01/description.txt | 3 + .../cert_path_CRL_02_ee.TC.pem.crt | 21 + .../cert_path_CRL_02/cert_path_CRL_02_ee.pem | 28 ++ .../cert_path_CRL_02_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_02_root_ca.pem | 28 ++ .../cert_path_CRL_02_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_02_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_02_root_crl.pem.crl | 11 + .../crls/cert_path_CRL_02_sub_ca_crl.pem.crl | 12 + .../x509/bsi/cert_path_CRL_02/description.txt | 3 + .../cert_path_CRL_03_ee.TC.pem.crt | 20 + .../cert_path_CRL_03/cert_path_CRL_03_ee.pem | 28 ++ .../cert_path_CRL_03_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_03_root_ca.pem | 28 ++ .../cert_path_CRL_03_sub_ca.ca.pem.crt | 21 + .../cert_path_CRL_03_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_03_crl.pem.crl | 11 + .../crls/cert_path_CRL_03_root_crl.pem.crl | 12 + .../x509/bsi/cert_path_CRL_03/description.txt | 3 + .../cert_path_CRL_04_ee.TC.pem.crt | 21 + .../cert_path_CRL_04/cert_path_CRL_04_ee.pem | 28 ++ .../cert_path_CRL_04_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_04_root_ca.pem | 28 ++ .../cert_path_CRL_04_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_04_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_04_crl.pem.crl | 11 + .../crls/cert_path_CRL_04_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_04/description.txt | 3 + .../cert_path_CRL_05_ee.TC.pem.crt | 21 + .../cert_path_CRL_05/cert_path_CRL_05_ee.pem | 28 ++ .../cert_path_CRL_05_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_05_root_ca.pem | 28 ++ .../cert_path_CRL_05_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_05_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_05_crl.pem.crl | 12 + .../crls/cert_path_CRL_05_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_05/description.txt | 3 + .../cert_path_CRL_06_ee.TC.pem.crt | 21 + .../cert_path_CRL_06/cert_path_CRL_06_ee.pem | 28 ++ .../cert_path_CRL_06_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_06_root_ca.pem | 28 ++ .../cert_path_CRL_06_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_06_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_06_crl.pem.crl | 12 + .../crls/cert_path_CRL_06_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_06/description.txt | 3 + .../cert_path_CRL_07_ee.TC.pem.crt | 21 + .../cert_path_CRL_07/cert_path_CRL_07_ee.pem | 28 ++ .../cert_path_CRL_07_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_07_root_ca.pem | 28 ++ .../cert_path_CRL_07_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_07_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_07_crl.pem.crl | 11 + .../crls/cert_path_CRL_07_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_07/description.txt | 3 + .../cert_path_CRL_08_ee.TC.pem.crt | 21 + .../cert_path_CRL_08/cert_path_CRL_08_ee.pem | 28 ++ .../cert_path_CRL_08_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_08_root_ca.pem | 28 ++ .../cert_path_CRL_08_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_08_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_08_crl.pem.crl | 11 + .../crls/cert_path_CRL_08_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_08/description.txt | 3 + .../cert_path_CRL_09_ee.TC.pem.crt | 21 + .../cert_path_CRL_09/cert_path_CRL_09_ee.pem | 28 ++ .../cert_path_CRL_09_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_09_root_ca.pem | 28 ++ .../cert_path_CRL_09_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_09_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_09_crl.pem.crl | 11 + .../crls/cert_path_CRL_09_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_09/description.txt | 3 + .../cert_path_CRL_10_ee.TC.pem.crt | 21 + .../cert_path_CRL_10/cert_path_CRL_10_ee.pem | 28 ++ .../cert_path_CRL_10_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_10_root_ca.pem | 28 ++ .../cert_path_CRL_10_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_10_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_10_crl.pem.crl | 12 + .../crls/cert_path_CRL_10_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_10/description.txt | 3 + .../cert_path_CRL_11_ee.TC.pem.crt | 21 + .../cert_path_CRL_11/cert_path_CRL_11_ee.pem | 28 ++ .../cert_path_CRL_11_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_11_root_ca.pem | 28 ++ .../cert_path_CRL_11_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_11_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_11_crl.pem.crl | 12 + .../crls/cert_path_CRL_11_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_11/description.txt | 3 + .../cert_path_CRL_12_ee.TC.pem.crt | 21 + .../cert_path_CRL_12/cert_path_CRL_12_ee.pem | 28 ++ .../cert_path_CRL_12_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_12_root_ca.pem | 28 ++ .../cert_path_CRL_12_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_12_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_12_crl.pem.crl | 12 + .../crls/cert_path_CRL_12_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_12/description.txt | 3 + .../cert_path_CRL_13_ee.TC.pem.crt | 21 + .../cert_path_CRL_13/cert_path_CRL_13_ee.pem | 28 ++ .../cert_path_CRL_13_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_13_root_ca.pem | 28 ++ .../cert_path_CRL_13_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_13_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_13_crl.pem.crl | 12 + .../crls/cert_path_CRL_13_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_13/description.txt | 3 + .../cert_path_CRL_14_ee.TC.pem.crt | 21 + .../cert_path_CRL_14/cert_path_CRL_14_ee.pem | 28 ++ .../cert_path_CRL_14_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_14_root_ca.pem | 28 ++ .../cert_path_CRL_14_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_14_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_14_crl.pem.crl | 6 + .../crls/cert_path_CRL_14_root_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_14/description.txt | 3 + .../cert_path_CRL_15_ee.TC.pem.crt | 21 + .../cert_path_CRL_15/cert_path_CRL_15_ee.pem | 28 ++ .../cert_path_CRL_15_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_15_root_ca.pem | 28 ++ .../cert_path_CRL_15_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_15_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_15_crl.pem.crl | 11 + .../x509/bsi/cert_path_CRL_15/description.txt | 3 + .../cert_path_CRL_16_ee.TC.pem.crt | 21 + .../cert_path_CRL_16/cert_path_CRL_16_ee.pem | 28 ++ .../cert_path_CRL_16_root_ca.TA.pem.crt | 19 + .../cert_path_CRL_16_root_ca.pem | 28 ++ .../cert_path_CRL_16_sub_ca.ca.pem.crt | 19 + .../cert_path_CRL_16_sub_ca.pem | 28 ++ .../crls/cert_path_CRL_16_crl.pem.crl | 11 + .../crls/cert_path_CRL_16_root_crl.pem.crl | 12 + .../x509/bsi/cert_path_CRL_16/description.txt | 3 + .../cert_path_algo_strength_01_ee.TC.pem.crt | 20 + .../cert_path_algo_strength_01_ee.pem | 28 ++ ...t_path_algo_strength_01_root_ca.TA.pem.crt | 19 + .../cert_path_algo_strength_01_root_ca.pem | 28 ++ ...rt_path_algo_strength_01_sub_ca.ca.pem.crt | 19 + .../cert_path_algo_strength_01_sub_ca.pem | 28 ++ .../description.txt | 3 + .../cert_path_algo_strength_02_ee.TC.pem.crt | 20 + .../cert_path_algo_strength_02_ee.pem | 28 ++ ...t_path_algo_strength_02_root_ca.TA.pem.crt | 19 + .../cert_path_algo_strength_02_root_ca.pem | 28 ++ ...rt_path_algo_strength_02_sub_ca.ca.pem.crt | 19 + .../cert_path_algo_strength_02_sub_ca.pem | 28 ++ .../description.txt | 3 + .../cert_path_algo_strength_03_ee.TC.pem.crt | 20 + .../cert_path_algo_strength_03_ee.pem | 28 ++ ...t_path_algo_strength_03_root_ca.TA.pem.crt | 19 + .../cert_path_algo_strength_03_root_ca.pem | 28 ++ ...rt_path_algo_strength_03_sub_ca.ca.pem.crt | 19 + .../cert_path_algo_strength_03_sub_ca.pem | 14 + .../description.txt | 3 + .../cert_path_common_01_ee.TC.pem.crt | 20 + .../cert_path_common_01_ee.pem | 28 ++ .../cert_path_common_01_root_ca.TA.pem.crt | 19 + .../cert_path_common_01_root_ca.pem | 28 ++ .../cert_path_common_01_sub_ca.ca.pem.crt | 19 + .../cert_path_common_01_sub_ca.pem | 28 ++ .../bsi/cert_path_common_01/description.txt | 3 + .../cert_path_common_02_ee.TC.pem.crt | 20 + .../cert_path_common_02_ee.pem | 28 ++ .../cert_path_common_02_root_ca.ca.pem.crt | 20 + .../cert_path_common_02_root_ca.pem | 28 ++ .../cert_path_common_02_sub_ca.ca.pem.crt | 20 + .../cert_path_common_02_sub_ca.pem | 28 ++ .../bsi/cert_path_common_02/description.txt | 3 + .../cert_path_common_03_ee.TC.pem.crt | 20 + .../cert_path_common_03_ee.pem | 28 ++ .../cert_path_common_03_root_ca.TA.pem.crt | 19 + .../cert_path_common_03_root_ca.pem | 28 ++ .../cert_path_common_03_sub_ca.ca.pem.crt | 19 + .../cert_path_common_03_sub_ca.pem | 28 ++ .../bsi/cert_path_common_03/description.txt | 3 + .../cert_path_common_04_ee.TC.pem.crt | 19 + .../cert_path_common_04_ee.pem | 28 ++ .../cert_path_common_04_root_ca.TA.pem.crt | 19 + .../cert_path_common_04_root_ca.pem | 28 ++ .../cert_path_common_04_sub_ca.ca.pem.crt | 19 + .../cert_path_common_04_sub_ca.pem | 28 ++ .../bsi/cert_path_common_04/description.txt | 3 + .../cert_path_common_05_ee.TC.pem.crt | 20 + .../cert_path_common_05_ee.pem | 28 ++ .../cert_path_common_05_root_ca.TA.pem.crt | 19 + .../cert_path_common_05_root_ca.pem | 28 ++ .../cert_path_common_05_sub_ca.ca.pem.crt | 19 + .../cert_path_common_05_sub_ca.pem | 28 ++ .../bsi/cert_path_common_05/description.txt | 3 + .../cert_path_common_06_ee.TC.pem.crt | 20 + .../cert_path_common_06_ee.pem | 28 ++ .../cert_path_common_06_root_ca.TA.pem.crt | 19 + .../cert_path_common_06_root_ca.pem | 28 ++ .../cert_path_common_06_sub_ca.ca.pem.crt | 19 + .../cert_path_common_06_sub_ca.pem | 28 ++ .../bsi/cert_path_common_06/description.txt | 3 + .../cert_path_common_07_ee.TC.pem.crt | 20 + .../cert_path_common_07_ee.pem | 28 ++ .../cert_path_common_07_root_ca.TA.pem.crt | 19 + .../cert_path_common_07_root_ca.pem | 28 ++ .../cert_path_common_07_sub_ca.ca.pem.crt | 19 + .../cert_path_common_07_sub_ca.pem | 28 ++ .../bsi/cert_path_common_07/description.txt | 3 + .../cert_path_common_08_ee.TC.pem.crt | 20 + .../cert_path_common_08_ee.pem | 28 ++ .../cert_path_common_08_root_ca.TA.pem.crt | 19 + .../cert_path_common_08_root_ca.pem | 28 ++ .../cert_path_common_08_sub_ca.ca.pem.crt | 19 + .../cert_path_common_08_sub_ca.pem | 28 ++ .../bsi/cert_path_common_08/description.txt | 3 + .../cert_path_common_09_ee.TC.pem.crt | 20 + .../cert_path_common_09_ee.pem | 28 ++ .../cert_path_common_09_root_ca.TA.pem.crt | 19 + .../cert_path_common_09_root_ca.pem | 28 ++ .../cert_path_common_09_sub_ca.ca.pem.crt | 19 + .../cert_path_common_09_sub_ca.pem | 28 ++ .../bsi/cert_path_common_09/description.txt | 3 + .../cert_path_common_10_ee.TC.pem.crt | 20 + .../cert_path_common_10_ee.pem | 28 ++ .../cert_path_common_10_root_ca.TA.pem.crt | 19 + .../cert_path_common_10_root_ca.pem | 28 ++ .../cert_path_common_10_sub_ca.ca.pem.crt | 19 + .../cert_path_common_10_sub_ca.pem | 28 ++ .../bsi/cert_path_common_10/description.txt | 3 + .../cert_path_common_11_ee.TC.pem.crt | 20 + .../cert_path_common_11_ee.pem | 28 ++ .../cert_path_common_11_root_ca.TA.pem.crt | 19 + .../cert_path_common_11_root_ca.pem | 28 ++ .../cert_path_common_11_sub_ca.ca.pem.crt | 19 + .../cert_path_common_11_sub_ca.pem | 28 ++ .../bsi/cert_path_common_11/description.txt | 3 + .../cert_path_common_12_ee.TC.pem.crt | 21 + .../cert_path_common_12_ee.pem | 28 ++ .../cert_path_common_12_root_ca.TA.pem.crt | 19 + .../cert_path_common_12_root_ca.pem | 28 ++ .../cert_path_common_12_sub_ca.ca.pem.crt | 19 + .../cert_path_common_12_sub_ca.pem | 28 ++ .../bsi/cert_path_common_12/description.txt | 3 + .../cert_path_common_13_ee.TC.pem.crt | 31 ++ .../cert_path_common_13_ee.pem | 52 +++ .../cert_path_common_13_root_ca.TA.pem.crt | 19 + .../cert_path_common_13_root_ca.pem | 28 ++ ..._common_13_root_ca_key_rollover.ca.pem.crt | 25 ++ ...rt_path_common_13_root_ca_key_rollover.pem | 52 +++ ...common_13_subca_ca_key_rollover.ca.pem.crt | 30 ++ ...t_path_common_13_subca_ca_key_rollover.pem | 52 +++ .../bsi/cert_path_common_13/description.txt | 3 + .../cert_path_common_14_ee.TC.pem.crt | 20 + .../cert_path_common_14_ee.pem | 28 ++ .../cert_path_common_14_root_ca.TA.pem.crt | 19 + .../cert_path_common_14_root_ca.pem | 28 ++ .../cert_path_common_14_sub_ca.ca.pem.crt | 19 + .../cert_path_common_14_sub_ca.pem | 28 ++ ...rt_path_common_14_wrong_root_ca.ca.pem.crt | 20 + .../cert_path_common_14_wrong_root_ca.pem | 28 ++ ...ert_path_common_14_wrong_sub_ca.ca.pem.crt | 20 + .../cert_path_common_14_wrong_sub_ca.pem | 28 ++ .../bsi/cert_path_common_14/description.txt | 3 + .../cert_path_crypt_01_ee.TC.pem.crt | 20 + .../cert_path_crypt_01_ee.pem | 28 ++ .../cert_path_crypt_01_root_ca.TA.pem.crt | 19 + .../cert_path_crypt_01_root_ca.pem | 28 ++ .../cert_path_crypt_01_sub_ca.ca.pem.crt | 19 + .../cert_path_crypt_01_sub_ca.pem | 28 ++ .../bsi/cert_path_crypt_01/description.txt | 3 + .../cert_path_crypt_02_ee.TC.pem.crt | 20 + .../cert_path_crypt_02_ee.pem | 28 ++ .../cert_path_crypt_02_root_ca.TA.pem.crt | 19 + .../cert_path_crypt_02_root_ca.pem | 28 ++ .../cert_path_crypt_02_sub_ca.ca.pem.crt | 19 + .../cert_path_crypt_02_sub_ca.pem | 28 ++ .../bsi/cert_path_crypt_02/description.txt | 3 + .../cert_path_ext_01_ee.TC.pem.crt | 18 + .../cert_path_ext_01/cert_path_ext_01_ee.pem | 28 ++ .../cert_path_ext_01_root_ca.TA.pem.crt | 19 + .../cert_path_ext_01_root_ca.pem | 28 ++ .../cert_path_ext_01_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_01_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_01/description.txt | 3 + .../cert_path_ext_02_ee.TC.pem.crt | 18 + .../cert_path_ext_02/cert_path_ext_02_ee.pem | 28 ++ .../cert_path_ext_02_root_ca.TA.pem.crt | 19 + .../cert_path_ext_02_root_ca.pem | 28 ++ .../cert_path_ext_02_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_02_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_02/description.txt | 3 + .../cert_path_ext_03_ee.TC.pem.crt | 18 + .../cert_path_ext_03/cert_path_ext_03_ee.pem | 28 ++ .../cert_path_ext_03_root_ca.TA.pem.crt | 19 + .../cert_path_ext_03_root_ca.pem | 28 ++ .../cert_path_ext_03_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_03_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_03/description.txt | 3 + .../cert_path_ext_04_ee.TC.pem.crt | 18 + .../cert_path_ext_04/cert_path_ext_04_ee.pem | 28 ++ .../cert_path_ext_04_root_ca.TA.pem.crt | 19 + .../cert_path_ext_04_root_ca.pem | 28 ++ .../cert_path_ext_04_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_04_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_04/description.txt | 3 + .../cert_path_ext_05_ee.TC.pem.crt | 18 + .../cert_path_ext_05/cert_path_ext_05_ee.pem | 28 ++ .../cert_path_ext_05_root_ca.TA.pem.crt | 19 + .../cert_path_ext_05_root_ca.pem | 28 ++ .../cert_path_ext_05_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_05_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_05/description.txt | 3 + .../cert_path_ext_06_ee.TC.pem.crt | 20 + .../cert_path_ext_06/cert_path_ext_06_ee.pem | 28 ++ .../cert_path_ext_06_root_ca.TA.pem.crt | 19 + .../cert_path_ext_06_root_ca.pem | 28 ++ .../cert_path_ext_06_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_06_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_06/description.txt | 3 + .../cert_path_ext_07_ee.TC.pem.crt | 20 + .../cert_path_ext_07/cert_path_ext_07_ee.pem | 28 ++ .../cert_path_ext_07_root_ca.TA.pem.crt | 19 + .../cert_path_ext_07_root_ca.pem | 28 ++ .../cert_path_ext_07_sub_ca.ca.pem.crt | 20 + .../cert_path_ext_07_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_07/description.txt | 3 + .../cert_path_ext_08_ee.TC.pem.crt | 20 + .../cert_path_ext_08/cert_path_ext_08_ee.pem | 28 ++ .../cert_path_ext_08_root_ca.TA.pem.crt | 19 + .../cert_path_ext_08_root_ca.pem | 28 ++ .../cert_path_ext_08_sub_ca_l1.ca.pem.crt | 20 + .../cert_path_ext_08_sub_ca_l1.pem | 28 ++ .../cert_path_ext_08_sub_ca_l2.ca.pem.crt | 20 + .../cert_path_ext_08_sub_ca_l2.pem | 28 ++ .../x509/bsi/cert_path_ext_08/description.txt | 3 + .../cert_path_ext_09_ee.TC.pem.crt | 19 + .../cert_path_ext_09/cert_path_ext_09_ee.pem | 28 ++ .../cert_path_ext_09_root_ca.TA.pem.crt | 19 + .../cert_path_ext_09_root_ca.pem | 28 ++ .../cert_path_ext_09_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_09_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_09/description.txt | 3 + .../cert_path_ext_10_ee.TC.pem.crt | 21 + .../cert_path_ext_10/cert_path_ext_10_ee.pem | 28 ++ .../cert_path_ext_10_root_ca.TA.pem.crt | 19 + .../cert_path_ext_10_root_ca.pem | 28 ++ .../cert_path_ext_10_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_10_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_10/description.txt | 3 + .../cert_path_ext_11_ee.TC.pem.crt | 20 + .../cert_path_ext_11/cert_path_ext_11_ee.pem | 28 ++ .../cert_path_ext_11_root_ca.TA.pem.crt | 19 + .../cert_path_ext_11_root_ca.pem | 28 ++ .../cert_path_ext_11_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_11_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_11/description.txt | 3 + .../cert_path_ext_12_ee.TC.pem.crt | 20 + .../cert_path_ext_12/cert_path_ext_12_ee.pem | 28 ++ .../cert_path_ext_12_root_ca.TA.pem.crt | 19 + .../cert_path_ext_12_root_ca.pem | 28 ++ .../cert_path_ext_12_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_12_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_12/description.txt | 3 + .../cert_path_ext_13_ee.TC.pem.crt | 20 + .../cert_path_ext_13/cert_path_ext_13_ee.pem | 28 ++ .../cert_path_ext_13_root_ca.TA.pem.crt | 19 + .../cert_path_ext_13_root_ca.pem | 28 ++ .../cert_path_ext_13_sub_ca.ca.pem.crt | 21 + .../cert_path_ext_13_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_13/description.txt | 3 + .../cert_path_ext_14_root_ca.TA.pem.crt | 19 + .../cert_path_ext_14_root_ca.pem | 28 ++ .../cert_path_ext_14_sub_ca.TC.pem.crt | 20 + .../cert_path_ext_14_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_14/description.txt | 3 + .../cert_path_ext_15_ee.TC.pem.crt | 20 + .../cert_path_ext_15/cert_path_ext_15_ee.pem | 28 ++ .../cert_path_ext_15_root_ca.TA.pem.crt | 19 + .../cert_path_ext_15_root_ca.pem | 28 ++ .../cert_path_ext_15_sub_ca.ca.pem.crt | 19 + .../cert_path_ext_15_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_15/description.txt | 3 + .../cert_path_ext_16_ee.TC.pem.crt | 20 + .../cert_path_ext_16/cert_path_ext_16_ee.pem | 28 ++ .../cert_path_ext_16_root_ca.TA.pem.crt | 19 + .../cert_path_ext_16_root_ca.pem | 28 ++ .../cert_path_ext_16_sub_ca.ca.pem.crt | 20 + .../cert_path_ext_16_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_16/description.txt | 3 + .../cert_path_ext_17_ee.TC.pem.crt | 20 + .../cert_path_ext_17/cert_path_ext_17_ee.pem | 28 ++ .../cert_path_ext_17_root_ca.TA.pem.crt | 19 + .../cert_path_ext_17_root_ca.pem | 28 ++ .../cert_path_ext_17_sub_ca.ca.pem.crt | 20 + .../cert_path_ext_17_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_17/description.txt | 3 + .../cert_path_ext_18_ee.TC.pem.crt | 19 + .../cert_path_ext_18/cert_path_ext_18_ee.pem | 28 ++ .../cert_path_ext_18_root_ca.TA.pem.crt | 19 + .../cert_path_ext_18_root_ca.pem | 28 ++ .../cert_path_ext_18_sub_ca.ca.pem.crt | 20 + .../cert_path_ext_18_sub_ca.pem | 28 ++ .../x509/bsi/cert_path_ext_18/description.txt | 3 + .../cert_path_ext_19_ee.TC.pem.crt | 20 + .../cert_path_ext_19/cert_path_ext_19_ee.pem | 28 ++ .../cert_path_ext_19_root_ca.TA.pem.crt | 19 + .../cert_path_ext_19_root_ca.pem | 28 ++ .../cert_path_ext_19_sub_ca_l1.ca.pem.crt | 20 + .../cert_path_ext_19_sub_ca_l1.pem | 28 ++ .../cert_path_ext_19_sub_ca_l2.ca.pem.crt | 21 + .../cert_path_ext_19_sub_ca_l2.pem | 28 ++ .../x509/bsi/cert_path_ext_19/description.txt | 3 + src/tests/data/x509/bsi/expected.txt | 54 +++ src/tests/data/x509/bsi/readme.txt | 14 + src/tests/data/x509/pss_certs/03/end.crt | 106 +++--- src/tests/data/x509/pss_certs/03/root.crt | 52 +-- src/tests/data/x509/pss_certs/04/end.crt | 107 +++--- src/tests/data/x509/pss_certs/04/root.crt | 52 +-- src/tests/test_certstor.cpp | 68 ++++ src/tests/test_x509_path.cpp | 178 ++++++++- src/tests/unit_x509.cpp | 9 + 445 files changed, 9715 insertions(+), 228 deletions(-) create mode 100644 src/lib/x509/x509_dn_ub.cpp create mode 100644 src/lib/x509/x509_dn_ub.h create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_01/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_sub_ca_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_02/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_03/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_04/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_05/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_06/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_07/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_08/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_09/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_10/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_11/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_12/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_13/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_14/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/crls/cert_path_CRL_15_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_15/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_root_crl.pem.crl create mode 100644 src/tests/data/x509/bsi/cert_path_CRL_16/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_01/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_02/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_algo_strength_03/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_01/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_02/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_03/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_04/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_05/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_06/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_07/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_08/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_09/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_10/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_11/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_12/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_13/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_common_14/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_01/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_crypt_02/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_01/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_02/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_03/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_04/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_05/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_06/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_07/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_08/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_09/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_10/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_11/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_12/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_13/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_14/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_15/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_16/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_17/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_18/description.txt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.TC.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.TA.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.ca.pem.crt create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.pem create mode 100644 src/tests/data/x509/bsi/cert_path_ext_19/description.txt create mode 100644 src/tests/data/x509/bsi/expected.txt create mode 100644 src/tests/data/x509/bsi/readme.txt diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt index e07800279f..6584f7e6dd 100644 --- a/src/build-data/oids.txt +++ b/src/build-data/oids.txt @@ -1,4 +1,4 @@ -# Regenerate with ./src/scripts/oids.py > src/lib/asn1/oids.cpp +# Regenerate with ./src/scripts/oids.py oids > src/lib/asn1/oids.cpp AND ./src/scripts/oids.py dn_ub > src/lib/x509/x509_dn_ub.cpp # Public key types [pubkey] @@ -166,22 +166,23 @@ [encryption] 1.2.840.113549.1.1.7 = RSA/OAEP -# DN +# DN with upper bounds from RFC 5280, Appendix A [dn] -2.5.4.3 = X520.CommonName -2.5.4.4 = X520.Surname -2.5.4.5 = X520.SerialNumber -2.5.4.6 = X520.Country -2.5.4.7 = X520.Locality -2.5.4.8 = X520.State -2.5.4.10 = X520.Organization -2.5.4.11 = X520.OrganizationalUnit -2.5.4.12 = X520.Title -2.5.4.42 = X520.GivenName -2.5.4.43 = X520.Initials -2.5.4.44 = X520.GenerationalQualifier -2.5.4.46 = X520.DNQualifier -2.5.4.65 = X520.Pseudonym +2.5.4.3 = X520.CommonName = 64 +2.5.4.4 = X520.Surname = 40 +2.5.4.5 = X520.SerialNumber = 64 +2.5.4.6 = X520.Country = 3 +2.5.4.7 = X520.Locality = 128 +2.5.4.8 = X520.State = 128 +2.5.4.10 = X520.Organization = 64 +2.5.4.11 = X520.OrganizationalUnit = 64 +2.5.4.12 = X520.Title = 64 +# the following three types are naming attributes of type "X520name" and inherit its bound +2.5.4.42 = X520.GivenName = 32768 +2.5.4.43 = X520.Initials = 32768 +2.5.4.44 = X520.GenerationalQualifier = 32768 +2.5.4.46 = X520.DNQualifier = 64 +2.5.4.65 = X520.Pseudonym = 128 [pbe] 1.2.840.113549.1.5.12 = PKCS5.PBKDF2 @@ -205,6 +206,7 @@ 2.5.29.21 = X509v3.ReasonCode 2.5.29.23 = X509v3.HoldInstructionCode 2.5.29.24 = X509v3.InvalidityDate +2.5.29.28 = X509v3.CRLIssuingDistributionPoint 2.5.29.30 = X509v3.NameConstraints 2.5.29.31 = X509v3.CRLDistributionPoints 2.5.29.32 = X509v3.CertificatePolicies diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index 3e5d02a7b7..2c97f1d298 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by .\src\scripts\oids.py on 2017-10-19 +* This file was automatically generated by ./src/scripts/oids.py on 2017-12-05 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -192,6 +192,7 @@ std::string lookup(const OID& oid) if(oid_str == "2.5.29.21") return "X509v3.ReasonCode"; if(oid_str == "2.5.29.23") return "X509v3.HoldInstructionCode"; if(oid_str == "2.5.29.24") return "X509v3.InvalidityDate"; + if(oid_str == "2.5.29.28") return "X509v3.CRLIssuingDistributionPoint"; if(oid_str == "2.5.29.30") return "X509v3.NameConstraints"; if(oid_str == "2.5.29.31") return "X509v3.CRLDistributionPoints"; if(oid_str == "2.5.29.32") return "X509v3.CertificatePolicies"; @@ -364,6 +365,7 @@ OID lookup(const std::string& name) if(name == "X509v3.AuthorityKeyIdentifier") return OID("2.5.29.35"); if(name == "X509v3.BasicConstraints") return OID("2.5.29.19"); if(name == "X509v3.CRLDistributionPoints") return OID("2.5.29.31"); + if(name == "X509v3.CRLIssuingDistributionPoint") return OID("2.5.29.28"); if(name == "X509v3.CRLNumber") return OID("2.5.29.20"); if(name == "X509v3.CertificatePolicies") return OID("2.5.29.32"); if(name == "X509v3.ExtendedKeyUsage") return OID("2.5.29.37"); diff --git a/src/lib/x509/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp index 6b3eda9179..c9f7c780b1 100644 --- a/src/lib/x509/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -13,6 +13,9 @@ #include #include #include +#include + +#include namespace Botan { @@ -131,6 +134,13 @@ void encode_entries(DER_Encoder& encoder, store_be(ip, ip_buf); encoder.add_object(tagging, CONTEXT_SPECIFIC, ip_buf, 4); } + else if (type == "DN") + { + std::stringstream ss(i->second); + X509_DN dn; + ss >> dn; + encoder.encode(dn); + } } } @@ -145,6 +155,7 @@ void AlternativeName::encode_into(DER_Encoder& der) const encode_entries(der, m_alt_info, "RFC822", ASN1_Tag(1)); encode_entries(der, m_alt_info, "DNS", ASN1_Tag(2)); + encode_entries(der, m_alt_info, "DN", ASN1_Tag(4)); encode_entries(der, m_alt_info, "URI", ASN1_Tag(6)); encode_entries(der, m_alt_info, "IP", ASN1_Tag(7)); @@ -213,6 +224,17 @@ void AlternativeName::decode_from(BER_Decoder& source) if(tag == 2) add_attribute("DNS", ASN1::to_string(obj)); if(tag == 6) add_attribute("URI", ASN1::to_string(obj)); } + else if(tag == 4) + { + BER_Decoder dec(obj.value); + X509_DN dn; + std::stringstream ss; + + dec.decode(dn); + ss << dn; + + add_attribute("DN", ss.str()); + } else if(tag == 7) { if(obj.value.size() == 4) diff --git a/src/lib/x509/cert_status.cpp b/src/lib/x509/cert_status.cpp index 9561cae57c..2c0e74d36e 100644 --- a/src/lib/x509/cert_status.cpp +++ b/src/lib/x509/cert_status.cpp @@ -22,6 +22,11 @@ const char* to_string(Certificate_Status_Code code) case Certificate_Status_Code::VALID_CRL_CHECKED: return "Valid CRL examined"; + case Certificate_Status_Code::CERT_SERIAL_NEGATIVE: + return "Certificate serial number is negative"; + case Certificate_Status_Code::DN_TOO_LONG: + return "Distinguished name too long"; + case Certificate_Status_Code::NO_REVOCATION_DATA: return "No revocation data"; case Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK: @@ -55,6 +60,8 @@ const char* to_string(Certificate_Status_Code code) case Certificate_Status_Code::POLICY_ERROR: return "Certificate policy error"; + case Certificate_Status_Code::DUPLICATE_CERT_POLICY: + return "Certificate contains duplicate policy"; case Certificate_Status_Code::INVALID_USAGE: return "Certificate does not allow the requested usage"; case Certificate_Status_Code::CERT_CHAIN_TOO_LONG: @@ -63,6 +70,8 @@ const char* to_string(Certificate_Status_Code code) return "CA certificate not allowed to issue certs"; case Certificate_Status_Code::CA_CERT_NOT_FOR_CRL_ISSUER: return "CA certificate not allowed to issue CRLs"; + case Certificate_Status_Code::NO_MATCHING_CRLDP: + return "No CRL with matching distribution point for certificate"; case Certificate_Status_Code::OCSP_CERT_NOT_LISTED: return "OCSP cert not listed"; case Certificate_Status_Code::OCSP_BAD_STATUS: @@ -73,6 +82,10 @@ const char* to_string(Certificate_Status_Code code) return "Certificate does not pass name constraint"; case Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION: return "Unknown critical extension encountered"; + case Certificate_Status_Code::DUPLICATE_CERT_EXTENSION: + return "Duplicate certificate extension encountered"; + case Certificate_Status_Code::EXT_IN_V1_V2_CERT: + return "Encountered extension in certificate with version < 3"; case Certificate_Status_Code::OCSP_SIGNATURE_ERROR: return "OCSP signature error"; case Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND: diff --git a/src/lib/x509/cert_status.h b/src/lib/x509/cert_status.h index 0dd9f7b849..76dc9252bf 100644 --- a/src/lib/x509/cert_status.h +++ b/src/lib/x509/cert_status.h @@ -25,12 +25,18 @@ enum class Certificate_Status_Code { VALID_CRL_CHECKED = 3, OCSP_NO_HTTP = 4, + // Warnings + FIRST_WARNING_STATUS = 500, + CERT_SERIAL_NEGATIVE = 500, + DN_TOO_LONG = 501, + // Errors FIRST_ERROR_STATUS = 1000, SIGNATURE_METHOD_TOO_WEAK = 1000, UNTRUSTED_HASH = 1001, NO_REVOCATION_DATA = 1002, + NO_MATCHING_CRLDP = 1003, // Time problems CERT_NOT_YET_VALID = 2000, @@ -62,10 +68,13 @@ enum class Certificate_Status_Code { // Other problems CERT_NAME_NOMATCH = 4008, UNKNOWN_CRITICAL_EXTENSION = 4009, + DUPLICATE_CERT_EXTENSION = 4010, OCSP_SIGNATURE_ERROR = 4501, OCSP_ISSUER_NOT_FOUND = 4502, OCSP_RESPONSE_MISSING_KEYUSAGE = 4503, OCSP_RESPONSE_INVALID = 4504, + EXT_IN_V1_V2_CERT = 4505, + DUPLICATE_CERT_POLICY = 4506, // Hard failures CERT_IS_REVOKED = 5000, diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp index df4fc3365c..23e8185c4b 100644 --- a/src/lib/x509/certstor.cpp +++ b/src/lib/x509/certstor.cpp @@ -1,6 +1,7 @@ /* * Certificate Store * (C) 1999-2010,2013 Jack Lloyd +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -64,6 +65,28 @@ Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn, return nullptr; } +std::vector> Certificate_Store_In_Memory::find_all_certs( + const X509_DN& subject_dn, + const std::vector& key_id) const + { + std::vector> matches; + + for(const auto& cert : m_certs) + { + if(key_id.size()) + { + std::vector skid = cert->subject_key_id(); + + if(skid.size() && skid != key_id) // no match + continue; + } + + if(cert->subject_dn() == subject_dn) + matches.push_back(cert); + } + + return matches; + } std::shared_ptr Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector& key_hash) const diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h index f08e03baec..36d2e4abdd 100644 --- a/src/lib/x509/certstor.h +++ b/src/lib/x509/certstor.h @@ -30,6 +30,14 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store virtual std::shared_ptr find_cert(const X509_DN& subject_dn, const std::vector& key_id) const = 0; + /** + * Find all certificates with a given Subject DN. + * Subject DN and even the key identifier might not be unique. + */ + virtual std::vector> find_all_certs( + const X509_DN& subject_dn, const std::vector& key_id) const = 0; + + /** * Find a certificate by searching for one with a matching SHA-1 hash of * public key. Used for OCSP. @@ -121,11 +129,19 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certifica /* * Find a certificate by Subject DN and (optionally) key identifier + * @return the first certificate that matches */ std::shared_ptr find_cert( const X509_DN& subject_dn, const std::vector& key_id) const override; + /* + * Find all certificates with a given Subject DN. + * Subject DN and even the key identifier might not be unique. + */ + std::vector> find_all_certs( + const X509_DN& subject_dn, const std::vector& key_id) const override; + std::shared_ptr find_cert_by_pubkey_sha1(const std::vector& key_hash) const override; diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp index 6acfed060c..d2991a0190 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.cpp +++ b/src/lib/x509/certstor_sql/certstor_sql.cpp @@ -76,6 +76,40 @@ Certificate_Store_In_SQL::find_cert(const X509_DN& subject_dn, const std::vector return cert; } +std::vector> +Certificate_Store_In_SQL::find_all_certs(const X509_DN& subject_dn, const std::vector& key_id) const + { + std::vector> certs; + + DER_Encoder enc; + std::shared_ptr stmt; + + subject_dn.encode_into(enc); + + if(key_id.empty()) + { + stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE subject_dn == ?1"); + stmt->bind(1,enc.get_contents_unlocked()); + } + else + { + stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE\ + subject_dn == ?1 AND (key_id == NULL OR key_id == ?2)"); + stmt->bind(1,enc.get_contents_unlocked()); + stmt->bind(2,key_id); + } + + std::shared_ptr cert; + while(stmt->step()) + { + auto blob = stmt->get_blob(0); + certs.push_back(std::make_shared( + std::vector(blob.first,blob.first + blob.second))); + } + + return certs; + } + std::shared_ptr Certificate_Store_In_SQL::find_cert_by_pubkey_sha1(const std::vector& /*key_hash*/) const { @@ -123,9 +157,6 @@ std::vector Certificate_Store_In_SQL::all_subjects() const bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert) { - if(find_cert(cert.subject_dn(),cert.subject_key_id())) - return false; - DER_Encoder enc; auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " + m_prefix + "certificates (\ diff --git a/src/lib/x509/certstor_sql/certstor_sql.h b/src/lib/x509/certstor_sql/certstor_sql.h index 88e3968bf2..fd80eb1919 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.h +++ b/src/lib/x509/certstor_sql/certstor_sql.h @@ -43,6 +43,13 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_SQL : public Certificate_Store std::shared_ptr find_cert(const X509_DN& subject_dn, const std::vector& key_id) const override; + /* + * Find all certificates with a given Subject DN. + * Subject DN and even the key identifier might not be unique. + */ + std::vector> find_all_certs( + const X509_DN& subject_dn, const std::vector& key_id) const override; + std::shared_ptr find_cert_by_pubkey_sha1(const std::vector& key_hash) const override; diff --git a/src/lib/x509/x509_crl.cpp b/src/lib/x509/x509_crl.cpp index a739d2f60e..c6449baf86 100644 --- a/src/lib/x509/x509_crl.cpp +++ b/src/lib/x509/x509_crl.cpp @@ -10,6 +10,8 @@ #include #include +#include + namespace Botan { struct CRL_Data @@ -23,6 +25,7 @@ struct CRL_Data // cached values from extensions size_t m_crl_number = 0; std::vector m_auth_key_id; + std::string m_issuing_distribution_point; }; std::string X509_CRL::PEM_label() const @@ -164,6 +167,26 @@ std::unique_ptr decode_crl_body(const std::vector& body, tbs_crl.verify_end(); + // Now cache some fields from the extensions + if(auto ext = data->m_extensions.get_extension_object_as()) + { + data->m_crl_number = ext->get_crl_number(); + } + if(auto ext = data->m_extensions.get_extension_object_as()) + { + data->m_auth_key_id = ext->get_key_id(); + } + if(auto ext = data->m_extensions.get_extension_object_as()) + { + std::stringstream ss; + + for(const auto& pair : ext->get_point().contents()) + { + ss << pair.first << ": " << pair.second << " "; + } + data->m_issuing_distribution_point = ss.str(); + } + return data; } @@ -236,4 +259,11 @@ const X509_Time& X509_CRL::next_update() const return data().m_next_update; } +/* +* Return the CRL's distribution point +*/ +std::string X509_CRL::crl_issuing_distribution_point() const + { + return data().m_issuing_distribution_point; + } } diff --git a/src/lib/x509/x509_crl.h b/src/lib/x509/x509_crl.h index fb8307d5a3..89925aa043 100644 --- a/src/lib/x509/x509_crl.h +++ b/src/lib/x509/x509_crl.h @@ -82,6 +82,12 @@ class BOTAN_PUBLIC_API(2,0) X509_CRL final : public X509_Object */ const X509_Time& next_update() const; + /** + * Get the CRL's distribution point + * @return CRL.IssuingDistributionPoint from the CRL's Data_Store + */ + std::string crl_issuing_distribution_point() const; + /** * Create an uninitialized CRL object. Any attempts to access * this object will throw an exception. diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index d07344aae9..1561a10f92 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -11,6 +11,7 @@ #include #include #include +#include #include #include diff --git a/src/lib/x509/x509_dn_ub.cpp b/src/lib/x509/x509_dn_ub.cpp new file mode 100644 index 0000000000..20c88d97e5 --- /dev/null +++ b/src/lib/x509/x509_dn_ub.cpp @@ -0,0 +1,58 @@ +/* +* DN_UB maps: Upper bounds on the length of DN strings +* +* This file was automatically generated by ./src/scripts/oids.py on 2017-12-20 +* +* All manual edits to this file will be lost. Edit the script +* then regenerate this source file. +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include + +namespace { +/** + * Upper bounds for the length of distinguished name fields as given in RFC 5280, Appendix A. + * Only OIDS recognized by botan are considered, so far. + * Maps OID string representations instead of human readable strings in order + * to avoid an additional lookup. + */ +static const std::map DN_UB = + { + { Botan::OID("2.5.4.10"), 64 }, // X520.Organization + { Botan::OID("2.5.4.11"), 64 }, // X520.OrganizationalUnit + { Botan::OID("2.5.4.12"), 64 }, // X520.Title + { Botan::OID("2.5.4.3"), 64 }, // X520.CommonName + { Botan::OID("2.5.4.4"), 40 }, // X520.Surname + { Botan::OID("2.5.4.42"), 32768 }, // X520.GivenName + { Botan::OID("2.5.4.43"), 32768 }, // X520.Initials + { Botan::OID("2.5.4.44"), 32768 }, // X520.GenerationalQualifier + { Botan::OID("2.5.4.46"), 64 }, // X520.DNQualifier + { Botan::OID("2.5.4.5"), 64 }, // X520.SerialNumber + { Botan::OID("2.5.4.6"), 3 }, // X520.Country + { Botan::OID("2.5.4.65"), 128 }, // X520.Pseudonym + { Botan::OID("2.5.4.7"), 128 }, // X520.Locality + { Botan::OID("2.5.4.8"), 128 } // X520.State + }; +} + +namespace Botan { + +size_t lookup_ub(const OID& oid) + { + auto ub_entry = DN_UB.find(oid); + if(ub_entry != DN_UB.end()) + { + return ub_entry->second; + } + else + { + return SIZE_MAX; + } + } +} + diff --git a/src/lib/x509/x509_dn_ub.h b/src/lib/x509/x509_dn_ub.h new file mode 100644 index 0000000000..b4433eb531 --- /dev/null +++ b/src/lib/x509/x509_dn_ub.h @@ -0,0 +1,24 @@ +/* +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ +#ifndef BOTAN_X509_DN_UB_H_ +#define BOTAN_X509_DN_UB_H_ + +#include + +namespace Botan { + +/** +* Lookup upper bounds in characters for the length of distinguished name fields +* as given in RFC 5280, Appendix A. +* +* @param oid the oid of the DN to lookup +* @return the upper bound, or SIZE_MAX if no ub is known to Botan +*/ +size_t lookup_ub(const OID& oid); + +} + +#endif diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 1b13d36e13..d98818a4c1 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -2,6 +2,7 @@ * X.509 Certificate Extensions * (C) 1999-2010,2012 Jack Lloyd * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -15,6 +16,7 @@ #include #include #include +#include #include namespace Botan { @@ -71,6 +73,10 @@ Extensions::create_extn_obj(const OID& oid, { extn.reset(new Cert_Extension::CRL_Distribution_Points); } + else if(oid == Cert_Extension::CRL_Issuing_Distribution_Point::static_oid()) + { + extn.reset(new Cert_Extension::CRL_Issuing_Distribution_Point); + } else if(oid == Cert_Extension::Certificate_Policies::static_oid()) { extn.reset(new Cert_Extension::Certificate_Policies); @@ -708,7 +714,6 @@ void Certificate_Policies::decode_inner(const std::vector& in) std::vector policies; BER_Decoder(in).decode_list(policies); - m_oids.clear(); for(size_t i = 0; i != policies.size(); ++i) m_oids.push_back(policies[i].oid()); @@ -723,6 +728,18 @@ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const info.add("X509v3.CertificatePolicies", m_oids[i].as_string()); } +void Certificate_Policies::validate(const X509_Certificate& subject, const X509_Certificate& issuer, + const std::vector>& cert_path, + std::vector>& cert_status, + size_t pos) + { + std::set oid_set(m_oids.begin(), m_oids.end()); + if(oid_set.size() != m_oids.size()) + { + cert_status.at(pos).insert(Certificate_Status_Code::DUPLICATE_CERT_POLICY); + } + } + std::vector Authority_Information_Access::encode_inner() const { ASN1_String url(m_ocsp_responder, IA5_STRING); @@ -801,6 +818,7 @@ std::vector CRL_Number::encode_inner() const void CRL_Number::decode_inner(const std::vector& in) { BER_Decoder(in).decode(m_crl_number); + m_has_value = true; } /* @@ -850,14 +868,19 @@ void CRL_Distribution_Points::decode_inner(const std::vector& buf) .decode_list(m_distribution_points) .verify_end(); + std::stringstream ss; + for(size_t i = 0; i != m_distribution_points.size(); ++i) { - auto point = m_distribution_points[i].point().contents(); + auto contents = m_distribution_points[i].point().contents(); - auto uris = point.equal_range("URI"); - for(auto uri = uris.first; uri != uris.second; ++uri) - m_crl_distribution_urls.push_back(uri->second); + for(const auto& pair : contents) + { + ss << pair.first << ": " << pair.second << " "; + } } + + m_crl_distribution_urls.push_back(ss.str()); } void CRL_Distribution_Points::contents_to(Data_Store& subject, Data_Store&) const @@ -881,6 +904,29 @@ void CRL_Distribution_Points::Distribution_Point::decode_from(class BER_Decoder& .end_cons().end_cons(); } +std::vector CRL_Issuing_Distribution_Point::encode_inner() const + { + throw Not_Implemented("CRL_Issuing_Distribution_Point encoding"); + } + +void CRL_Issuing_Distribution_Point::decode_inner(const std::vector& buf) + { + BER_Decoder(buf).decode(m_distribution_point).verify_end(); + } + +void CRL_Issuing_Distribution_Point::contents_to(Data_Store& info, Data_Store&) const + { + auto contents = m_distribution_point.point().contents(); + std::stringstream ss; + + for(const auto& pair : contents) + { + ss << pair.first << ": " << pair.second << " "; + } + + info.add("X509v3.CRLIssuingDistributionPoint", ss.str()); + } + std::vector Unknown_Extension::encode_inner() const { return m_bytes; diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 1680bd9dd4..235496cbdc 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -528,6 +528,10 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Policies final : public Certificate_Exte static OID static_oid() { return OID("2.5.29.32"); } OID oid_of() const override { return static_oid(); } + void validate(const X509_Certificate& subject, const X509_Certificate& issuer, + const std::vector>& cert_path, + std::vector>& cert_status, + size_t pos) override; private: std::string oid_name() const override { return "X509v3.CertificatePolicies"; } @@ -627,6 +631,7 @@ class BOTAN_PUBLIC_API(2,0) CRL_ReasonCode final : public Certificate_Extension /** * CRL Distribution Points Extension +* todo enforce restrictions from RFC 5280 4.2.1.13 */ class BOTAN_PUBLIC_API(2,0) CRL_Distribution_Points final : public Certificate_Extension { @@ -674,6 +679,39 @@ class BOTAN_PUBLIC_API(2,0) CRL_Distribution_Points final : public Certificate_E std::vector m_crl_distribution_urls; }; +/** +* CRL Issuing Distribution Point Extension +* todo enforce restrictions from RFC 5280 5.2.5 +*/ +class CRL_Issuing_Distribution_Point final : public Certificate_Extension + { + public: + CRL_Issuing_Distribution_Point() = default; + + explicit CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point& distribution_point) : + m_distribution_point(distribution_point) {} + + CRL_Issuing_Distribution_Point* copy() const override + { return new CRL_Issuing_Distribution_Point(m_distribution_point); } + + const AlternativeName& get_point() const + { return m_distribution_point.point(); } + + static OID static_oid() { return OID("2.5.29.28"); } + OID oid_of() const override { return static_oid(); } + + private: + std::string oid_name() const override + { return "X509v3.CRLIssuingDistributionPoint"; } + + bool should_encode() const override { return true; } + std::vector encode_inner() const override; + void decode_inner(const std::vector&) override; + void contents_to(Data_Store&, Data_Store&) const override; + + CRL_Distribution_Points::Distribution_Point m_distribution_point; + }; + /** * An unknown X.509 extension * Will add a failure to the path validation result, if critical diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index b1229679ca..5a5521e374 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -25,6 +25,7 @@ struct X509_Certificate_Data { size_t m_version = 0; std::vector m_serial; + bool m_serial_negative; AlgorithmIdentifier m_sig_algo_inner; X509_DN m_issuer_dn; X509_DN m_subject_dn; @@ -113,6 +114,8 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); if(obj.signature_algorithm() != data->m_sig_algo_inner) throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields"); + // crude method to save the serial's sign; will get lost during decoding, otherwise + data->m_serial_negative = serial_bn.is_negative(); // for general sanity convert wire version (0 based) to standards version (v1 .. v3) data->m_version += 1; @@ -384,6 +387,12 @@ const std::vector& X509_Certificate::serial_number() const return data().m_serial; } +bool X509_Certificate::is_serial_negative() const + { + return data().m_serial_negative; + } + + const X509_DN& X509_Certificate::issuer_dn() const { return data().m_issuer_dn; diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index dc32e70c19..9ee3d4eb8a 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -185,6 +185,12 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ const std::vector& serial_number() const; + /** + * Get the serial number's sign + * @return 1 iff the serial is negative. + */ + bool is_serial_negative() const; + /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. * @return DER encoded AuthorityKeyIdentifier diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index c2a22e7f41..88fd578b25 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -1,18 +1,23 @@ /* * X.509 Certificate Path Validation * (C) 2010,2011,2012,2014,2016 Jack Lloyd +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include +#include #include #include +#include #include #include #include #include +#include +#include #if defined(BOTAN_HAS_ONLINE_REVOCATION_CHECKS) #include @@ -81,6 +86,22 @@ PKIX::check_chain(const std::vector>& ce status.insert(Certificate_Status_Code::CHAIN_NAME_MISMATCH); } + // Check the serial number + if(subject->is_serial_negative()) + { + status.insert(Certificate_Status_Code::CERT_SERIAL_NEGATIVE); + } + + // Check the subject's DN components' length + for(const auto& dn_pair : subject->subject_dn().get_attributes()) + { + // dn_pair = + if(lookup_ub(dn_pair.first) < dn_pair.second.size()) + { + status.insert(Certificate_Status_Code::DN_TOO_LONG); + } + } + // Check all certs for valid time range if(validation_time < subject->not_before()) status.insert(Certificate_Status_Code::CERT_NOT_YET_VALID); @@ -94,34 +115,52 @@ PKIX::check_chain(const std::vector>& ce std::unique_ptr issuer_key(issuer->subject_public_key()); - if(!issuer_key) + // Check the signature algorithm + if(OIDS::lookup(subject->signature_algorithm().oid).empty()) { - status.insert(Certificate_Status_Code::CERT_PUBKEY_INVALID); + status.insert(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN); } + // only perform the following checks if the signature algorithm is known else { - const Certificate_Status_Code sig_status = subject->verify_signature(*issuer_key); + if(!issuer_key) + { + status.insert(Certificate_Status_Code::CERT_PUBKEY_INVALID); + } + else + { + const Certificate_Status_Code sig_status = subject->verify_signature(*issuer_key); - if(sig_status != Certificate_Status_Code::VERIFIED) - status.insert(sig_status); + if(sig_status != Certificate_Status_Code::VERIFIED) + status.insert(sig_status); - if(issuer_key->estimated_strength() < min_signature_algo_strength) - status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); - } + if(issuer_key->estimated_strength() < min_signature_algo_strength) + status.insert(Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK); + } - // Ignore untrusted hashes on self-signed roots - if(trusted_hashes.size() > 0 && !at_self_signed_root) - { - if(trusted_hashes.count(subject->hash_used_for_signature()) == 0) - status.insert(Certificate_Status_Code::UNTRUSTED_HASH); + // Ignore untrusted hashes on self-signed roots + if(trusted_hashes.size() > 0 && !at_self_signed_root) + { + if(trusted_hashes.count(subject->hash_used_for_signature()) == 0) + status.insert(Certificate_Status_Code::UNTRUSTED_HASH); + } } // Check cert extensions Extensions extensions = subject->v3_extensions(); - for(auto& extension : extensions.extensions()) + const auto& extensions_vec = extensions.extensions(); + if(subject->x509_version() < 3 && !extensions_vec.empty()) + { + status.insert(Certificate_Status_Code::EXT_IN_V1_V2_CERT); + } + for(auto& extension : extensions_vec) { extension.first->validate(*subject, *issuer, cert_path, cert_status, i); } + if(extensions.extensions().size() != extensions.get_extension_oids().size()) + { + status.insert(Certificate_Status_Code::DUPLICATE_CERT_EXTENSION); + } } // path len check @@ -245,6 +284,28 @@ PKIX::check_crl(const std::vector>& cert if(crls[i]->is_revoked(*subject)) status.insert(Certificate_Status_Code::CERT_IS_REVOKED); + + std::string dp = subject->crl_distribution_point(); + if(!dp.empty()) + { + if(dp != crls[i]->crl_issuing_distribution_point()) + { + status.insert(Certificate_Status_Code::NO_MATCHING_CRLDP); + } + } + + for(const auto& extension : crls[i]->extensions().extensions()) + { + // is the extension critical and unknown? + if(extension.second && OIDS::lookup(extension.first->oid_of()) == "") + { + /* NIST Certificate Path Valiadation Testing document: "When an implementation does not recognize a critical extension in the + * crlExtensions field, it shall assume that identified certificates have been revoked and are no longer valid" + */ + status.insert(Certificate_Status_Code::CERT_IS_REVOKED); + } + } + } } @@ -514,6 +575,176 @@ PKIX::build_certificate_path(std::vector } } +/** + * utilities for PKIX::build_all_certificate_paths + */ +namespace +{ +// +using cert_maybe_trusted = std::pair,bool>; +} + +/** + * Build all possible certificate paths from the end certificate to self-signed trusted roots. + * + * All potentially valid paths are put into the cert_paths vector. If no potentially valid paths are found, + * one of the encountered errors is returned arbitrarily. + * + * todo add a path building function that returns detailed information on errors encountered while building + * the potentially numerous path candidates. + * + * Basically, a DFS is performed starting from the end certificate. A stack (vector) serves to control the DFS. + * At the beginning of each iteration, a pair is popped from the stack that contains (1) the next certificate + * to add to the path (2) a bool that indicates if the certificate is part of a trusted certstore. Ideally, we + * follow the unique issuer of the current certificate until a trusted root is reached. However, the issuer DN + + * authority key id need not be unique among the certificates used for building the path. In such a case, + * we consider all the matching issuers by pushing on the stack for each of them. + * + */ +Certificate_Status_Code +PKIX::build_all_certificate_paths(std::vector>>& cert_paths_out, + const std::vector& trusted_certstores, + const std::shared_ptr& end_entity, + const std::vector>& end_entity_extra) + { + if(!cert_paths_out.empty()) + { + throw Invalid_Argument("PKIX::build_all_certificate_paths: cert_paths_out must be empty"); + } + + if(end_entity->is_self_signed()) + { + return Certificate_Status_Code::CANNOT_ESTABLISH_TRUST; + } + + /* + * Pile up error messages + */ + std::vector stats; + + Certificate_Store_In_Memory ee_extras; + for(size_t i = 0; i != end_entity_extra.size(); ++i) + { + ee_extras.add_certificate(end_entity_extra[i]); + } + + /* + * This is an inelegant but functional way of preventing path loops + * (where C1 -> C2 -> C3 -> C1). We store a set of all the certificate + * fingerprints in the path. If there is a duplicate, we error out. + * TODO: save fingerprints in result struct? Maybe useful for blacklists, etc. + */ + std::set certs_seen; + + // new certs are added and removed from the path during the DFS + // it is copied into cert_paths_out when we encounter a trusted root + std::vector> path_so_far; + + // todo can we assume that the end certificate is not trusted? + std::vector stack = { {end_entity, false} }; + + while(!stack.empty()) + { + // found a deletion marker that guides the DFS, backtracing + if(stack.back().first == nullptr) + { + stack.pop_back(); + std::string fprint = path_so_far.back()->fingerprint("SHA-256"); + certs_seen.erase(fprint); + path_so_far.pop_back(); + } + // process next cert on the path + else + { + std::shared_ptr last = stack.back().first; + bool trusted = stack.back().second; + stack.pop_back(); + + // certificate already seen? + const std::string fprint = last->fingerprint("SHA-256"); + if(certs_seen.count(fprint) == 1) + { + stats.push_back(Certificate_Status_Code::CERT_CHAIN_LOOP); + // the current path ended in a loop + continue; + } + + // the current path ends here + if(last->is_self_signed()) + { + // found a trust anchor + if(trusted) + { + cert_paths_out.push_back(path_so_far); + cert_paths_out.back().push_back(last); + + continue; + } + // found an untrustworthy root + else + { + stats.push_back(Certificate_Status_Code::CANNOT_ESTABLISH_TRUST); + continue; + } + } + + const X509_DN issuer_dn = last->issuer_dn(); + const std::vector auth_key_id = last->authority_key_id(); + + // search for trusted issuers + std::vector> trusted_issuers; + for(Certificate_Store* store : trusted_certstores) + { + auto new_issuers = store->find_all_certs(issuer_dn, auth_key_id); + trusted_issuers.insert(trusted_issuers.end(), new_issuers.begin(), new_issuers.end()); + } + + // search the supplemental certs + std::vector> misc_issuers = + ee_extras.find_all_certs(issuer_dn, auth_key_id); + + // if we could not find any issuers, the current path ends here + if(trusted_issuers.size() + misc_issuers.size() == 0) + { + stats.push_back(Certificate_Status_Code::CERT_ISSUER_NOT_FOUND); + continue; + } + + // push the latest certificate onto the path_so_far + path_so_far.push_back(last); + certs_seen.emplace(fprint); + + // push a deletion marker on the stack for backtracing later + stack.push_back({std::shared_ptr(nullptr),false}); + + for(const auto trusted : trusted_issuers) + { + stack.push_back({trusted,true}); + } + + for(const auto misc : misc_issuers) + { + stack.push_back({misc,false}); + } + } + } + + // could not construct any potentially valid path + if(cert_paths_out.empty()) + { + if(stats.empty()) + throw Exception("X509 path building failed for unknown reasons"); + else + // arbitrarily return the first error + return stats[0]; + } + else + { + return Certificate_Status_Code::OK; + } + } + + void PKIX::merge_revocation_status(CertificatePathStatusCodes& chain_status, const CertificatePathStatusCodes& crl, const CertificatePathStatusCodes& ocsp, @@ -597,7 +828,9 @@ Path_Validation_Result x509_path_validate( const std::vector>& ocsp_resp) { if(end_certs.empty()) + { throw Invalid_Argument("x509_path_validate called with no subjects"); + } std::shared_ptr end_entity(std::make_shared(end_certs[0])); std::vector> end_entity_extra; @@ -606,9 +839,8 @@ Path_Validation_Result x509_path_validate( end_entity_extra.push_back(std::make_shared(end_certs[i])); } - std::vector> cert_path; - Certificate_Status_Code path_building_result = - PKIX::build_certificate_path(cert_path, trusted_roots, end_entity, end_entity_extra); + std::vector>> cert_paths; + Certificate_Status_Code path_building_result = PKIX::build_all_certificate_paths(cert_paths, trusted_roots, end_entity, end_entity_extra); // If we cannot successfully build a chain to a trusted self-signed root, stop now if(path_building_result != Certificate_Status_Code::OK) @@ -616,38 +848,52 @@ Path_Validation_Result x509_path_validate( return Path_Validation_Result(path_building_result); } - CertificatePathStatusCodes status = - PKIX::check_chain(cert_path, ref_time, - hostname, usage, - restrictions.minimum_key_strength(), - restrictions.trusted_hashes()); + std::vector error_results; + // Try validating all the potentially valid paths and return the first one to validate properly + for(auto cert_path : cert_paths) + { + CertificatePathStatusCodes status = + PKIX::check_chain(cert_path, ref_time, + hostname, usage, + restrictions.minimum_key_strength(), + restrictions.trusted_hashes()); - CertificatePathStatusCodes crl_status = - PKIX::check_crl(cert_path, trusted_roots, ref_time); + CertificatePathStatusCodes crl_status = + PKIX::check_crl(cert_path, trusted_roots, ref_time); - CertificatePathStatusCodes ocsp_status; + CertificatePathStatusCodes ocsp_status; - if(ocsp_resp.size() > 0) - { - ocsp_status = PKIX::check_ocsp(cert_path, ocsp_resp, trusted_roots, ref_time); - } + if(ocsp_resp.size() > 0) + { + ocsp_status = PKIX::check_ocsp(cert_path, ocsp_resp, trusted_roots, ref_time); + } - if(ocsp_status.empty() && ocsp_timeout != std::chrono::milliseconds(0)) - { + if(ocsp_status.empty() && ocsp_timeout != std::chrono::milliseconds(0)) + { #if defined(BOTAN_TARGET_OS_HAS_THREADS) && defined(BOTAN_HAS_HTTP_UTIL) - ocsp_status = PKIX::check_ocsp_online(cert_path, trusted_roots, ref_time, - ocsp_timeout, restrictions.ocsp_all_intermediates()); + ocsp_status = PKIX::check_ocsp_online(cert_path, trusted_roots, ref_time, + ocsp_timeout, restrictions.ocsp_all_intermediates()); #else - ocsp_status.resize(1); - ocsp_status[0].insert(Certificate_Status_Code::OCSP_NO_HTTP); + ocsp_status.resize(1); + ocsp_status[0].insert(Certificate_Status_Code::OCSP_NO_HTTP); #endif - } + } - PKIX::merge_revocation_status(status, crl_status, ocsp_status, - restrictions.require_revocation_information(), - restrictions.ocsp_all_intermediates()); + PKIX::merge_revocation_status(status, crl_status, ocsp_status, + restrictions.require_revocation_information(), + restrictions.ocsp_all_intermediates()); - return Path_Validation_Result(status, std::move(cert_path)); + Path_Validation_Result pvd(status, std::move(cert_path)); + if(pvd.successful_validation()) + { + return pvd; + } + else + { + error_results.push_back(std::move(pvd)); + } + } + return error_results[0]; } Path_Validation_Result x509_path_validate( @@ -716,9 +962,31 @@ Path_Validation_Restrictions::Path_Validation_Restrictions(bool require_rev, m_trusted_hashes.insert("SHA-512"); } +namespace { +CertificatePathStatusCodes find_warnings(const CertificatePathStatusCodes& all_statuses) + { + CertificatePathStatusCodes warnings; + for(const auto& status_set_i : all_statuses) + { + std::set warning_set_i; + for(const auto& code : status_set_i) + { + if(code >= Certificate_Status_Code::FIRST_WARNING_STATUS && + code < Certificate_Status_Code::FIRST_ERROR_STATUS) + { + warning_set_i.insert(code); + } + } + warnings.push_back(warning_set_i); + } + return warnings; + } +} + Path_Validation_Result::Path_Validation_Result(CertificatePathStatusCodes status, std::vector>&& cert_chain) : m_all_status(status), + m_warnings(find_warnings(m_all_status)), m_cert_path(cert_chain), m_overall(PKIX::overall_status(m_all_status)) { @@ -749,6 +1017,16 @@ bool Path_Validation_Result::successful_validation() const result() == Certificate_Status_Code::VALID_CRL_CHECKED); } +bool Path_Validation_Result::no_warnings() const + { + return m_warnings.empty(); + } + +CertificatePathStatusCodes Path_Validation_Result::warnings() const + { + return m_warnings; + } + std::string Path_Validation_Result::result_string() const { return status_string(result()); diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 6898d0679e..12a9248736 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -135,6 +135,11 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final */ bool successful_validation() const; + /** + * @return true iff no warnings occured during validation + */ + bool no_warnings() const; + /** * @return overall validation result code */ @@ -146,6 +151,11 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final const CertificatePathStatusCodes& all_statuses() const { return m_all_status; } + /** + * @return the subset of status codes that are warnings + */ + CertificatePathStatusCodes warnings() const; + /** * @return string representation of the validation result */ @@ -173,6 +183,7 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final private: CertificatePathStatusCodes m_all_status; + CertificatePathStatusCodes m_warnings; std::vector> m_cert_path; Certificate_Status_Code m_overall; }; @@ -274,6 +285,13 @@ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( */ namespace PKIX { +Certificate_Status_Code +build_all_certificate_paths(std::vector>>& cert_paths, + const std::vector& trusted_certstores, + const std::shared_ptr& end_entity, + const std::vector>& end_entity_extra); + + /** * Build certificate path * @param cert_path_out output parameter, cert_path will be appended to this vector diff --git a/src/scripts/oids.py b/src/scripts/oids.py index 5e53decf7f..7a6caa368a 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -2,6 +2,7 @@ """ (C) 2016 Jack Lloyd +(C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity Botan is released under the Simplified BSD License (see license.txt) """ @@ -125,17 +126,89 @@ def format_as_ifs(oid2str, str2oid): """ % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"), format_if(oid2str,"oid_str"), format_if(str2oid, "name", True)) + +def format_dn_ub_map(dn_ub, oid2str): + s = '' + for k in sorted(dn_ub.keys()): + v = dn_ub[k] + + s += ' { Botan::OID("%s"), %s }, // %s\n' % (k,v,oid2str[k]) + + # delete last ',' and \n + idx = s.rfind(',') + if idx != -1: + s = s[:idx] + s[idx+1:-1] + + return s + + +def format_dn_ub_as_map(dn_ub, oid2str): + return """/* +* DN_UB maps: Upper bounds on the length of DN strings +* +* This file was automatically generated by %s on %s +* +* All manual edits to this file will be lost. Edit the script +* then regenerate this source file. +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include + +namespace { +/** + * Upper bounds for the length of distinguished name fields as given in RFC 5280, Appendix A. + * Only OIDS recognized by botan are considered, so far. + * Maps OID string representations instead of human readable strings in order + * to avoid an additional lookup. + */ +static const std::map DN_UB = + { +%s + }; +} + +namespace Botan { + +size_t lookup_ub(const OID& oid) + { + auto ub_entry = DN_UB.find(oid); + if(ub_entry != DN_UB.end()) + { + return ub_entry->second; + } + else + { + return SIZE_MAX; + } + } +} +""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"), + format_dn_ub_map(dn_ub,oid2str)) + def main(args = None): + """ Print header files (oids.cpp, dn_ub.cpp) depending on the first argument and on srs/build-data/oids.txt + + Choose 'oids' to print oids.cpp, needs to be written to src/lib/asn1/oids.cpp + Choose 'dn_ub' to print dn_ub.cpp, needs to be written to src/lib/x509/X509_dn_ub.cpp + """ if args is None: args = sys.argv + if len(args) < 2: + raise Exception("Use either 'oids' or 'dn_ub' as first argument") oid_lines = open('src/build-data/oids.txt').readlines() - oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)$") + oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)(?: = )?([0-9]+)?$") hdr_re = re.compile("^\[([a-z0-9_]+)\]$") oid2str = {} str2oid = {} + dn_ub = {} cur_hdr = None for line in oid_lines: @@ -164,6 +237,12 @@ def main(args = None): else: oid2str[oid] = nam + # parse upper bounds for DNs + if cur_hdr == "dn": + if match.lastindex < 3: + raise Exception("Could not find an upper bound for DN " + match.group(1)) + dn_ub[oid] = match.group(3) + if nam in str2oid: #print "Duplicated name", nam, oid, str2oid[nam] #str2oid[nam] = oid @@ -171,7 +250,10 @@ def main(args = None): else: str2oid[nam] = oid - print format_as_ifs(oid2str, str2oid) + if args[1] == "oids": + print format_as_ifs(oid2str, str2oid) + elif args[1] == "dn_ub": + print format_dn_ub_as_map(dn_ub,oid2str) if __name__ == '__main__': diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.TC.pem.crt new file mode 100644 index 0000000000..cfab5b0563 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcDCCAligAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKBrtCby2r83lOiu2iEru4u2nQnopHEbzLWM +M8sOIyBSqM2N2lJWRiOFZ3sX/RN3Az0ipLa0cqWvp6pMvvsXojCGRwsurueY2gBB +seBF5xxe19Swr2lHGM67XwNLupTrSUDZGMR2KoJTg4n6Cs4cGgOlhZjz33wBTMaY +8IDrOgxuGVyXCUqLE3ESYHoUTpZfw53UspMG/vDY8f0Sk3FJl3aRWm1vrqiF78sQ +sIMrf8flz03CTYUHtZ4nPQKRmmOCruNAd3JJfU6AYN4cDSi3noACjrYxj6c/6acM +kKx61suCGD9SRluRwUEx2KMXEAN0I7UYETj0nJ5sCQ8RIgJd23cCAwEAAaOBsjCB +rzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vbG9jYWxob3N0L2RvZXNub3RleGlz +dC9jcmwuY3JsMB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMB0GA1Ud +DgQWBBSF+9xb3zooHvfVBEaeNGG+jIKIRjAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0T +AQH/BAUwAwEBADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQAD +ggEBAHP69ifAUrCLzBuDZmLX589Oz0makmtkNl9P+sEdtpIcO+px6AO4SMSPA37p +p0C465HaQDP9Z+IqzDD0fILiR7mLh12imm552m1G5ACmLLG8Fc9H7655rG0tIOSd +NgLo0YyE/BswQJNukA1DHBpUYx/P4qqy+zca3LEZd/mc5MKxVcw+PsP0WsNDUUC9 +HbDUSm4TEpPsysY5v/LKF/m9TFCNuPXF3Z/xTNzRTkOKnH3vA+cWPruRC9sP7gYD +UiRIl/L2buxEkVTX97zMOQd9o/bmv2k6KqNWIBIrtVj25OASeD/15vviaix6Vczz +tlennFASeG9IAdNc0mPLvio5p94= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.pem new file mode 100644 index 0000000000..0cdb43324f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCga7Qm8tq/N5To +rtohK7uLtp0J6KRxG8y1jDPLDiMgUqjNjdpSVkYjhWd7F/0TdwM9IqS2tHKlr6eq +TL77F6IwhkcLLq7nmNoAQbHgReccXtfUsK9pRxjOu18DS7qU60lA2RjEdiqCU4OJ ++grOHBoDpYWY8998AUzGmPCA6zoMbhlclwlKixNxEmB6FE6WX8Od1LKTBv7w2PH9 +EpNxSZd2kVptb66ohe/LELCDK3/H5c9Nwk2FB7WeJz0CkZpjgq7jQHdySX1OgGDe +HA0ot56AAo62MY+nP+mnDJCsetbLghg/UkZbkcFBMdijFxADdCO1GBE49JyebAkP +ESICXdt3AgMBAAECggEAR3vm8aorPqUSZmMwETLvJhFQRg+UY1CbdlTM6ZFZprge +v0YUQLdwFrkGBSyJ2eghGdd7pWygX+N3p6P+QF5mKBBVzQ5W4x3SGuYrUMBlfVdn +/r9i0ttbGxgUfR/8OwrjgBGdf0IWrC9xwISa1wBfuTtDXoZhklzz7NVO6munWMzr +4CPLcAyhqTPI+PEVd4m+6kohcj2rma1P2pM8ae6bzQrCwMKEWM+Yrqvq5cyjjvK1 +uzcH/LIL3XQUIGmrLucyY7MZTbx9+aHxNI4OlaF59yBdKs427mVdp6JmYM3mXmW2 +ZopGDGxTq1KSHfO+2pXvqW9FzT24qgix8e/GMAKX+QKBgQDYis937dcHn3NTHtfR +KVGZ47Mr9dit/C7EuZf+lwVFgwjDKXRdPxBnjJnZDPrYlVPFGOS5ZUJ2A536Kfut ++gmLqvMAlwfdqV860ObeEAtm6foxRhrS7Fhlq22zMeQ7dQL1gH+Y9CDSWhLLKpuu +MG9iDQBsRlAHtqx9VyfFKXZX7wKBgQC9pvSvpVjeT6xrPTHIceoMFHTHkB0zraoq +80k4RKx0YzMbHsjvH7XsZx2y577Uz6Ad2hhOHcNFa4G2e9emkVRGD8S0auvA8j2w +IWKME5MgtugtgyJXaA7YFscCX5u4Y/KMFucmVa6jBJu3KODi3MOPnvnpgLXF05Qn +ZfgCe+7s+QKBgQDA5d7tef0cuEkWmZotpD4h9XotxgKw8r6C1sX0sHmss47BtBMJ +4dzuMYz3kp1/BH8sTAGsueybjptTN8UQ9XU9axqvwtrp9jB0B5Yx6V8O3Y3YCRhq +HsqcPzso71/eK11ob4C7M3ZtjHnDbIBkipceZHClA3nVdUBxI4u1EjtvFwKBgQCY +ktx/AlLAZvCbRZvrWlmkZkCc2//iN3CTJS5eqkDjUXsn8lhMqAI/saVe7LnFk1OJ +MJAlKCSUkKzGFlOjmX9m7gCd9Pa9PyUJsZIKhyTySLP5CWpzTy/CAHESI8CvUxkq +QrKrUHsygt6TN7vURy69OHRtujKCeHjUSWCA/xt0YQKBgQDSlf9hZIRDnt7ZzLlL +xx2LTTaHL2sgblF3ijpTTo3H5W7lMdzA8rjjqrweYFctIFlRfO2lEeZ+5LCiu4bd +R6TFKMxXREUhcD7SAK45tA50ThuSI7HM+2S6KYQ5FltHxDOByJW4AZKcNdEUXSCi +zSzyeuKCY2FT7bXuusya4bIMIQ== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/cert_path_CRL_01_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_01/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_01/description.txt new file mode 100644 index 0000000000..7b47322887 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_01/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_01 + +Purpose: Checks the behaviour of the application when it cannot locate revocation information about the certificate. This path is invalid because revocation information for a certificate is not available. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/cert_path_CRL_02_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_root_crl.pem.crl new file mode 100644 index 0000000000..abc729c188 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NDdaFw0xNzEwMjUxMzI0NDdaoC8wLTAK +BgNVHRQEAwIBAjAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEABCvPRcHcaXOnwWsLhNbAnK06e/QHBX+aFal2tzjmmPpJ +x6Wjl7gJ5NxN8Y9uzdAOBmftN5LgnLm8m5jQhzgqUoxtMEX4FEyKgD16za2Kzc6+ +Mg7WGbnjIHCLt9T303K22YaArJX4fhjCZZmwRglP4392m88f+ynAUq3yD0VzOshm +PivA6NVvM+tkVGvM3qOEJHhkyw2WZR5AYHcnB2IMtB9Xc1FD9h1YKU2r9fVHX/QD +mbt6ZzNwPYWX/aaBqsDklF7LMkKKN1ApZ4ocoOBcVR2XYjGCWINOiVFJUR13mIdT +5F8DEKNd/l/erzp5FYowUKyNKZDgklQAvZZ1nLtg/Q== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_sub_ca_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_sub_ca_crl.pem.crl new file mode 100644 index 0000000000..774047bbdf --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/crls/cert_path_CRL_02_sub_ca_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ0N1oXDTE3MTAyNTEzMjQ0N1owFDAS +AgEBFw0xNzA3MjYwNzI0NDdaoC8wLTAKBgNVHRQEAwIBAjAfBgNVHSMEGDAWgBTg +jBmqaSWaGiUA9rMouhv3DfnPwDANBgkqhkiG9w0BAQsFAAOCAQEASVKeNF4ozBHs +jKss2P4Wor9/yvCi6PH+f3fr774nbpW4hK7BqMDfLt1lyPMMRil/Z0FGsTF4wy9f +CSnI/NNIqDLdPfL/Wq40swJvuR3p7CjGwEZjfYJ3Zbz+JZJBws7Eg6JtBLHAc9JQ +uw9odU3oBt9w9DP0Oh3idfXAQp1Ho/nK+ssXOEo1ADETFjaVooXSpeJ7Khi/6Asq +L8A/gDTbuT6K3bEusSXhMo1juAN3oDj7Ruev+CWx0EkxtM9AUBzw707kL7ELxm3g +8FsPC0ejfaQIPluaEBgTuaHtGCUCKnUeUYc2MHPJZZWSaNpqv9OLoAn/25tvsyvI +pIKYuraHXw== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_02/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_02/description.txt new file mode 100644 index 0000000000..dc48317f35 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_02/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_02 + +Purpose: Checks the behaviour of the application when the target certificate is contained in a CRL. This path is invalid because the target certificate is revoked. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.TC.pem.crt new file mode 100644 index 0000000000..87212efba0 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ4WhcNMTgwNzI3MTMy +NDQ4WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALduL9byjU+U/h7qafFgTBAnew60mhJenH/Z +thGZMyPAWGH4tImhud5EZmBRZyd3PD38fO7B4FD7rwN0yf6OC0BZO4wrlbx7ZZ2F +uBN74pm0Hmd2WBMaqt0l26xBVE5bXAMpV9KFF8qapNop9J7rLEYJ0VTV30mMeeB5 +5gX2ureHqZ4UPH/ypcGVgAQs0klN1GPsV5gCegVJcI8h6kSFyXsy3SPPORGo1sqL +VK/tiLS6UpnzsRAbOlz8PulqwcjL04wX2QHFR5Vo5xnZwZ/gQnLURfpWTDSH3AIA +q6QvMZoIhsOI2UYbv0I81nynlDWCzm3dQO81zxDKNpODjGHDf3sCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU7+kybPy0OP1cbl+JnXRW196Iv+EwHQYDVR0OBBYEFNaDawpq +cxm1hCAkKC7HHzR0KdngMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAcRxuJzzh +vGt1btEKhLlHSTuY4BKArQ1+lCA2WDKrh3bvHr2VoOjJvop5Ag1NqEXfqm3k1oue +lXWtx8NI9GBEXLmjYlK6YF/6qPeCHEBwpBLBoQiK4uNbnUHSVVw3ICcjsOYymHZY +zJxl2/KvAg7WA7MSEK10y/jh7M5Q3oGIJBCZ51sSD3l+nkuBKWGF7vVcQI05Xxzh +/4UsEXHDgcRU2hS5TEgOCafmCLlnDJuIxRkKRYRbMEURI+Lc53DUMH4XNpj7d6ro +NIcOoHCbbHdzsRHrT+LaOXYKXWHAZyM6O8xSCqziurIHzK88KnFxKCaaOQuWiWqX +TuymWaetwJxMoQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.pem new file mode 100644 index 0000000000..0f0052e8ca --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3bi/W8o1PlP4e +6mnxYEwQJ3sOtJoSXpx/2bYRmTMjwFhh+LSJobneRGZgUWcndzw9/HzuweBQ+68D +dMn+jgtAWTuMK5W8e2WdhbgTe+KZtB5ndlgTGqrdJdusQVROW1wDKVfShRfKmqTa +KfSe6yxGCdFU1d9JjHngeeYF9rq3h6meFDx/8qXBlYAELNJJTdRj7FeYAnoFSXCP +IepEhcl7Mt0jzzkRqNbKi1Sv7Yi0ulKZ87EQGzpc/D7pasHIy9OMF9kBxUeVaOcZ +2cGf4EJy1EX6Vkw0h9wCAKukLzGaCIbDiNlGG79CPNZ8p5Q1gs5t3UDvNc8QyjaT +g4xhw397AgMBAAECggEAIZ/XsinNQJjZynYDDKWv28g49RWjJpnkS0Vv7CLurm+M +ZA0wnwgf58AXGjHh3GitiNlXV3b/tSilyNboTjrgkh+pXEUDEkV2d50zBJNRkwZj +Cmk1tO7PAnH1pkpld2Wk5Ml32VXfahrV/E3zkwweFgqnrkr0Pum6z6zYvyAe0xSC +Rx1YSAnJJ82QRlQTNlRS7KA3zEngJFrmZyT3l9UPK+6LNPKZ2GUySI1q85NuSGUv +IBp2xPudQ9lL41LnxarPwN/R/uQHfYUD2fvlJ/XiyEEUOvZHueAWCrGOhkd7+IV8 +eO/lQqdbxtMrntiBjE2csG8JAAYfs8MMwpCz20vb1QKBgQDe+8XKERx4Iz4Ie1IP +JkDMoPlYZBQAlKYFl8W4q+jnV/VSvP0vo/9BTTRFPEj8nBHSvIsWc7d+1zdbV0Hr +wG6g5RJebdKUyXnNNO/BSeNLv9oHsxFTLGg9Yr3X2DH4waxz+8Jy7s1874trTAFZ +e3rExiVXBtd+lSUWccYdA2NDPwKBgQDSlyX7lR4SZNgnCnChT3K8B3StNwdCNj05 +KlMBHGhw4OvLgzgiZyw/xy7yBg0dg93FvigSPibC2o7HiTFTZ5139QiM1eZlEdbX +20Qt9lnQZH+DKPegXu5i1+jt3JbFoBUidzfALiTmKrJN4PBgqVJKU/05S2E1J/qm +cTbLIy9AxQKBgGt+Ac40S34atyfNkzRcY3aBz1HuBLp27kXZ8WXh8Ye8njXBh2g0 +7bMkLaOGuUSVU/48B+zN4dJSm4v713p3rJ0BcMZ2uMIjEgV7lGygWuNEXC3EBAEN +cj7NX+kyfnyFmMXcwtM3DXZB3/rci/YAEaHUR2HZmX6bFWLpe/C2ll5vAoGAZvRO +NXjpgsSaiDuqZLKavSJIAIbunYg21kPC4MAqr0THAm/cebVHBMc0RE6BCvT07z/Q +B1srSAfh1dtUqhn1+jdpPrE0OiVGi7E+29mcfy0iydS1e0nt8ZTs45z8eRGSQ49V +SjdFAuHM2hYmbptZB82X9vLLS1mISOcAir9g0qECgYEAlhh3kd7Gycovds86aNdR +MBEXHDUlupuJ72psITqPMEDnRgEdo4r2GmaWYrB23LYRNSwS/Cj4hoqrwhBvj0zt +B20NiyOQJokabzQJ23rapSt8j1a/0hNBulfkK4zHIPVDGPay8DU8o0Ej/owLR0nd +NJEuHh6JAJPqzFayiiJUKck= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..5c147743f2 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.ca.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0N1oXDTIwMDcyNzEzMjQ0 +N1owIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/5kwEMgB4olQhOEO/Ynp+FNlfNJ5IWa +4paxKoBQ4B6t5F433iL65Jjuxu7oIy+MldmhPapJ0Dy7d3qUE35SvAhGoGsJxWUa +Q9T7Yl0FRSyj89ZH3NGf7BMOSAkUUZ1Kpd6v2nL1g2bwjm7L5sHA0WI+n0PmTUMh +6X9vD/dN53+XJ2MT4qqLNpUIUHNgcF3h+IM3DQ6hmTYXdYCOCdeJcOlh90VPVm07 +raEI2BKttSh83ukiJq5G6KW9E3AWtNTIRSlLV/MZ3D/vTc+1EWYo53apPZkNMdpW +FkxhWaPXzaUnwWoRiT5ZEh5tjm+rjtgeexogCIrcTcJe4Hhv63wWrwIDAQABo4Gf +MIGcMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9sb2NhbGhvc3Qvcm9vdGNhL2Ny +bGRwL2NybC5jcmwwHwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYD +VR0OBBYEFO/pMmz8tDj9XG5fiZ10VtfeiL/hMA4GA1UdDwEB/wQEAwIBBjASBgNV +HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQBYLRroRr02zCEjVBu7 +Jt9PRLGo2dlFDJLdOG9CFTsaXIdf1FPetF4cmOcjEef1yH+rSQsRgU8SwUvvraQc +OxVYtL1DKFQ+CErbuHHL4iiP0R3IQpwY8J8POfqHqK2aLsB0mm4jsMAiNQbrXjSv +R1fp7OMZSeS84tEsvOjg1JdbDQTCwVstTddWGqha+VuizaX/5OKqwJ2EFfwAX7uz +NYqQsmSc5A/llIDJq3lmGhdlgCh1asDnUDht8IXQSpYSZs+XaQ44iFiEFpxYXA4K +9PKm5YUpRfhRXFQypE0p4EO6Uwog6ZjZiqof/iWGoZmxFcGPNSZP9AXZmQtnIvEF +nKjZ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.pem new file mode 100644 index 0000000000..3ac0a81c35 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/cert_path_CRL_03_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCX/mTAQyAHiiVC +E4Q79ien4U2V80nkhZrilrEqgFDgHq3kXjfeIvrkmO7G7ugjL4yV2aE9qknQPLt3 +epQTflK8CEagawnFZRpD1PtiXQVFLKPz1kfc0Z/sEw5ICRRRnUql3q/acvWDZvCO +bsvmwcDRYj6fQ+ZNQyHpf28P903nf5cnYxPiqos2lQhQc2BwXeH4gzcNDqGZNhd1 +gI4J14lw6WH3RU9WbTutoQjYEq21KHze6SImrkbopb0TcBa01MhFKUtX8xncP+9N +z7URZijndqk9mQ0x2lYWTGFZo9fNpSfBahGJPlkSHm2Ob6uO2B57GiAIitxNwl7g +eG/rfBavAgMBAAECggEAS7A7hMCIhSimeBqW6XMheUjJZYgi/mEH6Zkn/WWroIe2 +iXffs0dRECAWG8thnw/xHrgiwr33hvKPWiaY8YIg+hDW9tCGq502sJuxWWDAHJvn +wyesXoqm7BzrKjUXQLMmtqXHhW1k1DwhQ5RqBm3qsnoNfCsIVuY8z3WNnXJGAaaz +3FLI07W/3vhc2b8TtBEQ3wm8GIWFVvD+gqEEqGb+kYDDVEY/TuwkfvyCCFFasnSF +24ut7wCOlwUYJYUaKFKSlgTLRRskoDdG/QZEf5UBI+PzzVh5yb0INl6b/5fk5yss +V2nbMUARe9kWW5dOJbl2fkWWdzscdVUUR9i6kwyMUQKBgQDKf2CFxBxJlWA5Y5ko +MqQxZSidjYjS/feUkFwaYNrlwOm9/9u7paRxQfvpelmQu1dYEs5ewLpWII1UW811 +DvSYAiJnYyv16Axq/Z+eiQ0JMGDrJyscJ0BXjBlHKa/Tqkt89sMAko0jGlJd/4TQ +6tbQ+UIIkGgXAliGbibwfiNB0QKBgQDAJwO8ChnuDUAvDyXdpai9JyplVQKRB5P8 +eL8wQ2Eny8G2MjVJZYn/lWtbiFp3+WVEgMm5jWXKc0M5tL4jxLiohlXOEVHcFhbK +KuT4usxXihT457gIeG0KGl2xijisNzYS7UaCzVHczKlEIPq5l7xhuk5gcAg6cMp2 +O80LecNwfwKBgFgM9RqVQLuaUWIC9ejtxEmaNAP2NCWSuyIFd5ccwHIg5UJxy8kX +aJ6602AdjG6Ll5o7azL2WM/0jZ+932PkIeUrIGyWSdo+kY/AQrT74Qg62hnGSU+P +ncGzsJYqAUNnjDWFUxufnfFCk8g9wDHbu5bYm6b/q9M9eOLTaOkv4ALRAoGBAJ2m +JMk9HGMT2goCCpYcGSH/pSf4JB/rML4eLvYhAfANmwOpk9CBD0RzSd6SM29lXXFj +nJ2w5cfA43HP2YQtHTee530m9pt0QARkRvHPCGH19xjzvCiu7P8x/JbyCWc58RJ8 +O7KLU9Os0l8EE9D7LeKcYTt8DzQrX+C7VZJJt1BvAoGAbu7y/AN8TpZQNwq6xeov +6+VjVi/+jSA6HC4nw5d2gmE2vJcDpGwOcMnx9smJB166GfaLocE7A63TI9aYu0jC +14BqWydeF9/43SsD4bLJl+ycvx4rjJU7xLE/N43dd/OV2vA6quBbtnW0Ev4XMigf +DB8isvi6KpfogdoXwUQ65+4= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_crl.pem.crl new file mode 100644 index 0000000000..4464b30456 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBnTCBhgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ0OFoXDTE3MTAyNTEzMjQ0OFqgLzAt +MAoGA1UdFAQDAgEDMB8GA1UdIwQYMBaAFO/pMmz8tDj9XG5fiZ10VtfeiL/hMA0G +CSqGSIb3DQEBCwUAA4IBAQAMK8tpWc9KUUsoixQaaUjlKnKuF+lfiFVpesfhEgxn +091Nm4PjPBz0wO3qLuqVmdjJkc5yVfiOziCjwR68fPU6K1faaACBVX9imwZKxFbG +93N++IosVv3hB6bH0LcLsnXwNwXPnhLBoU7xPtcKQQtCxYMZDQzB+EfFiWJXTB9e +ygjqRLRgml7UxzIetoYOXYLjsBI8AHMg5+Io+cCs8XiyFqw79VeFTJJNmWOSrl9+ +uWKCj7s5lDRPxBUd9yG7DgQWzmj+DIW19b+umHrJSeguQWYJa1DRRkFzrzwuWv/E +JTOHb6HeQdfEX+oi4PmUMnF8mJE4hEZeoB17d2Lp8PRG +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_root_crl.pem.crl new file mode 100644 index 0000000000..4bc52895d0 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/crls/cert_path_CRL_03_root_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBsTCBmgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NDhaFw0xNzEwMjUxMzI0NDhaMBQwEgIB +AhcNMTcwNzI2MDcyNDQ4WqAvMC0wCgYDVR0UBAMCAQMwHwYDVR0jBBgwFoAUx08Y +hC18r4z8hj9PCEIT2SVAanAwDQYJKoZIhvcNAQELBQADggEBAFU+mEDmoZptI5PV ++aQ8MCnW8Kpk2oj7m1+ZDBnMEIgu4NDtABu4mL8qhrjLskyjLASebH+7di+Y+Mz8 +P/mWNlBZUH8+9tYu7uOd0YvsZnNQLTPPfi+HgHCgMssNTm5HCmqJ7ryTXwatIuMh +Q2WpJ8rMbi4wLwIS5t3J7xcGR8hzxQFBBXvD6WqNITUSAyFJOVwXoAgZCqrxvz7x +7Sd/ojZitgGmKeuhzUiLpuTFkQTkV3WEe60Ti5TqvCGMKC+2H3MREQtFnA4P1Vbd +FBCV19OMiFizc+tncVD4mzFN69QxuS0dqLEC7UZb396Rx8dAyCjYQW/OYaO/TohP +Weiedu8= +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_03/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_03/description.txt new file mode 100644 index 0000000000..d776d45e3f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_03/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_03 + +Purpose: Checks the behaviour of the application when an intermediate certificate is contained in a CRL. This path is invalid because a CA certificate is revoked. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/cert_path_CRL_04_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_crl.pem.crl new file mode 100644 index 0000000000..14789579fb --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBnTCBhgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ0OFoXDTE3MTAyNTEzMjQ0OFqgLzAt +MAoGA1UdFAQDAgEEMB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMA0G +CSqGSIb3DQEBCwUAA4IBAQCSvCbHdtfsVh5LW3fTShKjM6na7tboq3GhJXMG4SwN +rtX5lBDsj5K4ht1WpBNxh/b2pSZxWgTfKM9ej87gqNCzEejPAy/TI9PgLqPqZ/o2 +fhDSavz9WScqFq1dVBkooT6+V1TNFS270OOpm4sr2Bxfe0h73eG7VNfP0Tg2nn2P +MGwIf0MzBVqRp6TFaVvAuU4u13GzeOjnp03SoUKjIJfRWMVdqifRIsjm6F0fWbIo +HPzpa5UxcO4er3yAuaDhOg79WdOqcPoVMrAVpEdKZTS+CG2vZmJuFtI2AptiArLn +9D6yWQ+JxoCraHqVnLraSsWnBPgQHsU48GCPuG6tQnaq +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_root_crl.pem.crl new file mode 100644 index 0000000000..e8e99deab1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/crls/cert_path_CRL_04_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NDhaFw0xNzEwMjUxMzI0NDhaoC8wLTAK +BgNVHRQEAwIBBDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEABIEMoE7G+s8/1uwAoZLvvu9qnUHK0UmIj4rqWl7MkCQj +ScPObNNP7Bm6UxVfKG+qW7cCppX5t29coUn70bnjqfFFj4iAjddUSZLg8eI65/PS +u7LPXaXRHAXuOm8yp9Nu7QgTyjKkzz6E1ChTLYU+7EmLevJr+uWTRqVFA4zMSlPJ +5CA/6TSL2PEp3wFXkB0mCMgASQ30PMqx2ok6uSRGKOZyeiXwW40nzpqAkYZeKy3/ +6fBr9TabsmYk2j8Cu369tZ15QCVUpdkcnMrpkwLwGpKAQFLIOJHRfz4EKvffSzuO +B0RZm0C1E4TSyzjesqHqnE4vUPjAL3NpUOO1v43A9Q== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_04/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_04/description.txt new file mode 100644 index 0000000000..cb1818432b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_04/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_04 + +Purpose: Checks the behaviour of the application when the signature of the CRL is wrong. The target certificate is not contained in the CRL. This path is invalid because the signature of a CRL is wrong. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/cert_path_CRL_05_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_crl.pem.crl new file mode 100644 index 0000000000..e995b5ed3d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ0OFoXDTE3MTAyNTEzMjQ0OFowFDAS +AgEBFw0xNzA3MjYwNzI0NDhaoD4wPDAKBgNVHRQEAwIBBTAfBgNVHSMEGDAWgBTg +jBmqaSWaGiUA9rMouhv3DfnPwDANBgUqAwQFBgQEAwIFoDANBgkqhkiG9w0BAQsF +AAOCAQEANKuVzO3jmPdNuCvpB805d9qFmD3Zr/+zLreLev9+3zmqRFJPq4tLjSaT +3rOYlW0GlkHHMCcZK0GR/7LCIGtCx5IS6fBhkQxozlgTUaQVflOG1eTSZzSm1u0q +2QvdCU0tHNJ6dfWgOLwcquBejy3uToqIa64rVK09wiYI8ywB6q7Pl0s2DA/vuRNr +jO2sK0xsOgcehA0ABbQyfIMdXP+N8bhamdCDFX4sieoOhywH527TqDBqByMYpXAJ +bG9FVYi/3cBsdI3aOV421VC754q60gs2W44ThHuLklfSjI2xAFQLwWTMv0+YJoyE +BYo8B1NOvGUze+qC5XB+IzwVMpBZXA== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_root_crl.pem.crl new file mode 100644 index 0000000000..692a69f0af --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/crls/cert_path_CRL_05_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NDhaFw0xNzEwMjUxMzI0NDhaoC8wLTAK +BgNVHRQEAwIBBTAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAWltSnpmUp2mIbyqAFXo8DFYe/JZ0hQv67Rh6bBQqXkg5 +s3OWn5IVNTi9QcEOiMO7fU+OR1oqjaiDkgid09uRXt0EHh0JuFmOCxhUGsqJu+H1 +7wgFDZH78V925qDnJIWwT5aXSMEElGxDX55wrIyZRYZXuEfSt3NADVJHfFbahJoh +CKAauvWROkHF55MlRKJG9prt2o0ZYy0D+vcEF4oFJN8ElsSW2Og7FtUsQKcqz7Nf +8TwSFdwyKyNphMfHz43WVswn683yH6hIdCWQ6O8regEhdMDO3xBFUYkXQnBX2oQv +bb8C628rGFVa3LmhMfuHE3s3S4m/vPe3b8KZcGp3Dg== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_05/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_05/description.txt new file mode 100644 index 0000000000..94a79449e3 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_05/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_05 + +Purpose: Checks the behaviour of the application when a CRL contains an unknown non-critical extension. The target certificate is contained in this CRL. This path is invalid because it is allowed for an application to ignore unknown non-critical extensions. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/cert_path_CRL_06_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_crl.pem.crl new file mode 100644 index 0000000000..0a97efdc7d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBrzCBmAIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ0OFoXDTE3MTAyNTEzMjQ0OFqgQTA/ +MAoGA1UdFAQDAgEGMB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMBAG +BSoDBAUGAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBo4kTGBHMIYQOHbDeb +YvCt6+W85V95LyxIx5PoDuVYQ3IhDnvwVmTFYin0tYx294rM4evQJL9haaryVBrJ +HrCDvnYTqFWpXNvjICMvhWn1cuiFgWksK9Kz5aiVylABKNvpZcrM2awC+BUy+Q34 +UY6HmG0495HMtN5mobu9F1ByPQavMee9vJyzA+QQBg0/b3IENnbvjJ3IK3wFY49y +qkSYe5eZ7c2khCxkwS+ogFzAxksy/lu6a5eGGarZe154WCnGGR4cisMGKxMwf6S7 +VtFXyctgLKhIyK6VtFn7AoTuBa4L09KuFgZ/Zc3srUXbnsO5ahTnYd3IAK2IBZn1 +uWRU +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_root_crl.pem.crl new file mode 100644 index 0000000000..85ff7ad837 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/crls/cert_path_CRL_06_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NDhaFw0xNzEwMjUxMzI0NDhaoC8wLTAK +BgNVHRQEAwIBBjAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAXwSx2NtqRbBbXT/9A4SSDanhmiXJHwcevJHidPtzTyYu +OkQC9QN63NucMczU9ukYxdhVEEIy5CLT94fzg44CwUFLMDJKTpM3qxuACbBLH2/j +nmdyghy9/uGkSM/md7/8nlAYcxr9EgWQPgD7AYnaURKTT10CYl+hj4RC6BUsL9/P +xfD+qGBsvHhnkhjBL2g4wkvjR/8P9/e2LqHUst1z8ioq7LmwigFtqsqreowRt7ie +FEA8jGoUSmINKTqI3t3eg7axi6F7FP39CnRZqGQkYrdHtYWhZCVwfEcd0WbfYtpd +zsJqB32IwS5IQHUl/hauIAfNUEjBCzxu6ifh2mLnYQ== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_06/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_06/description.txt new file mode 100644 index 0000000000..afcd3c5488 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_06/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_06 + +Purpose: Checks the behaviour of the application when a CRL contains an unknown critical extension. The target certificate is not contained in this CRL. This path is invalid because it is not allowed for an application to ignore unknown critical extensions. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/cert_path_CRL_07_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_crl.pem.crl new file mode 100644 index 0000000000..a99a51cebf --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBkTB7AgEBMA0GCSqGSIb3DQEBCwUAMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENB +MQswCQYDVQQGEwJERRcNMTcwNzI2MTMyNTQwWhcNMTcxMDI1MTMyNTQwWjAUMBIC +AQEXDTE3MDcyNjA3MjU0MFqgDjAMMAoGA1UdFAQDAgEHMA0GCSqGSIb3DQEBCwUA +A4IBAQCqAxDrh0FjK4MByyedu+QZR+9ik/jPAFznR+9barO6nJtq6XifN3/X0jg1 +6mV2zRU4/8P2UjTWblPqaBHAYA9iRYB7AoQB4FlUevvbET34HwgJ1MCoVtiK2FwX +BfOLl0e/loRRQv4J8RSMk/zEu2Kg9NVsGw3mJxBYmkbsdVP98RY28AetMFc9e1sq +hgdhWEDPbQkwoim8aSxQ66CSRVCsO0drrTMaJSGQlfGhU7DDHjgk87qJ7A8e4EpB +pnot3uXVzIlqsbWbE/0GUxUY1Br0vEXmEbX3YNkwnXfzki/6s7Qz2wscfXSxs4cV +m9YyKTWnnN0CYib4Q9hPG5Jiy7QO +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_root_crl.pem.crl new file mode 100644 index 0000000000..85819e7afc --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/crls/cert_path_CRL_07_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI1NDBaFw0xNzEwMjUxMzI1NDBaoC8wLTAK +BgNVHRQEAwIBBzAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEASTn0oRz+84G6BOWfz7KWE6nTHA1ZUpxCbm4N3SS0C/5S +3OZn2G0y6FyzGm/dxA2HdChfdcYJaaNisNfDgZm+Lf0LoIRsOlMWTvtvh4FucUSW +Y4d3g9abjXkxV3zLCUW4uOTxYzEMC8f2hRmpX7zU6bsLRxRi+wXG2VUQOA7i71RO +Ltq5PLPGnA5+Vhv02+n1HFGyi12n5tKPuWPa4RmTpFw+FyOziDHAcEZ7OI7I7wA1 +u50sc1LlBctugY12vbmjZjUGIMCeJhhThdojY8BPj6UX/wCBLPlaRWN4SKVoG8Nu +bW2m0IyeXXGDDsjXcg3WEmjiJLVxVc7fkMvCapuq+A== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_07/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_07/description.txt new file mode 100644 index 0000000000..388114675e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_07/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_07 + +Purpose: Checks the behaviour of the application when the target certificate is contained in a CRL that does not contain the Authority Key Identifier extension. This path is invalid because even if this mandatory extension is missing the CRL is still a valid source for revocation information. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/cert_path_CRL_08_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_crl.pem.crl new file mode 100644 index 0000000000..a0e35e19c8 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBnTCBhgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MTAyNjEzMjU0MFoXDTE3MTEwMjE0MjU0MFqgLzAt +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMAoGA1UdFAQDAgEIMA0G +CSqGSIb3DQEBCwUAA4IBAQBV8ePdQ4Z7fo71zUhzJld+00QED0vsjMjFMgg9SOoB +CQji7VGNpU7+438ohnOP9gscri1ZRpHdHqGpVTUepzgx48ZC8F3cUwE5ee24dyLu +BT7Oez4DgcFclyLyjxSRp4jn5GxaCYHYMefm5JAh03IwI7DEr1X2uf1f7Ynnr0Q3 +pLIlNwQbVrmenfEdNw1jq+iXh43fDTuDBtAMQZ3oSrY/vuWkVx092Gen1mT8e4oA +nRaViNMjLm/fBIxhyUQ1nBR/nw4nQlYlEELJly7AJm78hSr3TWOXJ1Pq2tLYpE87 +XFNYHmgJy+8Lp0IjD+FkO8L9Ur9FsPIqW9KXJQnBbRwG +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_root_crl.pem.crl new file mode 100644 index 0000000000..9eb820d7ea --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/crls/cert_path_CRL_08_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI1NDBaFw0xNzEwMjUxMzI1NDBaoC8wLTAK +BgNVHRQEAwIBCDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAeWGlW8kiFICDuUFCa7F0VjKcFttYd5aUbJ0LX2A1VyQs +rMSrdGuyyYXAgvPSoGfBcanTmft9JLtfq3UIZxKrbI0jY8uZY002DIgOp3rrZX8D +OkcOZT2C80OjhuhIbmWIppY3YmNqoh67fv2rFWxYioK9oA1puHEKftrGLNd9QUJy +hU3wvwlxj+VQEd1KaR2KTJdL9huVPiDWohqe2ZigOWuf3N4Af28iHHMeLX/MWoTZ +n7d2ht5VmMarevzneISFdiboH6hOsLinVE1ESqyDPN7rFhlZNdagXiPU7QxR3SQq +UO0MBY4Okp06qCrdug7VjcHXFrTFJh657uzVbJGHZg== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_08/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_08/description.txt new file mode 100644 index 0000000000..18d4efe75b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_08/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_08 + +Purpose: Checks the behaviour of the application when a CRL is not valid yet (now < thisUpdate). The target certificate is not contained in the CRL. This path is invalid because the CRL is not valid yet. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/cert_path_CRL_09_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_crl.pem.crl new file mode 100644 index 0000000000..154f2541ff --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBnTCBhgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcxOTEzMjU0MFoXDTE3MDcyNjEzMjU0MFqgLzAt +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMAoGA1UdFAQDAgEJMA0G +CSqGSIb3DQEBCwUAA4IBAQC8GIH8U26/QarHuHL058tGPnBPLTiNK/zHr5SLJOkz +LTwcK+djJEUiZu5DSHA4txLkfpjLq4XrzPvkaU/x+zct9DTu/qMp3rlB3CJi65UD +Zk/gQyxtfrApx8HGGuSMc2185Cc2oknY5+ms0BUf9U/hStEnHVke3pS0celxB3wq +IduPVH4z4cniKibJRmvBBooaCpsLmZozIFNoNcMgFA5um0/eE4QVXaDpuQBx4vgZ +PZcJwwiVwrTKb1q66In3NltPgtvdvG6EBAMYBX80c2cSkxNNP6hZrpXUzICp8A7u +6h3+FWO00yAud38/zWpC2i10ne0bEE91wfxdUK2endE0 +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_root_crl.pem.crl new file mode 100644 index 0000000000..9610f9ffba --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/crls/cert_path_CRL_09_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI1NDBaFw0xNzEwMjUxMzI1NDBaoC8wLTAK +BgNVHRQEAwIBCTAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAAGqI66MHfNv9xrUNDYfL6CEOZV4ef/NMss45u0dKo5tV +Jq8pDromMR8kxqm0SOdI6Jrhrn+FppQI2TAkMbEzGxNKZmavpOBKOUscJ50ReI9S +VfM/yBZDnt0hQzhNab+wTWMTfIadH3Ld1aVJYLAAbBpJzf74Av1mdfClVEQ+hv5e +p+0JaPsLCkTWGrAzibxUY2Vb3UjSK/VxJC5Tgt8lgMptdz8/KfUgbvMklEllw05v +PhZ+dlW1Gy65Wi45WpW6gwg+H+lFKYKCAsAB+AXp970+52DEmocm7KXMeiKs+JP4 +60Kf6S9KY4O2gG3TWqT9rvqJC7jkwfTBbuuLEi4qLQ== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_09/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_09/description.txt new file mode 100644 index 0000000000..b5b92546fe --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_09/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_09 + +Purpose: Checks the behaviour of the application when a CRL has expired (now > nextUpdate). The target certificate is not contained in the CRL. This path is invalid because the CRL has expired. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.TC.pem.crt new file mode 100644 index 0000000000..18774130d9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlKgAwIBAgIC/u8wDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjQ1M1oXDTE4MDcyNzEz +MjQ1M1owHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMnKBQr4thZFuPu4Faq7EINw3b8lmwWnRl +hCMGgYrlH9ZzBEXF5e4OyC0yeZMGU2p1NFxXWYbXda5AKaz7UjfiTjxGMoGRWDAz +pV2Pub6APad0yndST3SgDHTguBnD7ByVdONI99fzCP9MSFSLXT0p/KWxU3K/SPBY +TKTm04dbEkZ1qY/E9yfhitiKwgQz2cyZb3vGVlyhZ1Um3nF/8d4I00wm9fMCCLzi +fgLxIZiQDmmKtp+7pEdyoUdmPGTNCR/0fJURo3ueXR0ISDDaEpZmW7dq8r76uKhR +7G5/gLJuSC3ZHFrtpzP8vtJiioN09O6IzZOJ9eEZhQCNDuc9vAWnAgMBAAGjgasw +gagwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2xvY2FsaG9zdC9jcmxkcC9jcmwu +Y3JsMB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMB0GA1UdDgQWBBSU +aRmCp9NenGzH62G4/W51q3qSaDAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUw +AwEBADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggEBAHNE +pqC3muoivzfMnNFfjZOKhqnZofyjZf8na9g0/WXdmSXnAB52vKcJ3AUzq7MCMeBG +zhUa2DNC7TKXCfUQEnB+NQ145NWEZ0TSuRI86TlWPL4tfKnA2y5kMUgOqcZTsGTw +rxRUfo2mkORArJUVsT2Jy4YfGhbqjQtX3pK+xgjJpVJvnxJ3dc9fbWlaXmPD2uyh +okTzlflWJUWvF6xDrguoId8vcM9bmcT18fnFWoyZE0TQQOPzLaiL3jaMAMq67blI ++M1rduMN/eXDd9p21BmKhrw+SQY6Ami1gLRebg3TGybmtuEXhEQmNJ5CMUIw22kd +Z5DisB60dg8Kch7B5oo= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.pem new file mode 100644 index 0000000000..801a334e5c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMnKBQr4thZFuP +u4Faq7EINw3b8lmwWnRlhCMGgYrlH9ZzBEXF5e4OyC0yeZMGU2p1NFxXWYbXda5A +Kaz7UjfiTjxGMoGRWDAzpV2Pub6APad0yndST3SgDHTguBnD7ByVdONI99fzCP9M +SFSLXT0p/KWxU3K/SPBYTKTm04dbEkZ1qY/E9yfhitiKwgQz2cyZb3vGVlyhZ1Um +3nF/8d4I00wm9fMCCLzifgLxIZiQDmmKtp+7pEdyoUdmPGTNCR/0fJURo3ueXR0I +SDDaEpZmW7dq8r76uKhR7G5/gLJuSC3ZHFrtpzP8vtJiioN09O6IzZOJ9eEZhQCN +Duc9vAWnAgMBAAECggEALQIHAbiboEDDI0rLmXZK6tOxaMBWmkRLdkkqqzOzqdLn +CUXXU0DQrM+7oW68uJeAw2dRKKW404w/WD3SnzXmtREgkRBrD92mPLYTbpodHXhy +bW5b8O8paEtVKllU0ZQOdZHQrSxXhE5mWhFPB5jq62F30RnaE9mnhMTXQS8mhxGJ +XdqHvldeKg14SKYno2X3s4mW4hy3jPzrRDY59aSUSk2FKMFxPhLRtSTmJ8tby8uf +lVlQs2KymQRVT1650BNo7D0JUveCOhSZ6MPze5E3QnIEv4WXx0RcLgcdfMYdTrZU +m8+j6yr65oQCN1dKpySVHQw1ZAuo1apgGSUBsvYUAQKBgQDle4F9+Gvi9DrcYVTW +CkvqL4OSbwfJMFUK28MiWoXSCeM1bMQRPXS2eOKGWUtdnBn2Cb243Ozytr4VT9DF +JLlyegO4/y9oqUCmJ8OvYlb7hvxkUHtWZ3XbAr3o19I8ZHsxSoF+fjgwyesa2i48 +MAiUjrkqvfKELRsGTT7g3McNYQKBgQDkQWdUsiLFnLKJQ+DQzGcLuk6abfkqbQOn +LvOQSPbPNk+Qyo6dTSwJrj/L7Hr2ERag8nc7UJdm/ojfVyFNkMci1G9idwUr7r01 +27m0VdaMCGgBPzgzyHYrB4XUSiOgkmbs5FYbUedgFQNLpXT2UgG6RH97i39Ma6WK +zuw+x2OoBwKBgET+tRgisI0z0N6hhNg1kE2Aq5ZDO5wJpAf3utuBS+qyflV5thlY +2NZj0feCsV4bqNKIazpBchwnRU8zCBm9yOPaO3RLhP16pa1PF06LyoslMo0WhX6c +7JpEYMS43sS5kTBorjZRzKMekkkof+4oouvHXXS0V03WIeHrJ5SDzHUBAoGAB9/t +xbFDm9e1HSE3X1y97VynG5LRttH9/0WSZ5bs1OdFxXQHiYvBCjB1yP5Gm7ipNDJJ +RMWaA5aieDoUTw3AoQX9NcNvbT2WT4ZeGMehWEFt/SUGNlsjIIbo6hMIuaBzZpbW +Fak0t07iRzjVGS5pGtkEIOoGIUfRdUGASwYr/P8CgYEAm4D3nknbs98dht5Zf75P +KBfk/Q9Nk0YWAgMHdil0QRey4n63CkoxTGhIFUDeuYR1rgBgu9O9sTskMlP49w7a +TydrzDTcvxqPr0zpnQE1i/994OB6k9i+9rLEzC2d5+EJhH1NB5GMK8BGsuNmBvNP +Rt1w8yP4i+N8HA7+4woAE7s= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/cert_path_CRL_10_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_crl.pem.crl new file mode 100644 index 0000000000..ca4b02c2fd --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBtDCBnQIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ1M1oXDTE3MTAyNTEzMjQ1M1owFTAT +AgL+7xcNMTcwNzI2MDcyNDUzWqAvMC0wHwYDVR0jBBgwFoAU4IwZqmklmholAPaz +KLob9w35z8AwCgYDVR0UBAMCAQowDQYJKoZIhvcNAQELBQADggEBABcBwk1WvZDd +ablyHmeu57sBz+XNn6r436UqgiGXZfyfT8nIBnkhjdLn1daOkCsNgL1/i5BOPSZy +Qqpte3n53Q2BxN+ON3RpLfxbCwnbo4Y3mShCzKpKnsGg3Rq0758wj8HhVP7Kw+/g +gfvYU+hw9HKlGCgkouAn5xt2lLC4KLYhGCHwVlxzLr43ur7gUTBYyJXfe6Fc0lvx +lIDbIqrD6Kh9M+llhXpHOGIRqyT5d7wcOaR+IZkL/sDDAJ2ZZeRRCPjkDRHJvoJJ +bVUacNXcCA6dX2Pg2QbqtZXNNrCd1+sOvjBsHYJYiwF3vwQZaN28yJwHCKimu3Xl +bVcjLlfHYBA= +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_root_crl.pem.crl new file mode 100644 index 0000000000..bf3f5537c0 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/crls/cert_path_CRL_10_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NTNaFw0xNzEwMjUxMzI0NTNaoC8wLTAK +BgNVHRQEAwIBCjAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAZd6IcgdotTqtJV8kG6P857c5AJMG5KO4O68NV8x1EBxO +hPoqWL2KY9KjASKA+ISTwyyFtygdQhi6vn2FvB+g9z+RV/OyTH4oPNWNNT18Swhi +CnjELf5FZIdP2y95V5XgWGL3EEB+1VOqt1l2NkD5S3LT0MEgkRkTpRBMb/R2RHdD +6mrrZA6efOFg0G3Ywp334uqPVZnOvFH78Ohzx5T18WV+f/4EPiH0PhvQELkvSB/d +++9VWADdsUd52nTAo2MlJBolj+XSfTdLuW0PC+WQ27B/qRT0wQmFJ+GsHis9MM2+ +P5NFB3DqaZ1YumD+dzrPxLb4DtN2mraLUaBql/c89Q== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_10/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_10/description.txt new file mode 100644 index 0000000000..445040a182 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_10/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_10 + +Purpose: Checks the behaviour of the application when the target certificate is contained in a CRL and this certificate has a negative serial number. This path is invalid because the certificate, even if malformed, is revoked. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/cert_path_CRL_11_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_crl.pem.crl new file mode 100644 index 0000000000..e34ef966d3 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBxzCBsAIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ1M1oXDTE3MTAyNTEzMjQ1M1owKDAm +AgEBFw0xNzA3MjYwNzI0NTNaMBIwEAYFKgMEBQYBAf8EBAMCBaCgLzAtMB8GA1Ud +IwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMAoGA1UdFAQDAgELMA0GCSqGSIb3 +DQEBCwUAA4IBAQBGpPVtx/Dk8c+d5W7DZAICtVfE95ge/FMi4BJbcVaILCf33A9J +5BTploBvF/4SKGwq7v3PYzlTQAomOpx2kwPo738sA8ofFshbVCuCeMf0O8x7fKsE +/eqk86njrpMebEV0fdkrkx2r5k7kiqWSo0Hwo3NxGl9sk+y9eVR/4FYDghLD+VJK +5OkPOuvMIveUQQPRh7+ucHvT1BpW4G8YnC6dl/w9hludrUGDNTDYvKAFvcUvWwdQ +eTXV/6dbkPt/BVC7KMiex4ky3lOeiiAmwrRJLlUvvTHdORQO04CbThK0AtM0bRSN +jlVnoEIEi1c62+qYZNsMi8PrUopEF93XFmYw +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_root_crl.pem.crl new file mode 100644 index 0000000000..8b179cc815 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/crls/cert_path_CRL_11_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NTNaFw0xNzEwMjUxMzI0NTNaoC8wLTAK +BgNVHRQEAwIBCzAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAOf6d2ItpAAWMVOrgfxSc8OvzlFtlJXEZydF1YxGbv2Vp +oSt1DRaBhrzY4ADQx/EnZkYIO2MgtrJ8PJyISkTW92938FZtff6QwJ6S/GYhpbBG +5naaJ2cHDoMS1HsKCo6/rA5837W0ZIcztomNxnYZd3EtGLcHRl7Np2TlCLzlPg8u +Lm0zOKgY0W5TCp7WggK9wAaZiKeaCxe74aJYJ1Z+zOKnvR27U+RQ4gbt5bbYEVE3 +2HvMBfRc3M3a7W8YzahspMnw90qW5NzLnsEgy8Z6sM/tONddCKXoMowDeP0YjXnM +7gRC6b8myWo7C9LyfSjeKvJqIW2Kf7ndgDA40LKRlA== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_11/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_11/description.txt new file mode 100644 index 0000000000..b8d1686089 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_11/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_11 + +Purpose: Checks the behaviour of the application when a CRL contains a CRL Entry with an unknown critical extension. This path is invalid because the application cannot process the critical extension. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.TC.pem.crt new file mode 100644 index 0000000000..eaea21716f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUzWhcNMTgwNzI3MTMy +NDUzWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJmoYDdznQ+RwFtQO+bqi3mFmsZXGbDeYF+2 +wJ8R85/dZTfTOENl4HA6iEPhiqWqk+GdqdM0hWCS3grpSiD30sX4svj2xBD/QwUf +RcCjOL6LzoHElliKTZLG2zdpP2Is5K/XroJlnkJMR1nboxnFBs7wwqxkfhq0VifP +uU/v6RkPhBJAemTC/O7ddpVJfjRT9kGQRTzLvfGluP3AqGZLg5aknoq1ZC4e1UML +ShsGKpLktEmxpJ8k696a9ZaB4nGBKkzCjKtMpMhPJ5+ewO7a+/VBEuNT3vl0/Tyr +ARaS9E7BNfjyi/ISM7QDyBAObR47xrmpAUZAnMQ3oKV6UewKlBkCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFDM6cLUxGHJ8VZXvq+QohhdcmUbcMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEAgot0zpayEur6dOzJULj8VwBZM7BRZymIJtIW0ZNc/4KnBy/bbLzbDvClIEWR +OgmGY7wER14w/nVRiRlCipMXHz3WUViqLyRii1IJION3T2vhmndE1Xc1/5Kymz1B +2vUnnrN3pzfFpvXTJ1iE6PwtWL8VQNQxPLvEXzkKII3ESsCoEY/nCHGUnUWyTmDs +Vz9SDjy9VDlyAx6CUrxWKCP54kIowKyKr9wLdh/+TpJ83O7tN1OItLHlws1Gqt8G +X7X78d7px+sAm94kMnlZG0WNHDn3tnYbDvCAZ5UGCGX+AoD9axHxBZlWC/GDcdKl +sVNDR9LC85Y28WLkjZWWbx13hA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.pem new file mode 100644 index 0000000000..3b4f7a17aa --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCZqGA3c50PkcBb +UDvm6ot5hZrGVxmw3mBftsCfEfOf3WU30zhDZeBwOohD4YqlqpPhnanTNIVgkt4K +6Uog99LF+LL49sQQ/0MFH0XAozi+i86BxJZYik2Sxts3aT9iLOSv166CZZ5CTEdZ +26MZxQbO8MKsZH4atFYnz7lP7+kZD4QSQHpkwvzu3XaVSX40U/ZBkEU8y73xpbj9 +wKhmS4OWpJ6KtWQuHtVDC0obBiqS5LRJsaSfJOvemvWWgeJxgSpMwoyrTKTITyef +nsDu2vv1QRLjU975dP08qwEWkvROwTX48ovyEjO0A8gQDm0eO8a5qQFGQJzEN6Cl +elHsCpQZAgMBAAECggEAK9hYUCpcxD8OOOAdn6gIkW32uqbK7WWe8WDX+Ovp7RGD +GtlaAh1VXCDPljMK2Xfhh6zx8xLXBjYSRuHHpb2hdp0fEJx1WPZFnPYN9Mh+XhzN +mcjLL8uTFBFLJzYQgIaX4Lc2E/5EGN3kNDdQhH9skGsx2Xg5ZYxU0zpaQf2OsXgC +80rrVEzz0kJ2886WOP1Qm+xj7IjoCzZD135LM2g/ef4AJ2C43YhwiT18ueNTwhgM +q5GPm3Icz9/MqwTOAW1PJWoLzga0VDqgX2qzSIEgD3LLkfBkFfgvS3Cy8X8YrixU +qNVH5DqYSzVc9E3BFBwmH9LjqIDnFScHwAmmPiOOywKBgQDVmgCZ7NPfJBcAjilI +cnQjff82Wfew9PMt7nie4M/Rp0So/VzHoIuoluyG+uDfjVqWojBtViSOl5OZ5Ee6 +MQdvat57BS3t7dHsgbgrFWZbu36qOSPnCco1/tFG90J/mYeIN0Pwoj9YQOlIQouK +do+VQp7Zcf1PnE94TD6bRVs9lwKBgQC4KF+LtsWPcG86k9wjgFlgrC9dhPgBS29g +BDYrdjMYMvCGXi5GBLQQAQ5iGmb3X4loPyPPbgyJoawMf4yTCk8NVL4xqueBsPn5 +kG0FJF2Za8Me1ZHh0qDGRlhLbvPGlnqFbpZ4FPIHIOqm/JKkwMaomtgkLrAY6MT7 +3Rr25FFRzwKBgQDUE4SXT3GJMn74GS3Z9XFkL9wt7aOkeX/c0dHHBTSxVx8vneb5 +eWhQahDLb9nHe8Q+nSfx1r6TKOHuwJ2KutVEBVqB0EGq4x4zcRQXCrdHSuBXSEZi +RPEVLTxB9ot6v0e2shBtodm82S4FhbSgNFkY/D1VbfzwhyTMLv9WEMWnXwKBgQCC +jqzeIh+Bh5ZzkuvYh1/V93xE8sXYNSCqk5HL0ip7F3IJ8K8hmKgHSJhn2IvzCFoj ++89peX2N/X46BhslC4Pr0Y5dK+qguVUfJtMDeDqbUBiuvX6E+IxexPRH1kshGQGX +o0UtsLu9bgqthBZ6kujEE7L0Q904a51rad959XfpZQKBgCD2keOIQi4ChFLAMxFu +n9O6TU82d/0bdgJGp5s/X5q3EB7cGiGMGf5pr1NdCJYGXqf7kdmQeN7PBNu5qYPX +bZ2GKaRjbbX7QR+T3jfgPhE7i/3lm+/d9w3lsZ5Gwlc20YTu2Uyj3hgXacb61+d2 +Tx72Khaq6Njvbm1u7sfGXDtG +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/cert_path_CRL_12_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_crl.pem.crl new file mode 100644 index 0000000000..53b2aedca6 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIB2zCBxAIBATANBgkqhkiG9w0BAQsFADApMRowGAYDVQQDDBFUZXN0IFN1YiBD +QSBObyBUQTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ1NFoXDTE3MTAyNTEzMjQ1 +NFqgZzBlMB8GA1UdIwQYMBaAFCN/JVKvl3epiBIA4wDB5toErmdkMAoGA1UdFAQD +AgEMMDYGA1UdHAEB/wQsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2Ny +bGRwL2NybC5jcmwwDQYJKoZIhvcNAQELBQADggEBABP6PnvPgQw7nksO74MscSxq +C5/lnosoTRaqxb+V/gp70SW/DwQRSPBG8tVPfKri37/nuWxupRCWtHMZQV/BRLr/ +2q3XLqOQgRuqWOy4nUjXKk5eWURIamyRH52GC0AY+br1FfyM3KtTkOXB/HKbhRR/ +K0Mbz8TjB12gpcBAiHDlfUQZYghROHKzNe2JVFc7HbEww2ah6syeeaavNfoS9286 ++2RymlzlxWRhEAd1rDtx33W0aKTTV0ukG5y696TEM6+nJjtIhUGAbNX2/gXEMUB8 +HWWFn3QAOkks8bqblcRRt8y+OQr0g05yrt7uvE98Fy7LP0Xd6Z7qRaKUizv8r+Y= +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_root_crl.pem.crl new file mode 100644 index 0000000000..78c27962a3 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/crls/cert_path_CRL_12_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NTRaFw0xNzEwMjUxMzI0NTRaoC8wLTAK +BgNVHRQEAwIBDDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAZyBUN/PktkNRUSdu7wTZU/QtHVNDLCWs1m+tnMMaRIJ5 +Qm6lkpPpGKk9LMUhZt0BMRiLkQC/420iKlCrkysjyOOu1S1Dfg41xFYP/gACqLBP +cYCqsuy8y6s4kd6KvanXYOn8z5lYlDfNma4VIyWyZSMfzI9PXyBbfVmk8JHrjjgl +Xm0TJkoHEi1kJgHz4FhunXYOHw7g4ef/4fV5BA+NiqprpCA2fDuApzW8qVUzzbhZ +QmtWM4qHTN88PkFt4tWyPfZESUk+fcdF5WepFLrP/gsXlT+u5/O2RtFS3IOeIenF +TOlx5dIp0dyVtRQkZPFmWTqr8eT+Fl19AGR2MG2IXg== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_12/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_12/description.txt new file mode 100644 index 0000000000..0e8c4da0c5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_12/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_12 + +Purpose: Checks the behaviour of the application when the CRL's signature can be verified by a certificate whose certification path is invalid. This path is invalid because revocation information for a certificate is not available. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.TC.pem.crt new file mode 100644 index 0000000000..d754908b39 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDU0WhcNMTgwNzI3MTMy +NDU0WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKunhcakAtYifStzf2KMdg76EtHYy/kYoI80 +4qBJC2ZKhiOEJa06MDAZr3t0Zhv2ND24S8tyjs0Ed2iSsyMXFRWv+3SgcWr4wJXS +1765HPNbjDGsu12ciuitf8G/OaiQg5RfnY/yJB+4CdSvmO1KyKptVkS3bSbzSxR7 +ZHMSY7vy6C7eNxbMbzsL32Ty+Fs8yv60YtahkrmfHTRzgs5g8tmUHcZLZHvTeUTM +AdYY3V8bVRkzfLE3oYpEBQNABHAgs3o/Z1whrV1y50eN19C1PH+ISEu4Iqti0dBJ +QI/71yqE/pe+kBYxGUHNrXbsF6gD32ilEAEuW+63o1EK+EBufWcCAwEAAaOBtTCB +sjA5BgNVHR8EMjAwMC6gLKAqpCgwJjEXMBUGA1UEAwwORGlmZmVyZW50IFRlc3Qx +CzAJBgNVBAYTAkRFMB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMB0G +A1UdDgQWBBTDBeNZY9qPnPXnjnWWJeq8ja2izjAOBgNVHQ8BAf8EBAMCB4AwDwYD +VR0TAQH/BAUwAwEBADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQEL +BQADggEBADqmJXusKHOx8UavL8SgubAbaAW4XMWrQirEIzzobjORA5TA7In8Nq1P +F2BxlhV6V/yeQdUAZyDWYbCXRnPxdOwtOEVMinOCVkA9ez0IjKhFRS26IEOQXOKn +XB5cdylee/A8tJ0Q0RrrPrNSklKr2BgI/IE3SG3Ny2KEBdTUEN0NFHhO8aeikB2f +c9Ec9WDcMF/yHQGUFMhPw7tyZbMwEcDpUMdI9E4DzmSI3NRvaBzn6LA+9TDzRRN1 +N2+2zZbE8IKnFYnDKPcDdcZ2+FyPY0px3Glv1FVLBVbOxp+90ZWeAjI6Dmfs6vBe +IwhDXEXvU4sNahHJVIdT7gCbfHSLlFU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.pem new file mode 100644 index 0000000000..f3f3ba0d55 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCrp4XGpALWIn0r +c39ijHYO+hLR2Mv5GKCPNOKgSQtmSoYjhCWtOjAwGa97dGYb9jQ9uEvLco7NBHdo +krMjFxUVr/t0oHFq+MCV0te+uRzzW4wxrLtdnIrorX/BvzmokIOUX52P8iQfuAnU +r5jtSsiqbVZEt20m80sUe2RzEmO78ugu3jcWzG87C99k8vhbPMr+tGLWoZK5nx00 +c4LOYPLZlB3GS2R703lEzAHWGN1fG1UZM3yxN6GKRAUDQARwILN6P2dcIa1dcudH +jdfQtTx/iEhLuCKrYtHQSUCP+9cqhP6XvpAWMRlBza127BeoA99opRABLlvut6NR +CvhAbn1nAgMBAAECggEASGtlf7Bbd/9WArp4MFolRt1PilQmfiHbP3/m6wvWMOJZ +JGvQv3xQr0Ju7C1oFPzy/mUeKSfcQnfTbv2RcUkAPsWf140HPMPU8IDjP9Z2dd+W +TrDa3bw5SMBGKbYlO844jSUn4v6cKfupvh8VbGuELI7zegtPFENJ1krWzsuf4z9/ +uQtpodVlQxunCIXltY6746fK+R0c20idUFPPv2A97nXSmHveYV34aPhQHXRsMKTu +uPMmBRgvpEbtXQBZvSv8vF3/h5apaq4YuC7BJWeD06Aw8sQNd/FiKIkB1G8KFF3b +kr/d9JHNzI+ye88yYJQGhqRkUS0lrpreSi36FLavgQKBgQDU+SuALHUSSVH3xFSN +C4RS6Ax07ospHLnD/7rvv9ys0MpGtyJGiux97GDKeVKT0DQbh0tZQ76YJ45XtCTd +Pb3lubhPm7UoDXFVq+T8LQh4vgpUPZ8Dv4YRR8ah7wne53++ZnxvdKU+bnT4p9ua +TR2AmPi1idHtYN87zaO3haC7gQKBgQDOVV3OMbsL7OrEPlLpcHI5MK4/SrvzPGpQ +BGTM7nQmtvdpQbylsgN37CnSJKgpoiaqyFErhaxcQtTFbvC4/oe6fsUUw9DCuQJz +BOd1P/rN+efLTGVKWE6PTiCq+c19ekgv/3ONrmeBkVmhufsFgdanFDK1JCmGHYNT +nHR+vjtM5wKBgQC3+6mAyOc6LO0Kxijk0BY4KQ7Z1VmS4qX4lGvBwlW5VYXpITwT +BODYx+O2Bqk32J2rSm3lZ4i3mTR2v8E4/6WVV6PJ4hHV0Acgo6bl02GGLWZu7+z3 +J/WB6CfIrOAyGHta2N6WyoYWMQYL6bbkzcm21m/FJJKeJxmyaCwO1vnMAQKBgCws +rKOrk/8unuia60ddMqc52+RjDLA7vAsblbUmTCnJvFiFoWzcGs/++Mkr3fDj7WFc +97vYp5ktGb6XTOReYhK0d19FuRknYPXdE+zPYNPecBjfZ0QuectGj8nrJ2p41qGo +EEZCE5jy1HzCg5KfRKSKt3x+nIFBKk+pTGuiMLH7AoGBAJ7VZFGObG8bXatDnPdM +Q9g87Ja6iti7JFPp47O0FgUWwNHmPMY3xgzR/vUZGzezZ972wjsOteiIU1W6smc5 +HNfPjj5jWNj6FPBWsQBXvZzjgZX7ps5NU8HYaMqsUzfvo31WpjnMeSgDLh7CjOYY +Zfj/jtwh/dFOYiJ0nrYHmjsi +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/cert_path_CRL_13_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_crl.pem.crl new file mode 100644 index 0000000000..ae18b381e7 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ1NFoXDTE3MTAyNTEzMjQ1NFqgaDBm +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMAoGA1UdFAQDAgENMDcG +A1UdHAEB/wQtMCugKaAnpCUwIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNV +BAYTAkRFMA0GCSqGSIb3DQEBCwUAA4IBAQC2/Df+7pIVjhYPwm5CcPdo17fKqFEX +T87rRxyh3fy7T9TrHUiAoEVZsNAfn/nEPxiKEDi4NCcQobrvZTgY8/bl+Xb8f8lB +XKKYJAv7ShYNzWuF40ANRT+on+p3DfH086B/waK8TZISULwTsyAnkNF3eLbBnuDQ +ShP0uJoFta0P44WgSTIMIN4NlwJg92DG0Ywv4sUAUWG7jrRDb9Ydn0J09zb+zVUa +m1ZnFpVPwnEZKmQ02xMVmijKFqCHFBFc2dUXDilDN23UAuxKHo6YpkkUlu/DWsDH +ZuKcjAIWfiMaCDBsuDuSrWXDX7uzsj5XXh07tEp2ePCGIZOaMSWakSMX +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_root_crl.pem.crl new file mode 100644 index 0000000000..cc20258446 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/crls/cert_path_CRL_13_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NTRaFw0xNzEwMjUxMzI0NTRaoC8wLTAK +BgNVHRQEAwIBDTAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAb4U0Ah0R63kL0XfznmvsmwZjsgEI4fdFf2QMUV1TCjCt +uTCiK7NvsvWW1kTxRJQJtsboEFQiDnFLmx7gg1Gztm/CZSrTIXdOjHJQ97MX+AvC +i5iCRFNKvbjQFryfuWI9/JRys7WqZWHp5biCS8T5YttzPxxlL+I1ZCbrzuuhLxTC +jOTylugwgkVJ7D5SLRR7qjQsnMLVretJZuGWKlupsH2fhTu53z/DsC4UMsmOPks5 +Vk5UC8n4zszrM7G+G+CPh3ju82E6cuFLV0BDgRfezosfH0/kcJ3++x2vaBkzXpdn +zcMxKTgpb92TWtEzTFrVXXduBDFXKt0kt8zvfoUPYg== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_13/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_13/description.txt new file mode 100644 index 0000000000..154c67b2dc --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_13/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_13 + +Purpose: Checks the behaviour of the application when the certificate's CRL distribution point and the issuing distribution point of a CRL issued by the issuer of the certificate do not match. The target certificate is not contained in the CRL. This path is invalid because the CRL located at the CRLDP of the certificate has a different distribution point and no other CRLs for determining the status of the certificate are available. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/cert_path_CRL_14_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_crl.pem.crl new file mode 100644 index 0000000000..09360427c1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_crl.pem.crl @@ -0,0 +1,6 @@ +-----BEGIN X509 CRL----- +MIGYMIGGAgEBMA0GCSqGSIb3DQEBCwUAMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENB +MQswCQYDVQQGEwJERRcNMTcwNzI2MTMyNDU0WhcNMTcxMDI1MTMyNDU0WqAvMC0w +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwCgYDVR0UBAMCAQ4wDQYJ +KoZIhvcNAQELBQA= +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_root_crl.pem.crl new file mode 100644 index 0000000000..80e9799537 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/crls/cert_path_CRL_14_root_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmzCBhAIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NTRaFw0xNzEwMjUxMzI0NTRaoC8wLTAK +BgNVHRQEAwIBDjAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDANBgkq +hkiG9w0BAQsFAAOCAQEAO2aU2IabdYF3cJfJXKUrVOPxnJ94U1W/EpKuFbCWWO8d +AvKDtmx57q+vGEK2Tg/wuj7wbOky/K9REDD+Q8iyJec7sTcwf6/C+Y4165r8rY4r +31ojldPFohrmE728fpLXJqSyjJaNVIvg1Efz5TNCZc90Yu2AXVBG82bA5lhOMD99 +ol5Z2yERMPDMLwNDV2oRu5EMxp2Sfvk2oeoqwhEYQ6TBaOoN7QturEdDiQta+ZyY +6rGDWGepgZi+AKnS0yyK/sqSDsU0fwYscQXapE6qpshs051px11iplpjeBoifBCb +7+a6gdlHmsEq2/E/Ihp6P3p27jHldCAu0A3s8ETwSw== +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_14/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_14/description.txt new file mode 100644 index 0000000000..31e9d8f01d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_14/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_14 + +Purpose: Checks the behaviour of the application when the CRL does not have a signature. This path is invalid because the integrity and authenticity of the source of revocation information cannot be verified. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/cert_path_CRL_15_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/crls/cert_path_CRL_15_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_15/crls/cert_path_CRL_15_crl.pem.crl new file mode 100644 index 0000000000..3bbe4d53af --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/crls/cert_path_CRL_15_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBnTCBhgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ1NFoXDTE3MTAyNTEzMjQ1NFqgLzAt +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMAoGA1UdFAQDAgEPMA0G +CSqGSIb3DQEBCwUAA4IBAQBBqsPMC7wZMLXas8fEtyuDNEc5YAGt5GbhSD5rPIRx +3MjMivzBTehHJGjltw11361jyxnUiGgncV3nXGeiYNsHUB3SCpamNOzw/2JkQH3n +uF4JU3EqCq4hfSWA1+ZwQvSdhfyOQLqtOrns7dTCdbHXnYpdTWDxb0Mt231WOOME +Ho/Rm1fQHrximADU1A3EQUSRjc6fJFT2bcujMRgO/mpNSRAgfrO/fDVCfm7NmTpr +whfoUTHs1yNZ9LnFplHZnhAE1eRFVA93Y08Zjjtnw7eHg80E89cua1tcqkJ6LUnz +upS2MmGA1dJ6Ek3LWFWHyJQ8dZghorJycxvOAElHSTPv +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_15/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_15/description.txt new file mode 100644 index 0000000000..8fa3bfa9be --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_15/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_15 + +Purpose: Checks the behaviour of the application when the CRL for an intermediate certificate is missing. This path is invalid because revocation information for a CA certificate in the path is not available. Furthermore, no CRL with matching distribution point can be found. diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.TC.pem.crt new file mode 100644 index 0000000000..bc4cf6ff46 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQ2WhcNMTgwNzI3MTMy +NDQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJWomlxlqcdd/t7IQjIGy2M0nEP8Bah1ooLr +Iq73gzeVFM4qIjKL2OyQYbJDLkMXWUmzmX5P5cGG3pjAJ+Van0ch+OL6Utj8RijJ +Ufc10Oo/TIVzIXbMxIa1oLZ8gQ73nhFkNxQZxzgsKop8wPPTdo41p3DSw/+a9cD0 +bmqgjSMDYydfuo/42bLeSmlLYhF18T5C1gUn+JXMvQJSI6kLPczsi+mQ0N0GtV0C +1whWBo1atAUK3OeYGRDzIXnE591vXICYg1JBjjEYe6VNK/B3vCEu/QFRLtF3IYHc +loU4uurI8HfgeEbJ/H3/uDrUwgahuoIqRXtxNIQv1qGXwbAnPBcCAwEAAaOBsTCB +rjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vbG9jYWxob3N0L3N1YmNhL2NybGRw +L2NybC5jcmwwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0O +BBYEFITwNLOf7HFKC/d5A2X3c8Qdd3sQMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMB +Af8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOC +AQEABaLToWh/aCEOlWbi810W1FeAvkwJYSqyYK6hyFYiQ6dn0x4OnqytfVxYKaj6 +wp1OOy/aAG9sSak2/Yp18J7U9Nnl/fz66TNBwjsipAo2auHsqfvrxQl4xEyovdzp +OhJY4gLUPrmbecsmI4UTU6Xl9IGMDh9LPAn1ErYUvvolJp9Y6XlSb/jHT/7BDMmq +JwToSRDikiaCKtrjQvtgw5vFUfcBqKlQmy70ZxIHW92E4cq1twugzc1RpO/c0mxj +zjd8FaHJYT9q6z5fRhloqN6w46mS9nbt8xa4As9ULoMcpeVglDXXLh+A8HLLudWD +ZB6LDkS9rU3WAqYfPzNZ5AR06A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.pem b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.pem new file mode 100644 index 0000000000..c2f12a5a59 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVqJpcZanHXf7e +yEIyBstjNJxD/AWodaKC6yKu94M3lRTOKiIyi9jskGGyQy5DF1lJs5l+T+XBht6Y +wCflWp9HIfji+lLY/EYoyVH3NdDqP0yFcyF2zMSGtaC2fIEO954RZDcUGcc4LCqK +fMDz03aONadw0sP/mvXA9G5qoI0jA2MnX7qP+Nmy3kppS2IRdfE+QtYFJ/iVzL0C +UiOpCz3M7IvpkNDdBrVdAtcIVgaNWrQFCtznmBkQ8yF5xOfdb1yAmINSQY4xGHul +TSvwd7whLv0BUS7RdyGB3JaFOLrqyPB34HhGyfx9/7g61MIGobqCKkV7cTSEL9ah +l8GwJzwXAgMBAAECggEAQYSdh0POjwRcdwWuzR3iXp0CqFSl2XkeWzg7Z+Pd4zB1 ++kfBzuUgY3hV/OeiUibfpP9mfEDYMeAshSziimsg/dAmmJ/EM1BGGscABjzeKB7s +DiQ4Cz1b8CmFoT5idb37yltYLYmXiMT1Hsm840G5Tkq48hCjU7xwSDf6Ot3sy92d +X9Qc3ws2QVv7hhkuQJvyGl052OI4oU/U6HgnD/zxd5BetAa9zG5BkT2n3J81dDS8 +YPpnA+5sO7GEL7M++QEZ+bJhhvXAga61jQflSNu1notf66U2HXn7X2R2Qk15V5JZ +ySzRTBynbCLgfAXS35SavFenuuq0oINvV4dMbjiGoQKBgQDFtggOFPIVm77ZPXXQ ++LNs7fNGM4aDQrvHri+j5xzuOTZ6kftJBCXUVNq5OuKbaxlhcaMJxr/z7xngXs8Z +A+1NYNdiRNzJqU+uwNcY0QtvBpsSr5DEO6fiqb3WxAKyLJETeD9qIbTK36GShliz +sqx5vpb64lg5coMfbiyouWnw0QKBgQDBx+EF3cpkgXYAd+lWFYl3yt6XEm9zfZZn +VK2yW0+03xUVLyte1APdYxFTuD22W2cxq+1OyNGBT6jplL3f8Xb36LmmYWy7QYHx +hbLYF7bD84zV4uLsItTQh7FXrtUw10+8s+fzUu/P4bacIuiebyiwdVH1g/AlUyYJ +zqGWq6fYZwKBgE8wBm/lccS32avXEv487lh9wcdnUcP3EZD7sjcalRrRLYHQQG5R +S/mMdwJjlGmdbs/5nMyIn09Lf/i+4IHrcbthQ0Mnw6q9tp2OvVhCOisg4TGNwhTm +s+p0BAYmAdJtSTocGoIet/PduDAgwRxQPwaQEJax25Y+yEfpb9ewU79RAoGAF5Vj +5Xrgruqymcv+MePdHx8ph+lOdxfJvjmoChTi1nhv8GwVMy1Kax8rdKzvlcn5/SmX +cAcwuDQhsovPr/mLKRDBx2YD/aYzUlmbMoFwVNjHQyChzWtPyzE4fBtjBtatdaHP +kOV/GiW2O7pj5SRSJ2ef2el8yI4eCwOC1vt9KfECgYBW51G7ijf+dyLWQc+1IFWn +QakMYPxzVO0LwiQwTALTDsNQv3QR2wBJslVgDMbR0oNkoyy4eJ/3A0z92bwMTyVq +F610JDh+LyYcpCEHBQlRq8GCqilKHQYqdYQp5/luOQt+nWb/rllYm1x9Zlbakdf7 +QIN5IZdQJkLNcMQ49t3Drw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/cert_path_CRL_16_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_crl.pem.crl new file mode 100644 index 0000000000..ab4551ee32 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_crl.pem.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBnTCBhgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUXDTE3MDcyNjEzMjQ1NFoXDTE3MTAyNTEzMjQ1NFqgLzAt +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMAoGA1UdFAQDAgEQMA0G +CSqGSIb3DQEBCwUAA4IBAQBDaqIpNdY1OThvWbvtlGbUWX/DRz9CZYcNae1RXk14 +6IXNhqtRMcvlVEeMqoxG5Q0kza9sAWUIPitUVKMgxpZpcjhwLTqn5W13w+cmnWBQ +iP+mU0y9vSBdkipsmMTeFFw7UmWsN5wB8M4MropIrbSpeQfhEoCUXYfJl83vb/xA +CLNSmP/f/6HxCom9kb026ZK9KPu1kDj98nBo5054AynHjX/O/rboroihNj5thgEI +1a0LoONEMVIjfH1krwVF5Sy1ZztV5tachny3rfl2E8SzDpLYPDhGuMj4GHOswYA7 +fW/qjOe4hAy4BGfcNSkKQc7vIvevFoDIJIMVjY1WXDh0 +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_root_crl.pem.crl b/src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_root_crl.pem.crl new file mode 100644 index 0000000000..99867bf440 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/crls/cert_path_CRL_16_root_crl.pem.crl @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIBsTCBmgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0IFJvb3Qx +CzAJBgNVBAYTAkRFFw0xNzA3MjYxMzI0NTRaFw0xNzEwMjUxMzI0NTRaMBQwEgIB +AhcNMTcwNzI2MDcyNDU0WqAvMC0wCgYDVR0UBAMCARAwHwYDVR0jBBgwFoAUx08Y +hC18r4z8hj9PCEIT2SVAanAwDQYJKoZIhvcNAQELBQADggEBAFKIhW6Ym8+ob64o +cRD7FrkGK29uITpPvjMqBTf3JigYOMFbwXwZYFUL2rNpqV20mJ3Ekfnax6+LkLwx +MgiqyA+ryOy/lM/5LBcRaFpUeSaDbaF/mS7m4+RutUTwCsz9ga+PLOCd5+SlK1iC +LVjLpl1sE/Y7eHlKhy2+QuCx/AcIMTk3Kh0i6eNMX1ztO/almHlkso3vJVw2HxvA +/0l40S1+xphc2d0100ApsQ8RiK9BA2nttFUzsuLxmQ0bP0YBb+Ov+XY5uG3pJPch +PN1ent2K4+8+Ia9lLKu85LsZyMyTS6Wh+KBeVf+yoTK+t4sdH/gi2wgRWHE8diXU +bdjiRHA= +-----END X509 CRL----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_CRL_16/description.txt b/src/tests/data/x509/bsi/cert_path_CRL_16/description.txt new file mode 100644 index 0000000000..2678a6fc34 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_CRL_16/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRL_16 + +Purpose: Checks the behaviour of the application when the intermediate certificate is revoked. This path is invalid because a CA certificate in the path is revoked. diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.TC.pem.crt new file mode 100644 index 0000000000..dcf4f694e9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTMyWhcNMTgwNzI3MTMy +NTMyWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANkAj2exG1hp1EwMp+GefEeSNb4cVGX3VjnM +B49BM+pCiQrL9KvDThtfI+dbdefCgLMFwWkCOWQgNA0QBxQc+gDO46Xgbgg8Exno +s6wdF5HHuNCbYT8qIjMIcfQ5ufn4gxLQk+/wN0Bz3XzlJKY8aV5qNTQZf+lNQL3S +xMpDzLwGeTYvCIcDzbRCrRAbJ+ssogIkkktLYEKAN/fsoen1KYZPY4i9w8b003Yv +tkKJalPip+/ISr8O9F6Yio0aRYaguSwRtTGfH0sHYkWbNyGGR8zd+00GkggVSIxs +XGS2IJWL0SD3ZBw3Nc8yPADMlgriXF6oqp0A5NePq6RSxfiYWZUCAwEAAaN5MHcw +HwYDVR0jBBgwFoAUDGEFpkgt32d8kbj8Nd9GGj8sdHUwHQYDVR0OBBYEFBzuHo5F +uBuNj+7Jnfh/ZHWsk4L+MA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAM4vb+vXR +4rbm8eJnOx1Nnn0kCWLKtyy4E2Pw02utJBsm3LyLISjlsF5ep+sEB1H+QmwKfFHJ +vb7YKvN7XHE6H47EX8Nf1IplyNU5rS2bcKCZvuXjKge+qRgF8xi9NGK6SZY6hgEh +yMHJDU7/gs50E4PS1YSL5LN9lMf34mJfzG3nwtz2IY7asQaodCJUV3JZfeVG9et+ +tXfZErNvXxTuHpZYeBMWtb04rnkKjEfOI60JAVnF80O+rmxVVOefzyKAUhOp6aEv +/4cNI72JBdlfU1PCVsfRStrROxGnGjTPAMtLmrTIZN6poRfNOVRDg3w1jpIyIKcg +GBUQ7J9V86h7wg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.pem new file mode 100644 index 0000000000..9e324e649c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZAI9nsRtYadRM +DKfhnnxHkjW+HFRl91Y5zAePQTPqQokKy/Srw04bXyPnW3XnwoCzBcFpAjlkIDQN +EAcUHPoAzuOl4G4IPBMZ6LOsHReRx7jQm2E/KiIzCHH0Obn5+IMS0JPv8DdAc918 +5SSmPGleajU0GX/pTUC90sTKQ8y8Bnk2LwiHA820Qq0QGyfrLKICJJJLS2BCgDf3 +7KHp9SmGT2OIvcPG9NN2L7ZCiWpT4qfvyEq/DvRemIqNGkWGoLksEbUxnx9LB2JF +mzchhkfM3ftNBpIIFUiMbFxktiCVi9Eg92QcNzXPMjwAzJYK4lxeqKqdAOTXj6uk +UsX4mFmVAgMBAAECggEAQ+c4eJaDe42WKHv3VpLsycqXNZeQ011rpmdRYELjd2T9 +lBrRQ6Q4Pzlstzs38F89PYfKB01yXwHyt7mxtVoB4xnaQ3AwjjQaOAvImU17MBti +mihc7FKHZBe67NTZfL6GaW9KM5Uj/O+kua3MY5ZY1HoAjv6Bt6P8Y8nd2XsQyC7c +wAfNoAwhIAeOwmXXqNNbAroXJGUxajjbgMmSZRyadWTTBswXrB/4sjF8RAaeC4P8 +YXw/Y5YjrA61L1vHdSK+kkJlRPGxq3JosaMeviyjyY+yYKpVbp5R8QBywTHU3cEp +uYGKxj+81k0GQoCAtyHAbto7hYOGJ1JWMz/zW+XMmwKBgQD17JG3NuiLg4NmRSL+ +lyecj9B7Csh8gjC21lyzlxLgu0cEzVhmork+ohmp9JPIzi5E0SX1vQtzQJIxoIqj +9pIdCkaF9hAFU8r4i/fK0JHSNwPBBgsNg6wuVNsRsYVB5SdAMJx4d3n6rW2jCcWl +e+f6YiVlP48ZxltkYiYA4SGwTwKBgQDh5KMO128gAmNtcQbA7cTsATXaEMo4o2b4 +WB6JhPKuIc5vs5LfMgf6VxBxj+qIT4u0orSFjqfeMJnyNg57WKqapX4E3dXWFh5Y +aQrsUmkiZpqFLBQW9Wylm2weqEXycuzNX9bxtoV60ibPAsOqMFY4nAC3cj2y1tOT +oT7Oixma2wKBgQDOw3j8HslDy23lxYkXnoSqaGvzl2xa6qcEgpRsVj+D/VFHo1KI +8JVpKKcFMuIx+dADAgm1Y51F6GtCGGWYV44fpm0G4owzvnCvqhbLSbLgmGqqlmci +lKtmROfvJ18PuRfYK0bTLji7X6cHZgbsDJJM/MnOJ7MsC475hl/Ha4GElwKBgGml +4Ckh0uQ6mbvmv8zdp1rlmgUaEyn4KkF+HRIeLs4IG5+ccdWXdam8rIEgWQVVhrZ9 +3kYUmShOvMFOTOmdZ3Uab1zhT5BoGdspjaVHScqACEa+fcrbD+xIS4HvG3+wBlZr +O4Ei5zyxKttopJBlOP4S4Dbr5DVPSfbi1BgPcHM/AoGAJ5kFdhl0kvRohpVn76ob +79tcsrFA0yni5MW/BPj0T2FQTEKFByzA01Qsrj3g6rsXKTYFQgsFkMaRmH9okeuM +XGSvlB7u+TCOl2gzGLA7XCa2bo2hEway/qNrSuD8pXAXgVgUHfBrz6ccE1T6eCG1 +24oOASeMXZZAF6eBd45l8wQ= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..926bac1df5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjUzMVoXDTIwMDcyNzEzMjUz +MVowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWKRQ9e3y3NyyNHJoZGHZS7k0tzsgIAl +jblMuxOru96CGNYxX+fABGJXrEtiZdo+ZkA3rFQ/iscDfuByfsx9h2ai3xFi+Sj5 +Kdu4AX9GCk8ry7vcA7lBo+uMnbGeOkDYzFt2Y+b5YEi64VbAjzamoWNiwgvetZOZ +Ejy3jauT26qF5Ei43Qs3AQvoK5hlLqUSB8LXMgPFuZLp6qMaAjCJ4lukrv+aegJ0 +DCiwzez0podmTDe9FIpHoieqErT0P+vaFdziO2aqwINhzHW/vdFVn4G2UnnZgSVP +0gt3NbQxTvGjmS8Q+kTcJoXQyKwPO8PlcsjwxohwuKGRmNwb06c58wIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQUDGEF +pkgt32d8kbj8Nd9GGj8sdHUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQEEBQADggEBAHhBDj70/EwW3ZkhlAjfMd+b8Efzr0H7 +nJh9U2qnyUyunBaMy7sndk8MAh/sNoyKmJim/ZcQ9s2oV6uT0aOybywLaDE558TL +NZ06yHQs19VaJNCKJOrcAPPzAAXxBc2tgeMrNEqoZVoYrLUMHoklOGyqewwMH2jG +f8gOCN0oL9IpVdyNMidEPQKr2k9U6JNgbQ2EF3jqA+5SgbrPTdrXgcY4BUtRTcTU +brbGqTMPZPrH+QCj2ucoATw3+omoHWqN4EdJ+52xVPcQJRqWesZZ7x5mDSZc3h9h +A2fwrXHA8lBwj7tlo6A+Xs8AV8eGs8CG3JILF2X+As98oEyBMbkhtT4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.pem new file mode 100644 index 0000000000..17a0efe57f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/cert_path_algo_strength_01_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCZYpFD17fLc3LI +0cmhkYdlLuTS3OyAgCWNuUy7E6u73oIY1jFf58AEYlesS2Jl2j5mQDesVD+KxwN+ +4HJ+zH2HZqLfEWL5KPkp27gBf0YKTyvLu9wDuUGj64ydsZ46QNjMW3Zj5vlgSLrh +VsCPNqahY2LCC961k5kSPLeNq5PbqoXkSLjdCzcBC+grmGUupRIHwtcyA8W5kunq +oxoCMIniW6Su/5p6AnQMKLDN7PSmh2ZMN70UikeiJ6oStPQ/69oV3OI7ZqrAg2HM +db+90VWfgbZSedmBJU/SC3c1tDFO8aOZLxD6RNwmhdDIrA87w+VyyPDGiHC4oZGY +3BvTpznzAgMBAAECggEAOPEMH4TyMN+zgZTMByR5AJmnjhZA4DVye4oKT7ruOqjQ +YDsICmQE9zuw83/q0Af0uU3mvR1rl2/pPs1BBAyTH1R9a1VPilLpKN5uEXQ3wrUA +e7pKY8F++kUEJziclmCjez4LFexVsKZfZi8n/iKaOnikXYg9jef03/3VYI0NL3Mr +7KWdZHYXlv827E5sYHuQOSklL4aazaI0+14QXRChc7pgI+VbY6/7XLnvTOw/+tZt +kvdNIlIEJ8FuColqNPqlSBbN2Xfl99gQvUelCA2yVl820iXHF1w2mXdbaqKX4IEL +ypdSSG+CM+hrO8kPmKRAD9cFEb3dpDq8rw0cdXD6zQKBgQDIvMbXSPcvr8C57d2T +0gXMbhQosFZHlAjZYAAOX0WWhO20zvVwIJpQlpmqGVwjtPSFqsepA42/pTAk4ew+ +tfF9PWtimLLQpk0YxDLLUv70aMA/YBGIA6Lsn/Srq6w8/+790UiuLKyK7tIC1NZb +7XMBX2X50/tBG/lj3upDbppeXQKBgQDDnJJdIR44A20YM8BFizGuUfmTOH4iVSb1 +wwJWXnczcQCnnx98VSGAnuGsLdVlS5jxxxUSHlO37KltNfd3ne38XsN/r2/jw7Vp +57/IGy6dABZJkOsQknNYrp1SnOGp9Sws9Uv8A6T9Y1eIpq12+YeX/nUBg6dFkh7H +04a+su5UjwKBgGQbWKJGXhdm85sFl8m/JGslvmHoRq7dkWguavi/5GlDE3Rm/ZmU +eMCVyj489WlNNeBvIbEU95zKWW8bSACiJbNKbQI3mn1ZYftm5NnnIwRqNO2mEDgf +cCHHR3JRY8zr6ZikxTUvTEDhBtSopdokWYUmuSlU4OlAdSesJHHKd6t1AoGAbYW+ +1XHzj30rmf9vygBTgrzXNjzNMr/mnnffWShvKVg9+5w2btDjfzZ2OIc5EgwvyD+l +Zo2gZjyV6FXtBwZf94u/fkBmL2qmqnNdh9bgVHt1/x6q3o6BEshBwb2hBB4H6+wz +7RjFSjJTEmnwecrgxpNsQ7rI70UPAudGbIOWubUCgYADvzuijPhbwSvlhi4qBwWB +QiVHRbhEkiljEpG3BfWAjt017C7iL7wD/qU1q4Ryq1L596Rt9X7RKrZvF8OUdWXZ +t5Fk/0NfITBHRHPG8oZBOBNNbL0ap53m01gL1C8kWcKt2g4bKiQxCEj5Y4sEsb4u +U5O7lxpwyepVKmEaP3KWIg== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_01/description.txt b/src/tests/data/x509/bsi/cert_path_algo_strength_01/description.txt new file mode 100644 index 0000000000..53fb356895 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_01/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_ALGO_STRENGTH_01 + +Purpose: Checks the behaviour of the application when an insecure hash algorithm has been used in the production of the intermediate certificate's signature. This path is not valid, because the hash algorithm is insecure. diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.TC.pem.crt new file mode 100644 index 0000000000..b0d5c02fbd --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQQFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTMwWhcNMTgwNzI3MTMy +NTMwWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI49+vItPtsSX6rm2HzC1LoNgf2ScYt6YaHu +yApzK9glqqGrbv+ISZ1n0l+Xi/H7bSTukHBbZS/gnXwKhRH8w+8lDM0X66YmsQ8B +iVhHBE5WSvtBzmDELhiF12v++icoM8Xoe6UANdH/F3NyY7Xm3eaKkxdpI46eBRZt +JuMsLD4Rh7w97tPV7lKfDfX73Z2TgjlbGbxwFNps8vQZlcfQCJmsNWNlAtIRRGQf +zq6mDY6CvbXjhrZcpMhDk8QvN/OFIyGtbNmi8GKtMjMO8kCOaetZTa7bs38g0LwJ +myrWGem1g6uLz2jYqXUAZnuwx/q2fXTAAQzQU8IDviaEpdDzPFECAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFNyleISc +4onS39HiiwfwVUasmGe/MA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQQFAAOCAQEAOgAzfkQD +NW+qZDlJyOAVT26K6eLy1gQvT2tcLCAlQG4kg30tnA6onTcffdYZJ2QTYOLKGnXc +dpljjZQsah99dngXyHTkzesOJKg3S+FLU5PppdgD/D+GxLh1+n17JKM8ZmNvQB/y +CmpQZ+8dcuivoCp8iB1Hi0cbkvzOe8RpzIUsjLZ6rI+knzfoL6TT3vg3hk0nkpwn +wZgzdtYOOOSTax5J3UBTtv6nkzihCyHbC6aH5GRMzHwA5+0oCf7nd+d8ZK2kb4Lz +JofykPfTzX611NTk+r5Yc/4zThPg++gofHFRMmMewM8a0A+ORy4Evi4sU88Ea3ZR +hn253wqotWl80Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.pem new file mode 100644 index 0000000000..0bd8271eb9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCOPfryLT7bEl+q +5th8wtS6DYH9knGLemGh7sgKcyvYJaqhq27/iEmdZ9Jfl4vx+20k7pBwW2Uv4J18 +CoUR/MPvJQzNF+umJrEPAYlYRwROVkr7Qc5gxC4Yhddr/vonKDPF6HulADXR/xdz +cmO15t3mipMXaSOOngUWbSbjLCw+EYe8Pe7T1e5Snw31+92dk4I5Wxm8cBTabPL0 +GZXH0AiZrDVjZQLSEURkH86upg2Ogr2144a2XKTIQ5PELzfzhSMhrWzZovBirTIz +DvJAjmnrWU2u27N/INC8CZsq1hnptYOri89o2Kl1AGZ7sMf6tn10wAEM0FPCA74m +hKXQ8zxRAgMBAAECggEAHlh3uIHRlpARa9bq2ZcBJh4qnMvIwH5f5NmZwKz4bhj/ +EZWOzSIovlV/aphcqUe/7bCdjPLan/+16VgfMoqvzE2lsP2I7v3zKSXlRLmF4CaF +wZu06S0BPocTQb14ZbEsdmzWMAne8YmP2bfOMOjrbzsiDU0HYm4w3Kt1r+JlH+px +DfTuak3D9XCpUwimtiL7V1SDk8v7cNkgEBCDfcGAo7yAbGoNW2j8LMHGDFBGFLdV +P27thRNadLZfYD8Z2i6uq/iS5XI1xz2C1S7klzgDuJFGPw3W8ZLecwqU9ZHgcQ7u +0NTbQy3a8vAc4raVAY/4chlCDR0/I3J2P7zBV3+OaQKBgQDDo5nCXWfbH1tfgQNx +aRp9SybqEnucMWzt1dgswudHA6GM/1m7EyHnkKYwBMwoRrerianspB9vl8seHsRS +jykbJNJYx3O+bp5UXcq+iB/r2kk5IxoSQIgb4afXV+UnEWMLE6CKisS/oeYW4RSZ +8yiiJvBhfORETX2VPJbS3+BRnQKBgQC6INzatrZ3sxfCo9gel9iiTr7ZTKyOB+rd +UXCAlpeUxKpMiBG6wp5B3pS7Lfg1qT/TJSnPdn9Qq9riAtzT4e/4Am+QprsPd7Ee +U3/872ViZhzIFj3mNdthrpMqQYk7XyrzkS2FjkWaqAcPska221hkPhQ+/4GjeAwA +bUsaNVghRQKBgBa2D0t4/G17nmff2j54LRMOfl3990uSkUqq4IWRureLvF1Z51jI +R89SA3jflbO3Qesv+AH4q42Q2YuNlszewa7c/24++TjKLqcsnDSyKMKAfK+dW5Fy +3FogQBPHqFp4sj6+8Iwkv+JfMQ7G4lVc3QK18oHetcEYHdQNTJT+WFQhAoGAQOmF +HKHsMQK8np0VmlXKr5BW7uHWrBIGzvjAC5h5dODBo78wr7mAB+jgZgc6MTy9jZ3A +XyIsdK36wCfPa/W4Av6WehQr2NEdbD4ivMugyBhkoUNggxD1WbPQj0Qb4CDokdln +ztQ3YiCHlenOz6bfxNYBqZbiV2hehyeWsaU4/yECgYBY0d9yd7ebJOveOYWA2Lu2 +Xcw/AIzsazOaGCcM5BkIWpcZSqcXvZ7FQCqBoEL+HIAnyiGOPonTIC2nnRtcJLpg +YyNq2X0t5fAc4F7ff8pxjKm/u2cV7h7L3PbmmHBUaKYRgWX3fzj9Z5QBCGF8dI+L +4KslPXPdFi7Ydx6ddeOeUw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/cert_path_algo_strength_02_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_02/description.txt b/src/tests/data/x509/bsi/cert_path_algo_strength_02/description.txt new file mode 100644 index 0000000000..5356ea228f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_02/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_ALGO_STRENGTH_02 + +Purpose: Checks the behaviour of the application when an insecure hash algorithm has been used in the production of the target certificate's signature. This path is not valid, because the hash algorithm is insecure. diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.TC.pem.crt new file mode 100644 index 0000000000..a5300caeb6 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTI5WhcNMTgwNzI3MTMy +NTI5WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMh+3tSIlj1ZbmP72KE+PT1yXxlu4lqOCsaN +blYdRJjzJ5iPeu1Ax9FwJ28lO1seoPkDqfZH6CSbKNS6GnLYcyfc6Gj+e58OeJFV +nJY2lC9fFbSwIZ9LHx6AN+lm5UCsQR3Uz0MOBRGfOeKlYxlaILQ33k9U7wLybag4 +B5THktRQheudUwMWKjcR0X9Ylr1gndxms2ZMr1OplqKY06TZT22TEJwGOMuQjeKO +B3WrEMEXLQjiHdvS4cGWQbnztIjL5gnIuzuKcq0yGGwZ+zjc2R9fnp0opTdSh12q +EYNJHY/vnyf1HGD5ykjM9AVnwzKx0ZJZaNK6u/vuUNuJWAznWaECAwEAAaN5MHcw +HwYDVR0jBBgwFoAULa5+XRvIsP9Shzl2HSl+gqv/Ys8wHQYDVR0OBBYEFKXmlXPO +m1QPQCX/UG64UewAqQ44MA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAM58DmpZD +s2Sm9iDSU84sxNsHX01u8sKU/5fxslFwMufhuA2SjwoMIhGAxh3GTdDKCx/xT0Iu +l2svdI7ZvdMTrpgJYgLqQaugevDYPr/Ou5CWvtjyufFxoLiWV99KAiGkMujnjm9j +Lc/Oi3x5waqy1J83Dgmm0XO1LAdvv+PLbj2gLNomwwvKp7ZfKkhBPpZ6kelND3rB +EAWxpMHwHpGjiQiH0RWUZfcuI2DSeZRXnNK+yAOOVgt79Lpk8ctDYelXdWk/wJ9m ++n5gmN1HnYzsZgUMWe3pzesKpnkX9q4/o5cVSZMZv3IxYwIOrq2JY04wRsb5S2Ev +412s4zjbtcihXg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.pem new file mode 100644 index 0000000000..7e602e5939 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDIft7UiJY9WW5j ++9ihPj09cl8ZbuJajgrGjW5WHUSY8yeYj3rtQMfRcCdvJTtbHqD5A6n2R+gkmyjU +uhpy2HMn3Oho/nufDniRVZyWNpQvXxW0sCGfSx8egDfpZuVArEEd1M9DDgURnzni +pWMZWiC0N95PVO8C8m2oOAeUx5LUUIXrnVMDFio3EdF/WJa9YJ3cZrNmTK9TqZai +mNOk2U9tkxCcBjjLkI3ijgd1qxDBFy0I4h3b0uHBlkG587SIy+YJyLs7inKtMhhs +Gfs43NkfX56dKKU3UoddqhGDSR2P758n9Rxg+cpIzPQFZ8MysdGSWWjSurv77lDb +iVgM51mhAgMBAAECgf9Wmo5TuF+dAv/rTcIDEHbq15J6Wb8i/VtmiP15zhkBDNr3 +nOURAGp10PrB95Jp0/AD8n4VaaevNvJZCKNeLURBQchCmtxA8U09nTd6c0IZaThf +enGHGwHwpPkpfsi9CtzycTZ3ArBRIsQjXs6u35wvJ9VfS9x5f3kw2bld5H7ER/WC +YQ9UGMF6G+D8XHPl8eqKAj4+90fb8BLBL8znLvbY16K3qEZrEtg8Ov0GUajzDBab +Q5R/RAsWKYWUP1fHDYe3mjqxWWFSxctLlg7abKn9x1YXo59BBmMkntc27l7MQs8Q +pYKS3gegTw6ScvAGxyLq54UtXa+a9wNssS29V+kCgYEA/So6JxyLjv7pbLUuX25q +vGzDvvax04HzHB46ngtw2HIOuCDjTG2BFHTZHEUOysuJN49vbXHQgIQlDVWT6aHk +NXPJ8339ahstssOB5JtkGdIbPLk1Iyo74DOSCfQYVj7cSSJHAKQqMp5phpDQSDwR +wXol2E4gk/rUltGjZgx85D0CgYEAyr2mnRjbfc33FjfCwMKGOsnzgFiiszfoXm/x +GfF/Vk0w+iujz+tjw6xipGcMO4TSPt4iu9Lt9NBl9sOPRbBAFJzLBz1qfBVlPOGo +GeihvV40NBnQKn/Shibek53Ez+1N1IQIqSokWD4kATrEp55JjLwhTsn/f0+mQgSe +lAOZDTUCgYBvnZRx9fXZn62OTfsZ+/Z3CITsxpr0I1DpzrINSAICi5bNu0I7SfQk +7rdh7VhuNHpU0ppP6GQCpUAottg1oziYEGqzPZLimwT00ZmNDq19bNKxXP5+eHpZ +iKMUXFf2flRksgYX1Ej+dDUWLPaHQmSZpp7U1O0sEOR1cgvWTB8sCQKBgEaUNU+V +Wrv2GuGKMetnDNGkgneY47MecG+H6thMQTcrEjTVQmbcnFN/TKvND+4cdBDcxhy6 +9on2jriUJeltzTEf0HJJyCtAS4khSaMTYFMLW4MTxWs2KnT3TR74mo6EH0cvW9CA +UjzCDUi8S7/Kk/JBgBrsqVyJvuhWsVn30q1NAoGBAKxb0zVEZTZS2D7H7fBkan2/ +MwVc5172gZBC5Dkm+oerjrXcF5EgmXzzhymBQXL9Y4jpJC67YqNsHJo1c9HdKRi8 +b3n0fVd02DZay1U6pfag2LUyMy3+HQGgL6VdTQYKZ7HBIsk3w/lnt1Nx6XYgrpYX +y5XH9DUu6+QhZlv4XdyQ +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..b75a9a4cfb --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjUyNloXDTIwMDcyNzEzMjUy +NlowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIDANBgkq +hkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAiAiItGRU0P++AlTFnR5qyB8CLp+2XkFO +7zzzthc7Nnxef3oFXb+2zWuBkEI8FhvVm+bNwzwxHnWeqApwvhHqOVyWoJseN1og +jJ1UIX94LE4scTdL0FxgJs632Enl4MsnpbhilOi9qLZwyQmAItrR5uopmYZ7PRee +NhNnxnj60CYrMdWzOOEJf8DReElLWNPa6gk1cXiU3TPNAzVxH2KX/3MgHylznKni +X+r9xadOxWC+ffaXmrjdz87NxKFI0t+OnTqrwBuTggqo1TGGmpEuksRTrCXejVeS +RbfdsFYHMPDrliGasOWb/2tUWOaIZFHPDwIxZ4xSX4IsK20owdCcUwIBA6NmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFC2ufl0b +yLD/Uoc5dh0pfoKr/2LPMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQBB0FiTUy0BJcxDua6grGz4/PFd62FB1Eda +7ozlR31JM7oNmJHjNQjNu9BiO1LbkYveDGoj5L1EobA4ZqWQ5Tw9quC02WPRxeUQ +EbSMIjvcIlSdGASESFN1wsCrYUp19hOpvRdbaqW/Pl2VLGQD+YFW4xP+6br5hAkd +nI89hszoiQXbxpKoWGWnDd21Ufsu/MUmDj8XpOZJAcT8k6wnev0ad/1HaA1LnzoB +1J32I+Ni5OqVlkFeXTl8MwfOM5wgUcjQBJiqwc3/0rSDx8fZbhoo1r1CfM9n4hMy +3nzXbPOgtKRneIWCnQ3HEpDj9D2KaovdDYfHCLcNwjylB7E+yS4R +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.pem new file mode 100644 index 0000000000..ed136187c8 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/cert_path_algo_strength_03_sub_ca.pem @@ -0,0 +1,14 @@ +-----BEGIN PRIVATE KEY----- +MIICOAIBADANBgkqhkiG9w0BAQEFAASCAiIwggIeAgEAAoIBAQCICIi0ZFTQ/74C +VMWdHmrIHwIun7ZeQU7vPPO2Fzs2fF5/egVdv7bNa4GQQjwWG9Wb5s3DPDEedZ6o +CnC+Eeo5XJagmx43WiCMnVQhf3gsTixxN0vQXGAmzrfYSeXgyyeluGKU6L2otnDJ +CYAi2tHm6imZhns9F542E2fGePrQJisx1bM44Ql/wNF4SUtY09rqCTVxeJTdM80D +NXEfYpf/cyAfKXOcqeJf6v3Fp07FYL599peauN3Pzs3EoUjS346dOqvAG5OCCqjV +MYaakS6SxFOsJd6NV5JFt92wVgcw8OuWIZqw5Zv/a1RY5ohkUc8PAjFnjFJfgiwr +bSjB0JxTAgEAAoIBAFqwWyLtjeCqfqw4g74URzAUrB8VJD7WNJ999866J3moPv+m +rj5/zzOdAQrW0rln471EiSzSy2mjvxqxoH62nCY9ucBnaXo8FbMTjWuqUB2JcvYk +3TWS6sSJz+WGmUCHb8PQQbibKRskSzCxABc8i+9GxmZZp34Pvs63moRQpzVtxBtn +MYKfP+B5GhgUXNO9iIzvPMo79vypHWfNuzRNiXziOGFpKLKNSoF2DzanJoIRFQGF +o3UZn3DTWiHvfEunMXVNdI0QgfatmH3N22tPMhb0uwVT10RVJNQgyC5tfRMGKdIv +9+J837XjGjxYj+47jMgbudGSKNqILvX8gsHDlisCAQACAQACAQACAQACAQA= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_algo_strength_03/description.txt b/src/tests/data/x509/bsi/cert_path_algo_strength_03/description.txt new file mode 100644 index 0000000000..95c7616f79 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_algo_strength_03/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_ALGO_STRENGTH_03 + +Purpose: Checks the behaviour of the application when the last intermediate certificate contains an RSA public key with exponent e=3 and the target certificate features a malformed signature the acceptance of which indicates an implementation flaw that allows the Bleichenbacher's Low Exponent Attack. This path is invalid because the certificate's signature is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.TC.pem.crt new file mode 100644 index 0000000000..54c9719e22 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDQwWhcNMTgwNzI3MTMy +NDQwWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnf+SomZg2kmj9WC0/yQSxgvyuf833lwr/l +/lzmQ5B+I7+k0SPr8iz26XwWHmjNPMwjb34fO6TQSE7qNdmjr+fplodoArAqzm1X +m1qLGUDUKBNvq+YJDhONWQmFUSDYVAK07mILO+ocd7WweR1XBc0BL68WXBrQOQuk +O/ebf+1FR/ojokEK6Z+WyB6LhvhZR/0Aub8TeVDaIh42w0azIXeS3GLrj4SUxmn6 +3b5UK5sPXpuu14IkQd3TzWwbEDpJaycuTOeUFFh5t1JpqkNX7+l64fwKvw0Cs7Zz +sPMPz147BYbnRaKYL77wTr+/bFCM5i4IjugosoSbtHIgnmjzLl0CAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFLRG1KI9 +qCALStFaBW4O2PWgqVyxMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAEDMSJg+Q +09E/y/0jJTmc3ce7v1KY6dBMi/pfm8KbY62faXDm0ad7PQ7THWa840YrVnz+lCEC +vzLL1locq2UDXuYS4dbgR1WcD16XyPBHJCQ4ctSEsMP3B0UjAhyEWGZxr+2ftBtZ +y+o3Ch+i+nJwvJUbrznqdEI4PKZaftjK3CeYurS15VQxJOIisgP2tY101tsPcnlT +Dzh9/1nmvXD0B34sRAeckxsXFNNz0vcuhxA/HLjRXCWy7+IFdKhqWoFscPHF8Ehe +2WjdionD8pTNYc+04DOVP47QoKkBkhosVeXYZfNlDh6TE5LVBve5oGD75ponkVfx +2AqDWMoYjl7GXg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.pem b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.pem new file mode 100644 index 0000000000..0f71e04bca --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCZ3/kqJmYNpJo/ +VgtP8kEsYL8rn/N95cK/5f5c5kOQfiO/pNEj6/Is9ul8Fh5ozTzMI29+Hzuk0EhO +6jXZo6/n6ZaHaAKwKs5tV5taixlA1CgTb6vmCQ4TjVkJhVEg2FQCtO5iCzvqHHe1 +sHkdVwXNAS+vFlwa0DkLpDv3m3/tRUf6I6JBCumflsgei4b4WUf9ALm/E3lQ2iIe +NsNGsyF3ktxi64+ElMZp+t2+VCubD16brteCJEHd081sGxA6SWsnLkznlBRYebdS +aapDV+/peuH8Cr8NArO2c7DzD89eOwWG50WimC++8E6/v2xQjOYuCI7oKLKEm7Ry +IJ5o8y5dAgMBAAECggEABRVOEONl2auHYPJBu2lgV8v2ZMWK8KzHazl41q7QqpRQ +MAOM2SfxPyUE/5FnfcTR7lh5VWxItyAeU2UPVFpA9GNWErEP7avsV9ZeDnar5eVc +UZAN2LKR4Xl46ISb8n7S/6fkfB6s4wX/umPTDHIUgfo5DgqqDkS0rbrGNF7Rsg/b +vGZbK59n05YOsm+NDa6dbvlSNfRIqq2OGVcEdEwaJyqjTdKeC1UNl4y0jj+u5lT0 +kKHOYBSDSMl7DseBH4g+S6cpMMC909g9/XPqM3maug/+xKAH/1hQdoI8FbaYVe9G +9Q/7SMIE+FrjaF1XH/e9UcTA/+Vx4f0Ua3IXYxd4YQKBgQDJwQMxo/WliYhEs5Xl +nk+KOi7xJ55PRizIGq5UyKuKEh/oktwOPmKWtJUGgbG4x8aUVrlQflYWft4FTbS8 +tSCVNGFsWiCv55pw5tv0eQNWjn6YX4gNCmVHX4b1fFso/zWPFqk+ITS76+uspupj +UJFtzJoZ4Ur9nZeZSzYldpbnOQKBgQDDP2H/kvbS7Ualafv1KOMuBiE45EIgli4H +QT4yvdDot4kgdG4d1hak76hIKoPOOg5jroIAWPRwCSRjdjBrC+pN+qsyJtKCwrB4 +PL1nWRMvkNHbkgKuTNX3iNwbmlXPz/2r2E4R0tLAweOrw174DfODjcO9MpBmkrZA +sRVqQ0G8RQKBgDiPkNqo0aQf44EHK73c3QWufByFc99bmBBdUoRYYabqn+Fu0px3 +puIDLEhPschQ0X4itf83++CAnrOz7jh9Ou45ahqbRdCqyGRghEeMaYApoJoNJjIp +uO0Cfe5yd4gNzDEaNEZDvun0IPUdMla3bp3un0EkJQbm2GpUaJCmJ3YZAoGAO2Ss +ivJJ4yAKvYbf/lPRx85VjNjixMbqeYp/QTA8vI4YSKciWDEn8kR1DH7iWXmPpwMO +yMxGj044o4jwcZ/ORqpaKYdlwiE3TVwswaN3EqEbNY/VAPCepg4b5smsEOtUX1IN +bZ6UPc69UyK7YPndecdGI+edxZYbmtJDkW+kL4ECgYEAmy1Uy+SOcEoGE+0TdR31 +4T5EjKQZaky9XiNtD4cCu90wJREsJN0hrWVZEiLXzbUrbvSszIVGp+RRcKCOeIm6 +lJGOIRZtPe2VEfDs2oo2JDc6V+ED3gEk7zjPGcOJDjoWbjM4Fh1TgUhqtqx3Usxp +5SH5UAf8N+n1d+MD1vCNiaw= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/cert_path_common_01_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_01/description.txt b/src/tests/data/x509/bsi/cert_path_common_01/description.txt new file mode 100644 index 0000000000..049a0b589c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_01/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_01 + +Purpose: Positive test checking whether the application can verify certificates. This path conforms to RFC 5280 specification and is valid. diff --git a/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.TC.pem.crt new file mode 100644 index 0000000000..995be50775 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkGgAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRowGAYDVQQDDBFUZXN0 +IFN1YiBDQSBObyBUQTELMAkGA1UEBhMCREUwHhcNMTcwNjI3MTMyNDQyWhcNMTgw +NzI3MTMyNDQyWjAlMRYwFAYDVQQDDA1UZXN0IEVFIE5vIFRBMQswCQYDVQQGEwJE +RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZ0Ps0lpySvuiuCm2jm +6idbJbRbBCRhabvapP2zm8rkh6AmOvJjvTaKsIA3U0HaYMcMyXYBa+KE/efTIIpA +mlxNkMjYrT9r2SZY+ilatGaUV9g6bxugcqgrMCNbUCP6eXi+or5pU+u9qOv1TPfc +tUiym1HFdxy4pbf/tMjAzJFEDyQpu75bkELofDbkmfV8R4y7n+HvqMgZL8TmfYud +yW2W1V1gsbFaTIuCryT5fU4ao8mCeVSXw0sVQ41RTsCesmoqT8KBqf4B32CtvbBd +eQmD+Ol1aYB77k9tbBFFuG8V8LY72u36ri7BMRh35s/K9e31q+5JjwEcj3v0UuPE +aMECAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBQjfyVSr5d3qYgSAOMAwebaBK5nZDAd +BgNVHQ4EFgQUpfin/bltIvaoUCw/vqMNgaHsEDswDgYDVR0PAQH/BAQDAgeAMBMG +A1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdEwEB/wQFMAMBAQAwFAYDVR0RBA0wC4IJ +ZHVtbXlob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQCb+S7DkPuhQ2VC1BnP7LR+JuFf +osSqQJBwnM/iP6HEgTcRf6Twkz7Xb7samVd9eA7TVUKvLBa7wIW8jgYIub3nAwUZ +Y4Hum0vRy2pBvNzqfW3dhD7ljbE98YQsAOnGCYwPO6I/5VYnnHH+7qAYvlyvG4nc +3YH9fKcrUjgSaoiQ+k/5jWSRoNdQJsQm8OFCGIUsSb0f2wThO+bcdOmnMATL8Vmh +2iGVmtZV7ijfxXpDy0/KWrkO6jXvVvdoynaY5nc0Sko8zEbyukO4WPKKRzri666l +fK+XzunmiQ7Yr2TkNW160xviQkKbsRH8z6UZwkZhYELd7mc63NljT+bsjuH9 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.pem b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.pem new file mode 100644 index 0000000000..b08cb8e14e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGdD7NJackr7or +gpto5uonWyW0WwQkYWm72qT9s5vK5IegJjryY702irCAN1NB2mDHDMl2AWvihP3n +0yCKQJpcTZDI2K0/a9kmWPopWrRmlFfYOm8boHKoKzAjW1Aj+nl4vqK+aVPrvajr +9Uz33LVIsptRxXccuKW3/7TIwMyRRA8kKbu+W5BC6Hw25Jn1fEeMu5/h76jIGS/E +5n2LncltltVdYLGxWkyLgq8k+X1OGqPJgnlUl8NLFUONUU7AnrJqKk/Cgan+Ad9g +rb2wXXkJg/jpdWmAe+5PbWwRRbhvFfC2O9rt+q4uwTEYd+bPyvXt9avuSY8BHI97 +9FLjxGjBAgMBAAECggEAT6nyW9+1jOCN11GCmUW40TuhkxjGPORt0V8fxEgJThUW +7I7sMske93oNCCstXM4Q81aKuLgxWqkQU7NI6LauQEdSy41PXpoofWBSa69ho5wA +92fdmjV6UU+k70yEiyzM/k9ofQ9DBOsJmE7MKuOKUjiAaP7fpcPpokcfh0b914HI +rFak9dlJx0bQYVAfnRw+OAUZUErADAKr7BxlrI4ZepzE265L4Ms4qQARbjbgec6M +ldHjSyJRqIFKIOWUIx2yaFDz6uJ3PSALSewyZQ6QNT04WhSHecAeONrctzYkE7fD +EtHAVGxTrUC4/vB6WT5gtttqIvuv0k+eZbc3z9UBEQKBgQD6WVlcjY5PX6nH0yyz +Xj26OWxrOlNCzm//M5ujTC4CyQAgQtIPLCmR8+wcp71SRnoZafG0H+iAqsK+j0ck +osSY6llXQfHlCDOH7bGYUUTBO+wPvEsp8GVfcla3TzTxIREe4JkZOGOrNXoecnb+ +9DUdCa+faCzVzi4sZp5JRuac/wKBgQDK7wT72l6i7jcyHHvBQEpkLkLGrqfMtNtI +8g2bxCsEaFolyG/PzBQvDJXPHB4ruUiWyUvxVcr3UhinTTaG+zso+KQg6Ak6oUVn +lVIMDxlx+enUUfplacqUYZzcNNK9yhHU9lLQ6EMNd7x7tNGtzlgiZ/1UglGh000y +pkWE5I46PwKBgQDySPqlChKKWujzjTqbtT9ENULqW54s76GQeJ/N4HI/G8xVbJXj +PThWGp2N9gDR2YddhRz42FCqBZlH115g5G4kF9mzCw1SPSeyC6Zu5WgHIzkI2ZBc +3F0fjIbEDZINM5VgLrm8oMhE8BJp2Rm1ER8+JRukyKtrmIkzS3UxMb8KfQKBgQCo +LDJeINaCgZV+UrqAKS49HVU7X6wxacO8DNQYPRZFHdFvNE7szrv/TZesvimGpJKy +Wvkzc5yzHvbNVqCUdgjN6Ffj6UcUrmdc8xK+aZj1ql0MFi/C8UvvcYFTv/bRT289 +pDB3bbN7qrmpbuzA85p4UONQsHrD998m1UIRYnM3cwKBgEkNHkuG6Cfr8kB6JdRa +CmIfcIKcvs2vtJn7EXZtlSMPQ+BZn/o15NFNgUop0nT2HTnZyxLEzm5g9ezPLH7p +YYQrfGMmCbHQ3x+M0RoHMcmHvEnSJzTiTIOyL8CetQGedqqN9+aJxB+3JRUlFAcY +fuX95LzezT31iwlz2FhPUJWC +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.ca.pem.crt new file mode 100644 index 0000000000..48517efd51 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRDCCAiygAwIBAgIBATANBgkqhkiG9w0BAQsFADAnMRgwFgYDVQQDDA9UZXN0 +IFJvb3QgTm8gVEExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNTEzMjQ0MFoXDTIyMDcy +NzEzMjQ0MFowJzEYMBYGA1UEAwwPVGVzdCBSb290IE5vIFRBMQswCQYDVQQGEwJE +RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeLheGyl5cQ+FBHHL1H +gkjkwGmBobJby18OwdUuOY+SRU3bj1ywhpLMhHZh+e/ZLZtPFrGL4vIrUsbYBTKk +fZNyNG2SlGmIoKW6S4tqbb19vu8P9BR0PFOuBU1Lxq6TNSpKLqVXRUWAmwW4xdt3 +0TSSXrhN3O7ErYk+dZncUTOn4bwodsiso8W2avPhkmWZcpHF3ar4mvPWnRCBriJJ +0bD7S+kaccRlXO2lkfRNUMxPxyD8B8jK9RtWfBeF2JXak6XLOuiis6gysIAOTaOP +FaWI6EshiWZVvmmKDTVW7QUyhxVs/iBWfZUeq8uIJcBBMLsXASHvrtwAL6LvIGZU +kokCAwEAAaN7MHkwHwYDVR0jBBgwFoAUKpX2VIK2562i+XDczYDvy3hTY9IwHQYD +VR0OBBYEFCqV9lSCtuetovlw3M2A78t4U2PSMA4GA1UdDwEB/wQEAwIBBjATBgNV +HSABAf8ECTAHMAUGAyoDBDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB +CwUAA4IBAQAqe1L/K6J0/qJRGCs6XGK78w4PfBbOr1b4xTRJ92LrlWirxKcYNUu/ +TQLITdlhWK9QAnQoLd35QKOmFXMaZWSf9v+Lt7cwFyzfFwmhI00tfGV1bHtdjkM0 +zcsLIKmlfZU4ay7Dr/AonY1yss0yXa/0eklsJyhv5zKN0ggmSvmoB10Yx7QsO8Cs +hraVRFsA6x55Klu2L+/F5RKmiZS+Ue+cSwdyR4M777h8LITH463r1ceERH9k+ngw +n4RpiR33kRN6nXuQumRrdH59WWjDQBE7CbNzRT4SErfS8B8USVOOgHrgxUdAsjiY +3Bjr91WeoNPLj2LOD3lnpoXUEWTGmv/a +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.pem new file mode 100644 index 0000000000..784ec82b07 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3i4XhspeXEPhQ +Rxy9R4JI5MBpgaGyW8tfDsHVLjmPkkVN249csIaSzIR2Yfnv2S2bTxaxi+LyK1LG +2AUypH2TcjRtkpRpiKClukuLam29fb7vD/QUdDxTrgVNS8aukzUqSi6lV0VFgJsF +uMXbd9E0kl64TdzuxK2JPnWZ3FEzp+G8KHbIrKPFtmrz4ZJlmXKRxd2q+Jrz1p0Q +ga4iSdGw+0vpGnHEZVztpZH0TVDMT8cg/AfIyvUbVnwXhdiV2pOlyzroorOoMrCA +Dk2jjxWliOhLIYlmVb5pig01Vu0FMocVbP4gVn2VHqvLiCXAQTC7FwEh767cAC+i +7yBmVJKJAgMBAAECggEACKdpbpTPFO5V5uMTddEzUWCHufHEv/YYBqlZdkWxrRVG +cz9Q6RvhnHZMIJDKCgcBYXs/JKvlzWlBg+KXjCW5TgRqeGga20b33BiGi1I/Tlnp +cLgd2AEK/x8LXPOfsId8UDwjKuSMfZRsur5Vhd2GXaYxFRuGuTNIw1nQjaqXoYnK +Mciq51667BZ1UPOtTv2QNWbVyenCxxOXF9qKhcQOfp/HgKldgqnycjI62QcQozTB +k/BniadZNrG3qVPIkqGfpOKFQVeMRVddEr/AMi/pdVQH3hCVT+NV6J6azAOe/9OV +1yXLQyB/A3D9z+eCVHBC7KJ42eoNpEJVMejmDbdjAQKBgQD6TqTONN+1MeE0qmyz +VuzCdlec0j838ffiYp6qn/rGWMlb7HsJfdCGmZKX4/quqlZ7i9sv25gCtsLmSCWd +byUg14dFO8ZM+bbjQWoZsZJY30H81963Ncdtgo8Q9idEtYSXPkVb18oMo4SoBtTN +Fx3mlBHAdO0lX8IMpYtWljpv0QKBgQC7uCvyzlJK98x6xKbjzqTNBiKY70vN+jex +nK9JE2kJdyhRDEq495bmOSznkT3IjTquHSp/RkUZ/Zou/ft/DVdPeGvheMQTbboR +qvAt0dVUx8+FCtXYSAf0Hch/GGDzas4cBT+gN//A+uFTZNGmNe4ncqC3x3JAuA+f +E2tp0vcdOQKBgBroO1UjX+z1eLUVoOvCa18YI6DrBPq5myEN4uqKmgWaY8Lq7+r8 +SF8/wP9s9XSzQOq1BRHm9DdOeDMTDGAZI4+dO6BYpZ9+tIdHb+VlLks5bLmGZx2g +vVhrUX/MRjpfnOo5OnF+B+1F4qvBWDzXwFIaFrJun1OGMLD1Vr4vFgcRAoGBAKbN +HfAguSr4SXAFca4XHoU3oGJ4r8kVP4vJCFBMuRa6FM7/tx3okuN7hpU1j8q3A59X +Nz3kuN5BZFHBSUo6Foz9Gg89ei0xYRb153kvbPpqmdFEMYR/bOHT3SZiCTQCgaaQ +W1sIp29Y/gNWIJwqa7YNuxXSWYl8hBT78oQT+5SxAoGAfskQ2rwoTUBHHijZyKU8 +/Ock9T+iAuxoNOioWHcGzhlCW/lCkmEMjxHWVDUKGDOTOMAlSezcRsdxzeYhrPmA +UlLboTu4qL3DZSRYxf0EfHxzN1hXprQIrH5rN5kWioNeQjyqFfxkehNRI173FJ1Z +ehk3glfGhwtj5u0RleNL2b4= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..3a4eeae357 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRjCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAnMRgwFgYDVQQDDA9UZXN0 +IFJvb3QgTm8gVEExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MVoXDTIwMDcy +NzEzMjQ0MVowKTEaMBgGA1UEAwwRVGVzdCBTdWIgQ0EgTm8gVEExCzAJBgNVBAYT +AkRFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5X0jkDJ0Ah8sNZzR +dQTs+jXNhMDrUWR61UVAuayiA6ksRgyinpG52t9iUcPXzlQ1EZGJlLVW7zaPO1R1 +87h0lUg1nrR2ytjwV/ZqHWJOYi7Gx7oVkYw28f7Vw6Qgjq/rrMOqQC6arjpGz/ZA +ByjU4WCIQclInOhY812NTwhcpvzd5Qws/66iN5HAoYkTAR2HFdzxl0wt6ks+H4dr +ILJJsFYb6rykd0jVY6/L0pVrkcxKgy4ZtxVOJM4FHj7bWsxOsOtT5RVUUh5KNv81 +xDEQTwQf8dTmeq6FNv58a2FwFRGGOHBN++E2v9DxKxwAa5t1y2iM2FkenhYo4kxY ++8180QIDAQABo3sweTAfBgNVHSMEGDAWgBQqlfZUgrbnraL5cNzNgO/LeFNj0jAd +BgNVHQ4EFgQUI38lUq+Xd6mIEgDjAMHm2gSuZ2QwDgYDVR0PAQH/BAQDAgEGMBMG +A1UdIAEB/wQJMAcwBQYDKgMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcN +AQELBQADggEBAFqSctaHT2fmAv5RzCdliMp5VbGH0whbjw5Vk5z3NMtu/jWT2zoY +n7hM84PEBi7Yx51Vle3QOVrArCi5tCSJ+SxsZg9re/hGMjnVo27ufX4BKTM3+S7K +6pMMyPoFPEN0JsXao/cbMIrfXEKq4bgNSiwThpXTTgmegL9KBjJyhsMYAMN9/K31 +Fzh5gFMLzhNt6+uJ6GlHrOjrVgDHxXI7TlZ+wviJ56+70JuGugL0N/BZlQf2jfVa +xur+Cfy6Uwpeb45RrjvVPYnt6zP2ApuM3N0c4GjzaQLXd2nQ81/GDn+0NoANmwZH +xDqzfl8Rs4qOOJYrAQ/DDsUcifr62q1uODU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.pem new file mode 100644 index 0000000000..aefcd49c1f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/cert_path_common_02_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDlfSOQMnQCHyw1 +nNF1BOz6Nc2EwOtRZHrVRUC5rKIDqSxGDKKekbna32JRw9fOVDURkYmUtVbvNo87 +VHXzuHSVSDWetHbK2PBX9modYk5iLsbHuhWRjDbx/tXDpCCOr+usw6pALpquOkbP +9kAHKNThYIhByUic6FjzXY1PCFym/N3lDCz/rqI3kcChiRMBHYcV3PGXTC3qSz4f +h2sgskmwVhvqvKR3SNVjr8vSlWuRzEqDLhm3FU4kzgUePttazE6w61PlFVRSHko2 +/zXEMRBPBB/x1OZ6roU2/nxrYXAVEYY4cE374Ta/0PErHABrm3XLaIzYWR6eFiji +TFj7zXzRAgMBAAECggEAAYRghA9FU49Dsk4JV3HzJBtPcsF4vMbChh7pVODmiEop +xAPI3m39scv4wSwfhNprKGTTKUPCoZ21eDGwfu44/RSnYBd20pP5EMfM/0k7VexT +vZXGFzp7UYG7BYpT+cWBdBiuCzMTrDOv7KeG2FVFhQDnnbG4NGtXzTIQ4VUfka4G +j9fo+d+8aZupvnl1lQBPWeqCWbHmotHw+CemNEpiV3I3bCGPGQFXc5nj4QMYmgFj +DCGKUHbbMeaGbUGLDCCZE0TTjWWY90G4RLJfgiDcRiJUmFJKEoHXmoQdoSIIa/1y +gPsr7B/q0HvlVQiklehi95C+mw8IgpyhY+JOHeNJAQKBgQD4f6Rgplcag4TUKwJK +9fsznmTAZVHYfxP2xc+iplHGWYFTJbFDjXQdGGfUw0bdTDnv6kxWThcDD+0TqoXI +L2jwi6I1HVVrGsoMVqTyBLfQyNSQjMotAsF9619lyCNLAs9FN79iOnNXatrQmacM +F4VJrpuabPyiF3pgDoIAf4JfQQKBgQDsapeeY0L5sCpCgL8tZzpYD2ir+m8iB3Vy +IfUF0VUPeouXqzRPS/QP7SD6g9+M4d30qMiu387H5s66VXU9UR5pAgnajJKkURIM +SqDBA6aCJkDbFe6SlyU+oG5m/564x0tEvO5uBJbTuGamvX4K5li4eb1Vzc8TtMMT +tpLzLsxJkQKBgQDCvz3ypMoEtGfH40DzwF0y8gJhqcX/1m+t6Q61mITj3sd0g0it ++VCzcKoG21dRHWkWddeHl8F/G98fl3crEMS8J6Ji3+9Odfs8ujagmUP5czrrYfsc +VVmQtoLYAIZwRe5sf6kUcVxteQetjY2V82T4/sdhueIvohi86QHHJCbnQQKBgQDL +kynF4HF+shxhsZ1tylLqGzKlzHs/0S5nvifP/6aAMqTbUDg2BBBAWo+oSEAKfz/x ++hj8xIm5ht0ChK30w9Is1+2GPL/VMF4bKXPtYGhT7/6u6N7Lac1PdTQ8Cucw86Oz +qACjyd3aqBH0iH1tg1ZoW6QWq6chr+i/I9q7/tM4kQKBgQC5UFctCkvd7EeE8Wah +iJrMu9PQ7oO0JYArZT6PrGTS6wu3zN3Ow9LZl9vaRuKb/54mro/wSkxiNkOBM+JO +nWYqhEhidZLzjkSrW2FD/MgVau7xaiX0BDfzKI0Owa9WbHaxUnYASkSE58qeQJit +YEmVB4NI25BIcE2B4bVuoDGsPA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_02/description.txt b/src/tests/data/x509/bsi/cert_path_common_02/description.txt new file mode 100644 index 0000000000..f416417f98 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_02/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_02 + +Purpose: Checks the behaviour of the application when no certificate is on the application's set of trust anchors. This path is not valid, because the application cannot build a path to one trust anchor. diff --git a/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.TC.pem.crt new file mode 100644 index 0000000000..8084d0503b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNDCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUyWhcNMTgwNzI3MTMy +NDUyWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANWWb/WM6qRf7s6hmQD7tjE6KEZFquKOEiyu +fem4aXHJYQKErypN3KTVO5bXcsEKI+vtRms9aLc+XpS6BLPppH0ctKlmjNA75bJl +V00wkt3ov9bBIDkEXRI/Sp1yAAQvl53eYVdO5HMuRJ7McHesVRoKDEwEucX/nIWX +Q2m50kP08UIuOhMAHq2RxJ6ARsXsDLLBeVJg514FuLPm6HcadjeQnGYmM27F/U7u +nagI8EQKagmNHDIL3P96lJEFrCUSU+wnKXGEMePx8Bl1isZsGSClktCOm/g9aQRN +hk7e/D9/KYs8D53v2pjLNS7bQutbA0o+kmll+PM8sgt1+IdEvFkCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFErNMu0b +A/uDQAPWCtBFunse+Ay8MA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDALBgkqhkiG9w0BAQ0DggEBABmhaAVENfoV +fMtu//eyvlIxGF0yTTZZCyKHe7qQZZy2fTj9D7mwR1FiZzZ5qpmkDcJpqySTZJ45 +amUnb7onEKJADhC8/+ggjfH7WimMhHon7shvgQSbv2VDeiifymMTLQioiBMxFFIE +fw+kWPVetCGpoKkq+xxGr8NybZBaKF5zxiHyfCDvcdaqvJt7LFu4HQvn4SDIO6/d +kb+OQdzJBfzl9xduOtTpgEPRK1wust9qwKOeyrSPhe/Uuq8FG3w9VQfEZrskMWn9 +2JK+JM1Wkol2EDRe0djdue7Go9tkauAtre1D2/a1VhoywRqWjxsRMFypG9L+XeZw +BFwgDEyWw1g= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.pem b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.pem new file mode 100644 index 0000000000..c9335434d5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVlm/1jOqkX+7O +oZkA+7YxOihGRarijhIsrn3puGlxyWEChK8qTdyk1TuW13LBCiPr7UZrPWi3Pl6U +ugSz6aR9HLSpZozQO+WyZVdNMJLd6L/WwSA5BF0SP0qdcgAEL5ed3mFXTuRzLkSe +zHB3rFUaCgxMBLnF/5yFl0NpudJD9PFCLjoTAB6tkcSegEbF7AyywXlSYOdeBbiz +5uh3GnY3kJxmJjNuxf1O7p2oCPBECmoJjRwyC9z/epSRBawlElPsJylxhDHj8fAZ +dYrGbBkgpZLQjpv4PWkETYZO3vw/fymLPA+d79qYyzUu20LrWwNKPpJpZfjzPLIL +dfiHRLxZAgMBAAECggEAFsKj9iL42yDU8iSCyTnJibfklE52vhM9KRFEHiyWYfd/ +dLT+dI/dCByn77RQSHVj7A96HlHqL4LAMfGbsC9g5asyLk4dCdCkMs09Tx6yu96C +WOh2HlVSdLAVa687BLcsnThWH6dqzUJcMh7fikUtQWvaMRyczlZlj8/VcXYJi8+j +jipexAxsXrhoWi4GV4CCkw5jS1HdjmdWHRwQJ+0OksxcHoBrwSOsVol6CWdL8+0g +0NNHATK0F53wGhClLdb9P2ZhEOvNBidaMAsFN+KwE4NxM3hnt/OC3yRZA+0pi8+J +fPRdP8/ypLzWVuwQSAg3SkmpcTxgLH+Z9Rljhcl6YQKBgQD8P52MamXSsLsOc2jK +ihqALdz+UJTKFSzBIpMQ0txX2jUg9R3oa2kKEPFAHGA3LA5sMdBNWBW30s3MTjWI +7Q5xE8VFvI7PnOYj44cJpBmJSVH59fLg8iU8JEG0b5jLMaiyFiCHBfoiaxOVphGi +dYia5TtP2NCE6im9PqWaBZNm0QKBgQDYw6DtysvcA9kn36g5CDiDp6v4hUA81gGu +wrmQSkCTGkmbItxjL5eCgafAW4tZHAzc76AAkVZZSdDVyYHuXFOS/jnAeAynVLbe +zvu8rUgbZPBu7mYhvZtdx03cJO7zOYLONJacCuX3ygfTJ9D6ZxYJU2RRbHAfNSvB +iafZnsnvCQKBgQCcpAB45sVuTZMLST2ksJf+Svy17GJJD1coZAkBZH+yCm39lllJ +MBIdTyIRFs3k1PXr2A8rSGzMJxrnKRXzfon+TDGvuYTRhfQgCzWbFg1JhH9kgoed +iqD2tOkcXER8wcypMjZmwp5u6yFRR7whr2zyCzGGxvPN5f+fZhy+BYJgUQKBgQCv +BSYHWltIBoNsQpZdllmrU9LzEwRPGqy5ItkZvBpvrCYKcRdprp+y7GU6V7An/xIT +whd63d7OsV9Bfza98yY35bVTxprQ8QHG3XE9Ytx54gKQT0V/sMyl56riOaAGG0WW +obeJvvL4I9Q1lkySInIUjZTOebP+PrxZxIAWorOBoQKBgCjd9ZOVVrVFul5v3fyn +rAKSMIZQ+r5InQtFROnPRbEFM3DQSmuZNGiCbF32yyZaSeOCPXLnnMi0ioQQP6EJ +3tg8YYBXXRDZ8cBGINezNsZbT6J5Vxk6YjrLd6a6s9l2IkezBCPBM2SuQZwbSpJe +DyzAF757x+rbcAuLnsHwGFgv +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/cert_path_common_03_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_03/description.txt b/src/tests/data/x509/bsi/cert_path_common_03/description.txt new file mode 100644 index 0000000000..e63e3096bc --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_03/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_03 + +Purpose: Checks the behaviour of the application when the signature algorithm in the TBS part of the certificate and the one outside the TBS part are not the same. This path is not valid, because the application cannot decide which algorithm to use for validating the certificate's signature. diff --git a/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.TC.pem.crt new file mode 100644 index 0000000000..8cb9ecf11d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.TC.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKjCCAhigAwIBAgIBATAHBgVVHSMICTAjMRQwEgYDVQQDDAtUZXN0IFN1YiBD +QTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUyWhcNMTgwNzI3MTMyNDUyWjAf +MRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALuJ50KUpvsGjT9laQY0qA8tE3/kJix7fg4iD+KJVKDe +NA0WOJED/CT/P8x/izoeXcTGSYelXuEr2q6+FdaQTqJSxh4FUkKxv2m3PPRJAORV +5790N/g7dIImDtzEb0cDxnV7q+55448u6KWTdruyOMTaNsjSbxIgiw2vBegCR3MG +Yam9T5KWRonI+KumFnGcmm9MnNIHfFwLo3F0+8c1o4nCwdW3EaEYGNW4EDZhqO/9 +EySnW23ms45kIJzFuC26ae8chzvJgHvNYF6+D4CnYIHaDO1fCo+y+5zSJKkcvIHm +f/cyHQsBrWtRxI+8i5Mo91+X6yPS2xkPoDdOJT2RKsMCAwEAAaN5MHcwHwYDVR0j +BBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFHQJQIGRv8BalTtl +dgxITQaMOtmJMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEAMBQGA1Ud +EQQNMAuCCWR1bW15aG9zdDAHBgVVHSMICQOCAQEAHLzQdww0YxZkhOqvG/frYHXs +gar324D/2EQ79pdYpbzQgz2mcOiMJkhCSbKTiWHNbZ/rDIuAqVONvybMIG+T8jSK +4dbvJCGxXxdEJtiN41oQkvbc932BkNm74ILtb1NqFmLRDJSc5Kp0xISW+atAVZ6J +1dhhksCwMHUAW9R2Fffmm93qjWPObZniMtCGB/IKjZp6c6KWEWNk96U43FiBHMws +ZYbPVhkGlGDqqpmnHf5dbM2dPxCbDDFxGfnu4gBU28MHd7AyGa1kDqvI+Jd81Fr6 +d/MabU2vO/60Ua8JXcU+l4X+DKn/Wo0Pe6Hp21o7mhNAbvOETUjiuTO983lH0Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.pem b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.pem new file mode 100644 index 0000000000..7fc5e4cb64 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7iedClKb7Bo0/ +ZWkGNKgPLRN/5CYse34OIg/iiVSg3jQNFjiRA/wk/z/Mf4s6Hl3ExkmHpV7hK9qu +vhXWkE6iUsYeBVJCsb9ptzz0SQDkVee/dDf4O3SCJg7cxG9HA8Z1e6vueeOPLuil +k3a7sjjE2jbI0m8SIIsNrwXoAkdzBmGpvU+SlkaJyPirphZxnJpvTJzSB3xcC6Nx +dPvHNaOJwsHVtxGhGBjVuBA2Yajv/RMkp1tt5rOOZCCcxbgtumnvHIc7yYB7zWBe +vg+Ap2CB2gztXwqPsvuc0iSpHLyB5n/3Mh0LAa1rUcSPvIuTKPdfl+sj0tsZD6A3 +TiU9kSrDAgMBAAECggEAB7qHAMvugRGD4v/Iubw+zCKlQektl49eolzN/x3TZ9kb +F7T5j3m0u55B9f6wRqy3XDjNu/IukaSvMPIIJV0HbedvtGSvagHi67Y6Tq5ELqTJ +qwQHmx/GzTxInYQs5SYnLh1IIx5RKKFGw4LAaxDNB8kfETH26NjVfN1gfBoSnA9Y +3bANhb0hg7OLmucc+H5LGhZ1zS4HVtlwbiyOFzUZy7p2vohYMBQqgKtFYRd2ED1o +T7uRkXVeYPyfxfzr9DmfoxZvf3sBmvaxKSGGOmcu4ATpHjdmZ+0/Hxg30JURNIZ+ +p5rEYlFCxseOGOMofGv9Th8SPiEzRIzeRB6aIl6P7QKBgQD7oh7Qo5X368x4EyR1 +oks/7bqQqbZBW0AVYXNafNejmeTmvkHVaa88b9H0GaqoBgRUYnvQ1nsS6MaHACp7 +irdvXjDiGz0IzHp6OZLcuGXqGwleYWwb3yPzFUO6rVdm0x8BeSDafgjWf28JfFei +SxsfMFNw8iBOmisFD9qmC0gujQKBgQC+ywsFbCany24rJsZL50oP043bF7rqIYhv +oCkpgQpR0Pk4SC9jk1V4NaSTqmMSci5nmw0B+Kkcg4Yt3I1nVuxOdoACBmMyMbBg +m+7tmH4BDcC6orYpygKOegBa1jMVvbh8MUBKXMqbXFVGZnMT8XQ5E5oQ1jQFEh0Z +kU66RC5SjwKBgB/23x03uoQswuN54wbCX/a19x4LQOiac9CDeYjEFQxmLyqUfn5i +l20A81WjsQb5BLHHdNz5cdbcFOPvRHY/D8Ao4eLG/QDSILjH+XzqO5/6YT1I+Net +h76IM/tRq6mXJfgk7+RxYCQHOg6laehmzAIxPFg7mZkCgnZ5JhgzlK69AoGATKQX +e0gkhwbK7H6Y7WitcYoT08zGgsKRofV+U3PIh3Egi6FDmAZZMP6ra73oKkK/rVK1 +ePNAS3nx7n5INxjNt/8WELosIr+fEE/TPJIjG51ArDgsYMELIdyUQ+kDgFpDv2+x +Wa3InXwLrUn+NCar/zmGi/jf0KGkGt8p9tzolrUCgYA1ByNcy2V3aGwi3z+mkhVn +8H9LaboY32cSjv5uus2bC9wUmnRdeXKOJJUj2fwxbwT3tuwXRWha6PFOsOqKxCF0 +YqQqFZe+cShwF2WIVq0MxouvfuYVH/PBr0Hec2oTb00MzKjA7iwUExtC1AIicCm5 +GcW2hmWan2sX7iD5q7iwJw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/cert_path_common_04_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_04/description.txt b/src/tests/data/x509/bsi/cert_path_common_04/description.txt new file mode 100644 index 0000000000..fe46d3e5a3 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_04/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_04 + +Purpose: Checks the behaviour of the application when the signature algorithm of the target certificate is unknown. This path is not valid, because the application cannot verify the certificate's signature. diff --git a/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.TC.pem.crt new file mode 100644 index 0000000000..c04d876e0e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVwOCAh53AwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUxWhcNMTgwNzI3MTMy +NDUxWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKeVnt5JJgxeJz+wcf1UYSC5tgx3kitv9H5w +sztyjbCAfHDku53Rz/UfjIk9ogNMKH1FJd2jzMUVcLDK9PQjxnrJTPzwfhr1JlvU +T8F+l9AZkpfZ7c3NPmhzhZaxk1PrtlKas+k+kuyfrRQjCvOIXmb/OV2YRu03itGu +r83tAPBB9qimWGGn8GMw134dd/zp+k4+30yuEISAPBZ/4kYmqrXk1N4owoNDYlf3 +FjQLZyBIghMjTvA1XRzsQd47EKL3eE1PhVuRMx6/fdvAsdREWkBf6YEwbQmOsXSO +9WpTpS+406+M0OkO6i/50fesHIN7cMNVStgx+2Atu3EF+rrhZFMCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFBicpmvx +jFGW1xVi2vNHeFcDXqaxMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEArhzASa7h +q/AqZUf98X4yeYWaH8gbGoZijL+diLRS4qPg1yPKuWE78wpVnkqD2v6vWoKeAFo1 +JUhi8HhNJHQN+JrHhY+varZf/xUO15v6v6y0rR3Od/R81geB9ojalybauaMiVOR1 +WGsdcvw/CEq6kDPxs0IwEIftCvyxq4olTS1z523N236U5moMc4aysIYzxFj1efH/ +aEVOmlaCow0sPt8SPLLtw3A8b4Vq+PznkaBEd5Bl9azBrwF5QJipFVmJZmG6miKZ +dYwrQmADfnvGEARoah9xpGc3WrA7TtAlGPyPzZ/SocsVkVf9DnAbQccun0twA/SQ +3tvyUmlDbhn8/A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.pem b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.pem new file mode 100644 index 0000000000..f03182e064 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCnlZ7eSSYMXic/ +sHH9VGEgubYMd5Irb/R+cLM7co2wgHxw5Lud0c/1H4yJPaIDTCh9RSXdo8zFFXCw +yvT0I8Z6yUz88H4a9SZb1E/BfpfQGZKX2e3NzT5oc4WWsZNT67ZSmrPpPpLsn60U +IwrziF5m/zldmEbtN4rRrq/N7QDwQfaoplhhp/BjMNd+HXf86fpOPt9MrhCEgDwW +f+JGJqq15NTeKMKDQ2JX9xY0C2cgSIITI07wNV0c7EHeOxCi93hNT4VbkTMev33b +wLHURFpAX+mBMG0JjrF0jvVqU6UvuNOvjNDpDuov+dH3rByDe3DDVUrYMftgLbtx +Bfq64WRTAgMBAAECggEAMUbK+JSste1HgDA7TGCv0KYa1C6ikdgxHa643Q2RgSk+ +rhlr23uSuQKGWeKADZUqwK8A89uSvg7QXIPJJDKSzY78btGuWvHjzhOvQfed3yht +1O3VQXMM2zzAtq9PYVlJep+XsElgfWh0RZwKP9LE42c/sHgyvtTaok5JznTWlk5s +t7OPCbzOWDMW9l9B5vLQ5wtBcFthG+OtT4ZY8kqiYKg7LDciXQEcR4aphICQs753 +CiUziatiakAKSsKhFkinZ79waQc55xcFdazSOH1o8JqVK0LpeUlUPm+pgd4qx5N5 +F/3WtId6rWDnb09LvjpnZ+qQqYHLgARKUaxLzQ15/QKBgQDkp5z9KDe8OC0t+lci +aDJpJvC/erDpnOO56wvc1ubUxDDZa3l3u3A9ZSK1G/hRJjna8vMNaiHpQfZ74rph +jwfkrQJmVTOvYQwVkGjHdeY5Z6VXUfsVdCHh5LFLHYlfb+GEYsdY+awrwFeqRcKA +/cNWutIU4wEkBKVzyWD7hqu2dwKBgQC7oE7borUJXyubTrM1IXNi0aGIFtharX6J +LmnfST9xC0mkQWo2HVZ6cjWWop/tDLMr78UNxoU4aWrlZXszDDv3jBj2xDaJ5Or2 +doccOmJ+Q24WlkTUK5U97uQ8NeDrsK4V5dY+iMevD6NdzofyBj7JDZFUyk8Ojq/z +I5Z/RODMBQKBgEZEbC4wKdChwuCaSiS8uKEv4lQ1tCBWonUEEoUvVYiVMh3etVli +NL/pUJ0vl0P451atypuYvgscxk6UAorwlZBkypQAIv4GaNxHoKuLQ9DoVRtcijix +k6gDy6g1z32QuFEiufhR4eMgHNCq13ckhN8mUmEw0azr8JyAillBrYtJAoGBAI15 +5px0xr+nVJFKOZUhgQkNexjL6R4O3nAAYHKun7jUwxWpAbaGTrQLtF6+h4rOXbgO +lu65N7D+xEzvRYOLgRg7OoOwFlPKGmX3oA9n8ua0X6mGa6X0qxdFMDI6ijwOQGZg +pTkIGFHnn87XMekMToF5ypE973jRnNjgh9W1kTAlAoGBAIt9otaTQ/eN3NDPPRS0 +9AlKiqwbN/2K3lzFyq11BEzZpJGSBv1BYBkCbBem8rKa5ZkkNE/tut6MBLBBs8e9 +wFxdtXjav7aSfSosTTeIUf/j0Nym0ux1GCJ3HDB5KDkBU5VbFcPaEyJFfTinaA34 +Hg3/xx2OM1G6pSUAa6KXsVQU +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/cert_path_common_05_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_05/description.txt b/src/tests/data/x509/bsi/cert_path_common_05/description.txt new file mode 100644 index 0000000000..e7f0fe315c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_05/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_05 + +Purpose: Checks the behaviour of the application when a certificate has a wrong DER encoding. This path is not valid, because the certificate is not a properly encoded structure. diff --git a/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.TC.pem.crt new file mode 100644 index 0000000000..f41710acd5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgIC/u8wDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjQ1MVoXDTE4MDcyNzEz +MjQ1MVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Oz1YEPWjv1QngOXKsu1V0AmapWkX0bTh +nk52Ay8KNQp+QAWlklGi+WmkWlSQWkUtU2TFfB+wT77qmeDgtbsHCscmNnguFiQT +fOea1e4ahq+GxupZdZj0TWj7OmYm/bAZiLCMSXcSYcd6UCl1DhXB3/b4zYELJ+yt +Nzt1iC48pDtm9TRT6N52BWC7O3s7Q6wRwc3uURu1qL62fup7rkXs7bLaiTKXaDQi +mzQVkDL/lKot+a7tYBK8TXdoH4jjJwodWZkdkI/PWAR8P0advNXSzQTHZ7uPzjL3 +quOhqJai1XfzgZ0b9URHkdkdo5T9rfYMKmTk7qOZ9GyM4tXhwGSzAgMBAAGjeTB3 +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMB0GA1UdDgQWBBTNFbXo +TQBiWAK8Rc58xvmnA/R3dzAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUwAwEB +ADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggEBAHuqmDC1 +svQzZt49QgENYOMcXg8tdnprFgMo6ufzea8MX6B7MI0D9tFmU7kzjlPcvrSlKKJG +ACajAvF1JREX9L0/QwVCcmPA1UafUU15sxnnY6HWSUyroapt+96SOjCwE1dPv55I +qQ7Y9RiJSHfVY63GgXSNB/lhQ7qfG3zVyuOewOr2UI99YB+Cg9fH8S6j1+VRkvj8 +KOEjgJhI3LBpoFCbkEUBMCHcuF5AGXDw14k+8vqvKWmj65sbf6580TeZ/okDQhkW +Pp39X0SkXY1xrLahdn2j6I64a1qEkepMcFpcmzkYIp6comHItva5L+nzFY/j6OBf +k2bZ1ItEoiux2m0= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.pem b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.pem new file mode 100644 index 0000000000..906a1732dd --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0Oz1YEPWjv1Qn +gOXKsu1V0AmapWkX0bThnk52Ay8KNQp+QAWlklGi+WmkWlSQWkUtU2TFfB+wT77q +meDgtbsHCscmNnguFiQTfOea1e4ahq+GxupZdZj0TWj7OmYm/bAZiLCMSXcSYcd6 +UCl1DhXB3/b4zYELJ+ytNzt1iC48pDtm9TRT6N52BWC7O3s7Q6wRwc3uURu1qL62 +fup7rkXs7bLaiTKXaDQimzQVkDL/lKot+a7tYBK8TXdoH4jjJwodWZkdkI/PWAR8 +P0advNXSzQTHZ7uPzjL3quOhqJai1XfzgZ0b9URHkdkdo5T9rfYMKmTk7qOZ9GyM +4tXhwGSzAgMBAAECggEADdcuxgCNz8SPPEL6lci/z4M2X/94q2RmggNol+KoTh32 +PFPDGz/tScxIsvjGd0w3W8Lq58kfnEHDfrvQ0fDV+AITFEaPXBqr+PZY/HVi35UD +dCCUBpXjtRi5iYsM8f/+JTfWA8mKF1Z8ilJ1nJBqvOse42RrFuXUZK9R8mioarrT +srblhC0wFei+ryRZvUN7Yq/zs4aw7drG713cL+WfYZAX7nw2KaruwS/tLq8bZ0Te ++jst9cdQInn9HwRufX3QzyAGhmvZE62H9eHuo1f1f1365Vo7Le13CO8x3E05/hgE +pvRMvhSHhhRcTgXlM5nVHGusKmVhLK7NBZFRIK59YQKBgQD+t+J+/Jq65hUjNX2h +lxqcTdD5XbMUq3SlHh6cNZkDAzriN1xOC4XC9ca3OH/R3M8/6J/f/E/V5lqV7FvE +F0AqN6XYSJfo/G9/NDu1aifbS8Q8yPilBDDHxduK6mDKQ7M4+IvX3nfunKZKnidm +5ZWZ9E1X4IKnIt6Vv/WhWCuITQKBgQC1I2eVE/FYbYK0g8GMkWEk8AEbrqYvA2w3 +Wtk6PqqPaqQMfOA8GooTc/J65kldmMRdargqc8lAxfhvfeIW+uMDiYfXx8nCElaS +svsobvFuX8rFoH9rbEoHyA6vf8fnyuil0r9hGHnA4hsWQDexQMvxUnZaOpZJwipN +ZumHH8Ig/wKBgGAD8NztW2YYVN9wymqfCujgbGWTbG3eM5oKQH+htIvuK8QaGjFR +JprXCpEGOyhgk78DcUB9W5rFul/JOM4x9X30fA+LTbgFcAIDLn60BVIkvVQsbY3G +hpzHeHpk3xdfba+MASreMVdAtW5rL28aG8pszLrTZmyaOE06jtzC36YBAoGBAJTG +k5k6XAxJRgWGAj62WZfBGOfnts7+fK+qiqjwN5679Cndlz9GfQolPY/7/V5Gz2H6 ++XDE0RPGhprsRfqh7jtFhrGQgwJHlZvALdGz7dC+FQnlHULaGqPxiT5UMZkMa7Fn +O5FATSBDlgPckuGfWuLG3DaX0ECcnaodUMmPKB95AoGAGx+NwOnddbdpsAM1qgfV +p+msi8wsj4OG9ahkK0sAbF4CqjKfh9DH5W9Zmtee4TicLP3ALE5tZn/6uJQKqo15 +rNc9c1Mgpx6yxdciwM5nrMwelu1kjf3MJdEDnfIPYoCIcW56XLpvIa+SGGv2ZzSe +G8VXL9hdasyLtSefspL1P8Q= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/cert_path_common_06_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_06/description.txt b/src/tests/data/x509/bsi/cert_path_common_06/description.txt new file mode 100644 index 0000000000..779dedd9a7 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_06/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_06 + +Purpose: Checks the behaviour of the application when the serial number of the certificate is negative. This path is not valid, because serial number must be positive integers. However, negative numbers should be gracefully handled. diff --git a/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.TC.pem.crt new file mode 100644 index 0000000000..e9a10c8a86 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUwWhcNMTgwNzI3MTMy +NDUwWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMRbXRwMucFlXZYdTdYU1VkeeqXtP3WRv4cJ +N3feJbDnCBj77VHEmh3lJc1LDh6T4/NQ09dWwI8SpVR1jWXHZnPHoSUlDFtKfz71 +iZbYgIHrTXX1QC1pb7p6wBwQInqMiVVkOVJGrQ6vCC412DtVz/pLlxVWTWJVcLqt +Agz3q7tx4HsUPTq5Fze85KkYtAD7RIZ5shVcoDQqTNRuIpzxXfAMCB3aKazmEbMk +VSugfckzHo5UQnhya8lTvmzNnAXTP8AEjcTJn/MIBi3YBo3BQ42GaVWejWxrHRET +d11e+vItowQ9nUPh3vObXL8DkipcfF7mhc8QmDwdCZrZY+33sW0CAwEAAaN5MHcw +HwYDVR0jBBgwFoAUieaTDzrQDI8wkKMssP97/A8aIL8wHQYDVR0OBBYEFA5CdNRP +NrMPM/sm6O9yVsRUcNjfMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEArgArY3rE +fzr02OEroAp9HU3vpq5LHHqyZIZywu1oqyQaKJoBx4fwsGqtbMwrqhqUmXijfWmv +rdDBPyIEigYpIlo9NLKOgVBQPLJNPxKgqOBQpH6zLMXYxeMfH1Rp5lnsR0vLN5bz +VvAdjtxXazxNdEDwXgO9OfAImOM6vPmkBisKj4Lk+4q4+KQCDZKEQfrrOQGqCOoK +oKx3QNJNqajJD5Esy87SL56epnwonxeA3tDbbJsN+rK6Jk4hq/aNTX0QZ35zQKao +qx4vMH7KzqRTvxDwnepZe+8hmFz1ASKDEV5RiFlB54Gt3WsVAnh/LIDC6gypzkkp +/gaOLnOP+XrjjA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.pem b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.pem new file mode 100644 index 0000000000..f977f0e891 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEW10cDLnBZV2W +HU3WFNVZHnql7T91kb+HCTd33iWw5wgY++1RxJod5SXNSw4ek+PzUNPXVsCPEqVU +dY1lx2Zzx6ElJQxbSn8+9YmW2ICB60119UAtaW+6esAcECJ6jIlVZDlSRq0Orwgu +Ndg7Vc/6S5cVVk1iVXC6rQIM96u7ceB7FD06uRc3vOSpGLQA+0SGebIVXKA0KkzU +biKc8V3wDAgd2ims5hGzJFUroH3JMx6OVEJ4cmvJU75szZwF0z/ABI3EyZ/zCAYt +2AaNwUONhmlVno1sax0RE3ddXvryLaMEPZ1D4d7zm1y/A5IqXHxe5oXPEJg8HQma +2WPt97FtAgMBAAECggEAROW39HUkoo7iOR98Jb92osgWie0GpMaouQWLYHRirkFK +bpXLDjNZTl8OlgudXy5OQBxe0ILAmxMUTt/WZt2B/eMQkHuA6/FmV52JExRRdwSs +z9RnmeeSjBCxIseoiW6Ra5R4pn1lEK9qw+ghwKQaDz2BvDtleLj5Do9RFmK679Bm +FybPgvm1usNIOPMpWbeLDmwtfBqyaZ5NIGMFnqwbtNIQMM+cgs8r7XYFGSq9m7q0 +LtDW9gKqmYBQl+KZGlvwM7V3i3iu6tuXFZ9gzdpoQKzVtOWhRJYtBVtOOsyU6lst +Au965W/rNPBRHY+agsUMs16CshyKJSSD6lRO0+h1owKBgQDwWhI6wwM+5Z4bMhq+ +pEDeLLEzAh1SUnMnObpa5EyrhrnPDwkhEmqHwP1UuJBPioiiUNE+ErdkBHL1XCws +plcAQucLS3O1entjktpFlMgrB5joGg9oUU4cejnZyJbbS81fG7vbBfIEkZow0Wva +WCgN+H+iEA6yGnMNASgWiRNK4wKBgQDRJAgNhlHFi8JdOyCwWNDyJLBsUyE32MSa +fqE1/NVotW/68HXJgTLI2tXu89X/oJcr1EZiyXMVqSL05E8+O+7RkEzqQijrS1Qf +ASORCG8Sjh7RaxSeGSpr5WozC+WwgKnNn3uLBm0cLC8Gto/L4L+3nr9N2vKZkgvD +iUwdwsUzbwKBgQCbahKJjpnlrMIcYbyrczhCsXFvQznEhm3RemGG7kKpUveI7PcB +PJBH8cGda65c0H5jPpDea2nMMZhIEW66/GAbWiddxU8vlOB+VXHwNjFsqX/07Qzz +bkds4JfRvAPYD17f1eYVzPVegOvMD06HJCPaTMny+CEYh0PHr+zFDaO88wKBgBAn +Xk/dHhfKEbstw/qbAZiSaOYVDa3ImnbsbPtEih9KVFnnlNF5nziQXpHUV6Uk/Egw +XzdmI/N6Wu7ba5t8+ZdKNAasEYkLCnZSmjKrmhiuzYaTZMZJX1NyJt/GfXlCltsB +BIPafTb92qwEEdtHgsdmBZS34qEl/K6fvjdWQfEVAoGBAIqY4f0MbfwpaihBgH5Q +bBaBPEEOhtvJLirRWnIZ8ssB1Tph7YKnFdaKdsB2FZy2dnbIns3qs+ZYEjeJcIg0 +QphWaep3Gefq+0XvKLI6NzMogY3XxkNKywh7r/6m2hpR06R/se/SrPjRCvmh/d2L +lZUe0UrB79o8vnW8O4NkDP+3 +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..acc15d3d6c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDgyNzEzMjQ0OVoXDTIwMDcyNzEzMjQ0 +OVowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz1vzrbxATk8v2piez/GiF5dUjA7HJm3 +hl3k4kyf0lU2b+8dmABxHeQZxfbIEo+MnHyHw4mj2Vswamyi83wGqUWzYPUEk6e8 +sO59AXlqWb4O8T2BKsE+5vaTAcxcQ5tutqT+0Kjnl5GuKrUrmHU3cFJLRegFu70f +SPDGshvlPCxQfT62TflZbq88mtNwMQ1Bpev+Pnqe5O5r4TEn/Fztr1/T9HJon3i2 +DLqs7SgqAo2W3w2nUZ6DAugkVoEuEPHccTgjICzfX9KuTr9LAlMuoLYA0bFWqg/n +XkVJsx4HwgTsErgeLChIdAvO7TxveXubzy8t6Hgn7iuJmLtag/BEgwIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQUieaT +DzrQDI8wkKMssP97/A8aIL8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBAEVN5PR5BpSVViDtHGw7nKe53r99zKbj +BScHN9rQNcDeG6C5mNpZsacDs21cmFdX9UptfAPY+WuqbpaGGpxJlX9t5rPqJHyp +GXh7EXIJ3aisKjxv1vDUuLf/i8Q3Tn6HVb5nNBrd8ovWqP4Nmt8VKWjSvUdBYxhV +g0agr/IYQBuh23oZXegAtj2CJo07thyimTUDX0DvOKykgcnRjcwwxElEtb3HDHGf +qp0RGB55kXqKr1EuBKaVuNMc1WOY1tkB+AuGAM60B66JoKukPcuActVS8SbJqz0S +oNk7wpeYZX7LNGtl/dw0Ymy7MicjW0BXv3GyWz0QPsiPGSE08D/rJXg= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.pem new file mode 100644 index 0000000000..64409ea06d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/cert_path_common_07_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3PW/OtvEBOTy/ +amJ7P8aIXl1SMDscmbeGXeTiTJ/SVTZv7x2YAHEd5BnF9sgSj4ycfIfDiaPZWzBq +bKLzfAapRbNg9QSTp7yw7n0BeWpZvg7xPYEqwT7m9pMBzFxDm262pP7QqOeXka4q +tSuYdTdwUktF6AW7vR9I8MayG+U8LFB9PrZN+Vlurzya03AxDUGl6/4+ep7k7mvh +MSf8XO2vX9P0cmifeLYMuqztKCoCjZbfDadRnoMC6CRWgS4Q8dxxOCMgLN9f0q5O +v0sCUy6gtgDRsVaqD+deRUmzHgfCBOwSuB4sKEh0C87tPG95e5vPLy3oeCfuK4mY +u1qD8ESDAgMBAAECggEAF87Irx//0jvgk7I7122i2ub/0wTnOUETokaizXBNN6PQ +rdxwiOZNzCdt3dXBiv/RsidP8Gz6t+vsL3er+Fy99NJUix1qmdCqaIakAUQIOF7E +TD3EgYyYIqQY15v4xOP2D48CeJPpezz3Vx8w6d8Y8+QNWajazdi1ruFxv4R2VUno +AZ/VvxygkN24ojDntmbqFeFPDw/LNYG1If8UemtuParjcJtiKo3r9JOt1cTHq31z +fLIDUKHwY+YGxIBvivx6VxreqWgM7tI37aK0kbM4oGn0t2jRzBy9uQgquEGUKZ+W +u15A2RG3hom7ATtQXREhIoFo/q6KGX45wfvMQ9/RyQKBgQDz4sBGx6H+kg6hWv9a +JIREbbRmrZmeIQgPzbibD01PjuMa3qK4KudHASMIu4U1tH7hHnkMA/nDhkRWycvo +w08YF75wUif+Hm/slQcb9N47FabnLpsaprXgA5zDxHYBoxIO8hfvNQbeS5/r/xCy +MNthdRqTELmze7+18vUv00BfhQKBgQDAV4PGp0+T8I0zI2a2y4vzbLpnqXI08sXm +l7BGpml1/NtVQYAdeK8usStGtalnr0hf4iXJyzc41RuABvmEGHNvfV2+0oHg1p8x +sL29VgoAc65ok2CEj53rZqCX9VJbd9tuyqvm83IXFO6Pl6pagpNarqp2OKf5Hvtw +ET0BLkteZwKBgQCqib2QANqbC4DlfZ8fZneC7f9+6ReJRmm/u0fCTcHuxuixikrY +Y0/UC8x2t8GfWzZ5rnhQWZtWCNZSpctLWP8+xqOpIRnMDXaQRWlyOBkJ0csizykw +SrDVE1GUZxVpcaEYCFuKLlc+LD2IpZQENjvBe0R43/IqunbFAT5IEf1qjQKBgEQq +P79VaDRr2f63mx1JQc4BSIaYXKs7Jru0InrHWzS/ahPq5LaNILiRfV7P3ruqOSIS +CYZciLORgu96iU8xQyfN7D1GaVT/euenVXcWWPEUDkltgZU5OKRGeL+h55AXCCNZ +nFZ7DIH1nx4wh+UPxZ0rram8Jnt5aW6sDUyv1XIdAoGAAKKBPL7pC4qnNg2pcPy1 +r0pr0ja0G1JmYMpf2jczbju8sKmHTDCINvse64A+Lwy6y8S8vUiT5SV4Uyx4DBvb +IgusBULKQVcA9+XEUvtHyTnRTph5uwV95397KCyOTAxBTc7Qt7lWbKCG959wLau/ +YobydYjg43NDOx+uoGYzniQ= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_07/description.txt b/src/tests/data/x509/bsi/cert_path_common_07/description.txt new file mode 100644 index 0000000000..c9faab1d83 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_07/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_07 + +Purpose: Checks the behaviour of the application when an intermediate certificate is not valid yet (now < notBefore). This path is not valid, because one CA certificate is not valid yet. diff --git a/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.TC.pem.crt new file mode 100644 index 0000000000..6343c14195 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUwWhcNMTgwNzI3MTMy +NDUwWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKYrzKlNQO4o4PvTXXSjqJ3jyFRiGEuSw9cp +3oqP3to39fFUeGf8TvkIOgp0ISdRYtIIiNfBXtevpq9OkSsgxFi16fTJ5VZGQd+e +Cc0DsWA0n3gdaQhsW4i0OYjeOux2TrAawOV9wEWT+fgyt7HJpIz2kYq7LdH9Zv2E +wiKQ+0P9Ju+IvYJSKqUH55Bf5UNbdBnj56GJoL9ZChIiJuGLN+Z1NkQn4IpvS6Zy +bluE7BOy2/xx3++fHlG4k20iipjdm5l2UyrPdCLX9Ne+wa3on1wFexifYfxZUTSf +693y+aavHkTju+oHX8TcsHp/T8VjgjNrc+Z3MizUofQWtqVebU8CAwEAAaN5MHcw +HwYDVR0jBBgwFoAUyWmLdbUlFFan+AeA+Q1LEqDnaTgwHQYDVR0OBBYEFIFHv2Io +EE3xx/hKfOBQfAk38qFyMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAgEOfp6Nt +cvwkvOFQpcSwohQXwiLWLTviwPZ8ynx6e9Kyy3MmVqDgPaWi9tD+dGNOLKxKvm7D +bc8xHuf9F2pUDiVPWDVg/sr1HauI2QcZHJouNZI38O6I3XiHZuv4UoCACGqhg6zL +F/KOBBUhgqi7Q7cFOnPuguNyMmUX7/hfqgmo5uW9vd+CoTA40o4vh2SRGCBTgTsM +EPR/dk3d31jENoVBU/fHDqWY656bWB1XQBF/Z9oy9MN2Kp8b0hgAEvk7Sqttiibg +HzLMwygTKjr03LYJ7ixu356FxKfi0UGBMpxBxhZQXywhMnp/mWHCi16TSthh1pUN +7X8pPA/g2oPRqw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.pem b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.pem new file mode 100644 index 0000000000..f86a4d4373 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCmK8ypTUDuKOD7 +0110o6id48hUYhhLksPXKd6Kj97aN/XxVHhn/E75CDoKdCEnUWLSCIjXwV7Xr6av +TpErIMRYten0yeVWRkHfngnNA7FgNJ94HWkIbFuItDmI3jrsdk6wGsDlfcBFk/n4 +MrexyaSM9pGKuy3R/Wb9hMIikPtD/SbviL2CUiqlB+eQX+VDW3QZ4+ehiaC/WQoS +IibhizfmdTZEJ+CKb0umcm5bhOwTstv8cd/vnx5RuJNtIoqY3ZuZdlMqz3Qi1/TX +vsGt6J9cBXsYn2H8WVE0n+vd8vmmrx5E47vqB1/E3LB6f0/FY4Iza3PmdzIs1KH0 +FralXm1PAgMBAAECggEASpQu0y9afGk5bJx0/cP0CgTw5LpwB/8TSU6/0/V1QgBK +sCjGr3jkYs2H6ygqtxBGZ1iwPhFKBUiO6XA8JBydMulWWuiANwPqTbgK0wocwj5r +8gdVHBQx0r18cwq2bGk+sLgZKgaR1EhxMK1ml3MWGLQTJy4SBwSRhCfgz429T8ok +SSxboNo7S8QRLeZLbcz2CRZaRx3iLUSeJIs4VgnVcJ0fUaV3Uz5eGBfpW9g3uELA +iLBamSnsRHPJ1a+2MKZznd7T5N6E7Re4XbTOvGGDRimGa71MnDHBEzn91z/K+RKb +dtr2aKeexcP5VHRUtkglwvrLZAA6VnJaXIO9ffs1eQKBgQDq8S7FXKu6FXfh3zN/ +RQz+mo37tN1liA3mKcJ3HXW0s/SlKrGXIurux8GhcCk/j2ABnMZzT4ZIkIuv+l6z +uz0iSq1AD1HnpbuOOpgMHA+4ZySMXIN4Au2W3rDfuIQ4lVW/0JKQB59ACJCCxyMV +WUDzf6gHcBBluU0VOdeJ4YJoeQKBgQC1EKUZe+POgraMd0K6jANkkHlI9wzfTS9A +LxYhTzQUTn35RyGRNwqSax3ya6NcDsUvDgcNWAO5q2YTmttxumKci51WWmiffwQG +7seaN6WC1r1+3vXR8skcDeK/s481IUNB5ySPNSMxZ5R9mEudvKXXJzyEM/rYqkS2 +hLpoT/miBwKBgGDUxMUdO733STCz8KKc0A1DoA9E7RcCq0/YmEjFwJSYstU8MnOr +NY7yj7C87JNAwX4IopY2CY9w29HM7ClBm6G9i4hiiAxkd1fYeIBNNIF5KUwceScG +dev/noCmqQA1NGFZUn7AVXdr0DvGXYRYA/gX/iYKnwd+BvIfo+E1K61pAoGBAIuN +I6JrkR2mMyo59O0wYqEMlN3+wyYMKCHQ6L6Ne/c2s/L/tshkYrqM4ozoFwUpwSJO +LnNDZcOhbdAoZ3/VBpHfLUnT7pUXYTQyrxaWUvNvrKdvEolZFVWRAjV8ICDz3RGb +I9tYOiKm0ZSnX4hYUH1uGT9PjMOXH9SIod8p3J3bAoGAOT0QhqJIsOFr4j1FHVBC +tJ1+FxUnmhKXzhJMYlhQYhuStCsXzTy31KNSJo8lLSfHk7y0Md/QnxnuLadZYqq7 +1zUfRzKcr+biAkCJv9O6BmGYAwe/ZtJwoP+S9tMKDpIIHeeFYy+gT647hdxleTWE +fxDbeNb10VY4NiyOcmSofpk= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..9216ad1572 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNTEzMjQ1MFoXDTE3MDcyNjEzMjQ1 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TYO5NqlGaTwj4mQimN1g26cuLJ2FjI2 +234pZqub2gB2TrUi8nPkPl00jYzsQ0XCxzqePeOl6nTjSZaQMfwuu3aRfjd5lwoC +k11qcmjp1/LG5gqrnEUk606X/8Ku7iihQkwtu0MlhY5DXcqFHJkX7cjkk4AYHmW6 +0X7yikyjRmexfK3ihDB6+BHGnhLk0WsaddEP4ox2sDWOW7/uGu6clYhhObc7CrGn +FuaI50DgT/xuAJEQDsYVnc+XuUUMhcn5AWueyo3RvhGgf7wAE9ZMaHvYQ0PxP6/a +b1I6EU696PB8iYqGJ93iKsMi+mZxCYGfU9Lh0J3N0CCU3MzOivbuEQIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQUyWmL +dbUlFFan+AeA+Q1LEqDnaTgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBAHt1DuS8S9cbciEXkFA7zHgUHAZ+8Axj +C6jngQYUvM3pWZ9lYltO59ncxtFceiO7w5Rrlb26h6+a2POneAvMSmqBwXi8TyZ0 +1VjeMC+Ewe6v+kpqOFcVHjbz9377S6hhr5SYsG1hOUt9OHjUvcEf7IrrTT7iiXw+ +L1iDmakbU11P0/oc0yFOl5+wBh7JVTjx+Okryf9KVUiqdW3emjzfVZ09k14WgIxC +0Yq60+VDDjqFN2nAcPCPxClRg1ZKjcx26ZuK52id10gInwNMpJETzSq5PVw6Aes1 +h1NDPpTZNCV4WRmNHzmCMBIUiz/BHU96OGwg0Y2+hNsVAR4GWuSSYPI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.pem new file mode 100644 index 0000000000..f55af09f5c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/cert_path_common_08_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpNg7k2qUZpPCP +iZCKY3WDbpy4snYWMjbbfilmq5vaAHZOtSLyc+Q+XTSNjOxDRcLHOp4946XqdONJ +lpAx/C67dpF+N3mXCgKTXWpyaOnX8sbmCqucRSTrTpf/wq7uKKFCTC27QyWFjkNd +yoUcmRftyOSTgBgeZbrRfvKKTKNGZ7F8reKEMHr4EcaeEuTRaxp10Q/ijHawNY5b +v+4a7pyViGE5tzsKsacW5ojnQOBP/G4AkRAOxhWdz5e5RQyFyfkBa57KjdG+EaB/ +vAAT1kxoe9hDQ/E/r9pvUjoRTr3o8HyJioYn3eIqwyL6ZnEJgZ9T0uHQnc3QIJTc +zM6K9u4RAgMBAAECggEAXAQ+4zCcFR695jzGobv1mYrS3pNXwZFFkNxaNI8Amwc0 +pwCUjeqJQ8wd2L4iWLbVUCvCVTQV+ojtR1NXiMlynPf/FziHSr+h3Yht4D+iCNlb +flf2d13W39tuYPVtdT3lxtVs8+beDrDfxsmKNQr45JMwETzpB1FnYZK/2y66+6Nc +gLTeEWfj2sp9iUngvSy6EyDFKhLo/CZC+nSP7GmvgplD+dNTvFNjBvAnEnbfHoWd +q672xWwZpNAEnaxjkCwjWUwIzhA/VSeARwUqwyYcCj4G5t8PYh/k9NxuFJ+SZHic +yrz++vwK9t/aWoFj57OcrKKPVW3u1yU8WFzq79w+uwKBgQD7YFFsJnityLdDrlOb +sapxVZvG72rPvIOgOKips/VRVDlZ/bvLH8JpVsd8CjmK/3DD6+VnluLhrVAVO1k5 +T0u2u9+h02hINNSbBbZsRCGhPj0wsel6T22/dKiGt7UNEjpRd6r+Na4fjMJvno2i +N+4e7DooI49Oz8JZaDGMUB17NwKBgQDtgDRM17dsN6Grb04WoN6Ad8K4CNs5BXka +TxJGGbAoghT2vW1TmN84LvXU0/sG1Urzbpxq3I1kyX2Hypybi1v3BvCvcTapDws9 +YIFHy7egeXWNw6z1hLx1hvttChi83KREMVAVFMMfan1elhELwKCNEb8CUAnJNNPe +llaW0CFU9wKBgAYt4PKCo5bKB08/msiJ/oGYtCKYwgxnOukWW3cIeHBOXLaMmTAu +EK5cNr0i1zVGgDQguVvphpw7kWtkMRZKj7bnOWEV/EtCGTPSWSCiMB1xlTl8NhwO +lckOChJ9s5Klrw9PnMFw+l3GLQVnZV3meBEEh41zClPKoaFnAUjMs1zTAoGBANlR +tomZ2fzr6sMz1gBeszpaW5KKiA5lM6sfL1l1p/tpDEW6j48vExIV5lwYnFpkUXDu +hbJCnh7bQEJA44xwuHYRo6rlrV6EpYRECgfoIN52RVqy8lC2ZLwmB2p/EqO+QZEk +jmK73M+iYZVrO63FVSPAWUeEdW/nJvdGGXVmfRmBAoGBAJVC0QAoW5EQLeDwn1o+ +7De4LlYQt8UH867KtHDv+AJPSCdyZQ+CvXhWdyZBdvOXAN1Ne24n2b5ixsOMf9Ay +w1elBayE6OFeS4WuAeKRTj36gXebxBC+etADHM0MoeRbQSf4tXTKWi5R1sH8UxMd +jM3IlJF6fH8I0Dmf/9zHqikA +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_08/description.txt b/src/tests/data/x509/bsi/cert_path_common_08/description.txt new file mode 100644 index 0000000000..be96b8eb99 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_08/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_08 + +Purpose: Checks the behaviour of the application when an intermediate certificate has expired (now > notAfter). This path is not valid, because one CA certificate has expired. diff --git a/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.TC.pem.crt new file mode 100644 index 0000000000..f2617c8228 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwODI3MTMyNDQ4WhcNMTgwNzI3MTMy +NDQ4WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALthLrGf3QvfuRB/oRJ0WCktf6kTvX7oxUPG +/npKslY+Vi+NDGG5CcepM25Yq1UC+6kgCVut5SL5bsYPMDvs40ePsHBOE6n4kzIr +c8aXvlh1ixP1qmR/S8zK+np9AewwYT8Ya9vE+mFlntY8LgjLKJWbCDIvpZLKBDTK +Ca18B9FrJnl1z3EMCDT6deAIbJi7+Pf737FXJqbzIP+BfJ0rpNGRtd+kpUXONsSf +1wnf+bIuVGllEe77HEHICSXKsr6SAMM/7L9DSWFSC9ngU2RqGX6FJnyhXkKYo6Vs +7fHI5pTLw8Uh9C+utIeQvesDZ6aJKqncgPf44I8VO50yD46k56cCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFOhiRviZ +86QTqOsmWa/OKICAZgHWMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAGxuY2YnK +ZopNa19w2OdJ7Bt/RukeB6bNis6v7pbtyCsp68228P+yfl7s1FaPwYLcVCsiZitR +C++Fbmv7gHoWbSaKu+pcwmQpaOku+j/QMByQYz+L9pzzaWepER8kK6FINFQUN1L7 +ImG73mLNAKrwxfDTciCFx1fs21+f/kohMyLsaPl11K0RuaNwdIyQO+I0bGimGowa +XF9D9OMhriJBzjiYhZEaPaBphMtOOTGGwE/XeJfF60VXVWZ/xPIjcIInhNr1etZT +/aHAmcbQTZdRSiAlR3WiXtLsFpsVRrZeWotk9c7h1cfvEFPC4GvUn1qohj/u9ODo +YTIduluudxG6Pw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.pem b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.pem new file mode 100644 index 0000000000..7c9341a294 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7YS6xn90L37kQ +f6ESdFgpLX+pE71+6MVDxv56SrJWPlYvjQxhuQnHqTNuWKtVAvupIAlbreUi+W7G +DzA77ONHj7BwThOp+JMyK3PGl75YdYsT9apkf0vMyvp6fQHsMGE/GGvbxPphZZ7W +PC4IyyiVmwgyL6WSygQ0ygmtfAfRayZ5dc9xDAg0+nXgCGyYu/j3+9+xVyam8yD/ +gXydK6TRkbXfpKVFzjbEn9cJ3/myLlRpZRHu+xxByAklyrK+kgDDP+y/Q0lhUgvZ +4FNkahl+hSZ8oV5CmKOlbO3xyOaUy8PFIfQvrrSHkL3rA2emiSqp3ID3+OCPFTud +Mg+OpOenAgMBAAECggEAJ2VoXtogrIVuMITVBb9GZen2BENtPQiNqRFmoamg0zcq +AbdjGgzAfKUbdiDYbPhCly1wKkFmgrL00lmRJ5hHtN0GGKahxcPIluzB28g9sfWM +tzaYi6aj9jva6/PqepE1cQGec8d3aRDnk111xE2Ki+HbmEmiQzmMJtkvrbT9I89K +UH6BaUhfjyK0zgnnOlsdnEXZ/C4e8mm/i6qLjGsyv1Unv1mGyx0O5EknwtHBHrHw +qjfkiQxutU50JIkP5lDyKjiiec1IzylmUbRmaQognhADkQMzOV8ceTEeEfYKBLTy +BxkuX9S0RO1iVe95KuENeNmvS1x6Bhok4fXEe29MoQKBgQDi/Ix1WwC9JhIfmhCt +wfL8UjsJQG740BuDzr8s4NxvjNNFhZNoq95lzW3fMgZj0mDqz4sHhHzsfi9jL6xC +RD7zxXvIgbyncV/VWHUTY8n5c+gckcmwq+Tg+X5xhtKziLEsc2hZiAyPlDv1duo6 +QnNQuTdq5X0/Q8m2TMq5JHJ2dwKBgQDTVJ31yDO+G8cjL5Eg8yrcl2uXqXpf9JfH +AQvmHVoqpmpeD4q43UUTP8ONYs+vGJ2oZSH7rxZQ4G2JYxl4fzar8zePVxOUfxMp +widEb0WiHAdfjCZRjmjj1Fk3rI/nYTcFmnU5gUjtFx7q6V9d6aoMqZiK7uiNMxCb +Zw7Wa5z0UQKBgQClNjaxsGQQSGaGk+ex4OoQF3Ya3Mgo16g/PrtNWfl4Q+L+xiOt +2vLL3EMtYkbeXyDlp9xEw3z90TaClg9mSDAd1E6teSisI0wih/jm/QnkRCXcrYxE +yEiWK2KKFRzFSifS98kq6WhjFPyzRDNl5jnytm0MpC6OXrOxuaEQMuQRLwKBgQDD +5PYftRsxqHIpzZgMIRykKsCTb4h+li5zTCcJgj/otSZ4VpPS1VmIhFzzHJtDxd+v +D0A3G4/mHIOtDO25YsL9FZF1D9SYnErZNJ5Ns4+qu6yiBzol84qLVnX1Q8KJSvZD +/W+YhJ1jGUGRpA7A8S6uWi+K6fcrnCBSzW9Vl5+AYQKBgQCxPfQm4QFRPVW8BYFf +vqnssYvb0tqiRRa+VGgTeqW/EFG03ZTZM0OpKGHBAiBRF2ZHq7DsrUvsr2jCnxJz +0vy/hmTPMCx7VQFA30C+b97OqkKcr9B/+SBFmilo39vZPTTaf/AJdLDN5UPo0ynu +WGYKgGtfLnzJFt9X1tQDwf/ueg== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/cert_path_common_09_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_09/description.txt b/src/tests/data/x509/bsi/cert_path_common_09/description.txt new file mode 100644 index 0000000000..c248e38754 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_09/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_09 + +Purpose: Checks the behaviour of the application when the target certificate is not valid yet (now < notBefore). This path is not valid, because the target certificate is not valid yet. diff --git a/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.TC.pem.crt new file mode 100644 index 0000000000..69331bbf8f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDEyNTI2WhcNMTcwNzI3MDUy +NTI2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANnpAKLZvLSvre4lA/8lDcf9XuoJAQ0PgB+6 +z2atWrBVwbIqH3bFq1YMVo1JHTDOZ0yI8NK5o5xtcFsLuv33aJm9qol36pczGtAD +Z7TatNXZoi9wgFud85lGvhky9ylWXKU4DoNcaaeqMmh5ETKcsOQ8qe7B68WhQ/Vi +71aPuJHjhkfyi28JaBpfH6QzuyJSKHB9fv+JLhvbJXRbDLT+Zbk2VuGeAK6I76m/ +Jh4hSf1COI7ezqxtdJ0L7j+TbddhO/SfZCR21ZwgRw5uY3+vPghqrEAJpwebE7Pk +QAIn06Yak+r/KKBF+Pni6+29m4sPJboarx2a3riAGpiBgRqQ67UCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFERbPaoh +NV/nsn0dnO1DCszXje1HMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAT23eJDAv +QuRsPwKqhwwKYRzbIw1+jf7ExAseJCpTOFfSFJC9nf48YWKMBghq4gw/SepmzPOO +SCpQuEB0gHjDKsKnbG+uKJvSUstU6WfIPaRm4I/kXyWTQpBGJph4xDOwsOgBU7Xs +OvqFgvafJytmXaczeYyr2SEFiZBYrbjz3nYyGG/PUixylFW9OcbQ7daLDHUqh75S +0x2Isw0FN5s2xfs/0q40Jcd85NROfNrLyeLV9HnNq9OK7cpLyxVvcrJqAxZnw/it +5aYJUyRCg/43uTz+/VJBmAWxWLxWEbT2UdA+xqmzGFEaY7b6BdwJIPtbCMFiaHSr +GkUYAUQGEJ6i+A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.pem b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.pem new file mode 100644 index 0000000000..4f21045c8f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZ6QCi2by0r63u +JQP/JQ3H/V7qCQEND4Afus9mrVqwVcGyKh92xatWDFaNSR0wzmdMiPDSuaOcbXBb +C7r992iZvaqJd+qXMxrQA2e02rTV2aIvcIBbnfOZRr4ZMvcpVlylOA6DXGmnqjJo +eREynLDkPKnuwevFoUP1Yu9Wj7iR44ZH8otvCWgaXx+kM7siUihwfX7/iS4b2yV0 +Wwy0/mW5NlbhngCuiO+pvyYeIUn9QjiO3s6sbXSdC+4/k23XYTv0n2QkdtWcIEcO +bmN/rz4IaqxACacHmxOz5EACJ9OmGpPq/yigRfj54uvtvZuLDyW6Gq8dmt64gBqY +gYEakOu1AgMBAAECggEAHOu5s+NmEi0GzoaHI0PNsm9EO5d6Vjtqa8ulXyE+2gxn +qrfAeUj+1mrIyfOcNjAOsa+zFqSgvFAiC1NhO/esIEt16MzLi8myk00AZJZqTb+W +sOkjgAVUoVEsRbfn6cqWfS8VbgXD2AbUrdzzlV4KdCBBBXkjS5V9qYG59ikY+/OR +0/QJxp4yXSQ3ojpAxd8iIs557gzGt1305/me5l/a+2cl/VTCSYN3nMql3miCSYIX +nJ/KKBNsmRHp25AbSN39xutOIUYtBguIboWglUhTtLo4jVn1TffWEXsx8H2/V+VN +t7cOMEIVM9hB29NM7jC7qet/1IpJl7uHMN3JeaaMeQKBgQDzVtVqGBL89zkJfZXG +PEFu7SbG1yuIC55Ts+RF1fXYonYS0BzZ/be6uuFcrqmad8tLaygRY0uInQ83wRAd +nplqNXya8XsQr70nEZ3lESRSnlps4GbzkmwXnwneZa4SXSGgPodEoKR/vH/f+PJy +aGIN/bW7eRnYvvPdrzSgZPcJqwKBgQDlP3dCV9ipycalHmEe3XlTccd7N8R2M+Ow +6Fu7grZWP9WXsz20QDen8iezY5/tn1qFV0vgyOFE7deK1RpkgFJd0P+sC1vis75Z +rDpMjBDObBEm1v83UMWd60H/yc9oO/HIJKVlObi9pFsq6pNz93rTuokK850oDnhu +suGO9rRAHwKBgClDOzMfW/DrVw+l7QTNaOcPbbjf+bC7D6Dv6zBwZJzUh6MPCSVp +4YLXd6mIsJfR4nYqeIPiS4eh4le49CuhnjAlW7jGY/Dja/a5BQY3zun3kivOLYb1 ++EBVJo5AvbC9fBs5HyTi/KHwa9ql0y7VRnNK50sf8OMRFjcsI4djN4S7AoGBAK0I +HEHtAFIXRGI47eFYFU1QYdq1GwqE2+UZXLPJU0sCX3tjBL3agqe29RRHq9y1HKPs +Yg9GUBGw27Gka4lT+ddp+rCm2jHgrVoNzuscBUto8gE44eWkh6RMf8JLVss8A6Cn +WFdxG+m39kAMUkODlifdcbbcbdBgK7KSPgGkYCTNAoGAJgcfumqDBMgpY2KBw/Ko +6Nv1Qk0zf29aPve733e9tYoEPYPsq54IVudcOQMTeEvuFj+WGKSqnsVAni8FR5Fq +KC27uIx1vCV6g+wMPqPQMnHT4M2feu1G+vxxKwfmKp6RprKpEVV59qhVidvzRR7T +V30uvjLtM2DeZLB67fJrUhI= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/cert_path_common_10_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_10/description.txt b/src/tests/data/x509/bsi/cert_path_common_10/description.txt new file mode 100644 index 0000000000..5fa2f591d3 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_10/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_10 + +Purpose: Checks the behaviour of the application when the target certificate has expired (now > notAfter). This path is not valid, because the target certificate has expired. diff --git a/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.TC.pem.crt new file mode 100644 index 0000000000..35d63c31dd --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBBQIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTI2WhcNMTgwNzI3MTMy +NTI2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAIzJdzaqP4imNOIOwAqwIs0IADZkqilKBB4s +1CWhz2D7W0o30CjsE7tDRt5ZWlO+x9jMIr3/pRO4/+Cewyx0dVKT7oihRaBPFa3o +zLqqgsI7P7caHfK9UMnHqZa72tln7BCSqUeMeC/5Gim83njtceHYWL5b9MMPCKjh +ROUdrkFxc8rt0ODvRUAMsq/zcutlO3BvxLcvdOoDNCUpup8NWq2QKKtznxXc+LN/ +M0I44Q4AXyefjwPj1S1T8joAVJ5zEikFxnhtptMMBnqdXNqhp1ttoAYli1qxHpdo +7Phb/RxPHxrO9Flatkg7HJQAg/vBca8jIM4g7X5h+GRltNai3gkCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFOU5vl4k +v/lb10KegkKnzsy6o/GtMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAE+38Axj5 +Mhj++eMIAs6kaNkuVAYyCgSzqXBb5ScMstAFVMceGBjq/DgBA0ee8wQ6KjQXbDk5 +LUglcyNq1Zo0rh7pyC1tFne51skDurTN10LILb4gMdc4/DcZw35hGOQmv5/JGrAp +TB9UU3MEEZ8vMSpUdingK3ePEjX52cVI9eZ4/kDl8CC4z4ReDd1hIJeh/pnSIgRs +IWBO7JDOdW/b6ru1z4JWphaKPeQmhShCPEtLOrHNEvBtlVHLZsonCemXZcrMF7HL +smT1shld8oeIrIp+SSy8HIVGYGaojdvDP1e7A+KkZzsVryrntvvQ2pGD1gT8zZxt +amdGokZRws3gvA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.pem b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.pem new file mode 100644 index 0000000000..2261fe0501 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCMyXc2qj+IpjTi +DsAKsCLNCAA2ZKopSgQeLNQloc9g+1tKN9Ao7BO7Q0beWVpTvsfYzCK9/6UTuP/g +nsMsdHVSk+6IoUWgTxWt6My6qoLCOz+3Gh3yvVDJx6mWu9rZZ+wQkqlHjHgv+Rop +vN547XHh2Fi+W/TDDwio4UTlHa5BcXPK7dDg70VADLKv83LrZTtwb8S3L3TqAzQl +KbqfDVqtkCirc58V3PizfzNCOOEOAF8nn48D49UtU/I6AFSecxIpBcZ4babTDAZ6 +nVzaoadbbaAGJYtasR6XaOz4W/0cTx8azvRZWrZIOxyUAIP7wXGvIyDOIO1+Yfhk +ZbTWot4JAgMBAAECggEAB3LZyjQ99gmAIwUvgylAQBuIIliXWaWjO+L4ivCpj4qg +8PdsvZuG7DmSIG23Dhb6DRX40RdbWSSosg5ISnvzYJ33yPYKYGHKxneajFY84pCe +rX3132vFgFV+Wx2fhbDeQB64UtMjYTtjV1m5Jgn/BFlNUa39EExlc4Tun5YfS/JD +/L2vBt/aNIbRgmEELLlOPqebcyMNJPx3XpwdkXQu8eYCotj100kRTCL1hbn6V9vC +dxqx/xu6Pmd+1Qu/mpTOIa4dd0/Mu87jnFPG1qO9LJZZXcfIEisBCjCSG2YTuAKY +9Y3lVdbDZ3tqMABen28aGLAii8r6+ujqaMSH1ERdcQKBgQC+GQ817pI9sMjfchq/ +W5SebyePouN1ZB3cjYQwmELoTBehs7viRp5Bp17DSQ36Pw4yN7KvZkFVMSsmqzaX +fW5p6pD08e7oZUCk/baEszVQO4PDa6YrjTgUQ4xJHM4aD6L/S8tjqWYMdfeNLA0P +vCtJ+ii+7WWx7Wx8J2RpBLg7GQKBgQC9mCB2FRBNz0GbijkMB9Qo1bIcPE3SuSd1 +lKOdmuew/iAMH408KMOKTMZJgxfd0oKOVJdhADEiT7Mzo1gS86MjaepWZiWNdjFi +acwKaVSGbSE/aFia/b5aNS1Jrzk7HULQ021DM+cr1pPzHwBuEf9q4YuzliQ/Fy6p +kPbz4jgIcQKBgQCZ9Mep4SaVSdjVhp78/ZmW2uUKYlyfFU9N8Vru1FHTutSkxGDU ++GZxO7D2rfLhCjJgH1Xa0hD1gxW0gpN7Cz3iD/QIPOxFUMOTHFu2i0ERUrH7EfMJ +cJzLZI14JRkSaDmVU3hMpcQdMWkk71lAth/FERHw12k2OdhTkL+0gfsG+QKBgEOC +b8ycI3oRWqMvzLBj+T+xGALF1lA6bbqIetob1nRHiNHISlopibctL03tyAnMc4CK +znxTvSsihgTVHP9ikayCglbReH2uoFcSpPzwFJDpOvWBCkvmHmmwlbevFQnfmXMS +Vc2gJaiOd5AScey/q9s7BKulwrJUZuEqJUUiQCGBAoGAHMWIIlOo/oBE5NWukIx5 +vVW+RnLgrPNCWl4mfkD2siTHZu7V+FP/JYE1v3JNEgrIvDvu8LwtrBNW7BdHoGGE +B+XFC2M+V8OmhsLjr3obY8thlsJ8CklYfYwyq1e07igXE+MyT/kEsJYjyarxYoVW +O+bCv2vfxSG0o3PLMksiteM= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/cert_path_common_11_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_11/description.txt b/src/tests/data/x509/bsi/cert_path_common_11/description.txt new file mode 100644 index 0000000000..222370eced --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_11/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_11 + +Purpose: Checks the behaviour of the application when a certificate contains an invalid version (e.g. 5). This path is not valid, because the certificate has an invalid version. diff --git a/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.TC.pem.crt new file mode 100644 index 0000000000..57ba033ca5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDU1WhcNMTgwNzI3MTMy +NDU1WjBhMVIwUAYDVQQDDEkxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAx +MjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0IEV4Y2VlZGVkMQswCQYD +VQQGEwJERTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtNBvS5Ahox +GjNi4MxWzEtRjVKUIC0hnduJ3WzXhudVhklxEawhUttfWYON17krjDVfToIwSRSN +aMhu+iRH1b+JPUtccsl5HitfUHnO4So0bjBsb9y99nijvKd1Ch467JbgXnHdEzlm +C1kZ70/XU1c1b0jwfPXnAwJyAVvp9A7FaFr1o2TFFMtPpvCFx+DTPa+3HtMnnPGm +gfbyO+z+GGUVjGmXPpRRl07ZndTeERNybPyO+QGiqM/gc/tPQvsMXPC2wNXpm+8/ +NMC4HkfI8CVJJVte8F2/pm7EZO2jZM4n3Bvc47jMTyk5CSi+gKG+KjLTmgAFj9WG +4je0os/AwJ8CAwEAAaN5MHcwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35 +z8AwHQYDVR0OBBYEFA198x9YJYgAHfWgMee59bILChUqMA4GA1UdDwEB/wQEAwIH +gDAPBgNVHRMBAf8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG +9w0BAQsFAAOCAQEATq+s2w+lBcF48ocSqmY+gzqpEXWzr0XtZu8bCjJoBOJhd6XK +SypOfYKJoXWhY7YSLzLvSp6R1GqYDE4V64a7EDMcAGDamoiz7eEMiLHz/LxR3oPI +/ea3ecr4MM1TKEBRiMhQEmAf0DAzAU2POlsPP2iPrt14nads3iO7YSE5bcVq7IIX +mLHM0SMrQr5ExjvepR8eZutQV3dGKHBEP6gKSSwCUDwTe+ltCGfepisqU1JqEVXo +RTZihXdgghRGqNEZmJkugk9D/WN7ZMpNlCL0U64QMIhdQ1JfiX20v2hcGC/Eu8zk +P94g2QgKPSvcQroQk0y8HamcPiJD/4p9REJsCA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.pem b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.pem new file mode 100644 index 0000000000..fbd177a73e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCrTQb0uQIaMRoz +YuDMVsxLUY1SlCAtIZ3bid1s14bnVYZJcRGsIVLbX1mDjde5K4w1X06CMEkUjWjI +bvokR9W/iT1LXHLJeR4rX1B5zuEqNG4wbG/cvfZ4o7yndQoeOuyW4F5x3RM5ZgtZ +Ge9P11NXNW9I8Hz15wMCcgFb6fQOxWha9aNkxRTLT6bwhcfg0z2vtx7TJ5zxpoH2 +8jvs/hhlFYxplz6UUZdO2Z3U3hETcmz8jvkBoqjP4HP7T0L7DFzwtsDV6ZvvPzTA +uB5HyPAlSSVbXvBdv6ZuxGTto2TOJ9wb3OO4zE8pOQkovoChvioy05oABY/VhuI3 +tKLPwMCfAgMBAAECggEAEtvpl/gQWQWD5BlkNLWaS0aAtRE1aP0/owO5cCSwUk1S +T0lBT/6L3+FOT73w0eQ595xKXpSQpHscXfNd2wWvl3qKrX58QrMbalyq1aY8Qt2/ +2IPvstE/zoX+8elgQktsGwDmVPR+YSjbYfq0I/RJqsW+vpHUvWvVTdJy/4Vbxw5a +81bDRvZVSC3dDOCC4I6C+Rt2K0qcGiulpXMZqNSG1WdH8prrX+4lR04Aq5dzvQBy +hjV1xvsIgmUJg6h20efrgKg+ybayiBFkQQQWqyKFZNQT+Nm0ZRnqAPzvJPMZnxKp +a1CiisAoA442+w8zoBjST7J/SN0vT9nJ5BPKQImQ8QKBgQDTQ7INtxpnt+2dhSXe +Hbh+tdH6F0pB9E/kOclDlBRu5tzIDCOu/TMcfUjH2+Fnq04xkNp99CSQURMhSH85 +LhCHzwfMGFx9vIgaejfQsQF1BOK8shXjmcpe4IfJtF5EwyqamgPzc+ZIzgp++3Z+ +jmtWQFptE4iytp16TEhD2az9rwKBgQDPkvjdJwTdlV4gMgwcOarlyDNbaB67i+7M +xW4eS+iIX8r6GU8ulEqs7+FLniPQoGbPmc6VTgDfVpnCxQDUwvIq0if9KyhtMVEE +0ZXtkelgPkyuNMomYjKQH455P8EcQI4l4t+q0EcjZUehGwITJJrGQb6JA2RGdMQN +xgaqUpyYEQJ/bpUAni05pRChT9Jh/+GOsMR7JG0McXlwWAXnU3gvOd2dsxinlPDz +z/XEItj1I06Hn2oy87rXaLMHUGSiM0vpWy0C59HYl/gXRcSzcok0OgxUonCVBI17 +YC4m5W2D6no90q7LYqNH5tPyqoT1gUkK5hrJOk7/PoxX4awMJ3fJFQKBgQCwKgfT +iP30IIRVxqPIgJitkw8jEGakvMnaN+SRCdM7ijD1uO0elvQZeSw3xOqYcMlQfzR4 +Ok87PIAacJ+X8iscdGdD0ZDpuuULteQMT71E1Rq27k5x7P0EnAOKm7UEiTUaqkUw +7rqxK49zBzznijVg9QMDvUEpGogZOGsHujz0QQKBgQCAcb0SQ28989Y8W3XLm2Ol +QbEePGlY4rXgGq9PeObYkHW6ZgvfMoSd5JFAUHscWUHy+fWCHhZVtQFzU4e3fLJe +4Qu/EjfR4hvDD1SkXeVjaJvTEPmybs8qjaxyciycZ112CetHzEqeM5j/ou85VUgL +6ZF60N6JF0zCM/rlRFgZeQ== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/cert_path_common_12_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_12/description.txt b/src/tests/data/x509/bsi/cert_path_common_12/description.txt new file mode 100644 index 0000000000..701818786e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_12/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_12 + +Purpose: Checks the behaviour of the application when a component of the subjectDN is longer than the allowed length. This path is not valid, because the length of one component of the subjectDN is longer than allowed. However, applications may decide to gracefully handle longer names. diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.TC.pem.crt new file mode 100644 index 0000000000..79c6f9c58b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.TC.pem.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFTjCCAzagAwIBAgICArwwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDYyNzEzMjUxMFoXDTE5MDcyNzEz +MjUxMFowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCy/ASeaqxzOjuqRJjTNLhazAla1pFuFn1h +RLDGSMaknpbZTR3xE6eZ/vz706ztY2tus4K/sHbgpx+Vqo5/qiZ7Tt++w+h6tsv9 +WP0+qhSAftPlkgQqNMyu4Ru0mHK1FU/euXV+2MP+9H0vSQbcXToLDbp/0sLh5RHn +Xo7V6+sBqc3+9gcdPZwAUPGfR248li1D2cPJ45TOmNe4i5aX5FUaoJVrVGS1EOj5 +2vue82N/RUnBn49HuEVO81Tdfn5Lmu/TzT+3W9G9wMqv4xH/7wPxtPOWev7zoOBg +irFcUodTGB6qPglQphyZ2BAh++baqbpgKxGTddmLrAKEr9hu3YrptIr5e3r8Qjn6 +1n8QO7DxF9dpe/AiH/iFnOKB35iJAzmu7nuFEQyeMcptmxIa5AMwHF/lH5nG67jb +rsVpPOKa8PfzpJ1kCDK6QhonaNqY/byfrGa8dZsBsFolzbRHkwceLt8QaB+n//ju +1yYRl7nIKlbmNKAQ3enlGNhK7oL9N5WfCH+q2uzc+Tse4pZ7eTH5PQUo1j62uU+U +PvQjmsFN5xog12MpuI2f5A4/FYn4vg4a/eD8tuakgzR1grulS97addRTO1oomZ/z +CKv2GTwFZWN0Q1aLAkBnPtTlsKQm1r8+7UKLiRXdw4r5zRL4uBuFRSB4u/i6qV0P +Sb1Wq6z0pQIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFO+wmuj+0lTjduwK7L5y5d6N +MNL0MB0GA1UdDgQWBBSyKunHW7hsq3rVBQLB+ScxlJZ38jAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0gAQH/BAkwBzAFBgMqAwQwDwYDVR0TAQH/BAUwAwEBADAUBgNVHREE +DTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggIBABBd3WwZYiNXQYrJUYEI +AdxjMBpajMOwYZyzLPPuQhNgmFhd4WUJ83XTQMmnRFz+MZhhHUwyZNlN8d3ePplV +U5KvXnZUI4A23St8CwDTxBrshLsKRsdVv2B7MgawaM3y+493uA4Oet8ErO/+bqi1 +pGoVSkOBPWtqIGbwCoyOPTiGzdNpBx2k6tbtWiu7a3e3Tn+PLqTUCVrcOcgmwPXD +1QZX3ou0ySG+Av/Bi5cA0tkOo7sNerERnbJAroW3I+5F+qZW7wxJlE2IMX5dKb2A +vtD7HK3D38XxF0FyQAbaoq8azTGPMSPneM0Pkluf6MMHefDk/HypmXSbLk6dCczy +lz+jsWmt2ot2xVhaSiSdJx/LDa3McAC83fuVlyJXjkfb/06JzCEi3+DtO9+uJflP +KH9I6XUIs6bDA5HwsJ8tJP2B46wcyWNWu3Foq/KcktDVXqTEdGu8fF2eNqlx62qS +7cayq9zu6YVCX8UxEsT1d9JonCGWmpqvH31mSrrFpSNyY1grkeKUcmIy3/IGOPUA +DLney9POtShIB9iqek5YnYDRg8h7iPBHMvIvZpCGsBiHOdZgLz3IRxAUKoh6Cc01 +PJjnpL9IdEAEmxCuFE1+ky9kOla5mI3hBq5Q2pPwdnRmA+AHjasIuk2M5n7v1oG1 +OmjXgdHfonFtPIDKeLi1znZA +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.pem b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.pem new file mode 100644 index 0000000000..5d068e710e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_ee.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCy/ASeaqxzOjuq +RJjTNLhazAla1pFuFn1hRLDGSMaknpbZTR3xE6eZ/vz706ztY2tus4K/sHbgpx+V +qo5/qiZ7Tt++w+h6tsv9WP0+qhSAftPlkgQqNMyu4Ru0mHK1FU/euXV+2MP+9H0v +SQbcXToLDbp/0sLh5RHnXo7V6+sBqc3+9gcdPZwAUPGfR248li1D2cPJ45TOmNe4 +i5aX5FUaoJVrVGS1EOj52vue82N/RUnBn49HuEVO81Tdfn5Lmu/TzT+3W9G9wMqv +4xH/7wPxtPOWev7zoOBgirFcUodTGB6qPglQphyZ2BAh++baqbpgKxGTddmLrAKE +r9hu3YrptIr5e3r8Qjn61n8QO7DxF9dpe/AiH/iFnOKB35iJAzmu7nuFEQyeMcpt +mxIa5AMwHF/lH5nG67jbrsVpPOKa8PfzpJ1kCDK6QhonaNqY/byfrGa8dZsBsFol +zbRHkwceLt8QaB+n//ju1yYRl7nIKlbmNKAQ3enlGNhK7oL9N5WfCH+q2uzc+Tse +4pZ7eTH5PQUo1j62uU+UPvQjmsFN5xog12MpuI2f5A4/FYn4vg4a/eD8tuakgzR1 +grulS97addRTO1oomZ/zCKv2GTwFZWN0Q1aLAkBnPtTlsKQm1r8+7UKLiRXdw4r5 +zRL4uBuFRSB4u/i6qV0PSb1Wq6z0pQIDAQABAoICAFL6MW38CGz3L1gVq0Anbdxy +QVgCp7OA66mffdC/RpBlEYw2i04LjaUAKOrazI3VjKXqxQ/3UHWAJU1un9eh22tJ +OsOm8W2Kt3GBww49LXoQ0k3Y7uNeTRI6PGzyTCOVeMzJ8CXZeqwFTtAQLAUXl2Qu +firqW/z8BNvd45xbXj0MKvsrtkqhGGSxIgN0yy99dAjDuVgskP1isIfW9v7+FVJd +5ke2/WVQLKJBGmwrbBJB3hrMzVEzpbYfa1WwYf7NGqh3vDVWdRtieNUoEV00wwBY +oqE97lqmV7+KLQWfISutv/GvBwSDrjjIiVon/XOcQlJ5RRG3Dh8JpLU9DLsBLHe5 +qZk1qwuyHPpV3kvo1dfC7lVZuOmff86A1BtZJt+SwyNepdxCi9tS8UxcRiJy7ncR +qp1jKtZ556swkPEXHqkItaDgO/7RN6r2w1y/+K58s6lDqyJNv6X7QyTcPOgfJDK+ +QSUSEEUomdvbl9XPBctx3EinFHDELtbd3pxktzIkN66lYoVv6p6VUgKmTrAg3w02 +AHddzLxYUCeosgssLwtRHpY/eDeQD0zxWW9zZcjdf83ruAPqFdN/o0BVwLg2o/71 +m62W6ZIEksgM6bidQDnDYuYcDXlh5rR7UJiFsLg0qwF6NVGS7YAEp+fdtxWC6mIz +eizZIe8Vz9Mu3hAihgvVAoIBAQD5zrq4HfK56uJlb+Sj5XbknbIig9wKrlb7Kv0q +p9LS5RjPBdWe2uhAHPt1FnRDq7Jh09xHBJ13XiJUz9faCLGUhYSrKvcmU2C48zhV ++/BS9xrOJ0pNCRS5IQQ2hMfrX2MDpwPNmNKzTZrwWkoZn/eGiYJub4Xzx63SUzj4 ++rg6RFsfsenKHSIJApuvNcnz8ROTkozMaY7sB5Rq701RzhXH63LqEMworcf49vm0 +MtBUQJrvp7L8ZNKzFjeAll+oBY/EzbMdsr4znpb3Q7VlOvla113f426VBvNSsR74 +Dt2qOIpalW98O0IvfiVaEdIYHpbuRhg0YvloBiA08onG13G3AoIBAQC3a9j8b/ms +gBiPlsJyXHrPBFylPoKx1BQEjes83ONe7WUcrWFi6Ks6aXKKIKJHMIFO/IJ3IN02 +QVpu5WsqlghFqqUv2myRmsMzGv2BFWOFo1GyGhYZfQG6QNb6KjrBzDLlJrb2X4If +FfGJDbUd//pIazMyUzlwzCvtrK1ttmKJAnojFVUgwKTWjQXuozG/XU7fvNQ4GyfP +VTpfJcqUZH2xJIX0aY2LXiVHOTQIclh4sZ/Oz+BYvsIaekTGNEl6qXH5yzjetlAe +BpQPTX8axkTPEG1ABdeRcjBONOHGFEV67RgSLTVTTz78fPSfO1QxBYY5KFAJrj0D +1zdaAf018FyDAoIBAQDzBdAWwGPbxQtdHZ70Z47j2Bptg5Q0++h4zxieP8hVDTW2 +aXmp4lMh1FA5V4/iKY4Pp/lbSb0bXIPPuKfIYL7Ju58WmmT4bxLguxVqaQAi5my4 +c/bPvO7hL6KWm1SWwiRkcD297VfFwdDi1SPTjBFVXD98ypgpUm/i9r2tUtSZMtjn +m8DStMbgtx3YNV70J+sgnOjHEEZPjwwvgADbfb8o0ADqf07uoCm0JilEyk5sOLHC +RoZVDo0AVrPGMAR9RHPaRTdkw/hP5Y/+m2tEQTxGyNB1uB9jcfCT2OZE8slpCTpn +54se89Nuuq0B0+ZtOo0g3yY7CLKUJal9eRraS8w/AoIBAAZVZAW7fByXw8FZjFdU +mC0D0osmMG8hiptppyDP484IVoB6AC3hKOB4easJW3En3J80mvCwItNXyF6h72Rm +D90P+mo/mZYhiPH/0ZcefPRFYnHK8s5ogaHD0WiMAsFkYrGE97ZkL+MQ5+k6nvFt +QGA1y2vGcepSMoYfe1GZhaeDfWIuv2TFIiwCbJ0D55jbCPky1QUm8uX25HAapvce +zTRLtZBuAKQ6WQEvmXtdL27je0gx52ZJF/zAEhXiAlOI/FWKzejq1LNkuMIag/QR +upiH0a3vRbVRAxgAPXeQhaGsBDPEed3pk5w2WGATNWIH9c2Ndc4PxS2XxeKGxQ6S +wS8CggEAcY8j3HECYuP/3i0+1TxYP0SEBDOX92DsjdrSuSuAzGhce6bEfDzMCBYP +7QAr+kA1nUGlz6O2yCHplAGTawWvBe+JlFmztt85xu7BzPcN7loDthgV5dsxll9p +yYI0L/syGOkMMZiMkWelYrw7Fm4C/Kj/Wm8nx+4lyb1oWfLFdwiOxEm7dI+1AIb/ +t9qyJ1eAGRC3kXvK8Rb9O/OVCbGttB0NNgc7ANWXarYYK/yukJsS5vjJp7Pa2KRF +QVUHXlQssIqJSqRNAZvQIyTUAsWq7JPZqx2k2vDOHhpSMf4DN9KbKJ6bYaaNmivv +R/0OoiABpfkqlFBeCc0JKu1kSrWHmQ== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.ca.pem.crt new file mode 100644 index 0000000000..a8ac3b5091 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.ca.pem.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEOTCCAyGgAwIBAgICASwwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjUxMzI0NTVaFw0yMTA3MjcxMzI0 +NTVaMCExEjAQBgNVBAMMCVRlc3QgUm9vdDELMAkGA1UEBhMCREUwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCw40B/upIRBI1qsZWeqMgnVX/Vn3MACJWD +3yXyCkJJlCkwM8cdWIr7mD6f/p5kH6WDJoPAYQvNwEVnJxzypzBdMkg+bOBpTD+m +bJl18AUiyLsEv3QANdjwezBuEs5jCQCHjgl7Ig5he4IvdrRGMu1cXzKLrD4mBl8Y +HIu0qzqzsrsSaQX54kMP+wjyDjP/pB7JZl9Mn4eS1Dd6dVxLTIbxAP347A4YGMzA +Jmt6LZDfVNHYXcvI9MXzjvEs+SvGoE8eTg79ESERW+jKJBXvh6nzgkUBBu7zx0hb +5szSuAwqt6/TUATzFbc/5KzJWRDK6kbc3hh2qr07W6eDPoDu0s8Lnt7SYX5Jmk5f +B/3JZy0zVHfO8x7ICEBXEiHJFlfxE2owgv/QZfk4C6c7MCvrnfvUTxGjJsoiuVAn +r3jf3JbnUYY7MqD7wGktk30hd1OMmE/81SF8MERQe0mS/ZFJA9ljj+RgUCUgrWFX +p7+wxGXc5hcGnO9liBkiediiY0xvpctGh85fmGDa/bM6JbDp/o0enanoEdZzLrMP +05XksBNoK0wpXrPyxT2QeaV4NSK/v66T4neoP/6W6y6BGMYM5FMmTrCpFUI7zj/X +/fCQ8pK9mcISziTHrgVhdrojGFrcSlEcFfRY1FclZ0k8DpaViE03DZNhsRcmFj/y +6ohup0eORQIDAQABo3sweTAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBq +cDAdBgNVHQ4EFgQUHOZyoERFb+Xefjmc6Nt/ORt3bEcwDgYDVR0PAQH/BAQDAgEG +MBMGA1UdIAEB/wQJMAcwBQYDKgMEMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZI +hvcNAQELBQADggEBAAY+0UQ57UwiZEQCjTn+L+itxXYDUzM35BaT9Oyg8Lf6nt6o +ZWWEGZmz5MaYz7y+Mp7owRRHv1JhVOOSAsxoTZvG2UHp5oXW/iWPAQXW5hy1QC2A +FbPhSwaSLACIq19K+zd1kHweOlU3byLq8p5T9o/c0DSKNvlG9OCQ5uTu2bdlOpTd +XZfFz1eQMSZU8da/A/myb4r7pjXezIYXLDH1hPOgsek0X+022sxDCtfpVWCSU4UC +0U/KtFv+SCiHxsXjwmhs4jOxFX24APjEL+rjdmDlNDf5daslmqV58IOngfDDgZY+ +S/Nw1m07gmR2ekrdbGqgz7J3LhDUrQ0NGfx/U9g= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.pem b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.pem new file mode 100644 index 0000000000..910b67d9bb --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_root_ca_key_rollover.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCw40B/upIRBI1q +sZWeqMgnVX/Vn3MACJWD3yXyCkJJlCkwM8cdWIr7mD6f/p5kH6WDJoPAYQvNwEVn +JxzypzBdMkg+bOBpTD+mbJl18AUiyLsEv3QANdjwezBuEs5jCQCHjgl7Ig5he4Iv +drRGMu1cXzKLrD4mBl8YHIu0qzqzsrsSaQX54kMP+wjyDjP/pB7JZl9Mn4eS1Dd6 +dVxLTIbxAP347A4YGMzAJmt6LZDfVNHYXcvI9MXzjvEs+SvGoE8eTg79ESERW+jK +JBXvh6nzgkUBBu7zx0hb5szSuAwqt6/TUATzFbc/5KzJWRDK6kbc3hh2qr07W6eD +PoDu0s8Lnt7SYX5Jmk5fB/3JZy0zVHfO8x7ICEBXEiHJFlfxE2owgv/QZfk4C6c7 +MCvrnfvUTxGjJsoiuVAnr3jf3JbnUYY7MqD7wGktk30hd1OMmE/81SF8MERQe0mS +/ZFJA9ljj+RgUCUgrWFXp7+wxGXc5hcGnO9liBkiediiY0xvpctGh85fmGDa/bM6 +JbDp/o0enanoEdZzLrMP05XksBNoK0wpXrPyxT2QeaV4NSK/v66T4neoP/6W6y6B +GMYM5FMmTrCpFUI7zj/X/fCQ8pK9mcISziTHrgVhdrojGFrcSlEcFfRY1FclZ0k8 +DpaViE03DZNhsRcmFj/y6ohup0eORQIDAQABAoICABCec+424TJSyIFAXgZMupa3 +ebiLBTWjmNM4S/W0RmC+AtX8h2CXyQxfqW1EHC2Gq6OUIsdtrBDmAknxas7W1mcV +1Pkd0Ze9tN01/Cplz+sMtkV5QgojBQF9vCHGB+NWHS6fMaotRkdHtgYvk5Bk3dgn +5DUrNvZA8v5DmvybzyVtosCADYevXQ2gpZ6C/G+wQ77jAgvOO+FCVFQKYrl7CdKV +fUcTJoqCX0+jocVrh95JDHjU7H3c7Bw4pIAiiPJdwrveKZpX2aYqicc0IhDMdjM4 +B15UAG9MRzLF5HMycjIxP9u3+5RlyJRq2luweoYWAhe45iOADHdfN8XPlt2EAN+2 +SIUBcOtuEXQhagaVAbFHVu+NwleOpHMZUxtRCwjiPesKMCAPopSeRhFLthK2sciT +WETBNpBpsOaVYWpeEz6ockdOp6mtI+uVJAGPLWLMHp9l+3eYI89xR6g5X07W5RQQ +1+oG9y+2WtRwxjlqbxcbIZblyG7O+Kv635tBTLjCdE0eyGFglgGlYPYQjpANj463 +DnDNTLCa2GrH8GT7HkZNQxDrJPbXpJp83vv5qXuOve74j9qFETMF3KgTFQHxuvAA +F0aEVP9k8ay4IKxcskyxFeLCJ5f4PGUdG3gO/uhzJ1/kIzFL8T6RRc4m3OSZYxSh ++2e+mlMITqLmJhLvC/ihAoIBAQDzJTwHOVkwOD2SMl8jyEmRfsTEt3SC65sMKr8D +oXKv9eGJxbsCKE1cwK2GNSpw5q1KtNQOFuHJXjQeKJojxKAKzuER/2nJPUYCQmhs +IqTLwimsRb4dAeALFfF+clnnJmQHtLTzhEoDXzD7fZ0AMmX2WU0xbgKOq3ZIVceY +5rjmQCQFex5hIp6xpR7tvuG/zsxJVbbZm6L7bTs0XhBNXHymPwKO8DJsGQV0utol +Q+4ncIHeBv/mXtoopDbOgmo6cqyzWle/X1nIl1ZEA+lCPX9Nn97pE4noQdriBd7d +lzqocNLPZg2KseZlulrvayz/yVzdDB5HpAZCiomrw2tW//AbAoIBAQC6PUaOIc/4 +r0MoCkdhGJg6l9ozbMJ2FgUt8/a4T6L6Zh6Eysl0HXZYMvYHrPr2kbC6C1CkexXo +rxXJhmM8FJqbtweZ2vzBf82wu9SEo1pEA2xNU5VYvqGsxj//o6MhMWDaEJ3+Oh3V +le+kYuopoGLjLw97RuC569TYqmcBDrStChlmfWD+1eyphXtHt+kkCjN0RFf6zQcZ +uuXKxN/FJJ9tKEeXwJB7eu72jY/X/IlonfUkh8/ysUBKl3Vt+ZYwDIePudORuJjg +saPMqLn7HYdUyQONtueFuIyBY3LqF+p/2J7VHjMnZEhTT0N91lZsCN5Nkyph73P6 +qmmZwPoCYiEfAoIBAFV29Q6k/dCRNDM7OW3ebN2TbZ6nzXBnWGyCafnguetXxhsj +QYSUnfzITTYrYeulaawku5ToPh0F29Pt+aAw8QBbj4k/+fMecolAxmucEcj9SqCf +MyAHFLVQ1T3Y+/jf6bE7t48RJOLihtkfYhw7mtNouFVzkbqMUltCq5H3J27nhMHY +cOk7vgQ7Qg/XVIqTKgNs+YSrzDIMRw81MQ3AQKA+7atIirCsatqJAzyuD/wU89ET +LMfQ92XpssoL1UMOI943FzjRT0HO0CfAKDF8ZE7orvXGRGc7HrDr11aUXa3vWmpE +OOZTeeSwCF63kW2nXdjk9Y/A++JPx+x0GDrQY5kCggEACJcw/PdkT3VOJLesqTbo +NrOwdfTLV4UWghMhy0ipHOG/AKMV/cwqHFFldd8tyFfaDgrdkmi3Dv+cgqo3Q5sz +soET0a3/QLGzfDZ9zAx46nA5+6siVXCdpomShCk5KhvL+uMPVp25qJN89Vk2serb +BN2z2hzf2tOdAs2BaNQT03OGzmp0Ie0eOIeWsy0xjN8HlpJceI4iiLZNSTghlkdl +LzTPcJmKUJfQFAFdpDna4L+AgknddrVkYMxxtzvvCJJbYm7Q6oTYUG0BQDx8L7Ai +APAwwMWyEkH8AS/kKhYmU/VbBjuZYnTGvUkHtPNBE0SpdGyYZOIVuHdJ3bTAE4IR +QwKCAQEA1itpOqUb5z1LtNFGI6fqHtBmTaoRq3DUa9ZBGqd0Qg2XLGDhByqKyQ8y +ufyR/cyuWT9XXvq6LFiRfKpskBplC5hY7nyaZWetTLgHKNdFsPNVuml772HoSbbz +5qX+C4VEDqo0i3ACbuq/3oRqNgPKq1hXoXu3SN5hm8Q5sZ/dxNJIoh5OZfd9SpNL +ToPZisT9rbKB7H8+h7cAcofpxIOqVdKzN/Hjj/LNMfw5O/HS9ECX8ezT86+vaPG6 +2Uvo15k4A8JaSST8RQvIgZb0fFXEht+bo4sS2RSgFcPmKn9N64xfXfAuCMdRtrG2 +Sxhs0n+34U1bgI/y0I/cPraF9YFZuA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.ca.pem.crt new file mode 100644 index 0000000000..2d47d91977 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.ca.pem.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFOzCCAyOgAwIBAgICAfQwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1MDBaFw0yMDA3MjcxMzI1 +MDBaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL+IkzxtT9xP+YQj/gaCJdRobZXyiWmR +nY5RAwpvbp4+bnhKuUupWcZydse3k7HA/Nz4wKIhC2xPjP/cORyvwtW9+MUz6g3t +Wy2QpMPTFfKmP9pFQ8zpcUbTsquoVVHqUtMH8lFIfrNDYCEYA6MUySzCSYEe0wz8 +2G8T8Z4ht1JTaBK3+GCrpUPCKAcCBRrOS37zf45cI788Wt1LKIzIOjuwSh5M1HFG +VycRoQWrrzEodP/va7dGlsTDJ2ozfgHHRkfQI9S3jvQshktKPMYmRzyCqkMDAHRV +8NdFhv+SFZPfvPhed9nM0U5h9LhB4F6r53LQg7QXMLHqlVL5Q2EifwgurXtDjoeO +bAzWHjXLI5dVoHCMsNNrQ7NF2OULdc+GpmFND4lBiz1Ptxd0mGNNGvczr5TeTplK +gRCcF7Z/p/EC4ygl+4IgWK+wukQv8RMO0UJj1nk+KLHvtoGQv2Tjmx21y3W4f2zC +7pMCkUb5h5B+0x8g45wDizMd+aA0yQcVD4UkZsvx+dCRARG7jDCAGemDZ0DigH6Q +Pa4ZWM9Jp7hPYblem1/EjxRvbxK8z0I/OiMQpVWRuuMU4UpyASkN6GSgUlWYVzrf +t+YSvMXMPhvcbQ2tt8Ab6uH7ltlg2QvDX77TiWCGLEKP4Z3ibI3WzhP94DH1zurr +uKuIcUv/TR5dAgMBAAGjezB5MB8GA1UdIwQYMBaAFBzmcqBERW/l3n45nOjbfzkb +d2xHMB0GA1UdDgQWBBTvsJro/tJU43bsCuy+cuXejTDS9DAOBgNVHQ8BAf8EBAMC +AQYwEwYDVR0gAQH/BAkwBzAFBgMqAwQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq +hkiG9w0BAQsFAAOCAgEAbp9Jn+nVckYMCUA7J/qlyXIcwVfQ6FRzXcnJNlTy0mze +qSOB3OASkDYwSlwE1gCUSwgaIu/T2C+DRnnxSezGIYiZLv+5iPtByzb3VbW/M6HG +3kCt6ztcFY3MI3Zea2g+9S3pKXXG3cY7wODYSnWlDTvZ8p/zC91Iwc38ziqu0ZPv +qW+fAT4DKlvNfmvFkzCz0s1UtR4vN7s8K7MelbC70lhjaVoNPLWpgsUFzn/JRaQo +pZ3Z9u+synDr9zMDH8itRIGxx9s8AOBrj+LEnJ8xea0qCeFiVuZC3jFVL/gaK0nK +cHjXgJnvbTr/F3k86Lknwtqk88MYbzW4gBwjKiX1SzJT++rIQBAd3mF9QrOCgir4 +7lB7shlEsHEGnhZwI3TzraV/gcK7Vr0kKPaGmck/HEa93i1zd9v5iHL6QuzH5cfU +AqImVooasej3huftKK5keX92PprS6+j98bOa7KxAyM7/ZxPDRQakc0a4oSsfJGUM +OpNVxwNwyToNVbpkaNY53Ug6C1vuIwK4XrYTdE3RmfZXbYjctR6yjkO9fAba5YHB +KYQCb6DloX2YCQ4MQdilVTcldi0v1MAMKAb5oZ+mYju66FDN8ZL5IAyU8YSv9Svq +OJJfCOzqjRiz8HR7TnearraMNV0/FAp7KMSZT9AcDJRhaLxLJDqOeQqpAuUwYNc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.pem b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.pem new file mode 100644 index 0000000000..c1c3c2cd7a --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/cert_path_common_13_subca_ca_key_rollover.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC/iJM8bU/cT/mE +I/4GgiXUaG2V8olpkZ2OUQMKb26ePm54SrlLqVnGcnbHt5OxwPzc+MCiIQtsT4z/ +3Dkcr8LVvfjFM+oN7VstkKTD0xXypj/aRUPM6XFG07KrqFVR6lLTB/JRSH6zQ2Ah +GAOjFMkswkmBHtMM/NhvE/GeIbdSU2gSt/hgq6VDwigHAgUazkt+83+OXCO/PFrd +SyiMyDo7sEoeTNRxRlcnEaEFq68xKHT/72u3RpbEwydqM34Bx0ZH0CPUt470LIZL +SjzGJkc8gqpDAwB0VfDXRYb/khWT37z4XnfZzNFOYfS4QeBeq+dy0IO0FzCx6pVS ++UNhIn8ILq17Q46HjmwM1h41yyOXVaBwjLDTa0OzRdjlC3XPhqZhTQ+JQYs9T7cX +dJhjTRr3M6+U3k6ZSoEQnBe2f6fxAuMoJfuCIFivsLpEL/ETDtFCY9Z5Piix77aB +kL9k45sdtct1uH9swu6TApFG+YeQftMfIOOcA4szHfmgNMkHFQ+FJGbL8fnQkQER +u4wwgBnpg2dA4oB+kD2uGVjPSae4T2G5XptfxI8Ub28SvM9CPzojEKVVkbrjFOFK +cgEpDehkoFJVmFc637fmErzFzD4b3G0NrbfAG+rh+5bZYNkLw1++04lghixCj+Gd +4myN1s4T/eAx9c7q67iriHFL/00eXQIDAQABAoICADGmOSiOW4fMMW2IGPbd8Ol9 +Qn7+tpEnnpSAOo4PcbjSjTdgg2TyGuP+0vyVgVMwKDwtvV2pvDjQ7Ed88k8V3qci +jiSsfu0qTJrkplle1A8o+l9d2iP5lZQbF3M4+Rj5aYvrwOxCIxncCsS5YWP6ZOXV +3VD7yRDSUFaG8Hih29Aa79z+VIPWqsoEP/UFGIao2FgpzbR8/QU7I4C+1V2dH79O +RQBSwTU12yy0/K0oIotXJfEcQqtpQHbz8bktbOoQGo9ODKO9C3EPQ6arsVJaJNgy +NOmXExyVFI/xJXwFhdNlyaoGbwIF/nHXoaTL6toPrLkOBT3/Tu+n1BqEo+s/knb8 +7U7GOCwXK9d7Ry2SU2ErbmFlR5x/Uxg1kWFfjiS0fp+fLKX5dd7fUXRr3UO6HT5+ +SiKCw1yKhztSzweGITO3glEfSA+NgvZQ6fDwDXjNypvqnCT8EjFdaLGEjGLYcc/6 +jmS+FJB3g3CmUCjLyVTzR0pL1uL85TWQ8u2Rr9214bFC8p12O/GYJ8penR8zSxnW +N4ZHHkFdwwouxztnN1g7FYyHT3j65O8v4A+Fx9xANp6KMaA4Vzt37X9nytdY6eqr +DaGBrttkR4F7SovyBRCKIMtY9Nb6ts2j72V5ygm+RgfbeFII9byZgjSJURiwoJ/T +3hUmATNpsIQ7ITFeQI8vAoIBAQDt9Dsz2/LLH1/zpuH0+BsAV7JbmgT4A2NxLtVX +q46Hm/w5WXr8/Qf9Ve7kfHEDmYeDxNay1s5bGGp+EYxgybt78d7DJP6YLs0rQ2OS +kE5JDxLCb4NrukHcwScKHm4SBwpbF5m0E87/DdTT4SRhflEurJMUcXVVnfPdleCf +eHVnBhii39z0aoNJ5+eluGqnhBgXMsxNIXn/J2cKkTzZSbWPl3vn0EmP0EXsujpY +eh9Wx9wyatHiKEu9rxe4Ph9Ul5pMl9RVoE484FLaHmISnaExL0PzWBOqIrlpJhvg +nLRnNa/ckr6ibFdBys3hvHLU3OealKy1RRVBFOnwxV6X22zDAoIBAQDODxxHjyoL +5UEd421msKSjWTNvD3DpBZCUcFUzmu7pydCXBqpKb0v1zE+E4UQsixvlOMApEuqH +b5zunoHddSCrHX1ZoMXL+0OPZgR03cadTpxwx/VEy4cRXiUI5uDhd2C4ep9wsbWH +HvunEdsnCgb/nj04e3s+EvFbfcmQk5UgfMpDZj4gr+QlsShcfleDEGMyEC1EZ6M2 +jcSnOBMXaTzqqigNlsUwgTQMaTFcnnYzbJtoeCAYXu4PdeXx0oq51NyLxAUlvxVG +cq0yF+j6u389TOFG8TYNzV31PWbEtYiIdov8G1cmj8XTHw/nC8UtulhvSpIoS21z +bYgUUOzz7RZfAoIBADxP0g2j6xcm3aghHVZ86EMe9zsWf7npCfRvHW36MscWd0iF +8JFdBQBmHoXVMMPrzxhL9OshXO5j8uH/SqhhmV6iAIdPwiQKgMA9dWh5oQ4NfwC/ +SP0uGXF9l4qOCfIRzMMn6TJmbungtJf7kcAQRz1gSms9ErNftKbuTR++ZWt2dRob +SaK9uIcr+1/arVXGOmDu5C+Mk6Jjd0+LXnPopdc+Ww53kZ2c+Yw164HvejABukMh +Jg9/jSsHzShKvqAvSNGvDgeh+RKe/QECAHOddnTD+SIdqeZOpNYM7bXxohwi1G9A +1obOlRM89xAHNsfTMfTRSDEt0GRNi7oWHJK68AcCggEAYBeH1o8ayoVUgn2mbPb/ +L/XPGIGY4/HmZHKmKPSdaYTlsyg2jZOtVqi6hHsQcb1FevWmFwFtQU95XYWphf6z +B1kvNXbWBrPb46ltdppdnsokBiwZYsWO7Th8CNSyFjK3dhAo/kLBJov6SwT2sBPr +A5Vlc0uSQ3ZN+56DOtq39nh7UkcBvfiIalNdQRTh9orT12rX0UiLQkuGY3yw2oAH +Gl/TYdLnjiEShp8fl9OFx6FkL6mlPfg3CBqw6r6GVva/CqaUx+9+GmYsAmpICXUa +dxm9DHo7/N/CazUBEcaeLxUpXp3ZXHA7jqKzpclFYHe/+dZKpmPWXLe9d8vtVCtB +/QKCAQAE/2lnZQG3u36jpWsExzFKgml7DYFBsfv9ZyS0NuIlJgicPD1oXGyNYIn3 +me9mIDgpgHmFjfRa0c4xAoEB1IfMjP3MQUavdg+riMaxd0HDbQ4inmF+N51d3Zwy +BjoJUL0nwazgdvSmq/9haDWzEPYc9MaZdGE+buU9FUoB5Dk1BIocl83AQEnRhueJ ++gmgdx+bEJVjoZZqwRn2qrrs6nihaKL18rg2o0vHlT+nDGDNcQf2pQrWBzYCpP/b +UYSFJ112sfhPby4N4sF3tvd8GJBlSUwfxF6T27do9gOXEL8GR2fY+rgEEsPQbjlZ +A+xsNK4J2N8gameHv4bKr/A2e0Dv +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_13/description.txt b/src/tests/data/x509/bsi/cert_path_common_13/description.txt new file mode 100644 index 0000000000..a07273fae2 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_13/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_13 + +Purpose: Checks the behaviour of the application when a self-issued certificate is found in the path. This path is not invalid, because self-issued certificates are allowed in the path and processing rules have been specified. diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.TC.pem.crt new file mode 100644 index 0000000000..b30fabc35f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTUyWhcNMTgwNzI3MTMy +NTUyWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJ6UeEYTXI3cnRaAkOLa+/VstMu74HuGazbH +C0oA3B0DTDSBgAuiDnslKVp4SzewXnNmWedHB9vlbe3+PfLDSObatkC7ZvzmfR/j +I4jeftisGDzV6EnT7SNmlelj8nX01R0sqlXilim0VCCq+H5eKNNyEKOdnxSQhnqE +WIw6XzLH3ABNvV/aMQILwycJOg5xWjUSEsBSd5Emnbbtit6jmVbb/6w8CyhHhdcl +SW7kNxtavhJD2IZKSMJ8IbYF2hk6b1KdjqYXXnXHORjzk+8AEAe28Ka4wBE+/wt+ +cOeT4ZJtWX53koHfV0yd8Cb0hFd20ddF5k4cXT0bOKYXgne5tBcCAwEAAaN5MHcw +HwYDVR0jBBgwFoAUgBBiRHuqS78aqSggFPV1Rz2pCo0wHQYDVR0OBBYEFNyRWvw9 +vi2mOqKT7OWl5o4ueRjWMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAW/NZ08Pk +wNcISY3WRhI4yL/n+O/WsOnq9ZP2m95EP2RQj2k8H01Vo8i5rK8esF85FVKVHzJb +iOWdEkF5t4gehNWHVjfbgOLpgYjbIGvCGJgZofaLxQ9qOEuhQEue4YAuJNvoB8je +W9GD3BRCqQyOhUYHuasLUYIGLGKbDULNcok9wOSGgpU0UATho6cLzPsGhoeHIF9+ +5Wxiof2YsSjAJpjema0pp6rrnrM67hfCsuDYSsRCsW42vLgycCFYKZlANSoSyf7C +YkuUsvQklj3vpDZ+RwPbRSHqjzytuMfUUOIz8JAChT8TnR7uOL74pZIDfo2DLuWG +bp/iYiNm0IgoLg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.pem b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.pem new file mode 100644 index 0000000000..f6ae47e4e0 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCelHhGE1yN3J0W +gJDi2vv1bLTLu+B7hms2xwtKANwdA0w0gYALog57JSlaeEs3sF5zZlnnRwfb5W3t +/j3yw0jm2rZAu2b85n0f4yOI3n7YrBg81ehJ0+0jZpXpY/J19NUdLKpV4pYptFQg +qvh+XijTchCjnZ8UkIZ6hFiMOl8yx9wATb1f2jECC8MnCToOcVo1EhLAUneRJp22 +7Yreo5lW2/+sPAsoR4XXJUlu5DcbWr4SQ9iGSkjCfCG2BdoZOm9SnY6mF151xzkY +85PvABAHtvCmuMARPv8LfnDnk+GSbVl+d5KB31dMnfAm9IRXdtHXReZOHF09Gzim +F4J3ubQXAgMBAAECggEAHjzgPDh35wMAnyhPuDoaXh9m0AxYjyU/71d/4xIL5qpY +zxA8artxeHDLFFmougsyz11eWjfUm00Bq6ZViKNNFNvycaBqUGHgzQJCJdiLJmSW +UI9XNjCnYJ8wiarJsk1Hj8MTDcJhcL1WZ05CiNIKhdsTqicljMXMJrNysPZ2bZea +a2dfRDUuOJ7ViEE2uHvHMmxt5et4j9lzZqXCvFgqcN08Nm0Q5RWJAzbdBnszP2RD +rRwda5esRTlzxqYMickHX+h+t8a7RpbqeWRenHingB7s/f5OzlUIP/zM4lfsXgPN +dwQLYUu59mGPkj0I0v7pOznk+u2hDMSEAZs8eQVdsQKBgQDXkWE0j0+GeHdnK0Hu +mUmjfLIpN3sIOuAbQJ2SsBKEXpw2ljgXINDERoIAdza/ie12jOlzKZHiBgJD+2h8 +o10hR/jj7n3BlJEspWcl9lYm/XPxlugru4JnfOaETyh3VM7v4HXLnJF++QdPDQb0 +V3Ps/2C+JjgN74fAlkaBqsR1JwKBgQC8UsfkZ5rE99UnDonT61j9DcmPkxOscHyW +OpfYlzr5ei0kU39naXgV8MzoOg6Ych/aJm/NjGOC4CB8on8QFtRrxyU49u7H/EI0 +o1hQVO0QKYZCSZFyTiPJiBP1LQwsKPH5a6m92sMRwY4rb3GKYubAijCu/IA06MZP +GRoLHCN/kQKBgEwyEfbfFRAF8safzq1Et3e3Ms5I0w8kqGRZoZjg7ZqmSncs/+SE +7+YAuiDqAosPeMUnp7jSH8ORtilLazJrGBcUdpAyk3biSbJLQLt1aBxeCCaD3crf +e4eS6XQo+re7XW4CnAB9dhw4b/HsO+IQK2TBG/P6VGPwn75eH8vjjY+PAoGBALFs +jEb0FSxdEcSqPdAaesxuoOdTecWMdNRUf5rfYACKytzejbmv9CM3qtVfXUDixH+S +luLg0SAMaI8DyRIvcBHanYb9nhlr4DQXcKy+VlpTxNnO1ekLFUxZl/P1bPJt4QtM +E6962y1vXbIuXJo0c5ISn6s82M0AQVVkINU2vXsBAoGAc5RdGI9caVuuVb1fkFLx +6NU+zqYTHLaTcEt76Vemd7phQu6PiW3NXwT4hlQLsP/EJpTRQ85HjKcCEIPi68Be +H+Cn1csWXWEFZ9OcXrvdRshb9iMuh8NH2My3R0fS/gcRrwijakTelqSiytS3Li3k +sDIMu3mN2lF4S8Sxwg0RnyQ= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..bdbce07a71 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjU1MloXDTIwMDcyNzEzMjU1 +MlowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDxgvyYOTaDKq8Rm5wg32tAZhS09dQF3 +ctnnmO3TRg2Dh8S3WugJpNAk7MfiqsoKieVV7QgQWEgay1QfVmZkj2jb8BgpNqsl +7yy0vaYqvnCFyfP/NTXKKE+ntuRuYIYza0wnYia5/PKygBx/BxuzE7iQoTJC2Nq/ +T+JTNGlVguLOYkwYu8nxOgVG9HTg0O1qi/ZYcdg9IhpoUArickVZOhBULftIOCw6 +E5j2Mz6dPHzQLWPyfo2YgW9+MT/r7hqANNePvshroaPoxo/ksyW1eOJw7LdrS5Kv +m133KwobwPQKqo8jffEufwYZu1s4XXUJSbUYl484OXi0FbNNulL6wwIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQUgBBi +RHuqS78aqSggFPV1Rz2pCo0wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBADicSXTGuEX3rCU3THlWgVNzCACVo9TM +xWtI36Rb5CyiWnLYO7IG6S63mqpAUgkOz+aw3RqbcfIyjIV1FaAtKYM9+dGTNWhe +DBXt9A2JiIgQqaRBYKzPUToA7N7i7Nx8bjPzoVIeUv+qjdg/XU8IDy8dlVpOFpqX +ZIHAIyNrRMVt5gLAbKyxcANZi1ruDWh1Abj3rr2NCJRABaO9pTxwmMMrDcgQF11k +5rTBAcSCtIN18HBPOZteuU63DAMDLl73HabHyJsDIqA0wtSJy+fQTNvUlJm2EYpa +W4C78PmJXEchLOgHFomdq4KRi/ayfLdLbYRFS8QJntflPaDH/4VWJMk= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.pem new file mode 100644 index 0000000000..54484567e9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCEPGC/Jg5NoMqr +xGbnCDfa0BmFLT11AXdy2eeY7dNGDYOHxLda6Amk0CTsx+KqygqJ5VXtCBBYSBrL +VB9WZmSPaNvwGCk2qyXvLLS9piq+cIXJ8/81NcooT6e25G5ghjNrTCdiJrn88rKA +HH8HG7MTuJChMkLY2r9P4lM0aVWC4s5iTBi7yfE6BUb0dODQ7WqL9lhx2D0iGmhQ +CuJyRVk6EFQt+0g4LDoTmPYzPp08fNAtY/J+jZiBb34xP+vuGoA014++yGuho+jG +j+SzJbV44nDst2tLkq+bXfcrChvA9AqqjyN98S5/Bhm7WzhddQlJtRiXjzg5eLQV +s026UvrDAgMBAAECggEBAIIM94FGpi6Ggoyn3iQ9muEiZNbrhVO7m4Ri9jkbPPva +co9mUoWfS0zCQG52r2AU0ISJ/hXeJmUMlP1/wEoy7Zd1I0lgGbhgXjB5oVAbSlJ9 +S7cwtr/YJPe8T0+6HSvlEFDoVptbRvOUpSUF4ZBWF6q/i85dJg0sJZclGXukVKsh +hAzQdrrMJIO5iysUmXEs1+3HjnT7XiGeJvGUpJUu8Hu0lAMxMM7iHmYbnbjLFcqS +qposhRYdJQPanFPO5eWwLzBAN9dhbwzGy3Daty8Q7QxSZ+DbH9ll72kChzEGwRCo +46504H4yTYudHwK7NZhliUcut5kjbsgGtLGczIzNAKECgYEAz9Ic1JJYgANJn8v1 +SrP02ISa+zwMt9k3FL9js4d+zH7MLRxciH4URd1LmFgCxUSXUzxo9ouEbUMnKnll +T/uEwaF0UwKPNRYMnV3NhgtIwAoGDPWYQP0OMrb45Z6hCxfH0Yvd6LwdTr5SShnd +fViSDod+igaAjB1+5czccTTqYRkCgYEAouRmsuhBC1hPgzPoCQz8un/I39NPccFc +Of7ZWMXa+2x4DLJjCVkvcDAQ/t1V65k00Q2lA1OU/xq6bcunEGIfFCakNT74jM/+ +j6eNnaZUXgGZIXzjiZStPE55e6E3DS8QKjA809O2rJiRhA43Cei2xj+OVMTq1LQX +PfqatBj0qjsCgYEAwjHcruZxvG1WBvRXqg6u5QREri9W0xUu2zxctg4O9pglwqGV +9hWabA517U2QiTWnEiiJDJkijdcKai419Z9aVnXAdTEXEMwhzYsx2egBezHipYl5 +VIEjG1DPFAI/ClaWacEBA9GEsWg3DPdOeSqikOEb5W5eAJAvXB0qgL6ppUECgYBu +Y3SJl8XEp3MzCfEceRWoWcLKlExJXe1fTCsE8wikzGxKxnVBN5RjZd+OqHZ6tBfL ++IA0UecuPnHKyHGOM8C2Cj3L68HKw4XS2oypIrgYAONCg307lmsT7GZ9dtJ098jv +nkMKlnY8XyR2Jp/78h4zGY0eO1idDvKVSQigNi1QUwKBgHbwzausAVX0UvejvaPa +BqTTfJiCRI4/Wvafd/bIFUhe/1NMgl1E1gPogIwDCcyuKYrlXFYPsGiOtaBYsTkh +1Pe4/ypLvXIftgw930gN9JmXXYXNL0gwOB5IHuy+HT7RPdHLdI98IdaTdXKL/1O1 +nWilWrOYgz2bJyh4P3C5uYSN +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.ca.pem.crt new file mode 100644 index 0000000000..ab14c51cc2 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAqMRswGQYDVQQDDBJXcm9u +ZyBJc3N1ZXIgTm8gVEExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjU1MloXDTIy +MDcyNzEzMjU1MlowKjEbMBkGA1UEAwwSV3JvbmcgSXNzdWVyIE5vIFRBMQswCQYD +VQQGEwJERTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJDFQUi72lNX +wO3/wvQO00iIx22PMBUgD0gE50m4GMjWmxTLTXRkkBTyIxIQy0ljBTT31YspEtG2 +tEovUTRbiCsxPpssESrVdqwHxL9hObycXMvJ3PFxdcqUzSA2UEzY/I62GuBlo0ja +TbXtys4WaTMJ9BoBQF7s+XDzgkPpbXRjuECIxsz9ePcccCmB8ocE6vGYz1r0Cotv +mns68DXDZT4mUMtE/lkvNEPKpvI0MwvpsSFMh7+NKHvE1yeGw4LrwrA6tInPg0QQ +mdb2ukoZps8QQyFVv10Mh18qgZYiC+LjiEV+9jKuAJhkhhQfaBIBEKCgnqcLT8Kp +YP34qLwnuY0CAwEAAaNmMGQwHwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVA +anAwHQYDVR0OBBYEFJluGjf1vc/EL8UqSKxU95GodVZ8MA4GA1UdDwEB/wQEAwIB +BjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCK3ytGjrgc +292f2rBlMKDVXAizd6fVvR47qXQWYO4+yjT6FLI6pycnfDHysAITcSZSzgfAd37f +URBCuaVd5LWWIuoyNYtwc22T3NVHuHU32NHQaakj7BW/RZIqDc/zq7MjqtU2DTct +vMHd0rBm9JBX6UYak7i6TvBLLcZszMH6JJ1oE08ujemCmUUFyooZ2GL5hDHrRk2Q +ZEDjOmMMO3Y4z/aJa721/xVse1zMLq23Zbiv/695fl+xefmw1roo3bDITrVsReuj +Qf5zPzNsEHsiQh5pA/pYDcu58+zEqUGm9GUE4gYzOu/tgHeNLmY9YhH3p6rMYMBl +vAm3WL2XSKGy +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.pem b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.pem new file mode 100644 index 0000000000..376f2688bd --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCQxUFIu9pTV8Dt +/8L0DtNIiMdtjzAVIA9IBOdJuBjI1psUy010ZJAU8iMSEMtJYwU099WLKRLRtrRK +L1E0W4grMT6bLBEq1XasB8S/YTm8nFzLydzxcXXKlM0gNlBM2PyOthrgZaNI2k21 +7crOFmkzCfQaAUBe7Plw84JD6W10Y7hAiMbM/Xj3HHApgfKHBOrxmM9a9AqLb5p7 +OvA1w2U+JlDLRP5ZLzRDyqbyNDML6bEhTIe/jSh7xNcnhsOC68KwOrSJz4NEEJnW +9rpKGabPEEMhVb9dDIdfKoGWIgvi44hFfvYyrgCYZIYUH2gSARCgoJ6nC0/CqWD9 ++Ki8J7mNAgMBAAECggEAAoa82BrRQy78bHwLJHezJc1kUiXHLukJqMS7mUqyBsvQ +PbA7UHFju/k5SYb+9cgoPDgzuTSJ3QjHwVaUvSdHS2Mzka1qdPg+u98aEIBxkv1L +Y+C04ulGYiNbxSyOso9ha6nR8vDAp5bYlSogpdhCCwRkGmCIXhNlRn75+GS5/0oM +21GNNYS6OVcnDc3M/y+fqQCXjBUyM+a3mymH7OklMtxC8xgJcNXs/Em1eNTZDpGN +flHXrGSkL2h3u6uobWSHB/6NXd2t9lhwrs5gHhgyXVS12mYbfRoPGCqNRA6YToya +5OCPmby+jAthmKqjkx458gZZCUuLcTvs1LYe3hNxawKBgQDJvkEctHrlJWIE59XV +Dg14g43EwMsOJHe1E2+WxmkOnQJbsWItNfEcLWjx2tlbsbtqhmJzrjI+j7qNIPY+ +OUmEuTpm/C2aNzOhKvtW6xOsSyBXUutPKfubZSC5T6K/yx/HZwhhvk5c43iG1Tid +y1AN6Zo6JNFC0PQlHu4nOrDlkwKBgQC3tIKoifqOHzJ96gkW46lZ7NiP57pTbg34 +C8FTXHccv07bgw+uaP3AzzCyPblhSOCP7xllqGe5ZagTf09IXWttCTwBdL2yZGza +iRVucOLnjSQc8QItkVQDirZE8NJvIGcCM3KotLqg8FEbytZg2S58nFJojIgBzS6j +MA69wwhYXwKBgHmUtxjdi9LdHJ1oOm4T8fpXDfEtXzI+uAXgmLd9C4NLDEjGNiyY +/Z3FoCFhiuy/x/sC0gJ1UMJzTDIRU1VcoPnjx1aZU8JE0lCm3qIbOdfzzqHRzw3+ +dyvHXllPrP15JMW/SkXdssw4KkLX7S7rgGtiBRhVZ+eklf5pDY2GyWURAoGADcNa +XqInwWoY8FIOaEaaM4CJIQ7taL7AEStgSoyM5/x1PgDttdVr3XwoW9JAB0fceywg +rPsW+k7hbsSE/hjxqXOdqUZDyA+6EA1hK6sNdOegIwLzdNKEhtdnnHambWjyDroo +BvezW8dlbD2gHhVnZDKaAfc1YV0r91HsaM8p2uUCgYBUPxU6pyNlZTFVbE3KYaQz +kVNw8eoCrWw/FX8bJdmTe0uiNwcaBUrrVyRFV2X8IvFlgzHhclr7z2uJ3Siv8hxg +LCpbqahiXs8DdS0J6ItqX5Vnhczf2K7/gUhwBLSsMVzJjUrMZHXq8BgV19aoCnV+ +08k/841kTbRk6KRM3oMTDw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..720b2c90da --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAqMRswGQYDVQQDDBJXcm9u +ZyBJc3N1ZXIgTm8gVEExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjU1M1oXDTIw +MDcyNzEzMjU1M1owIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRF +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDxgvyYOTaDKq8Rm5wg3 +2tAZhS09dQF3ctnnmO3TRg2Dh8S3WugJpNAk7MfiqsoKieVV7QgQWEgay1QfVmZk +j2jb8BgpNqsl7yy0vaYqvnCFyfP/NTXKKE+ntuRuYIYza0wnYia5/PKygBx/Bxuz +E7iQoTJC2Nq/T+JTNGlVguLOYkwYu8nxOgVG9HTg0O1qi/ZYcdg9IhpoUArickVZ +OhBULftIOCw6E5j2Mz6dPHzQLWPyfo2YgW9+MT/r7hqANNePvshroaPoxo/ksyW1 +eOJw7LdrS5Kvm133KwobwPQKqo8jffEufwYZu1s4XXUJSbUYl484OXi0FbNNulL6 +wwIDAQABo2YwZDAfBgNVHSMEGDAWgBSZbho39b3PxC/FKkisVPeRqHVWfDAdBgNV +HQ4EFgQUgBBiRHuqS78aqSggFPV1Rz2pCo0wDgYDVR0PAQH/BAQDAgEGMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAFaJ5ee2lE7jwt4AqcPk +hI9aUBofemgCj/d2/RjUK/9o0L6fDK8AVjeZTWKw/lDA/LXIC24AENDBbpTw13ap +dTnSWM/D7AsKNP+wIYl4j5eAAQwrmpxgffaiVvfHi2s4MFpYpxx3xPmJCgwXtkrA +9Ra8u/qd9OFlPE+DzHnuvtkiOVzgbaZmbSLi0Uid22Y2qX6078BiHdpylYQeduTy +3DDELk1zN/uyHTx/qOSdp7tt6LCQb/rtT31hFO8OqFEDblw63iAl1n6wmHZnHZcJ +wPmvdqHhyRaEVhiFCyGhDP7ANBg/p8TWlwii6Z3pjkZE6eO1AjE9LKEQ4Zy9kjPq +eZ8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.pem new file mode 100644 index 0000000000..54484567e9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCEPGC/Jg5NoMqr +xGbnCDfa0BmFLT11AXdy2eeY7dNGDYOHxLda6Amk0CTsx+KqygqJ5VXtCBBYSBrL +VB9WZmSPaNvwGCk2qyXvLLS9piq+cIXJ8/81NcooT6e25G5ghjNrTCdiJrn88rKA +HH8HG7MTuJChMkLY2r9P4lM0aVWC4s5iTBi7yfE6BUb0dODQ7WqL9lhx2D0iGmhQ +CuJyRVk6EFQt+0g4LDoTmPYzPp08fNAtY/J+jZiBb34xP+vuGoA014++yGuho+jG +j+SzJbV44nDst2tLkq+bXfcrChvA9AqqjyN98S5/Bhm7WzhddQlJtRiXjzg5eLQV +s026UvrDAgMBAAECggEBAIIM94FGpi6Ggoyn3iQ9muEiZNbrhVO7m4Ri9jkbPPva +co9mUoWfS0zCQG52r2AU0ISJ/hXeJmUMlP1/wEoy7Zd1I0lgGbhgXjB5oVAbSlJ9 +S7cwtr/YJPe8T0+6HSvlEFDoVptbRvOUpSUF4ZBWF6q/i85dJg0sJZclGXukVKsh +hAzQdrrMJIO5iysUmXEs1+3HjnT7XiGeJvGUpJUu8Hu0lAMxMM7iHmYbnbjLFcqS +qposhRYdJQPanFPO5eWwLzBAN9dhbwzGy3Daty8Q7QxSZ+DbH9ll72kChzEGwRCo +46504H4yTYudHwK7NZhliUcut5kjbsgGtLGczIzNAKECgYEAz9Ic1JJYgANJn8v1 +SrP02ISa+zwMt9k3FL9js4d+zH7MLRxciH4URd1LmFgCxUSXUzxo9ouEbUMnKnll +T/uEwaF0UwKPNRYMnV3NhgtIwAoGDPWYQP0OMrb45Z6hCxfH0Yvd6LwdTr5SShnd +fViSDod+igaAjB1+5czccTTqYRkCgYEAouRmsuhBC1hPgzPoCQz8un/I39NPccFc +Of7ZWMXa+2x4DLJjCVkvcDAQ/t1V65k00Q2lA1OU/xq6bcunEGIfFCakNT74jM/+ +j6eNnaZUXgGZIXzjiZStPE55e6E3DS8QKjA809O2rJiRhA43Cei2xj+OVMTq1LQX +PfqatBj0qjsCgYEAwjHcruZxvG1WBvRXqg6u5QREri9W0xUu2zxctg4O9pglwqGV +9hWabA517U2QiTWnEiiJDJkijdcKai419Z9aVnXAdTEXEMwhzYsx2egBezHipYl5 +VIEjG1DPFAI/ClaWacEBA9GEsWg3DPdOeSqikOEb5W5eAJAvXB0qgL6ppUECgYBu +Y3SJl8XEp3MzCfEceRWoWcLKlExJXe1fTCsE8wikzGxKxnVBN5RjZd+OqHZ6tBfL ++IA0UecuPnHKyHGOM8C2Cj3L68HKw4XS2oypIrgYAONCg307lmsT7GZ9dtJ098jv +nkMKlnY8XyR2Jp/78h4zGY0eO1idDvKVSQigNi1QUwKBgHbwzausAVX0UvejvaPa +BqTTfJiCRI4/Wvafd/bIFUhe/1NMgl1E1gPogIwDCcyuKYrlXFYPsGiOtaBYsTkh +1Pe4/ypLvXIftgw930gN9JmXXYXNL0gwOB5IHuy+HT7RPdHLdI98IdaTdXKL/1O1 +nWilWrOYgz2bJyh4P3C5uYSN +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_common_14/description.txt b/src/tests/data/x509/bsi/cert_path_common_14/description.txt new file mode 100644 index 0000000000..5380ca1318 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_common_14/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_COMMON_14 + +Purpose: Checks the behaviour of the application when it should construct and validate a path based on a set of certificates, for which a valid path can be constructed but where invalid paths can be constructed as well. Failing this test indicates that the application does not perform an exhaustive search for all possible paths. diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.TC.pem.crt new file mode 100644 index 0000000000..081a3a9095 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUxWhcNMTgwNzI3MTMy +NDUxWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKDcYK5nyMhopvMgchTBGhMBkqtryh/l5+Wh +oeBEW395abj0PT7s5Pqn52H3W124g7iO1INKk3U1GOVM1rYa4AZxd8pmM5EeGxbj +yvv+O/3NdknqskH2RZGr+o+VRHtMd41SMul9yah2820kOrINYw3NxVF20tgf9Jc+ +cjwigoF2oyqKqXmLzk2zhBoEKnOISaimCyXiqXk0G4mngyK3BIU+OYTdgJQjCVZE +M44A9/BFHLWr4mFiHfWvw9emee3J8jQZyVG/SkuC7fKS4xevGO5JKbj66iOyPMoZ +Zkk1HO7VV3Uw89OlW8l4PPjqYZOgxLCtWQw9qQ1wAtb148WFCd8CAwEAAaN5MHcw +HwYDVR0jBBgwFoAUIfJeVTKx+lTOP7Os93S6UaP4ERAwHQYDVR0OBBYEFCiVa1S/ +do/B18ZtvnB/u2P1acaoMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAR/FIKCOu +GLe/xE7vvtcpdPHu3CURds5P797boZurNNytA4CdZDmATyhRQFTsCmxCyC8hPmBl +AQxqZJ75Za8J1IAGYGLjVMcKQe7JzH+2u22AUDuWItwMiKwO81Q+1LahaiUYae+p +RxIHamu2qfkxue98ciq4BqKm/39JQlHcvTDvLNXOtU+3JzE0wYbot8eurD98kzCL +NRSsgR+DRG0R6BIjGArjxwOhbD4cMc8q2ELpjqXy9iq/YKzNrhTZ3vCqco3/7qVL +eTanIpFR8kPHcyXe/Gpham7+7icERbTHBpIqEz/tmCEwShuJUTEzeF75g9e2xXwO +pIIGblmyVVcwiA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.pem b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.pem new file mode 100644 index 0000000000..acfe123799 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCg3GCuZ8jIaKbz +IHIUwRoTAZKra8of5efloaHgRFt/eWm49D0+7OT6p+dh91tduIO4jtSDSpN1NRjl +TNa2GuAGcXfKZjORHhsW48r7/jv9zXZJ6rJB9kWRq/qPlUR7THeNUjLpfcmodvNt +JDqyDWMNzcVRdtLYH/SXPnI8IoKBdqMqiql5i85Ns4QaBCpziEmopgsl4ql5NBuJ +p4MitwSFPjmE3YCUIwlWRDOOAPfwRRy1q+JhYh31r8PXpnntyfI0GclRv0pLgu3y +kuMXrxjuSSm4+uojsjzKGWZJNRzu1Vd1MPPTpVvJeDz46mGToMSwrVkMPakNcALW +9ePFhQnfAgMBAAECggEAL6RVdhIC42grWgKYBxGR+WMT33VTLdNXtSkD2nokZ0K8 +Tyz3HrXms14bJ2atRrqpOHYE9sWVmrcZIoB5bwHSq9XbVrSiPS6fc04QBkYr2mWJ +zSaXmPWpcRVwZiodWC8zkUVxErpQiXaBbie2wpk4ZxQ0hoYcuCnutQSnrKvD3zec +8OAI2ULcW1snsWwG+uNihGxu3q1Np8cY8FF1m+3CpJS1D9sKW1FTGCKsJwNPRSmH +Cn6lT3olLI/L8OgYcfWWAGC482D2Y8dn+7G/qGAlXfqziR+cVEbsu3NcFLiuiyxW +hB8Gim6bfo37w5/Uh2+fR592RmR6pbMuBFO5IQyAIQKBgQDjD+JzR7cTXXTbH8Rb +eD/rzV6bLQzoBf+1pI8nEgjmzGQJNLvglKSvtY2uQyLZeVKbuPMsSXtWDHwm7PPA +5Iq+RwHFu4YNWRiJPWO3fXp5EhaEZ0wbEYd6umRjNlz3kr/T63HRAFG1WT4gBh1v +ztuKgMLB0jdCAHGFJfUaaJ8wdwKBgQC1XJ2wwcEH4XP7nNkPcA3QoWSRdScnfisG +OqJfAE7AZEQgy5RrgDJgJnrL9rO5vyI+4hwvlutjdB9f0NIYUDQmoc0OX8e8ZXrU +gp7xb9hHJhUHjbsU+XymHzdaR1ppNMubODfBLkN0dnxKqr2kn0j6C6L5sr91PWZ6 +N0w1egzz2QKBgQDdBCk4bSYXA3ErmdBX+MS/kjf0c/WMI8qz1GpDbZqcjXcSPvJh +uE5VejNe3JqfdSijy3NoOF6Fc8GlYiAiMlOawyNGhTIG7CKl88uMX+dG0gR4/NNn +xbhKDgSJTfFQStfOP++ZsOXXz/ZY1ZrxqjioqIzqfOSsqiHVqQzbl9rcIQKBgQCk +w25TTcLjOPRYq0cbWk6Cso0eBJO8ske+Efi/XBUvfifSr4C4JTAe3/aBZDAlWLpw +7JR0u6Q/pxh1wM2N3xdx3V7gZy2bP4pWlBB4AYc4JCXIxf8nb/zJIuTztI0ztQ4g +hvNIIpKPtLD4WKOPclInL/kw5i5AAbce4yvuDWLFCQKBgQDh0qp+iHZLSrTrtrbO +OZbpy3NXAUg3j1P1Cb+Fv4diUuLvB4FXTBW4dm2NM1kLrs8LLQL7V79M2EwTMDOp +dlRDPFaIEWo5JGQLg/y087SAoq0ENT0Fd+gvQy9PYN8nVHfrYmbzzkQ0qQJPy53Q +zsPTv8FTI17MA5WehFpKyDu0jQ== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.pem b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..5ce5e9d101 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ1MVoXDTIwMDcyNzEzMjQ1 +MVowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoane1OJzB01mhY4CldHdKzF1E2cBct7a +i0P6opyZojoL1i2Lxue7RYgy1VslmQ1wG0/ETVgGITh6jJgcvejOJqxOA6tVFsSI +MrFTXXzhPWOVajEkNvBUDFAK++HPTU+YREampRTDWrkguOljP4uwnCyaQ0kG0WWj +Y10RCWvnLTOZwMmnJicTvDmYnbyg67mdjFruk1MghOwnG1cTfSyIh32tIZhan/ro +Dd7H7i1Cfkz9w7FNvcmSnEquwwXEH9AaqaLB/ZeEGgyyW14xGxjMRhIh3TjR2FyR +3qwjKmemSTlKI7WvsehDcuU2lbiQXXEQwVRZTLjMnS6wdSZO2eQsQQIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQUIfJe +VTKx+lTOP7Os93S6UaP4ERAwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBAFRY7ixueAFLrx32Ma2ZT7k6ny6d6MGM +KYJpp79ZLhPycsmzWYo9nhg7CmwSnic42IryrXhc80AsFNlSXlRzaWqtOD6gWEOf +GqQaPCIVbqReP27wxqJo5q4eyacu0Yo0gZIRMiTVtXpTK1OkfhJEPAHheFxh+yCF +3AzFK7atqJbLdnOPOuV9mUWv+V7H/pVyTtWH47lkEyCfj42vo7yaX+aArhjpat+A +X5kD0YnVorg11n6wpojsR6DtLwpmrhEMEEf0baP3zeDChPTzrRyx+1aUhdBCln+r +wF9pKIvPKdF4DztCENEZTVhvRA81P2MkqTzOVQdBmp08cekeEa4vUE8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.pem new file mode 100644 index 0000000000..ea2174affa --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/cert_path_crypt_01_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChqd7U4nMHTWaF +jgKV0d0rMXUTZwFy3tqLQ/qinJmiOgvWLYvG57tFiDLVWyWZDXAbT8RNWAYhOHqM +mBy96M4mrE4Dq1UWxIgysVNdfOE9Y5VqMSQ28FQMUAr74c9NT5hERqalFMNauSC4 +6WM/i7CcLJpDSQbRZaNjXREJa+ctM5nAyacmJxO8OZidvKDruZ2MWu6TUyCE7Ccb +VxN9LIiHfa0hmFqf+ugN3sfuLUJ+TP3DsU29yZKcSq7DBcQf0BqposH9l4QaDLJb +XjEbGMxGEiHdONHYXJHerCMqZ6ZJOUojta+x6ENy5TaVuJBdcRDBVFlMuMydLrB1 +Jk7Z5CxBAgMBAAECggEAG7taYo3y+gh0wwnMlztAM6HhCcJEfRpOBpBTfRQchbfr +4mJ/RRBo72FRCQkA7tufhMve6n6kVIwN97K7UXePb5JkspvwNX7it0F0gcfDkqaT +0bra0cLRxCfx7mn6x/IUtnehLBXe+h/iRV4h3Jt/oRbEorCzBvYmvEuRedqE9luL +CqKQktW9aEl+gqPpCoHQPJHZ5APy6Zpa/yy7dfsf6lde8v9FXk1pxKyebM2JaUG9 +o6Na6+h66uqThPuXb515YUrWlYugx8Kd21p7u/jBKmofKtlsWxljNV9g90YiJvok +Wq6ZtKRWE8MrHEJ6PU4N2Xyxz08d0emggYkLHMxXzQKBgQDWd1/XP9LaqgK4V+7E +khOmAChO7I4gnByCYcfitElL8Y3jSl261d5fsCVbddHHs/Y2Y4sKNuDhTaLOJI1z +ugmRfssDHh6zP4KBINhD+29WJuBscB/6YtTD2hOUjEgZ36ExcSLWFupA86U6G1y8 +Kn40NAnWsyxC0Nu+TzFeN89WVQKBgQDA+K/VqcMBVQzZxLc9NC/usTo8XzKNwYk3 +JiCds03jXPB+UTWj7S8kD/9LhZ3kjl4RZua5lwKttjVIWKxwdGtjaYnUtpTSnvj7 +rVEOHVKNRUoj74dVnHyN8H+RwDzs0VVNBjDPnV7xIy+YBjZEi7/1ZmzcCKVWwu0n +k8l9NCAyPQKBgE0ru0La5mZkUoI+sd3tqkBLQjXUDPhS9Dc+NAyxTsaS7rlgowV9 +u3y3B1o3tPqlGO1NOFS+loC7zN9ca8G+qX6/HxHKHsXlDnKkfO1JZjCb4JlkZz1T +nreymuUS7UbSH1CJIz3iFPy2LzgPbHkQ2USzjO7CniSUvt1l5Z+/eU3ZAoGBAKOt +TFeKmqDypue/dz0umsl3AdJbXOHoGp7wdBHPGG2VU1eRQlI8yBNqjjxcpURLjXZt +NZ6Ne/Qj7KXksL7hwISd7A7Enw7XUJEIvQufy3mQIAbDEKOJDAzIxSu3RvYHyLaA +Xb572R/nnGLyQe16K+PWcNdhbfxdchJzxB+yquxxAoGBAKoK+4ttDGwN6T6JFpqN +6IxO9srqAdauTnmFutzPX5BWRuITJEzNg8rn8Z9q1aIcaNhMMHZDVwbBrdi1JfaF +c3ln7vsHV7FvGc1yk8GpQKBcZiXqQSOKGsRciGjc7hOiVTo6HE73ZYf1sQzgbp/B +l0VW/4Byy7d0QBt60zVsEXcm +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_01/description.txt b/src/tests/data/x509/bsi/cert_path_crypt_01/description.txt new file mode 100644 index 0000000000..5887aa1a99 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_01/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRYPT_01 + +Purpose: Checks the behaviour of the application when the signature of the intermediate certificate is wrong. This path is invalid because the signature of a CA certificate is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.TC.pem.crt new file mode 100644 index 0000000000..0566530c10 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNDUyWhcNMTgwNzI3MTMy +NDUyWjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAPTzDRCFx7e8LteH+ZyhKJGfFHCtDY6f1/69 +MTFdMVbG5mzIS/fzKRQX24JxhODSpEUhJalm31+rY2/S6QmRLiP7l79lVLSegQFG +YQzK7+czcmhS0aSfb8peMfh+hD6Iu5et+cySKw5kvgt6/gdQdBd3HGysXoarLHdL +/k4q7CcBNLyOIsdfEptSQudmzEK+U0HWsK0FjvSn5EMP5pKGRiUJFUXVZgaX9VgG +QA9FTsU8w2ISUHvLcAStH2xrxFSu30JdaxOMrpgYv4y5QMxzWB6qifYcIP5WnFlu +6x8W89JB5lb2KmGGClqThEjuZUE1KPJedz+96wgbcwgIBBcfdIUCAwEAAaN5MHcw +HwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYEFKviY4/z +gE5tIlAXl+SWZhenwBwAMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAlB7j/KSh +vYSI8KIgtG6XOhkTu5dpor8zO/4mq/IcyPdaLmjBhPj+DMjskEzmZF3j5KiS/MFG +bSH/helzooAo37aF1o62kmB5UxXfC5TE148waUZ/9I0FIizII78mFjC7djjNwZdv +HDhNJ2gui5FbxLCrr+IblVslM+84C+uEoUddKoSOTAiCXSxy0jwoOVv/KIowS5Xe +ih17jleq8K26Ivnv6nVLtdf/+BZLKhBBmebPJzJM/sCw3GruDpA5XeTLxqtmHJPl +X9qV8WojqjNr5UjXswYTqVc/El/vba32Mw+KV9uHpGnItRR0tooDTUq/iIYS4HFh +1dreezsle8h+8Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.pem b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.pem new file mode 100644 index 0000000000..767c3c5361 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD08w0Qhce3vC7X +h/mcoSiRnxRwrQ2On9f+vTExXTFWxuZsyEv38ykUF9uCcYTg0qRFISWpZt9fq2Nv +0ukJkS4j+5e/ZVS0noEBRmEMyu/nM3JoUtGkn2/KXjH4foQ+iLuXrfnMkisOZL4L +ev4HUHQXdxxsrF6Gqyx3S/5OKuwnATS8jiLHXxKbUkLnZsxCvlNB1rCtBY70p+RD +D+aShkYlCRVF1WYGl/VYBkAPRU7FPMNiElB7y3AErR9sa8RUrt9CXWsTjK6YGL+M +uUDMc1geqon2HCD+VpxZbusfFvPSQeZW9iphhgpak4RI7mVBNSjyXnc/vesIG3MI +CAQXH3SFAgMBAAECgf8ed0sLmlJCsMJRRpJ5qMBRivHizAB1H73mdwpQCAdPVTOl +MS0qdWtDpfnQIoiYyw6X0F7koY+m3F6qhBbgwnmMIxYT+COWx9pPa2APguhfdl3t +MxoDCHR8JaPXSkI0J9ktRHB2HlrrI79/c94wROLlwnCph/VoYdZOumT4X5h/tZEd +OnDadx1P5EKn1Ee/r9G1ShmGTYsmuBuo+IZsO1CXsRMAoQ4FjSlaSgC29jMcAH4M +CsB5XotJOdsdg8j09a70DKHKtZAEXzP+BiPdyao/PiP0sj8cDp4VDpQPD0j3TFOj +9fsqIWweCQqjr4ulWjtluU3XUisHSwLzvem/pVkCgYEA/1j47zDafHYEa2oM8+9y +xeEshjnx0PgF9YYOPluQ3Qmyp3BO+it/Ed8RgzQoGiaSnGTZaAhK/gdgNb2awv6E +kXOjVnDMSe7ZlnLE7K3hbhn5pUwZIfqCVFaVJekb+K47N1+O7WWe9LXldNVrPj/i +rdSe1eqZumY1gyejiKKnKg0CgYEA9ZNG6u/lJEUMkvPzfFXArpCUUlEkXsoY/uAv +3DvWcmCJ5Wu8aemXsIgnayWWINyiBm+D+ySA2OUE36E84oA8LftEoeGbX7w6pkPM +5EI7x8BcpavfYclKgbqM1IrvQ0sxGRNseTBcbV586JZpuopGH5JRSdUkHb4rDSbl +1xPhrlkCgYEA7KhFb0pT9O5cgkEz6BGQyh076tthZ0+4Fio8oUa0KGiIj+7jA7G0 +f5fC31tDn5kIYLKHXIfzGSU04hnsibTioPwP8llwvUUFnQ6ZvNIbELQ6UB0LXhaT +HB9y9EPsjLrOXy/Ng/CfNiYvl+0FDBihuoJJA/H+sGdySTA/vK8jRzECgYA0FM8G +hmgXYBmBlQE/jkQ2AW2jY5gODlhsvYkI8RvS2AyGvmmQIL1N8CJEBA2p3ID0UnQw +MBavaSq2btClzMJ2kgKFPn6gOCBMILb0deONwosji6btay5FAxZZATorEGhSRB9O +OGZxv4dIIJY9vJOQoIxi1zQ4ppskx+oYyhujyQKBgQDfejd1UNMg5Epk+NTazuf7 +ctK+W1fryuOatcmzoJyHDcNhF1/N63s6nquozybTofDb6/e+Hptm9JZvxcZlCmLw +Nu3b5qw3jo7kx+q5q+YPxeMKf1+78GiSM7enz/lNzITjHLr0lN3+vWxRYbetMoq3 +GVe/D2BFpaM/oDNiWUTVFw== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.pem b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/cert_path_crypt_02_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_crypt_02/description.txt b/src/tests/data/x509/bsi/cert_path_crypt_02/description.txt new file mode 100644 index 0000000000..4c653e8680 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_crypt_02/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_CRYPT_02 + +Purpose: Checks the behaviour of the application when the signature of the target certificate is wrong. This path is invalid because the signature of the target certificate is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.TC.pem.crt new file mode 100644 index 0000000000..99dc6e4b41 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.TC.pem.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4TCCAcmgAwIBAAICTiEwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjUzM1oXDTE4MDcyNzEz +MjUzM1owHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Pam5NEgftsyuDFsrXZ/opQfRNoB6hWVm +zezfn6AMPyLia+K4LwVfa8WUoPDt1/jAcYjpF0mVUDGekDVy8w4TggEcUyiL+uzP +HE2x/Va6xRbjPF5SPaY9B7stmLjTjuHxEipbuO9RdEOL+e9eIWhfeqxImuhHSxc6 +2WYYKkHOSh7vtAoi5EAvnakKvoGa6z57R2BREQs6oXV55yK35mQ9qFjraepAU82o +IAOjIaGcqkynDR4FTV4tW5c3cMIreShUrxUyqUyhIHHaFqN12qsiY6BbK4vJA5/k +fwN9UlEefKCyAyi0j4PWMcVbyduVJLyDlBRpNxMWGLOPjFBdt1OfAgMBAAGjIzAh +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMA0GCSqGSIb3DQEBCwUA +A4IBAQB3ozucLEH+f98LbdM0mQxSAOAExQHmZY3IejqKWraELH8tEgJFb7nQkkvn +ZyEMpboebekhhdrOafRH1CO2hJNJtWq+fFyQS8A3jz4VXUGatHZVxJQ+qAAhzpgF +KpazIsSk2baGb2Fac3qvDkGHWBSudkXYaFkeGRix3iytClnURojbre3ANWK9GBwt +/50o3usyAlyf/pG8KzFFlM+c5XH5NTm9nHnxxXYomFz8NEJGgtflO+THeKbY/qFq +MzefpTUYPI2Gk2JJQXGHDba46SefIeRmpCZRuDQaqxOCqHmQ8G4kPChe2occeHJM +FFdzSRS1VscBzZG4iQJY2/OJOMF+ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.pem new file mode 100644 index 0000000000..51a02dba5d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Pam5NEgftsyu +DFsrXZ/opQfRNoB6hWVmzezfn6AMPyLia+K4LwVfa8WUoPDt1/jAcYjpF0mVUDGe +kDVy8w4TggEcUyiL+uzPHE2x/Va6xRbjPF5SPaY9B7stmLjTjuHxEipbuO9RdEOL ++e9eIWhfeqxImuhHSxc62WYYKkHOSh7vtAoi5EAvnakKvoGa6z57R2BREQs6oXV5 +5yK35mQ9qFjraepAU82oIAOjIaGcqkynDR4FTV4tW5c3cMIreShUrxUyqUyhIHHa +FqN12qsiY6BbK4vJA5/kfwN9UlEefKCyAyi0j4PWMcVbyduVJLyDlBRpNxMWGLOP +jFBdt1OfAgMBAAECggEAHNgrCWD5tgEOVKXbmEJRChZGjoELR1k8r2jqVxIhFsnP +1yiQEyhOg+JXALd9HnZ/c3LCGnO9tO9C2Bo2pP3UQBziRibyVd0Vldgo3Q3DGSco +QyZuPKeJWn9wM9Yo818i9ZQeKlmLUIlvYru2y9SPFpE9zfrr9GAYEh2/Nwk9wDtX +RhAbjI1DIMmewCfttRvXAXEorrLj0iFouhF89KYStyLkk6Pm8Id3sqKA9zOKryAX +FgfyOZTtSzwmBo9sK6xZ9iLL2zWL1Q374vAHoj796/9qz9d30ih/z9tFGp42MliZ +8aAckFryL1/DfdZgv2S1M/ZnSjD4U1zTMUQOQSMA+QKBgQD7pAd8Hwz90c/owBkf +/JVQgFxFx0+CEFiZ+FRjw3XdnTluMXTb0U6oqPHPyavkx89X0elkTnQXYtD5nYs3 +g2/nJQWN6XD9xw1UQszi/TxVnHV5bpqe1CwRtpYCn9FjSAUZampxsQhIsfeHqaK+ +F9d5bWox/CiAvvWP3heZXnHnNwKBgQC9d5mQhCvgUUiT5SwTH/JPp6z3y5LBCtg+ +cPn2nEpfrgZZL6+5rv3xPGmhNCN5FChvWaa33S5knHnt7PStTcTJwnbnxzk/oepv +aBFOCzOHyQKh3wchHXCuzW69d+zqEvpRjo8yj5tcW7YcNk6dHnd/MFHP0ITRH+C9 +Jk/3iada2QKBgAZpiZ9KE0SsggXGT12XTB6/Bprol0gTLo7N2yinpGs/RGVgcT/g +t4Zot7C5zN2JkekE+lOKBD9MT1LtBs0lVkanlNqm5jAxUE+jXCE0nsL3t66eeOYv +NehFpNDwTZ+gCDE7mvbGshVYI5ybYABED0OS3C/l4wpU02EVIbjQxUpFAoGAJmyZ +9SgI6e4yJORGQv6omqTrvDlJ4uJ7JnatCul5X9wgJ3g3UBYAJCtXVL0JMKX46VQq +LoGpxffB9pGmsXrjHPPWP300zAXfUIavc79rzO7kHMXpYTriPmElQ0GOB46fu2iI ++/0JyfpDfYc5/D1QiLfY76dfODYZ0uJxN0dwbEkCgYEAxdCf//3le7BMcFtwBFL/ +jSTL/9y+XfGjnBcdMkPBZ+KsWMrR6hY5mGIcQsYa5Gr5sBplfSnKsi/IFYzGQWPJ +a0eBuvHjci8KVfNa8iq/yvBm2gK0hdQKIQu+YE5RdaqCb1X0rDm+oBdqkhVhuwSX +qsUgegAzhLeIXAzJihcMNhs= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/cert_path_ext_01_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_01/description.txt b/src/tests/data/x509/bsi/cert_path_ext_01/description.txt new file mode 100644 index 0000000000..202fed6eac --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_01/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_01 + +Purpose: Checks the behaviour of the application when a v1 certificate contains extensions. Certificates of version v1 are not allowed to contain extensions and therefore this path is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.TC.pem.crt new file mode 100644 index 0000000000..8398ce4d68 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.TC.pem.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4TCCAcmgAwIBAQICTiIwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjUzM1oXDTE4MDcyNzEz +MjUzM1owHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoDGFl61006uZ/U/dx1WfEAkqLEH3ZXp6y +OSkPK52JchKnmzFJpTDU9sy/a7NNfMB5oIzEUace0zTWCBZ4LpiUv+4k8OJoP5E7 +1UEx6Gtwl+vJht+fpYxaRqRASvGOq5Edf/jhQfyNw8WFYW5TmkBY/GMwhFt8hVGK +j9Oaqkxt+L8DwzW5gOJ00rtCGKcyhJAT4WIR9Co/MFTfZwNLSDesU2kNsh74qcQ1 +2xACOy+nH62VaSgeTL/Y9Gqm2S3JLr6Ep95t8x5L25lCVv4B3Cc782FpNIBD7mZC +8LXkL9JjxjviUPEu7XO8DGzYgJOlScMoxcz7T8pjs9IZCdposvhPAgMBAAGjIzAh +MB8GA1UdIwQYMBaAFOCMGappJZoaJQD2syi6G/cN+c/AMA0GCSqGSIb3DQEBCwUA +A4IBAQBGdsNlHf2KTCwDZCT+5W6g71CQlfd1XaMEnThmgl0O3bR1i/aUD8oi30V0 +qTtzfzNEnr6Yf2Wcz1XMSC+eLFo+wH7Xi0KJsqvbazJ+wgsLMfuGodx6hU4+MYIo +WO3pluOVnk25bFqIUQ0SzhIRpUyrKyDnpd8EqCO1LmsFBDKNl3uAky221XPL7P+n +yUFJHnWxuI+v7B8mDjfvhM2OOKBAOAtFREbRmAC+G7hgjx6lOphzUYvcwrOSB9px +c22hbdghtfp1mE7PtvqEiABfoYqgQVo9Fp6vVMC5uLFmxCSRx5/fi50cB3UexQH5 +2nBPNqJ69bVjX+Ovc6LoACYCKsjp +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.pem new file mode 100644 index 0000000000..4bf1abf835 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCoDGFl61006uZ/ +U/dx1WfEAkqLEH3ZXp6yOSkPK52JchKnmzFJpTDU9sy/a7NNfMB5oIzEUace0zTW +CBZ4LpiUv+4k8OJoP5E71UEx6Gtwl+vJht+fpYxaRqRASvGOq5Edf/jhQfyNw8WF +YW5TmkBY/GMwhFt8hVGKj9Oaqkxt+L8DwzW5gOJ00rtCGKcyhJAT4WIR9Co/MFTf +ZwNLSDesU2kNsh74qcQ12xACOy+nH62VaSgeTL/Y9Gqm2S3JLr6Ep95t8x5L25lC +Vv4B3Cc782FpNIBD7mZC8LXkL9JjxjviUPEu7XO8DGzYgJOlScMoxcz7T8pjs9IZ +CdposvhPAgMBAAECggEAPZlkLm7rGJWubigCQSjfw3qvhnBCIWbMtzm6skPjmFlH +O0bo9zzlPHtHLDe3XwUGrM7MKr5fiy4SZQ5L5jv2VDhSfBoMc/gxLYSLRFcU4w3d +MV8OI8AURZc1aBfQmeKL7AtX2IJOqEyF39GKFn0pbzT8yvEJdAiOjkMQZtZb88ct +Zu+/kq3gARD0MkxRTU12kbd3QVFOIknSFNfPqxq8WKjznKDbRFScbEvnz5KLsnKD +hgqt4HqyAe1M9jSHBSteoiZ5Lqn4UikXG4YHdNmIFO/2N/W0R0IoURjxv7M1kIBZ +6+S5KCG6uz2JMzAcLmcqf4mbJC3JuR0/Fl4NxyhbuQKBgQDVUtzioljBktIN/XpG +qRGHtxDCyM78wHlpiAM67fPpP7/sN3pnA5k1RtKN0B6/DYZpqxq9Jbxe6soBRk+z +usiYoojz3kznfMkb+gulPShLsowBUxumKT1BRSJ2jq5/oUuptMWP/PjyKE9KvxrH +KcnLIZ0AnX7A1D+ZFTzHZn9wQwKBgQDJqsq9gFIN54B3Wrb0hDgzIrnp4hoci336 +WWetb8V2YbFVXqhsH7wDPT+EG9tLR/qJp+Ski8xQ5Xo1VhPsS/JQfi7zX1+4yMUW +tR3YCilVxZzAeYs/GIud8ztOo/VbzKgXQ4WXuctMkn04xLfZelLvjHBDj6sPDKrr +jqR7df4tBQKBgQCH9+TqX2gLGbXhTOsfFqwhwMFiJfQojdXVOeg1K24IAaYmvcW6 +20RP/PA/i6PNSqWdvH2yidbi+OwAm/w5JpitEQwRxGNoONVGi73YeH6yoP8z6PD6 +m9Z7P8GTp6X5m6lKZfp2qFtUnfTMQ7qhrzT70FTuC3S7G43d2PeAcQhRWQKBgE86 +NQo75oCl6Xd6gRQQ+c9FHkr/VAjQ2H5JL40Yszft63BBjuNjmEahglmRZBbwQUJh +XlcywOMrNFbN6WfU8m6jFCjy2DVNUvi30PC2FUUoLIwFdComp3s3Op6LlXIqNgNl +uI9CI9eCWYW66wuangiUYOp5/9cav+9pC7+hPGlNAoGABmsnM7cpEFcamq8rR1Pv +OzjoG3iHLcrt9LRG8de3o2z5iSKwYPPf4o0q1qY+wuT1sMvHlqt6eho0CZghgl9g +fKxykPVyjAl0zF3SL4Xi63+c/nlesYdn0+Fb9aAU++O+q5Mbs/B0WKWFz3mClS1+ +oKX+FAf36fcjp/4rPpUDefY= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/cert_path_ext_02_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_02/description.txt b/src/tests/data/x509/bsi/cert_path_ext_02/description.txt new file mode 100644 index 0000000000..f7c52b51d1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_02/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_02 + +Purpose: Checks the behaviour of the application when a v2 certificate contains extensions. Certificates of version v2 are not allowed to contain extensions and therefore this path is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.TC.pem.crt new file mode 100644 index 0000000000..b952696698 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.TC.pem.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbegAwIBAgICTiMwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0MVoXDTE4MDcyNzEz +MjU0MVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl2MEA6NcQmuMkzjpIjXbJJlO8z6yhesK9 +Idd4SObOeoq2HcY0g4wUjGDvAAAJv7WWXjh5/hxBkj504+U3SGkrlYAW5tBa5L5i +s9eIO4yZnvUu/uQNgmYHAPRzxWSgMO/gYpU2vpn+pKhWuEmzuBQOtfkO0mXbrG5s +d0Zihj23saGyatfrouQxuiB6Gtgq661FwOVa9r8Ih1di5cQ9hjAEsT5afsWqVCmf +9V3RPNqhPpOdsh+c9GQfl6r/TxEogQrEcrtaFELhVCxWBocqP6i/MmRpahxgz5Ph +goLnlp79SGc+7kBREDBYKDYjHpDKOkMoXVSfOfjaiuGKHfvY2zOrAgMBAAGjETAP +MA0GBSoDBAUGBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBBFir+lZc3Xy/2NB1Z +zfQ7W4+5HMxjbNvdvrthPabgdczo6QcqZVdRMW7OHYYJ6kHMI9BnX+1v4XRUG66F +EG0dnfJTj9V2djh2dTHPnOExABI3Htc4B+kaxDDe9Bej/Seaq9rsmwl6WdO5Nrpj +n3AHSzrAE+55o/S/iktKiMFEH8TBzOaWaqXH19A7l+v47/bYQeO28ansKfQoOZRT +nuvaGvNYpHI6Xz6GNS12xNKeJQ+FJDKPuTyCzsk86gKZqI+gnwh1FFJ0Nb76nZa6 +Br9e6Fwb9QWIU5vDNQqqii3UTlRskahTby7YdyzisJSiEmMnyxUiZ62jwRdnP0Fb +OEuU +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.pem new file mode 100644 index 0000000000..e42c589c88 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCl2MEA6NcQmuMk +zjpIjXbJJlO8z6yhesK9Idd4SObOeoq2HcY0g4wUjGDvAAAJv7WWXjh5/hxBkj50 +4+U3SGkrlYAW5tBa5L5is9eIO4yZnvUu/uQNgmYHAPRzxWSgMO/gYpU2vpn+pKhW +uEmzuBQOtfkO0mXbrG5sd0Zihj23saGyatfrouQxuiB6Gtgq661FwOVa9r8Ih1di +5cQ9hjAEsT5afsWqVCmf9V3RPNqhPpOdsh+c9GQfl6r/TxEogQrEcrtaFELhVCxW +BocqP6i/MmRpahxgz5PhgoLnlp79SGc+7kBREDBYKDYjHpDKOkMoXVSfOfjaiuGK +HfvY2zOrAgMBAAECggEAM9ztOkoWG0i8eKGPQ2oNuAimzhhJnXPk2z1ugtyVZQOY +RixYc8qhbzmZBJSE7oeHkz7ivW+USYMgyfAMmbWoweruE/tZM9ttmDMyVxV8Ofwm +I2ytR3Y8TrtjNqMHfTrggNSDYgvH34SBaiEWVz/c8d7BRHvSQ5iQLZY9Kgld2ogO +o+dX6bz4iH1RH5XGmsUL8elorbqCnkGIYvXhGU4pEqGIl3/P3XqqoE/atp9FAiZe +7tR5zYKnJ4p9dJA6PtgXyoxQ49uhrQ4riuDEXDsHEVyi+fj7qMSyucriaGRBK1fd +SfX8F19n4w3q81DhG30QXwOuKNSoi70eoOWATornCQKBgQDTsiKInOj+TdyhqCY1 +XwkbJ68XyBcPM+mr75OgHZZvjhowyknFRvquYXZ8/ckILtZawmpyDmdaaSoYvrLb +kA/+oQIBwjXZG21f2Fjkjv6IEh+tV8RKy+JkY0wwV155khys0za1A/KI5yQYUjI4 +/+aGN5afgWlhOnY81bYstpZ56QKBgQDIjjHXKqQClspYVHIbcqvbWO4AkspMMp9Z +FxICwjGDVYmA5/7/aP7BwC9vJO61WyM55aYXOD5sO/NO0w966gxfjXhdNNt9ZPJ2 +3QtcDnMB4WiTOWUk4dLnebH9G5/1m4YObQzTrUEJzB3UVxfE9vZMuaohvUqrfmid +6MkZpjjwcwKBgQC2eprh/7+nVh6VCojFAMKssaxwZ33ZEPqfxsgOAPMn/en9nKGy +d9imcETewTSE5TrIyUVQQ7I7cONkqR0rvibLaqZ8NZiNKONC9w7JFam6SUUc+sat +YsonlqCaGvXI/XXSU86YgmqSMAwhGtlH4O4pS8l+fOMFeItrLRz3tfxH4QKBgQCh +rpDbp9KlC6+A2kNLgXyuztjAuZZBK6ZvCjxI4QlNmc3KkD1w5tJKnIchESMoLZsO +d+cYXQ1l8EbMSzb1nm3vMnvQmGZChvk5fiZERpnM8E2AMwspWqzOU7t8E6M3O/Qs ++RkYJVqDbXy2zKeq8HXLkPppTNM/wh7Q/vPwq6LHpQKBgB4UIMvbNaQfoKFr5eWa ++acxmRb8/6t0jLExQJHxhfblx1TTbYsk4bevCBMSYpeFqCESx3HtXJH2rt9tHiwN +6a7dlFGYvCwjZqR+jHTNGLjggzQgZQXj64BfGRtKX8+qlG1aJ1mibH8h6E0zccLn +GPKL7A1o7VC7LxBwU5VbCqFK +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/cert_path_ext_03_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_03/description.txt b/src/tests/data/x509/bsi/cert_path_ext_03/description.txt new file mode 100644 index 0000000000..e862c4d892 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_03/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_03 + +Purpose: Checks the behaviour of the application when a v3 certificate contains an unknown non-critical extension. This path is valid because a client application does not necessarily need to be able to parse and interpret such extensions. diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.TC.pem.crt new file mode 100644 index 0000000000..f3b943beaa --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.TC.pem.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbqgAwIBAgICTiQwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0MloXDTE4MDcyNzEz +MjU0MlowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL035T3jh0PFlIyolm8d+OPFYfYXkDMNFm +F0PIK6wZHHzwZRYhhFNUp/c6ctJqNViGcLf9lNwKuM7MSoSPrLpnE+whQNZ9j72/ +JRm3X/2p08VoiFticoncK1XsuPXe3nZT7zCRn0fxpRdCGnz8QUE8ZySSRCvG83mY +6Ee/aCMpmCTiAPQD1/FDD2yQhYAtD08qNSC1sT6bG/GoRGgBWxKE+Dois+RFhX5W +/fDRw/SknZn00OR0xSU/gcfKOdkQsul26o9YdrwsKzzovTcawThVYjdhQGwuYtOq +Doaatr2TiMVlbS8IUyZPG7F0ivMZSXqWn9ZUIZzyUPY5p6Tymd2BAgMBAAGjFDAS +MBAGBSoDBAUGAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBhgxNDI2ydzGwU +2bh/aYpE+u3wSWaxiGhKLYMNhyd62mcFU6staO5/EhFOYxunxs9Dy9f1QRXbDv9c +NRQq8foEtaD/bwudthWngzCvnTaWBfXu7tcy0oTYGvRXU2Trv138iXuvq1hf9XLz +0SQ/smxb5oJxNClhNZwjt/ILSBC6j2LsRZ8HY6lT/v7tGwo834HQ300LEXPYSAfX +b/+ZWY9rJjdqWjmviuUj0n+tBMJzupTsEVFEfrBqabySJvxVYKJ+gw/SwX5UV1BX +Px43mtrPmkR3ETzn/+I47IayfdoWu2vWYF+ZAsbyT889ag5Wo+JZRPDz8S+QhJQR +CMbFtMCB +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.pem new file mode 100644 index 0000000000..59095092fe --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDL035T3jh0PFlI +yolm8d+OPFYfYXkDMNFmF0PIK6wZHHzwZRYhhFNUp/c6ctJqNViGcLf9lNwKuM7M +SoSPrLpnE+whQNZ9j72/JRm3X/2p08VoiFticoncK1XsuPXe3nZT7zCRn0fxpRdC +Gnz8QUE8ZySSRCvG83mY6Ee/aCMpmCTiAPQD1/FDD2yQhYAtD08qNSC1sT6bG/Go +RGgBWxKE+Dois+RFhX5W/fDRw/SknZn00OR0xSU/gcfKOdkQsul26o9YdrwsKzzo +vTcawThVYjdhQGwuYtOqDoaatr2TiMVlbS8IUyZPG7F0ivMZSXqWn9ZUIZzyUPY5 +p6Tymd2BAgMBAAECggEAGlclPDFmRPSHlUtB9nZ2LYDJSxo4SUabHlZjVrr4wptW +ig/bjE6iy43pT+RcIjLtUx0TVJyoKGU5qaz3n0RIfTRV5PY8FyiRnOIZMK7MWTtv +h31s/Iv7b43UzNgaQ3L8V7HRf6rV4U80ckEkux9eZC/wH0wwBsXwMOfTsyist/Mg +wgIoL9WjB9socpaGGj+MmHsjKAo+suRVrfoGK22TS+gjW+NLpTB4X6B1+J+3Ci58 +kaqm8/mlRrBv86C536mDYIPUNqWa9Xvcd7b8VTYdP6jN83vizDSf9z/AargO3GF/ +l9lvOFDvYLpIJRdE5/Z4GCzlZ9Cs1gZIixSSrbJvAQKBgQD+w4CiQ7zmxaMFA6VD +9+yBfMjuiQX3V80QvqQuU6aRFo0sMhZRhaIHM/XKw4Gs40JZT96jg+vqRLLi02E1 +0KOFojinobY+bq62uiX7atPZk/P+yCLy8/v/oQNOk3XtPctE/62JyniVSCXwZ9rI +DvmRn9EMQrpWegxWyc+8NMFNHwKBgQDM0LXa4Q7dGtF5MLIHJX0yMLxJnW7IURSV +jt/HDif4RzieQvQTddmLSPiqIjz4drX4awPjKJvaPoEm7+TNzDWqda+qnxRuvCbc +9zEQwmRt5VvBF9m8sP0HlfL3jPY09Ne9NpBb1qzffFnCCSjF0v77OMCtEbQICmPw +zmYpzSrhXwKBgHHgFWlyecd1ZA7juEWPVkny6yWkXeRXfLQVYvHKNlP4DpZItS0v +XGN32FAP37DVzFx7lPrmBteqaYN2FKenYNBk2IolgH6bnsDSqBOfhp5kwdWKxARx +Bp0W7ZF73GR1EJ0A5CMJO6kOnNa+tU5jUy7CjwC5+uyYlVdd0dtAgX7lAoGAL2vr +j0Aottzsv0idD7aIZESQc+L1sX/EalRoT6hhbMTgwRPze0YAFpXQrWO8BjNGMrxk +bAYM/90U/jTxHw03J76T68dlbbY2sVayj5TSt/cw5WZmTaAVFdqMJPEIWH6QLQkj +J4BvCle6WIjSXetaikQ7qFa+/lWZijnfwbH1SbUCgYEAxQglnXz20cVIerpj1P7o +cUUzjAvtD/TXn0RsyaJVyarznx6XMyE4KCWZQ6aREWGk48I2IE2ltdUT4wg/ESnb +xqJVkniJYrmg5tqhS0XdlnZc/aaNTtaFALYc9STAO95XrVrJMuelidRV2Uh6NVpf +Lpc1DcFKb9+7V1UPcDl4SWQ= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/cert_path_ext_04_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_04/description.txt b/src/tests/data/x509/bsi/cert_path_ext_04/description.txt new file mode 100644 index 0000000000..3ef25d4a80 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_04/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_04 + +Purpose: Checks the behaviour of the application when a v3 certificate contains an unknown critical extension. This path is invalid because a client application must parse and interpret such extensions. diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.TC.pem.crt new file mode 100644 index 0000000000..a38fba56ad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.TC.pem.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAcigAwIBAgICTiUwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0MFoXDTE4MDcyNzEz +MjU0MFowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpz6pOzbJADidIOOE4JBW9z60AH75w0O/L +2saZEtC87DvCWcRkb/uojoKDOlyPUTVqoQvUDtX25wfqYqao9JMci9wHtPiMJ7Jk +HfHb5nfbv4YxmERiWMgvc6+oa1f8pj98HVy+eNIwgWY9FpIilcjsOuweaKqXLRu2 +Zea3ndUY9BfZ9cLnaZQBvnUdAF1NpNF6i/ApK9R/lpFJxvILU0WJoEDXMi9LfPMY +JZMNzxudtCQHATzuK7r6Dydq4SRJDp7EqZdvyVAbfyLBpK8ChFg2dumUAqgualSM +wnOpvjChF3LpNBI4T+M1ZkBqzEI+AONVq5/zWyYzOFWUftPjFgRrAgMBAAGjIjAg +MA4GA1UdDwEB/wQEAwIHgDAOBgNVHQ8BAf8EBAMCBBAwDQYJKoZIhvcNAQELBQAD +ggEBAGpIOCvV1lgYbCwkbiEHik2PHDS9s7Vrb7dAYNSJXT9AxKvqi62EriZu3S+0 +Qcgc7pJIwZmNXzckJ4q5A7nDp52Ma3LL4M5SUiKc3NboqVFj/L2Erh3JrVHZ/COR +WZ9fdMHLND987kdYaTtySvN/fCv5Qg4XC96316whS4iyMcB/fgev+eCNAOQiULBm +XTyfklU13U6M4q9CIJrX1P2Ud04HSMdJ+yZRQoXNNef9E1tZAzFZdQiaDvfTiw/g +mGKlEW1cZ9KRsmBpGelKH+XaBejaHGjWBCBHtFjPp/N5NZfpLMo92NOiv+UyUwwx +MMaK20K4YCudaUW7QcFR6YBmPiI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.pem new file mode 100644 index 0000000000..18c4fc742f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpz6pOzbJADidI +OOE4JBW9z60AH75w0O/L2saZEtC87DvCWcRkb/uojoKDOlyPUTVqoQvUDtX25wfq +Yqao9JMci9wHtPiMJ7JkHfHb5nfbv4YxmERiWMgvc6+oa1f8pj98HVy+eNIwgWY9 +FpIilcjsOuweaKqXLRu2Zea3ndUY9BfZ9cLnaZQBvnUdAF1NpNF6i/ApK9R/lpFJ +xvILU0WJoEDXMi9LfPMYJZMNzxudtCQHATzuK7r6Dydq4SRJDp7EqZdvyVAbfyLB +pK8ChFg2dumUAqgualSMwnOpvjChF3LpNBI4T+M1ZkBqzEI+AONVq5/zWyYzOFWU +ftPjFgRrAgMBAAECggEAGsfNGdJ85cyVoLaVEQU33JCFEyZDzYerWctYqMl73ApR +k7a+hKyDKYkYHNlhFu/SwcyWO0z/rN8GCOP4BAtWVsPZNpScN4EHNEeOCNp8VU62 +O4TCZtQ49gAuWBxdwFL5DiTp/IFnfLjbm+S/Cpn0GbViiZqDf4YLVHprptJLH5Jq +dnKaTxPBXGiPBjB44bViMJ6XJWZKwMrwaDfPlAUIKsK7n3LXDHk6OkSn3DBT8Y16 +WuTvFNpFKji/bVjJHTWsHohT47SNf516AHGGvAKpbHOUapwJCQngpVK5PW7yPktF +X8mLFFbnfi8mitYpebC/0wWIRpQQ0chqi3ratqFZYQKBgQDrM0DhNXolvpCfQR6F +7qwyt+o+eH0lLuygBQpQAEO0KAirX7FrTUx9hxWVodh5LZ7KSDkXl7FjUbBxluS0 +rBsoCnKsAOvvxUk/Am2al2cx+Q7FMK3ye7dw0FBXDvB3+xRJHoPABTwSJRkjGKpt ++EYf/7R7VzlClwqdzhCl2EMBsQKBgQC41A5mwGxeg4ek1OKZXuYHmw6Mtf0OoX3M +w5JKvxBbGhI2QpPZkR44bwiF7OM4jhWRSKL+WVveS77tr+rwHNpl54nLD0evtSyH +QTRGyNH3RpqoJvu/7xQbHR3gVJ8MedqNC92AmBFRtagv7CA4QjTzRufP6COFsPhZ +lSwZxx8y2wKBgCC4H5V02Ao6KWpOJ83f9wqTNT39iwNKNNbJ/LZGYyTD0PjuNgNE +XJi12xXWzwOEiit/wpl6m83CRnZ21Fgh/SEj2vH8qtXPLzJZxx+TYmK8UAa0j+5E +sa86+4Iw7Nj0D81gNlnXIJUxnf6Y5tSnjjHTY6so5ilSU8LCMOSxYhjxAoGAB9Qz +p/aOoJJBtKGv139FjxzqSNuMlIoSohHGqJPfRXydON8pFBYpiYpqegHGviaGk1jY +Tp3KXmgm9jp1YSZXuelM1OUYzECIWlJQvI7VFfxPoL/F+iNOXrelBFORSR4AO+k8 +wK2wTh27ugvucXOcepGOUCgtGQSeAG1pKM5ea/ECgYBjQWEOMmvBxR+GXUIGcnHP +iPP9qoeZt0jVRxUAFnE7ZILm/2gvz0nnUt4ynxn6FsoRL1mu8c+HuJnrfOnT+SiM +zHJ3JhtkrvmPiADf6B2dM2zoQdy8uAYZaNh2PFAbJJFtzN1kM6SJ/HG00+S5hbzD +dsXoBt8pMCy3fFRAsovSoA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/cert_path_ext_05_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_05/description.txt b/src/tests/data/x509/bsi/cert_path_ext_05/description.txt new file mode 100644 index 0000000000..512d59b59e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_05/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_05 + +Purpose: Checks the behaviour of the application when a certificate contains an extension two times, possibly with different values. This path is invalid because this is not allowed and additionally the client could not decide which to use. diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.TC.pem.crt new file mode 100644 index 0000000000..bde9090569 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgICTiYwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0MVoXDTE4MDcyNzEz +MjU0MVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz5ArwaRDadFpC7jOqP2nwF+YboLAgvLIG +bc2JAEZaFaPOffO/Ouyh/O7zCOeRwo+AVswZ1hmXUgGO1mLl5lJ0Pktp22Qd2Ilg +qTXE72Gc9DxMGhLjodCyx0g4dbORKFHhwxbIOgm/0fPL7zC+PusJfcZEw3XUF/rb +6BcUPmyPuwK9jvx0MNOx2ccRiHVqY9SC9jI0/9oqZUIz+ArpYiWfYlz7egkSDDpA +AhuyKna9uL2vBC/iDVSBu+/A3jLUUpez2VY/duYTAA8Zc9xbqq/bLiHa+zQtMb3p +qH66HGSnbmmI0ryKa/NMhrfa1p9th2ozM3SIDXDPsKNgWUGsvzhBAgMBAAGjeTB3 +MB8GA1UdIwQYMBaAFIg7PemiPjGTRq83w7QDXMiPE66/MB0GA1UdDgQWBBT7YmQg +RLhQkgvJVPMiEvYw/DneaTAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUwAwEB +ADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggEBACh6kLHh +0In17oNclR+d/zBEKnDj62koIN5cQ4NeKU3bTqi7UVb6enYxYppEqHXEmN4/eQ5I +U5Qqqz77VB7byFgtoPT37Vu6tFKhvGxsg+DNWbokfP2wYp54OXcXBQCktlQJHSua +qwqXhk+WSoUPZfVH0fRr5WRBWM/4q6dobT4Lk2CvonRBWo420ylVnLum8xMhcFCH +VfP9fa7ETfnVr1gl9B0OGKCQBw2pt2a5jya7gdD+GbbnSwxd3/0YbCAmy8uEwVEy +tFPErOgB9SoYyMl/wpsj3iNbJOP14jqzEMvElYUtoGRFg3BBIIz3grvsfwfipcyT +0ZdOanAJ53+ml08= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.pem new file mode 100644 index 0000000000..1edee12ef2 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCz5ArwaRDadFpC +7jOqP2nwF+YboLAgvLIGbc2JAEZaFaPOffO/Ouyh/O7zCOeRwo+AVswZ1hmXUgGO +1mLl5lJ0Pktp22Qd2IlgqTXE72Gc9DxMGhLjodCyx0g4dbORKFHhwxbIOgm/0fPL +7zC+PusJfcZEw3XUF/rb6BcUPmyPuwK9jvx0MNOx2ccRiHVqY9SC9jI0/9oqZUIz ++ArpYiWfYlz7egkSDDpAAhuyKna9uL2vBC/iDVSBu+/A3jLUUpez2VY/duYTAA8Z +c9xbqq/bLiHa+zQtMb3pqH66HGSnbmmI0ryKa/NMhrfa1p9th2ozM3SIDXDPsKNg +WUGsvzhBAgMBAAECggEAF6999TuQOYM6Yzej29WvqCotZRPaPOU7d3c7qb88hB33 +THfvAQ3MHGQGPj+85cc9R8Ol6fzzr6XfiKQXr3eNAbs2CMEXRIq/Q9fjuYNfUeAi +lE6WkBw9M1zj2HM+6mzpoxUhyclCgVwugnqC63mzTrOdyG4H9J4XrJ65czPo7V+T +8pIgqp89reiyJpSiyJ+2zbyOVUoGZPT8KfDDI+u9nwDnXzoFgzBsiG7kNGaFMqCw +Amvtn1+CcevqBR0k+DElNs79ioCRruAEpMeKiLi/HGY80TiZQ2/VIuNbkJNqYF02 +VJbm36aCcU22mUzkSxh3MIuJiYrWJEZlgq4MTRINVQKBgQD8WK02HaDtGZXBJ1Kj +yMqxYcOEozCU9dHbrogNmuxa4kZY9jeU+XDgG0Hss++Irr3fM8BWKxGkN2jyuB6L +PqEZuNnw1zgakhee57xiw64XCyY1Ijxy7WbvWdrovrSmJaPkqmzemV1beOq0/Oam +bRbyUnTcvOizbTavYU37Gp7OnwKBgQC2fs8bX1EV/7RuXZfUQ5FDPwDGfqnef1ON +egwgaZRkgy7ffwC/eYg5kq991yMAD+7GiWN5fpTd5++5GFG0a7Xmh510IyWK3/EG +wyQMYVS+ZZqI2Psz4gpWYyssTwnJ9xQabZDe9q60jNkZaexdg+cZiQauqiwEhhdJ +I7JGJuXtHwKBgDkaH+f1AGtmtLqGmW6yixtkkge7ncy3a4uYjPT3L7DJLz4GSUGO +yHoN8PcNKJD3acPORCG7kTxlxXvXKiI8Q9w8NiUHroxkrq+opLp8qTJRtY2kd6VS +D07uOFkefmZycgnWfthIQBXo4MOfztmuKdkfy43/uXCQsCUzkZ/WwETlAoGAc8Je +VwuQILcxWWyO2Xr+krxNHpvL3rG/axeGx6yRD2zS97vU2qAZlAOCw/0KW4i/ujn9 +2lw7y8LKogtWEG7eVFujub5tmvjQJ6zymdPHcHp8mt+gAFoamo+PHC0KlYzfuJ/V +bEjnqulI8MDqyKrZla4AihyxjTENZjx5YdxcrpsCgYBPz9LjfYsDmTXj9vC3sGoV +L1G1W4wkqIywWKj+h2KKrpdrPt6kROTxLgCph60idLI6xiOeJB0K5XiElKZNBtbC +0XCweW8FLBb8x+1nzXtMLxJy45ThPiRpK3cDR/dbk+M7Kqv0cVlo2v6MQNJQVozw +ISkJoSrIUR4vSs8igcPY2g== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..1046e26eb1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJzCCAg+gAwIBAgICUg4wDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1NDBaFw0yMDA3MjcxMzI1 +NDBaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKiBqbV0p27AhYhiFpwSFTiZQ7hkBee7 +Fig0jRXTKWtX+zjnRjZy8Puyg89En7l2MzdZk8RzlrYsE/tAWWdqjlrNRU0TCoom +HmWms3Vjs6+z9UmcE6bOchUg7BjpAqKJHSguybqyw5V3RkTGh51r9HbiUngzbRYq +6IepXvhYk5tKrcmcNmUKP14JhLdKzTVMxEEQh/UEWx1guCdrFI5s+LYq6tHget46 +KWDpueKHZxXalBCQN9v9I0y3nOHhwy+FOsUfX9WI1zsetpMByxGmO8UfFB9zx42I +YvJoHPwSS1WdRofa6fXUsbVK8L7zBsxRP09Q68AWJtHvOgI0EFsBslMCAwEAAaNn +MGUwHwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFIg7 +PemiPjGTRq83w7QDXMiPE66/MA4GA1UdDwEB/wQEAwIBBjATBgNVHSABAf8ECTAH +MAUGAyoDBDANBgkqhkiG9w0BAQsFAAOCAQEAeX3OGW/9h7NxsnUbgpC7SFzyLxjv ++25VG8jtE+pbZdnQEEE17vfUdQXJ1FZsL6jLH+qQT6HfNF0p0rxjYjdBZNNnGTZX +ujdyovRCGZU0xIvtCzyKeDRMEYHOxOcuqKcIb/MPNqERXY1lqFbfgKTtwVptifTg +O8wRZ2pMuDtkZVLfmCVZzBx0sT17mDzd9FEZWIH6hTYMgV9mZrL2B9+bj5zjC7uN +h+BF7Ftv+dPBQYsi41ltYTgVJMlOMNnP7ueceKiZhZ2/bsci/PiBEkaMrE/rZKJh +UUMYWkOfmseYEr5LZvfjs5jVfHg6WYe8eK/Uap6xsXb11hFCeiNK10IwGg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.pem new file mode 100644 index 0000000000..81bdba630e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/cert_path_ext_06_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCogam1dKduwIWI +YhacEhU4mUO4ZAXnuxYoNI0V0ylrV/s450Y2cvD7soPPRJ+5djM3WZPEc5a2LBP7 +QFlnao5azUVNEwqKJh5lprN1Y7Ovs/VJnBOmznIVIOwY6QKiiR0oLsm6ssOVd0ZE +xoeda/R24lJ4M20WKuiHqV74WJObSq3JnDZlCj9eCYS3Ss01TMRBEIf1BFsdYLgn +axSObPi2KurR4HreOilg6bnih2cV2pQQkDfb/SNMt5zh4cMvhTrFH1/ViNc7HraT +AcsRpjvFHxQfc8eNiGLyaBz8EktVnUaH2un11LG1SvC+8wbMUT9PUOvAFibR7zoC +NBBbAbJTAgMBAAECggEATtT6VE3S1tlyny9kbHd5PhVVvTnuGU9JOl37cy5qvjFW +8nQgQPDdFKObTqhIITfPFiHuI4YACBHu9yhPqzYKiyhlN32k/KSArAWlB1Ixig2i +v2EpQGxsqr3QNocsGGYVIethrNpc7dvzH9HRODB9GfEfq+RDMI+6YV03dO/bflZb +KqQSyfVtL9mO3LO3zSjKyscoSpjOzWy7gZJjVVWDeTc8w1gtQ9le01/GxXonveoz +3O2hOLeGqIuJiaTWYrR9ZhpqU9UB6ayPADupfgBC/lSH2RCgbu25kbTj/8lZxazf +RU+G+tKTE+vouIJf9BRFv4d2MUM6RoYD6kGiftveoQKBgQDXKvTzmcZeJrkKKts6 +FBNfe7+VlEOSnr05F8K0OnxjVVEj7UVdKG2qTTVhKhrJCmPClwFXKpq/+vZMmxYw +XlE3KJI2uNfAV+OWyaEpLVZiYvNIFtC0wmQDPS1oQK5Ms3pNVKH+lftMzKVGhQc4 +qqXG5y9t1CeWqsrml9jJoGS7bQKBgQDIe9vAY5geOX7p2N0VnFOLjNKssaKc0vlS +p70tEDvbbPwxvzESDcgy9Ja0QWJSB3Cod/nV2ihhP4BNdhFXxbk062gvTjGoyJd3 +Lx7jvWvcvC8m7mpIiRhYodZt41LyyPUCVUP40H1U9PI+FAVzkUkyTglUkXF9RKFi +Ez16fhvMvwKBgAzbWD+mFKBTmALvhKH3ySCPeGcrsM32BkB/FvdF92DIHE0VRGvI +mqTucB4aMfeJU2SxOTdIKG8IQ+dX7P9+40N0fSgf62Rm3AaKjcK0HtFKMFdCZb4n +T2qSIUB1fPTAVLKCOBvKQnXYVJfeIwxTxgwYjFD3uFXcZrtYn2+M0fgRAoGAYT+j +cwlcipy9MVXeuFLiO7kNoHNyO7wi8LMpEqjjQCb3lnH1rZo92GnIiJuGw9+UCERa +Th/KopGY/Poeo4LnugHOwdOeRw82Wbvjsfj6T1KBVNMlfxXxV1z5lMhGPjq4jm8p +z5HimclPkElJ86sv5FTyNbFvaaJW3ioTEk4F0iUCgYEAwU/n9HM8S67AYtcw4kWm +BdtpY/AS2ZwOEBSBNxLp4LMMdqSaM3nFo0VOjrSoWhOh5kFYXiBb4UPDhIAwwamn +c9d32a0IjTepWqIeTbZDV1bHZWjUVLKGbwyH/b0/FZhlrR7zXgRHAvRBPU8ejUC7 +gR2KvXnwPQS6qawYqA6plW4= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_06/description.txt b/src/tests/data/x509/bsi/cert_path_ext_06/description.txt new file mode 100644 index 0000000000..e845a3a3fa --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_06/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_06 + +Purpose: Checks the behaviour of the application when an intermediate certificate does not have the Basic Constraints extension. This path is invalid because this extension must be placed in every intermediate certificate and an application must check that an intermediate certificate is allowed to issue other certificates. diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.TC.pem.crt new file mode 100644 index 0000000000..e3ba1354c4 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgICTicwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0NFoXDTE4MDcyNzEz +MjU0NFowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC14EqoEM0I9pvueykUMARNku1Xuqt/5DvW +3ck0ZbvtAbZMv1VTzzl7OB7qqp0VxxPdFVQTvnSZYK0/Zyui5BbbHa+AtVOPT/Aw +YC5Vxw9tYgLpPTuaA+QJm58oG4EaE73YzYCHwuqouC0Y7ZrNQrJ+UNPwnXZw31BY +b0BtEft4c6AwuJCz+qZMwFTPO7CqpTfpq/Gq3xzikIf41uhpoI/fC92el5zOl0P1 +KOUpGD2w4VZmHo9zGbAIEvO5AJihqkHJjXY2Iu420gDV/Le3Zjl3mbIu+fnT/dox +d1PMLIKWH6ZAVFXN8FYD8hqY2NfvDq3A2Bv9bJtwYZ9m23e3vSqfAgMBAAGjeTB3 +MB8GA1UdIwQYMBaAFO5cE1l0RBLjSOfqN2NLCzwhT34EMB0GA1UdDgQWBBToIp6/ +QDST9Qz8MLl06Bg3mp3X1TAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUwAwEB +ADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggEBAB2u2BGM +bNhvRrpXCTY6rubW88AEukLG/9FZ4whDJsaL/r4DOGoADQkZRbv6NgioBwJZa8hG +EOaEECGGpDbSikx8bSOe/qXWOlsIO2GNtJ9d+osZ+4v40+520kxm+WFul5lpPt+z +cdYb3c55DEKEf8yq0LEzrzn6ONWDGlF6JJnJQlzQqk+YPfLtB0mxmNzzNZxo52ZV +PV6lkWMdw98ZNjk1Gpiv0kOUQyEOGu59FbLEYoHv/ct82ZMEb6AfmiyT3P+aeBzX +K6SaSbU9yx8JhSq2uNW+9aiY/dEiWYZBOmDOamydT0QnCmzkraErSoovAe5ovPy6 +RO5+SgTKOysoRZA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.pem new file mode 100644 index 0000000000..393d12cca6 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC14EqoEM0I9pvu +eykUMARNku1Xuqt/5DvW3ck0ZbvtAbZMv1VTzzl7OB7qqp0VxxPdFVQTvnSZYK0/ +Zyui5BbbHa+AtVOPT/AwYC5Vxw9tYgLpPTuaA+QJm58oG4EaE73YzYCHwuqouC0Y +7ZrNQrJ+UNPwnXZw31BYb0BtEft4c6AwuJCz+qZMwFTPO7CqpTfpq/Gq3xzikIf4 +1uhpoI/fC92el5zOl0P1KOUpGD2w4VZmHo9zGbAIEvO5AJihqkHJjXY2Iu420gDV +/Le3Zjl3mbIu+fnT/doxd1PMLIKWH6ZAVFXN8FYD8hqY2NfvDq3A2Bv9bJtwYZ9m +23e3vSqfAgMBAAECggEAR8oXHdy32dRhu1IA5neHk0kuBwVnQW2I0yirDVQkyAn3 +d7bESvcOVN1TksQyihCQ/iC3la2FH6+B4vdpyXunq+i9SBwKthRTFf04/OG8bKwV +wxPI7WOgxMwZF/83R+BH/QYsuCnPbzZ3kpHjGyc7BlIIPj8hK69x6t5K+2JwNNwg +TyYhfeWLqoOc5FlYQ34NH7d8YyJeEzlHb7mDU8Pfh8cs+tIpRblJozUkDuD6y+Zp +oDfPwJ/mVYo2QKOUmAOTWwNtutE6HP3R+39kRbdERWR3VrJEq1FJT7KoLEQtNZ+T +j88A4RzARQvmozT4AHX0G19ONFTJF75nErjwWhyLDQKBgQDlrPUO4LiZfWisCenX +S5/6OnXwNF5vxQJ3RoJjkxtqygD22LMBlvxKCNJtx4q/kExwbKHL7jQVtAAAhYcz +VQvxHtsOkNed1iCEdIFV0Mq9JzXwVe4YBeNCslReBEXBkOMiHBIu/jAAGszRr1X9 +Ep0aQKgTud6LHFjm52cQRnWTSwKBgQDKuNKjFMaFIJ4AnqmtQ/D7dhgLPn4XXDbW +pn6qlE//0kzvsIVPVEyAL2B5RWNCRrWrW6iI8vYC25FFrXJT12k5Jwt7sCGHJqrl +LvQDtm1jouHRV/vmqIiK1GNDD6P1tHNp3kvpkBFkQd0KaqLDX4d8VyOXjLj+iNro +dCIhmDZdfQKBgQC6hyoK6DTj6zbcKbzxLikBxwLLjyx3J5AmIGx6xBlLND1uPHW8 +v8ursNh9ccZcZ6u8zmzku1MvoR0zTz6LUPG+5KlRfg6u0B1elWQItuZAkpy60H7q +obV9EGl2ZY/lcW8V36hg4+1F2H4peXWjb7+Jd6NJSfXUErSc6qgITsDkWwKBgQDA +P4yKWd52S9trjQwuo7r6TiE5MJeVgb8Dyztee25uljqeKJIUDEbMXaGpADPEm5gX +nMH0tiy1wxI+uOEuP5+rMqsCLqNtLy9sTx3cE3ojvklXJZBfSz7KIebMpx1/mxTE +tqrZIeZMZOXBxiT7ETJEqcK4Kx0ZTiIDxnbD0zzjZQKBgEtR4MpYSl4cO6ZYQgSR +ZwZ0m3WXapu1bVvRuYzoh2/1TRr8nZxWCUZzD6v1Jrho13PoM4PlHxYVcKIQOlUB +tmRSOiutR3FZG4HcabUnTNyIPHIpkD98UmuMOmwqTuQOBCPnUQIrCvmUts1ge5SD +N2EEVtMhObKgNdIDt8amRB+D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..3cb629910c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgICUg8wDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1NDRaFw0yMDA3MjcxMzI1 +NDRaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7cX7m5nLzPC2vRaE6s42uZCIh0lJVv +R74r0lIvt3EMB8A9cjbqcq5g1vayoJao+NmVNMT6Wuv+fBaoGSuhZ+CCW/zCyep0 +A9RXzOTWjGLT7btMQaqiBjG/ZVcMJMZOK5C6LpwUa8rWxyJKgrTTWraVIAagmQ1B +bEL94FjUa5u1D295vsu+3Kg+lwx7q6RkUfT/w4lqas6x6fITDT/9dWXEIBk63/oB +eGGqiOJFpCTMg2bKuI0XXfBgjPRzSSqlaeL80He/xu1k40z8hnr9vDVH2flGnfnb +BZ9t8wS0MerV/aAoY9YrJkgI9vGRaZqnGaOgHy6s/vyZBcUYoJHekvcCAwEAAaN4 +MHYwHwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFO5c +E1l0RBLjSOfqN2NLCzwhT34EMA4GA1UdDwEB/wQEAwIBBjATBgNVHSABAf8ECTAH +MAUGAyoDBDAPBgNVHRMBAf8EBTADAQEAMA0GCSqGSIb3DQEBCwUAA4IBAQABrNlI +OnhK86vhWOlA/uSaGvoGAuoMFJN8viRu2bulw5BPX7Ci33oeHPuDuUuTcf5S3PQ+ +om5t5sPaYTJ7Wqe+S+9E8b0Vk6VlYZLMFdjOi6WZmsILlaOzKNf6BU6w92pbFVID +J+ChjlFSsKPJnGYq195F9W7VVCsMT5w3fdIfEZL1owL6j2uAHED/gi4AB4dMjLDk +Z1pOzysAaWkxjEuZoLtZN4jOXvxE6qTtOOR/64yUOcRMYyBwddz0VDlGxhQCOP3S +hiumnSArFd8tSmPv4d9uKuuLf4AevDL7GagrDc6Wwt4vBz3yheX90IbeTTC9tMFR +XhIfHCLyTSIRS/rF +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.pem new file mode 100644 index 0000000000..1f3391f657 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/cert_path_ext_07_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO3F+5uZy8zwtr +0WhOrONrmQiIdJSVb0e+K9JSL7dxDAfAPXI26nKuYNb2sqCWqPjZlTTE+lrr/nwW +qBkroWfgglv8wsnqdAPUV8zk1oxi0+27TEGqogYxv2VXDCTGTiuQui6cFGvK1sci +SoK001q2lSAGoJkNQWxC/eBY1GubtQ9veb7LvtyoPpcMe6ukZFH0/8OJamrOseny +Ew0//XVlxCAZOt/6AXhhqojiRaQkzINmyriNF13wYIz0c0kqpWni/NB3v8btZONM +/IZ6/bw1R9n5Rp352wWfbfMEtDHq1f2gKGPWKyZICPbxkWmapxmjoB8urP78mQXF +GKCR3pL3AgMBAAECggEAFpPqhwo4JLjeF7idMQ3u1UL2z8YI84MGRh5b24RSDAo4 +MWAkrFwqKrgAUTXS3myvA4gqslTUyMZL6zK+45/bMGa5zf0k9ypFrqn/pkzoG/hd +coPvPt3jd7pFdFfleffBt9pM4nrxvDlseFVpSdW7WO7BhHqeJbOovf+slK1holZj +OuYRIyvU+JJU/z11nxodhHwdMSzEupTFGMQ7gw+jz7uHoa1S4LXuRv2u4JEzHI/q +mZAgpYNLk6rywzD8en4el2LWidvFv8s2NsoAb7J8VAMoKbytok4VZm2n1IAGEx6g +/CCxrZCRWW7oCU8+YRJ10cA0j3NACc+GntIDggzQvQKBgQC/rfqEIklNVPgPgHK1 +HNTKJDwhv3984jWiJrSC18xBpF3TzMwvZ/mIyRJ3uCK28OmCTM3VO9xUyOk3adaz +knzgu0PXrNjiTdKhVk3jwJcBHKbU33slFwneaiA29I5lyh45yel856JdyOyw4E5R +/rSOzLtgq4HaxNhq4v8NImThZQKBgQC+zKx/DwUFyxfTf6pgdmOn7pTNaxtKFSGw +w5Z93lhbKBNNw5qCsirC+Pn/I+Gb7cDXnZWqyZaoPftuv6vt1RgcEboJWQNzP2Nx +062tsoGfJFt2sy0hPfpgAZVOkMzRB8x2XpCFOLO+DceL8ptZi3Dbrngh95/daor/ +Ms7WeiHrKwKBgQC7J66xkaCtB0fmKu7VdD842ER2Vzqtv1nK56vdDcP8W/bZNOAx +cX4uVtXXW01Z/sShW0im6XnqtvkwCAGA+IlCDNbjIXvrCz2cFl6bAJLwnP8wXr0o +q+QQ7OJjhkn7jWwR1NpMAQeCNwsUcQ9H9EBsJe7XJt71srn1M4sBUhHaGQKBgDOi +oGwiXHGc7O3H9wvz/jRMVOjiu5fo8B0uUWPu8Gp7Bf5dmUsVfI0XZFCwHTZduXqg +owh9VdBiNdFa/eR3bvbptTciZ9SgqwD7EF2ZmYrABCCzjNsaMtAYnZeNiGBpg+Pk +46eqGLqub/pnxbMOEZTiOpC2uwTo+ITn8yIIG3XRAoGAXUbDa+MoEbQxnh5HX4z/ +wIRSPOl03npF5W+US78Ji/HSvky3kqVBmaxYttEVaU3RoJkQcazmxdh3NAPrB+gO +npaAsgHtOAzMRxFwMu4dcBvEzk1/CbXxxjvuPaY+GdZkm4Wxa17yvXKpUSUFUoAF +V9hUB+7a3M5OsWxr2lE7G9U= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_07/description.txt b/src/tests/data/x509/bsi/cert_path_ext_07/description.txt new file mode 100644 index 0000000000..fa07997a5d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_07/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_07 + +Purpose: Checks the behaviour of the application when an intermediate certificate has cA=false in the Basic Constraints extension. This path is invalid because an intermediate certificate must contain the Basic Constraints extensions with the value cA=true. diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.TC.pem.crt new file mode 100644 index 0000000000..64d0e1276e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDOTCCAiGgAwIBAgICTicwDQYJKoZIhvcNAQELBQAwJjEXMBUGA1UEAwwOVGVz +dCBTdWIgQ0EgTDIxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0NVoXDTE4MDcy +NzEzMjU0NVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnKvP4Oj27TOxu4fQY2XFjYwycJHN+ +n+3NCATzEeKgcBQf+qY8LjUCHQaMCaFq+RkT58Q7E8bPp89nQENO904NUJv39/G4 +WIfyU4VjCgod7Hpi/ziBN+JaG0HScAloh68KM/na6BS/PAIp5zmQAOGCgUkLjr3i +IQja/SHkbgD+ClziqhCwE8RzVFRwn0ECnf4pAX0UDE5zxbTwAmKGl+VQkYp3qfig +X+m4s8iURTReAkf5bmq/an0UXFcnvEdvz9Rs5eRbh4xS8OfbwS0jFtVyoX9xus8B +XeuTsQQQM5bSuCJIlVSsG+2+EtmG88CdO//VEUKZJJLAxhXgG0enFj91AgMBAAGj +eDB2MB8GA1UdIwQYMBaAFE/8cgLGhgiLwpTUhCp/RhfLtTuzMB0GA1UdDgQWBBSD +bX+sBDBa0zyz+S4F412N8KPY1DAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0gAQH/BAkw +BzAFBgMqAwQwDwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQsFAAOCAQEAL7TX +pGoVGGeFmQaXB6TGbu4Yyrmz6nposq6HjS1jYCaigjjCI7m2RJlKvEJuVwDwtP1v +037VJE2VzfQLamhbzd16zK4EPbuNAxivQSxLUYCx/J2I3giwedSAN1UE4ZxrtXoW +ul/LyC0YYuTsXZGrR9LYeNMQnO01VLhpz8QUlJsPpVEqpF87YP1Pseg5W4UBUuRp +1hDntGXEvmJXo3kkfYvYfA4P66/Ppz500zjWSWfheF6sxcBXvdADHOpjbZkFIuAu +/ppmmg2YGYGoVGV52DiV5Ny6e/tSu6CY2JkUa0Qvh1hFXtbAg3iagwY8rnSNE5nU +vtyJAd1c10ZEaDnzMQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.pem new file mode 100644 index 0000000000..724fcc0644 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCnKvP4Oj27TOxu +4fQY2XFjYwycJHN+n+3NCATzEeKgcBQf+qY8LjUCHQaMCaFq+RkT58Q7E8bPp89n +QENO904NUJv39/G4WIfyU4VjCgod7Hpi/ziBN+JaG0HScAloh68KM/na6BS/PAIp +5zmQAOGCgUkLjr3iIQja/SHkbgD+ClziqhCwE8RzVFRwn0ECnf4pAX0UDE5zxbTw +AmKGl+VQkYp3qfigX+m4s8iURTReAkf5bmq/an0UXFcnvEdvz9Rs5eRbh4xS8Ofb +wS0jFtVyoX9xus8BXeuTsQQQM5bSuCJIlVSsG+2+EtmG88CdO//VEUKZJJLAxhXg +G0enFj91AgMBAAECggEAI/6oNLFZvHxWRpPpqvYbJ7Lasr5YjhHisuzAoBQgT7qC +YtZmN/wdFtzoHXwvYSjM4Q/dHXlnLCxuiMV6GMVAbbaHNvARAMgzUZbxWD9/qSzT +t4BMCurdFtjapfTQ2cypgJFrgdrKKNlDgAFVUDAYXrD26QGt2kSRsxGhXB3hodGA +57U/gnt/2+i+xT0OarlLS0GqhxkAl2yh8m3rtgwoCkSgmSETIcUvd6W0aeVda6K7 +56jbrHFuwHomkDubRPRedfrbXkBDiIrBj1qDQGuyIlKo/u5DltQ3lwbqcHJhWkp1 +/CVe9hgT1SoFqC0gX+0lgjS1Ozv7dxILyfQn5u8mmwKBgQDj8MTPs2z7hU8xKLpu +D7eZJfxLmDsfsJmKzZoU7R0YVpmQpbolYWp0QUel65c0ZCD0DIfgpR7JDONov78V +/TstwjwI94SeKKnH4H8GGvgwx9e2Pw4ASiR7tlXZQ932mx+CGOVMWSqSAhIIYN0e +k/kwpz1XoOJzNyISNA4oGhrPBwKBgQC7vwQCJDn3sxPK7Jw89gss9FhBwGZF4CrO +a5dwyPd+LBuk2dffv4B4hr1TSzFfewis6PouLPYLvmIU522Yn+5lslKJdC6VASfN +X5ZRGjnBGmo6824TIjmQwBN5QJ+AJkGtyk7Ww0XJ+Wn1LsgweJo3BajAfjyKiJ/j +x6B/BG6iowKBgANQh/whNs99g8ZKOlPJZLkUZVPQFeQDFGiBTuFJBWhKMhd5YXiT +rxGbtWgDQgKgBh6mY/9vR0BTMKdgSm4ObaLftTHIL6SBIN7oM9Cp6bwD2+4pgpGc +gmVOJHdxVjP004N3yzXOAiF3aD248t4z9qavd+PjUges4JD1MtOAda1XAoGAXmvy +2CDgBnNJwQS+juovNKyutmLNDNdwr9/sigyIbCxCuuXUa/Mj6XnaPcnTSvHVqyCA +sjhqhf151omN1PSaMQs992M3CjlKiz9HmgJWiYd/ZaaH9ZeA3Au9v32AujKDVaQp +glkzACEv6N9eTwJYjNOLy0OxrvqHb0c2sKrJ+YECgYA28LWNZrtuCMkgbl4V7Nek +yzrDvx+RofvaWJ9O+EJzGBgQT3N9xpDQoc+l5dLwR/reMWTfprS4vWUsuAbD8Y90 +75Cm8EHVmDdkb7c+ktwVSVRPNiW/xnRGs7uPA6gBwDQvkfYkfakQb8vKN7NQQpPV +aNMgN2YUQC01A+6zOfqw8A== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.ca.pem.crt new file mode 100644 index 0000000000..42ba031516 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPjCCAiagAwIBAgICUg8wDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjUxMzI1NDRaFw0yMDA3MjcxMzI1 +NDRaMCYxFzAVBgNVBAMMDlRlc3QgU3ViIENBIEwxMQswCQYDVQQGEwJERTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXvTDKUK0V8BQkelYfrJ7k5xiSX +jgcYGSkYvnCQgsO/O/huGXjtnCjNFazb6JP+Ecdluut9HFBTJvx58msvMzP50oIv +B2MYQtXZ39Chs940HIyqZW4NV0hlyKKGfE6MTVGewpQUeIp3+tfpPAXCc0h3SIf7 +NYZ+T6UifTNMS8aAMwZ0vf/KbXEEyfrOasWBsdrO2CeN2m+4Y0XWXZL8uqjM3beI +5WAs2C2TImd3YWDtwpvmUMz6MocrGcV7Y93cJdlQabxwqYvlUe0ODqXu5jGdYOGq +Kt8rmFDJDPKnSc+xtE6+ODnnv3RXtcb9qU2TB0tw8rOAiKx+2Nv8HaWqCDsCAwEA +AaN7MHkwHwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYE +FIQR8VcIMbQqpqDvbvbMlPdVbpnTMA4GA1UdDwEB/wQEAwIBBjATBgNVHSABAf8E +CTAHMAUGAyoDBDASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IB +AQAiiH/FQcLHHQrWs7r1WkuD44Vw7rzQkah2Jp74ODQQVUIbV7L0YHBvMnEV0vM/ +uFwhH416JNr0RU7eHSoGe8mLlxs1KDCRef6x3afp13B+UGV7YYYI788/POxdAdTy +sbhMibG1rmtrjws5oT04NrwOpXoIBy3I56tsGFxz77fE/FHIbg9XSLhYih0lIu1D +IKxXr3meTz52a2AVXAa7KfNDrt8W0wRdzo50zusZKV6M8a3Xa833vX7FJSoTPSYa +/nZxZncT66oMopODmB5gUIKDOY3t9yrHfYdQW7qe7fyrGnIge8N1DFb6x9j0dK9J +b4BCwXxIqBN5EqhHUVPha+DA +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.pem b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.pem new file mode 100644 index 0000000000..8632d82c77 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l1.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDF70wylCtFfAUJ +HpWH6ye5OcYkl44HGBkpGL5wkILDvzv4bhl47ZwozRWs2+iT/hHHZbrrfRxQUyb8 +efJrLzMz+dKCLwdjGELV2d/QobPeNByMqmVuDVdIZciihnxOjE1RnsKUFHiKd/rX +6TwFwnNId0iH+zWGfk+lIn0zTEvGgDMGdL3/ym1xBMn6zmrFgbHaztgnjdpvuGNF +1l2S/LqozN23iOVgLNgtkyJnd2Fg7cKb5lDM+jKHKxnFe2Pd3CXZUGm8cKmL5VHt +Dg6l7uYxnWDhqirfK5hQyQzyp0nPsbROvjg55790V7XG/alNkwdLcPKzgIisftjb +/B2lqgg7AgMBAAECggEACZjhFJwTPmBADOwltfG/UFTZIvxnj40p6Hs2/gA+cZKm +gWoyjqbUE9+1ywGH/7z+9wXGEBWrN3MrXcHlRjCDXA7N7TADPK54Ic8ER3pqXT4g +8D/G1pThBDVN4CDYis/KDp4TCIO26zKGwCH382jf7Bs/MhC1IgX32KWZH9FK5J9M +LXxJJWNCU03r8ZIO9JHVIowqvgcljwCbAfUoiZpB2exfTM+rX0R1rS7Ay8o4TMrk +OHbGlk5XkUufj8j0riuLdp67RtJz4QY+zmjjkv/0TCrDA06dAZOhfVegGyiI03tA +lB/wt/OOU5x7cX/OQlC1Ollrf/JiFcNtt7XORvW1yQKBgQDoify7MJ2JXnPcQAdU +j3PNLU998AIrVZxbK2Y2PCiYEfWEcDQCHiBIYZTwl3yXOhj8Y03eyExe3cymU7O8 +RCTj7y0brhXmxlU9Pnwk6SNGEwfryDZ7hm9dwnXAPnBA0isoG5if3QnTMbmjHPn+ +7UHbltv+9EMGpdRAESGwlSihXwKBgQDZ541qoGqmzMCg3EO6WK+voxuDLjx4jKED +JMN4BzIrHUE3Zp564ZpNVb8klVQ7vlOUB20LiVgJxmIB2Htg4i1IqyY9hedklTcn +WLA0q1n0fDgf/kdgmFrgmNDp7NozqQJrs+yR2I/BTpwbsEcyOKf/+3pn1aVggBYH +NIkc5aW6pQKBgQCpj9TF+lElVcZOGDJAKspaFmwcfOJYDvkQUbkaWwuOt6m7hMWn +taf8n4snVI75BtgpUY/6nztxAXK05dvtsBLmUgUmZe56dKy7F9EWaRnbgw0HlNqF +gCW8zItoPx9DZP0rJdRI3bjIUz31/q8cgIzBPmP0qNAnDMyUWumiBWG3KQKBgAyR +cnKn9f7Q6HteuPlSjC+RNNEIJay+T7sir7OIlrgt48kSPinQQVoci/3MLyOTArcT +BpMXxOArdROuLM+VvA7o8De0NXhzss6uKtue1n1nfMU7oVpM71Ds/3++jYdVRDJ6 +Gjb/SqtXoWFndXPMGMSG+LRsejFqsdqQiSgFht2RAoGAdoRawASHfFKPGTEWEPtX +KzVRN8IeMiosqhYEvjbr9KSw2ee/LtAS2pXftx93gH9kVdlw4SpJRZpQMlsf5UrA +eVhkcgCMHB+I8xMuPoB/0wkJUYMp9M5eeSsREtvdiD9nKLylXPhje7y5f7iNO0tV +Q8S/gDZYJLK6I75tJUluKKQ= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.ca.pem.crt new file mode 100644 index 0000000000..739c8e1957 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgICVfcwDQYJKoZIhvcNAQELBQAwJjEXMBUGA1UEAwwOVGVz +dCBTdWIgQ0EgTDExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjU0NVoXDTE5MDcy +NzEzMjU0NVowJjEXMBUGA1UEAwwOVGVzdCBTdWIgQ0EgTDIxCzAJBgNVBAYTAkRF +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXvi79gkN4fub7WqyZDM +7Yd6Q1inwxHW7znIUhfguon5Ol8kUAZUggwYhtCG3RDcAPnU/z3z6fqyQrrIKEOV +gnqdBNNBFK9l2o0deGtvDSTsAX758KzumdqV10lm8MPva/3fTnLEITISNHIN3hJw +W8to6OfcniwUX7ovBimimSkb1iRQ6ECBg5sSOzK6Q8gtBxPl8zlSh7wYNDFVeTCN +/FJ633PWVDVxbHXCJFM5HfYhKxxQYRy8yWmMO+BE3EXdkTfMf+0/LRNWYl2AhqEi +CTM4JFgk5jLiuLzs/FBVdqM5OcTh5gzXCHJpuKCsBmksuvzhTgenKVv5K26G/SVq +jQIDAQABo3sweTAfBgNVHSMEGDAWgBSEEfFXCDG0Kqag7272zJT3VW6Z0zAdBgNV +HQ4EFgQUT/xyAsaGCIvClNSEKn9GF8u1O7MwDgYDVR0PAQH/BAQDAgEGMBMGA1Ud +IAEB/wQJMAcwBQYDKgMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEL +BQADggEBAKZYftYumsfWlgqNPtucYuaVKVw/5QoUr1OQSJOzBciDLu7NUlvgFMji +ZSSc5AdBzEnPkHbxu5dj2vd/Fm8egNY+qynOYI0zPOHPH/C9c2gE1RjD1rla+xNz +bK7KmIeKbcVw7nyGsfLKDI4h+g6ZVyCY6qh8B9l22riSLsp1QHGgfhSkd0p6iZG0 +h7JuuOAX5GihG8oORdoOu3Fm9UnQ8Kcj1z9GBQ9j6lsTuC7VxQH0cpbzdr8xdhRw +cOhr8SsRgWXoHvwpGXCDJxFWAtCcNn+OdBVL6EcDAHORZzuvmu7kjewqcGkmUIhY +GrNMPdpdDzqvw+FqVbnVvMhocxNwWLg= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.pem b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.pem new file mode 100644 index 0000000000..e30fad7e9d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/cert_path_ext_08_sub_ca_l2.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9e+Lv2CQ3h+5v +tarJkMzth3pDWKfDEdbvOchSF+C6ifk6XyRQBlSCDBiG0IbdENwA+dT/PfPp+rJC +usgoQ5WCep0E00EUr2XajR14a28NJOwBfvnwrO6Z2pXXSWbww+9r/d9OcsQhMhI0 +cg3eEnBby2jo59yeLBRfui8GKaKZKRvWJFDoQIGDmxI7MrpDyC0HE+XzOVKHvBg0 +MVV5MI38Unrfc9ZUNXFsdcIkUzkd9iErHFBhHLzJaYw74ETcRd2RN8x/7T8tE1Zi +XYCGoSIJMzgkWCTmMuK4vOz8UFV2ozk5xOHmDNcIcmm4oKwGaSy6/OFOB6cpW/kr +bob9JWqNAgMBAAECggEAAf+bezqIOnxmZnwuqLOJ8It6E+ORbT42Z8sXeNdCqzqI +f5rvPlxxMSgEsflPZ3FeSjC61DLf3XRLHDXyiCPgCDYrvA5tpbJWk+viv+WtaOC3 +BkfcY1W8NGvchNTSm5BHAkS/I/DYvZjP4sPVuZHIkANJc+qiRktV/efIqhFhALOO +0V+Q5e9Rrf6nFjlIc93WZ1oqvSY5PvigDKhUN38bljbp5paYIgXTT9/ltt5AFIqZ +JGRUgEyqihXpIr9Z8Jm7Jf0F6xiz/Qk1pA9RQr4Y8V/+OwUZDOrmzFhgBqHDlzlF +TurjX9rqxaK5gyDaipB26dnZCjuGB5UN+Z92KLttsQKBgQD72wt02QRTGAIxpYQ7 +1KLlSi1OLdI1VSRZ2uJeegZLODvowl5JbPJhksGfsEWgD6Pggb/n/rFNM5gIvWQw +iRDQCEnTbYoitLrcZsaihi6fjRcC9jGLgBVwTKAYpUOtpbws/T4xWqmbuYcUfcKn +kJhXzLDfXzOZKQhb4X6P5rDKXQKBgQDAmhj615fGi42mk2wTjqPlAE1e7JUrq11s +xzzZawGMAAXcl3omjALX83dVW8HrlPQtG23eY9p4MDxsmBDjqU2wisSKex6gYXsM +E7/qdw8iMXZ5MbuYSgj0SwsUDei54giIVM/bS6fF7uOr5IPmLX4tc76ycE3X0VSV +S73N+g398QKBgD6UIriZ47Ux1fm4Aq9LGl6Wm8M9J2oRCcM5291VvJKcGmavRPZB +l8geyvV+uw4WVMXH94MRicSA+VnSlT5qED9gj9d09EnDVlrFPr3LUXJbgEhAG/dp +j+ojX/Q/vB09fRBArF9fA52p76JrzR4Nk4zdU2VtJkj8JROPZ/8hdvQRAoGAcDCT +AnLY/xdFQNW467936qn9Z6DJ17Evb3CzGjaBpSpSP8egqJmAAojYZ0lWsUKH5UqH ++jYSCVaXq+38UJDLJ1391GiZU3TU9xj9/raxgwpq53e3vaLKinq4Dkt31+c5byhw +F15/cQWRawxmZIr1Z8Z3O3u9bEyMR5biDfxtcBECgYEA0ojsWapz98LZ38ZKIlu7 ++8jQ9Ytn3+8s0hI6LnqvlWQsgiyy5Ifg8RPu/f/JW+ywdj/Wpqn+ONKwe/bYwSYD +GMuihUkMvcCZsN/oYNBy6nZxfNwrSIdPy/0abZeic4ZTS+EOF3itA9SzP+dv9gCl +KVWOrecsUjraxsuZ93FvgW4= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_08/description.txt b/src/tests/data/x509/bsi/cert_path_ext_08/description.txt new file mode 100644 index 0000000000..af97dffd5a --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_08/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_08 + +Purpose: Checks the behaviour of the application when the first intermediate certificate in a certification path of length 3 has pathLenConstraint=0 in the Basic Constraints extension. This path is invalid because the last intermediate certificate is not allowed to issue other certificates. diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.TC.pem.crt new file mode 100644 index 0000000000..8df1a7a1cc --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.TC.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgICTikwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0M1oXDTE4MDcyNzEz +MjU0M1owHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo1lzqwjFN7vQdJUrk092dVqw5BfrU6i2F +9nsbbUsRwg4A8asro9oSewqVkCOdl4pMVaVoFNen8gL7wIbcRt8o6q8KiklywtUn +0rsLQEQVJtH7PJ1H4k5gXhPsz98S/C2Ek5guieko2fFdNXPdfW0eY0UpfE/Hngo1 +ddcQ83ch6VWndmXa9wYH5kkHmjdXcFMSwfkhfMdNpWcx8BYiRQUIQ2s+p7LdQJ9n +Ih96cxu+qaAgB3S2mxxYStnIkX0p2WnEDBOBlD9t3YvBSZm/tkh4Y2apYsOFe3zd +UXR6e4pTwJP3ZFDeWuq529zIS7dYcXEfXHUcGrVU/5fCh/pGxY7HAgMBAAGjQjBA +MB0GA1UdDgQWBBRpkprHIUGGNOoKx++Tuxbzw0LAaDAOBgNVHQ8BAf8EBAMCB4Aw +DwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQsFAAOCAQEAf7xyd3qugJf1LQJY +fCwl78c9KmjcSR5p0sB6MJ/g1iVKWckEZ9cMeCkru4cmRAmnkb0w+c94rKrBQ0lW +zlkgddeUUcJFLZXv7ogtWOg/9K9SzYsTQlM1OFtL7I3k0NVKpYQe49i9wUbL+jUN +d3tBJitVD5m9XYTKHej9uXqfqeTjxFqwJ1WUxhdHiBz2aBIZ7HaGW6D61NWlWd5Q +CcLeX+EKRxiVs4gr13IfW4TyqVU/h/eX8JBbgeuMngx4hdqlRtjZeaxC27+t8zxD +rejBlb7WCsoy+fYUWzm/BAlZ4RUYVGmcPceeSdRjhie74BHK7JgDG2tvSJXWmeVX +TjBygg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.pem new file mode 100644 index 0000000000..60f82dea4b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCo1lzqwjFN7vQd +JUrk092dVqw5BfrU6i2F9nsbbUsRwg4A8asro9oSewqVkCOdl4pMVaVoFNen8gL7 +wIbcRt8o6q8KiklywtUn0rsLQEQVJtH7PJ1H4k5gXhPsz98S/C2Ek5guieko2fFd +NXPdfW0eY0UpfE/Hngo1ddcQ83ch6VWndmXa9wYH5kkHmjdXcFMSwfkhfMdNpWcx +8BYiRQUIQ2s+p7LdQJ9nIh96cxu+qaAgB3S2mxxYStnIkX0p2WnEDBOBlD9t3YvB +SZm/tkh4Y2apYsOFe3zdUXR6e4pTwJP3ZFDeWuq529zIS7dYcXEfXHUcGrVU/5fC +h/pGxY7HAgMBAAECggEAUwQT69pQI+G6ZhpQGPOTpClZxTALhWUfvR7UqUe0AadI ++23YnDyUnUGikqes23AHsEDsc6DL6Og2T1L6/JRcZeH+70/PjX3/EPWswnt2/m94 +D/Bd5VqA7yFS6r3LEaqtNuLbkQZ+fnerFgmSTvW9EZP+Dcfx8lTi8CZg+RS9Hw6u +fDvvMI31NTYl5sto+KsvhhHPej2owG/fxMq+Zr2JkU2P9Op8BAZVACv6R1EXVS2z +xsD6G0UTEF0x3/x+mRTtRnFtQERf+SH0ZbAsF8JRGMhnkFyFl2SWFrBgSwNqOBEl +OPdc+HkQ6yjNp9z+ZkzTgcdwvEGnRXclXm27im3lAQKBgQDlgTArl8j9WbI/FIA9 +MUpCM1NbNIMjIFH5VPs1SNEWMTKBLANXB4Q6wOcfgsJ9p7Kwe8PRdn5/ZQCncuiq +zfLByMTMK3wqASb2tRwvu+Uq6t0KZe4Kv6vbkLQ94kVtEdWnKKX5CUx/WtNn9cUh +OB5x8gZdMniKrXIX1SwLQc8VQwKBgQC8VDSYep9e1gaSfYObi+5TmH52K+rfbPCJ +J50lmrFTI6gqXvPLk560bEKrqtMzxpdHL2mCfF5Xoc9j7hPcGigxzkquaMQwZE8B +yw+HcQRlylXNMeHctrsvci/4WOGLXu+FxJoRy7q0zq+JSCUrlOwWMfPRNcDmNm/s +j+iQxA/GLQKBgEDs5x+t9OIXOeG2fwDQrN1Ff9NRa7fIMOiELfzI+L16dXstZFR+ +f93PLJMxfqvlgRuEJ8Vd7DNF84VrcH7BfGdt0J6hvqJzaP5qBetLEG2vu5BxfYH0 +7z1SFmtbU6CjZvm++hUVmFp+60eBs57OLW62tS4wVQGGR7yORcN5fofZAoGBAKa1 +L12uZjcP4/92pbJiOtS7D27Rz3Z5u67dZykrdz6uOKVRKiQSB5GUp6vIam7Ro4X6 +/T3pk6Wk8a12yROz/9Ke1tLuoIRpttpSguuU6pykcDFUr6euBaKpRLdlDjpODl7u +Oqf4HM0CjLZMK8MZb6byDu8p0xi2JXtVpDvJomD9AoGARXVqqdnQ5OptU89uWu/y +/N7Rzmr+FlJzrMpMTJUWJ22OAcNgDccqYocyFV2AEVEvMJ0vQslQIeR1hiAs9Lgd +cMuHXtxLZ2cVTeVUMaAdFngcUZzTwlRK0SIX+SNdIBkbw46A9M8fsLC3sVesn80y +tmlLCJxHBIy+gDRNgG7gLkQ= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/cert_path_ext_09_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_09/description.txt b/src/tests/data/x509/bsi/cert_path_ext_09/description.txt new file mode 100644 index 0000000000..7d2ffb0f7f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_09/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_09 + +Purpose: Checks the behaviour of the application when the target certificate does not contain the Authority Key Identifier Extension. This path is valid, although this certificate does not support path construction because of the missing AKIE. diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.TC.pem.crt new file mode 100644 index 0000000000..cc68c119a9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.TC.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgICTiowDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0MFoXDTE4MDcyNzEz +MjU0MFowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCEmD6rh3DuDBugBy6cn7zxdY1zXzDBaga +cO0yYVAPy3JpnIOgXSLTPDygMh3CPlmYRA7vTNd5XvAFd7yX64aafuZG5xIlHUdT +NhM/vIZ8sSPMQzNTM8N5B8Q4ug31W8TDnYtGOOR8hUF4oAGp3jQWL3ZWDrfrGScD +odW2N2/1yXYXkgwXFgh5OPI+NIShkuhjE1mY/0pAVuQroRqMTLVlqaq0u7h4DQiZ +ukbBIVRq1cqftqCSvP/V8Abb/6UALVveBqFexeVR32Nv1QV4DdRlLTHuXcuNPsVm +cfyN71zAtBJNejB2+Avk0x6UWB3f1WWZ9pwrb9MUr7hMUVLKoQH7AgMBAAGjgagw +gaUwPAYDVR0PAQH/BDIwMDAuoCygKqQoMCYxFzAVBgNVBAMMDkRpZmZlcmVudCBU +ZXN0MQswCQYDVQQGEwJERTAfBgNVHSMEGDAWgBTgjBmqaSWaGiUA9rMouhv3DfnP +wDAdBgNVHQ4EFgQUC3QeGP9mP0PKP2xDlYgQ+aEdqRwwDwYDVR0TAQH/BAUwAwEB +ADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggEBAEIfntYU +3+ha6aCeOJI7PPyikPtGwbm6Ig1II2elyh2NRx15Mn+aOJ8J2dS9XkRpEo6mwtIi +aTW7QQWYd9ciXItnhOk8Py7I2GwOto6O4cY20OASrawDXMr45/pCbp8tyBHkCf8W +7ZRlwxhtr11oUbyDIxobPCJtxWiAFYUl7UkpokaKQGNl9ODv1po44UZNyr4w0i8f +feWJKAZTCwVsXqqBxsLzUElG0O7T/bwCAmQTWPl2lubIM5FXru0NDnL8kp6WUFW1 +xrgnoISSmD72DH8nvLqXip3U09Fol9pkCHfv7n0RCynniQfyFuWTXN8eAXtdrvNn +Fym6gjWOQbwIWio= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.pem new file mode 100644 index 0000000000..c948381e3b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCEmD6rh3DuDBu +gBy6cn7zxdY1zXzDBagacO0yYVAPy3JpnIOgXSLTPDygMh3CPlmYRA7vTNd5XvAF +d7yX64aafuZG5xIlHUdTNhM/vIZ8sSPMQzNTM8N5B8Q4ug31W8TDnYtGOOR8hUF4 +oAGp3jQWL3ZWDrfrGScDodW2N2/1yXYXkgwXFgh5OPI+NIShkuhjE1mY/0pAVuQr +oRqMTLVlqaq0u7h4DQiZukbBIVRq1cqftqCSvP/V8Abb/6UALVveBqFexeVR32Nv +1QV4DdRlLTHuXcuNPsVmcfyN71zAtBJNejB2+Avk0x6UWB3f1WWZ9pwrb9MUr7hM +UVLKoQH7AgMBAAECggEAPzBRwD1R9qhxqIDxGanu+PtY6FK8RRmB5v4O1SEHOuVQ +nt91ohDBJosN6FD5DIZVkLTUMglQfTWyq+0VDFgFDyezXbGd4FS8pPTN5qpBFbdt +gvP8caJAipdDRf8aTWGwWsrgjqA2kO6oZxieAguV5QVWH+YR7yvU3qNiXL6HJzz8 +mYPGTQiMnqbVbnfNstVXK9QmuWsGDjarmJ4R+MHebvWUVPSJVmCTKhxcgDu/M8WU +q2oLdJYpthM0nDIGJjyOAUDMJ47Md9zXYUji1yz5a/RBERPUF5KqyJhoJjL7taWl +dmLeZVVb2y2sobsQ6FJ8onf1U6Wa45yBhckxS4m8JQKBgQDiozcZlhv9vBppjWQm +ZhnshMgTgPCkVS2/GCNW06vynVDu+nBU93vWT397S0xbVxUi+YHzl63+eaW8gVuq +uPx4xF2TovEk3kzjxEngUolxvpgYBsjzidTK1E3k7nLSmVf0U8SHTIClmzHiilfp +OU/QuT5nm1cWAcrFat2KlFaFFwKBgQDbNxHSOloEUWFCwxIZIib6SF5UnyKyEZ1c +604UvVnKLk3DtJLNyqBUjSrKD71bgdEGju3Hyumw1tLSN2Kt6E87GeooMGU4cD7P +YJUeguw4EuoBHuIe/USzFUFEKrw0Dhb1YgOuNtgnYutZTp8u+ikrH7uxZDGvo/Vd +e70C6T1AvQKBgQCcjQ3EmNIhBUxhWQ+zDpgdruLdxhV0DnqZI71VfsWpw01ipo/t +wT5DnYp7ylmmRpMNI7jGYSIJRFJd0iVV2o5bhZj2IHnec8g9FRvK3nien39EKXup +7q2Upe5gku2x18bPuQVqSEgdHQTqbZGoQrSFg1A+FSmkw/wjPlxmG21gZQKBgQCa +tx0+0KwjjAQnCGJHltEHp/fbpYzpPIFhyTkMbi9nAJMl4tYRpEbQJenjPoSYhuCt +zkaH0fBpPNUCRNDCiMkSn1GiF7X4xU+vMS1NoX1yffbl35Qb5wiLlB7CK5805hTS +DuEmHdMkyS3tlA3JLAnOQ9FGe76NhhxwZBqcaV0vyQKBgFmIZ50wiexkxMCTzs/W +IJdSCsW9Zv+UZJi+h95HqMe+IDX2Jk/0IKVmxQN70mna/fBLRLJ0oa0P9wRBmzP3 +TsUmQI9DxXy/sfRpmz3Zi6YkxJq7cLnDJcuKIQ83T1ydhC4Pn/JMFbwEU5G8dTZw +JM7MpPZS13InT9Ys8tz/rdqW +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/cert_path_ext_10_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_10/description.txt b/src/tests/data/x509/bsi/cert_path_ext_10/description.txt new file mode 100644 index 0000000000..45196b2e9a --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_10/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_10 + +Purpose: Checks the behaviour of the application when a critical extension has a wrong value. This path is invalid because a client application must parse and interpret critical extensions. diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.TC.pem.crt new file mode 100644 index 0000000000..29dbd1f099 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgICTiswDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjQ0NFoXDTE4MDcyNzEz +MjQ0NFowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxAdXrHilNqADJ4QOq8yM+z/I6YdOc8Vu +rQUj0GN3nF4c/HcisMTozogP4v4l+DmrbuFt21wTDRZ3mmX3PBe/0ZSiir9XUasu +1uQ3NZb+mVJtah+pmRkwp/u4+QXD7q8PTmydDqjEKIzc45VmuO3bhQLoPUrQ49uf +f9wm+BEdPGWoKjtNbkhywHJRaog9Lsdrmx5e/UwuvJcVqrE5gIaWU5xbXfTrUVGA +TVq0vshqWRDtz4E/55KB7acBHvu8V3JfQbo6kfwLtAKpWNpZl5CLCC8GUSo/eseN +NbL9OSeRa50djsmdF+uNZD1RU19Gn5NSfV0b3KvRDaMmAGSrL0DxAgMBAAGjeTB3 +MB8GA1UdIwQYMBaAFCRUOnIu+YyK56K445QfLeWbVgv7MB0GA1UdDgQWBBSIlCRH +MJ9x2YiChJShBraqokumgjAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUwAwEB +ADAUBgNVHREEDTALgglkdW1teWhvc3QwDQYJKoZIhvcNAQELBQADggEBAFNaB3BR +14XV8fjOaT/oBfCX3YrHa7mUnsAEYvM+VZHq75gvJzN1vc9kZ5iuzaGk2WlCd7ZU +/MUGi2m317Ls2qh4STg8sfOmxVkLmMeF+S3ADSfr3mz50KrnWmuJ/2I4/e0D9lty +46UkUYVL+R+X364FwRPT6STv3XVrlSzkaknMg7M5HEfeCmzaOEgBkBdiBmHiAeqg +d+wEGnZiJLxOW/5T6zUBPYiJM2Tp6HM1cQLLOSQtM4Lk8ZZ/l8E9fpQVIWyR3fCA +mPsGCmzawEQ/gW4JKU8VqAbuBilBftHYFquI5wiCeYG+gaKwEqflM/I4ASrCwDYU +IFlyHAWJy3w6Dsc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.pem new file mode 100644 index 0000000000..438c96363f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKxAdXrHilNqAD +J4QOq8yM+z/I6YdOc8VurQUj0GN3nF4c/HcisMTozogP4v4l+DmrbuFt21wTDRZ3 +mmX3PBe/0ZSiir9XUasu1uQ3NZb+mVJtah+pmRkwp/u4+QXD7q8PTmydDqjEKIzc +45VmuO3bhQLoPUrQ49uff9wm+BEdPGWoKjtNbkhywHJRaog9Lsdrmx5e/UwuvJcV +qrE5gIaWU5xbXfTrUVGATVq0vshqWRDtz4E/55KB7acBHvu8V3JfQbo6kfwLtAKp +WNpZl5CLCC8GUSo/eseNNbL9OSeRa50djsmdF+uNZD1RU19Gn5NSfV0b3KvRDaMm +AGSrL0DxAgMBAAECggEABZbStv13k+JGFeAseTUOHeK9Ft4tDyIM0qitSBfx7fWe ++ICTDh8+RkaPJJT2uXg2qr2TNDKEPrgxItncLqz24KA3zyUw8gi7xb5Bqy3sfBcg +2QhAWC3yrk8rFqWynXyCUdMxFkE1sLaHb31MfHjjgZYQhvNNkSV+w85D9MUIv7wC +Vql+qEk8z7V+RIKIAKgwZyGLJFXw7vusbvJ1+azQUFWfiZApHHMdfYY9MwMnyZo+ +71wcket5nH4ev1U7JNmspyQBp2RynY/wNuXgxzaTkgp5jnABgxfy/lJynZwELd2R +MI2EUNYX+rY6cM62xHg1aQxp6Iuq+lwfWj4SqNWkoQKBgQD8p90vRrT+71HeDjqE +/OIw8zArD/yDKEAIY7DoyNLsDfiFfWMf1kLuKZ0gFDmJzvYYPiTo+UCUvxP4nMjb +1QlxCtF33ZIOPB9hFI7/6UGxTTLtGMwXkwTiVkzuZXiKOkHFUcgXbprGo0yz9c/5 +XMCwzneQIbU95Ii4mGZxmqMNOQKBgQDNcxwutJ4Qn80+vV7Yo/cgvAVycKXE2wmA +FPm5HbyOQPFSE2BqAR0ialqIiDzb3ntXHwtSeqdXU6VJATaGxhluHmyal6dJtW1o +tSf+tCodOSZxoDU56dOf4S7IIKBDg0V3+5L9hYMNInaaSWxcCeaN4MwPTa555P6L +aeag9N8JeQKBgDLLrPRsSsdWZic2xR0nmnIs8mo19JaJ6RXGtTKX7Y/33xc3dk5Y +TWyEgUqJxmembGPDWrhcJFfDcshw/RD1a8iGXEa1DUA/Zi+manmY89QpqStx6NZ0 +gG7g2uazD+D6hW6eWpQbcJKvEiS8Luv7ceIaIH+hx0aCQ9qZCT+dz1pBAoGAGC0T +g+t9Ljefz2I5ZwTkb9WwTmczGpcr5waQ3FfDeHnr69yb292FsCcTwD1H7BeiK/5b +Nrl4N66AJLcf03w8QdkSrp5p8SKIXWnz6uUIj6fJ/lT77nS1knrNJn+wXEF2S0gv +Y+XyJfmIO1+ogKwplUh+us5JWc64pW8w1H/8PwECgYAIxroGhtOnXaM0G3UAY9Ni +n3x0GmPOMoKnIhHLOeCjjCqpG0MVSJKLriKjImOwKDwamrSKwE6Tsk080YHbc4js +zE6Qf16VTzOUBTgRqvlDeiNJzH9K2EyZFe7m5qnkm7d2cJnLPPiL0t2iIENJst37 +518w8lOhCJSxV1c/sEcRmA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..fb21c7d676 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJjCCAg6gAwIBAgICUhMwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI0NDRaFw0yMDA3MjcxMzI0 +NDRaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAI6ulYPDygnRFodJgOAE4wZR8IJ4eIBq +Gi7XnPDoKj59FrDUzFFsQovcZ6sbsT7IwWCQoVtdEVMnI9ltyNWA6EwEN4Y/i2q0 +Ou6aMghmoFyhJljsp9YCHIeXAIQdmfAXlqyUWFtueFnmJ+PjyzaxI/1IvuprxG35 +g5LSjn2BkjjVXgjFeIO8BcjkKpKYHlv1v7jJ3zWTvX9JWvYiXHTDmpV1/5vkmEeE ++bePGdtaoDAakzTYBTwkQEVZsHUhNmd3aqNLxGbDAV30XK1enDed1J+B/GVf1KXU +4FhDUW3imybzxC5Z6ZokkFVneBH7K3P1ik25KeXNSb+yT58mG5M5JMECAwEAAaNm +MGQwDgYDVR0PAQH/BAQDAgECMB8GA1UdIwQYMBaAFMdPGIQtfK+M/IY/TwhCE9kl +QGpwMB0GA1UdDgQWBBQkVDpyLvmMiueiuOOUHy3lm1YL+zASBgNVHRMBAf8ECDAG +AQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAox+b00unlZZggQ1ZTEkJuQT+qooU6 +W6r17wJND8TrD6ynhAFhaOwA8Wt6tzlw7L/Tu2PR/FoI3RtvQdbKz0X7kx5/bGyL +CbkI2vUTmsX4ZavSNx53UhTW1KZcMnCsjcO51zDsn+X33OuQ/VqNDXkkK0t3dWsk ++7ZTeTdnkkCFo+NKT1bGwd2WdkB6FGjcS2PFgBhDBJhH3JLXvtpIQKKFDvcwUMUX +EDs+9KmRu8BxGJstvIVad1Xzige6BrZ/wkIYhZRRGAYrsW7jttnEokiI9eWsK9IU +N+uAeQaGaFzxakJFXW/p7Mnn42joYUsinQpfNjzpcIFps4y+HJfAQTqB +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.pem new file mode 100644 index 0000000000..37b92e17de --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/cert_path_ext_11_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCOrpWDw8oJ0RaH +SYDgBOMGUfCCeHiAahou15zw6Co+fRaw1MxRbEKL3GerG7E+yMFgkKFbXRFTJyPZ +bcjVgOhMBDeGP4tqtDrumjIIZqBcoSZY7KfWAhyHlwCEHZnwF5aslFhbbnhZ5ifj +48s2sSP9SL7qa8Rt+YOS0o59gZI41V4IxXiDvAXI5CqSmB5b9b+4yd81k71/SVr2 +Ilx0w5qVdf+b5JhHhPm3jxnbWqAwGpM02AU8JEBFWbB1ITZnd2qjS8RmwwFd9Fyt +Xpw3ndSfgfxlX9Sl1OBYQ1Ft4psm88QuWemaJJBVZ3gR+ytz9YpNuSnlzUm/sk+f +JhuTOSTBAgMBAAECggEAB/prA7b4otWDQom1lCkvytpddgUvm0IbkFGX/ehEdvGq +iXUfruCcZLrMfO7PqZajCf/SVvQQeD9mt7Vl4sraSmhctLP0SzFUX4PFnw7CgiV0 +agnjHWJJNzt2QNzxHvHJuAEUQvoNjpzSD5IM6pQrgpHdE4l2vo3CebzucOYEL6to +vS4k0ZwcebHahi9aexcJoebeXFqQXf413QuUHVGuk5JaajEX7NYaqgaSPY0XQEM5 +G3n6HiZSzZzQ6btTLa4Bgt38BvPlTgXg1RRpO1pbLOXSEA+izvEHk38FoWEOgeQX +OcrTGUlhZEqXOz9oA6U+gUasozOZZc9A2v46eZKMsQKBgQDD5LQ2LaSAblhgecu8 +CdXLd5UUw9gq3RAoEQnXNgJenU1Kq9kEf/bsiCouZQDWI60KE5brLG1BRktmgqXv +DMmqB1uXVW2gxBCmRTPmC4+AVNtroNrSEnTtOj3eVYGTPXwBG5KkKmiATDwhUsG4 +M8HbD7TuPgJ982ay89haBv/WUQKBgQC6dii5DA0mVXQ4BCM6Z7WxYN1zGf3aVJsA +bj6lx7D10F7z4rTB0Q/y1KzwK1AbGmWf48cKKyNoA+X0/wa9VNdmmM24smtBbH/Y +3g/Wi8pj3qZpPHPMkv5AbCELIrR5znO3FVeY6MmQOhJA94MHEBqYS/imvUdk/HKd +xidtjGEbcQKBgQCvdpVsyelFGJGUqMOyhGS5wT0JwnpHuocUPF7CJCBvOxrWPaM/ +gpdcOoL9136uUHpYQj+2Gq8p/prfETssKhogcEK8BMsTa0s2g1n/Pm+lFV0MxKH7 +9IhDTR3JnnFXv4TpQRdScKH1+VMKziOyqLmFTEZV97kns/NTa1NpIEfcYQKBgQCQ +TK0LN/ZdOjisuRcCNgx4bzwxvWWlN2CVHrxA059xPIafO00jyUUMaeZEH2Do+K64 +5C+/AM9vycSGq25ty2C/N3XNf9ZdVThDfubG5HwGeeJTAsOjCAbXmFaiJYOB2HHY +uB2Iam7CvQ4vVN0D9ESApBqT/1tnHa8dxqHwt3jXIQKBgCpdVx7ybwNDgdHkzPor +PSVJoMyidCuFywIeUQMi2oY4lyj2jxqY6oowEzFzjGAM74eAdajD2DuGMFyzYHtn +X6kQDI7JPE/MMB8OtUEQZyjlXCA5TLj5WAf/3HqqU39Osd1d4IV2BkDfK9lYMll4 +lK8awVmbZbVMWQL3nRChfj6v +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_11/description.txt b/src/tests/data/x509/bsi/cert_path_ext_11/description.txt new file mode 100644 index 0000000000..1f256eb44d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_11/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_11 + +Purpose: Checks the behaviour of the application when an intermediate certificate does not contain the keyCertSign value in the Key Usage extension. This path is invalid because an intermediate certificate must have this value in this extension. diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.TC.pem.crt new file mode 100644 index 0000000000..bdd1b6697c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgICTiwwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjUzOFoXDTE4MDcyNzEz +MjUzOFowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjU010/9L5hfhFBXPWRmCoWYQW8bIL4urO +Y2uGq51Jgr2UrTRXt/aVPfeogIsvFQdSyNbES4MdOm8NhS/Wjc3If3QqCwd1NP9b +tpFPgmjenQmPke3Yo/SnSgIQ9rIwOn4cVi1JkWI5y8TG8QVWm6phZxb5iiR9xfjZ +26XIaReJ/RBAVvSieB6MJH8INppYU4UzIxZr+SjSbnR4g6sdGScfqUlvB+4suLuB +03t/63C/X+jCUwfq8QHw+DgsuiDq4FzNVc4E0XGqrJjTGrhVodEa/AnIzd80yXBj +N5zps/6jqP8suurQLgixrnrpMd01kkpXwB1nBNqBQAe8I93Z5g0pAgMBAAGjgZYw +gZMwGgYDVR0gAQH/BBAwDjAFBgMqAwQwBQYDKgMEMB8GA1UdIwQYMBaAFOCMGapp +JZoaJQD2syi6G/cN+c/AMB0GA1UdDgQWBBT4CxwKv7mpfVrBiiBwRkHHEf7NjzAO +BgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUwAwEBADAUBgNVHREEDTALgglkdW1t +eWhvc3QwDQYJKoZIhvcNAQELBQADggEBAJZRINcDe+GPHAeFO8VpXKzGjDIe7VyF +odkSOGJBiNvERqz9a3L1GDqm6kDjelp0YFBvV5goophLweUYT8QLciujvZs83Oo4 +OMKuhGyT609tWxWNouwh1DkgcHdIBnDVX1cqeWtOsbypMRYK8bGD18nMd8Or1uj0 +wsqF2WqCxF1X3TZtMru1nM20kilDD7et1BFUTxeB6mZG3fXjQwDeootVaeYN4H3x +DeZU69PGWkE5h4m/qZMabrFjvncjHYmSuqmVDXPfFoyak6vr9p4rU/F8H2R/Rdzw +kcwF36VK5LGsaJ6p0GL6F8AwIHnc01reoznOi+jtUiNU2PNIz+Qa/uQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.pem new file mode 100644 index 0000000000..c2993a2c8d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjU010/9L5hfhF +BXPWRmCoWYQW8bIL4urOY2uGq51Jgr2UrTRXt/aVPfeogIsvFQdSyNbES4MdOm8N +hS/Wjc3If3QqCwd1NP9btpFPgmjenQmPke3Yo/SnSgIQ9rIwOn4cVi1JkWI5y8TG +8QVWm6phZxb5iiR9xfjZ26XIaReJ/RBAVvSieB6MJH8INppYU4UzIxZr+SjSbnR4 +g6sdGScfqUlvB+4suLuB03t/63C/X+jCUwfq8QHw+DgsuiDq4FzNVc4E0XGqrJjT +GrhVodEa/AnIzd80yXBjN5zps/6jqP8suurQLgixrnrpMd01kkpXwB1nBNqBQAe8 +I93Z5g0pAgMBAAECggEABFGembpuFMUTJJgZURA5XBpJ4OVxRNkyRlTgsgX1uczo +QHc4DB3EOnwSAXWsuIkA0ZKYA0bP58T0zNG5yx2i1GtyYe46u0G0gvNX8ldLeJ+E +cjR0qqbjQE03ssUjPx082nj455odk9Osl2omLv0cy0iTlfOuNVk31GL3hk4pHi/1 +Edg+GV8+uM7HCIBi+yL9lDA9/ulkIF10R2ZGyhtsfLB3/mbgU9lJNiDxWwjALoWa +/3S+vDUzHWGv1MPuuJSYG/JTvb607dPitRVo8oZcmhi6ZrHgzPjif3n5uBNqjyhk +LstRUEXojQFCQor9IvhQIQuhKuURXTNTS+wC2QndJQKBgQDhFWxnj9HFgn1USuv8 +2s+LP5GjyDxOZA9schKbHMMnHYaUlwIJ4M0W1DV2OMsqxiVP9I66xKRy0sfw7FKZ +aypd+1sSSDvPgei7Na3mxq/cDHoGyZxEqpkh8VU8akdGKfnE03YMjolIVvqgPA2Q +YmmbGIeRIprxB7bVhadDkSPdJwKBgQC5wkioT3W72uZEZtAVXLnJ6m+XsdybicLx +cgxJ/7arWQB7ZkwZXnFSViTRbmdxXPjIzc4FzrXWFfIOdcQ53qYWYCuG/V4je8/A +hL0Gv1oU5YpbturFskR5hqSZzkmd8tKhbivjMRDoseLKTwHH4d1VFZlr1sUqSNV+ +jERa55nVLwKBgQChclxvbBlrMk3zSEo89DYqC07Ly7R2Bg+KGch+ugLA68y8iBRO +QZDZ7xzpz5Lq+3WIBELcdHAAbHA9v0UABn49Ky4HzwgXr3bf0YELJzi8/bYJaFNO +bY+paRFaZGD7UuB07bifCR4vZTQf+vM/vVdCiDW1RL0eZgoe3d87979hwQKBgQCw +7Uiw7sXvgCY0XkyxHBllJSLWtDSv/H2t5Hep/6In/+SCpEO1IgwDZUM6KtLh2bCn +6cXiKClvWIWtmiOlDtjYlQ7ASxDf8SxGbOdxxs3w+1RV2JoyZIHt0f1y9VWO2Fog +IcQxZ2l4iP2+vZOvowRh5umzGeO/S5H1L3pnrxIJRwKBgFqE5JLZJetiwGAgmVtj +dfoUKLhesBODDCXrTS+dZBFjSB1ih1xXZaNNmMVXMRUi3WPs/3ET2PhLJXDQYn68 +EwNdjS/XqUJnSuOSlOn2DYL3G59g2/c6DS/uXNRGxA5p+hUsS5UydQb96KDqUwie +BxDCjymvW7qbg/PLsA/pV2iO +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/cert_path_ext_12_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_12/description.txt b/src/tests/data/x509/bsi/cert_path_ext_12/description.txt new file mode 100644 index 0000000000..6330f70281 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_12/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_12 + +Purpose: Checks the behaviour of the application when the target certificate contains a policy OID two times in the Certificates Policies Extension. A policy OID is allowed to be contained only one time within this extension and therefore this path is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.TC.pem.crt new file mode 100644 index 0000000000..472eb097b9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTjCCAjagAwIBAgICTi0wDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjUzOVoXDTE4MDcyNzEz +MjUzOVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHiUHn9iXfDWVR5lISY9eEwyMoSDGAgPmO +J1YIsm+so2SswD/bcbH/49afippWp/sIkY7uMe7ITVPBZfF+daPmEoP8hT0E0/tp +Sr7SF8xxOM3S6KmgwDW65FQNOph21xXtJ2/TmecwZeSlH9zbpLlDcqwVS9FXCEFp ++oQCZNJwE5h3B0IYtIPkCeFr1il7IHcoxxyb4ic3KztKVa2coSXjrs17RgbtISwP +jHiN7AzDj0zyOoZl96Bun2SNzZxycu2X/+yZddAalVFdXG3YIcXhLSr4LNtO88Qg +r6PGPf0xHE2tUUys23gF27EFsEuDUfNuXgsL9sfyNqnREDrfeUwDAgMBAAGjgY8w +gYwwEwYDVR0gAQH/BAkwBzAFBgMqAwQwHwYDVR0jBBgwFoAUlSqTLdADuLM6yzYg +0dte2ryVwekwHQYDVR0OBBYEFIcpAUcOgfJ7sGLK9VozyrJfJFPzMA4GA1UdDwEB +/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEAMBQGA1UdEQQNMAuCCWR1bW15aG9zdDAN +BgkqhkiG9w0BAQsFAAOCAQEAEH8C9A/1ApL1Fm0eu8N4FGbt2UATn7+r5uY+cN4s +kTR5IR7Awq/o4sVcOfRPXZJbP1CnIq4JATAGF47CknHwdAb5h2t92DynUB8n0RUT +z/F8ILbrBrLXQRe/0+C2ARMiY0PpN/d1LwfkXg5+v4LdcI1ksYMxyslrGtAinO/J +iFsDfNAXt13nnMdFKoeRRnQrNajpb7Nyr9rFe2hEZeLvdN1xHdl1vnt6YW+uAhl2 +y9bcyO7uxic+H18k9OxWNGEh/JTyywb1dGOo+GWZSThQ/X/b/fKSytX4mig63VgO +DziaAbOHIiKKfc7bxt5QwBB36UmpKtJ5Q8YRuwAXUgNiEg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.pem new file mode 100644 index 0000000000..55db5dd819 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHiUHn9iXfDWVR +5lISY9eEwyMoSDGAgPmOJ1YIsm+so2SswD/bcbH/49afippWp/sIkY7uMe7ITVPB +ZfF+daPmEoP8hT0E0/tpSr7SF8xxOM3S6KmgwDW65FQNOph21xXtJ2/TmecwZeSl +H9zbpLlDcqwVS9FXCEFp+oQCZNJwE5h3B0IYtIPkCeFr1il7IHcoxxyb4ic3KztK +Va2coSXjrs17RgbtISwPjHiN7AzDj0zyOoZl96Bun2SNzZxycu2X/+yZddAalVFd +XG3YIcXhLSr4LNtO88Qgr6PGPf0xHE2tUUys23gF27EFsEuDUfNuXgsL9sfyNqnR +EDrfeUwDAgMBAAECggEAW/Hkm7WyF8k9cfLWyMCXFAczUSGLJfLIi/eWTmWizgNw +paXlBwKqCgb75AJjQiEfrQAdw6bgqA3x1UFbeXFN9/t6NEdVKb9gr1ERAxCSVW3e +chxh5cAMQjVqgboJfWF5KhGtFu1pOcUKCgjXpaKO+ASERT/tk9QrCGG2qL+6tIeS +snLsS5AipDvkXXh7rjQdOzRXjDcGioIIJQxxGR+Lx725d+hKrWsWSSa7bJVEkR7F +P6VawJW7z/X0b+iDXZ1kYIKNdH/seJOPNBQLRo2UIeWjX0VOwfUf7y3AVIbV5bNw +TcXy9euz/nFY7VXyNwK6Cw0XPx2dbTI2+dNijdCREQKBgQDn5gaqrbjN9qL+gXgR +OWaYvYX2QUSohrhXN3pxheqMybn0lYpTrI0RP3hGMuuN4/jkO76ol4CTatlOppuY +dKNs2XN05W6TdVORfNFCj0UHKbp3biKC6+Soa15IdSaMfuDlwh6mCJ/mbMmF9T4I +axCdSXq7noL68UeW6oOZ8yZUGQKBgQDcRi/G9juifqTf1dICZZ6t16v4zUEywV0+ +S3Yk36YnPjVuuY12DM+VJNMHQVX8Y/rkurNJTh4bEFsTYvYjtjCIKaHOBELFlsCT +ynEVAHGSV+m+NEWVQBM0HqgsxEKTm93aQ7sGOv4IwDcgEEt5hKKtuREIgaEHrwol +8sMDtIKEewKBgQDNHqFM/WbW/87C0eBTU/OVLSa+YJMLgkayFsd+fNav+4s5dcCq +LJmG5R5M8aN7mWfA8bu+QmwfeUaIFETTAHDBykIe5wX89q2Zpc8vUazcHiPqmgd6 +yI80DeySqNUVNvFVKXSUplJRrm4+yGM7bQCAL8uZAyeWMi+BpSQM249OmQKBgEeG +3wLLeEfmueEZTI2Ms/8dVnF/LRmvInkVBfMpUInTsIQY6q+Xr1xtzbzAYYyIZrMZ +URiPrkT5hamA7A5indXJNwpv5cLFlhknlprMPxTXSUaDMMkrOlElV1TaEgheh6bV +cYivZUgwKnZV9DwsbqrcuoQ5m7GkDDaQYvT0C6G7AoGBALzBpOvMF5ewRFUOuURD +LmdTDw4/i7fjZog3JzctAzXmDr/+JMBMwThte2EtoE43UdUoLiiMxy2epv97bfCT +Q2yhedPvRenJJHNSvW9q+IAE5XZmzyv5mw3k5gD4e89mc/pATZY0e4FBTapGZSJp +a6E0Gj368UbyGbzqg/wovuPg +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..1b8f2cd09c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.ca.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlGgAwIBAgICUhUwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1MzlaFw0yMDA3MjcxMzI1 +MzlaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMJ1fJKqvxZtLbHaS0AQw5Z0QH59HRur +lrBc4F/9BEbG3RKwYCsMp8gXuE9JXz0ngIW5UbXdjZkMbryyD2rJ86SkmgGQbe3A +WFJ/9fwE70rJUbBbVE4Z71MSEKLZSDWooXG11ZSLy7PqSwDh4ogk78P7fzY4Knqd +wLazgFCY6HS+s8rgxr6Sw4iT7OfXXN3IiALCAXfKvirUpp1Cf1NG0LYd3fVfSlH+ +v19EvgH8UqJ0CIh2sYyy8Z2hgDyhQnImSmsntBPLGcO/7VEoJeTOD2u8Xju/ejfw +KxUyd9ZEivC4vEkclOp7GKKDcBuYplQGqraiO9B9VCv/fEJx5Ys+m90CAwEAAaOB +qDCBpTATBgNVHSABAf8ECTAHMAUGAyoDBDAPBgNVHSQBAf8EBTADgAEAMBkGA1Ud +IQEB/wQPMA0wCwYDKgMEBgRVHSAAMB8GA1UdIwQYMBaAFMdPGIQtfK+M/IY/TwhC +E9klQGpwMB0GA1UdDgQWBBSVKpMt0AO4szrLNiDR217avJXB6TAOBgNVHQ8BAf8E +BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAJkVq +n0iUdzC8YZWraYJb03MfIrhFV7zwx5DMmYWzGpj0XW9SCwGZSaIuSuvNK24sN12q +TWf6SiZ5w6SM7T8EHD8//gRD66up76NsnKqtpZE8Xo+DeJ3lwRJReP+X4jRPb99g +jiBBtN9V0gemRs03xqF/wgLx6z0Ce8/q3T3FjQWX3366IsCaj9GZg8Zpdwnkm9Uf +Lu0oNSnErRXrkgIkTdU4LekPzK3d92QMUhAjMAAe/m4VuQh/neRzOOv1ZvtbFY+i +DnoCwgBys8dMCnvMoPiVy6QvFqEm4n2imiIniSaXOXdyZeDGjQmT1Q8AezeSEozB +MQ3qvChBWHiKvQxqOw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.pem new file mode 100644 index 0000000000..b7454e7d14 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/cert_path_ext_13_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCdXySqr8WbS2x +2ktAEMOWdEB+fR0bq5awXOBf/QRGxt0SsGArDKfIF7hPSV89J4CFuVG13Y2ZDG68 +sg9qyfOkpJoBkG3twFhSf/X8BO9KyVGwW1ROGe9TEhCi2Ug1qKFxtdWUi8uz6ksA +4eKIJO/D+382OCp6ncC2s4BQmOh0vrPK4Ma+ksOIk+zn11zdyIgCwgF3yr4q1Kad +Qn9TRtC2Hd31X0pR/r9fRL4B/FKidAiIdrGMsvGdoYA8oUJyJkprJ7QTyxnDv+1R +KCXkzg9rvF47v3o38CsVMnfWRIrwuLxJHJTqexiig3AbmKZUBqq2ojvQfVQr/3xC +ceWLPpvdAgMBAAECggEAEksl16ZjKPjxvjQ1tWaI/95v3XZnsUgIemRCYhqrYafT +pFkeCEQTL1UL7GmP9sYrO76eBpM71D9sgNPqH2G1n1zcysjg4+efEiPM6v3hL71A +shaQF8jY0DfNg4RtW/RBO9v0pm+AT6yljFpeX/Bu80D1oWQnRYxm/3O43obZV3dv +PeRANG8ECkqTL/DInE4L5Ycuwt2CUY6pMRSdK0vKow0inHP090oO9Ho958WcvXQU +KJVrL6yQmV1a9X3OJbryfmXIXSxr88XjuMH9nW0iV0boDOuzHUvnheHtN+r1EI6D +m5BdjeqtQX4U8fm0KqRGbM9Y7ed3+mp16hX6LMA1AQKBgQDrS1f2iBFMzcaoxBB4 ++2ne9Qiq/l3CnshDIy2N0XKfXRlyEanaAY5WDSBpTPqkBwgZOAbJhsKxfkPhBa4l +SP/XwmkFfPbf56v9CUKUdCSNNDKZgBduIrm+BgjmSYtGlB2i7L+HZ0a1wEIkPeAy +nB/0fVzxSGfKujmMUA5PSTME7wKBgQDTkjaDAg28GdzfYoE4YPxv/d94mpO+PkcR +/ii5tGQczPUgo+EBkEIXAEPmVvbdbYv6hoRYT1xO72UxeiEGbPrsSrn43+5r5mjj +DMDDg0LDlX5H5Vr64P2IqqxRlXa8If5b0juteR5w/pK+zEgkQfWBQFbE405tdos9 +C5V1Xp/j8wKBgBXuzwNHCb3MDLGcnSB55xOGaclurpS+slI3zD5FANdEGWQdq2SL +8pWo4ZWPPGnf0exv4YoVir560579JY+KL3cQQzPkwyp58PlETLWD4ghbjj/qxcRZ +blD9RQUaY+YvVlfik7Pud5PnmQLB1c1B6mSi7u/63Nnz4/tlVwAjBaN3AoGAfEgt +oXO5Yb/HkampwtamM5tshMo4885drWIhxkUDci+r50qdSG/Xgu9y84IubhCF49rV +L5Me5HeYeCIH+GBYXinfaSUSR2wIPSgmrDMVKxNMJSvD8A/unzOzGhG0t/s4EfRD +fjnh+fpxdYdG8ZWVhCGpVus4DPFQBcIiP9ogDqUCgYBVq6UW/hsjHQoz3agvZEWB +slAAZeBURtHxIzTBrIGHz1I2BTLI25NNwI1tbvHoblt4pvTG2Qf4wAiz5pVJwUYG +Z3Ml145cm+fUHwAKrBvrNJPrCAnrMDjVRO9ACQZebCx2Q7CasSziuWxVvn+bBdDK +PsF2YDQ06a+gDRveH3/oVA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_13/description.txt b/src/tests/data/x509/bsi/cert_path_ext_13/description.txt new file mode 100644 index 0000000000..a7f66fe787 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_13/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_13 + +Purpose: Checks the behaviour of the application when the intermediate certificate contains a Policy Mappings Extension which maps a policy to anyPolicy. This path is invalid because it is not allowed to map a concrete policy to the special anyPolicy. diff --git a/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.TC.pem.crt new file mode 100644 index 0000000000..f116dc43a2 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWDCCAkCgAwIBAgICUhYwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1NDhaFw0yMDA3MjcxMzI1 +NDhaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvm0v2xggWk+PT9LvKUSupiasTJcjF3 +yZE6gdq0WgjTGSTMOdL6ujgEtvkILPvFAEOSdgTLlS4v3yasNN6svUcCKw6PAlSD +YL7dVQVjOVnSlpd1SNIl1Jw+Y3gESgjUr0zTktsI1sAijvNTUOiV6yA8uZGmwtMv +27Dz0veLoR7v3ifyBFDTCkVa1UDdks1hDzr4AuxTdqhgvKZX6nWYWRXUieOduAd7 +b/xFVkgK6BnL64Zf0OYNZxxypBrhKXomXPiyGFJBtsCGrOYqJ+vwRD7MHPDa2zEb +0G2o19zLyYh1b0Xk0bwoFjYV4tYPI9M1anwvR1tQVyGPgtZqJMwZ7m0CAwEAAaOB +lzCBlDATBgNVHSABAf8ECTAHMAUGAyoDBDAZBgNVHSEBAf8EDzANMAsGAyoDBAYE +VR0gADAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU +fbgZmC5vRGZPEqRbU7bSLZiFoCQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAFkVD/ePIUowM3YbfJBIHWmByLCz +E4KkD5YevP7nfVxM2qXfRH53a5jhWMfBmee3l1oQpzh03s6CtKMA+5wGhaWTQRpw +E6RrZqbrR5CMdyqA4UqDQ2WaNbFJrBfxN2az4sFU2dqAekN9/2skaoFd7RwQg19Z +9+2D69Hd2qOHV7zw17TbQ7l1D9NlXX0t+076bfmkbrfWmx2wtQXU7PFsaD/Md4b+ +1FLp7UcV2096qNkxNwVOKeyvrAR7gQiTE8u8tqbH5bFnSrx5dsDmzlN6o/u1Jbba +Axs2fPp5Ve1pWlYFCyLZJH+CDdthravoptBSU3Cnf49hFjOCUHStoTV5hnw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.pem new file mode 100644 index 0000000000..fb64a7f6ac --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_14/cert_path_ext_14_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDL5tL9sYIFpPj0 +/S7ylErqYmrEyXIxd8mROoHatFoI0xkkzDnS+ro4BLb5CCz7xQBDknYEy5UuL98m +rDTerL1HAisOjwJUg2C+3VUFYzlZ0paXdUjSJdScPmN4BEoI1K9M05LbCNbAIo7z +U1DolesgPLmRpsLTL9uw89L3i6Ee794n8gRQ0wpFWtVA3ZLNYQ86+ALsU3aoYLym +V+p1mFkV1InjnbgHe2/8RVZICugZy+uGX9DmDWcccqQa4Sl6Jlz4shhSQbbAhqzm +Kifr8EQ+zBzw2tsxG9BtqNfcy8mIdW9F5NG8KBY2FeLWDyPTNWp8L0dbUFchj4LW +aiTMGe5tAgMBAAECggEAAkprs91llq9x6m6uzN+q9JetZHXogbdddsA4L2FZ/EIP +q1HlYCRX5NRq3QUYoIt4+MDVztu3dEQMWTXPIS4XoCTdSrPHh/0h3AubtwyUdOWc +OvbWFYhxZwh+iD+1J1ocVpfRXkdANZSlRwTvzRfKnLUJaCJK8cPnnDP6pSu0rQSL +9mFB2KI4advnoLW/wEPPhHu2Wq8l1NggHONeu7+4xJEMY57lxL0cDrgmtaCFxcxJ +oIwVXkf6wOH1ck234Nbv/oXalCIUMovZkKeuCCjHWsLonJl9g1mOnhUH8xXzdMyx +bX6Pekkv3bbtA4egTM58hChcjvX9q9WmfnMR7544kQKBgQD7AsyaYqN/V+ofaMRZ +udQvdu8tZ26jUFD2cE2PSKUUf9JlTIHmDSI2T1pKt5zFl1lb2LGM1xoXs4tqMViU +FZUjrC6b2WB4vFKxWhb6pbYPjNBgshJa3P9EUmd/2jY27NZWQvYMO8Pqk15Rsrej +gWQ9Zx/ZwJzdTatuT9LhMbyrVwKBgQDP9FJ9ZKikTiEaasQ5TacYx3RsMLz2TV4R +bOzRPIIQAZTFmQaRYsU+1aRzuDIrEUMCo6DlroQ+JGnktDtUtktk1Ug5232jg05G +wMVI9fl4inCAnKB0E1ho0Ba6WG5lPRZ9CZzXAm6MckYOYis9gOCSP2gBQ8U+aJJT +cqsoVfmd2wKBgQDf+293k+0xBNH1lRcguaGNeSOT8GfZcyHLxgpvgPNNh4HGwq5n +CfEtZUG8ynsqFhO20XYdpxOxcpVE/SN9gITEgDBXAXIESoe/mhRHNPdwiMaogj2+ +ttVRsfaJL76Q5GWeM8I6yFnaSAYyALe9PwijghH5zNYs49HFbZVPPYKNoQKBgGuV +Wcu3dKu0I9oX3DZNHyJppaiHOmsuMXlQYeAJrrv7JW1osoYqlCLiwjZ/16yCPKmz +33yT4aSIkCQavgsgWDbtRHVyQTiDqM5f0nDhmFOtQ3C2FyiWDYoEBY4YS9yiUu0T +OQnfHzQXtnigfwBNmWDv3q2w0u1rijATxcqTWBU7AoGAX3JwozQCVXPAHvJ9Sx6q +boyLJ7OI2XX9T464Kj6i+/muNHJEKI8btMqhIvyoonW3qBcFYx5RaZxWJylS85ht +ued2w71jsWDk8lIzsWahzTWkfG8QFHZrMIuRBd3WR/ilyDxVFGnmWXThxa+2mwSM +IzuzwRSQMvhVVXSpGRBfDsg= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_14/description.txt b/src/tests/data/x509/bsi/cert_path_ext_14/description.txt new file mode 100644 index 0000000000..5a84d0d3e5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_14/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_14 + +Purpose: Checks the behaviour of the application when the target certificate is a CA certificate that contains a Policy Mappings Extension which maps a policy to the anyPolicy. This path is invalid because it is not allowed to map a concrete policy to the special anyPolicy. The RFC 5280 validation algorithm does not explicitly verify that. diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.TC.pem.crt new file mode 100644 index 0000000000..8cf914a6b0 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVjCCAj6gAwIBAgICTi8wDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0OVoXDTE4MDcyNzEz +MjU0OVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvHq3DMxypKRALFJ9p4h0xJYLjcD23/N99 +JoZzLcIpggkjbQxjq4cybvHSYz8odVulnl9smUP5edgbSEsgvj6XeDwgs3RvSQMu +S4khlw/9A9GKotafRhcAjJmNmVbYVnPYhe1UF8euEvRX5y4lSRMyEwBve2d37sW6 +0x6M1Ds9i98yYlHylBYM/hqvPDbTM2W13DX6qVWQZWT3Uqz+flsfujzzh08IuD/k +gva/me5B0xjUYStATxPIW9ua1LADKWUezQFC+s81T39TLzvCQDvR8LrCeNGLeKih +W/i8JXc71moETcvaEN25W4U774aLYR0WSIWF9W6bWmDqnbFjeCrpAgMBAAGjgZcw +gZQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBsGA1UdHgEB/wQRMA+hDTALgglsb2Nh +bGhvc3QwHwYDVR0jBBgwFoAU4IwZqmklmholAPazKLob9w35z8AwHQYDVR0OBBYE +FMyyQYUefutUUfqxzShgz6zrDfZjMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8E +BTADAQEAMA0GCSqGSIb3DQEBCwUAA4IBAQCGBmuhYoP9vRIh/fMMCQqE2hy5eeDI +KzhZXv80KVS5aHHyX6eBbRP6L8m0FgL6xrnmok2gpH/JiTOmY/RvQFOw0tqcn7pn +eJ5yHxAzZGCgsRoJ8qNNAwAU4TyiGhILZ1iCBt7rrOU42Uj1CuKa4xu/BFGM4ChY +mhjqNPgaR8LWxNzU95ARHvFGXukzsssb2IpUTMcYwoajo6dM4KmHTjkH2w+HnHbD +HsLQVgSt0spG+BPv+WZz8jCZ6UeMfAtazix6e1S0JuLjqeHOxtTyn6Al9gSvO1U/ +KyLsbSTpQuKGn3iogzQywlL3U26EcR6jkbfWMcPAZ9/FcV5ShhHig+ND +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.pem new file mode 100644 index 0000000000..02355f14e4 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvHq3DMxypKRAL +FJ9p4h0xJYLjcD23/N99JoZzLcIpggkjbQxjq4cybvHSYz8odVulnl9smUP5edgb +SEsgvj6XeDwgs3RvSQMuS4khlw/9A9GKotafRhcAjJmNmVbYVnPYhe1UF8euEvRX +5y4lSRMyEwBve2d37sW60x6M1Ds9i98yYlHylBYM/hqvPDbTM2W13DX6qVWQZWT3 +Uqz+flsfujzzh08IuD/kgva/me5B0xjUYStATxPIW9ua1LADKWUezQFC+s81T39T +LzvCQDvR8LrCeNGLeKihW/i8JXc71moETcvaEN25W4U774aLYR0WSIWF9W6bWmDq +nbFjeCrpAgMBAAECggEADcFcJsJwbha/bHXKbv4hPhRs0cHZDaDh5F1O7EpcDCsE +3fDmRNUnwaqWeU8gZxfCaVTyUkzYdDn043FSejG9wUoWQ8wbL9UAi49iJ+6xhWja +YCIAUVlBD0liYMDHSI3DfCHkJw0JiAvaTSYa9gTMBDMbGQ0MoigLa5+PsI776qgq +BnS73PDTCUrwwZqMEaahNOdQZH3SJOWA20qyUKzWqBDZ6dbOnx+/4un8s39RqAsR +1wNKE7Q5G7LBstGqcIPvLvMXngx1f30lSuWKbixLquemQF/7EHb9/GgD6KCVak9H +JNIYbtmLyCdjBGMegXqRqCo1f0O37eGIAcbbErRi/QKBgQDjFTd9EqBVOmopo0EU +QSIcAAlGTEEf7rTRUYjAuiDuQPUt5ubPa0s58tvYb+p7kmRKpHd3JieD85ufdu0D +HRrzKSiMbFE7fV1FNfk8/+JQqHDfnj7j4NTUBnn83AIeFcBZnZwA76rPvUGXbMnf +1HgHneFyjpvDepWmUkJcyqGy8wKBgQDFa357PN+N1WTOGW7LHZM6wTnc0snycMht ++PCK+gpzAG59Z9XvcPLlU+98Fn6vYKyV9+F0LfjQpyzV3eWajJp62Nrc1jiSwaGl +PYYYCUuixm52b+TRjAX8KQpyzDYvEAgB+XxKWzytfmKs5yPWII2akijUNpiY23Oq +JidZpsyJswKBgQDeJ9yQNM+8cZh4wakiWpI3GGX6axFvXwVwnjaObclXrR7v2CxI +EayXtZsUhHC+kboiOAJUA3S3J3VBLYSz/h5mcwajUjiqXXwJAMOjxKYwyIkci+D0 +6PjtsKRZFxfPPPJf+cwsMkxGTd3EeX6Jxn/i27c6bn++XsfW3jTkOKy2twKBgQCj +6qffDWEU89y6H3XVoh3PyAYSKtbQvQI+BVc8HXY1nGMhLuj74U1cSj/rSQYw+dTy +xBlnDJCuNlBM1uxAUYQmgg3fFONuPuXHPHktVfJ+GcI4Bpn3vwptH2p0fMh0dRwg +/5RKbMzJxMmLhHNF5EuOztKluRskt/mmif1cO9lSbwKBgCaozTIYt4LKTe+g00Hq +fP6PH4qCaG65t/Td1AEXj/pytD3ks+MxHzYFKPn0xwe2gezuEJNJDR/bhI0MZ3/8 +dwU5UJfCMqqSpZntyyRzIU6zScwnpAVcM7QoDRRyWQtYLX9LZ07hQRYDNNwogg4f +FYFeJ0ybiL3NC/XKhJKpbnju +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..2cbbc9e4e1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.ca.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjQ0MFoXDTIwMDcyNzEzMjQ0 +MFowIzEUMBIGA1UEAwwLVGVzdCBTdWIgQ0ExCzAJBgNVBAYTAkRFMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm0xXD5IDqn5nBGRUxlk9EXP1/OCtdXc +TrUkBXmY0jCSa6VS8ik+IPMNbmfr9y52xW1Imfqz4cw4t97wMXe583hTy+KEDhz1 +J2I3TlCRrCCRz4laEZN+AiKT2SKX2VcjrWkxNq+T/rCAJMIjx1cO77/kbNCjL4t3 +3fXKmOiW5r5ePQZ5BS5jolQAznsGWEcj3qsd3Ua7vn13ygqsav11Q63ZgZUcx7y1 +Xzh5YllRwYoXPKreJMurf3WYWS2DAcpd4bmVwp0u+tOL+OYXOrqsCUwLQigFXuVe +O+hsb5hbz28e4xC+Q1BsSlA2/NkIVR+96Rr3vj7pdDh9+DWrgiFeywIDAQABo2Yw +ZDAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4EFgQU4IwZ +qmklmholAPazKLob9w35z8AwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDQYJKoZIhvcNAQELBQADggEBACSEBLrtrXcWiFDauK1dOFTRQdTFVPjW ++Df6mjP7wqvIWLpPE5Uy6R1zXbqZbM2kcjfAR24mgQK/NrVqoEaVsmkuxhPOuqNG +egL1bHCHnx3hdrUyA0rjp19YQc8fzbwT25z7Fe4K1MxBLZwbVjJ5ejE+wI7QzQsf +Iw5TRtHd147ja9jfM5uKIWdmBXsCQ2lak3KEh+ahs5BDL/l0imvvzT/t5BSZqzsE +oG/YtkS1RiZUWyu0q5cZ4/lnUspsIwFPq7P+ymf2zGAzeo/77o4uypCzdwdH3OKc +eqHQrsoynYRYeoT5rvDmKbDd0098FEclLxgzdABmLQ7jeKSex41iYLQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.pem new file mode 100644 index 0000000000..0b3622e857 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/cert_path_ext_15_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+bTFcPkgOqfmc +EZFTGWT0Rc/X84K11dxOtSQFeZjSMJJrpVLyKT4g8w1uZ+v3LnbFbUiZ+rPhzDi3 +3vAxd7nzeFPL4oQOHPUnYjdOUJGsIJHPiVoRk34CIpPZIpfZVyOtaTE2r5P+sIAk +wiPHVw7vv+Rs0KMvi3fd9cqY6Jbmvl49BnkFLmOiVADOewZYRyPeqx3dRru+fXfK +Cqxq/XVDrdmBlRzHvLVfOHliWVHBihc8qt4ky6t/dZhZLYMByl3huZXCnS7604v4 +5hc6uqwJTAtCKAVe5V476GxvmFvPbx7jEL5DUGxKUDb82QhVH73pGve+Pul0OH34 +NauCIV7LAgMBAAECggEAHOHK3sbDfxXguf8gH452dWYxQ/u3E4VASN/IetwahabA +TntgvUHsHms+2kQA0hjGAuO0Y0ZXCiRDZf/2Rkp2dasGaqIMjWdu9246HTKzJXw7 +IVMfyhKoxgIgkopgpaJF0wNlZ3nx5Gs4xFp9urpFla9xId/zID7zC0NAWzjLymtJ +95gnemdh8oE0xrIPkJBgp8G5JC8xyRcGXzTWQsDeYB15mM6FcPyFEOb8WRVNa6qJ +LCbuO/ne/K+9GC1jHGJLVtVwBSJhv0semkYPy65JBLZhR13mQNrYUKL1HsRy6xyw +19e/YWydDFZopkxYIIQ8HbIeQluT58aUiVFlkRACIQKBgQDxtx2XNCq4VHc1MntW +eXrRxypd/ivkaEUQEHcKapuGEdPm9DbYuJWgZ82OKsJ//4W0oJpVaXYNnFKpYtvT +1MLbG6n21l5xSLHsVCnmlaRLx8JFX0HncYB+0/jFgmWjRcysIn2J0mf38bAd+Efn +Wt03NtfHbfGZQ5W0/awJLTos5wKBgQDJriKYm5PIToCc13hdsoB3ywCSZDISkJxY +utVSEesFuvjpbYhXpTMVCGoP/iphPLZ7XiXmgaQ/C3MJIYXUbD8LcxyHDzWZ58gN +UmgS7keZxBPednEmTcprHKYNSDnJIoYEMzgNx3GCBepzjXPPKLYy/vQSbRmKNLFN +dmsrYqq+fQKBgQDDICiSDDnETeNhnVv1peFhAV+ROwLhws6ltjTywrbD1xZxpYm1 +D+Ux9Tn530jeHT8pXlDYTGdRe3U7aiO9cE7QpBdjvQ/GcYG4HwUoMHrN9fc9GzXP +iU/KkoGLp8U2tb0Q5FLldGYbwQ6EUw5wlGhqDyrHwlg7elSbJADB87G31wKBgQCl +N3ov+oN+PJEv63Q3jdugRzUYt+wtOTpblfLbYMJf12PCFnDzG+pU+KeqolSlg88a +EW6K/vlGjGKYwFWaR3L+NjbQja0jf7Vq9G890uXlGbQNMopPDrscNEPz7Y8pLpcL +Kcppv1FFawM91kthEcDw1dusnKOnjLMS+kehKxslIQKBgG4Y0SYZrWHOUn8qCqNK +zbitFLesrQlgqIvIokPH7O4qVKSLAWJzK7wGyeUCQNP5YOjtBM33A5Qwfu69VEeq +XwN+lmiAnpUacWiQiJeNRp8+PUquIkLqsvmB4vn7jaHa5xkMa215lT7isJORasXZ +n0cSN7T3e6V9K5hxufFzjnLI +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_15/description.txt b/src/tests/data/x509/bsi/cert_path_ext_15/description.txt new file mode 100644 index 0000000000..d650e915d5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_15/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_15 + +Purpose: Checks the behaviour of an application when the target certificate, which is not a CA, contains the Name Constraints extension. Name Constraints is only allowed in CA certificates and therefore this path is invalid. diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.TC.pem.crt new file mode 100644 index 0000000000..d50da3497d --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTQ2WhcNMTgwNzI3MTMy +NTQ2WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJ0VVkBCR5AUENm8LmtosBm37JtkQX5WUveL +xVeytcQsjNU4vin1YGJ1xaDEK9o1S3u9z0lFy9RSPETqORfCovdVqqFQOYigrlW6 +AiX74hBb2o4yvhpK/eBITOf302NV4rL0qN7RDAB6IzKApIhNg92PNmwqwCmvgO1G +4WrFG09yOgcj5DYwuA3MLo+oXyD3S/6Q3YgLDgXNNGtoz7n0gIGwQwG64UIzmz/4 +E9UQ1XuSyNZ9bS5tJl62C0Zm3Yv4En9ZonV2hUF6AJIlNNwxag+A70JUtozs/2sQ +P1edFsOnZ9q0+6fqcLCdA3TbbQOmMswFQ44PSzjx/7y08PZRO0UCAwEAAaN5MHcw +HwYDVR0jBBgwFoAUWnDTc6qUQNwzyWd7FHWFyw+YTpQwHQYDVR0OBBYEFErASPBR +VvjVCumIUzsTSt//knygMA4GA1UdDwEB/wQEAwIHgDAPBgNVHRMBAf8EBTADAQEA +MBQGA1UdEQQNMAuCCWR1bW15aG9zdDANBgkqhkiG9w0BAQsFAAOCAQEANTKudpq0 +hWB6CcSC7jHg5yudj1EViQjTERVBw57iSUQH3bHpulumlc/nf57+IiiYuf/xwGEg +37qFG7IDnsR2v2EAcYYXiuqShpG0plcV5wMY3URBHeCJFrbTW81/6TJwmcrk3Blb +93lNynkg3d+INNEnA6jA1TwrOLNn7ylwXsnznhZcMy9Rpnvyb4QXwhFJLENsZBNN +Qmi/5nRw2eoezuA9BmjFSdG60mk4M8rgWXjPQiBD9r53LUSjiHRTzDhvXuDnE6k0 +ND33+7VClTvWpudqiOhVjlp3rJKezTe9Y3jxUsQ2+JOCk6Pu0Vuq3iKotm1wkgkQ +u+9Oc28a9WN3pg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.pem new file mode 100644 index 0000000000..7cf201c190 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCdFVZAQkeQFBDZ +vC5raLAZt+ybZEF+VlL3i8VXsrXELIzVOL4p9WBidcWgxCvaNUt7vc9JRcvUUjxE +6jkXwqL3VaqhUDmIoK5VugIl++IQW9qOMr4aSv3gSEzn99NjVeKy9Kje0QwAeiMy +gKSITYPdjzZsKsApr4DtRuFqxRtPcjoHI+Q2MLgNzC6PqF8g90v+kN2ICw4FzTRr +aM+59ICBsEMBuuFCM5s/+BPVENV7ksjWfW0ubSZetgtGZt2L+BJ/WaJ1doVBegCS +JTTcMWoPgO9CVLaM7P9rED9XnRbDp2fatPun6nCwnQN0220DpjLMBUOOD0s48f+8 +tPD2UTtFAgMBAAECggEACieboHfTFytU6N5+GbogzZN9m5C1ndcyxzH6m0Vq9A2f +5RYlT6Jp4rOTsmWReCpt1h1aeHV8ociB1kAAr4UznSL6mYcNe8RMwNn6KD509Mhw +ron1OXno7kYo7UNbdQEpBeyZu3MZgDEPyW9WM5bfPsQdU+Ic82pBvr+69CNd3/Am +c4oGyecEZTMdDbPQmtV3HcIHHIGXvvYdAj5Pm71inS20Rwlz4FkxRGVZ6R8VvpMC +W/HizcG/dy0RcEbx7+GZCMpnU/4VEpFemLT9dwfzrujegtjJ0gRa/VnkeI5pddMP +tPTL+QuepQE0nHw/ouUpbgB7v8QkvnzH900cS0wqwQKBgQDYYq462ejsL0NMyLDl +b7NrAq7jFztQtB9SWYT15uhRoEldF+8FemjhhMbIr/8SuP1p54uk07M0YueN6MNP +9YX8nK/ImWPEPKgBIV/HFYh7jUCeFu88PP0xsLLHM3D0clp36IbkBkguEV+rhZAC +h04cKxm8nrwnXb1kQuK3yvMgPQKBgQC511lISDsrcsQ0MA2xcg53Xi9uQ1RWM2UN +g5H2yPT/twuHPj8NvmGwpu7ZEwr7LV59KzGBejwba2YzFS+5zxyrg6EFlVTLX2P+ +lwZlMcSad1dk4ptL0Sedm3RxBjqYQKwdWBtDoVYQJlGCIUZAmkQ/2T3CnpqICvhG +ombklxjvqQKBgHzTQEr21eUZxqsOwu04KLo8jAK4riD6J29r8MWh9LbRzkCDxADX +ApXF8J5o2K5GRPnI9seY0DISNB2q/rCrpCV7hfQkeGcFzq0IQaYpB9iuPW51MIEB +ddYqZpd/V1PMe9/cJaR48z6QCy55GAA9aZPaUTh8IXJcIxspcnwv+VzJAoGAP9nK +ljgjBEGRQfEEs2PhroeQukytzFQqMyNyYh0XeEh20IfFeD5iKCSiybhuPHCRF2Zg +wwCxaCZVXdW4qRmM2y0FhPqSwLFMlOtkyh34U64PO91TyA/bkZ4YusCOH0ORHx/n +diwXesL/nDs8fPPD4UANpTGDHJzQQsyHl6CGc8kCgYAbBuCgT2vqCp5j4hCPX28C +XEDt6Um67UIBmfptJwD/ALx63nAhh9CX8aj+nWSyDrmVyXiDcyj6sqcRUrtl2JbM +AOahh2FtkjijZgLJD+jgauaqM4/XsTgSC3mKbKAHPImm0+MUlQ+3jfD/wtLEigNZ +rmwAa2zTwycJdaGxdE5pZA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..9e0b638e91 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgICUhgwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1NDZaFw0yMDA3MjcxMzI1 +NDZaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN7w8pFn/aIdoOAmsMkSRuZSiUXBT1Z/ +yZWXJCZONZSNju0v5h0D1GUcOPH53Ld/CjbHr6OI6WTIWpzAV8oa6loOhBbLnmL8 +mcxwghv0PSj1LNimorVrga7WiXJ+u8NDLMinINl1Smgvfkh59N4blXaG2IN4ePMX +3idqD3KUUTyQCE8rSCHR+XXXT0VEset0LStTuV7tpDX0xL43ja4oxgPOLKAv6u5c +3iS5mdkqtop6s+wU9eHLlGFCZQ6pMO1n0D1bycxvhBh6rW6aXFrV0M4C/2dZVQ06 +maG9H+ltBmb+tfyl8SaKPZACdHnfh1ySCDGbccMH9f4KtJEibmJV5d0CAwEAAaOB +gDB+MBgGA1UdHgQRMA+hDTALgglsb2NhbGhvc3QwHwYDVR0jBBgwFoAUx08YhC18 +r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFFpw03OqlEDcM8lnexR1hcsPmE6UMA4G +A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUA +A4IBAQArvbGyBruNR29tAAwhk+LbUwO6q3vz1oxKtQvI1g4WeT1lOAl9WGguwLr5 +jCG7KEIwJcdmcIzGA2LVx6yo3hA6DkWk49VLFu2+KIgyIDYkfCbu0H8JXgwEGB9c +lRc1FDWC0PqcNOeTydD9Td+M0ZTVGjG+bkM3tfGKTWePRXbf6Q9VC4e9kBrRue96 +rKasKi2kUBCcJL2+RUJUpO5tVTSPzJwd8f7w50qj84yOrtX4Fad3jioR7wL+b/9a +KLGgqneB1JPgDG5OrSbxjMtAi8lPvKYekEuFcHswFjeWIsZvV/hx35Do89rkggcO +oQbvHxDmzWUPZMgCJtRhd3IhIcV/ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.pem new file mode 100644 index 0000000000..96b3dc02cd --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/cert_path_ext_16_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDe8PKRZ/2iHaDg +JrDJEkbmUolFwU9Wf8mVlyQmTjWUjY7tL+YdA9RlHDjx+dy3fwo2x6+jiOlkyFqc +wFfKGupaDoQWy55i/JnMcIIb9D0o9SzYpqK1a4Gu1olyfrvDQyzIpyDZdUpoL35I +efTeG5V2htiDeHjzF94nag9ylFE8kAhPK0gh0fl1109FRLHrdC0rU7le7aQ19MS+ +N42uKMYDziygL+ruXN4kuZnZKraKerPsFPXhy5RhQmUOqTDtZ9A9W8nMb4QYeq1u +mlxa1dDOAv9nWVUNOpmhvR/pbQZm/rX8pfEmij2QAnR534dckggxm3HDB/X+CrSR +Im5iVeXdAgMBAAECggEAKmrbKCXKSO5MteE+qR8gXMGu6xX2560MGHlnkB84zBEr +9L50kKgyIOPABPAmmcYi1h3jseCCkaGaNfFVsrcwyB4zbRfkRI6tn4t3geSUP2b4 +l6cK1axFAhRBFgb9aA8vpeTAmAdcNxr0Mst7dsf2RdUtvEPvdUchBkxEcKc+FqCw +/KQmnOQw5LrwMNe4+0mSYknZsLO/2Zmyt0qVrohBP6AHiynCRaZtwighEQXPr2Gl +nnq3IC3BTurnEHicif1UjOxBORYF0V9VxdDIa/yJDBS+WGr6JCu0lxfWqOem84Bc +6hpNRVE7T14fSQGNJaeeAmLMWBA7J5AV9YZ3evq2MQKBgQDym8kWld/X5fge8xq3 +l+Dz4Q330R5MUKsrTgT63vjSyFWfl7pP29pt5uudmDhxyGZwUbGrNuBSTRS/Xv9/ +aPx9joU44ouQv50sWqWcvdmOjsz6hUt5Wn/pRIOdM0oPYYEz8ingzrFaFeCOz5HM +V17zkqedfDabfPStHRrg/dLJTQKBgQDrPz/8CHUEeh46stAnxUGsUK2msE676xDb +WLb5qi1fd2oNi3/Yv3Bg7IWDYzLqNaInz/xzxErAOuefh5Vt+udJDIh5rSapSmX7 +nxcTZIcCJKYaC/H0vgohqScuko0CCGzAbcFkj91Z8kH+Uds/0qHycVPN+gL59rne +AphIMMbG0QKBgHVpaY9Rp0xQUp1/3808ZrUAlQb7IKOkYsKJdqWG5Xr1U2LyRkvB +xdtsZ1kUwzRl3RW8o7SN0VBjV4gqTJJ318JYCCd4lDzQTxuZHw9VXgW9HHydp+Iq +Jz9YVi3tFYmOEb53E0dmILTNY6kZ0aDII/7TWeVAqRjlB3EEZe6/SJT9AoGBANEO +z4zp8xv8blrZx9RgH0HEHN4ydnXXq45So6DyFApv88Z/vyje0D7CUtB1Wqz65tUc +p4w11/xHHMoP0sL/I4UuZyZCs0XlAQaA1h/8yWIlMZuaG/bU3+oUCecAg+FXnVXQ +8/mrRBoICY+6LO7l/9eV0NUOppB/K6RZh/03o57RAoGAaftasgzqr8nZOqqtdhzd +M5GfYCofKiHCMW51VJpCrFQ+r8aLqIDicTYEOd1QJa1aDOftma8qDCPfiseght4r +PO5QtrND6qCEnJgvUP/MpP/EFVfa9FZ27e+fSUlb5kXfrOzd5hs610UdSR+0PHQ+ +wH+qwNzFx+kw7/sbolcSkng= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_16/description.txt b/src/tests/data/x509/bsi/cert_path_ext_16/description.txt new file mode 100644 index 0000000000..85544db808 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_16/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_16 + +Purpose: Checks the behaviour of an application when the intermediate certificate contains a non-critical Name Constraints extension. This path is invalid because this extension must be critical. diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.TC.pem.crt new file mode 100644 index 0000000000..d6de99bc18 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDDAtUZXN0 +IFN1YiBDQTELMAkGA1UEBhMCREUwHhcNMTcwNzI3MDUyNTQ3WhcNMTgwNzI3MTMy +NTQ3WjAfMRAwDgYDVQQDDAdUZXN0IEVFMQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKwmpKT1zS7A8Yx/YFgrtcUfyig9jGBwVA0I +yYIw6wDFp+L/QqT02Z3oQii/xoADbZlyHNZCrJR+7O+3ivcGSCxnYaTbEumFCcpQ +0VPThNG7ZAvOBm+Y7jfy8Wpwbg6LJgjf1d97TOjeUI5/3+JnMd3QzDXqxhuQDhGe +YlGUahv6xGu4et9GhqWELinBH7YrC7Rs1+N7luU8XqhSplrDD7hXuXeVA4lttmck +dT9y5zyQ3zsHDM3XacgZuR12x2u7bdNUpf9VkzSTKMvl34R4/Xp+UoHRkqN1zkEG +Mdn2JML2XnfGFn0wmBzdtqVTv9Oy0jicRtctYAlUlJ1PzPv+1YsCAwEAAaOBjDCB +iTAQBgNVHSAECTAHMAUGAyoDBDAfBgNVHSMEGDAWgBTFAxdfUwgDnER4iRx2Z3PR +7Qwj4TAdBgNVHQ4EFgQU/ISfLHd4jA2xChMZ05c2kZLqW/cwDgYDVR0PAQH/BAQD +AgeAMA8GA1UdEwEB/wQFMAMBAQAwFAYDVR0RBA0wC4IJZHVtbXlob3N0MA0GCSqG +SIb3DQEBCwUAA4IBAQA43OLqa/BmIJM3OxYJGUei2FuFnZSra9FjTo9HJG4BDMVZ +/jbiZwPt4gao5Zluqe1ZurmYLPMaNYnK2+kWcoXgTFtsLlcYgVIv22qTgCAl9xVK +gqzoU2g3Fl/KUa+ZatFjY+6YcyCFSH9xeVRBrXHCXa7iEL8Q3bqTGBOJUYlyd4+0 +LxVJlCJvnX/EAMER6Dm4u/981WjhyDehpI8r968ZQ2n/C/g3KeghtsxbDVcHnukO +PqLB/J5cb0ZbHqIJ10EKJgNoYs8/TdzPNB6hKMX6BYVQhr6chrKxkWxqxAXxEe7Y +zn6JYLOLsrLUW89UHu/mDHlgp6QGJkH+kpnY4pYq +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.pem new file mode 100644 index 0000000000..6f26708498 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCsJqSk9c0uwPGM +f2BYK7XFH8ooPYxgcFQNCMmCMOsAxafi/0Kk9Nmd6EIov8aAA22ZchzWQqyUfuzv +t4r3BkgsZ2Gk2xLphQnKUNFT04TRu2QLzgZvmO438vFqcG4OiyYI39Xfe0zo3lCO +f9/iZzHd0Mw16sYbkA4RnmJRlGob+sRruHrfRoalhC4pwR+2Kwu0bNfje5blPF6o +UqZaww+4V7l3lQOJbbZnJHU/cuc8kN87BwzN12nIGbkddsdru23TVKX/VZM0kyjL +5d+EeP16flKB0ZKjdc5BBjHZ9iTC9l53xhZ9MJgc3balU7/TstI4nEbXLWAJVJSd +T8z7/tWLAgMBAAECggEAE+oZ0cYS3lMOSPp94rVBFHSrpiFjQ89labyX0v+7BR6D +CrdiC5hniY98rR9s5GeBHjxyfuFnpXtUCBxrbvgYZp/u+RXUB5TkSmCJq/DOxJRb +lndW4eyxt2HbRjzgqRNfwFcPHrMyH8jX+M7CJNFbQMBkCeNcLNlqnI8oldddZFmv +lcswGsbE5dHKMQURrG/GUqLxsTnjIQykXdi3VlXSqRcZR6+hyuGT6v+B7cirhGz5 +Ume0AoWbNGCYq0+v3yyUaWaRD8xIC0U+eV7xqP2X99aoTNe9rxpeczOj9LPUYqGg +2mS6bb3PXmvXwjex4gPDeZ44oemEenB+ju3WjNKAAQKBgQDzSeJj6Vvv0qUs1vOD +YGGc9h+5n1OzUJanqtpKlhyIR2VxXEuuoyWuAzhnpMReYwoM0uL6Qi6PPmla2chq +cPIDU+MUDQlf63o8e9F3NM2v/K5FhDTwHHo2ugRQ5/g2RXIF6ZF4HbWpTmdpotmO ++FoEYJk8tF3WQ5mIRC7Kx/sYAQKBgQC1JUEijiG1SMkInMF0H7XjuKz19wu82hSO +7QAP+1BpZxJwIL+aD1GHM0WSg1y6pyysEXt4ZvTWx2wIf7rFpra+2Ux6aOM2XLqW +GITFsNqLWXsK+0TvYBTMGybqeoIsCyLMfRamkuNktqvwghcuo1PvswktP9KncaPf +b0/T1HDNiwKBgQChxoCXBWbQC1cwgOK+eomOMQ+Zg/vJYg48Ad1T+YuRh0BKaCAf +SXdVxehs6uB1DxBwxI6P8RA6yjqOYgDl3qLfWZnHDIAuW0wWChOYW/FmU/SiXy5A +d/9AguM51XZ0yCrxCYZkxAS3R152nQZkDnr1LDLZbepz/tGKDiS7TM2IAQKBgF9U +CLAfrjuR30HqBKCQ447ArD0Q0puDBNimfqbqccnWVUyu30Y7E4OcBtvwx4bu3UJ8 +PMcDH4w8DG14kpjbgEZ1Ypr0wcXlDMhahNzokkpNP8RqsT9sB+XV0CgLap+1CI4m +shndKU/iFiAOxhZkG5MEXCr08G3wDvZRxOfMX8S7AoGAP3cvBXIsLvBu/Z9iMG7e +KVWwonHsFiyiuK0ezscr3/xDChSf7lx1YlEHW8BVy4n+gUstkHcd/aaqSA1OqYEg +i1ehv8QKslktq2On9vUuJeYH07EZGs14D525U3siG9yVkoPgwLAkKmGFQp+j1rgc +2U6ozcr1ct2cJHlnxH35uJA= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..3bec3003b5 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgICUhkwDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1NDZaFw0yMDA3MjcxMzI1 +NDZaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5Kivd/4xVgizsRTSlrunbzax4/7A9w +bvnf+RMN1hJ/SvB/L8wkUWQ62ulFC/ElA4zL5mvEsrlo1SJmrqGaNK9cqubHKimy +SuNLZv2F2QT2PyfqcZpgr6pXPYSEsB8V+X15Ur4EH2fG+7mEb4wkB6VGv+X5jMns +aSwso8cS0diQLukqeMMvbSk4ihegysXqC6X6auWn828QYDObkPRbOyeTXW6Op+Rp +V6dSJhPq68h7FA5Wf6dHZ16zl5Awvw+IumPW1kJHb+7EZ/yQkkIRTzWNmB+QO/bw +lFBtEMiqSwvpjhx/DLSWSpHbqn32HVQgzWJ7T7jgvR5E4yGMFqgK13MCAwEAAaOB +ijCBhzAQBgNVHSAECTAHMAUGAyoDBDAPBgNVHSQECDAGgAEBgQEBMB8GA1UdIwQY +MBaAFMdPGIQtfK+M/IY/TwhCE9klQGpwMB0GA1UdDgQWBBTFAxdfUwgDnER4iRx2 +Z3PR7Qwj4TAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq +hkiG9w0BAQsFAAOCAQEACju/UnI2lb//vwvuozNDn+g+JJzIQn/RIOtboXeMWjlw +2+AG9wztJgdsAxuq9Kw5wBPNdnLCHZ+xALdX/3WUmgPodQUgB7/XKFobZSSePF60 +e5LZGboevIdhCeRe4utpR4EqkXZpbspoVcpOegqyriPrJD3NKuDgNJGlwUWZ0zik +39mh0nbsICsvz+WuIVFpcToPj/YEWaJ+aJW/lkYQL49nd61SUBM+kfaERTmwZrWP +j/sax/RJDwb4hke7UbT4ocWQ2jzzJjdNKKpGI/MvSf9DfVZr8eGYx9PvrFUnrLhD +S1ZJ9oaNNNUqP3NY3jgo+FdwQak4HMyMKwlh8NY7PA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.pem new file mode 100644 index 0000000000..2914c4d135 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/cert_path_ext_17_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOSor3f+MVYIs7 +EU0pa7p282seP+wPcG753/kTDdYSf0rwfy/MJFFkOtrpRQvxJQOMy+ZrxLK5aNUi +Zq6hmjSvXKrmxyopskrjS2b9hdkE9j8n6nGaYK+qVz2EhLAfFfl9eVK+BB9nxvu5 +hG+MJAelRr/l+YzJ7GksLKPHEtHYkC7pKnjDL20pOIoXoMrF6gul+mrlp/NvEGAz +m5D0Wzsnk11ujqfkaVenUiYT6uvIexQOVn+nR2des5eQML8PiLpj1tZCR2/uxGf8 +kJJCEU81jZgfkDv28JRQbRDIqksL6Y4cfwy0lkqR26p99h1UIM1ie0+44L0eROMh +jBaoCtdzAgMBAAECggEAAI0EZ/rIcXMrjAHU0ep+ufiWbaNADx5+vV4SvTFJRA1g +9tlwGDx0ly7tDLhpesBdjQ+yUtFYpNQZ1ZiumLHfuCQoNKuNekUGnCrEYKLt3GyH +6KRgn0fo0CyhdmwgSET3wJUFWoqKRu2qGGm5HoeuGYvh0UxkStm9widwXIS5WLmw +m4IoHCLl4NowkQWUMZv/lqBabgUdtC1SxlWhEENwuGID3nXNTaAZp9bHbf6tYklo +gHsTdngjLGQXlXOypT6aNZ9Hu8R8QzG602gG34BvaFXLfY5M1kmj0LxYjOgE4bC0 +T0yC5D211DHx5GHnP+8oO7kXpIuonU4fT8wE8nptCQKBgQD1dclG4OTPJB/tRJlB +V46k2YevlwCQREAYb4d3/JaCZsJpCqzhlf6rQAjoRmc2Q/HoLKVcf7jVEBRu1dza +imNqNhHxmt8Y5w7LG4CxlJxH3wwd6fPrGWlRxsZ4vqshlBzsyO24ywvtt0o7Xkyl +5fjOgUDQIEm2hjTLzkv2HF44JwKBgQDXJjF6mSMZQ+ZDR9ho+QweNGV728Co9KXt +kcAh5vChmytIimXHJN3T/VMWou9oCfW7Z23tsaZ/+tm11D9FJykJohTUfiCdt0N7 +CMZTeFfnfbTuuZL2xWzHG7NXTer+AenjJnsbOR4CS4n+AT3Az5KKBslSxvXgnNYj +JWrsniVJ1QKBgQCIRXwY/YIJ/eQ7tXnf7NwkaSALO6n0be+noUN0OabVfncwGd0g +4EUijcpkKbHjTpVecGrdj4rtvp+ZaOHT8kB/FsWffHufN6fe2sX30KlyvUHc2aWx +P8pYvCIzpqcbXT8xtdtEXHWi478ydofXEnWvL9LruQEzdA6bl0xUtisYwQKBgQDN +xs/oLHOvhIvFqf/IVvtKIF84GbSpZGUXViHnyxQ33UuGtCgoUpCAY3iG3AwS/AO1 +3HT9tL5FBc4Y5QomwA+2EPnPS1syvcei83+M8jtRQ6A7++4ebDFgNpRPWkz56Sak +hXeVUAnttAYllVZVBbNopJkFvRoKXLdLIkykR5XuiQKBgDm8GOKo7pDNY4KyM6CD +gP8CLX10w14dFyPc1DmE33WzrJVVsQwmrbdowfMn+x2+8t3mjnO1d3WKttacKaJ8 +PettTx66PoGhrQ7VY583cZ/DdsLHGNOdip7fm/rD7/ItacSKDcdWOcsS5iVf4145 +hp591ZX/bu0jUStCp4IRHhni +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_17/description.txt b/src/tests/data/x509/bsi/cert_path_ext_17/description.txt new file mode 100644 index 0000000000..089e5637b1 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_17/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_17 + +Purpose: Checks the behaviour of an application when the intermediate certificate contains a non-critical Policy Constraints extension. This path is invalid because this extension must be critical. diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.TC.pem.crt new file mode 100644 index 0000000000..8faa941c4b --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.TC.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDITCCAgmgAwIBAgICTjIwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UEAwwLVGVz +dCBTdWIgQ0ExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU0OVoXDTE4MDcyNzEz +MjU0OVowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+uhFThvbxc8vWJ2f8BQhW0BytQ32uUZps +RM3tpa+69hGu0E1kyk7sizFBXcazbcnxz9ZqaAyjoq8w4L87zxB6u/CPMKDEIES8 +8hxCSUD0zx4QvRuoi8t4lnn53UOv4/hUHQNep/YW5gAq3vmaf+kb+QNr5Oatu58k +AboDKfX8DpKJycnSdeKAWoEUKwBVVbGLWqXkNRDk+Uuvo8Fg7Q77Tefh81aTUFTi +0JAG4133GSKwfI4316VWN69BHpMrNgm05HKTebn/z0r/c3MMvjXKsju0agjEU64w +8nKSpQXvu4VSic02zRrjez0KdeNm95zlN7c7c+so+kyXSizG/KelAgMBAAGjYzBh +MB8GA1UdIwQYMBaAFKIure3osUOOy1Zt8ZNm86ToP4DoMB0GA1UdDgQWBBQz6tAD +C7ETWqKlblb6yXA31QeVLjAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0TAQH/BAUwAwEB +ADANBgkqhkiG9w0BAQsFAAOCAQEAjqZBOQPwm+NEegQPVklOffHAlO2nRVNym8i9 +xkBGBOFYS3WuIL2M4xSjpnHN1u+4Vu1om11M4/RsvtKEb7NM0+FXAMZdzdiolAAz +C/FLzMX8Frr6CjfcmVUoAEHcFKNAuDH09xo4YneGC9G9vgLcY9WfUyf5Te9O6p4B +ES+kTsoXgYF1pJlrFcPiz+CQ4IeBe0Jr2Kg9GHEUYT3c/oDvcylRwAzk2mPWiIZB +timRjGF65aD5LiDZ7FzN6IMMdOYTjJw66SGqXqOhuNpShsnwMbPDUrJfQ6LMIU61 +cbMfTNOj6DNf/+Y8+LaiQb5WF52jdJDkGpT9LwqOXgsVgmRbJw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.pem new file mode 100644 index 0000000000..f2d97c25c9 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+uhFThvbxc8vW +J2f8BQhW0BytQ32uUZpsRM3tpa+69hGu0E1kyk7sizFBXcazbcnxz9ZqaAyjoq8w +4L87zxB6u/CPMKDEIES88hxCSUD0zx4QvRuoi8t4lnn53UOv4/hUHQNep/YW5gAq +3vmaf+kb+QNr5Oatu58kAboDKfX8DpKJycnSdeKAWoEUKwBVVbGLWqXkNRDk+Uuv +o8Fg7Q77Tefh81aTUFTi0JAG4133GSKwfI4316VWN69BHpMrNgm05HKTebn/z0r/ +c3MMvjXKsju0agjEU64w8nKSpQXvu4VSic02zRrjez0KdeNm95zlN7c7c+so+kyX +SizG/KelAgMBAAECggEAAfOh0OPlo1gExRBoXeV5BUXd1+xy2LFgWLnhhKXv5Oq2 +1YrRig9lpwYUJYUw6IEzicqxkoC1vO8QnFe7nk0YCZOeKWZH46wHIJNyVoP52eMy +9O3CeGVdBOUuGifkHYaxC3qA7Rc1HG4kSynhbBAU0dHCaU28GztZLGEvehIUBPOR +EEGS7nVcrwDZ+PivtzTnPi/86nSGedKQHrC/vUynsxy0RQ97Kd5DjGZQJt7idhol +qorEk1+eMKThRTYcqNzf2xKztaaMPg1sZK9DjTIWJ4etdmn0Uzq9ensyY9iip2Fg +DOFk0hveLxisNfh86txhay45peyUA3Um0nJjBb7fRwKBgQD7VQxQTBisYOuNM1fu +bIZXyM2ZF0Osb6K+vXjlDpaHVTnvYYumOC7lKEcssikmTeIp9eSYuAZ5uzdBpeu9 +DHrjmtKJYAlKCZ8wfjTY5Cha2s40UR9EfGmWbzhh/q25B8Tw7PptKcgNTY0gkhzM +UpB7uQcSkmYEyfEkWIRPfz+9IwKBgQDCRN96jk55Lied5DZMhSin/hA8dkZadtml +PeBI7i/suvUE+N82Mln9U2VBvrt3BTIFbo2OdHTroSix7R/THTDuNhrgHwUv3ovn +kQN4qIA3sNrojCSuRii0vaobU4iCjvVb8XjkE7rSgfgy5jKAfpm97N6zVo18FZQ6 +jljkfskIlwKBgQCfryaWsfKPOzkNyoxYsN0eUzfFx9E4culc9Pcl2YHsVErt+/UF +U/b/o/qsvDmG278RV+i421tJ5pgx/qBryc0eZVTU8Y6VWs2outcK4tN8/j47YTtT +gRR4/ws8v9pSkEwhov9tcjlnslkzU4I2k1K3ORT0SM3GxyOOKytNcxTlLwKBgQCW +U6c+9cmhmeaMFmEyG0RXopC7yKYuMJPAez4IEVBCdnVNUKuhC5t5HMRY+JelxP5t +F5wwZMto3j9YV25t9cO8QV/QmBByd1p5aUxvXKxC6/apRnDH7oBnQ/DSznPu22Lf +r95lVyMU6/+8m0bvCYg8YIP/8HTxVN1r5mTBA57apwKBgF7cz6ovoWvkzdaR7oSC +DPets54LE1Ri3JKUgUwh0NaUaAg6xGLTCwIFFfO74SXMh7Oz4HCTmeTF9brY+wuW +oztrI3Rm9kH5wV9t+hGZ9TCBcOEwFBDZAaQ/j0MVNV+YbybpKzyhcbwC7h6lCz7/ +gm5OW3CB/sPwtIsnNiCNXc4F +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.ca.pem.crt new file mode 100644 index 0000000000..cba1659d8c --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTjCCAjagAwIBAgICUhowDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjYxMzI1NDlaFw0yMDA3MjcxMzI1 +NDlaMCMxFDASBgNVBAMMC1Rlc3QgU3ViIENBMQswCQYDVQQGEwJERTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCFLJmzmejO9iDEac7Lcx7vwJtIcv+A +i/3emB6Woi9JLnWwBeVOgAG1gs2DHBWvrWsxv5CB+udOAwcMXGnw3Oa6MyRZ+sPT +wRVNGtmhEAV0PKMP2nwAnY5J4xhBRADt9G89ApKGTE3ZTj4Yy4soau0YV6+SfOe5 +QcwvH+csEB9VadR/Xui3ju+qEG0lqpaGBUEgt0fj1vABXQly4dVrraP3antW5jr0 +7zhgZfExzvUaZNxhIv1uEdz19UyprnvLYbEZ5GdRJDfdgVBuVQ9u07NSwQXPMBWT +b/vCUHic/QUD3EteYE8AGQ+gkw9zedsPRuqyV7zke4rsHEPOPIGnU9UCAwEAAaOB +jTCBijATBgNVHSABAf8ECTAHMAUGAyoDBDAPBgNVHSQBAf8EBTADgAEAMB8GA1Ud +IwQYMBaAFMdPGIQtfK+M/IY/TwhCE9klQGpwMB0GA1UdDgQWBBSiLq3t6LFDjstW +bfGTZvOk6D+A6DAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAN +BgkqhkiG9w0BAQsFAAOCAQEAIXDrrLzt5W7eNFKM+ZyIJLT47usEIsFYmZY+D+h6 +/d3UD5kRCMKbiptU+TdsKkwTNvfMWq9X34tu/+YgMOlkdOpxshm68iGMPtOA3QKl +ruTIUGdJRmT1TG60euXMHaXnU74cM30BpSFwibzQfnltcPsFwu6hE8O0KRFzbFUO +Ym6/j/P0zV+B36MM2LkceorI6NEbmKtnMQT+0lbBYhmvzlNnhIzZnmy58rX+bTZu +hfo//BX5JLvJS2h3fzRjilLBuQOyCELmW5NQYQwZfgQBw3NZxpBhkj3Gsb4rWlNw +dmUpvhK3aS35VKsV9CuOmBTl/Q56NLj6KM+H/8/f8u61Qg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.pem new file mode 100644 index 0000000000..0a7bfeafcb --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/cert_path_ext_18_sub_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwhSyZs5nozvYg +xGnOy3Me78CbSHL/gIv93pgelqIvSS51sAXlToABtYLNgxwVr61rMb+QgfrnTgMH +DFxp8NzmujMkWfrD08EVTRrZoRAFdDyjD9p8AJ2OSeMYQUQA7fRvPQKShkxN2U4+ +GMuLKGrtGFevknznuUHMLx/nLBAfVWnUf17ot47vqhBtJaqWhgVBILdH49bwAV0J +cuHVa62j92p7VuY69O84YGXxMc71GmTcYSL9bhHc9fVMqa57y2GxGeRnUSQ33YFQ +blUPbtOzUsEFzzAVk2/7wlB4nP0FA9xLXmBPABkPoJMPc3nbD0bqsle85HuK7BxD +zjyBp1PVAgMBAAECggEADV2FWH1BozUpwVEN2oi2BpAhqxWWZiPItb1TvZvV24hf +elgMbOXU3wxBbf0bicV7oc5U/QSSck60/6TJydhhFB6Mvm0KWycei1XYuW9ZWV2z +36bUz1HJRtuaVHJQoKoOZBkgUjwql98Nw7mN49NOG/XytwpQ5xy0T4Omlz1+BQPg +IN+6Jqbm0TA7k32Wz/vtDKXP7FK2bVGNcDCTH3cq3rGQkE+WjOIdrHPRZQocZb+f ++AA2EWUIeMr4R8Eeg1frValngOV1gjpZt3aZ7uzl600QIF6ATxMhQysMEa8LDaR3 +omQ+ceFjJzX/ffFwKjsZV4pJatvrG2Ei7aR16vaRoQKBgQDmilMx+HVcIXPGk9oC ++PqPJ2rZybw0vF2zrZ2eu0XgZzyowdQzlp9XKi+zAsYkevuZn+y0jjmA0XAqJ3ya +/gxkT5JOIupb9JmQR33DVEeC+Gi7mSRm3R0tpkF1ogevkvDnet6WPWHFvUqi5NLv +RZo4xSUlxgV1RvxtwsOyxdd/sQKBgQDEA6FTzzq8lOAaCe/MtrVk21p4Ho0FhSln +qcBEElnkA1AUk5wNlHzO7UaolhJf9kV3hATAe8D30m6rLpi0pOyAH71V6yKIepPZ +aohEeR41hexUTRHuiJ6NDk0fjaMiOqXR3oeJTJ7mW5I4OV5NZcP55h1S2rGyC8JM +93j7NejjZQKBgBFsWNdI+M2qtY5HdE2PNZiGGRw2k+PEbKx8rZHmg2RvSPVUGM6B +Tq+Ov6YeyozNQqCcpo4KxavHqFt3OoKYOqWGIf+HwgCLHuP5kzak8vaiAYBUFZ00 +jtT5YK8cPMp3J3/HGHVwVChWowJmms58iyhJNgKB0b3ITKGa+6FSNHQxAoGAFCxv +eSm12NzVp7hoFsCjMKsmx4AVcYD//uxInnjpCX+RyVxbzkX/BmkDQayYXYoCIkfT +GWBjPt5Ih5O3IbhrotAhc2tM1ZEQEGtXdPymMEoFRbPc6ZjkAI59P4cbSBWTJWNq +vaXGIN1B0kmNPBgCMIEPeYyKh1GQgM1jhS9KNcUCgYEAsBezNeyrU1fb7DlTycw/ +hwsPmFriD6Lr4S7Vdo+RnDLhzIYrgZF+hZRg4B7EQunPMWoR28cRwiin5oPASIVb +5LOI8smcQMN9biPEXhUu42n5Fz0TiwDzFiAAwJ4mmYRpUAO94BZ4ptZryyznNvRp +fbG1kbR0PtVc5sEoP+tbU2Q= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_18/description.txt b/src/tests/data/x509/bsi/cert_path_ext_18/description.txt new file mode 100644 index 0000000000..7f2c3e3b69 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_18/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_18 + +Purpose: Checks the behaviour of an application when the intermediate certificate contains a Policy Constraints extension with requireExplicitPolicy=0 and the target certificate does not have the Certificate Policies extension. This path is invalid because an explicit policy is required but the last certificate in the path renders it impossible. diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.TC.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.TC.pem.crt new file mode 100644 index 0000000000..26d10d0b8f --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.TC.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDOTCCAiGgAwIBAgICTjMwDQYJKoZIhvcNAQELBQAwJjEXMBUGA1UEAwwOVGVz +dCBTdWIgQ0EgTDIxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNzA1MjU1MloXDTE4MDcy +NzEzMjU1MlowHzEQMA4GA1UEAwwHVGVzdCBFRTELMAkGA1UEBhMCREUwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXLBydgzs1NaXY49PdNvE1WIccB03H +w3Idt7crDBD1T0MksHqxDZjCaTtcDyDrxqPVy8zAKOL6Dz0fPV6nlH+nu4oOB2hs +TjROXgAr3eIo4gmQX5KZnk/dSkydVJJajC9jhIlvdna2P0faXh0ChBcHlgcCqXt9 +Lx+wdsnRBQ/wUnUQI5RN4qVUmWgi5/f60Xf+Gd1gu7+U9f8thhRGLvCKf2z6Me3C +DUyuRcs4MKVVPXTX13FBLny4bne+meV0w9VcKI9+oPXyaifzEbsmMUSxMK+HWAmD +1bAthf4aFc+RGLnE6A6akHw4V5nMfdPtOQ5D6QnxXJO46uICFBhkrATZAgMBAAGj +eDB2MB8GA1UdIwQYMBaAFMEN04RhXUVQxBsLng5OBuOIdBjiMB0GA1UdDgQWBBTT +h5Tc/TFMBsPYf8DIn5cEHIwZmzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0gAQH/BAkw +BzAFBgMqAwQwDwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQsFAAOCAQEAXv1Y +w50WNOGTAFe3mUpkpKYc3jBnHNbBQpfuPq4bokwV5/BAkKQVD8ztndARVu8dqpnu +u6gXrXNPXV6TLd3fgvYzuVWCQ/Lvg5ylAL5qZds9NB0zQZ2hX9Djp88wApmcZYVj +QZvovZ42UrK1mIxW0hTPJTqZzBHrkuowSuJUOBL5rOc0eeoBxk3KuGhvxDjXoys8 +74c+z22xlsADHeounzxFfagjcx7KhgXsR+amb/rTZqPFs9XuXhFESsuCg259MGNl +OYZf1bPD7mrFK5ykk6JkUh2ItX+pd5SOhSsQrsHTgBL7MWO3aQqzpS1NjSAYolNM +bOjlToUPKxkQjOYCqQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.pem b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.pem new file mode 100644 index 0000000000..60ae80f828 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_ee.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXLBydgzs1NaXY +49PdNvE1WIccB03Hw3Idt7crDBD1T0MksHqxDZjCaTtcDyDrxqPVy8zAKOL6Dz0f +PV6nlH+nu4oOB2hsTjROXgAr3eIo4gmQX5KZnk/dSkydVJJajC9jhIlvdna2P0fa +Xh0ChBcHlgcCqXt9Lx+wdsnRBQ/wUnUQI5RN4qVUmWgi5/f60Xf+Gd1gu7+U9f8t +hhRGLvCKf2z6Me3CDUyuRcs4MKVVPXTX13FBLny4bne+meV0w9VcKI9+oPXyaifz +EbsmMUSxMK+HWAmD1bAthf4aFc+RGLnE6A6akHw4V5nMfdPtOQ5D6QnxXJO46uIC +FBhkrATZAgMBAAECggEAKCjVw2k7mvwDEva8s3A+d0IpX2gWkobuLNE96NUk8iAD +zFx63cJHpVteJpm1P4QwzmWt9px69ohzFDpQSQ88fyoPw3wK95HmDc1aE1XjkNVV +SyKnWjATwF3ObFvdP/SjoJubShguYmfvqXhAylgsczBDaTIIOA5cSAN3ueELv0LQ +p3sYf5j0+jafeZ6vHP9h83pZwab0Gg4fZcBxug4gmTB3unpifvIIs7kJJ0fSQEXR +022B+Ca4An2GkOA3iAd9epFDP1j7VLhQmldnJE8Hq4L3kgR9biJqUzaOnkLVaEoA +PB2JQJJAzKFDqiOMKzQRZuMpaj2z/aN2p0dyYoE0DQKBgQD/Kusr+mSHZxoDJqXg +bMIFY9zfXIvhv/wOiQRiDwRIpzb+jE15qJ0v6M1nAtjrFlWm1/Fg0aml3dB04aV5 +RR9FSh5AuWlq7cxRKOjJrjkHpAqsdK1O29KQQgaRTw5Gtnk/f9ysonv3WieDtAI2 +usKPuE1f/SjHXgzgwJcDBJ++bQKBgQDX38tiAbkyw6yDhWn5DAG6zOwcpr080DyF +lmNUE4RS0JDPsCgrmAr8JIfa/YUcmFLhnuf0iKPxHEVta6+Cl0CIIxpZOOCGwoz5 +TcXQDlo3/FLl5zuB7jTfxPg8mjE6Jbv84tLVvdg+7NjtDOY92AyckbJ1uNhGiDi7 +WkbuX++snQKBgEU17vPOxtWzMWsJYJSu6zFrFM3A3HAvEr8eiwHN8OuD73a7t4f4 +JCqKiqwWKaAaPsEycVZBiDJlJ9WMHsX16bVxlSMZJ27JcVHSNtH9X5qi9AIy448w +MLzQK9feCZFEjT6b/88Tg2xkF7Oxb6hIn907sEEI+baZ3ARaOJuo9WtBAoGBAI3v +dTgBThVUlo77H0xCWrjJl8zWzMG5YLGsya40DuKsgyoq9p6DH2XdVv3jhqvgc04p +PvWHCdOz9OoWzZUdga6A9ggH34h7Tll0i0VaynLZEmBbAsNRLa6bQWQHNaq3uLxz +HpCufAoTjCWAP7oV3WTsXtwMJxdo5XQ5zT1aEqn5AoGBALys+6FvrwDEs3QkPBqL +aNlgT8rFU9mQvXNxkqDgPz/vyoVGgauM1+ZEAykzLGwV2lIE6TOogLG5Heb2qcXV +Zrf5WfiF+2I9qvusLTAjUqkCFGj/9m6uCJ/2im16acu9OjY1OaX85VJHN/sc3t0X +R7iytdG+ofR7qWZsKVd4x4Mk +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.TA.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.TA.pem.crt new file mode 100644 index 0000000000..a9140cbcad --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.TA.pem.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMRIwEAYDVQQDDAlUZXN0 +IFJvb3QxCzAJBgNVBAYTAkRFMB4XDTE3MDcyNDEzMjQzOVoXDTIyMDcyNzEzMjQz +OVowITESMBAGA1UEAwwJVGVzdCBSb290MQswCQYDVQQGEwJERTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAI9PB4xgmFlKxkbnda4ObABjxIdZ9scX070S +6zCiBOtEVQK9FrNz43z4EqWfjyx+o6/uj/KdCAECqJ/g4iObS/gLKRaEINwTpHXa +cr4XoE5Mr664P+YpEJxQz8LrZTsrGyaGRyNYC6gr6VZ/w977gFMsv6jlbOQ05wm1 +cCgJpj8xBMlARNtC8GsGQ4nXzz3NSrU0whGeRfcP0iWpHheKvkad6+qdgKk1ytL4 +L8dRf9FeD7095twXvSbjASjdgyGkk6R7R2CqcP5r0JgY4HiyXEWI9IW727JtS7lU +8C7ZnE2dnLUnsk19xa/OON02RiotSmHCH0F41rCwJkGNypyJ7+sCAwEAAaNmMGQw +HwYDVR0jBBgwFoAUx08YhC18r4z8hj9PCEIT2SVAanAwHQYDVR0OBBYEFMdPGIQt +fK+M/IY/TwhCE9klQGpwMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ +AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAVLt1+CTl/zT3mSsekJpmZe0zNrsvcYQEx +9PpQ2SgyQnRWnUuBQPdADBmGIWPEH8ljvT+RqafJWDbMhbvwsy6zz5LUjWI+g3qo +BIA7ZLUiI11YSabpWKzLbZbSbxYDyzzidmDaLUpb18k4rUStCvUbkyEY5CfWJOf8 +/F0H/0p2rH4Wp9iFCgtek5stkvVvdIXttdvkyhbfh59E+eDkfOIdEYm1mcKf7BiB +iLXe1bUv1HGg89TTthfgoC1SqKBo3LkCNxbaN0ekH0ZWWmq9oL99Jikjg5RZ9hpS +4ztmjkwZM4bkIEKih4IT5PDB6F2Tna0cWmdaOtf9VO6xBF2CFWLi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.pem b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.pem new file mode 100644 index 0000000000..5ff68e7466 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_root_ca.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCPTweMYJhZSsZG +53WuDmwAY8SHWfbHF9O9EuswogTrRFUCvRazc+N8+BKln48sfqOv7o/ynQgBAqif +4OIjm0v4CykWhCDcE6R12nK+F6BOTK+uuD/mKRCcUM/C62U7KxsmhkcjWAuoK+lW +f8Pe+4BTLL+o5WzkNOcJtXAoCaY/MQTJQETbQvBrBkOJ1889zUq1NMIRnkX3D9Il +qR4Xir5GnevqnYCpNcrS+C/HUX/RXg+9PebcF70m4wEo3YMhpJOke0dgqnD+a9CY +GOB4slxFiPSFu9uybUu5VPAu2ZxNnZy1J7JNfcWvzjjdNkYqLUphwh9BeNawsCZB +jcqcie/rAgMBAAECggEAE3SOA0jn1ejOAzk6uNmyCtmAiEQ2ju/VVIwEIZLqql/u +pJO0HcJZZhFYQrjnMIoJbIHYHqlNOV85h5RO+bjZtupuS7q9//KrYek5U5o/LpzA +QFmOKeUgTABikZqbIHhpKVvoaMwer62Kci5Kkp6VMiAsmDV8CNKFHRnPM02gDrWZ +ETRbxiQESVoHhcGgmAHIM0WEbNQFUcknsiEUOGTO8FnxpALWn5aBnMKaffj6D+aJ +rfQidNGUzlsxAkMjR3neTe3FE+pH269bWkw0qRtPBMv9/NYGb3QvDvjzU/nO2/6C +T3IW2OuuP5k4WHzjQ+ixMMHDuatUzNraYXw3GFpkuQKBgQDCnjr5olfTduH3O6pZ +ddjujUtl5lKkOozbQ5Oswk9I02LcNWZadK5flzzpgkz6SHd4mqeMU2j9OaJYmSEA +h/ux9VDkffx7H191EecKcMTh93v8AUHOv1u8caxmi3ryGcqqzrQKrSx7t60Yy1qc +c5KCUNifavg/hQk6XasJ3cxzowKBgQC8gf/Z/X5N9U6/ON3gsZKStVcJr4KG3Oun +/kOVuh6wvgev4Ug9z5kzIxhwje9FiEUIBHZbCyiOt3/fTI0vxzBlMrDH6tEbz0sm +Lw7h8s8aoYV75CvYx4uyYPRcXGCo5OcjxmprdNXrQRR4seDZZrFsVDbD+YlvMcMO +CziDkQUXGQKBgQCZFdvwByosdaQTVISP8Coeo1f+pKi29DNeOg7MYt/4ugZWj06e +so+DM7S/PTaN3TjUzlojAG1iWtZ/+JvEDjMG7Z+ezBcxRiFRNi7VwJSt5n1JYjfA +iDeByKzC0M55553Ks+NdTpDiFD39deAllqdVCIENDRiO5ne2yH1EuoobHwKBgFv6 +6saJRFnxumzf6JO80ZI4XbHiK8R2g55DGOM0H8mJz+JoAIH4i/5Bv6kb+IZrCZPx +6XZfKXkJ3KEujy2i+eBHLa8+yq3RJhAJoi9p9Ng/vAxJt4NdSrLNUC7I/HksyAPS +yxaHueHCraR+1wH9c9Ex/k79savKEi0GGJtJ5bvxAoGAHMvb16uT7//TQ6d8XgrQ +0gJvsMxtmyW9ehE+2vev1nXZy9quRGD7OnXfgMvVD9axB1fm3yua+CtjZegGYYAH +5v4ZS64n/1WmWxJ5UmNCKjSIYnelkh6vFGnrM7a/+G4T9WK8vcc7ThrlXPMZpDR4 +IQI7esjsMFV2ufSob8ylCb0= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.ca.pem.crt new file mode 100644 index 0000000000..fc18bbd0c8 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.ca.pem.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgICUhswDQYJKoZIhvcNAQELBQAwITESMBAGA1UEAwwJVGVz +dCBSb290MQswCQYDVQQGEwJERTAeFw0xNzA3MjUxMzI1NTFaFw0yMDA3MjcxMzI1 +NTFaMCYxFzAVBgNVBAMMDlRlc3QgU3ViIENBIEwxMQswCQYDVQQGEwJERTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYvXC3539fBtnwA/4+GM2KJGt1o +SYkGFdtJAhUkekxAqFE43c4ki3t6ZLf/YxlJ+Z+9rfvNFjzL+Isg0j9OuWvk8/SR +y9Wg/chbyttoHp27hcBwbMElhNNfMp57xxUYZ+YwOQCmEr+EJxIzLc3u/5XOP0Kz +Xe72HQHdDP8D5Zgh1/dHFY2WBH1JeRPgPfFWI+W0uT3l4E4IKLTAgrpCxEKCwfb7 +//VCqSVRAqMEPyLKi0TRfDfItm0iL+93aPIWuak1W+V4lsnVjnU8+HpTK+rQPgfA +56iaSyoT90GfZOQosyW7Ba8FGZ5UyvyYyn/tjaspvqQzjN1XDMoOGvrGCeUCAwEA +AaOBkDCBjTAfBgNVHSMEGDAWgBTHTxiELXyvjPyGP08IQhPZJUBqcDAdBgNVHQ4E +FgQU5WWjyo3VblawPn6rXlc4mhYD/eEwDgYDVR0PAQH/BAQDAgEGMBMGA1UdIAEB +/wQJMAcwBQYDKgMEMBIGA1UdEwEB/wQIMAYBAf8CAQEwEgYDVR0kAQH/BAgwBoAB +AIEBADANBgkqhkiG9w0BAQsFAAOCAQEAcySwmOlpdXkUd3qt+Yu853UT54VPCThd +aLqafBtV9QkLaNk/+taicJRm6ZeXrE0w+r3frh72b4YAM0+s18guzmjHJmYtzyoq +82YV2QFFlW0QLV5M7HlFhebXSu4mzst77GYmgdcfhw9CZhb89MKCRowbgXyGFGZl +GNcaN0oUTz/KKO/yW8I8B4aI2iKrFMD6X/yhCTYYT+8ocs/r4ZPwTzwQHfD63Yyr +wAyhytrItnF3ecP9BfrMaKNebJUZr/vEfSVNTP60I0h0mFRpFWcVgWPTCPXGhT+z +h2e30QB8aQSFcwV5VifvG+Jd6O3YdEN5yiF2M1sOeQSrvg4vgQqvaQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.pem b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.pem new file mode 100644 index 0000000000..d0af1dde07 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l1.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDGL1wt+d/XwbZ8 +AP+PhjNiiRrdaEmJBhXbSQIVJHpMQKhRON3OJIt7emS3/2MZSfmfva37zRY8y/iL +INI/Trlr5PP0kcvVoP3IW8rbaB6du4XAcGzBJYTTXzKee8cVGGfmMDkAphK/hCcS +My3N7v+Vzj9Cs13u9h0B3Qz/A+WYIdf3RxWNlgR9SXkT4D3xViPltLk95eBOCCi0 +wIK6QsRCgsH2+//1QqklUQKjBD8iyotE0Xw3yLZtIi/vd2jyFrmpNVvleJbJ1Y51 +PPh6Uyvq0D4HwOeomksqE/dBn2TkKLMluwWvBRmeVMr8mMp/7Y2rKb6kM4zdVwzK +Dhr6xgnlAgMBAAECggEABI169x1p3Hl5OTEGrePd01Il+VcXdVvb7a0oLJcpbg4A +L9l4Eu+4+o2tuaJWwvJ1lwtS71lfPOdMntmSqtyims1oI0KkJZSsr8kYCGFEbsgr +gueyP9+eRQLHVWevg5cLb/jEnnSyMo8VHLBrSXNHkMfroRsgucgSk4Ph9AvBXvTB +r29QcwsNa8gQ6OtGeyNjA2aKWwl7wGRmLQh/cUEGMtV26Bbfhf2xiFI5KRzgv7yO +D+c5sVaNwpuj2fgiloSs1Q2z7/LTEerlvuXM+kkRApNII32yllKI/xVLTyi2wG3/ +Fa/7WnTHLX0xUkhZSt9SD5ZaeAkGsZIP26G+UiMRkwKBgQD1y54DsXF7dwXhxkxA +NWSOzSrf9VUcZltUnyA9l5gvmHBW3kWIxtJtKLKjweLDB7xVCJnyzGwB6uom+FGC +HQYIG7nRYJ8433E8vmGR7nXaH8EiinHoKzEwKfTrGH8eScgKlPfDjsBOMfCpi25f +GAY/MgjMZzG8zCroZwMyEiC2zwKBgQDOabnseYRyGM0J1GQOU/wZbPStZi4tGQwK +goJYu4pzXCoZNirtC19lY8qVvwfU7ww0oH5X7RArQZ6T9QZZVI2H2mvQS8FNdxuu +2QcfdCLRIaV5ZFcPz4VHRs9Qx/FGJ00Z3jTBVDHP4laPNYlgOv4wTmCeK7+ghgid +gnu90rqhCwKBgQDHXj9vM3Ce+q30scmLk0NbaSNLwU0l2ghenSujieDRSk5kx6mT +BeIM1KQBm/R4yT+DoZRtkk5RR+Bhd611YmFQFl0kbcD4epT49lth6RACuxsHD1DR +RqeBL6cPQjFpueLeYnKNVq65Ply8yPHfhDcc71KfqVx4jQqIs3WuGXIblQKBgQDC +0PjhH2QJSC0lbOeuukfDO5nHmxxUBkLeHIWn+AHZlZBKUVy8dDJqgIAxS6a5q5FK +jnwQwrezC/D+1pFSeMJICbgeVZGxaoyfP0lAv50o42fJphGh44x4VHXRWZT4UJmt +o5MJMUz+VzK5YZ8ySxukPiVkxAfOGxNAjmn6JE1vNwKBgQCSmStJeyfKDsjwsLka +WZfu4t2IRwhbhlfx9I+Zlo+W0QBp9uAgaMU2Kl5JmHRCpv5M7nOEo7mFJzqjkBAb +/VbwD4T0IQe7VwNr1O/g5ZIcYzPo0hqieE1Te2lYvN6/NUzOTTtPxU6uROizB8UU +bN6twW7zpQsJ6g8rF0sRNl37RA== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.ca.pem.crt b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.ca.pem.crt new file mode 100644 index 0000000000..5d2281a41e --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.ca.pem.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYDCCAkigAwIBAgICVgMwDQYJKoZIhvcNAQELBQAwJjEXMBUGA1UEAwwOVGVz +dCBTdWIgQ0EgTDExCzAJBgNVBAYTAkRFMB4XDTE3MDcyNjEzMjU1MVoXDTE5MDcy +NzEzMjU1MVowJjEXMBUGA1UEAwwOVGVzdCBTdWIgQ0EgTDIxCzAJBgNVBAYTAkRF +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjnbvnWP+qxoOn/Z2ipf ++8/S5tRHyyZar9pUfk6iFn+MQbJk9SNteyin5Ed/oJhaC5GRtXaEFeovqNaWjpWr +vBJd3wMQVVJon/JirABTR/pDOdcbc4KOxi/NKTBC9UQXpsLnUUcYcOijD1FY5XLd +tK2QLLn9ZGeN/SdoUQQrv28lMRMkAFDOc3oQ9kXRAXb1HQohd/tGQiE7Tbb1BpSl +5tDXOKauMp5fUNq908SdE66NOxHT5ZqRjKtnP0WptMdv//WZLqiaIH+WsrWBPKnG +r10CTGo0tBjY17yunbikAs3qag2nG0B5n7r+9CoBDtRvMGMdmW4CZiar3byvSuv6 +4wIDAQABo4GXMIGUMB8GA1UdIwQYMBaAFOVlo8qN1W5WsD5+q15XOJoWA/3hMB0G +A1UdDgQWBBTBDdOEYV1FUMQbC54OTgbjiHQY4jAOBgNVHQ8BAf8EBAMCAQYwEwYD +VR0gAQH/BAkwBzAFBgMqAwQwEgYDVR0TAQH/BAgwBgEB/wIBADAZBgNVHSEBAf8E +DzANMAsGAyoDBAYELQYHCDANBgkqhkiG9w0BAQsFAAOCAQEAFa/4PazczC+cUA9m +/HKDoOwN12P7X6sUxD7xVVUsc66/AKpHol8GitaIryCpH3RG8O2f6yAi7cpLzwed +KSwKs/cU8PB4mxgAJx0e5gDhTFpDQm4vj4dtFdkUl0j7v9GA+ZpZcCIlTF2sKEkg +PJxEFbXs9hjlI5wQfMUhUz3Hxts8w1HNrriYUABlYqNxENC7Wul94Rqa8qa5ON7w +/wzN2suM2uzo/Kq11lHumAKJsrw97kRssJIvMcdeiTs8J+zx2BBcPadQBqYz30pS +B46pHIaW8CBwTO2R3Zo7XM/ZtHQXk708vLzZjgj4TTpYLHXKGw2Hrffo/nPYtKcj ++bGWFw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.pem b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.pem new file mode 100644 index 0000000000..5585b32eac --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/cert_path_ext_19_sub_ca_l2.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqOdu+dY/6rGg6 +f9naKl/7z9Lm1EfLJlqv2lR+TqIWf4xBsmT1I217KKfkR3+gmFoLkZG1doQV6i+o +1paOlau8El3fAxBVUmif8mKsAFNH+kM51xtzgo7GL80pMEL1RBemwudRRxhw6KMP +UVjlct20rZAsuf1kZ439J2hRBCu/byUxEyQAUM5zehD2RdEBdvUdCiF3+0ZCITtN +tvUGlKXm0Nc4pq4ynl9Q2r3TxJ0Tro07EdPlmpGMq2c/Ram0x2//9ZkuqJogf5ay +tYE8qcavXQJMajS0GNjXvK6duKQCzepqDacbQHmfuv70KgEO1G8wYx2ZbgJmJqvd +vK9K6/rjAgMBAAECggEAGxebTCxMzoIrEohvpUPSQ/MXJ2rIxGHl1BAlG3crX/ZL +3dblL4jEb3IQiooAm5Az4Jx5+s4ShqRfknkYvDfA/e1UaF6F9nZntXEv2B0zJAUG +Nwnv0goI7C0Gc5Q9S+ja9M0XYL22e53i+diiE96cv5lSFXRCinzawdxIQ4Cs78of +l3eV5AOsbkMjH0cAo2+tvWgtraZXJZ24hbvSNl2LvmPTdFFoDicwKHK5uWBwgaLC +wv0qGzIJqMWe+61bo/8qGPx2eq0BoYLHG9uw5aYwL9f1NkKXYKsXV4T0GpBOXlEf +HFrvsW6r/lVfONcYLxWFxjC9SlCfGQQ0h7NIIyyecQKBgQDhF4GjK4nC7rKHzcRm +jgtWqWt5ozdygPI11LLMXGMxiFPY1igfp2cKcwk/aq78ZZYC5kHewx8NEWcn/eHu +fw9tQ7ykp1jDsAbTEG53BqEXGEkT251NAp/mfxvxNeNWLJrErtRarGrFLS9/eaAL +yutl+/H9EboklgYoY9I5B29jsQKBgQDBmbFgWHOJkz8A7qEN6VTWnfvR/RbczMif +dYwU4NUuUuPJCT7k8om0LW1/7f7K+pEJ6gBRaLjhLKKJXoOkZnqjOIut+aKqA+5G +bCCcZUDbhaYDLKkUoDgdcRQBRIedEnRAI/+brK/+6XkppSm8LEUaDHXaJomUj1AN +knB5Ey3Q0wKBgBUNz9BlWCNllEljk8VL7/+RJT5hZ+RL71vdo0O+OID/kWgsz9/2 +FotBq1HFNszg66ElzG97rMHaKN3yv1lBhT3hIhn8lS7onhrL5Kk5c4Pnf55d4l67 +qh0zMnfjZHpA/dD70V0R14LN8S1pQPEZb99AK6hSKikV50mL3LP84AxhAoGBAIew +XcaGF+xLnHPdzFmAuSp2reFefmCg0tgYPecAMcn25JmpdkBm0SbMVBu+xb6j4XXO +YQyt1i5T51NaP+/At6GgZx23gk+g06bd7/lNaiixwkolShgft1TDRV8iFd576ahu +0p7caLnED1yl2tt9N61rIEqWigTqcRQiF9x0Gb9rAoGAT98G6jErKan9QIs2JPAu +Pr6Y/10YB0u9oXTg/AtiPyrkTiiYjCmAn+InVSq8X2c/0MX8Hrt3/mqKq41UE0lD +OLoRfFNAosy1NJMepxE7B5oBUFfotAQkp/4tO7iAQZpM1HN6rJG/w610KcVfj0eM +UXkHny3cEbCVb3o48GZX3x8= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/src/tests/data/x509/bsi/cert_path_ext_19/description.txt b/src/tests/data/x509/bsi/cert_path_ext_19/description.txt new file mode 100644 index 0000000000..eb506729c0 --- /dev/null +++ b/src/tests/data/x509/bsi/cert_path_ext_19/description.txt @@ -0,0 +1,3 @@ +Test Case: CERT_PATH_EXT_19 + +Purpose: Checks the behaviour of an application when the first intermediate certificate in a certification path of length 3 contains a Policy Constraints extension with inhibitPolicyMapping=0 and requireExplicitPolicy=0. The next certificate in the path has a Policy Mappings extension which maps the only valid policy of the path to another policy. Every certificate has the same policy. This path is invalid because the inhibited policy mapping renders it impossible to have a valid policy. diff --git a/src/tests/data/x509/bsi/expected.txt b/src/tests/data/x509/bsi/expected.txt new file mode 100644 index 0000000000..6b609a2014 --- /dev/null +++ b/src/tests/data/x509/bsi/expected.txt @@ -0,0 +1,54 @@ +cert_path_algo_strength_01$Hash function used is considered too weak for security +cert_path_algo_strength_02$Hash function used is considered too weak for security +cert_path_algo_strength_03$Signature error +cert_path_common_01$Verified +cert_path_common_02$Cannot establish trust +cert_path_common_03$Invalid argument Decoding error: CERTIFICATE decoding failed: Invalid argument Decoding error: X.509 Certificate had differing algorithm identifers in inner and outer ID fields +cert_path_common_04$Certificate signed with unknown/unavailable algorithm +cert_path_common_05$Invalid argument Decoding error: CERTIFICATE decoding failed: Invalid argument Decoding error: BER: Value truncated +cert_path_common_06$Warning: Certificate serial number is negative +cert_path_common_07$Certificate is not yet valid +cert_path_common_08$Certificate has expired +cert_path_common_09$Certificate is not yet valid +cert_path_common_10$Certificate has expired +cert_path_common_11$Invalid argument Decoding error: CERTIFICATE decoding failed: Invalid argument Decoding error: Unknown X.509 cert version 5 +cert_path_common_12$Warning: Distinguished name too long +cert_path_common_13$Verified +cert_path_common_14$Verified +cert_path_CRL_01$No revocation data +cert_path_CRL_02$Certificate is revoked +cert_path_CRL_03$Certificate is revoked +cert_path_CRL_04$CRL bad signature +cert_path_CRL_05$Certificate is revoked +cert_path_CRL_06$Certificate is revoked +cert_path_CRL_07$Certificate is revoked +cert_path_CRL_08$CRL response is not yet valid +cert_path_CRL_09$CRL has expired +cert_path_CRL_10$Certificate is revoked +cert_path_CRL_11$Certificate is revoked +cert_path_CRL_12$No revocation data +cert_path_CRL_13$No CRL with matching distribution point for certificate +cert_path_CRL_14$Invalid argument Decoding error: X509 CRL decoding failed: Invalid argument Decoding error: BER: Tag mismatch when decoding got 65280/65280 expected 3/0 +cert_path_CRL_15$No CRL with matching distribution point for certificate +cert_path_CRL_16$Certificate is revoked +cert_path_crypt_01$Signature error +cert_path_crypt_02$Signature error +cert_path_ext_01$Encountered extension in certificate with version < 3 +cert_path_ext_02$Encountered extension in certificate with version < 3 +cert_path_ext_03$Verified +cert_path_ext_04$Unknown critical extension encountered +cert_path_ext_05$Duplicate certificate extension encountered +cert_path_ext_06$CA certificate not allowed to issue certs +cert_path_ext_07$CA certificate not allowed to issue certs +cert_path_ext_08$Certificate chain too long +cert_path_ext_09$Verified +cert_path_ext_10$Invalid argument Decoding error: CERTIFICATE decoding failed: Invalid argument Decoding error: Decoding X.509 extension 2.5.29.15 failed failed with exception Invalid argument Decoding error: BER: Bad tag for usage constraint: 16/32 +cert_path_ext_11$CA certificate not allowed to issue certs +cert_path_ext_12$Certificate contains duplicate policy +cert_path_ext_13$Unknown critical extension encountered +cert_path_ext_14$Unknown critical extension encountered +cert_path_ext_15$Certificate does not pass name constraint +cert_path_ext_16$Certificate does not pass name constraint +#cert_path_ext_17$ +cert_path_ext_18$Unknown critical extension encountered +cert_path_ext_19$Unknown critical extension encountered diff --git a/src/tests/data/x509/bsi/readme.txt b/src/tests/data/x509/bsi/readme.txt new file mode 100644 index 0000000000..2895eb5977 --- /dev/null +++ b/src/tests/data/x509/bsi/readme.txt @@ -0,0 +1,14 @@ +The test cases were developed during a project with the German BSI. + +Each test case contains +* An end certificate that is to be validated: contains "TC" in its certificate file name +* A trusted CA certificate: contains "TA" in its certificate file name +* A set of sub CA certificates that may or may not be needed to construct a patht from TC to TA +* A description.txt file that explains what the is meant to be tested + +expected.txt contains the status code that is expected as the path validation +output for each test case. The expected output may also be the message string +of an exception. + +Certificate revocation lists must be checked if and only if the test directory +has "CRL" in its filename. \ No newline at end of file diff --git a/src/tests/data/x509/pss_certs/03/end.crt b/src/tests/data/x509/pss_certs/03/end.crt index f6298057d8..f726924f0c 100644 --- a/src/tests/data/x509/pss_certs/03/end.crt +++ b/src/tests/data/x509/pss_certs/03/end.crt @@ -1,53 +1,53 @@ ------BEGIN CERTIFICATE----- -MIIErDCCA2CgAwIBAgIGAVyhUN7SMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD -BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBoMQ8wDQYD -VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh -bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1h -bnkwIBcNOTkxMjMxMjMwMDAwWhgPMjA5OTEyMzEyMzAwMDBaMGoxETAPBgNVBAMM -CFBTUy1DZXJ0MRQwEgYDVQQLDAtCb3Rhbi1UZXN0czEOMAwGA1UECgwFQm90YW4x -DzANBgNVBAcMBkJvY2h1bTEMMAoGA1UECAwDTlJXMRAwDgYDVQQGEwdHZXJtYW55 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodW01rU/fvHj0hzb/BbR -uB+XW+Hu63eVygItU8qP7XJc4DSMW+uCy8BAMQ1/V+fAiKC343tTooGItmXcGrq5 -UcR9OROv5iyb5JVnwOx6Q0AZKM92ySBMuysh2TQwhuOMfPylwTC5ufOrk+Lt7KgJ -PKPe8MTFkG5OUOhwZudcYTijE6FFSMJ0AfSlQw/BsIG1Vs55dOrsqHjHtrmpehnm -NeET39j7nm6QZjJ2tVZr++rpy2mz5FJ7aiIxwER7Zy6QNojvAUiOj0A9LlTwZGZS -fc3mfST4HJfiriI5zC4RrwtdJ/xwgLS5Z3Mr67afguVkAsPk7mb8q2FkqKn79M4T -dQIDAQABo4HvMIHsMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMIGXBgNV -HSMEgY8wgYyAFHnlihwNezCz/0+QfDeNJjPHHUlOoWykajBoMQ8wDQYDVQQDDAZQ -U1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0G -A1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1hbnmCBgFc -oKxc1DATBgNVHREEDDAKgghQU1MtQ2VydDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqG -SIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCGxhXlQLdsOi/fPED9RG4h -0W2S6zNiAlOnCnwgw/Jo9JoPEEknKKohIc5RfRdB5oPijiVBBtBnxQIfCaPSULf4 -KDVLC8wNLFb8N1VB0N/A7Uju6+5AHMu5Yq4ka5RFxTvB1zXfCnxkezma5EHsuGBM -nKJ6AnlvhpoPjNOgizKr06/qUoeLWPbDl2rFdtEoTjW/dpct2jBGZ3KWIcyJcW0o -+Nunz+HlQc5Wjvpz2SqiF1B+m3ffv1Ehgrrk8nKe3KbGpxT2A40fWDGDJfsGssSH -7y1ZSXQlofDnFMBo1k9nHlzK7+5rpBYX9rnfev9p7VghDx9KuHa6WyU7MC97r+N9 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEeTCCAy2gAwIBAgIGAVygrFzUMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD -BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBoMQ8wDQYD -VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh -bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1h -bnkwIBcNOTkxMjMxMjMwMDAwWhgPMjA5OTEyMzEyMzAwMDBaMGgxDzANBgNVBAMM -BlBTUy1DQTEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8w -DQYDVQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzEQMA4GA1UEBhMHR2VybWFueTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZpazi/xuB2EDdsNCln3XAz -njxyuwsGetZ4PK9OfEoxaDznFIv8Ll/MV2nO8tG5BiUzxw1KbfOFJOFKFaT1r7Y6 -/ipzOEAN+0ixx8c2PQWTs5oc1k4yJmhf8UpWHmqfyH4dXNqgJG2n3+3m8pK4D/G2 -ciE+fPaSHpJF1I0lQ+g+zKHoq2J1HR0KOz6hQBMSOxNe557GGecgKPwsnI7cJMFS -CRUtA3njIhxcPNMix332NLz6Hi3H5TxPA+o3Y/Demfs/quauM3hb7M/DyLZ9k3no -IUsQiSCZC8JyUkHTJAoRlL5FHPWP4CkKQ7CBF8evaiVm/RBZfI2CZ1ygTXaNOW8C -AwEAAaOBvjCBuzAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zCBlwYD -VR0jBIGPMIGMgBR55YocDXsws/9PkHw3jSYzxx1JTqFspGowaDEPMA0GA1UEAwwG -UFNTLUNBMRQwEgYDVQQLDAtCb3Rhbi1UZXN0czEOMAwGA1UECgwFQm90YW4xDzAN -BgNVBAcMBkJvY2h1bTEMMAoGA1UECAwDTlJXMRAwDgYDVQQGEwdHZXJtYW55ggYB -XKCsXNQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3 -DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQAtcKFeatctcgDoJdx5nPK5JLrp -cQL09M1DEDvmw+qlo9z9hUI60cD8r351jMQ2aMV+ba0NT/El2P7WWumRpW+7gkAu -uUwlnybtBTF7J2aDoA/M+vN6AkuWlJUc3A5TnsKQE1KkLmENp8ofD8UgUZjlQP8H -JBQ7YnPzdpCdh1yI1uOn6rxYkFq5BR+Wqj6wI9oYMTPSiZFhTnC1zYC1wJuJRR70 -imkMHZsJ3Ov4vMCBfnkf7ONte/HUcc14VW8q/vmiGONfER/JXm1D+bJHwZGBerHC -4s369aikQMYGi3mav6GIUQOPrnPCQpOmocl0QsG/QTcKJot1K4kDR3uwAsOy ------END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEnTCCA1GgAwIBAgIGAWAB9W4PMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD +BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBjMQ8wDQYD +VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh +bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMCAX +DTAwMTIzMTIzMDAwMFoYDzIwOTgxMjMxMjMwMDAwWjBlMREwDwYDVQQDDAhQU1Mt +Q2VydDEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8wDQYD +VQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxW+LMi18HK+SRoKI3m2d3sMnI0GH5UbaI +q3l5RdxFD0iUdiBVI6trbxPcDSNVovPOs2Y5C0tO1Wh6E9weU4Qck/oB3hn0XI9y +cyWzgdj/tTfE4/2P96Mo5jRi1AsM3GXGsKmuKULCYItjuGeEbz31tMmaOCQ8o41a +8eQrYljFWgWkEMUa1AmjoTTzR5WjkuHUtpUFvSjFk7+ZNRFv+WxvZ8KB9Zdb/HDJ +XIKdOL5CuL+3iSQn0yZM3iU5kTxkTjCC8jcCNTe3s/VsAX/ij5+jmU8ln/sAqOGC +lGmIlZcYi7ojw53Wvvw8duNFZPyK1PoI5UVINeK2uSW2vt33Ot9fAgMBAAGjgeow +gecwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwgZIGA1UdIwSBijCBh4AU +NvWUOAnGk/vcVjyy75iIFkmxn1yhZ6RlMGMxDzANBgNVBAMMBlBTUy1DQTEUMBIG +A1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8wDQYDVQQHDAZCb2No +dW0xDDAKBgNVBAgMA05SVzELMAkGA1UEBhMCREWCBgFgAfJIKTATBgNVHREEDDAK +gghQU1MtQ2VydDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQQYJKoZI +hvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgB +ZQMEAgEFAKIDAgEgA4IBAQAIvskMuvUUlpCj6aAg1p8+CuMPWTyfjayqiJ+8IDIp +up51n4H5IpAhnp4MsXQ3oySsXSe7RmgkOFTrei8U2B9v+nf2ebCOjEl//cgEHMqC +pVAJUcaiG/TL2RhZjzAXebk7R4Wia1ZXKiMLvFk84aVbSFfdb1S+RnwqpAMC+VAy +Qb3GzShRSDUkk1TiuujBdKa/mnv2Qs2OBHcjD6elXVnp+bYbsvET1uizRaQ8yEOD +DnZhzEGxWsZKsnsApJt/iEZnK5bdLeS7FCp15BgPlphNjvFV6lO75Tv4x1JGsHZl +FFYJzCWCZd1Egp5c5zMAC/PRjRUQ04sAmynOHEs0jp2T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEajCCAx6gAwIBAgIGAWAB8kgpMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD +BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBjMQ8wDQYD +VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh +bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMCAX +DTk5MTIzMTIzMDAwMFoYDzIwOTkxMjMxMjMwMDAwWjBjMQ8wDQYDVQQDDAZQU1Mt +Q0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UE +BwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6QT4bJpuTGy2+eG1h4O22XQwCWz2wAmerQd +xK1oFeXzfOUR0cnpGBDvhIzprK7Ino0SKuV9WBDCw8wQakx45Y1YNoQJ7Y816B1d +cu2IsRX5T+CwAC5awJIMOYKN+izb7ad5ZvOBKZbr0I0kTut7ZtKJS67IUH/RqxXY +KsOLOkTtpiTKGMLMUPOjFgbhVxzn8z9p8zgwNbrSXlUVazsov3JfB6xVQRu6wNSw +i1K9c3NmJPD+jN+F2Ga1Y1bhEI2GJUBsulg5nfJ9y+p5Xez8OsqM3vMZ9ukhl0l9 +UwHxebwzRKL/yad3iXiPAV7a2tluZs2WgnlHlTTMSVBDTgzVgQIDAQABo4G5MIG2 +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MIGSBgNVHSMEgYowgYeA +FDb1lDgJxpP73FY8su+YiBZJsZ9coWekZTBjMQ8wDQYDVQQDDAZQU1MtQ0ExFDAS +BgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UEBwwGQm9j +aHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFggYBYAHySCkwQQYJKoZIhvcN +AQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQME +AgEFAKIDAgEgA4IBAQAj45MXBTbkT7M07h+EFBnjCTZ7SriCw3nhZAjSqK35EjGH +l66YRr/oaqgyWaL67TBDNG0yUtW42chOXmbvgwryvKganUjJsOmaYqOng1V4C6N2 +2ld+pMvQSLG1q6O1lfJLKRMKfbEuwoza8CiBXqzrKFA1LIc8RgWQ83pyGSsdK6yq +fpExGBDk8tZI5pVLiSfINcqStr+tSt8egrkD4O437li0paALfL719jVjH3vL6L+T +dZ89ty1Pv30bvipPe0SUGtiUiNEvdR+ia8WJtjKq18mKwklPH/DmhS5IuNawwoo5 +XXNV7igmlyKvO+yoa67HNw1w0d4tRCEQJnM38zuV +-----END CERTIFICATE----- diff --git a/src/tests/data/x509/pss_certs/03/root.crt b/src/tests/data/x509/pss_certs/03/root.crt index deb03ade9c..253e616bfa 100644 --- a/src/tests/data/x509/pss_certs/03/root.crt +++ b/src/tests/data/x509/pss_certs/03/root.crt @@ -1,26 +1,26 @@ ------BEGIN CERTIFICATE----- -MIIEeTCCAy2gAwIBAgIGAVygrFzUMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD -BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBoMQ8wDQYD -VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh -bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1h -bnkwIBcNOTkxMjMxMjMwMDAwWhgPMjA5OTEyMzEyMzAwMDBaMGgxDzANBgNVBAMM -BlBTUy1DQTEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8w -DQYDVQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzEQMA4GA1UEBhMHR2VybWFueTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZpazi/xuB2EDdsNCln3XAz -njxyuwsGetZ4PK9OfEoxaDznFIv8Ll/MV2nO8tG5BiUzxw1KbfOFJOFKFaT1r7Y6 -/ipzOEAN+0ixx8c2PQWTs5oc1k4yJmhf8UpWHmqfyH4dXNqgJG2n3+3m8pK4D/G2 -ciE+fPaSHpJF1I0lQ+g+zKHoq2J1HR0KOz6hQBMSOxNe557GGecgKPwsnI7cJMFS -CRUtA3njIhxcPNMix332NLz6Hi3H5TxPA+o3Y/Demfs/quauM3hb7M/DyLZ9k3no -IUsQiSCZC8JyUkHTJAoRlL5FHPWP4CkKQ7CBF8evaiVm/RBZfI2CZ1ygTXaNOW8C -AwEAAaOBvjCBuzAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zCBlwYD -VR0jBIGPMIGMgBR55YocDXsws/9PkHw3jSYzxx1JTqFspGowaDEPMA0GA1UEAwwG -UFNTLUNBMRQwEgYDVQQLDAtCb3Rhbi1UZXN0czEOMAwGA1UECgwFQm90YW4xDzAN -BgNVBAcMBkJvY2h1bTEMMAoGA1UECAwDTlJXMRAwDgYDVQQGEwdHZXJtYW55ggYB -XKCsXNQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3 -DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQAtcKFeatctcgDoJdx5nPK5JLrp -cQL09M1DEDvmw+qlo9z9hUI60cD8r351jMQ2aMV+ba0NT/El2P7WWumRpW+7gkAu -uUwlnybtBTF7J2aDoA/M+vN6AkuWlJUc3A5TnsKQE1KkLmENp8ofD8UgUZjlQP8H -JBQ7YnPzdpCdh1yI1uOn6rxYkFq5BR+Wqj6wI9oYMTPSiZFhTnC1zYC1wJuJRR70 -imkMHZsJ3Ov4vMCBfnkf7ONte/HUcc14VW8q/vmiGONfER/JXm1D+bJHwZGBerHC -4s369aikQMYGi3mav6GIUQOPrnPCQpOmocl0QsG/QTcKJot1K4kDR3uwAsOy ------END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEajCCAx6gAwIBAgIGAWAB8kgpMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD +BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBjMQ8wDQYD +VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh +bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMCAX +DTk5MTIzMTIzMDAwMFoYDzIwOTkxMjMxMjMwMDAwWjBjMQ8wDQYDVQQDDAZQU1Mt +Q0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UE +BwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6QT4bJpuTGy2+eG1h4O22XQwCWz2wAmerQd +xK1oFeXzfOUR0cnpGBDvhIzprK7Ino0SKuV9WBDCw8wQakx45Y1YNoQJ7Y816B1d +cu2IsRX5T+CwAC5awJIMOYKN+izb7ad5ZvOBKZbr0I0kTut7ZtKJS67IUH/RqxXY +KsOLOkTtpiTKGMLMUPOjFgbhVxzn8z9p8zgwNbrSXlUVazsov3JfB6xVQRu6wNSw +i1K9c3NmJPD+jN+F2Ga1Y1bhEI2GJUBsulg5nfJ9y+p5Xez8OsqM3vMZ9ukhl0l9 +UwHxebwzRKL/yad3iXiPAV7a2tluZs2WgnlHlTTMSVBDTgzVgQIDAQABo4G5MIG2 +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MIGSBgNVHSMEgYowgYeA +FDb1lDgJxpP73FY8su+YiBZJsZ9coWekZTBjMQ8wDQYDVQQDDAZQU1MtQ0ExFDAS +BgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UEBwwGQm9j +aHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFggYBYAHySCkwQQYJKoZIhvcN +AQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQME +AgEFAKIDAgEgA4IBAQAj45MXBTbkT7M07h+EFBnjCTZ7SriCw3nhZAjSqK35EjGH +l66YRr/oaqgyWaL67TBDNG0yUtW42chOXmbvgwryvKganUjJsOmaYqOng1V4C6N2 +2ld+pMvQSLG1q6O1lfJLKRMKfbEuwoza8CiBXqzrKFA1LIc8RgWQ83pyGSsdK6yq +fpExGBDk8tZI5pVLiSfINcqStr+tSt8egrkD4O437li0paALfL719jVjH3vL6L+T +dZ89ty1Pv30bvipPe0SUGtiUiNEvdR+ia8WJtjKq18mKwklPH/DmhS5IuNawwoo5 +XXNV7igmlyKvO+yoa67HNw1w0d4tRCEQJnM38zuV +-----END CERTIFICATE----- diff --git a/src/tests/data/x509/pss_certs/04/end.crt b/src/tests/data/x509/pss_certs/04/end.crt index b4269b27fd..e83a40df8b 100644 --- a/src/tests/data/x509/pss_certs/04/end.crt +++ b/src/tests/data/x509/pss_certs/04/end.crt @@ -1,54 +1,53 @@ ------BEGIN CERTIFICATE----- -MIIErzCCA2OgAwIBAgIGAVyhu3riMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD -BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBoMQ8wDQYD -VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh -bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1h -bnkwIBcNOTkxMjMxMjMwMDAwWhgPMjA5OTEyMzEyMzAwMDBaMG8xFjAUBgNVBAMM -DVBTUy1EaXNrLUNlcnQxFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVC -b3RhbjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dl -cm1hbnkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCViOl2DheS1Fks -/IJDP+IYawWWtEh7RAJRd5wz1oSoK0i4I8Yg12JzkFuhypIUOQlT92woDN+nIwc/ -+Ifl8LelowIjZNkdL+oERP++SOzQu6r1lXlIHDS9hEcNF/40YhyKKMxCwTa9KqGO -qAWiPfXu6uFKQlPMorFwY/t3gbDdWAcNQl4XRSjQEk7fnZO2N4mSpCWxB1BuMRPE -UAe3beuzSi5jGEDHXXNBk5imk3FfzJ7MctnYU0agWW4fuMJ/zmNLPQ/FMklST6cK -nweA5pMuJyTw2gHTnReOR5i9J0WuHu1r3QuwBVg2eWiavIdonYTw9xqagaCv4EJO -umkxlsJPAgMBAAGjge0wgeowDgYDVR0PAQH/BAQDAgUgMAwGA1UdEwEB/wQCMAAw -gZcGA1UdIwSBjzCBjIAUeeWKHA17MLP/T5B8N40mM8cdSU6hbKRqMGgxDzANBgNV -BAMMBlBTUy1DQTEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFu -MQ8wDQYDVQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzEQMA4GA1UEBhMHR2VybWFu -eYIGAVygrFzUMBgGA1UdEQQRMA+CDVBTUy1EaXNrLUNlcnQwFgYDVR0lBA8wDQYL -KwYBBAGB630NAQEwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoG -CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQB19KCooYqEpGrYD8Go -cUlSq31F8nUWfcO2cm5qDg3D74LXfrMqIDxB7ZFkkaR72bBUsOvKlgnklPvIq/iG -8ELCIgY13XWt9xmzkXMw08Y0CKZq5JmZDP3C9SB2l4lhDVPpqI+tOfzDBPk+g/Mp -t6fF+j3V2ZYB0iYN/iNoyX0gldpQeJc4JE3VSOKixFW+SALFZm1aHMVEGBJwWBnp -VAF2LRB6cVKn26eHdU9B2Cxc7puqQX/VPjoY+OtMv9IugQVAd1aeb0Fj86f2yFhc -FVlS/4Zf7EllJtIsXJXVyhbc6AR3Phvf2Bl2PkUAKLEZ9b7WTNfXdv3cmSmsOo20 -aWDg ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEeTCCAy2gAwIBAgIGAVygrFzUMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD -BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBoMQ8wDQYD -VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh -bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1h -bnkwIBcNOTkxMjMxMjMwMDAwWhgPMjA5OTEyMzEyMzAwMDBaMGgxDzANBgNVBAMM -BlBTUy1DQTEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8w -DQYDVQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzEQMA4GA1UEBhMHR2VybWFueTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZpazi/xuB2EDdsNCln3XAz -njxyuwsGetZ4PK9OfEoxaDznFIv8Ll/MV2nO8tG5BiUzxw1KbfOFJOFKFaT1r7Y6 -/ipzOEAN+0ixx8c2PQWTs5oc1k4yJmhf8UpWHmqfyH4dXNqgJG2n3+3m8pK4D/G2 -ciE+fPaSHpJF1I0lQ+g+zKHoq2J1HR0KOz6hQBMSOxNe557GGecgKPwsnI7cJMFS -CRUtA3njIhxcPNMix332NLz6Hi3H5TxPA+o3Y/Demfs/quauM3hb7M/DyLZ9k3no -IUsQiSCZC8JyUkHTJAoRlL5FHPWP4CkKQ7CBF8evaiVm/RBZfI2CZ1ygTXaNOW8C -AwEAAaOBvjCBuzAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zCBlwYD -VR0jBIGPMIGMgBR55YocDXsws/9PkHw3jSYzxx1JTqFspGowaDEPMA0GA1UEAwwG -UFNTLUNBMRQwEgYDVQQLDAtCb3Rhbi1UZXN0czEOMAwGA1UECgwFQm90YW4xDzAN -BgNVBAcMBkJvY2h1bTEMMAoGA1UECAwDTlJXMRAwDgYDVQQGEwdHZXJtYW55ggYB -XKCsXNQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3 -DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQAtcKFeatctcgDoJdx5nPK5JLrp -cQL09M1DEDvmw+qlo9z9hUI60cD8r351jMQ2aMV+ba0NT/El2P7WWumRpW+7gkAu -uUwlnybtBTF7J2aDoA/M+vN6AkuWlJUc3A5TnsKQE1KkLmENp8ofD8UgUZjlQP8H -JBQ7YnPzdpCdh1yI1uOn6rxYkFq5BR+Wqj6wI9oYMTPSiZFhTnC1zYC1wJuJRR70 -imkMHZsJ3Ov4vMCBfnkf7ONte/HUcc14VW8q/vmiGONfER/JXm1D+bJHwZGBerHC -4s369aikQMYGi3mav6GIUQOPrnPCQpOmocl0QsG/QTcKJot1K4kDR3uwAsOy ------END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEljCCA0qgAwIBAgIGAWAB9gf1MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD +BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBjMQ8wDQYD +VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh +bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMCAX +DTAwMTIzMTIzMDAwMFoYDzIwOTgxMjMxMjMwMDAwWjBlMREwDwYDVQQDDAhQU1Mt +Q2VydDEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8wDQYD +VQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzELMAkGA1UEBhMCREUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCD9AimnF+OhedVEzGPoKdkMufi7LD9TAWH +hmpUYe7bHEd5m5IPg3CognneOuPKSMipg2TIyuEeV8XgD/TwGJHyeoVWjqQThq0S +vi4nQI5SS3pqTpyguPDzvUaHepbKf9/LnhWHFngFrv1GRG5dvJrwMumED5VrIEdK +Hb2GfG6P67nOIekZfnv6JMwHOjuiJ6rlKVtPDoXqdm4knl8k064QldyWG3ZmP5Dz +K1KouRsb1Dyf/kmiY0dUopGe7236wtYAZFj2RJByFV+QbCV6+hUk8qaiw6W3JApv +jltztIZuz4Y63Cz6m5ROb8f0osl/3Vq4tniOvfMovUoFVjzcHAhdAgMBAAGjgeMw +geAwDgYDVR0PAQH/BAQDAgUgMAwGA1UdEwEB/wQCMAAwgZIGA1UdIwSBijCBh4AU +NvWUOAnGk/vcVjyy75iIFkmxn1yhZ6RlMGMxDzANBgNVBAMMBlBTUy1DQTEUMBIG +A1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8wDQYDVQQHDAZCb2No +dW0xDDAKBgNVBAgMA05SVzELMAkGA1UEBhMCREWCBgFgAfJIKTATBgNVHREEDDAK +gghQU1MtQ2VydDAWBgNVHSUEDzANBgsrBgEEAYHrfQ0BATBBBgkqhkiG9w0BAQow +NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA +ogMCASADggEBAGcIe3q6jTKjSGrD2xi512DUnZEPhqxrU7lUiXc+Q86QUQmr070R +jy8g5uMHGe+/UUFbA0CMpopQgk6tIB1mfm6x5dX2SaQ6wgnEUx3FaSSVDQQGab/0 +Fb142s+2I3gt28uLr40YGZuRYz4GKdgZdC4D1+KR6ef9vRNdCfgwVCAUJFmuplSf +yQo3/rufmV7PUS8M2q+/GYehoR/h8fX1TKCpeQQMrA8LLvt+FCF6J4xrwf9F5O+p +lIDNFHhvKeN7ORLy+Xvxy3E9CD0pqbxn7CrAd/Arl3GCGAjELfncWaP7qV72RmkG +LHNDGT/zvvX+TU3R1Q7eI5fiIL/OJvGn5/w= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEajCCAx6gAwIBAgIGAWAB8kgpMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD +BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBjMQ8wDQYD +VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh +bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMCAX +DTk5MTIzMTIzMDAwMFoYDzIwOTkxMjMxMjMwMDAwWjBjMQ8wDQYDVQQDDAZQU1Mt +Q0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UE +BwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6QT4bJpuTGy2+eG1h4O22XQwCWz2wAmerQd +xK1oFeXzfOUR0cnpGBDvhIzprK7Ino0SKuV9WBDCw8wQakx45Y1YNoQJ7Y816B1d +cu2IsRX5T+CwAC5awJIMOYKN+izb7ad5ZvOBKZbr0I0kTut7ZtKJS67IUH/RqxXY +KsOLOkTtpiTKGMLMUPOjFgbhVxzn8z9p8zgwNbrSXlUVazsov3JfB6xVQRu6wNSw +i1K9c3NmJPD+jN+F2Ga1Y1bhEI2GJUBsulg5nfJ9y+p5Xez8OsqM3vMZ9ukhl0l9 +UwHxebwzRKL/yad3iXiPAV7a2tluZs2WgnlHlTTMSVBDTgzVgQIDAQABo4G5MIG2 +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MIGSBgNVHSMEgYowgYeA +FDb1lDgJxpP73FY8su+YiBZJsZ9coWekZTBjMQ8wDQYDVQQDDAZQU1MtQ0ExFDAS +BgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UEBwwGQm9j +aHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFggYBYAHySCkwQQYJKoZIhvcN +AQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQME +AgEFAKIDAgEgA4IBAQAj45MXBTbkT7M07h+EFBnjCTZ7SriCw3nhZAjSqK35EjGH +l66YRr/oaqgyWaL67TBDNG0yUtW42chOXmbvgwryvKganUjJsOmaYqOng1V4C6N2 +2ld+pMvQSLG1q6O1lfJLKRMKfbEuwoza8CiBXqzrKFA1LIc8RgWQ83pyGSsdK6yq +fpExGBDk8tZI5pVLiSfINcqStr+tSt8egrkD4O437li0paALfL719jVjH3vL6L+T +dZ89ty1Pv30bvipPe0SUGtiUiNEvdR+ia8WJtjKq18mKwklPH/DmhS5IuNawwoo5 +XXNV7igmlyKvO+yoa67HNw1w0d4tRCEQJnM38zuV +-----END CERTIFICATE----- diff --git a/src/tests/data/x509/pss_certs/04/root.crt b/src/tests/data/x509/pss_certs/04/root.crt index deb03ade9c..253e616bfa 100644 --- a/src/tests/data/x509/pss_certs/04/root.crt +++ b/src/tests/data/x509/pss_certs/04/root.crt @@ -1,26 +1,26 @@ ------BEGIN CERTIFICATE----- -MIIEeTCCAy2gAwIBAgIGAVygrFzUMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD -BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBoMQ8wDQYD -VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh -bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxEDAOBgNVBAYTB0dlcm1h -bnkwIBcNOTkxMjMxMjMwMDAwWhgPMjA5OTEyMzEyMzAwMDBaMGgxDzANBgNVBAMM -BlBTUy1DQTEUMBIGA1UECwwLQm90YW4tVGVzdHMxDjAMBgNVBAoMBUJvdGFuMQ8w -DQYDVQQHDAZCb2NodW0xDDAKBgNVBAgMA05SVzEQMA4GA1UEBhMHR2VybWFueTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZpazi/xuB2EDdsNCln3XAz -njxyuwsGetZ4PK9OfEoxaDznFIv8Ll/MV2nO8tG5BiUzxw1KbfOFJOFKFaT1r7Y6 -/ipzOEAN+0ixx8c2PQWTs5oc1k4yJmhf8UpWHmqfyH4dXNqgJG2n3+3m8pK4D/G2 -ciE+fPaSHpJF1I0lQ+g+zKHoq2J1HR0KOz6hQBMSOxNe557GGecgKPwsnI7cJMFS -CRUtA3njIhxcPNMix332NLz6Hi3H5TxPA+o3Y/Demfs/quauM3hb7M/DyLZ9k3no -IUsQiSCZC8JyUkHTJAoRlL5FHPWP4CkKQ7CBF8evaiVm/RBZfI2CZ1ygTXaNOW8C -AwEAAaOBvjCBuzAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zCBlwYD -VR0jBIGPMIGMgBR55YocDXsws/9PkHw3jSYzxx1JTqFspGowaDEPMA0GA1UEAwwG -UFNTLUNBMRQwEgYDVQQLDAtCb3Rhbi1UZXN0czEOMAwGA1UECgwFQm90YW4xDzAN -BgNVBAcMBkJvY2h1bTEMMAoGA1UECAwDTlJXMRAwDgYDVQQGEwdHZXJtYW55ggYB -XKCsXNQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3 -DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQAtcKFeatctcgDoJdx5nPK5JLrp -cQL09M1DEDvmw+qlo9z9hUI60cD8r351jMQ2aMV+ba0NT/El2P7WWumRpW+7gkAu -uUwlnybtBTF7J2aDoA/M+vN6AkuWlJUc3A5TnsKQE1KkLmENp8ofD8UgUZjlQP8H -JBQ7YnPzdpCdh1yI1uOn6rxYkFq5BR+Wqj6wI9oYMTPSiZFhTnC1zYC1wJuJRR70 -imkMHZsJ3Ov4vMCBfnkf7ONte/HUcc14VW8q/vmiGONfER/JXm1D+bJHwZGBerHC -4s369aikQMYGi3mav6GIUQOPrnPCQpOmocl0QsG/QTcKJot1K4kDR3uwAsOy ------END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEajCCAx6gAwIBAgIGAWAB8kgpMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUD +BAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDBjMQ8wDQYD +VQQDDAZQU1MtQ0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3Rh +bjEPMA0GA1UEBwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMCAX +DTk5MTIzMTIzMDAwMFoYDzIwOTkxMjMxMjMwMDAwWjBjMQ8wDQYDVQQDDAZQU1Mt +Q0ExFDASBgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UE +BwwGQm9jaHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6QT4bJpuTGy2+eG1h4O22XQwCWz2wAmerQd +xK1oFeXzfOUR0cnpGBDvhIzprK7Ino0SKuV9WBDCw8wQakx45Y1YNoQJ7Y816B1d +cu2IsRX5T+CwAC5awJIMOYKN+izb7ad5ZvOBKZbr0I0kTut7ZtKJS67IUH/RqxXY +KsOLOkTtpiTKGMLMUPOjFgbhVxzn8z9p8zgwNbrSXlUVazsov3JfB6xVQRu6wNSw +i1K9c3NmJPD+jN+F2Ga1Y1bhEI2GJUBsulg5nfJ9y+p5Xez8OsqM3vMZ9ukhl0l9 +UwHxebwzRKL/yad3iXiPAV7a2tluZs2WgnlHlTTMSVBDTgzVgQIDAQABo4G5MIG2 +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MIGSBgNVHSMEgYowgYeA +FDb1lDgJxpP73FY8su+YiBZJsZ9coWekZTBjMQ8wDQYDVQQDDAZQU1MtQ0ExFDAS +BgNVBAsMC0JvdGFuLVRlc3RzMQ4wDAYDVQQKDAVCb3RhbjEPMA0GA1UEBwwGQm9j +aHVtMQwwCgYDVQQIDANOUlcxCzAJBgNVBAYTAkRFggYBYAHySCkwQQYJKoZIhvcN +AQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQME +AgEFAKIDAgEgA4IBAQAj45MXBTbkT7M07h+EFBnjCTZ7SriCw3nhZAjSqK35EjGH +l66YRr/oaqgyWaL67TBDNG0yUtW42chOXmbvgwryvKganUjJsOmaYqOng1V4C6N2 +2ld+pMvQSLG1q6O1lfJLKRMKfbEuwoza8CiBXqzrKFA1LIc8RgWQ83pyGSsdK6yq +fpExGBDk8tZI5pVLiSfINcqStr+tSt8egrkD4O437li0paALfL719jVjH3vL6L+T +dZ89ty1Pv30bvipPe0SUGtiUiNEvdR+ia8WJtjKq18mKwklPH/DmhS5IuNawwoo5 +XXNV7igmlyKvO+yoa67HNw1w0d4tRCEQJnM38zuV +-----END CERTIFICATE----- diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index 9b3848f21a..ea69e05c2b 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -216,6 +216,73 @@ Test::Result test_certstor_sqlite3_all_subjects_test(const std::vector& certsandkeys) + { + Test::Result result("Certificate Store SQLITE3 - Find all certs"); + try + { + auto& rng = Test::rng(); + const std::string passwd(reinterpret_cast(rng.random_vec(8).data()), 8); + // Just create a database in memory for testing (https://sqlite.org/inmemorydb.html) + Botan::Certificate_Store_In_SQLite store(":memory:", passwd, rng); + + for(const auto& a : certsandkeys) + { + store.insert_cert(a.certificate); + } + + for(const auto& a : certsandkeys) + { + auto res_vec = store.find_all_certs(a.certificate.subject_dn(), a.certificate.subject_key_id()); + if(res_vec.size() != 1) + { + result.test_failure("SQLITE all lookup error"); + return result; + } + else + { + std::stringstream a_ss; + a_ss << a.certificate.subject_dn(); + std::stringstream res_ss; + res_ss << res_vec.at(0)->subject_dn(); + result.test_eq("Check subject " + a_ss.str(), a_ss.str(), res_ss.str()); + } + } + + Botan::X509_Certificate same_dn_1 = Botan::X509_Certificate( + "./src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_sub_ca.ca.pem.crt"); + Botan::X509_Certificate same_dn_2 = Botan::X509_Certificate( + "./src/tests/data/x509/bsi/cert_path_common_14/cert_path_common_14_wrong_sub_ca.ca.pem.crt"); + + store.insert_cert(same_dn_1); + store.insert_cert(same_dn_2); + auto res_vec = store.find_all_certs(same_dn_1.subject_dn(), {}); + + if(res_vec.size() != 2) + { + result.test_failure("SQLITE all lookup error (duplicate) " + std::to_string(res_vec.size())); + return result; + } + else + { + std::stringstream cert_ss; + cert_ss << same_dn_1.subject_dn(); + std::stringstream res_ss; + res_ss << res_vec.at(0)->subject_dn(); + result.test_eq("Check subject " + cert_ss.str(), cert_ss.str(), res_ss.str()); + res_ss.str(""); + res_ss << res_vec.at(1)->subject_dn(); + result.test_eq("Check subject " + cert_ss.str(), cert_ss.str(), res_ss.str()); + } + } + catch(const std::exception& e) + { + result.test_failure(e.what()); + return result; + } + return result; + } + #endif Test::Result test_certstor_find_hash_subject(const std::vector& certsandkeys) @@ -329,6 +396,7 @@ class Certstor_Tests final : public Test results.push_back(test_certstor_sqlite3_insert_find_remove_test(certsandkeys)); results.push_back(test_certstor_sqlite3_crl_test(certsandkeys)); results.push_back(test_certstor_sqlite3_all_subjects_test(certsandkeys)); + results.push_back(test_certstor_sqlite3_find_all_certs_test(certsandkeys)); #endif return results; } diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 2ac4a3fcea..7ea0f5b04e 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -16,10 +16,13 @@ #include #endif +#include + #include #include #include #include +#include namespace Botan_Tests { @@ -27,7 +30,7 @@ namespace { #if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) -std::map read_results(const std::string& results_file) +std::map read_results(const std::string& results_file, const char delim = ':') { std::ifstream in(results_file); if(!in.good()) @@ -49,7 +52,7 @@ std::map read_results(const std::string& results_file) continue; } - std::vector parts = Botan::split_on(line, ':'); + std::vector parts = Botan::split_on(line, delim); if(parts.size() != 2) { @@ -451,6 +454,177 @@ std::vector PSS_Path_Validation_Tests::run() BOTAN_REGISTER_TEST("x509_path_rsa_pss", PSS_Path_Validation_Tests); +// The certificates in this test suite are signed using EMSA_PKCS1 +#ifdef BOTAN_HAS_EMSA_PKCS1 + +class BSI_Path_Validation_Tests final : public Test + { + public: + std::vector run() override; + }; + +std::vector BSI_Path_Validation_Tests::run() + { + std::vector results; + + const std::string bsi_test_dir = Test::data_dir() + "/x509/bsi"; + + try + { + // Do nothing, just test filesystem access + Botan::get_files_recursive(bsi_test_dir); + } + catch (Botan::No_Filesystem_Access&) + { + Test::Result result("BSI path validation"); + result.test_note("Skipping due to missing filesystem access"); + results.push_back(result); + return results; + } + + std::map expected = read_results( + Test::data_file("/x509/bsi/expected.txt"), '$'); + + for (auto& i : expected) + { + const std::string test_name = i.first; + const std::string expected_result = i.second; + + const std::string test_dir = bsi_test_dir + "/" + test_name; + + Test::Result result("BSI path validation"); + result.start_timer(); + + const std::vector all_files = + Botan::get_files_recursive(test_dir); + + if (all_files.empty()) + { + result.test_failure("No test files found in " + test_dir); + results.push_back(result); + continue; + } + + Botan::Certificate_Store_In_Memory trusted; + std::vector certs; + + auto validation_time = + Botan::calendar_point(2017, 8, 19, 12, 0, 0).to_std_timepoint(); + + // By convention: if CRL is a substring if the directory name, + // we need to check the CRLs + bool use_crl = false; + if (test_dir.find("CRL") != std::string::npos) + { + use_crl = true; + } + + try + { + for (auto const& file : all_files) + { + // found a trust anchor + if (file.find("TA") != std::string::npos) + { + trusted.add_certificate(Botan::X509_Certificate(file)); + } + // found the target certificate. It needs to be at the front of certs + else if (file.find("TC") != std::string::npos) + { + certs.insert(certs.begin(), Botan::X509_Certificate(file)); + } + // found a certificate that might be part of a valid certificate chain to the trust anchor + else if (file.find(".crt") != std::string::npos) + { + certs.push_back(Botan::X509_Certificate(file)); + } + else if (file.find(".crl") != std::string::npos) + { + trusted.add_crl(Botan::X509_CRL(file)); + } + } + + Botan::Path_Validation_Restrictions restrictions(use_crl, 79, + use_crl); + + /* + * Following the test document, the test are executed 16 times with + * randomly chosen order of the available certificates. However, the target + * certificate needs to stay in front. + * For certain test, the order in which the certificates are given to + * the validation function may be relevant, i.e. if issuer DNs are + * ambiguous. + */ + for (int i = 0; i < 16; i++) + { + std::random_shuffle(++(certs.begin()), certs.end()); + + Botan::Path_Validation_Result validation_result = + Botan::x509_path_validate(certs, restrictions, trusted, "", + Botan::Usage_Type::UNSPECIFIED, validation_time); + + // We expect to be warned + if(expected_result.find("Warning: ") == 0) + { + std::string stripped = expected_result.substr(std::string("Warning: ").size()); + bool found_warning = false; + for(const auto& warning_set : validation_result.warnings()) + { + for(const auto& warning : warning_set) + { + std::string warning_str(Botan::to_string(warning)); + if(stripped == warning_str) + { + result.test_eq(test_name + " path validation result", + warning_str, stripped); + found_warning = true; + } + } + } + if(!found_warning) + { + result.test_failure(test_name,"Did not receive the expected warning: " + stripped); + } + } + else + { + result.test_eq(test_name + " path validation result", + validation_result.result_string(), expected_result); + } + + + } + } + + /* Some certificates are rejected when executing the X509_Certificate constructor + * by throwing a Decoding_Error exception. + */ + catch (const Botan::Decoding_Error& d) + { + result.test_eq(test_name + " path validation result", d.what(), + expected_result); + } + catch (const Botan::X509_CRL::X509_CRL_Error& e) + { + result.test_eq(test_name + " path validation result", e.what(), + expected_result); + } + catch (const std::exception& e) + { + result.test_failure(test_name, e.what()); + } + + result.end_timer(); + results.push_back(result); + } + + return results; + } + +BOTAN_REGISTER_TEST("x509_path_bsi", BSI_Path_Validation_Tests); + +#endif + #endif } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index da5439a05e..97411a6cb3 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -127,7 +127,11 @@ Test::Result test_cert_status_strings() Botan::Certificate_Status_Code::VALID_CRL_CHECKED, Botan::Certificate_Status_Code::OCSP_NO_HTTP, + Botan::Certificate_Status_Code::CERT_SERIAL_NEGATIVE, + Botan::Certificate_Status_Code::DN_TOO_LONG, + Botan::Certificate_Status_Code::SIGNATURE_METHOD_TOO_WEAK, + Botan::Certificate_Status_Code::NO_MATCHING_CRLDP, Botan::Certificate_Status_Code::UNTRUSTED_HASH, Botan::Certificate_Status_Code::NO_REVOCATION_DATA, Botan::Certificate_Status_Code::CERT_NOT_YET_VALID, @@ -142,6 +146,7 @@ Test::Result test_cert_status_strings() Botan::Certificate_Status_Code::CHAIN_LACKS_TRUST_ROOT, Botan::Certificate_Status_Code::CHAIN_NAME_MISMATCH, Botan::Certificate_Status_Code::POLICY_ERROR, + Botan::Certificate_Status_Code::DUPLICATE_CERT_POLICY, Botan::Certificate_Status_Code::INVALID_USAGE, Botan::Certificate_Status_Code::CERT_CHAIN_TOO_LONG, Botan::Certificate_Status_Code::CA_CERT_NOT_FOR_CERT_ISSUER, @@ -151,6 +156,8 @@ Test::Result test_cert_status_strings() Botan::Certificate_Status_Code::OCSP_BAD_STATUS, Botan::Certificate_Status_Code::CERT_NAME_NOMATCH, Botan::Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION, + Botan::Certificate_Status_Code::DUPLICATE_CERT_EXTENSION, + Botan::Certificate_Status_Code::EXT_IN_V1_V2_CERT, Botan::Certificate_Status_Code::OCSP_SIGNATURE_ERROR, Botan::Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND, Botan::Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE, @@ -159,6 +166,8 @@ Test::Result test_cert_status_strings() Botan::Certificate_Status_Code::CRL_BAD_SIGNATURE, Botan::Certificate_Status_Code::SIGNATURE_ERROR, Botan::Certificate_Status_Code::CERT_PUBKEY_INVALID, + Botan::Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN, + Botan::Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS, }; for(const auto code : codes) From 502570f103bd86808ff15bde84d2b3f7161ff5f3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 20 Dec 2017 09:22:53 -0500 Subject: [PATCH 0394/1008] Note deprecation of X509_Certificate info access via subject_info --- doc/manual/deprecated.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 3c768d1cbe..ff3db83f8f 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -19,6 +19,11 @@ in the source. - The TLS constructors taking `std::function` for callbacks. Instead use the TLS::Callbacks interface. +- Using ``X509_Certificate::subject_info`` and ``issuer_info`` to access any + information that is not included in the DN or subject alternative name. Prefer + using the specific accessor functions for other data, eg instead of + ``cert.subject_info("X509.Certificate.serial")`` use ``cert.serial_number()``. + - The Buffered_Computation base class. In a future release the class will be removed, and all of member functions instead declared directly on MessageAuthenticationCode and HashFunction. So this only affects you if you From c556cac5b6fc366502ed7f255fcc99918ce152c8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 20 Dec 2017 09:42:36 -0500 Subject: [PATCH 0395/1008] Fix some shadow and unused parameter warnings --- src/lib/utils/socket/socket.cpp | 4 ++-- src/lib/x509/x509_ext.cpp | 10 ++++++---- src/lib/x509/x509path.cpp | 4 ++-- src/tests/test_x509_path.cpp | 2 +- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index f263531ddd..e7ed7e7e5e 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -238,12 +238,12 @@ class BSD_Socket final : public OS::Socket int active = 0; if(nonblocking_connect_in_progress()) { - struct timeval timeout = make_timeout_tv(); + struct timeval timeout_tv = make_timeout_tv(); fd_set write_set; FD_ZERO(&write_set); FD_SET(m_socket, &write_set); - active = ::select(m_socket + 1, nullptr, &write_set, nullptr, &timeout); + active = ::select(m_socket + 1, nullptr, &write_set, nullptr, &timeout_tv); if(active) { diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index d98818a4c1..afb79f6bfc 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -728,10 +728,12 @@ void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const info.add("X509v3.CertificatePolicies", m_oids[i].as_string()); } -void Certificate_Policies::validate(const X509_Certificate& subject, const X509_Certificate& issuer, - const std::vector>& cert_path, - std::vector>& cert_status, - size_t pos) +void Certificate_Policies::validate( + const X509_Certificate& /*subject*/, + const X509_Certificate& /*issuer*/, + const std::vector>& /*cert_path*/, + std::vector>& cert_status, + size_t pos) { std::set oid_set(m_oids.begin(), m_oids.end()); if(oid_set.size() != m_oids.size()) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 88fd578b25..1ee4385fd1 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -717,9 +717,9 @@ PKIX::build_all_certificate_paths(std::vector(nullptr),false}); - for(const auto trusted : trusted_issuers) + for(const auto trusted_cert : trusted_issuers) { - stack.push_back({trusted,true}); + stack.push_back({trusted_cert,true}); } for(const auto misc : misc_issuers) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 7ea0f5b04e..49f9374754 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -555,7 +555,7 @@ std::vector BSI_Path_Validation_Tests::run() * the validation function may be relevant, i.e. if issuer DNs are * ambiguous. */ - for (int i = 0; i < 16; i++) + for (size_t r = 0; r < 16; r++) { std::random_shuffle(++(certs.begin()), certs.end()); From 3be143169362a3da6d997dcc0ca2cdd61dcbec93 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 20 Dec 2017 09:52:27 -0500 Subject: [PATCH 0396/1008] Update news --- news.rst | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/news.rst b/news.rst index 791ae4977d..6731f2e01c 100644 --- a/news.rst +++ b/news.rst @@ -31,7 +31,23 @@ Version 2.4.0, Not Yet Released ``Private_Key::fingerprint_private`` should be used if this is required. (GH #1357) -* XMSS signatures now are multithreaded for improved performance (GH #1267) +* ECC certificates generated by Botan used an invalid encoding for the + parameters field, which was rejected by some certificate validation libraries + notably BouncyCastle. (GH #1367) + +* Loading an ECC key which used OID encoding for the domain parameters, then + saving it, would result in a key using the explicit parameters encoding. + Now the OID encoding is retained. (GH #1365) + +* Correct various problems in certificate path validation that arose when + multiple paths could be constructed leading to a trusted root but due to + other constraints only some of them validated. (GH #1363) + +* It is now possible for certificate validation to return warning indicators, + such as that the distinguished name is not within allowed limits or that a + certificate with a negative serial number was observed. (GH #1363 #1359) + +* XMSS signatures now are multi-threaded for improved performance (GH #1267) * Fix a bug that caused the TLS peer cert list to be empty on a resumed session. (GH #1303 #1342) @@ -44,7 +60,7 @@ Version 2.4.0, Not Yet Released Found with tlsfuzzer. (GH #1316) * Fix several bugs related to sending the wrong TLS alert type in various error - scenarious, caught with tlsfuzzer. + scenarios, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various @@ -110,7 +126,7 @@ Version 2.4.0, Not Yet Released custom implementations of signature schemes, eg when offloading the computations to another device. (GH #1332) -* Use a direct calculation for calender computations instead of relying on +* Use a direct calculation for calendar computations instead of relying on non-portable operating system interfaces. (GH #1336) * Fix a bug in the amalgamation generation which could cause build failures on From 646ed79e273f8b51dd2071ac045522f3e0736a40 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 20 Dec 2017 10:03:11 -0500 Subject: [PATCH 0397/1008] Avoid test failures when PKCSv1.5 signatures are disabled in build --- src/tests/test_name_constraint.cpp | 2 +- src/tests/test_ocsp.cpp | 2 +- src/tests/test_x509_path.cpp | 7 +------ src/tests/unit_x509.cpp | 16 ++++++++++++++-- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/tests/test_name_constraint.cpp b/src/tests/test_name_constraint.cpp index 93fb66a6bd..3d01d84c76 100644 --- a/src/tests/test_name_constraint.cpp +++ b/src/tests/test_name_constraint.cpp @@ -17,7 +17,7 @@ namespace Botan_Tests { namespace { -#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) +#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) class Name_Constraint_Tests final : public Test { diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index ef4c5634b8..2839d9ef5a 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -16,7 +16,7 @@ namespace Botan_Tests { -#if defined(BOTAN_HAS_OCSP) && defined(BOTAN_HAS_RSA) +#if defined(BOTAN_HAS_OCSP) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) class OCSP_Tests final : public Test { diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 49f9374754..912610ab15 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -28,7 +28,7 @@ namespace Botan_Tests { namespace { -#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) +#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) std::map read_results(const std::string& results_file, const char delim = ':') { @@ -454,9 +454,6 @@ std::vector PSS_Path_Validation_Tests::run() BOTAN_REGISTER_TEST("x509_path_rsa_pss", PSS_Path_Validation_Tests); -// The certificates in this test suite are signed using EMSA_PKCS1 -#ifdef BOTAN_HAS_EMSA_PKCS1 - class BSI_Path_Validation_Tests final : public Test { public: @@ -625,8 +622,6 @@ BOTAN_REGISTER_TEST("x509_path_bsi", BSI_Path_Validation_Tests); #endif -#endif - } } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 97411a6cb3..a8849292a2 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -374,6 +374,7 @@ Test::Result test_crl_dn_name() // See GH #1252 +#if defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) const Botan::OID dc_oid("0.9.2342.19200300.100.1.25"); Botan::X509_Certificate cert(Test::data_file("x509/misc/opcuactt_ca.der")); @@ -388,6 +389,7 @@ Test::Result test_crl_dn_name() result.confirm("contains DC component", crl.issuer_dn().get_attributes().count(dc_oid) == 1); +#endif return result; } @@ -1231,8 +1233,13 @@ class X509_Cert_Unit_Tests final : public Test Test::Result self_issued_result("X509 Self Issued"); Test::Result extensions_result("X509 Extensions"); - for(const auto& algo : sig_algos) + for(const std::string& algo : sig_algos) { +#if !defined(BOTAN_HAS_EMSA_PKCS1) + if(algo == "RSA") + continue; +#endif + try { cert_result.merge(test_x509_cert(algo)); @@ -1280,10 +1287,15 @@ class X509_Cert_Unit_Tests final : public Test "DH", "ECDH", "RSA", "ElGamal", "GOST-34.10", "DSA", "ECDSA", "ECGDSA", "ECKCDSA" }; + Test::Result valid_constraints_result("X509 Valid Constraints"); - for(const auto& algo : pk_algos) + for(const std::string& algo : pk_algos) { +#if !defined(BOTAN_HAS_EMSA_PKCS1) + if(algo == "RSA") + continue; +#endif valid_constraints_result.merge(test_valid_constraints(algo)); } From 50795d21c069d8dd090f85e93b290d83d820cde7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 20 Dec 2017 15:54:49 -0500 Subject: [PATCH 0398/1008] Remove use of Sphinx extlinks extension [ci skip] --- doc/manual/passhash.rst | 6 +++--- doc/manual/srp.rst | 6 +++--- src/configs/sphinx/conf.py | 20 -------------------- 3 files changed, 6 insertions(+), 26 deletions(-) diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst index 3af67e125c..a861365c02 100644 --- a/doc/manual/passhash.rst +++ b/doc/manual/passhash.rst @@ -73,9 +73,9 @@ passhash9. Bcrypt ---------------------------------------- -:wikipedia:`Bcrypt` is a password hashing scheme originally designed -for use in OpenBSD, but numerous other implementations exist. -It is made available by including ``bcrypt.h``. +`Bcrypt `_ is a +password hashing scheme originally designed for use in OpenBSD, but numerous +other implementations exist. It is made available by including ``bcrypt.h``. It has the advantage that it requires a small amount (4K) of fast RAM to compute, which can make hardware password cracking somewhat more diff --git a/doc/manual/srp.rst b/doc/manual/srp.rst index 3419488a38..9fcb1a196b 100644 --- a/doc/manual/srp.rst +++ b/doc/manual/srp.rst @@ -1,9 +1,9 @@ Secure Remote Password ======================================== -The library contains an implementation of the :wikipedia:`SRP-6a -password based key exchange protocol -` in ``srp6.h``. +The library contains an implementation of the +`SRP6-a `_ password authenticated +key exchange protocol in ``srp6.h``. A SRP client provides what is called a SRP *verifier* to the server. This verifier is based on a password, but the password cannot be diff --git a/src/configs/sphinx/conf.py b/src/configs/sphinx/conf.py index ffd2ecd390..0534a9fa2c 100644 --- a/src/configs/sphinx/conf.py +++ b/src/configs/sphinx/conf.py @@ -48,28 +48,8 @@ def parse_version_file(version_path): needs_sphinx = '1.1' -extensions = ['sphinx.ext.extlinks'] - templates_path = ['templates'] -files_dir = 'https://botan.randombit.net/releases' - -extlinks = { - 'wikipedia': ('https://en.wikipedia.org/wiki/%s', ''), - 'botan-devel': ('https://lists.randombit.net/pipermail/botan-devel/%s.html', None), - - 'cve': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-'), - - 'tgz': (files_dir + '/Botan-%s.tgz', 'tar/gz for '), - 'tgz_sig': (files_dir + '/Botan-%s.tgz.asc', 'tar/gz sig '), - - 'installer_x86_32': (files_dir + '/win32/botan-%s-x86_32.exe', 'x86-32 '), - 'installer_x86_64': (files_dir + '/win32/botan-%s-x86_64.exe', 'x86-64 '), - - 'installer_sig_x86_32': (files_dir + '/win32/botan-%s-x86_32.exe.asc', None), - 'installer_sig_x86_64': (files_dir + '/win32/botan-%s-x86_64.exe.asc', None), -} - source_suffix = '.rst' source_encoding = 'utf-8-sig' From debde1bc9cce3d564afa0bbf1474dc23cd1a8540 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 21 Dec 2017 12:30:30 -0500 Subject: [PATCH 0399/1008] Binary file IO for the UTF-8 gods When reading a binary file, unless 'b' is specified Python3 tries parsing the file as UTF-8 and gets cranky when it fails. --- src/scripts/dist.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/scripts/dist.py b/src/scripts/dist.py index 2e7fa521de..e589f66413 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -239,11 +239,11 @@ def write_mode(archive_type): tarinfo.uname = "botan" tarinfo.gname = "botan" tarinfo.mtime = rel_epoch - archive.addfile(tarinfo, open(f)) + archive.addfile(tarinfo, open(f, 'rb')) archive.close() sha256 = hashlib.new('sha256') - sha256.update(open(output_archive).read()) + sha256.update(open(output_archive, 'rb').read()) archive_hash = sha256.hexdigest().upper() logging.info('SHA-256(%s) = %s' % (output_archive, archive_hash)) From dba869a82aaee74765e26b1230a038a80aa0e5a9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 21 Dec 2017 12:39:52 -0500 Subject: [PATCH 0400/1008] Run dist.py script through pylint Python 2.7 has the io module so no need for StringIO --- src/scripts/ci_build.py | 1 + src/scripts/dist.py | 66 +++++++++++++++++++---------------------- 2 files changed, 32 insertions(+), 35 deletions(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 72e90eded8..b0843bf40d 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -366,6 +366,7 @@ def main(args=None): 'src/python/botan2.py', 'src/scripts/ci_build.py', 'src/scripts/install.py', + 'src/scripts/dist.py', 'src/scripts/cleanup.py', 'src/scripts/build_docs.py', 'src/scripts/website.py', diff --git a/src/scripts/dist.py b/src/scripts/dist.py index e589f66413..1fce863d4a 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -3,23 +3,26 @@ """ Release script for botan (https://botan.randombit.net/) +This script requires Python 2.7 or 3.6 + (C) 2011,2012,2013,2015,2016,2017 Jack Lloyd Botan is released under the Simplified BSD License (see license.txt) """ -import time +import datetime import errno +import hashlib +import io import logging -import optparse +import optparse # pylint: disable=deprecated-module import os +import re import shutil import subprocess import sys -import datetime -import hashlib -import re import tarfile +import time # This is horrible, but there is no way to override tarfile's use of time.time # in setting the gzip header timestamp, which breaks deterministic archives @@ -76,16 +79,8 @@ def revision_of(tag): def extract_revision(revision, to): tar_val = run_git(['archive', '--format=tar', '--prefix=%s/' % (to), revision]) - - if sys.version_info.major == 3: - import io - tar_f = tarfile.open(fileobj=io.BytesIO(tar_val)) - tar_f.extractall() - else: - import StringIO - tar_f = tarfile.open(fileobj=StringIO.StringIO(tar_val)) - tar_f.extractall() - + tar_f = tarfile.open(fileobj=io.BytesIO(tar_val)) + tar_f.extractall() def gpg_sign(keyid, passphrase_file, files, detached=True): @@ -252,11 +247,13 @@ def write_mode(archive_type): return output_archive -def main(args=None): - if args is None: - args = sys.argv[1:] - - (options, args) = parse_args(args) +def configure_logging(options): + class ExitOnErrorLogHandler(logging.StreamHandler, object): + def emit(self, record): + super(ExitOnErrorLogHandler, self).emit(record) + # Exit script if and ERROR or worse occurred + if record.levelno >= logging.ERROR: + sys.exit(1) def log_level(): if options.verbose: @@ -265,14 +262,22 @@ def log_level(): return logging.ERROR return logging.INFO - logging.basicConfig(stream=sys.stderr, - format='%(levelname) 7s: %(message)s', - level=log_level()) + lh = ExitOnErrorLogHandler(sys.stderr) + lh.setFormatter(logging.Formatter('%(levelname) 7s: %(message)s')) + logging.getLogger().addHandler(lh) + logging.getLogger().setLevel(log_level()) + +def main(args=None): + # pylint: disable=too-many-branches,too-many-locals + if args is None: + args = sys.argv[1:] + + (options, args) = parse_args(args) + + configure_logging(options) if len(args) != 1 and len(args) != 2: logging.error('Usage: %s [options] ' % (sys.argv[0])) - logging.error('Try --help') - return 1 snapshot_branch = None target_version = None @@ -281,17 +286,14 @@ def log_level(): for archive_type in archives: if archive_type not in ['tar', 'tgz', 'tbz']: logging.error('Unknown archive type "%s"' % (archive_type)) - return 1 if args[0] == 'snapshot': if len(args) != 2: logging.error('Missing branch name for snapshot command') - return 1 snapshot_branch = args[1] else: if len(args) != 1: logging.error('Usage error, try --help') - return 1 target_version = args[0] if snapshot_branch: @@ -307,18 +309,14 @@ def log_level(): target_version = target_version except ValueError as e: logging.error('Invalid version number %s' % (target_version)) - return 1 rev_id = revision_of(target_version) - if rev_id == '': logging.error('No tag matching %s found' % (target_version)) - return 2 rel_date = datestamp(target_version) if rel_date == 0: logging.error('No date found for version') - return 2 logging.info('Found %s at revision id %s released %d' % (target_version, rev_id, rel_date)) @@ -358,7 +356,6 @@ def output_name(): if not os.access(version_file, os.R_OK): logging.error('Cannot read %s' % (version_file)) - return 2 rewrite_version_file(version_file, target_version, snapshot_branch, rev_id, rel_date) @@ -367,7 +364,6 @@ def output_name(): except OSError as e: if e.errno != errno.EEXIST: logging.error('Creating dir %s failed %s' % (options.output_dir, e)) - return 2 output_files = [] @@ -405,7 +401,7 @@ def output_name(): if __name__ == '__main__': try: sys.exit(main()) - except Exception as e: + except Exception as e: # pylint: disable=broad-except logging.error(e) import traceback logging.error(traceback.format_exc()) From 1470ff804e3cbb76f848991c5caa448dca3b7555 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 21 Dec 2017 13:39:06 -0500 Subject: [PATCH 0401/1008] Now dist script can run under python2 or python3 --- src/scripts/dist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/dist.py b/src/scripts/dist.py index 1fce863d4a..ba4a60048d 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python """ Release script for botan (https://botan.randombit.net/) From db24e12171b5689abaea5783b2eeb7cd3c253959 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 21 Dec 2017 13:39:51 -0500 Subject: [PATCH 0402/1008] Update Windows build instructions Remove obsolete note about Windows 95 and NT4 support --- doc/manual/building.rst | 16 +++++++++------- doc/manual/passhash.rst | 2 -- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/manual/building.rst b/doc/manual/building.rst index db24bbe72d..64b67b9be3 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -182,11 +182,15 @@ build flags. Do this with the `configure.py` flag `--cc-abi-flags`:: On Windows ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. note:: + + The earliest versions of Windows supported are Windows 7 and Windows 2008 R2 + You need to have a copy of Python installed, and have both Python and your chosen compiler in your path. Open a command shell (or the SDK shell), and run:: - $ python configure.py --cc=msvc (or --cc=gcc for MinGW) [--cpu=CPU] + $ python configure.py --cc=msvc --os=windows $ nmake $ botan-test.exe $ nmake install @@ -194,12 +198,10 @@ shell), and run:: Botan supports the nmake replacement `Jom `_ which enables you to run multiple build jobs in parallel. -For Win95 pre OSR2, the ``cryptoapi_rng`` module will not work, -because CryptoAPI didn't exist. And all versions of NT4 lack the -ToolHelp32 interface, which is how ``win32_stats`` does its slow -polls, so a version of the library built with that module will not -load under NT4. Later versions of Windows support both methods, so -this shouldn't be much of an issue anymore. +For MinGW, use:: + + $ python configure.py --cc=gcc --os=mingw + $ make By default the install target will be ``C:\botan``; you can modify this with the ``--prefix`` option. diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst index a861365c02..e3e580b11a 100644 --- a/doc/manual/passhash.rst +++ b/doc/manual/passhash.rst @@ -68,8 +68,6 @@ schedule) and may also make some hardware attacks more expensive. Botan provides two techniques for password hashing, bcrypt and passhash9. -.. _bcrypt: - Bcrypt ---------------------------------------- From c9940f43eb54c1e02cf07454bedcccf7c0873eed Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 21 Dec 2017 17:50:49 -0500 Subject: [PATCH 0403/1008] Fix pylint error --- src/scripts/dist.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/scripts/dist.py b/src/scripts/dist.py index ba4a60048d..91352532f4 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -215,6 +215,8 @@ def write_mode(archive_type): return 'w:bz2' elif archive_type == 'tar': return 'w' + else: + raise Exception("Unknown archive type '%s'" % (archive_type)) # gzip format embeds the original filename, tarfile.py does the wrong # thing unless the output name ends in .gz. So pass an explicit From 53b8e128121c6f845e2196d79bce3dd39bd83228 Mon Sep 17 00:00:00 2001 From: Fabian Weissberg Date: Thu, 21 Dec 2017 13:33:23 +0100 Subject: [PATCH 0404/1008] Enable signing X509 structures with rsa-pss --- doc/manual/cli.rst | 23 ++- doc/manual/x509.rst | 24 +++ src/build-data/oids.txt | 6 +- src/cli/x509.cpp | 11 +- src/lib/pk_pad/emsa.h | 19 +++ src/lib/pk_pad/emsa1/emsa1.cpp | 36 +++++ src/lib/pk_pad/emsa1/emsa1.h | 5 + src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp | 25 +++ src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h | 14 ++ src/lib/pk_pad/emsa_pssr/pssr.cpp | 52 ++++++ src/lib/pk_pad/emsa_pssr/pssr.h | 7 + src/lib/pk_pad/emsa_raw/emsa_raw.h | 4 + src/lib/pk_pad/emsa_x931/emsa_x931.h | 3 + src/lib/pk_pad/info.txt | 4 + src/lib/pk_pad/iso9796/iso9796.cpp | 17 ++ src/lib/pk_pad/iso9796/iso9796.h | 4 + src/lib/pk_pad/padding.cpp | 42 +++++ src/lib/pk_pad/padding.h | 36 +++++ src/lib/x509/x509_ca.cpp | 88 +++++++++-- src/lib/x509/x509_ca.h | 36 +++++ src/lib/x509/x509opt.cpp | 7 + src/lib/x509/x509self.cpp | 11 +- src/lib/x509/x509self.h | 7 + src/scripts/oids.py | 78 ++++++++- src/tests/data/x509/misc/rsa_key.pem | 40 +++++ src/tests/test_pk_pad.cpp | 95 +++++++++++ src/tests/unit_x509.cpp | 191 ++++++++++++++++++----- 27 files changed, 821 insertions(+), 64 deletions(-) create mode 100644 src/lib/pk_pad/padding.cpp create mode 100644 src/lib/pk_pad/padding.h create mode 100644 src/tests/data/x509/misc/rsa_key.pem diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index 85b93d5e1f..ecebe74e56 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -95,23 +95,34 @@ Public Key Cryptography X.509 ---------------------------------------------- -``gen_pkcs10 key CN --country= --organization= --email= --key-pass= --hash=SHA-256`` +<<<<<<< HEAD +``gen_pkcs10 key CN --country= --organization= --email= --key-pass= --hash=SHA-256 --emsa=`` Generate a PKCS #10 certificate signing request (CSR) using the passed PKCS #8 private key *key*. If the private key is encrypted, the decryption passphrase - *key-pass* has to be passed. + *key-pass* has to be passed.*emsa* specifies the padding scheme to be used + when calculating the signature. + + - For RSA keys EMSA4 (RSA-PSS) is the default scheme. + - For ECDSA, DSA, ECGDSA, ECKCDSA and GOST-34.10 keys *emsa* defaults to EMSA1. -``gen_self_signed key CN --country= --dns= --organization= --email= --key-pass= --ca --hash=SHA-256`` +``gen_self_signed key CN --country= --dns= --organization= --email= --key-pass= --ca --hash=SHA-256 --emsa=`` Generate a self signed X.509 certificate using the PKCS #8 private key *key*. If the private key is encrypted, the decryption passphrase *key-pass* has to be passed. If *ca* is passed, the certificate is marked for certificate - authority (CA) usage. + authority (CA) usage. *emsa* specifies the padding scheme to be used when + calculating the signature. -``sign_cert --ca-key-pass= --hash=SHA-256 --duration=365 ca_cert ca_key pkcs10_req`` + - For RSA keys EMSA4 (RSA-PSS) is the default scheme. + - For ECDSA, DSA, ECGDSA, ECKCDSA and GOST-34.10 keys *emsa* defaults to EMSA1. + +``sign_cert --ca-key-pass= --hash=SHA-256 --duration=365 --emsa= ca_cert ca_key pkcs10_req`` Create a CA signed X.509 certificate from the information contained in the PKCS #10 CSR *pkcs10_req*. The CA certificate is passed as *ca_cert* and the respective PKCS #8 private key as *ca_key*. If the private key is encrypted, the decryption passphrase *ca-key-pass* has to be passed. The created - certificate has a validity period of *duration* days. + certificate has a validity period of *duration* days. *emsa* specifies the + padding scheme to be used when calculating the signature. *emsa* defaults to + the padding scheme used in the CA certificate. ``ocsp_check subject issuer`` Verify an X.509 certificate against the issuers OCSP responder. Pass the diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index daf154c9a2..f9431c3620 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -531,6 +531,21 @@ The private ``key`` is the private key corresponding to the public key in the CA's certificate. ``hash_fn`` is the name of the hash function to use for signing, e.g., `SHA-256`. ``rng`` is queried for random during signing. +There is an alternative constructor that lets you set additional options, namely +the padding scheme that will be used by the X509_CA object to sign certificates +and certificate revocation lists. If the padding is not set explicitly, the CA +will use the padding scheme that was used when signing the CA certificate. + +.. cpp:function:: X509_CA::X509_CA(const X509_Certificate& cert, \ + const Private_Key& key, \ + const std::map& opts, \ + const std::string& hash_fn, \ + RandomNumberGenerator& rng) + +The only option valid at this moment is "padding". The supported padding schemes +can be found in src/lib/pubkey/padding.cpp. Some alternative names for the +padding schemes are understood, as well. + Requests for new certificates are supplied to a CA in the form of PKCS #10 certificate requests (called a ``PKCS10_Request`` object in Botan). These are decoded in a similar manner to @@ -668,6 +683,15 @@ to want to use is to create (or request) a CA certificate, which can be done by calling the member function ``CA_key``. This should only be used when needed. +Moreover, you can specify the padding scheme to be used when digital signatures +are computed by calling function ``set_padding_scheme`` with a string +representing the padding scheme. This way, you can control the padding scheme +for self-signed certificates and PKCS #10 requests. The padding scheme used by +a CA when building a certificate or a certificate revocation list can be set in +the ``X509_CA`` constructor. The supported padding schemes can be found in +src/lib/pubkey/padding.cpp. Some alternative names for the padding schemes are +understood, as well. + Other constraints can be set by calling the member functions ``add_constraints`` and ``add_ex_constraints``. The first takes a ``Key_Constraints`` value, and replaces any previously set value. If diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt index 6584f7e6dd..089523e695 100644 --- a/src/build-data/oids.txt +++ b/src/build-data/oids.txt @@ -1,4 +1,8 @@ -# Regenerate with ./src/scripts/oids.py oids > src/lib/asn1/oids.cpp AND ./src/scripts/oids.py dn_ub > src/lib/x509/x509_dn_ub.cpp +# Regenerate with ./src/scripts/oids.py oids > src/lib/asn1/oids.cpp +# AND ./src/scripts/oids.py dn_ub > src/lib/x509/x509_dn_ub.cpp +# (if you modified something under [dn] +# AND ./src/scripts/oids.py pads > src/lib/pk_pad/padding.cpp +# (if you modified something under [signature] # Public key types [pubkey] diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index 10e7a1c7f4..0feaad003e 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -29,7 +29,7 @@ class Sign_Cert final : public Command public: Sign_Cert() : Command("sign_cert --ca-key-pass= --hash=SHA-256 " - "--duration=365 ca_cert ca_key pkcs10_req") {} + "--duration=365 --emsa= ca_cert ca_key pkcs10_req") {} void go() override { @@ -51,7 +51,8 @@ class Sign_Cert final : public Command throw CLI_Error("Failed to load key from " + get_arg("ca_key")); } - Botan::X509_CA ca(ca_cert, *key, get_arg("hash"), rng()); + Botan::X509_CA ca(ca_cert, *key, + {{"padding",get_arg_or("emsa", "EMSA4")}}, get_arg("hash"), rng()); Botan::PKCS10_Request req(get_arg("pkcs10_req")); @@ -186,7 +187,7 @@ class Gen_Self_Signed final : public Command public: Gen_Self_Signed() : Command("gen_self_signed key CN --country= --dns= " - "--organization= --email= --key-pass= --ca --hash=SHA-256") {} + "--organization= --email= --key-pass= --ca --hash=SHA-256 --emsa=") {} void go() override { @@ -204,6 +205,7 @@ class Gen_Self_Signed final : public Command opts.organization = get_arg("organization"); opts.email = get_arg("email"); opts.dns = get_arg("dns"); + opts.set_padding_scheme(get_arg_or("emsa", "EMSA4")); if(flag_set("ca")) { @@ -223,7 +225,7 @@ class Generate_PKCS10 final : public Command public: Generate_PKCS10() : Command("gen_pkcs10 key CN --country= --organization= " - "--email= --key-pass= --hash=SHA-256") {} + "--email= --key-pass= --hash=SHA-256 --emsa=") {} void go() override { @@ -240,6 +242,7 @@ class Generate_PKCS10 final : public Command opts.country = get_arg("country"); opts.organization = get_arg("organization"); opts.email = get_arg("email"); + opts.set_padding_scheme(get_arg_or("emsa", "EMSA4")); Botan::PKCS10_Request req = Botan::X509::create_cert_req(opts, *key, get_arg("hash"), rng()); diff --git a/src/lib/pk_pad/emsa.h b/src/lib/pk_pad/emsa.h index d45185f306..db835f1bda 100644 --- a/src/lib/pk_pad/emsa.h +++ b/src/lib/pk_pad/emsa.h @@ -9,6 +9,8 @@ #define BOTAN_PUBKEY_EMSA_H_ #include +#include +#include namespace Botan { @@ -56,12 +58,29 @@ class BOTAN_PUBLIC_API(2,0) EMSA const secure_vector& raw, size_t key_bits) = 0; + /** + * Prepare sig_algo for use in choose_sig_format for x509 certs, + * return padding info string + * @param sig_algo's oid and parameters will be set properly + * @param key used for checking compatibility with the encoding scheme + * @param cert_hash_name is checked to equal the hash for the encoding + * @return padding string to be consumed by PK_signer + */ + virtual AlgorithmIdentifier config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const + { throw Not_Implemented("Encoding " + name() + " not supported for signing X509 objects"); } + virtual ~EMSA() = default; /** * @return a new object representing the same encoding method as *this */ virtual EMSA* clone() = 0; + + /** + * @return the SCAN name of the encoding/padding scheme + */ + virtual std::string name() const = 0; }; /** diff --git a/src/lib/pk_pad/emsa1/emsa1.cpp b/src/lib/pk_pad/emsa1/emsa1.cpp index db9f2432fa..76f668f832 100644 --- a/src/lib/pk_pad/emsa1/emsa1.cpp +++ b/src/lib/pk_pad/emsa1/emsa1.cpp @@ -7,6 +7,8 @@ #include #include +#include +#include namespace Botan { @@ -94,4 +96,38 @@ bool EMSA1::verify(const secure_vector& input, } } +AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const + { + if(cert_hash_name != m_hash->name()) + throw Invalid_Argument("Hash function from opts and hash_fn argument" + " need to be identical"); + // check that the signature algorithm and the padding scheme fit + if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1")) + { + throw Invalid_Argument("Encoding scheme with canonical name EMSA1" + " not supported for signature algorithm " + key.algo_name()); + } + + AlgorithmIdentifier sig_algo; + sig_algo.oid = OIDS::lookup( key.algo_name() + "/" + name() ); + + std::string algo_name = key.algo_name(); + if(algo_name == "DSA" || + algo_name == "ECDSA" || + algo_name == "ECGDSA" || + algo_name == "ECKCDSA" || + algo_name == "GOST-34.10") + { + // for DSA, ECDSA, GOST parameters "SHALL" be empty + sig_algo.parameters = {}; + } + else + { + sig_algo.parameters = key.algorithm_identifier().parameters; + } + + return sig_algo; + } + } diff --git a/src/lib/pk_pad/emsa1/emsa1.h b/src/lib/pk_pad/emsa1/emsa1.h index 702db8f80d..35071675f0 100644 --- a/src/lib/pk_pad/emsa1/emsa1.h +++ b/src/lib/pk_pad/emsa1/emsa1.h @@ -27,6 +27,11 @@ class BOTAN_PUBLIC_API(2,0) EMSA1 final : public EMSA EMSA* clone() override; + virtual std::string name() const override + { return "EMSA1(" + m_hash->name() + ")"; }; + + AlgorithmIdentifier config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const override; private: size_t hash_output_length() const { return m_hash->output_length(); } diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp index 4175fe4b30..5e50248066 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp @@ -8,6 +8,8 @@ #include #include #include +#include +#include namespace Botan { @@ -81,6 +83,28 @@ bool EMSA_PKCS1v15::verify(const secure_vector& coded, } } +AlgorithmIdentifier EMSA_PKCS1v15::config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const + { + if(cert_hash_name != m_hash->name()) + throw Invalid_Argument("Hash function from opts and hash_fn argument" + " need to be identical"); + // check that the signature algorithm and the padding scheme fit + if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA3")) + { + throw Invalid_Argument("Encoding scheme with canonical name EMSA3" + " not supported for signature algorithm " + key.algo_name()); + } + + + AlgorithmIdentifier sig_algo; + sig_algo.oid = OIDS::lookup( key.algo_name() + "/" + name() ); + // for RSA PKCSv1.5 parameters "SHALL" be NULL as configured by + // RSA_PublicKey::algorithm_identifier() + sig_algo.parameters = key.algorithm_identifier().parameters; + return sig_algo; + } + EMSA_PKCS1v15::EMSA_PKCS1v15(HashFunction* hash) : m_hash(hash) { m_hash_id = pkcs_hash_id(m_hash->name()); @@ -92,6 +116,7 @@ EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo) { m_hash_id = pkcs_hash_id(hash_algo); std::unique_ptr hash(HashFunction::create(hash_algo)); + m_hash_name = hash->name(); m_hash_output_len = hash->output_length(); } else diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h index b58ccb3850..31032320e6 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h @@ -37,6 +37,12 @@ class BOTAN_PUBLIC_API(2,0) EMSA_PKCS1v15 final : public EMSA bool verify(const secure_vector&, const secure_vector&, size_t) override; + + std::string name() const override + { return "EMSA3(" + m_hash->name() + ")"; } + + AlgorithmIdentifier config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const override; private: std::unique_ptr m_hash; std::vector m_hash_id; @@ -67,8 +73,16 @@ class BOTAN_PUBLIC_API(2,0) EMSA_PKCS1v15_Raw final : public EMSA * included in the signature. */ EMSA_PKCS1v15_Raw(const std::string& hash_algo = ""); + + std::string name() const override + { + if(m_hash_name.empty()) return "EMSA3(Raw)"; + else return "EMSA3(Raw," + m_hash_name + ")"; + } + private: size_t m_hash_output_len = 0; + std::string m_hash_name; std::vector m_hash_id; secure_vector m_message; }; diff --git a/src/lib/pk_pad/emsa_pssr/pssr.cpp b/src/lib/pk_pad/emsa_pssr/pssr.cpp index 941da7d997..510d84a99f 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.cpp +++ b/src/lib/pk_pad/emsa_pssr/pssr.cpp @@ -10,6 +10,9 @@ #include #include #include +#include +#include +#include namespace Botan { @@ -160,6 +163,50 @@ bool PSSR::verify(const secure_vector& coded, return pss_verify(*m_hash, coded, raw, key_bits); } +std::string PSSR::name() const + { + return "EMSA4(" + m_hash->name() + ",MGF1," + std::to_string(m_SALT_SIZE) + ")"; + } + +AlgorithmIdentifier PSSR::config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const + { + if(cert_hash_name != m_hash->name()) + throw Invalid_Argument("Hash function from opts and hash_fn argument" + " need to be identical"); + // check that the signature algorithm and the padding scheme fit + if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA4")) + { + throw Invalid_Argument("Encoding scheme with canonical name EMSA4" + " not supported for signature algorithm " + key.algo_name()); + } + + AlgorithmIdentifier sig_algo; + // hardcoded as RSA is the only valid algorithm for EMSA4 at the moment + sig_algo.oid = OIDS::lookup( "RSA/EMSA4" ); + + sig_algo.parameters = DER_Encoder() + .start_cons( SEQUENCE ) + .start_cons( ASN1_Tag(0), CONTEXT_SPECIFIC ) + .encode( AlgorithmIdentifier( cert_hash_name, AlgorithmIdentifier::USE_NULL_PARAM ) ) + .end_cons() + .start_cons( ASN1_Tag(1), CONTEXT_SPECIFIC ) + .encode( AlgorithmIdentifier( "MGF1", DER_Encoder() + .encode( AlgorithmIdentifier( cert_hash_name, AlgorithmIdentifier::USE_NULL_PARAM ) ) + .get_contents_unlocked() ) ) + .end_cons() + .start_cons( ASN1_Tag(2), CONTEXT_SPECIFIC ) + .encode( size_t( m_SALT_SIZE ) ) + .end_cons() + .start_cons( ASN1_Tag(3), CONTEXT_SPECIFIC ) + .encode( size_t( 1 ) ) // trailer field + .end_cons() + .end_cons() + .get_contents_unlocked(); + + return sig_algo; + } + PSSR_Raw::PSSR_Raw(HashFunction* h) : m_hash(h), m_SALT_SIZE(m_hash->output_length()) { @@ -210,4 +257,9 @@ bool PSSR_Raw::verify(const secure_vector& coded, return pss_verify(*m_hash, coded, raw, key_bits); } +std::string PSSR_Raw::name() const + { + return "PSSR_Raw(" + m_hash->name() + ",MGF1," + std::to_string(m_SALT_SIZE) + ")"; + } + } diff --git a/src/lib/pk_pad/emsa_pssr/pssr.h b/src/lib/pk_pad/emsa_pssr/pssr.h index 85dfefc2cb..61a4b9448a 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.h +++ b/src/lib/pk_pad/emsa_pssr/pssr.h @@ -32,6 +32,11 @@ class BOTAN_PUBLIC_API(2,0) PSSR final : public EMSA PSSR(HashFunction* hash, size_t salt_size); EMSA* clone() override { return new PSSR(m_hash->clone(), m_SALT_SIZE); } + + std::string name() const override; + + AlgorithmIdentifier config_for_x509(const Private_Key& key, + const std::string& cert_hash_name) const override; private: void update(const uint8_t input[], size_t length) override; @@ -69,6 +74,8 @@ class BOTAN_DLL PSSR_Raw final : public EMSA PSSR_Raw(HashFunction* hash, size_t salt_size); EMSA* clone() override { return new PSSR_Raw(m_hash->clone(), m_SALT_SIZE); } + + std::string name() const override; private: void update(const uint8_t input[], size_t length) override; diff --git a/src/lib/pk_pad/emsa_raw/emsa_raw.h b/src/lib/pk_pad/emsa_raw/emsa_raw.h index f85595cdf5..5f2b994f56 100644 --- a/src/lib/pk_pad/emsa_raw/emsa_raw.h +++ b/src/lib/pk_pad/emsa_raw/emsa_raw.h @@ -24,6 +24,10 @@ class BOTAN_PUBLIC_API(2,0) EMSA_Raw final : public EMSA explicit EMSA_Raw(size_t expected_hash_size = 0) : m_expected_size(expected_hash_size) {} + virtual std::string name() const override + { if(m_expected_size > 0) + return "Raw(" + std::to_string(m_expected_size) + ")"; + else return "Raw"; } private: void update(const uint8_t[], size_t) override; secure_vector raw_data() override; diff --git a/src/lib/pk_pad/emsa_x931/emsa_x931.h b/src/lib/pk_pad/emsa_x931/emsa_x931.h index 0f186deb2f..6ce9e339a2 100644 --- a/src/lib/pk_pad/emsa_x931/emsa_x931.h +++ b/src/lib/pk_pad/emsa_x931/emsa_x931.h @@ -27,6 +27,9 @@ class BOTAN_PUBLIC_API(2,0) EMSA_X931 final : public EMSA explicit EMSA_X931(HashFunction* hash); EMSA* clone() override { return new EMSA_X931(m_hash->clone()); } + + virtual std::string name() const override + { return "EMSA2(" + m_hash->name() + ")"; }; private: void update(const uint8_t[], size_t) override; secure_vector raw_data() override; diff --git a/src/lib/pk_pad/info.txt b/src/lib/pk_pad/info.txt index 4c25e43715..513c4d0adc 100644 --- a/src/lib/pk_pad/info.txt +++ b/src/lib/pk_pad/info.txt @@ -8,6 +8,10 @@ load_on auto rng + +padding.h + + eme.h emsa.h diff --git a/src/lib/pk_pad/iso9796/iso9796.cpp b/src/lib/pk_pad/iso9796/iso9796.cpp index b8375af685..5b74319e02 100644 --- a/src/lib/pk_pad/iso9796/iso9796.cpp +++ b/src/lib/pk_pad/iso9796/iso9796.cpp @@ -249,6 +249,15 @@ bool ISO_9796_DS2::verify(const secure_vector& const_coded, return iso9796_verification(const_coded,raw,key_bits,m_hash,m_SALT_SIZE); } +/* + * Return the SCAN name + */ +std::string ISO_9796_DS2::name() const + { + return "ISO_9796_DS2(" + m_hash->name() + "," + + (m_implicit ? "imp" : "exp") + "," + std::to_string(m_SALT_SIZE) + ")"; + } + /* * ISO-9796-2 signature scheme 3 * DS 3 is deterministic and equals DS2 without salt @@ -286,4 +295,12 @@ bool ISO_9796_DS3::verify(const secure_vector& const_coded, { return iso9796_verification(const_coded, raw, key_bits, m_hash, 0); } +/* + * Return the SCAN name + */ +std::string ISO_9796_DS3::name() const + { + return "ISO_9796_DS3(" + m_hash->name() + "," + + (m_implicit ? "imp" : "exp") + ")"; + } } diff --git a/src/lib/pk_pad/iso9796/iso9796.h b/src/lib/pk_pad/iso9796/iso9796.h index 692ca1300e..994295f0f1 100644 --- a/src/lib/pk_pad/iso9796/iso9796.h +++ b/src/lib/pk_pad/iso9796/iso9796.h @@ -36,6 +36,8 @@ class BOTAN_PUBLIC_API(2,0) ISO_9796_DS2 final : public EMSA EMSA* clone() override {return new ISO_9796_DS2(m_hash->clone(), m_implicit, m_SALT_SIZE);} + + virtual std::string name() const override; private: void update(const uint8_t input[], size_t length) override; @@ -70,6 +72,8 @@ class BOTAN_PUBLIC_API(2,0) ISO_9796_DS3 final : public EMSA EMSA* clone() override {return new ISO_9796_DS3(m_hash->clone(), m_implicit);} + + virtual std::string name() const override; private: void update(const uint8_t input[], size_t length) override; diff --git a/src/lib/pk_pad/padding.cpp b/src/lib/pk_pad/padding.cpp new file mode 100644 index 0000000000..134bb41017 --- /dev/null +++ b/src/lib/pk_pad/padding.cpp @@ -0,0 +1,42 @@ +/* +* Sets of allowed padding schemes for public key types +* +* This file was automatically generated by ./src/scripts/oids.py on 2017-12-20 +* +* All manual edits to this file will be lost. Edit the script +* then regenerate this source file. +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include +#include + +namespace Botan { + +const std::map> allowed_signature_paddings = + { + { "DSA", {"EMSA1"} }, + { "ECDSA", {"EMSA1"} }, + { "ECGDSA", {"EMSA1"} }, + { "ECKCDSA", {"EMSA1"} }, + { "GOST-34.10", {"EMSA1"} }, + { "RSA", {"EMSA4", "EMSA3"} }, + }; + +const std::vector get_sig_paddings(const std::string algo) + { + if(allowed_signature_paddings.count(algo) > 0) + return allowed_signature_paddings.at(algo); + return {}; + } + +bool sig_algo_and_pad_ok(const std::string algo, const std::string padding) + { + std::vector pads = get_sig_paddings(algo); + return std::find(pads.begin(), pads.end(), padding) != pads.end(); + } +} diff --git a/src/lib/pk_pad/padding.h b/src/lib/pk_pad/padding.h new file mode 100644 index 0000000000..ed05ec3819 --- /dev/null +++ b/src/lib/pk_pad/padding.h @@ -0,0 +1,36 @@ +/* +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_PADDING_H_ +#define BOTAN_PADDING_H_ + +#include +#include +#include + +namespace Botan { + +/** +* Returns the allowed padding schemes when using the given +* algorithm (key type) for creating digital signatures. +* +* @param algo the algorithm for which to look up supported padding schemes +* @return a vector of supported padding schemes +*/ +BOTAN_TEST_API const std::vector get_sig_paddings(const std::string algo); + +/** +* Returns true iff the given padding scheme is valid for the given +* signature algorithm (key type). +* +* @param algo the signature algorithm to be used +* @param padding the padding scheme to be used +*/ +bool sig_algo_and_pad_ok(const std::string algo, const std::string padding); + +} + +#endif diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index f8daaf79ab..cba3b98169 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -6,6 +6,7 @@ */ #include +#include #include #include #include @@ -14,8 +15,11 @@ #include #include #include +#include +#include #include #include +#include namespace Botan { @@ -32,7 +36,32 @@ X509_CA::X509_CA(const X509_Certificate& c, if(!m_ca_cert.is_CA_cert()) throw Invalid_Argument("X509_CA: This certificate is not for a CA"); - m_signer.reset(choose_sig_format(key, rng, m_hash_fn, m_ca_sig_algo)); + std::map opts; + // constructor without additional options: use the padding used in the CA certificate + // sig_oid_str = /, so padding with all its options will look + // like a cipher mode to the scanner + std::string sig_oid_str = OIDS::lookup(c.signature_algorithm().oid); + SCAN_Name scanner(sig_oid_str); + std::string pad = scanner.cipher_mode(); + if(!pad.empty()) + opts.insert({"padding",pad}); + + m_signer.reset(choose_sig_format(key, opts, rng, hash_fn, m_ca_sig_algo)); + } + +/* +* Load the certificate and private key, and additional options +*/ +X509_CA::X509_CA(const X509_Certificate& ca_certificate, + const Private_Key& key, + const std::map& opts, + const std::string& hash_fn, + RandomNumberGenerator& rng) : m_ca_cert(ca_certificate), m_hash_fn(hash_fn) + { + if(!m_ca_cert.is_CA_cert()) + throw Invalid_Argument("X509_CA: This certificate is not for a CA"); + + m_signer.reset(choose_sig_format(key, opts, rng, hash_fn, m_ca_sig_algo)); } /* @@ -239,10 +268,23 @@ X509_Certificate X509_CA::ca_certificate() const return m_ca_cert; } +/* +* Choose a signing format for the key +*/ + +PK_Signer* choose_sig_format(const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& hash_fn, + AlgorithmIdentifier& sig_algo) + { + return choose_sig_format(key, {}, rng, hash_fn, sig_algo); + } + /* * Choose a signing format for the key */ PK_Signer* choose_sig_format(const Private_Key& key, + const std::map& opts, RandomNumberGenerator& rng, const std::string& hash_fn, AlgorithmIdentifier& sig_algo) @@ -250,14 +292,14 @@ PK_Signer* choose_sig_format(const Private_Key& key, const std::string algo_name = key.algo_name(); std::unique_ptr hash(HashFunction::create_or_throw(hash_fn)); + std::string hash_name = hash->name(); + // check algo_name and set default std::string padding; - std::vector algo_params; if(algo_name == "RSA") { - padding = "EMSA3"; - // for RSA PKCSv1.5 parameters "SHALL" be NULL - algo_params = key.algorithm_identifier().get_parameters(); + // set to EMSA3 for compatibility reasons, originally it was the only option + padding = "EMSA3(" + hash_name + ")"; } else if(algo_name == "DSA" || algo_name == "ECDSA" || @@ -265,21 +307,45 @@ PK_Signer* choose_sig_format(const Private_Key& key, algo_name == "ECKCDSA" || algo_name == "GOST-34.10") { - // for DSA, ECDSA, GOST parameters "SHALL" be empty - padding = "EMSA1"; + padding = "EMSA1(" + hash_name + ")"; } else { throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); } - const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; + if(opts.count("padding") > 0 && !opts.at("padding").empty()) + { + padding = opts.at("padding"); + } - padding = padding + "(" + hash->name() + ")"; + // try to construct an EMSA object from the padding options or default + std::unique_ptr emsa = nullptr; + try + { + emsa.reset(get_emsa(padding)); + } + /* + * get_emsa will throw if opts contains {"padding",} but + * does not specify a hash function. + * Omitting it is valid since it needs to be identical to hash_fn. + * If it still throws, something happened that we cannot repair here, + * e.g. the algorithm/padding combination is not supported. + */ + catch(...) + { + emsa.reset(get_emsa(padding + "(" + hash_fn + ")")); + } + if(emsa == nullptr) + { + throw Invalid_Argument("Could not parse padding scheme " + padding); + } + + const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; - sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), algo_params); + sig_algo = emsa->config_for_x509(key, hash_name); - return new PK_Signer(key, rng, padding, format); + return new PK_Signer(key, rng, emsa->name(), format); } } diff --git a/src/lib/x509/x509_ca.h b/src/lib/x509/x509_ca.h index 49005f5303..4f1da51fac 100644 --- a/src/lib/x509/x509_ca.h +++ b/src/lib/x509/x509_ca.h @@ -132,6 +132,20 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final const std::string& hash_fn, RandomNumberGenerator& rng); + /** + * Create a new CA object. + * @param ca_certificate the certificate of the CA + * @param key the private key of the CA + * @param opts additional options, e.g. padding, as key value pairs + * @param hash_fn name of a hash function to use for signing + * @param rng the random generator to use + */ + X509_CA(const X509_Certificate& ca_certificate, + const Private_Key& key, + const std::map& opts, + const std::string& hash_fn, + RandomNumberGenerator& rng); + #if defined(BOTAN_HAS_SYSTEM_RNG) BOTAN_DEPRECATED("Use version taking RNG object") X509_CA(const X509_Certificate& ca_certificate, @@ -178,6 +192,28 @@ BOTAN_PUBLIC_API(2,0) PK_Signer* choose_sig_format(const Private_Key& key, const std::string& hash_fn, AlgorithmIdentifier& alg_id); +/** +* Choose the default signature format for a certain public key signature +* scheme. +* +* The only option recognized by opts at this moment is "padding" +* Find an entry from src/build-data/oids.txt under [signature] of the form +* /[()] and add {"padding",} +* to opts. +* +* @param key will be the key to choose a padding scheme for +* @param opts contains additional options for building the certificate +* @param rng the random generator to use +* @param hash_fn is the desired hash function +* @param alg_id will be set to the chosen scheme +* @return A PK_Signer object for generating signatures +*/ + PK_Signer* choose_sig_format(const Private_Key& key, + const std::map& opts, + RandomNumberGenerator& rng, + const std::string& hash_fn, + AlgorithmIdentifier& alg_id); + } #endif diff --git a/src/lib/x509/x509opt.cpp b/src/lib/x509/x509opt.cpp index 79c735a0f6..e31ead91f9 100644 --- a/src/lib/x509/x509opt.cpp +++ b/src/lib/x509/x509opt.cpp @@ -61,6 +61,11 @@ void X509_Cert_Options::CA_key(size_t limit) path_limit = limit; } +void X509_Cert_Options::set_padding_scheme(const std::string& scheme) + { + padding_scheme = scheme; + } + /* * Initialize the certificate options */ @@ -70,6 +75,8 @@ X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, is_CA = false; path_limit = 0; constraints = NO_CONSTRAINTS; + // use default for chosen algorithm + padding_scheme = ""; auto now = std::chrono::system_clock::now(); diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index ad0e9af946..108e0496bd 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -33,7 +33,6 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), opts.xmpp, UTF8_STRING); } - } namespace X509 { @@ -50,8 +49,11 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, X509_DN subject_dn; AlternativeName subject_alt; + // for now, only the padding option is used + std::map sig_opts = { {"padding",opts.padding_scheme} }; + std::vector pub_key = X509::BER_encode(key); - std::unique_ptr signer(choose_sig_format(key, rng, hash_fn, sig_algo)); + std::unique_ptr signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); Key_Constraints constraints; @@ -102,8 +104,11 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, X509_DN subject_dn; AlternativeName subject_alt; + // for now, only the padding option is used + std::map sig_opts = { {"padding",opts.padding_scheme} }; + std::vector pub_key = X509::BER_encode(key); - std::unique_ptr signer(choose_sig_format(key, rng, hash_fn, sig_algo)); + std::unique_ptr signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); const size_t PKCS10_VERSION = 0; diff --git a/src/lib/x509/x509self.h b/src/lib/x509/x509self.h index 0694038149..0cc12e98e0 100644 --- a/src/lib/x509/x509self.h +++ b/src/lib/x509/x509self.h @@ -108,6 +108,8 @@ class BOTAN_PUBLIC_API(2,0) X509_Cert_Options final */ size_t path_limit; + std::string padding_scheme; + /** * The key constraints for the subject public key */ @@ -129,6 +131,11 @@ class BOTAN_PUBLIC_API(2,0) X509_Cert_Options final */ void CA_key(size_t limit = 1); + /** + * Choose a padding scheme different from the default for the key used. + */ + void set_padding_scheme(const std::string& scheme); + /** * Set the notBefore of the certificate. * @param time the notBefore value of the certificate diff --git a/src/scripts/oids.py b/src/scripts/oids.py index 7a6caa368a..a307d579b0 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -10,6 +10,8 @@ import sys import datetime import re +from collections import defaultdict + def format_map(m, for_oid = False): s = '' @@ -190,25 +192,90 @@ def format_dn_ub_as_map(dn_ub, oid2str): """ % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"), format_dn_ub_map(dn_ub,oid2str)) + +def format_set_map(m): + s = '' + for k in sorted(m.keys()): + v = m[k] + + if len(s) > 0: + s += ' ' + + s += '{ "%s", {' % k + for pad in v: + s += '"%s", ' % pad + if len(v) is not 0: + s = s[:-2] + s += '} },\n' + s = s[:-1] + return s + + +def format_pads_as_map(sig_dict): + return """/* +* Sets of allowed padding schemes for public key types +* +* This file was automatically generated by %s on %s +* +* All manual edits to this file will be lost. Edit the script +* then regenerate this source file. +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include +#include + +namespace Botan { + +const std::map> allowed_signature_paddings = + { + %s + }; + +__attribute__((visibility("default"))) const std::vector get_sig_paddings(const std::string algo) + { + if(allowed_signature_paddings.count(algo) > 0) + return allowed_signature_paddings.at(algo); + return {}; + } + +bool sig_algo_and_pad_ok(const std::string algo, std::string padding) + { + std::vector pads = get_sig_paddings(algo); + return std::find(pads.begin(), pads.end(), padding) != pads.end(); + } +} +""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"), + format_set_map(sig_dict)) + + def main(args = None): """ Print header files (oids.cpp, dn_ub.cpp) depending on the first argument and on srs/build-data/oids.txt Choose 'oids' to print oids.cpp, needs to be written to src/lib/asn1/oids.cpp Choose 'dn_ub' to print dn_ub.cpp, needs to be written to src/lib/x509/X509_dn_ub.cpp + Choose 'pads' to print padding.cpp, needs to be written to src/lib/pk_pad/padding.cpp """ if args is None: args = sys.argv if len(args) < 2: - raise Exception("Use either 'oids' or 'dn_ub' as first argument") + raise Exception("Use either 'oids', 'dn_ub', 'pads' as first argument") - oid_lines = open('src/build-data/oids.txt').readlines() + oid_lines = open('./src/build-data/oids.txt').readlines() oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)(?: = )?([0-9]+)?$") hdr_re = re.compile("^\[([a-z0-9_]+)\]$") + pad_re = re.compile("^([A-Za-z0-9_\., -]+)/([A-Za-z0-9_-]+)[A-Za-z0-9_\.\(\), -]*$") oid2str = {} str2oid = {} dn_ub = {} + sig2pads = defaultdict(set) + enc2pads = defaultdict(set) cur_hdr = None for line in oid_lines: @@ -242,6 +309,11 @@ def main(args = None): if match.lastindex < 3: raise Exception("Could not find an upper bound for DN " + match.group(1)) dn_ub[oid] = match.group(3) + # parse signature paddings + elif cur_hdr == "signature": + pad_match = pad_re.search(nam) + if pad_match is not None: + sig2pads[pad_match.group(1)].add(pad_match.group(2)) if nam in str2oid: #print "Duplicated name", nam, oid, str2oid[nam] @@ -254,6 +326,8 @@ def main(args = None): print format_as_ifs(oid2str, str2oid) elif args[1] == "dn_ub": print format_dn_ub_as_map(dn_ub,oid2str) + elif args[1] == "pads": + print format_pads_as_map(sig2pads) if __name__ == '__main__': diff --git a/src/tests/data/x509/misc/rsa_key.pem b/src/tests/data/x509/misc/rsa_key.pem new file mode 100644 index 0000000000..cf84f42743 --- /dev/null +++ b/src/tests/data/x509/misc/rsa_key.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQDdQRpj4Rbm/cHf +ep44Aqwo88WiF74nzzu3A/Ebj2bs/ATjOMEAzlWa4m6WzI1QJgtkizGfRTjOJVQ0 +fAQnkHNa5tKJk4HOTGzDJC1p4/VIU615gocdOKAwjBflxDCcGAkI5iDKffskYl7n +/0c9GmfCQmG13qbFGJXbQDSPoXyYcngNxfCIL90dIL/9/B/PCu9OGDcqKYCTAVTj +FFLlliGNTT5tmjasrgdpGJF1cN+V94OoRznwiNCRgNzvpgAxYfoED7BVTUzjcq/E +2dRHPDYdAO/kN8Tk1q/U71A8aAK4x3pAuprj1ujfAqPbTLkDlT6IfxGwG05Avxeh +Kqyk3tP0NnAjh6pg/bYAXoM9l32O68T0WKRBQFoUFMhg88qJm8o1CEvudr8VVZ/8 +i3S6VekQ8BFTJUN3P0qO7TINFha88OnUqBFGMRJBvXEyFXtHk4IOt0BTQB+e9/ku +diMduz8ekpVzmjrAPF5TP4cJrT7v3013Z4ECrdhCBAPl65t+rqUCAwEAAQKCAYBL +9r89zZlUY4l91haeemRrhw6y0V4LQv5onqTYZorbEMgIz4KMaUtA6z827TITc4xz +z8qQuW6AcJaRkobGorTIX/mnHIrzro+lDDW/ZnHfjENCNct3/+oX4PGPhKV/4kyv +znsxqsFgQ5n8I0xtMTSwoKP1kmVFxGQnK8sgCTzDBoIrkGs+Btju2ECyzi6JomJ5 +OJ0wD6HCVzGy6VZw1vPcFMo7TTg6X2HR9opyfPd3AM0mKJY+/GpHmqvAaAkm61EN +Mc+bnLgTVVd8khOUrAgkWVjfiCTi+LV9kMQ3YXr9QxtgmmsteW0s8ZTD//JRNR8w +fB2y7mkQHR51YN7nfJ9JvpqrEJ6Qr3uUTtVjlI0GCr2oizL0VZdugMlkv8y16pZU +zsI+wNJsis92Sq7KCWc6l1iyKCfJDPig0+hbHkQnNI6NlZfYcbotZ4RhVtjijpDn +95dhA1wK2iGjW/L8lAlfiYTuM4IJ0vrVvzbZGT4hwgmRpamp0qHCqWUgySzFZD0C +gcEA5iuI/sqtf15DtAi5TWLs4ABKcrwu/ic/AD8hxqZautXzylxHeo9Scq0N9R+l +SQcwucss29gRRoXZwKn5i0MTjTTLwX3SWC3rlNdadIwGvk59x7qBgEXjzeWCJe+D +HXGPnLaoUwLsyflHaLHcF4V2XoeY5t0/qG5zQ0/BVtedFpheK/KqZo8cfWG4cbZ5 +0GZDxLyDBsGv4ayDju/aL/VQiGxLF3BHr7rGdAikcF99Smc4umw84APjAfqTU4qV +nfBLAoHBAPYVbk32UlfskdEEnrRzqpnEaZa+PX+Wzb7xfVBuW+dY25Q8cmGjfF1x +uY9teu4ia6D/Ke8lWaRnG71PICiTLPi0eg1JL3Qzgm1SJQmZoK0wL00xRbizbMu6 +hZ5cYR2Z/CnVS9k4CClfyConSmuh3dBhcoYZGH1J/WZvvz+4TMipvIupJ68LkXO+ +DtJ4Qr5ksN0JUjhtZ3FoCJm8+50+nHtJ/5d9yS5TarImAYHgfIpyNOTbMKnSkXfX +Mzk2PPLmzwKBwDojgQUq2Mw1WVCea3/6nu6t5CA7HHuiGi3LxJJS7tQGuv/Ac2Wn +0iGZSM9D4RIjONGVWo1ldGel46zgwmHE3alrTpRfXcRcRQdhpj2OKR3k4ayTlaZ7 +AOG/OTKv3ySOzMG++aGOOZWC2+C8HGXslkumYJ7f//Zhf8fe220+JTXR4uei8hvZ +xk59YoOGnhpf2npVS5tnTS/pzYlLWIeIpYDwKb+P4uumd/5TOIYR+KnUjOW59V54 +XNzhGFmfxc8RJQKBwBK16HAnFXW3+BJTbpm73bHZXEno5xYnajdldyjBa114xSFN +Q0knPBKCziAYq+slVNel7xNO3LUCXfqT5JcRMa8rUchm0yPbssQLJePH+Y6Rhlcx +MuLrSY9n/DbhQUUV6zVnEWBPwVccAEUsPZ1Xbl0ku6d0iwcjtA+w2XLH2Za8SSi5 +UNofYAzT256nJDQDxerYhZbiwqW9ykGeO+dl1lINe1CScNSD5S3sc9rjLbT9IAZy +oA2ZhBP/mdZ0yEeTwwKBwE5evNH1Ze56EJpO17fDs6shqECYsOCWWauFVHQinnrO ++aO8ZnwOfLVy2AEAkusjadsmjMBM3NdFNK9L2mvdfFKOwZ/Cwrm2vnwh2kSFTksD +I29WFj6jwBHNBE+dCYXraRjqIFrP9puKg2ECydp9g4ruxX4Kf6thpz1ML7GAnx/K +xdVBeDJisyxk1g3WijkGfGne9bozZiWLo4jW96+qn2/0//jB8B5ORDIn8kS/TfFN +ezTQp0HUwoiHK+bS2l+FQg== +-----END PRIVATE KEY----- diff --git a/src/tests/test_pk_pad.cpp b/src/tests/test_pk_pad.cpp index bd33dde6c2..ecfdba5d51 100644 --- a/src/tests/test_pk_pad.cpp +++ b/src/tests/test_pk_pad.cpp @@ -69,6 +69,101 @@ class EME_Decoding_Tests final : public Text_Based_Test BOTAN_REGISTER_TEST("pk_pad_eme", EME_Decoding_Tests); +class EMSA_unit_tests final : public Test + { + public: + std::vector run() override + { + Test::Result name_tests("EMSA_name_tests"); + + std::vector pads_need_hash = + { +#if BOTAN_HAS_EMSA1 + "EMSA1", +#endif +#if BOTAN_HAS_EMSA_X931 + "EMSA2", +#endif +#if BOTAN_HAS_EMSA_PKCS1 + "EMSA3", +#endif +#if BOTAN_HAS_EMSA_PSSR + "EMSA4", + "PSSR_Raw", +#endif +#if BOTAN_HAS_ISO_9796 + "ISO_9796_DS2", + "ISO_9796_DS3", +#endif + }; + + std::vector pads_no_hash = + { +#if BOTAN_HAS_EMSA_RAW + "Raw", +#endif +#if BOTAN_HAS_EMSA_PKCS1 + "EMSA3(Raw)", + "EMSA3(Raw,SHA-512)", +#endif + }; + + for(auto pad : pads_need_hash) + { + try + { + std::unique_ptr emsa_1( + Botan::get_emsa(pad + "(" + Botan::hash_for_emsa(pad) + ")")); + std::unique_ptr emsa_2(Botan::get_emsa(emsa_1->name())); + name_tests.test_eq("EMSA_name_test for " + pad, + emsa_1->name(), emsa_2->name()); + } + catch(const std::exception& e) + { + name_tests.test_failure("EMSA_name_test for " + pad + ": " + e.what()); + } + } + + for(auto pad : pads_need_hash) + { + std::string algo_name = pad + "(YYZ)"; + try + { + std::unique_ptr emsa( + Botan::get_emsa(algo_name)); + name_tests.test_failure("EMSA_name_test for " + pad + ": " + + "Could create EMSA with fantasy hash YYZ"); + } + catch(const std::exception& e) + { + name_tests.test_eq("EMSA_name_test for " + pad, + e.what(), + "Could not find any algorithm named \"" + algo_name + "\""); + } + } + + for(auto pad : pads_no_hash) + { + try + { + std::unique_ptr emsa_1(Botan::get_emsa(pad)); + std::unique_ptr emsa_2(Botan::get_emsa(emsa_1->name())); + name_tests.test_eq("EMSA_name_test for " + pad, + emsa_1->name(), emsa_2->name()); + } + catch(const std::exception& e) + { + name_tests.test_failure("EMSA_name_test for " + pad + ": " + e.what()); + } + } + + + return { name_tests }; + } + }; + +BOTAN_REGISTER_TEST("pk_pad_emsa_unit", EMSA_unit_tests); + #endif } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index a8849292a2..11f2932a8e 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -19,6 +19,7 @@ #include #include #include + #include #endif @@ -35,26 +36,28 @@ Botan::X509_Time from_date(const int y, const int m, const int d) } /* Return some option sets */ -Botan::X509_Cert_Options ca_opts() +Botan::X509_Cert_Options ca_opts(const std::string& sig_padding = "") { Botan::X509_Cert_Options opts("Test CA/US/Botan Project/Testing"); opts.uri = "https://botan.randombit.net"; opts.dns = "botan.randombit.net"; opts.email = "testing@randombit.net"; + opts.set_padding_scheme(sig_padding); opts.CA_key(1); return opts; } -Botan::X509_Cert_Options req_opts1(const std::string& algo) +Botan::X509_Cert_Options req_opts1(const std::string& algo, const std::string& sig_padding = "") { Botan::X509_Cert_Options opts("Test User 1/US/Botan Project/Testing"); opts.uri = "https://botan.randombit.net"; opts.dns = "botan.randombit.net"; opts.email = "testing@randombit.net"; + opts.set_padding_scheme(sig_padding); opts.not_before("160101200000Z"); opts.not_after("300101200000Z"); @@ -73,13 +76,14 @@ Botan::X509_Cert_Options req_opts1(const std::string& algo) return opts; } -Botan::X509_Cert_Options req_opts2() +Botan::X509_Cert_Options req_opts2(const std::string& sig_padding = "") { Botan::X509_Cert_Options opts("Test User 2/US/Botan Project/Testing"); opts.uri = "https://botan.randombit.net"; opts.dns = "botan.randombit.net"; opts.email = "testing@randombit.net"; + opts.set_padding_scheme(sig_padding); opts.add_ex_constraint("PKIX.EmailProtection"); @@ -461,7 +465,7 @@ Test::Result test_x509_bmpstring() return result; } -Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash_fn = "SHA-256") +Test::Result test_x509_cert(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") { Test::Result result("X509 Unit"); @@ -476,7 +480,7 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash } /* Create the self-signed cert */ - const auto ca_cert = Botan::X509::create_self_signed_cert(ca_opts(), *ca_key, hash_fn, Test::rng()); + const auto ca_cert = Botan::X509::create_self_signed_cert(ca_opts(sig_padding), *ca_key, hash_fn, Test::rng()); { const auto constraints = Botan::Key_Constraints(Botan::KEY_CERT_SIGN | Botan::CRL_SIGN); @@ -487,7 +491,7 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash std::unique_ptr user1_key(make_a_private_key(sig_algo)); Botan::PKCS10_Request user1_req = - Botan::X509::create_cert_req(req_opts1(sig_algo), + Botan::X509::create_cert_req(req_opts1(sig_algo, sig_padding), *user1_key, hash_fn, Test::rng()); @@ -499,13 +503,13 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash std::unique_ptr user2_key(make_a_private_key(sig_algo)); Botan::PKCS10_Request user2_req = - Botan::X509::create_cert_req(req_opts2(), + Botan::X509::create_cert_req(req_opts2(sig_padding), *user2_key, hash_fn, Test::rng()); /* Create the CA object */ - Botan::X509_CA ca(ca_cert, *ca_key, hash_fn, Test::rng()); + Botan::X509_CA ca(ca_cert, *ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); /* Sign the requests to create the certs */ Botan::X509_Certificate user1_cert = @@ -519,7 +523,8 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& hash from_date(2033, 01, 01)); // user#1 creates a self-signed cert on the side - const auto user1_ss_cert = Botan::X509::create_self_signed_cert(req_opts1(sig_algo), *user1_key, hash_fn, Test::rng()); + const auto user1_ss_cert = + Botan::X509::create_self_signed_cert(req_opts1(sig_algo, sig_padding), *user1_key, hash_fn, Test::rng()); { auto constrains = req_opts1(sig_algo).constraints; @@ -718,7 +723,7 @@ Test::Result test_usage(const std::string& sig_algo, const std::string& hash_fn return result; } -Test::Result test_self_issued(const std::string& sig_algo, const std::string& hash_fn = "SHA-256") +Test::Result test_self_issued(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") { using Botan::Key_Constraints; @@ -736,10 +741,10 @@ Test::Result test_self_issued(const std::string& sig_algo, const std::string& ha // create the self-signed cert const Botan::X509_Certificate ca_cert = Botan::X509::create_self_signed_cert( - ca_opts(), *ca_key, hash_fn, Test::rng()); + ca_opts(sig_padding), *ca_key, hash_fn, Test::rng()); /* Create the CA object */ - const Botan::X509_CA ca(ca_cert, *ca_key, hash_fn, Test::rng()); + const Botan::X509_CA ca(ca_cert, *ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); std::unique_ptr user_key(make_a_private_key(sig_algo)); @@ -747,6 +752,7 @@ Test::Result test_self_issued(const std::string& sig_algo, const std::string& ha // but signed by a CA, not signed by it's own private key Botan::X509_Cert_Options opts = ca_opts(); opts.constraints = Key_Constraints::DIGITAL_SIGNATURE; + opts.set_padding_scheme(sig_padding); const Botan::PKCS10_Request self_issued_req = Botan::X509::create_cert_req(opts, *user_key, hash_fn, Test::rng()); @@ -1063,7 +1069,7 @@ class String_Extension final : public Botan::Certificate_Extension std::string m_contents; }; -Test::Result test_x509_extensions(const std::string& sig_algo, const std::string& hash_fn = "SHA-256") +Test::Result test_x509_extensions(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") { using Botan::Key_Constraints; @@ -1080,10 +1086,11 @@ Test::Result test_x509_extensions(const std::string& sig_algo, const std::string } /* Create the self-signed cert */ - Botan::X509_Certificate ca_cert = Botan::X509::create_self_signed_cert(ca_opts(), *ca_key, hash_fn, Test::rng()); + Botan::X509_Certificate ca_cert = + Botan::X509::create_self_signed_cert(ca_opts(sig_padding), *ca_key, hash_fn, Test::rng()); /* Create the CA object */ - Botan::X509_CA ca(ca_cert, *ca_key, hash_fn, Test::rng()); + Botan::X509_CA ca(ca_cert, *ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); std::unique_ptr user_key(make_a_private_key(sig_algo)); @@ -1096,6 +1103,7 @@ Test::Result test_x509_extensions(const std::string& sig_algo, const std::string const Botan::OID ku_oid = Botan::OIDS::lookup("X509v3.KeyUsage"); req_extensions.add(new String_Extension("AAAAAAAAAAAAAABCDEF"), false); opts.extensions = req_extensions; + opts.set_padding_scheme(sig_padding); /* Create a self-signed certificate */ const Botan::X509_Certificate self_signed_cert = Botan::X509::create_self_signed_cert( @@ -1220,6 +1228,99 @@ Test::Result test_hashes(const std::string& algo, const std::string& hash_fn = " return result; } +/* + * @brief checks the configurability of the EMSA4(RSA-PSS) signature scheme + * + * For the other algorithms than RSA, only one padding is supported right now. + */ +Test::Result test_padding_config() { + // Throughout the test, some synonyms for EMSA4 are used, e.g. PSSR, EMSA-PSS + Test::Result test_result("X509 Padding Config"); + + std::unique_ptr sk(Botan::PKCS8::load_key( + Test::data_file("x509/misc/rsa_key.pem"), Test::rng())); + + // Create X509 CA certificate; EMSA3 is used for signing by default + Botan::X509_Cert_Options opt("TESTCA"); + opt.CA_key(); + Botan::X509_Certificate ca_cert_def = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); + test_result.test_eq("CA certificate signature algorithm (default)", + Botan::OIDS::lookup(ca_cert_def.signature_algorithm().oid),"RSA/EMSA3(SHA-512)"); + + // Create X509 CA certificate; RSA-PSS is explicitly set + opt.set_padding_scheme("PSSR"); + Botan::X509_Certificate ca_cert_exp = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); + test_result.test_eq("CA certificate signature algorithm (explicit)", + Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + + // Try to set a padding scheme that is not supported for signing with the given key type + opt.set_padding_scheme("EMSA1"); + try + { + Botan::X509_Certificate ca_cert_wrong = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); + test_result.test_failure("Could build CA certitiface with invalid encoding scheme EMSA1 for key type " + sk->algo_name()); + } + catch (const Botan::Invalid_Argument& e) + { + test_result.test_eq("Build CA certitiface with invalid encoding scheme EMSA1 for key type " + + sk->algo_name(), e.what(), + "Invalid argument Encoding scheme with canonical name EMSA1 not supported for signature algorithm RSA"); + } + test_result.test_eq("CA certificate signature algorithm (explicit)", + Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + + // Prepare a signing request for the end certificate + Botan::X509_Cert_Options req_opt("endpoint"); + req_opt.set_padding_scheme("EMSA4(SHA-512,MGF1,64)"); + auto not_before = Botan::calendar_point(2017, 1, 1, 1, 1, + 1).to_std_timepoint(); + auto not_after = Botan::calendar_point(2018, 1, 1, 1, 1, + 1).to_std_timepoint(); + Botan::PKCS10_Request end_req = Botan::X509::create_cert_req(req_opt, (*sk), "SHA-512", Test::rng()); + test_result.test_eq("Certificate request signature algorithm", Botan::OIDS::lookup(end_req.signature_algorithm().oid),"RSA/EMSA4"); + + // Create X509 CA object: will fail as the chosen hash functions differ + try + { + Botan::X509_CA ca_fail(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-256)"}},"SHA-512", Test::rng()); + test_result.test_failure("Configured conflicting hash functions for CA"); + } + catch(const Botan::Invalid_Argument& e) + { + test_result.test_eq("Configured conflicting hash functions for CA", + e.what(), + "Invalid argument Hash function from opts and hash_fn argument need to be identical"); + } + + // Create X509 CA object: its signer will use the padding scheme from the CA certificate, i.e. EMSA3 + Botan::X509_CA ca_def(ca_cert_def, (*sk), "SHA-512", Test::rng()); + Botan::X509_Certificate end_cert_emsa3 = ca_def.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa3.signature_algorithm().oid), "RSA/EMSA3(SHA-512)"); + + // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is different from the CA certificate's scheme + Botan::X509_CA ca_diff(ca_cert_def, (*sk), {{"padding","EMSA-PSS"}}, "SHA-512", Test::rng()); + Botan::X509_Certificate end_cert_diff_emsa4 = ca_diff.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_diff_emsa4.signature_algorithm().oid), "RSA/EMSA4"); + + // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is identical to the CA certificate's scheme + Botan::X509_CA ca_exp(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-512,MGF1,64)"}},"SHA-512", Test::rng()); + Botan::X509_Certificate end_cert_emsa4= ca_exp.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa4.signature_algorithm().oid), "RSA/EMSA4"); + + // Check CRL signature algorithm + Botan::X509_CRL crl = ca_exp.new_crl(Test::rng()); + test_result.test_eq("CRL signature algorithm", Botan::OIDS::lookup(crl.signature_algorithm().oid), "RSA/EMSA4"); + + // sanity check for verification, the heavy lifting is done in the other unit tests + const Botan::Certificate_Store_In_Memory trusted(ca_exp.ca_certificate()); + const Botan::Path_Validation_Restrictions restrictions(false, 80); + const Botan::Path_Validation_Result validation_result = Botan::x509_path_validate( + end_cert_emsa4, restrictions, trusted); + test_result.confirm("EMSA4-signed certificate validates", validation_result.successful_validation()); + + return test_result; +} + class X509_Cert_Unit_Tests final : public Test { public: @@ -1239,16 +1340,17 @@ class X509_Cert_Unit_Tests final : public Test if(algo == "RSA") continue; #endif - - try - { - cert_result.merge(test_x509_cert(algo)); - } - catch(std::exception& e) + for(auto padding_scheme : Botan::get_sig_paddings(algo)) { - cert_result.test_failure("test_x509_cert " + algo, e.what()); + try + { + cert_result.merge(test_x509_cert(algo, padding_scheme)); + } + catch(std::exception& e) + { + cert_result.test_failure("test_x509_cert " + algo, e.what()); + } } - try { usage_result.merge(test_usage(algo)); @@ -1257,23 +1359,27 @@ class X509_Cert_Unit_Tests final : public Test { usage_result.test_failure("test_usage " + algo, e.what()); } - - try - { - self_issued_result.merge(test_self_issued(algo)); - } - catch(std::exception& e) - { - self_issued_result.test_failure("test_self_issued " + algo, e.what()); - } - - try + for(auto padding_scheme : Botan::get_sig_paddings(algo)) { - extensions_result.merge(test_x509_extensions(algo)); + try + { + self_issued_result.merge(test_self_issued(algo, padding_scheme)); + } + catch(std::exception& e) + { + self_issued_result.test_failure("test_self_issued " + algo, e.what()); + } } - catch(std::exception& e) + for(auto padding_scheme : Botan::get_sig_paddings(algo)) { - extensions_result.test_failure("test_extensions " + algo, e.what()); + try + { + extensions_result.merge(test_x509_extensions(algo, padding_scheme)); + } + catch(std::exception& e) + { + extensions_result.test_failure("test_extensions " + algo, e.what()); + } } } @@ -1282,6 +1388,17 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(self_issued_result); results.push_back(extensions_result); + Test::Result pad_config_result("X509 Padding Config"); + try + { + pad_config_result.merge(test_padding_config()); + } + catch(const std::exception& e) + { + pad_config_result.test_failure("test_padding_config", e.what()); + } + results.push_back(pad_config_result); + const std::vector pk_algos { "DH", "ECDH", "RSA", "ElGamal", "GOST-34.10", From 61c5f407ec489e974da553179b7ce91a95007329 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 22 Dec 2017 09:20:10 -0500 Subject: [PATCH 0405/1008] Avoid unused parameter warnings --- src/lib/pk_pad/emsa.cpp | 6 ++++++ src/lib/pk_pad/emsa.h | 7 +++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp index 9904a0e2f3..126e1421df 100644 --- a/src/lib/pk_pad/emsa.cpp +++ b/src/lib/pk_pad/emsa.cpp @@ -35,6 +35,12 @@ namespace Botan { +AlgorithmIdentifier EMSA::config_for_x509(const Private_Key&, + const std::string&) const + { + throw Not_Implemented("Encoding " + name() + " not supported for signing X509 objects"); + } + EMSA* get_emsa(const std::string& algo_spec) { SCAN_Name req(algo_spec); diff --git a/src/lib/pk_pad/emsa.h b/src/lib/pk_pad/emsa.h index db835f1bda..d18edc757a 100644 --- a/src/lib/pk_pad/emsa.h +++ b/src/lib/pk_pad/emsa.h @@ -24,6 +24,8 @@ class RandomNumberGenerator; class BOTAN_PUBLIC_API(2,0) EMSA { public: + virtual ~EMSA() = default; + /** * Add more data to the signature computation * @param input some data @@ -67,10 +69,7 @@ class BOTAN_PUBLIC_API(2,0) EMSA * @return padding string to be consumed by PK_signer */ virtual AlgorithmIdentifier config_for_x509(const Private_Key& key, - const std::string& cert_hash_name) const - { throw Not_Implemented("Encoding " + name() + " not supported for signing X509 objects"); } - - virtual ~EMSA() = default; + const std::string& cert_hash_name) const; /** * @return a new object representing the same encoding method as *this From bf0f89a52bbe67cd892ba1a8d6790ff30d7fc8d1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 22 Dec 2017 09:26:24 -0500 Subject: [PATCH 0406/1008] Update news --- news.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/news.rst b/news.rst index 6731f2e01c..94efc7439b 100644 --- a/news.rst +++ b/news.rst @@ -16,8 +16,8 @@ Version 2.4.0, Not Yet Released * Support for ARIA-GCM ciphersuites are now available in TLS. They are disabled by default. (GH #1284) -* Add support for verifying X.509 objects (certificates, CRLs, etc) using - RSA-PSS signatures (GH #1270) +* Add support for generating and verifying X.509 objects (certificates, CRLs, + etc) using RSA-PSS signatures (GH #1270 and #1368) * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) From b237575f35d3cbffb4c4f91b0a379c45b7b0003c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 22 Dec 2017 09:46:08 -0500 Subject: [PATCH 0407/1008] Break out of Win32 entropy poll as soon as entropy goal is reached. Rather than running over the entire heap list which may be long. Fixes #1369 --- news.rst | 3 +++ src/lib/entropy/win32_stats/es_win32.cpp | 22 +++++++++++++++------- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/news.rst b/news.rst index 94efc7439b..9619e80159 100644 --- a/news.rst +++ b/news.rst @@ -398,6 +398,9 @@ Version 2.3.0, 2017-10-02 * Add more tests for the const-time utils (GH #1214) +* Resolve a performance regression on Windows involving the system stats + entropy source. (GH #1369) + * Fix a bug in FFI tests that caused the test files not to be found when using ``--data-dir`` option (GH #1149) diff --git a/src/lib/entropy/win32_stats/es_win32.cpp b/src/lib/entropy/win32_stats/es_win32.cpp index 0e7056550b..86d1f2cafb 100644 --- a/src/lib/entropy/win32_stats/es_win32.cpp +++ b/src/lib/entropy/win32_stats/es_win32.cpp @@ -19,6 +19,10 @@ namespace Botan { */ size_t Win32_EntropySource::poll(RandomNumberGenerator& rng) { + const size_t POLL_TARGET = 128; + const size_t EST_ENTROPY_HEAP_INFO = 4; + const size_t EST_ENTROPY_THREAD_INFO = 2; + /* First query a bunch of basic statistical stuff */ @@ -51,10 +55,10 @@ size_t Win32_EntropySource::poll(RandomNumberGenerator& rng) */ HANDLE snapshot = ::CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); - size_t bits = 0; + size_t collected = 0; #define TOOLHELP32_ITER(DATA_TYPE, FUNC_FIRST, FUNC_NEXT) \ - if(bits < 256) \ + if(collected < POLL_TARGET) \ { \ DATA_TYPE info; \ info.dwSize = sizeof(DATA_TYPE); \ @@ -63,7 +67,9 @@ size_t Win32_EntropySource::poll(RandomNumberGenerator& rng) do \ { \ rng.add_entropy_T(info); \ - bits += 4; \ + collected += EST_ENTROPY_THREAD_INFO; \ + if(collected >= POLL_TARGET) \ + break; \ } while(FUNC_NEXT(snapshot, &info)); \ } \ } @@ -74,7 +80,7 @@ size_t Win32_EntropySource::poll(RandomNumberGenerator& rng) #undef TOOLHELP32_ITER - if(bits <= 256) + if(collected < POLL_TARGET) { HEAPLIST32 heap_list; heap_list.dwSize = sizeof(HEAPLIST32); @@ -94,11 +100,13 @@ size_t Win32_EntropySource::poll(RandomNumberGenerator& rng) do { rng.add_entropy_T(heap_entry); - bits += 4; + collected += EST_ENTROPY_HEAP_INFO; + if(collected >= POLL_TARGET) + break; } while(::Heap32Next(&heap_entry)); } - if(bits >= 256) + if(collected >= POLL_TARGET) break; } while(::Heap32ListNext(snapshot, &heap_list)); @@ -107,7 +115,7 @@ size_t Win32_EntropySource::poll(RandomNumberGenerator& rng) ::CloseHandle(snapshot); - return bits; + return collected; } } From e1d9bb580d88e51c4ce7eb2a019ec003e5c160b9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 22 Dec 2017 11:06:47 -0500 Subject: [PATCH 0408/1008] Fix error reporting in dist script under Python3 bin vs str strikes again --- src/scripts/dist.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/scripts/dist.py b/src/scripts/dist.py index 91352532f4..757e139005 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -23,6 +23,7 @@ import sys import tarfile import time +import traceback # This is horrible, but there is no way to override tarfile's use of time.time # in setting the gzip header timestamp, which breaks deterministic archives @@ -33,9 +34,12 @@ def null_time(): def check_subprocess_results(subproc, name): - (stdout, stderr) = subproc.communicate() + (raw_stdout, raw_stderr) = subproc.communicate() + + stderr = raw_stderr.decode('utf-8') if subproc.returncode != 0: + stdout = raw_stdout.decode('utf-8') if stdout != '': logging.error(stdout) if stderr != '': @@ -43,9 +47,9 @@ def check_subprocess_results(subproc, name): raise Exception('Running %s failed' % (name)) else: if stderr != '': - logging.debug(stderr) + logging.warning(stderr) - return stdout + return raw_stdout def run_git(args): cmd = ['git'] + args @@ -255,6 +259,8 @@ def emit(self, record): super(ExitOnErrorLogHandler, self).emit(record) # Exit script if and ERROR or worse occurred if record.levelno >= logging.ERROR: + if sys.exc_info()[2] != None: + logging.info(traceback.format_exc()) sys.exit(1) def log_level(): @@ -404,7 +410,6 @@ def output_name(): try: sys.exit(main()) except Exception as e: # pylint: disable=broad-except + logging.info(traceback.format_exc()) logging.error(e) - import traceback - logging.error(traceback.format_exc()) sys.exit(1) From c8a39ff74a00f9787cb37925e1d09351096680d1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 22 Dec 2017 12:51:40 -0500 Subject: [PATCH 0409/1008] Avoid possible null pointer deref Caught with Coverity --- src/tests/unit_ecdsa.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index b4bafd7e40..99acc3f211 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -216,11 +216,11 @@ Test::Result test_ecdsa_create_save_load() std::unique_ptr loaded_key(Botan::PKCS8::load_key(pem_src, Test::rng())); Botan::ECDSA_PrivateKey* loaded_ec_key = dynamic_cast(loaded_key.get()); result.confirm("the loaded key could be converted into an ECDSA_PrivateKey", loaded_ec_key); - result.confirm("the loaded key produces equal encoding", - (ecc_private_key_pem == Botan::PKCS8::PEM_encode(*loaded_ec_key))); if(loaded_ec_key) { + result.confirm("the loaded key produces equal encoding", + (ecc_private_key_pem == Botan::PKCS8::PEM_encode(*loaded_ec_key))); Botan::PK_Verifier verifier(*loaded_ec_key, "EMSA1(SHA-256)"); result.confirm("generated signature valid", verifier.verify_message(msg, msg_signature)); } From 7aed6f3d241fa3d57ce103e4fc5138463669db63 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 05:10:19 -0500 Subject: [PATCH 0410/1008] EMSA has a build-time dependency on ASN.1 now [ci skip] --- src/lib/pk_pad/info.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/pk_pad/info.txt b/src/lib/pk_pad/info.txt index 513c4d0adc..6994cf0972 100644 --- a/src/lib/pk_pad/info.txt +++ b/src/lib/pk_pad/info.txt @@ -5,6 +5,7 @@ PK_PADDING -> 20131128 load_on auto +asn1 rng From 7a937f14f8df85238bd850f3636cac733703b287 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 05:17:35 -0500 Subject: [PATCH 0411/1008] PSK_DB requires base64 [ci skip] --- src/lib/psk_db/info.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/psk_db/info.txt b/src/lib/psk_db/info.txt index 814a304715..4b1d0747ed 100644 --- a/src/lib/psk_db/info.txt +++ b/src/lib/psk_db/info.txt @@ -5,6 +5,7 @@ PSK_DB -> 20171119 aes hmac +base64 sha2_32 nist_keywrap From 5d59f00cec3f2d5d549b004a154ba82d098bc4b0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 05:56:58 -0500 Subject: [PATCH 0412/1008] Avoid relying on AutoSeeded_RNG in XMSS Just needed for the self-benchmark easier to just use fixed input. --- src/lib/pubkey/xmss/xmss_tools.cpp | 5 +++-- src/lib/pubkey/xmss/xmss_tools.h | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/xmss/xmss_tools.cpp b/src/lib/pubkey/xmss/xmss_tools.cpp index 9b71ab36cd..f4f762aeb7 100644 --- a/src/lib/pubkey/xmss/xmss_tools.cpp +++ b/src/lib/pubkey/xmss/xmss_tools.cpp @@ -33,12 +33,13 @@ size_t XMSS_Tools::bench_threads() for(const auto& cc : concurrency) { - AutoSeeded_RNG rng; std::vector hash(std::thread::hardware_concurrency(), XMSS_Hash("SHA-256")); + + const std::vector buffer(hash[0].output_length()); std::vector> data( std::thread::hardware_concurrency(), - rng.random_vec(hash[0].output_length())); + secure_vector(hash[0].output_length())); auto start = std::chrono::high_resolution_clock::now(); for(size_t i = 0; i < cc; ++i) { diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index e9f877eaed..65c4a83a7c 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -12,11 +12,11 @@ #include #include #include + #if defined(BOTAN_TARGET_OS_HAS_THREADS) #include #include #include - #include #endif namespace Botan { From 969007e52ec5f5d5d1c8ba8b54e8cd3c9b117f04 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 05:58:20 -0500 Subject: [PATCH 0413/1008] Deinline functions in EMSA, add pubkey as dependency --- src/lib/pk_pad/emsa.h | 2 +- src/lib/pk_pad/emsa1/emsa1.cpp | 6 ++++++ src/lib/pk_pad/emsa1/emsa1.h | 3 +-- src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp | 1 + src/lib/pk_pad/emsa_pssr/pssr.cpp | 1 + src/lib/pk_pad/emsa_raw/emsa_raw.cpp | 7 +++++++ src/lib/pk_pad/emsa_raw/emsa_raw.h | 5 +---- src/lib/pk_pad/emsa_x931/emsa_x931.cpp | 5 +++++ src/lib/pk_pad/emsa_x931/emsa_x931.h | 4 ++-- src/lib/pk_pad/info.txt | 1 + src/lib/pk_pad/iso9796/iso9796.cpp | 25 +++++++++++++++++------- src/lib/pk_pad/iso9796/iso9796.h | 10 ++++------ 12 files changed, 48 insertions(+), 22 deletions(-) diff --git a/src/lib/pk_pad/emsa.h b/src/lib/pk_pad/emsa.h index d18edc757a..f1175ca866 100644 --- a/src/lib/pk_pad/emsa.h +++ b/src/lib/pk_pad/emsa.h @@ -10,10 +10,10 @@ #include #include -#include namespace Botan { +class Private_Key; class RandomNumberGenerator; /** diff --git a/src/lib/pk_pad/emsa1/emsa1.cpp b/src/lib/pk_pad/emsa1/emsa1.cpp index 76f668f832..b4391b48d4 100644 --- a/src/lib/pk_pad/emsa1/emsa1.cpp +++ b/src/lib/pk_pad/emsa1/emsa1.cpp @@ -8,6 +8,7 @@ #include #include #include +#include #include namespace Botan { @@ -43,6 +44,11 @@ secure_vector emsa1_encoding(const secure_vector& msg, } +std::string EMSA1::name() const + { + return "EMSA1(" + m_hash->name() + ")"; + } + EMSA* EMSA1::clone() { return new EMSA1(m_hash->clone()); diff --git a/src/lib/pk_pad/emsa1/emsa1.h b/src/lib/pk_pad/emsa1/emsa1.h index 35071675f0..7b4d027da5 100644 --- a/src/lib/pk_pad/emsa1/emsa1.h +++ b/src/lib/pk_pad/emsa1/emsa1.h @@ -27,8 +27,7 @@ class BOTAN_PUBLIC_API(2,0) EMSA1 final : public EMSA EMSA* clone() override; - virtual std::string name() const override - { return "EMSA1(" + m_hash->name() + ")"; }; + std::string name() const override; AlgorithmIdentifier config_for_x509(const Private_Key& key, const std::string& cert_hash_name) const override; diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp index 5e50248066..0fabb87da1 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp @@ -9,6 +9,7 @@ #include #include #include +#include #include namespace Botan { diff --git a/src/lib/pk_pad/emsa_pssr/pssr.cpp b/src/lib/pk_pad/emsa_pssr/pssr.cpp index 510d84a99f..abe84f455f 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.cpp +++ b/src/lib/pk_pad/emsa_pssr/pssr.cpp @@ -12,6 +12,7 @@ #include #include #include +#include #include namespace Botan { diff --git a/src/lib/pk_pad/emsa_raw/emsa_raw.cpp b/src/lib/pk_pad/emsa_raw/emsa_raw.cpp index 0302033f00..0ac11dc5ad 100644 --- a/src/lib/pk_pad/emsa_raw/emsa_raw.cpp +++ b/src/lib/pk_pad/emsa_raw/emsa_raw.cpp @@ -10,6 +10,13 @@ namespace Botan { +std::string EMSA_Raw::name() const + { + if(m_expected_size > 0) + return "Raw(" + std::to_string(m_expected_size) + ")"; + return "Raw"; + } + /* * EMSA-Raw Encode Operation */ diff --git a/src/lib/pk_pad/emsa_raw/emsa_raw.h b/src/lib/pk_pad/emsa_raw/emsa_raw.h index 5f2b994f56..3bac4ef674 100644 --- a/src/lib/pk_pad/emsa_raw/emsa_raw.h +++ b/src/lib/pk_pad/emsa_raw/emsa_raw.h @@ -24,10 +24,7 @@ class BOTAN_PUBLIC_API(2,0) EMSA_Raw final : public EMSA explicit EMSA_Raw(size_t expected_hash_size = 0) : m_expected_size(expected_hash_size) {} - virtual std::string name() const override - { if(m_expected_size > 0) - return "Raw(" + std::to_string(m_expected_size) + ")"; - else return "Raw"; } + std::string name() const override; private: void update(const uint8_t[], size_t) override; secure_vector raw_data() override; diff --git a/src/lib/pk_pad/emsa_x931/emsa_x931.cpp b/src/lib/pk_pad/emsa_x931/emsa_x931.cpp index 91227328eb..b1f698f86d 100644 --- a/src/lib/pk_pad/emsa_x931/emsa_x931.cpp +++ b/src/lib/pk_pad/emsa_x931/emsa_x931.cpp @@ -43,6 +43,11 @@ secure_vector emsa2_encoding(const secure_vector& msg, } +std::string EMSA_X931::name() const + { + return "EMSA2(" + m_hash->name() + ")"; + } + void EMSA_X931::update(const uint8_t input[], size_t length) { m_hash->update(input, length); diff --git a/src/lib/pk_pad/emsa_x931/emsa_x931.h b/src/lib/pk_pad/emsa_x931/emsa_x931.h index 6ce9e339a2..e20d303b68 100644 --- a/src/lib/pk_pad/emsa_x931/emsa_x931.h +++ b/src/lib/pk_pad/emsa_x931/emsa_x931.h @@ -28,8 +28,8 @@ class BOTAN_PUBLIC_API(2,0) EMSA_X931 final : public EMSA EMSA* clone() override { return new EMSA_X931(m_hash->clone()); } - virtual std::string name() const override - { return "EMSA2(" + m_hash->name() + ")"; }; + std::string name() const override; + private: void update(const uint8_t[], size_t) override; secure_vector raw_data() override; diff --git a/src/lib/pk_pad/info.txt b/src/lib/pk_pad/info.txt index 6994cf0972..afadf56554 100644 --- a/src/lib/pk_pad/info.txt +++ b/src/lib/pk_pad/info.txt @@ -7,6 +7,7 @@ load_on auto asn1 rng +pubkey diff --git a/src/lib/pk_pad/iso9796/iso9796.cpp b/src/lib/pk_pad/iso9796/iso9796.cpp index 5b74319e02..99a1dfd298 100644 --- a/src/lib/pk_pad/iso9796/iso9796.cpp +++ b/src/lib/pk_pad/iso9796/iso9796.cpp @@ -128,7 +128,7 @@ bool iso9796_verification(const secure_vector& const_coded, } secure_vector coded = const_coded; - + CT::poison(coded.data(), coded.size()); //remove mask uint8_t* DB = coded.data(); @@ -149,18 +149,18 @@ bool iso9796_verification(const secure_vector& const_coded, const uint8_t one_m = CT::is_equal(DB[j], 0x01); const uint8_t zero_m = CT::is_zero(DB[j]); const uint8_t add_m = waiting_for_delim & zero_m; - + bad_input |= waiting_for_delim & ~(zero_m | one_m); msg1_offset += CT::select(add_m, 1, 0); - + waiting_for_delim &= zero_m; } - + //invalid, if delimiter 0x01 was not found or msg1_offset is too big bad_input |= waiting_for_delim; bad_input |= CT::is_less(coded.size(), tLength + HASH_SIZE + msg1_offset + SALT_SIZE); - //in case that msg1_offset is too big, just continue with offset = 0. + //in case that msg1_offset is too big, just continue with offset = 0. msg1_offset = CT::select(bad_input, 0, msg1_offset); CT::unpoison(coded.data(), coded.size()); @@ -202,15 +202,21 @@ bool iso9796_verification(const secure_vector& const_coded, hash->update(msg2); hash->update(salt); secure_vector H2 = hash->final(); - + //check if H3 == H2 bad_input |= CT::is_equal(constant_time_compare(H3.data(), H2.data(), HASH_SIZE), false); - + CT::unpoison(bad_input); return (bad_input == 0); } } + +EMSA* ISO_9796_DS2::clone() + { + return new ISO_9796_DS2(m_hash->clone(), m_implicit, m_SALT_SIZE); + } + /* * ISO-9796-2 signature scheme 2 * DS 2 is probabilistic @@ -258,6 +264,11 @@ std::string ISO_9796_DS2::name() const + (m_implicit ? "imp" : "exp") + "," + std::to_string(m_SALT_SIZE) + ")"; } +EMSA* ISO_9796_DS3::clone() + { + return new ISO_9796_DS3(m_hash->clone(), m_implicit); + } + /* * ISO-9796-2 signature scheme 3 * DS 3 is deterministic and equals DS2 without salt diff --git a/src/lib/pk_pad/iso9796/iso9796.h b/src/lib/pk_pad/iso9796/iso9796.h index 994295f0f1..7af9a269ba 100644 --- a/src/lib/pk_pad/iso9796/iso9796.h +++ b/src/lib/pk_pad/iso9796/iso9796.h @@ -34,10 +34,9 @@ class BOTAN_PUBLIC_API(2,0) ISO_9796_DS2 final : public EMSA ISO_9796_DS2(HashFunction* hash, bool implicit, size_t salt_size) : m_hash(hash), m_implicit(implicit), m_SALT_SIZE(salt_size) {} - EMSA* clone() override - {return new ISO_9796_DS2(m_hash->clone(), m_implicit, m_SALT_SIZE);} + EMSA* clone() override; - virtual std::string name() const override; + std::string name() const override; private: void update(const uint8_t input[], size_t length) override; @@ -70,10 +69,9 @@ class BOTAN_PUBLIC_API(2,0) ISO_9796_DS3 final : public EMSA ISO_9796_DS3(HashFunction* hash, bool implicit = false) : m_hash(hash), m_implicit(implicit) {} - EMSA* clone() override - {return new ISO_9796_DS3(m_hash->clone(), m_implicit);} + EMSA* clone() override; - virtual std::string name() const override; + std::string name() const override; private: void update(const uint8_t input[], size_t length) override; From eb6c280b76b6f1d5909da016ee7f4c8fa52eb406 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 06:00:02 -0500 Subject: [PATCH 0414/1008] Avoid uninitialized param warning --- src/lib/entropy/entropy_srcs.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp index c05ff9495d..3dae274605 100644 --- a/src/lib/entropy/entropy_srcs.cpp +++ b/src/lib/entropy/entropy_srcs.cpp @@ -123,6 +123,7 @@ std::unique_ptr Entropy_Source::create(const std::string& name) } #endif + BOTAN_UNUSED(name); return std::unique_ptr(); } From 4e101df712233ba6ef972b70d705bb29c7f1b7cf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 06:20:51 -0500 Subject: [PATCH 0415/1008] Avoid undefined behavior in SipHash --- src/lib/mac/siphash/siphash.cpp | 10 ++++++- src/tests/data/mac/siphash.vec | 51 +++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/src/lib/mac/siphash/siphash.cpp b/src/lib/mac/siphash/siphash.cpp index 80acc4d608..7d8931c072 100644 --- a/src/lib/mac/siphash/siphash.cpp +++ b/src/lib/mac/siphash/siphash.cpp @@ -80,7 +80,15 @@ void SipHash::final_result(uint8_t mac[]) { verify_key_set(m_V.empty() == false); - m_mbuf = (m_mbuf >> (64-m_mbuf_pos*8)) | (static_cast(m_words) << 56); + if(m_mbuf_pos == 0) + { + m_mbuf = (static_cast(m_words) << 56); + } + else if(m_mbuf_pos < 8) + { + m_mbuf = (m_mbuf >> (64-m_mbuf_pos*8)) | (static_cast(m_words) << 56); + } + SipRounds(m_mbuf, m_V, m_C); m_V[2] ^= 0xFF; diff --git a/src/tests/data/mac/siphash.vec b/src/tests/data/mac/siphash.vec index 5420a992ba..7f0ec381e6 100644 --- a/src/tests/data/mac/siphash.vec +++ b/src/tests/data/mac/siphash.vec @@ -3,8 +3,59 @@ Key = 000102030405060708090A0B0C0D0E0F In = 000102030405060708090A0B0C0D0E Out = E545BE4961CA29A1 + + + # Randomly generated by SipHash ref impl +Key = 000102030405060708090A0B0C0D0E0F +In = +Out = 310E0EDD47DB6F72 + +Key = 000102030405060708090A0B0C0D0E0F +In = 00 +Out = FD67DC93C539F874 + +Key = 000102030405060708090A0B0C0D0E0F +In = 0001 +Out = 5A4FA9D909806C0D + +Key = 000102030405060708090A0B0C0D0E0F +In = 000102 +Out = 2D7EFBD796666785 + +Key = 000102030405060708090A0B0C0D0E0F +In = 00010203 +Out = B7877127E09427CF + +Key = 000102030405060708090A0B0C0D0E0F +In = 0001020304 +Out = 8DA699CD64557618 + +Key = 000102030405060708090A0B0C0D0E0F +In = 000102030405 +Out = CEE3FE586E46C9CB + +Key = 000102030405060708090A0B0C0D0E0F +In = 00010203040506 +Out = 37D1018BF50002AB + +Key = 000102030405060708090A0B0C0D0E0F +In = 0001020304050607 +Out = 6224939A79F5F593 + +Key = 000102030405060708090A0B0C0D0E0F +In = 000102030405060708 +Out = B0E4A90BDF82009E + +Key = 000102030405060708090A0B0C0D0E0F +In = 00010203040506070809 +Out = F3B9DD94C5BB5D7A + +Key = 000102030405060708090A0B0C0D0E0F +In = 000102030405060708090A +Out = A7AD6B22462FB3F4 + Key = 67C6697351FF4AEC29CDBAABF2FBE346 In = Out = 9BBA4CA0FF8CF5CA From c5981886f317651d2dad73325911a2c487cc9f79 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 06:33:01 -0500 Subject: [PATCH 0416/1008] Increase size of CRL code enum to 32-bits BSI test is using a large enum value somewhere. --- src/lib/x509/crl_ent.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/x509/crl_ent.h b/src/lib/x509/crl_ent.h index b902eecfa9..27549251f0 100644 --- a/src/lib/x509/crl_ent.h +++ b/src/lib/x509/crl_ent.h @@ -19,7 +19,7 @@ struct CRL_Entry_Data; /** * X.509v2 CRL Reason Code. */ -enum CRL_Code { +enum CRL_Code : uint32_t { UNSPECIFIED = 0, KEY_COMPROMISE = 1, CA_COMPROMISE = 2, From 7f7703d7ecd2015eba184d85d6f805109a01ae1d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 06:55:03 -0500 Subject: [PATCH 0417/1008] FreeBSD removed support for proc filesystem a while ago --- src/lib/entropy/proc_walk/info.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib/entropy/proc_walk/info.txt b/src/lib/entropy/proc_walk/info.txt index bb515b041c..f93d0cb3f2 100644 --- a/src/lib/entropy/proc_walk/info.txt +++ b/src/lib/entropy/proc_walk/info.txt @@ -12,7 +12,6 @@ aix cygwin darwin dragonfly -freebsd hpux hurd linux From dadbc6c843171996cf1c15b3230be94945ef6eb3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 07:23:32 -0500 Subject: [PATCH 0418/1008] Avoid uninitialized field warnings --- src/cli/tls_client.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index db0453a727..8adc901398 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -281,7 +281,8 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks private: int connect_to_host(const std::string& host, uint16_t port, bool tcp) { - addrinfo hints = {}; + addrinfo hints; + std::memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = tcp ? SOCK_STREAM : SOCK_DGRAM; addrinfo* res, *rp = nullptr; From ffc1ac4da043f8fa9a59cc2d83f7fb0744340a14 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 07:54:44 -0500 Subject: [PATCH 0419/1008] Avoid (implicitly) using std::rand with std::random_shuffle This causes link-time warnings on BSD and may make static analyzers angry. --- src/tests/test_x509_path.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 912610ab15..3b84cfd54b 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -552,9 +552,16 @@ std::vector BSI_Path_Validation_Tests::run() * the validation function may be relevant, i.e. if issuer DNs are * ambiguous. */ + auto uniform_shuffle = [](size_t m) -> size_t + { + size_t s; + Test::rng().randomize(reinterpret_cast(&s), sizeof(s)); + return s % m; + }; + for (size_t r = 0; r < 16; r++) { - std::random_shuffle(++(certs.begin()), certs.end()); + std::random_shuffle(++(certs.begin()), certs.end(), uniform_shuffle); Botan::Path_Validation_Result validation_result = Botan::x509_path_validate(certs, restrictions, trusted, "", From f40f25f17a2965ca03d42a17599ced5d5f6d46ab Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 07:33:40 -0500 Subject: [PATCH 0420/1008] Add wrapper functions to clean up cli code using sockets --- src/cli/socket_utils.h | 81 ++++++++++++++++++++++++++++++++++++++++++ src/cli/tls_client.cpp | 58 ++---------------------------- src/cli/tls_server.cpp | 47 +++--------------------- 3 files changed, 88 insertions(+), 98 deletions(-) create mode 100644 src/cli/socket_utils.h diff --git a/src/cli/socket_utils.h b/src/cli/socket_utils.h new file mode 100644 index 0000000000..a8e2a51a62 --- /dev/null +++ b/src/cli/socket_utils.h @@ -0,0 +1,81 @@ +/* +* (C) 2014,2017 Jack Lloyd +* 2017 René Korthaus, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SOCKET_H_ +#define BOTAN_SOCKET_H_ + +#include +#include "cli_exceptions.h" + +#if defined(BOTAN_TARGET_OS_IS_WINDOWS) + +#include +#include + +typedef size_t ssize_t; + +#define STDIN_FILENO _fileno(stdin) + +inline void init_sockets() + { + WSAData wsa_data; + WORD wsa_version = MAKEWORD(2, 2); + + if(::WSAStartup(wsa_version, &wsa_data) != 0) + { + throw Botan_CLI::CLI_Error("WSAStartup() failed: " + std::to_string(WSAGetLastError())); + } + + if(LOBYTE(wsa_data.wVersion) != 2 || HIBYTE(wsa_data.wVersion) != 2) + { + ::WSACleanup(); + throw Botan_CLI::CLI_Error("Could not find a usable version of Winsock.dll"); + } + } + +inline void stop_sockets() + { + ::WSACleanup(); + } + +inline int close(int fd) + { + return ::closesocket(fd); + } + +inline int read(int s, void* buf, size_t len) + { + return ::recv(s, reinterpret_cast(buf), static_cast(len), 0); + } + +inline int send(int s, const uint8_t* buf, size_t len, int flags) + { + return ::send(s, reinterpret_cast(buf), static_cast(len), flags); + } + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +inline void init_sockets() {} +inline void stop_sockets() {} + +#endif + +#if !defined(MSG_NOSIGNAL) + #define MSG_NOSIGNAL 0 +#endif + +#endif diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 8adc901398..ddc443614e 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -25,43 +25,7 @@ #include #include -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) -#include -#include - -int close(int fd) - { - return ::closesocket(fd); - } - -int read(int s, void* buf, size_t len) - { - return ::recv(s, reinterpret_cast(buf), static_cast(len), 0); - } - -int send(int s, const uint8_t* buf, size_t len, int flags) - { - return ::send(s, reinterpret_cast(buf), static_cast(len), flags); - } - -#define STDIN_FILENO _fileno(stdin) -typedef size_t ssize_t; -#else -#include -#include -#include -#include -#include -#include -#include -#include -#include -#endif - -#if !defined(MSG_NOSIGNAL) - #define MSG_NOSIGNAL 0 -#endif - +#include "socket_utils.h" #include "credentials.h" namespace Botan_CLI { @@ -74,28 +38,12 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks "--tls1.0 --tls1.1 --tls1.2 " "--session-db= --session-db-pass= --next-protocols= --type=tcp") { -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) - WSAData wsa_data; - WORD wsa_version = MAKEWORD(2, 2); - - if(::WSAStartup(wsa_version, &wsa_data) != 0) - { - throw CLI_Error("WSAStartup() failed: " + std::to_string(WSAGetLastError())); - } - - if(LOBYTE(wsa_data.wVersion) != 2 || HIBYTE(wsa_data.wVersion) != 2) - { - ::WSACleanup(); - throw CLI_Error("Could not find a usable version of Winsock.dll"); - } -#endif + init_sockets(); } ~TLS_Client() { -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) - ::WSACleanup(); -#endif + stop_sockets(); } void go() override diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 02c15bf7b4..6c0b049a23 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -14,35 +14,12 @@ #include #include #include -#include "credentials.h" #include #include -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) -#include -#include - -// definitions in tls_client.cpp -int close(int fd); -int read(int s, void* buf, size_t len); -int send(int s, const uint8_t* buf, size_t len, int flags); - -typedef size_t ssize_t; -#else -#include -#include -#include -#include -#include -#include -#include -#include -#endif - -#if !defined(MSG_NOSIGNAL) - #define MSG_NOSIGNAL 0 -#endif +#include "credentials.h" +#include "socket_utils.h" namespace Botan_CLI { @@ -51,28 +28,12 @@ class TLS_Server final : public Command public: TLS_Server() : Command("tls_server cert key --port=443 --type=tcp --policy= --dump-traces=") { -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) - WSAData wsa_data; - WORD wsa_version = MAKEWORD(2, 2); - - if(::WSAStartup(wsa_version, &wsa_data) != 0) - { - throw CLI_Error("WSAStartup() failed: " + std::to_string(WSAGetLastError())); - } - - if(LOBYTE(wsa_data.wVersion) != 2 || HIBYTE(wsa_data.wVersion) != 2) - { - ::WSACleanup(); - throw CLI_Error("Could not find a usable version of Winsock.dll"); - } -#endif + init_sockets(); } ~TLS_Server() { -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) - ::WSACleanup(); -#endif + stop_sockets(); } void go() override From 2d719e51266408bd08f14880d2399c671cbc8a7b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 07:54:12 -0500 Subject: [PATCH 0421/1008] Convert TLS server to new style TLS interface (GH #1350) --- src/cli/tls_server.cpp | 149 ++++++++++++++++++++--------------------- 1 file changed, 71 insertions(+), 78 deletions(-) diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 6c0b049a23..44c69bf179 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -23,7 +23,7 @@ namespace Botan_CLI { -class TLS_Server final : public Command +class TLS_Server final : public Command, public Botan::TLS::Callbacks { public: TLS_Server() : Command("tls_server cert key --port=443 --type=tcp --policy= --dump-traces=") @@ -49,7 +49,7 @@ class TLS_Server final : public Command throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS"); } - const bool is_tcp = (transport == "tcp"); + m_is_tcp = (transport == "tcp"); std::unique_ptr policy; const std::string policy_file = get_arg("policy"); @@ -73,23 +73,15 @@ class TLS_Server final : public Command Basic_Credentials_Manager creds(rng(), server_crt, server_key); - auto protocol_chooser = [](const std::vector&) -> std::string - { - // we ignore whatever the client sends here - return "echo/1.0"; - }; - output() << "Listening for new connections on " << transport << " port " << port << std::endl; - int server_fd = make_server_socket(is_tcp, port); + int server_fd = make_server_socket(port); while(true) { - int fd; - - if(is_tcp) + if(m_is_tcp) { - fd = ::accept(server_fd, nullptr, nullptr); + m_socket = ::accept(server_fd, nullptr, nullptr); } else { @@ -105,43 +97,16 @@ class TLS_Server final : public Command { throw CLI_Error("Could not connect UDP socket"); } - fd = server_fd; + m_socket = server_fd; } - using namespace std::placeholders; - - auto socket_write = is_tcp ? - std::bind(&TLS_Server::stream_socket_write, this, fd, _1, _2) : - std::bind(&TLS_Server::dgram_socket_write, this, fd, _1, _2); - - std::string s; - std::list pending_output; - - auto proc_fn = [&](const uint8_t input[], size_t input_len) - { - for(size_t i = 0; i != input_len; ++i) - { - const char c = static_cast(input[i]); - s += c; - if(c == '\n') - { - pending_output.push_back(s); - s.clear(); - } - } - }; - Botan::TLS::Server server( - socket_write, - proc_fn, - std::bind(&TLS_Server::alert_received, this, _1, _2, _3), - std::bind(&TLS_Server::handshake_complete, this, _1), + *this, session_manager, creds, *policy, rng(), - protocol_chooser, - !is_tcp); + m_is_tcp == false); std::unique_ptr dump_stream; @@ -160,7 +125,7 @@ class TLS_Server final : public Command try { uint8_t buf[4 * 1024] = { 0 }; - ssize_t got = ::read(fd, buf, sizeof(buf)); + ssize_t got = ::read(m_socket, buf, sizeof(buf)); if(got == -1) { @@ -181,10 +146,10 @@ class TLS_Server final : public Command server.received_data(buf, got); - while(server.is_active() && !pending_output.empty()) + while(server.is_active() && !m_pending_output.empty()) { - std::string output = pending_output.front(); - pending_output.pop_front(); + std::string output = m_pending_output.front(); + m_pending_output.pop_front(); server.send(output); if(output == "quit\n") @@ -196,9 +161,10 @@ class TLS_Server final : public Command catch(std::exception& e) { error_output() << "Connection problem: " << e.what() << std::endl; - if(is_tcp) + if(m_is_tcp) { - ::close(fd); + ::close(m_socket); + m_socket = -1; } } } @@ -208,16 +174,17 @@ class TLS_Server final : public Command error_output() << "Connection failed: " << e.what() << "\n"; } - if(is_tcp) + if(m_is_tcp) { - ::close(fd); + ::close(m_socket); + m_socket = -1; } } } private: - int make_server_socket(bool is_tcp, uint16_t port) + int make_server_socket(uint16_t port) { - const int type = is_tcp ? SOCK_STREAM : SOCK_DGRAM; + const int type = m_is_tcp ? SOCK_STREAM : SOCK_DGRAM; int fd = ::socket(PF_INET, type, 0); if(fd == -1) @@ -239,7 +206,7 @@ class TLS_Server final : public Command throw CLI_Error("server bind failed"); } - if(is_tcp) + if(m_is_tcp) { if(::listen(fd, 100) != 0) { @@ -250,7 +217,7 @@ class TLS_Server final : public Command return fd; } - bool handshake_complete(const Botan::TLS::Session& session) + bool tls_session_established(const Botan::TLS::Session& session) override { output() << "Handshake complete, " << session.version().to_string() << " using " << session.ciphersuite().to_string() << std::endl; @@ -268,48 +235,74 @@ class TLS_Server final : public Command return true; } - void dgram_socket_write(int sockfd, const uint8_t buf[], size_t length) + void tls_record_received(uint64_t, const uint8_t input[], size_t input_len) override { - ssize_t sent = ::send(sockfd, buf, length, MSG_NOSIGNAL); - - if(sent == -1) + for(size_t i = 0; i != input_len; ++i) { - error_output() << "Error writing to socket - " << std::strerror(errno) << std::endl; - } - else if(sent != static_cast(length)) - { - error_output() << "Packet of length " << length << " truncated to " << sent << std::endl; + const char c = static_cast(input[i]); + m_line_buf += c; + if(c == '\n') + { + m_pending_output.push_back(m_line_buf); + m_line_buf.clear(); + } } - } + }; - void stream_socket_write(int sockfd, const uint8_t buf[], size_t length) + void tls_emit_data(const uint8_t buf[], size_t length) override { - while(length) + if(m_is_tcp) { - ssize_t sent = ::send(sockfd, buf, length, MSG_NOSIGNAL); + ssize_t sent = ::send(m_socket, buf, length, MSG_NOSIGNAL); if(sent == -1) { - if(errno == EINTR) - { - sent = 0; - } - else + error_output() << "Error writing to socket - " << std::strerror(errno) << std::endl; + } + else if(sent != static_cast(length)) + { + error_output() << "Packet of length " << length << " truncated to " << sent << std::endl; + } + } + else + { + while(length) + { + ssize_t sent = ::send(m_socket, buf, length, MSG_NOSIGNAL); + + if(sent == -1) { - throw CLI_Error("Socket write failed"); + if(errno == EINTR) + { + sent = 0; + } + else + { + throw CLI_Error("Socket write failed"); + } } - } - buf += sent; - length -= sent; + buf += sent; + length -= sent; + } } } - void alert_received(Botan::TLS::Alert alert, const uint8_t[], size_t) + void tls_alert(Botan::TLS::Alert alert) override { output() << "Alert: " << alert.type_string() << std::endl; } + std::string tls_server_choose_app_protocol(const std::vector&) override + { + // we ignore whatever the client sends here + return "echo/0.1"; + } + + int m_socket = -1; + bool m_is_tcp = false; + std::string m_line_buf; + std::list m_pending_output; }; BOTAN_REGISTER_COMMAND("tls_server", TLS_Server); From d79347f0ffbc4e5f102531f0d0d3f703a64b55b2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 08:42:45 -0500 Subject: [PATCH 0422/1008] Initialize CRL_Code field in CRL_Entry data If no extensions in the CRL, the field was left uninitialized --- src/lib/x509/crl_ent.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/x509/crl_ent.cpp b/src/lib/x509/crl_ent.cpp index 0466596613..38a1963f1b 100644 --- a/src/lib/x509/crl_ent.cpp +++ b/src/lib/x509/crl_ent.cpp @@ -18,7 +18,7 @@ struct CRL_Entry_Data { std::vector m_serial; X509_Time m_time; - CRL_Code m_reason; + CRL_Code m_reason = UNSPECIFIED; Extensions m_extensions; }; From 4f60801da0a0f94a69b80c8e1d9ab7dc4ce2f224 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 10:54:46 -0500 Subject: [PATCH 0423/1008] Move DN upper bound function to X509_DN static function Avoids another public header, and it just makes sense that it be declared there. --- src/lib/x509/x509_dn.cpp | 1 - src/lib/x509/x509_dn.h | 10 ++++++++++ src/lib/x509/x509_dn_ub.cpp | 10 +++++----- src/lib/x509/x509_dn_ub.h | 24 ------------------------ src/lib/x509/x509path.cpp | 4 ++-- src/scripts/oids.py | 8 ++++---- 6 files changed, 21 insertions(+), 36 deletions(-) delete mode 100644 src/lib/x509/x509_dn_ub.h diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index 1561a10f92..d07344aae9 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -11,7 +11,6 @@ #include #include #include -#include #include #include diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h index cbd89de7c3..88117a110d 100644 --- a/src/lib/x509/x509_dn.h +++ b/src/lib/x509/x509_dn.h @@ -1,6 +1,7 @@ /* * X.509 Distinguished Name * (C) 1999-2010 Jack Lloyd +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -38,6 +39,15 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object static std::string deref_info_field(const std::string& key); + /** + * Lookup upper bounds in characters for the length of distinguished name fields + * as given in RFC 5280, Appendix A. + * + * @param oid the oid of the DN to lookup + * @return the upper bound, or zero if no ub is known to Botan + */ + static size_t lookup_ub(const OID& oid); + /* * Return the BER encoded data, if any */ diff --git a/src/lib/x509/x509_dn_ub.cpp b/src/lib/x509/x509_dn_ub.cpp index 20c88d97e5..cf8714320e 100644 --- a/src/lib/x509/x509_dn_ub.cpp +++ b/src/lib/x509/x509_dn_ub.cpp @@ -1,7 +1,7 @@ /* * DN_UB maps: Upper bounds on the length of DN strings * -* This file was automatically generated by ./src/scripts/oids.py on 2017-12-20 +* This file was automatically generated by ./src/scripts/oids.py on 2017-12-23 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -9,10 +9,9 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include #include -#include #include -#include namespace { /** @@ -42,7 +41,8 @@ static const std::map DN_UB = namespace Botan { -size_t lookup_ub(const OID& oid) +//static +size_t X509_DN::lookup_ub(const OID& oid) { auto ub_entry = DN_UB.find(oid); if(ub_entry != DN_UB.end()) @@ -51,7 +51,7 @@ size_t lookup_ub(const OID& oid) } else { - return SIZE_MAX; + return 0; } } } diff --git a/src/lib/x509/x509_dn_ub.h b/src/lib/x509/x509_dn_ub.h deleted file mode 100644 index b4433eb531..0000000000 --- a/src/lib/x509/x509_dn_ub.h +++ /dev/null @@ -1,24 +0,0 @@ -/* -* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ -#ifndef BOTAN_X509_DN_UB_H_ -#define BOTAN_X509_DN_UB_H_ - -#include - -namespace Botan { - -/** -* Lookup upper bounds in characters for the length of distinguished name fields -* as given in RFC 5280, Appendix A. -* -* @param oid the oid of the DN to lookup -* @return the upper bound, or SIZE_MAX if no ub is known to Botan -*/ -size_t lookup_ub(const OID& oid); - -} - -#endif diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 1ee4385fd1..168acf144a 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -8,7 +8,6 @@ #include #include -#include #include #include #include @@ -95,8 +94,9 @@ PKIX::check_chain(const std::vector>& ce // Check the subject's DN components' length for(const auto& dn_pair : subject->subject_dn().get_attributes()) { + const size_t dn_ub = X509_DN::lookup_ub(dn_pair.first); // dn_pair = - if(lookup_ub(dn_pair.first) < dn_pair.second.size()) + if(dn_ub > 0 && dn_pair.second.size() > dn_ub) { status.insert(Certificate_Status_Code::DN_TOO_LONG); } diff --git a/src/scripts/oids.py b/src/scripts/oids.py index a307d579b0..1a162e7324 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -156,10 +156,9 @@ def format_dn_ub_as_map(dn_ub, oid2str): * Botan is released under the Simplified BSD License (see license.txt) */ +#include #include -#include #include -#include namespace { /** @@ -176,7 +175,8 @@ def format_dn_ub_as_map(dn_ub, oid2str): namespace Botan { -size_t lookup_ub(const OID& oid) +//static +size_t X509_DN::lookup_ub(const OID& oid) { auto ub_entry = DN_UB.find(oid); if(ub_entry != DN_UB.end()) @@ -185,7 +185,7 @@ def format_dn_ub_as_map(dn_ub, oid2str): } else { - return SIZE_MAX; + return 0; } } } From 666cee04c7b98a40ceb421685db30c41337dfe77 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 12:31:13 -0500 Subject: [PATCH 0424/1008] Fix build issue on Haiku Undeprecate it since it seems easy enough to support. --- doc/manual/deprecated.rst | 2 +- src/build-data/os/haiku.txt | 2 ++ src/lib/utils/socket/info.txt | 1 + src/lib/utils/socket/socket.cpp | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index ff3db83f8f..cb2a76d011 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -34,7 +34,7 @@ in the source. classes which currently subclass it. This only affects your code if you are referencing `Botan::SymmetricAlgorithm` directly. -- Platform support for BeOS and NaCl (Native Client) +- Platform support for Google Native Client - Support for PathScale and HP compilers diff --git a/src/build-data/os/haiku.txt b/src/build-data/os/haiku.txt index c9033ff145..2fdb759302 100644 --- a/src/build-data/os/haiku.txt +++ b/src/build-data/os/haiku.txt @@ -7,7 +7,9 @@ lib_dir system/lib doc_dir system/documentation +readdir gmtime_r +sockets threads filesystem diff --git a/src/lib/utils/socket/info.txt b/src/lib/utils/socket/info.txt index ef0d939ea8..a19013597c 100644 --- a/src/lib/utils/socket/info.txt +++ b/src/lib/utils/socket/info.txt @@ -10,4 +10,5 @@ socket.h linux -> rt mingw -> ws2_32 windows -> ws2_32.lib +haiku -> network diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index e7ed7e7e5e..be646269b0 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -22,6 +22,7 @@ #elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) #include + #include #include #include #include From cba5462b7e23740d7c6dd56cee471156e7694f44 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 12:35:11 -0500 Subject: [PATCH 0425/1008] Avoid defining LIB_LINK_CMD if we are not creating a shared object. Makes the output look buggy on non-shared builds --- src/build-data/makefile.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index dda3c2004a..994963112a 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -13,7 +13,6 @@ WARN_FLAGS = %{cc_warning_flags} SO_OBJ_FLAGS = %{shared_flags} LDFLAGS = %{ldflags} -LIB_LINK_CMD = %{lib_link_cmd} EXE_LINK_CMD = %{exe_link_cmd} LIB_LINKS_TO = %{link_to} @@ -98,7 +97,7 @@ fuzzer_corpus_zip: fuzzer_corpus %{if build_unix_shared_lib} %{out_dir}/%{shared_lib_name}: $(LIBOBJS) - $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) %{output_to_exe}$@ + %{lib_link_cmd} $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) %{output_to_exe}$@ cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_base} cd %{out_dir} && ln -fs %{shared_lib_name} %{soname_patch} @@ -107,7 +106,7 @@ fuzzer_corpus_zip: fuzzer_corpus %{if build_msvc_shared_lib} %{out_dir}/%{shared_lib_name}: $(LIBOBJS) - $(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) %{output_to_exe}$@ + %{lib_link_cmd} $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) %{output_to_exe}$@ %{endif} From 649d3d7c74676096a068f9cc2e156efec567332e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 12:37:36 -0500 Subject: [PATCH 0426/1008] Always note if shared lib is being disabled due to platform limitations --- configure.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 4bdddd6fd0..c8aeaa8e06 100755 --- a/configure.py +++ b/configure.py @@ -2654,6 +2654,7 @@ def deduce_compiler_type_from_cc_bin(cc_bin): # Mutates `options` def canonicalize_options(options, info_os, info_arch): + # pylint: disable=too-many-branches if options.os not in info_os: def find_canonical_os_name(os_name_variant): for (canonical_os_name, info) in info_os.items(): @@ -2674,9 +2675,12 @@ def find_canonical_os_name(os_name_variant): shared_libs_supported = options.os in info_os and info_os[options.os].building_shared_supported - if options.build_shared_lib and not shared_libs_supported: - logging.warning('Shared libs not supported on %s, disabling shared lib support' % (options.os)) - options.build_shared_lib = False + if not shared_libs_supported: + if options.build_shared_lib is not None: + logging.warning('Shared libs not supported on %s, disabling shared lib support' % (options.os)) + options.build_shared_lib = False + else: + logging.info('Shared libs not supported on %s, disabling shared lib support' % (options.os)) if options.os == 'windows' and options.build_shared_lib is None and options.build_static_lib is None: options.build_shared_lib = True From 2c52754f63d3c636a2f3271de8a182db7ec39089 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 12:51:24 -0500 Subject: [PATCH 0427/1008] Enable shared libs on Haiku Works fine, think this was a problem with their old gcc2 toolchain. --- src/build-data/os/haiku.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/build-data/os/haiku.txt b/src/build-data/os/haiku.txt index 2fdb759302..2893db503a 100644 --- a/src/build-data/os/haiku.txt +++ b/src/build-data/os/haiku.txt @@ -1,6 +1,7 @@ os_type unix -building_shared_supported no +soname_suffix "so" + install_root /boot header_dir develop/headers lib_dir system/lib From 2aff6bb4ad168116e6e8b507b1b67994ba38bec0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 13:03:05 -0500 Subject: [PATCH 0428/1008] Fix socket libs for Solaris --- src/lib/utils/socket/info.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/utils/socket/info.txt b/src/lib/utils/socket/info.txt index a19013597c..b61454f704 100644 --- a/src/lib/utils/socket/info.txt +++ b/src/lib/utils/socket/info.txt @@ -11,4 +11,5 @@ linux -> rt mingw -> ws2_32 windows -> ws2_32.lib haiku -> network +solaris -> socket,nsl From 7f042fabda3477fc92bc2b82cbdce6f63ce9aeb9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 13:42:07 -0500 Subject: [PATCH 0429/1008] Enable additional Haiku features --- src/build-data/os/haiku.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/build-data/os/haiku.txt b/src/build-data/os/haiku.txt index 2893db503a..735a6be53f 100644 --- a/src/build-data/os/haiku.txt +++ b/src/build-data/os/haiku.txt @@ -8,8 +8,10 @@ lib_dir system/lib doc_dir system/documentation -readdir +clock_gettime gmtime_r +dlopen +readdir sockets threads filesystem From 5d9c4ec81422391a7b1594108143488fa45db0c1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 13:52:46 -0500 Subject: [PATCH 0430/1008] Use a better name for the entropy source that reads the system RNG Now the value round trips with Entropy_Source::create --- src/lib/entropy/entropy_srcs.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp index 3dae274605..c04b3b5b26 100644 --- a/src/lib/entropy/entropy_srcs.cpp +++ b/src/lib/entropy/entropy_srcs.cpp @@ -56,7 +56,7 @@ class System_RNG_EntropySource final : public Entropy_Source return poll_bits; } - std::string name() const override { return system_rng().name(); } + std::string name() const override { return "system_rng"; } }; } From ebeae68aba0d3384a00fddde77a561bb0cd88102 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 15:55:06 -0500 Subject: [PATCH 0431/1008] Build improvements Derive the fact that shared libs are not supported from the lack of information about shared object names. If soname_suffix and co are not set -> shared libs are disabled. Disable stack protector by default on OSes where it has proven a problem namely AIX and Haiku. Add --with-stack-protector option to force turning it on. --- configure.py | 20 +++++++++++++++----- src/build-data/os/aix.txt | 2 ++ src/build-data/os/cygwin.txt | 1 - src/build-data/os/haiku.txt | 2 ++ src/build-data/os/includeos.txt | 1 - src/build-data/os/llvm.txt | 1 - src/build-data/os/mingw.txt | 1 - src/build-data/os/nacl.txt | 1 - src/build-data/os/winphone.txt | 1 - 9 files changed, 19 insertions(+), 11 deletions(-) diff --git a/configure.py b/configure.py index c8aeaa8e06..dbc42d24fa 100755 --- a/configure.py +++ b/configure.py @@ -346,8 +346,11 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--with-sanitizers', action='store_true', default=False, dest='with_sanitizers', help='enable ASan/UBSan checks') - build_group.add_option('--without-stack-protector', action='store_false', default=True, dest='with_stack_protector', - help='disable stack smashing protections') + build_group.add_option('--with-stack-protector', dest='with_stack_protector', + action='store_false', default=None, help=optparse.SUPPRESS_HELP) + + build_group.add_option('--without-stack-protector', dest='with_stack_protector', + action='store_false', help='disable stack smashing protections') build_group.add_option('--with-coverage', action='store_true', default=False, dest='with_coverage', help='add coverage info and disable opts') @@ -1272,7 +1275,7 @@ def __init__(self, infofile): 'lib_dir': 'lib', 'doc_dir': 'share/doc', 'man_dir': 'share/man', - 'building_shared_supported': 'yes', + 'use_stack_protector': 'true', 'so_post_link_command': '', 'cli_exe_name': 'botan', 'lib_prefix': 'lib', @@ -1309,7 +1312,6 @@ def __init__(self, infofile): self.ar_command = lex.ar_command self.ar_options = lex.ar_options self.bin_dir = lex.bin_dir - self.building_shared_supported = (lex.building_shared_supported == 'yes') self.cli_exe_name = lex.cli_exe_name self.doc_dir = lex.doc_dir self.header_dir = lex.header_dir @@ -1324,6 +1326,10 @@ def __init__(self, infofile): self.so_post_link_command = lex.so_post_link_command self.static_suffix = lex.static_suffix self.target_features = lex.target_features + self.use_stack_protector = (lex.use_stack_protector == "true") + + def building_shared_supported(self): + return self.soname_pattern_base != None def enabled_features(self, options): feats = [] @@ -2673,7 +2679,7 @@ def find_canonical_os_name(os_name_variant): else: raise UserError('Unknown or unidentifiable processor "%s"' % (options.cpu)) - shared_libs_supported = options.os in info_os and info_os[options.os].building_shared_supported + shared_libs_supported = options.os in info_os and info_os[options.os].building_shared_supported() if not shared_libs_supported: if options.build_shared_lib is not None: @@ -2685,6 +2691,10 @@ def find_canonical_os_name(os_name_variant): if options.os == 'windows' and options.build_shared_lib is None and options.build_static_lib is None: options.build_shared_lib = True + if options.with_stack_protector is None: + if options.os in info_os: + options.with_stack_protector = info_os[options.os].use_stack_protector + if options.build_shared_lib is None: if options.os == 'windows' and options.build_static_lib: pass diff --git a/src/build-data/os/aix.txt b/src/build-data/os/aix.txt index 6a8a9e4d73..b12685c615 100644 --- a/src/build-data/os/aix.txt +++ b/src/build-data/os/aix.txt @@ -2,6 +2,8 @@ os_type unix soname_suffix "so" +use_stack_protector no + clock_gettime gmtime_r diff --git a/src/build-data/os/cygwin.txt b/src/build-data/os/cygwin.txt index c5a7905958..f4118aedb0 100644 --- a/src/build-data/os/cygwin.txt +++ b/src/build-data/os/cygwin.txt @@ -5,7 +5,6 @@ program_suffix .exe # Cygwin supports shared libs fine, but there are problems with making a Botan # shared library when libraries it depends on are static-only (such as libz). # So until I can figure out a work-around, it's disabled. -building_shared_supported no install_root c:\Botan doc_dir docs diff --git a/src/build-data/os/haiku.txt b/src/build-data/os/haiku.txt index 735a6be53f..37f3d862f6 100644 --- a/src/build-data/os/haiku.txt +++ b/src/build-data/os/haiku.txt @@ -7,6 +7,8 @@ header_dir develop/headers lib_dir system/lib doc_dir system/documentation +use_stack_protector no + clock_gettime gmtime_r diff --git a/src/build-data/os/includeos.txt b/src/build-data/os/includeos.txt index dcac840519..cabcec6b9f 100644 --- a/src/build-data/os/includeos.txt +++ b/src/build-data/os/includeos.txt @@ -1,6 +1,5 @@ os_type unikernel -building_shared_supported no diff --git a/src/build-data/os/llvm.txt b/src/build-data/os/llvm.txt index 9eeff5cbaf..132d7749f1 100644 --- a/src/build-data/os/llvm.txt +++ b/src/build-data/os/llvm.txt @@ -1,6 +1,5 @@ obj_suffix bc -building_shared_supported no ar_command llvm-link ar_options -o diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index f1db8fb431..da3f1ede7d 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -4,7 +4,6 @@ program_suffix .exe obj_suffix o static_suffix a -building_shared_supported no install_root /mingw header_dir include diff --git a/src/build-data/os/nacl.txt b/src/build-data/os/nacl.txt index 66ce8f34f5..55156e4013 100644 --- a/src/build-data/os/nacl.txt +++ b/src/build-data/os/nacl.txt @@ -1,5 +1,4 @@ -building_shared_supported no threads diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt index 0b0318fed9..34f2e0f5f7 100644 --- a/src/build-data/os/winphone.txt +++ b/src/build-data/os/winphone.txt @@ -4,7 +4,6 @@ os_type windows program_suffix .exe obj_suffix obj static_suffix lib -building_shared_supported no install_root c:\\Botan doc_dir docs From bf28de2cd2c9abd3db940fcbedeb540eaed0686b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 16:07:26 -0500 Subject: [PATCH 0432/1008] Add exceptions to mach_abi_linking groups Allows avoiding -pthread on Haiku which doesn't support that flag. (Even though it has pthreads, go figure...) --- configure.py | 18 ++++++++++++++---- src/build-data/cc/clang.txt | 2 +- src/build-data/cc/gcc.txt | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/configure.py b/configure.py index dbc42d24fa..a3247bcb2d 100755 --- a/configure.py +++ b/configure.py @@ -1135,13 +1135,23 @@ def mach_abi_link_flags(self, options, with_debug_info=None): if with_debug_info is None: with_debug_info = options.with_debug_info - def all_group(): + def mach_abi_groups(): if with_debug_info and 'all-debug' in self.mach_abi_linking: - return 'all-debug' - return 'all' + yield 'all-debug' + elif 'all' in self.mach_abi_linking: + yield 'all' + + for all_except in [s for s in self.mach_abi_linking.keys() if s.startswith('all!')]: + exceptions = all_except[4:].split(',') + if options.os not in exceptions and options.arch not in exceptions: + yield all_except + + yield options.os + yield options.arch + yield options.cpu abi_link = list() - for what in [all_group(), options.os, options.arch, options.cpu]: + for what in mach_abi_groups(): flag = self.mach_abi_linking.get(what) if flag != None and flag != '' and flag not in abi_link: abi_link.append(flag) diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index aaef4357a3..c4bfe1961e 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -62,7 +62,7 @@ ivybridge -> "-march=core-avx-i" -all -> "-pthread" +all!haiku -> "-pthread" openmp -> "-fopenmp" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index ce1f47ae00..4a1b1e913b 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -112,7 +112,7 @@ all_x86_64 -> "-momit-leaf-frame-pointer" # Flags set here are included at compile and link time -all -> "-pthread" +all!haiku -> "-pthread" openmp -> "-fopenmp" From b28f948df08153e19c76a4dec6b220c57da280cf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 16:43:03 -0500 Subject: [PATCH 0433/1008] Correctly handle ASN.1 data inside octet strings. If we were able to successfully parse ASN.1 data embedded in an OCTET STRING, we ended up not reporting the OCTET STRING tagging. --- src/lib/asn1/asn1_print.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index 3452e91c4b..c4d87f293f 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -246,7 +246,12 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, try { BER_Decoder inner(decoded_bits); - decode(output, inner, level + 1); + + std::ostringstream inner_data; + decode(inner_data, inner, level + 1); + + emit(output, asn1_tag_to_string(type_tag), level, length, ""); + output << inner_data.str(); } catch(...) { From c226725c40758af5dd5c24f810e4f1354deb3783 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 23 Dec 2017 16:45:36 -0500 Subject: [PATCH 0434/1008] Avoid printing integers in decimal in ASN.1 printer Having the integers be sometimes hex and other times decimal made the output very hard to interpret correctly. Better to just pick one. --- src/lib/asn1/asn1_print.cpp | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index c4d87f293f..979d041d8f 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -208,17 +208,7 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, data.decode(number, ENUMERATED, class_tag); } - std::vector rep; - - /* If it's small, it's probably a number, not a hash */ - if(number.bits() <= 20) - { - rep = BigInt::encode(number, BigInt::Decimal); - } - else - { - rep = BigInt::encode(number, BigInt::Hexadecimal); - } + const std::vector rep = BigInt::encode(number, BigInt::Hexadecimal); std::string str; for(size_t i = 0; i != rep.size(); ++i) From c87d70cd839fa40a1d0c88fa708feab18da4b817 Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Sun, 24 Dec 2017 15:41:31 +0100 Subject: [PATCH 0435/1008] Fixes #1370 UBSan incompatible function ptr type Calls `Botan::redc_pXXX` directly inside non-capturing lambda function, which can be converted to `std::function`, instead of passing an incompatible `void(*)` to `NIST_Curve_Reduction_Tests::random_redc_test`. --- src/tests/unit_ecc.cpp | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 83e429af76..852420244d 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -188,12 +188,42 @@ class NIST_Curve_Reduction_Tests final : public Test std::vector results; #if defined(BOTAN_HAS_NIST_PRIME_REDUCERS_W32) - results.push_back(random_redc_test("P-384", Botan::prime_p384(), Botan::redc_p384)); - results.push_back(random_redc_test("P-256", Botan::prime_p256(), Botan::redc_p256)); - results.push_back(random_redc_test("P-224", Botan::prime_p224(), Botan::redc_p224)); - results.push_back(random_redc_test("P-192", Botan::prime_p192(), Botan::redc_p192)); + results.push_back(random_redc_test( + "P-384", + Botan::prime_p384(), + [](Botan::BigInt& p, Botan::secure_vector& ws) -> void + { + Botan::redc_p384(p, ws); + })); + results.push_back(random_redc_test( + "P-256", + Botan::prime_p256(), + [](Botan::BigInt& p, Botan::secure_vector& ws) -> void + { + Botan::redc_p256(p, ws); + })); + results.push_back(random_redc_test( + "P-224", + Botan::prime_p224(), + [](Botan::BigInt& p, Botan::secure_vector& ws) -> void + { + Botan::redc_p224(p, ws); + })); + results.push_back(random_redc_test( + "P-192", + Botan::prime_p192(), + [](Botan::BigInt& p, Botan::secure_vector& ws) -> void + { + Botan::redc_p192(p, ws); + })); #endif - results.push_back(random_redc_test("P-521", Botan::prime_p521(), Botan::redc_p521)); + results.push_back(random_redc_test( + "P-521", + Botan::prime_p521(), + [](Botan::BigInt& p, Botan::secure_vector& ws) -> void + { + Botan::redc_p521(p, ws); + })); return results; } From 010fc707ebe4ba8c9d11ff55ddaefe03e4dd5c33 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 24 Dec 2017 14:58:32 -0500 Subject: [PATCH 0436/1008] Avoid warnings about unused params in minimal builds [ci skip] --- src/lib/pubkey/pk_algs.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index d34c59ccff..89ef7c708e 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -249,6 +249,8 @@ load_private_key(const AlgorithmIdentifier& alg_id, throw Decoding_Error("Unhandled PK algorithm " + alg_name); } +#if defined(BOTAN_HAS_ECC_GROUP) + namespace { std::string default_ec_group_for(const std::string& alg_name) @@ -265,6 +267,8 @@ std::string default_ec_group_for(const std::string& alg_name) } +#endif + std::unique_ptr create_private_key(const std::string& alg_name, RandomNumberGenerator& rng, @@ -401,7 +405,7 @@ create_private_key(const std::string& alg_name, } #endif - BOTAN_UNUSED(alg_name, rng, provider); + BOTAN_UNUSED(alg_name, rng, params, provider); return std::unique_ptr(); } From d12b1369126f697402dee1cc4ab75f5bdad6fabf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 26 Dec 2017 11:32:44 -0500 Subject: [PATCH 0437/1008] Fix a couple Doxygen format errors [ci skip] --- src/lib/pk_pad/emsa.h | 8 ++++---- src/lib/x509/x509_ca.h | 12 +++++++----- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/lib/pk_pad/emsa.h b/src/lib/pk_pad/emsa.h index f1175ca866..fe0785294f 100644 --- a/src/lib/pk_pad/emsa.h +++ b/src/lib/pk_pad/emsa.h @@ -61,12 +61,12 @@ class BOTAN_PUBLIC_API(2,0) EMSA size_t key_bits) = 0; /** - * Prepare sig_algo for use in choose_sig_format for x509 certs, - * return padding info string - * @param sig_algo's oid and parameters will be set properly + * Prepare sig_algo for use in choose_sig_format for x509 certs + * * @param key used for checking compatibility with the encoding scheme * @param cert_hash_name is checked to equal the hash for the encoding - * @return padding string to be consumed by PK_signer + * @return algorithm identifier to signatures created using this key, + * padding method and hash. */ virtual AlgorithmIdentifier config_for_x509(const Private_Key& key, const std::string& cert_hash_name) const; diff --git a/src/lib/x509/x509_ca.h b/src/lib/x509/x509_ca.h index 4f1da51fac..bc5323e5bc 100644 --- a/src/lib/x509/x509_ca.h +++ b/src/lib/x509/x509_ca.h @@ -193,6 +193,7 @@ BOTAN_PUBLIC_API(2,0) PK_Signer* choose_sig_format(const Private_Key& key, AlgorithmIdentifier& alg_id); /** +* @verbatim * Choose the default signature format for a certain public key signature * scheme. * @@ -200,6 +201,7 @@ BOTAN_PUBLIC_API(2,0) PK_Signer* choose_sig_format(const Private_Key& key, * Find an entry from src/build-data/oids.txt under [signature] of the form * /[()] and add {"padding",} * to opts. +* @endverbatim * * @param key will be the key to choose a padding scheme for * @param opts contains additional options for building the certificate @@ -208,11 +210,11 @@ BOTAN_PUBLIC_API(2,0) PK_Signer* choose_sig_format(const Private_Key& key, * @param alg_id will be set to the chosen scheme * @return A PK_Signer object for generating signatures */ - PK_Signer* choose_sig_format(const Private_Key& key, - const std::map& opts, - RandomNumberGenerator& rng, - const std::string& hash_fn, - AlgorithmIdentifier& alg_id); +PK_Signer* choose_sig_format(const Private_Key& key, + const std::map& opts, + RandomNumberGenerator& rng, + const std::string& hash_fn, + AlgorithmIdentifier& alg_id); } From 3e98627e79643182c4a577003d965a5972003dea Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 27 Dec 2017 10:38:17 -0500 Subject: [PATCH 0438/1008] In dist script set gzip header time to the tag timestamp Also use the tag time for the tar timestamps instead of arbitrary 6am --- src/scripts/dist.py | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/src/scripts/dist.py b/src/scripts/dist.py index 757e139005..2586af5609 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -28,9 +28,11 @@ # This is horrible, but there is no way to override tarfile's use of time.time # in setting the gzip header timestamp, which breaks deterministic archives -def null_time(): - return 0 -time.time = null_time +GZIP_HEADER_TIME = 0 + +def fake_time(): + return GZIP_HEADER_TIME +time.time = fake_time def check_subprocess_results(subproc, name): @@ -64,10 +66,14 @@ def maybe_gpg(val): else: return val.strip() +def rel_time_to_epoch(year, month, day, hour, minute, second): + dt = datetime.datetime(year, month, day, hour, minute, second) + return (dt - datetime.datetime(1970, 1, 1)).total_seconds() + def datestamp(tag): ts = maybe_gpg(run_git(['show', '--no-patch', '--format=%ai', tag])) - ts_matcher = re.compile(r'^(\d{4})-(\d{2})-(\d{2}) \d{2}:\d{2}:\d{2} .*') + ts_matcher = re.compile(r'^(\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2}) .*') logging.debug('Git returned timestamp of %s for tag %s' % (ts, tag)) match = ts_matcher.match(ts) @@ -76,7 +82,10 @@ def datestamp(tag): logging.error('Failed parsing timestamp "%s" of tag %s' % (ts, tag)) return 0 - return int(match.group(1) + match.group(2) + match.group(3)) + rel_date = int(match.group(1) + match.group(2) + match.group(3)) + rel_epoch = rel_time_to_epoch(*[int(match.group(i)) for i in range(1, 7)]) + + return rel_date, rel_epoch def revision_of(tag): return maybe_gpg(run_git(['show', '--no-patch', '--format=%H', tag])) @@ -196,15 +205,6 @@ def content_rewriter(): open(version_file, 'w').write(''.join(list(content_rewriter()))) -def rel_date_to_epoch(rel_date): - rel_str = str(rel_date) - year = int(rel_str[0:4]) - month = int(rel_str[4:6]) - day = int(rel_str[6:8]) - - dt = datetime.datetime(year, month, day, 6, 0, 0) - return (dt - datetime.datetime(1970, 1, 1)).total_seconds() - def write_archive(output_basename, archive_type, rel_epoch, all_files, hash_file): output_archive = output_basename + '.' + archive_type logging.info('Writing archive "%s"' % (output_archive)) @@ -322,13 +322,14 @@ def main(args=None): if rev_id == '': logging.error('No tag matching %s found' % (target_version)) - rel_date = datestamp(target_version) - if rel_date == 0: - logging.error('No date found for version') + rel_date, rel_epoch = datestamp(target_version) + if rel_date == 0 or rel_epoch == 0: + logging.error('No date found for version, git error?') logging.info('Found %s at revision id %s released %d' % (target_version, rev_id, rel_date)) - rel_epoch = rel_date_to_epoch(rel_date) + global GZIP_HEADER_TIME # pylint: disable=global-statement + GZIP_HEADER_TIME = rel_epoch def output_name(): if snapshot_branch: From 52d1613ad0505596d3a8be032eb3be3f50285e53 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 27 Dec 2017 10:39:02 -0500 Subject: [PATCH 0439/1008] Correct script name --- doc/release_process.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/release_process.rst b/doc/release_process.rst index fb0bce5e46..f20713d4f6 100644 --- a/doc/release_process.rst +++ b/doc/release_process.rst @@ -73,7 +73,7 @@ tool. If all goes well it will produce an executable with a name like Update The Website ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The website content is created by ``src/scripts/website.sh``. +The website content is created by ``src/scripts/website.py``. Currently refreshing the website is a manual process. Announce The Release From 61d22f79bcef4c22f95e29b2fdd038c95443480a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 27 Dec 2017 12:00:23 -0500 Subject: [PATCH 0440/1008] Remove the unused XMSS-WOTS operations --- src/lib/pubkey/xmss/info.txt | 3 - src/lib/pubkey/xmss/xmss_wots_common_ops.cpp | 41 --------- src/lib/pubkey/xmss/xmss_wots_common_ops.h | 83 ------------------- src/lib/pubkey/xmss/xmss_wots_privatekey.cpp | 13 --- src/lib/pubkey/xmss/xmss_wots_privatekey.h | 5 -- src/lib/pubkey/xmss/xmss_wots_publickey.cpp | 13 --- src/lib/pubkey/xmss/xmss_wots_publickey.h | 4 - .../xmss/xmss_wots_signature_operation.cpp | 54 ------------ .../xmss/xmss_wots_signature_operation.h | 61 -------------- .../xmss/xmss_wots_verification_operation.cpp | 72 ---------------- .../xmss/xmss_wots_verification_operation.h | 48 ----------- 11 files changed, 397 deletions(-) delete mode 100644 src/lib/pubkey/xmss/xmss_wots_common_ops.cpp delete mode 100644 src/lib/pubkey/xmss/xmss_wots_common_ops.h delete mode 100644 src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp delete mode 100644 src/lib/pubkey/xmss/xmss_wots_signature_operation.h delete mode 100644 src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp delete mode 100644 src/lib/pubkey/xmss/xmss_wots_verification_operation.h diff --git a/src/lib/pubkey/xmss/info.txt b/src/lib/pubkey/xmss/info.txt index 4ecf5da31f..154401af7b 100644 --- a/src/lib/pubkey/xmss/info.txt +++ b/src/lib/pubkey/xmss/info.txt @@ -22,9 +22,6 @@ xmss_wots_publickey.h xmss_wots_addressed_privatekey.h xmss_wots_addressed_publickey.h -xmss_wots_common_ops.h -xmss_wots_signature_operation.h -xmss_wots_verification_operation.h xmss_signature.h xmss_signature_operation.h xmss_verification_operation.h diff --git a/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp b/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp deleted file mode 100644 index d147949c66..0000000000 --- a/src/lib/pubkey/xmss/xmss_wots_common_ops.cpp +++ /dev/null @@ -1,41 +0,0 @@ -/** - * XMSS WOTS Common Ops - * Operations shared by XMSS WOTS signature generation and verification - * operations. - * - * (C) 2016,2017 Matthias Gierlings - * - * Botan is released under the Simplified BSD License (see license.txt) - **/ - -#include - -namespace Botan { - -void -XMSS_WOTS_Common_Ops::chain(secure_vector& result, - size_t start_idx, - size_t steps, - XMSS_Address& adrs, - const secure_vector& seed, - XMSS_Hash& hash) - { - for(size_t i = start_idx; - i < (start_idx + steps) && i < m_wots_params.wots_parameter(); - i++) - { - adrs.set_hash_address(i); - - //Calculate tmp XOR bitmask - adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode); - xor_buf(result, hash.prf(seed, adrs.bytes()), result.size()); - - // Calculate key - adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode); - - //Calculate f(key, tmp XOR bitmask) - hash.f(result, hash.prf(seed, adrs.bytes()), result); - } - } - -} diff --git a/src/lib/pubkey/xmss/xmss_wots_common_ops.h b/src/lib/pubkey/xmss/xmss_wots_common_ops.h deleted file mode 100644 index 9e0b5991df..0000000000 --- a/src/lib/pubkey/xmss/xmss_wots_common_ops.h +++ /dev/null @@ -1,83 +0,0 @@ -/** - * XMSS WOTS Common Operations - * (C) 2016,2017 Matthias Gierlings - * - * Botan is released under the Simplified BSD License (see license.txt) - **/ - -#ifndef BOTAN_XMSS_WOTS_COMMON_OPS_H_ -#define BOTAN_XMSS_WOTS_COMMON_OPS_H_ - -#include -#include -#include -#include -#include - -namespace Botan { - -/** - * Operations shared by XMSS WOTS signature generation and verification - * operations. - **/ -class XMSS_WOTS_Common_Ops - { - public: - XMSS_WOTS_Common_Ops(XMSS_WOTS_Parameters::ots_algorithm_t oid) - : m_wots_params(oid), m_hash(m_wots_params.hash_function_name()) {} - - - protected: - /** - * Algorithm 2: Chaining Function. - * - * @param[out] result Contains the n-byte input string "x" upon call to chain(), - * that will be replaced with the value obtained by iterating - * the cryptographic hash function "F" steps times on the - * input x using the outputs of the PRNG "G". - * @param[in] start_idx The start index. - * @param[in] steps A number of steps. - * @param[in] adrs An OTS Hash Address. - * @param[in] seed A Seed. - **/ - inline void chain(secure_vector& result, - size_t start_idx, - size_t steps, - XMSS_Address& adrs, - const secure_vector& seed) - { - chain(result, start_idx, steps, adrs, seed, m_hash); - } - - /** - * Algorithm 2: Chaining Function. - * - * This overload is used in multithreaded scenarios, where it is - * required to provide seperate instances of XMSS_Hash to each - * thread. - * - * @param[out] result Contains the n-byte input string "x" upon call to chain(), - * that will be replaced with the value obtained by iterating - * the cryptographic hash function "F" steps times on the - * input x using the outputs of the PRNG "G". - * @param[in] start_idx The start index. - * @param[in] steps A number of steps. - * @param[in] adrs An OTS Hash Address. - * @param[in] seed A Seed. - * @param[in] hash Instance of XMSS_Hash, that may only by the thead - * executing chain. - **/ - void chain(secure_vector& result, - size_t start_idx, - size_t steps, - XMSS_Address& adrs, - const secure_vector& seed, - XMSS_Hash& hash); - - XMSS_WOTS_Parameters m_wots_params; - XMSS_Hash m_hash; - }; - -} - -#endif diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp index 8a1ac05ef6..5b48d2d4d5 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp @@ -8,7 +8,6 @@ * Botan is released under the Simplified BSD License (see license.txt) **/ -#include #include namespace Botan { @@ -80,16 +79,4 @@ XMSS_WOTS_PrivateKey::sign(const secure_vector& msg, return sig; } -std::unique_ptr -XMSS_WOTS_PrivateKey::create_signature_op(RandomNumberGenerator&, - const std::string&, - const std::string& provider) const - { - if(provider == "base" || provider.empty()) - return std::unique_ptr( - new XMSS_WOTS_Signature_Operation(*this)); - - throw Provider_Not_Found(algo_name(), provider); - } - } diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_privatekey.h index 24459def15..550bfb86b6 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.h @@ -298,11 +298,6 @@ class XMSS_WOTS_PrivateKey final : public virtual XMSS_WOTS_PublicKey, throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS."); } - std::unique_ptr - create_signature_op(RandomNumberGenerator&, - const std::string&, - const std::string& provider) const override; - secure_vector private_key_bits() const override { throw Not_Implemented("No PKCS8 key format defined for XMSS-WOTS."); diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp index 04b4c352b6..c944d6b108 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp @@ -8,7 +8,6 @@ * Botan is released under the Simplified BSD License (see license.txt) **/ -#include #include namespace Botan { @@ -65,16 +64,4 @@ XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector& msg, return result; } -std::unique_ptr -XMSS_WOTS_PublicKey::create_verification_op(const std::string&, - const std::string& provider) const - { - if(provider == "base" || provider.empty()) - { - return std::unique_ptr( - new XMSS_WOTS_Verification_Operation(*this)); - } - throw Provider_Not_Found(algo_name(), provider); - } - } diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.h b/src/lib/pubkey/xmss/xmss_wots_publickey.h index 97c7bd3e23..7052dfb7cf 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.h @@ -246,10 +246,6 @@ class XMSS_WOTS_PublicKey : virtual public Public_Key return true; } - std::unique_ptr - create_verification_op(const std::string&, - const std::string& provider) const override; - size_t estimated_strength() const override { return m_wots_params.estimated_strength(); diff --git a/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp deleted file mode 100644 index 54473b7003..0000000000 --- a/src/lib/pubkey/xmss/xmss_wots_signature_operation.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/** - * XMSS WOTS Signature Operation - * Signature generation operation for Winternitz One Time Signatures for use - * in Extended Hash-Based Signatures (XMSS). - * - * This operation is not intended for stand-alone use and thus not registered - * in the Botan algorithm registry. - * - * (C) 2016,2017 Matthias Gierlings - * - * Botan is released under the Simplified BSD License (see license.txt) - **/ - -#include - -namespace Botan { - -XMSS_WOTS_Signature_Operation::XMSS_WOTS_Signature_Operation( - const XMSS_WOTS_Addressed_PrivateKey& private_key) - : XMSS_WOTS_Common_Ops(private_key.private_key().wots_parameters().oid()), - m_priv_key(private_key), - m_msg_buf(0) - { - m_msg_buf.reserve( - m_priv_key.private_key().wots_parameters().element_size()); - } - -void -XMSS_WOTS_Signature_Operation::update(const uint8_t msg[], size_t msg_len) - { - BOTAN_ASSERT(msg_len == m_priv_key.private_key().wots_parameters(). - element_size() && - m_msg_buf.size() == 0, - "XMSS WOTS only supports one message part of size n."); - - for(size_t i = 0; i < msg_len; i++) - { m_msg_buf.push_back(msg[i]); } - } - -secure_vector -XMSS_WOTS_Signature_Operation::sign(RandomNumberGenerator&) - { - secure_vector result(0); - result.reserve(m_wots_params.len() * m_wots_params.element_size()); - XMSS_WOTS_PrivateKey& priv_key = m_priv_key.private_key(); - for(const auto& node : priv_key.sign(m_msg_buf, m_priv_key.address())) - { - std::copy(node.begin(), node.end(), std::back_inserter(result)); - } - - return result; - } - -} diff --git a/src/lib/pubkey/xmss/xmss_wots_signature_operation.h b/src/lib/pubkey/xmss/xmss_wots_signature_operation.h deleted file mode 100644 index 6cfe4521bc..0000000000 --- a/src/lib/pubkey/xmss/xmss_wots_signature_operation.h +++ /dev/null @@ -1,61 +0,0 @@ -/** - * XMSS WOTS Signature Operation - * (C) 2016,2017 Matthias Gierlings - * - * Botan is released under the Simplified BSD License (see license.txt) - **/ - -#ifndef BOTAN_XMSS_WOTS_SIGNATURE_OPERATION_H_ -#define BOTAN_XMSS_WOTS_SIGNATURE_OPERATION_H_ - -#include -#include -#include -#include -#include -#include - -namespace Botan { - -/** - * Signature generation operation for Winternitz One Time Signatures for use - * in Extended Hash-Based Signatures (XMSS). - * - * This operation is not intended for stand-alone use and thus not registered - * in the Botan algorithm registry. - ***/ -class XMSS_WOTS_Signature_Operation final : public virtual PK_Ops::Signature, - public XMSS_WOTS_Common_Ops - { - public: - XMSS_WOTS_Signature_Operation( - const XMSS_WOTS_Addressed_PrivateKey& private_key); - - virtual ~XMSS_WOTS_Signature_Operation() = default; - - /** - * Creates a XMSS WOTS signature for the message provided through call - * to update(). XMSS wots only supports one message part and a fixed - * message size of "n" bytes where "n" equals the element size of - * the chosen XMSS WOTS signature method. The random number generator - * argument is supplied for interface compatibility and remains unused. - * - * @return serialized Winternitz One Time Signature. - **/ - secure_vector sign(RandomNumberGenerator&) override; - - void update(const uint8_t msg[], size_t msg_len) override; - - private: - wots_keysig_t sign(const secure_vector& msg, - const wots_keysig_t& priv_key, - XMSS_Address& adrs, - const secure_vector& seed); - XMSS_WOTS_Addressed_PrivateKey m_priv_key; - secure_vector m_msg_buf; - }; - -} - -#endif - diff --git a/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp deleted file mode 100644 index 480fbdff75..0000000000 --- a/src/lib/pubkey/xmss/xmss_wots_verification_operation.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/** - * XMSS WOTS Verification Operation - * Provides signature verification capabilities for Winternitz One Time - * Signatures used in Extended Hash-Based Signatures (XMSS). - * - * This operation is not intended for stand-alone use and thus not registered - * in the Botan algorithm registry. - * - * (C) 2016,2017 Matthias Gierlings - * - * Botan is released under the Simplified BSD License (see license.txt) - **/ - -#include - -namespace Botan { - -XMSS_WOTS_Verification_Operation::XMSS_WOTS_Verification_Operation( - const XMSS_WOTS_Addressed_PublicKey& public_key) - : XMSS_WOTS_Common_Ops(public_key.public_key().wots_parameters().oid()), - m_pub_key(public_key), - m_msg_buf(0) - { - m_msg_buf.reserve(m_pub_key.public_key().wots_parameters(). - element_size()); - } - -void -XMSS_WOTS_Verification_Operation::update(const uint8_t msg[], size_t msg_len) - { - BOTAN_ASSERT(msg_len == m_pub_key.public_key().wots_parameters(). - element_size() && - m_msg_buf.size() == 0, - "XMSS WOTS only supports one message part of size n."); - - for(size_t i = 0; i < msg_len; i++) - { - m_msg_buf.push_back(msg[i]); - } - } - -bool XMSS_WOTS_Verification_Operation::is_valid_signature(const uint8_t sig[], - size_t sig_len) - { - const XMSS_WOTS_Parameters& w = m_pub_key.public_key().wots_parameters(); - - BOTAN_ASSERT(sig_len == w.element_size() * w.len(), - "Invalid signature size."); - - wots_keysig_t signature(0); - signature.reserve(sig_len); - - size_t begin = 0; - size_t end = 0; - while(signature.size() < w.len()) - { - begin = end; - end = begin + w.element_size(); - signature.push_back(secure_vector(sig + begin, sig + end)); - } - - XMSS_WOTS_PublicKey pubkey_msg(w.oid(), - m_msg_buf, - signature, - m_pub_key.address(), - m_pub_key.public_key().public_seed()); - - return pubkey_msg.key_data() == m_pub_key.public_key().key_data(); - } - -} - diff --git a/src/lib/pubkey/xmss/xmss_wots_verification_operation.h b/src/lib/pubkey/xmss/xmss_wots_verification_operation.h deleted file mode 100644 index 3dce165b01..0000000000 --- a/src/lib/pubkey/xmss/xmss_wots_verification_operation.h +++ /dev/null @@ -1,48 +0,0 @@ -/** - * XMSS_WOTS_Verification_Operation.h - * (C) 2016,2017 Matthias Gierlings - * - * Botan is released under the Simplified BSD License (see license.txt) - **/ - -#ifndef BOTAN_XMSS_WOTS_VERIFICATION_OPERATION_H_ -#define BOTAN_XMSS_WOTS_VERIFICATION_OPERATION_H_ - -#include -#include -#include -#include -#include -#include - -namespace Botan { - -/** - * Provides signature verification capabilities for Winternitz One Time - * Signatures used in Extended Merkle Tree Signatures (XMSS). - * - * This operation is not intended for stand-alone use and thus not registered - * in the Botan algorithm registry. - **/ -class XMSS_WOTS_Verification_Operation - final : public virtual PK_Ops::Verification, - public XMSS_WOTS_Common_Ops - { - public: - XMSS_WOTS_Verification_Operation( - const XMSS_WOTS_Addressed_PublicKey& public_key); - - virtual ~XMSS_WOTS_Verification_Operation() = default; - - bool is_valid_signature(const uint8_t sig[], size_t sig_len) override; - - void update(const uint8_t msg[], size_t msg_len) override; - - private: - XMSS_WOTS_Addressed_PublicKey m_pub_key; - secure_vector m_msg_buf; - }; - -} - -#endif From 02d6b74810a61dd63bc09ea5a6db5f528fcec120 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 27 Dec 2017 12:19:46 -0500 Subject: [PATCH 0441/1008] Change X509_Certificate::subject_public_key_bitstring_sha1 to return const ref --- src/lib/x509/x509cert.cpp | 2 +- src/lib/x509/x509cert.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 5a5521e374..459e266506 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -364,7 +364,7 @@ const std::vector& X509_Certificate::subject_public_key_bitstring() con return data().m_subject_public_key_bitstring; } -std::vector X509_Certificate::subject_public_key_bitstring_sha1() const +const std::vector& X509_Certificate::subject_public_key_bitstring_sha1() const { if(data().m_subject_public_key_bitstring_sha1.empty()) throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build"); diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 9ee3d4eb8a..eb8ceb5b33 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -83,9 +83,10 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object /** * Get the SHA-1 bit string of the public key associated with this certificate. * This is used for OCSP among other protocols. + * This function will throw if SHA-1 is not available. * @return hash of subject public key of this certificate */ - std::vector subject_public_key_bitstring_sha1() const; + const std::vector& subject_public_key_bitstring_sha1() const; /** * Get the certificate's issuer distinguished name (DN). From a302d9bfd115a7138a5f044c4a1c841c1629ede1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 27 Dec 2017 16:06:15 -0500 Subject: [PATCH 0442/1008] Officially deprecate Perl-XS wrapper [ci skip] a) I don't care about Perl b) Apparently nobody else does c) Would be better to use SWIG, or ffi via XS --- doc/manual/deprecated.rst | 2 ++ news.rst | 3 +++ 2 files changed, 5 insertions(+) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index cb2a76d011..940bcab30b 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -16,6 +16,8 @@ in the source. - All or nothing package transform (``package.h``) +- The Perl-XS wrapper + - The TLS constructors taking `std::function` for callbacks. Instead use the TLS::Callbacks interface. diff --git a/news.rst b/news.rst index 9619e80159..6d07e2aa5f 100644 --- a/news.rst +++ b/news.rst @@ -211,6 +211,9 @@ Version 2.4.0, Not Yet Released * As upstream support for Native Client has been deprecated by Google, support is now also deprecated in Botan and will be removed in a future release. +* The Perl-XS wrapper has not been maintained in many years. It is now deprecated, + and if no attempts are made to revive it, it will be removed in a future release. + * Support for building on IRIX has been removed. Version 2.3.0, 2017-10-02 From bbeb0675d334adca030a6531d8b067d43df4c9df Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 05:11:16 -0500 Subject: [PATCH 0443/1008] Avoid prefixing siglongjmp or sigsetjmp with :: Apparently these are macros on Cygwin/newlib --- src/lib/utils/os_utils.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 833afecc69..48890964ac 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -363,7 +363,7 @@ static ::sigjmp_buf g_sigill_jmp_buf; void botan_sigill_handler(int) { - ::siglongjmp(g_sigill_jmp_buf, /*non-zero return value*/1); + siglongjmp(g_sigill_jmp_buf, /*non-zero return value*/1); } } @@ -386,7 +386,7 @@ int OS::run_cpu_instruction_probe(std::function probe_fn) if(rc != 0) throw Exception("run_cpu_instruction_probe sigaction failed"); - rc = ::sigsetjmp(g_sigill_jmp_buf, /*save sigs*/1); + rc = sigsetjmp(g_sigill_jmp_buf, /*save sigs*/1); if(rc == 0) { From db23059fdb4e6127a75bd9c52dab722d52ff09d6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 07:25:51 -0500 Subject: [PATCH 0444/1008] Add final annotation on Data_Store --- src/lib/x509/datastor.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/x509/datastor.h b/src/lib/x509/datastor.h index 556a789846..ec3c5189bd 100644 --- a/src/lib/x509/datastor.h +++ b/src/lib/x509/datastor.h @@ -24,7 +24,7 @@ namespace Botan { * reasons. There is no reason for applications to use this type directly. * It will be removed in a future major release. */ -class BOTAN_UNSTABLE_API Data_Store +class BOTAN_UNSTABLE_API Data_Store final { public: /** From 4c1ffbe1dc46dd0844c4674791bb8cc430a41a8e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 08:03:31 -0500 Subject: [PATCH 0445/1008] Refactor ASN1_Pretty_Printer Now the base class ASN1_Formatter parses the data and calls virtuals to format. This allows custom formatting, or in the case of the fuzzer skipping the overhead of formatting entirely. --- src/fuzzer/asn1.cpp | 21 ++- src/lib/asn1/asn1_obj.cpp | 6 + src/lib/asn1/asn1_print.cpp | 248 ++++++++++++++++++------------------ src/lib/asn1/asn1_print.h | 86 +++++++++---- 4 files changed, 216 insertions(+), 145 deletions(-) diff --git a/src/fuzzer/asn1.cpp b/src/fuzzer/asn1.cpp index 8fabad5eda..da3e1607fc 100644 --- a/src/fuzzer/asn1.cpp +++ b/src/fuzzer/asn1.cpp @@ -8,6 +8,25 @@ #include #include +class ASN1_Parser final : public Botan::ASN1_Formatter + { + public: + ASN1_Parser() : Botan::ASN1_Formatter(true) {} + + protected: + std::string format(Botan::ASN1_Tag, Botan::ASN1_Tag, size_t, size_t, + const std::string&) const override + { + return ""; + } + + std::string format_bin(Botan::ASN1_Tag, Botan::ASN1_Tag, + const std::vector&) const override + { + return ""; + } + }; + void fuzz(const uint8_t in[], size_t len) { try @@ -17,7 +36,7 @@ void fuzz(const uint8_t in[], size_t len) * on actual output formatting, no memory is allocated, etc. */ std::ofstream out; - Botan::ASN1_Pretty_Printer printer; + ASN1_Parser printer; printer.print_to_stream(out, in, len); } catch(Botan::Exception& e) { } diff --git a/src/lib/asn1/asn1_obj.cpp b/src/lib/asn1/asn1_obj.cpp index 1f93a4b8b9..c83875ae5c 100644 --- a/src/lib/asn1/asn1_obj.cpp +++ b/src/lib/asn1/asn1_obj.cpp @@ -16,6 +16,12 @@ std::string asn1_tag_to_string(ASN1_Tag type) { switch(type) { + case Botan::SEQUENCE: + return "SEQUENCE"; + + case Botan::SET: + return "SET"; + case Botan::PRINTABLE_STRING: return "PRINTABLE STRING"; diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index 979d041d8f..ffb2eda481 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -18,89 +18,24 @@ namespace Botan { -std::string ASN1_Pretty_Printer::print(const uint8_t in[], size_t len) const +std::string ASN1_Formatter::print(const uint8_t in[], size_t len) const { std::ostringstream output; print_to_stream(output, in, len); return output.str(); } -void ASN1_Pretty_Printer::print_to_stream(std::ostream& output, - const uint8_t in[], - size_t len) const +void ASN1_Formatter::print_to_stream(std::ostream& output, + const uint8_t in[], + size_t len) const { BER_Decoder dec(in, len); - decode(output, dec, m_initial_level); + decode(output, dec, 0); } -std::string ASN1_Pretty_Printer::format_binary(const std::vector& in) const - { - std::ostringstream out; - - size_t unprintable = 0; - - for(size_t i = 0; i != in.size(); ++i) - { - const int c = in[i]; - if(std::isalnum(c)) - { - out << static_cast(c); - } - else - { - out << "x" << std::hex << static_cast(c) << std::dec; - ++unprintable; - if(unprintable >= in.size() / 4) - { - return hex_encode(in); - } - } - } - - return out.str(); - } - -void ASN1_Pretty_Printer::emit(std::ostream& output, - const std::string& type, - size_t level, size_t length, - const std::string& value) const - { - std::ostringstream oss; - - oss << " d=" << std::setw(2) << level - << ", l=" << std::setw(4) << length << ":" - << std::string(level + 1, ' ') << type; - - bool should_skip = false; - - if(value.length() > m_print_limit) - { - should_skip = true; - } - - if((type == "OCTET STRING" || type == "BIT STRING") && value.length() > m_print_binary_limit) - { - should_skip = true; - } - - const std::string s = oss.str(); - - output << s; - - if(value != "" && !should_skip) - { - const size_t spaces_to_align = - (s.size() >= m_value_column) ? 1 : (m_value_column - s.size()); - - output << std::string(spaces_to_align, ' ') << value; - } - - output << "\n"; - } - -void ASN1_Pretty_Printer::decode(std::ostream& output, - BER_Decoder& decoder, - size_t level) const +void ASN1_Formatter::decode(std::ostream& output, + BER_Decoder& decoder, + size_t level) const { BER_Object obj = decoder.get_next_object(); @@ -114,48 +49,15 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, that we've gotten the type info */ DER_Encoder encoder; encoder.add_object(type_tag, class_tag, obj.value); - std::vector bits = encoder.get_contents_unlocked(); + const std::vector bits = encoder.get_contents_unlocked(); BER_Decoder data(bits); if(class_tag & CONSTRUCTED) { BER_Decoder cons_info(obj.value); - if(type_tag == SEQUENCE) - { - emit(output, "SEQUENCE", level, length); - decode(output, cons_info, level + 1); // recurse - } - else if(type_tag == SET) - { - emit(output, "SET", level, length); - decode(output, cons_info, level + 1); // recurse - } - else - { - std::string name; - - if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC)) - { - name = "cons [" + std::to_string(type_tag) + "]"; - - if(class_tag & APPLICATION) - { - name += " appl"; - } - if(class_tag & CONTEXT_SPECIFIC) - { - name += " context"; - } - } - else - { - name = asn1_tag_to_string(type_tag) + " (cons)"; - } - - emit(output, name, level, length); - decode(output, cons_info, level + 1); // recurse - } + output << format(type_tag, class_tag, level, length, ""); + decode(output, cons_info, level + 1); // recurse } else if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC)) { @@ -166,16 +68,21 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, std::vector inner_bits; data.decode(inner_bits, type_tag); BER_Decoder inner(inner_bits); - decode(output, inner, level + 1); // recurse + + std::ostringstream inner_data; + decode(inner_data, inner, level + 1); // recurse + output << inner_data.str(); } catch(...) { - emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); + output << format(type_tag, class_tag, level, length, + format_bin(type_tag, class_tag, bits)); } } else { - emit(output, "[" + std::to_string(type_tag) + "]", level, length, format_binary(bits)); + output << format(type_tag, class_tag, level, length, + format_bin(type_tag, class_tag, bits)); } } else if(type_tag == OBJECT_ID) @@ -193,7 +100,7 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, out += " [" + oid.as_string() + "]"; } - emit(output, asn1_tag_to_string(type_tag), level, length, out); + output << format(type_tag, class_tag, level, length, out); } else if(type_tag == INTEGER || type_tag == ENUMERATED) { @@ -216,17 +123,17 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, str += static_cast(rep[i]); } - emit(output, asn1_tag_to_string(type_tag), level, length, str); + output << format(type_tag, class_tag, level, length, str); } else if(type_tag == BOOLEAN) { bool boolean; data.decode(boolean); - emit(output, asn1_tag_to_string(type_tag), level, length, (boolean ? "true" : "false")); + output << format(type_tag, class_tag, level, length, (boolean ? "true" : "false")); } else if(type_tag == NULL_TAG) { - emit(output, asn1_tag_to_string(type_tag), level, length); + output << format(type_tag, class_tag, level, length, ""); } else if(type_tag == OCTET_STRING || type_tag == BIT_STRING) { @@ -238,27 +145,28 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, BER_Decoder inner(decoded_bits); std::ostringstream inner_data; - decode(inner_data, inner, level + 1); + decode(inner_data, inner, level + 1); // recurse - emit(output, asn1_tag_to_string(type_tag), level, length, ""); + output << format(type_tag, class_tag, level, length, ""); output << inner_data.str(); } catch(...) { - emit(output, asn1_tag_to_string(type_tag), level, length, format_binary(decoded_bits)); + output << format(type_tag, class_tag, level, length, + format_bin(type_tag, class_tag, decoded_bits)); } } else if(ASN1_String::is_string_type(type_tag)) { ASN1_String str; data.decode(str); - emit(output, asn1_tag_to_string(type_tag), level, length, str.value()); + output << format(type_tag, class_tag, level, length, str.value()); } else if(type_tag == UTC_TIME || type_tag == GENERALIZED_TIME) { X509_Time time; data.decode(time); - emit(output, asn1_tag_to_string(type_tag), level, length, time.readable_string()); + output << format(type_tag, class_tag, level, length, time.readable_string()); } else { @@ -270,4 +178,102 @@ void ASN1_Pretty_Printer::decode(std::ostream& output, } } +namespace { + +std::string format_type(ASN1_Tag type_tag, ASN1_Tag class_tag) + { + if((class_tag & CONSTRUCTED) && ((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC))) + { + std::string name = "cons [" + std::to_string(type_tag) + "]"; + + if(class_tag & APPLICATION) + { + name += " appl"; + } + if(class_tag & CONTEXT_SPECIFIC) + { + name += " context"; + } + + return name; + } + else + { + return asn1_tag_to_string(type_tag); + } + } + +} + +std::string ASN1_Pretty_Printer::format(ASN1_Tag type_tag, + ASN1_Tag class_tag, + size_t level, + size_t length, + const std::string& value) const + { + bool should_skip = false; + + if(value.length() > m_print_limit) + { + should_skip = true; + } + + if((type_tag == OCTET_STRING || type_tag == BIT_STRING) && + value.length() > m_print_binary_limit) + { + should_skip = true; + } + + level += m_initial_level; + + std::ostringstream oss; + + oss << " d=" << std::setw(2) << level + << ", l=" << std::setw(4) << length << ":" + << std::string(level + 1, ' ') << format_type(type_tag, class_tag); + + if(value != "" && !should_skip) + { + const size_t current_pos = static_cast(oss.tellp()); + const size_t spaces_to_align = + (current_pos >= m_value_column) ? 1 : (m_value_column - current_pos); + + oss << std::string(spaces_to_align, ' ') << value; + } + + oss << "\n"; + + return oss.str(); + } + +std::string ASN1_Pretty_Printer::format_bin(ASN1_Tag /*type_tag*/, + ASN1_Tag /*class_tag*/, + const std::vector& vec) const + { + const size_t unprintable_bound = vec.size() / 4; + size_t unprintable = 0; + + std::ostringstream out; + + for(size_t i = 0; i != vec.size(); ++i) + { + const int c = vec[i]; + if(std::isalnum(c)) + { + out << static_cast(c); + } + else + { + out << "x" << std::hex << static_cast(c) << std::dec; + ++unprintable; + if(unprintable >= unprintable_bound) + { + return hex_encode(vec); + } + } + } + + return out.str(); + } + } diff --git a/src/lib/asn1/asn1_print.h b/src/lib/asn1/asn1_print.h index 0fd760e89b..4f9fa8f4dd 100644 --- a/src/lib/asn1/asn1_print.h +++ b/src/lib/asn1/asn1_print.h @@ -7,7 +7,7 @@ #ifndef BOTAN_ASN1_PRINT_H_ #define BOTAN_ASN1_PRINT_H_ -#include +#include #include #include #include @@ -17,27 +17,17 @@ namespace Botan { class BER_Decoder; /** -* Format ASN.1 data into human readable strings +* Format ASN.1 data and call a virtual to format */ -class BOTAN_DLL ASN1_Pretty_Printer +class BOTAN_DLL ASN1_Formatter { public: + virtual ~ASN1_Formatter() = default; + /** - * @param print_limit strings larger than this are not printed - * @param print_binary_limit binary strings larger than this are not printed * @param print_context_specific if true, try to parse nested context specific data. - * @param initial_level the initial depth (0 or 1 are the only reasonable values) - * @param value_column ASN.1 values are lined up at this column in output */ - ASN1_Pretty_Printer(size_t print_limit = 256, - size_t print_binary_limit = 256, - bool print_context_specific = true, - size_t initial_level = 0, - size_t value_column = 60) : - m_print_limit(print_limit), - m_print_binary_limit(print_binary_limit), - m_initial_level(initial_level), - m_value_column(value_column), + ASN1_Formatter(bool print_context_specific) : m_print_context_specific(print_context_specific) {} @@ -53,23 +43,73 @@ class BOTAN_DLL ASN1_Pretty_Printer return print(vec.data(), vec.size()); } - private: - void emit(std::ostream& out, - const std::string& type, - size_t level, size_t length, - const std::string& value = "") const; + protected: + /** + * This is called for each element + */ + virtual std::string format(ASN1_Tag type_tag, + ASN1_Tag class_tag, + size_t level, + size_t length, + const std::string& value) const = 0; + + /** + * This is called to format binary elements that we don't know how to + * convert to a string The result will be passed as value to format; the + * tags are included as a hint to aid decoding. + */ + virtual std::string format_bin(ASN1_Tag type_tag, + ASN1_Tag class_tag, + const std::vector& vec) const = 0; + private: void decode(std::ostream& output, BER_Decoder& decoder, size_t level) const; - std::string format_binary(const std::vector& in) const; + const bool m_print_context_specific; + }; + +/** +* Format ASN.1 data into human readable strings +*/ +class BOTAN_DLL ASN1_Pretty_Printer final : public ASN1_Formatter + { + public: + /** + * @param print_limit strings larger than this are not printed + * @param print_binary_limit binary strings larger than this are not printed + * @param print_context_specific if true, try to parse nested context specific data. + * @param initial_level the initial depth (0 or 1 are the only reasonable values) + * @param value_column ASN.1 values are lined up at this column in output + */ + ASN1_Pretty_Printer(size_t print_limit = 256, + size_t print_binary_limit = 256, + bool print_context_specific = true, + size_t initial_level = 0, + size_t value_column = 60) : + ASN1_Formatter(print_context_specific), + m_print_limit(print_limit), + m_print_binary_limit(print_binary_limit), + m_initial_level(initial_level), + m_value_column(value_column) + {} + + private: + std::string format(ASN1_Tag type_tag, + ASN1_Tag class_tag, + size_t level, + size_t length, + const std::string& value) const override; + + std::string format_bin(ASN1_Tag type_tag, + ASN1_Tag class_tag, + const std::vector& vec) const override; const size_t m_print_limit; const size_t m_print_binary_limit; const size_t m_initial_level; const size_t m_value_column; - const bool m_print_context_specific; }; } From 896d39dd7c06eb6409aa60e3c61d6418a0aa3b83 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 11:35:40 -0500 Subject: [PATCH 0446/1008] Note that PSK database is now available --- doc/roadmap.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/roadmap.rst b/doc/roadmap.rst index f5bb392531..e2bd9f869b 100644 --- a/doc/roadmap.rst +++ b/doc/roadmap.rst @@ -24,6 +24,7 @@ Interface to PSK and SRP databases ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Adding support for databases storing encrypted PSKs and SRP credentials. +(PSK database support was added in 2.4.0) ECC Refactoring ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 125d4ac3e032894804fc9485fd849674f444a00e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 11:38:50 -0500 Subject: [PATCH 0447/1008] Add a comment about an unused enum So I can find it and remove it in 3.x --- src/lib/pubkey/x509_key.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/pubkey/x509_key.h b/src/lib/pubkey/x509_key.h index d4f54fa575..58d537bbe7 100644 --- a/src/lib/pubkey/x509_key.h +++ b/src/lib/pubkey/x509_key.h @@ -20,6 +20,7 @@ class DataSource; /** * The two types of X509 encoding supported by Botan. +* This enum is not used anymore, and will be removed in a future major release. */ enum X509_Encoding { RAW_BER, PEM }; From f2d994387cf4140afcbb8673e2267ee8a78ab25d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 12:15:57 -0500 Subject: [PATCH 0448/1008] Fix RC4 name in case of skipped bytes Add a test to detect that. Add test that stream ciphers throw if they are asked to use a nonce of a size they don't support. Remove "In = 00...00" blocks since that's implicit in the stream cipher tests. --- src/lib/stream/rc4/rc4.cpp | 9 +++++--- src/tests/data/stream/chacha.vec | 1 - src/tests/data/stream/rc4.vec | 39 ++++---------------------------- src/tests/test_stream.cpp | 9 ++++++++ 4 files changed, 19 insertions(+), 39 deletions(-) diff --git a/src/lib/stream/rc4/rc4.cpp b/src/lib/stream/rc4/rc4.cpp index cce09d183b..9f0a44d6e2 100644 --- a/src/lib/stream/rc4/rc4.cpp +++ b/src/lib/stream/rc4/rc4.cpp @@ -93,9 +93,12 @@ void RC4::key_schedule(const uint8_t key[], size_t length) */ std::string RC4::name() const { - if(m_SKIP == 0) return "RC4"; - if(m_SKIP == 256) return "MARK-4"; - else return "RC4_skip(" + std::to_string(m_SKIP) + ")"; + if(m_SKIP == 0) + return "RC4"; + else if(m_SKIP == 256) + return "MARK-4"; + else + return "RC4(" + std::to_string(m_SKIP) + ")"; } /* diff --git a/src/tests/data/stream/chacha.vec b/src/tests/data/stream/chacha.vec index a361a913a0..7b382082fa 100644 --- a/src/tests/data/stream/chacha.vec +++ b/src/tests/data/stream/chacha.vec @@ -127,7 +127,6 @@ Out = F798A189F195E66982105FFB640BB7757F579DA31602FC93EC01AC56F85AC3C134A4547B73 # Key = 0000000000000000000000000000000000000000000000000000000000000000 Nonce = 000000000000000000000002 -In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Out = C2C64D378CD536374AE204B9EF933FCD1A8B2288B3DFA49672AB765B54EE27C78A970E0E955C14F3A88E741B97C286F75F8FC299E8148362FA198A39531BED6D # Long output tests generated by DJB ref impl diff --git a/src/tests/data/stream/rc4.vec b/src/tests/data/stream/rc4.vec index 5c78a9cf67..a7cc48c7ff 100644 --- a/src/tests/data/stream/rc4.vec +++ b/src/tests/data/stream/rc4.vec @@ -1,14 +1,11 @@ [RC4] Key = 0123456789ABCDEF -In = 0000000000000000 Out = 7494C2E7104B0879 Key = 0000000000000000 -In = 0000000000000000 Out = DE188941A3375D3A Key = EF012345 -In = 00000000000000000000 Out = D6A141A7EC3C38DFBD61 Key = 0123456789ABCDEF @@ -20,131 +17,99 @@ In = 010101010101010101010101010101010101010101010101010101010101010101010101010 Out = 7595C3E6114A09780C4AD452338E1FFD9A1BE9498F813D76533449B6778DCAD8C78A8D2BA9AC66085D0E53D59C26C2D1C490C1EBBE0CE66D1B6B1B13B6B919B847C25A91447A95E75E4EF16779CDE8BF0A95850E32AF9689444FD377108F98FDCBD4E726567500990BCC7E0CA3C4AAA304A387D20F3B8FBBCD42A1BD311D7A4303DDA5AB078896AE80C18B0AF66DFF319616EB784E495AD2CE90D7F772A81747B65F62093B1E0DB9E5BA532FAFEC47508323E671327DF9444432CB7367CEC82F5D44C0D00B67D650A075CD4B70DEDD77EB9B10231B6B5B741347396D62897421D43DF9B42E446E358E9C11A9B2184ECBEF0CD8E7A877EF968F1390EC9B3D35A5585CB009290E2FCDE7B5EC66D9084BE44055A619D9DD7FC3166F9487F7CB272912426445998514C15D53A18C864CE3A2B7555793988126520EACF2E3066E230C91BEE4DD5304F5FD0405B35BD99C73135D3D9BC335EE049EF69B3867BF2D7BD1EAA595D8BFC0066FF8D31509EB0C6CAA006C807A623EF84C3D33C195D23EE320C40DE0558157C822D4B8C569D849AED59D4E0FD7F379586B4B7FF684ED6A189F7486D49B9C4BAD9BA24B96ABF924372C8A8FFFB10D55354900A77A3DB5F205E1B99FCD8660863A159AD4ABE40FA48934163DDDE542A6585540FD683CBFD8C00F12129A284DEACC4CDEFE58BE7137541C047126C8D49E2755AB181AB7E940B0C0 Key = 2E -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 7D0EBD8586251EBA5612E7F0AE1461B85E7D6D01870ED72CAE875737359780097099D507F3F9 Key = 395C -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 9E10A6E1E7C66081EE6B06A86F27B31528029DB35C156E571A7A39E09CD7FDF706DE80056CFE Key = FEF6A9 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 193FBAE8145757A70ABF7E4B5DA4BAD3C8208916085ED2462C901EF01FE42818B027A6E0EB2B Key = 547BD96F -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = EB75D7A79E5F7C25156A5A63FECD9A6A67F48B97448EE49C3E3311C940ECE6D317F7CADDAEB6 Key = 284CD53FE9 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 39979C6BC7B8DC7243AD1148C1AC76899922F9759DF1988CE2FEFE0FF91CF7E908F30777BBC6 Key = DE8C6ABE0052 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 309D05E88D1A980CDBB341930F0086CB0672C85F37BDFC2CDC36D80044AF6B02E3475E3D2712 Key = B4D915156C6488 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = F409D463A1293AD11F4021982B7397D554F504E80C3AC0A6DC5C54CDDD090309BE00F9213E5E Key = 68B5FEF1FBC10AB4 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = F76241985FDD3668E0860D9396012F61F338EC7E41CC23BFD0B62869119560DC2A0604CB3C6A Key = EC498E2BCA7AC2BB9D -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 61FDF65602F7A63ADF57B05792F6C3642241EF46B97CD86171AED28D26D67BFD6E1E66C7ECF8 Key = 169D98FB855CDD15E205 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 75258D597494A88866F4FE45B09ED2BE41D49B7D653539508B4BA1A3B6F9A08C3C103267D820 Key = 0C5710A5843C9AA2C675BB -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 9FD90A643014F30D5D2BDCCBC37212904F0AD69FB23637B0FBCFA2B6E61A2A7B8DD9B6B3A344 Key = 837C0042EEA1A15CA24AD014 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 3E04F9E7804F3F8267B2F5EABF4722183BCB17266F81EBE3A3EE8B00D5C9A727105F43131667 Key = 4B5509356362D35FA63C5B8C44 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = FA9B2426AF83EC289356B58006370907DD5D8A7C1BA887F188B7F695DEB96F3DE94E5AF4DEA0 Key = 3F6CEBC8C94447FAAF9CEC4E778A -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 80ABD7170971295FA8D525B1EBB8CE95829CBC9C81AAD2472DEBED0F087558433B84E11CE574 Key = E0A97B4D129FB0BFDCAB24076DD5C2 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 0C3E9A53C6862E2121F3D089737FF54F96916E469BDE5A645FA134ED4DDF76AB41B569649A98 Key = 97CD440324DA5FD1F7955C1C13B6B466 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = A68686B04D686AA107BD8D4CAB191A3EEC0A6294BC78B60F65C25CB47BD7BB3A48EFC4D26BE4 Key = 31DE7ED3BEB6EAF9131922D06201A19366 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 07001BC046443693F173F723638A685CEB7DF1CD61D4E93A52E44B914063903A578138EA0FD8 Key = 368C7A9662385B308F696A0C58E5E57E768E -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 8C68C80B6A01A6571642966D601BABA39B1644177C7C3B35A9D91669F7AE8D22A57308D05F1A Key = F745ADBD90EF249FFC14183A9E20F69BC68214 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 2A0BDB20E12B4BAA2E8C3D40B333B55ABBD0A156826BFBFDDE066F9D73398841E4A38CB78B5D Key = 872DE53D5116911D916A947041D22A0D50B7A5C1 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 64ED1979AA8B458EE96EEC995E4EF2894DE0D029B1C0DA497A9BD7A81ECE4A408C253E9DA074 Key = 27FBBBE2EEC453C3D5970A6BAF03FFE299EED3FEFF -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = DE31449883D5E651E6F889E2F18C453F06276D13999607FADC393A2619DAF7E2182C214872C5 Key = 1BCEBC37EF602F758CDFBFA1F1BCA61AEBEFDD79B179 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 81570047B8BB9E5968B15F9C286F3F2B6264F8BCEE5C64A698BB2F35B697E32FAE6372BD07A7 Key = 6FBC9F1E72F7E6EE8D233C4B27EFB98351B5FEAE803732 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 0D8BBBA8FEE3CCEE8CBB3548F52AA85D9FFA58E50655E19FFA31DFCC97F65116DA34BA775559 Key = 852F2F3CA64B0C256B080A577E135A54B01D9079A8785EF6 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = FA087B45D61566E102A2B099CCA04A499191C54BE21C67C17D40A2EE81B0AE1F525AD7E61BEE Key = 8EB43FD27CF769A39BBF2FE02B9E4C6ABEE996DE591E5FC521 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 0E79E4BD49A8CFC6BD1031FDB6DF4BBCDB96D64967AD1710C3BD96A8287064B211A984C82C4D Key = C3CB4048B42619DBB1A16373749B8264960CF7CBB1EB6D3565BD -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = B420CB807A85D5EF897AE3EC7C7CA53EB2580F11B9C815DC6870FD3D0DAEB8EFE5AA28DF2E9C Key = A7F0BD928BBA925A49B117ACDAA68702B4D4342F8FD62503319BF8 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 92762FCEB9FC304D2FF7994AA435E4774FFC1D97C9CB36F89722AED507310EBF028EDB0F6323 Key = 3BC2C34F2653E210A1E15282FFA01149DF53AA6BFAF5FE04523DB614 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 978D46FC073896B8875C7D4EB2F7EA35F58877550071F056584DC59E722E850E4E0DE75ECFF9 Key = 6538CBE80D306CD6AB1F027E4EFCAB804D407B00B281240B33A8C7F40D -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = AE6AFEAF83A30B85D865FDC86362F95642E7A9CD157DA2F12ACFE9A718F3FB996C1C222B2432 Key = B7793A33C33FE1C3EE024A7EE40BBD13ACEB02049159717F35279D67F730 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = D4192C0818E7E4CA10AD05FBB3181C41C4D0BEA1805A883708FDE321B70D6C7D8B5601079D7C Key = 0C9856E6B845A33EECC0F30BF1974DB4DB088BF02314EE48FC369B6515994F -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 65029B1DD806694E4AEF4B63016D0685A8EEB682E86353C049378EC540BC0F4BB682740E3534 Key = CC26F0F11FF7759081CC87B0296E46E1A29611FA042C0F09033F12FD06468624 -In = 0000000000000000000000000000000000000000000000000000000000000000000000000000 Out = F33562228D9339F23EFE694E45A6A5B4457F2865061384B064DD45321D399FD1DB1C3CCBE64B Key = 51 @@ -275,6 +240,10 @@ Key = 8E3BE5C3118FA8382BE650BF4727BF6B84F6D962367AB966A072BD5913335457 In = B5E5EC7969BE71F2CB23A1B3F03683D760849D250CED76939779CB56F68A1FB0C5203E70C709AA3BD5F46BEF4810F7A1D5D3DF80C7E887BF8D8AAF851D22A70663CFB11F9FAFF3C7C3CF7989A62D3D51A317F5AB3F34E3E666FCEF0AF7565831C148AE441EC5B944267D2A5724225EA7FF93B39A3B4840FFE9F379598721C1C8E5C72DFB37999932C75D16C5F43D77199BE6FFC9F19EB8C19296AE5C06CF2B7263941D6CD40EF0D68E3D4E309E46794EB0CEF97FFC79A2209B49657CA5010257AB977BEB3070192E13672E94C99E8250CBA79BA46A23C1613D46EDEB7DF6D2AF8F0928115CC002103BE69BD1E7BA4D81EC5CEF372DD1A6FE6B2BBD643C04E0C7AFE61BAF19140C0A45A7226D059D66EBAEA5346F6C79B32F234813CA2365D3F45E13F77ADE50C16A216ED9497BCC77ADAE50DEDA9636E67504C71D499707951CB28EDCEB16974A7F8015170E7CD9A2962D529EA97877281DDBDAB23988502C46A0F2CDA4700DE1923334CFA6F344F4F8514DEDE2DDC82C0079729840A459A59DC89C57FE7CA34784178FDD70D1AD7F46C1D464DCCA8D0D9CFEC542A0689441360C33F1EACC4B882DE9BFE1B593459A13B73E86BD8C0B0282C69387B0506FAED80D13A2CD8A61FD556AA52CA111A250A9759B65C9815E8917A81248E47F7AB963A5D26ED23F07F1DC07F74490F97F0EE79AC55532855E44BF85AC6870ECDB6EB454F04332297D1A219E76CDD92BAC023036C580F3311D5255201F6617AD800A7C1BD4E0014AB554840B72BC2E6492CF27E246DFEEBFA6797892600B13CDDC4B71F644492950476B21315B6BB6599355EB2ED3B41DEDAEC9915803204A77B2BA17F5EE77143D62939326C6B0E47D013C8B4CA35EFD56969CD9922DF373DA3361692F2215D1D79A620179B399ED509B75D64229E678D50BA5DE297D4E3F43E63910BDE9F50D81477C4204205F743F94168FE1B1D49BF0DF9B4CDC54043BB0992D1D8D2DCCA0E2BC3D16BC9750DD2683C8B60313E9A8E613DE853B5BAA0A6F987F6E7DD4753E285ED6FF895D521BD38567588F36DCAAE3CFC13EA204DA65E1D8FDBDB8406FB10F99C977D2523B0556C989D7A13E4B6CFCE1C92CAD06F513D4E9ABF607D88FECECD8C47413ABD8814DE84075C4BD8315EBA45571247DB384BF6C84661B93E4CE7ECAE02CD3B2E5C93F08FD020AC41B583B73E5C1534D5F101058B9EF51BE65959D30E2A74F643F55A71DAC6441D3C03A117A675F6472AC5BE7C3D05791E85134CB10CD4C8A4F9E62EBFB24DE64FD5713CE856BE832F4D6C409390EDEA43E8B1BBEB195C38478342B33BE0595334B3D0EC5E392BABACF0052B3686AAE8AF9A9D49093EBDF6507E073EABAD120CAF75A172E08046542B149588AFBDA53A1713D91980F04E95A048BA7A92B98C4C090A622ED1C9E9BBEE79D1F24E36DA1 Out = A497092296A16CBAB0B6A592C33FEAB468D38BC809F666492B55F6A0FA8C02B38856A0ABFDB5EB16423C8FE8C50DF5522C27CB55251A8560E25633B97CD00434266786B57AA4CBFF2334D072CC32652917F8371F17EEEB05B46B520F97D63EEE0DBEB2FAC94896C49D13EA71EC1D6553B05DC266D1C2B8AB82932B5821A5DE558317B0C42DD1CC86DB784564BBAF915F5467701FD7C28C9AA51DE741D90FCB60A16FB21504F77E7EDD65CEF98E1C88CDC657BAB27039C3A89A022B18783E65FB6F7DB2D8DB623BCAF56FD94634FCA45C9537BDFA76C6DBA3F4A7F39037C2B935C25DD517AA2DA9CD8F5E83AE7D3E95ED63025E925253D1C5FCDBBBF18310954C22CE7851ADFB0527C057B51EAA8504082D138DC6569F9736EAB6C11BB0DB9243BBBEE576A1CB9390F92362F7A3581E91F27B3B47FA0E2E375584D8B7588BF5B5EF1EC2CA21267685AD9E76B985F5887B0A6E313BE8275E3F7C0BBE87228DFED01E37A7213349150191860B1AD3E20C91DD504C2FF642AB869E4B427B11B1C22A6D1029BCBC7610EDF9B2F4A2834A8897303A9C5A313D7C3B18796CB0F0F968B175D7CA252ADF80CFDB258228FB6A1A9AA52F8847E18866C4F1038B28A6A3EB14C51098049C519FFF83136206BE095094C66CF3F683BC5757D2394DE9E0808E42DE433988FF30326AD87C4AE38521A2B8E4BE8BD7634FC62FE02E450510A190A767B3475639A86ED3F31230C21B2C9BE5C1285C8B127BF153B2F3D082F4F6B18BC2AC3380BFC4BCAC748C7C8F781F58CD674DA01CC6351C354FA75879E002A6C95986A516035F6F2A9C50FC8BE5AC79B7E9EBE8FB4F4DFE1683C52C966DBEAC355965A04F9AA6C91833BD55F508B04100A88FDA58F14E5C260859EC7CB60F625928EDD7CAF8B3490655E234CC511B523C40B56BD07CB9A6A08A3642DA96C3D889C1D95176C9FAF6E28E74A548FD6F8C3B0FBCEC237A5BD739A2DCF7EA93943DAB8CB5F228E0C752867E116842EA867AB7FB0B4A6D031E9FEB8780C1318DFDBD6CD335122568E7B7294DD851C800156E13B445D64B22E9CB4649B07E4BA64D2D22387173727EB434AC69D7A3F5580EEED15F7D4F15B6A6B190630C3B4BF6CCBE98549152E5E6EF47FD02E5ACAA8D1C7E8621FBA77C4C712C6B91EE273B81C9CB4B0F5C610303F700C441DEE3C05540B793CD4E72C787F262F711EB788057486250076C2B1F09B93B2DD962098CDEFC48CF50A90DE67B97819FA4248D45BC29B3325C4EC1EF95C9C2B1701190BD7420FEDA9976DDF8CF70AFCAF1A8799738C5311757616764701CECEFF27D2676B1F55E3749751080358DD9E9A9125287342FCB08E6BD33C776B0E0E2A6F28A043F52A6508DA1C7F867512E13A64A20DB83D86884B50141254C71B7388F6A7D65EFB2D069A815FECB0970A3300CD5C5AA73776E2A +[RC4(3)] +Key = CC26F0F11FF7759081CC87B0296E46E1A29611FA042C0F09033F12FD06468624 +Out = 228D9339F23EFE694E45A6A5B4457F2865061384B064DD45321D399FD1DB1C3CCBE64B + [MARK-4] Key = AAC76CB1CE2BF5144EE9A543328AFB95 In = 97212EACFDB13D5BBC037B01A81CBB736B8136124E275E2F25823B8B98EDD3C4BF7F6AD52D diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp index ab9de228b9..cc6db5bc62 100644 --- a/src/tests/test_stream.cpp +++ b/src/tests/test_stream.cpp @@ -84,6 +84,15 @@ class Stream_Cipher_Tests final : public Text_Based_Test cipher->set_key(key); + /* + Test invalid nonce sizes. this assumes no implemented cipher supports a nonce of 65000 + */ + const size_t large_nonce_size = 65000; + result.confirm("Stream cipher does not support very large nonce", cipher->valid_iv_length(large_nonce_size) == false); + + result.test_throws("Throws if invalid nonce size given", + [&]() { cipher->set_iv(nullptr, large_nonce_size); }); + if(nonce.size()) { if(!cipher->valid_iv_length(nonce.size())) From deaa16feab1a525c90647c59dc96e877dffa812a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 12:17:06 -0500 Subject: [PATCH 0449/1008] Deprecate CMAC::poly_double We use the internal util API now --- src/lib/mac/cmac/cmac.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/mac/cmac/cmac.h b/src/lib/mac/cmac/cmac.h index 9867c7d0e5..7f155c6bf5 100644 --- a/src/lib/mac/cmac/cmac.h +++ b/src/lib/mac/cmac/cmac.h @@ -32,9 +32,15 @@ class BOTAN_PUBLIC_API(2,0) CMAC final : public MessageAuthenticationCode /** * CMAC's polynomial doubling operation + * + * This function was only exposed for use elsewhere in the library, but it is not + * longer used. This function will be removed in a future release. + * * @param in the input */ - static secure_vector poly_double(const secure_vector& in); + static secure_vector + BOTAN_DEPRECATED("This was only for internal use and is no longer used") + poly_double(const secure_vector& in); /** * @param cipher the block cipher to use From eeaa03b1a2b435c6ed01a85305e356df7bc7017e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 12:18:09 -0500 Subject: [PATCH 0450/1008] Add passhash9 tests for edge cases And correct exception message which referred to bcrypt --- src/lib/passhash/passhash9/passhash9.cpp | 4 ++-- src/tests/test_passhash.cpp | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/lib/passhash/passhash9/passhash9.cpp b/src/lib/passhash/passhash9/passhash9.cpp index 47c7d0342c..9b4a31370d 100644 --- a/src/lib/passhash/passhash9/passhash9.cpp +++ b/src/lib/passhash/passhash9/passhash9.cpp @@ -105,8 +105,8 @@ bool check_passhash9(const std::string& pass, const std::string& hash) return false; if(work_factor > 512) - throw Invalid_Argument("Requested Bcrypt work factor " + - std::to_string(work_factor) + " too large"); + throw Invalid_Argument("Requested passhash9 work factor " + + std::to_string(work_factor) + " is too large"); const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor; diff --git a/src/tests/test_passhash.cpp b/src/tests/test_passhash.cpp index 7f42bce4a4..be194b553e 100644 --- a/src/tests/test_passhash.cpp +++ b/src/tests/test_passhash.cpp @@ -98,7 +98,7 @@ class Passhash9_Tests final : public Text_Based_Test for(uint8_t alg_id = 0; alg_id <= 4; ++alg_id) { if(Botan::is_passhash9_alg_supported(alg_id)) - { + { const std::string gen_hash = Botan::generate_passhash9(password, Test::rng(), 2, alg_id); if(!result.test_eq("generated hash accepted", Botan::check_passhash9(password, gen_hash), true)) @@ -125,6 +125,23 @@ class Passhash9_Tests final : public Text_Based_Test return result; } + + std::vector run_final_tests() override + { + Test::Result result("passhash9"); + + result.confirm("Unknown algorithm is unknown", + Botan::is_passhash9_alg_supported(255) == false); + + result.test_throws("Throws if algorithm not supported", + "Invalid argument Passhash9: Algorithm id 255 is not defined", + []() { Botan::generate_passhash9("pass", Test::rng(), 3, 255); }); + + result.test_throws("Throws if iterations is too high", + "Invalid argument Requested passhash9 work factor 513 is too large", + []() { Botan::check_passhash9("floof", "$9$AgIB3c5J3kvAuML84sZ5hWT9WzJtiYRPLCEARaujS7I6IKbNCwp0"); }); + return {result}; + } }; BOTAN_REGISTER_TEST("passhash9", Passhash9_Tests); From 308022200f690aa089080c41e87cd518e8ef1868 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 12:26:19 -0500 Subject: [PATCH 0451/1008] Correct OpenSSL RC4 naming --- src/lib/prov/openssl/openssl_rc4.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/prov/openssl/openssl_rc4.cpp b/src/lib/prov/openssl/openssl_rc4.cpp index 661fda23c2..0e00607de7 100644 --- a/src/lib/prov/openssl/openssl_rc4.cpp +++ b/src/lib/prov/openssl/openssl_rc4.cpp @@ -34,7 +34,7 @@ class OpenSSL_RC4 final : public StreamCipher case 256: return "MARK-4"; default: - return "RC4_skip(" + std::to_string(m_skip) + ")"; + return "RC4(" + std::to_string(m_skip) + ")"; } } From b5a5246b52a0597948b1458d2c587d4576620754 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 12:32:28 -0500 Subject: [PATCH 0452/1008] Add a test for distinct master keys in a single PSK_DB --- src/tests/test_psk_db.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/tests/test_psk_db.cpp b/src/tests/test_psk_db.cpp index f9eb9d7e87..87a0b4381a 100644 --- a/src/tests/test_psk_db.cpp +++ b/src/tests/test_psk_db.cpp @@ -181,6 +181,8 @@ class PSK_DB_Tests final : public Test Test::Result result("PSK_DB SQL"); const Botan::secure_vector zeros(32); + const Botan::secure_vector not_zeros = Test::rng().random_vec(32); + const std::string table_name = "bobby"; std::shared_ptr sqldb = std::make_shared(":memory:"); @@ -211,6 +213,15 @@ class PSK_DB_Tests final : public Test test_entry(result, sqldb, table_name, "KyYo272vlSjClM2F0OZBMlRYjr33ZXv2jN1oY8OfCEs=", "tCl1qShSTsXi9tA5Kpo9vg=="); result.test_eq("DB read", db.get_str("leroy jeeeeeeeenkins"), "chicken"); + /* + * Test that we can have another database in the same table with distinct key + * without any problems. + */ + Botan::Encrypted_PSK_Database_SQL db2(not_zeros, sqldb, table_name); + db2.set_str("name", "price&value"); + result.test_eq("DB read", db2.get_str("name"), "price&value"); + result.test_eq("DB2 size", db2.list_names().size(), 1); + std::set all_names = db.list_names(); result.test_eq("Expected number of names", all_names.size(), 3); From fb08556ed595223a4c01c27bbf9d694ae98cd500 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 13:58:09 -0500 Subject: [PATCH 0453/1008] Add a test of Skein using personalization string Need to confirm this against another impl but at least this prevents regressions. --- src/tests/data/hash/skein.vec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/tests/data/hash/skein.vec b/src/tests/data/hash/skein.vec index 8c5d8bff59..a3de2504a1 100644 --- a/src/tests/data/hash/skein.vec +++ b/src/tests/data/hash/skein.vec @@ -3110,3 +3110,8 @@ Out = 7A19EAC8B081B61CB51390E737406920414210BFE4E07BC3198651365193C5435B5147F996 In = 1633256AB03B20CE079196B708A1C02D1B6072219070712C8589EE21341D50752ACB6CFDA17E982D828BBD6CDF54BC7232FD418A323D64939928597B9B52F07CF488250C5E42BFD3AB48012D709F8D747225839296386FCE5FC5AECC4BA7A1076D089DEA8ECEFAA0CF66FCA8602395719C12A04F929321784D7AB8239FCE2FF3BDAE046A266132B5C2AD9F7261F3014E87B389A6695978693D9371D0B1FF9C405F338C2FDE4687359603950A54CF4B9CDD9B24480B239ACC5405C14C886BBB0378391CEF0662A38882BDD09E3866AB9A66CFBD28EB5EE4F8009BDEFC4AEB16700EBA7DC557B489190A71FDA75E85F7EF841697F70FFD4FEA185E7A67C81C5B8F273BFB97B2CEF695C1C74446C4B425BE6B2E66DC0AAACB247E4467B7C7D84EC33B6B5AB8FA1979F503008BDCFF948CDBF1226B1B066CBCF34797298F3BA8C60FA01E0AC8B803223C656112FB91435D75453BAE4707B63330467DD13E0A4B992E6F7E46995899A2D95D23F4AC3D0802B2A6E7D024DEA19CA408C4BBE053F14C9CE264F129724A18BCB18F385B1CA091A11434EA96D98C8D0602E98EDC8DFA14141AF93ED0BA66E885E9FA108591AE59E109AE34D6B9F5586E4B4D75E7DF7C32958A65E88A9BAF41082A0A3F11539DC4EA2CBD9E1C6C3C439B622F1DE574FA75470C8C939B51D2D1C2A7204B859881D43086BFD8FB90346218D099C5AB36846F3B98A7C847318BDFA01E09717943FCD864C5A8A17B6CEB89D98E872D388F20ADC2BE5E2006846904F41682FB1283214F3D20DBC9FC9E0FF571844A1282E88590D7C085B2C568EC5ACC4462B389FEAA5757F7033187E2DE31955FCE55FEDC909255048B327CCAB2E582BBC9D8054BF5CB45145C7D3A3AF9CD5CF6ECBA490C634ECF00E646BF95E8642C43A4978EF08A574EF1F78F6CE57C3B34B5A123D123617FC8EC9B2AC0F9B70A7F6062D38DD7B8E9FB4ECCEF13DED5C0477483ADDAE4F1CC0CFCA274B1307ED0DE72FBCB819154CDA897D7575213042615F1741A8CB646A39F8D134FDF9E60E000EB8220F65CC30F5FA52C431B9E3B6101B96E25B8D0440B96E572A18A01747C02AFCD7513542F7AACE194632099D16274F31EBABB60DDD94FE43DACCE900EC0902EB5E686D48ED8D09AE63DA0E15C736809903A0297A92DE84E0260F11F446E1FC448E0EBF59FAEA3C726F97925C57CBDF85B1F77078D36257C85D56CBBEDCE180FE12B687ADA2DC9912FAC60334166BD2CEF06B089ED5C9563844D71D8FEAD2F3A93F3C07C52537336A8A70BF5B596B9007B9FDF2D082000F20E6B70D2A7E6C7ED27C4146895A6D85A246F623C1B9258A2F891F823ADE4CEFFD59D4FFAD077351E2F506E9A5BDD3900F0204B9E8969AFE72F5DCCB9CDF986D197AE4C4DB53014041AE6221B750E5290E307AD292C8DE6B899235212EF8CE954785537DC9435AF11E0F3427A9C7B22EFA752EA0B7EADE5F6EB4093BACB78676E506698139E4F774423B8942166F9A7D22480D814FC0AE19CF4960FBF6E01FFA65C8DA5BED4F1AE2B9ECEC5BE7B3C38DD4045B0C93EE6CC77A7E61E85D331B23C0D164B104518B3405497054445A353E9B48F2AC5E8E96298D6655614336CFFE6D8C9C915E387391519AD2632366AA3BC935030FD12927EFCA17505ED74C94650C778539004854DF6C24269AAB9C273A493D3E5B0B1D687C33C2FACE46B4BB3742D6DF743D09164D2E0EE7F6BA128BD5FBA2E3B33C199AE80FA9DEE3AD811D02BAA3D42A6362B2AD47BBA8A2C5CD00B46CF22CFE367281488A4852EB8B7FACE79F0CA6F8E78D32578DFEE01711C4DCF3C26D0BA13F3075478E708C5C5315AFDC2E4C0062D16458213BEC506A9E991A61825FF78DA9BA1BAABBEFA56B4A8C9E2E7B60EC4B7B541C8E0F79C86BB5F03F736761A37169B2AAB8884EC6EA217B02C59035F5BB327243D126B78D4AAB430212439B5A75B80618DAFEB66AA3AFF866C4DAEE47D374B512E74ADA933EF24A841BA271C6F02C870E8AB950FE06E93C91DF0E99165DC01BCB190E411ECCD85358FD4A88127A22E4CF4266A90845124BF97B25D7B1C46D3A0D68A684F84E2A638C692A52CB6E8C651A3AC492B0460004073D5349E35552359CA37660F77B2770D6B2B3F7B1922424AC4A8598B4C61A6DB507608A72A6A7D573CC055206276E14005A28A0EC41F28D7E260611D40F089FFE5E529375691412F4E9E12E62C3BE2C563C26D2444EA9C69E6C935FEB4DC4E802E5FE3906F8ACEF4798D940C3CD574BB5E74506C3E0B70CB62454A25F589EADB6B0709FE3B50417CD1D98F08E08B7CF68A04CCCF8D6588F9FC2F31E533CDA6159BAA4297FA446450D71C16EA2324EC09773E7C8817ECF680ED12F64A04863EFE3D9D8760F34DE5B0860B3991FF0EE5EDBA22C4D69120DE19D5429E4AAE91C9E7CF05CC807159A58F13B480872AC1609D87E7009DEDB71C09CEAAB640A2B6135855CEAE4AC2954933A0255B425D9FDCD9C246F82AEB7C3BB78C6E73E03DB7AEC4245A28693FBD36EF4938D59CCE19EAFC00671A0851612406A075713C5D1154D8E13B59B7C5B0902239D4BACFA386AC817AC5EE02A181A9A47C622B3ECF287E14843D452AF347110498A620B34AB4E116308D976062C9EE9CD35DB6CB79805B93AC9A15AFBCB52F1ED4309879D1924A4BA190B0B86E60A516E77D34B4E0A49D4EF2CEF3CC2F410FD8EC901363FC9EBD75EB460D4D8910BDF27CE26A8B4AEB94F9F76242401DC35D0644842B99FB6C439B82D82ECFE1AF0D01F9BECB15BEC83F13B260F7F714AA381032923FDE8F8018F3518547451435C9A5207294D08A907C73696F6CB000745E072E25B73B3EE11595433D27A1F11468686F08094F1D31F5ADA81F11F0677A29D72EBB2E1C4792CCC607CB938647E1F153F9EEF03D982595C631E49B6B7C1FA003A6EB8D59CB8892CD0888B05240F12701753F89007C859515A2FEF944BC60B36003A26702AC6FE04D2E942978FC31A97EB29871D6752399D3521720729007B6A7215A4282B2A4EFC2C56BD129E74C9B00847692B96FCC71CF7A7F19F3FD6B45C519FD73B4860880A2DD74E5727B31A93F0A87F0078155344AE9F7BDBF00D83393B634B5DCA88A398E42C320EB95C4A826ACEA90B65E4767B2EBA748F97C247568393E2FD3A66075CC12935B6D7EB5C2FF5282185CB62C73972A37B3CA508004B4F796BDF82B83B5BDF90D6BFD32B5089B0CA2683DC7FB2337DE42E650ED911DBEE1EF98257F9BA5AF54B1A54B04C0087A5A64BA779D86461BA15337C2E7D4955FDD777A025DE226306A17C384F1C52CDB5946FB0B46DD5C13BD7A55FE2E27E4C6D40D61D6FFC024468F8EDFC7C7992DF5DC5D05063FE723199224F53678E48F25250EA28BDF1089718EB8B730D1C06735C2F871164E2EB5E885A8DFD2A083BE97EDC94159CE9BF75D2433F1D782762F771903CBF9A1C9D13F710BA0E151B079DC0A8262BCEB1DBCBBC0F35DF6EECF7BAA7105B9808745853C96B4372E95E482035916B726DAC7BE95A72B19DAD48DB1B19E6EB2EDAB5AC1B3013839E7806625ABC129F41813E6D71EE4AB2040D81E42E6ED73ABBA64FF2EB433B910EA7D4F5ED3D8D27D39BB454EC019DF6114F544D7B155549D0C56D14551FAF353994A80F30F3C97E863A4F2AF316468A568038EB4D799350A6FACAFF90ECD44E0F44EFB6DC42EE4B0DC2C59EA9C1827326DF08C0A6E55CF4F9C3EA0E78CFF3635F5D08E44F1400D20F638D56BA84B4832090454DE57EF04B6C8805A36F63E5CCC6E830C87FFC164647CED20E4C486D09DE7A5F9E4B68D5456CDB22B0DDED2B95B3BCAE529215C2D25D6823C7D66A4FAE0A1E9F022BA5663204F2314DFA51A1F10E11D6D62A8BA6C28B6AE7DA1DEB5B57F2B65D7456059AD9F03DC5A524054DA39DD100D74EB657DE219795E3C45A0E4C762BA22F9DA9D8159E425A1EE783B4B22C250D8894CBEC706CE16D5CA393404FF478F141BE7CC69E45B077BA1955F1F49EFBE4847C795347F703300F672334F490ABF8B644A34B56DA00EC45A350314B9ADF27CAF7C51CB7DBA0C5477E7D37662F4F23247BCB8F7DD5F3E9CB8BDA40FA97568832AF0ADC68F71422E412254A6BFC8943BB465B01FCC8DE0B957677C78BC1F7566953E9D2446239F602C682A521C14F741FEA98C7E27AABEC339B6F5B94C78287A894AFDAE971F8DA7C7E4A4C92C8DA47BE82DC2532EC2DA9BACEDD2BE6DB2B2FB34DCCDCB34116507376578CBCA105E5E443BEC0F2EF23BE34CDF862EDAB34F0FF21335E3ACD92F59688B419F824EA61EEA82BC80E3463452192377131BA51FB0795E089FC077D0ECA8012E58B0637AD7022206887FE9EC00EE5DF7AD2E26FE819EE35C7A179C579098AA3DF645D9064CD557DA90BDD21F871CEB048CA56DF9653A10ED60F5E9F0ED7F8D89BCF5C22D1143CF44718FF2DFD8E10CEF8AABB67D2305F18177C1426BD4CD03F2625E459CE905067826A214E08E56D8F9455593E6B324E72DEDCC429D3BEFE2AE0599E360DF95E80D453A3A849E48389FA745635BEDE30E7932DE6A3816E31A2217F98D5E40238963D0A36C159FD4EC32D8A5CF59D433DEF3378634AF6887FDB3F3EDB96FC8840FE1B538C329674AE810E8C8B2B46DB208716D38E9D1AEAB097068AD83ADD7DD2647839B3A7388B0615BDE26F8692E9C07D8ADECC2A875203C3D3A9C6CB1D7D06307E9E1D9C3BC536DD8EB271E9A2159C904E61E8C9357FE759F36366AEF5A3D14CEE82913CD2708AA6069369CED763C8E830D70924E82E9015C2998E86EFC1DCE6AC2EBCB49455542A6D7DAB265AD6D7381FFEEE1AA40F8FAC0659B6FB56BB03CD8CAFAACD48D13672F7D524EB9684CFED4DBB7476E99149C28EC08F33BA6AFF839AA178F86B8EEAF1739C829177BA78547AD394136AA3FAD451A11E9642506568B39668B2436610E06EA45FA11D04D3759B033B5382645F15B3C39270B81B80487643913A24F2F1C1A1ED57C85CCDDC8CD6D59B62FA67CC80572968C8FD01894F0153634C88792A7C4A407A4A4CE46CEC5FE5D2569F95A27DE242444EA0C715B357518CAEA23E767E8545983F0D3A4DF66111B4AA1D399CCAFD796D7A80E592D5A51D2B3F60B5B04F8D9C009CA56CBD4DD84127A29B72ADB7645FB7279C9818B2B43963BD605F45B6575A5E2E369E0B401F5EC10EC703F1179B0AB9D4A89D6F096573952E513827364A84D38922734137E969D8167D6959B70F42F2BDA37E4C989ABAA8024C1A84ED6BEB74780927F78B32EA736B9B2B4A795C355C0319811729D9CC399D23519730338D62E16E5035FC52A817090703FE776D65EF9FEF5BA5F4FFEC3CC8E9EB2E312C50A479BDD4E6AB0A56C18C2DF69ED408417BEE28BB41DD13F8366FF6EDA4B34090FC9BC045271 Out = B3A3DC375B5230EC57B052882F13500D61BDE3FCAFE65AC7EDFBBCAEE5DE7550E93FA9C4ADB6B44CA3A4EE9E817CF456D595252ACC898703E45213294831C47B +[Skein-512(512,Test)] + +# This was generated by Botan and has not been confirmed against another impl +In = 414243 +Out = 3D2AEA7C3724684CD95FA246D6D1B951D82939400BFADF5E10AA86978BA9D07F2DE2323774369F178D4D8224F5C3374B68C0A99A115B639C129B9F98E05012E9 From 7500ed1eb1ecdb88d154ee1f50030a7e93733dc0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 17:10:32 -0500 Subject: [PATCH 0454/1008] Hack for building on Cygwin (newlib) Newlib hides system functions if __STRICT_ANSI__ is defined, as happens with -std=c++11. To get access to POSIX APIs you must use a -std=gnu variant. However doing that in the build is kind of painful, it's easier to selectively undefine the macro. --- src/build-data/cc/gcc.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 4a1b1e913b..553e71295f 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -126,4 +126,5 @@ x86_64 -> "-m64" netbsd -> "-D_NETBSD_SOURCE" qnx -> "-fexceptions -D_QNX_SOURCE" +cygwin -> "-U__STRICT_ANSI__" From dfd25890cdd7c3c0148cd8101cab85539d87e475 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Dec 2017 19:56:29 -0500 Subject: [PATCH 0455/1008] Add explicit int return type declarations on FFI lambdas. Sun Studio gives a strange warning about this. This probably doesn't help actually compile under Sun Studio. But it doesn't hurt to be explicit. --- src/lib/ffi/ffi.cpp | 8 +++---- src/lib/ffi/ffi_block.cpp | 2 +- src/lib/ffi/ffi_cert.cpp | 6 ++--- src/lib/ffi/ffi_cipher.cpp | 6 ++--- src/lib/ffi/ffi_hash.cpp | 2 +- src/lib/ffi/ffi_kdf.cpp | 10 ++++----- src/lib/ffi/ffi_keywrap.cpp | 4 ++-- src/lib/ffi/ffi_mac.cpp | 2 +- src/lib/ffi/ffi_mp.cpp | 2 +- src/lib/ffi/ffi_pk_op.cpp | 10 ++++----- src/lib/ffi/ffi_pkey.cpp | 10 ++++----- src/lib/ffi/ffi_pkey_algs.cpp | 42 +++++++++++++++++------------------ src/lib/ffi/ffi_rng.cpp | 2 +- 13 files changed, 53 insertions(+), 53 deletions(-) diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index 00181dbc90..39749c4d45 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -81,7 +81,7 @@ int botan_scrub_mem(void* mem, size_t bytes) int botan_hex_encode(const uint8_t* in, size_t len, char* out, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const bool uppercase = (flags & BOTAN_FFI_HEX_LOWER_CASE) == 0; Botan::hex_encode(out, in, len, uppercase); return BOTAN_FFI_SUCCESS; @@ -90,7 +90,7 @@ int botan_hex_encode(const uint8_t* in, size_t len, char* out, uint32_t flags) int botan_hex_decode(const char* hex_str, size_t in_len, uint8_t* out, size_t* out_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const std::vector bin = Botan::hex_decode(hex_str, in_len); return Botan_FFI::write_vec_output(out, out_len, bin); }); @@ -98,7 +98,7 @@ int botan_hex_decode(const char* hex_str, size_t in_len, uint8_t* out, size_t* o int botan_base64_encode(const uint8_t* in, size_t len, char* out, size_t* out_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const std::string base64 = Botan::base64_encode(in, len); return Botan_FFI::write_str_output(out, out_len, base64); }); @@ -107,7 +107,7 @@ int botan_base64_encode(const uint8_t* in, size_t len, char* out, size_t* out_le int botan_base64_decode(const char* base64_str, size_t in_len, uint8_t* out, size_t* out_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(*out_len < Botan::base64_decode_max_output(in_len)) { *out_len = Botan::base64_decode_max_output(in_len); diff --git a/src/lib/ffi/ffi_block.cpp b/src/lib/ffi/ffi_block.cpp index eae375e636..f3648430a8 100644 --- a/src/lib/ffi/ffi_block.cpp +++ b/src/lib/ffi/ffi_block.cpp @@ -16,7 +16,7 @@ BOTAN_FFI_DECLARE_STRUCT(botan_block_cipher_struct, Botan::BlockCipher, 0x64C297 int botan_block_cipher_init(botan_block_cipher_t* bc, const char* bc_name) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(bc == nullptr || bc_name == nullptr || *bc_name == 0) return BOTAN_FFI_ERROR_NULL_POINTER; diff --git a/src/lib/ffi/ffi_cert.cpp b/src/lib/ffi/ffi_cert.cpp index 17b78cc7c7..6031d02aa3 100644 --- a/src/lib/ffi/ffi_cert.cpp +++ b/src/lib/ffi/ffi_cert.cpp @@ -18,7 +18,7 @@ BOTAN_FFI_DECLARE_STRUCT(botan_x509_cert_struct, Botan::X509_Certificate, 0x8F62 int botan_x509_cert_load_file(botan_x509_cert_t* cert_obj, const char* cert_path) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(!cert_obj || !cert_path) return BOTAN_FFI_ERROR_NULL_POINTER; @@ -34,7 +34,7 @@ int botan_x509_cert_load_file(botan_x509_cert_t* cert_obj, const char* cert_path int botan_x509_cert_load(botan_x509_cert_t* cert_obj, const uint8_t cert_bits[], size_t cert_bits_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(!cert_obj || !cert_bits) return BOTAN_FFI_ERROR_NULL_POINTER; @@ -48,7 +48,7 @@ int botan_x509_cert_load(botan_x509_cert_t* cert_obj, const uint8_t cert_bits[], int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t* key) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(key == nullptr) return BOTAN_FFI_ERROR_NULL_POINTER; diff --git a/src/lib/ffi/ffi_cipher.cpp b/src/lib/ffi/ffi_cipher.cpp index 23e2771667..ff73de6fbc 100644 --- a/src/lib/ffi/ffi_cipher.cpp +++ b/src/lib/ffi/ffi_cipher.cpp @@ -20,7 +20,7 @@ struct botan_cipher_struct final : public botan_struct int { const bool encrypt_p = ((flags & BOTAN_CIPHER_INIT_FLAG_MASK_DIRECTION) == BOTAN_CIPHER_INIT_FLAG_ENCRYPT); const Botan::Cipher_Dir dir = encrypt_p ? Botan::ENCRYPTION : Botan::DECRYPTION; std::unique_ptr mode(Botan::get_cipher_mode(cipher_name, dir)); @@ -60,7 +60,7 @@ int botan_cipher_set_key(botan_cipher_t cipher, int botan_cipher_start(botan_cipher_t cipher_obj, const uint8_t* nonce, size_t nonce_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::Cipher_Mode& cipher = safe_get(cipher_obj); cipher.start(nonce, nonce_len); cipher_obj->m_buf.reserve(cipher.update_granularity()); @@ -77,7 +77,7 @@ int botan_cipher_update(botan_cipher_t cipher_obj, size_t orig_input_size, size_t* input_consumed) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { size_t input_size = orig_input_size; size_t output_size = orig_output_size; diff --git a/src/lib/ffi/ffi_hash.cpp b/src/lib/ffi/ffi_hash.cpp index 58fb1d38ff..b5f9451d70 100644 --- a/src/lib/ffi/ffi_hash.cpp +++ b/src/lib/ffi/ffi_hash.cpp @@ -16,7 +16,7 @@ BOTAN_FFI_DECLARE_STRUCT(botan_hash_struct, Botan::HashFunction, 0x1F0A4F84); int botan_hash_init(botan_hash_t* hash, const char* hash_name, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(hash == nullptr || hash_name == nullptr || *hash_name == 0) return BOTAN_FFI_ERROR_NULL_POINTER; if(flags != 0) diff --git a/src/lib/ffi/ffi_kdf.cpp b/src/lib/ffi/ffi_kdf.cpp index cff76237fa..8a0ba9be40 100644 --- a/src/lib/ffi/ffi_kdf.cpp +++ b/src/lib/ffi/ffi_kdf.cpp @@ -22,7 +22,7 @@ int botan_pbkdf(const char* pbkdf_algo, uint8_t out[], size_t out_len, const char* pass, const uint8_t salt[], size_t salt_len, size_t iterations) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr pbkdf(Botan::get_pbkdf(pbkdf_algo)); pbkdf->pbkdf_iterations(out, out_len, pass, salt, salt_len, iterations); return BOTAN_FFI_SUCCESS; @@ -36,7 +36,7 @@ int botan_pbkdf_timed(const char* pbkdf_algo, size_t ms_to_run, size_t* iterations_used) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr pbkdf(Botan::get_pbkdf(pbkdf_algo)); pbkdf->pbkdf_timed(out, out_len, password, salt, salt_len, std::chrono::milliseconds(ms_to_run), @@ -51,7 +51,7 @@ int botan_kdf(const char* kdf_algo, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr kdf(Botan::get_kdf(kdf_algo)); kdf->kdf(out, out_len, secret, secret_len, salt, salt_len, label, label_len); return BOTAN_FFI_SUCCESS; @@ -64,7 +64,7 @@ int botan_bcrypt_generate(uint8_t* out, size_t* out_len, uint32_t flags) { #if defined(BOTAN_HAS_BCRYPT) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(out == nullptr || out_len == nullptr || pass == nullptr) return BOTAN_FFI_ERROR_NULL_POINTER; @@ -86,7 +86,7 @@ int botan_bcrypt_generate(uint8_t* out, size_t* out_len, int botan_bcrypt_is_valid(const char* pass, const char* hash) { #if defined(BOTAN_HAS_BCRYPT) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { return Botan::check_bcrypt(pass, hash) ? BOTAN_FFI_SUCCESS : BOTAN_FFI_INVALID_VERIFIER; }); #else diff --git a/src/lib/ffi/ffi_keywrap.cpp b/src/lib/ffi/ffi_keywrap.cpp index 22bb5280a0..546137df0f 100644 --- a/src/lib/ffi/ffi_keywrap.cpp +++ b/src/lib/ffi/ffi_keywrap.cpp @@ -20,7 +20,7 @@ int botan_key_wrap3394(const uint8_t key[], size_t key_len, uint8_t wrapped_key[], size_t* wrapped_key_len) { #if defined(BOTAN_HAS_RFC3394_KEYWRAP) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const Botan::SymmetricKey kek_sym(kek, kek_len); const Botan::secure_vector key_pt(key, key + key_len); const Botan::secure_vector key_ct = Botan::rfc3394_keywrap(key_pt, kek_sym); @@ -36,7 +36,7 @@ int botan_key_unwrap3394(const uint8_t wrapped_key[], size_t wrapped_key_len, uint8_t key[], size_t* key_len) { #if defined(BOTAN_HAS_RFC3394_KEYWRAP) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const Botan::SymmetricKey kek_sym(kek, kek_len); const Botan::secure_vector key_ct(wrapped_key, wrapped_key + wrapped_key_len); const Botan::secure_vector key_pt = Botan::rfc3394_keyunwrap(key_ct, kek_sym); diff --git a/src/lib/ffi/ffi_mac.cpp b/src/lib/ffi/ffi_mac.cpp index b3237592fa..22dbb25133 100644 --- a/src/lib/ffi/ffi_mac.cpp +++ b/src/lib/ffi/ffi_mac.cpp @@ -16,7 +16,7 @@ BOTAN_FFI_DECLARE_STRUCT(botan_mac_struct, Botan::MessageAuthenticationCode, 0xA int botan_mac_init(botan_mac_t* mac, const char* mac_name, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(!mac || !mac_name || flags != 0) return BOTAN_FFI_ERROR_NULL_POINTER; diff --git a/src/lib/ffi/ffi_mp.cpp b/src/lib/ffi/ffi_mp.cpp index 87e455ccdb..fc81310eac 100644 --- a/src/lib/ffi/ffi_mp.cpp +++ b/src/lib/ffi/ffi_mp.cpp @@ -19,7 +19,7 @@ using namespace Botan_FFI; int botan_mp_init(botan_mp_t* mp_out) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(mp_out == nullptr) return BOTAN_FFI_ERROR_NULL_POINTER; diff --git a/src/lib/ffi/ffi_pk_op.cpp b/src/lib/ffi/ffi_pk_op.cpp index fa3b327256..67353aa66c 100644 --- a/src/lib/ffi/ffi_pk_op.cpp +++ b/src/lib/ffi/ffi_pk_op.cpp @@ -25,7 +25,7 @@ int botan_pk_op_encrypt_create(botan_pk_op_encrypt_t* op, const char* padding, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { BOTAN_ASSERT_NONNULL(op); *op = nullptr; @@ -62,7 +62,7 @@ int botan_pk_op_decrypt_create(botan_pk_op_decrypt_t* op, const char* padding, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { BOTAN_ASSERT_NONNULL(op); *op = nullptr; @@ -98,7 +98,7 @@ int botan_pk_op_sign_create(botan_pk_op_sign_t* op, const char* hash, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { BOTAN_ASSERT_NONNULL(op); *op = nullptr; @@ -134,7 +134,7 @@ int botan_pk_op_verify_create(botan_pk_op_verify_t* op, const char* hash, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { BOTAN_ASSERT_NONNULL(op); if(flags != 0) @@ -173,7 +173,7 @@ int botan_pk_op_key_agreement_create(botan_pk_op_ka_t* op, const char* kdf, uint32_t flags) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { BOTAN_ASSERT_NONNULL(op); *op = nullptr; diff --git a/src/lib/ffi/ffi_pkey.cpp b/src/lib/ffi/ffi_pkey.cpp index e377f13e72..ae7e61433f 100644 --- a/src/lib/ffi/ffi_pkey.cpp +++ b/src/lib/ffi/ffi_pkey.cpp @@ -28,7 +28,7 @@ int botan_privkey_create(botan_privkey_t* key_obj, const char* algo_params, botan_rng_t rng_obj) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(key_obj == nullptr) return BOTAN_FFI_ERROR_NULL_POINTER; @@ -60,7 +60,7 @@ int botan_privkey_load(botan_privkey_t* key, botan_rng_t rng_obj, { *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::DataSource_Memory src(bits, len); Botan::RandomNumberGenerator& rng = safe_get(rng_obj); @@ -95,7 +95,7 @@ int botan_pubkey_load(botan_pubkey_t* key, { *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::DataSource_Memory src(bits, bits_len); std::unique_ptr pubkey(Botan::X509::load_key(src)); @@ -114,7 +114,7 @@ int botan_pubkey_destroy(botan_pubkey_t key) int botan_privkey_export_pubkey(botan_pubkey_t* pubout, botan_privkey_t key_obj) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr pubkey(Botan::X509::load_key(Botan::X509::BER_encode(safe_get(key_obj)))); @@ -260,7 +260,7 @@ int botan_pubkey_fingerprint(botan_pubkey_t key, const char* hash_fn, int botan_pkcs_hash_id(const char* hash_name, uint8_t pkcs_id[], size_t* pkcs_id_len) { #if defined(BOTAN_HAS_HASH_ID) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const std::vector hash_id = Botan::pkcs_hash_id(hash_name); return write_output(pkcs_id, pkcs_id_len, hash_id.data(), hash_id.size()); }); diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 0b8c8f7129..694edfeb32 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -270,7 +270,7 @@ int botan_privkey_load_rsa(botan_privkey_t* key, #if defined(BOTAN_HAS_RSA) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { *key = new botan_privkey_struct(new Botan::RSA_PrivateKey(safe_get(rsa_p), safe_get(rsa_q), safe_get(rsa_e))); @@ -287,7 +287,7 @@ int botan_pubkey_load_rsa(botan_pubkey_t* key, { #if defined(BOTAN_HAS_RSA) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { *key = new botan_pubkey_struct(new Botan::RSA_PublicKey(safe_get(n), safe_get(e))); return BOTAN_FFI_SUCCESS; }); @@ -340,7 +340,7 @@ int botan_privkey_load_dsa(botan_privkey_t* key, #if defined(BOTAN_HAS_DSA) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::Null_RNG null_rng; Botan::DL_Group group(safe_get(p), safe_get(q), safe_get(g)); *key = new botan_privkey_struct(new Botan::DSA_PrivateKey(null_rng, group, safe_get(x))); @@ -358,7 +358,7 @@ int botan_pubkey_load_dsa(botan_pubkey_t* key, #if defined(BOTAN_HAS_DSA) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::DL_Group group(safe_get(p), safe_get(q), safe_get(g)); *key = new botan_pubkey_struct(new Botan::DSA_PublicKey(group, safe_get(y))); return BOTAN_FFI_SUCCESS; @@ -407,7 +407,7 @@ int botan_pubkey_load_ecdsa(botan_pubkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_ECDSA) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; int rc = pubkey_load_ec(p_key, safe_get(public_x), safe_get(public_y), curve_name); @@ -427,7 +427,7 @@ int botan_privkey_load_ecdsa(botan_privkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_ECDSA) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; int rc = privkey_load_ec(p_key, safe_get(scalar), curve_name); if(rc == BOTAN_FFI_SUCCESS) @@ -447,7 +447,7 @@ int botan_pubkey_load_elgamal(botan_pubkey_t* key, { #if defined(BOTAN_HAS_ELGAMAL) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::DL_Group group(safe_get(p), safe_get(g)); *key = new botan_pubkey_struct(new Botan::ElGamal_PublicKey(group, safe_get(y))); return BOTAN_FFI_SUCCESS; @@ -463,7 +463,7 @@ int botan_privkey_load_elgamal(botan_privkey_t* key, { #if defined(BOTAN_HAS_ELGAMAL) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::Null_RNG null_rng; Botan::DL_Group group(safe_get(p), safe_get(g)); *key = new botan_privkey_struct(new Botan::ElGamal_PrivateKey(null_rng, group, safe_get(x))); @@ -487,7 +487,7 @@ int botan_privkey_load_dh(botan_privkey_t* key, { #if defined(BOTAN_HAS_DIFFIE_HELLMAN) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::Null_RNG null_rng; Botan::DL_Group group(safe_get(p), safe_get(g)); *key = new botan_privkey_struct(new Botan::DH_PrivateKey(null_rng, group, safe_get(x))); @@ -504,7 +504,7 @@ int botan_pubkey_load_dh(botan_pubkey_t* key, { #if defined(BOTAN_HAS_DIFFIE_HELLMAN) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::DL_Group group(safe_get(p), safe_get(g)); *key = new botan_pubkey_struct(new Botan::DH_PublicKey(group, safe_get(y))); return BOTAN_FFI_SUCCESS; @@ -536,7 +536,7 @@ int botan_pubkey_load_ecdh(botan_pubkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_ECDH) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; int rc = pubkey_load_ec(p_key, safe_get(public_x), safe_get(public_y), curve_name); @@ -555,7 +555,7 @@ int botan_privkey_load_ecdh(botan_privkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_ECDH) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; int rc = privkey_load_ec(p_key, safe_get(scalar), curve_name); if(rc == BOTAN_FFI_SUCCESS) @@ -582,7 +582,7 @@ int botan_pubkey_sm2_compute_za(uint8_t out[], return BOTAN_FFI_ERROR_NULL_POINTER; #if defined(BOTAN_HAS_SM2) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const Botan::Public_Key& pub_key = safe_get(key); const Botan::EC_PublicKey* ec_key = dynamic_cast(&pub_key); @@ -612,7 +612,7 @@ int botan_pubkey_load_sm2(botan_pubkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_SM2) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; if(!pubkey_load_ec(p_key, safe_get(public_x), safe_get(public_y), curve_name)) { @@ -632,7 +632,7 @@ int botan_privkey_load_sm2(botan_privkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_SM2) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; int rc = privkey_load_ec(p_key, safe_get(scalar), curve_name); @@ -652,7 +652,7 @@ int botan_pubkey_load_sm2_enc(botan_pubkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_SM2) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; if(!pubkey_load_ec(p_key, safe_get(public_x), safe_get(public_y), curve_name)) { @@ -672,7 +672,7 @@ int botan_privkey_load_sm2_enc(botan_privkey_t* key, const char* curve_name) { #if defined(BOTAN_HAS_SM2) - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { std::unique_ptr p_key; int rc = privkey_load_ec(p_key, safe_get(scalar), curve_name); @@ -693,7 +693,7 @@ int botan_privkey_load_ed25519(botan_privkey_t* key, { #if defined(BOTAN_HAS_ED25519) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const Botan::secure_vector privkey_vec(privkey, privkey + 32); *key = new botan_privkey_struct(new Botan::Ed25519_PrivateKey(privkey_vec)); return BOTAN_FFI_SUCCESS; @@ -709,7 +709,7 @@ int botan_pubkey_load_ed25519(botan_pubkey_t* key, { #if defined(BOTAN_HAS_ED25519) *key = nullptr; - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const std::vector pubkey_vec(pubkey, pubkey + 32); *key = new botan_pubkey_struct(new Botan::Ed25519_PublicKey(pubkey_vec)); return BOTAN_FFI_SUCCESS; @@ -780,7 +780,7 @@ int botan_mceies_decrypt(botan_privkey_t mce_key_obj, const uint8_t ad[], size_t ad_len, uint8_t out[], size_t* out_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::Private_Key& key = safe_get(mce_key_obj); #if defined(BOTAN_HAS_MCELIECE) && defined(BOTAN_HAS_MCEIES) @@ -803,7 +803,7 @@ int botan_mceies_encrypt(botan_pubkey_t mce_key_obj, const uint8_t ad[], size_t ad_len, uint8_t out[], size_t* out_len) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::Public_Key& key = safe_get(mce_key_obj); Botan::RandomNumberGenerator& rng = safe_get(rng_obj); diff --git a/src/lib/ffi/ffi_rng.cpp b/src/lib/ffi/ffi_rng.cpp index 88c522dfdf..6c27b2e7e4 100644 --- a/src/lib/ffi/ffi_rng.cpp +++ b/src/lib/ffi/ffi_rng.cpp @@ -16,7 +16,7 @@ using namespace Botan_FFI; int botan_rng_init(botan_rng_t* rng_out, const char* rng_type) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { if(rng_out == nullptr) return BOTAN_FFI_ERROR_NULL_POINTER; From 133237c08df7f679091a99c529fe6b97c6692c78 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Dec 2017 10:55:12 -0500 Subject: [PATCH 0456/1008] Test AEAD provider strings --- src/tests/test_aead.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp index 7dc64e400a..efd59f6a80 100644 --- a/src/tests/test_aead.cpp +++ b/src/tests/test_aead.cpp @@ -340,6 +340,13 @@ class AEAD_Tests final : public Text_Based_Test result.test_eq("Encryption algo is an authenticated mode", enc->authenticated(), true); result.test_eq("Decryption algo is an authenticated mode", dec->authenticated(), true); + const std::string enc_provider = enc->provider(); + result.test_is_nonempty("enc provider", enc_provider); + const std::string dec_provider = enc->provider(); + result.test_is_nonempty("dec provider", dec_provider); + + result.test_eq("same provider", enc_provider, dec_provider); + // test enc result.merge(test_enc(key, nonce, input, expected, ad, algo)); From aec291d6b487c96dea4bb29de6273101710d3e1c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Dec 2017 10:59:22 -0500 Subject: [PATCH 0457/1008] Test output_length of cipher modes --- src/tests/test_modes.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index 74e1b3da33..f66a50220d 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -61,6 +61,19 @@ class Cipher_Mode_Tests final : public Text_Based_Test result.test_eq("mode not authenticated", enc->authenticated(), false); + if(algo.find("/CBC")) + { + // can't test equal due to CBC padding + result.test_lte("output_length", enc->output_length(input.size()), expected.size()); + result.test_gte("output_length", dec->output_length(expected.size()), input.size()); + } + else + { + // assume all other modes are not expanding (currently true) + result.test_eq("output_length", enc->output_length(input.size()), expected.size()); + result.test_eq("output_length", dec->output_length(expected.size()), input.size()); + } + // Test to make sure reset() resets what we need it to enc->set_key(mutate_vec(key)); Botan::secure_vector garbage = Test::rng().random_vec(enc->update_granularity()); From 994db72e812421cd1c81f93ce43625d3dcd551e2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Dec 2017 11:01:44 -0500 Subject: [PATCH 0458/1008] Check that Cipher_Mode::start with invalid nonce size throws --- src/tests/test_modes.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index f66a50220d..ea773c22b6 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -74,6 +74,12 @@ class Cipher_Mode_Tests final : public Text_Based_Test result.test_eq("output_length", dec->output_length(expected.size()), input.size()); } + // Test that disallowed nonce sizes result in an exception + const size_t large_nonce_size = 65000; + result.test_eq("Large nonce not allowed", enc->valid_nonce_length(large_nonce_size), false); + result.test_throws("Large nonce causes exception", + [&enc]() { enc->start(nullptr, large_nonce_size); }); + // Test to make sure reset() resets what we need it to enc->set_key(mutate_vec(key)); Botan::secure_vector garbage = Test::rng().random_vec(enc->update_granularity()); From 33eead87d274cc35842389bbe591585a2cb675a3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Dec 2017 11:52:18 -0500 Subject: [PATCH 0459/1008] Move utils for reading test data files up to Test:: from OCSP --- src/tests/test_ocsp.cpp | 36 ++++-------------------------------- src/tests/tests.cpp | 41 +++++++++++++++++++++++++++++++++++++++++ src/tests/tests.h | 3 +++ 3 files changed, 48 insertions(+), 32 deletions(-) diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 2839d9ef5a..6a872ae628 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -21,34 +21,6 @@ namespace Botan_Tests { class OCSP_Tests final : public Test { private: - std::vector slurp_data_file(const std::string& path) - { - const std::string fsname = Test::data_file(path); - std::ifstream file(fsname.c_str(), std::ios::binary); - if(!file.good()) - { - throw Test_Error("Error reading from " + fsname); - } - - std::vector contents; - - while(file.good()) - { - std::vector buf(4096); - file.read(reinterpret_cast(buf.data()), buf.size()); - size_t got = file.gcount(); - - if(got == 0 && file.eof()) - { - break; - } - - contents.insert(contents.end(), buf.data(), buf.data() + got); - } - - return contents; - } - std::shared_ptr load_test_X509_cert(const std::string& path) { return std::make_shared(Test::data_file(path)); @@ -56,7 +28,7 @@ class OCSP_Tests final : public Test std::shared_ptr load_test_OCSP_resp(const std::string& path) { - return std::make_shared(slurp_data_file(path)); + return std::make_shared(Test::read_binary_data_file(path)); } Test::Result test_response_parsing() @@ -75,7 +47,7 @@ class OCSP_Tests final : public Test { try { - Botan::OCSP::Response resp(slurp_data_file(ocsp_input_path)); + Botan::OCSP::Response resp(Test::read_binary_data_file(ocsp_input_path)); result.test_success("Parsed input " + ocsp_input_path); } catch(Botan::Exception& e) @@ -93,7 +65,7 @@ class OCSP_Tests final : public Test try { - Botan::OCSP::Response resp1(slurp_data_file("x509/ocsp/resp1.der")); + Botan::OCSP::Response resp1(Test::read_binary_data_file("x509/ocsp/resp1.der")); const auto &certs1 = resp1.certificates(); if(result.test_eq("Expected count of certificates", certs1.size(), 1)) { @@ -105,7 +77,7 @@ class OCSP_Tests final : public Test result.test_eq("CN matches expected", matches, true); } - Botan::OCSP::Response resp2(slurp_data_file("x509/ocsp/resp2.der")); + Botan::OCSP::Response resp2(Test::read_binary_data_file("x509/ocsp/resp2.der")); const auto &certs2 = resp2.certificates(); result.test_eq("Expect no certificates", certs2.size(), 0); } diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index bda3cd6484..e4ed5e8963 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -506,6 +506,47 @@ Test* Test::get_test(const std::string& test_name) return nullptr; } +std::string Test::read_data_file(const std::string& path) + { + const std::string fsname = Test::data_file(path); + std::ifstream file(fsname.c_str()); + if(!file.good()) + { + throw Test_Error("Error reading from " + fsname); + } + + return std::string((std::istreambuf_iterator(file)), + std::istreambuf_iterator()); + } + +std::vector Test::read_binary_data_file(const std::string& path) + { + const std::string fsname = Test::data_file(path); + std::ifstream file(fsname.c_str(), std::ios::binary); + if(!file.good()) + { + throw Test_Error("Error reading from " + fsname); + } + + std::vector contents; + + while(file.good()) + { + std::vector buf(4096); + file.read(reinterpret_cast(buf.data()), buf.size()); + size_t got = file.gcount(); + + if(got == 0 && file.eof()) + { + break; + } + + contents.insert(contents.end(), buf.data(), buf.data() + got); + } + + return contents; + } + // static member variables of Test std::unique_ptr Test::m_test_rng; std::string Test::m_data_dir; diff --git a/src/tests/tests.h b/src/tests/tests.h index 9ab8e43b8a..193f7e06df 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -413,6 +413,9 @@ class Test static const std::string& data_dir(); + static std::string read_data_file(const std::string& path); + static std::vector read_binary_data_file(const std::string& path); + static Botan::RandomNumberGenerator& rng(); static std::string random_password(); static uint64_t timestamp(); // nanoseconds arbitrary epoch From 121700a187df586b0181df0ac791fdd2f9cf2f0e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Dec 2017 11:52:57 -0500 Subject: [PATCH 0460/1008] Add some tests of ASN1_Pretty_Printer The output is not fixed and may change in the future, but changes should at least be noticed. --- src/lib/asn1/asn1_print.h | 3 ++- src/tests/data/asn1_print/input1.der | Bin 0 -> 34 bytes src/tests/data/asn1_print/input2.der | Bin 0 -> 40 bytes src/tests/data/asn1_print/input3.der | Bin 0 -> 402 bytes src/tests/data/asn1_print/input4.der | Bin 0 -> 238 bytes src/tests/data/asn1_print/output1.txt | 8 ++++++++ src/tests/data/asn1_print/output2.txt | 11 +++++++++++ src/tests/data/asn1_print/output3.txt | 20 +++++++++++++++++++ src/tests/data/asn1_print/output4.txt | 11 +++++++++++ src/tests/test_asn1.cpp | 27 ++++++++++++++++++++++++++ 10 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 src/tests/data/asn1_print/input1.der create mode 100644 src/tests/data/asn1_print/input2.der create mode 100755 src/tests/data/asn1_print/input3.der create mode 100755 src/tests/data/asn1_print/input4.der create mode 100644 src/tests/data/asn1_print/output1.txt create mode 100644 src/tests/data/asn1_print/output2.txt create mode 100644 src/tests/data/asn1_print/output3.txt create mode 100644 src/tests/data/asn1_print/output4.txt diff --git a/src/lib/asn1/asn1_print.h b/src/lib/asn1/asn1_print.h index 4f9fa8f4dd..cd3c7ffe1d 100644 --- a/src/lib/asn1/asn1_print.h +++ b/src/lib/asn1/asn1_print.h @@ -71,7 +71,8 @@ class BOTAN_DLL ASN1_Formatter }; /** -* Format ASN.1 data into human readable strings +* Format ASN.1 data into human readable output. The exact form of the output for +* any particular input is not guaranteed and may change from release to release. */ class BOTAN_DLL ASN1_Pretty_Printer final : public ASN1_Formatter { diff --git a/src/tests/data/asn1_print/input1.der b/src/tests/data/asn1_print/input1.der new file mode 100644 index 0000000000000000000000000000000000000000..35886af4827a07f6d55d4cadf94eb40694beece0 GIT binary patch literal 34 ncmXp|U}9tyW-Bf!%FIhQWMgFf&%~I_!pZ;w%q$H5|NjR7Z@&k$ literal 0 HcmV?d00001 diff --git a/src/tests/data/asn1_print/input2.der b/src/tests/data/asn1_print/input2.der new file mode 100644 index 0000000000000000000000000000000000000000..0bb89d56412ff301f81581d6d5242a993ea58009 GIT binary patch literal 40 rcmXp|V`5}rVJj$2%E?S#Aj!lC;scQZp8*dWhc+7{6C)!N11kdneC7m@ literal 0 HcmV?d00001 diff --git a/src/tests/data/asn1_print/input3.der b/src/tests/data/asn1_print/input3.der new file mode 100755 index 0000000000000000000000000000000000000000..00f09b61848569522d6886d213696d103ed4aafa GIT binary patch literal 402 zcmb>vwc(r1`6rGR?d-xES1M;dwo^2{ly-Y_kwuOJcZ($p?*z@YI(0E$OgNM` zt*AZLGtcL-xQ|@k-*-X>Y9m&KeJ?stl&^AZ$2`BYYgA0V=gmB|_}k?&5vH@PsE)eu zd&WhvJ>I$Z_AFkyeDeG@OP2WOThv52^U@!03M+lT`=ZL5|q z`jzlx(%g;%`xBX?YV6L7pVDazR^~W7p`DR2UI7v&j!0qR!^g%64iaWYCdOdKgYl|t z4D1XXj2!VQY>W(GhPg#%#S8_G)0aF0*6us^z)Gw%jk|vRUfuHZ;!7`ToWGecJNiOk auf~;2LZ=>^fB8}}_3cX?-dfRDskHzML84m# literal 0 HcmV?d00001 diff --git a/src/tests/data/asn1_print/input4.der b/src/tests/data/asn1_print/input4.der new file mode 100755 index 0000000000000000000000000000000000000000..09a14bbb4103acb17b5c039c43479573e744b90d GIT binary patch literal 238 zcmYdqd|j{DIIG?-CSH?~q2AM-jf;h$o`IbS1llZF{QQna>7`ElVDS7`%oXiD%pMaL ztT_0-Mv9@T!F}7+70m~)K3ego=0VT*57lgTJKou8eQeHteoM4GUV+=i)lf-GLAma~ z!rFLqi*TvwvXa|Uer~XOFWzhP^zF~vF`lkhJg+`km%Neb*8a~|?lWB6)4V%Ev+>%N zzAN&bAO0lu)ORlU>Lh?Tc6n*L literal 0 HcmV?d00001 diff --git a/src/tests/data/asn1_print/output1.txt b/src/tests/data/asn1_print/output1.txt new file mode 100644 index 0000000000..68f7389ea4 --- /dev/null +++ b/src/tests/data/asn1_print/output1.txt @@ -0,0 +1,8 @@ + d= 0, l= 32: SEQUENCE + d= 1, l= 1: INTEGER 05 + d= 1, l= 6: PRINTABLE STRING string + d= 1, l= 6: SET + d= 2, l= 1: BOOLEAN true + d= 2, l= 1: INTEGER 63 + d= 1, l= 5: OCTET STRING 0000000000 + d= 1, l= 4: BIT STRING FFFFFF diff --git a/src/tests/data/asn1_print/output2.txt b/src/tests/data/asn1_print/output2.txt new file mode 100644 index 0000000000..d2aa9647bc --- /dev/null +++ b/src/tests/data/asn1_print/output2.txt @@ -0,0 +1,11 @@ + d= 0, l= 38: SEQUENCE + d= 1, l= 1: INTEGER + d= 1, l= 6: OCTET STRING public + d= 1, l= 25: cons [0] context + d= 2, l= 1: INTEGER 26 + d= 2, l= 1: INTEGER + d= 2, l= 1: INTEGER + d= 2, l= 14: SEQUENCE + d= 3, l= 12: SEQUENCE + d= 4, l= 8: OBJECT 1.3.6.1.2.1.1.2.0 + d= 4, l= 0: NULL diff --git a/src/tests/data/asn1_print/output3.txt b/src/tests/data/asn1_print/output3.txt new file mode 100644 index 0000000000..38a5f74fb2 --- /dev/null +++ b/src/tests/data/asn1_print/output3.txt @@ -0,0 +1,20 @@ + d= 0, l= 397: cons [33] appl + d= 1, l= 333: cons [78] appl + d= 2, l= 1: TAG(41) 5F290100 + d= 2, l= 16: INTEGER Bx10DECVCx7fEPASS00001 + d= 2, l= 253: cons [73] appl + d= 3, l= 10: OBJECT 0.4.0.127.0.7.2.2.2.2.2 + d= 3, l= 28: BOOLEAN 811CD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF + d= 3, l= 28: INTEGER 821C68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43 + d= 3, l= 28: BIT STRING 831C2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B + d= 3, l= 57: OCTET STRING 8439040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD + d= 3, l= 28: NULL 851CD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F + d= 3, l= 57: OBJECT 8639045FE7B42614096E67E3B25675EFBBD94B9F1244B17228F109F07856D285867B1F72FA60E4929D88C0BF61035A7C3ECF17CA2C81532308C390 + d= 3, l= 1: TAG(7) 870101 + d= 2, l= 16: TAG(32) x5fx20x10DECVCAEPASS00001 + d= 2, l= 14: cons [76] appl + d= 3, l= 9: OBJECT 0.4.0.127.0.7.3.1.2.1 + d= 3, l= 1: PRINTABLE STRING 5301C1 + d= 2, l= 6: TAG(37) 5F2506000700080108 + d= 2, l= 6: TAG(36) 5F2406010000080108 + d= 1, l= 56: TAG(55) 5F37386978982008CBD24950ADBECEE03A1675660B7FAFBD2D77CF17A5D128CFD9609B5BD0518D28D4D212CAE337F4F47495EDE92C0D7D15EA657D diff --git a/src/tests/data/asn1_print/output4.txt b/src/tests/data/asn1_print/output4.txt new file mode 100644 index 0000000000..ed27ed5f86 --- /dev/null +++ b/src/tests/data/asn1_print/output4.txt @@ -0,0 +1,11 @@ + d= 0, l= 235: cons [7] appl + d= 1, l= 154: cons [33] appl + d= 2, l= 92: cons [78] appl + d= 3, l= 1: TAG(41) 5F290100 + d= 3, l= 71: cons [73] appl + d= 4, l= 10: OBJECT 0.4.0.127.0.7.2.2.2.2.2 + d= 4, l= 57: OBJECT 8639044E4EC55A2E6596F030E7FA5CD42BBC034891A0A8C1EF7C1A007A8047B6D5A883C1D5E2A8FC7CE08CF7F07B063EB8EE3E2AF1836BE7DA1577 + d= 3, l= 11: TAG(32) 5F200B444531222A20237EFF20AD + d= 2, l= 56: TAG(55) 5F3738571A971D19B664F9B03AEF178D32E5EDF9DB5C4945D449D5E4AE63B102DABFF3D4DF00D1BC83BB582981D6B48ED41F89F0FC628C7F89A0F5 + d= 1, l= 16: INTEGER 4210444531222A20237EFF20AD3030303130 + d= 1, l= 56: TAG(55) 5F3738423A93F9E40B0A3488AF6F716848531A24BAB3A2613BD6D830470D2936B1F93061A00A4B6BAA9C3A180272A60F91FD975DB3CF8D8179370C diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index 633f576024..4e324f04dd 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -12,6 +12,7 @@ #include #include #endif +#include namespace Botan_Tests { @@ -290,6 +291,32 @@ class ASN1_Tests final : public Test BOTAN_REGISTER_TEST("asn1", ASN1_Tests); +class ASN1_Printer_Tests final : public Test + { + public: + std::vector run() override + { + Test::Result result("ASN1_Pretty_Printer"); + + Botan::ASN1_Pretty_Printer printer; + + const size_t num_tests = 4; + + for(size_t i = 1; i <= num_tests; ++i) + { + std::string i_str = std::to_string(i); + const std::vector input1 = Test::read_binary_data_file("asn1_print/input" + i_str + ".der"); + const std::string expected1 = Test::read_data_file("asn1_print/output" + i_str + ".txt"); + + result.test_eq("Test " + i_str, printer.print(input1), expected1); + } + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("asn1_printer", ASN1_Printer_Tests); + #endif } From 1fb2be80c348151c35c9144ebc3c0110b492c89d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Dec 2017 12:00:57 -0500 Subject: [PATCH 0461/1008] Fix lambda capture, MSVC didn't like this --- src/tests/test_modes.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index ea773c22b6..9ee97caed0 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -78,7 +78,7 @@ class Cipher_Mode_Tests final : public Text_Based_Test const size_t large_nonce_size = 65000; result.test_eq("Large nonce not allowed", enc->valid_nonce_length(large_nonce_size), false); result.test_throws("Large nonce causes exception", - [&enc]() { enc->start(nullptr, large_nonce_size); }); + [&enc,large_nonce_size]() { enc->start(nullptr, large_nonce_size); }); // Test to make sure reset() resets what we need it to enc->set_key(mutate_vec(key)); From e767318a734d017216a70510ee2c9bdfe1d2c3ff Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 11:17:39 -0500 Subject: [PATCH 0462/1008] Increase EAX update granularity to 128 bytes. Works around a performance problem with applications that use this as a buffer size. Longer term fix is to have two different functions, one for the minimum grain size and another for the optimium buffer size. GH #1377 --- src/lib/modes/aead/eax/eax.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lib/modes/aead/eax/eax.cpp b/src/lib/modes/aead/eax/eax.cpp index dd0e458e75..dbd916db97 100644 --- a/src/lib/modes/aead/eax/eax.cpp +++ b/src/lib/modes/aead/eax/eax.cpp @@ -66,7 +66,11 @@ std::string EAX_Mode::name() const size_t EAX_Mode::update_granularity() const { - return 1; + /* + * For EAX this actually can be as low as 1 but that causes problems + * for applications which use update_granularity as the buffer size. + */ + return m_cipher->parallel_bytes(); } Key_Length_Specification EAX_Mode::key_spec() const From b97460499a8c6bb5faaf32c331d89c5d2d42b323 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 12:11:00 -0500 Subject: [PATCH 0463/1008] Support regexes for OS aliases Needed for mingw which has unames like mingw32_nt-6.3 and thus varies based on the underlying version. Might be useful elsewhere. --- configure.py | 17 +++++++++++++---- src/build-data/os/mingw.txt | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/configure.py b/configure.py index a3247bcb2d..2c4f7b5dee 100755 --- a/configure.py +++ b/configure.py @@ -650,7 +650,7 @@ def py_var(group): return group.replace(':', '_') lexer = shlex.shlex(open(infofile), infofile, posix=True) - lexer.wordchars += '|:.<>/,-!+' # handle various funky chars in info.txt + lexer.wordchars += '|:.<>/,-!+*' # handle various funky chars in info.txt groups = allowed_groups + allowed_maps for group in groups: @@ -1318,7 +1318,7 @@ def __init__(self, infofile): self.soname_pattern_abi = None self.soname_pattern_patch = None - self.aliases = lex.aliases + self._aliases = lex.aliases self.ar_command = lex.ar_command self.ar_options = lex.ar_options self.bin_dir = lex.bin_dir @@ -1338,6 +1338,15 @@ def __init__(self, infofile): self.target_features = lex.target_features self.use_stack_protector = (lex.use_stack_protector == "true") + def matches_name(self, nm): + if nm in self._aliases: + return True + + for alias in self._aliases: + if re.match(alias, nm): + return True + return False + def building_shared_supported(self): return self.soname_pattern_base != None @@ -2673,8 +2682,8 @@ def canonicalize_options(options, info_os, info_arch): # pylint: disable=too-many-branches if options.os not in info_os: def find_canonical_os_name(os_name_variant): - for (canonical_os_name, info) in info_os.items(): - if os_name_variant in info.aliases: + for (canonical_os_name, os_info) in info_os.items(): + if os_info.matches_name(os_name_variant): return canonical_os_name return os_name_variant # not found options.os = find_canonical_os_name(options.os) diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index da3f1ede7d..b0e98e166f 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -12,7 +12,7 @@ doc_dir share/doc msys -mingw32 +mingw32.* From cd6e777c32333248329edc3312408aa6eecae512 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 12:32:27 -0500 Subject: [PATCH 0464/1008] Disable sockets on MinGW Everything works ok on i686 when crosscompiled but it seems things are badly broken on x86-64 when compiling on Windows. Rather than fight their broken headers, just disable. No OCSP for you MinGW. --- src/lib/utils/socket/socket.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index be646269b0..1020a2f5d4 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -30,7 +30,7 @@ #include #include -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) && !defined(BOTAN_TARGET_OS_IS_MINGW) #define NOMINMAX 1 #include #include @@ -136,7 +136,7 @@ class Asio_Socket final : public OS::Socket boost::asio::ip::tcp::socket m_tcp; }; -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || (defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) && !defined(BOTAN_TARGET_OS_IS_MINGW)) class BSD_Socket final : public OS::Socket { @@ -356,7 +356,7 @@ OS::open_socket(const std::string& hostname, #if defined(BOTAN_HAS_BOOST_ASIO) return std::unique_ptr(new Asio_Socket(hostname, service, timeout)); -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || (defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) && !defined(BOTAN_TARGET_OS_IS_MINGW)) return std::unique_ptr(new BSD_Socket(hostname, service, timeout)); #else From 2d3cee8b02a1823ef05eedbbd3e435131460635a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 14:11:46 -0500 Subject: [PATCH 0465/1008] Remove BOTAN_FORCE_SEMICOLON macro Only needed in two headers (cli.h and test.h) not in the main library. Just change those two uses to not use anonymous namespaces. --- src/build-data/buildh.in | 4 ---- src/cli/cli.h | 7 +++---- src/tests/tests.h | 3 +-- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index cacc01ed0e..d4972af153 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -239,10 +239,6 @@ Each read generates 32 bits of output #endif -// Append to macros living outside of functions, so that invocations must end with a semicolon. -// The struct is only declared to force the semicolon, it is never defined. -#define BOTAN_FORCE_SEMICOLON struct BOTAN_DUMMY_STRUCT - // Check for a common build problem: #if defined(BOTAN_TARGET_ARCH_IS_X86_64) && ((defined(_MSC_VER) && !defined(_WIN64)) || \ diff --git a/src/cli/cli.h b/src/cli/cli.h index d096617a35..118d61cb6f 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -185,10 +185,9 @@ class Command }; }; -#define BOTAN_REGISTER_COMMAND(name, CLI_Class) \ - namespace { Botan_CLI::Command::Registration \ - reg_cmd_ ## CLI_Class(name, []() -> Botan_CLI::Command* { return new CLI_Class; }); } \ - BOTAN_FORCE_SEMICOLON +#define BOTAN_REGISTER_COMMAND(name, CLI_Class) \ + Botan_CLI::Command::Registration reg_cmd_ ## CLI_Class(name, \ + []() -> Botan_CLI::Command* { return new CLI_Class; }) } diff --git a/src/tests/tests.h b/src/tests/tests.h index 193f7e06df..36a6d4862e 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -432,8 +432,7 @@ class Test * Register the test with the runner */ #define BOTAN_REGISTER_TEST(type, Test_Class) \ - namespace { Test::Registration reg_ ## Test_Class ## _tests(type, new Test_Class); } \ - BOTAN_FORCE_SEMICOLON + Test::Registration reg_ ## Test_Class ## _tests(type, new Test_Class) /* * A test based on reading an input file which contains key/value pairs From 092114e11c27de26a53aefa08547cc0bc44717ca Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 13 Dec 2017 17:57:31 -0500 Subject: [PATCH 0466/1008] Test OS features by the feature vs the OS name --- configure.py | 47 +++++++++++++++-------- doc/os.rst | 20 +++++----- src/build-data/buildh.in | 3 -- src/build-data/os/aix.txt | 8 ++-- src/build-data/os/android.txt | 13 ++++--- src/build-data/os/cygwin.txt | 6 ++- src/build-data/os/darwin.txt | 10 ++--- src/build-data/os/dragonfly.txt | 9 +++-- src/build-data/os/freebsd.txt | 9 ++--- src/build-data/os/haiku.txt | 7 ++-- src/build-data/os/hpux.txt | 6 ++- src/build-data/os/hurd.txt | 7 +++- src/build-data/os/includeos.txt | 5 +-- src/build-data/os/ios.txt | 8 ++-- src/build-data/os/linux.txt | 10 ++--- src/build-data/os/mingw.txt | 4 +- src/build-data/os/netbsd.txt | 10 ++--- src/build-data/os/openbsd.txt | 11 +++--- src/build-data/os/qnx.txt | 10 ++--- src/build-data/os/solaris.txt | 9 +++-- src/build-data/os/windows.txt | 12 +++--- src/build-data/os/winphone.txt | 10 ++--- src/cli/socket_utils.h | 4 +- src/cli/tls_client.cpp | 2 +- src/cli/tls_server.cpp | 2 +- src/lib/entropy/darwin_secrandom/info.txt | 7 ++-- src/lib/entropy/dev_random/info.txt | 19 ++------- src/lib/entropy/getentropy/info.txt | 6 +-- src/lib/entropy/proc_walk/info.txt | 16 ++------ src/lib/entropy/win32_stats/info.txt | 8 ++-- src/lib/filters/fd_unix/info.txt | 18 ++------- src/lib/rng/system_rng/info.txt | 27 +++---------- src/lib/utils/calendar.cpp | 4 +- src/lib/utils/dyn_load/dyn_load.cpp | 21 +++++----- src/lib/utils/dyn_load/info.txt | 15 ++------ src/lib/utils/filesystem.cpp | 13 ++++--- src/lib/utils/locking_allocator/info.txt | 11 ++---- src/lib/utils/mutex.h | 4 +- src/lib/utils/os_utils.cpp | 24 ++++++------ src/lib/utils/socket/socket.cpp | 10 ++--- src/tests/test_os_utils.cpp | 4 +- src/tests/test_rng.cpp | 4 +- 42 files changed, 203 insertions(+), 250 deletions(-) diff --git a/configure.py b/configure.py index 2c4f7b5dee..760b866c43 100755 --- a/configure.py +++ b/configure.py @@ -730,7 +730,7 @@ def __init__(self, infofile): lex = lex_me_harder( infofile, ['header:internal', 'header:public', 'header:external', 'requires', - 'os', 'arch', 'cc', 'libs', 'frameworks', 'comment', 'warning' + 'os_features', 'arch', 'cc', 'libs', 'frameworks', 'comment', 'warning' ], ['defines'], { @@ -792,7 +792,7 @@ def convert_lib_list(l): self.libs = convert_lib_list(lex.libs) self.load_on = lex.load_on self.need_isa = lex.need_isa.split(',') if lex.need_isa else [] - self.os = lex.os + self.os_features = lex.os_features self.requires = lex.requires self.warning = ' '.join(lex.warning) if lex.warning else None @@ -825,10 +825,12 @@ def _validate_defines_content(defines): if not re.match('^[0-9]{8}$', value): raise InternalError('Module defines value has invalid format: "%s"' % value) - def cross_check(self, arch_info, os_info, cc_info): - for supp_os in self.os: - if supp_os not in os_info: - raise InternalError('Module %s mentions unknown OS %s' % (self.infofile, supp_os)) + def cross_check(self, arch_info, os_info, cc_info, all_os_features): + + for feat in set(flatten([o.split(',') for o in self.os_features])): + if feat not in all_os_features: + logging.error("Module %s uses an OS feature (%s) which no OS supports", self.infofile, feat) + for supp_cc in self.cc: if supp_cc not in cc_info: colon_idx = supp_cc.find(':') @@ -873,8 +875,23 @@ def compatible_cpu(self, archinfo, options): return True - def compatible_os(self, os_name): - return self.os == [] or os_name in self.os + def compatible_os(self, os_data, options): + if not self.os_features: + return True + + def has_all(needed, provided): + for n in needed: + if n not in provided: + return False + return True + + provided_features = os_data.enabled_features(options) + + for feature_set in self.os_features: + if has_all(feature_set.split(','), provided_features): + return True + + return False def compatible_compiler(self, ccinfo, cc_min_version, arch): # Check if this compiler supports the flags we need @@ -1268,7 +1285,6 @@ def __init__(self, infofile): ['aliases', 'target_features'], [], { - 'os_type': None, 'program_suffix': '', 'obj_suffix': 'o', 'soname_suffix': '', @@ -1331,7 +1347,6 @@ def __init__(self, infofile): self.library_name = lex.library_name self.man_dir = lex.man_dir self.obj_suffix = lex.obj_suffix - self.os_type = lex.os_type self.program_suffix = lex.program_suffix self.so_post_link_command = lex.so_post_link_command self.static_suffix = lex.static_suffix @@ -1893,7 +1908,6 @@ def cmake_escape(s): 'os_features': osinfo.enabled_features(options), 'os_name': osinfo.basename, - 'os_type': osinfo.os_type, 'cpu_features': arch.supported_isa_extensions(cc, options), 'house_ecc_curve_defines': house_ecc_curve_macros(options.house_curve), @@ -1950,10 +1964,11 @@ class ModulesChooser(object): Determine which modules to load based on options, target, etc """ - def __init__(self, modules, module_policy, archinfo, ccinfo, cc_min_version, options): + def __init__(self, modules, module_policy, archinfo, osinfo, ccinfo, cc_min_version, options): self._modules = modules self._module_policy = module_policy self._archinfo = archinfo + self._osinfo = osinfo self._ccinfo = ccinfo self._cc_min_version = cc_min_version self._options = options @@ -1968,7 +1983,7 @@ def __init__(self, modules, module_policy, archinfo, ccinfo, cc_min_version, opt self._modules, self._options.enabled_modules, self._options.disabled_modules) def _check_usable(self, module, modname): - if not module.compatible_os(self._options.os): + if not module.compatible_os(self._osinfo, self._options): self._not_using_because['incompatible OS'].add(modname) return False elif not module.compatible_compiler(self._ccinfo, self._cc_min_version, self._archinfo.basename): @@ -2799,7 +2814,7 @@ def validate_options(options, info_os, info_cc, available_module_policies): def prepare_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy): - loaded_module_names = ModulesChooser(info_modules, module_policy, arch, cc, cc_min_version, options).choose() + loaded_module_names = ModulesChooser(info_modules, module_policy, arch, osinfo, cc, cc_min_version, options).choose() using_mods = [info_modules[modname] for modname in loaded_module_names] build_config = BuildPaths(source_paths, options, using_mods) @@ -2969,8 +2984,10 @@ def main(argv): info_cc = load_build_data_info_files(source_paths, 'compiler info', 'cc', CompilerInfo) info_module_policies = load_build_data_info_files(source_paths, 'module policy', 'policy', ModulePolicyInfo) + all_os_features = set(flatten([o.target_features for o in info_os.values()])) + for mod in info_modules.values(): - mod.cross_check(info_arch, info_os, info_cc) + mod.cross_check(info_arch, info_os, info_cc, all_os_features) for policy in info_module_policies.values(): policy.cross_check(info_modules) diff --git a/doc/os.rst b/doc/os.rst index f1baa7cdee..2d869138b5 100644 --- a/doc/os.rst +++ b/doc/os.rst @@ -33,25 +33,25 @@ A summary of OS features as defined in ``src/build-data/os``. .. csv-table:: :header: "Feature", "a", "a", "c", "d", "d", "f", "h", "h", "h", "i", "i", "l", "l", "m", "n", "n", "o", "q", "s", "w", "w" - "arc4random", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " - "clock_gettime", "X", "X", " ", " ", "X", "X", " ", " ", " ", " ", " ", "X", " ", " ", " ", "X", "X", "X", " ", " ", " " + "arc4random", " ", " ", " ", "X", "X", "X", " ", " ", " ", " ", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", " " + "clock_gettime", "X", "X", " ", " ", "X", "X", " ", "X", " ", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "cryptgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " "crypto_ng", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" - "dlopen", "X", "X", " ", "X", "X", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", "X", "X", "X", " ", " ", " " + "dev_random", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "explicit_bzero", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " "filesystem", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", "X", "X", " ", "X", "X", "X", "X", "X", "X" "getauxval", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " " - "gmtime_r", "X", "X", " ", "X", " ", "X", "X", " ", " ", " ", "X", "X", " ", " ", " ", "X", "X", "X", " ", " ", " " - "gmtime_s", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" - "loadlibrary", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", "X" - "posix_mlock", " ", "X", " ", " ", "X", "X", " ", " ", "X", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " - "query_perf_counter", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" - "readdir", "X", "X", "X", "X", "X", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", "X", "X", " ", "X", " ", " " + "getentropy", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " + "posix1", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " + "proc_fs", "X", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " " "rtlsecurezeromemory", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" - "sockets", "X", " ", " ", "X", "X", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", " ", "X", " ", " ", "X", "X" + "security_framework", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " " + "sockets", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", " ", "X", "X", "X", "X", "X", "X" "stl_filesystem_msvc", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " " "threads", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", "X", "X", "X", "X", "X", "X", "X" "virtual_lock", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " + "win32", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", "X" + "winsock2", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" .. note:: This file is auto generated by ``src/scripts/update_docs.py``. Dont modify it manually. diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index d4972af153..9c4879312e 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -45,9 +45,6 @@ /* Target identification and feature test macros */ #define BOTAN_TARGET_OS_IS_%{os_name|upper} -%{if os_type} -#define BOTAN_TARGET_OS_TYPE_IS_%{os_type|upper} -%{endif} %{for os_features} #define BOTAN_TARGET_OS_HAS_%{i|upper} diff --git a/src/build-data/os/aix.txt b/src/build-data/os/aix.txt index b12685c615..caf94fdd4e 100644 --- a/src/build-data/os/aix.txt +++ b/src/build-data/os/aix.txt @@ -1,14 +1,14 @@ -os_type unix soname_suffix "so" use_stack_protector no +posix1 clock_gettime -gmtime_r -dlopen -readdir +dev_random +proc_fs + sockets threads filesystem diff --git a/src/build-data/os/android.txt b/src/build-data/os/android.txt index 79031d4f7a..b45287b548 100644 --- a/src/build-data/os/android.txt +++ b/src/build-data/os/android.txt @@ -1,16 +1,17 @@ -os_type unix soname_suffix "so" +posix1 + +dev_random clock_gettime -posix_mlock -gmtime_r + # getauxval is available in Android NDK for min API 18 and in Crystax NDK -# for all min API levels. Comment out if older API levels must be supported. +# for all min API levels. Use --without-os-feature=getauxval to disable getauxval -dlopen -readdir + +sockets threads filesystem diff --git a/src/build-data/os/cygwin.txt b/src/build-data/os/cygwin.txt index f4118aedb0..1d106b06c1 100644 --- a/src/build-data/os/cygwin.txt +++ b/src/build-data/os/cygwin.txt @@ -1,4 +1,3 @@ -os_type unix program_suffix .exe @@ -10,7 +9,10 @@ install_root c:\Botan doc_dir docs -readdir +posix1 +dev_random + +sockets threads filesystem diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index acc59f2c20..3c221e0b9f 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -1,4 +1,3 @@ -os_type unix soname_pattern_base "libbotan-{version_major}.dylib" soname_pattern_abi "libbotan-{version_major}.{abi_rev}.dylib" @@ -11,13 +10,14 @@ so_post_link_command "install_name_tool -change '$(INSTALLED_LIB_DIR)/{soname_ab doc_dir doc +posix1 arc4random -dlopen -filesystem -gmtime_r -readdir +dev_random +security_framework + sockets threads +filesystem diff --git a/src/build-data/os/dragonfly.txt b/src/build-data/os/dragonfly.txt index 9a5590d89c..257b2ef6b5 100644 --- a/src/build-data/os/dragonfly.txt +++ b/src/build-data/os/dragonfly.txt @@ -1,13 +1,14 @@ -os_type unix soname_suffix "so" +posix1 clock_gettime -posix_mlock +proc_fs +dev_random +arc4random + sockets threads filesystem -readdir -dlopen diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt index 17cad3ac05..4de44a318f 100644 --- a/src/build-data/os/freebsd.txt +++ b/src/build-data/os/freebsd.txt @@ -1,13 +1,12 @@ -os_type unix soname_suffix "so" +posix1 clock_gettime -posix_mlock -gmtime_r -dlopen -readdir +dev_random +arc4random + sockets threads filesystem diff --git a/src/build-data/os/haiku.txt b/src/build-data/os/haiku.txt index 37f3d862f6..e203a0d268 100644 --- a/src/build-data/os/haiku.txt +++ b/src/build-data/os/haiku.txt @@ -1,4 +1,3 @@ -os_type unix soname_suffix "so" @@ -10,10 +9,10 @@ doc_dir system/documentation use_stack_protector no +posix1 clock_gettime -gmtime_r -dlopen -readdir +dev_random + sockets threads filesystem diff --git a/src/build-data/os/hpux.txt b/src/build-data/os/hpux.txt index 86a79e5ca1..112ad1ea30 100644 --- a/src/build-data/os/hpux.txt +++ b/src/build-data/os/hpux.txt @@ -1,9 +1,13 @@ -os_type unix # It is "sl" on HP-PA, but HP-UX on PA is EOL soname_suffix "so" +posix1 +clock_gettime +dev_random + +sockets threads filesystem diff --git a/src/build-data/os/hurd.txt b/src/build-data/os/hurd.txt index 8461178058..29ca47490f 100644 --- a/src/build-data/os/hurd.txt +++ b/src/build-data/os/hurd.txt @@ -1,9 +1,12 @@ -os_type unix soname_suffix "so" -posix_mlock +posix1 +dev_random +clock_gettime + +sockets threads filesystem diff --git a/src/build-data/os/includeos.txt b/src/build-data/os/includeos.txt index cabcec6b9f..7d2ebfdc95 100644 --- a/src/build-data/os/includeos.txt +++ b/src/build-data/os/includeos.txt @@ -1,5 +1,4 @@ -os_type unikernel - - +posix1 +dev_random diff --git a/src/build-data/os/ios.txt b/src/build-data/os/ios.txt index c0195fa9e1..e5729fed80 100644 --- a/src/build-data/os/ios.txt +++ b/src/build-data/os/ios.txt @@ -1,4 +1,3 @@ -os_type unix soname_pattern_base "libbotan-{version_major}.{version_minor}.dylib" soname_pattern_abi "libbotan-{version_major}.{version_minor}.{abi_rev}.dylib" @@ -7,13 +6,12 @@ soname_pattern_patch "libbotan-{version_major}.{version_minor}.{abi_rev}.{versio doc_dir doc +posix1 arc4random -dlopen -filesystem -gmtime_r -readdir + sockets threads +filesystem diff --git a/src/build-data/os/linux.txt b/src/build-data/os/linux.txt index 99bcf21eb5..7029adbefb 100644 --- a/src/build-data/os/linux.txt +++ b/src/build-data/os/linux.txt @@ -1,14 +1,14 @@ -os_type unix soname_suffix "so" +posix1 + +dev_random +proc_fs clock_gettime -posix_mlock -gmtime_r -dlopen getauxval -readdir + sockets threads filesystem diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index b0e98e166f..b74aa2d491 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -1,4 +1,3 @@ -os_type windows program_suffix .exe obj_suffix o @@ -16,9 +15,10 @@ mingw32.* +win32 cryptgenrandom -loadlibrary virtual_lock + threads filesystem diff --git a/src/build-data/os/netbsd.txt b/src/build-data/os/netbsd.txt index 21f388e290..4de44a318f 100644 --- a/src/build-data/os/netbsd.txt +++ b/src/build-data/os/netbsd.txt @@ -1,13 +1,13 @@ -os_type unix soname_suffix "so" +posix1 clock_gettime -posix_mlock -gmtime_r -dlopen -readdir +dev_random +arc4random + +sockets threads filesystem diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt index a5db3fd8ee..99a3edf79c 100644 --- a/src/build-data/os/openbsd.txt +++ b/src/build-data/os/openbsd.txt @@ -1,17 +1,16 @@ -os_type unix soname_pattern_base "libbotan-{version_major}.so" soname_pattern_abi "libbotan-{version_major}.so.{abi_rev}" soname_pattern_patch "libbotan-{version_major}.so.{abi_rev}.{version_minor}" -arc4random +posix1 clock_gettime +dev_random +arc4random +getentropy explicit_bzero -posix_mlock -gmtime_r -dlopen -readdir + sockets threads filesystem diff --git a/src/build-data/os/qnx.txt b/src/build-data/os/qnx.txt index 65fd8acf0c..70810d2d95 100644 --- a/src/build-data/os/qnx.txt +++ b/src/build-data/os/qnx.txt @@ -1,13 +1,11 @@ -# not really, but for our purposes -os_type unix - soname_suffix "so" +posix1 clock_gettime -posix_mlock -gmtime_r -dlopen +dev_random + +sockets threads filesystem diff --git a/src/build-data/os/solaris.txt b/src/build-data/os/solaris.txt index 7c89e4ad99..f2bfca6164 100644 --- a/src/build-data/os/solaris.txt +++ b/src/build-data/os/solaris.txt @@ -1,11 +1,14 @@ -os_type unix soname_suffix "so" -posix_mlock +posix1 +clock_gettime +dev_random +proc_fs + threads -readdir +sockets filesystem diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index 639b0512d1..8fb8bc586e 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -1,4 +1,3 @@ -os_type windows cli_exe_name botan-cli @@ -17,16 +16,17 @@ install_root c:\\Botan doc_dir docs +win32 +winsock2 + cryptgenrandom -gmtime_s -loadlibrary -query_perf_counter -virtual_lock rtlsecurezeromemory + +virtual_lock stl_filesystem_msvc + threads filesystem -sockets diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt index 34f2e0f5f7..bc0179c125 100644 --- a/src/build-data/os/winphone.txt +++ b/src/build-data/os/winphone.txt @@ -1,4 +1,3 @@ -os_type windows # ? program_suffix .exe @@ -9,13 +8,12 @@ install_root c:\\Botan doc_dir docs +win32 +winsock2 + crypto_ng -gmtime_s -loadlibrary -query_perf_counter rtlsecurezeromemory -#stl_filesystem_msvc + threads filesystem -sockets diff --git a/src/cli/socket_utils.h b/src/cli/socket_utils.h index a8e2a51a62..d7eb4382ee 100644 --- a/src/cli/socket_utils.h +++ b/src/cli/socket_utils.h @@ -11,7 +11,7 @@ #include #include "cli_exceptions.h" -#if defined(BOTAN_TARGET_OS_IS_WINDOWS) +#if defined(BOTAN_TARGET_OS_HAS_WINSOCK2) #include #include @@ -57,7 +57,7 @@ inline int send(int s, const uint8_t* buf, size_t len, int flags) return ::send(s, reinterpret_cast(buf), static_cast(len), flags); } -#else +#elif defined(BOTAN_TARGET_OS_HAS_POSIX1) #include #include diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index ddc443614e..7a9633fca3 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -8,7 +8,7 @@ #include "cli.h" -#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_SOCKETS) +#if defined(BOTAN_HAS_TLS) && (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) #include #include diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 44c69bf179..7127b20206 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -8,7 +8,7 @@ #include "cli.h" -#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_SOCKETS) +#if defined(BOTAN_HAS_TLS) && (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) #include #include diff --git a/src/lib/entropy/darwin_secrandom/info.txt b/src/lib/entropy/darwin_secrandom/info.txt index 477818818c..c1943a04a4 100644 --- a/src/lib/entropy/darwin_secrandom/info.txt +++ b/src/lib/entropy/darwin_secrandom/info.txt @@ -6,10 +6,9 @@ ENTROPY_SRC_DARWIN_SECRANDOM -> 20150925 darwin_secrandom.h - -darwin -ios - + +security_framework + darwin -> Security diff --git a/src/lib/entropy/dev_random/info.txt b/src/lib/entropy/dev_random/info.txt index d22f182117..3872411f30 100644 --- a/src/lib/entropy/dev_random/info.txt +++ b/src/lib/entropy/dev_random/info.txt @@ -6,19 +6,6 @@ ENTROPY_SRC_DEV_RANDOM -> 20131128 dev_random.h - -aix -android -cygwin -darwin -dragonfly -freebsd -haiku -hpux -hurd -linux -netbsd -openbsd -qnx -solaris - + +dev_random,posix1 + diff --git a/src/lib/entropy/getentropy/info.txt b/src/lib/entropy/getentropy/info.txt index a44299cbe4..886e57151f 100644 --- a/src/lib/entropy/getentropy/info.txt +++ b/src/lib/entropy/getentropy/info.txt @@ -6,6 +6,6 @@ ENTROPY_SRC_GETENTROPY -> 20170327 getentropy.h - -openbsd - + +getentropy + diff --git a/src/lib/entropy/proc_walk/info.txt b/src/lib/entropy/proc_walk/info.txt index f93d0cb3f2..2bba7e276b 100644 --- a/src/lib/entropy/proc_walk/info.txt +++ b/src/lib/entropy/proc_walk/info.txt @@ -6,16 +6,6 @@ ENTROPY_SRC_PROC_WALKER -> 20131128 proc_walk.h - -android -aix -cygwin -darwin -dragonfly -hpux -hurd -linux -netbsd -qnx -solaris - + +posix1,proc_fs + diff --git a/src/lib/entropy/win32_stats/info.txt b/src/lib/entropy/win32_stats/info.txt index 7c84fc235d..68abae34e8 100644 --- a/src/lib/entropy/win32_stats/info.txt +++ b/src/lib/entropy/win32_stats/info.txt @@ -6,11 +6,9 @@ ENTROPY_SRC_WIN32 -> 20131128 es_win32.h - -windows -cygwin -mingw - + +win32 + windows -> user32.lib diff --git a/src/lib/filters/fd_unix/info.txt b/src/lib/filters/fd_unix/info.txt index 4679cb4d51..41e7a23a52 100644 --- a/src/lib/filters/fd_unix/info.txt +++ b/src/lib/filters/fd_unix/info.txt @@ -4,18 +4,6 @@ PIPE_UNIXFD_IO -> 20131128 load_on auto - -android -aix -cygwin -darwin -dragonfly -freebsd -haiku -hpux -linux -netbsd -openbsd -qnx -solaris - + +posix1 + diff --git a/src/lib/rng/system_rng/info.txt b/src/lib/rng/system_rng/info.txt index 0c04fa21ca..8f25bf84c4 100644 --- a/src/lib/rng/system_rng/info.txt +++ b/src/lib/rng/system_rng/info.txt @@ -2,27 +2,12 @@ SYSTEM_RNG -> 20141202 - -aix -android -cygwin -darwin -dragonfly -freebsd -haiku -hpux -hurd -includeos -ios -linux -mingw -netbsd -openbsd -qnx -solaris -windows -winphone - + +dev_random,posix1 +arc4random +crypto_ng +cryptgenrandom + windows -> advapi32.lib diff --git a/src/lib/utils/calendar.cpp b/src/lib/utils/calendar.cpp index e902e411da..fe04f1d239 100644 --- a/src/lib/utils/calendar.cpp +++ b/src/lib/utils/calendar.cpp @@ -21,9 +21,9 @@ std::tm do_gmtime(std::time_t time_val) { std::tm tm; -#if defined(BOTAN_TARGET_OS_HAS_GMTIME_S) +#if defined(BOTAN_TARGET_OS_HAS_WIN32) ::gmtime_s(&tm, &time_val); // Windows -#elif defined(BOTAN_TARGET_OS_HAS_GMTIME_R) +#elif defined(BOTAN_TARGET_OS_HAS_POSIX1) ::gmtime_r(&time_val, &tm); // Unix/SUSv2 #else std::tm* tm_p = std::gmtime(&time_val); diff --git a/src/lib/utils/dyn_load/dyn_load.cpp b/src/lib/utils/dyn_load/dyn_load.cpp index 33288b8d11..b7f2649ef8 100644 --- a/src/lib/utils/dyn_load/dyn_load.cpp +++ b/src/lib/utils/dyn_load/dyn_load.cpp @@ -8,9 +8,9 @@ #include #include -#if defined(BOTAN_TARGET_OS_HAS_DLOPEN) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) #include -#elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) #define NOMINMAX 1 #define _WINSOCKAPI_ // stop windows.h including winsock.h #include @@ -24,7 +24,7 @@ void raise_runtime_loader_exception(const std::string& lib_name, const char* msg) { throw Exception("Failed to load " + lib_name + ": " + - (msg ? msg : "Unknown error")); + (msg ? msg : "Unknown error")); } } @@ -33,13 +33,13 @@ Dynamically_Loaded_Library::Dynamically_Loaded_Library( const std::string& library) : m_lib_name(library), m_lib(nullptr) { -#if defined(BOTAN_TARGET_OS_HAS_DLOPEN) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) m_lib = ::dlopen(m_lib_name.c_str(), RTLD_LAZY); if(!m_lib) raise_runtime_loader_exception(m_lib_name, ::dlerror()); -#elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) m_lib = ::LoadLibraryA(m_lib_name.c_str()); if(!m_lib) @@ -52,9 +52,9 @@ Dynamically_Loaded_Library::Dynamically_Loaded_Library( Dynamically_Loaded_Library::~Dynamically_Loaded_Library() { -#if defined(BOTAN_TARGET_OS_HAS_DLOPEN) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) ::dlclose(m_lib); -#elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) ::FreeLibrary((HMODULE)m_lib); #endif } @@ -63,11 +63,10 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol) { void* addr = nullptr; -#if defined(BOTAN_TARGET_OS_HAS_DLOPEN) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) addr = ::dlsym(m_lib, symbol.c_str()); -#elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) - addr = reinterpret_cast(::GetProcAddress((HMODULE)m_lib, - symbol.c_str())); +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) + addr = reinterpret_cast(::GetProcAddress((HMODULE)m_lib, symbol.c_str())); #endif if(!addr) diff --git a/src/lib/utils/dyn_load/info.txt b/src/lib/utils/dyn_load/info.txt index 2caeac7280..4dd4932a00 100644 --- a/src/lib/utils/dyn_load/info.txt +++ b/src/lib/utils/dyn_load/info.txt @@ -4,17 +4,10 @@ DYNAMIC_LOADER -> 20160310 load_on dep - -android -freebsd -linux -netbsd -openbsd -qnx -solaris -windows -darwin - + +posix1 +win32 + android -> dl diff --git a/src/lib/utils/filesystem.cpp b/src/lib/utils/filesystem.cpp index fd4aee1f0c..29f73fcb37 100644 --- a/src/lib/utils/filesystem.cpp +++ b/src/lib/utils/filesystem.cpp @@ -13,14 +13,14 @@ #include #elif defined(BOTAN_HAS_BOOST_FILESYSTEM) #include -#elif defined(BOTAN_TARGET_OS_HAS_READDIR) +#elif defined(BOTAN_TARGET_OS_HAS_POSIX1) #include #include #include #include #include #include -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) #define NOMINMAX 1 #define _WINSOCKAPI_ // stop windows.h including winsock.h #include @@ -74,7 +74,8 @@ std::vector impl_boost_filesystem(const std::string& dir_path) return out; } -#elif defined(BOTAN_TARGET_OS_HAS_READDIR) +#elif defined(BOTAN_TARGET_OS_HAS_POSIX1) + std::vector impl_readdir(const std::string& dir_path) { std::vector out; @@ -113,7 +114,7 @@ std::vector impl_readdir(const std::string& dir_path) return out; } -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) std::vector impl_win32(const std::string& dir_path) { @@ -167,9 +168,9 @@ std::vector get_files_recursive(const std::string& dir) files = impl_stl_filesystem(dir); #elif defined(BOTAN_HAS_BOOST_FILESYSTEM) files = impl_boost_filesystem(dir); -#elif defined(BOTAN_TARGET_OS_HAS_READDIR) +#elif defined(BOTAN_TARGET_OS_HAS_POSIX1) files = impl_readdir(dir); -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) files = impl_win32(dir); #else BOTAN_UNUSED(dir); diff --git a/src/lib/utils/locking_allocator/info.txt b/src/lib/utils/locking_allocator/info.txt index 5f848f62df..7dc3c059d8 100644 --- a/src/lib/utils/locking_allocator/info.txt +++ b/src/lib/utils/locking_allocator/info.txt @@ -2,10 +2,7 @@ LOCKING_ALLOCATOR -> 20131128 - -linux -freebsd -openbsd -netbsd -windows - + +posix1 +virtual_lock + diff --git a/src/lib/utils/mutex.h b/src/lib/utils/mutex.h index 6e24815bb0..34fed5c81e 100644 --- a/src/lib/utils/mutex.h +++ b/src/lib/utils/mutex.h @@ -20,7 +20,7 @@ typedef std::mutex mutex_type; } -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIKERNEL) || defined(BOTAN_TARGET_OS_IS_LLVM) +#else // No threads @@ -53,8 +53,6 @@ template using lock_guard_type = lock_guard; } -#else - #error "Threads unexpectedly disabled in non unikernel build" #endif #endif diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 48890964ac..0f3ab7a326 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -18,7 +18,7 @@ #include #endif -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) #include #include #include @@ -26,7 +26,7 @@ #include #include #include -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) #define NOMINMAX 1 #include #endif @@ -63,11 +63,11 @@ void secure_scrub_memory(void* ptr, size_t n) uint32_t OS::get_process_id() { -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) return ::getpid(); -#elif defined(BOTAN_TARGET_OS_IS_WINDOWS) || defined(BOTAN_TARGET_OS_IS_MINGW) +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) return ::GetCurrentProcessId(); -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIKERNEL) || defined(BOTAN_TARGET_OS_IS_LLVM) +#elif defined(BOTAN_TARGET_OS_IS_INCLUDEOS) || defined(BOTAN_TARGET_OS_IS_LLVM) return 0; // truly no meaningful value #else #error "Missing get_process_id" @@ -78,7 +78,7 @@ uint64_t OS::get_processor_timestamp() { uint64_t rtc = 0; -#if defined(BOTAN_TARGET_OS_HAS_QUERY_PERF_COUNTER) +#if defined(BOTAN_TARGET_OS_HAS_WIN32) LARGE_INTEGER tv; ::QueryPerformanceCounter(&tv); rtc = tv.QuadPart; @@ -196,7 +196,7 @@ uint64_t OS::get_system_timestamp_ns() size_t OS::get_memory_locking_limit() { -#if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) /* * Linux defaults to only 64 KiB of mlockable memory per process * (too small) but BSDs offer a small fraction of total RAM (more @@ -282,7 +282,7 @@ size_t OS::get_memory_locking_limit() void* OS::allocate_locked_pages(size_t length) { -#if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) #if !defined(MAP_NOCORE) #define MAP_NOCORE 0 @@ -342,11 +342,11 @@ void OS::free_locked_pages(void* ptr, size_t length) if(ptr == nullptr || length == 0) return; -#if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) secure_scrub_memory(ptr, length); ::munlock(ptr, length); ::munmap(ptr, length); -#elif defined BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK +#elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) secure_scrub_memory(ptr, length); ::VirtualUnlock(ptr, length); ::VirtualFree(ptr, 0, MEM_RELEASE); @@ -356,7 +356,7 @@ void OS::free_locked_pages(void* ptr, size_t length) #endif } -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) namespace { static ::sigjmp_buf g_sigill_jmp_buf; @@ -373,7 +373,7 @@ int OS::run_cpu_instruction_probe(std::function probe_fn) { volatile int probe_result = -3; -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) struct sigaction old_sigaction; struct sigaction sigaction; diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index 1020a2f5d4..b75b4981c9 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -20,7 +20,7 @@ #include #include -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) #include #include #include @@ -30,7 +30,7 @@ #include #include -#elif defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) && !defined(BOTAN_TARGET_OS_IS_MINGW) +#elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2) #define NOMINMAX 1 #include #include @@ -136,12 +136,12 @@ class Asio_Socket final : public OS::Socket boost::asio::ip::tcp::socket m_tcp; }; -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || (defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) && !defined(BOTAN_TARGET_OS_IS_MINGW)) +#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2) class BSD_Socket final : public OS::Socket { private: -#if defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) +#if defined(BOTAN_TARGET_OS_HAS_WINSOCK2) typedef SOCKET socket_type; typedef int socket_op_ret_type; static socket_type invalid_socket() { return INVALID_SOCKET; } @@ -356,7 +356,7 @@ OS::open_socket(const std::string& hostname, #if defined(BOTAN_HAS_BOOST_ASIO) return std::unique_ptr(new Asio_Socket(hostname, service, timeout)); -#elif defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) || (defined(BOTAN_TARGET_OS_TYPE_IS_WINDOWS) && !defined(BOTAN_TARGET_OS_IS_MINGW)) +#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2) return std::unique_ptr(new BSD_Socket(hostname, service, timeout)); #else diff --git a/src/tests/test_os_utils.cpp b/src/tests/test_os_utils.cpp index 6707e89609..1c159ca75a 100644 --- a/src/tests/test_os_utils.cpp +++ b/src/tests/test_os_utils.cpp @@ -55,8 +55,8 @@ class OS_Utils_Tests final : public Test result.test_eq("PID same across calls", static_cast(pid1), static_cast(pid2)); -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIKERNEL) - result.test_eq("PID is zero on unikernel systems", pid1, 0); +#if defined(BOTAN_TARGET_OS_IS_INCLUDEOS) || defined(BOTAN_TARGET_OS_IS_LLVM) + result.test_eq("PID is expected to be zero on this platform", pid1, 0); #else result.test_ne("PID is non-zero on systems with processes", pid1, 0); #endif diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp index 193a943798..a7a83134f3 100644 --- a/src/tests/test_rng.cpp +++ b/src/tests/test_rng.cpp @@ -37,7 +37,7 @@ #include #endif -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) #include #include #endif @@ -273,7 +273,7 @@ class Stateful_RNG_Tests : public Test { Test::Result result(rng_name() + " Fork Safety"); -#if defined(BOTAN_TARGET_OS_TYPE_IS_UNIX) +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) const size_t reseed_interval = 1024; // make sure rng is reseeded after every fork From f0575ecf644a583afb491d14df1f7b03dae7bd32 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 16:19:31 -0500 Subject: [PATCH 0467/1008] Lint fixes --- configure.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 760b866c43..ceb8e4c186 100755 --- a/configure.py +++ b/configure.py @@ -825,7 +825,7 @@ def _validate_defines_content(defines): if not re.match('^[0-9]{8}$', value): raise InternalError('Module defines value has invalid format: "%s"' % value) - def cross_check(self, arch_info, os_info, cc_info, all_os_features): + def cross_check(self, arch_info, cc_info, all_os_features): for feat in set(flatten([o.split(',') for o in self.os_features])): if feat not in all_os_features: @@ -2814,7 +2814,8 @@ def validate_options(options, info_os, info_cc, available_module_policies): def prepare_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy): - loaded_module_names = ModulesChooser(info_modules, module_policy, arch, osinfo, cc, cc_min_version, options).choose() + chooser = ModulesChooser(info_modules, module_policy, arch, osinfo, cc, cc_min_version, options) + loaded_module_names = chooser.choose() using_mods = [info_modules[modname] for modname in loaded_module_names] build_config = BuildPaths(source_paths, options, using_mods) @@ -2962,6 +2963,8 @@ def main(argv): Main driver """ + # pylint: disable=too-many-locals + options = process_command_line(argv[1:]) setup_logging(options) @@ -2987,7 +2990,7 @@ def main(argv): all_os_features = set(flatten([o.target_features for o in info_os.values()])) for mod in info_modules.values(): - mod.cross_check(info_arch, info_os, info_cc, all_os_features) + mod.cross_check(info_arch, info_cc, all_os_features) for policy in info_module_policies.values(): policy.cross_check(info_modules) From a3426e922a75dab3f5ef157bf2521d910eef5090 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 16:34:58 -0500 Subject: [PATCH 0468/1008] Deprecate X509_Certificate::policies In favor of the (new) function that returns the OIDs --- src/lib/x509/x509cert.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index eb8ceb5b33..4235d87e2e 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -315,7 +315,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object * of this certificate. * @return certificate policies */ - std::vector policies() const; + std::vector BOTAN_DEPRECATED("Use certificate_policy_oids") policies() const; std::vector certificate_policy_oids() const; From 6ea658f52f14963928fbf14002bcc15325ccd276 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 16:40:43 -0500 Subject: [PATCH 0469/1008] Change X509_Certificate to cache cert policies and name constraints --- src/lib/x509/x509cert.cpp | 36 ++++++++++++++++++------------------ src/lib/x509/x509cert.h | 4 ++-- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 459e266506..1ebfb7293e 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -46,6 +46,7 @@ struct X509_Certificate_Data std::vector m_extended_key_usage; std::vector m_authority_key_id; std::vector m_subject_key_id; + std::vector m_cert_policies; std::vector m_crl_distribution_points; std::string m_ocsp_responder; @@ -56,6 +57,7 @@ struct X509_Certificate_Data AlternativeName m_subject_alt_name; AlternativeName m_issuer_alt_name; + NameConstraints m_name_constraints; Data_Store m_subject_ds; Data_Store m_issuer_ds; @@ -219,6 +221,11 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o data->m_authority_key_id = ext->get_key_id(); } + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_name_constraints = ext->get_name_constraints(); + } + if(auto ext = data->m_v3_extensions.get_extension_object_as()) { if(ext->get_is_ca() == true) @@ -247,6 +254,11 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o data->m_extended_key_usage = ext->get_oids(); } + if(auto ext = data->m_v3_extensions.get_extension_object_as()) + { + data->m_cert_policies = ext->get_policy_oids(); + } + if(auto ext = data->m_v3_extensions.get_extension_object_as()) { data->m_ocsp_responder = ext->ocsp_responder(); @@ -433,25 +445,14 @@ const std::vector& X509_Certificate::extended_key_usage() const return data().m_extended_key_usage; } -std::vector X509_Certificate::certificate_policy_oids() const +const std::vector& X509_Certificate::certificate_policy_oids() const { - if(auto ext = v3_extensions().get_extension_object_as()) - { - return ext->get_policy_oids(); - } - return std::vector(); + return data().m_cert_policies; } -/* -* Return the name constraints -*/ -NameConstraints X509_Certificate::name_constraints() const +const NameConstraints& X509_Certificate::name_constraints() const { - if(auto ext = v3_extensions().get_extension_object_as()) - { - return ext->get_name_constraints(); - } - return NameConstraints(); // no constraints + return data().m_name_constraints; } const Extensions& X509_Certificate::v3_extensions() const @@ -785,10 +786,9 @@ std::string X509_Certificate::to_string() const out << " " << OIDS::oid2str(ex_constraints[i]) << "\n"; } - NameConstraints name_constraints = this->name_constraints(); + const NameConstraints& name_constraints = this->name_constraints(); - if(!name_constraints.permitted().empty() || - !name_constraints.excluded().empty()) + if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty()) { out << "Name Constraints:\n"; diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 4235d87e2e..e87e5e436e 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -308,7 +308,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object * extension of this certificate. * @return name constraints */ - NameConstraints name_constraints() const; + const NameConstraints& name_constraints() const; /** * Get the policies as defined in the CertificatePolicies extension @@ -317,7 +317,7 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ std::vector BOTAN_DEPRECATED("Use certificate_policy_oids") policies() const; - std::vector certificate_policy_oids() const; + const std::vector& certificate_policy_oids() const; /** * Get all extensions of this certificate. From 5d6f6040770d4504018678bf2d95221c50d506b1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 16:43:11 -0500 Subject: [PATCH 0470/1008] Reorder fields of X509_Certificate_Data to reduce size Just a few bytes but every bit helps. --- src/lib/x509/x509cert.cpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 1ebfb7293e..dd0514dfb6 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -23,9 +23,7 @@ namespace Botan { struct X509_Certificate_Data { - size_t m_version = 0; std::vector m_serial; - bool m_serial_negative; AlgorithmIdentifier m_sig_algo_inner; X509_DN m_issuer_dn; X509_DN m_subject_dn; @@ -34,15 +32,14 @@ struct X509_Certificate_Data X509_Time m_not_before; X509_Time m_not_after; std::vector m_subject_public_key_bits; - AlgorithmIdentifier m_subject_public_key_algid; std::vector m_subject_public_key_bitstring; std::vector m_subject_public_key_bitstring_sha1; + AlgorithmIdentifier m_subject_public_key_algid; std::vector m_v2_issuer_key_id; std::vector m_v2_subject_key_id; Extensions m_v3_extensions; - Key_Constraints m_key_constraints; std::vector m_extended_key_usage; std::vector m_authority_key_id; std::vector m_subject_key_id; @@ -51,16 +48,19 @@ struct X509_Certificate_Data std::vector m_crl_distribution_points; std::string m_ocsp_responder; - size_t m_path_len_constraint = 0; - bool m_self_signed = false; - bool m_is_ca_certificate = false; - AlternativeName m_subject_alt_name; AlternativeName m_issuer_alt_name; NameConstraints m_name_constraints; Data_Store m_subject_ds; Data_Store m_issuer_ds; + + size_t m_version = 0; + size_t m_path_len_constraint = 0; + Key_Constraints m_key_constraints = NO_CONSTRAINTS; + bool m_self_signed = false; + bool m_is_ca_certificate = false; + bool m_serial_negative = false; }; std::string X509_Certificate::PEM_label() const From 46e930509929e47e69b328e8cb4e7ea46ed3307b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 30 Dec 2017 17:39:03 -0500 Subject: [PATCH 0471/1008] Avoid macros in Blake2b to workaround Visual C++ 2017 infinite loop Was fixed in 2017 SP1. Same bug hit Crypto++ - https://gihub.com/weidai11/cryptopp/issues/527 --- src/lib/hash/blake2/blake2b.cpp | 83 +++++++++++++++++---------------- 1 file changed, 44 insertions(+), 39 deletions(-) diff --git a/src/lib/hash/blake2/blake2b.cpp b/src/lib/hash/blake2/blake2b.cpp index 33cc8a2f48..6d897b29f6 100644 --- a/src/lib/hash/blake2/blake2b.cpp +++ b/src/lib/hash/blake2/blake2b.cpp @@ -53,6 +53,38 @@ void Blake2b::state_init() m_F[0] = m_F[1] = 0; } +namespace { + +inline void G(uint64_t& a, uint64_t& b, uint64_t& c, uint64_t& d, + uint64_t M0, uint64_t M1) + { + a = a + b + M0; + d = rotr<32>(d ^ a); + c = c + d; + b = rotr<24>(b ^ c); + a = a + b + M1; + d = rotr<16>(d ^ a); + c = c + d; + b = rotr<63>(b ^ c); + } + +template +inline void ROUND(uint64_t* v, const uint64_t* M) + { + G(v[ 0], v[ 4], v[ 8], v[12], M[i0], M[i1]); + G(v[ 1], v[ 5], v[ 9], v[13], M[i2], M[i3]); + G(v[ 2], v[ 6], v[10], v[14], M[i4], M[i5]); + G(v[ 3], v[ 7], v[11], v[15], M[i6], M[i7]); + G(v[ 0], v[ 5], v[10], v[15], M[i8], M[i9]); + G(v[ 1], v[ 6], v[11], v[12], M[iA], M[iB]); + G(v[ 2], v[ 7], v[ 8], v[13], M[iC], M[iD]); + G(v[ 3], v[ 4], v[ 9], v[14], M[iE], M[iF]); + } + + +} + void Blake2b::compress(const uint8_t* input, size_t blocks, uint64_t increment) { for(size_t b = 0; b != blocks; ++b) @@ -79,51 +111,24 @@ void Blake2b::compress(const uint8_t* input, size_t blocks, uint64_t increment) v[14] ^= m_F[0]; v[15] ^= m_F[1]; -#define G(a, b, c, d, M0, M1) \ - do { \ - a = a + b + M0; \ - d = rotr<32>(d ^ a); \ - c = c + d; \ - b = rotr<24>(b ^ c); \ - a = a + b + M1; \ - d = rotr<16>(d ^ a); \ - c = c + d; \ - b = rotr<63>(b ^ c); \ - } while(0) - -#define ROUND(i0, i1, i2, i3, i4, i5, i6, i7, i8, i9, iA, iB, iC, iD, iE, iF) \ - do { \ - G(v[ 0], v[ 4], v[ 8], v[12], M[i0], M[i1]); \ - G(v[ 1], v[ 5], v[ 9], v[13], M[i2], M[i3]); \ - G(v[ 2], v[ 6], v[10], v[14], M[i4], M[i5]); \ - G(v[ 3], v[ 7], v[11], v[15], M[i6], M[i7]); \ - G(v[ 0], v[ 5], v[10], v[15], M[i8], M[i9]); \ - G(v[ 1], v[ 6], v[11], v[12], M[iA], M[iB]); \ - G(v[ 2], v[ 7], v[ 8], v[13], M[iC], M[iD]); \ - G(v[ 3], v[ 4], v[ 9], v[14], M[iE], M[iF]); \ - } while(0) - - ROUND( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); - ROUND(14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); - ROUND(11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4); - ROUND( 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8); - ROUND( 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13); - ROUND( 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9); - ROUND(12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11); - ROUND(13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10); - ROUND( 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5); - ROUND(10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0); - ROUND( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); - ROUND(14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3); + ROUND< 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15>(v, M); + ROUND<14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3>(v, M); + ROUND<11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4>(v, M); + ROUND< 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8>(v, M); + ROUND< 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13>(v, M); + ROUND< 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9>(v, M); + ROUND<12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11>(v, M); + ROUND<13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10>(v, M); + ROUND< 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5>(v, M); + ROUND<10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0>(v, M); + ROUND< 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15>(v, M); + ROUND<14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3>(v, M); for(size_t i = 0; i < 8; i++) { m_H[i] ^= v[i] ^ v[i + 8]; } } - -#undef G -#undef ROUND } void Blake2b::add_data(const uint8_t input[], size_t length) From 042bad2f7a7f9e12b4ba6c91f8458875537b5a47 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 10:25:50 -0500 Subject: [PATCH 0472/1008] Add version detection for XLC [ci skip] We don't need it right now but may later and it avoids a scary warning when configuring the build. --- configure.py | 8 ++++++-- src/build-data/detect_version.cpp | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configure.py b/configure.py index 2c4f7b5dee..463102ee49 100755 --- a/configure.py +++ b/configure.py @@ -2815,6 +2815,7 @@ def calculate_cc_min_version(options, ccinfo, source_paths): 'msvc': r'^ *MSVC ([0-9]{2})([0-9]{2})$', 'gcc': r'^ *GCC ([0-9]+) ([0-9]+)$', 'clang': r'^ *CLANG ([0-9]+) ([0-9]+)$', + 'xlc': r'^ *XLC (0x[0-9a-fA-F]{2})([0-9a-fA-F]{2})$' } if ccinfo.basename not in version_patterns: @@ -2839,13 +2840,16 @@ def calculate_cc_min_version(options, ccinfo, source_paths): logging.warning('Could not execute %s for version check: %s' % (cmd, e)) return "0.0" + def cleanup_output(output): + return ('\n'.join([l for l in output.splitlines() if l.startswith('#') is False])).strip() + match = re.search(version_patterns[ccinfo.basename], cc_output, flags=re.MULTILINE) if match is None: logging.warning("Tried to get %s version, but output '%s' does not match expected version format" % ( - ccinfo.basename, cc_output)) + ccinfo.basename, cleanup_output(cc_output))) return "0.0" - cc_version = "%d.%d" % (int(match.group(1)), int(match.group(2))) + cc_version = "%d.%d" % (int(match.group(1), 0), int(match.group(2), 0)) logging.info('Auto-detected compiler version %s' % (cc_version)) return cc_version diff --git a/src/build-data/detect_version.cpp b/src/build-data/detect_version.cpp index 42c4a2605c..12a5a707e3 100644 --- a/src/build-data/detect_version.cpp +++ b/src/build-data/detect_version.cpp @@ -16,6 +16,10 @@ */ MSVC _MSC_VER +#elif defined(__xlC__) + + XLC __xlC__ + #elif defined(__clang__) && defined(__apple_build_version__) /* From 9cbb2a31bce90e6da7a20b8e742deb314611e1fe Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 10:43:35 -0500 Subject: [PATCH 0473/1008] Fix Ed25519 tests Due to an error in the test data they ended up being skipped at runtime. --- src/tests/data/pubkey/ed25519.vec | 7 +++---- src/tests/test_ed25519.cpp | 7 +------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/tests/data/pubkey/ed25519.vec b/src/tests/data/pubkey/ed25519.vec index e85679b6d6..87a9c86843 100644 --- a/src/tests/data/pubkey/ed25519.vec +++ b/src/tests/data/pubkey/ed25519.vec @@ -1,4 +1,4 @@ -[Ed25519] +[Pure] # From http://ed25519.cr.yp.to/python/sign.input @@ -3292,16 +3292,15 @@ Pubkey = 30b20fb320b00e77c4e0a8eb3730af3c0b1c5f5ed9ee2b0562707e4f55c4938b Msg = 606144b7d4f96bef7f112b6d41bcb500d2136c134ceda220e24d0f1524eca12c30f2b102c7f378d6bba259c5b4a5ef8ec9309d5c8da7e8d2ded3792aeeea2108f77d66b23045938ed64751f20d48326be2fb99628cfb1873d7dd27581c105ec13249a952a50784b8b34cb3b2c1a004fa8b628a0767fa9abf058d955df85d134a0fc7f4b7d7fb0c8d31bce345dd0a4282145afb2ff19751f2cc3a1caea242baaf538749bf388000e3dc1d739359dfebae64ae1e10fb6fc17cc9fb950535c2de129587a86859b7be36dfe9b6c1141b25e0915c8d4aa1cceae7046b3d7cfa940bc98d4d69fc5a30dde1dee42fb5272281bf8f8e7f3e1a04397fb4f3adefc57532ddbde36833a676e6f39c82aff6bf4832ec971e03be3829c02a203c82d9eb8c1630ee9693f45d26f5f51a3103ca64d468eceac1b29af4c42eb216d76ec8994836b4bec76489ca5070680c2c2eb457210a77c47fdcbf600172073a53f1453bb5c80439c882f0736de40637b4f5ab1f761ff355c6e9bd4abde7560d5fc113c830159a1b77c4e87bc2c69880a40c5805ecc8aaaf57575bccd8177fc6b83569233c0f5ca223ac4013ca106cac2854706aead714fa29f2860a5f9753268a3671d9f59cde6048cf0b8986050f7f549e4fd7557f2fc3fcdccddcefda586a64b3006e5825f27ca31687caf663bd90a05b1152d7c88d7f1051a9d791748651d888a6a12f22d6c8c3f78c2b86eaf5394b4ef7eefb89797b25e542dc93102d021a1d0bed6a7dcdd8102b8f0430a0bc21d904a3c9346c018343dd9937cb35250007a284825db08e9a11fee31cff7a314c48c42d8b314acc27822af03d1954c7cc8bf9ad4e9e98f4ad4efb355288daa8c90de9037e64a7861f5ee43ada9f0fccde34d0bcf50288550f700f215a7944a5380e2a8e3f04f2b4f5 Signature = d083333fb84e79c9b33e55e8192d571ffc8dc50745b6b5fdd8c44d92a63fd178c4e57c2ab3a1211c0ba2d39da30b06629d8d1cc1d9f2593263d524fa5a2ebc03 +[SHA-256] # From draft-koch-eddsa-for-openpgp-04 - -Hash = SHA-256 Privkey = 1a8b1ff05ded48e18bf50166c664ab023ea70003d78d9e41f5758a91d850f8d2 Pubkey = 3f098994bdd916ed4053197934e4a87c80733a1280d62f8010992e43ee3b2406 Msg = 4f70656e504750040016080006050255f95f9504ff0000000c Signature = 56f90cca98e2102637bd983fdb16c131dfd27ed82bf4dde5606e0d756aed3366d09c4fa11527f038e0f57f2201d82f2ea2c9033265fa6ceb489e854bae61b404 +[Pure] # Same test as above but with Msg replaced by the SHA-256 pre-hash -Hash = Pure Privkey = 1a8b1ff05ded48e18bf50166c664ab023ea70003d78d9e41f5758a91d850f8d2 Pubkey = 3f098994bdd916ed4053197934e4a87c80733a1280d62f8010992e43ee3b2406 Msg = f6220a3f757814f4c2176ffbb68b00249cd4ccdc059c4b34ad871f30b1740280 diff --git a/src/tests/test_ed25519.cpp b/src/tests/test_ed25519.cpp index df9d7928a9..e052e92791 100644 --- a/src/tests/test_ed25519.cpp +++ b/src/tests/test_ed25519.cpp @@ -26,7 +26,7 @@ class Ed25519_Signature_Tests final : public PK_Signature_Generation_Test Ed25519_Signature_Tests() : PK_Signature_Generation_Test( "Ed25519", "pubkey/ed25519.vec", - "Privkey,Pubkey,Hash,Msg,Signature") {} + "Privkey,Pubkey,Msg,Signature") {} std::unique_ptr load_private_key(const VarMap& vars) override { @@ -42,11 +42,6 @@ class Ed25519_Signature_Tests final : public PK_Signature_Generation_Test return std::unique_ptr(key.release()); } - - std::string default_padding(const VarMap& vars) const override - { - return get_opt_str(vars, "Hash", "Pure"); - } }; class Ed25519_Curdle_Format_Tests final : public Test From 987662117c2b98b12fdbe8e8ab3eaf8c93c748e3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 12:13:34 -0500 Subject: [PATCH 0474/1008] Add a test that update_granularity > minimum_final_size FFI requires so this so make sure it's true. GH #1377 --- src/tests/test_aead.cpp | 4 ++++ src/tests/test_modes.cpp | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp index efd59f6a80..13d6ee3207 100644 --- a/src/tests/test_aead.cpp +++ b/src/tests/test_aead.cpp @@ -347,6 +347,10 @@ class AEAD_Tests final : public Text_Based_Test result.test_eq("same provider", enc_provider, dec_provider); + // FFI currently requires this, so assure it is true for all modes + result.test_gte("enc buffer sizes ok", enc->update_granularity(), enc->minimum_final_size()); + result.test_gte("dec buffer sizes ok", dec->update_granularity(), dec->minimum_final_size()); + // test enc result.merge(test_enc(key, nonce, input, expected, ad, algo)); diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index 9ee97caed0..7498f13901 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -74,6 +74,10 @@ class Cipher_Mode_Tests final : public Text_Based_Test result.test_eq("output_length", dec->output_length(expected.size()), input.size()); } + // FFI currently requires this, so assure it is true for all modes + result.test_gte("enc buffer sizes ok", enc->update_granularity(), enc->minimum_final_size()); + result.test_gte("dec buffer sizes ok", dec->update_granularity(), dec->minimum_final_size()); + // Test that disallowed nonce sizes result in an exception const size_t large_nonce_size = 65000; result.test_eq("Large nonce not allowed", enc->valid_nonce_length(large_nonce_size), false); From 342596073420efc7000a161f69e5a6928d6a2e53 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 14:32:06 -0500 Subject: [PATCH 0475/1008] Resolve undefined behavior in Ed25519 code Use multiplications instead of shifting directly. --- src/lib/pubkey/ed25519/ed25519_fe.cpp | 222 +++++++++++++----------- src/lib/pubkey/ed25519/ge.cpp | 3 +- src/lib/pubkey/ed25519/sc_muladd.cpp | 233 +++++++++++++------------- src/lib/pubkey/ed25519/sc_reduce.cpp | 142 ++++++++-------- 4 files changed, 313 insertions(+), 287 deletions(-) diff --git a/src/lib/pubkey/ed25519/ed25519_fe.cpp b/src/lib/pubkey/ed25519/ed25519_fe.cpp index 067c9dc18d..5aa515e9ba 100644 --- a/src/lib/pubkey/ed25519/ed25519_fe.cpp +++ b/src/lib/pubkey/ed25519/ed25519_fe.cpp @@ -277,71 +277,74 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ + const int64_t X24 = (1 << 24); + const int64_t X25 = (1 << 25); + const int64_t X26 = (1 << 26); - carry0 = (h0 + (static_cast(1) << 25)) >> 26; + carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; - carry4 = (h4 + (static_cast(1) << 25)) >> 26; + h0 -= carry0 * X26; + carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; + h4 -= carry4 * X26; /* |h0| <= 2^25 */ /* |h4| <= 2^25 */ /* |h1| <= 1.71*2^59 */ /* |h5| <= 1.71*2^59 */ - carry1 = (h1 + (static_cast(1) << 24)) >> 25; + carry1 = (h1 + X24) >> 25; h2 += carry1; - h1 -= carry1 << 25; - carry5 = (h5 + (static_cast(1) << 24)) >> 25; + h1 -= carry1 * X25; + carry5 = (h5 + X24) >> 25; h6 += carry5; - h5 -= carry5 << 25; + h5 -= carry5 * X25; /* |h1| <= 2^24; from now on fits into int32 */ /* |h5| <= 2^24; from now on fits into int32 */ /* |h2| <= 1.41*2^60 */ /* |h6| <= 1.41*2^60 */ - carry2 = (h2 + (static_cast(1) << 25)) >> 26; + carry2 = (h2 + X25) >> 26; h3 += carry2; - h2 -= carry2 << 26; - carry6 = (h6 + (static_cast(1) << 25)) >> 26; + h2 -= carry2 * X26; + carry6 = (h6 + X25) >> 26; h7 += carry6; - h6 -= carry6 << 26; + h6 -= carry6 * X26; /* |h2| <= 2^25; from now on fits into int32 unchanged */ /* |h6| <= 2^25; from now on fits into int32 unchanged */ /* |h3| <= 1.71*2^59 */ /* |h7| <= 1.71*2^59 */ - carry3 = (h3 + (static_cast(1) << 24)) >> 25; + carry3 = (h3 + X24) >> 25; h4 += carry3; - h3 -= carry3 << 25; - carry7 = (h7 + (static_cast(1) << 24)) >> 25; + h3 -= carry3 * X25; + carry7 = (h7 + X24) >> 25; h8 += carry7; - h7 -= carry7 << 25; + h7 -= carry7 * X25; /* |h3| <= 2^24; from now on fits into int32 unchanged */ /* |h7| <= 2^24; from now on fits into int32 unchanged */ /* |h4| <= 1.72*2^34 */ /* |h8| <= 1.41*2^60 */ - carry4 = (h4 + (static_cast(1) << 25)) >> 26; + carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; - carry8 = (h8 + (static_cast(1) << 25)) >> 26; + h4 -= carry4 * X26; + carry8 = (h8 + X25) >> 26; h9 += carry8; - h8 -= carry8 << 26; + h8 -= carry8 * X26; /* |h4| <= 2^25; from now on fits into int32 unchanged */ /* |h8| <= 2^25; from now on fits into int32 unchanged */ /* |h5| <= 1.01*2^24 */ /* |h9| <= 1.71*2^59 */ - carry9 = (h9 + (static_cast(1) << 24)) >> 25; + carry9 = (h9 + X24) >> 25; h0 += carry9 * 19; - h9 -= carry9 << 25; + h9 -= carry9 * X25; /* |h9| <= 2^24; from now on fits into int32 unchanged */ /* |h0| <= 1.1*2^39 */ - carry0 = (h0 + (static_cast(1) << 25)) >> 26; + carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; + h0 -= carry0 * X26; /* |h0| <= 2^25; from now on fits into int32 unchanged */ /* |h1| <= 1.01*2^24 */ @@ -366,6 +369,10 @@ See fe_mul.c for discussion of implementation strategy. //static FE_25519 FE_25519::sqr_iter(const FE_25519& f, size_t iter) { + const int64_t X24 = (1 << 24); + const int64_t X25 = (1 << 25); + const int64_t X26 = (1 << 26); + int32_t f0 = f[0]; int32_t f1 = f[1]; int32_t f2 = f[2]; @@ -471,47 +478,47 @@ FE_25519 FE_25519::sqr_iter(const FE_25519& f, size_t iter) int64_t carry8; int64_t carry9; - carry0 = (h0 + (static_cast(1) << 25)) >> 26; + carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; - carry4 = (h4 + (static_cast(1) << 25)) >> 26; + h0 -= carry0 * X26; + carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; + h4 -= carry4 * X26; - carry1 = (h1 + (static_cast(1) << 24)) >> 25; + carry1 = (h1 + X24) >> 25; h2 += carry1; - h1 -= carry1 << 25; - carry5 = (h5 + (static_cast(1) << 24)) >> 25; + h1 -= carry1 * X25; + carry5 = (h5 + X24) >> 25; h6 += carry5; - h5 -= carry5 << 25; + h5 -= carry5 * X25; - carry2 = (h2 + (static_cast(1) << 25)) >> 26; + carry2 = (h2 + X25) >> 26; h3 += carry2; - h2 -= carry2 << 26; - carry6 = (h6 + (static_cast(1) << 25)) >> 26; + h2 -= carry2 * X26; + carry6 = (h6 + X25) >> 26; h7 += carry6; - h6 -= carry6 << 26; + h6 -= carry6 * X26; - carry3 = (h3 + (static_cast(1) << 24)) >> 25; + carry3 = (h3 + X24) >> 25; h4 += carry3; - h3 -= carry3 << 25; - carry7 = (h7 + (static_cast(1) << 24)) >> 25; + h3 -= carry3 * X25; + carry7 = (h7 + X24) >> 25; h8 += carry7; - h7 -= carry7 << 25; + h7 -= carry7 * X25; - carry4 = (h4 + (static_cast(1) << 25)) >> 26; + carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; - carry8 = (h8 + (static_cast(1) << 25)) >> 26; + h4 -= carry4 * X26; + carry8 = (h8 + X25) >> 26; h9 += carry8; - h8 -= carry8 << 26; + h8 -= carry8 * X26; - carry9 = (h9 + (static_cast(1) << 24)) >> 25; + carry9 = (h9 + X24) >> 25; h0 += carry9 * 19; - h9 -= carry9 << 25; - carry0 = (h0 + (static_cast(1) << 25)) >> 26; + h9 -= carry9 * X25; + carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; + h0 -= carry0 * X26; f0 = h0; f1 = h1; @@ -546,6 +553,10 @@ See fe_mul.c for discussion of implementation strategy. //static FE_25519 FE_25519::sqr2(const FE_25519& f) { + const int64_t X24 = (1 << 24); + const int64_t X25 = (1 << 25); + const int64_t X26 = (1 << 26); + int32_t f0 = f[0]; int32_t f1 = f[1]; int32_t f2 = f[2]; @@ -656,48 +667,48 @@ FE_25519 FE_25519::sqr2(const FE_25519& f) h8 += h8; h9 += h9; - carry0 = (h0 + (static_cast(1) << 25)) >> 26; + carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; - carry4 = (h4 + (static_cast(1) << 25)) >> 26; + h0 -= carry0 * X26; + carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; + h4 -= carry4 * X26; - carry1 = (h1 + (static_cast(1) << 24)) >> 25; + carry1 = (h1 + X24) >> 25; h2 += carry1; - h1 -= carry1 << 25; - carry5 = (h5 + (static_cast(1) << 24)) >> 25; + h1 -= carry1 * X25; + carry5 = (h5 + X24) >> 25; h6 += carry5; - h5 -= carry5 << 25; + h5 -= carry5 * X25; - carry2 = (h2 + (static_cast(1) << 25)) >> 26; + carry2 = (h2 + X25) >> 26; h3 += carry2; - h2 -= carry2 << 26; - carry6 = (h6 + (static_cast(1) << 25)) >> 26; + h2 -= carry2 * X26; + carry6 = (h6 + X25) >> 26; h7 += carry6; - h6 -= carry6 << 26; + h6 -= carry6 * X26; - carry3 = (h3 + (static_cast(1) << 24)) >> 25; + carry3 = (h3 + X24) >> 25; h4 += carry3; - h3 -= carry3 << 25; - carry7 = (h7 + (static_cast(1) << 24)) >> 25; + h3 -= carry3 * X25; + carry7 = (h7 + X24) >> 25; h8 += carry7; - h7 -= carry7 << 25; + h7 -= carry7 * X25; - carry4 = (h4 + (static_cast(1) << 25)) >> 26; + carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; - carry8 = (h8 + (static_cast(1) << 25)) >> 26; + h4 -= carry4 * X26; + carry8 = (h8 + X25) >> 26; h9 += carry8; - h8 -= carry8 << 26; + h8 -= carry8 * X26; - carry9 = (h9 + (static_cast(1) << 24)) >> 25; + carry9 = (h9 + X24) >> 25; h0 += carry9 * 19; - h9 -= carry9 << 25; + h9 -= carry9 * X25; - carry0 = (h0 + (static_cast(1) << 25)) >> 26; + carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; + h0 -= carry0 * X26; return FE_25519(h0, h1, h2, h3, h4, h5, h6, h7, h8, h9); } @@ -708,6 +719,10 @@ Ignores top bit of h. void FE_25519::from_bytes(const uint8_t s[32]) { + const int64_t X24 = (1 << 24); + const int64_t X25 = (1 << 25); + const int64_t X26 = (1 << 26); + int64_t h0 = load_4(s); int64_t h1 = load_3(s + 4) << 6; int64_t h2 = load_3(s + 7) << 5; @@ -719,37 +734,37 @@ void FE_25519::from_bytes(const uint8_t s[32]) int64_t h8 = load_3(s + 26) << 4; int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2; - const int64_t carry9 = (h9 + (static_cast(1) << 24)) >> 25; + const int64_t carry9 = (h9 + X24) >> 25; h0 += carry9 * 19; - h9 -= carry9 << 25; - const int64_t carry1 = (h1 + (static_cast(1) << 24)) >> 25; + h9 -= carry9 * X25; + const int64_t carry1 = (h1 + X24) >> 25; h2 += carry1; - h1 -= carry1 << 25; - const int64_t carry3 = (h3 + (static_cast(1) << 24)) >> 25; + h1 -= carry1 * X25; + const int64_t carry3 = (h3 + X24) >> 25; h4 += carry3; - h3 -= carry3 << 25; - const int64_t carry5 = (h5 + (static_cast(1) << 24)) >> 25; + h3 -= carry3 * X25; + const int64_t carry5 = (h5 + X24) >> 25; h6 += carry5; - h5 -= carry5 << 25; - const int64_t carry7 = (h7 + (static_cast(1) << 24)) >> 25; + h5 -= carry5 * X25; + const int64_t carry7 = (h7 + X24) >> 25; h8 += carry7; - h7 -= carry7 << 25; + h7 -= carry7 * X25; - const int64_t carry0 = (h0 + (static_cast(1) << 25)) >> 26; + const int64_t carry0 = (h0 + X25) >> 26; h1 += carry0; - h0 -= carry0 << 26; - const int64_t carry2 = (h2 + (static_cast(1) << 25)) >> 26; + h0 -= carry0 * X26; + const int64_t carry2 = (h2 + X25) >> 26; h3 += carry2; - h2 -= carry2 << 26; - const int64_t carry4 = (h4 + (static_cast(1) << 25)) >> 26; + h2 -= carry2 * X26; + const int64_t carry4 = (h4 + X25) >> 26; h5 += carry4; - h4 -= carry4 << 26; - const int64_t carry6 = (h6 + (static_cast(1) << 25)) >> 26; + h4 -= carry4 * X26; + const int64_t carry6 = (h6 + X25) >> 26; h7 += carry6; - h6 -= carry6 << 26; - const int64_t carry8 = (h8 + (static_cast(1) << 25)) >> 26; + h6 -= carry6 * X26; + const int64_t carry8 = (h8 + X25) >> 26; h9 += carry8; - h8 -= carry8 << 26; + h8 -= carry8 * X26; m_fe[0] = h0; m_fe[1] = h1; @@ -790,6 +805,9 @@ so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. void FE_25519::to_bytes(uint8_t s[32]) const { + const int64_t X25 = (1 << 25); + const int64_t X26 = (1 << 26); + int32_t h0 = m_fe[0]; int32_t h1 = m_fe[1]; int32_t h2 = m_fe[2]; @@ -830,33 +848,33 @@ void FE_25519::to_bytes(uint8_t s[32]) const carry0 = h0 >> 26; h1 += carry0; - h0 -= carry0 << 26; + h0 -= carry0 * X26; carry1 = h1 >> 25; h2 += carry1; - h1 -= carry1 << 25; + h1 -= carry1 * X25; carry2 = h2 >> 26; h3 += carry2; - h2 -= carry2 << 26; + h2 -= carry2 * X26; carry3 = h3 >> 25; h4 += carry3; - h3 -= carry3 << 25; + h3 -= carry3 * X25; carry4 = h4 >> 26; h5 += carry4; - h4 -= carry4 << 26; + h4 -= carry4 * X26; carry5 = h5 >> 25; h6 += carry5; - h5 -= carry5 << 25; + h5 -= carry5 * X25; carry6 = h6 >> 26; h7 += carry6; - h6 -= carry6 << 26; + h6 -= carry6 * X26; carry7 = h7 >> 25; h8 += carry7; - h7 -= carry7 << 25; + h7 -= carry7 * X25; carry8 = h8 >> 26; h9 += carry8; - h8 -= carry8 << 26; + h8 -= carry8 * X26; carry9 = h9 >> 25; - h9 -= carry9 << 25; + h9 -= carry9 * X25; /* h10 = carry9 */ /* diff --git a/src/lib/pubkey/ed25519/ge.cpp b/src/lib/pubkey/ed25519/ge.cpp index a8cf593e81..4773602dbe 100644 --- a/src/lib/pubkey/ed25519/ge.cpp +++ b/src/lib/pubkey/ed25519/ge.cpp @@ -9,6 +9,7 @@ */ #include +#include namespace Botan { @@ -2028,7 +2029,7 @@ inline void select(ge_precomp* t, int8_t b) { uint8_t bnegative = negative(b); - uint8_t babs = b - (((-bnegative) & b) << 1); + uint8_t babs = b - (((-bnegative) & b) * 2); ge_precomp_0(t); diff --git a/src/lib/pubkey/ed25519/sc_muladd.cpp b/src/lib/pubkey/ed25519/sc_muladd.cpp index e4dcf34017..83863eeb4c 100644 --- a/src/lib/pubkey/ed25519/sc_muladd.cpp +++ b/src/lib/pubkey/ed25519/sc_muladd.cpp @@ -25,6 +25,9 @@ namespace Botan { void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) { + const int64_t X20 = (1 << 20); + const int64_t X21 = (1 << 21); + int64_t a0 = 2097151 & load_3(a); int64_t a1 = 2097151 & (load_4(a + 2) >> 5); int64_t a2 = 2097151 & (load_3(a + 5) >> 2); @@ -134,76 +137,76 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s22 = a11*b11; s23 = 0; - carry0 = (s0 + (1<<20)) >> 21; + carry0 = (s0 + X20) >> 21; s1 += carry0; - s0 -= carry0 << 21; - carry2 = (s2 + (1<<20)) >> 21; + s0 -= carry0 * X21; + carry2 = (s2 + X20) >> 21; s3 += carry2; - s2 -= carry2 << 21; - carry4 = (s4 + (1<<20)) >> 21; + s2 -= carry2 * X21; + carry4 = (s4 + X20) >> 21; s5 += carry4; - s4 -= carry4 << 21; - carry6 = (s6 + (1<<20)) >> 21; + s4 -= carry4 * X21; + carry6 = (s6 + X20) >> 21; s7 += carry6; - s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; + s6 -= carry6 * X21; + carry8 = (s8 + X20) >> 21; s9 += carry8; - s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; + s8 -= carry8 * X21; + carry10 = (s10 + X20) >> 21; s11 += carry10; - s10 -= carry10 << 21; - carry12 = (s12 + (1<<20)) >> 21; + s10 -= carry10 * X21; + carry12 = (s12 + X20) >> 21; s13 += carry12; - s12 -= carry12 << 21; - carry14 = (s14 + (1<<20)) >> 21; + s12 -= carry12 * X21; + carry14 = (s14 + X20) >> 21; s15 += carry14; - s14 -= carry14 << 21; - carry16 = (s16 + (1<<20)) >> 21; + s14 -= carry14 * X21; + carry16 = (s16 + X20) >> 21; s17 += carry16; - s16 -= carry16 << 21; - carry18 = (s18 + (1<<20)) >> 21; + s16 -= carry16 * X21; + carry18 = (s18 + X20) >> 21; s19 += carry18; - s18 -= carry18 << 21; - carry20 = (s20 + (1<<20)) >> 21; + s18 -= carry18 * X21; + carry20 = (s20 + X20) >> 21; s21 += carry20; - s20 -= carry20 << 21; - carry22 = (s22 + (1<<20)) >> 21; + s20 -= carry20 * X21; + carry22 = (s22 + X20) >> 21; s23 += carry22; - s22 -= carry22 << 21; + s22 -= carry22 * X21; - carry1 = (s1 + (1<<20)) >> 21; + carry1 = (s1 + X20) >> 21; s2 += carry1; - s1 -= carry1 << 21; - carry3 = (s3 + (1<<20)) >> 21; + s1 -= carry1 * X21; + carry3 = (s3 + X20) >> 21; s4 += carry3; - s3 -= carry3 << 21; - carry5 = (s5 + (1<<20)) >> 21; + s3 -= carry3 * X21; + carry5 = (s5 + X20) >> 21; s6 += carry5; - s5 -= carry5 << 21; - carry7 = (s7 + (1<<20)) >> 21; + s5 -= carry5 * X21; + carry7 = (s7 + X20) >> 21; s8 += carry7; - s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; + s7 -= carry7 * X21; + carry9 = (s9 + X20) >> 21; s10 += carry9; - s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; + s9 -= carry9 * X21; + carry11 = (s11 + X20) >> 21; s12 += carry11; - s11 -= carry11 << 21; - carry13 = (s13 + (1<<20)) >> 21; + s11 -= carry11 * X21; + carry13 = (s13 + X20) >> 21; s14 += carry13; - s13 -= carry13 << 21; - carry15 = (s15 + (1<<20)) >> 21; + s13 -= carry13 * X21; + carry15 = (s15 + X20) >> 21; s16 += carry15; - s15 -= carry15 << 21; - carry17 = (s17 + (1<<20)) >> 21; + s15 -= carry15 * X21; + carry17 = (s17 + X20) >> 21; s18 += carry17; - s17 -= carry17 << 21; - carry19 = (s19 + (1<<20)) >> 21; + s17 -= carry17 * X21; + carry19 = (s19 + X20) >> 21; s20 += carry19; - s19 -= carry19 << 21; - carry21 = (s21 + (1<<20)) >> 21; + s19 -= carry19 * X21; + carry21 = (s21 + X20) >> 21; s22 += carry21; - s21 -= carry21 << 21; + s21 -= carry21 * X21; s11 += s23 * 666643; s12 += s23 * 470296; @@ -253,40 +256,40 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s11 -= s18 * 683901; s18 = 0; - carry6 = (s6 + (1<<20)) >> 21; + carry6 = (s6 + X20) >> 21; s7 += carry6; - s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; + s6 -= carry6 * X21; + carry8 = (s8 + X20) >> 21; s9 += carry8; - s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; + s8 -= carry8 * X21; + carry10 = (s10 + X20) >> 21; s11 += carry10; - s10 -= carry10 << 21; - carry12 = (s12 + (1<<20)) >> 21; + s10 -= carry10 * X21; + carry12 = (s12 + X20) >> 21; s13 += carry12; - s12 -= carry12 << 21; - carry14 = (s14 + (1<<20)) >> 21; + s12 -= carry12 * X21; + carry14 = (s14 + X20) >> 21; s15 += carry14; - s14 -= carry14 << 21; - carry16 = (s16 + (1<<20)) >> 21; + s14 -= carry14 * X21; + carry16 = (s16 + X20) >> 21; s17 += carry16; - s16 -= carry16 << 21; + s16 -= carry16 * X21; - carry7 = (s7 + (1<<20)) >> 21; + carry7 = (s7 + X20) >> 21; s8 += carry7; - s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; + s7 -= carry7 * X21; + carry9 = (s9 + X20) >> 21; s10 += carry9; - s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; + s9 -= carry9 * X21; + carry11 = (s11 + X20) >> 21; s12 += carry11; - s11 -= carry11 << 21; - carry13 = (s13 + (1<<20)) >> 21; + s11 -= carry11 * X21; + carry13 = (s13 + X20) >> 21; s14 += carry13; - s13 -= carry13 << 21; - carry15 = (s15 + (1<<20)) >> 21; + s13 -= carry13 * X21; + carry15 = (s15 + X20) >> 21; s16 += carry15; - s15 -= carry15 << 21; + s15 -= carry15 * X21; s5 += s17 * 666643; s6 += s17 * 470296; @@ -336,43 +339,43 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s5 -= s12 * 683901; s12 = 0; - carry0 = (s0 + (1<<20)) >> 21; + carry0 = (s0 + X20) >> 21; s1 += carry0; - s0 -= carry0 << 21; - carry2 = (s2 + (1<<20)) >> 21; + s0 -= carry0 * X21; + carry2 = (s2 + X20) >> 21; s3 += carry2; - s2 -= carry2 << 21; - carry4 = (s4 + (1<<20)) >> 21; + s2 -= carry2 * X21; + carry4 = (s4 + X20) >> 21; s5 += carry4; - s4 -= carry4 << 21; - carry6 = (s6 + (1<<20)) >> 21; + s4 -= carry4 * X21; + carry6 = (s6 + X20) >> 21; s7 += carry6; - s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; + s6 -= carry6 * X21; + carry8 = (s8 + X20) >> 21; s9 += carry8; - s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; + s8 -= carry8 * X21; + carry10 = (s10 + X20) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= carry10 * X21; - carry1 = (s1 + (1<<20)) >> 21; + carry1 = (s1 + X20) >> 21; s2 += carry1; - s1 -= carry1 << 21; - carry3 = (s3 + (1<<20)) >> 21; + s1 -= carry1 * X21; + carry3 = (s3 + X20) >> 21; s4 += carry3; - s3 -= carry3 << 21; - carry5 = (s5 + (1<<20)) >> 21; + s3 -= carry3 * X21; + carry5 = (s5 + X20) >> 21; s6 += carry5; - s5 -= carry5 << 21; - carry7 = (s7 + (1<<20)) >> 21; + s5 -= carry5 * X21; + carry7 = (s7 + X20) >> 21; s8 += carry7; - s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; + s7 -= carry7 * X21; + carry9 = (s9 + X20) >> 21; s10 += carry9; - s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; + s9 -= carry9 * X21; + carry11 = (s11 + X20) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= carry11 * X21; s0 += s12 * 666643; s1 += s12 * 470296; @@ -384,40 +387,40 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= carry0 * X21; carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= carry1 * X21; carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= carry2 * X21; carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= carry3 * X21; carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= carry4 * X21; carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= carry5 * X21; carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= carry6 * X21; carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= carry7 * X21; carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= carry8 * X21; carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= carry9 * X21; carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= carry10 * X21; carry11 = s11 >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= carry11 * X21; s0 += s12 * 666643; s1 += s12 * 470296; @@ -429,37 +432,37 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= carry0 * X21; carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= carry1 * X21; carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= carry2 * X21; carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= carry3 * X21; carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= carry4 * X21; carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= carry5 * X21; carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= carry6 * X21; carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= carry7 * X21; carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= carry8 * X21; carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= carry9 * X21; carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= carry10 * X21; s[0] = s0 >> 0; s[1] = s0 >> 8; diff --git a/src/lib/pubkey/ed25519/sc_reduce.cpp b/src/lib/pubkey/ed25519/sc_reduce.cpp index 93dcc6de86..5765c7dace 100644 --- a/src/lib/pubkey/ed25519/sc_reduce.cpp +++ b/src/lib/pubkey/ed25519/sc_reduce.cpp @@ -24,6 +24,10 @@ namespace Botan { void sc_reduce(uint8_t* s) { + const int64_t X20 = (1 << 20); + const int64_t X21 = (1 << 21); + + int64_t s0 = 2097151 & load_3(s); int64_t s1 = 2097151 & (load_4(s + 2) >> 5); int64_t s2 = 2097151 & (load_3(s + 5) >> 2); @@ -114,40 +118,40 @@ void sc_reduce(uint8_t* s) s11 -= s18 * 683901; s18 = 0; - carry6 = (s6 + (1<<20)) >> 21; + carry6 = (s6 + X20) >> 21; s7 += carry6; - s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; + s6 -= carry6 * X21; + carry8 = (s8 + X20) >> 21; s9 += carry8; - s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; + s8 -= carry8 * X21; + carry10 = (s10 + X20) >> 21; s11 += carry10; - s10 -= carry10 << 21; - carry12 = (s12 + (1<<20)) >> 21; + s10 -= carry10 * X21; + carry12 = (s12 + X20) >> 21; s13 += carry12; - s12 -= carry12 << 21; - carry14 = (s14 + (1<<20)) >> 21; + s12 -= carry12 * X21; + carry14 = (s14 + X20) >> 21; s15 += carry14; - s14 -= carry14 << 21; - carry16 = (s16 + (1<<20)) >> 21; + s14 -= carry14 * X21; + carry16 = (s16 + X20) >> 21; s17 += carry16; - s16 -= carry16 << 21; + s16 -= carry16 * X21; - carry7 = (s7 + (1<<20)) >> 21; + carry7 = (s7 + X20) >> 21; s8 += carry7; - s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; + s7 -= carry7 * X21; + carry9 = (s9 + X20) >> 21; s10 += carry9; - s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; + s9 -= carry9 * X21; + carry11 = (s11 + X20) >> 21; s12 += carry11; - s11 -= carry11 << 21; - carry13 = (s13 + (1<<20)) >> 21; + s11 -= carry11 * X21; + carry13 = (s13 + X20) >> 21; s14 += carry13; - s13 -= carry13 << 21; - carry15 = (s15 + (1<<20)) >> 21; + s13 -= carry13 * X21; + carry15 = (s15 + X20) >> 21; s16 += carry15; - s15 -= carry15 << 21; + s15 -= carry15 * X21; s5 += s17 * 666643; s6 += s17 * 470296; @@ -197,43 +201,43 @@ void sc_reduce(uint8_t* s) s5 -= s12 * 683901; s12 = 0; - carry0 = (s0 + (1<<20)) >> 21; + carry0 = (s0 + X20) >> 21; s1 += carry0; - s0 -= carry0 << 21; - carry2 = (s2 + (1<<20)) >> 21; + s0 -= carry0 * X21; + carry2 = (s2 + X20) >> 21; s3 += carry2; - s2 -= carry2 << 21; - carry4 = (s4 + (1<<20)) >> 21; + s2 -= carry2 * X21; + carry4 = (s4 + X20) >> 21; s5 += carry4; - s4 -= carry4 << 21; - carry6 = (s6 + (1<<20)) >> 21; + s4 -= carry4 * X21; + carry6 = (s6 + X20) >> 21; s7 += carry6; - s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; + s6 -= carry6 * X21; + carry8 = (s8 + X20) >> 21; s9 += carry8; - s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; + s8 -= carry8 * X21; + carry10 = (s10 + X20) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= carry10 * X21; - carry1 = (s1 + (1<<20)) >> 21; + carry1 = (s1 + X20) >> 21; s2 += carry1; - s1 -= carry1 << 21; - carry3 = (s3 + (1<<20)) >> 21; + s1 -= carry1 * X21; + carry3 = (s3 + X20) >> 21; s4 += carry3; - s3 -= carry3 << 21; - carry5 = (s5 + (1<<20)) >> 21; + s3 -= carry3 * X21; + carry5 = (s5 + X20) >> 21; s6 += carry5; - s5 -= carry5 << 21; - carry7 = (s7 + (1<<20)) >> 21; + s5 -= carry5 * X21; + carry7 = (s7 + X20) >> 21; s8 += carry7; - s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; + s7 -= carry7 * X21; + carry9 = (s9 + X20) >> 21; s10 += carry9; - s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; + s9 -= carry9 * X21; + carry11 = (s11 + X20) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= carry11 * X21; s0 += s12 * 666643; s1 += s12 * 470296; @@ -245,40 +249,40 @@ void sc_reduce(uint8_t* s) carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= carry0 * X21; carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= carry1 * X21; carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= carry2 * X21; carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= carry3 * X21; carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= carry4 * X21; carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= carry5 * X21; carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= carry6 * X21; carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= carry7 * X21; carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= carry8 * X21; carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= carry9 * X21; carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= carry10 * X21; carry11 = s11 >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= carry11 * X21; s0 += s12 * 666643; s1 += s12 * 470296; @@ -290,37 +294,37 @@ void sc_reduce(uint8_t* s) carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= carry0 * X21; carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= carry1 * X21; carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= carry2 * X21; carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= carry3 * X21; carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= carry4 * X21; carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= carry5 * X21; carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= carry6 * X21; carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= carry7 * X21; carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= carry8 * X21; carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= carry9 * X21; carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= carry10 * X21; s[0] = s0 >> 0; s[1] = s0 >> 8; From 6e20975e8ebac325f6cb34be184886d55158c9e1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 16:18:15 -0500 Subject: [PATCH 0476/1008] Fix make clean target If we removed the shared lib first, the symlinks were dangling and access() would return false. Instead always unlink. --- src/scripts/cleanup.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/scripts/cleanup.py b/src/scripts/cleanup.py index 8c72d3eb14..29f8e8ede9 100755 --- a/src/scripts/cleanup.py +++ b/src/scripts/cleanup.py @@ -16,6 +16,7 @@ import logging import json import shutil +import errno def remove_dir(d): try: @@ -29,13 +30,11 @@ def remove_dir(d): def remove_file(f): try: - if os.access(f, os.R_OK): - logging.debug('Removing file "%s"', f) - os.unlink(f) - else: - logging.debug('File %s was missing', f) - except Exception as e: # pylint: disable=broad-except - logging.error('Failed removing file "%s": %s', f, e) + logging.debug('Removing file "%s"', f) + os.unlink(f) + except OSError as e: + if e.errno != errno.ENOENT: + logging.error('Failed removing file "%s": %s', f, e) def remove_all_in_dir(d): if os.access(d, os.X_OK): From 1a94b02330db5d3a2b12cc76259d4696fa634bdf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 16:30:25 -0500 Subject: [PATCH 0477/1008] Add PKCS7 to todo GH #1115 --- doc/todo.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/todo.rst b/doc/todo.rst index 551c24aac2..6080da4fb4 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -109,6 +109,7 @@ PKIX New Protocols / Formats ---------------------------------------- +* PKCS7 / Cryptographic Message Syntax * NaCl compatible cryptobox functions * Off-The-Record v3 https://otr.cypherpunks.ca/ * Some useful subset of OpenPGP From 22366ec256711e3f9fd35f8dbc5089c36ac8d8a3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 16:40:09 -0500 Subject: [PATCH 0478/1008] Fix build issue affecting Sun CC If the ar command and the compiler have the same name in the config, and the user overrode the path to the compiler, take that as the ar command also. Fixes #851 --- configure.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 463102ee49..c8624f1d6e 100755 --- a/configure.py +++ b/configure.py @@ -1752,6 +1752,18 @@ def configure_command_line(): def cmake_escape(s): return s.replace('(', '\\(').replace(')', '\\)') + def ar_command(): + if options.ar_command: + return options.ar_command + + if cc.ar_command: + if cc.ar_command == cc.binary_name: + return options.compiler_binary or cc.binary_name + else: + return cc.ar_command + + return osinfo.ar_command + build_dir = options.with_build_dir or os.path.curdir program_suffix = options.program_suffix or osinfo.program_suffix @@ -1871,7 +1883,7 @@ def cmake_escape(s): 'exe_link_cmd': cc.binary_link_command_for(osinfo.basename, options) + external_link_cmd(), 'post_link_cmd': '', - 'ar_command': options.ar_command or cc.ar_command or osinfo.ar_command, + 'ar_command': ar_command(), 'ar_options': cc.ar_options or osinfo.ar_options, 'ar_output_to': cc.ar_output_to, From 16ebbe21a09655a4cca54ed5cb6859c12817660e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 31 Dec 2017 16:47:02 -0500 Subject: [PATCH 0479/1008] Enable GCC inline asm under Sun Studio compilers Fixes GH #848 --- src/lib/utils/compiler.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/compiler.h b/src/lib/utils/compiler.h index 0115ae00c2..fd59c2d327 100644 --- a/src/lib/utils/compiler.h +++ b/src/lib/utils/compiler.h @@ -13,7 +13,7 @@ #define BOTAN_UTIL_COMPILER_FLAGS_H_ /* Should we use GCC-style inline assembler? */ -#if !defined(BOTAN_USE_GCC_INLINE_ASM) && (defined(__GNUC__) || defined(__xlc__)) +#if !defined(BOTAN_USE_GCC_INLINE_ASM) && (defined(__GNUC__) || defined(__xlc__) || defined(__SUNPRO_CC)) #define BOTAN_USE_GCC_INLINE_ASM 1 #endif From 4f0d4d64e4cadee4730a56c9ad1a690f2f62a06b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 09:43:58 -0500 Subject: [PATCH 0480/1008] Fix hardcoded date Fixes GH #1380 --- src/tests/unit_x509.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 11f2932a8e..1fd4dc239f 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -1269,13 +1269,12 @@ Test::Result test_padding_config() { test_result.test_eq("CA certificate signature algorithm (explicit)", Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + const auto not_before = Botan::calendar_point(2017, 1, 1, 1, 1, 1).to_std_timepoint(); + const auto not_after = Botan::calendar_point(2037, 12, 25, 1, 1, 1).to_std_timepoint(); + // Prepare a signing request for the end certificate Botan::X509_Cert_Options req_opt("endpoint"); req_opt.set_padding_scheme("EMSA4(SHA-512,MGF1,64)"); - auto not_before = Botan::calendar_point(2017, 1, 1, 1, 1, - 1).to_std_timepoint(); - auto not_after = Botan::calendar_point(2018, 1, 1, 1, 1, - 1).to_std_timepoint(); Botan::PKCS10_Request end_req = Botan::X509::create_cert_req(req_opt, (*sk), "SHA-512", Test::rng()); test_result.test_eq("Certificate request signature algorithm", Botan::OIDS::lookup(end_req.signature_algorithm().oid),"RSA/EMSA4"); From b36a6bd55e23c483fccef3991ad6c5c4940460a7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 09:44:28 -0500 Subject: [PATCH 0481/1008] Update license years --- license.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/license.txt b/license.txt index 48692a2ff8..e6c8859565 100644 --- a/license.txt +++ b/license.txt @@ -1,4 +1,4 @@ -Copyright (C) 1999-2013,2014,2015,2016,2017 The Botan Authors +Copyright (C) 1999-2018 The Botan Authors All rights reserved. Redistribution and use in source and binary forms, with or without From 903d8042a987f3d56cb121498d183e7433f69b34 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 10:56:46 -0500 Subject: [PATCH 0482/1008] Add a cast to avoid Sonar warning --- src/lib/pubkey/ed25519/ge.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/ed25519/ge.cpp b/src/lib/pubkey/ed25519/ge.cpp index 4773602dbe..4c78223b2d 100644 --- a/src/lib/pubkey/ed25519/ge.cpp +++ b/src/lib/pubkey/ed25519/ge.cpp @@ -2028,10 +2028,9 @@ inline void select(ge_precomp* t, const ge_precomp* base, int8_t b) { - uint8_t bnegative = negative(b); - uint8_t babs = b - (((-bnegative) & b) * 2); - - ge_precomp_0(t); + const uint8_t bnegative = negative(b); + const uint8_t babs = b - (((-static_cast(bnegative)) & b) * 2); + const int32_t neg_mask = equal32(bnegative, 1); const int32_t mask1 = equal32(babs, 1); const int32_t mask2 = equal32(babs, 2); @@ -2075,8 +2074,6 @@ inline void select(ge_precomp* t, ((t->xy2d[i] ^ base[7].xy2d[i]) & mask8); } - const int32_t neg_mask = equal32(bnegative, 1); - fe minus_xy2d; fe_neg(minus_xy2d, t->xy2d); From 8591e6de8c7bea614d4ed33037d48cff3a281afa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 11:16:01 -0500 Subject: [PATCH 0483/1008] Add some basic tests of Data_Store class It's deprecated, but still exposed API and still used internally. --- src/tests/test_datastore.cpp | 71 ++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 src/tests/test_datastore.cpp diff --git a/src/tests/test_datastore.cpp b/src/tests/test_datastore.cpp new file mode 100644 index 0000000000..ef1f55cd8e --- /dev/null +++ b/src/tests/test_datastore.cpp @@ -0,0 +1,71 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_X509_CERTIFICATES) + +#include + +namespace Botan_Tests { + +class Datastore_Tests : public Test + { + public: + std::vector run() override + { + Test::Result result("Data_Store"); + + Botan::Data_Store ds1; + Botan::Data_Store ds2; + + result.confirm("equality", ds1 == ds2); + + result.test_eq("has_value", ds1.has_value("key"), false); + result.test_eq("get1 with default", ds1.get1("key", "default"), "default"); + + result.test_throws("get1", "Data_Store::get1: No values set for missing_key", + [&ds1]() { ds1.get1("missing_key"); }); + + result.test_eq("search_for", ds1.search_for([](std::string, std::string) { return true; }).size(), 0); + + ds1.add("key", "value"); + + result.test_eq("search_for", ds1.search_for([](std::string, std::string) { return true; }).size(), 1); + + result.test_eq("equality", ds1 == ds2, false); + + result.test_eq("has_value", ds1.has_value("key"), true); + result.test_eq("get1 with default", ds1.get1("key", "default"), "value"); + result.test_eq("get1", ds1.get1("key"), "value"); + + result.test_eq("get1_memvec", ds1.get1_memvec("memvec").size(), 0); + + const std::vector memvec = { 9, 1, 1, 4 }; + ds1.add("memvec", memvec); + + result.test_eq("get1_memvec", ds1.get1_memvec("memvec"), memvec); + + result.test_eq("get1_uint32", ds1.get1_uint32("memvec"), size_t(9010104)); + + result.test_eq("get1_uint32", ds1.get1_uint32("missing", 999), size_t(999)); + + ds1.add("key", "value2"); + + result.test_throws("get1", "Data_Store::get1: More than one value for key", + [&ds1]() { ds1.get1("key"); }); + + result.test_eq("get multiple", ds1.get("key").size(), 2); + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("x509_datastore", Datastore_Tests); + +} + +#endif From 3407b0c98b63ae0f9926a8def7838862711d2e6d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 11:45:50 -0500 Subject: [PATCH 0484/1008] Fix function call accidentally removed in 903d8042a9 --- src/lib/pubkey/ed25519/ge.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/ed25519/ge.cpp b/src/lib/pubkey/ed25519/ge.cpp index 4c78223b2d..ec22fa1790 100644 --- a/src/lib/pubkey/ed25519/ge.cpp +++ b/src/lib/pubkey/ed25519/ge.cpp @@ -2029,7 +2029,7 @@ inline void select(ge_precomp* t, int8_t b) { const uint8_t bnegative = negative(b); - const uint8_t babs = b - (((-static_cast(bnegative)) & b) * 2); + const uint8_t babs = b - ((-static_cast(bnegative) & b) * 2); const int32_t neg_mask = equal32(bnegative, 1); const int32_t mask1 = equal32(babs, 1); @@ -2041,6 +2041,8 @@ inline void select(ge_precomp* t, const int32_t mask7 = equal32(babs, 7); const int32_t mask8 = equal32(babs, 8); + ge_precomp_0(t); + for(size_t i = 0; i != 10; ++i) { t->yplusx[i] = t->yplusx[i] ^ From 934f282ca5b19cbe1da963de2709aaa46f195656 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 12:55:37 -0500 Subject: [PATCH 0485/1008] Fix bogus comparison [ci skip] Coverity --- src/tests/test_modes.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index 7498f13901..3ac34760d4 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -61,7 +61,7 @@ class Cipher_Mode_Tests final : public Text_Based_Test result.test_eq("mode not authenticated", enc->authenticated(), false); - if(algo.find("/CBC")) + if(algo.find("/CBC") != std::string::npos) { // can't test equal due to CBC padding result.test_lte("output_length", enc->output_length(input.size()), expected.size()); From 74e7e28a0ed59dd1602656a4049e898fab24eaaf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 13:56:18 -0500 Subject: [PATCH 0486/1008] Fix build on old Clang Clang 3.5 on mac didn't like this. --- src/lib/x509/x509_ca.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index cba3b98169..1560140c75 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -277,7 +277,8 @@ PK_Signer* choose_sig_format(const Private_Key& key, const std::string& hash_fn, AlgorithmIdentifier& sig_algo) { - return choose_sig_format(key, {}, rng, hash_fn, sig_algo); + return choose_sig_format(key, std::map(), + rng, hash_fn, sig_algo); } /* From 50e4b38ad56f12599b360f8db8f431da39452341 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 14:01:06 -0500 Subject: [PATCH 0487/1008] Avoid warning with old Clang Clang defines __GNUG__ so we ended up ignoring the Clang version. --- src/lib/utils/compiler.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/compiler.h b/src/lib/utils/compiler.h index fd59c2d327..68fc51e6d6 100644 --- a/src/lib/utils/compiler.h +++ b/src/lib/utils/compiler.h @@ -69,7 +69,7 @@ /* * Define BOTAN_FUNC_ISA */ -#if defined(__GNUG__) || (BOTAN_CLANG_VERSION > 38) +#if (defined(__GNUG__) && !defined(__clang__)) || (BOTAN_CLANG_VERSION > 38) #define BOTAN_FUNC_ISA(isa) __attribute__ ((target(isa))) #else #define BOTAN_FUNC_ISA(isa) From 1cf931e3e5871361d286ded8463fd9cc55ceb4a6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 1 Jan 2018 14:03:51 -0500 Subject: [PATCH 0488/1008] Avoid a warning under Clang when building amalgamation It defines __GNUG__ then complains it doesn't understand a GCC pragma. --- configure.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.py b/configure.py index c8624f1d6e..1e8f916dd8 100755 --- a/configure.py +++ b/configure.py @@ -2351,7 +2351,7 @@ def header_contents(self, name): def write_banner(fd): fd.write("""/* * Botan %s Amalgamation -* (C) 1999-2017 The Botan Authors +* (C) 1999-2018 The Botan Authors * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -2486,7 +2486,7 @@ def _generate_sources(self, amalgamation_headers, included_in_headers): #pylint: f.write('\n') for isa in self._isas_for_target(target): - f.write('#if defined(__GNUG__)\n') + f.write('#if defined(__GNUG__) && !defined(__clang__)\n') f.write('#pragma GCC target ("%s")\n' % (isa)) f.write('#endif\n') From 0b957292b1c854a12356503d5b5c13e540101843 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 2 Jan 2018 10:41:01 -0500 Subject: [PATCH 0489/1008] Avoid a warning in Sonar --- src/tests/unit_ecc.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 852420244d..b9355e6f0e 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -379,7 +379,9 @@ Test::Result test_zeropoint() Botan::BigInt("1373093393927139016463695321221277758035357890939")); result.confirm("point is on the curve", p1.on_the_curve()); - p1 -= p1; + + Botan::PointGFp p2 = p1; + p1 -= p2; result.confirm("p - q with q = p results in zero", p1.is_zero()); return result; From 8326a481c1c7ae6ce18db8b4af9f413bd8435c3e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 2 Jan 2018 10:42:11 -0500 Subject: [PATCH 0490/1008] Cleanup ECIES test And avoid warnings from Sonar about adding booleans --- src/lib/pubkey/ecies/ecies.cpp | 2 +- src/tests/test_ecies.cpp | 27 ++++++++++----------------- 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 39eb08afe7..e2d574dcfa 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -194,7 +194,7 @@ ECIES_System_Params::ECIES_System_Params(const EC_Group& domain, const std::stri m_mac_keylen(mac_key_len) { // ISO 18033: "At most one of CofactorMode, OldCofactorMode, and CheckMode may be 1." - if(cofactor_mode() + old_cofactor_mode() + check_mode() > 1) + if(size_t(cofactor_mode()) + size_t(old_cofactor_mode()) + size_t(check_mode()) > 1) { throw Invalid_Argument("ECIES: only one of cofactor_mode, old_cofactor_mode and check_mode can be set"); } diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp index 6a4bcfeb04..5c5af0a416 100644 --- a/src/tests/test_ecies.cpp +++ b/src/tests/test_ecies.cpp @@ -150,40 +150,33 @@ class ECIES_ISO_Tests final : public Text_Based_Test result.test_eq("derived secret key", secret_key.bits_of(), k); // test encryption / decryption - for(int i_cofactor_mode = 0; i_cofactor_mode < 2; ++i_cofactor_mode) + + for(auto comp_type : { Botan::PointGFp::UNCOMPRESSED, Botan::PointGFp::COMPRESSED, Botan::PointGFp::HYBRID }) { - for(int i_single_hash_mode = 0; i_single_hash_mode < 2; ++i_single_hash_mode) + for(bool cofactor_mode : { true, false }) { - for(int i_old_cofactor_mode = 0; i_old_cofactor_mode < 2; ++i_old_cofactor_mode) + for(bool single_hash_mode : { true, false }) { - for(int i_check_mode = 0; i_check_mode < 2; ++i_check_mode) + for(bool old_cofactor_mode : { true, false }) { - for(int i_compression_type = 0; i_compression_type < 3; ++i_compression_type) + for(bool check_mode : { true, false }) { - const bool cofactor_mode = i_cofactor_mode != 0; - const bool single_hash_mode = i_single_hash_mode != 0; - const bool old_cofactor_mode = i_old_cofactor_mode != 0; - const bool check_mode = i_check_mode != 0; - const Botan::PointGFp::Compression_Type gen_compression_type = - static_cast(i_compression_type); - Flags flags = ecies_flags(cofactor_mode, old_cofactor_mode, check_mode, single_hash_mode); - if(cofactor_mode + check_mode + old_cofactor_mode > 1) + if(size_t(cofactor_mode) + size_t(check_mode) + size_t(old_cofactor_mode) > 1) { auto onThrow = [&]() { - Botan::ECIES_System_Params( - eph_private_key.domain(), + Botan::ECIES_System_Params(eph_private_key.domain(), "KDF2(SHA-1)", "AES-256/CBC", 32, "HMAC(SHA-1)", 20, - gen_compression_type, flags); + comp_type, flags); }; result.test_throws("throw on invalid ECIES_Flags", onThrow); continue; } Botan::ECIES_System_Params ecies_params(eph_private_key.domain(), "KDF2(SHA-1)", "AES-256/CBC", - 32, "HMAC(SHA-1)", 20, gen_compression_type, flags); + 32, "HMAC(SHA-1)", 20, comp_type, flags); check_encrypt_decrypt(result, eph_private_key, other_private_key, ecies_params, 16); } } From 88699fc3295d99aebcabb0d88e2f155b1fdf43e2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 2 Jan 2018 10:58:45 -0500 Subject: [PATCH 0491/1008] Use helper for char to uint8_t conversions. --- src/lib/psk_db/psk_db.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/psk_db/psk_db.h b/src/lib/psk_db/psk_db.h index 2a573c7d5e..39686a9955 100644 --- a/src/lib/psk_db/psk_db.h +++ b/src/lib/psk_db/psk_db.h @@ -59,12 +59,12 @@ class BOTAN_PUBLIC_API(2,4) PSK_Database std::string get_str(const std::string& name) const { secure_vector psk = get(name); - return std::string(reinterpret_cast(psk.data()), psk.size()); + return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size()); } void set_str(const std::string& name, const std::string& psk) { - set(name, reinterpret_cast(psk.data()), psk.size()); + set(name, cast_char_ptr_to_uint8(psk.data()), psk.size()); } template From cc5e87c0bf9553b1c18b1c487c4089111d3271d7 Mon Sep 17 00:00:00 2001 From: Patrik Fiedler Date: Wed, 3 Jan 2018 10:45:41 +0100 Subject: [PATCH 0492/1008] add the detection for the ca issuers field(1.3.6.1.5.5.7.48.2) in x509 certificates --- src/lib/asn1/oids.cpp | 2 ++ src/lib/x509/x509_ext.cpp | 13 +++++++++++++ src/lib/x509/x509_ext.h | 11 ++++++++--- src/lib/x509/x509cert.cpp | 16 ++++++++++++++++ src/lib/x509/x509cert.h | 5 +++++ 5 files changed, 44 insertions(+), 3 deletions(-) diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index 2c97f1d298..e88fdc980b 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -133,6 +133,7 @@ std::string lookup(const OID& oid) if(oid_str == "1.3.6.1.4.1.8301.3.1.2.9.0.38") return "secp521r1"; if(oid_str == "1.3.6.1.5.5.7.1.1") return "PKIX.AuthorityInformationAccess"; if(oid_str == "1.3.6.1.5.5.7.3.1") return "PKIX.ServerAuth"; + if(oid_str == "1.3.6.1.5.5.7.48.2") return "PKIX.CertificateAuthorityIssuers"; if(oid_str == "1.3.6.1.5.5.7.3.2") return "PKIX.ClientAuth"; if(oid_str == "1.3.6.1.5.5.7.3.3") return "PKIX.CodeSigning"; if(oid_str == "1.3.6.1.5.5.7.3.4") return "PKIX.EmailProtection"; @@ -303,6 +304,7 @@ OID lookup(const std::string& name) if(name == "PKCS9.MessageDigest") return OID("1.2.840.113549.1.9.4"); if(name == "PKCS9.UnstructuredName") return OID("1.2.840.113549.1.9.2"); if(name == "PKIX.AuthorityInformationAccess") return OID("1.3.6.1.5.5.7.1.1"); + if(name == "PKIX.CertificateAuthorityIssuers") return OID("1.3.6.1.5.5.7.48.2"); if(name == "PKIX.ClientAuth") return OID("1.3.6.1.5.5.7.3.2"); if(name == "PKIX.CodeSigning") return OID("1.3.6.1.5.5.7.3.3"); if(name == "PKIX.EmailProtection") return OID("1.3.6.1.5.5.7.3.4"); diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index afb79f6bfc..64f5765ac7 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -777,6 +777,15 @@ void Authority_Information_Access::decode_inner(const std::vector& in) } } + if(oid == OIDS::lookup("PKIX.CertificateAuthorityIssuers")) + { + BER_Object name = info.get_next_object(); + + if(name.type_tag == 6 && name.class_tag == CONTEXT_SPECIFIC) + { + m_ca_issuers.push_back(ASN1::to_string(name)); + } + } } } @@ -784,6 +793,10 @@ void Authority_Information_Access::contents_to(Data_Store& subject, Data_Store&) { if(!m_ocsp_responder.empty()) subject.add("OCSP.responder", m_ocsp_responder); + std::for_each(m_ca_issuers.begin(), m_ca_issuers.end(), [&subject] (const std::string& ca_issuer) + { + subject.add("PKIX.CertificateAuthorityIssuers", ca_issuer); + }); } /* diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 235496cbdc..8e702daf1a 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -544,21 +544,25 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Policies final : public Certificate_Exte std::vector m_oids; }; +/** +* Authority Information Access Extension +*/ class BOTAN_PUBLIC_API(2,0) Authority_Information_Access final : public Certificate_Extension { public: Authority_Information_Access* copy() const override - { return new Authority_Information_Access(m_ocsp_responder); } + { return new Authority_Information_Access(m_ocsp_responder, m_ca_issuers); } Authority_Information_Access() = default; - explicit Authority_Information_Access(const std::string& ocsp) : - m_ocsp_responder(ocsp) {} + explicit Authority_Information_Access(const std::string& ocsp, const std::vector& ca_issuers = std::vector()) : + m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {} std::string ocsp_responder() const { return m_ocsp_responder; } static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); } OID oid_of() const override { return static_oid(); } + const std::vector ca_issuers() const { return m_ca_issuers; } private: std::string oid_name() const override @@ -572,6 +576,7 @@ class BOTAN_PUBLIC_API(2,0) Authority_Information_Access final : public Certific void contents_to(Data_Store&, Data_Store&) const override; std::string m_ocsp_responder; + std::vector m_ca_issuers; }; /** diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index dd0514dfb6..f298006c06 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -47,6 +47,7 @@ struct X509_Certificate_Data std::vector m_crl_distribution_points; std::string m_ocsp_responder; + std::vector m_ca_issuers; AlternativeName m_subject_alt_name; AlternativeName m_issuer_alt_name; @@ -262,6 +263,7 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o if(auto ext = data->m_v3_extensions.get_extension_object_as()) { data->m_ocsp_responder = ext->ocsp_responder(); + data->m_ca_issuers = ext->ca_issuers(); } if(auto ext = data->m_v3_extensions.get_extension_object_as()) @@ -543,6 +545,11 @@ std::string X509_Certificate::ocsp_responder() const return data().m_ocsp_responder; } +std::vector X509_Certificate::ca_issuers() const + { + return data().m_ca_issuers; + } + std::string X509_Certificate::crl_distribution_point() const { // just returns the first (arbitrarily) @@ -815,6 +822,15 @@ std::string X509_Certificate::to_string() const if(!ocsp_responder().empty()) out << "OCSP responder " << ocsp_responder() << "\n"; + + std::vector ca_issuers = this->ca_issuers(); + if(!ca_issuers.empty()) + { + out << "CA Issuers:\n"; + for(size_t i = 0; i != ca_issuers.size(); i++) + out << " URI: " << ca_issuers[i] << "\n"; + } + if(!crl_distribution_point().empty()) out << "CRL " << crl_distribution_point() << "\n"; diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index e87e5e436e..a1448637df 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -345,6 +345,11 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ std::string ocsp_responder() const; + /** + * Return the listed addresses of ca issuers, or empty if not set + */ + std::vector ca_issuers() const; + /** * Return the CRL distribution point, or empty if not set */ From b1297f6352e2a24db7cd0776a788ac4570f1dcb2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 3 Jan 2018 09:59:33 -0500 Subject: [PATCH 0493/1008] Remove obsolete instructions from building.rst [ci skip] The makefile style distinction is no more. --- doc/manual/building.rst | 29 +++++------------------------ 1 file changed, 5 insertions(+), 24 deletions(-) diff --git a/doc/manual/building.rst b/doc/manual/building.rst index 64b67b9be3..c2a6d26780 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -96,16 +96,6 @@ Currently available policies include ``bsi``, ``nist`` and ``modern``:: $ ./configure.py --module-policy=bsi --enable-modules=tls,xts -The script tries to guess what kind of makefile to generate, and it -almost always guesses correctly (basically, Visual C++ uses NMAKE with -Windows commands, and everything else uses Unix make with POSIX -commands). Just in case, you can override it with -``--make-style=X``. The styles Botan currently knows about are 'gmake' -(GNU make and possibly some other Unix makes), and 'nmake', the make -variant commonly used by Microsoft compilers. To add a new variant -(eg, a build script for VMS), you will need to create a new template -file in ``src/build-data/makefile``. - Cross Compiling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -122,7 +112,8 @@ completely supported by the build system. To extend the example, we must tell botan.exe: PE32 executable (console) Intel 80386, for MS Windows You can also specify the alternate tools by setting the `CXX` and `AR` -environment variables, as is commonly done with autoconf builds. +environment variables (instead of the `--cc-bin` and `--ar-command` options), as +is commonly done with autoconf builds. On Unix ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -159,22 +150,12 @@ shared libraries to be picked up by the linker. An alternative is to set your ``LD_LIBRARY_PATH`` shell variable to include the directory that the Botan libraries were installed into. -On OS X +On macOS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -In general the Unix instructions above should apply, however OS X does -not support ``LD_LIBRARY_PATH``. Thomas Keller suggests instead -running ``install_name_tool`` between building and running the -self-test program:: - - $ VERSION=1.11.11 # or whatever the current version is - $ install_name_tool -change $(otool -X -D libbotan-$VERSION.dylib) \ - $PWD/libbotan-$VERSION.dylib botan-test - -Building Universal Binaries -&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& +A build on macOS works much like that on any other Unix-like system. -To build a universal binary for OS X, you need to set some additional +To build a universal binary for macOS, you need to set some additional build flags. Do this with the `configure.py` flag `--cc-abi-flags`:: --cc-abi-flags="-force_cpusubtype_ALL -mmacosx-version-min=10.4 -arch i386 -arch ppc" From be81e8d15a5b1698863dc09816f15d7fcaddca65 Mon Sep 17 00:00:00 2001 From: Patrik Fiedler Date: Wed, 3 Jan 2018 16:50:45 +0100 Subject: [PATCH 0494/1008] use range-based for loop instead of std::for_each --- src/build-data/oids.txt | 1 + src/lib/asn1/oids.cpp | 4 ++-- src/lib/x509/x509_ext.cpp | 6 ++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt index 089523e695..321439e5bc 100644 --- a/src/build-data/oids.txt +++ b/src/build-data/oids.txt @@ -235,6 +235,7 @@ 1.3.6.1.5.5.7.48.1 = PKIX.OCSP 1.3.6.1.5.5.7.48.1.1 = PKIX.OCSP.BasicResponse +1.3.6.1.5.5.7.48.2 = PKIX.CertificateAuthorityIssuers 1.3.6.1.4.1.311.20.2.2 = Microsoft SmartcardLogon diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index e88fdc980b..b60ec24d29 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by ./src/scripts/oids.py on 2017-12-05 +* This file was automatically generated by ./src/scripts/oids.py on 2018-01-03 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -133,7 +133,6 @@ std::string lookup(const OID& oid) if(oid_str == "1.3.6.1.4.1.8301.3.1.2.9.0.38") return "secp521r1"; if(oid_str == "1.3.6.1.5.5.7.1.1") return "PKIX.AuthorityInformationAccess"; if(oid_str == "1.3.6.1.5.5.7.3.1") return "PKIX.ServerAuth"; - if(oid_str == "1.3.6.1.5.5.7.48.2") return "PKIX.CertificateAuthorityIssuers"; if(oid_str == "1.3.6.1.5.5.7.3.2") return "PKIX.ClientAuth"; if(oid_str == "1.3.6.1.5.5.7.3.3") return "PKIX.CodeSigning"; if(oid_str == "1.3.6.1.5.5.7.3.4") return "PKIX.EmailProtection"; @@ -144,6 +143,7 @@ std::string lookup(const OID& oid) if(oid_str == "1.3.6.1.5.5.7.3.9") return "PKIX.OCSPSigning"; if(oid_str == "1.3.6.1.5.5.7.48.1") return "PKIX.OCSP"; if(oid_str == "1.3.6.1.5.5.7.48.1.1") return "PKIX.OCSP.BasicResponse"; + if(oid_str == "1.3.6.1.5.5.7.48.2") return "PKIX.CertificateAuthorityIssuers"; if(oid_str == "1.3.6.1.5.5.7.8.5") return "PKIX.XMPPAddr"; if(oid_str == "2.16.840.1.101.3.4.1.2") return "AES-128/CBC"; if(oid_str == "2.16.840.1.101.3.4.1.22") return "AES-192/CBC"; diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 64f5765ac7..c3b58236a2 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -793,10 +793,8 @@ void Authority_Information_Access::contents_to(Data_Store& subject, Data_Store&) { if(!m_ocsp_responder.empty()) subject.add("OCSP.responder", m_ocsp_responder); - std::for_each(m_ca_issuers.begin(), m_ca_issuers.end(), [&subject] (const std::string& ca_issuer) - { - subject.add("PKIX.CertificateAuthorityIssuers", ca_issuer); - }); + for(const std::string& ca_issuer : m_ca_issuers) + subject.add("PKIX.CertificateAuthorityIssuers", ca_issuer); } /* From b8b962648f8b8b564026e18a94e2e0f3f4757626 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Wed, 3 Jan 2018 17:27:15 +0100 Subject: [PATCH 0495/1008] add test case for X509_Certificate::ca_issuers() --- .../misc/contains_authority_info_access.pem | 31 +++++++++++++ ...hority_info_access_with_two_ca_issuers.pem | 46 +++++++++++++++++++ src/tests/unit_x509.cpp | 39 ++++++++++++++++ 3 files changed, 116 insertions(+) create mode 100644 src/tests/data/x509/misc/contains_authority_info_access.pem create mode 100644 src/tests/data/x509/misc/contains_authority_info_access_with_two_ca_issuers.pem diff --git a/src/tests/data/x509/misc/contains_authority_info_access.pem b/src/tests/data/x509/misc/contains_authority_info_access.pem new file mode 100644 index 0000000000..5a0d780c79 --- /dev/null +++ b/src/tests/data/x509/misc/contains_authority_info_access.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFazCCBFOgAwIBAgIQA9OHVX59Hl5rTdrLvK1+iDANBgkqhkiG9w0BAQsFADBC +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS +UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MDIwOTAwMDAwMFoXDTE4MDIxMTIzNTk1 +OVowGDEWMBQGA1UEAwwNKi5uZXhlbmlvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAPgFzshLD9g4UDCzD64Qt+ZMC6EfTfIRrTprIL32Bq94eu+l +qEsuVgoXd9inV/52+mqzQXAa//zIY32XkW+kZVlD3zjC7jVZwV9gJJterrCpqLR0 +B4OECsciARJkasJwo82gt40OCgsUMWAwigl+geo93yuL403vB3wVOBD73e8I+W4D +49sWSzfepyFMzg+JwTrs6GafNOG8S4ZlC/js4eUJl5MllMXUzzYa/flBqZ/U2nZ3 +MtbvgPiW7NPblrAaIUSTs2rJgXIT5zZnfbZWRcpY8uSuXLywMqf5mXIoUNrn1Xc5 +oVnva9PIUpnFG47aOQ39P6Q3u4R3FosREgdW2oUCAwEAAaOCAoUwggKBMCUGA1Ud +EQQeMByCDSoubmV4ZW5pby5jb22CC25leGVuaW8uY29tMAkGA1UdEwQCMAAwKwYD +VR0fBCQwIjAgoB6gHIYaaHR0cDovL2dwLnN5bWNiLmNvbS9ncC5jcmwwbwYDVR0g +BGgwZjBkBgZngQwBAgEwWjAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRz +c2wuY29tL2xlZ2FsMCwGCCsGAQUFBwICMCAMHmh0dHBzOi8vd3d3LnJhcGlkc3Ns +LmNvbS9sZWdhbDAfBgNVHSMEGDAWgBSXwidQnsLJ7AyIMsh8reKmAU/abzAOBgNV +HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFcGCCsG +AQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dwLnN5bWNkLmNvbTAmBggr +BgEFBQcwAoYaaHR0cDovL2dwLnN5bWNiLmNvbS9ncC5jcnQwggEEBgorBgEEAdZ5 +AgQCBIH1BIHyAPAAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAA +AVojuwb7AAAEAwBIMEYCIQD65jDGmWRhjXeXt3sTexf+KOHsQ0McBEFJI21J6RYy +rgIhALScDzJaJBFnwPVz7lMnQye4O1gBbQc2qRtbCjhkwoxpAHUApLkJkLQYWBSH +uxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFaI7sHMQAABAMARjBEAiByzWJV1ewW +SugasxG6UGIolrRcueMDiYNcgvv98+ImIQIgN3jXAtnZRSjRIOggvSo59KUGuWvO +HXb9zZR7FGubm04wDQYJKoZIhvcNAQELBQADggEBAGbFsNFcunndr71N646kTmpu +UDr/bZcL5GCbsd0mV9LcVHeqxjL1d6jRUZKp4QVAyEVSL8KaAv1IAbQmFEO74mqf +MpH1qzoMqtoOnPCVCO4LP9yLSqDSc+oBQQ1yocGVEnHEiJD3kJrzd47dC5zY0e/D +/k8VFn8ln88g6lyzfjUtvs6kMBgj9xbOEUzVb3zVawqDUgzOuwYuFEMG85ff6a5F +6MIlMiQxIXxH23z2Smcffu1I9HLIb0sJfbNDRSsbfL8/+GYWqnF9aOuCeFPX/Eav +mbV6s/+dy90v7DB67ykcmWIiDHZypV9+7c+I5jUXNqA0rQNYs6eyMo/LnDvIIkU= +-----END CERTIFICATE----- diff --git a/src/tests/data/x509/misc/contains_authority_info_access_with_two_ca_issuers.pem b/src/tests/data/x509/misc/contains_authority_info_access_with_two_ca_issuers.pem new file mode 100644 index 0000000000..f7a2923e16 --- /dev/null +++ b/src/tests/data/x509/misc/contains_authority_info_access_with_two_ca_issuers.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIINTCCBh2gAwIBAgIDAOudMA0GCSqGSIb3DQEBDQUAMG4xCzAJBgNVBAYTAkRF +MR0wGwYDVQQKExRCdW5kZXNkcnVja2VyZWkgR21iSDEeMBwGA1UECxMVQmRyaXZl +IEF1dGhlbnRpY2F0aW9uMSAwHgYDVQQDExdCZHJpdmUgVGVzdCBDQSAxLTIgMjAx +NzAeFw0xNzA3MDQxNjQ2MTJaFw0yMDA3MDQxNjQ2MTJaMIG9MQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMbmVYZW5pbyBHbWJIMRUwEwYDVQQDDAxSZW7DqSBNZXVzZWwx +DjAMBgNVBCoMBVJlbsOpMQ8wDQYDVQQEEwZNZXVzZWwxFTATBgNVBAUTDENTTTAw +MTg3MDI4NDEPMA0GA1UEBxMGQmVybGluMSYwJAYJKoZIhvcNAQkBFhdyZW5lLm1l +dXNlbEBuZXhlbmlvLmNvbTEPMA0GA1UECBMGQmVybGluMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA0DoJbM6jwZOgNU5BWheLWKB04ycd7BajeMyQ7GNd +c13U5Br+61VUP7V8r72a/eDoZxlLPzDhlgZp0U5kDKfsrQfulx3SFJ4cfh9Zk1Jn +XpAj+iVKJRfJCM7yH7D+pAyeMqkujsAgS2PNbek9ftSn4bMDz8BfJulH6ttM+82h +hn2L7F5jVXJVOlhDgVk9lONm17FxtgrJLQ3Pyq+K7SAJsBHCWbDQ+jA3ftE+MEzC +kWZgSpqY5S0PSPq1886doMTfCmoBBvlFJqmIwxDLue1rVrtcoDaDmu8ubpiGNMyV +9MS+8SRtt83N7uC1AWjaaNo0F0YkHI7pu3ezBzEDixDQENFo6dQEjwwVZ1U8+sGx +XyyZCZ59Q0qA4lgO9rKW7STPET7lYWxRWKAjTJqbcSrfSlF/aISeIYExzWlzNc/x +j77oUTXFSJUet77saQ8Q2fDFZrY186ILwdsSfoJTyq4rHVaUTTsXSZWM/3JAuyto +BCiB3JAFjT3VIL+J2CAfHA0tbo/S/3rTTeL9FDtjZqFxLSIGlonUkC37h7X2kJz8 +NDNzRZivce16suHJvcCug5BLv8YR6L4ltJb+5R4Oap6sj0ucdyRHfxFhOGm6KuQZ +UdPKg702iVI1MSFfogehaaSuLdzQf9JZhUBcrHD3hnFB43dM9P1gjtHdlKTTmn5r +xu0CAwEAAaOCAoowggKGMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBQYI +KwYBBQUHAwcwHwYDVR0jBBgwFoAUTLjqt54mTOqT9hq3Dlk+Eyxshh4wggEEBggr +BgEFBQcBAQSB9zCB9DArBggrBgEFBQcwAYYfaHR0cDovL3N0YWdpbmcub2NzcC5k +LXRydXN0Lm5ldDBGBggrBgEFBQcwAoY6aHR0cDovL3d3dy5kLXRydXN0Lm5ldC9j +Z2ktYmluL0Jkcml2ZV9UZXN0X0NBXzEtMl8yMDE3LmNydDB9BggrBgEFBQcwAoZx +bGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1CZHJpdmUlMjBUZXN0JTIw +Q0ElMjAxLTIlMjAyMDE3LE89QnVuZGVzZHJ1Y2tlcmVpJTIwR21iSCxDPURFP2NB +Q2VydGlmaWNhdGU/YmFzZT8wFwYDVR0gBBAwDjAMBgorBgEEAaU0AgICMIHFBgNV +HR8Egb0wgbowgbeggbSggbGGd2xkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049QmRyaXZlJTIwVGVzdCUyMENBJTIwMS0yJTIwMjAxNyxPPUJ1bmRlc2RydWNr +ZXJlaSUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0hjZodHRw +Oi8vY3JsLmQtdHJ1c3QubmV0L2NybC9iZHJpdmVfdGVzdF9jYV8xLTJfMjAxNy5j +cmwwHQYDVR0OBBYEFOvOhR43QAFq7O7B8Ju7PuL6BaXPMA4GA1UdDwEB/wQEAwIH +gDAiBgNVHREEGzAZgRdyZW5lLm1ldXNlbEBuZXhlbmlvLmNvbTANBgkqhkiG9w0B +AQ0FAAOCAgEADLWieLjuNv4VxrYLbfPoP5U0BTlvpvnxAwC8//l91b+KO3J+Pvz5 +ina+xTErIT9c+jg2QtC5oXqNihzN3RxQUs/7NA22td8tWfBld0138BASNckuP595 +LH4Ka7FY6pWwhRHty0GLqmRg8fR8LbnyOUqBLgs6DYI4RmhaSDUPCVMrh3OIwbSc +fKL/88Z8UHD8sxdww3GNybv8FbcRo5g0udtm0MMeemSt7E1B7nlMItLjqspLI9Ay +GnnkNmn95LxCDLXRIyViuHr3877yMmE9ibv+y41Xz+MLEFvmxe2rFOc+uWVrjFfK +HMtV7Q34xJYqBY4uVFF+Kmg4OyYFgNjOInwc8Bu09SqGsla/fyMBJwd2IG7xwobm +cwnf8+En8aavwlYG4lzfdNVo9CGpft6/86x7OoGbDSeH5JIjYI6xLqa/Cw1F64mR +Maye+cdGg+t4RE1Xri3e65lZM0Z11MT4NtIS5owBBMsmqILIHTaWStD9XfM7FTdQ +GnLD8AQBqMADxrEwIu8uUtZFxO9ZaYkBDtEVqo671ErwjCNtzx0EtE9bh6Vfat6s +qk4CFqKlfCWmAAUXlIQXm5DgKsnC4wE6XTa0HVSDLzh+WBeOdrX7gmhcPSmWkJ8Z +/blH36mCwiQ+Mx+Z1InIfSS9FoOhxsmmpX0QXnfBgjUWE8aq6yiXInA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 1fd4dc239f..0aa9d02098 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -465,6 +465,44 @@ Test::Result test_x509_bmpstring() return result; } +Test::Result test_x509_authority_info_access_extension() + { + Test::Result result("X509 with PKIX.AuthorityInformationAccess extension"); + + // contains no AIA extension + Botan::X509_Certificate no_aia_cert(Test::data_file("x509/misc/contains_utf8string.pem")); + + result.test_eq("number of ca_issuers URLs", no_aia_cert.ca_issuers().size(), 0); + result.test_eq("CA issuer URL matches", no_aia_cert.ocsp_responder(), ""); + + // contains AIA extension with 1 CA issuer URL and 1 OCSP responder + Botan::X509_Certificate aia_cert(Test::data_file("x509/misc/contains_authority_info_access.pem")); + + const auto ca_issuers = aia_cert.ca_issuers(); + + result.test_eq("number of ca_issuers URLs", ca_issuers.size(), 1); + if (result.tests_failed()) + return result; + + result.test_eq("CA issuer URL matches", ca_issuers[0], "http://gp.symcb.com/gp.crt"); + result.test_eq("OCSP responder URL matches", aia_cert.ocsp_responder(), "http://gp.symcd.com"); + + // contains AIA extension with 2 CA issuer URL and 1 OCSP responder + Botan::X509_Certificate aia_cert_2ca(Test::data_file("x509/misc/contains_authority_info_access_with_two_ca_issuers.pem")); + + const auto ca_issuers2 = aia_cert_2ca.ca_issuers(); + + result.test_eq("number of ca_issuers URLs", ca_issuers2.size(), 2); + if (result.tests_failed()) + return result; + + result.test_eq("CA issuer URL matches", ca_issuers2[0], "http://www.d-trust.net/cgi-bin/Bdrive_Test_CA_1-2_2017.crt"); + result.test_eq("CA issuer URL matches", ca_issuers2[1], "ldap://directory.d-trust.net/CN=Bdrive%20Test%20CA%201-2%202017,O=Bundesdruckerei%20GmbH,C=DE?cACertificate?base?"); + result.test_eq("OCSP responder URL matches", aia_cert_2ca.ocsp_responder(), "http://staging.ocsp.d-trust.net"); + + return result; + } + Test::Result test_x509_cert(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") { Test::Result result("X509 Unit"); @@ -1424,6 +1462,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_crl_dn_name()); results.push_back(test_x509_uninit()); results.push_back(test_x509_decode_list()); + results.push_back(test_x509_authority_info_access_extension()); return results; } From a763fd97c32fb3f796bbafcfd72994ddbee0f6e1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 3 Jan 2018 12:18:11 -0500 Subject: [PATCH 0496/1008] Avoid including x509_ext.h in pkcs10.h No need, forward decl is sufficient. --- src/lib/x509/pkcs10.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/x509/pkcs10.h b/src/lib/x509/pkcs10.h index 731402960b..b3a75fd5ea 100644 --- a/src/lib/x509/pkcs10.h +++ b/src/lib/x509/pkcs10.h @@ -11,7 +11,6 @@ #include #include -#include #include #include #include @@ -19,6 +18,7 @@ namespace Botan { +class Extensions; struct PKCS10_Data; /** From 90d166094e07f20f6321da3d0ae5e70b6a7c89b8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 3 Jan 2018 12:11:19 -0500 Subject: [PATCH 0497/1008] Improve output of the ASN1 printer The output was pretty much wrong for application-tagged types. Instead the type was printed as if it was a universal tag. Add a hack in the ASN1 printer for GeneralNames. These are a commonly used implicitly tagged type. Basically if it is a context specific field, and it looks like it might be a printable URI or DNS GeneralName, treat it as a string. --- src/lib/asn1/asn1_print.cpp | 127 +++++++++++++++--------- src/lib/asn1/asn1_print.h | 4 +- src/tests/data/asn1_print/input3.der | Bin src/tests/data/asn1_print/input4.der | Bin src/tests/data/asn1_print/input5.der | Bin 0 -> 1783 bytes src/tests/data/asn1_print/output3.txt | 28 +++--- src/tests/data/asn1_print/output4.txt | 12 +-- src/tests/data/asn1_print/output5.txt | 134 ++++++++++++++++++++++++++ src/tests/test_asn1.cpp | 2 +- 9 files changed, 238 insertions(+), 69 deletions(-) mode change 100755 => 100644 src/tests/data/asn1_print/input3.der mode change 100755 => 100644 src/tests/data/asn1_print/input4.der create mode 100644 src/tests/data/asn1_print/input5.der create mode 100644 src/tests/data/asn1_print/output5.txt diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index ffb2eda481..cdec367c91 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -18,6 +18,44 @@ namespace Botan { +namespace { + +bool all_printable_chars(const uint8_t bits[], size_t bits_len) + { + for(size_t i = 0; i != bits_len; ++i) + { + int c = bits[i]; + if(c > 127) + return false; + + if((std::isalnum(c) || c == '.' || c == ':' || c == '/' || c == '-') == false) + return false; + } + return true; + } + +/* +* Special hack to handle GeneralName [2] and [6] (DNS name and URI) +*/ +bool possibly_a_general_name(const uint8_t bits[], size_t bits_len) + { + if(bits_len <= 2) + return false; + + if(bits[0] != 0x82 && bits[0] != 0x86) + return false; + + if(bits[1] != bits_len - 2) + return false; + + if(all_printable_chars(bits + 2, bits_len - 2) == false) + return false; + + return true; + } + +} + std::string ASN1_Formatter::print(const uint8_t in[], size_t len) const { std::ostringstream output; @@ -61,25 +99,36 @@ void ASN1_Formatter::decode(std::ostream& output, } else if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC)) { + bool success_parsing_cs = false; + if(m_print_context_specific) { try { - std::vector inner_bits; - data.decode(inner_bits, type_tag); - BER_Decoder inner(inner_bits); - - std::ostringstream inner_data; - decode(inner_data, inner, level + 1); // recurse - output << inner_data.str(); + if(possibly_a_general_name(bits.data(), bits.size())) + { + output << format(type_tag, class_tag, level, level, + std::string(cast_uint8_ptr_to_char(&bits[2]), bits.size() - 2)); + success_parsing_cs = true; + } + else + { + std::vector inner_bits; + data.decode(inner_bits, type_tag); + + BER_Decoder inner(inner_bits); + std::ostringstream inner_data; + decode(inner_data, inner, level + 1); // recurse + output << inner_data.str(); + success_parsing_cs = true; + } } catch(...) { - output << format(type_tag, class_tag, level, length, - format_bin(type_tag, class_tag, bits)); } } - else + + if(success_parsing_cs == false) { output << format(type_tag, class_tag, level, length, format_bin(type_tag, class_tag, bits)); @@ -182,25 +231,29 @@ namespace { std::string format_type(ASN1_Tag type_tag, ASN1_Tag class_tag) { - if((class_tag & CONSTRUCTED) && ((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC))) - { - std::string name = "cons [" + std::to_string(type_tag) + "]"; + if(class_tag == UNIVERSAL) + return asn1_tag_to_string(type_tag); - if(class_tag & APPLICATION) - { - name += " appl"; - } - if(class_tag & CONTEXT_SPECIFIC) - { - name += " context"; - } + if(class_tag == CONSTRUCTED && (type_tag == SEQUENCE || type_tag == SET)) + return asn1_tag_to_string(type_tag); - return name; + std::string name; + + if(class_tag & CONSTRUCTED) + name += "cons "; + + name += "[" + std::to_string(type_tag) + "]"; + + if(class_tag & APPLICATION) + { + name += " appl"; } - else + if(class_tag & CONTEXT_SPECIFIC) { - return asn1_tag_to_string(type_tag); + name += " context"; } + + return name; } } @@ -250,30 +303,12 @@ std::string ASN1_Pretty_Printer::format_bin(ASN1_Tag /*type_tag*/, ASN1_Tag /*class_tag*/, const std::vector& vec) const { - const size_t unprintable_bound = vec.size() / 4; - size_t unprintable = 0; - - std::ostringstream out; - - for(size_t i = 0; i != vec.size(); ++i) + if(all_printable_chars(vec.data(), vec.size())) { - const int c = vec[i]; - if(std::isalnum(c)) - { - out << static_cast(c); - } - else - { - out << "x" << std::hex << static_cast(c) << std::dec; - ++unprintable; - if(unprintable >= unprintable_bound) - { - return hex_encode(vec); - } - } + return std::string(cast_uint8_ptr_to_char(vec.data()), vec.size()); } - - return out.str(); + else + return hex_encode(vec); } } diff --git a/src/lib/asn1/asn1_print.h b/src/lib/asn1/asn1_print.h index cd3c7ffe1d..3dea82359c 100644 --- a/src/lib/asn1/asn1_print.h +++ b/src/lib/asn1/asn1_print.h @@ -84,8 +84,8 @@ class BOTAN_DLL ASN1_Pretty_Printer final : public ASN1_Formatter * @param initial_level the initial depth (0 or 1 are the only reasonable values) * @param value_column ASN.1 values are lined up at this column in output */ - ASN1_Pretty_Printer(size_t print_limit = 256, - size_t print_binary_limit = 256, + ASN1_Pretty_Printer(size_t print_limit = 4096, + size_t print_binary_limit = 2048, bool print_context_specific = true, size_t initial_level = 0, size_t value_column = 60) : diff --git a/src/tests/data/asn1_print/input3.der b/src/tests/data/asn1_print/input3.der old mode 100755 new mode 100644 diff --git a/src/tests/data/asn1_print/input4.der b/src/tests/data/asn1_print/input4.der old mode 100755 new mode 100644 diff --git a/src/tests/data/asn1_print/input5.der b/src/tests/data/asn1_print/input5.der new file mode 100644 index 0000000000000000000000000000000000000000..7e0ed568632ab6fa5890b63c024eee77e5fa3478 GIT binary patch literal 1783 zcmaKs3s4hB7{~7}M}Uw3X<~q2NK^<82yA$Y4@3~r3OaxhiwJ}yLXbSj1yZ0Q2^c|y zK^?Rf8g87W8w-@Q;}pmusQH+SFef4|@ExBp$BCB6n) zlZRCV1V#{R!pj_1d01FBJ^sxBq+RnCP>AL(x&^u+3JhDAKp=-_0nCX6K1!q^{3sp^ z*c$^9jUJUL706U#AtzX_RLGSAl|(M%u>s52Z9!vWOqzZM1nl|#!+bX?R_Cpbe zLL}VX8*eSKy!ifRPcJJb<9uv^+r@Wf&N1gEkgjj11ll#p_zQnJHkgvn4Q`v8+*YuI z3Ns|)f9;U=+fCEb@O?}ZjK_``okc?t0F4-iWd*~ZQIvp~RE_wW<%BW-ooMDtgiTCL z3GnD20tCiIanKmB94sRelQd-fY=JN^<*NjN88*o(l>(dL;URLzGNr;qqjx-n3Jf@n ziV$E&{!f`wApmS6VhU;t7`gQLgzJJ*erJ9#eM5pv{a;yw!M1(C)hJ-2j$kt2R5?^l z)G>`j9Ef3KhY_;zeT@oZ}AwFX1;RS1GtEPOHt zKoClRLO}?^nf9IemID<;mq@3k$XlAe#c{`Eghcyc<-XcmE^`=$Daa(~(z@HOy>3m7 ziM!GV_H_+zOM5|T*Qus2uMHbUN*`!KAT_kR$-MN0?Q;71)3jYzlN6*`K0l*x?K@9B zQD3vXNa?Wt!c~lL7l8SA)*`V@Zrri^*@mUAX*Ib^`_wN+-zbAJDa3zcJUBm54>ZzC9*?@VhcGu@Do zHCcYbxni1rqwnm!gOb$+NjZ7lJ^E-Y*?!jxJ)Id8Ti@Fy?sK#D^O==>lkML&tN!S` zN>cx?XL3qg($D(@XVu*xRaLKO$o9!8sa*4U+H9xYNjIkcm|H;&wRyE)ZL@NKUlux5 ze Date: Wed, 3 Jan 2018 19:23:31 -0500 Subject: [PATCH 0498/1008] Force codecov script back to earlier version Latest version fails with a Python exception. Already contacted support but falling back until a fix is available. --- src/scripts/ci/setup_travis.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/ci/setup_travis.sh b/src/scripts/ci/setup_travis.sh index 81b38eef17..4427631fd9 100755 --- a/src/scripts/ci/setup_travis.sh +++ b/src/scripts/ci/setup_travis.sh @@ -56,7 +56,7 @@ if [ "$TRAVIS_OS_NAME" = "linux" ]; then (cd /home/travis/bin && ln -s gcov-4.8 gcov) pip install --user coverage - pip install --user codecov + pip install --user codecov==2.0.10 elif [ "$BUILD_MODE" = "sonar" ]; then sudo apt-get -qq update From 391385fc4ec94084cebabd40dde97217645bf274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Thu, 4 Jan 2018 09:22:55 +0100 Subject: [PATCH 0499/1008] Add note on OAEP version implemented [ci skip] --- src/lib/pk_pad/eme_oaep/oaep.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h index f33eceb517..4afa9e13ee 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.h +++ b/src/lib/pk_pad/eme_oaep/oaep.h @@ -15,6 +15,7 @@ namespace Botan { /** * OAEP (called EME1 in IEEE 1363 and in earlier versions of the library) +* as specified in PKCS#1 v2.0 (RFC 2437) */ class BOTAN_PUBLIC_API(2,0) OAEP final : public EME { From 4eee6f1c1f9f29a344a029e4d7cce7962e71af4f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 05:46:44 -0500 Subject: [PATCH 0500/1008] Remove merge marker fixes GH #1384 --- doc/manual/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index ecebe74e56..7427feb5db 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -95,13 +95,13 @@ Public Key Cryptography X.509 ---------------------------------------------- -<<<<<<< HEAD + ``gen_pkcs10 key CN --country= --organization= --email= --key-pass= --hash=SHA-256 --emsa=`` Generate a PKCS #10 certificate signing request (CSR) using the passed PKCS #8 private key *key*. If the private key is encrypted, the decryption passphrase *key-pass* has to be passed.*emsa* specifies the padding scheme to be used when calculating the signature. - + - For RSA keys EMSA4 (RSA-PSS) is the default scheme. - For ECDSA, DSA, ECGDSA, ECKCDSA and GOST-34.10 keys *emsa* defaults to EMSA1. From 9947307d42a1c141f72a09b8708c0ccb71733afb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 06:24:09 -0500 Subject: [PATCH 0501/1008] Add a test of EAX via FFI Fixes #1377 --- src/tests/test_ffi.cpp | 92 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 89 insertions(+), 3 deletions(-) diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 26325d21f4..53bd7d0e7d 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -370,7 +370,8 @@ class FFI_Unit_Tests final : public Test results.push_back(ffi_test_mp(rng)); results.push_back(ffi_test_block_ciphers()); results.push_back(ffi_test_ciphers_cbc()); - results.push_back(ffi_test_ciphers_aead()); + results.push_back(ffi_test_ciphers_aead_gcm()); + results.push_back(ffi_test_ciphers_aead_eax()); results.push_back(ffi_test_stream_ciphers()); results.push_back(ffi_test_pkcs_hash_id()); @@ -515,9 +516,9 @@ class FFI_Unit_Tests final : public Test return result; } - Test::Result ffi_test_ciphers_aead() + Test::Result ffi_test_ciphers_aead_gcm() { - Test::Result result("FFI AEAD"); + Test::Result result("FFI GCM"); #if defined(BOTAN_HAS_AEAD_GCM) @@ -605,6 +606,91 @@ class FFI_Unit_Tests final : public Test return result; } + Test::Result ffi_test_ciphers_aead_eax() + { + Test::Result result("FFI EAX"); + +#if defined(BOTAN_HAS_AEAD_EAX) + + botan_cipher_t cipher_encrypt, cipher_decrypt; + + if(TEST_FFI_OK(botan_cipher_init, (&cipher_encrypt, "AES-128/EAX", BOTAN_CIPHER_INIT_FLAG_ENCRYPT))) + { + size_t min_keylen = 0; + size_t max_keylen = 0; + size_t nonce_len = 0; + size_t tag_len = 0; + + TEST_FFI_OK(botan_cipher_query_keylen, (cipher_encrypt, &min_keylen, &max_keylen)); + result.test_int_eq(min_keylen, 16, "Min key length"); + result.test_int_eq(max_keylen, 16, "Max key length"); + + TEST_FFI_OK(botan_cipher_get_default_nonce_length, (cipher_encrypt, &nonce_len)); + result.test_int_eq(nonce_len, 12, "Expected default EAX nonce length"); + + TEST_FFI_OK(botan_cipher_get_tag_length, (cipher_encrypt, &tag_len)); + result.test_int_eq(tag_len, 16, "Expected EAX tag length"); + + TEST_FFI_RC(1, botan_cipher_valid_nonce_length, (cipher_encrypt, 12)); + // EAX accepts any nonce size... + TEST_FFI_RC(1, botan_cipher_valid_nonce_length, (cipher_encrypt, 0)); + + const std::vector plaintext = + Botan::hex_decode("0000000000000000000000000000000011111111111111111111111111111111"); + const std::vector symkey = Botan::hex_decode("000102030405060708090a0b0c0d0e0f"); + const std::vector nonce = Botan::hex_decode("3c8cc2970a008f75cc5beae2847258c2"); + const std::vector exp_ciphertext = + Botan::hex_decode("3c441f32ce07822364d7a2990e50bb13d7b02a26969e4a937e5e9073b0d9c968db90bdb3da3d00afd0fc6a83551da95e"); + + std::vector ciphertext(tag_len + plaintext.size()); + + size_t output_written = 0; + size_t input_consumed = 0; + + // Test that after clear or final the object can be reused + for(size_t r = 0; r != 2; ++r) + { + TEST_FFI_OK(botan_cipher_set_key, (cipher_encrypt, symkey.data(), symkey.size())); + TEST_FFI_OK(botan_cipher_start, (cipher_encrypt, nonce.data(), nonce.size())); + TEST_FFI_OK(botan_cipher_update, (cipher_encrypt, 0, + ciphertext.data(), ciphertext.size(), &output_written, + plaintext.data(), plaintext.size(), &input_consumed)); + TEST_FFI_OK(botan_cipher_clear, (cipher_encrypt)); + + TEST_FFI_OK(botan_cipher_set_key, (cipher_encrypt, symkey.data(), symkey.size())); + TEST_FFI_OK(botan_cipher_start, (cipher_encrypt, nonce.data(), nonce.size())); + TEST_FFI_OK(botan_cipher_update, (cipher_encrypt, BOTAN_CIPHER_UPDATE_FLAG_FINAL, + ciphertext.data(), ciphertext.size(), &output_written, + plaintext.data(), plaintext.size(), &input_consumed)); + + ciphertext.resize(output_written); + result.test_eq("AES/EAX ciphertext", ciphertext, exp_ciphertext); + + if(TEST_FFI_OK(botan_cipher_init, (&cipher_decrypt, "AES-128/EAX", BOTAN_CIPHER_INIT_FLAG_DECRYPT))) + { + std::vector decrypted(plaintext.size()); + + TEST_FFI_OK(botan_cipher_set_key, (cipher_decrypt, symkey.data(), symkey.size())); + TEST_FFI_OK(botan_cipher_start, (cipher_decrypt, nonce.data(), nonce.size())); + TEST_FFI_OK(botan_cipher_update, (cipher_decrypt, BOTAN_CIPHER_UPDATE_FLAG_FINAL, + decrypted.data(), decrypted.size(), &output_written, + ciphertext.data(), ciphertext.size(), &input_consumed)); + + result.test_int_eq(input_consumed, ciphertext.size(), "All input consumed"); + result.test_int_eq(output_written, decrypted.size(), "Expected output size produced"); + result.test_eq("AES/EAX plaintext", decrypted, plaintext); + + TEST_FFI_OK(botan_cipher_destroy, (cipher_decrypt)); + } + } + + TEST_FFI_OK(botan_cipher_destroy, (cipher_encrypt)); + } +#endif + + return result; + } + Test::Result ffi_test_stream_ciphers() { Test::Result result("FFI stream ciphers"); From 8c1340482d9c069de93b762da27588f785af51f8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 06:43:09 -0500 Subject: [PATCH 0502/1008] The note for #1369 ended up in 2.3.0 block [ci skip] --- news.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/news.rst b/news.rst index 6d07e2aa5f..95b16f9321 100644 --- a/news.rst +++ b/news.rst @@ -202,6 +202,9 @@ Version 2.4.0, Not Yet Released The timestamp can be set by passing it to the ``Gzip_Compression`` constructor. +* Resolve a performance regression on Windows involving the system stats + entropy source. (GH #1369) + * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) @@ -401,9 +404,6 @@ Version 2.3.0, 2017-10-02 * Add more tests for the const-time utils (GH #1214) -* Resolve a performance regression on Windows involving the system stats - entropy source. (GH #1369) - * Fix a bug in FFI tests that caused the test files not to be found when using ``--data-dir`` option (GH #1149) From 01bd45ad63bc4080fe2d81d3850f7f07d80e9c5d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 08:31:26 -0500 Subject: [PATCH 0503/1008] Add -o flag to website generator --- src/scripts/website.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/website.py b/src/scripts/website.py index 3fd01167ad..763bfd16e2 100755 --- a/src/scripts/website.py +++ b/src/scripts/website.py @@ -98,7 +98,7 @@ def run_sphinx(botan_dir, tmp_dir, output_dir): def main(args): parser = optparse.OptionParser() - parser.add_option('--output-dir', default=None, + parser.add_option('-o', '--output-dir', default=None, help="Where to write output") (options, args) = parser.parse_args(args) From 20485157e131ca5cc8536bf0b88bdf3da806c473 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 10:36:53 -0500 Subject: [PATCH 0504/1008] Add missing ISA annotations Lack of these broke single file amalgamation (GH #1386) --- src/lib/block/shacal2/shacal2_x86/shacal2_x86.cpp | 1 + src/lib/hash/sha1/sha1_x86/sha1_x86.cpp | 2 +- src/lib/hash/sha2_32/sha2_32_x86/info.txt | 2 +- src/lib/hash/sha2_32/sha2_32_x86/sha2_32_x86.cpp | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/block/shacal2/shacal2_x86/shacal2_x86.cpp b/src/lib/block/shacal2/shacal2_x86/shacal2_x86.cpp index 6cb03adef9..1611d6c9b6 100644 --- a/src/lib/block/shacal2/shacal2_x86/shacal2_x86.cpp +++ b/src/lib/block/shacal2/shacal2_x86/shacal2_x86.cpp @@ -15,6 +15,7 @@ Only encryption is supported since the inverse round function would require a different instruction */ +BOTAN_FUNC_ISA("sha,ssse3") void SHACAL2::x86_encrypt_blocks(const uint8_t in[], uint8_t out[], size_t blocks) const { const __m128i MASK1 = _mm_set_epi8(8,9,10,11,12,13,14,15,0,1,2,3,4,5,6,7); diff --git a/src/lib/hash/sha1/sha1_x86/sha1_x86.cpp b/src/lib/hash/sha1/sha1_x86/sha1_x86.cpp index 1da3eda632..76feebcea1 100644 --- a/src/lib/hash/sha1/sha1_x86/sha1_x86.cpp +++ b/src/lib/hash/sha1/sha1_x86/sha1_x86.cpp @@ -18,7 +18,7 @@ namespace Botan { #if defined(BOTAN_HAS_SHA1_X86_SHA_NI) -BOTAN_FUNC_ISA("sha") +BOTAN_FUNC_ISA("sha,ssse3,sse4.1") void SHA_160::sha1_compress_x86(secure_vector& digest, const uint8_t input[], size_t blocks) diff --git a/src/lib/hash/sha2_32/sha2_32_x86/info.txt b/src/lib/hash/sha2_32/sha2_32_x86/info.txt index 838d2a4a81..4a0b25910e 100644 --- a/src/lib/hash/sha2_32/sha2_32_x86/info.txt +++ b/src/lib/hash/sha2_32/sha2_32_x86/info.txt @@ -2,7 +2,7 @@ SHA2_32_X86 -> 20170518 -need_isa sha,sse41 +need_isa sha,ssse3,sse41 gcc:5.0 diff --git a/src/lib/hash/sha2_32/sha2_32_x86/sha2_32_x86.cpp b/src/lib/hash/sha2_32/sha2_32_x86/sha2_32_x86.cpp index ee8af1e226..a4bd9b72db 100644 --- a/src/lib/hash/sha2_32/sha2_32_x86/sha2_32_x86.cpp +++ b/src/lib/hash/sha2_32/sha2_32_x86/sha2_32_x86.cpp @@ -13,6 +13,7 @@ namespace Botan { // called from sha2_32.cpp #if defined(BOTAN_HAS_SHA2_32_X86) +BOTAN_FUNC_ISA("sha,sse4.1,ssse3") void SHA_256::compress_digest_x86(secure_vector& digest, const uint8_t input[], size_t blocks) { __m128i STATE0, STATE1; From 8c781b9be8b98ccbe03e2cfd419026b3ccc9e96a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 10:40:05 -0500 Subject: [PATCH 0505/1008] Add ability to disable use of SHA intrinsics [ci skip] --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 1e8f916dd8..c88bb8157e 100755 --- a/configure.py +++ b/configure.py @@ -329,7 +329,7 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--without-os-features', action='append', metavar='FEAT', help='specify OS features to disable') - for isa_extn_name in ['SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', 'AES-NI', 'AltiVec', 'NEON']: + for isa_extn_name in ['SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', 'AES-NI', 'SHA', 'AltiVec', 'NEON']: isa_extn = isa_extn_name.lower() target_group.add_option('--disable-%s' % (isa_extn), From f77467ff13ad95a9478eef5239bd9d6b0f48085f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 11:17:09 -0500 Subject: [PATCH 0506/1008] Remove needless blocks for RDRAND/RDSEED These were already implicit due to requiring the relevant ISA --- src/lib/entropy/rdseed/info.txt | 5 ----- src/lib/rng/rdrand_rng/info.txt | 5 ----- 2 files changed, 10 deletions(-) diff --git a/src/lib/entropy/rdseed/info.txt b/src/lib/entropy/rdseed/info.txt index 13ea331757..d4432e6c7f 100644 --- a/src/lib/entropy/rdseed/info.txt +++ b/src/lib/entropy/rdseed/info.txt @@ -8,11 +8,6 @@ need_isa rdseed rdseed.h - -x86_32 -x86_64 - - gcc clang diff --git a/src/lib/rng/rdrand_rng/info.txt b/src/lib/rng/rdrand_rng/info.txt index 452dbde58a..0d0fc42a42 100644 --- a/src/lib/rng/rdrand_rng/info.txt +++ b/src/lib/rng/rdrand_rng/info.txt @@ -4,11 +4,6 @@ RDRAND_RNG -> 20160619 need_isa rdrand - -x86_32 -x86_64 - - gcc clang From 5ac3d723d1be27098bc3a18204a07a5972a0e283 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 11:29:10 -0500 Subject: [PATCH 0507/1008] Update configuration information for Intel C++ This is completely untested and just based on the documentation. --- src/build-data/cc/icc.txt | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/build-data/cc/icc.txt b/src/build-data/cc/icc.txt index f50ea6d111..10f9a61166 100644 --- a/src/build-data/cc/icc.txt +++ b/src/build-data/cc/icc.txt @@ -5,19 +5,29 @@ binary_name icpc optimization_flags "-O2" size_optimization_flags "-Os" -lang_flags "-std=c++0x" +lang_flags "-std=c++11" warning_flags "-w1" shared_flags "-fPIC" + +sse2 -> "-msse2" +ssse3 -> "-mssse3" +sse41 -> "-msse4.1" +sse42 -> "-msse4.2" +avx2 -> "-march=core-avx2" +aesni -> "-march=corei7" +rdrand -> "-march=core-avx-i" + + pentium3 -> "-march=pentium3" pentium4 -> "-march=pentium4" -pentium-m -> "-march=pentium3" +pentium-m -> "-march=pentium-m" core2 -> "-march=core2" -# ICC 11.1 doesn't have native Nehalem or Westmere support -nehalem -> "-march=core2" -westmere -> "-march=core2" +nehalem -> "-march=corei7" +sandybridge -> "-march=corei7-avx" +ivybridge -> "-march=core-avx-i" From 5fb1cdfb5d7c6f854102ce33f8c7cad2a3b27153 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Mon, 28 Aug 2017 22:45:11 +0200 Subject: [PATCH 0508/1008] Print a command description for cli help --- src/cli/asn1.cpp | 10 ++ src/cli/cc_enc.cpp | 20 ++++ src/cli/cli.h | 13 ++- src/cli/compress.cpp | 20 ++++ src/cli/encryption.cpp | 10 ++ src/cli/math.cpp | 40 +++++++ src/cli/psk.cpp | 20 ++++ src/cli/pubkey.cpp | 80 ++++++++++++++ src/cli/speed.cpp | 10 ++ src/cli/timing_tests.cpp | 10 ++ src/cli/tls_client.cpp | 10 ++ src/cli/tls_http_server.cpp | 10 ++ src/cli/tls_proxy.cpp | 10 ++ src/cli/tls_server.cpp | 10 ++ src/cli/tls_utils.cpp | 20 ++++ src/cli/utils.cpp | 202 ++++++++++++++++++++++++++++++++++-- src/cli/x509.cpp | 60 +++++++++++ 17 files changed, 542 insertions(+), 13 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index ca8f5f89f5..c726119705 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -21,6 +21,16 @@ class ASN1_Printer final : public Command public: ASN1_Printer() : Command("asn1print --pem file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Decode and print file with ASN.1 Basic Encoding Rules (BER)"; + } + void go() override { const std::string input = get_arg("file"); diff --git a/src/cli/cc_enc.cpp b/src/cli/cc_enc.cpp index ec160c3ce0..509b996012 100644 --- a/src/cli/cc_enc.cpp +++ b/src/cli/cc_enc.cpp @@ -119,6 +119,16 @@ class CC_Encrypt final : public Command public: CC_Encrypt() : Command("cc_encrypt CC passphrase --tweak=") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Encrypt the passed valid credit card number using FPE encryption"; + } + void go() override { const uint64_t cc_number = std::stoull(get_arg("CC")); @@ -144,6 +154,16 @@ class CC_Decrypt final : public Command public: CC_Decrypt() : Command("cc_decrypt CC passphrase --tweak=") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Decrypt the passed valid ciphertext credit card number using FPE decryption"; + } + void go() override { const uint64_t cc_number = std::stoull(get_arg("CC")); diff --git a/src/cli/cli.h b/src/cli/cli.h index 118d61cb6f..7ba54d3704 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -86,6 +86,10 @@ class Command int run(const std::vector& params); + virtual std::string group() const = 0; + + virtual std::string description() const = 0; + virtual std::string help_text() const; const std::string& cmd_spec() const @@ -98,7 +102,7 @@ class Command protected: /* - * The actual functionality of the cli command implemented in subclas. + * The actual functionality of the cli command implemented in subclass. * The return value from main will be zero. */ virtual void go() = 0; @@ -156,13 +160,12 @@ class Command Botan::RandomNumberGenerator& rng(); - private: - void parse_spec(); - typedef std::function cmd_maker_fn; - static std::map& global_registry(); + private: + void parse_spec(); + // set in constructor std::string m_spec; diff --git a/src/cli/compress.cpp b/src/cli/compress.cpp index e9cd02290c..3104607fc5 100644 --- a/src/cli/compress.cpp +++ b/src/cli/compress.cpp @@ -39,6 +39,16 @@ class Compress final : public Command return input_fsname + "." + suffix_info->second; } + std::string group() const override + { + return "compression"; + } + + std::string description() const override + { + return "Compress a given file"; + } + void go() override { const std::string comp_type = get_arg("type"); @@ -112,6 +122,16 @@ class Decompress final : public Command suffix = in_file.substr(last_dot + 1, std::string::npos); } + std::string group() const override + { + return "compression"; + } + + std::string description() const override + { + return "Decompress a given compressed archive"; + } + void go() override { const size_t buf_size = get_arg_sz("buf-size"); diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index c041f78ee7..533b3d9fbf 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -75,6 +75,16 @@ class Encryption final : public Command public: Encryption() : Command("encryption --buf-size=4096 --decrypt --mode= --key= --iv= --ad=") {} + std::string group() const override + { + return "encryption"; + } + + std::string description() const override + { + return "Encrypt or decrypt a given file"; + } + void go() override { std::string mode = get_arg_or("mode", ""); diff --git a/src/cli/math.cpp b/src/cli/math.cpp index f01d9a1bda..2f3339898d 100644 --- a/src/cli/math.cpp +++ b/src/cli/math.cpp @@ -19,6 +19,16 @@ class Modular_Inverse final : public Command public: Modular_Inverse() : Command("mod_inverse n mod") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Calculates a modular inverse"; + } + void go() override { const Botan::BigInt n(get_arg("n")); @@ -35,6 +45,16 @@ class Gen_Prime final : public Command public: Gen_Prime() : Command("gen_prime --count=1 bits") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Samples one or more primes"; + } + void go() override { const size_t bits = get_arg_sz("bits"); @@ -55,6 +75,16 @@ class Is_Prime final : public Command public: Is_Prime() : Command("is_prime --prob=56 n") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Test if the integer n is composite or prime"; + } + void go() override { Botan::BigInt n(get_arg("n")); @@ -76,6 +106,16 @@ class Factor final : public Command public: Factor() : Command("factor n") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Factor a given integer"; + } + void go() override { Botan::BigInt n(get_arg("n")); diff --git a/src/cli/psk.cpp b/src/cli/psk.cpp index d244acd8d3..45a5918d80 100644 --- a/src/cli/psk.cpp +++ b/src/cli/psk.cpp @@ -19,6 +19,11 @@ class PSK_Tool_Base : public Command public: PSK_Tool_Base(const std::string& spec) : Command(spec) {} + std::string group() const override + { + return "psk"; + } + void go() override { const std::string db_filename = get_arg("db"); @@ -39,6 +44,11 @@ class PSK_Tool_Set final : public PSK_Tool_Base public: PSK_Tool_Set() : PSK_Tool_Base("psk_set db db_key name psk") {} + std::string description() const override + { + return "Save a PSK encrypted in the database"; + } + private: void psk_operation(Botan::PSK_Database& db) override { @@ -53,6 +63,11 @@ class PSK_Tool_Get final : public PSK_Tool_Base public: PSK_Tool_Get() : PSK_Tool_Base("psk_get db db_key name") {} + std::string description() const override + { + return "Read a value saved with psk_set"; + } + private: void psk_operation(Botan::PSK_Database& db) override { @@ -67,6 +82,11 @@ class PSK_Tool_List final : public PSK_Tool_Base public: PSK_Tool_List() : PSK_Tool_Base("psk_list db db_key") {} + std::string description() const override + { + return "List all values saved to the database"; + } + private: void psk_operation(Botan::PSK_Database& db) override { diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index a6f77fe0cc..ec4dcab527 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -32,6 +32,16 @@ class PK_Fingerprint final : public Command public: PK_Fingerprint() : Command("fingerprint --algo=SHA-256 *keys") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Calculate a public key fingerprint"; + } + void go() override { const std::string hash_algo = get_arg("algo"); @@ -52,6 +62,16 @@ class PK_Keygen final : public Command public: PK_Keygen() : Command("keygen --algo=RSA --params= --passphrase= --pbe= --pbe-millis=300 --der-out") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Generate a PKCS #8 private key"; + } + void go() override { const std::string algo = get_arg("algo"); @@ -123,6 +143,16 @@ class PK_Sign final : public Command public: PK_Sign() : Command("sign --passphrase= --hash=SHA-256 --emsa= key file") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Sign arbitrary data"; + } + void go() override { std::unique_ptr key( @@ -158,6 +188,16 @@ class PK_Verify final : public Command public: PK_Verify() : Command("verify --hash=SHA-256 --emsa= pubkey file signature") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Verify the authenticity of the given file with the provided signature"; + } + void go() override { std::unique_ptr key(Botan::X509::load_key(get_arg("pubkey"))); @@ -194,6 +234,16 @@ class EC_Group_Info final : public Command public: EC_Group_Info() : Command("ec_group_info --pem name") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Print raw elliptic curve domain parameters of the standarized curve name"; + } + void go() override { Botan::EC_Group group(get_arg("name")); @@ -225,6 +275,16 @@ class DL_Group_Info final : public Command public: DL_Group_Info() : Command("dl_group_info --pem name") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Print raw Diffie-Hellman parameters (p,g) of the standarized DH group name"; + } + void go() override { Botan::DL_Group group(get_arg("name")); @@ -249,6 +309,16 @@ class Gen_DL_Group final : public Command public: Gen_DL_Group() : Command("gen_dl_group --pbits=1024 --qbits=0 --type=subgroup") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Generate ANSI X9.42 encoded Diffie-Hellman group parameters"; + } + void go() override { const size_t pbits = get_arg_sz("pbits"); @@ -281,6 +351,16 @@ class PKCS8_Tool final : public Command public: PKCS8_Tool() : Command("pkcs8 --pass-in= --pub-out --der-out --pass-out= --pbe= --pbe-millis=300 key") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Open a PKCS #8 formatted key"; + } + void go() override { std::unique_ptr key; diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index bb4a423441..e7e5d04447 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -649,6 +649,16 @@ class Speed final : public Command }; } + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Measures the speed of algorithms"; + } + void go() override { std::chrono::milliseconds msec(get_arg_sz("msec")); diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index d95df026cf..86c1572acf 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -346,6 +346,16 @@ class Timing_Test_Command final : public Command : Command("timing_test test_type --test-data-file= --test-data-dir=src/tests/data/timing " "--warmup-runs=1000 --measurement-runs=10000") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Run various timing side channel tests"; + } + void go() override { const std::string test_type = get_arg("test_type"); diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index ddc443614e..f7eb4ebe6f 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -46,6 +46,16 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks stop_sockets(); } + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Connect to a host using TLS/DTLS"; + } + void go() override { // TODO client cert auth diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp index 9669ee27cb..339cd2a676 100644 --- a/src/cli/tls_http_server.cpp +++ b/src/cli/tls_http_server.cpp @@ -466,6 +466,16 @@ class TLS_HTTP_Server final : public Command "--port=443 --policy= --threads=0 " "--session-db= --session-db-pass=") {} + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Provides a simple HTTP server"; + } + void go() override { const size_t listen_port = get_arg_sz("port"); diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index 2c5f6889d4..d9540d9d3f 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -411,6 +411,16 @@ class TLS_Proxy final : public Command TLS_Proxy() : Command("tls_proxy listen_port target_host target_port server_cert server_key " "--threads=0 --session-db= --session-db-pass=") {} + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Proxies requests between a TLS client and a TLS server"; + } + void go() override { const size_t listen_port = get_arg_sz("listen_port"); diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 44c69bf179..d4c027c079 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -36,6 +36,16 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks stop_sockets(); } + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Accept TLS/DTLS connections from TLS/DTLS clients"; + } + void go() override { const std::string server_crt = get_arg("cert"); diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index 7b2474a690..cc5a8549ca 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -88,6 +88,16 @@ class TLS_Ciphersuites final : public Command } } + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Lists all ciphersuites for a policy and TLS version"; + } + void go() override { const std::string policy_type = get_arg("policy"); @@ -134,6 +144,16 @@ class TLS_Client_Hello_Reader final : public Command TLS_Client_Hello_Reader() : Command("tls_client_hello --hex input") {} + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Parse a TLS client hello message"; + } + void go() override { const std::string input_file = get_arg("input"); diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 161cc24bf7..e0f2f4de4c 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -14,7 +14,11 @@ #include #include #include +#include #include +#include +#include +#include #if defined(BOTAN_HAS_BASE64_CODEC) #include @@ -37,19 +41,71 @@ class Print_Help final : public Command std::string help_text() const override { - std::ostringstream oss; + const std::set avail_commands = + Botan::map_keys_as_set(Botan_CLI::Command::global_registry()); - oss << "Usage: botan \n\n"; - oss << "All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed=\n\n"; - oss << "Available commands:\n"; + const std::map groups_description +#if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_MODES) + { { "encryption", "Encryption" }, +#endif +#if defined(BOTAN_HAS_COMPRESSION) + { "compression", "Compression" }, +#endif + { "hash", "Hash Functions" }, +#if defined(BOTAN_HAS_HMAC) + { "hmac", "HMAC" }, +#endif + { "numtheory", "Number Theory" }, +#if defined(BOTAN_HAS_BCRYPT) + { "passhash", "Password Hashing" }, +#endif +#if defined(BOTAN_HAS_PSK_DB) && defined(BOTAN_HAS_SQLITE3) + { "psk", "PSK Database" }, +#endif + { "pubkey", "Public Key Cryptography" }, +#if defined(BOTAN_HAS_TLS) + { "tls", "TLS" }, +#endif +#if defined(BOTAN_HAS_X509_CERTIFICATES) + { "x509", "X.509" }, +#endif + { "misc", "Miscellaneous" } + }; + + const std::set groups = + Botan::map_keys_as_set(groups_description); + + std::ostringstream oss; - for(const auto& cmd_name : Command::registered_cmds()) + oss << "Usage: botan \n"; + oss << "All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed=\n\n"; + oss << "Available commands:\n\n"; + + for(auto& cmd_group : groups) + { + oss << groups_description.at(cmd_group) << ":\n"; + for(auto& cmd_name : avail_commands) { - std::unique_ptr cmd = Command::get_cmd(cmd_name); - oss << " " << cmd->cmd_spec() << "\n"; + auto cmd = Botan_CLI::Command::get_cmd(cmd_name); + if(cmd->group() == cmd_group) + { + oss << " " << std::setw(16) << std::left << cmd->cmd_name() << " " << cmd->description() << "\n"; + } } + oss << "\n"; + } + + return oss.str(); + } + + std::string group() const override + { + return ""; + } - return oss.str(); + std::string description() const override + { + return "Prints a help string"; } void go() override @@ -75,6 +131,16 @@ class Config_Info final : public Command " libs: Print libraries\n"; } + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Print the used prefix, cflags, ldflags or libs"; + } + void go() override { const std::string arg = get_arg("info_type"); @@ -111,6 +177,16 @@ class Version_Info final : public Command public: Version_Info() : Command("version --full") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Print version info"; + } + void go() override { if(flag_set("full")) @@ -131,6 +207,16 @@ class Print_Cpuid final : public Command public: Print_Cpuid() : Command("cpuid") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "List available processor flags (aes_ni, SIMD extensions, ...)"; + } + void go() override { output() << "CPUID flags: " << Botan::CPUID::to_string() << "\n"; @@ -144,6 +230,16 @@ class Hash final : public Command public: Hash() : Command("hash --algo=SHA-256 --buf-size=4096 *files") {} + std::string group() const override + { + return "hash"; + } + + std::string description() const override + { + return "Compute the message digest of given file(s)"; + } + void go() override { const std::string hash_algo = get_arg("algo"); @@ -185,6 +281,16 @@ class RNG final : public Command public: RNG() : Command("rng --system --rdrand --auto --entropy --drbg --drbg-seed= *bytes") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Sample random bytes from the specified rng"; + } + void go() override { std::string type = get_arg("rng-type"); @@ -220,6 +326,16 @@ class HTTP_Get final : public Command public: HTTP_Get() : Command("http_get --redirects=1 --timeout=3000 url") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Retrieve resource from the passed http/https url"; + } + void go() override { const std::string url = get_arg("url"); @@ -241,6 +357,16 @@ class Hex_Encode final : public Command public: Hex_Encode() : Command("hex_enc file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Hex encode a given file"; + } + void go() override { auto hex_enc_f = [&](const uint8_t b[], size_t l) { output() << Botan::hex_encode(b, l); }; @@ -255,6 +381,16 @@ class Hex_Decode final : public Command public: Hex_Decode() : Command("hex_dec file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Hex decode a given file"; + } + void go() override { auto hex_dec_f = [&](const uint8_t b[], size_t l) @@ -278,6 +414,16 @@ class Base64_Encode final : public Command public: Base64_Encode() : Command("base64_enc file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Encode given file to Base64"; + } + void go() override { auto onData = [&](const uint8_t b[], size_t l) @@ -295,6 +441,16 @@ class Base64_Decode final : public Command public: Base64_Decode() : Command("base64_dec file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Decode Base64 encoded file"; + } + void go() override { auto write_bin = [&](const uint8_t b[], size_t l) @@ -318,6 +474,16 @@ class Generate_Bcrypt final : public Command public: Generate_Bcrypt() : Command("gen_bcrypt --work-factor=12 password") {} + std::string group() const override + { + return "passhash"; + } + + std::string description() const override + { + return "Calculate the bcrypt password digest of a given file"; + } + void go() override { const std::string password = get_arg("password"); @@ -342,6 +508,16 @@ class Check_Bcrypt final : public Command public: Check_Bcrypt() : Command("check_bcrypt password hash") {} + std::string group() const override + { + return "passhash"; + } + + std::string description() const override + { + return "Checks a given bcrypt hash against hash"; + } + void go() override { const std::string password = get_arg("password"); @@ -369,6 +545,16 @@ class HMAC final : public Command public: HMAC() : Command("hmac --hash=SHA-256 --buf-size=4096 key *files") {} + std::string group() const override + { + return "hmac"; + } + + std::string description() const override + { + return "Compute the HMAC tag of given file(s)"; + } + void go() override { const std::string hash_algo = get_arg("hash"); diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index 0feaad003e..ed9eb3d4f4 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -31,6 +31,16 @@ class Sign_Cert final : public Command : Command("sign_cert --ca-key-pass= --hash=SHA-256 " "--duration=365 --emsa= ca_cert ca_key pkcs10_req") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Create a CA-signed X.509 certificate from a PKCS #10 CSR"; + } + void go() override { Botan::X509_Certificate ca_cert(get_arg("ca_cert")); @@ -77,6 +87,16 @@ class Cert_Info final : public Command public: Cert_Info() : Command("cert_info --fingerprint --ber file") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Parse X.509 certificate and display data fields"; + } + void go() override { Botan::DataSource_Stream in(get_arg("file"), flag_set("ber")); @@ -120,6 +140,16 @@ class OCSP_Check final : public Command public: OCSP_Check() : Command("ocsp_check --timeout=3000 subject issuer") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Verify an X.509 certificate against the issuers OCSP responder"; + } + void go() override { Botan::X509_Certificate subject(get_arg("subject")); @@ -152,6 +182,16 @@ class Cert_Verify final : public Command public: Cert_Verify() : Command("cert_verify subject *ca_certs") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Verify if the passed X.509 certificate passes path validation"; + } + void go() override { Botan::X509_Certificate subject_cert(get_arg("subject")); @@ -189,6 +229,16 @@ class Gen_Self_Signed final : public Command : Command("gen_self_signed key CN --country= --dns= " "--organization= --email= --key-pass= --ca --hash=SHA-256 --emsa=") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Generate a self signed X.509 certificate"; + } + void go() override { std::unique_ptr key(Botan::PKCS8::load_key(get_arg("key"), rng(), get_arg("key-pass"))); @@ -227,6 +277,16 @@ class Generate_PKCS10 final : public Command : Command("gen_pkcs10 key CN --country= --organization= " "--email= --key-pass= --hash=SHA-256 --emsa=") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Generate a PKCS #10 certificate signing request (CSR)"; + } + void go() override { std::unique_ptr key(Botan::PKCS8::load_key(get_arg("key"), rng(), get_arg("key-pass"))); From 825d6b7ee98cd0cf8264f5019cd375221dfa0ef4 Mon Sep 17 00:00:00 2001 From: Daniel Wyatt Date: Thu, 4 Jan 2018 17:29:47 -0500 Subject: [PATCH 0509/1008] Change default userid for SM2 signatures. GM/T 0009-2012 apparently specifies that this should default to the 16-byte hex sequence 31,32,33,34,35,36,37,38,31,32,33,34,35,36,37,38. --- src/lib/pubkey/sm2/sm2.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 1b20ee6fac..28f455ba3d 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -214,6 +214,12 @@ SM2_Signature_PublicKey::create_verification_op(const std::string& params, hash = params.substr(comma+1, std::string::npos); } + if (userid.empty()) + { + // GM/T 0009-2012 specifies this as the default userid + userid = "1234567812345678"; + } + return std::unique_ptr(new SM2_Verification_Operation(*this, userid, hash)); } @@ -239,6 +245,12 @@ SM2_Signature_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, hash = params.substr(comma+1, std::string::npos); } + if (userid.empty()) + { + // GM/T 0009-2012 specifies this as the default userid + userid = "1234567812345678"; + } + return std::unique_ptr(new SM2_Signature_Operation(*this, userid, hash)); } From 833ba4128a72649e81c4aa830a3c2b5adcb902ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Fri, 5 Jan 2018 13:17:21 +0100 Subject: [PATCH 0510/1008] add (failing) regression test for '0xFF * 16' IV in CTR_BE(AES-256) --- src/tests/data/stream/ctr.vec | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/tests/data/stream/ctr.vec b/src/tests/data/stream/ctr.vec index 3eccc3cf6b..df24046834 100644 --- a/src/tests/data/stream/ctr.vec +++ b/src/tests/data/stream/ctr.vec @@ -1395,6 +1395,18 @@ Nonce = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF In = 10 Out = A6 +Seek = 0 +Key = 1337133713371337133713371337133713371337133713371337133713371337 +Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +In = 4C6F72656D20697073756D20646F6C6F722073697420616D65742C20636F6E73656374657475722061646970697363696E6720656C69742C2073656420646F20656975736D6F642074656D706F7220696E6369646964756E74207574206C61626F +Out = 7CF12B76148F0AF2A6B087518AAA60F77F438FCDB11DDE33ECE397CE6B949AEC4C51107B5662EB1EA72AE1511754EFD33A6A9715242F43F22DFA993D547FBEDDFCDED21F8E6E912D535A2826FF6DE012D14358ACAEB057EF155EC33B76F5752565 + +Seek = 0 +Key = 1337133713371337133713371337133713371337133713371337133713371337 +Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +In = 5669766572726120616363756D73616E20696E206E69736C206E697369207363656C6572697371756520657520756C74726963657320766974616520617563746F722E204574206D6F6C6573746965206163206665756769617420736564206C656374757320766573746962756C756D206D617474697320756C6C616D636F727065722076656C69742E2056697665727261206A7573746F206E656320756C747269636573206475692E2046617563696275732074757270697320696E206575206D6920626962656E64756D206E6571756520656765737461732E2041726375206F64696F2075742073656D206E756C6C612070686172657472612E204E756C6C6120706F737565726520736F6C6C696369747564696E20616C697175616D20756C747269636573207361676974746973206F7263692E20446F6E656320656E696D206469616D2076756C707574617465207574207068617265747261207369742E204E6563206E616D20616C697175616D2073656D2065742E20456C656966656E64207175616D2061646970697363696E672076697461652070726F696E207361676974746973206E69736C2E204E656320736167697474697320616C697175616D206D616C65737561646120626962656E64756D206172637520766974616520656C656D656E74756D206375726162697475722076697461652E2041656E65616E20657569736D6F6420656C656D656E74756D206E697369207175697320656C656966656E64207175616D2E20446F6C6F722073697420616D657420636F6E73656374657475722061646970697363696E672E20566974616520747572706973206D617373612073656420656C656D656E74756D2074656D70757320656765737461732E205068617265747261206D61676E6120616320706C61636572617420766573746962756C756D206C6563747573206D617572697320756C7472696365732E20496E2063757273757320747572706973206D617373612074696E636964756E74206475692075742E2041656E65616E20657420746F72746F722061742072697375732E20446F6E656320756C7472696365732074696E636964756E742061726375206E6F6E20736F64616C6573206E657175652E20557420616C697175616D2070757275732073697420616D6574206C75637475732076656E656E61746973206C65637475732E +Out = 66F72F760BDD02A2B4A6890483B66DF62D0A9284AB54CC32A9F9D29D61DB87FC4C5E016C4B64E84BA36EED545E52E0CE2664D4153B6641B779E89979156EB289F6C5894CA675D56048532025E476A55BDE4311AEA2A145E8000A963C33FD342B6FD5012945CFE8E55C3057FC838E60B43885AEBF70FD5FA8422D6E52324969A1E53BB47BFD139523715D72D79317C02A14684144DAF16AC65D050AA9A4ACAF82B7F2AC31A20592361DC872BEA0B46931C230D45767F9BEC35B8BA616677812EF3FBCD419872B4E7048C91AD93D1B66186EDC069FBD9AC26D0B25785D08E2E9385520812107069C3BE3C34EE9DD272EA56B8D35D9CB6A9496E0B4307AF3BE57AB75078A58181934BFF24CCA57EA9D3D1997C6A6D6F8B5453F799E74B09A01AAEA3F6E9CA00A70A1799475E72C40AB0D99529A0F99DE9393AEA7AD5883BCF533B79C9D34254993D67A77B17BA9C1C3F1E3F44C3E0DAAA13F72CA14332E08D739944559F05BDD4F63EB290894D3EA9E4BF4A863B35925E35CC4151E97AEE9935640792D3861E59BBF2B9B5D2709F692DE839E7E8829244AF0F54FA9C42429AD60236DDBBFBD134C40002A02EAE44D77639CF0CEF6B1813BC12ED8B577A46E2B808E5EF8452CD2E5A43F32166DE26EFBAC17CFD6DAF5C477F6D79C81E379E0EAC94E2FE34D191FC986109BB876A73671D4ACF59BF08ABF01D0A845FABB884E90E176293F903675381A8F12E4B5EA39ECCC59D0724A521922FE5BCA54D45A93F4326926C32FE465613FFBF2C69FCC382DE002D5200051A51744F010E16089A6DD8B2A7DCA6DFD6B6E6F4A04220E1A6B86CCD3C5C0B93326C37FA092EF1E531B544697F6316DD8F17EDCB5E0566C364FE814FF5B970A1BAA0D1911C7DA3203B2E6AB2ADD9858F0E31142713709F45C25CFE0E17BECA15ED4908AB3ED8775DA39A9DD83C6A5AED45F27E9B487B5315116589F73A8D54FBE24DC086D50BA0B915DC4F52B17705E82F6E65C8BFB35887BE779567E2257FC32C2AB85D03CB1C784C06651180E96A0B67F3211ACF40BD7FA6D43594E43688DF0E8A4141930E31928D8C3BB1F27CCB6D2B32C0814B5666DD67EC349DDF90B42EF4DA90A8BDD6DE480C4037230DC6BA0DB3CB6D321A382EC19B85244E6B3C41905D0DACB520D4EAE2E8A6F44A77822DA40621CAE77A4B4F70387B71F5EE2E30CC7563A39059A2C9174FA034E1899E54DCE4ACD82E5968FD8F1 + [CTR-BE(TripleDES)] Key = 88EC5C9E9F223D7FBA9B30756EF4599D456EC9862840CA14 Nonce = B49FDBD64C0714ED From 630c232a30fedfd23c7710407d5110eadf12b697 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Meusel?= Date: Fri, 5 Jan 2018 15:10:50 +0100 Subject: [PATCH 0511/1008] FIX: add carry bit to correct half-pad --- src/lib/stream/ctr/ctr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index 21e62fb4b5..c63bdebdcb 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -148,7 +148,7 @@ void CTR_BE::add_counter(const uint64_t counter) uint64_t b0 = load_be(&m_counter[off], 0); uint64_t b1 = load_be(&m_counter[off], 1); b1 += counter; - b1 += (b1 < counter) ? 1 : 0; // carry + b0 += (b1 < counter) ? 1 : 0; // carry store_be(b0, &m_counter[off]); store_be(b1, &m_counter[off+8]); off += BS; From 13d541130c89a8003f152ba6ab7f4e6b4ae0e432 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 5 Jan 2018 10:51:00 -0500 Subject: [PATCH 0512/1008] Add a test for CTR with 8 byte wide counters See #1389 --- src/tests/data/stream/ctr.vec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/tests/data/stream/ctr.vec b/src/tests/data/stream/ctr.vec index 3eccc3cf6b..d9626703e4 100644 --- a/src/tests/data/stream/ctr.vec +++ b/src/tests/data/stream/ctr.vec @@ -283,22 +283,26 @@ Out = 9D [CTR-BE(AES-128,4)] Key = 2B7E151628AED2A6ABF7158809CF4F3C Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 8AF2860142F786F409307C1A3F7EAAAC597D5761063D8BAD232CB0136888AABB90B8CF63F44412CEEE802A522AB6566313C5E10652749056AD2F02CE3BBF5BEC [CTR-BE(AES-128,5)] Key = 2B7E151628AED2A6ABF7158809CF4F3C Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 8AF2860142F786F409307C1A3F7EAAACE0828A20E49595A19191201820125CC1B976913097C4A3245CAB186AE3B581F173DFEE01730EBB880CB63C673CBD4FC1 [CTR-BE(AES-128,6)] Key = 2B7E151628AED2A6ABF7158809CF4F3C Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Out = 8AF2860142F786F409307C1A3F7EAAAC33E25A114853DFEA903DB7B182593CB439E12B65EBFE27B2C1557F1EAD7AB52F0D42E2BB9772747085DD8C2AF5F357BB +[CTR-BE(AES-128,8)] +# Generated by PyCrypto +Key = 00000000000000000000000000000000 +Nonce = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Out = 3f5b8cc9ea855a0afa7347d23e8d664ef807c3e7985fe0f5a50e2cdb25c5109edffafbc01de59440e1b410bd993463a03fbdec0cdb5311b5a73338d5abe70962e7d5dcb02ce42e8a8983e0a724d3827cdbe272ccdcd0db452a5df56ea930333d8991a8d562db15034a6ea17eccc662a98a1b2730dfbd805b5fd9b41d7ab7873cd829a2c9044d239c3e26f5a71722f9aca18d7b7c75080839dcf90a7702254439fac0456e662b4ad8b04e657015c6cc16745108185b597b8e1ae00d89899800b2f3995840ea9f7ed2531230da0610bbe46f9c3e68707cd6a0eed749d85734c65a93ca4f99a33cfadb694600d01810e31f73e6cbb39bb5da783568c91f24bd07c1fb5fa2ac5e662ed2a60a8f57766a4de843da20cf31333546bc455bb5e0451821bba771293442a8ad1a1aed2df0b24c9b4c95b6e3b1c10b3aacb71523c4ed53b8a63f3a13c99fc8f96cbef516f0f4d16d8f08171177e740960d8aa95b32b8ba01ed494e8b8c6bbb6c715c7c3c961e61e9574fe384f894e89ef6cca3d9570d3045006dcf21dcb66cdb99250bcdc92779e860f2ea0a4deb0bf42b335bd996c6f2eac5d6163b381aca25096da8044d48fa468310f2d74d3ca3fc0cdcf622d256ca2c216ce73f320ade801be0533618f53593153f3056a46051bf97617a8550714eb6d3afe6b72cace7a531d32c6704cd87f2516df0af87f2b054901c8e1bdb31e961 + [CTR-BE(AES-128)] + Key = 2B7E151628AED2A6ABF7158809CF4F3C Nonce = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF In = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17AD2B417BE66C3710 @@ -306,7 +310,6 @@ Out = 874D6191B620E3261BEF6864990DB6CE9806F66B7970FDFF8617187BB9FFFDFF5AE4DF3EDB Key = 2B7E151628AED2A6ABF7158809CF4F3C Nonce = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF -In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Out = EC8CDF7398607CB0F2D21675EA9EA1E4362B7C3C6773516318A077D7FC5073AE6A2CC3787889374FBEB4C81B17BA6C44E89C399FF0F198C6D40A31DB156CABFE Seek = 0 From 6af53b3f668bd82bbf454703c0e15590c447254c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 5 Jan 2018 14:50:27 -0500 Subject: [PATCH 0513/1008] Document how the website is updated [ci skip] --- doc/release_process.rst | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/doc/release_process.rst b/doc/release_process.rst index f20713d4f6..73565a02ee 100644 --- a/doc/release_process.rst +++ b/doc/release_process.rst @@ -39,8 +39,8 @@ tag the release with the version in git (eg tag '2.6.13', no prefix). Build The Release Tarballs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The release script is ``src/scripts/dist.py`` and must be -run from a git workspace. +The release script is ``src/scripts/dist.py`` and must be run from a +git workspace. $ src/scripts/dist.py 2.6.13 @@ -54,6 +54,19 @@ which is the official signing key. You can use ``--pgp-key-id=none`` to avoid creating any signature, though official distributed releases *should not* be released without signatures. +The releases served on the official site are taken from the contents +in a git repository:: + + $ git checkout git@botan.randombit.net:/srv/git/botan-releases.git + $ src/scripts/dist.py 2.6.13 --output-dir=botan-releases + $ cd botan-releases + $ sha256sum Botan-2.6.13.tgz >> sha256sums.txt + $ git add . + $ git commit -m "Release version 2.6.13" + $ git push origin master + +A cron job updates the live site every 10 minutes. + Build The Windows Installer ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -74,7 +87,15 @@ Update The Website ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The website content is created by ``src/scripts/website.py``. -Currently refreshing the website is a manual process. + +The website is mirrored automatically from a git repository which must be updated:: + + $ git checkout git@botan.randombit.net:/srv/git/botan-website.git + $ ./src/scripts/website.py --output botan-website + $ cd botan-website + $ git add . + $ git commit -m "Update for 2.6.13" + $ git push origin master Announce The Release ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From d6dae3f5f48605f102e9482a44ede89bb77568d1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 6 Jan 2018 17:30:01 -0500 Subject: [PATCH 0514/1008] Reformat donna.cpp Was originally kept in the same format as upstream, but upstream is not maintained anymore so no reason to stick with it. --- src/lib/pubkey/curve25519/donna.cpp | 821 ++++++++++++++-------------- src/lib/utils/donna128.h | 4 +- 2 files changed, 414 insertions(+), 411 deletions(-) diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 6807d56f69..4305ea1432 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -1,462 +1,465 @@ /* -* curve25519-donna-c64.c from github.com/agl/curve25519-donna +* Based on curve25519-donna-c64.c from github.com/agl/curve25519-donna * revision 80ad9b9930c9baef5829dd2a235b6b7646d32a8e +* +* Further changes +* (C) 2014,2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) */ /* Copyright 2008, Google Inc. - * All rights reserved. - * - * Code released into the public domain. - * - * curve25519-donna: Curve25519 elliptic curve, public key function - * - * https://code.google.com/p/curve25519-donna/ - * - * Adam Langley - * - * Derived from public domain C code by Daniel J. Bernstein - * - * More information about curve25519 can be found here - * https://cr.yp.to/ecdh.html - * - * djb's sample implementation of curve25519 is written in a special assembly - * language called qhasm and uses the floating point registers. - * - * This is, almost, a clean room reimplementation from the curve25519 paper. It - * uses many of the tricks described therein. Only the crecip function is taken - * from the sample implementation. - */ +* All rights reserved. +* +* Code released into the public domain. +* +* curve25519-donna: Curve25519 elliptic curve, public key function +* +* https://code.google.com/p/curve25519-donna/ +* +* Adam Langley +* +* Derived from public domain C code by Daniel J. Bernstein +* +* More information about curve25519 can be found here +* https://cr.yp.to/ecdh.html +* +* djb's sample implementation of curve25519 is written in a special assembly +* language called qhasm and uses the floating point registers. +* +* This is, almost, a clean room reimplementation from the curve25519 paper. It +* uses many of the tricks described therein. Only the crecip function is taken +* from the sample implementation. +*/ #include #include -#include #include +#include #include namespace Botan { -typedef uint8_t u8; -typedef uint64_t limb; -typedef limb felem[5]; - -typedef struct - { - limb* x; - limb* z; - } fmonty_pair_t; - -typedef struct - { - fmonty_pair_t q; - fmonty_pair_t q_dash; - const limb* q_minus_q_dash; - } fmonty_in_t; - -typedef struct - { - fmonty_pair_t two_q; - fmonty_pair_t q_plus_q_dash; - } fmonty_out_t; - +namespace { #if !defined(BOTAN_TARGET_HAS_NATIVE_UINT128) typedef donna128 uint128_t; #endif -/* Sum two numbers: output += in */ -static inline void -fsum(limb *output, const limb *in) { - output[0] += in[0]; - output[1] += in[1]; - output[2] += in[2]; - output[3] += in[3]; - output[4] += in[4]; -} - -/* Find the difference of two numbers: output = in - output - * (note the order of the arguments!) - * - * Assumes that out[i] < 2**52 - * On return, out[i] < 2**55 - */ -static inline void -fdifference_backwards(felem out, const felem in) { - /* 152 is 19 << 3 */ - static const limb two54m152 = (static_cast(1) << 54) - 152; - static const limb two54m8 = (static_cast(1) << 54) - 8; - - out[0] = in[0] + two54m152 - out[0]; - out[1] = in[1] + two54m8 - out[1]; - out[2] = in[2] + two54m8 - out[2]; - out[3] = in[3] + two54m8 - out[3]; - out[4] = in[4] + two54m8 - out[4]; -} - -/* Multiply a number by a scalar: output = in * scalar */ -static inline void -fscalar_product(felem output, const felem in, const limb scalar) { - uint128_t a = uint128_t(in[0]) * scalar; - output[0] = a & 0x7ffffffffffff; +struct fmonty_pair_t + { + uint64_t* x; + uint64_t* z; + }; - a = uint128_t(in[1]) * scalar + carry_shift(a, 51); - output[1] = a & 0x7ffffffffffff; +struct fmonty_in_t + { + fmonty_pair_t q; + fmonty_pair_t q_dash; + const uint64_t* q_minus_q_dash; + }; - a = uint128_t(in[2]) * scalar + carry_shift(a, 51); - output[2] = a & 0x7ffffffffffff; +struct fmonty_out_t + { + fmonty_pair_t two_q; + fmonty_pair_t q_plus_q_dash; + }; - a = uint128_t(in[3]) * scalar + carry_shift(a, 51); - output[3] = a & 0x7ffffffffffff; +/* Sum two numbers: output += in */ +inline void fsum(uint64_t out[5], const uint64_t in[5]) + { + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; + out[4] += in[4]; + } + +/* Find the difference of two numbers: out = in - out +* (note the order of the arguments!) +* +* Assumes that out[i] < 2**52 +* On return, out[i] < 2**55 +*/ +inline void fdifference_backwards(uint64_t out[5], const uint64_t in[5]) + { + /* 152 is 19 << 3 */ + const uint64_t two54m152 = (static_cast(1) << 54) - 152; + const uint64_t two54m8 = (static_cast(1) << 54) - 8; + + out[0] = in[0] + two54m152 - out[0]; + out[1] = in[1] + two54m8 - out[1]; + out[2] = in[2] + two54m8 - out[2]; + out[3] = in[3] + two54m8 - out[3]; + out[4] = in[4] + two54m8 - out[4]; + } + +/* Multiply a number by a scalar: out = in * scalar */ +inline void fscalar_product(uint64_t out[5], const uint64_t in[5], const uint64_t scalar) + { + uint128_t a = uint128_t(in[0]) * scalar; + out[0] = a & 0x7ffffffffffff; - a = uint128_t(in[4]) * scalar + carry_shift(a, 51); - output[4] = a & 0x7ffffffffffff; + a = uint128_t(in[1]) * scalar + carry_shift(a, 51); + out[1] = a & 0x7ffffffffffff; - output[0] += carry_shift(a, 51) * 19; -} + a = uint128_t(in[2]) * scalar + carry_shift(a, 51); + out[2] = a & 0x7ffffffffffff; -/* Multiply two numbers: output = in2 * in - * - * output must be distinct to both inputs. The inputs are reduced coefficient - * form, the output is not. - * - * Assumes that in[i] < 2**55 and likewise for in2. - * On return, output[i] < 2**52 - */ -static inline void -fmul(felem output, const felem in2, const felem in) { - uint128_t t[5]; - limb r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c; - - r0 = in[0]; - r1 = in[1]; - r2 = in[2]; - r3 = in[3]; - r4 = in[4]; - - s0 = in2[0]; - s1 = in2[1]; - s2 = in2[2]; - s3 = in2[3]; - s4 = in2[4]; - - t[0] = uint128_t(r0) * s0; - t[1] = uint128_t(r0) * s1 + uint128_t(r1) * s0; - t[2] = uint128_t(r0) * s2 + uint128_t(r2) * s0 + uint128_t(r1) * s1; - t[3] = uint128_t(r0) * s3 + uint128_t(r3) * s0 + uint128_t(r1) * s2 + uint128_t(r2) * s1; - t[4] = uint128_t(r0) * s4 + uint128_t(r4) * s0 + uint128_t(r3) * s1 + uint128_t(r1) * s3 + uint128_t(r2) * s2; - - r4 *= 19; - r1 *= 19; - r2 *= 19; - r3 *= 19; - - t[0] += uint128_t(r4) * s1 + uint128_t(r1) * s4 + uint128_t(r2) * s3 + uint128_t(r3) * s2; - t[1] += uint128_t(r4) * s2 + uint128_t(r2) * s4 + uint128_t(r3) * s3; - t[2] += uint128_t(r4) * s3 + uint128_t(r3) * s4; - t[3] += uint128_t(r4) * s4; - - r0 = t[0] & 0x7ffffffffffff; c = carry_shift(t[0], 51); - t[1] += c; r1 = t[1] & 0x7ffffffffffff; c = carry_shift(t[1], 51); - t[2] += c; r2 = t[2] & 0x7ffffffffffff; c = carry_shift(t[2], 51); - t[3] += c; r3 = t[3] & 0x7ffffffffffff; c = carry_shift(t[3], 51); - t[4] += c; r4 = t[4] & 0x7ffffffffffff; c = carry_shift(t[4], 51); - r0 += c * 19; c = carry_shift(r0, 51); r0 = r0 & 0x7ffffffffffff; - r1 += c; c = carry_shift(r1, 51); r1 = r1 & 0x7ffffffffffff; - r2 += c; - - output[0] = r0; - output[1] = r1; - output[2] = r2; - output[3] = r3; - output[4] = r4; -} + a = uint128_t(in[3]) * scalar + carry_shift(a, 51); + out[3] = a & 0x7ffffffffffff; -static inline void fsquare_times(felem output, const felem in, limb count) { - uint128_t t[5]; - limb r0,r1,r2,r3,r4,c; - limb d0,d1,d2,d4,d419; - - r0 = in[0]; - r1 = in[1]; - r2 = in[2]; - r3 = in[3]; - r4 = in[4]; - - do { - d0 = r0 * 2; - d1 = r1 * 2; - d2 = r2 * 2 * 19; - d419 = r4 * 19; - d4 = d419 * 2; - - t[0] = uint128_t(r0) * r0 + uint128_t(d4) * r1 + uint128_t(d2) * (r3 ); - t[1] = uint128_t(d0) * r1 + uint128_t(d4) * r2 + uint128_t(r3) * (r3 * 19); - t[2] = uint128_t(d0) * r2 + uint128_t(r1) * r1 + uint128_t(d4) * (r3 ); - t[3] = uint128_t(d0) * r3 + uint128_t(d1) * r2 + uint128_t(r4) * (d419 ); - t[4] = uint128_t(d0) * r4 + uint128_t(d1) * r3 + uint128_t(r2) * (r2 ); - - r0 = t[0] & 0x7ffffffffffff; c = carry_shift(t[0], 51); - t[1] += c; r1 = t[1] & 0x7ffffffffffff; c = carry_shift(t[1], 51); - t[2] += c; r2 = t[2] & 0x7ffffffffffff; c = carry_shift(t[2], 51); - t[3] += c; r3 = t[3] & 0x7ffffffffffff; c = carry_shift(t[3], 51); - t[4] += c; r4 = t[4] & 0x7ffffffffffff; c = carry_shift(t[4], 51); - r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; - r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; - r2 += c; - } while(--count); - - output[0] = r0; - output[1] = r1; - output[2] = r2; - output[3] = r3; - output[4] = r4; -} + a = uint128_t(in[4]) * scalar + carry_shift(a, 51); + out[4] = a & 0x7ffffffffffff; -/* Load a little-endian 64-bit number */ -static limb -load_limb(const u8 *in) { - return load_le(in, 0); -} + out[0] += carry_shift(a, 51) * 19; + } -static void -store_limb(u8 *out, limb in) { - store_le(in, out); -} +/* Multiply two numbers: out = in2 * in +* +* out must be distinct to both inputs. The inputs are reduced coefficient +* form, the out is not. +* +* Assumes that in[i] < 2**55 and likewise for in2. +* On return, out[i] < 2**52 +*/ +inline void fmul(uint64_t out[5], const uint64_t in2[5], const uint64_t in[5]) + { + uint128_t t[5]; + uint64_t r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c; + + r0 = in[0]; + r1 = in[1]; + r2 = in[2]; + r3 = in[3]; + r4 = in[4]; + + s0 = in2[0]; + s1 = in2[1]; + s2 = in2[2]; + s3 = in2[3]; + s4 = in2[4]; + + t[0] = uint128_t(r0) * s0; + t[1] = uint128_t(r0) * s1 + uint128_t(r1) * s0; + t[2] = uint128_t(r0) * s2 + uint128_t(r2) * s0 + uint128_t(r1) * s1; + t[3] = uint128_t(r0) * s3 + uint128_t(r3) * s0 + uint128_t(r1) * s2 + uint128_t(r2) * s1; + t[4] = uint128_t(r0) * s4 + uint128_t(r4) * s0 + uint128_t(r3) * s1 + uint128_t(r1) * s3 + uint128_t(r2) * s2; + + r4 *= 19; + r1 *= 19; + r2 *= 19; + r3 *= 19; + + t[0] += uint128_t(r4) * s1 + uint128_t(r1) * s4 + uint128_t(r2) * s3 + uint128_t(r3) * s2; + t[1] += uint128_t(r4) * s2 + uint128_t(r2) * s4 + uint128_t(r3) * s3; + t[2] += uint128_t(r4) * s3 + uint128_t(r3) * s4; + t[3] += uint128_t(r4) * s4; + + r0 = t[0] & 0x7ffffffffffff; c = carry_shift(t[0], 51); + t[1] += c; r1 = t[1] & 0x7ffffffffffff; c = carry_shift(t[1], 51); + t[2] += c; r2 = t[2] & 0x7ffffffffffff; c = carry_shift(t[2], 51); + t[3] += c; r3 = t[3] & 0x7ffffffffffff; c = carry_shift(t[3], 51); + t[4] += c; r4 = t[4] & 0x7ffffffffffff; c = carry_shift(t[4], 51); + r0 += c * 19; c = carry_shift(r0, 51); r0 = r0 & 0x7ffffffffffff; + r1 += c; c = carry_shift(r1, 51); r1 = r1 & 0x7ffffffffffff; + r2 += c; + + out[0] = r0; + out[1] = r1; + out[2] = r2; + out[3] = r3; + out[4] = r4; + } + +inline void fsquare_times(uint64_t out[5], const uint64_t in[5], size_t count) + { + uint64_t r0 = in[0]; + uint64_t r1 = in[1]; + uint64_t r2 = in[2]; + uint64_t r3 = in[3]; + uint64_t r4 = in[4]; + + for(size_t i = 0; i != count; ++i) + { + const uint64_t d0 = r0 * 2; + const uint64_t d1 = r1 * 2; + const uint64_t d2 = r2 * 2 * 19; + const uint64_t d419 = r4 * 19; + const uint64_t d4 = d419 * 2; + + uint128_t t0 = uint128_t(r0) * r0 + uint128_t(d4) * r1 + uint128_t(d2) * (r3 ); + uint128_t t1 = uint128_t(d0) * r1 + uint128_t(d4) * r2 + uint128_t(r3) * (r3 * 19); + uint128_t t2 = uint128_t(d0) * r2 + uint128_t(r1) * r1 + uint128_t(d4) * (r3 ); + uint128_t t3 = uint128_t(d0) * r3 + uint128_t(d1) * r2 + uint128_t(r4) * (d419 ); + uint128_t t4 = uint128_t(d0) * r4 + uint128_t(d1) * r3 + uint128_t(r2) * (r2 ); + + r0 = t0 & 0x7ffffffffffff; t1 += carry_shift(t0, 51); + r1 = t1 & 0x7ffffffffffff; t2 += carry_shift(t1, 51); + r2 = t2 & 0x7ffffffffffff; t3 += carry_shift(t2, 51); + r3 = t3 & 0x7ffffffffffff; t4 += carry_shift(t3, 51); + r4 = t4 & 0x7ffffffffffff; + + uint64_t c = carry_shift(t4, 51); + + r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; + r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; + r2 += c; + } + + out[0] = r0; + out[1] = r1; + out[2] = r2; + out[3] = r3; + out[4] = r4; + } /* Take a little-endian, 32-byte number and expand it into polynomial form */ -static void -fexpand(limb *output, const u8 *in) { - output[0] = load_limb(in) & 0x7ffffffffffff; - output[1] = (load_limb(in+6) >> 3) & 0x7ffffffffffff; - output[2] = (load_limb(in+12) >> 6) & 0x7ffffffffffff; - output[3] = (load_limb(in+19) >> 1) & 0x7ffffffffffff; - output[4] = (load_limb(in+24) >> 12) & 0x7ffffffffffff; -} +inline void fexpand(uint64_t *out, const uint8_t *in) + { + out[0] = load_le(in, 0) & 0x7ffffffffffff; + out[1] = (load_le(in+6, 0) >> 3) & 0x7ffffffffffff; + out[2] = (load_le(in+12, 0) >> 6) & 0x7ffffffffffff; + out[3] = (load_le(in+19, 0) >> 1) & 0x7ffffffffffff; + out[4] = (load_le(in+24, 0) >> 12) & 0x7ffffffffffff; + } /* Take a fully reduced polynomial form number and contract it into a - * little-endian, 32-byte array - */ -static void -fcontract(u8 *output, const felem input) { - uint128_t t[5]; - - t[0] = input[0]; - t[1] = input[1]; - t[2] = input[2]; - t[3] = input[3]; - t[4] = input[4]; - - t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; - t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; - t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; - t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; - t[0] += (t[4] >> 51) * 19; t[4] &= 0x7ffffffffffff; - - t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; - t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; - t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; - t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; - t[0] += (t[4] >> 51) * 19; t[4] &= 0x7ffffffffffff; - - /* now t is between 0 and 2^255-1, properly carried. */ - /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ - - t[0] += 19; - - t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; - t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; - t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; - t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; - t[0] += (t[4] >> 51) * 19; t[4] &= 0x7ffffffffffff; - - /* now between 19 and 2^255-1 in both cases, and offset by 19. */ - - t[0] += 0x8000000000000 - 19; - t[1] += 0x8000000000000 - 1; - t[2] += 0x8000000000000 - 1; - t[3] += 0x8000000000000 - 1; - t[4] += 0x8000000000000 - 1; - - /* now between 2^255 and 2^256-20, and offset by 2^255. */ - - t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; - t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; - t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; - t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; - t[4] &= 0x7ffffffffffff; - - store_limb(output, combine_lower(t[0], 0, t[1], 51)); - store_limb(output+8, combine_lower(t[1], 13, t[2], 38)); - store_limb(output+16, combine_lower(t[2], 26, t[3], 25)); - store_limb(output+24, combine_lower(t[3], 39, t[4], 12)); -} +* little-endian, 32-byte array +*/ +inline void fcontract(uint8_t *out, const uint64_t input[5]) + { + uint128_t t0 = input[0]; + uint128_t t1 = input[1]; + uint128_t t2 = input[2]; + uint128_t t3 = input[3]; + uint128_t t4 = input[4]; + + t1 += t0 >> 51; t0 &= 0x7ffffffffffff; + t2 += t1 >> 51; t1 &= 0x7ffffffffffff; + t3 += t2 >> 51; t2 &= 0x7ffffffffffff; + t4 += t3 >> 51; t3 &= 0x7ffffffffffff; + t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff; + + t1 += t0 >> 51; t0 &= 0x7ffffffffffff; + t2 += t1 >> 51; t1 &= 0x7ffffffffffff; + t3 += t2 >> 51; t2 &= 0x7ffffffffffff; + t4 += t3 >> 51; t3 &= 0x7ffffffffffff; + t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff; + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + + t0 += 19; + + t1 += t0 >> 51; t0 &= 0x7ffffffffffff; + t2 += t1 >> 51; t1 &= 0x7ffffffffffff; + t3 += t2 >> 51; t2 &= 0x7ffffffffffff; + t4 += t3 >> 51; t3 &= 0x7ffffffffffff; + t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff; + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + + t0 += 0x8000000000000 - 19; + t1 += 0x8000000000000 - 1; + t2 += 0x8000000000000 - 1; + t3 += 0x8000000000000 - 1; + t4 += 0x8000000000000 - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + + t1 += t0 >> 51; t0 &= 0x7ffffffffffff; + t2 += t1 >> 51; t1 &= 0x7ffffffffffff; + t3 += t2 >> 51; t2 &= 0x7ffffffffffff; + t4 += t3 >> 51; t3 &= 0x7ffffffffffff; + t4 &= 0x7ffffffffffff; + + store_le(out, + combine_lower(t0, 0, t1, 51), + combine_lower(t1, 13, t2, 38), + combine_lower(t2, 26, t3, 25), + combine_lower(t3, 39, t4, 12)); + } /* Input: Q, Q', Q-Q' - * Output: 2Q, Q+Q' - * - * result.two_q (2*Q): long form - * result.q_plus_q_dash (Q + Q): long form - * in.q: short form, destroyed - * in.q_dash: short form, destroyed - * in.q_minus_q_dash: short form, preserved - */ -static void +* Out: 2Q, Q+Q' +* +* result.two_q (2*Q): long form +* result.q_plus_q_dash (Q + Q): long form +* in.q: short form, destroyed +* in.q_dash: short form, destroyed +* in.q_minus_q_dash: short form, preserved +*/ +void fmonty(fmonty_out_t& result, fmonty_in_t& in) -{ - limb origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5], - zzprime[5], zzzprime[5]; - - copy_mem(origx, in.q.x, 5); - fsum(in.q.x, in.q.z); - fdifference_backwards(in.q.z, origx); // does x - z - - copy_mem(origxprime, in.q_dash.x, 5); - fsum(in.q_dash.x, in.q_dash.z); - fdifference_backwards(in.q_dash.z, origxprime); - fmul(xxprime, in.q_dash.x, in.q.z); - fmul(zzprime, in.q.x, in.q_dash.z); - copy_mem(origxprime, xxprime, 5); - fsum(xxprime, zzprime); - fdifference_backwards(zzprime, origxprime); - fsquare_times(result.q_plus_q_dash.x, xxprime, 1); - fsquare_times(zzzprime, zzprime, 1); - fmul(result.q_plus_q_dash.z, zzzprime, in.q_minus_q_dash); - - fsquare_times(xx, in.q.x, 1); - fsquare_times(zz, in.q.z, 1); - fmul(result.two_q.x, xx, zz); - fdifference_backwards(zz, xx); // does zz = xx - zz - fscalar_product(zzz, zz, 121665); - fsum(zzz, xx); - fmul(result.two_q.z, zz, zzz); -} + { + uint64_t origx[5]; + uint64_t origxprime[5]; + uint64_t zzz[5]; + uint64_t xx[5]; + uint64_t zz[5]; + uint64_t xxprime[5]; + uint64_t zzprime[5]; + uint64_t zzzprime[5]; + + copy_mem(origx, in.q.x, 5); + fsum(in.q.x, in.q.z); + fdifference_backwards(in.q.z, origx); // does x - z + + copy_mem(origxprime, in.q_dash.x, 5); + fsum(in.q_dash.x, in.q_dash.z); + fdifference_backwards(in.q_dash.z, origxprime); + fmul(xxprime, in.q_dash.x, in.q.z); + fmul(zzprime, in.q.x, in.q_dash.z); + copy_mem(origxprime, xxprime, 5); + fsum(xxprime, zzprime); + fdifference_backwards(zzprime, origxprime); + fsquare_times(result.q_plus_q_dash.x, xxprime, 1); + fsquare_times(zzzprime, zzprime, 1); + fmul(result.q_plus_q_dash.z, zzzprime, in.q_minus_q_dash); + + fsquare_times(xx, in.q.x, 1); + fsquare_times(zz, in.q.z, 1); + fmul(result.two_q.x, xx, zz); + fdifference_backwards(zz, xx); // does zz = xx - zz + fscalar_product(zzz, zz, 121665); + fsum(zzz, xx); + fmul(result.two_q.z, zz, zzz); + } // ----------------------------------------------------------------------------- -// Maybe swap the contents of two limb arrays (@a and @b), each @len elements +// Maybe swap the contents of two uint64_t arrays (@a and @b), each @len elements // long. Perform the swap iff @swap is non-zero. // // This function performs the swap without leaking any side-channel // information. // ----------------------------------------------------------------------------- -static void -swap_conditional(limb a[5], limb b[5], limb iswap) { - unsigned i; - const limb swap = static_cast(-iswap); - - for (i = 0; i < 5; ++i) { - const limb x = swap & (a[i] ^ b[i]); - a[i] ^= x; - b[i] ^= x; - } -} +void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t iswap) + { + const uint64_t swap = static_cast(-iswap); + + for(size_t i = 0; i < 5; ++i) + { + const uint64_t x = swap & (a[i] ^ b[i]); + a[i] ^= x; + b[i] ^= x; + } + } /* Calculates nQ where Q is the x-coordinate of a point on the curve - * - * resultx/resultz: the x coordinate of the resulting curve point (short form) - * n: a little endian, 32-byte number - * q: a point of the curve (short form) - */ -static void -cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { - limb a[5] = {0}, b[5] = {1}, c[5] = {1}, d[5] = {0}; - limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t; - limb e[5] = {0}, f[5] = {1}, g[5] = {0}, h[5] = {1}; - limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h; - - unsigned i, j; - - copy_mem(nqpqx, q, 5); - - for (i = 0; i < 32; ++i) { - u8 byteval = n[31 - i]; - for (j = 0; j < 8; ++j) { - const limb bit = byteval >> 7; - - swap_conditional(nqx, nqpqx, bit); - swap_conditional(nqz, nqpqz, bit); - - fmonty_out_t result { {nqx2, nqz2}, {nqpqx2, nqpqz2} }; - fmonty_in_t in { { nqx, nqz }, { nqpqx, nqpqz }, q }; - fmonty(result, in); - swap_conditional(nqx2, nqpqx2, bit); - swap_conditional(nqz2, nqpqz2, bit); - - t = nqx; - nqx = nqx2; - nqx2 = t; - t = nqz; - nqz = nqz2; - nqz2 = t; - t = nqpqx; - nqpqx = nqpqx2; - nqpqx2 = t; - t = nqpqz; - nqpqz = nqpqz2; - nqpqz2 = t; - - byteval <<= 1; - } - } - - copy_mem(resultx, nqx, 5); - copy_mem(resultz, nqz, 5); -} +* +* resultx/resultz: the x coordinate of the resulting curve point (short form) +* n: a little endian, 32-byte number +* q: a point of the curve (short form) +*/ +void cmult(uint64_t *resultx, uint64_t *resultz, const uint8_t *n, const uint64_t *q) + { + uint64_t a[5] = {0}; + uint64_t b[5] = {1}; + uint64_t c[5] = {1}; + uint64_t d[5] = {0}; + uint64_t e[5] = {0}; + uint64_t f[5] = {1}; + uint64_t g[5] = {0}; + uint64_t h[5] = {1}; + + uint64_t *nqpqx = a; + uint64_t *nqpqz = b; + uint64_t *nqx = c; + uint64_t *nqz = d; + uint64_t *nqpqx2 = e; + uint64_t *nqpqz2 = f; + uint64_t *nqx2 = g; + uint64_t *nqz2 = h; + + copy_mem(nqpqx, q, 5); + + for(size_t i = 0; i < 32; ++i) + { + for(size_t j = 0; j < 8; ++j) + { + const uint64_t bit = (n[31 - i] >> (7-j)) & 1; + + swap_conditional(nqx, nqpqx, bit); + swap_conditional(nqz, nqpqz, bit); + + fmonty_out_t result { {nqx2, nqz2}, {nqpqx2, nqpqz2} }; + fmonty_in_t in { { nqx, nqz }, { nqpqx, nqpqz }, q }; + fmonty(result, in); + swap_conditional(nqx2, nqpqx2, bit); + swap_conditional(nqz2, nqpqz2, bit); + + std::swap(nqx, nqx2); + std::swap(nqz, nqz2); + std::swap(nqpqx, nqpqx2); + std::swap(nqpqz, nqpqz2); + } + } + + copy_mem(resultx, nqx, 5); + copy_mem(resultz, nqz, 5); + } // ----------------------------------------------------------------------------- // Shamelessly copied from djb's code, tightened a little // ----------------------------------------------------------------------------- -static void -crecip(felem out, const felem z) { - felem a,t0,b,c; - - /* 2 */ fsquare_times(a, z, 1); // a = 2 - /* 8 */ fsquare_times(t0, a, 2); - /* 9 */ fmul(b, t0, z); // b = 9 - /* 11 */ fmul(a, b, a); // a = 11 - /* 22 */ fsquare_times(t0, a, 1); - /* 2^5 - 2^0 = 31 */ fmul(b, t0, b); - /* 2^10 - 2^5 */ fsquare_times(t0, b, 5); - /* 2^10 - 2^0 */ fmul(b, t0, b); - /* 2^20 - 2^10 */ fsquare_times(t0, b, 10); - /* 2^20 - 2^0 */ fmul(c, t0, b); - /* 2^40 - 2^20 */ fsquare_times(t0, c, 20); - /* 2^40 - 2^0 */ fmul(t0, t0, c); - /* 2^50 - 2^10 */ fsquare_times(t0, t0, 10); - /* 2^50 - 2^0 */ fmul(b, t0, b); - /* 2^100 - 2^50 */ fsquare_times(t0, b, 50); - /* 2^100 - 2^0 */ fmul(c, t0, b); - /* 2^200 - 2^100 */ fsquare_times(t0, c, 100); - /* 2^200 - 2^0 */ fmul(t0, t0, c); - /* 2^250 - 2^50 */ fsquare_times(t0, t0, 50); - /* 2^250 - 2^0 */ fmul(t0, t0, b); - /* 2^255 - 2^5 */ fsquare_times(t0, t0, 5); - /* 2^255 - 21 */ fmul(out, t0, a); +void crecip(uint64_t out[5], const uint64_t z[5]) + { + uint64_t a[5]; + uint64_t b[5]; + uint64_t c[5]; + uint64_t t0[5]; + + /* 2 */ fsquare_times(a, z, 1); // a = 2 + /* 8 */ fsquare_times(t0, a, 2); + /* 9 */ fmul(b, t0, z); // b = 9 + /* 11 */ fmul(a, b, a); // a = 11 + /* 22 */ fsquare_times(t0, a, 1); + /* 2^5 - 2^0 = 31 */ fmul(b, t0, b); + /* 2^10 - 2^5 */ fsquare_times(t0, b, 5); + /* 2^10 - 2^0 */ fmul(b, t0, b); + /* 2^20 - 2^10 */ fsquare_times(t0, b, 10); + /* 2^20 - 2^0 */ fmul(c, t0, b); + /* 2^40 - 2^20 */ fsquare_times(t0, c, 20); + /* 2^40 - 2^0 */ fmul(t0, t0, c); + /* 2^50 - 2^10 */ fsquare_times(t0, t0, 10); + /* 2^50 - 2^0 */ fmul(b, t0, b); + /* 2^100 - 2^50 */ fsquare_times(t0, b, 50); + /* 2^100 - 2^0 */ fmul(c, t0, b); + /* 2^200 - 2^100 */ fsquare_times(t0, c, 100); + /* 2^200 - 2^0 */ fmul(t0, t0, c); + /* 2^250 - 2^50 */ fsquare_times(t0, t0, 50); + /* 2^250 - 2^0 */ fmul(t0, t0, b); + /* 2^255 - 2^5 */ fsquare_times(t0, t0, 5); + /* 2^255 - 21 */ fmul(out, t0, a); + } + } void -curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) { - - CT::poison(secret, 32); - CT::poison(basepoint, 32); - - limb bp[5], x[5], z[5], zmone[5]; - uint8_t e[32]; - int i; - - for (i = 0;i < 32;++i) e[i] = secret[i]; - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - - fexpand(bp, basepoint); - cmult(x, z, e, bp); - crecip(zmone, z); - fmul(z, x, zmone); - fcontract(mypublic, z); - - CT::unpoison(secret, 32); - CT::unpoison(basepoint, 32); - CT::unpoison(mypublic, 32); -} +curve25519_donna(uint8_t *mypublic, const uint8_t *secret, const uint8_t *basepoint) + { + CT::poison(secret, 32); + CT::poison(basepoint, 32); + + uint64_t bp[5], x[5], z[5], zmone[5]; + uint8_t e[32]; + + copy_mem(e, secret, 32); + e[ 0] &= 248; + e[31] &= 127; + e[31] |= 64; + + fexpand(bp, basepoint); + cmult(x, z, e, bp); + crecip(zmone, z); + fmul(z, x, zmone); + fcontract(mypublic, z); + + CT::unpoison(secret, 32); + CT::unpoison(basepoint, 32); + CT::unpoison(mypublic, 32); + } } diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h index 53e0a085bf..feaf11d057 100644 --- a/src/lib/utils/donna128.h +++ b/src/lib/utils/donna128.h @@ -114,7 +114,7 @@ inline uint64_t carry_shift(const donna128& a, size_t shift) } inline uint64_t combine_lower(const donna128& a, size_t s1, - const donna128& b, size_t s2) + const donna128& b, size_t s2) { donna128 z = (a >> s1) | (b << s2); return z.lo(); @@ -127,7 +127,7 @@ inline uint64_t carry_shift(const uint128_t a, size_t shift) } inline uint64_t combine_lower(const uint128_t a, size_t s1, - const uint128_t b, size_t s2) + const uint128_t b, size_t s2) { return static_cast((a >> s1) | (b << s2)); } From 2b6ed60e0af4011475400db1d2df8792fcd2c5bd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 6 Jan 2018 17:50:51 -0500 Subject: [PATCH 0515/1008] Unroll the inner loop of cmult Allows merging redundant conditional swaps and elimiates the pointer indirections. --- src/lib/pubkey/curve25519/donna.cpp | 162 ++++++++++++++-------------- 1 file changed, 84 insertions(+), 78 deletions(-) diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 4305ea1432..4b5ce12960 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -46,25 +46,6 @@ namespace { typedef donna128 uint128_t; #endif -struct fmonty_pair_t - { - uint64_t* x; - uint64_t* z; - }; - -struct fmonty_in_t - { - fmonty_pair_t q; - fmonty_pair_t q_dash; - const uint64_t* q_minus_q_dash; - }; - -struct fmonty_out_t - { - fmonty_pair_t two_q; - fmonty_pair_t q_plus_q_dash; - }; - /* Sum two numbers: output += in */ inline void fsum(uint64_t out[5], const uint64_t in[5]) { @@ -286,12 +267,20 @@ inline void fcontract(uint8_t *out, const uint64_t input[5]) * * result.two_q (2*Q): long form * result.q_plus_q_dash (Q + Q): long form -* in.q: short form, destroyed -* in.q_dash: short form, destroyed -* in.q_minus_q_dash: short form, preserved +* in_q: short form, destroyed +* in_q_dash: short form, destroyed +* in_q_minus_q_dash: short form, preserved */ -void -fmonty(fmonty_out_t& result, fmonty_in_t& in) + +void fmonty(uint64_t result_two_q_x[5], + uint64_t result_two_q_z[5], + uint64_t result_q_plus_q_dash_x[5], + uint64_t result_q_plus_q_dash_z[5], + uint64_t in_q_x[5], + uint64_t in_q_z[5], + uint64_t in_q_dash_x[5], + uint64_t in_q_dash_z[5], + const uint64_t q_minus_q_dash[5]) { uint64_t origx[5]; uint64_t origxprime[5]; @@ -302,29 +291,29 @@ fmonty(fmonty_out_t& result, fmonty_in_t& in) uint64_t zzprime[5]; uint64_t zzzprime[5]; - copy_mem(origx, in.q.x, 5); - fsum(in.q.x, in.q.z); - fdifference_backwards(in.q.z, origx); // does x - z + copy_mem(origx, in_q_x, 5); + fsum(in_q_x, in_q_z); + fdifference_backwards(in_q_z, origx); // does x - z - copy_mem(origxprime, in.q_dash.x, 5); - fsum(in.q_dash.x, in.q_dash.z); - fdifference_backwards(in.q_dash.z, origxprime); - fmul(xxprime, in.q_dash.x, in.q.z); - fmul(zzprime, in.q.x, in.q_dash.z); + copy_mem(origxprime, in_q_dash_x, 5); + fsum(in_q_dash_x, in_q_dash_z); + fdifference_backwards(in_q_dash_z, origxprime); + fmul(xxprime, in_q_dash_x, in_q_z); + fmul(zzprime, in_q_x, in_q_dash_z); copy_mem(origxprime, xxprime, 5); fsum(xxprime, zzprime); fdifference_backwards(zzprime, origxprime); - fsquare_times(result.q_plus_q_dash.x, xxprime, 1); + fsquare_times(result_q_plus_q_dash_x, xxprime, 1); fsquare_times(zzzprime, zzprime, 1); - fmul(result.q_plus_q_dash.z, zzzprime, in.q_minus_q_dash); + fmul(result_q_plus_q_dash_z, zzzprime, q_minus_q_dash); - fsquare_times(xx, in.q.x, 1); - fsquare_times(zz, in.q.z, 1); - fmul(result.two_q.x, xx, zz); + fsquare_times(xx, in_q_x, 1); + fsquare_times(zz, in_q_z, 1); + fmul(result_two_q_x, xx, zz); fdifference_backwards(zz, xx); // does zz = xx - zz fscalar_product(zzz, zz, 121665); fsum(zzz, xx); - fmul(result.two_q.z, zz, zzz); + fmul(result_two_q_z, zz, zzz); } // ----------------------------------------------------------------------------- @@ -352,52 +341,69 @@ void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t iswap) * n: a little endian, 32-byte number * q: a point of the curve (short form) */ -void cmult(uint64_t *resultx, uint64_t *resultz, const uint8_t *n, const uint64_t *q) +void cmult(uint64_t resultx[5], uint64_t resultz[5], const uint8_t n[32], const uint64_t q[5]) { - uint64_t a[5] = {0}; - uint64_t b[5] = {1}; - uint64_t c[5] = {1}; - uint64_t d[5] = {0}; - uint64_t e[5] = {0}; - uint64_t f[5] = {1}; - uint64_t g[5] = {0}; - uint64_t h[5] = {1}; - - uint64_t *nqpqx = a; - uint64_t *nqpqz = b; - uint64_t *nqx = c; - uint64_t *nqz = d; - uint64_t *nqpqx2 = e; - uint64_t *nqpqz2 = f; - uint64_t *nqx2 = g; - uint64_t *nqz2 = h; - - copy_mem(nqpqx, q, 5); + uint64_t a[5] = {0}; // nqpqx + uint64_t b[5] = {1}; // npqpz + uint64_t c[5] = {1}; // nqx + uint64_t d[5] = {0}; // nqz + uint64_t e[5] = {0}; // npqqx2 + uint64_t f[5] = {1}; // npqqz2 + uint64_t g[5] = {0}; // nqx2 + uint64_t h[5] = {1}; // nqz2 + + copy_mem(a, q, 5); for(size_t i = 0; i < 32; ++i) { - for(size_t j = 0; j < 8; ++j) - { - const uint64_t bit = (n[31 - i] >> (7-j)) & 1; - - swap_conditional(nqx, nqpqx, bit); - swap_conditional(nqz, nqpqz, bit); - - fmonty_out_t result { {nqx2, nqz2}, {nqpqx2, nqpqz2} }; - fmonty_in_t in { { nqx, nqz }, { nqpqx, nqpqz }, q }; - fmonty(result, in); - swap_conditional(nqx2, nqpqx2, bit); - swap_conditional(nqz2, nqpqz2, bit); - - std::swap(nqx, nqx2); - std::swap(nqz, nqz2); - std::swap(nqpqx, nqpqx2); - std::swap(nqpqz, nqpqz2); - } + const uint64_t bit0 = (n[31 - i] >> (7)) & 1; + const uint64_t bit1 = (n[31 - i] >> (6)) & 1; + const uint64_t bit2 = (n[31 - i] >> (5)) & 1; + const uint64_t bit3 = (n[31 - i] >> (4)) & 1; + const uint64_t bit4 = (n[31 - i] >> (3)) & 1; + const uint64_t bit5 = (n[31 - i] >> (2)) & 1; + const uint64_t bit6 = (n[31 - i] >> (1)) & 1; + const uint64_t bit7 = (n[31 - i] >> (0)) & 1; + + swap_conditional(c, a, bit0); + swap_conditional(d, b, bit0); + fmonty(g, h, e, f, c, d, a, b, q); + + swap_conditional(g, e, bit0 ^ bit1); + swap_conditional(h, f, bit0 ^ bit1); + fmonty(c, d, a, b, g, h, e, f, q); + + swap_conditional(c, a, bit1 ^ bit2); + swap_conditional(d, b, bit1 ^ bit2); + fmonty(g, h, e, f, c, d, a, b, q); + + swap_conditional(g, e, bit2 ^ bit3); + swap_conditional(h, f, bit2 ^ bit3); + fmonty(c, d, a, b, g, h, e, f, q); + + swap_conditional(c, a, bit3 ^ bit4); + swap_conditional(d, b, bit3 ^ bit4); + + fmonty(g, h, e, f, c, d, a, b, q); + + swap_conditional(g, e, bit4 ^ bit5); + swap_conditional(h, f, bit4 ^ bit5); + fmonty(c, d, a, b, g, h, e, f, q); + + swap_conditional(c, a, bit5 ^ bit6); + swap_conditional(d, b, bit5 ^ bit6); + fmonty(g, h, e, f, c, d, a, b, q); + + swap_conditional(g, e, bit6 ^ bit7); + swap_conditional(h, f, bit6 ^ bit7); + fmonty(c, d, a, b, g, h, e, f, q); + + swap_conditional(c, a, bit7); + swap_conditional(d, b, bit7); } - copy_mem(resultx, nqx, 5); - copy_mem(resultz, nqz, 5); + copy_mem(resultx, c, 5); + copy_mem(resultz, d, 5); } From ec1cfdd6b83782ac31bc66023145e90192442911 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 6 Jan 2018 18:00:20 -0500 Subject: [PATCH 0516/1008] Cleanups --- src/lib/pubkey/curve25519/donna.cpp | 175 ++++++++++++++-------------- 1 file changed, 89 insertions(+), 86 deletions(-) diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 4b5ce12960..53ab220bda 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -75,6 +75,16 @@ inline void fdifference_backwards(uint64_t out[5], const uint64_t in[5]) out[4] = in[4] + two54m8 - out[4]; } +inline void fadd_sub(uint64_t x[5], + uint64_t y[5]) + { + // TODO merge these and avoid the tmp array + uint64_t tmp[5]; + copy_mem(tmp, y, 5); + fsum(y, x); + fdifference_backwards(x, tmp); // does x - z + } + /* Multiply a number by a scalar: out = in * scalar */ inline void fscalar_product(uint64_t out[5], const uint64_t in[5], const uint64_t scalar) { @@ -99,52 +109,50 @@ inline void fscalar_product(uint64_t out[5], const uint64_t in[5], const uint64_ /* Multiply two numbers: out = in2 * in * * out must be distinct to both inputs. The inputs are reduced coefficient -* form, the out is not. +* form, the output is not. * * Assumes that in[i] < 2**55 and likewise for in2. * On return, out[i] < 2**52 */ -inline void fmul(uint64_t out[5], const uint64_t in2[5], const uint64_t in[5]) +inline void fmul(uint64_t out[5], const uint64_t in[5], const uint64_t in2[5]) { - uint128_t t[5]; - uint64_t r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c; - - r0 = in[0]; - r1 = in[1]; - r2 = in[2]; - r3 = in[3]; - r4 = in[4]; - - s0 = in2[0]; - s1 = in2[1]; - s2 = in2[2]; - s3 = in2[3]; - s4 = in2[4]; - - t[0] = uint128_t(r0) * s0; - t[1] = uint128_t(r0) * s1 + uint128_t(r1) * s0; - t[2] = uint128_t(r0) * s2 + uint128_t(r2) * s0 + uint128_t(r1) * s1; - t[3] = uint128_t(r0) * s3 + uint128_t(r3) * s0 + uint128_t(r1) * s2 + uint128_t(r2) * s1; - t[4] = uint128_t(r0) * s4 + uint128_t(r4) * s0 + uint128_t(r3) * s1 + uint128_t(r1) * s3 + uint128_t(r2) * s2; + const uint128_t s0 = in2[0]; + const uint128_t s1 = in2[1]; + const uint128_t s2 = in2[2]; + const uint128_t s3 = in2[3]; + const uint128_t s4 = in2[4]; + + uint64_t r0 = in[0]; + uint64_t r1 = in[1]; + uint64_t r2 = in[2]; + uint64_t r3 = in[3]; + uint64_t r4 = in[4]; + + uint128_t t0 = r0 * s0; + uint128_t t1 = r0 * s1 + r1 * s0; + uint128_t t2 = r0 * s2 + r2 * s0 + r1 * s1; + uint128_t t3 = r0 * s3 + r3 * s0 + r1 * s2 + r2 * s1; + uint128_t t4 = r0 * s4 + r4 * s0 + r3 * s1 + r1 * s3 + r2 * s2; r4 *= 19; r1 *= 19; r2 *= 19; r3 *= 19; - t[0] += uint128_t(r4) * s1 + uint128_t(r1) * s4 + uint128_t(r2) * s3 + uint128_t(r3) * s2; - t[1] += uint128_t(r4) * s2 + uint128_t(r2) * s4 + uint128_t(r3) * s3; - t[2] += uint128_t(r4) * s3 + uint128_t(r3) * s4; - t[3] += uint128_t(r4) * s4; + t0 += r4 * s1 + r1 * s4 + r2 * s3 + r3 * s2; + t1 += r4 * s2 + r2 * s4 + r3 * s3; + t2 += r4 * s3 + r3 * s4; + t3 += r4 * s4; - r0 = t[0] & 0x7ffffffffffff; c = carry_shift(t[0], 51); - t[1] += c; r1 = t[1] & 0x7ffffffffffff; c = carry_shift(t[1], 51); - t[2] += c; r2 = t[2] & 0x7ffffffffffff; c = carry_shift(t[2], 51); - t[3] += c; r3 = t[3] & 0x7ffffffffffff; c = carry_shift(t[3], 51); - t[4] += c; r4 = t[4] & 0x7ffffffffffff; c = carry_shift(t[4], 51); - r0 += c * 19; c = carry_shift(r0, 51); r0 = r0 & 0x7ffffffffffff; - r1 += c; c = carry_shift(r1, 51); r1 = r1 & 0x7ffffffffffff; - r2 += c; + r0 = t0 & 0x7ffffffffffff; t1 += carry_shift(t0, 51); + r1 = t1 & 0x7ffffffffffff; t2 += carry_shift(t1, 51); + r2 = t2 & 0x7ffffffffffff; t3 += carry_shift(t2, 51); + r3 = t3 & 0x7ffffffffffff; t4 += carry_shift(t3, 51); + r4 = t4 & 0x7ffffffffffff; uint64_t c = carry_shift(t4, 51); + + r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; + r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; + r2 += c; out[0] = r0; out[1] = r1; @@ -179,13 +187,11 @@ inline void fsquare_times(uint64_t out[5], const uint64_t in[5], size_t count) r1 = t1 & 0x7ffffffffffff; t2 += carry_shift(t1, 51); r2 = t2 & 0x7ffffffffffff; t3 += carry_shift(t2, 51); r3 = t3 & 0x7ffffffffffff; t4 += carry_shift(t3, 51); - r4 = t4 & 0x7ffffffffffff; - - uint64_t c = carry_shift(t4, 51); + r4 = t4 & 0x7ffffffffffff; uint64_t c = carry_shift(t4, 51); - r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; - r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; - r2 += c; + r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; + r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; + r2 += c; } out[0] = r0; @@ -195,6 +201,11 @@ inline void fsquare_times(uint64_t out[5], const uint64_t in[5], size_t count) out[4] = r4; } +inline void fsquare(uint64_t out[5], const uint64_t in[5]) + { + return fsquare_times(out, in, 1); + } + /* Take a little-endian, 32-byte number and expand it into polynomial form */ inline void fexpand(uint64_t *out, const uint8_t *in) { @@ -216,17 +227,14 @@ inline void fcontract(uint8_t *out, const uint64_t input[5]) uint128_t t3 = input[3]; uint128_t t4 = input[4]; - t1 += t0 >> 51; t0 &= 0x7ffffffffffff; - t2 += t1 >> 51; t1 &= 0x7ffffffffffff; - t3 += t2 >> 51; t2 &= 0x7ffffffffffff; - t4 += t3 >> 51; t3 &= 0x7ffffffffffff; - t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff; - - t1 += t0 >> 51; t0 &= 0x7ffffffffffff; - t2 += t1 >> 51; t1 &= 0x7ffffffffffff; - t3 += t2 >> 51; t2 &= 0x7ffffffffffff; - t4 += t3 >> 51; t3 &= 0x7ffffffffffff; - t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff; + for(size_t i = 0; i != 2; ++i) + { + t1 += t0 >> 51; t0 &= 0x7ffffffffffff; + t2 += t1 >> 51; t1 &= 0x7ffffffffffff; + t3 += t2 >> 51; t2 &= 0x7ffffffffffff; + t4 += t3 >> 51; t3 &= 0x7ffffffffffff; + t0 += (t4 >> 51) * 19; t4 &= 0x7ffffffffffff; + } /* now t is between 0 and 2^255-1, properly carried. */ /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ @@ -282,8 +290,6 @@ void fmonty(uint64_t result_two_q_x[5], uint64_t in_q_dash_z[5], const uint64_t q_minus_q_dash[5]) { - uint64_t origx[5]; - uint64_t origxprime[5]; uint64_t zzz[5]; uint64_t xx[5]; uint64_t zz[5]; @@ -291,38 +297,36 @@ void fmonty(uint64_t result_two_q_x[5], uint64_t zzprime[5]; uint64_t zzzprime[5]; - copy_mem(origx, in_q_x, 5); - fsum(in_q_x, in_q_z); - fdifference_backwards(in_q_z, origx); // does x - z + fadd_sub(in_q_z, in_q_x); + fadd_sub(in_q_dash_z, in_q_dash_x); - copy_mem(origxprime, in_q_dash_x, 5); - fsum(in_q_dash_x, in_q_dash_z); - fdifference_backwards(in_q_dash_z, origxprime); fmul(xxprime, in_q_dash_x, in_q_z); - fmul(zzprime, in_q_x, in_q_dash_z); - copy_mem(origxprime, xxprime, 5); - fsum(xxprime, zzprime); - fdifference_backwards(zzprime, origxprime); - fsquare_times(result_q_plus_q_dash_x, xxprime, 1); - fsquare_times(zzzprime, zzprime, 1); + fmul(zzprime, in_q_dash_z, in_q_x); + + fadd_sub(zzprime, xxprime); + + fsquare(result_q_plus_q_dash_x, xxprime); + fsquare(zzzprime, zzprime); fmul(result_q_plus_q_dash_z, zzzprime, q_minus_q_dash); - fsquare_times(xx, in_q_x, 1); - fsquare_times(zz, in_q_z, 1); + fsquare(xx, in_q_x); + fsquare(zz, in_q_z); fmul(result_two_q_x, xx, zz); + fdifference_backwards(zz, xx); // does zz = xx - zz fscalar_product(zzz, zz, 121665); fsum(zzz, xx); + fmul(result_two_q_z, zz, zzz); } -// ----------------------------------------------------------------------------- -// Maybe swap the contents of two uint64_t arrays (@a and @b), each @len elements -// long. Perform the swap iff @swap is non-zero. -// -// This function performs the swap without leaking any side-channel -// information. -// ----------------------------------------------------------------------------- +/* +* Maybe swap the contents of two uint64_t arrays (@a and @b), +* Param @iswap is assumed to be either 0 or 1 +* +* This function performs the swap without leaking any side-channel +* information. +*/ void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t iswap) { const uint64_t swap = static_cast(-iswap); @@ -337,7 +341,7 @@ void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t iswap) /* Calculates nQ where Q is the x-coordinate of a point on the curve * -* resultx/resultz: the x coordinate of the resulting curve point (short form) +* resultx/resultz: the x/z coordinate of the resulting curve point (short form) * n: a little endian, 32-byte number * q: a point of the curve (short form) */ @@ -356,14 +360,14 @@ void cmult(uint64_t resultx[5], uint64_t resultz[5], const uint8_t n[32], const for(size_t i = 0; i < 32; ++i) { - const uint64_t bit0 = (n[31 - i] >> (7)) & 1; - const uint64_t bit1 = (n[31 - i] >> (6)) & 1; - const uint64_t bit2 = (n[31 - i] >> (5)) & 1; - const uint64_t bit3 = (n[31 - i] >> (4)) & 1; - const uint64_t bit4 = (n[31 - i] >> (3)) & 1; - const uint64_t bit5 = (n[31 - i] >> (2)) & 1; - const uint64_t bit6 = (n[31 - i] >> (1)) & 1; - const uint64_t bit7 = (n[31 - i] >> (0)) & 1; + const uint64_t bit0 = (n[31 - i] >> 7) & 1; + const uint64_t bit1 = (n[31 - i] >> 6) & 1; + const uint64_t bit2 = (n[31 - i] >> 5) & 1; + const uint64_t bit3 = (n[31 - i] >> 4) & 1; + const uint64_t bit4 = (n[31 - i] >> 3) & 1; + const uint64_t bit5 = (n[31 - i] >> 2) & 1; + const uint64_t bit6 = (n[31 - i] >> 1) & 1; + const uint64_t bit7 = (n[31 - i] >> 0) & 1; swap_conditional(c, a, bit0); swap_conditional(d, b, bit0); @@ -383,7 +387,6 @@ void cmult(uint64_t resultx[5], uint64_t resultz[5], const uint8_t n[32], const swap_conditional(c, a, bit3 ^ bit4); swap_conditional(d, b, bit3 ^ bit4); - fmonty(g, h, e, f, c, d, a, b, q); swap_conditional(g, e, bit4 ^ bit5); @@ -417,11 +420,11 @@ void crecip(uint64_t out[5], const uint64_t z[5]) uint64_t c[5]; uint64_t t0[5]; - /* 2 */ fsquare_times(a, z, 1); // a = 2 + /* 2 */ fsquare(a, z); // a = 2 /* 8 */ fsquare_times(t0, a, 2); /* 9 */ fmul(b, t0, z); // b = 9 /* 11 */ fmul(a, b, a); // a = 11 - /* 22 */ fsquare_times(t0, a, 1); + /* 22 */ fsquare(t0, a); /* 2^5 - 2^0 = 31 */ fmul(b, t0, b); /* 2^10 - 2^5 */ fsquare_times(t0, b, 5); /* 2^10 - 2^0 */ fmul(b, t0, b); From fc7198a7aac632e370e49cadcf61d64122a59d4f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 7 Jan 2018 10:42:44 -0500 Subject: [PATCH 0517/1008] Update expiration date of my PGP key [ci skip] --- doc/pgpkey.txt | 112 +++++++++++++++++++++++++------------------------ 1 file changed, 57 insertions(+), 55 deletions(-) diff --git a/doc/pgpkey.txt b/doc/pgpkey.txt index 6055961596..52448da472 100644 --- a/doc/pgpkey.txt +++ b/doc/pgpkey.txt @@ -52,63 +52,65 @@ uW9laI9VBgrtMTBbYrylBytXiF0Flzx+bd21krgL37NH2uU0EHPjSx571q/XGG2U 4iOEPvPu7vtV8Rpqd0xQyaHcpoHNklcfND1c/6uZG1Sx9atDScRYHinUZvtTRtN+ OY5vW+H7LJqT6CeMjh6Ev53V+0JCDZFQLaBdP/NanSQBUhPkyfyQSiqWOSuaMD6n Eu+BigmzwDlsauuReTJ65gdIGI9Egt7Ax/ooKpBvPkWeT+GORKTs+qGy6sbKXrTe -crFFN/HZPWAJ+c8AEQEAAbQhSmFjayBMbG95ZCA8amFjay5sbG95ZEBnbWFpbC5j -b20+iQG9BBMBCAAnAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJXT0JHBQkE -IBi0AAoJEHjpgENXEjtgqIQL/28NiIuK+yZNvfEDifjatDUnmgaCVoF2cy02Wa1z -pKg7l2ccQBKzAoqN3j4GkgL1gxi96dp+rwgL5bwpRpVIrNLs1gFyIYDGxf/XZlbG -m8ezOA62uz8ErIdAURK+LvCpIabth7++mnUwQioGRZCjNBp6Nx7QLM2cK8n+PqMh -oLl6UZ4p3PZM76ygxOdukTXD9ExDVoiQIFCy+eh0g3JnIP6s0oAsnAl407UCqbXf -ahXI0jnaioAfpBKcWV8TGG/KQ1Ln2v5Xt56SDdYKogt0xaY8u8RAELI9Gwkhhuf/ -t5kJmA/8J0qEUKUv7r8X/52PcZdjOGMnawT0mtWb13zqbAHGMhq+vW1HNwfprfes -lqfbiJ5iUC6bammgOaUao14T3wzzuk0jP2VK7owpfLTgycAkbAis5M4gmfZwbiU2 -+tZVU/h7E0THG7OQxbvMPeD5lcp2o4DlYqmpn07tGymiqUyqWdpHsCWS/EQYT+oN -uZQ8GeVGJq+A/WIUzDzGjQp+JrQgSmFjayBMbG95ZCA8bGxveWRAcmFuZG9tYml0 -Lm5ldD6JAb8EEwECACkCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCV09C -RwUJBCAYtAAKCRB46YBDVxI7YOsBC/9BIe/EUUZOQ41qWz7iEGRW0nDZTx7lU6DS -92DYLT78hee+mhMZezm6cLEQFz6+l8QmFoTVtfH34D+NpGXHBqegAqvG4c4e4JW4 -52gEdPu/Dn/Ax1pAmMFdNJBBd0CpDUVDQ0oKiwuZvkFpdaLOakYZgXHzVOP88+dU -cx6l3BDxGbh3iJ5q8+PegTcM5f9nl50RmBDaXNxQgTbHb1sM2kqLTSc3YeIxRdXk -klBaSehTCkR8b7cdRvPtRYyfzRzAY3/7pZ7rpJfx3+Sgf5/FVkogg+XPF+YRA9JY -/WB0iR9UOq37eYljvkdTMlpcWdsSc2Q+cH2e4ARKfG99jR+ZjJmagYYebvzO25KY -K+RE6ypUwrgERXY85F1XxtFbMwUQhTKQpjuFgLnC2BHCb6iYcTmslaBT9dLWgjrq -PoT1jOr+FhjGlsnXJnMoLHKBe7vyuvaJuIepMP29ngeA6jFHuBrGmG2RxXzf59BR -1IEO35aV9jua5060PvmJXvn3PIN+ikiJARwEEAEIAAYFAlYaUEwACgkQYhHr8e+6 -37zLeQf+OdP/xE2YyFUJL1+xEKHpvAeN+98Vn1C2sTmotNIaPwVBY9FLeA484IWd -FwnJfXx1gQyybxlytz4BZuC7Jzu60OEmk5IFRIqQoVywEXWCOUg/UEBWZm+ZcRzI -Fciqj9PcOfpt6s/aSZd5+Rcm5HUGALYCqek2s9nGO8a1Wnk4m9d1u/RAGlxFM2th -e1v5p597ItGhcOP3tjWVPPOuTe0E+/FI3ZxpotKGdfS6F/GB2bP7kma2iVO621Cs -9wsYmrZEamKpax7X7p9myaAG0YRdCTslFd/EOTLOllPhy58DTr7qyswBPEI0x8WE -DTE0G0IdQYNmLq4kuzeOaIlcUMULzbQfSmFjayBMbG95ZCA8amFja0ByYW5kb21i -aXQubmV0PokBvQQTAQgAJwUCWArD6QIbAwUJBCAYtAULCQgHAgYVCAkKCwIEFgID -AQIeAQIXgAAKCRB46YBDVxI7YKojC/97uxf0IS2/RWm5LonBa8ZrB6zbNjOhCpUg -d2QozNZKx/wmufT6SuLYxvKQtRcycm/eb8BPd6sJdMkfvytT1PeH7nTfRRRB6XAy -IIf6x0BGYPX2VmXuhJosyQO5G2Kyb6ma+8f3JjFdexEB0iTDyom6AJGino5u5uwo -j6aFOHzwE3rFNsGzebon0lbCliWL9vDtEmsJKFAtWkxtR08QG5RK4or0OXNkeOVX -MpXBnQRte8c7UrbYkRBuZ7s5NumXgf9fZC4YEgGBGnJPhEHoBZMysRkNkeEnGmbp -ao42gZkOvPD+ekdhPpcvlY4Gt7XJPcncbv9ygbzKnRLNTUo8fu+FC0uF8KT6/pVX -3ygTiq/+UQvo6+Wevdqzd/iLpJARt2toiiXUT3E0gnquKme+WXWG+SgmSvNzIfIw -Gqne4LrYpjk28sBQSXgVpQ3wCKJa0EzHvPsLjoVquPLHXr8VDKLKW9UUP6Kqvgzx -sjRTfYTHQMRLyWn3xHUoHv0Mq04jJZe5AY0EVRBdEwEMAN6NE/fR/Ours4jc6SaV -ocKSZ+/pGXVrxQ/ZFoba7kJq09DLQZ21vHYkq7wMrAta9D6gH5bLZ90xI6ScyR9f -YTWYDXdDHx8Sg7Mj3ZKhxjr1tQicRPT6BP4WLqBICdlUWV//OCRFk13G8feDO+ZT -8YP/dVUrj3n9/mwfOHm7Npb7PHX/LFuDyo/1EXZZyqw3/LlI+z+1uBKFYD2WqzLw -8Sm/U+ajzP6y04wUkf45VjLkFI2bPk6CVYNt2TvOEzIO3zBAN6DSLSFOTYn9UwR2 -vrpvoJsDjjSRjcjbZ/8uFCWfLhgTwMeQcH0jxHr47Qs2coApHBAIB57eS6Z/y4Vj -a3Y0ANpb51Fu7MDPXQXW4g89GMTIEKu2/KUN/onGIYh6Js9RYNf8SJ+waQ0NULXA -Mk1AAfknl2Apl9gKRDH6EvevQXPVI6ElOTZw4gqGz9xGqC+gbmh2UmS5n8B/nK2d -0AMN+1elZAapTFFdOMhMdDeBk+1GRQ/t/zsLTUPSSRVLFwARAQABiQGfBBgBAgAJ -BQJVEF0TAhsMAAoJEHjpgENXEjtg3rgMAIDJgnuEY7neuJMIzHyO59a8X+9ip9Xf -eDNwjaqJk0rIoqSdkIqjG8I6C4lbeL0pnGzliudvEmQij4hnSNfOUk58oGyRdyUe -K9eC2KeZ+Hs3sqMuAhlYIh+RR6ifo5kqxR/geo6iXKS8VqDQRiqoSSrLqhIU7kQi -FcQWc3wYaSOUXNpZzvlTlMYM4qP9Yrzu8dG1tKST3fmWi8l9/TmHIPtskgB0dzTd -kKe2kZpJFFquYtorWtCQwF+wmtA02NMHwrQzwh/RqNz9wUEwhQVBa/A8p0wdEskL -FQZXt3PnY8GHQVz59tArolw3kes0/VrtgCUFS7tvmn9xI6lJxveQiN6Ec2z5gbwK -BShkSvopi0g83YLeSNPrCIBmLSCOm1AjsXF3sQazEYqAGhB6qibCsuebxnprq8Qa -/j0wsq7n8ZO7a6cdcnhu4fF3YdWcaWlCUKzzWb8WXXoeCaOKxmD5IgsGiAxnPKvs -Bge1rMhlCoJJhJEmUlwxoP67Nt2mHbYh/Q== -=whx5 +crFFN/HZPWAJ+c8AEQEAAbQfSmFjayBMbG95ZCA8amFja0ByYW5kb21iaXQubmV0 +PokB1AQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBE5gxzVRryGI +3wpaYnjpgENXEjtgBQJaUj7bBQkJBEjIAAoJEHjpgENXEjtgguwMAJGWq2S7jGjG +qGllLTA1GterLBGP4zH3k8y3ch3PtXxFsyqUedx7RjvZst1FdgYGIk/aOvND64DW +KEjqsjLbhVh9+ANzzNeGEPvkBjXWO/6LuuhdF/Rj4puo8pJX3HCuHde6njYPmOry +XEptPpKblSGU7RVbhyaL4A0sukproRbdDHNuHPBiwTSiKWxOWN1NksSVwjXXPUH2 +P0OqtwVxwDtFt/p4f4KtXZ0XYztI3bV9XLtITcQVIZHur9Pj0HWCtBgGvqdwADGn +VE7BCUTKGYEFrpl1q/YKBhtqlEVNJ1mtF7zUbKhioVZIUhWu5x3hB1d3+2ezP9D8 +Gncjch9KxlNY8hCy1jpncvH4j0ocbmqbqsNfJsS7PrsDTdD2fKbuNVy76uuP6tBy +wvhqFpjrHWG9a0jReR9pC9QY5IaKOpt1w9YJaPhFRgSLmISobrfRWuF3nSahSq1X +z/4oMg/9s63HAoY+1aDB5zbzIB/qPhX/c7oG2ywptN+5/UgmxWJAKLQhSmFjayBM +bG95ZCA8amFjay5sbG95ZEBnbWFpbC5jb20+iQHUBBMBCAA+AhsDBQsJCAcCBhUI +CQoLAgQWAgMBAh4BAheAFiEETmDHNVGvIYjfClpieOmAQ1cSO2AFAlpSPuAFCQkE +SMgACgkQeOmAQ1cSO2CuMAv+L9/pk1Rt/N9Uh9BafxxZaqUtgnUHC40FPRjWX4Rl +26ezmrffBU7d+i9JYVrBRENBfj+lwPUNcXyPa2Ls2tr6IFyKoUf7eS6K0+6cMCWK +6Cjhb7/AiJnzbrIak8+pme40SImPeHaFtZLWNPgksS24ieAbz8gtTGvmi84VCl72 +Ki8nbnwcHc89ADYPwJPKS+m37tKj8sn7rOcxFqL83fT8FOBYuNF07NA7O40e/gwW +jIz+3rjr8vydlR+ptITxBjhP7196WaWUS9aX6jKhLzRVuiKsrkGIN4Q674CjYqqK +CmfPzUQCCasAR4YXi6DI2FKvEOILv6AcrKMKSXi+gLcu9sOMGr9dSfiAlp4Jgr6r +XM3PxYUVLJ7fSLX1Rc2C8Zftja3OWS7iwGGwk2s2pp/WIlZ7FJMcgt2Za66WT4S+ +IiZK6t/TnREZCxdZkheA/KGpu3rGnbHOW2X+3X2K0+8z5LuqAg+MnBUTu5RfASOT +SgsU+jvVTy17aEJ8ja4qt3FMtCBKYWNrIExsb3lkIDxsbG95ZEByYW5kb21iaXQu +bmV0PokB1gQTAQIAQAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAFiEETmDH +NVGvIYjfClpieOmAQ1cSO2AFAlpSPuAFCQkESMgACgkQeOmAQ1cSO2D9HQv/dVeN +Z38zaaHJFZUS2D0FQa6yHuIcQAbH4V3+7OxGyrt5M4hTYa31zQ8lwGcqBS4gP89x +PDF77ZhiyxE8cBQ4djJrGJKzaSzeJ8x/163PYl5dB8dAsr1VfEEQFhePOGY2DiIr +heEH5CWwvI5t9rxlRb1oPBhogXqAcWTGCQiDviHE+gI6tC5VeewoTwafNbut7j+i ++XdkDDt05MXjySX1cxRG8MXpghrqWhX6miNKfhjiXrxWd4+Z7cEBHoo9n3lmHe0X +PLfdj1Jt12C4iqkyieNwpx88cWqbmfinm3zFwPBvDZq1BGW89pq7jyBqpbtIIB4a +fsD35pRaR+Bm1QLMAlNaYb+BgMLp0AN7WlcfyFeFYm5/I1SIZSno/V5SbWDSEG7n +XmWiIeeI34a7P76icxxVstk7NSKlu3V9losD4wPrpzAK9Yr+LfWkCMa9km2q0nKy +CuRKX2GW5+rwjm2TjcOFrGtUlq22ByBzB88oOSfyk8nfNQNGO6y4mGfvOdw2iQEc +BBABCAAGBQJWGlBMAAoJEGIR6/Hvut+8y3kH/jnT/8RNmMhVCS9fsRCh6bwHjfvf +FZ9QtrE5qLTSGj8FQWPRS3gOPOCFnRcJyX18dYEMsm8Zcrc+AWbguyc7utDhJpOS +BUSKkKFcsBF1gjlIP1BAVmZvmXEcyBXIqo/T3Dn6berP2kmXefkXJuR1BgC2Aqnp +NrPZxjvGtVp5OJvXdbv0QBpcRTNrYXtb+aefeyLRoXDj97Y1lTzzrk3tBPvxSN2c +aaLShnX0uhfxgdmz+5JmtolTuttQrPcLGJq2RGpiqWse1+6fZsmgBtGEXQk7JRXf +xDkyzpZT4cufA06+6srMATxCNMfFhA0xNBtCHUGDZi6uJLs3jmiJXFDFC825AY0E +VRBdEwEMAN6NE/fR/Ours4jc6SaVocKSZ+/pGXVrxQ/ZFoba7kJq09DLQZ21vHYk +q7wMrAta9D6gH5bLZ90xI6ScyR9fYTWYDXdDHx8Sg7Mj3ZKhxjr1tQicRPT6BP4W +LqBICdlUWV//OCRFk13G8feDO+ZT8YP/dVUrj3n9/mwfOHm7Npb7PHX/LFuDyo/1 +EXZZyqw3/LlI+z+1uBKFYD2WqzLw8Sm/U+ajzP6y04wUkf45VjLkFI2bPk6CVYNt +2TvOEzIO3zBAN6DSLSFOTYn9UwR2vrpvoJsDjjSRjcjbZ/8uFCWfLhgTwMeQcH0j +xHr47Qs2coApHBAIB57eS6Z/y4Vja3Y0ANpb51Fu7MDPXQXW4g89GMTIEKu2/KUN +/onGIYh6Js9RYNf8SJ+waQ0NULXAMk1AAfknl2Apl9gKRDH6EvevQXPVI6ElOTZw +4gqGz9xGqC+gbmh2UmS5n8B/nK2d0AMN+1elZAapTFFdOMhMdDeBk+1GRQ/t/zsL +TUPSSRVLFwARAQABiQGfBBgBAgAJBQJVEF0TAhsMAAoJEHjpgENXEjtg3rgMAIDJ +gnuEY7neuJMIzHyO59a8X+9ip9XfeDNwjaqJk0rIoqSdkIqjG8I6C4lbeL0pnGzl +iudvEmQij4hnSNfOUk58oGyRdyUeK9eC2KeZ+Hs3sqMuAhlYIh+RR6ifo5kqxR/g +eo6iXKS8VqDQRiqoSSrLqhIU7kQiFcQWc3wYaSOUXNpZzvlTlMYM4qP9Yrzu8dG1 +tKST3fmWi8l9/TmHIPtskgB0dzTdkKe2kZpJFFquYtorWtCQwF+wmtA02NMHwrQz +wh/RqNz9wUEwhQVBa/A8p0wdEskLFQZXt3PnY8GHQVz59tArolw3kes0/VrtgCUF +S7tvmn9xI6lJxveQiN6Ec2z5gbwKBShkSvopi0g83YLeSNPrCIBmLSCOm1AjsXF3 +sQazEYqAGhB6qibCsuebxnprq8Qa/j0wsq7n8ZO7a6cdcnhu4fF3YdWcaWlCUKzz +Wb8WXXoeCaOKxmD5IgsGiAxnPKvsBge1rMhlCoJJhJEmUlwxoP67Nt2mHbYh/Q== +=+t+P -----END PGP PUBLIC KEY BLOCK----- + This key is used for signing git commits: pub rsa2048/AB50F90D 2016-03-03 [SC] [expires: 2020-03-02] From f2a4d1ecc145406c227c3907b294f9e66e84e3ea Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 7 Jan 2018 10:54:53 -0500 Subject: [PATCH 0518/1008] Fix for systems needing 128-bit helper type --- src/lib/utils/donna128.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/utils/donna128.h b/src/lib/utils/donna128.h index feaf11d057..90ced395d2 100644 --- a/src/lib/utils/donna128.h +++ b/src/lib/utils/donna128.h @@ -89,6 +89,11 @@ inline donna128 operator*(const donna128& x, uint64_t y) return donna128(lo, hi); } +inline donna128 operator*(uint64_t y, const donna128& x) + { + return x * y; + } + inline donna128 operator+(const donna128& x, const donna128& y) { donna128 z = x; From 198775271eccdf8e197d2dce4cf9a3d99a6f9bbe Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 7 Jan 2018 15:55:20 -0500 Subject: [PATCH 0519/1008] Add support for detecting POWER crypto using getauxval See #1206 --- src/lib/utils/cpuid/cpuid.cpp | 1 + src/lib/utils/cpuid/cpuid.h | 10 +++++++++- src/lib/utils/cpuid/cpuid_ppc.cpp | 24 ++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/src/lib/utils/cpuid/cpuid.cpp b/src/lib/utils/cpuid/cpuid.cpp index d4e15c16b9..1638ab6c5f 100644 --- a/src/lib/utils/cpuid/cpuid.cpp +++ b/src/lib/utils/cpuid/cpuid.cpp @@ -58,6 +58,7 @@ std::string CPUID::to_string() #if defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY) CPUID_PRINT(altivec); + CPUID_PRINT(ppc_crypto); #endif #if defined(BOTAN_TARGET_CPU_IS_ARM_FAMILY) diff --git a/src/lib/utils/cpuid/cpuid.h b/src/lib/utils/cpuid/cpuid.h index f9186f9182..f37063a998 100644 --- a/src/lib/utils/cpuid/cpuid.h +++ b/src/lib/utils/cpuid/cpuid.h @@ -108,7 +108,8 @@ class BOTAN_PUBLIC_API(2,1) CPUID final #endif #if defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY) - CPUID_ALTIVEC_BIT = (1ULL << 0), + CPUID_ALTIVEC_BIT = (1ULL << 0), + CPUID_PPC_CRYPTO_BIT = (1ULL << 1), #endif #if defined(BOTAN_TARGET_CPU_IS_ARM_FAMILY) @@ -128,6 +129,13 @@ class BOTAN_PUBLIC_API(2,1) CPUID final */ static bool has_altivec() { return has_cpuid_bit(CPUID_ALTIVEC_BIT); } + + /** + * Check if the processor supports POWER8 crypto extensions + */ + static bool has_ppc_crypto() + { return has_cpuid_bit(CPUID_PPC_CRYPTO_BIT); } + #endif #if defined(BOTAN_TARGET_CPU_IS_ARM_FAMILY) diff --git a/src/lib/utils/cpuid/cpuid_ppc.cpp b/src/lib/utils/cpuid/cpuid_ppc.cpp index 750cf3a478..d73912b86a 100644 --- a/src/lib/utils/cpuid/cpuid_ppc.cpp +++ b/src/lib/utils/cpuid/cpuid_ppc.cpp @@ -19,6 +19,8 @@ #include #include #include +#elif defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) + #include #endif #endif @@ -51,6 +53,28 @@ uint64_t CPUID::detect_cpu_features(size_t* cache_line_size) if(error == 0 && vector_type > 0) return CPUID::CPUID_ALTIVEC_BIT; +#elif defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) && defined(BOTAN_TARGET_ARCH_IS_PPC64) + + enum PPC_hwcap_bit { + ALTIVEC_bit = (1 << 28), + CRYPTO_bit = (1 << 25), + + ARCH_hwcap_altivec = 16, // AT_HWCAP + ARCH_hwcap_crypto = 26, // AT_HWCAP2 + }; + + uint64_t detected_features = 0; + + const unsigned long hwcap_altivec = ::getauxval(PPC_hwcap_bit::ARCH_hwcap_altivec); + if(hwcap_altivec & PPC_hwcap_bit::ALTIVEC_bit) + detected_features |= CPUID::CPUID_ALTIVEC_BIT; + + const unsigned long hwcap_crypto = ::getauxval(PPC_hwcap_bit::ARCH_hwcap_crypto); + if(hwcap_crypto & PPC_hwcap_bit::CRYPTO_bit) + detected_features |= CPUID::CPUID_PPC_CRYPTO_BIT; + + return detected_features; + #else /* From c2f5db4c97440db66164295e8a6a76cf6887779b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 8 Jan 2018 10:26:16 -0500 Subject: [PATCH 0520/1008] Fix bug when release date is set --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index c88bb8157e..de15d7e724 100755 --- a/configure.py +++ b/configure.py @@ -2952,7 +2952,7 @@ def link_headers(headers, visibility, directory): Version.as_string(), Version.vc_rev(), Version.release_type(), - ('dated ' + Version.datestamp()) if Version.datestamp() != 0 else 'undated')) + ('dated %d' % (Version.datestamp())) if Version.datestamp() != 0 else 'undated')) if options.unsafe_fuzzer_mode: logging.warning("The fuzzer mode flag is labeled unsafe for a reason, this version is for testing only") From 1e93b85fb5a4d628b80a9812b38b842b5c8b4363 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 8 Jan 2018 10:28:25 -0500 Subject: [PATCH 0521/1008] Update for 2.4.0 release --- news.rst | 2 +- readme.rst | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/news.rst b/news.rst index 95b16f9321..c69d8ad469 100644 --- a/news.rst +++ b/news.rst @@ -1,7 +1,7 @@ Release Notes ======================================== -Version 2.4.0, Not Yet Released +Version 2.4.0, 2018-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Several build improvements requested by downstream packagers, including the diff --git a/readme.rst b/readme.rst index cb8b0423d6..37de3f7f32 100644 --- a/readme.rst +++ b/readme.rst @@ -104,9 +104,9 @@ Version 2 requires a C++11 compiler; GCC 4.8 and later, Clang 3.5 and later, and MSVC 2015/2017 are regularly tested. The latest 2.x release is -`2.3.0 `_ -`(sig) `_ -released on 2017-10-02 +`2.4.0 `_ +`(sig) `_ +released on 2018-01-08 Old Release ---------------------------------------- From da70e06c13c57245d4e79122e2ccefe08ccfa20d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 8 Jan 2018 10:58:01 -0500 Subject: [PATCH 0522/1008] Some more notes on release process While fresh in my mind. --- doc/release_process.rst | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/release_process.rst b/doc/release_process.rst index 73565a02ee..d584b09c00 100644 --- a/doc/release_process.rst +++ b/doc/release_process.rst @@ -32,9 +32,12 @@ complete and that the version number in ``version.txt`` is correct. Update the release date in the release notes and change the entry for the appropriate branch in ``readme.rst`` to point to the new release. -Check in these changes (alone, with no other modifications) with a -checkin message along the lines of "Update for X.Y.Z release", then -tag the release with the version in git (eg tag '2.6.13', no prefix). +Now check in, and backport changes to the release branch:: + + $ git commit readme.rst news.rst -m "Update for 2.6.13 release" + $ git checkout release-2 + $ git merge master + $ git tag 2.6.13 Build The Release Tarballs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -42,11 +45,13 @@ Build The Release Tarballs The release script is ``src/scripts/dist.py`` and must be run from a git workspace. - $ src/scripts/dist.py 2.6.13 + $ src/scripts/dist.py 2.6.13 One useful option is ``--output-dir``, which specifies where the output will be placed. +Now do a final build/test of the released tarball. + The ``--pgp-key-id`` option is used to specify a PGP keyid. If set, the script assumes that it can execute GnuPG and will attempt to create signatures for the tarballs. The default value is ``EFBADFBC``, From 513d19781a558fbd1ff03c7152f61b5e7f294297 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 7 Jan 2018 11:56:58 -0500 Subject: [PATCH 0523/1008] Remove CPU specific optimization flags These are best left to the user to set via CXXFLAGS or --cc-abi-flags Add override if arch ends in in {eb, el, be, le} to set the endian. Avoids an extra file for ppc64le. --- configure.py | 121 +++++++++----------------------- src/build-data/arch/alpha.txt | 22 ------ src/build-data/arch/arm32.txt | 33 +-------- src/build-data/arch/arm64.txt | 6 +- src/build-data/arch/hppa.txt | 6 -- src/build-data/arch/ia64.txt | 10 --- src/build-data/arch/m68k.txt | 7 -- src/build-data/arch/mips32.txt | 18 +---- src/build-data/arch/mips64.txt | 19 ----- src/build-data/arch/ppc32.txt | 17 ----- src/build-data/arch/ppc64.txt | 20 +----- src/build-data/arch/ppc64le.txt | 22 ------ src/build-data/arch/s390.txt | 4 -- src/build-data/arch/s390x.txt | 4 -- src/build-data/arch/sparc32.txt | 24 ------- src/build-data/arch/sparc64.txt | 12 ---- src/build-data/arch/superh.txt | 5 -- src/build-data/arch/x86_32.txt | 49 +------------ src/build-data/arch/x86_64.txt | 28 -------- src/build-data/buildh.in | 2 +- src/build-data/cc/clang.txt | 12 +--- src/build-data/cc/ekopath.txt | 11 --- src/build-data/cc/gcc.txt | 50 ++----------- src/build-data/cc/icc.txt | 11 --- src/build-data/cc/pgi.txt | 8 --- src/build-data/cc/sunstudio.txt | 24 ------- src/build-data/cc/xlc.txt | 5 -- src/scripts/ci_build.py | 4 +- 28 files changed, 54 insertions(+), 500 deletions(-) delete mode 100644 src/build-data/arch/ppc64le.txt diff --git a/configure.py b/configure.py index de15d7e724..41bfb6d51b 100755 --- a/configure.py +++ b/configure.py @@ -294,7 +294,7 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group = optparse.OptionGroup(parser, 'Target options') - target_group.add_option('--cpu', help='set the target CPU type/model') + target_group.add_option('--cpu', help='set the target CPU architecture') target_group.add_option('--os', help='set the target operating system') @@ -961,8 +961,8 @@ def __init__(self, infofile): super(ArchInfo, self).__init__(infofile) lex = lex_me_harder( infofile, - ['aliases', 'submodels', 'isa_extensions'], - ['submodel_aliases'], + ['aliases', 'isa_extensions'], + [], { 'endian': None, 'family': None, @@ -973,8 +973,6 @@ def __init__(self, infofile): self.endian = lex.endian self.family = lex.family self.isa_extensions = lex.isa_extensions - self.submodels = lex.submodels - self.submodel_aliases = lex.submodel_aliases self.wordsize = int(lex.wordsize) alphanumeric = re.compile('^[a-z0-9]+$') @@ -982,16 +980,6 @@ def __init__(self, infofile): if alphanumeric.match(isa) is None: logging.error('Invalid name for ISA extension "%s"', isa) - def all_submodels(self): - """ - Return a list of all submodels for this arch, ordered longest - to shortest - """ - - return sorted([(k, k) for k in self.submodels] + - [k for k in self.submodel_aliases.items()], - key=lambda k: len(k[0]), reverse=True) - def supported_isa_extensions(self, cc, options): isas = [] @@ -1003,16 +991,13 @@ def supported_isa_extensions(self, cc, options): return sorted(isas) -MachOptFlags = collections.namedtuple('MachOptFlags', ['flags', 'submodel_prefix']) - - class CompilerInfo(InfoObject): # pylint: disable=too-many-instance-attributes def __init__(self, infofile): super(CompilerInfo, self).__init__(infofile) lex = lex_me_harder( infofile, - ['mach_opt'], - ['so_link_commands', 'binary_link_commands', 'mach_abi_linking', 'isa_flags'], + [], + ['cpu_flags', 'so_link_commands', 'binary_link_commands', 'mach_abi_linking', 'isa_flags'], { 'binary_name': None, 'linker_name': None, @@ -1051,6 +1036,7 @@ def __init__(self, infofile): self.ar_output_to = lex.ar_output_to self.binary_link_commands = lex.binary_link_commands self.binary_name = lex.binary_name + self.cpu_flags = lex.cpu_flags self.compile_flags = lex.compile_flags self.coverage_flags = lex.coverage_flags self.debug_info_flags = lex.debug_info_flags @@ -1073,11 +1059,6 @@ def __init__(self, infofile): self.visibility_build_flags = lex.visibility_build_flags self.warning_flags = lex.warning_flags - self.mach_opt_flags = {} - for key, value in parse_lex_dict(lex.mach_opt).items(): - parts = value.split("|") - self.mach_opt_flags[key] = MachOptFlags(parts[0], parts[1] if len(parts) == 2 else '') - def isa_flags_for(self, isa, arch): if isa in self.isa_flags: return self.isa_flags[isa] @@ -1147,7 +1128,6 @@ def mach_abi_groups(): yield all_except yield options.os - yield options.arch yield options.cpu abi_link = list() @@ -1212,20 +1192,8 @@ def gen_flags(with_debug_info, enable_optimizations): else: yield self.optimization_flags - def submodel_fixup(full_cpu, mach_opt_flags_tupel): - submodel_replacement = full_cpu.replace(mach_opt_flags_tupel.submodel_prefix, '') - return mach_opt_flags_tupel.flags.replace('SUBMODEL', submodel_replacement) - - if options.cpu != options.arch: - if options.cpu in self.mach_opt_flags: - yield submodel_fixup(options.cpu, self.mach_opt_flags[options.cpu]) - elif options.arch in self.mach_opt_flags: - yield submodel_fixup(options.cpu, self.mach_opt_flags[options.arch]) - - all_arch = 'all_%s' % (options.arch) - - if all_arch in self.mach_opt_flags: - yield self.mach_opt_flags[all_arch][0] + if options.arch in self.cpu_flags: + yield self.cpu_flags[options.arch] return (' '.join(gen_flags(with_debug_info, enable_optimizations))).strip() @@ -1373,21 +1341,7 @@ def canon_processor(archinfo, proc): # First, try to search for an exact match for ainfo in archinfo.values(): if ainfo.basename == proc or proc in ainfo.aliases: - return (ainfo.basename, ainfo.basename) - - for (match, submodel) in ainfo.all_submodels(): - if proc == submodel or proc == match: - return (ainfo.basename, submodel) - - logging.debug('Could not find an exact match for CPU "%s"' % (proc)) - - # Now, try searching via regex match - for ainfo in archinfo.values(): - for (match, submodel) in ainfo.all_submodels(): - if re.search(match, proc) != None: - logging.debug('Possible match "%s" with "%s" (%s)' % ( - proc, match, submodel)) - return (ainfo.basename, submodel) + return ainfo.basename return None @@ -1401,21 +1355,8 @@ def system_cpu_info(): if platform.processor() != '': cpu_info.append(platform.processor()) - try: - with open('/proc/cpuinfo') as f: - for line in f.readlines(): - colon = line.find(':') - if colon > 1: - key = line[0:colon].strip() - val = ' '.join([s.strip() for s in line[colon+1:].split(' ') if s != '']) - - # Different Linux arch use different names for this field in cpuinfo - if key in ["model name", "cpu model", "Processor"]: - logging.info('Detected CPU model "%s" in /proc/cpuinfo' % (val)) - cpu_info.append(val) - break - except IOError: - pass + if 'uname' in os.__dict__: + cpu_info.append(os.uname()[4]) return cpu_info @@ -1764,6 +1705,17 @@ def ar_command(): return osinfo.ar_command + def choose_endian(arch_info, options): + if options.with_endian != None: + return options.with_endian + + if options.cpu.endswith('eb') or options.cpu.endswith('be'): + return 'big' + elif options.cpu.endswith('el') or options.cpu.endswith('le'): + return 'little' + + return arch_info.endian + build_dir = options.with_build_dir or os.path.curdir program_suffix = options.program_suffix or osinfo.program_suffix @@ -1842,8 +1794,7 @@ def ar_command(): 'os': options.os, 'arch': options.arch, 'cpu_family': arch.family, - 'submodel': options.cpu, - 'endian': options.with_endian or arch.endian, + 'endian': choose_endian(arch, options), 'cpu_is_64bit': arch.wordsize == 64, 'bakefile_arch': 'x86' if options.arch == 'x86_32' else 'x86_64', @@ -2676,9 +2627,8 @@ def deduce_compiler_type_from_cc_bin(cc_bin): logging.info('Guessing to use compiler %s (use --cc to set)' % (options.compiler)) if options.cpu is None: - (options.arch, options.cpu) = guess_processor(info_arch) - logging.info('Guessing target processor is a %s/%s (use --cpu to set)' % ( - options.arch, options.cpu)) + options.cpu = options.arch = guess_processor(info_arch) + logging.info('Guessing target processor is a %s (use --cpu to set)' % (options.arch)) if options.with_documentation is True: if options.with_sphinx is None and have_program('sphinx-build'): @@ -2701,15 +2651,13 @@ def find_canonical_os_name(os_name_variant): options.os = find_canonical_os_name(options.os) # canonical ARCH/CPU - cpu_from_user = options.cpu - results = canon_processor(info_arch, options.cpu) - if results != None: - (options.arch, options.cpu) = results - logging.info('Canonicalized CPU target %s to %s/%s' % ( - cpu_from_user, options.arch, options.cpu)) - else: + options.arch = canon_processor(info_arch, options.cpu) + if options.arch is None: raise UserError('Unknown or unidentifiable processor "%s"' % (options.cpu)) + if options.cpu != options.arch: + logging.info('Canonicalized CPU target %s to %s', options.cpu, options.arch) + shared_libs_supported = options.os in info_os and info_os[options.os].building_shared_supported() if not shared_libs_supported: @@ -2992,10 +2940,7 @@ def main(argv): policy.cross_check(info_modules) logging.debug('Known CPU names: ' + ' '.join( - sorted(flatten([[ainfo.basename] + \ - ainfo.aliases + \ - [x for (x, _) in ainfo.all_submodels()] - for ainfo in info_arch.values()])))) + sorted(flatten([[ainfo.basename] + ainfo.aliases for ainfo in info_arch.values()])))) set_defaults_for_unset_options(options, info_arch, info_cc) canonicalize_options(options, info_os, info_arch) @@ -3007,8 +2952,8 @@ def main(argv): module_policy = info_module_policies[options.module_policy] if options.module_policy else None cc_min_version = options.cc_min_version or calculate_cc_min_version(options, cc, source_paths) - logging.info('Target is %s:%s-%s-%s-%s' % ( - options.compiler, cc_min_version, options.os, options.arch, options.cpu)) + logging.info('Target is %s:%s-%s-%s' % ( + options.compiler, cc_min_version, options.os, options.arch)) main_action_configure_build(info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy) diff --git a/src/build-data/arch/alpha.txt b/src/build-data/arch/alpha.txt index 233691b9ea..c251cbee9c 100644 --- a/src/build-data/arch/alpha.txt +++ b/src/build-data/arch/alpha.txt @@ -5,25 +5,3 @@ wordsize 64 axp alphaaxp - - -alpha-ev4 -alpha-ev5 -alpha-ev56 -alpha-pca56 -alpha-ev6 -alpha-ev67 -alpha-ev68 -alpha-ev7 - - - -alphaev4 -> alpha-ev4 -alphaev5 -> alpha-ev5 -alphaev56 -> alpha-ev56 -alphapca56 -> alpha-pca56 -alphaev6 -> alpha-ev6 -alphaev67 -> alpha-ev67 -alphaev68 -> alpha-ev68 -alphaev7 -> alpha-ev7 - diff --git a/src/build-data/arch/arm32.txt b/src/build-data/arch/arm32.txt index e8657473d0..d8a0780ece 100644 --- a/src/build-data/arch/arm32.txt +++ b/src/build-data/arch/arm32.txt @@ -3,41 +3,14 @@ family arm arm +armeb armel # For Debian armhf # For Debian evbarm # For NetBSD - - -armv2 -armv2a -armv3 -armv3m -armv4 -armv5 -armv5e -armv5te -armv6 -armv6j -armv6t2 -armv6z -armv6zk -armv6-m armv7 -armv7-a -armv7-r -armv7-m -iwmmxt -iwmmxt2 -ep9312 - - - -strongarm -> armv4 -xscale -> armv5te -cortex-a8 -> armv7-a -cortex-a9 -> armv7-a - +armv7l + neon diff --git a/src/build-data/arch/arm64.txt b/src/build-data/arch/arm64.txt index f556c864ef..1685681bf0 100644 --- a/src/build-data/arch/arm64.txt +++ b/src/build-data/arch/arm64.txt @@ -5,11 +5,9 @@ family arm aarch64 - - - +armv8 armv8-a - + neon diff --git a/src/build-data/arch/hppa.txt b/src/build-data/arch/hppa.txt index 0f7d90c68c..0144cf4ebc 100644 --- a/src/build-data/arch/hppa.txt +++ b/src/build-data/arch/hppa.txt @@ -5,9 +5,3 @@ pa-risc hp-parisc hp-pa-risc - - -hppa1.0 -hppa1.1 -hppa2.0 - diff --git a/src/build-data/arch/ia64.txt b/src/build-data/arch/ia64.txt index 46b40eff84..8a448ff881 100644 --- a/src/build-data/arch/ia64.txt +++ b/src/build-data/arch/ia64.txt @@ -4,13 +4,3 @@ wordsize 64 itanium itanic - - -merced -mckinley -montvale - - - -itanium2 -> mckinley - diff --git a/src/build-data/arch/m68k.txt b/src/build-data/arch/m68k.txt index 26dac5331b..f171f4534f 100644 --- a/src/build-data/arch/m68k.txt +++ b/src/build-data/arch/m68k.txt @@ -4,10 +4,3 @@ endian big 680x0 68k - - -68020 -68030 -68040 -68060 - diff --git a/src/build-data/arch/mips32.txt b/src/build-data/arch/mips32.txt index b69abdacb0..d9849e8484 100644 --- a/src/build-data/arch/mips32.txt +++ b/src/build-data/arch/mips32.txt @@ -1,18 +1,6 @@ mips -mipsel # For Debian +mipsbe # RedHat +mipsle # RedHat +mipsel # Debian - - -r3000 -r6000 - - - -r3k -> r3000 -r6k -> r6000 - -# These are for RPM -mipsbe -> r3000 -mipsle -> r3000 - diff --git a/src/build-data/arch/mips64.txt b/src/build-data/arch/mips64.txt index 9a56a0334d..6d67128ede 100644 --- a/src/build-data/arch/mips64.txt +++ b/src/build-data/arch/mips64.txt @@ -3,22 +3,3 @@ wordsize 64 mips64el - - -r4000 -r4100 -r4300 -r4400 -r4600 -r4560 -r5000 -r8000 -r10000 - - - -r4k -> r4000 -r5k -> r5000 -r8k -> r8000 -r10k -> r10000 - diff --git a/src/build-data/arch/ppc32.txt b/src/build-data/arch/ppc32.txt index 7d0ce5e240..da8b7654ad 100644 --- a/src/build-data/arch/ppc32.txt +++ b/src/build-data/arch/ppc32.txt @@ -7,23 +7,6 @@ powerpc ppc - -ppc601 -ppc603 -ppc604 -ppc740 -ppc750 -ppc7400 -ppc7450 -e500v2 - - - -g3 -> ppc740 -g4 -> ppc7450 -powerpcspe -> e500v2 # for Debian - - altivec diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64.txt index dac8379f01..f973344617 100644 --- a/src/build-data/arch/ppc64.txt +++ b/src/build-data/arch/ppc64.txt @@ -5,27 +5,9 @@ wordsize 64 powerpc64 +ppc64le - -g5 -> ppc970 - - - -ppc970 -power3 -power4 -power5 -power6 -power7 -power8 -cellppu - - - -cellbroadbandengine -> cellppu - - altivec diff --git a/src/build-data/arch/ppc64le.txt b/src/build-data/arch/ppc64le.txt deleted file mode 100644 index 533a4b0e81..0000000000 --- a/src/build-data/arch/ppc64le.txt +++ /dev/null @@ -1,22 +0,0 @@ -endian little - -family ppc -wordsize 64 - - -powerpc64 - - - - - - -power8 - - - - - - -altivec - diff --git a/src/build-data/arch/s390.txt b/src/build-data/arch/s390.txt index a5c35637f6..64a1abdd37 100644 --- a/src/build-data/arch/s390.txt +++ b/src/build-data/arch/s390.txt @@ -1,5 +1 @@ endian big - - -s390 - diff --git a/src/build-data/arch/s390x.txt b/src/build-data/arch/s390x.txt index 6ed2ec079b..eb6a87d69b 100644 --- a/src/build-data/arch/s390x.txt +++ b/src/build-data/arch/s390x.txt @@ -1,6 +1,2 @@ endian big wordsize 64 - - -s390x - diff --git a/src/build-data/arch/sparc32.txt b/src/build-data/arch/sparc32.txt index 69f3479aa3..0680fdfc3d 100644 --- a/src/build-data/arch/sparc32.txt +++ b/src/build-data/arch/sparc32.txt @@ -5,27 +5,3 @@ family sparc sparc - - -sparc32-v7 -sparc32-v8 -sparc32-v9 - - - -cypress -> sparc32-v7 -supersparc -> sparc32-v8 -hypersparc -> sparc32-v8 -microsparc -> sparc32-v8 -sparclite -> sparc32-v8 - -sparcv7 -> sparc32-v7 -sparcv8 -> sparc32-v8 -sparcv9 -> sparc32-v9 - -sparc-v7 -> sparc32-v7 -sparc-v8 -> sparc32-v8 -sparc-v9 -> sparc32-v9 - -sun4u -> sparc32-v9 - diff --git a/src/build-data/arch/sparc64.txt b/src/build-data/arch/sparc64.txt index 36fc4fccf2..56130f26cf 100644 --- a/src/build-data/arch/sparc64.txt +++ b/src/build-data/arch/sparc64.txt @@ -1,14 +1,2 @@ family sparc wordsize 64 - - -ultrasparc -ultrasparc3 -niagra -niagra2 - - - -# Functionally the same for optimization purposes -ultrasparc2 -> ultrasparc - diff --git a/src/build-data/arch/superh.txt b/src/build-data/arch/superh.txt index c7dc098618..e69de29bb2 100644 --- a/src/build-data/arch/superh.txt +++ b/src/build-data/arch/superh.txt @@ -1,5 +0,0 @@ - -sh2 -sh3 -sh4 - diff --git a/src/build-data/arch/x86_32.txt b/src/build-data/arch/x86_32.txt index 0aa9b6683b..6cbc5d0b33 100644 --- a/src/build-data/arch/x86_32.txt +++ b/src/build-data/arch/x86_32.txt @@ -10,55 +10,10 @@ ix86 i86pc # for Solaris x86pc # for QNX bepc # for Haiku - - -i386 -i486 -i586 i686 -pentium2 -pentium3 -pentium4 -pentium-m -prescott -k6 -athlon -atom32 - - - -pentium -> i586 -pentiumpro -> i686 -pentium_pro -> i686 -pentium2 -> pentium2 -pentiumii -> pentium2 -pentium3 -> pentium3 -pentiumiii -> pentium3 - -x86family5 -> i586 -x86family6 -> i686 - -pentiumm -> pentium-m -intelpentiumm -> pentium-m - -intelpentium4 -> pentium4 - -duron -> athlon -athlon-xp -> athlon -k7 -> athlon - -p2 -> i686 -p3 -> i686 -p4 -> pentium4 - -intelcput2250 -> prescott -intelcput2300 -> prescott -intelcput2400 -> prescott -intelcput2500 -> prescott -intelcput2600 -> prescott -intelcput2700 -> prescott - +i386 + aesni diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt index 1757e4f424..729363e6fa 100644 --- a/src/build-data/arch/x86_64.txt +++ b/src/build-data/arch/x86_64.txt @@ -11,34 +11,6 @@ x64 x86_amd64 - -k8 -barcelona -atom -nocona -core2 # conroe -nehalem -westmere -sandybridge -ivybridge -haswell -broadwell -skylake -znver1 - - - -core2duo -> core2 -intelcore2 -> core2 -intelcore2duo -> core2 - -sledgehammer -> k8 -opteron -> k8 -amdopteron -> k8 -athlon64 -> k8 -zen -> znver1 - - aesni avx2 diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index d4972af153..10b03ca70a 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -7,7 +7,7 @@ * * Target * - Compiler: %{cxx} %{cxx_abi_flags} %{cc_lang_flags} %{cc_compile_flags} -* - Arch: %{submodel}/%{arch} +* - Arch: %{arch} * - OS: %{os} */ diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index c4bfe1961e..2e02cb7b54 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -51,15 +51,9 @@ arm32:neon -> "-mfpu=neon" arm64:neon -> "" - -all_llvm -> "-emit-llvm -fno-use-cxa-atexit" - -x86_32 -> "-march=SUBMODEL" -x86_64 -> "-march=SUBMODEL" -nehalem -> "-march=corei7" -sandybridge -> "-march=corei7-avx" -ivybridge -> "-march=core-avx-i" - + +llvm -> "-emit-llvm -fno-use-cxa-atexit" + all!haiku -> "-pthread" diff --git a/src/build-data/cc/ekopath.txt b/src/build-data/cc/ekopath.txt index dedbaaf615..490396ac43 100644 --- a/src/build-data/cc/ekopath.txt +++ b/src/build-data/cc/ekopath.txt @@ -15,14 +15,3 @@ shared_flags "-fPIC" default -> "$(CXX) -shared -fPIC -Wl,-soname,{soname_abi}" - - -athlon -> "-mcpu=athlon" -pentium4 -> "-mcpu=pentium4" - -k8 -> "-mcpu=opteron" -core2 -> "-mcpu=core" - -x86_32 -> "-mcpu=anyx86" -x86_64 -> "-mcpu=athlon64" - diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 553e71295f..236b588a5e 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -63,52 +63,10 @@ arm32:neon -> "-mfpu=neon" arm64:neon -> "" - -# Avoid using -march=i[3456]86, instead tune for generic -i386 -> "-mtune=generic" -i486 -> "-mtune=generic" -i586 -> "-mtune=generic" -i686 -> "-mtune=generic" - -# Translate to GCC-speak -nehalem -> "-march=corei7" -sandybridge -> "-march=corei7-avx" -ivybridge -> "-march=core-avx-i" - -ppc601 -> "-mpowerpc -mcpu=601" -cellppu -> "-mcpu=cell" -e500v2 -> "-mcpu=8548" - -# No scheduler in GCC for anything after EV67 -alpha-ev68 -> "-mcpu=ev67" -alpha-ev7 -> "-mcpu=ev67" - -# The patch from Debian bug 594159 has this, don't know why though... -sh4 -> "-m4 -mieee" - -# Default family options (SUBMODEL is substitued with the actual -# submodel name). Anything after the pipe will be removed from the -# submodel name before it's put into SUBMODEL. - -alpha -> "-mcpu=SUBMODEL|alpha-" -arm32 -> "-march=SUBMODEL" -arm64 -> "-march=SUBMODEL" -superh -> "-mSUBMODEL|sh" -hppa -> "-march=SUBMODEL|hppa" -ia64 -> "-mtune=SUBMODEL" -m68k -> "-mSUBMODEL" -mips32 -> "-mips1 -mcpu=SUBMODEL|mips32-" -mips64 -> "-mips3 -mcpu=SUBMODEL|mips64-" -ppc32 -> "-mcpu=SUBMODEL|ppc" -ppc64 -> "-mcpu=SUBMODEL|ppc" -sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus|sparc32-" -sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" -x86_32 -> "-march=SUBMODEL" -x86_64 -> "-march=SUBMODEL" - -all_x86_32 -> "-momit-leaf-frame-pointer" -all_x86_64 -> "-momit-leaf-frame-pointer" - + +x86_32 -> "-momit-leaf-frame-pointer" +x86_64 -> "-momit-leaf-frame-pointer" + # Flags set here are included at compile and link time diff --git a/src/build-data/cc/icc.txt b/src/build-data/cc/icc.txt index 10f9a61166..c8a1aa3dc7 100644 --- a/src/build-data/cc/icc.txt +++ b/src/build-data/cc/icc.txt @@ -19,17 +19,6 @@ aesni -> "-march=corei7" rdrand -> "-march=core-avx-i" - -pentium3 -> "-march=pentium3" -pentium4 -> "-march=pentium4" -pentium-m -> "-march=pentium-m" -core2 -> "-march=core2" - -nehalem -> "-march=corei7" -sandybridge -> "-march=corei7-avx" -ivybridge -> "-march=core-avx-i" - - default -> "$(CXX) -fPIC -shared -Wl,-soname,{soname_abi}" diff --git a/src/build-data/cc/pgi.txt b/src/build-data/cc/pgi.txt index 213a69d27c..5ec6586280 100644 --- a/src/build-data/cc/pgi.txt +++ b/src/build-data/cc/pgi.txt @@ -9,11 +9,3 @@ shared_flags "-fPIC" linux -> "$(CXX) -shared -fPIC -Wl,-soname,{soname_abi}" solaris -> "$(CXX) -G -fPIC -Wl,-h,{soname_abi}" - - -i586 -> "-tp p5" -i686 -> "-tp p6" -athlon -> "-tp k7" -pentium4 -> "-tp p6" -x86_32 -> "-tp px" - diff --git a/src/build-data/cc/sunstudio.txt b/src/build-data/cc/sunstudio.txt index e983bf7019..c5dac65de1 100644 --- a/src/build-data/cc/sunstudio.txt +++ b/src/build-data/cc/sunstudio.txt @@ -15,30 +15,6 @@ ar_options "-xar -o" default -> "$(CXX) -G -h{soname_abi}" - -i386 -> "-xtarget=486" -i486 -> "-xtarget=486" -i586 -> "-xtarget=pentium" -k6 -> "-xtarget=pentium" -i686 -> "-xtarget=pentium_pro" - -pentium3 -> "-xtarget=pentium3" -pentium4 -> "-xtarget=pentium4" - -core2 -> "-xtarget=core2" -opteron -> "-xtarget=opteron" -nehalem -> "-xtarget=nehalem" - -sparc32-v9 -> "-xchip=ultra -xarch=v8" - -ultrasparc3 -> "-xchip=ultra3" -niagra1 -> "-xchip=ultraT1" -niagra2 -> "-xchip=ultraT2" - -sparc32 -> "-xchip=ultra -xarch=SUBMODEL|sparc32-" -sparc64 -> "-xchip=generic" - - # Needed on some Linux distros linux -> "-library=stlport4" diff --git a/src/build-data/cc/xlc.txt b/src/build-data/cc/xlc.txt index c28fdb1a0f..0ab45242a1 100644 --- a/src/build-data/cc/xlc.txt +++ b/src/build-data/cc/xlc.txt @@ -6,11 +6,6 @@ optimization_flags "-O2" lang_flags "-std=c++11" - -power8 -> "-qarch=pwr8" -power9 -> "-qarch=pwr9" - - altivec -> "-qaltivec" diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index b0843bf40d..3a462fdb56 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -128,7 +128,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro if target == 'cross-arm32': flags += ['--cpu=armv7', '--cc-abi-flags=-arch armv7 -arch armv7s -stdlib=libc++'] elif target == 'cross-arm64': - flags += ['--cpu=armv8-a', '--cc-abi-flags=-arch arm64 -stdlib=libc++'] + flags += ['--cpu=arm64', '--cc-abi-flags=-arch arm64 -stdlib=libc++'] else: raise Exception("Unknown cross target '%s' for iOS" % (target)) elif target == 'cross-win32': @@ -145,7 +145,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro cc_bin = 'arm-linux-gnueabihf-g++' test_prefix = ['qemu-arm', '-L', '/usr/arm-linux-gnueabihf/'] elif target == 'cross-arm64': - flags += ['--cpu=armv8-a'] + flags += ['--cpu=aarch64'] cc_bin = 'aarch64-linux-gnu-g++' test_prefix = ['qemu-aarch64', '-L', '/usr/aarch64-linux-gnu/'] elif target == 'cross-ppc32': From 9977b326c8440c1e38d759bd7f9713f2501ff4f9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 9 Jan 2018 10:53:02 -0500 Subject: [PATCH 0524/1008] Recognize armv7-a [ci skip] --- src/build-data/arch/arm32.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/build-data/arch/arm32.txt b/src/build-data/arch/arm32.txt index d8a0780ece..38e7dcab88 100644 --- a/src/build-data/arch/arm32.txt +++ b/src/build-data/arch/arm32.txt @@ -10,6 +10,7 @@ evbarm # For NetBSD armv7 armv7l +armv7-a From bc36f04d9c536a608eaae68ce13cc84bef350f68 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 9 Jan 2018 10:57:13 -0500 Subject: [PATCH 0525/1008] Add contortion to appease Sonar --- src/lib/pubkey/curve25519/donna.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 53ab220bda..6c229dd124 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -329,7 +329,7 @@ void fmonty(uint64_t result_two_q_x[5], */ void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t iswap) { - const uint64_t swap = static_cast(-iswap); + const uint64_t swap = static_cast(-static_cast(iswap)); for(size_t i = 0; i < 5; ++i) { From 31ce2b9a5cd3013d5472fa2e606aba15a2620fcb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 9 Jan 2018 11:38:33 -0500 Subject: [PATCH 0526/1008] Fix a bug in asn1print - zero integers were not printed --- src/lib/asn1/asn1_print.cpp | 12 ++++-------- src/tests/data/asn1_print/output2.txt | 6 +++--- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index cdec367c91..425072e374 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -164,15 +164,11 @@ void ASN1_Formatter::decode(std::ostream& output, data.decode(number, ENUMERATED, class_tag); } - const std::vector rep = BigInt::encode(number, BigInt::Hexadecimal); + std::vector rep = BigInt::encode(number, BigInt::Binary); + if(rep.empty()) // if zero + rep.resize(1); - std::string str; - for(size_t i = 0; i != rep.size(); ++i) - { - str += static_cast(rep[i]); - } - - output << format(type_tag, class_tag, level, length, str); + output << format(type_tag, class_tag, level, length, hex_encode(rep)); } else if(type_tag == BOOLEAN) { diff --git a/src/tests/data/asn1_print/output2.txt b/src/tests/data/asn1_print/output2.txt index d2aa9647bc..523f292eb5 100644 --- a/src/tests/data/asn1_print/output2.txt +++ b/src/tests/data/asn1_print/output2.txt @@ -1,10 +1,10 @@ d= 0, l= 38: SEQUENCE - d= 1, l= 1: INTEGER + d= 1, l= 1: INTEGER 00 d= 1, l= 6: OCTET STRING public d= 1, l= 25: cons [0] context d= 2, l= 1: INTEGER 26 - d= 2, l= 1: INTEGER - d= 2, l= 1: INTEGER + d= 2, l= 1: INTEGER 00 + d= 2, l= 1: INTEGER 00 d= 2, l= 14: SEQUENCE d= 3, l= 12: SEQUENCE d= 4, l= 8: OBJECT 1.3.6.1.2.1.1.2.0 From b6f3f4c52de0630baf602e76d401fb840d57e03e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 9 Jan 2018 11:41:09 -0500 Subject: [PATCH 0527/1008] Update version to 2.5.0-pre --- news.rst | 9 +++++++++ version.txt | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index c69d8ad469..fa348daaaf 100644 --- a/news.rst +++ b/news.rst @@ -1,6 +1,15 @@ Release Notes ======================================== +Version 2.5.0, Not Yet Released +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Support detecting POWER crypto extensions using getauxval (GH #1393) + +* Remove use of CPU specific optimization flags (GH #1392) + +* Use feature flags to enable/disable system specific code (GH #1378) + Version 2.4.0, 2018-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/version.txt b/version.txt index 5359dcfa91..b0b6ab9e34 100644 --- a/version.txt +++ b/version.txt @@ -1,6 +1,6 @@ release_major = 2 -release_minor = 4 +release_minor = 5 release_patch = 0 release_so_abi_rev = 4 From 3099e920495c8e881387363de8e1b0bf7d1d5292 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 10 Jan 2018 12:51:35 -0500 Subject: [PATCH 0528/1008] In asn1print, if input file ends in .pem assume --pem flag --- src/cli/asn1.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index ca8f5f89f5..9388712539 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -27,7 +27,7 @@ class ASN1_Printer final : public Command std::vector contents; - if(flag_set("pem")) + if(flag_set("pem") || (input.size() > 4 && input.substr(input.size() - 4) == ".pem")) { #if defined(BOTAN_HAS_PEM_CODEC) std::string pem_label; From 0c6e3f7d048c207218e479f95d83d1df09c06787 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 9 Jan 2018 16:39:20 +0100 Subject: [PATCH 0529/1008] Remove dependency: base depends on mac --- src/cli/speed.cpp | 9 ++++++++- src/cli/utils.cpp | 5 ++++- src/lib/base/info.txt | 1 - 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index bb4a423441..212ba23e92 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -20,7 +20,6 @@ #include #include #include -#include #include #include #include @@ -28,6 +27,10 @@ #include #include +#if defined(BOTAN_HAS_MAC) + #include +#endif + #if defined(BOTAN_HAS_AUTO_SEEDING_RNG) #include #endif @@ -713,12 +716,14 @@ class Speed final : public Command auto dec = Botan::get_cipher_mode(algo, Botan::DECRYPTION); bench_cipher_mode(*enc, *dec, msec, buf_sizes); } +#if defined(BOTAN_HAS_MAC) else if(Botan::MessageAuthenticationCode::providers(algo).size() > 0) { bench_providers_of( algo, provider, msec, buf_sizes, std::bind(&Speed::bench_mac, this, _1, _2, _3, _4)); } +#endif #if defined(BOTAN_HAS_RSA) else if(algo == "RSA") { @@ -1021,6 +1026,7 @@ class Speed final : public Command } } +#if defined(BOTAN_HAS_MAC) void bench_mac( Botan::MessageAuthenticationCode& mac, const std::string& provider, @@ -1040,6 +1046,7 @@ class Speed final : public Command record_result(timer); } } +#endif void bench_cipher_mode( Botan::Cipher_Mode& enc, diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 161cc24bf7..ebc9673bd8 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -9,13 +9,16 @@ #include #include -#include #include #include #include #include #include +#if defined(BOTAN_HAS_MAC) + #include +#endif + #if defined(BOTAN_HAS_BASE64_CODEC) #include #endif diff --git a/src/lib/base/info.txt b/src/lib/base/info.txt index 001ed9e1b8..c5f89f4703 100644 --- a/src/lib/base/info.txt +++ b/src/lib/base/info.txt @@ -14,7 +14,6 @@ symkey.h block hash hex -mac modes rng stream From aee4203df5d1b7437fccd0b134ce8190daea0cd0 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 11 Jan 2018 10:49:52 +0100 Subject: [PATCH 0530/1008] Wrap use of MAC in BOTAN_HAS_MAC in lookup.h --- src/lib/base/lookup.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/base/lookup.h b/src/lib/base/lookup.h index 808848d37f..18c885d16d 100644 --- a/src/lib/base/lookup.h +++ b/src/lib/base/lookup.h @@ -8,15 +8,19 @@ #ifndef BOTAN_LOOKUP_H_ #define BOTAN_LOOKUP_H_ +#include #include #include #include -#include #include #include #include #include +#if defined(BOTAN_HAS_MAC) + #include +#endif + namespace Botan { /* @@ -118,6 +122,7 @@ inline std::vector get_hash_function_providers(const std::string& a return HashFunction::providers(algo_spec); } +#if defined(BOTAN_HAS_MAC) /** * MAC factory method. * @@ -144,6 +149,7 @@ inline std::vector get_mac_providers(const std::string& algo_spec) { return MessageAuthenticationCode::providers(algo_spec); } +#endif } From 358686972edbce1f7ac9ad50e29058903a505656 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Jan 2018 11:10:45 -0500 Subject: [PATCH 0531/1008] Add support for --library-suffix option Fixes GH #1404 --- configure.py | 11 ++++++++--- src/build-data/os/darwin.txt | 6 +++--- src/build-data/os/ios.txt | 6 +++--- src/build-data/os/openbsd.txt | 6 +++--- src/build-data/os/windows.txt | 2 +- 5 files changed, 18 insertions(+), 13 deletions(-) diff --git a/configure.py b/configure.py index a4cef1a0b9..ee58efe78b 100755 --- a/configure.py +++ b/configure.py @@ -521,6 +521,8 @@ def process_command_line(args): # pylint: disable=too-many-locals install_group.add_option('--program-suffix', metavar='SUFFIX', help='append string to program names') + install_group.add_option('--library-suffix', metavar='SUFFIX', default='', + help='append string to library names') install_group.add_option('--prefix', metavar='DIR', help='set the install prefix') @@ -1273,7 +1275,7 @@ def __init__(self, infofile): 'so_post_link_command': '', 'cli_exe_name': 'botan', 'lib_prefix': 'lib', - 'library_name': 'botan-{major}', + 'library_name': 'botan{suffix}-{major}', }) if lex.ar_command == 'ar' and lex.ar_options == '': @@ -1292,7 +1294,7 @@ def __init__(self, infofile): raise InternalError("Invalid soname_patterns in %s" % (self.infofile)) else: if lex.soname_suffix: - self.soname_pattern_base = "libbotan-{version_major}.%s" % (lex.soname_suffix) + self.soname_pattern_base = "libbotan{lib_suffix}-{version_major}.%s" % (lex.soname_suffix) self.soname_pattern_abi = self.soname_pattern_base + ".{abi_rev}" self.soname_pattern_patch = self.soname_pattern_abi + ".{version_minor}.{version_patch}" else: @@ -1762,7 +1764,10 @@ def choose_endian(arch_info, options): 'lib_prefix': osinfo.lib_prefix, 'static_suffix': osinfo.static_suffix, - 'libname': osinfo.library_name.format(major=Version.major(), minor=Version.minor()), + 'lib_suffix': options.library_suffix, + 'libname': osinfo.library_name.format(major=Version.major(), + minor=Version.minor(), + suffix=options.library_suffix), 'command_line': configure_command_line(), 'local_config': read_textfile(options.local_config), diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index 3c221e0b9f..e32a5c4c6c 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -1,7 +1,7 @@ -soname_pattern_base "libbotan-{version_major}.dylib" -soname_pattern_abi "libbotan-{version_major}.{abi_rev}.dylib" -soname_pattern_patch "libbotan-{version_major}.{abi_rev}.{version_minor}.{version_patch}.dylib" +soname_pattern_base "lib{libname}.dylib" +soname_pattern_abi "lib{libname}.{abi_rev}.dylib" +soname_pattern_patch "lib{libname}.{abi_rev}.{version_minor}.{version_patch}.dylib" # In order that these executables work from the build directory, # we need to change the install names diff --git a/src/build-data/os/ios.txt b/src/build-data/os/ios.txt index e5729fed80..a5ffab6960 100644 --- a/src/build-data/os/ios.txt +++ b/src/build-data/os/ios.txt @@ -1,7 +1,7 @@ -soname_pattern_base "libbotan-{version_major}.{version_minor}.dylib" -soname_pattern_abi "libbotan-{version_major}.{version_minor}.{abi_rev}.dylib" -soname_pattern_patch "libbotan-{version_major}.{version_minor}.{abi_rev}.{version_patch}.dylib" +soname_pattern_base "lib{libname}.{version_minor}.dylib" +soname_pattern_abi "lib{libname}.{version_minor}.{abi_rev}.dylib" +soname_pattern_patch "lib{libname}.{version_minor}.{abi_rev}.{version_patch}.dylib" doc_dir doc diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt index 99a3edf79c..9c6c8b7079 100644 --- a/src/build-data/os/openbsd.txt +++ b/src/build-data/os/openbsd.txt @@ -1,7 +1,7 @@ -soname_pattern_base "libbotan-{version_major}.so" -soname_pattern_abi "libbotan-{version_major}.so.{abi_rev}" -soname_pattern_patch "libbotan-{version_major}.so.{abi_rev}.{version_minor}" +soname_pattern_base "lib{libname}.so" +soname_pattern_abi "lib{libname}.so.{abi_rev}" +soname_pattern_patch "lib{libname}.so.{abi_rev}.{version_minor}" posix1 diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index 8fb8bc586e..500013897b 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -8,7 +8,7 @@ lib_prefix '' # For historical reasons? the library does not have the major number on Windows # This should probably be fixed in a future major release. -library_name 'botan' +library_name 'botan{suffix}' soname_pattern_base "{libname}.dll" From 2031badab44efad536509ac4c0c2f3ea1928de0a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Jan 2018 10:35:55 -0500 Subject: [PATCH 0532/1008] Make stream, block, hash and cipher mode base classes optional --- src/cli/speed.cpp | 41 ++++++++++++++++++++++++++---- src/cli/utils.cpp | 9 ++++++- src/lib/base/info.txt | 4 --- src/lib/base/lookup.h | 27 +++++++++++++++++--- src/lib/block/lion/info.txt | 5 ++++ src/lib/ffi/info.txt | 3 +++ src/lib/filters/algo_filt.cpp | 11 ++++++++ src/lib/filters/filters.h | 27 ++++++++++++++++---- src/lib/hash/checksum/info.txt | 4 +++ src/lib/hash/info.txt | 4 +++ src/lib/kdf/kdf1/info.txt | 4 +++ src/lib/kdf/kdf1_iso18033/info.txt | 4 +++ src/lib/kdf/kdf2/info.txt | 4 +++ src/lib/mac/cbc_mac/info.txt | 4 +++ src/lib/mac/cmac/info.txt | 1 + src/lib/mac/gmac/info.txt | 2 +- src/lib/mac/hmac/info.txt | 4 +++ src/lib/misc/nist_keywrap/info.txt | 4 +++ src/lib/modes/aead/ccm/info.txt | 4 +++ src/lib/modes/aead/gcm/info.txt | 1 + src/lib/modes/aead/ocb/info.txt | 1 + src/lib/modes/cbc/info.txt | 1 + src/lib/modes/cfb/info.txt | 4 +++ src/lib/modes/cipher_mode.cpp | 2 ++ src/lib/modes/stream_mode.h | 9 ++++++- src/lib/modes/xts/info.txt | 1 + src/lib/stream/ctr/info.txt | 4 +++ src/lib/stream/ofb/info.txt | 4 +++ src/tests/test_block.cpp | 5 ++++ src/tests/test_hash.cpp | 8 +++++- src/tests/test_otp.cpp | 3 ++- src/tests/test_rfc6979.cpp | 3 +-- 32 files changed, 188 insertions(+), 24 deletions(-) create mode 100644 src/lib/hash/checksum/info.txt diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 212ba23e92..d652b7a6d9 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -17,16 +17,28 @@ #include // Always available: -#include -#include -#include -#include #include #include #include #include #include +#if defined(BOTAN_HAS_BLOCK_CIPHER) + #include +#endif + +#if defined(BOTAN_HAS_STREAM_CIPHER) + #include +#endif + +#if defined(BOTAN_HAS_HASH) + #include +#endif + +#if defined(BOTAN_HAS_CIPHER_MODE) + #include +#endif + #if defined(BOTAN_HAS_MAC) #include #endif @@ -693,29 +705,40 @@ class Speed final : public Command { using namespace std::placeholders; - if(Botan::HashFunction::providers(algo).size() > 0) + if(false) + { + } +#if defined(BOTAN_HAS_HASH) + else if(Botan::HashFunction::providers(algo).size() > 0) { bench_providers_of( algo, provider, msec, buf_sizes, std::bind(&Speed::bench_hash, this, _1, _2, _3, _4)); } +#endif +#if defined(BOTAN_HAS_BLOCK_CIPHER) else if(Botan::BlockCipher::providers(algo).size() > 0) { bench_providers_of( algo, provider, msec, buf_sizes, std::bind(&Speed::bench_block_cipher, this, _1, _2, _3, _4)); } +#endif +#if defined(BOTAN_HAS_STREAM_CIPHER) else if(Botan::StreamCipher::providers(algo).size() > 0) { bench_providers_of( algo, provider, msec, buf_sizes, std::bind(&Speed::bench_stream_cipher, this, _1, _2, _3, _4)); } +#endif +#if defined(BOTAN_HAS_CIPHER_MODE) else if(auto enc = Botan::get_cipher_mode(algo, Botan::ENCRYPTION)) { auto dec = Botan::get_cipher_mode(algo, Botan::DECRYPTION); bench_cipher_mode(*enc, *dec, msec, buf_sizes); } +#endif #if defined(BOTAN_HAS_MAC) else if(Botan::MessageAuthenticationCode::providers(algo).size() > 0) { @@ -944,6 +967,7 @@ class Speed final : public Command } } +#if defined(BOTAN_HAS_BLOCK_CIPHER) void bench_block_cipher(Botan::BlockCipher& cipher, const std::string& provider, std::chrono::milliseconds runtime, @@ -979,7 +1003,9 @@ class Speed final : public Command record_result(decrypt_timer); } } +#endif +#if defined(BOTAN_HAS_STREAM_CIPHER) void bench_stream_cipher( Botan::StreamCipher& cipher, const std::string& provider, @@ -1009,7 +1035,9 @@ class Speed final : public Command record_result(encrypt_timer); } } +#endif +#if defined(BOTAN_HAS_HASH) void bench_hash( Botan::HashFunction& hash, const std::string& provider, @@ -1025,6 +1053,7 @@ class Speed final : public Command record_result(timer); } } +#endif #if defined(BOTAN_HAS_MAC) void bench_mac( @@ -1048,6 +1077,7 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_CIPHER_MODE) void bench_cipher_mode( Botan::Cipher_Mode& enc, Botan::Cipher_Mode& dec, @@ -1092,6 +1122,7 @@ class Speed final : public Command record_result(decrypt_timer); } } +#endif void bench_rng( Botan::RandomNumberGenerator& rng, diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index ebc9673bd8..91638bfea0 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -8,13 +8,16 @@ #include "cli.h" #include -#include #include #include #include #include #include +#if defined(BOTAN_HAS_HASH) + #include +#endif + #if defined(BOTAN_HAS_MAC) #include #endif @@ -142,6 +145,8 @@ class Print_Cpuid final : public Command BOTAN_REGISTER_COMMAND("cpuid", Print_Cpuid); +#if defined(BOTAN_HAS_HASH) + class Hash final : public Command { public: @@ -183,6 +188,8 @@ class Hash final : public Command BOTAN_REGISTER_COMMAND("hash", Hash); +#endif + class RNG final : public Command { public: diff --git a/src/lib/base/info.txt b/src/lib/base/info.txt index c5f89f4703..fd3f7b8905 100644 --- a/src/lib/base/info.txt +++ b/src/lib/base/info.txt @@ -11,11 +11,7 @@ symkey.h -block -hash hex -modes rng -stream utils diff --git a/src/lib/base/lookup.h b/src/lib/base/lookup.h index 18c885d16d..1cfa7d3c9c 100644 --- a/src/lib/base/lookup.h +++ b/src/lib/base/lookup.h @@ -9,14 +9,23 @@ #define BOTAN_LOOKUP_H_ #include -#include -#include -#include #include #include #include #include +#if defined(BOTAN_HAS_BLOCK_CIPHER) + #include +#endif + +#if defined(BOTAN_HAS_STREAM_CIPHER) + #include +#endif + +#if defined(BOTAN_HAS_HASH) + #include +#endif + #if defined(BOTAN_HAS_MAC) #include #endif @@ -34,6 +43,8 @@ namespace Botan { * caller assume ownership of them */ +#if defined(BOTAN_HAS_BLOCK_CIPHER) + /** * Block cipher factory method. * @@ -61,6 +72,10 @@ inline std::vector get_block_cipher_providers(const std::string& al return BlockCipher::providers(algo_spec); } +#endif + +#if defined(BOTAN_HAS_STREAM_CIPHER) + /** * Stream cipher factory method. * @@ -88,6 +103,10 @@ inline std::vector get_stream_cipher_providers(const std::string& a return StreamCipher::providers(algo_spec); } +#endif + +#if defined(BOTAN_HAS_HASH) + /** * Hash function factory method. * @@ -122,6 +141,8 @@ inline std::vector get_hash_function_providers(const std::string& a return HashFunction::providers(algo_spec); } +#endif + #if defined(BOTAN_HAS_MAC) /** * MAC factory method. diff --git a/src/lib/block/lion/info.txt b/src/lib/block/lion/info.txt index c818627ebf..a7b93e92ee 100644 --- a/src/lib/block/lion/info.txt +++ b/src/lib/block/lion/info.txt @@ -1,3 +1,8 @@ LION -> 20131128 + + +stream +hash + diff --git a/src/lib/ffi/info.txt b/src/lib/ffi/info.txt index d85faee0ec..c02bd3a398 100644 --- a/src/lib/ffi/info.txt +++ b/src/lib/ffi/info.txt @@ -14,6 +14,9 @@ ffi.h +block +stream +hash aead kdf pbkdf diff --git a/src/lib/filters/algo_filt.cpp b/src/lib/filters/algo_filt.cpp index 63906907c0..099c413d3b 100644 --- a/src/lib/filters/algo_filt.cpp +++ b/src/lib/filters/algo_filt.cpp @@ -10,6 +10,8 @@ namespace Botan { +#if defined(BOTAN_HAS_STREAM_CIPHER) + StreamCipher_Filter::StreamCipher_Filter(StreamCipher* cipher) : m_buffer(DEFAULT_BUFFERSIZE), m_cipher(cipher) @@ -48,6 +50,10 @@ void StreamCipher_Filter::write(const uint8_t input[], size_t length) } } +#endif + +#if defined(BOTAN_HAS_HASH) + Hash_Filter::Hash_Filter(const std::string& hash_name, size_t len) : m_hash(HashFunction::create_or_throw(hash_name)), m_out_len(len) @@ -62,6 +68,9 @@ void Hash_Filter::end_msg() else send(output); } +#endif + +#if defined(BOTAN_HAS_MAC) MAC_Filter::MAC_Filter(const std::string& mac_name, size_t len) : m_mac(MessageAuthenticationCode::create_or_throw(mac_name)), @@ -85,4 +94,6 @@ void MAC_Filter::end_msg() send(output); } +#endif + } diff --git a/src/lib/filters/filters.h b/src/lib/filters/filters.h index af310a599c..b4aee12078 100644 --- a/src/lib/filters/filters.h +++ b/src/lib/filters/filters.h @@ -8,14 +8,22 @@ #ifndef BOTAN_FILTERS_H_ #define BOTAN_FILTERS_H_ -#include -#include -#include - -#include #include #include #include +#include + +#if defined(BOTAN_HAS_STREAM_CIPHER) + #include +#endif + +#if defined(BOTAN_HAS_HASH) + #include +#endif + +#if defined(BOTAN_HAS_MAC) + #include +#endif #if defined(BOTAN_HAS_CODEC_FILTERS) #include @@ -24,6 +32,8 @@ namespace Botan { +#if defined(BOTAN_HAS_STREAM_CIPHER) + /** * Stream Cipher Filter */ @@ -89,6 +99,9 @@ class BOTAN_PUBLIC_API(2,0) StreamCipher_Filter final : public Keyed_Filter secure_vector m_buffer; std::unique_ptr m_cipher; }; +#endif + +#if defined(BOTAN_HAS_HASH) /** * Hash Filter. @@ -126,6 +139,9 @@ class BOTAN_PUBLIC_API(2,0) Hash_Filter final : public Filter std::unique_ptr m_hash; const size_t m_out_len; }; +#endif + +#if defined(BOTAN_HAS_MAC) /** * MessageAuthenticationCode Filter. @@ -204,6 +220,7 @@ class BOTAN_PUBLIC_API(2,0) MAC_Filter final : public Keyed_Filter std::unique_ptr m_mac; const size_t m_out_len; }; +#endif } diff --git a/src/lib/hash/checksum/info.txt b/src/lib/hash/checksum/info.txt new file mode 100644 index 0000000000..5aab13b59f --- /dev/null +++ b/src/lib/hash/checksum/info.txt @@ -0,0 +1,4 @@ + + +hash + diff --git a/src/lib/hash/info.txt b/src/lib/hash/info.txt index e71318b732..8d38170589 100644 --- a/src/lib/hash/info.txt +++ b/src/lib/hash/info.txt @@ -1,3 +1,7 @@ + +HASH -> 20180112 + + hash.h diff --git a/src/lib/kdf/kdf1/info.txt b/src/lib/kdf/kdf1/info.txt index a2372c7e3f..f88268f93e 100644 --- a/src/lib/kdf/kdf1/info.txt +++ b/src/lib/kdf/kdf1/info.txt @@ -1,3 +1,7 @@ KDF1 -> 20131128 + + +hash + diff --git a/src/lib/kdf/kdf1_iso18033/info.txt b/src/lib/kdf/kdf1_iso18033/info.txt index af6026836b..494b8358b0 100644 --- a/src/lib/kdf/kdf1_iso18033/info.txt +++ b/src/lib/kdf/kdf1_iso18033/info.txt @@ -1,3 +1,7 @@ KDF1_18033 -> 20160128 + + +hash + diff --git a/src/lib/kdf/kdf2/info.txt b/src/lib/kdf/kdf2/info.txt index 26c824cf23..e222a4521f 100644 --- a/src/lib/kdf/kdf2/info.txt +++ b/src/lib/kdf/kdf2/info.txt @@ -1,3 +1,7 @@ KDF2 -> 20131128 + + +hash + diff --git a/src/lib/mac/cbc_mac/info.txt b/src/lib/mac/cbc_mac/info.txt index 1cf22eae0c..994a63872b 100644 --- a/src/lib/mac/cbc_mac/info.txt +++ b/src/lib/mac/cbc_mac/info.txt @@ -1,3 +1,7 @@ CBC_MAC -> 20131128 + + +block + diff --git a/src/lib/mac/cmac/info.txt b/src/lib/mac/cmac/info.txt index bdddca1b2f..d78b3851ee 100644 --- a/src/lib/mac/cmac/info.txt +++ b/src/lib/mac/cmac/info.txt @@ -3,5 +3,6 @@ CMAC -> 20131128 +block poly_dbl diff --git a/src/lib/mac/gmac/info.txt b/src/lib/mac/gmac/info.txt index 416e914db9..104e35962f 100644 --- a/src/lib/mac/gmac/info.txt +++ b/src/lib/mac/gmac/info.txt @@ -4,5 +4,5 @@ GMAC -> 20160207 gcm -mac +block diff --git a/src/lib/mac/hmac/info.txt b/src/lib/mac/hmac/info.txt index cf1a288f6f..50dc665dc9 100644 --- a/src/lib/mac/hmac/info.txt +++ b/src/lib/mac/hmac/info.txt @@ -1,3 +1,7 @@ HMAC -> 20131128 + + +hash + diff --git a/src/lib/misc/nist_keywrap/info.txt b/src/lib/misc/nist_keywrap/info.txt index 3fb3639f08..b48e84c118 100644 --- a/src/lib/misc/nist_keywrap/info.txt +++ b/src/lib/misc/nist_keywrap/info.txt @@ -1,3 +1,7 @@ NIST_KEYWRAP -> 20171119 + + +block + diff --git a/src/lib/modes/aead/ccm/info.txt b/src/lib/modes/aead/ccm/info.txt index b12a43b03f..9341cea7fc 100644 --- a/src/lib/modes/aead/ccm/info.txt +++ b/src/lib/modes/aead/ccm/info.txt @@ -1,3 +1,7 @@ AEAD_CCM -> 20131128 + + +block + diff --git a/src/lib/modes/aead/gcm/info.txt b/src/lib/modes/aead/gcm/info.txt index 6dc5c6928a..e46fa34bc7 100644 --- a/src/lib/modes/aead/gcm/info.txt +++ b/src/lib/modes/aead/gcm/info.txt @@ -3,5 +3,6 @@ AEAD_GCM -> 20131128 +block ctr diff --git a/src/lib/modes/aead/ocb/info.txt b/src/lib/modes/aead/ocb/info.txt index 9af91f2385..4e16e23624 100644 --- a/src/lib/modes/aead/ocb/info.txt +++ b/src/lib/modes/aead/ocb/info.txt @@ -3,5 +3,6 @@ AEAD_OCB -> 20131128 +block poly_dbl diff --git a/src/lib/modes/cbc/info.txt b/src/lib/modes/cbc/info.txt index a1e3e1dec1..778ba1e252 100644 --- a/src/lib/modes/cbc/info.txt +++ b/src/lib/modes/cbc/info.txt @@ -3,5 +3,6 @@ MODE_CBC -> 20131128 +block mode_pad diff --git a/src/lib/modes/cfb/info.txt b/src/lib/modes/cfb/info.txt index 29744514ff..77a6af448e 100644 --- a/src/lib/modes/cfb/info.txt +++ b/src/lib/modes/cfb/info.txt @@ -1,3 +1,7 @@ MODE_CFB -> 20131128 + + +block + diff --git a/src/lib/modes/cipher_mode.cpp b/src/lib/modes/cipher_mode.cpp index 6023102da8..804713be7b 100644 --- a/src/lib/modes/cipher_mode.cpp +++ b/src/lib/modes/cipher_mode.cpp @@ -51,10 +51,12 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, } #endif +#if defined(BOTAN_HAS_STREAM_CIPHER) if(auto sc = StreamCipher::create(algo)) { return new Stream_Cipher_Mode(sc.release()); } +#endif #if defined(BOTAN_HAS_AEAD_MODES) if(auto aead = get_aead(algo, direction)) diff --git a/src/lib/modes/stream_mode.h b/src/lib/modes/stream_mode.h index 8db23d9930..3bce01731a 100644 --- a/src/lib/modes/stream_mode.h +++ b/src/lib/modes/stream_mode.h @@ -9,10 +9,15 @@ #define BOTAN_STREAM_MODE_H_ #include -#include + +#if defined(BOTAN_HAS_STREAM_CIPHER) + #include +#endif namespace Botan { +#if defined(BOTAN_HAS_STREAM_CIPHER) + class BOTAN_PUBLIC_API(2,0) Stream_Cipher_Mode final : public Cipher_Mode { public: @@ -70,6 +75,8 @@ class BOTAN_PUBLIC_API(2,0) Stream_Cipher_Mode final : public Cipher_Mode std::unique_ptr m_cipher; }; +#endif + } #endif diff --git a/src/lib/modes/xts/info.txt b/src/lib/modes/xts/info.txt index 2a41f696f9..cee850be78 100644 --- a/src/lib/modes/xts/info.txt +++ b/src/lib/modes/xts/info.txt @@ -3,5 +3,6 @@ MODE_XTS -> 20131128 +block poly_dbl diff --git a/src/lib/stream/ctr/info.txt b/src/lib/stream/ctr/info.txt index 4cb30fa2fa..270ceecf8b 100644 --- a/src/lib/stream/ctr/info.txt +++ b/src/lib/stream/ctr/info.txt @@ -1,3 +1,7 @@ CTR_BE -> 20131128 + + +block + diff --git a/src/lib/stream/ofb/info.txt b/src/lib/stream/ofb/info.txt index be585d0d34..2675e78573 100644 --- a/src/lib/stream/ofb/info.txt +++ b/src/lib/stream/ofb/info.txt @@ -1,3 +1,7 @@ OFB -> 20131128 + + +block + diff --git a/src/tests/test_block.cpp b/src/tests/test_block.cpp index 02115b66aa..a274b260b9 100644 --- a/src/tests/test_block.cpp +++ b/src/tests/test_block.cpp @@ -5,6 +5,9 @@ */ #include "tests.h" + +#if defined(BOTAN_HAS_BLOCK_CIPHER) + #include namespace Botan_Tests { @@ -144,3 +147,5 @@ class Block_Cipher_Tests final : public Text_Based_Test BOTAN_REGISTER_TEST("block", Block_Cipher_Tests); } + +#endif diff --git a/src/tests/test_hash.cpp b/src/tests/test_hash.cpp index 39b13de328..0424e94f3b 100644 --- a/src/tests/test_hash.cpp +++ b/src/tests/test_hash.cpp @@ -6,10 +6,14 @@ #include "tests.h" -#include +#if defined(BOTAN_HAS_HASH) + #include +#endif namespace Botan_Tests { +#if defined(BOTAN_HAS_HASH) + namespace { class Hash_Function_Tests final : public Text_Based_Test @@ -109,4 +113,6 @@ BOTAN_REGISTER_TEST("hash", Hash_Function_Tests); } +#endif + } diff --git a/src/tests/test_otp.cpp b/src/tests/test_otp.cpp index 9bd4c0f185..4604356f91 100644 --- a/src/tests/test_otp.cpp +++ b/src/tests/test_otp.cpp @@ -6,16 +6,17 @@ */ #include "tests.h" -#include #if defined(BOTAN_HAS_HOTP) #include #include + #include #endif #if defined(BOTAN_HAS_TOTP) #include #include + #include #endif namespace Botan_Tests { diff --git a/src/tests/test_rfc6979.cpp b/src/tests/test_rfc6979.cpp index 8b8af434fa..b9de7fcb9f 100644 --- a/src/tests/test_rfc6979.cpp +++ b/src/tests/test_rfc6979.cpp @@ -8,10 +8,9 @@ #if defined(BOTAN_HAS_RFC6979_GENERATOR) #include + #include #endif -#include - namespace Botan_Tests { namespace { From e5c7809ae0734715f4c1ab5fe476e0b04c4b2a59 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Jan 2018 11:21:09 -0500 Subject: [PATCH 0533/1008] Move thread utils (barrier and semaphore) to a subpackage of util They are not needed except by the filter code so being able to easily remove them from the build is nice; utils is always compiled in so that should be as small as possible. --- src/lib/filters/basefilt.h | 2 +- src/lib/filters/threaded_fork.cpp | 2 +- src/lib/utils/info.txt | 2 -- src/lib/utils/{ => thread_utils}/barrier.cpp | 6 +----- src/lib/utils/{ => thread_utils}/barrier.h | 9 +-------- src/lib/utils/thread_utils/info.txt | 12 ++++++++++++ src/lib/utils/{ => thread_utils}/semaphore.cpp | 4 ---- src/lib/utils/{ => thread_utils}/semaphore.h | 7 +------ src/tests/test_filters.cpp | 2 +- 9 files changed, 18 insertions(+), 28 deletions(-) rename src/lib/utils/{ => thread_utils}/barrier.cpp (92%) rename src/lib/utils/{ => thread_utils}/barrier.h (87%) create mode 100644 src/lib/utils/thread_utils/info.txt rename src/lib/utils/{ => thread_utils}/semaphore.cpp (93%) rename src/lib/utils/{ => thread_utils}/semaphore.h (80%) diff --git a/src/lib/filters/basefilt.h b/src/lib/filters/basefilt.h index c3a45e28cf..922d356693 100644 --- a/src/lib/filters/basefilt.h +++ b/src/lib/filters/basefilt.h @@ -82,7 +82,7 @@ class BOTAN_PUBLIC_API(2,0) Fork : public Fanout_Filter Fork(Filter* filter_arr[], size_t length); }; -#if defined(BOTAN_TARGET_OS_HAS_THREADS) +#if defined(BOTAN_HAS_THREAD_UTILS) /** * This class is a threaded version of the Fork filter. While this uses diff --git a/src/lib/filters/threaded_fork.cpp b/src/lib/filters/threaded_fork.cpp index d379eacda2..35ea941095 100644 --- a/src/lib/filters/threaded_fork.cpp +++ b/src/lib/filters/threaded_fork.cpp @@ -8,7 +8,7 @@ #include -#if defined(BOTAN_TARGET_OS_HAS_THREADS) +#if defined(BOTAN_HAS_THREAD_UTILS) #include #include diff --git a/src/lib/utils/info.txt b/src/lib/utils/info.txt index 60a10b0587..c9b419dcc0 100644 --- a/src/lib/utils/info.txt +++ b/src/lib/utils/info.txt @@ -25,7 +25,6 @@ stl_compatibility.h -barrier.h bit_ops.h ct_utils.h donna128.h @@ -34,7 +33,6 @@ os_utils.h prefetch.h rounding.h safeint.h -semaphore.h stl_util.h diff --git a/src/lib/utils/barrier.cpp b/src/lib/utils/thread_utils/barrier.cpp similarity index 92% rename from src/lib/utils/barrier.cpp rename to src/lib/utils/thread_utils/barrier.cpp index ed3878d18e..a5df951010 100644 --- a/src/lib/utils/barrier.cpp +++ b/src/lib/utils/thread_utils/barrier.cpp @@ -7,8 +7,6 @@ #include -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - namespace Botan { void Barrier::wait(size_t delta) @@ -20,7 +18,7 @@ void Barrier::wait(size_t delta) void Barrier::sync() { std::unique_lock lock(m_mutex); - + if(m_value > 1) { --m_value; @@ -36,5 +34,3 @@ void Barrier::sync() } } - -#endif diff --git a/src/lib/utils/barrier.h b/src/lib/utils/thread_utils/barrier.h similarity index 87% rename from src/lib/utils/barrier.h rename to src/lib/utils/thread_utils/barrier.h index 943d10b0c6..874aa8abde 100644 --- a/src/lib/utils/barrier.h +++ b/src/lib/utils/thread_utils/barrier.h @@ -9,15 +9,10 @@ #define BOTAN_UTIL_BARRIER_H_ #include - -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - #include -#endif +#include namespace Botan { -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - /** Barrier implements a barrier synchronization primitive. wait() will indicate how many threads to synchronize; each thread needing @@ -42,8 +37,6 @@ class Barrier final std::condition_variable m_cond; }; -#endif - } #endif diff --git a/src/lib/utils/thread_utils/info.txt b/src/lib/utils/thread_utils/info.txt new file mode 100644 index 0000000000..826a9d7345 --- /dev/null +++ b/src/lib/utils/thread_utils/info.txt @@ -0,0 +1,12 @@ + +THREAD_UTILS -> 20180112 + + + +barrier.h +semaphore.h + + + +threads + diff --git a/src/lib/utils/semaphore.cpp b/src/lib/utils/thread_utils/semaphore.cpp similarity index 93% rename from src/lib/utils/semaphore.cpp rename to src/lib/utils/thread_utils/semaphore.cpp index e990ded414..9a7af188aa 100644 --- a/src/lib/utils/semaphore.cpp +++ b/src/lib/utils/thread_utils/semaphore.cpp @@ -7,8 +7,6 @@ #include -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - // Based on code by Pierre Gaston (http://p9as.blogspot.com/2012/06/c11-semaphores.html) namespace Botan { @@ -38,5 +36,3 @@ void Semaphore::acquire() } } - -#endif diff --git a/src/lib/utils/semaphore.h b/src/lib/utils/thread_utils/semaphore.h similarity index 80% rename from src/lib/utils/semaphore.h rename to src/lib/utils/thread_utils/semaphore.h index 431680cb3e..9db34826a6 100644 --- a/src/lib/utils/semaphore.h +++ b/src/lib/utils/thread_utils/semaphore.h @@ -9,14 +9,10 @@ #define BOTAN_SEMAPHORE_H_ #include - -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - #include -#endif +#include namespace Botan { -#if defined(BOTAN_TARGET_OS_HAS_THREADS) class Semaphore final { public: @@ -32,7 +28,6 @@ class Semaphore final mutex_type m_mutex; std::condition_variable m_cond; }; -#endif } diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index 8133e4bc9b..ef80e12215 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -709,7 +709,7 @@ class Filter_Tests final : public Test { Test::Result result("Threaded_Fork"); -#if defined(BOTAN_TARGET_OS_HAS_THREADS) && defined(BOTAN_HAS_CODEC_FILTERS) && defined(BOTAN_HAS_SHA2_32) +#if defined(BOTAN_HAS_THREAD_UTILS) && defined(BOTAN_HAS_CODEC_FILTERS) && defined(BOTAN_HAS_SHA2_32) Botan::Pipe pipe(new Botan::Threaded_Fork(new Botan::Hex_Encoder, new Botan::Base64_Encoder)); result.test_eq("Message count", pipe.message_count(), 0); From 1a5f088bfeb31d7648ac90d71b118b2fd891743a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Jan 2018 13:14:21 -0500 Subject: [PATCH 0534/1008] Create an empty favicon.ico for the website build [ci skip] Allows caching the result removing needless round trips. --- src/scripts/website.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/scripts/website.py b/src/scripts/website.py index 763bfd16e2..f80daadc04 100755 --- a/src/scripts/website.py +++ b/src/scripts/website.py @@ -147,6 +147,10 @@ def main(args): for f in ['doc/pgpkey.txt', 'license.txt']: shutil.copy(os.path.join(botan_dir, f), output_dir) + favicon = open(os.path.join(output_dir, 'favicon.ico'), 'w') + # Create an empty favicon.ico file so it gets cached by browsers + favicon.close() + shutil.rmtree(tmp_dir) if __name__ == '__main__': From 2f690b43d4bcd41ad2483d75a6108b41c7b1dbb5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 6 Jan 2018 11:06:53 -0500 Subject: [PATCH 0535/1008] ABI for Aarch64 crypto --- src/build-data/arch/arm64.txt | 1 + src/build-data/cc/clang.txt | 2 ++ src/build-data/cc/gcc.txt | 2 ++ src/lib/block/aes/aes_armv8/info.txt | 4 +--- src/lib/hash/sha1/sha1_armv8/info.txt | 5 +---- src/lib/hash/sha2_32/sha2_32_armv8/info.txt | 5 +---- src/lib/modes/aead/gcm/pmull/info.txt | 4 +--- 7 files changed, 9 insertions(+), 14 deletions(-) diff --git a/src/build-data/arch/arm64.txt b/src/build-data/arch/arm64.txt index 1685681bf0..d4781c8740 100644 --- a/src/build-data/arch/arm64.txt +++ b/src/build-data/arch/arm64.txt @@ -11,4 +11,5 @@ armv8-a neon +armv8crypto diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 2e02cb7b54..97e2d4c2f6 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -47,6 +47,8 @@ rdseed -> "-mrdseed" sha -> "-msha" altivec -> "-maltivec" +arm64:armv8crypto -> "" + arm32:neon -> "-mfpu=neon" arm64:neon -> "" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 236b588a5e..8c8620552f 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -57,6 +57,8 @@ rdseed -> "-mrdseed" sha -> "-msha" altivec -> "-maltivec" +arm64:armv8crypto -> "" + # For Aarch32 -mfpu=neon is required # For Aarch64 NEON is enabled by default arm32:neon -> "-mfpu=neon" diff --git a/src/lib/block/aes/aes_armv8/info.txt b/src/lib/block/aes/aes_armv8/info.txt index 1b432556cf..08d51a1b2d 100644 --- a/src/lib/block/aes/aes_armv8/info.txt +++ b/src/lib/block/aes/aes_armv8/info.txt @@ -2,9 +2,7 @@ AES_ARMV8 -> 20170903 - -arm64 - +need_isa armv8crypto gcc:5 diff --git a/src/lib/hash/sha1/sha1_armv8/info.txt b/src/lib/hash/sha1/sha1_armv8/info.txt index 7e9f7ba225..405ac412c4 100644 --- a/src/lib/hash/sha1/sha1_armv8/info.txt +++ b/src/lib/hash/sha1/sha1_armv8/info.txt @@ -2,10 +2,7 @@ SHA1_ARMV8 -> 20170117 - -#arm32 -arm64 - +need_isa armv8crypto gcc:4.9 diff --git a/src/lib/hash/sha2_32/sha2_32_armv8/info.txt b/src/lib/hash/sha2_32/sha2_32_armv8/info.txt index 88e5c2b800..74d3fe4abc 100644 --- a/src/lib/hash/sha2_32/sha2_32_armv8/info.txt +++ b/src/lib/hash/sha2_32/sha2_32_armv8/info.txt @@ -2,10 +2,7 @@ SHA2_32_ARMV8 -> 20170117 - -#arm32 -arm64 - +need_isa armv8crypto gcc:4.9 diff --git a/src/lib/modes/aead/gcm/pmull/info.txt b/src/lib/modes/aead/gcm/pmull/info.txt index 7115875686..80cd03720d 100644 --- a/src/lib/modes/aead/gcm/pmull/info.txt +++ b/src/lib/modes/aead/gcm/pmull/info.txt @@ -2,9 +2,7 @@ GCM_PMULL -> 20170903 - -arm64 - +need_isa armv8crypto gcc:4.9 From d0d2e426529ae3ce091cc90e7c2b314d43b22a8e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Jan 2018 14:56:20 -0500 Subject: [PATCH 0536/1008] Expose SM2_compute_za Was already supposed to be public, which is why it's declared in a public header - just missed the export annotation. --- src/lib/pubkey/sm2/sm2.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/sm2/sm2.h b/src/lib/pubkey/sm2/sm2.h index 7f702e1345..c6895cd6a0 100644 --- a/src/lib/pubkey/sm2/sm2.h +++ b/src/lib/pubkey/sm2/sm2.h @@ -58,8 +58,8 @@ class BOTAN_PUBLIC_API(2,2) SM2_Signature_PublicKey : public virtual EC_PublicKe /** * This class represents SM2 Signature private keys */ -class BOTAN_PUBLIC_API(2,2) SM2_Signature_PrivateKey final : public SM2_Signature_PublicKey, - public EC_PrivateKey +class BOTAN_PUBLIC_API(2,2) SM2_Signature_PrivateKey final : + public SM2_Signature_PublicKey, public EC_PrivateKey { public: @@ -95,10 +95,11 @@ class BOTAN_PUBLIC_API(2,2) SM2_Signature_PrivateKey final : public SM2_Signatur class HashFunction; -std::vector sm2_compute_za(HashFunction& hash, - const std::string& user_id, - const EC_Group& domain, - const PointGFp& pubkey); +std::vector +BOTAN_PUBLIC_API(2,5) sm2_compute_za(HashFunction& hash, + const std::string& user_id, + const EC_Group& domain, + const PointGFp& pubkey); } From 6b29180686c9897a87b689261ea3a86f55d809c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Jan 2018 16:26:22 -0500 Subject: [PATCH 0537/1008] Add --der-format flag to sign and verify cli utils Otherwise it's not possible to verify eg OpenSSL's DSA signatures See GH #1409 --- src/cli/pubkey.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index a6f77fe0cc..4e7439a9aa 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -121,7 +121,7 @@ std::string algo_default_emsa(const std::string& key) class PK_Sign final : public Command { public: - PK_Sign() : Command("sign --passphrase= --hash=SHA-256 --emsa= key file") {} + PK_Sign() : Command("sign --der-format --passphrase= --hash=SHA-256 --emsa= key file") {} void go() override { @@ -139,7 +139,10 @@ class PK_Sign final : public Command const std::string sig_padding = get_arg_or("emsa", algo_default_emsa(key->algo_name())) + "(" + get_arg("hash") + ")"; - Botan::PK_Signer signer(*key, rng(), sig_padding); + const Botan::Signature_Format format = + flag_set("der-format") ? Botan::DER_SEQUENCE : Botan::IEEE_1363; + + Botan::PK_Signer signer(*key, rng(), sig_padding, format); auto onData = [&signer](const uint8_t b[], size_t l) { @@ -156,7 +159,7 @@ BOTAN_REGISTER_COMMAND("sign", PK_Sign); class PK_Verify final : public Command { public: - PK_Verify() : Command("verify --hash=SHA-256 --emsa= pubkey file signature") {} + PK_Verify() : Command("verify --der-format --hash=SHA-256 --emsa= pubkey file signature") {} void go() override { @@ -169,7 +172,10 @@ class PK_Verify final : public Command const std::string sig_padding = get_arg_or("emsa", algo_default_emsa(key->algo_name())) + "(" + get_arg("hash") + ")"; - Botan::PK_Verifier verifier(*key, sig_padding); + const Botan::Signature_Format format = + flag_set("der-format") ? Botan::DER_SEQUENCE : Botan::IEEE_1363; + + Botan::PK_Verifier verifier(*key, sig_padding, format); auto onData = [&verifier](const uint8_t b[], size_t l) { verifier.update(b, l); From bede26dcff12cbb528a014bed3c2da983f04f8e4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 13 Jan 2018 13:12:43 -0500 Subject: [PATCH 0538/1008] Fix return value of PK_Encryptor::maximum_input_size Fixes GH #1410 --- news.rst | 3 +++ src/lib/pubkey/pk_ops.cpp | 2 +- src/tests/test_pubkey.cpp | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index fa348daaaf..d508acabea 100644 --- a/news.rst +++ b/news.rst @@ -4,6 +4,9 @@ Release Notes Version 2.5.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Correct the return value of PK_Encryptor::maximum_input_size which + reported a much too small value (GH #1410) + * Support detecting POWER crypto extensions using getauxval (GH #1393) * Remove use of CPU specific optimization flags (GH #1392) diff --git a/src/lib/pubkey/pk_ops.cpp b/src/lib/pubkey/pk_ops.cpp index fb85645cbc..025836878b 100644 --- a/src/lib/pubkey/pk_ops.cpp +++ b/src/lib/pubkey/pk_ops.cpp @@ -20,7 +20,7 @@ PK_Ops::Encryption_with_EME::Encryption_with_EME(const std::string& eme) size_t PK_Ops::Encryption_with_EME::max_input_bits() const { - return m_eme->maximum_input_size(max_raw_input_bits()); + return 8 * m_eme->maximum_input_size(max_raw_input_bits()); } secure_vector PK_Ops::Encryption_with_EME::encrypt(const uint8_t msg[], size_t msg_len, diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index b3038ca0c2..666650969d 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -307,6 +307,21 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string& pad_hdr, const Va kat_rng.reset(test_rng(get_req_bin(vars, "Nonce"))); } + if(padding == "Raw") + { + /* + Hack for RSA with no padding since sometimes one more bit will fit in but maximum_input_size + rounds down to nearest byte + */ + result.test_lte("Input within accepted bounds", + plaintext.size(), encryptor->maximum_input_size() + 1); + } + else + { + result.test_lte("Input within accepted bounds", + plaintext.size(), encryptor->maximum_input_size()); + } + const std::vector generated_ciphertext = encryptor->encrypt(plaintext, kat_rng ? *kat_rng : Test::rng()); From fd9c081f7a1fa4c6a0fc8bf0eea2fd7d1a58cd27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Mon, 28 Aug 2017 22:45:11 +0200 Subject: [PATCH 0539/1008] Print a command description for cli help --- src/cli/asn1.cpp | 10 ++ src/cli/cc_enc.cpp | 20 ++++ src/cli/cli.h | 13 ++- src/cli/compress.cpp | 20 ++++ src/cli/encryption.cpp | 10 ++ src/cli/math.cpp | 40 +++++++ src/cli/psk.cpp | 20 ++++ src/cli/pubkey.cpp | 80 ++++++++++++++ src/cli/speed.cpp | 10 ++ src/cli/timing_tests.cpp | 10 ++ src/cli/tls_client.cpp | 10 ++ src/cli/tls_http_server.cpp | 10 ++ src/cli/tls_proxy.cpp | 10 ++ src/cli/tls_server.cpp | 10 ++ src/cli/tls_utils.cpp | 20 ++++ src/cli/utils.cpp | 202 ++++++++++++++++++++++++++++++++++-- src/cli/x509.cpp | 60 +++++++++++ 17 files changed, 542 insertions(+), 13 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 9388712539..3034eda354 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -21,6 +21,16 @@ class ASN1_Printer final : public Command public: ASN1_Printer() : Command("asn1print --pem file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Decode and print file with ASN.1 Basic Encoding Rules (BER)"; + } + void go() override { const std::string input = get_arg("file"); diff --git a/src/cli/cc_enc.cpp b/src/cli/cc_enc.cpp index ec160c3ce0..509b996012 100644 --- a/src/cli/cc_enc.cpp +++ b/src/cli/cc_enc.cpp @@ -119,6 +119,16 @@ class CC_Encrypt final : public Command public: CC_Encrypt() : Command("cc_encrypt CC passphrase --tweak=") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Encrypt the passed valid credit card number using FPE encryption"; + } + void go() override { const uint64_t cc_number = std::stoull(get_arg("CC")); @@ -144,6 +154,16 @@ class CC_Decrypt final : public Command public: CC_Decrypt() : Command("cc_decrypt CC passphrase --tweak=") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Decrypt the passed valid ciphertext credit card number using FPE decryption"; + } + void go() override { const uint64_t cc_number = std::stoull(get_arg("CC")); diff --git a/src/cli/cli.h b/src/cli/cli.h index 118d61cb6f..7ba54d3704 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -86,6 +86,10 @@ class Command int run(const std::vector& params); + virtual std::string group() const = 0; + + virtual std::string description() const = 0; + virtual std::string help_text() const; const std::string& cmd_spec() const @@ -98,7 +102,7 @@ class Command protected: /* - * The actual functionality of the cli command implemented in subclas. + * The actual functionality of the cli command implemented in subclass. * The return value from main will be zero. */ virtual void go() = 0; @@ -156,13 +160,12 @@ class Command Botan::RandomNumberGenerator& rng(); - private: - void parse_spec(); - typedef std::function cmd_maker_fn; - static std::map& global_registry(); + private: + void parse_spec(); + // set in constructor std::string m_spec; diff --git a/src/cli/compress.cpp b/src/cli/compress.cpp index e9cd02290c..3104607fc5 100644 --- a/src/cli/compress.cpp +++ b/src/cli/compress.cpp @@ -39,6 +39,16 @@ class Compress final : public Command return input_fsname + "." + suffix_info->second; } + std::string group() const override + { + return "compression"; + } + + std::string description() const override + { + return "Compress a given file"; + } + void go() override { const std::string comp_type = get_arg("type"); @@ -112,6 +122,16 @@ class Decompress final : public Command suffix = in_file.substr(last_dot + 1, std::string::npos); } + std::string group() const override + { + return "compression"; + } + + std::string description() const override + { + return "Decompress a given compressed archive"; + } + void go() override { const size_t buf_size = get_arg_sz("buf-size"); diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index c041f78ee7..533b3d9fbf 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -75,6 +75,16 @@ class Encryption final : public Command public: Encryption() : Command("encryption --buf-size=4096 --decrypt --mode= --key= --iv= --ad=") {} + std::string group() const override + { + return "encryption"; + } + + std::string description() const override + { + return "Encrypt or decrypt a given file"; + } + void go() override { std::string mode = get_arg_or("mode", ""); diff --git a/src/cli/math.cpp b/src/cli/math.cpp index f01d9a1bda..2f3339898d 100644 --- a/src/cli/math.cpp +++ b/src/cli/math.cpp @@ -19,6 +19,16 @@ class Modular_Inverse final : public Command public: Modular_Inverse() : Command("mod_inverse n mod") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Calculates a modular inverse"; + } + void go() override { const Botan::BigInt n(get_arg("n")); @@ -35,6 +45,16 @@ class Gen_Prime final : public Command public: Gen_Prime() : Command("gen_prime --count=1 bits") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Samples one or more primes"; + } + void go() override { const size_t bits = get_arg_sz("bits"); @@ -55,6 +75,16 @@ class Is_Prime final : public Command public: Is_Prime() : Command("is_prime --prob=56 n") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Test if the integer n is composite or prime"; + } + void go() override { Botan::BigInt n(get_arg("n")); @@ -76,6 +106,16 @@ class Factor final : public Command public: Factor() : Command("factor n") {} + std::string group() const override + { + return "numtheory"; + } + + std::string description() const override + { + return "Factor a given integer"; + } + void go() override { Botan::BigInt n(get_arg("n")); diff --git a/src/cli/psk.cpp b/src/cli/psk.cpp index d244acd8d3..45a5918d80 100644 --- a/src/cli/psk.cpp +++ b/src/cli/psk.cpp @@ -19,6 +19,11 @@ class PSK_Tool_Base : public Command public: PSK_Tool_Base(const std::string& spec) : Command(spec) {} + std::string group() const override + { + return "psk"; + } + void go() override { const std::string db_filename = get_arg("db"); @@ -39,6 +44,11 @@ class PSK_Tool_Set final : public PSK_Tool_Base public: PSK_Tool_Set() : PSK_Tool_Base("psk_set db db_key name psk") {} + std::string description() const override + { + return "Save a PSK encrypted in the database"; + } + private: void psk_operation(Botan::PSK_Database& db) override { @@ -53,6 +63,11 @@ class PSK_Tool_Get final : public PSK_Tool_Base public: PSK_Tool_Get() : PSK_Tool_Base("psk_get db db_key name") {} + std::string description() const override + { + return "Read a value saved with psk_set"; + } + private: void psk_operation(Botan::PSK_Database& db) override { @@ -67,6 +82,11 @@ class PSK_Tool_List final : public PSK_Tool_Base public: PSK_Tool_List() : PSK_Tool_Base("psk_list db db_key") {} + std::string description() const override + { + return "List all values saved to the database"; + } + private: void psk_operation(Botan::PSK_Database& db) override { diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 4e7439a9aa..2c431c4035 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -32,6 +32,16 @@ class PK_Fingerprint final : public Command public: PK_Fingerprint() : Command("fingerprint --algo=SHA-256 *keys") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Calculate a public key fingerprint"; + } + void go() override { const std::string hash_algo = get_arg("algo"); @@ -52,6 +62,16 @@ class PK_Keygen final : public Command public: PK_Keygen() : Command("keygen --algo=RSA --params= --passphrase= --pbe= --pbe-millis=300 --der-out") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Generate a PKCS #8 private key"; + } + void go() override { const std::string algo = get_arg("algo"); @@ -123,6 +143,16 @@ class PK_Sign final : public Command public: PK_Sign() : Command("sign --der-format --passphrase= --hash=SHA-256 --emsa= key file") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Sign arbitrary data"; + } + void go() override { std::unique_ptr key( @@ -161,6 +191,16 @@ class PK_Verify final : public Command public: PK_Verify() : Command("verify --der-format --hash=SHA-256 --emsa= pubkey file signature") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Verify the authenticity of the given file with the provided signature"; + } + void go() override { std::unique_ptr key(Botan::X509::load_key(get_arg("pubkey"))); @@ -200,6 +240,16 @@ class EC_Group_Info final : public Command public: EC_Group_Info() : Command("ec_group_info --pem name") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Print raw elliptic curve domain parameters of the standarized curve name"; + } + void go() override { Botan::EC_Group group(get_arg("name")); @@ -231,6 +281,16 @@ class DL_Group_Info final : public Command public: DL_Group_Info() : Command("dl_group_info --pem name") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Print raw Diffie-Hellman parameters (p,g) of the standarized DH group name"; + } + void go() override { Botan::DL_Group group(get_arg("name")); @@ -255,6 +315,16 @@ class Gen_DL_Group final : public Command public: Gen_DL_Group() : Command("gen_dl_group --pbits=1024 --qbits=0 --type=subgroup") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Generate ANSI X9.42 encoded Diffie-Hellman group parameters"; + } + void go() override { const size_t pbits = get_arg_sz("pbits"); @@ -287,6 +357,16 @@ class PKCS8_Tool final : public Command public: PKCS8_Tool() : Command("pkcs8 --pass-in= --pub-out --der-out --pass-out= --pbe= --pbe-millis=300 key") {} + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Open a PKCS #8 formatted key"; + } + void go() override { std::unique_ptr key; diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index d652b7a6d9..b60e26ef16 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -664,6 +664,16 @@ class Speed final : public Command }; } + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Measures the speed of algorithms"; + } + void go() override { std::chrono::milliseconds msec(get_arg_sz("msec")); diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index d95df026cf..86c1572acf 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -346,6 +346,16 @@ class Timing_Test_Command final : public Command : Command("timing_test test_type --test-data-file= --test-data-dir=src/tests/data/timing " "--warmup-runs=1000 --measurement-runs=10000") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Run various timing side channel tests"; + } + void go() override { const std::string test_type = get_arg("test_type"); diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 7a9633fca3..53e3926e09 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -46,6 +46,16 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks stop_sockets(); } + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Connect to a host using TLS/DTLS"; + } + void go() override { // TODO client cert auth diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp index 9669ee27cb..339cd2a676 100644 --- a/src/cli/tls_http_server.cpp +++ b/src/cli/tls_http_server.cpp @@ -466,6 +466,16 @@ class TLS_HTTP_Server final : public Command "--port=443 --policy= --threads=0 " "--session-db= --session-db-pass=") {} + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Provides a simple HTTP server"; + } + void go() override { const size_t listen_port = get_arg_sz("port"); diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index 2c5f6889d4..d9540d9d3f 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -411,6 +411,16 @@ class TLS_Proxy final : public Command TLS_Proxy() : Command("tls_proxy listen_port target_host target_port server_cert server_key " "--threads=0 --session-db= --session-db-pass=") {} + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Proxies requests between a TLS client and a TLS server"; + } + void go() override { const size_t listen_port = get_arg_sz("listen_port"); diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 7127b20206..b9cd0d0292 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -36,6 +36,16 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks stop_sockets(); } + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Accept TLS/DTLS connections from TLS/DTLS clients"; + } + void go() override { const std::string server_crt = get_arg("cert"); diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index 7b2474a690..cc5a8549ca 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -88,6 +88,16 @@ class TLS_Ciphersuites final : public Command } } + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Lists all ciphersuites for a policy and TLS version"; + } + void go() override { const std::string policy_type = get_arg("policy"); @@ -134,6 +144,16 @@ class TLS_Client_Hello_Reader final : public Command TLS_Client_Hello_Reader() : Command("tls_client_hello --hex input") {} + std::string group() const override + { + return "tls"; + } + + std::string description() const override + { + return "Parse a TLS client hello message"; + } + void go() override { const std::string input_file = get_arg("input"); diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 91638bfea0..47c716ed5d 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -12,7 +12,11 @@ #include #include #include +#include #include +#include +#include +#include #if defined(BOTAN_HAS_HASH) #include @@ -43,19 +47,71 @@ class Print_Help final : public Command std::string help_text() const override { - std::ostringstream oss; + const std::set avail_commands = + Botan::map_keys_as_set(Botan_CLI::Command::global_registry()); - oss << "Usage: botan \n\n"; - oss << "All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed=\n\n"; - oss << "Available commands:\n"; + const std::map groups_description +#if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_MODES) + { { "encryption", "Encryption" }, +#endif +#if defined(BOTAN_HAS_COMPRESSION) + { "compression", "Compression" }, +#endif + { "hash", "Hash Functions" }, +#if defined(BOTAN_HAS_HMAC) + { "hmac", "HMAC" }, +#endif + { "numtheory", "Number Theory" }, +#if defined(BOTAN_HAS_BCRYPT) + { "passhash", "Password Hashing" }, +#endif +#if defined(BOTAN_HAS_PSK_DB) && defined(BOTAN_HAS_SQLITE3) + { "psk", "PSK Database" }, +#endif + { "pubkey", "Public Key Cryptography" }, +#if defined(BOTAN_HAS_TLS) + { "tls", "TLS" }, +#endif +#if defined(BOTAN_HAS_X509_CERTIFICATES) + { "x509", "X.509" }, +#endif + { "misc", "Miscellaneous" } + }; + + const std::set groups = + Botan::map_keys_as_set(groups_description); + + std::ostringstream oss; - for(const auto& cmd_name : Command::registered_cmds()) + oss << "Usage: botan \n"; + oss << "All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed=\n\n"; + oss << "Available commands:\n\n"; + + for(auto& cmd_group : groups) + { + oss << groups_description.at(cmd_group) << ":\n"; + for(auto& cmd_name : avail_commands) { - std::unique_ptr cmd = Command::get_cmd(cmd_name); - oss << " " << cmd->cmd_spec() << "\n"; + auto cmd = Botan_CLI::Command::get_cmd(cmd_name); + if(cmd->group() == cmd_group) + { + oss << " " << std::setw(16) << std::left << cmd->cmd_name() << " " << cmd->description() << "\n"; + } } + oss << "\n"; + } + + return oss.str(); + } + + std::string group() const override + { + return ""; + } - return oss.str(); + std::string description() const override + { + return "Prints a help string"; } void go() override @@ -81,6 +137,16 @@ class Config_Info final : public Command " libs: Print libraries\n"; } + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Print the used prefix, cflags, ldflags or libs"; + } + void go() override { const std::string arg = get_arg("info_type"); @@ -117,6 +183,16 @@ class Version_Info final : public Command public: Version_Info() : Command("version --full") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Print version info"; + } + void go() override { if(flag_set("full")) @@ -137,6 +213,16 @@ class Print_Cpuid final : public Command public: Print_Cpuid() : Command("cpuid") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "List available processor flags (aes_ni, SIMD extensions, ...)"; + } + void go() override { output() << "CPUID flags: " << Botan::CPUID::to_string() << "\n"; @@ -152,6 +238,16 @@ class Hash final : public Command public: Hash() : Command("hash --algo=SHA-256 --buf-size=4096 *files") {} + std::string group() const override + { + return "hash"; + } + + std::string description() const override + { + return "Compute the message digest of given file(s)"; + } + void go() override { const std::string hash_algo = get_arg("algo"); @@ -195,6 +291,16 @@ class RNG final : public Command public: RNG() : Command("rng --system --rdrand --auto --entropy --drbg --drbg-seed= *bytes") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Sample random bytes from the specified rng"; + } + void go() override { std::string type = get_arg("rng-type"); @@ -230,6 +336,16 @@ class HTTP_Get final : public Command public: HTTP_Get() : Command("http_get --redirects=1 --timeout=3000 url") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Retrieve resource from the passed http/https url"; + } + void go() override { const std::string url = get_arg("url"); @@ -251,6 +367,16 @@ class Hex_Encode final : public Command public: Hex_Encode() : Command("hex_enc file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Hex encode a given file"; + } + void go() override { auto hex_enc_f = [&](const uint8_t b[], size_t l) { output() << Botan::hex_encode(b, l); }; @@ -265,6 +391,16 @@ class Hex_Decode final : public Command public: Hex_Decode() : Command("hex_dec file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Hex decode a given file"; + } + void go() override { auto hex_dec_f = [&](const uint8_t b[], size_t l) @@ -288,6 +424,16 @@ class Base64_Encode final : public Command public: Base64_Encode() : Command("base64_enc file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Encode given file to Base64"; + } + void go() override { auto onData = [&](const uint8_t b[], size_t l) @@ -305,6 +451,16 @@ class Base64_Decode final : public Command public: Base64_Decode() : Command("base64_dec file") {} + std::string group() const override + { + return "misc"; + } + + std::string description() const override + { + return "Decode Base64 encoded file"; + } + void go() override { auto write_bin = [&](const uint8_t b[], size_t l) @@ -328,6 +484,16 @@ class Generate_Bcrypt final : public Command public: Generate_Bcrypt() : Command("gen_bcrypt --work-factor=12 password") {} + std::string group() const override + { + return "passhash"; + } + + std::string description() const override + { + return "Calculate the bcrypt password digest of a given file"; + } + void go() override { const std::string password = get_arg("password"); @@ -352,6 +518,16 @@ class Check_Bcrypt final : public Command public: Check_Bcrypt() : Command("check_bcrypt password hash") {} + std::string group() const override + { + return "passhash"; + } + + std::string description() const override + { + return "Checks a given bcrypt hash against hash"; + } + void go() override { const std::string password = get_arg("password"); @@ -379,6 +555,16 @@ class HMAC final : public Command public: HMAC() : Command("hmac --hash=SHA-256 --buf-size=4096 key *files") {} + std::string group() const override + { + return "hmac"; + } + + std::string description() const override + { + return "Compute the HMAC tag of given file(s)"; + } + void go() override { const std::string hash_algo = get_arg("hash"); diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index 0feaad003e..ed9eb3d4f4 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -31,6 +31,16 @@ class Sign_Cert final : public Command : Command("sign_cert --ca-key-pass= --hash=SHA-256 " "--duration=365 --emsa= ca_cert ca_key pkcs10_req") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Create a CA-signed X.509 certificate from a PKCS #10 CSR"; + } + void go() override { Botan::X509_Certificate ca_cert(get_arg("ca_cert")); @@ -77,6 +87,16 @@ class Cert_Info final : public Command public: Cert_Info() : Command("cert_info --fingerprint --ber file") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Parse X.509 certificate and display data fields"; + } + void go() override { Botan::DataSource_Stream in(get_arg("file"), flag_set("ber")); @@ -120,6 +140,16 @@ class OCSP_Check final : public Command public: OCSP_Check() : Command("ocsp_check --timeout=3000 subject issuer") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Verify an X.509 certificate against the issuers OCSP responder"; + } + void go() override { Botan::X509_Certificate subject(get_arg("subject")); @@ -152,6 +182,16 @@ class Cert_Verify final : public Command public: Cert_Verify() : Command("cert_verify subject *ca_certs") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Verify if the passed X.509 certificate passes path validation"; + } + void go() override { Botan::X509_Certificate subject_cert(get_arg("subject")); @@ -189,6 +229,16 @@ class Gen_Self_Signed final : public Command : Command("gen_self_signed key CN --country= --dns= " "--organization= --email= --key-pass= --ca --hash=SHA-256 --emsa=") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Generate a self signed X.509 certificate"; + } + void go() override { std::unique_ptr key(Botan::PKCS8::load_key(get_arg("key"), rng(), get_arg("key-pass"))); @@ -227,6 +277,16 @@ class Generate_PKCS10 final : public Command : Command("gen_pkcs10 key CN --country= --organization= " "--email= --key-pass= --hash=SHA-256 --emsa=") {} + std::string group() const override + { + return "x509"; + } + + std::string description() const override + { + return "Generate a PKCS #10 certificate signing request (CSR)"; + } + void go() override { std::unique_ptr key(Botan::PKCS8::load_key(get_arg("key"), rng(), get_arg("key-pass"))); From d50d9afe6688c458530d5ecfa536e21756b4e2ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Sun, 14 Jan 2018 17:56:58 +0100 Subject: [PATCH 0540/1008] Simplify code --- src/cli/cli.h | 7 ++++--- src/cli/utils.cpp | 53 +++++++++++++++++++++++------------------------ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/src/cli/cli.h b/src/cli/cli.h index 7ba54d3704..26ead9081c 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -160,12 +160,13 @@ class Command Botan::RandomNumberGenerator& rng(); - typedef std::function cmd_maker_fn; - static std::map& global_registry(); - private: void parse_spec(); + typedef std::function cmd_maker_fn; + + static std::map& global_registry(); + // set in constructor std::string m_spec; diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 47c716ed5d..62026d3596 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -47,39 +47,31 @@ class Print_Help final : public Command std::string help_text() const override { - const std::set avail_commands = - Botan::map_keys_as_set(Botan_CLI::Command::global_registry()); + std::map>> grouped_commands; + + auto reg_commands = Command::registered_cmds(); + for(const auto& cmd_name : reg_commands) + { + auto cmd = Command::get_cmd(cmd_name); + if(cmd) + { + grouped_commands[cmd->group()].push_back(std::move(cmd)); + } + } const std::map groups_description -#if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_MODES) { { "encryption", "Encryption" }, -#endif -#if defined(BOTAN_HAS_COMPRESSION) { "compression", "Compression" }, -#endif { "hash", "Hash Functions" }, -#if defined(BOTAN_HAS_HMAC) { "hmac", "HMAC" }, -#endif { "numtheory", "Number Theory" }, -#if defined(BOTAN_HAS_BCRYPT) { "passhash", "Password Hashing" }, -#endif -#if defined(BOTAN_HAS_PSK_DB) && defined(BOTAN_HAS_SQLITE3) { "psk", "PSK Database" }, -#endif { "pubkey", "Public Key Cryptography" }, -#if defined(BOTAN_HAS_TLS) { "tls", "TLS" }, -#endif -#if defined(BOTAN_HAS_X509_CERTIFICATES) { "x509", "X.509" }, -#endif { "misc", "Miscellaneous" } }; - - const std::set groups = - Botan::map_keys_as_set(groups_description); std::ostringstream oss; @@ -87,16 +79,23 @@ class Print_Help final : public Command oss << "All commands support --verbose --help --output= --error-output= --rng-type= --drbg-seed=\n\n"; oss << "Available commands:\n\n"; - for(auto& cmd_group : groups) + for(const auto& commands : grouped_commands) { - oss << groups_description.at(cmd_group) << ":\n"; - for(auto& cmd_name : avail_commands) + std::string desc = commands.first; + if(desc.empty()) { - auto cmd = Botan_CLI::Command::get_cmd(cmd_name); - if(cmd->group() == cmd_group) - { - oss << " " << std::setw(16) << std::left << cmd->cmd_name() << " " << cmd->description() << "\n"; - } + continue; + } + + if(groups_description.find(commands.first) != groups_description.end()) + { + desc = groups_description.at(commands.first); + } + oss << desc << ":\n"; + + for(auto& cmd : commands.second) + { + oss << " " << std::setw(16) << std::left << cmd->cmd_name() << " " << cmd->description() << "\n"; } oss << "\n"; } From 030898c83f99d4de68747cb6e01d808c1ea5df71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Sun, 14 Jan 2018 18:01:38 +0100 Subject: [PATCH 0541/1008] Use search_map --- src/cli/utils.cpp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 62026d3596..6238f0b037 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -87,12 +87,7 @@ class Print_Help final : public Command continue; } - if(groups_description.find(commands.first) != groups_description.end()) - { - desc = groups_description.at(commands.first); - } - oss << desc << ":\n"; - + oss << Botan::search_map(groups_description, desc, desc) << ":\n"; for(auto& cmd : commands.second) { oss << " " << std::setw(16) << std::left << cmd->cmd_name() << " " << cmd->description() << "\n"; From e926c0612ad6dc9ddb4bd494cda43ef55043182c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 14 Jan 2018 13:32:07 -0500 Subject: [PATCH 0542/1008] Remove todo addressed by #1387 --- doc/todo.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/todo.rst b/doc/todo.rst index 6080da4fb4..622963342a 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -184,7 +184,6 @@ CLI instead of a bogus echo server. * `encrypt` / `decrypt` tools providing password and/or public key based file encryption -* Make help output more helpful Documentation ---------------------------------------- From c05eec0ac0e26bc9a7f5f53932739eee5a33b15d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 15 Jan 2018 15:36:29 -0500 Subject: [PATCH 0543/1008] Enforce an overall max depth on recursion in ASN1 printer Otherwise a sufficiently nested value can cause us to recurse endlessly, causing stack exhaustion. OSS-Fuzz 5333 --- src/cli/asn1.cpp | 16 +++++++++------ src/lib/asn1/asn1_print.cpp | 40 +++++++++++++++++++++++++++---------- src/lib/asn1/asn1_print.h | 15 ++++++++++---- 3 files changed, 51 insertions(+), 20 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 3034eda354..71bea74520 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -19,7 +19,7 @@ namespace Botan_CLI { class ASN1_Printer final : public Command { public: - ASN1_Printer() : Command("asn1print --pem file") {} + ASN1_Printer() : Command("asn1print --print-limit=4096 --bin-limit=1024 --max-depth=64 --pem file") {} std::string group() const override { @@ -34,6 +34,13 @@ class ASN1_Printer final : public Command void go() override { const std::string input = get_arg("file"); + const size_t print_limit = get_arg_sz("print-limit"); + const size_t bin_limit = get_arg_sz("bin-limit"); + const bool print_context_specific = flag_set("print-context-specific"); + const size_t max_depth = get_arg_sz("max-depth"); + + const size_t value_column = 60; + const size_t initial_level = 0; std::vector contents; @@ -51,12 +58,9 @@ class ASN1_Printer final : public Command contents = slurp_file(input); } - // TODO make these configurable - const size_t LIMIT = 4 * 1024; - const size_t BIN_LIMIT = 1024; - const bool PRINT_CONTEXT_SPECIFIC = true; + Botan::ASN1_Pretty_Printer printer(print_limit, bin_limit, print_context_specific, + initial_level, value_column, max_depth); - Botan::ASN1_Pretty_Printer printer(LIMIT, BIN_LIMIT, PRINT_CONTEXT_SPECIFIC); printer.print_to_stream(output(), contents.data(), contents.size()); } }; diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index 425072e374..f0d994dbd4 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -77,6 +77,8 @@ void ASN1_Formatter::decode(std::ostream& output, { BER_Object obj = decoder.get_next_object(); + const bool recurse_deeper = (m_max_depth == 0 || level < m_max_depth); + while(obj.type_tag != NO_OBJECT) { const ASN1_Tag type_tag = obj.type_tag; @@ -94,8 +96,17 @@ void ASN1_Formatter::decode(std::ostream& output, if(class_tag & CONSTRUCTED) { BER_Decoder cons_info(obj.value); - output << format(type_tag, class_tag, level, length, ""); - decode(output, cons_info, level + 1); // recurse + + if(recurse_deeper) + { + output << format(type_tag, class_tag, level, length, ""); + decode(output, cons_info, level + 1); // recurse + } + else + { + output << format(type_tag, class_tag, level, length, + format_bin(type_tag, class_tag, bits)); + } } else if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC)) { @@ -111,7 +122,7 @@ void ASN1_Formatter::decode(std::ostream& output, std::string(cast_uint8_ptr_to_char(&bits[2]), bits.size() - 2)); success_parsing_cs = true; } - else + else if(recurse_deeper) { std::vector inner_bits; data.decode(inner_bits, type_tag); @@ -184,18 +195,27 @@ void ASN1_Formatter::decode(std::ostream& output, { std::vector decoded_bits; data.decode(decoded_bits, type_tag); + bool printing_octet_string_worked = false; - try + if(recurse_deeper) { - BER_Decoder inner(decoded_bits); + try + { + BER_Decoder inner(decoded_bits); - std::ostringstream inner_data; - decode(inner_data, inner, level + 1); // recurse + std::ostringstream inner_data; + decode(inner_data, inner, level + 1); // recurse - output << format(type_tag, class_tag, level, length, ""); - output << inner_data.str(); + output << format(type_tag, class_tag, level, length, ""); + output << inner_data.str(); + printing_octet_string_worked = true; + } + catch(...) + { + } } - catch(...) + + if(!printing_octet_string_worked) { output << format(type_tag, class_tag, level, length, format_bin(type_tag, class_tag, decoded_bits)); diff --git a/src/lib/asn1/asn1_print.h b/src/lib/asn1/asn1_print.h index 3dea82359c..d9e15f14b1 100644 --- a/src/lib/asn1/asn1_print.h +++ b/src/lib/asn1/asn1_print.h @@ -26,9 +26,12 @@ class BOTAN_DLL ASN1_Formatter /** * @param print_context_specific if true, try to parse nested context specific data. + * @param max_depth do not recurse more than this many times. If zero, recursion + * is unbounded. */ - ASN1_Formatter(bool print_context_specific) : - m_print_context_specific(print_context_specific) + ASN1_Formatter(bool print_context_specific, size_t max_depth) : + m_print_context_specific(print_context_specific), + m_max_depth(max_depth) {} void print_to_stream(std::ostream& out, @@ -68,6 +71,7 @@ class BOTAN_DLL ASN1_Formatter size_t level) const; const bool m_print_context_specific; + const size_t m_max_depth; }; /** @@ -83,13 +87,16 @@ class BOTAN_DLL ASN1_Pretty_Printer final : public ASN1_Formatter * @param print_context_specific if true, try to parse nested context specific data. * @param initial_level the initial depth (0 or 1 are the only reasonable values) * @param value_column ASN.1 values are lined up at this column in output + * @param max_depth do not recurse more than this many times. If zero, recursion + * is unbounded. */ ASN1_Pretty_Printer(size_t print_limit = 4096, size_t print_binary_limit = 2048, bool print_context_specific = true, size_t initial_level = 0, - size_t value_column = 60) : - ASN1_Formatter(print_context_specific), + size_t value_column = 60, + size_t max_depth = 64) : + ASN1_Formatter(print_context_specific, max_depth), m_print_limit(print_limit), m_print_binary_limit(print_binary_limit), m_initial_level(initial_level), From 06d048957073f327b999d6b30a61230366182698 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 15 Jan 2018 15:45:31 -0500 Subject: [PATCH 0544/1008] Remove the Perl XS wrapper --- doc/manual/building.rst | 38 -- doc/manual/deprecated.rst | 2 - src/contrib/perl-xs/Botan.pm | 117 ---- src/contrib/perl-xs/Botan.xs | 810 --------------------------- src/contrib/perl-xs/Changes | 4 - src/contrib/perl-xs/MANIFEST | 15 - src/contrib/perl-xs/Makefile.PL | 29 - src/contrib/perl-xs/data/ca.cert.der | Bin 712 -> 0 bytes src/contrib/perl-xs/data/ca.cert.pem | 17 - src/contrib/perl-xs/t/base64.t | 273 --------- src/contrib/perl-xs/t/filt.t | 56 -- src/contrib/perl-xs/t/hex.t | 256 --------- src/contrib/perl-xs/t/oid.t | 40 -- src/contrib/perl-xs/t/pipe.t | 98 ---- src/contrib/perl-xs/t/testutl.pl | 26 - src/contrib/perl-xs/t/x509cert.t | 42 -- src/contrib/perl-xs/typemap | 62 -- src/contrib/readme.txt | 2 - 18 files changed, 1887 deletions(-) delete mode 100644 src/contrib/perl-xs/Botan.pm delete mode 100644 src/contrib/perl-xs/Botan.xs delete mode 100644 src/contrib/perl-xs/Changes delete mode 100644 src/contrib/perl-xs/MANIFEST delete mode 100644 src/contrib/perl-xs/Makefile.PL delete mode 100644 src/contrib/perl-xs/data/ca.cert.der delete mode 100644 src/contrib/perl-xs/data/ca.cert.pem delete mode 100644 src/contrib/perl-xs/t/base64.t delete mode 100644 src/contrib/perl-xs/t/filt.t delete mode 100644 src/contrib/perl-xs/t/hex.t delete mode 100644 src/contrib/perl-xs/t/oid.t delete mode 100644 src/contrib/perl-xs/t/pipe.t delete mode 100644 src/contrib/perl-xs/t/testutl.pl delete mode 100644 src/contrib/perl-xs/t/x509cert.t delete mode 100644 src/contrib/perl-xs/typemap diff --git a/doc/manual/building.rst b/doc/manual/building.rst index c2a6d26780..f7870c8652 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -425,41 +425,3 @@ build step is required, just import botan2.py See :doc:`Python Bindings ` for more information about the Python bindings. - -Building the Perl XS wrappers -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -To build the Perl XS wrappers, after building the main library change -your directory to ``src/contrib/perl-xs`` and run ``perl Makefile.PL``, -then run ``make`` to build the module and ``make test`` to run the -test suite:: - - $ perl Makefile.PL - Checking if your kit is complete... - Looks good - Writing Makefile for Botan - $ make - cp Botan.pm blib/lib/Botan.pm - AutoSplitting blib/lib/Botan.pm (blib/lib/auto/Botan) - /usr/bin/perl5.8.8 /usr/lib64/perl5/5.8.8/ExtUtils/xsubpp [...] - g++ -c -Wno-write-strings -fexceptions -g [...] - Running Mkbootstrap for Botan () - chmod 644 Botan.bs - rm -f blib/arch/auto/Botan/Botan.so - g++ -shared Botan.o -o blib/arch/auto/Botan/Botan.so \ - -lbotan -lbz2 -lpthread -lrt -lz \ - - chmod 755 blib/arch/auto/Botan/Botan.so - cp Botan.bs blib/arch/auto/Botan/Botan.bs - chmod 644 blib/arch/auto/Botan/Botan.bs - Manifying blib/man3/Botan.3pm - $ make test - PERL_DL_NONLAZY=1 /usr/bin/perl5.8.8 [...] - t/base64......ok - t/filt........ok - t/hex.........ok - t/oid.........ok - t/pipe........ok - t/x509cert....ok - All tests successful. - Files=6, Tests=83, 0 wallclock secs ( 0.08 cusr + 0.02 csys = 0.10 CPU) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 940bcab30b..cb2a76d011 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -16,8 +16,6 @@ in the source. - All or nothing package transform (``package.h``) -- The Perl-XS wrapper - - The TLS constructors taking `std::function` for callbacks. Instead use the TLS::Callbacks interface. diff --git a/src/contrib/perl-xs/Botan.pm b/src/contrib/perl-xs/Botan.pm deleted file mode 100644 index ac4ad91fb6..0000000000 --- a/src/contrib/perl-xs/Botan.pm +++ /dev/null @@ -1,117 +0,0 @@ -package Botan; - -use strict; -use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $AUTOLOAD); - -require DynaLoader; -require AutoLoader; -use Carp; - -@ISA = qw(DynaLoader); -$VERSION = '0.01'; - -@EXPORT_OK = qw( - NONE - IGNORE_WS - FULL_CHECK -); - -%EXPORT_TAGS = ( - 'all' => [ @EXPORT_OK ], - 'decoder_checking' => [ qw( - NONE - IGNORE_WS - FULL_CHECK - )], - -); - - -sub AUTOLOAD -{ - # This AUTOLOAD is used to 'autoload' constants from the constant() - # XS function. If a constant is not found then control is passed - # to the AUTOLOAD in AutoLoader. - - my $constname = $AUTOLOAD; - $constname =~ s/.*:://; - croak '& not defined' if $constname eq 'constant'; -# my $val = constant($constname, @_ ? $_[0] : 0); - my $val = constant($constname); - if ($! != 0) { - if ( $! =~ /Invalid/ ) - { - $AutoLoader::AUTOLOAD = $AUTOLOAD; - goto &AutoLoader::AUTOLOAD; - } - else - { - croak "Your vendor has not defined Botan symbol $constname"; - } - } - no strict 'refs'; - *$AUTOLOAD = sub { $val }; - goto &$AUTOLOAD; -} - - -bootstrap Botan $VERSION; - -# to setup inheritance... - -package Botan::Filter; -use vars qw(@ISA); -@ISA = qw(); - -package Botan::Chain; -use vars qw(@ISA); -@ISA = qw( Botan::Filter ); - -package Botan::Fork; -use vars qw(@ISA); -@ISA = qw( Botan::Filter ); - -package Botan::Hex_Encoder; -use vars qw(@ISA); -@ISA = qw( Botan::Filter ); - -package Botan::Hex_Decoder; -use vars qw(@ISA); -@ISA = qw( Botan::Filter ); - -package Botan::Base64_Decoder; -use vars qw(@ISA); -@ISA = qw( Botan::Filter ); - -package Botan::Base64_Encoder; -use vars qw(@ISA); -@ISA = qw( Botan::Filter ); - - -package Botan; - -1; -__END__ - -=head1 NAME - -Botan - Perl extension for access to Botan ... - -=head1 SYNOPSIS - - use Botan; - blah blah blah - -=head1 DESCRIPTION - -Blah blah blah. - -=head1 AUTHOR - -Vaclav Ovsik - -=head1 SEE ALSO - -Bla - -=cut diff --git a/src/contrib/perl-xs/Botan.xs b/src/contrib/perl-xs/Botan.xs deleted file mode 100644 index 3399860923..0000000000 --- a/src/contrib/perl-xs/Botan.xs +++ /dev/null @@ -1,810 +0,0 @@ -#ifdef __cplusplus -extern "C" { -#endif - -#include "EXTERN.h" -#include "perl.h" -#include "XSUB.h" - -#ifdef __cplusplus -} -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - - -/* xsubpp converts ':' to '_' in typemap. We create our types without ':' */ - -typedef Botan::ASN1_String Botan__ASN1_String; -typedef Botan::AlgorithmIdentifier Botan__AlgorithmIdentifier; -typedef Botan::AlternativeName Botan__AlternativeName; -typedef Botan::Attribute Botan__Attribute; -typedef Botan::Base64_Decoder Botan__Base64_Decoder; -typedef Botan::Base64_Encoder Botan__Base64_Encoder; -typedef Botan::Chain Botan__Chain; -typedef Botan::Certificate_Extension Botan__Extension; -typedef Botan::Filter Botan__Filter; -typedef Botan::Fork Botan__Fork; -typedef Botan::Hex_Decoder Botan__Hex_Decoder; -typedef Botan::Hex_Encoder Botan__Hex_Encoder; -typedef Botan::OID Botan__OID; -typedef Botan::Pipe Botan__Pipe; -typedef Botan::X509_Certificate Botan__X509_Certificate; -typedef Botan::X509_DN Botan__X509_DN; -typedef Botan::X509_Time Botan__X509_Time; -typedef Botan::u32bit Botan__u32bit; - - -/* Types to keep track of destruction C++ objects passed - * into other objects... - * An Botan object is deleted by his parent object into which is passed, - * e.g. some Filter is deleted when his Pipe is destructed. We must - * track this and not to delete object again in Perls destructor. - */ - -class ObjectInfo -{ -private: - I32 d_signature; - bool d_del; -public: - static I32 const SIGNVAL = 0x696a626f; - ObjectInfo() : d_signature(SIGNVAL), - d_del(true) {}; - ~ObjectInfo() {}; - void set_delete(bool del = true) { d_del = del; }; - void set_delete_no() { set_delete(false); }; - void set_delete_yes() { set_delete(true); }; - bool should_delete() const { return d_del; }; -}; - -/* Constant object in initial state - template */ - -ObjectInfo const oi_init; - - -/*============================================================================*/ - -MODULE = Botan PACKAGE = Botan - -PROTOTYPES: ENABLE - -void -constant(char *name) - CODE: - using namespace Botan; - errno = 0; - switch (name[0]) - { - case 'F': - if ( strEQ(name, "FULL_CHECK") ) - XSRETURN_IV( FULL_CHECK ); // Decoder_Checking enum - break; - case 'I': - if ( strEQ(name, "IGNORE_WS") ) - XSRETURN_IV( IGNORE_WS ); // Decoder_Checking enum - break; - case 'N': - if ( strEQ(name, "NONE") ) - XSRETURN_IV( NONE ); // Decoder_Checking enum - break; - } - errno = EINVAL; - XSRETURN_UNDEF; - - -# =========================== Botan::Chain ========================== - -MODULE = Botan PACKAGE = Botan::Chain - -Botan__Chain * -Botan__Chain::new(f1 = 0, f2 = 0, f3 = 0, f4 = 0) - Botan__Filter *f1; - Botan__Filter *f2; - Botan__Filter *f3; - Botan__Filter *f4; - PREINIT: - ObjectInfo *f1_oi; - ObjectInfo *f2_oi; - ObjectInfo *f3_oi; - ObjectInfo *f4_oi; - CODE: - try { - RETVAL = new Botan__Chain(f1, f2, f3, f4); - if ( f1 ) f1_oi->set_delete_no(); - if ( f2 ) f2_oi->set_delete_no(); - if ( f3 ) f3_oi->set_delete_no(); - if ( f4 ) f4_oi->set_delete_no(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Chain::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - if ( THIS_oi->should_delete() ) - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# =========================== Botan::Fork ========================== - -MODULE = Botan PACKAGE = Botan::Fork - -Botan__Fork * -Botan__Fork::new(f1 = 0, f2 = 0, f3 = 0, f4 = 0) - Botan__Filter *f1; - Botan__Filter *f2; - Botan__Filter *f3; - Botan__Filter *f4; - PREINIT: - ObjectInfo *f1_oi; - ObjectInfo *f2_oi; - ObjectInfo *f3_oi; - ObjectInfo *f4_oi; - CODE: - try { - RETVAL = new Botan__Fork(f1, f2, f3, f4); - if ( f1 ) f1_oi->set_delete_no(); - if ( f2 ) f2_oi->set_delete_no(); - if ( f3 ) f3_oi->set_delete_no(); - if ( f4 ) f4_oi->set_delete_no(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Fork::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - if ( THIS_oi->should_delete() ) - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# ============================ Botan::Base64_Decoder ============================ - -MODULE = Botan PACKAGE = Botan::Base64_Decoder - -Botan__Base64_Decoder * -Botan__Base64_Decoder::new(checking = Botan::NONE) - int checking; - CODE: - try { - using namespace Botan; - RETVAL = new Base64_Decoder((Decoder_Checking)checking); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Base64_Decoder::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - if ( THIS_oi->should_delete() ) - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# =========================== Botan::Base64_Encoder ========================== - -MODULE = Botan PACKAGE = Botan::Base64_Encoder - -Botan__Base64_Encoder * -Botan__Base64_Encoder::new(breaks = false, length = 72) - bool breaks; - Botan__u32bit length; - CODE: - try { - RETVAL = new Botan__Base64_Encoder(breaks, length); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Base64_Encoder::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - if ( THIS_oi->should_delete() ) - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# ============================ Botan::Hex_Decoder ============================ - -MODULE = Botan PACKAGE = Botan::Hex_Decoder - -Botan__Hex_Decoder * -Botan__Hex_Decoder::new(checking = Botan::NONE) - int checking; - CODE: - try { - using namespace Botan; - RETVAL = new Hex_Decoder((Decoder_Checking)checking); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Hex_Decoder::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - if ( THIS_oi->should_delete() ) - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# ============================ Botan::Hex_Encoder ============================ - -MODULE = Botan PACKAGE = Botan::Hex_Encoder - -Botan__Hex_Encoder * -Botan__Hex_Encoder::new(breaks = false, length = 72, lcase = false) - bool breaks; - Botan__u32bit length; - bool lcase; - CODE: - try { - using Botan::Hex_Encoder; - RETVAL = new Hex_Encoder(breaks, length, - lcase ? Hex_Encoder::Lowercase : Hex_Encoder::Uppercase); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Hex_Encoder::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - if ( THIS_oi->should_delete() ) - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# ================================ Botan::OID ================================ - -MODULE = Botan PACKAGE = Botan::OID - -Botan__OID * -Botan__OID::new(s) - char *s; - CODE: - try { - RETVAL = new Botan__OID(s); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__OID::DESTROY() - CODE: - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - -char * -Botan__OID::as_string() - CODE: - try { - RETVAL = const_cast(THIS->as_string().c_str()); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - - -# ================================ Botan::OIDS ================================ - -MODULE = Botan PACKAGE = Botan::OIDS - -char * -lookup_by_oid(oid) - Botan__OID *oid; - CODE: - try { - RETVAL = const_cast(Botan::OIDS::lookup(*oid).c_str()); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -Botan__OID * -lookup_by_name(name) - char *name; - CODE: - try { - RETVAL = new Botan__OID(Botan::OIDS::lookup(name)); - } - catch (const std::exception &e) { - croak(e.what()); - } - char const * CLASS = "Botan::OID"; - OUTPUT: - RETVAL - -int -have_oid(name) - char *name; - CODE: - try { - RETVAL = Botan::OIDS::have_oid(name); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - - -# ================================ Botan::Pipe ================================ - -MODULE = Botan PACKAGE = Botan::Pipe - -Botan__Pipe * -Botan__Pipe::new(...) - CODE: - for (I32 i = 1; i < items; i++) - { - if ( !sv_isobject(ST(i)) || (SvTYPE(SvRV(ST(i))) != SVt_PVMG) ) - croak("Botan::Pipe::new() -- arg %u is not " - "a blessed SV reference", i +1); - if ( !sv_derived_from(ST(i), "Botan::Filter") ) - croak("Botan::Pipe::new() -- arg %u is not " - "an object derived from Botan::Filter", i +1); - MAGIC *mg = mg_find(SvRV(ST(i)), '~'); - if ( mg == 0 - || mg->mg_len != sizeof(ObjectInfo) - || *(I32 *)(mg->mg_ptr) != ObjectInfo::SIGNVAL ) - croak("Botan::Pipe::new() -- arg %u has no " - "valid private magic data (ObjectInfo)", i +1); - } - try { - RETVAL = new Botan__Pipe(); - for (I32 i = 1; i < items; i++) - { - SV *osv = (SV *)SvRV(ST(i)); - ObjectInfo *oi = (ObjectInfo *)(mg_find(osv, '~')->mg_ptr); - RETVAL->append((Botan__Filter *)(SvIV(osv))); - oi->set_delete_no(); - } - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Pipe::DESTROY() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - -void -Botan__Pipe::write(s) - SV *s; - PREINIT: - ObjectInfo *THIS_oi; - CODE: - STRLEN len; - char *ptr = SvPV(s, len); - try { - THIS->write((unsigned char *)ptr, len); - } - catch (const std::exception &e) { - croak(e.what()); - } - -void -Botan__Pipe::process_msg(s) - SV *s; - PREINIT: - ObjectInfo *THIS_oi; - CODE: - STRLEN len; - char *ptr = SvPV(s, len); - try { - THIS->process_msg((unsigned char *)ptr, len); - } - catch (const std::exception &e) { - croak(e.what()); - } - -Botan__u32bit -Botan__Pipe::remaining(msgno = Botan::Pipe::DEFAULT_MESSAGE) - Botan__u32bit msgno; - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - RETVAL = THIS->remaining(msgno); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -SV * -Botan__Pipe::read(len = 0xFFFFFFFF, msgno = Botan::Pipe::DEFAULT_MESSAGE) - Botan__u32bit len; - Botan__u32bit msgno; - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - if ( len > THIS->remaining(msgno) ) - len = THIS->remaining(msgno); - RETVAL = NEWSV(0, len); - SvPOK_on(RETVAL); - if ( len > 0 ) - SvCUR_set(RETVAL, THIS->read((unsigned char *)SvPVX(RETVAL), - len, msgno)); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -SV * -Botan__Pipe::peek(len = 0xFFFFFFFF, offset = 0, \ - msgno = Botan::Pipe::DEFAULT_MESSAGE) - Botan__u32bit len; - Botan__u32bit offset; - Botan__u32bit msgno; - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - if ( len > THIS->remaining(msgno) ) - len = THIS->remaining(msgno); - RETVAL = NEWSV(0, len); - SvPOK_on(RETVAL); - if ( len > 0 ) - SvCUR_set(RETVAL, THIS->peek((unsigned char *)SvPVX(RETVAL), - len, offset, msgno)); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -Botan__u32bit -Botan__Pipe::default_msg() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - RETVAL = THIS->default_msg(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Pipe::set_default_msg(msgno) - Botan__u32bit msgno; - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - THIS->set_default_msg(msgno); - } - catch (const std::exception &e) { - croak(e.what()); - } - -Botan__u32bit -Botan__Pipe::message_count() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - RETVAL = THIS->message_count(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -bool -Botan__Pipe::end_of_data() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - RETVAL = THIS->end_of_data(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__Pipe::start_msg() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - THIS->start_msg(); - } - catch (const std::exception &e) { - croak(e.what()); - } - -void -Botan__Pipe::end_msg() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - THIS->end_msg(); - } - catch (const std::exception &e) { - croak(e.what()); - } - -void -Botan__Pipe::reset() - PREINIT: - ObjectInfo *THIS_oi; - CODE: - try { - THIS->reset(); - } - catch (const std::exception &e) { - croak(e.what()); - } - - -# ========================== Botan::X509_Certificate ========================== - -MODULE = Botan PACKAGE = Botan::X509_Certificate - -Botan__X509_Certificate * -Botan__X509_Certificate::new(char *fn) - CODE: - try { - RETVAL = new Botan__X509_Certificate(fn); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__X509_Certificate::DESTROY() - CODE: - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - -unsigned int -Botan__X509_Certificate::x509_version() - CODE: - try { - RETVAL = THIS->x509_version(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -char * -Botan__X509_Certificate::start_time() - CODE: - try { - RETVAL = const_cast(THIS->start_time().c_str()); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -char * -Botan__X509_Certificate::end_time() - CODE: - try { - RETVAL = const_cast(THIS->end_time().c_str()); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -char * -Botan__X509_Certificate::subject_info(char *info) - CODE: - try { - std::vector s = THIS->subject_info(info); - - if(s.size() > 0) - RETVAL = const_cast(s[0].c_str()); - else - RETVAL = "err"; - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -char * -Botan__X509_Certificate::issuer_info(char *info) - CODE: - try { - std::vector s = THIS->subject_info(info); - - if(s.size() > 0) - RETVAL = const_cast(s[0].c_str()); - else - RETVAL = "err"; - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -Botan__X509_DN * -Botan__X509_Certificate::subject_dn() - CODE: - try { - RETVAL = new Botan__X509_DN(THIS->subject_dn()); - } - catch (const std::exception &e) { - croak(e.what()); - } - char const * CLASS = "Botan::X509_DN"; - OUTPUT: - RETVAL - -Botan__X509_DN * -Botan__X509_Certificate::issuer_dn() - CODE: - try { - RETVAL = new Botan__X509_DN(THIS->issuer_dn()); - } - catch (const std::exception &e) { - croak(e.what()); - } - char const * CLASS = "Botan::X509_DN"; - OUTPUT: - RETVAL - - -# ============================== Botan::X509_DN ============================== - -MODULE = Botan PACKAGE = Botan::X509_DN - -Botan__X509_DN * -Botan__X509_DN::new() - CODE: - try { - RETVAL = new Botan__X509_DN(); - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL - -void -Botan__X509_DN::DESTROY() - CODE: - try { - delete THIS; - } - catch (const std::exception &e) { - croak(e.what()); - } - -AV * -Botan__X509_DN::get_attributes() - CODE: - try { - using namespace std; - using namespace Botan; - - typedef multimap::const_iterator rdn_iter; - - multimap const &atrmmap = THIS->get_attributes(); - RETVAL = newAV(); - for(rdn_iter i = atrmmap.begin(); i != atrmmap.end(); i++) - { - string const &atr = i->first.as_string(); - string const &val = i->second; - av_push(RETVAL, newSVpvn(atr.c_str(), atr.length())); - av_push(RETVAL, newSVpvn(val.c_str(), val.length())); - } - } - catch (const std::exception &e) { - croak(e.what()); - } - OUTPUT: - RETVAL diff --git a/src/contrib/perl-xs/Changes b/src/contrib/perl-xs/Changes deleted file mode 100644 index 5f32b0c63c..0000000000 --- a/src/contrib/perl-xs/Changes +++ /dev/null @@ -1,4 +0,0 @@ -Revision history for Perl extension to Botan. - -0.01 Fri, 20 Feb 2004 15:10:50 +0100 - - first version diff --git a/src/contrib/perl-xs/MANIFEST b/src/contrib/perl-xs/MANIFEST deleted file mode 100644 index b9d8454d61..0000000000 --- a/src/contrib/perl-xs/MANIFEST +++ /dev/null @@ -1,15 +0,0 @@ -Botan.pm -Botan.xs -Changes -MANIFEST -Makefile.PL -data/ca.cert.der -data/ca.cert.pem -t/base64.t -t/filt.t -t/hex.t -t/oid.t -t/pipe.t -t/testutl.pl -t/x509cert.t -typemap diff --git a/src/contrib/perl-xs/Makefile.PL b/src/contrib/perl-xs/Makefile.PL deleted file mode 100644 index 0eb131211c..0000000000 --- a/src/contrib/perl-xs/Makefile.PL +++ /dev/null @@ -1,29 +0,0 @@ -use ExtUtils::MakeMaker; - -my ($cc, $cflags, $lids); -if ( $^O eq 'MSWin32' ) -{ -# $cflags = ''; -# $libs = ':nosearch -lgdi32 -llibeay32'; -} -else -{ - $cc = 'g++'; - $cflags = $Config::Config{ccflags} . ' -Wno-write-strings -fexceptions ' . qx( botan config cflags ); - $libs = qx( botan config libs ); -} - -WriteMakefile( - 'NAME' => 'Botan', - 'DISTNAME' => 'Botan-XS', - 'VERSION_FROM' => 'Botan.pm', # finds $VERSION - 'XSOPT' => '-C++', - 'CC' => $cc, - 'LD' => '$(CC)', - 'CCFLAGS' => $cflags, - 'LIBS' => [ $libs ], - 'OPTIMIZE' => '-g', -# 'clean' => { -# 'FILES' => 'neco.p12 rnd', -# }, -); diff --git a/src/contrib/perl-xs/data/ca.cert.der b/src/contrib/perl-xs/data/ca.cert.der deleted file mode 100644 index d6ed8aeaf32d2054b6c149b3a46d26fb54855cfd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 712 zcmXqLVme~b#H71`nTe5!iBZUamyJ`a&7D}zChA-4f18*?ZNn=q4el%b#j zKZwI6%;D)ArI4sstY;`;AO;d*7UmC0EiO?gD9X%DEUHv+b~F?-5P=)U$tcF2oam6L zmt18aC(dhNU|?ZnU}R`wVPFsijA(0vQp8pEN%un2=1>c^Tq;Q|is-C%D z+U!}~l_{J0+)w&!-TrFxUV+QAh4$=}{9^CRv&uf9pRvX!ML)&==o-W7b=USvsIxz+ zZL8%~s+LT2ox0-z`#Ju`LrrV{q`Q4)J(;uDTa`6^E2I6S=g$?>r_K&$VrFDuT->;k&FMP-Z!V| z0U1Gu53P%sdU=jFN3g-$rW6+zSH3OY$7=m7_jQPwZ}a~8Me^$PO$Y7?s<-@1HMzrS z{G#N!+mF`M>aY9f|J>WjfB5rqbBQI}Ps?$daQ?KZO>Co$r-i0wKTw}4H{9^4iA dr62I;SJRdycYl9-dz*h1=kZ^&-ao8R0{|<(>y`ij diff --git a/src/contrib/perl-xs/data/ca.cert.pem b/src/contrib/perl-xs/data/ca.cert.pem deleted file mode 100644 index 012913b263..0000000000 --- a/src/contrib/perl-xs/data/ca.cert.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICxDCCAi2gAwIBAgIBEjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJDWjER -MA8GA1UEChMISUNaIGEucy4xGDAWBgNVBAMTD1Rlc3QgcHJpbWFyeSBDQTEWMBQG -CSqGSIb3DQEJARYHY2FAaS5jejAeFw0wMDA4MjAyMTQ4MDBaFw0wMjA4MTAyMTQ4 -MDBaME8xCzAJBgNVBAYTAkNaMREwDwYDVQQKEwhJQ1ogYS5zLjEVMBMGA1UEAxMM -VGVzdCBzaWduIENBMRYwFAYJKoZIhvcNAQkBFgdjYUBpLmN6MIGfMA0GCSqGSIb3 -DQEBAQUAA4GNADCBiQKBgQCo2GReNqwU0/8bZZua5hgYaVHvD9QAmfILNXD25jRk -C8lqe5m/GzbmftSUso5HyUy1t+qzvRDTmxK8uRn0P00Mqj9gjwF8PGQvZE/FrDF7 -rta9GCcH4n2GfQ0iexlhRZW44AfOD4HCgq38Z0bzBclsvUslBWe1AT+S5+chZ5Wb -UwIDAQABo4GsMIGpMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLXqc1b1DOfGehii -k4Z+/ih9BYZmMHoGA1UdIwRzMHGAFL7x2ToS4RDAbDJu4fHnzzGjfGmgoVakVDBS -MQswCQYDVQQGEwJDWjERMA8GA1UEChMISUNaIGEucy4xGDAWBgNVBAMTD1Rlc3Qg -cHJpbWFyeSBDQTEWMBQGCSqGSIb3DQEJARYHY2FAaS5jeoIBADANBgkqhkiG9w0B -AQUFAAOBgQAKD9ku9kKXUGhSw8KuWJXTnEsIUzDtgmREBEUOtEvGfU45vogWN7ZL -9fQZ1deywN4RJ4T5ZTTcCTPodOdG+IXLJ+uPn/m9iQ/D86c3GKS3yx4JNAn5PH1m -qLsMYVjbFD2uREZQsqbg3RT6L1D8+oK0pN379u3bD6oJx/qa7+F4Jg== ------END CERTIFICATE----- diff --git a/src/contrib/perl-xs/t/base64.t b/src/contrib/perl-xs/t/base64.t deleted file mode 100644 index f0973e13e9..0000000000 --- a/src/contrib/perl-xs/t/base64.t +++ /dev/null @@ -1,273 +0,0 @@ -# vim: set ft=perl: -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl test.pl' - -######################### We start with some black magic to print on failure. - -# Change 1..1 below to 1..last_test_to_print . -# (It may become useful if the test is moved to ./t subdirectory.) - -BEGIN { $| = 1; print "1..24\n"; } -END { print "not ok 1\n" unless $loaded; } - -require 't/testutl.pl'; -use Botan; - -$loaded = 1; -print "ok 1\n"; - -######################### End of black magic. - -# Insert your test code below (better if it prints "ok 13" -# (correspondingly "not ok 13") depending on the success of chunk 13 -# of the test code): - -use strict; - -# Data prep - -my $botan_lic_b64_garbage = <<'EOF'; -Q29weXJpZ2h0IChDKSAxOTk5LTIwMDQgVGhlIEJvdGFuIFByb2plY3QuIEFsbCBy__ì¹ -aWdodHMgcmVzZXJ2ZWQuCgpSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJj$$*: -ZSBhbmQgYmluYXJ5IGZvcm1zLCBmb3IgYW55IHVzZSwgd2l0aCBvciB3aXRob3V0!@#$%^&*( -Cm1vZGlmaWNhdGlvbiwgaXMgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZv[\] -bGxvd2luZyBjb25kaXRpb25zIGFyZSBtZXQ6CgoxLiBSZWRpc3RyaWJ1dGlvbnMg'~` -b2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBu() -b3RpY2UsIHRoaXMKbGlzdCBvZiBjb25kaXRpb25zLCBhbmQgdGhlIGZvbGxvd2lu -ZyBkaXNjbGFpbWVyLgoKMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3Jt -IG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQgbm90aWNlLAp0aGlz -IGxpc3Qgb2YgY29uZGl0aW9ucywgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1l -ciBpbiB0aGUgZG9jdW1lbnRhdGlvbgphbmQvb3Igb3RoZXIgbWF0ZXJpYWxzIHBy_,^ -b3ZpZGVkIHdpdGggdGhlIGRpc3RyaWJ1dGlvbi4KClRISVMgU09GVFdBUkUgSVMg{|}~~~~~ -UFJPVklERUQgQlkgVEhFIEFVVEhPUihTKSAiQVMgSVMiIEFORCBBTlkgRVhQUkVT~~~~~~~~ -UyBPUiBJTVBMSUVECldBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1J__:; -VEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GCk1FUkNIQU5UQUJJTElU -WSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UsIEFSRSBESVND -TEFJTUVELgoKSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUihTKSBPUiBDT05U -UklCVVRPUihTKSBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsCklORElSRUNULCBJ -TkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwg -REFNQUdFUyAoSU5DTFVESU5HLApCVVQgTk9UIExJTUlURUQgVE8sIFBST0NVUkVN -RU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNF -LApEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhP -V0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GCkxJQUJJTElUWSwgV0hF -VEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVCAoSU5D -TFVESU5HIE5FR0xJR0VOQ0UKT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBX -QVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRgpBRFZJ -U0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4K -EOF - -my $botan_lic_b64_ws = $botan_lic_b64_garbage; -$botan_lic_b64_ws =~ s/[^A-Za-z0-9+\/= \n]//g; - -my $botan_lic_b64 = $botan_lic_b64_ws; -$botan_lic_b64 =~ s/[ \n]//g; - - -my $botan_lic = <<'EOF'; -Copyright (C) 1999-2004 The Botan Project. All rights reserved. - -Redistribution and use in source and binary forms, for any use, with or without -modification, is permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions, and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions, and the following disclaimer in the documentation -and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) "AS IS" AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. - -IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -EOF - - -# Decoder... - -my $f; - -eval { $f = Botan::Base64_Decoder->new(&Botan::NONE); }; -print "not " if $@ || !defined $f; -print "ok 2\n"; - -my $dec; -eval { $dec = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $dec; -print "ok 3\n"; - -eval { $f = Botan::Base64_Decoder->new(&Botan::IGNORE_WS); }; -print "not " if $@ || !defined $f; -print "ok 4\n"; - -my $dec_is; -eval { $dec_is = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $dec_is; -print "ok 5\n"; - -eval { $f = Botan::Base64_Decoder->new(&Botan::FULL_CHECK); }; -print "not " if $@ || !defined $f; -print "ok 6\n"; - -my $dec_fc; -eval { $dec_fc = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $dec_fc; -print "ok 7\n"; - - -# Testing clean base64 input - -my $data; - -undef $data; -eval { - $dec->process_msg($botan_lic_b64); - $data = $dec->read(); -}; - -print "not " if $@ || $data ne $botan_lic; -print "ok 8\n"; - -undef $data; -eval { - $dec_is->process_msg($botan_lic_b64); - $data = $dec_is->read(); -}; - -print "not " if $@ || $data ne $botan_lic; -print "ok 9\n"; - -undef $data; -eval { - $dec_fc->process_msg($botan_lic_b64); - $data = $dec_fc->read(); -}; - -print "not " if $@ || $data ne $botan_lic; -print "ok 10\n"; - - -# Testing base64 input with whitespaces - -undef $data; -eval { - $dec->process_msg($botan_lic_b64_ws); - $dec->set_default_msg(1); - $data = $dec->read(); -}; - -print "not " if $@ || $data ne $botan_lic; -print "ok 11\n"; - -undef $data; -eval { - $dec_is->process_msg($botan_lic_b64_ws); - $dec_is->set_default_msg(1); - $data = $dec_is->read(); -}; - -print "not " if $@ || $data ne $botan_lic; -print "ok 12\n"; - -undef $data; -eval { - $dec_fc->process_msg($botan_lic_b64_ws); - $dec_fc->set_default_msg(1); - $data = $dec_fc->read(); -}; - -print "not " unless $@ && !defined $data; -print "ok 13\n"; - - -# Testing base64 input with garbage - -undef $data; -eval { - $dec->process_msg($botan_lic_b64_garbage); - $dec->set_default_msg(2); - $data = $dec->read(); -}; - -print "not " if $@ || $data ne $botan_lic; -print "ok 14\n"; - -undef $data; -eval { - $dec_is->process_msg($botan_lic_b64_garbage); - $dec_is->set_default_msg(2); - $data = $dec_is->read(); -}; - -print "not " unless $@ && !defined $data; -print "ok 15\n"; - -undef $data; -eval { - $dec_fc->process_msg($botan_lic_b64_garbage); - $dec_fc->set_default_msg(2); - $data = $dec_fc->read(); -}; - -print "not " unless $@ && !defined $data; -print "ok 16\n"; - - -# Encoder... - -eval { $f = Botan::Base64_Encoder->new(); }; -print "not " if $@ || !defined $f; -print "ok 17\n"; - -my $enc; -eval { $enc = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $enc; -print "ok 18\n"; - -eval { $f = Botan::Base64_Encoder->new(1, 5); }; -print "not " if $@ || !defined $f; -print "ok 19\n"; - -my $enc2; -eval { $enc2 = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $enc2; -print "ok 20\n"; - -undef $data; -eval { - $enc->process_msg("Hello\n"); - $data = $enc->read(); -}; -print "not " if $@ || $data ne "SGVsbG8K"; -print "ok 21\n"; - -undef $data; -eval { - $enc2->process_msg("Hello\n"); - $data = $enc2->read(); -}; -print "not " if $@ || $data ne "SGVsb\nG8K\n"; -print "ok 22\n"; - - -# Encoder with decoder... - -my $p; -eval { - $p = Botan::Pipe->new( - Botan::Base64_Encoder->new(), - Botan::Base64_Decoder->new(), - ); -}; -print "not " if $@ || !defined $p; -print "ok 23\n"; - -print "not " unless random_message_ok($p); -print "ok 24\n"; diff --git a/src/contrib/perl-xs/t/filt.t b/src/contrib/perl-xs/t/filt.t deleted file mode 100644 index 2a7b4c8bab..0000000000 --- a/src/contrib/perl-xs/t/filt.t +++ /dev/null @@ -1,56 +0,0 @@ -# vim: set ft=perl: -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl test.pl' - -######################### We start with some black magic to print on failure. - -# Change 1..1 below to 1..last_test_to_print . -# (It may become useful if the test is moved to ./t subdirectory.) - -BEGIN { $| = 1; print "1..5\n"; } -END { print "not ok 1\n" unless $loaded; } - -use Botan; - -$loaded = 1; -print "ok 1\n"; - -######################### End of black magic. - -# Insert your test code below (better if it prints "ok 13" -# (correspondingly "not ok 13") depending on the success of chunk 13 -# of the test code): - -use strict; - -my $pipe = Botan::Pipe->new(Botan::Hex_Encoder->new()); - -print "not " unless $pipe; -print "ok 2\n"; - -$pipe->process_msg('FOO'); - -print "not " if $pipe->read() ne '464F4F'; -print "ok 3\n"; - -$pipe = Botan::Pipe->new(Botan::Hex_Encoder->new(0, 0, 1)); - -print "not " unless $pipe; -print "ok 4\n"; - -$pipe->process_msg('FOO'); - -print "not " if $pipe->read() ne '464f4f'; -print "ok 5\n"; - - - - - - -#my $pipe = Botan::Pipe->new(Botan::Base64_Encoder->new()); -#$pipe->process_msg('FOO'); -# -#print "not " if $pipe->read() ne 'Rk9P'; -#print "ok 4\n"; - diff --git a/src/contrib/perl-xs/t/hex.t b/src/contrib/perl-xs/t/hex.t deleted file mode 100644 index 6f447b25c1..0000000000 --- a/src/contrib/perl-xs/t/hex.t +++ /dev/null @@ -1,256 +0,0 @@ -# vim: set ft=perl: -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl test.pl' - -######################### We start with some black magic to print on failure. - -# Change 1..1 below to 1..last_test_to_print . -# (It may become useful if the test is moved to ./t subdirectory.) - -BEGIN { $| = 1; print "1..24\n"; } -END { print "not ok 1\n" unless $loaded; } - -require 't/testutl.pl'; -use Botan; - -$loaded = 1; -print "ok 1\n"; - -######################### End of black magic. - -# Insert your test code below (better if it prints "ok 13" -# (correspondingly "not ok 13") depending on the success of chunk 13 -# of the test code): - -use strict; - -# Data prep - -my ($hex, $hex_ws, $hex_garbage); -while ( $_ = ) -{ - $hex_garbage .= $_; - s/[^[:xdigit:][:space:]]//g; - $hex_ws .= $_; - s/[^[:xdigit:]]//g; - $hex .= $_; -} -my $data_test = pack("H*", $hex); - -# Decoder... - -my $f; - -eval { $f = Botan::Hex_Decoder->new(&Botan::NONE); }; -print "not " if $@ || !defined $f; -print "ok 2\n"; - -my $dec; -eval { $dec = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $dec; -print "ok 3\n"; - -eval { $f = Botan::Hex_Decoder->new(&Botan::IGNORE_WS); }; -print "not " if $@ || !defined $f; -print "ok 4\n"; - -my $dec_is; -eval { $dec_is = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $dec_is; -print "ok 5\n"; - -eval { $f = Botan::Hex_Decoder->new(&Botan::FULL_CHECK); }; -print "not " if $@ || !defined $f; -print "ok 6\n"; - -my $dec_fc; -eval { $dec_fc = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $dec_fc; -print "ok 7\n"; - - -# Testing clean hexadecimal input - -my $data; - -undef $data; -eval { - $dec->process_msg($hex); - $data = $dec->read(); -}; - -print "not " if $@ || $data ne $data_test; -print "ok 8\n"; - -undef $data; -eval { - $dec_is->process_msg($hex); - $data = $dec_is->read(); -}; - -print "not " if $@ || $data ne $data_test; -print "ok 9\n"; - -undef $data; -eval { - $dec_fc->process_msg($hex); - $data = $dec_fc->read(); -}; - -print "not " if $@ || $data ne $data_test; -print "ok 10\n"; - - -# Testing hexadecimal input with whitespaces - -undef $data; -eval { - $dec->process_msg($hex_ws); - $dec->set_default_msg(1); - $data = $dec->read(); -}; - -print "not " if $@ || $data ne $data_test; -print "ok 11\n"; - -undef $data; -eval { - $dec_is->process_msg($hex_ws); - $dec_is->set_default_msg(1); - $data = $dec_is->read(); -}; - -print "not " if $@ || $data ne $data_test; -print "ok 12\n"; - -undef $data; -eval { - $dec_fc->process_msg($hex_ws); - $dec_fc->set_default_msg(1); - $data = $dec_fc->read(); -}; - -print "not " unless $@ && !defined $data; -print "ok 13\n"; - - -# Testing hexadecimal input with garbage - -undef $data; -eval { - $dec->process_msg($hex_garbage); - $dec->set_default_msg(2); - $data = $dec->read(); -}; - -print "not " if $@ || $data ne $data_test; -print "ok 14\n"; - -undef $data; -eval { - $dec_is->process_msg($hex_garbage); - $dec_is->set_default_msg(2); - $data = $dec_is->read(); -}; - -print "not " unless $@ && !defined $data; -print "ok 15\n"; - -undef $data; -eval { - $dec_fc->process_msg($hex_garbage); - $dec_fc->set_default_msg(2); - $data = $dec_fc->read(); -}; - -print "not " unless $@ && !defined $data; -print "ok 16\n"; - - -# Encoder... - -eval { $f = Botan::Hex_Encoder->new(); }; -print "not " if $@ || !defined $f; -print "ok 17\n"; - -my $enc; -eval { $enc = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $enc; -print "ok 18\n"; - -eval { $f = Botan::Hex_Encoder->new(1, 5, 1); }; -print "not " if $@ || !defined $f; -print "ok 19\n"; - -my $enc2; -eval { $enc2 = Botan::Pipe->new($f); }; -print "not " if $@ || !defined $enc2; -print "ok 20\n"; - -undef $data; -eval { - $enc->process_msg("Hello\n"); - $data = $enc->read(); -}; -print "not " if $@ || $data ne "48656C6C6F0A"; -print "ok 21\n"; - -undef $data; -eval { - $enc2->process_msg("Hello\n"); - $data = $enc2->read(); -}; -print "not " if $@ || $data ne "48656\nc6c6f\n0a\n"; -print "ok 22\n"; - - -# Encoder with decoder... - -my $p; -eval { - $p = Botan::Pipe->new( - Botan::Hex_Encoder->new(), - Botan::Hex_Decoder->new(), - ); -}; -print "not " if $@ || !defined $p; -print "ok 23\n"; - -print "not " unless random_message_ok($p); -print "ok 24\n"; - - - -__DATA__ -cb13 4a4d 7522 1fd3 c6f6 7786 d04b 3043 ..JMu"....w..K.. -4552 4bcf 4d2b 9d71 0cfe 4d6a 1caf bcfd .RK.M+.q..Mj.... -8f91 6151 ff85 e900 7e6a bafc 15e9 ae51 ...Q....~j.....Q -b14b 7210 bb40 5958 2b82 d49e b808 68a5 .Kr..@YX+.....h. -7945 9dec f686 9b98 989e 826d 8088 6ee7 y..........m..n. -d066 1eac 8c34 c461 bb54 7726 87ab d681 .........Tw&.... -a0be 52e5 1128 0cf2 759e cb2d e690 4ed9 ..R..(..u..-..N. -7e88 bda7 2523 4a0f 185a 02b1 f898 fc41 ~...%#J..Z...... -dd48 fa87 945d 7611 b8c9 a50a 2de2 b670 .H...]v.....-..p -0056 c8be 2cbb e7d0 1e70 4a3d 79f0 dce9 .V..,....pJ=y... -b57f 154b 2b3a db73 f086 de11 9f3e 1641 ...K+:.s.....>.. -3a28 8b9b bb0f 682b 80db b791 89e0 62c0 :(....h+........ -7204 db97 5432 2eb0 a04e f38e 809f 7223 r...T....N....r# -912e e552 1452 6dd2 e09f dd06 c715 7c1a ...R.Rm.......|. -fe3d d6cc b6d0 a17a 27d7 4327 4e43 8af3 .=.....z'..'N... -6eb5 e9f8 bfe9 34c3 6636 8243 358f 966d n..............m -7d87 d17b 5c37 6acb 4972 f4ec 6806 bbde }..{\.j.Ir..h... -2689 a019 a9e2 4101 7fe2 de72 bc03 eb5e &..........r...^ -b699 2d6b f8cd a08e 6e01 edfc a81a 94b6 ..-k....n....... -9073 15fb efb2 c8d9 9f85 6633 85f1 e9d0 .s.............. -20ce 578b ab9d 2e51 b947 69bf fba5 82c6 .W....Q.Gi..... -2ed0 dd36 d679 a399 7db3 8a0d cdef 0eda .....y..}....... -e761 e7f1 5b17 3f67 0c83 215a eddf 9d2a ....[.?g..!Z...* -5e70 0a77 c92e 94e1 a82b fd7c f10a 894f ^p.w.....+.|...O -2955 f0e8 7398 f409 2040 b797 da03 a5a6 )U..s... @...... -7ba4 c3c9 2659 b9f7 6a56 e17a b481 983f {...&Y..jV.z...? -00ed 3cc8 5a22 ad5c b6e0 3566 d717 35a6 ..<.Z".\........ -1523 4104 de63 477e fd24 68e5 e816 98df .#....G~.$h..... -1747 417e db72 a76a be5b b9dc 3dfb 2d05 .G.~.r.j.[..=.-. -d27f e597 eafc 9a29 15c5 792d 9c88 9aea .......)..y-.... -485e e431 96c3 7723 da6d 28b2 477a fd12 H^....w#.m(.Gz.. -e645 5dcd 7d5a d8b4 7acc 10b2 b41a e11d ..].}Z..z....... diff --git a/src/contrib/perl-xs/t/oid.t b/src/contrib/perl-xs/t/oid.t deleted file mode 100644 index 694121ca85..0000000000 --- a/src/contrib/perl-xs/t/oid.t +++ /dev/null @@ -1,40 +0,0 @@ -# vim: set ft=perl: -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl test.pl' - -######################### We start with some black magic to print on failure. - -# Change 1..1 below to 1..last_test_to_print . -# (It may become useful if the test is moved to ./t subdirectory.) - -BEGIN { $| = 1; print "1..5\n"; } -END { print "not ok 1\n" unless $loaded; } - -use Botan; - -$loaded = 1; -print "ok 1\n"; - -######################### End of black magic. - -# Insert your test code below (better if it prints "ok 13" -# (correspondingly "not ok 13") depending on the success of chunk 13 -# of the test code): - -use strict; - -print "not " unless Botan::OIDS::have_oid('X520.CommonName'); -print "ok 2\n"; - -my $oid_c = Botan::OID->new('2.5.4.3'); -print "not " if Botan::OIDS::lookup_by_oid($oid_c) ne 'X520.CommonName'; -print "ok 3\n"; - -my $oid_x = Botan::OIDS::lookup_by_name('X520.CommonName'); -print "not " if $oid_x->as_string() ne '2.5.4.3'; -print "ok 4\n"; - -my $oid_foo_num = '1.2.3.4.5.6.7.8.9.10.11.12.13.14.15'; -my $oid_foo = Botan::OID->new($oid_foo_num); -print "not " if Botan::OIDS::lookup_by_oid($oid_foo) ne $oid_foo_num; -print "ok 5\n"; diff --git a/src/contrib/perl-xs/t/pipe.t b/src/contrib/perl-xs/t/pipe.t deleted file mode 100644 index f850d8519c..0000000000 --- a/src/contrib/perl-xs/t/pipe.t +++ /dev/null @@ -1,98 +0,0 @@ -# vim: set ft=perl: -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl test.pl' - -######################### We start with some black magic to print on failure. - -# Change 1..1 below to 1..last_test_to_print . -# (It may become useful if the test is moved to ./t subdirectory.) - -BEGIN { $| = 1; print "1..20\n"; } -END { print "not ok 1\n" unless $loaded; } - -use Botan; - -$loaded = 1; -print "ok 1\n"; - -######################### End of black magic. - -# Insert your test code below (better if it prints "ok 13" -# (correspondingly "not ok 13") depending on the success of chunk 13 -# of the test code): - -use strict; - -my $pipe = Botan::Pipe->new(); - -print "not " unless $pipe; -print "ok 2\n"; - -$pipe->start_msg(); -$pipe->write('Hello world'); -$pipe->end_msg(); - -print "not " if $pipe->message_count() != 1; -print "ok 3\n"; - -print "not " if $pipe->remaining() != 11; -print "ok 4\n"; - -print "not " if $pipe->end_of_data(); -print "ok 5\n"; - -print "not " if $pipe->read() ne 'Hello world'; -print "ok 6\n"; - -print "not " if $pipe->remaining() != 0; -print "ok 7\n"; - -print "not " unless $pipe->end_of_data(); -print "ok 8\n"; - -$pipe->process_msg('Hello world'); - -print "not " if $pipe->message_count() != 2; -print "ok 9\n"; - -my $msg_num = $pipe->message_count() -1; - -print "not " if $pipe->read(5, $msg_num) ne 'Hello'; -print "ok 10\n"; - -print "not " if $pipe->read(6, $msg_num) ne ' world'; -print "ok 11\n"; - -print "not " if $pipe->remaining() != 0; -print "ok 12\n"; - -print "not " unless $pipe->end_of_data(); -print "ok 13\n"; - -$pipe->process_msg("The\0string\0with\0null\0chars\0"); -$msg_num = $pipe->message_count() -1; - -print "not " if $pipe->read(80, $msg_num) ne "The\0string\0with\0null\0chars\0"; -print "ok 14\n"; - -$pipe->process_msg('FOO BAR'); -$pipe->set_default_msg($pipe->message_count() -1); - -print "not " if $pipe->peek(3) ne 'FOO'; -print "ok 15\n"; - -print "not " if $pipe->peek(3, 4) ne 'BAR'; -print "ok 16\n"; - -print "not " if $pipe->peek() ne 'FOO BAR'; -print "ok 17\n"; - -print "not " if $pipe->read() ne 'FOO BAR'; -print "ok 18\n"; - -print "not " if $pipe->remaining() != 0; -print "ok 19\n"; - -print "not " unless $pipe->end_of_data(); -print "ok 20\n"; - diff --git a/src/contrib/perl-xs/t/testutl.pl b/src/contrib/perl-xs/t/testutl.pl deleted file mode 100644 index add6f6a45c..0000000000 --- a/src/contrib/perl-xs/t/testutl.pl +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/perl - -sub random_message_ok -{ - my ($pipe, $iter, $chunkmax) = @_; - $iter = 100 unless defined $iter; - $chunkmax = 300 unless defined $chunkmax; - eval { - my $input = ''; - $pipe->start_msg(); - for(my $i = 0; $i < $iter; $i++) - { - my $chunk = ''; - my $chunklen = int(rand($chunkmax)); - $chunk .= pack("C", int(rand(256))) while $chunklen--; - $input .= $chunk; - $pipe->write($chunk); - } - $pipe->end_msg(); - my $msg_num = $pipe->message_count() -1; - my $output = $pipe->read(0xFFFFFFFF, $msg_num); - return $input eq $output; - }; -} - -1; diff --git a/src/contrib/perl-xs/t/x509cert.t b/src/contrib/perl-xs/t/x509cert.t deleted file mode 100644 index 2a943aeac0..0000000000 --- a/src/contrib/perl-xs/t/x509cert.t +++ /dev/null @@ -1,42 +0,0 @@ -# vim: set ft=perl: -# Before `make install' is performed this script should be runnable with -# `make test'. After `make install' it should work as `perl test.pl' - -######################### We start with some black magic to print on failure. - -# Change 1..1 below to 1..last_test_to_print . -# (It may become useful if the test is moved to ./t subdirectory.) - -BEGIN { $| = 1; print "1..4\n"; } -END { print "not ok 1\n" unless $loaded; } - -use Botan; - -$loaded = 1; -print "ok 1\n"; - -######################### End of black magic. - -# Insert your test code below (better if it prints "ok 13" -# (correspondingly "not ok 13") depending on the success of chunk 13 -# of the test code): - -use strict; - -my $cert = Botan::X509_Certificate->new('data/ca.cert.der'); - -print "not " if $cert->x509_version() != 3; -print "ok 2\n"; - -print "not " if $cert->start_time() ne '2000/8/20 21:48:00 UTC'; -print "ok 3\n"; - -print "not " if $cert->end_time() ne '2002/8/10 21:48:00 UTC'; -print "ok 4\n"; - -#my $subject = $cert->subject_dn()->get_attributes(); -#print STDERR "subject=", join(',', @{$subject}), "\n"; -# -#my $issuer = $cert->issuer_dn()->get_attributes(); -#print STDERR "issuer=", join(',', @{$issuer}), "\n"; -# diff --git a/src/contrib/perl-xs/typemap b/src/contrib/perl-xs/typemap deleted file mode 100644 index d7403d40da..0000000000 --- a/src/contrib/perl-xs/typemap +++ /dev/null @@ -1,62 +0,0 @@ -TYPEMAP - -Botan__ASN1_String * O_OBJECT -Botan__AlgorithmIdentifier * O_OBJECT -Botan__AlternativeName * O_OBJECT -Botan__Attribute * O_OBJECT -Botan__Base64_Decoder * O_EXTOBJECT -Botan__Base64_Encoder * O_EXTOBJECT -Botan__Chain * O_EXTOBJECT -Botan__Extension * O_OBJECT -Botan__Filter * O_EXTOBJECT -Botan__Fork * O_EXTOBJECT -Botan__Hex_Decoder * O_EXTOBJECT -Botan__Hex_Encoder * O_EXTOBJECT -Botan__OID * O_OBJECT -Botan__Pipe * O_OBJECT -Botan__X509_Certificate * O_OBJECT -Botan__X509_DN * O_OBJECT -Botan__X509_Time * O_OBJECT -Botan__u32bit T_UV - - -###################################################################### -OUTPUT - -# The Perl object is blessed into 'CLASS', which should be a -# char* having the name of the package for the blessing. -O_OBJECT - sv_setref_pv($arg, CLASS, (void*)$var); - -O_EXTOBJECT - sv_setref_pv($arg, CLASS, (void*)$var); - sv_magic(SvRV($arg), 0, '~', (char *)&oi_init, sizeof(oi_init)); - - -###################################################################### -INPUT - -O_OBJECT - if ( sv_isobject($arg) && (SvTYPE(SvRV($arg)) == SVt_PVMG) ) - $var = ($type)SvIV((SV*)SvRV( $arg )); - else - croak(\"${Package}::$func_name() -- \" - \"$var is not a blessed SV reference\"); - -# The pointer variable "ObjectInfo *${var}_oi;" must be declared -# in PREINIT section. I don't know how to emit this declaration safely here. -O_EXTOBJECT - if ( sv_isobject($arg) && (SvTYPE(SvRV($arg)) == SVt_PVMG) ) - $var = ($type)SvIV((SV*)SvRV($arg)); - else - croak(\"${Package}::$func_name() -- \" - \"$var is not a blessed SV reference\"); - { - MAGIC *mg = mg_find(SvRV($arg), '~'); - if ( mg == 0 - || mg->mg_len != sizeof(ObjectInfo) - || *(I32 *)(mg->mg_ptr) != ObjectInfo::SIGNVAL ) - croak(\"${Package}::$func_name() -- \" - \"private magic data for $var invalid\"); - ${var}_oi = (ObjectInfo *)(mg->mg_ptr); - } diff --git a/src/contrib/readme.txt b/src/contrib/readme.txt index 485d364ada..674a46e9e2 100644 --- a/src/contrib/readme.txt +++ b/src/contrib/readme.txt @@ -4,5 +4,3 @@ maintained by the Botan developers. Patches are welcome. - In sqlite, find a patch to enable building a special version of sqlite3 that encrypts the database - -- In perl-xs, find a wrapper for Perl using XS From cd5c4deee9a8229c71b5e8b18510b6bb76a35c57 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 15 Jan 2018 17:28:15 -0500 Subject: [PATCH 0545/1008] Update ASN.1 fuzzer --- src/fuzzer/asn1.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fuzzer/asn1.cpp b/src/fuzzer/asn1.cpp index da3e1607fc..89073991d1 100644 --- a/src/fuzzer/asn1.cpp +++ b/src/fuzzer/asn1.cpp @@ -11,7 +11,7 @@ class ASN1_Parser final : public Botan::ASN1_Formatter { public: - ASN1_Parser() : Botan::ASN1_Formatter(true) {} + ASN1_Parser() : Botan::ASN1_Formatter(true, 64) {} protected: std::string format(Botan::ASN1_Tag, Botan::ASN1_Tag, size_t, size_t, From 5af44a91adfac63bbb7c3df13723c94d31b683be Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 16 Jan 2018 11:52:09 -0500 Subject: [PATCH 0546/1008] Improve speed of prime generation especially safe primes First, correct a bug in the sieve code. It would break early if a value did not match up with the sieve. However in that case, the sieve values would be out of sync with the value of p, and would be returning effectively random results. This caused prime generation to be slower than it should be, both because the sieve was incorrectly rejecting values that were not multiples of any small prime and was allowing values that were multiples of small primes to move on to the Miller-Rabin test. In the sieve, also sieve so that 2*q+1 is also not a multiple of the small primes. This speeds up safe prime generation. GH #1411 --- src/lib/math/mp/mp_core.cpp | 4 ++ src/lib/math/numbertheory/make_prm.cpp | 90 +++++++++++++++++--------- src/lib/math/numbertheory/numthry.h | 16 +++-- 3 files changed, 73 insertions(+), 37 deletions(-) diff --git a/src/lib/math/mp/mp_core.cpp b/src/lib/math/mp/mp_core.cpp index 4ed61ac38b..ffa5b31a82 100644 --- a/src/lib/math/mp/mp_core.cpp +++ b/src/lib/math/mp/mp_core.cpp @@ -436,10 +436,14 @@ word bigint_divop(word n1, word n0, word d) */ word bigint_modop(word n1, word n0, word d) { +#if defined(BOTAN_HAS_MP_DWORD) + return ((static_cast(n1) << MP_WORD_BITS) | n0) % d; +#else word z = bigint_divop(n1, n0, d); word dummy = 0; z = word_madd2(z, d, &dummy); return (n0-z); +#endif } } diff --git a/src/lib/math/numbertheory/make_prm.cpp b/src/lib/math/numbertheory/make_prm.cpp index f06f1978ef..419252ed6e 100644 --- a/src/lib/math/numbertheory/make_prm.cpp +++ b/src/lib/math/numbertheory/make_prm.cpp @@ -16,20 +16,22 @@ namespace Botan { */ BigInt random_prime(RandomNumberGenerator& rng, size_t bits, const BigInt& coprime, - size_t equiv, size_t modulo) + size_t equiv, size_t modulo, + size_t prob) { - if(coprime <= 0) + if(coprime.is_negative()) { - throw Invalid_Argument("random_prime: coprime must be > 0"); + throw Invalid_Argument("random_prime: coprime must be >= 0"); } - if(modulo % 2 == 1 || modulo == 0) + if(modulo == 0) { throw Invalid_Argument("random_prime: Invalid modulo value"); } - if(equiv >= modulo || equiv % 2 == 0) - { - throw Invalid_Argument("random_prime: equiv must be < modulo, and odd"); - } + + equiv %= modulo; + + if(equiv == 0) + throw Invalid_Argument("random_prime Invalid value for equiv/modulo"); // Handle small values: if(bits <= 1) @@ -50,6 +52,9 @@ BigInt random_prime(RandomNumberGenerator& rng, return ((rng.next_byte() % 2) ? 11 : 13); } + secure_vector sieve(PRIME_TABLE_SIZE); + const size_t MAX_ATTEMPTS = 32*1024; + while(true) { BigInt p(rng, bits); @@ -59,21 +64,18 @@ BigInt random_prime(RandomNumberGenerator& rng, p.set_bit(bits - 2); p.set_bit(0); - if(p % modulo != equiv) - p += (modulo - p % modulo) + equiv; + // Force p to be equal to equiv mod modulo + p += (modulo - (p % modulo)) + equiv; - const size_t sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE); - secure_vector sieve(sieve_size); - - for(size_t j = 0; j != sieve.size(); ++j) - sieve[j] = static_cast(p % PRIMES[j]); + for(size_t i = 0; i != sieve.size(); ++i) + sieve[i] = static_cast(p % PRIMES[i]); size_t counter = 0; while(true) { ++counter; - if(counter >= 4096) + if(counter > MAX_ATTEMPTS) { break; // don't try forever, choose a new starting point } @@ -84,26 +86,39 @@ BigInt random_prime(RandomNumberGenerator& rng, break; bool passes_sieve = true; - for(size_t j = 0; j != sieve.size(); ++j) + for(size_t i = 0; i != sieve.size(); ++i) { - sieve[j] = (sieve[j] + modulo) % PRIMES[j]; - if(sieve[j] == 0) - { + sieve[i] = (sieve[i] + modulo) % PRIMES[i]; + + /* + In this case, p is a multiple of PRIMES[i] + */ + if(sieve[i] == 0) + passes_sieve = false; + + /* + In this case, 2*p+1 will be a multiple of PRIMES[i] + + So if generating a safe prime, we want to avoid this value + because 2*p+1 will not be useful. Since the check is cheap to + do and doesn't seem to affect the overall distribution of the + generated primes overmuch it's used in all cases. + + See "Safe Prime Generation with a Combined Sieve" M. Wiener + https://eprint.iacr.org/2003/186.pdf + */ + if(sieve[i] == PRIMES[i] / 2) passes_sieve = false; - break; - } } if(!passes_sieve) continue; - if(gcd(p - 1, coprime) != 1) + if(coprime > 0 && gcd(p - 1, coprime) != 1) continue; - if(is_prime(p, rng, 128, true)) - { + if(is_prime(p, rng, prob, true)) return p; - } } } } @@ -117,12 +132,25 @@ BigInt random_safe_prime(RandomNumberGenerator& rng, size_t bits) throw Invalid_Argument("random_safe_prime: Can't make a prime of " + std::to_string(bits) + " bits"); - BigInt p; - do - p = (random_prime(rng, bits - 1) << 1) + 1; - while(!is_prime(p, rng, 128, true)); + BigInt q, p; + for(;;) + { + /* + Generate q == 2 (mod 3) + + Otherwise [q == 1 (mod 3) case], 2*q+1 == 3 (mod 3) and not prime. + */ + q = random_prime(rng, bits - 1, 1, 2, 3, 8); + p = (q << 1) + 1; - return p; + if(is_prime(p, rng, 128, true)) + { + // We did only a weak check before, go back and verify q before returning + if(is_prime(q, rng, 128, true)) + return p; + } + + } } } diff --git a/src/lib/math/numbertheory/numthry.h b/src/lib/math/numbertheory/numthry.h index 7d37ea1b78..b002ace914 100644 --- a/src/lib/math/numbertheory/numthry.h +++ b/src/lib/math/numbertheory/numthry.h @@ -164,9 +164,9 @@ size_t BOTAN_PUBLIC_API(2,0) low_zero_bits(const BigInt& x); * @return true if all primality tests passed, otherwise false */ bool BOTAN_PUBLIC_API(2,0) is_prime(const BigInt& n, - RandomNumberGenerator& rng, - size_t prob = 56, - bool is_random = false); + RandomNumberGenerator& rng, + size_t prob = 56, + bool is_random = false); inline bool quick_check_prime(const BigInt& n, RandomNumberGenerator& rng) { return is_prime(n, rng, 32); } @@ -186,11 +186,15 @@ inline bool verify_prime(const BigInt& n, RandomNumberGenerator& rng) * @param equiv a non-negative number that the result should be equivalent to modulo equiv_mod * @param equiv_mod the modulus equiv should be checked against +* @param prob use test so false positive is bounded by 1/2**prob * @return random prime with the specified criteria */ BigInt BOTAN_PUBLIC_API(2,0) random_prime(RandomNumberGenerator& rng, - size_t bits, const BigInt& coprime = 1, - size_t equiv = 1, size_t equiv_mod = 2); + size_t bits, + const BigInt& coprime = 0, + size_t equiv = 1, + size_t equiv_mod = 2, + size_t prob = 128); /** * Return a 'safe' prime, of the form p=2*q+1 with q prime @@ -199,7 +203,7 @@ BigInt BOTAN_PUBLIC_API(2,0) random_prime(RandomNumberGenerator& rng, * @return prime randomly chosen from safe primes of length bits */ BigInt BOTAN_PUBLIC_API(2,0) random_safe_prime(RandomNumberGenerator& rng, - size_t bits); + size_t bits); /** * Generate DSA parameters using the FIPS 186 kosherizer From c635f33cabab7862e504e07728a9b2d448017340 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Tue, 16 Jan 2018 14:07:16 +0100 Subject: [PATCH 0547/1008] Do not generally choose eg++ compiler on OpenBSD. As three OpenBSD architectures have moved to clang as base compiler, use clang if it is available. Use gcc from ports as fallback. Then the binary name has to be set manually as auto configuration would confuse the OpenBSD ports framework. The old assembler is used only by gcc. --- configure.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/configure.py b/configure.py index ee58efe78b..2c1c353de0 100755 --- a/configure.py +++ b/configure.py @@ -2635,13 +2635,12 @@ def deduce_compiler_type_from_cc_bin(cc_bin): if have_program('clang++'): options.compiler = 'clang' elif options.os == 'openbsd': - if have_program('eg++'): - info_cc['gcc'].binary_name = 'eg++' + if have_program('clang++'): + options.compiler = 'clang' else: - logging.warning('Default GCC is too old; install a newer one using \'pkg_add gcc\'') - # The assembler shipping with OpenBSD 5.9 does not support avx2 - del info_cc['gcc'].isa_flags['avx2'] - options.compiler = 'gcc' + options.compiler = 'gcc' + # The assembler shipping with OpenBSD 5.9 does not support avx2 + del info_cc['gcc'].isa_flags['avx2'] else: options.compiler = 'gcc' logging.info('Guessing to use compiler %s (use --cc to set)' % (options.compiler)) From 3e803f148be8bc250e094ea47c1207e818d9a14b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 16 Jan 2018 12:56:39 -0500 Subject: [PATCH 0548/1008] Correctly handle generating small primes --- src/lib/math/numbertheory/make_prm.cpp | 12 ++++++++++++ src/tests/test_bigint.cpp | 14 +++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/lib/math/numbertheory/make_prm.cpp b/src/lib/math/numbertheory/make_prm.cpp index 419252ed6e..70ef23e5a7 100644 --- a/src/lib/math/numbertheory/make_prm.cpp +++ b/src/lib/math/numbertheory/make_prm.cpp @@ -7,6 +7,7 @@ #include #include +#include #include namespace Botan { @@ -51,6 +52,17 @@ BigInt random_prime(RandomNumberGenerator& rng, { return ((rng.next_byte() % 2) ? 11 : 13); } + else if(bits <= 16) + { + for(;;) + { + size_t idx = make_uint16(rng.next_byte(), rng.next_byte()) % PRIME_TABLE_SIZE; + uint16_t small_prime = PRIMES[idx]; + + if(high_bit(small_prime) == bits) + return small_prime; + } + } secure_vector sieve(PRIME_TABLE_SIZE); const size_t MAX_ATTEMPTS = 32*1024; diff --git a/src/tests/test_bigint.cpp b/src/tests/test_bigint.cpp index 6ee802408a..f63cce7feb 100644 --- a/src/tests/test_bigint.cpp +++ b/src/tests/test_bigint.cpp @@ -87,11 +87,15 @@ class BigInt_Unit_Tests final : public Test { Test::Result result("BigInt prime generation"); - result.test_throws("Invalid arg", []() { Botan::random_prime(Test::rng(), 0); }); - result.test_throws("Invalid arg", []() { Botan::random_prime(Test::rng(), 1); }); - result.test_throws("Invalid arg", []() { Botan::random_prime(Test::rng(), 2, 0); }); - result.test_throws("Invalid arg", []() { Botan::random_prime(Test::rng(), 2, 1, 1, 3); }); - result.test_throws("Invalid arg", []() { Botan::random_prime(Test::rng(), 2, 1, 0, 2); }); + result.test_throws("Invalid bit size", + "Invalid argument random_prime: Can't make a prime of 0 bits", + []() { Botan::random_prime(Test::rng(), 0); }); + result.test_throws("Invalid bit size", + "Invalid argument random_prime: Can't make a prime of 1 bits", + []() { Botan::random_prime(Test::rng(), 1); }); + result.test_throws("Invalid arg", + "Invalid argument random_prime Invalid value for equiv/modulo", + []() { Botan::random_prime(Test::rng(), 2, 1, 0, 2); }); BigInt p = Botan::random_prime(Test::rng(), 2); result.confirm("Only two 2-bit primes", p == 2 || p == 3); From 120c9302ab9773f3429ea6cf0e732a2ec805fcd5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 17 Jan 2018 10:59:44 -0500 Subject: [PATCH 0549/1008] Update news --- news.rst | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index d508acabea..bd28bb0156 100644 --- a/news.rst +++ b/news.rst @@ -4,15 +4,23 @@ Release Notes Version 2.5.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Use an improved algorithm for generating safe primes which is several tens of + times faster. Also, fix a bug in the prime sieving algorithm which caused + standard prime generation (like for RSA keys) to be slower than necessary. + (GH #1413 #1411) + * Correct the return value of PK_Encryptor::maximum_input_size which reported a much too small value (GH #1410) * Support detecting POWER crypto extensions using getauxval (GH #1393) -* Remove use of CPU specific optimization flags (GH #1392) +* Remove use of CPU specific optimization flags, instead the user should set + these via CXXFLAGS if desired. (GH #1392) * Use feature flags to enable/disable system specific code (GH #1378) +* The Perl XS based wrapper has been removed. (GH #1412) + Version 2.4.0, 2018-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 6128a254fa42da8362b4eb9c626d193be68cfaea Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 17 Jan 2018 11:19:41 -0500 Subject: [PATCH 0550/1008] First update the sieve, then check for a match This allows shortcutting the checks Use (p-1)/2 instead p/2, same result because p is odd but confusing. --- src/lib/math/numbertheory/make_prm.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/lib/math/numbertheory/make_prm.cpp b/src/lib/math/numbertheory/make_prm.cpp index 70ef23e5a7..bd0ae8e925 100644 --- a/src/lib/math/numbertheory/make_prm.cpp +++ b/src/lib/math/numbertheory/make_prm.cpp @@ -1,6 +1,6 @@ /* * Prime Generation -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -97,11 +97,15 @@ BigInt random_prime(RandomNumberGenerator& rng, if(p.bits() > bits) break; - bool passes_sieve = true; + // Now that p is updated, update the sieve for(size_t i = 0; i != sieve.size(); ++i) { sieve[i] = (sieve[i] + modulo) % PRIMES[i]; + } + bool passes_sieve = true; + for(size_t i = 0; passes_sieve && (i != sieve.size()); ++i) + { /* In this case, p is a multiple of PRIMES[i] */ @@ -119,7 +123,7 @@ BigInt random_prime(RandomNumberGenerator& rng, See "Safe Prime Generation with a Combined Sieve" M. Wiener https://eprint.iacr.org/2003/186.pdf */ - if(sieve[i] == PRIMES[i] / 2) + if(sieve[i] == (PRIMES[i] - 1) / 2) passes_sieve = false; } From 09c50d5fa709a8d79faaeb6e5f9e57b61626be72 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 17 Jan 2018 12:35:32 -0500 Subject: [PATCH 0551/1008] Correct dependencies of kdf and pbkdf [ci skip] They assumed base pulled in hash and mac which is no longer true --- src/lib/kdf/info.txt | 3 ++- src/lib/kdf/kdf.cpp | 1 + src/lib/pbkdf/info.txt | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/kdf/info.txt b/src/lib/kdf/info.txt index 3d96cea191..81567300f5 100644 --- a/src/lib/kdf/info.txt +++ b/src/lib/kdf/info.txt @@ -3,7 +3,8 @@ KDF_BASE -> 20131128 -base +mac +hash diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index a1b0b91a94..fbe24462ad 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -7,6 +7,7 @@ #include #include +#include #include #include diff --git a/src/lib/pbkdf/info.txt b/src/lib/pbkdf/info.txt index b279ca2ff1..48c6b56e66 100644 --- a/src/lib/pbkdf/info.txt +++ b/src/lib/pbkdf/info.txt @@ -3,7 +3,8 @@ PBKDF -> 20150626 -base +mac +hash From f4a511a9986c28341925d1390252edf3c8773a76 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 17 Jan 2018 14:55:05 -0500 Subject: [PATCH 0552/1008] Fix crash in EMSA_PKCS1v15_Raw if the hash function was not enabled. GH #1416 --- src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp index 0fabb87da1..ddc1e6b279 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp @@ -116,7 +116,7 @@ EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo) if(!hash_algo.empty()) { m_hash_id = pkcs_hash_id(hash_algo); - std::unique_ptr hash(HashFunction::create(hash_algo)); + std::unique_ptr hash(HashFunction::create_or_throw(hash_algo)); m_hash_name = hash->name(); m_hash_output_len = hash->output_length(); } From 57c713d57fa6e91308d7135f70f9e9c3bf797310 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 18 Jan 2018 13:17:13 -0500 Subject: [PATCH 0553/1008] Drop the sqlite3 codec [ci skip] It is maintained (at least to some extent) at https://github.com/OlivierJG/botansqlite3 and contains several fixes which are not included in this version. --- news.rst | 7 +- src/contrib/readme.txt | 6 - src/contrib/sqlite/codec.cpp | 201 --------------- src/contrib/sqlite/codec.h | 106 -------- src/contrib/sqlite/codec_c_interface.h | 90 ------- src/contrib/sqlite/codecext.c | 242 ------------------ src/contrib/sqlite/readme.txt | 35 --- src/contrib/sqlite/sqlite3-amalgamation.patch | 15 -- src/contrib/sqlite/test_sqlite.cpp | 103 -------- 9 files changed, 6 insertions(+), 799 deletions(-) delete mode 100644 src/contrib/readme.txt delete mode 100644 src/contrib/sqlite/codec.cpp delete mode 100644 src/contrib/sqlite/codec.h delete mode 100644 src/contrib/sqlite/codec_c_interface.h delete mode 100644 src/contrib/sqlite/codecext.c delete mode 100644 src/contrib/sqlite/readme.txt delete mode 100644 src/contrib/sqlite/sqlite3-amalgamation.patch delete mode 100644 src/contrib/sqlite/test_sqlite.cpp diff --git a/news.rst b/news.rst index bd28bb0156..1199600285 100644 --- a/news.rst +++ b/news.rst @@ -19,7 +19,12 @@ Version 2.5.0, Not Yet Released * Use feature flags to enable/disable system specific code (GH #1378) -* The Perl XS based wrapper has been removed. (GH #1412) +* The Perl XS based wrapper has been removed, as it was unmaintained and + broken. (GH #1412) + +* The sqlite3 encryption patch under ``contrib`` has been removed. It + is still maintained by the original author at + https://github.com/OlivierJG/botansqlite3 Version 2.4.0, 2018-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/contrib/readme.txt b/src/contrib/readme.txt deleted file mode 100644 index 674a46e9e2..0000000000 --- a/src/contrib/readme.txt +++ /dev/null @@ -1,6 +0,0 @@ - -The code is this directory may be of use to you, but is not written or -maintained by the Botan developers. Patches are welcome. - -- In sqlite, find a patch to enable building a special version of sqlite3 - that encrypts the database diff --git a/src/contrib/sqlite/codec.cpp b/src/contrib/sqlite/codec.cpp deleted file mode 100644 index 4a13d3ddec..0000000000 --- a/src/contrib/sqlite/codec.cpp +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Codec class for SQLite3 encryption codec. - * (C) 2010 Olivier de Gaalon - * - * Botan is released under the Simplified BSD License (see license.txt) - */ - -#include "codec.h" - -Codec::Codec(void *db) -{ - InitializeCodec(db); -} - -Codec::Codec(const Codec *other, void *db) -{ - //Only used to copy main db key for an attached db - InitializeCodec(db); - m_hasReadKey = other->m_hasReadKey; - m_hasWriteKey = other->m_hasWriteKey; - m_readKey = other->m_readKey; - m_ivReadKey = other->m_ivReadKey; - m_writeKey = other->m_writeKey; - m_ivWriteKey = other->m_ivWriteKey; -} - -void Codec::InitializeCodec(void *db) -{ - m_hasReadKey = false; - m_hasWriteKey = false; - m_db = db; - - try - { - m_encipherFilter = get_cipher(BLOCK_CIPHER_STR, ENCRYPTION); - m_decipherFilter = get_cipher(BLOCK_CIPHER_STR, DECRYPTION); - m_cmac = new MAC_Filter(MAC_STR); - m_encipherPipe.append(m_encipherFilter); - m_decipherPipe.append(m_decipherFilter); - m_macPipe.append(m_cmac); - } - catch(Botan::Exception e) - { - m_botanErrorMsg = e.what(); - } -} - -void Codec::GenerateWriteKey(const char *userPassword, int passwordLength) -{ - try - { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4) - PBKDF *pbkdf = get_pbkdf(PBKDF_STR); - SymmetricKey masterKey = - pbkdf->derive_key(KEY_SIZE + IV_DERIVATION_KEY_SIZE, std::string(userPassword, passwordLength), - (const byte*)SALT_STR.c_str(), SALT_SIZE, PBKDF_ITERATIONS); -#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0) - S2K* s2k = get_s2k(PBKDF_STR); - s2k->set_iterations(PBKDF_ITERATIONS); - s2k->change_salt((const byte*)SALT_STR.c_str(), SALT_SIZE); - - SymmetricKey masterKey = - s2k->derive_key(KEY_SIZE + IV_DERIVATION_KEY_SIZE, std::string(userPassword, passwordLength)); -#else -#error "This code requires botan 1.8 or newer" -#endif - m_writeKey = SymmetricKey(masterKey.bits_of(), KEY_SIZE); - m_ivWriteKey = SymmetricKey(masterKey.bits_of() + KEY_SIZE, IV_DERIVATION_KEY_SIZE); - - m_hasWriteKey = true; - } - catch(Botan::Exception e) - { - m_botanErrorMsg = e.what(); - } -} - -void Codec::DropWriteKey() -{ - m_hasWriteKey = false; -} - -void Codec::SetReadIsWrite() -{ - m_readKey = m_writeKey; - m_ivReadKey = m_ivWriteKey; - m_hasReadKey = m_hasWriteKey; -} - -void Codec::SetWriteIsRead() -{ - m_writeKey = m_readKey; - m_ivWriteKey = m_ivReadKey; - m_hasWriteKey = m_hasReadKey; -} - -unsigned char* Codec::Encrypt(int page, unsigned char *data, bool useWriteKey) -{ - memcpy(m_page, data, m_pageSize); - - try - { - m_encipherFilter->set_key(useWriteKey ? m_writeKey : m_readKey); - m_encipherFilter->set_iv(GetIVForPage(page, useWriteKey)); - m_encipherPipe.process_msg(m_page, m_pageSize); - m_encipherPipe.read(m_page, m_encipherPipe.remaining(Pipe::LAST_MESSAGE), Pipe::LAST_MESSAGE); - } - catch(Botan::Exception e) - { - m_botanErrorMsg = e.what(); - } - - return m_page; //return location of newly ciphered data -} - -void Codec::Decrypt(int page, unsigned char *data) -{ - try - { - m_decipherFilter->set_key(m_readKey); - m_decipherFilter->set_iv(GetIVForPage(page, false)); - m_decipherPipe.process_msg(data, m_pageSize); - m_decipherPipe.read(data, m_decipherPipe.remaining(Pipe::LAST_MESSAGE), Pipe::LAST_MESSAGE); - } - catch(Botan::Exception e) - { - m_botanErrorMsg = e.what(); - } -} - -InitializationVector Codec::GetIVForPage(u32bit page, bool useWriteKey) -{ - try - { - static unsigned char *intiv[4]; - store_le(page, (byte*)intiv); - m_cmac->set_key(useWriteKey ? m_ivWriteKey : m_ivReadKey); - m_macPipe.process_msg((byte*)intiv, 4); - return m_macPipe.read_all(Pipe::LAST_MESSAGE); - } - catch(Botan::Exception e) - { - m_botanErrorMsg = e.what(); - } -} - -const char* Codec::GetAndResetError() -{ - const char *message = m_botanErrorMsg; - m_botanErrorMsg = 0; - return message; -} - -#include "codec_c_interface.h" - -void InitializeBotan() { -} -void* InitializeNewCodec(void *db) { - return new Codec(db); -} -void* InitializeFromOtherCodec(const void *otherCodec, void *db) { - return new Codec((Codec*)otherCodec, db); -} -void GenerateWriteKey(void *codec, const char *userPassword, int passwordLength) { - ((Codec*)codec)->GenerateWriteKey(userPassword, passwordLength); -} -void DropWriteKey(void *codec) { - ((Codec*)codec)->DropWriteKey(); -} -void SetWriteIsRead(void *codec) { - ((Codec*)codec)->SetWriteIsRead(); -} -void SetReadIsWrite(void *codec) { - ((Codec*)codec)->SetReadIsWrite(); -} -unsigned char* Encrypt(void *codec, int page, unsigned char *data, Bool useWriteKey) { - return ((Codec*)codec)->Encrypt(page, data, useWriteKey); -} -void Decrypt(void *codec, int page, unsigned char *data) { - ((Codec*)codec)->Decrypt(page, data); -} -void SetPageSize(void *codec, int pageSize) { - ((Codec*)codec)->SetPageSize(pageSize); -} -Bool HasReadKey(void *codec) { - return ((Codec*)codec)->HasReadKey(); -} -Bool HasWriteKey(void *codec) { - return ((Codec*)codec)->HasWriteKey(); -} -void* GetDB(void *codec) { - return ((Codec*)codec)->GetDB(); -} -const char* GetAndResetError(void *codec) -{ - return ((Codec*)codec)->GetAndResetError(); -} -void DeleteCodec(void *codec) { - Codec *deleteThisCodec = (Codec*)codec; - delete deleteThisCodec; -} diff --git a/src/contrib/sqlite/codec.h b/src/contrib/sqlite/codec.h deleted file mode 100644 index 673de24800..0000000000 --- a/src/contrib/sqlite/codec.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Codec class for SQLite3 encryption codec. - * (C) 2010 Olivier de Gaalon - * - * Botan is released under the Simplified BSD License (see license.txt) - */ - -#ifndef _CODEC_H_ -#define _CODEC_H_ - -#include -#include -#include - -using namespace std; -using namespace Botan; - -/*These constants can be used to tweak the codec behavior as follows - *Note that once you've encrypted a database with these settings, - *recompiling with any different settings will give you a library that - *cannot read that database, even given the same passphrase.*/ - -//BLOCK_CIPHER_STR: Cipher and mode used for encrypting the database -//make sure to add "/NoPadding" for modes that use padding schemes -const string BLOCK_CIPHER_STR = "Twofish/XTS"; - -//PBKDF_STR: Key derivation function used to derive both the encryption -//and IV derivation keys from the given database passphrase -const string PBKDF_STR = "PBKDF2(SHA-160)"; - -//SALT_STR: Hard coded salt used to derive the key from the passphrase. -const string SALT_STR = "&g#nB'9]"; - -//SALT_SIZE: Size of the salt in bytes (as given in SALT_STR) -const int SALT_SIZE = 64/8; //64 bit, 8 byte salt - -//MAC_STR: CMAC used to derive the IV that is used for db page -//encryption -const string MAC_STR = "CMAC(Twofish)"; - -//PBKDF_ITERATIONS: Number of hash iterations used in the key derivation -//process. -const int PBKDF_ITERATIONS = 10000; - -//KEY_SIZE: Size of the encryption key. Note that XTS splits the key -//between two ciphers, so if you're using XTS, double the intended key -//size. (ie, "AES-128/XTS" should have a 256 bit KEY_SIZE) -const int KEY_SIZE = 512/8; //512 bit, 64 byte key. (256 bit XTS key) - -//IV_DERIVATION_KEY_SIZE: Size of the key used with the CMAC (MAC_STR) -//above. -const int IV_DERIVATION_KEY_SIZE = 256/8; //256 bit, 32 byte key - -//This is definited in sqlite.h and very unlikely to change -#define SQLITE_MAX_PAGE_SIZE 32768 - -class Codec -{ -public: - Codec(void *db); - Codec(const Codec* other, void *db); - - void GenerateWriteKey(const char *userPassword, int passwordLength); - void DropWriteKey(); - void SetWriteIsRead(); - void SetReadIsWrite(); - - unsigned char* Encrypt(int page, unsigned char *data, bool useWriteKey); - void Decrypt(int page, unsigned char *data); - - void SetPageSize(int pageSize) { m_pageSize = pageSize; } - - bool HasReadKey() { return m_hasReadKey; } - bool HasWriteKey() { return m_hasWriteKey; } - void* GetDB() { return m_db; } - const char* GetAndResetError(); - -private: - bool m_hasReadKey; - bool m_hasWriteKey; - - SymmetricKey - m_readKey, - m_writeKey, - m_ivReadKey, - m_ivWriteKey; - - Pipe - m_encipherPipe, - m_decipherPipe, - m_macPipe; - - Keyed_Filter *m_encipherFilter; - Keyed_Filter *m_decipherFilter; - MAC_Filter *m_cmac; - - int m_pageSize; - unsigned char m_page[SQLITE_MAX_PAGE_SIZE]; - void *m_db; - const char *m_botanErrorMsg; - - InitializationVector GetIVForPage(u32bit page, bool useWriteKey); - void InitializeCodec(void *db); -}; - -#endif diff --git a/src/contrib/sqlite/codec_c_interface.h b/src/contrib/sqlite/codec_c_interface.h deleted file mode 100644 index 9f515c113a..0000000000 --- a/src/contrib/sqlite/codec_c_interface.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Encryption codec class C interface - * (C) 2010 Olivier de Gaalon - * - * Botan is released under the Simplified BSD License (see license.txt) - */ - -#ifndef _CODEC_C_INTERFACE_H_ -#define _CODEC_C_INTERFACE_H_ - -#ifdef __cplusplus -typedef unsigned char Bool; -#endif - -#ifdef __cplusplus -extern "C" -#endif -void InitializeBotan(); - -#ifdef __cplusplus -extern "C" -#endif -void* InitializeNewCodec(void *db); - -#ifdef __cplusplus -extern "C" -#endif -void* InitializeFromOtherCodec(const void *otherCodec, void *db); - -#ifdef __cplusplus -extern "C" -#endif -void GenerateWriteKey(void *codec, const char *userPassword, int passwordLength); - -#ifdef __cplusplus -extern "C" -#endif -void DropWriteKey(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -void SetWriteIsRead(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -void SetReadIsWrite(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -unsigned char* Encrypt(void *codec, int page, unsigned char *data, Bool useWriteKey); - -#ifdef __cplusplus -extern "C" -#endif -void Decrypt(void *codec, int page, unsigned char *data); - -#ifdef __cplusplus -extern "C" -#endif -void SetPageSize(void *codec, int pageSize); - -#ifdef __cplusplus -extern "C" -#endif -Bool HasReadKey(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -Bool HasWriteKey(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -void* GetDB(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -const char* GetAndResetError(void *codec); - -#ifdef __cplusplus -extern "C" -#endif -void DeleteCodec(void *codec); - -#endif \ No newline at end of file diff --git a/src/contrib/sqlite/codecext.c b/src/contrib/sqlite/codecext.c deleted file mode 100644 index 4b61f016dd..0000000000 --- a/src/contrib/sqlite/codecext.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Encryption codec implementation - * (C) 2010 Olivier de Gaalon - * - * Botan is released under the Simplified BSD License (see license.txt) - */ - -#ifndef SQLITE_OMIT_DISKIO -#ifdef SQLITE_HAS_CODEC - -#include "codec_c_interface.h" - -Bool HandleError(void *pCodec) -{ - const char *error = GetAndResetError(pCodec); - if (error) { - sqlite3Error((sqlite3*)GetDB(pCodec), SQLITE_ERROR, "Botan Error: %s", error); - return 1; - } - return 0; -} - -// Guessing that "see" is related to SQLite Encryption Extension" (the semi-official, for-pay, encryption codec) -// Just as useful for initializing Botan. -void sqlite3_activate_see(const char *info) -{ - InitializeBotan(); -} - -// Free the encryption codec, called from pager.c (address passed in sqlite3PagerSetCodec) -void sqlite3PagerFreeCodec(void *pCodec) -{ - if (pCodec) - DeleteCodec(pCodec); -} - -// Report the page size to the codec, called from pager.c (address passed in sqlite3PagerSetCodec) -void sqlite3CodecSizeChange(void *pCodec, int pageSize, int nReserve) -{ - SetPageSize(pCodec, pageSize); -} - -// Encrypt/Decrypt functionality, called by pager.c -void* sqlite3Codec(void *pCodec, void *data, Pgno nPageNum, int nMode) -{ - if (pCodec == NULL) //Db not encrypted - return data; - - switch(nMode) - { - case 0: // Undo a "case 7" journal file encryption - case 2: // Reload a page - case 3: // Load a page - if (HasReadKey(pCodec)) - Decrypt(pCodec, nPageNum, (unsigned char*) data); - break; - case 6: // Encrypt a page for the main database file - if (HasWriteKey(pCodec)) - data = Encrypt(pCodec, nPageNum, (unsigned char*) data, 1); - break; - case 7: // Encrypt a page for the journal file - /* - *Under normal circumstances, the readkey is the same as the writekey. However, - *when the database is being rekeyed, the readkey is not the same as the writekey. - *(The writekey is the "destination key" for the rekey operation and the readkey - *is the key the db is currently encrypted with) - *Therefore, for case 7, when the rollback is being written, always encrypt using - *the database's readkey, which is guaranteed to be the same key that was used to - *read and write the original data. - */ - if (HasReadKey(pCodec)) - data = Encrypt(pCodec, nPageNum, (unsigned char*) data, 0); - break; - } - - HandleError(pCodec); - - return data; -} - -int sqlite3CodecAttach(sqlite3 *db, int nDb, const void *zKey, int nKey) -{ - void *pCodec = NULL; - - if (zKey == NULL || nKey <= 0) - { - // No key specified, could mean either use the main db's encryption or no encryption - if (nDb != 0 && nKey < 0) - { - //Is an attached database, therefore use the key of main database, if main database is encrypted - void *pMainCodec = sqlite3PagerGetCodec(sqlite3BtreePager(db->aDb[0].pBt)); - if (pMainCodec != NULL) - { - pCodec = InitializeFromOtherCodec(pMainCodec, db); - sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt), - sqlite3Codec, - sqlite3CodecSizeChange, - sqlite3PagerFreeCodec, pCodec); - } - } - } - else - { - // Key specified, setup encryption key for database - pCodec = InitializeNewCodec(db); - GenerateWriteKey(pCodec, (const char*) zKey, nKey); - SetReadIsWrite(pCodec); - sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt), - sqlite3Codec, - sqlite3CodecSizeChange, - sqlite3PagerFreeCodec, pCodec); - } - - if (HandleError(pCodec)) - return SQLITE_ERROR; - - return SQLITE_OK; -} - -void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) -{ - // The unencrypted password is not stored for security reasons - // therefore always return NULL - *zKey = NULL; - *nKey = -1; -} - -int sqlite3_key(sqlite3 *db, const void *zKey, int nKey) -{ - // The key is only set for the main database, not the temp database - return sqlite3CodecAttach(db, 0, zKey, nKey); -} - -int sqlite3_rekey(sqlite3 *db, const void *zKey, int nKey) -{ - // Changes the encryption key for an existing database. - int rc = SQLITE_ERROR; - Btree *pbt = db->aDb[0].pBt; - Pager *pPager = sqlite3BtreePager(pbt); - void *pCodec = sqlite3PagerGetCodec(pPager); - - if ((zKey == NULL || nKey == 0) && pCodec == NULL) - { - // Database not encrypted and key not specified. Do nothing - return SQLITE_OK; - } - - if (pCodec == NULL) - { - // Database not encrypted, but key specified. Encrypt database - pCodec = InitializeNewCodec(db); - GenerateWriteKey(pCodec, (const char*) zKey, nKey); - - if (HandleError(pCodec)) - return SQLITE_ERROR; - - sqlite3PagerSetCodec(pPager, sqlite3Codec, sqlite3CodecSizeChange, sqlite3PagerFreeCodec, pCodec); - } - else if (zKey == NULL || nKey == 0) - { - // Database encrypted, but key not specified. Decrypt database - // Keep read key, drop write key - DropWriteKey(pCodec); - } - else - { - // Database encrypted and key specified. Re-encrypt database with new key - // Keep read key, change write key to new key - GenerateWriteKey(pCodec, (const char*) zKey, nKey); - if (HandleError(pCodec)) - return SQLITE_ERROR; - } - - // Start transaction - rc = sqlite3BtreeBeginTrans(pbt, 1); - if (rc == SQLITE_OK) - { - // Rewrite all pages using the new encryption key (if specified) - int nPageCount = -1; - sqlite3PagerPagecount(pPager, &nPageCount); - Pgno nPage = (Pgno) nPageCount; - - Pgno nSkip = PAGER_MJ_PGNO(pPager); - DbPage *pPage; - - Pgno n; - for (n = 1; rc == SQLITE_OK && n <= nPage; n++) - { - if (n == nSkip) - continue; - - rc = sqlite3PagerGet(pPager, n, &pPage); - - if (!rc) - { - rc = sqlite3PagerWrite(pPage); - sqlite3PagerUnref(pPage); - } - else - sqlite3Error(db, SQLITE_ERROR, "%s", "Error while rekeying database page. Transaction Canceled."); - } - } - else - sqlite3Error(db, SQLITE_ERROR, "%s", "Error beginning rekey transaction. Make sure that the current encryption key is correct."); - - if (rc == SQLITE_OK) - { - // All good, commit - rc = sqlite3BtreeCommit(pbt); - - if (rc == SQLITE_OK) - { - //Database rekeyed and committed successfully, update read key - if (HasWriteKey(pCodec)) - SetReadIsWrite(pCodec); - else //No write key == no longer encrypted - sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL); - } - else - { - //FIXME: can't trigger this, not sure if rollback is needed, reference implementation didn't rollback - sqlite3Error(db, SQLITE_ERROR, "%s", "Could not commit rekey transaction."); - } - } - else - { - // Rollback, rekey failed - sqlite3BtreeRollback(pbt, SQLITE_ERROR); - - // go back to read key - if (HasReadKey(pCodec)) - SetWriteIsRead(pCodec); - else //Database wasn't encrypted to start with - sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL); - } - - return rc; -} - -#endif // SQLITE_HAS_CODEC - -#endif // SQLITE_OMIT_DISKIO diff --git a/src/contrib/sqlite/readme.txt b/src/contrib/sqlite/readme.txt deleted file mode 100644 index 4971fd44b2..0000000000 --- a/src/contrib/sqlite/readme.txt +++ /dev/null @@ -1,35 +0,0 @@ -Build instructions for BotanSqlite3 ---- - -Requirements: - 1. Botan 1.9.0 or later - 2. SQLite3 amalgamation source, version 3.7.12.1 or later (previous versions may work, some will need minor changes) - - -Building: - -1. Extract sqlite3 amalgamation to a directory and add BotanSqlite3 source files - - If desired, codec.h can be modified to tweak the encryption algothrithms and parameters. (Defaults to Twofish/XTS with 256 bit key) - -2. Apply the patch "sqlite3.diff": - $ patch -p0 < sqlite3-amalgamation.patch - - If the patching fails for some reason (ie, changes in SQLite3), it should be trivial to do it manually. - -3. Compile the sqlite3 library with Botan encryption support: - $ gcc -c sqlite3.c -o botansqlite3.o && gcc -c codec.cpp -o codec.o `pkg-config --cflags botan-1.10` && ar rcs libbotansqlite3.a botansqlite3.o codec.o - - (replace "botan-1.10" with appropriate version) - -Testing: - -1. Build the test: - $ g++ test_sqlite.cpp -o test_sqlite `botan-config-1.10 --libs` ./libbotansqlite3.a - - (replace botan-config-1.10 w/ appropriate version) - -2. Run the test - $ ./test_sqlite - -3. Look for "All seems good" diff --git a/src/contrib/sqlite/sqlite3-amalgamation.patch b/src/contrib/sqlite/sqlite3-amalgamation.patch deleted file mode 100644 index 1c2a5c69d1..0000000000 --- a/src/contrib/sqlite/sqlite3-amalgamation.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ./sqlite3.c.orig 2011-05-12 10:03:32.051879390 +0800 -+++ ./sqlite3.c 2011-05-12 10:09:04.028550281 +0800 -@@ -17,6 +17,7 @@ - ** language. The code for the "sqlite3" command-line shell is also in a - ** separate file. This file contains only code for the core SQLite library. - */ -+#define SQLITE_HAS_CODEC 1 - #define SQLITE_CORE 1 - #define SQLITE_AMALGAMATION 1 - #ifndef SQLITE_PRIVATE -@@ -125956,3 +125957,4 @@ - #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */ - - /************** End of fts3_icu.c ********************************************/ -+#include "codecext.c" diff --git a/src/contrib/sqlite/test_sqlite.cpp b/src/contrib/sqlite/test_sqlite.cpp deleted file mode 100644 index 74bf24b06a..0000000000 --- a/src/contrib/sqlite/test_sqlite.cpp +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Quick and dirty test for SQLite3 encryption codec. - * (C) 2010 Olivier de Gaalon - * - * Botan is released under the Simplified BSD License (see license.txt) - */ - -#define SQLITE_HAS_CODEC 1 - -#include -#include - -namespace SQL -{ - const char * CREATE_TABLE_TEST = - "create table 'test' (id INTEGER PRIMARY KEY, name TEXT, creationtime TEXT);"; - const char * CREATE_TABLE_TEST2 = - "create table 'test2' (id INTEGER PRIMARY KEY, name TEXT, creationtime TEXT);"; - const char * INSERT_INTO_TEST = - "INSERT INTO test (name, creationtime) VALUES ('widget', '1st time');\ - INSERT INTO test (name, creationtime) VALUES ('widget', '2nd time');\ - INSERT INTO test (name, creationtime) VALUES ('widget', '3rd time');\ - INSERT INTO test (name, creationtime) VALUES ('widget', '4th time');\ - INSERT INTO test (name, creationtime) VALUES ('widget', '5th time');"; - const char * INSERT_INTO_TEST2 = - "INSERT INTO test2 (name, creationtime) VALUES ('widget2', '1st time2');\ - INSERT INTO test2 (name, creationtime) VALUES ('widget2', '2nd time2');\ - INSERT INTO test2 (name, creationtime) VALUES ('widget2', '3rd time2');\ - INSERT INTO test2 (name, creationtime) VALUES ('widget2', '4th time2');\ - INSERT INTO test2 (name, creationtime) VALUES ('widget2', '5th time2');"; - const char * SELECT_FROM_TEST = - "SELECT * FROM test;"; - const char * SELECT_FROM_TEST2 = - "SELECT * FROM test2;"; -}; - -static int callback(void *NotUsed, int argc, char **argv, char **azColName){ - int i; - fprintf(stderr, "\t"); - for(i=0; i Date: Thu, 18 Jan 2018 13:21:34 -0500 Subject: [PATCH 0554/1008] Move Sonar config from build-data to configs Since it is not a template file, nor is it read by configure.py --- src/{build-data => configs}/sonar-project.properties | 0 src/scripts/ci_build.py | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename src/{build-data => configs}/sonar-project.properties (100%) diff --git a/src/build-data/sonar-project.properties b/src/configs/sonar-project.properties similarity index 100% rename from src/build-data/sonar-project.properties rename to src/configs/sonar-project.properties diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 3a462fdb56..beb9622c1d 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -449,7 +449,7 @@ def main(args=None): cmds.append(['llvm-cov', 'show', './botan-test', '-instr-profile=botan.profdata', '>', 'build/cov_report.txt']) - sonar_config = os.path.join(root_dir, os.path.join(root_dir, 'src/build-data/sonar-project.properties')) + sonar_config = os.path.join(root_dir, os.path.join(root_dir, 'src/configs/sonar-project.properties')) cmds.append(['sonar-scanner', '-Dproject.settings=%s' % (sonar_config), '-Dsonar.login=$SONAR_TOKEN']) From 915e840bd0f77d8c2cd526a5d26a88621708f6ca Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 18 Jan 2018 15:21:47 -0500 Subject: [PATCH 0555/1008] Prepare for making BER_Object members private Now there are usable accessors that allow the library to avoid using BER_Object members directly. --- doc/manual/deprecated.rst | 2 +- src/lib/asn1/asn1_obj.cpp | 42 +++++++++++- src/lib/asn1/asn1_obj.h | 42 ++++++++++-- src/lib/asn1/asn1_oid.cpp | 24 +++---- src/lib/asn1/asn1_print.cpp | 12 ++-- src/lib/asn1/asn1_str.cpp | 6 +- src/lib/asn1/asn1_time.cpp | 2 +- src/lib/asn1/ber_dec.cpp | 95 ++++++++++++---------------- src/lib/asn1/ber_dec.h | 23 +++---- src/lib/pubkey/ec_group/ec_group.cpp | 6 +- src/lib/x509/asn1_alt_name.cpp | 48 +++++++------- src/lib/x509/name_constraint.cpp | 51 ++++++--------- src/lib/x509/ocsp.cpp | 6 +- src/lib/x509/ocsp_types.cpp | 2 +- src/lib/x509/pkcs10.cpp | 17 ++--- src/lib/x509/x509_crl.cpp | 11 ++-- src/lib/x509/x509_ext.cpp | 31 +++++---- src/lib/x509/x509cert.cpp | 24 +++---- src/lib/x509/x509cert.h | 7 ++ src/tests/data/x509/bsi/expected.txt | 4 +- 20 files changed, 258 insertions(+), 197 deletions(-) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index cb2a76d011..29a7b35fe3 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -10,7 +10,7 @@ This is in addition to specific API calls marked with BOTAN_DEPRECATED in the source. - Directly accessing the member variables of types calendar_point, ASN1_Attribute, - and AlgorithmIdentifier + AlgorithmIdentifier, and BER_Object - The headers ``botan.h``, ``init.h``, ``lookup.h`` diff --git a/src/lib/asn1/asn1_obj.cpp b/src/lib/asn1/asn1_obj.cpp index c83875ae5c..bbe469f5cf 100644 --- a/src/lib/asn1/asn1_obj.cpp +++ b/src/lib/asn1/asn1_obj.cpp @@ -12,6 +12,38 @@ namespace Botan { +/* +* Check a type invariant on BER data +*/ +void BER_Object::assert_is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_, + const std::string& descr) const + { + if(this->is_a(type_tag_, class_tag_) == false) + { + throw BER_Decoding_Error("Tag mismatch when decoding " + descr + " got " + + std::to_string(type_tag) + "/" + + std::to_string(class_tag) + " expected " + + std::to_string(type_tag_) + "/" + + std::to_string(class_tag_)); + } + } + +bool BER_Object::is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_) const + { + return (type_tag == type_tag_ && class_tag == class_tag_); + } + +bool BER_Object::is_a(int type_tag_, ASN1_Tag class_tag_) const + { + return is_a(ASN1_Tag(type_tag_), class_tag_); + } + +void BER_Object::set_tagging(ASN1_Tag t, ASN1_Tag c) + { + type_tag = t; + class_tag = c; + } + std::string asn1_tag_to_string(ASN1_Tag type) { switch(type) @@ -94,10 +126,15 @@ namespace ASN1 { * Put some arbitrary bytes into a SEQUENCE */ std::vector put_in_sequence(const std::vector& contents) + { + return ASN1::put_in_sequence(contents.data(), contents.size()); + } + +std::vector put_in_sequence(const uint8_t bits[], size_t len) { return DER_Encoder() .start_cons(SEQUENCE) - .raw_bytes(contents) + .raw_bytes(bits, len) .end_cons() .get_contents_unlocked(); } @@ -107,7 +144,8 @@ std::vector put_in_sequence(const std::vector& contents) */ std::string to_string(const BER_Object& obj) { - return to_string(obj.value); + return std::string(cast_uint8_ptr_to_char(obj.bits()), + obj.length()); } /* diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 0b9a1493e5..814b8f4f20 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -88,13 +88,46 @@ class BOTAN_PUBLIC_API(2,0) ASN1_Object class BOTAN_PUBLIC_API(2,0) BER_Object final { public: - void assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) const; + BER_Object() : type_tag(NO_OBJECT), class_tag(UNIVERSAL) {} - // public member variable: - ASN1_Tag type_tag, class_tag; + bool is_set() const { return type_tag != NO_OBJECT; } + + ASN1_Tag tagging() const { return ASN1_Tag(type() | get_class()); } + + ASN1_Tag type() const { return type_tag; } + ASN1_Tag get_class() const { return class_tag; } + + const uint8_t* bits() const { return value.data(); } + + size_t length() const { return value.size(); } + + void assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag, + const std::string& descr = "object") const; + + bool is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) const; + + bool is_a(int type_tag, ASN1_Tag class_tag) const; - // public member variable: + public: + /* + * The following member variables are public for historical reasons, but + * will be made private in a future major release. Use the accessor + * functions above. + */ + ASN1_Tag type_tag, class_tag; secure_vector value; + + private: + + friend class BER_Decoder; + + void set_tagging(ASN1_Tag type_tag, ASN1_Tag class_tag); + + uint8_t* mutable_bits(size_t length) + { + value.resize(length); + return value.data(); + } }; /* @@ -105,6 +138,7 @@ class DataSource; namespace ASN1 { std::vector put_in_sequence(const std::vector& val); +std::vector put_in_sequence(const uint8_t bits[], size_t len); std::string to_string(const BER_Object& obj); /** diff --git a/src/lib/asn1/asn1_oid.cpp b/src/lib/asn1/asn1_oid.cpp index 7c7161f479..2aa453c2b2 100644 --- a/src/lib/asn1/asn1_oid.cpp +++ b/src/lib/asn1/asn1_oid.cpp @@ -161,31 +161,33 @@ void OID::encode_into(DER_Encoder& der) const void OID::decode_from(BER_Decoder& decoder) { BER_Object obj = decoder.get_next_object(); - if(obj.type_tag != OBJECT_ID || obj.class_tag != UNIVERSAL) - throw BER_Bad_Tag("Error decoding OID, unknown tag", - obj.type_tag, obj.class_tag); - if(obj.value.size() < 2) - throw BER_Decoding_Error("OID encoding is too short"); + if(obj.tagging() != OBJECT_ID) + throw BER_Bad_Tag("Error decoding OID, unknown tag", obj.tagging()); + + const size_t length = obj.length(); + const uint8_t* bits = obj.bits(); + if(length < 2) + throw BER_Decoding_Error("OID encoding is too short"); clear(); - m_id.push_back(obj.value[0] / 40); - m_id.push_back(obj.value[0] % 40); + m_id.push_back(bits[0] / 40); + m_id.push_back(bits[0] % 40); size_t i = 0; - while(i != obj.value.size() - 1) + while(i != length - 1) { uint32_t component = 0; - while(i != obj.value.size() - 1) + while(i != length - 1) { ++i; if(component >> (32-7)) throw Decoding_Error("OID component overflow"); - component = (component << 7) + (obj.value[i] & 0x7F); + component = (component << 7) + (bits[i] & 0x7F); - if(!(obj.value[i] & 0x80)) + if(!(bits[i] & 0x80)) break; } m_id.push_back(component); diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index f0d994dbd4..13ae6d3877 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -79,23 +79,23 @@ void ASN1_Formatter::decode(std::ostream& output, const bool recurse_deeper = (m_max_depth == 0 || level < m_max_depth); - while(obj.type_tag != NO_OBJECT) + while(obj.is_set()) { - const ASN1_Tag type_tag = obj.type_tag; - const ASN1_Tag class_tag = obj.class_tag; - const size_t length = obj.value.size(); + const ASN1_Tag type_tag = obj.type(); + const ASN1_Tag class_tag = obj.get_class(); + const size_t length = obj.length(); /* hack to insert the tag+length back in front of the stuff now that we've gotten the type info */ DER_Encoder encoder; - encoder.add_object(type_tag, class_tag, obj.value); + encoder.add_object(type_tag, class_tag, obj.bits(), obj.length()); const std::vector bits = encoder.get_contents_unlocked(); BER_Decoder data(bits); if(class_tag & CONSTRUCTED) { - BER_Decoder cons_info(obj.value); + BER_Decoder cons_info(obj.bits(), obj.length()); if(recurse_deeper) { diff --git a/src/lib/asn1/asn1_str.cpp b/src/lib/asn1/asn1_str.cpp index 8b9524de21..416e4f0ac5 100644 --- a/src/lib/asn1/asn1_str.cpp +++ b/src/lib/asn1/asn1_str.cpp @@ -130,10 +130,10 @@ void ASN1_String::decode_from(BER_Decoder& source) { BER_Object obj = source.get_next_object(); - assert_is_string_type(obj.type_tag); + assert_is_string_type(obj.type()); - m_tag = obj.type_tag; - m_data.assign(obj.value.begin(), obj.value.end()); + m_tag = obj.type(); + m_data.assign(obj.bits(), obj.bits() + obj.length()); if(m_tag == BMP_STRING) { diff --git a/src/lib/asn1/asn1_time.cpp b/src/lib/asn1/asn1_time.cpp index aca7fdca06..e64fd57c79 100644 --- a/src/lib/asn1/asn1_time.cpp +++ b/src/lib/asn1/asn1_time.cpp @@ -47,7 +47,7 @@ void X509_Time::decode_from(BER_Decoder& source) { BER_Object ber_time = source.get_next_object(); - set_to(ASN1::to_string(ber_time), ber_time.type_tag); + set_to(ASN1::to_string(ber_time), ber_time.type()); } std::string X509_Time::to_string() const diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index 2251972248..ca0056937f 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -147,25 +147,12 @@ size_t find_eoc(DataSource* ber, size_t allow_indef) } -/* -* Check a type invariant on BER data -*/ -void BER_Object::assert_is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_) const - { - if(type_tag != type_tag_ || class_tag != class_tag_) - throw BER_Decoding_Error("Tag mismatch when decoding got " + - std::to_string(type_tag) + "/" + - std::to_string(class_tag) + " expected " + - std::to_string(type_tag_) + "/" + - std::to_string(class_tag_)); - } - /* * Check if more objects are there */ bool BER_Decoder::more_items() const { - if(m_source->end_of_data() && (m_pushed.type_tag == NO_OBJECT)) + if(m_source->end_of_data() && !m_pushed.is_set()) return false; return true; } @@ -175,7 +162,7 @@ bool BER_Decoder::more_items() const */ BER_Decoder& BER_Decoder::verify_end() { - if(!m_source->end_of_data() || (m_pushed.type_tag != NO_OBJECT)) + if(!m_source->end_of_data() || m_pushed.is_set()) throw Invalid_State("BER_Decoder::verify_end called, but data remains"); return (*this); } @@ -198,17 +185,18 @@ BER_Object BER_Decoder::get_next_object() { BER_Object next; - if(m_pushed.type_tag != NO_OBJECT) + if(m_pushed.is_set()) { - next = m_pushed; - m_pushed.class_tag = m_pushed.type_tag = NO_OBJECT; + std::swap(next, m_pushed); return next; } for(;;) { - decode_tag(m_source, next.type_tag, next.class_tag); - if(next.type_tag == NO_OBJECT) + ASN1_Tag type_tag, class_tag; + decode_tag(m_source, type_tag, class_tag); + next.set_tagging(type_tag, class_tag); + if(next.is_set() == false) // no more objects return next; size_t field_size; @@ -216,11 +204,11 @@ BER_Object BER_Decoder::get_next_object() if(!m_source->check_available(length)) throw BER_Decoding_Error("Value truncated"); - next.value.resize(length); - if(m_source->read(next.value.data(), length) != length) + uint8_t* out = next.mutable_bits(length); + if(m_source->read(out, length) != length) throw BER_Decoding_Error("Value truncated"); - if(next.type_tag == EOC && next.class_tag == UNIVERSAL) + if(next.tagging() == EOC) continue; else break; @@ -240,7 +228,7 @@ BER_Decoder& BER_Decoder::get_next(BER_Object& ber) */ void BER_Decoder::push_back(const BER_Object& obj) { - if(m_pushed.type_tag != NO_OBJECT) + if(m_pushed.is_set()) throw Invalid_State("BER_Decoder: Only one push back is allowed"); m_pushed = obj; } @@ -254,7 +242,7 @@ BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag, BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED)); - BER_Decoder result(obj.value.data(), obj.value.size()); + BER_Decoder result(obj.bits(), obj.length()); result.m_parent = this; return result; } @@ -271,14 +259,16 @@ BER_Decoder& BER_Decoder::end_cons() return (*m_parent); } +BER_Decoder::BER_Decoder(const BER_Object& obj) : BER_Decoder(obj.bits(), obj.length()) + { + } + /* * BER_Decoder Constructor */ BER_Decoder::BER_Decoder(DataSource& src) { m_source = &src; - m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; - m_parent = nullptr; } /* @@ -288,8 +278,6 @@ BER_Decoder::BER_Decoder(const uint8_t data[], size_t length) { m_data_src.reset(new DataSource_Memory(data, length)); m_source = m_data_src.get(); - m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; - m_parent = nullptr; } /* @@ -299,8 +287,6 @@ BER_Decoder::BER_Decoder(const secure_vector& data) { m_data_src.reset(new DataSource_Memory(data)); m_source = m_data_src.get(); - m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; - m_parent = nullptr; } /* @@ -310,8 +296,6 @@ BER_Decoder::BER_Decoder(const std::vector& data) { m_data_src.reset(new DataSource_Memory(data.data(), data.size())); m_source = m_data_src.get(); - m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; - m_parent = nullptr; } /* @@ -323,7 +307,6 @@ BER_Decoder::BER_Decoder(const BER_Decoder& other) // take ownership std::swap(m_data_src, other.m_data_src); - m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT; m_parent = other.m_parent; } @@ -344,7 +327,7 @@ BER_Decoder& BER_Decoder::decode_null() { BER_Object obj = get_next_object(); obj.assert_is_a(NULL_TAG, UNIVERSAL); - if(obj.value.size()) + if(obj.length() > 0) throw BER_Decoding_Error("NULL object had nonzero size"); return (*this); } @@ -397,10 +380,10 @@ BER_Decoder& BER_Decoder::decode(bool& out, BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, class_tag); - if(obj.value.size() != 1) + if(obj.length() != 1) throw BER_Decoding_Error("BER boolean value had invalid size"); - out = (obj.value[0]) ? true : false; + out = (obj.bits()[0]) ? true : false; return (*this); } @@ -457,25 +440,29 @@ BER_Decoder& BER_Decoder::decode(BigInt& out, BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, class_tag); - if(obj.value.empty()) + if(obj.length() == 0) + { out = 0; + } else { - const bool negative = (obj.value[0] & 0x80) ? true : false; + const bool negative = (obj.bits()[0] & 0x80) ? true : false; if(negative) { - for(size_t i = obj.value.size(); i > 0; --i) - if(obj.value[i-1]--) + secure_vector vec(obj.bits(), obj.bits() + obj.length()); + for(size_t i = obj.length(); i > 0; --i) + if(vec[i-1]--) break; - for(size_t i = 0; i != obj.value.size(); ++i) - obj.value[i] = ~obj.value[i]; - } - - out = BigInt(&obj.value[0], obj.value.size()); - - if(negative) + for(size_t i = 0; i != obj.length(); ++i) + vec[i] = ~vec[i]; + out = BigInt(vec.data(), vec.size()); out.flip_sign(); + } + else + { + out = BigInt(obj.bits(), obj.length()); + } } return (*this); @@ -494,19 +481,19 @@ void asn1_decode_binary_string(std::vector& buffer, if(real_type == OCTET_STRING) { - buffer.assign(obj.value.begin(), obj.value.end()); + buffer.assign(obj.bits(), obj.bits() + obj.length()); } else { - if(obj.value.empty()) + if(obj.length() == 0) throw BER_Decoding_Error("Invalid BIT STRING"); - if(obj.value[0] >= 8) + if(obj.bits()[0] >= 8) throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); - buffer.resize(obj.value.size() - 1); + buffer.resize(obj.length() - 1); - if(obj.value.size() > 1) - copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1); + if(obj.length() > 1) + copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); } } diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index 637cdc5272..ab25161756 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -54,14 +54,14 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final BER_Object obj = get_next_object(); obj.assert_is_a(type_tag, class_tag); - if (obj.value.size() != sizeof(T)) + if (obj.length() != sizeof(T)) throw BER_Decoding_Error( "Size mismatch. Object value size is " + - std::to_string(obj.value.size()) + + std::to_string(obj.length()) + "; Output type size is " + std::to_string(sizeof(T))); - copy_mem(reinterpret_cast(&out), obj.value.data(), obj.value.size()); + copy_mem(reinterpret_cast(&out), obj.bits(), obj.length()); return (*this); } @@ -185,10 +185,10 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final ASN1_Tag type_tag = static_cast(type_no); - if(obj.type_tag == type_tag && obj.class_tag == class_tag) + if(obj.is_a(type_tag, class_tag)) { if((class_tag & CONSTRUCTED) && (class_tag & CONTEXT_SPECIFIC)) - BER_Decoder(obj.value).decode(out, real_type).verify_end(); + BER_Decoder(obj).decode(out, real_type).verify_end(); else { push_back(obj); @@ -210,13 +210,15 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final BER_Decoder(const uint8_t[], size_t); + explicit BER_Decoder(const BER_Object& obj); + explicit BER_Decoder(const secure_vector&); explicit BER_Decoder(const std::vector& vec); BER_Decoder(const BER_Decoder&); private: - BER_Decoder* m_parent; + BER_Decoder* m_parent = nullptr; BER_Object m_pushed; // either m_data_src.get() or an unowned pointer DataSource* m_source; @@ -234,10 +236,10 @@ BER_Decoder& BER_Decoder::decode_optional(T& out, { BER_Object obj = get_next_object(); - if(obj.type_tag == type_tag && obj.class_tag == class_tag) + if(obj.is_a(type_tag, class_tag)) { if((class_tag & CONSTRUCTED) && (class_tag & CONTEXT_SPECIFIC)) - BER_Decoder(obj.value).decode(out).verify_end(); + BER_Decoder(obj).decode(out).verify_end(); else { push_back(obj); @@ -267,10 +269,9 @@ BER_Decoder& BER_Decoder::decode_optional_implicit( { BER_Object obj = get_next_object(); - if(obj.type_tag == type_tag && obj.class_tag == class_tag) + if(obj.is_a(type_tag, class_tag)) { - obj.type_tag = real_type; - obj.class_tag = real_class; + obj.set_tagging(real_type, real_class); push_back(obj); decode(out, real_type, real_class); } diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 831c41e374..6ae8c16d8c 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -52,15 +52,15 @@ EC_Group::EC_Group(const std::vector& ber_data) BER_Decoder ber(ber_data); BER_Object obj = ber.get_next_object(); - if(obj.type_tag == NULL_TAG) + if(obj.type() == NULL_TAG) throw Decoding_Error("Cannot handle ImplicitCA ECDSA parameters"); - else if(obj.type_tag == OBJECT_ID) + else if(obj.type() == OBJECT_ID) { OID dom_par_oid; BER_Decoder(ber_data).decode(dom_par_oid); *this = EC_Group(dom_par_oid); } - else if(obj.type_tag == SEQUENCE) + else if(obj.type() == SEQUENCE) { BigInt p, a, b; std::vector sv_base_point; diff --git a/src/lib/x509/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp index c9f7c780b1..4e052ca588 100644 --- a/src/lib/x509/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -179,18 +179,15 @@ void AlternativeName::decode_from(BER_Decoder& source) { BER_Decoder names = source.start_cons(SEQUENCE); + // FIXME this is largely a duplication of GeneralName::decode_from + while(names.more_items()) { BER_Object obj = names.get_next_object(); - if((obj.class_tag != CONTEXT_SPECIFIC) && - (obj.class_tag != (CONTEXT_SPECIFIC | CONSTRUCTED))) - continue; - - const ASN1_Tag tag = obj.type_tag; - if(tag == 0) + if(obj.is_a(0, CONTEXT_SPECIFIC)) { - BER_Decoder othername(obj.value); + BER_Decoder othername(obj); OID oid; othername.decode(oid); @@ -199,34 +196,35 @@ void AlternativeName::decode_from(BER_Decoder& source) BER_Object othername_value_outer = othername.get_next_object(); othername.verify_end(); - if(othername_value_outer.type_tag != ASN1_Tag(0) || - othername_value_outer.class_tag != - (CONTEXT_SPECIFIC | CONSTRUCTED) - ) + if(othername_value_outer.is_a(0, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) == false) throw Decoding_Error("Invalid tags on otherName value"); - BER_Decoder othername_value_inner(othername_value_outer.value); + BER_Decoder othername_value_inner(othername_value_outer); BER_Object value = othername_value_inner.get_next_object(); othername_value_inner.verify_end(); - const ASN1_Tag value_type = value.type_tag; - - if(ASN1_String::is_string_type(value_type) && value.class_tag == UNIVERSAL) + if(ASN1_String::is_string_type(value.type()) && value.get_class() == UNIVERSAL) { - add_othername(oid, ASN1::to_string(value), value_type); + add_othername(oid, ASN1::to_string(value), value.type()); } } } - else if(tag == 1 || tag == 2 || tag == 6) + if(obj.is_a(1, CONTEXT_SPECIFIC)) + { + add_attribute("RFC822", ASN1::to_string(obj)); + } + else if(obj.is_a(2, CONTEXT_SPECIFIC)) + { + add_attribute("DNS", ASN1::to_string(obj)); + } + else if(obj.is_a(6, CONTEXT_SPECIFIC)) { - if(tag == 1) add_attribute("RFC822", ASN1::to_string(obj)); - if(tag == 2) add_attribute("DNS", ASN1::to_string(obj)); - if(tag == 6) add_attribute("URI", ASN1::to_string(obj)); + add_attribute("URI", ASN1::to_string(obj)); } - else if(tag == 4) + else if(obj.is_a(4, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))) { - BER_Decoder dec(obj.value); + BER_Decoder dec(obj); X509_DN dn; std::stringstream ss; @@ -235,11 +233,11 @@ void AlternativeName::decode_from(BER_Decoder& source) add_attribute("DN", ss.str()); } - else if(tag == 7) + else if(obj.is_a(7, CONTEXT_SPECIFIC)) { - if(obj.value.size() == 4) + if(obj.length() == 4) { - const uint32_t ip = load_be(&obj.value[0], 0); + const uint32_t ip = load_be(obj.bits(), 0); add_attribute("IP", ipv4_to_string(ip)); } } diff --git a/src/lib/x509/name_constraint.cpp b/src/lib/x509/name_constraint.cpp index 21145824b3..888291557e 100644 --- a/src/lib/x509/name_constraint.cpp +++ b/src/lib/x509/name_constraint.cpp @@ -41,58 +41,49 @@ void GeneralName::encode_into(DER_Encoder&) const void GeneralName::decode_from(class BER_Decoder& ber) { BER_Object obj = ber.get_next_object(); - if((obj.class_tag != CONTEXT_SPECIFIC) && - (obj.class_tag != (CONTEXT_SPECIFIC | CONSTRUCTED))) - throw Decoding_Error("Invalid class tag while decoding GeneralName"); - const ASN1_Tag tag = obj.type_tag; - - if(tag == 1 || tag == 2 || tag == 6) + if(obj.is_a(1, CONTEXT_SPECIFIC)) { + m_type = "RFC822"; m_name = ASN1::to_string(obj); - - if(tag == 1) - { - m_type = "RFC822"; - } - else if(tag == 2) - { - m_type = "DNS"; - } - else if(tag == 6) - { - m_type = "URI"; - } } - else if(tag == 4) + else if(obj.is_a(2, CONTEXT_SPECIFIC)) { + m_type = "DNS"; + m_name = ASN1::to_string(obj); + } + else if(obj.is_a(6, CONTEXT_SPECIFIC)) + { + m_type = "URI"; + m_name = ASN1::to_string(obj); + } + else if(obj.is_a(4, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED))) + { + m_type = "DN"; X509_DN dn; - BER_Decoder dec(obj.value); + BER_Decoder dec(obj); std::stringstream ss; dn.decode_from(dec); ss << dn; m_name = ss.str(); - m_type = "DN"; } - else if(tag == 7) + else if(obj.is_a(7, CONTEXT_SPECIFIC)) { - if(obj.value.size() == 8) + if(obj.length() == 8) { - const std::vector ip(obj.value.begin(), obj.value.begin() + 4); - const std::vector net(obj.value.begin() + 4, obj.value.end()); m_type = "IP"; - m_name = ipv4_to_string(load_be(ip.data(), 0)) + "/" + ipv4_to_string(load_be(net.data(), 0)); + m_name = ipv4_to_string(load_be(obj.bits(), 0)) + "/" + + ipv4_to_string(load_be(obj.bits(), 1)); } - else if(obj.value.size() == 32) + else if(obj.length() == 32) { throw Decoding_Error("Unsupported IPv6 name constraint"); } else { - throw Decoding_Error("Invalid IP name constraint size " + - std::to_string(obj.value.size())); + throw Decoding_Error("Invalid IP name constraint size " + std::to_string(obj.length())); } } else diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 5a98b74953..10449b019f 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -32,18 +32,18 @@ void decode_optional_list(BER_Decoder& ber, { BER_Object obj = ber.get_next_object(); - if(obj.type_tag != tag || obj.class_tag != (CONTEXT_SPECIFIC | CONSTRUCTED)) + if(obj.is_a(tag, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) == false) { ber.push_back(obj); return; } - BER_Decoder list(obj.value); + BER_Decoder list(obj); while(list.more_items()) { BER_Object certbits = list.get_next_object(); - X509_Certificate cert(unlock(certbits.value)); + X509_Certificate cert(certbits.bits(), certbits.length()); output.push_back(std::move(cert)); } } diff --git a/src/lib/x509/ocsp_types.cpp b/src/lib/x509/ocsp_types.cpp index 353cb100a1..3eda5c05bb 100644 --- a/src/lib/x509/ocsp_types.cpp +++ b/src/lib/x509/ocsp_types.cpp @@ -97,7 +97,7 @@ void SingleResponse::decode_from(class BER_Decoder& from) ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)) .end_cons(); - m_cert_status = cert_status.type_tag; + m_cert_status = cert_status.type(); } } diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index b1543e3982..78fea8dc63 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -72,20 +72,18 @@ std::unique_ptr decode_pkcs10(const std::vector& body) cert_req_info.decode(data->m_subject_dn); BER_Object public_key = cert_req_info.get_next_object(); - if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) - throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", - public_key.type_tag, public_key.class_tag); + if(public_key.is_a(SEQUENCE, CONSTRUCTED) == false) + throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", public_key.tagging()); - data->m_public_key_bits = ASN1::put_in_sequence(unlock(public_key.value)); + data->m_public_key_bits = ASN1::put_in_sequence(public_key.bits(), public_key.length()); BER_Object attr_bits = cert_req_info.get_next_object(); std::set pkcs9_email; - if(attr_bits.type_tag == 0 && - attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + if(attr_bits.is_a(0, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) { - BER_Decoder attributes(attr_bits.value); + BER_Decoder attributes(attr_bits); while(attributes.more_items()) { Attribute attr; @@ -113,9 +111,8 @@ std::unique_ptr decode_pkcs10(const std::vector& body) } attributes.verify_end(); } - else if(attr_bits.type_tag != NO_OBJECT) - throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes", - attr_bits.type_tag, attr_bits.class_tag); + else if(attr_bits.is_set()) + throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes", attr_bits.tagging()); cert_req_info.verify_end(); diff --git a/src/lib/x509/x509_crl.cpp b/src/lib/x509/x509_crl.cpp index c6449baf86..da075e009b 100644 --- a/src/lib/x509/x509_crl.cpp +++ b/src/lib/x509/x509_crl.cpp @@ -141,9 +141,9 @@ std::unique_ptr decode_crl_body(const std::vector& body, BER_Object next = tbs_crl.get_next_object(); - if(next.type_tag == SEQUENCE && next.class_tag == CONSTRUCTED) + if(next.is_a(SEQUENCE, CONSTRUCTED)) { - BER_Decoder cert_list(next.value); + BER_Decoder cert_list(next); while(cert_list.more_items()) { @@ -154,15 +154,14 @@ std::unique_ptr decode_crl_body(const std::vector& body, next = tbs_crl.get_next_object(); } - if(next.type_tag == 0 && - next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + if(next.is_a(0, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) { - BER_Decoder crl_options(next.value); + BER_Decoder crl_options(next); crl_options.decode(data->m_extensions).verify_end(); next = tbs_crl.get_next_object(); } - if(next.type_tag != NO_OBJECT) + if(next.is_set()) throw X509_CRL::X509_CRL_Error("Unknown tag in CRL"); tbs_crl.verify_end(); diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index c3b58236a2..44c469c484 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -350,22 +350,27 @@ void Key_Usage::decode_inner(const std::vector& in) BER_Object obj = ber.get_next_object(); - if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) - throw BER_Bad_Tag("Bad tag for usage constraint", - obj.type_tag, obj.class_tag); + obj.assert_is_a(BIT_STRING, UNIVERSAL, "usage constraint"); - if(obj.value.size() != 2 && obj.value.size() != 3) + if(obj.length() != 2 && obj.length() != 3) throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); - if(obj.value[0] >= 8) + uint16_t usage = 0; + + const uint8_t* bits = obj.bits(); + + if(bits[0] >= 8) throw BER_Decoding_Error("Invalid unused bits in usage constraint"); - obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]); + const uint8_t mask = static_cast(0xFF << bits[0]); - uint16_t usage = 0; - for(size_t i = 1; i != obj.value.size(); ++i) + if(obj.length() == 2) + { + usage = make_uint16(bits[1] & mask, 0); + } + else if(obj.length() == 3) { - usage = (obj.value[i] << 8*(sizeof(usage)-i)) | usage; + usage = make_uint16(bits[1], bits[2] & mask); } m_constraints = Key_Constraints(usage); @@ -545,7 +550,7 @@ void Name_Constraints::decode_inner(const std::vector& in) BER_Object per = ext.get_next_object(); ext.push_back(per); - if(per.type_tag == 0 && per.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + if(per.is_a(0, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) { ext.decode_list(permit,ASN1_Tag(0),ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)); if(permit.empty()) @@ -554,7 +559,7 @@ void Name_Constraints::decode_inner(const std::vector& in) BER_Object exc = ext.get_next_object(); ext.push_back(exc); - if(per.type_tag == 1 && per.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + if(per.is_a(1, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) { ext.decode_list(exclude,ASN1_Tag(1),ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)); if(exclude.empty()) @@ -771,7 +776,7 @@ void Authority_Information_Access::decode_inner(const std::vector& in) { BER_Object name = info.get_next_object(); - if(name.type_tag == 6 && name.class_tag == CONTEXT_SPECIFIC) + if(name.is_a(6, CONTEXT_SPECIFIC)) { m_ocsp_responder = ASN1::to_string(name); } @@ -781,7 +786,7 @@ void Authority_Information_Access::decode_inner(const std::vector& in) { BER_Object name = info.get_next_object(); - if(name.type_tag == 6 && name.class_tag == CONTEXT_SPECIFIC) + if(name.is_a(6, CONTEXT_SPECIFIC)) { m_ca_issuers.push_back(ASN1::to_string(name)); } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index f298006c06..66921ed66d 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -85,6 +85,12 @@ X509_Certificate::X509_Certificate(const std::vector& vec) load_data(src); } +X509_Certificate::X509_Certificate(const uint8_t data[], size_t len) + { + DataSource_Memory src(data, len); + load_data(src); + } + #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) X509_Certificate::X509_Certificate(const std::string& fsname) { @@ -128,13 +134,11 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); BER_Object public_key = tbs_cert.get_next_object(); - if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) - throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", - public_key.type_tag, public_key.class_tag); + public_key.assert_is_a(SEQUENCE, CONSTRUCTED, "X.509 certificate public key"); // validate_public_key_params(public_key.value); AlgorithmIdentifier public_key_alg_id; - BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining(); + BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); std::vector public_key_info = split_on(OIDS::oid2str(public_key_alg_id.get_oid()), '/'); @@ -180,7 +184,7 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o } } - data->m_subject_public_key_bits = unlock(public_key.value); + data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); BER_Decoder(data->m_subject_public_key_bits) .decode(data->m_subject_public_key_algid) @@ -190,14 +194,12 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o tbs_cert.decode_optional_string(data->m_v2_subject_key_id, BIT_STRING, 2); BER_Object v3_exts_data = tbs_cert.get_next_object(); - if(v3_exts_data.type_tag == 3 && - v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + if(v3_exts_data.is_a(3, ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))) { - BER_Decoder(v3_exts_data.value).decode(data->m_v3_extensions).verify_end(); + BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end(); } - else if(v3_exts_data.type_tag != NO_OBJECT) - throw BER_Bad_Tag("Unknown tag in X.509 cert", - v3_exts_data.type_tag, v3_exts_data.class_tag); + else if(v3_exts_data.is_set()) + throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); if(tbs_cert.more_items()) throw Decoding_Error("TBSCertificate has extra data after extensions block"); diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index a1448637df..79d16d37f2 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -407,6 +407,13 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ explicit X509_Certificate(const std::vector& in); + /** + * Create a certificate from a buffer + * @param data the buffer containing the DER-encoded certificate + * @param length length of data in bytes + */ + X509_Certificate(const uint8_t data[], size_t length); + /** * Create an uninitialized certificate object. Any attempts to * access this object will throw an exception. diff --git a/src/tests/data/x509/bsi/expected.txt b/src/tests/data/x509/bsi/expected.txt index 6b609a2014..fefb42bc54 100644 --- a/src/tests/data/x509/bsi/expected.txt +++ b/src/tests/data/x509/bsi/expected.txt @@ -28,7 +28,7 @@ cert_path_CRL_10$Certificate is revoked cert_path_CRL_11$Certificate is revoked cert_path_CRL_12$No revocation data cert_path_CRL_13$No CRL with matching distribution point for certificate -cert_path_CRL_14$Invalid argument Decoding error: X509 CRL decoding failed: Invalid argument Decoding error: BER: Tag mismatch when decoding got 65280/65280 expected 3/0 +cert_path_CRL_14$Invalid argument Decoding error: X509 CRL decoding failed: Invalid argument Decoding error: BER: Tag mismatch when decoding object got 65280/65280 expected 3/0 cert_path_CRL_15$No CRL with matching distribution point for certificate cert_path_CRL_16$Certificate is revoked cert_path_crypt_01$Signature error @@ -42,7 +42,7 @@ cert_path_ext_06$CA certificate not allowed to issue certs cert_path_ext_07$CA certificate not allowed to issue certs cert_path_ext_08$Certificate chain too long cert_path_ext_09$Verified -cert_path_ext_10$Invalid argument Decoding error: CERTIFICATE decoding failed: Invalid argument Decoding error: Decoding X.509 extension 2.5.29.15 failed failed with exception Invalid argument Decoding error: BER: Bad tag for usage constraint: 16/32 +cert_path_ext_10$Invalid argument Decoding error: CERTIFICATE decoding failed: Invalid argument Decoding error: Decoding X.509 extension 2.5.29.15 failed failed with exception Invalid argument Decoding error: BER: Tag mismatch when decoding usage constraint got 16/32 expected 3/0 cert_path_ext_11$CA certificate not allowed to issue certs cert_path_ext_12$Certificate contains duplicate policy cert_path_ext_13$Unknown critical extension encountered From 325fbe90533c648e9cf58a95bfe1bae5d4bdd759 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 18 Jan 2018 16:39:49 -0500 Subject: [PATCH 0556/1008] Fix test error when MD5 is disabled Fixes GH #1418 --- src/tests/test_x509_path.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 3b84cfd54b..3a33e150c8 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -485,7 +485,12 @@ std::vector BSI_Path_Validation_Tests::run() for (auto& i : expected) { const std::string test_name = i.first; - const std::string expected_result = i.second; + std::string expected_result = i.second; + +#if !defined(BOTAN_HAS_MD5) + if(expected_result == "Hash function used is considered too weak for security") + expected_result = "Certificate signed with unknown/unavailable algorithm"; +#endif const std::string test_dir = bsi_test_dir + "/" + test_name; From 27a8039d21fc6ebeba57f666bd8806f3ce51cd85 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 18 Jan 2018 16:44:23 -0500 Subject: [PATCH 0557/1008] Document --with-boost option Fixes GH #1419 --- doc/manual/building.rst | 28 +++++++++++++++------------- doc/manual/cli.rst | 4 ++-- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/doc/manual/building.rst b/doc/manual/building.rst index f7870c8652..6da09c214c 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -299,24 +299,26 @@ Currently ``configure.py`` cannot detect if external libraries are available, so using them is controlled explicitly at build time by the user using - - ``--with-bzip2`` enables the filters providing bzip2 compression - and decompression. Requires the bzip2 development libraries to be - installed. + - ``--with-bzip2`` enables the filters providing bzip2 compression and + decompression. Requires the bzip2 development libraries to be installed. - - ``--with-zlib`` enables the filters providing zlib compression - and decompression. Requires the zlib development libraries to be - installed. + - ``--with-zlib`` enables the filters providing zlib compression and + decompression. Requires the zlib development libraries to be installed. - ``--with-lzma`` enables the filters providing lzma compression and - decompression. Requires the lzma development libraries to be - installed. + decompression. Requires the lzma development libraries to be installed. - - ``--with-sqlite3`` enables storing TLS session information to an - encrypted SQLite database. + - ``--with-sqlite3`` enables using sqlite3 databases in various contexts + (TLS session cache, PSK database, etc). - - ``--with-openssl`` adds an engine that uses OpenSSL for some public - key operations and ciphers/hashes. OpenSSL 1.0.1 or later is supported. - LibreSSL is API compatible with OpenSSL 1.0 and can be used instead. + - ``--with-openssl`` adds an engine that uses OpenSSL for some ciphers, hashes, + and public key operations. OpenSSL 1.0.2 or later is supported. LibreSSL can + also be used. + + - ``--with-boost`` enables using some Boost libraries. In particular + Boost.Filesystem is used for a few operations (but on most platforms, a + native API equivalent is available), and Boost.Asio is used to provide a few + extra TLS related command line utilities. Multiple Builds ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index 7427feb5db..69b6d454eb 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -163,12 +163,12 @@ TLS Server/Client defined in the *policy* file. ``tls_http_server cert key --port=443 --policy= --session-db --session-db-pass=`` - Only available if asio support was enabled. Provides a simple HTTP server + Only available if Boost.Asio support was enabled. Provides a simple HTTP server which replies to all requests with an informational text output. The server honors the TLS policy defined in the *policy* file. ``tls_proxy listen_port target_host target_port server_cert server_key`` - Only available if asio support was enabled. Listens on a port and + Only available if Boost.Asio support was enabled. Listens on a port and forwards all connects to a target server specified at ``target_host`` and ``target_port``. From a69671ae57ecdcf1b7399eccd1af249008658e0b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 17 Jan 2018 12:36:23 -0500 Subject: [PATCH 0558/1008] Make PBES2 optional See #1416 for reasoning --- src/lib/pubkey/info.txt | 1 - src/lib/pubkey/pkcs8.cpp | 43 ++++++++++++++++++++++++++++++++-------- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt index bd848e3535..c6e8036e59 100644 --- a/src/lib/pubkey/info.txt +++ b/src/lib/pubkey/info.txt @@ -22,7 +22,6 @@ pk_ops_impl.h asn1 bigint kdf -pbes2 pem pk_pad numbertheory diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 0d13d80901..bea3beec0f 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -1,6 +1,6 @@ /* * PKCS #8 -* (C) 1999-2010,2014 Jack Lloyd +* (C) 1999-2010,2014,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -12,10 +12,13 @@ #include #include #include -#include #include #include +#if defined(BOTAN_HAS_PKCS5_PBES2) + #include +#endif + namespace Botan { namespace PKCS8 { @@ -54,20 +57,20 @@ secure_vector PKCS8_decode( try { if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { - if ( is_encrypted ) + if(is_encrypted) { key_data = PKCS8_extract(source, pbe_alg_id); } else { // todo read more efficiently - while ( !source.end_of_data() ) + while(!source.end_of_data()) { uint8_t b; - size_t read = source.read_byte( b ); - if ( read ) + size_t read = source.read_byte(b); + if(read) { - key_data.push_back( b ); + key_data.push_back(b); } } } @@ -103,14 +106,19 @@ secure_vector PKCS8_decode( { if(OIDS::lookup(pbe_alg_id.get_oid()) != "PBE-PKCS5v20") throw Exception("Unknown PBE type " + pbe_alg_id.get_oid().as_string()); +#if defined(BOTAN_HAS_PKCS5_PBES2) key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.get_parameters()); +#else + BOTAN_UNUSED(get_passphrase); + throw Decoding_Error("Private key is encrypted but PBES2 was disabled in build"); +#endif } else key = key_data; BER_Decoder(key) .start_cons(SEQUENCE) - .decode_and_check(0, "Unknown PKCS #8 version number") + .decode_and_check(0, "Unknown PKCS #8 version number") .decode(pk_alg_id) .decode(key, OCTET_STRING) .discard_remaining() @@ -142,6 +150,8 @@ std::string PEM_encode(const Private_Key& key) return PEM_Code::encode(PKCS8::BER_encode(key), "PRIVATE KEY"); } +#if defined(BOTAN_HAS_PKCS5_PBES2) + namespace { std::pair @@ -164,6 +174,8 @@ choose_pbe_params(const std::string& pbe_algo, const std::string& key_algo) } +#endif + /* * BER encode a PKCS #8 private key, encrypted */ @@ -173,6 +185,7 @@ std::vector BER_encode(const Private_Key& key, std::chrono::milliseconds msec, const std::string& pbe_algo) { +#if defined(BOTAN_HAS_PKCS5_PBES2) const auto pbe_params = choose_pbe_params(pbe_algo, key.algo_name()); const std::pair> pbe_info = @@ -185,6 +198,10 @@ std::vector BER_encode(const Private_Key& key, .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); +#else + BOTAN_UNUSED(key, rng, pass, msec, pbe_algo); + throw Encoding_Error("PKCS8::BER_encode cannot encrypt because PBES2 was disabled in build"); +#endif } /* @@ -213,6 +230,7 @@ std::vector BER_encode_encrypted_pbkdf_iter(const Private_Key& key, const std::string& cipher, const std::string& pbkdf_hash) { +#if defined(BOTAN_HAS_PKCS5_PBES2) const std::pair> pbe_info = pbes2_encrypt_iter(key.private_key_info(), pass, pbkdf_iterations, @@ -226,6 +244,10 @@ std::vector BER_encode_encrypted_pbkdf_iter(const Private_Key& key, .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); +#else + BOTAN_UNUSED(key, rng, pass, pbkdf_iterations, cipher, pbkdf_hash); + throw Encoding_Error("PKCS8::BER_encode_encrypted_pbkdf_iter cannot encrypt because PBES2 disabled in build"); +#endif } /* @@ -254,6 +276,7 @@ std::vector BER_encode_encrypted_pbkdf_msec(const Private_Key& key, const std::string& cipher, const std::string& pbkdf_hash) { +#if defined(BOTAN_HAS_PKCS5_PBES2) const std::pair> pbe_info = pbes2_encrypt_msec(key.private_key_info(), pass, pbkdf_msec, pbkdf_iterations, @@ -267,6 +290,10 @@ std::vector BER_encode_encrypted_pbkdf_msec(const Private_Key& key, .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); +#else + BOTAN_UNUSED(key, rng, pass, pbkdf_msec, pbkdf_iterations, cipher, pbkdf_hash); + throw Encoding_Error("BER_encode_encrypted_pbkdf_msec cannot encrypt because PBES2 disabled in build"); +#endif } /* From 5b32eda7b33c8470dbb47c7c87ba2f5cf7e7d146 Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Fri, 19 Jan 2018 02:13:53 +0100 Subject: [PATCH 0559/1008] Fix documentation of DataSource::end_of_data. --- src/lib/utils/data_src.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/data_src.h b/src/lib/utils/data_src.h index 346ec20f78..09c1bffdf7 100644 --- a/src/lib/utils/data_src.h +++ b/src/lib/utils/data_src.h @@ -49,7 +49,7 @@ class BOTAN_PUBLIC_API(2,0) DataSource /** * Test whether the source still has data that can be read. - * @return true if there is still data to read, false otherwise + * @return true if there is no more data to read, false otherwise */ virtual bool end_of_data() const = 0; /** From ba41d6079f99a96dc3380a8ba47693be14aad5c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 19 Jan 2018 07:03:10 -0500 Subject: [PATCH 0560/1008] Reorganize code to avoid cli/test build failures if filesystem disabled Fixes #1422 --- src/cli/pubkey.cpp | 216 ++++++++++++------------ src/cli/tls_client.cpp | 3 +- src/cli/tls_http_server.cpp | 2 +- src/cli/tls_proxy.cpp | 2 +- src/cli/tls_server.cpp | 3 +- src/cli/x509.cpp | 2 +- src/tests/test_certstor.cpp | 2 +- src/tests/test_name_constraint.cpp | 2 +- src/tests/test_ocsp.cpp | 2 +- src/tests/test_pkcs11_high_level.cpp | 2 + src/tests/unit_ecdsa.cpp | 103 ++++++------ src/tests/unit_x509.cpp | 239 ++++++++++++++------------- 12 files changed, 301 insertions(+), 277 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 2c431c4035..ffe1470dc2 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -27,36 +27,6 @@ namespace Botan_CLI { -class PK_Fingerprint final : public Command - { - public: - PK_Fingerprint() : Command("fingerprint --algo=SHA-256 *keys") {} - - std::string group() const override - { - return "pubkey"; - } - - std::string description() const override - { - return "Calculate a public key fingerprint"; - } - - void go() override - { - const std::string hash_algo = get_arg("algo"); - - for(std::string key_file : get_arg_list("keys")) - { - std::unique_ptr key(Botan::X509::load_key(key_file)); - - output() << key_file << ": " << key->fingerprint_public(hash_algo) << "\n"; - } - } - }; - -BOTAN_REGISTER_COMMAND("fingerprint", PK_Fingerprint); - class PK_Keygen final : public Command { public: @@ -118,6 +88,8 @@ class PK_Keygen final : public Command BOTAN_REGISTER_COMMAND("keygen", PK_Keygen); +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) + namespace { std::string algo_default_emsa(const std::string& key) @@ -138,6 +110,36 @@ std::string algo_default_emsa(const std::string& key) } +class PK_Fingerprint final : public Command + { + public: + PK_Fingerprint() : Command("fingerprint --algo=SHA-256 *keys") {} + + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Calculate a public key fingerprint"; + } + + void go() override + { + const std::string hash_algo = get_arg("algo"); + + for(std::string key_file : get_arg_list("keys")) + { + std::unique_ptr key(Botan::X509::load_key(key_file)); + + output() << key_file << ": " << key->fingerprint_public(hash_algo) << "\n"; + } + } + }; + +BOTAN_REGISTER_COMMAND("fingerprint", PK_Fingerprint); + class PK_Sign final : public Command { public: @@ -233,6 +235,84 @@ class PK_Verify final : public Command BOTAN_REGISTER_COMMAND("verify", PK_Verify); +class PKCS8_Tool final : public Command + { + public: + PKCS8_Tool() : Command("pkcs8 --pass-in= --pub-out --der-out --pass-out= --pbe= --pbe-millis=300 key") {} + + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Open a PKCS #8 formatted key"; + } + + void go() override + { + std::unique_ptr key; + std::string pass_in = get_arg("pass-in"); + + if (pass_in.empty()) + { + key.reset(Botan::PKCS8::load_key(get_arg("key"), rng())); + } + else + { + key.reset(Botan::PKCS8::load_key(get_arg("key"), rng(), pass_in)); + } + + const std::chrono::milliseconds pbe_millis(get_arg_sz("pbe-millis")); + const std::string pbe = get_arg("pbe"); + const bool der_out = flag_set("der-out"); + + if(flag_set("pub-out")) + { + if(der_out) + { + write_output(Botan::X509::BER_encode(*key)); + } + else + { + output() << Botan::X509::PEM_encode(*key); + } + } + else + { + const std::string pass_out = get_arg("pass-out"); + + if(der_out) + { + if(pass_out.empty()) + { + write_output(Botan::PKCS8::BER_encode(*key)); + } + else + { + write_output(Botan::PKCS8::BER_encode(*key, rng(), pass_out, pbe_millis, pbe)); + } + } + else + { + if(pass_out.empty()) + { + output() << Botan::PKCS8::PEM_encode(*key); + } + else + { + output() << Botan::PKCS8::PEM_encode(*key, rng(), pass_out, pbe_millis, pbe); + } + } + } + } + }; + +BOTAN_REGISTER_COMMAND("pkcs8", PKCS8_Tool); + +#endif + #if defined(BOTAN_HAS_ECC_GROUP) class EC_Group_Info final : public Command @@ -352,82 +432,6 @@ BOTAN_REGISTER_COMMAND("gen_dl_group", Gen_DL_Group); #endif -class PKCS8_Tool final : public Command - { - public: - PKCS8_Tool() : Command("pkcs8 --pass-in= --pub-out --der-out --pass-out= --pbe= --pbe-millis=300 key") {} - - std::string group() const override - { - return "pubkey"; - } - - std::string description() const override - { - return "Open a PKCS #8 formatted key"; - } - - void go() override - { - std::unique_ptr key; - std::string pass_in = get_arg("pass-in"); - - if (pass_in.empty()) - { - key.reset(Botan::PKCS8::load_key(get_arg("key"), rng())); - } - else - { - key.reset(Botan::PKCS8::load_key(get_arg("key"), rng(), pass_in)); - } - - const std::chrono::milliseconds pbe_millis(get_arg_sz("pbe-millis")); - const std::string pbe = get_arg("pbe"); - const bool der_out = flag_set("der-out"); - - if(flag_set("pub-out")) - { - if(der_out) - { - write_output(Botan::X509::BER_encode(*key)); - } - else - { - output() << Botan::X509::PEM_encode(*key); - } - } - else - { - const std::string pass_out = get_arg("pass-out"); - - if(der_out) - { - if(pass_out.empty()) - { - write_output(Botan::PKCS8::BER_encode(*key)); - } - else - { - write_output(Botan::PKCS8::BER_encode(*key, rng(), pass_out, pbe_millis, pbe)); - } - } - else - { - if(pass_out.empty()) - { - output() << Botan::PKCS8::PEM_encode(*key); - } - else - { - output() << Botan::PKCS8::PEM_encode(*key, rng(), pass_out, pbe_millis, pbe); - } - } - } - } - }; - -BOTAN_REGISTER_COMMAND("pkcs8", PKCS8_Tool); - } #endif diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 53e3926e09..f3fe0c266d 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -8,7 +8,8 @@ #include "cli.h" -#if defined(BOTAN_HAS_TLS) && (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) +#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && \ + (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) #include #include diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp index 339cd2a676..255cd31b3f 100644 --- a/src/cli/tls_http_server.cpp +++ b/src/cli/tls_http_server.cpp @@ -7,7 +7,7 @@ #include "cli.h" -#if defined(BOTAN_HAS_TLS) && defined(BOTAN_HAS_BOOST_ASIO) +#if defined(BOTAN_HAS_TLS) && defined(BOTAN_HAS_BOOST_ASIO) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) #include #include diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index d9540d9d3f..ed7ee5645d 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -8,7 +8,7 @@ #include "cli.h" -#if defined(BOTAN_HAS_TLS) && defined(BOTAN_HAS_BOOST_ASIO) +#if defined(BOTAN_HAS_TLS) && defined(BOTAN_HAS_BOOST_ASIO) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) #include #include diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index b9cd0d0292..9da65b0f4b 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -8,7 +8,8 @@ #include "cli.h" -#if defined(BOTAN_HAS_TLS) && (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) +#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && \ + (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) #include #include diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index ed9eb3d4f4..9a059d7990 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -7,7 +7,7 @@ #include "cli.h" -#if defined(BOTAN_HAS_X509_CERTIFICATES) +#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) #include #include diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index ea69e05c2b..d48973ac43 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -22,7 +22,7 @@ namespace Botan_Tests { namespace { -#if defined(BOTAN_HAS_CERTSTOR_SQL) && defined(BOTAN_HAS_RSA) +#if defined(BOTAN_HAS_CERTSTOR_SQL) && defined(BOTAN_HAS_RSA) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) struct CertificateAndKey { diff --git a/src/tests/test_name_constraint.cpp b/src/tests/test_name_constraint.cpp index 3d01d84c76..f0abda710a 100644 --- a/src/tests/test_name_constraint.cpp +++ b/src/tests/test_name_constraint.cpp @@ -17,7 +17,7 @@ namespace Botan_Tests { namespace { -#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) +#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) class Name_Constraint_Tests final : public Test { diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index 6a872ae628..dc3c6f47e2 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -16,7 +16,7 @@ namespace Botan_Tests { -#if defined(BOTAN_HAS_OCSP) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) +#if defined(BOTAN_HAS_OCSP) && defined(BOTAN_HAS_RSA) && defined(BOTAN_HAS_EMSA_PKCS1) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) class OCSP_Tests final : public Test { diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 950171d9c0..e89715189b 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -1550,6 +1550,7 @@ Test::Result test_x509_import() { Test::Result result("PKCS11 X509 cert import"); +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) TestSession test_session(true); X509_Certificate root(Test::data_file("x509/nist/test01/end.crt")); @@ -1565,6 +1566,7 @@ Test::Result test_x509_import() result.test_eq("X509 certificate by handle", pkcs11_cert == pkcs11_cert2, true); pkcs11_cert.destroy(); +#endif return result; } diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 99acc3f211..5d137bacfb 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -76,7 +76,7 @@ Test::Result test_hash_larger_than_n() return result; } -#if defined(BOTAN_HAS_X509_CERTIFICATES) +#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) Test::Result test_decode_ecdsa_X509() { Test::Result result("ECDSA Unit"); @@ -262,6 +262,8 @@ Test::Result test_unusual_curve() return result; } +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) + Test::Result test_read_pkcs8() { Test::Result result("ECDSA Unit"); @@ -306,7 +308,49 @@ Test::Result test_read_pkcs8() return result; } +Test::Result test_ecc_key_with_rfc5915_extensions() + { + Test::Result result("ECDSA Unit"); + + try + { + std::unique_ptr pkcs8( + Botan::PKCS8::load_key(Test::data_file("x509/ecc/ecc_private_with_rfc5915_ext.pem"), Test::rng())); + + result.confirm("loaded RFC 5915 key", pkcs8.get()); + result.test_eq("key is ECDSA", pkcs8->algo_name(), "ECDSA"); + result.confirm("key type is ECDSA", dynamic_cast(pkcs8.get())); + } + catch(std::exception& e) + { + result.test_failure("load_rfc5915_ext", e.what()); + } + + return result; + } + +Test::Result test_ecc_key_with_rfc5915_parameters() + { + Test::Result result("ECDSA Unit"); + + try + { + std::unique_ptr pkcs8( + Botan::PKCS8::load_key(Test::data_file("x509/ecc/ecc_private_with_rfc5915_parameters.pem"), Test::rng())); + result.confirm("loaded RFC 5915 key", pkcs8.get()); + result.test_eq("key is ECDSA", pkcs8->algo_name(), "ECDSA"); + result.confirm("key type is ECDSA", dynamic_cast(pkcs8.get())); + } + catch(std::exception& e) + { + result.test_failure("load_rfc5915_params", e.what()); + } + + return result; + } + +#endif Test::Result test_curve_registry() { @@ -364,49 +408,6 @@ Test::Result test_curve_registry() return result; } -Test::Result test_ecc_key_with_rfc5915_extensions() - { - Test::Result result("ECDSA Unit"); - - try - { - std::unique_ptr pkcs8( - Botan::PKCS8::load_key(Test::data_file("x509/ecc/ecc_private_with_rfc5915_ext.pem"), Test::rng())); - - result.confirm("loaded RFC 5915 key", pkcs8.get()); - result.test_eq("key is ECDSA", pkcs8->algo_name(), "ECDSA"); - result.confirm("key type is ECDSA", dynamic_cast(pkcs8.get())); - } - catch(std::exception& e) - { - result.test_failure("load_rfc5915_ext", e.what()); - } - - return result; - } - -Test::Result test_ecc_key_with_rfc5915_parameters() - { - Test::Result result("ECDSA Unit"); - - try - { - std::unique_ptr pkcs8( - Botan::PKCS8::load_key(Test::data_file("x509/ecc/ecc_private_with_rfc5915_parameters.pem"), Test::rng())); - - result.confirm("loaded RFC 5915 key", pkcs8.get()); - result.test_eq("key is ECDSA", pkcs8->algo_name(), "ECDSA"); - result.confirm("key type is ECDSA", dynamic_cast(pkcs8.get())); - } - catch(std::exception& e) - { - result.test_failure("load_rfc5915_params", e.what()); - } - - return result; - } - - class ECDSA_Unit_Tests final : public Test { @@ -414,20 +415,26 @@ class ECDSA_Unit_Tests final : public Test std::vector run() override { std::vector results; - results.push_back(test_hash_larger_than_n()); + +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) + results.push_back(test_read_pkcs8()); + results.push_back(test_ecc_key_with_rfc5915_extensions()); + results.push_back(test_ecc_key_with_rfc5915_parameters()); + #if defined(BOTAN_HAS_X509_CERTIFICATES) results.push_back(test_decode_ecdsa_X509()); results.push_back(test_decode_ver_link_SHA256()); results.push_back(test_decode_ver_link_SHA1()); #endif + +#endif + + results.push_back(test_hash_larger_than_n()); results.push_back(test_sign_then_ver()); results.push_back(test_ec_sign()); - results.push_back(test_read_pkcs8()); results.push_back(test_ecdsa_create_save_load()); results.push_back(test_unusual_curve()); results.push_back(test_curve_registry()); - results.push_back(test_ecc_key_with_rfc5915_extensions()); - results.push_back(test_ecc_key_with_rfc5915_parameters()); return results; } }; diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 0aa9d02098..5e787d72d1 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -372,6 +372,8 @@ Test::Result test_x509_dates() return result; } +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) + Test::Result test_crl_dn_name() { Test::Result result("CRL DN name"); @@ -398,6 +400,24 @@ Test::Result test_crl_dn_name() return result; } +Test::Result test_x509_decode_list() + { + Test::Result result("X509_Certificate list decode"); + + Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der"), true); + + Botan::BER_Decoder dec(input); + std::vector certs; + dec.decode_list(certs); + + result.test_eq("Expected number of certs in list", certs.size(), 2); + + result.test_eq("Expected cert 1 CN", certs[0].subject_dn().get_first_attribute("CN"), "CA1-PP.01.02"); + result.test_eq("Expected cert 2 CN", certs[1].subject_dn().get_first_attribute("CN"), "User1-PP.01.02"); + + return result; + } + Test::Result test_x509_utf8() { Test::Result result("X509 with UTF-8 encoded fields"); @@ -503,6 +523,100 @@ Test::Result test_x509_authority_info_access_extension() return result; } +/* + * @brief checks the configurability of the EMSA4(RSA-PSS) signature scheme + * + * For the other algorithms than RSA, only one padding is supported right now. + */ +Test::Result test_padding_config() { + // Throughout the test, some synonyms for EMSA4 are used, e.g. PSSR, EMSA-PSS + Test::Result test_result("X509 Padding Config"); + + std::unique_ptr sk(Botan::PKCS8::load_key( + Test::data_file("x509/misc/rsa_key.pem"), Test::rng())); + + // Create X509 CA certificate; EMSA3 is used for signing by default + Botan::X509_Cert_Options opt("TESTCA"); + opt.CA_key(); + Botan::X509_Certificate ca_cert_def = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); + test_result.test_eq("CA certificate signature algorithm (default)", + Botan::OIDS::lookup(ca_cert_def.signature_algorithm().oid),"RSA/EMSA3(SHA-512)"); + + // Create X509 CA certificate; RSA-PSS is explicitly set + opt.set_padding_scheme("PSSR"); + Botan::X509_Certificate ca_cert_exp = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); + test_result.test_eq("CA certificate signature algorithm (explicit)", + Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + + // Try to set a padding scheme that is not supported for signing with the given key type + opt.set_padding_scheme("EMSA1"); + try + { + Botan::X509_Certificate ca_cert_wrong = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); + test_result.test_failure("Could build CA certitiface with invalid encoding scheme EMSA1 for key type " + sk->algo_name()); + } + catch (const Botan::Invalid_Argument& e) + { + test_result.test_eq("Build CA certitiface with invalid encoding scheme EMSA1 for key type " + + sk->algo_name(), e.what(), + "Invalid argument Encoding scheme with canonical name EMSA1 not supported for signature algorithm RSA"); + } + test_result.test_eq("CA certificate signature algorithm (explicit)", + Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + + const auto not_before = Botan::calendar_point(2017, 1, 1, 1, 1, 1).to_std_timepoint(); + const auto not_after = Botan::calendar_point(2037, 12, 25, 1, 1, 1).to_std_timepoint(); + + // Prepare a signing request for the end certificate + Botan::X509_Cert_Options req_opt("endpoint"); + req_opt.set_padding_scheme("EMSA4(SHA-512,MGF1,64)"); + Botan::PKCS10_Request end_req = Botan::X509::create_cert_req(req_opt, (*sk), "SHA-512", Test::rng()); + test_result.test_eq("Certificate request signature algorithm", Botan::OIDS::lookup(end_req.signature_algorithm().oid),"RSA/EMSA4"); + + // Create X509 CA object: will fail as the chosen hash functions differ + try + { + Botan::X509_CA ca_fail(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-256)"}},"SHA-512", Test::rng()); + test_result.test_failure("Configured conflicting hash functions for CA"); + } + catch(const Botan::Invalid_Argument& e) + { + test_result.test_eq("Configured conflicting hash functions for CA", + e.what(), + "Invalid argument Hash function from opts and hash_fn argument need to be identical"); + } + + // Create X509 CA object: its signer will use the padding scheme from the CA certificate, i.e. EMSA3 + Botan::X509_CA ca_def(ca_cert_def, (*sk), "SHA-512", Test::rng()); + Botan::X509_Certificate end_cert_emsa3 = ca_def.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa3.signature_algorithm().oid), "RSA/EMSA3(SHA-512)"); + + // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is different from the CA certificate's scheme + Botan::X509_CA ca_diff(ca_cert_def, (*sk), {{"padding","EMSA-PSS"}}, "SHA-512", Test::rng()); + Botan::X509_Certificate end_cert_diff_emsa4 = ca_diff.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_diff_emsa4.signature_algorithm().oid), "RSA/EMSA4"); + + // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is identical to the CA certificate's scheme + Botan::X509_CA ca_exp(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-512,MGF1,64)"}},"SHA-512", Test::rng()); + Botan::X509_Certificate end_cert_emsa4= ca_exp.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa4.signature_algorithm().oid), "RSA/EMSA4"); + + // Check CRL signature algorithm + Botan::X509_CRL crl = ca_exp.new_crl(Test::rng()); + test_result.test_eq("CRL signature algorithm", Botan::OIDS::lookup(crl.signature_algorithm().oid), "RSA/EMSA4"); + + // sanity check for verification, the heavy lifting is done in the other unit tests + const Botan::Certificate_Store_In_Memory trusted(ca_exp.ca_certificate()); + const Botan::Path_Validation_Restrictions restrictions(false, 80); + const Botan::Path_Validation_Result validation_result = Botan::x509_path_validate( + end_cert_emsa4, restrictions, trusted); + test_result.confirm("EMSA4-signed certificate validates", validation_result.successful_validation()); + + return test_result; +} + +#endif + Test::Result test_x509_cert(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") { Test::Result result("X509 Unit"); @@ -827,24 +941,6 @@ Test::Result test_x509_uninit() return result; } -Test::Result test_x509_decode_list() - { - Test::Result result("X509_Certificate list decode"); - - Botan::DataSource_Stream input(Test::data_file("x509/misc/cert_seq.der"), true); - - Botan::BER_Decoder dec(input); - std::vector certs; - dec.decode_list(certs); - - result.test_eq("Expected number of certs in list", certs.size(), 2); - - result.test_eq("Expected cert 1 CN", certs[0].subject_dn().get_first_attribute("CN"), "CA1-PP.01.02"); - result.test_eq("Expected cert 2 CN", certs[1].subject_dn().get_first_attribute("CN"), "User1-PP.01.02"); - - return result; - } - using Botan::Key_Constraints; @@ -1266,98 +1362,6 @@ Test::Result test_hashes(const std::string& algo, const std::string& hash_fn = " return result; } -/* - * @brief checks the configurability of the EMSA4(RSA-PSS) signature scheme - * - * For the other algorithms than RSA, only one padding is supported right now. - */ -Test::Result test_padding_config() { - // Throughout the test, some synonyms for EMSA4 are used, e.g. PSSR, EMSA-PSS - Test::Result test_result("X509 Padding Config"); - - std::unique_ptr sk(Botan::PKCS8::load_key( - Test::data_file("x509/misc/rsa_key.pem"), Test::rng())); - - // Create X509 CA certificate; EMSA3 is used for signing by default - Botan::X509_Cert_Options opt("TESTCA"); - opt.CA_key(); - Botan::X509_Certificate ca_cert_def = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); - test_result.test_eq("CA certificate signature algorithm (default)", - Botan::OIDS::lookup(ca_cert_def.signature_algorithm().oid),"RSA/EMSA3(SHA-512)"); - - // Create X509 CA certificate; RSA-PSS is explicitly set - opt.set_padding_scheme("PSSR"); - Botan::X509_Certificate ca_cert_exp = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); - test_result.test_eq("CA certificate signature algorithm (explicit)", - Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); - - // Try to set a padding scheme that is not supported for signing with the given key type - opt.set_padding_scheme("EMSA1"); - try - { - Botan::X509_Certificate ca_cert_wrong = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); - test_result.test_failure("Could build CA certitiface with invalid encoding scheme EMSA1 for key type " + sk->algo_name()); - } - catch (const Botan::Invalid_Argument& e) - { - test_result.test_eq("Build CA certitiface with invalid encoding scheme EMSA1 for key type " + - sk->algo_name(), e.what(), - "Invalid argument Encoding scheme with canonical name EMSA1 not supported for signature algorithm RSA"); - } - test_result.test_eq("CA certificate signature algorithm (explicit)", - Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); - - const auto not_before = Botan::calendar_point(2017, 1, 1, 1, 1, 1).to_std_timepoint(); - const auto not_after = Botan::calendar_point(2037, 12, 25, 1, 1, 1).to_std_timepoint(); - - // Prepare a signing request for the end certificate - Botan::X509_Cert_Options req_opt("endpoint"); - req_opt.set_padding_scheme("EMSA4(SHA-512,MGF1,64)"); - Botan::PKCS10_Request end_req = Botan::X509::create_cert_req(req_opt, (*sk), "SHA-512", Test::rng()); - test_result.test_eq("Certificate request signature algorithm", Botan::OIDS::lookup(end_req.signature_algorithm().oid),"RSA/EMSA4"); - - // Create X509 CA object: will fail as the chosen hash functions differ - try - { - Botan::X509_CA ca_fail(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-256)"}},"SHA-512", Test::rng()); - test_result.test_failure("Configured conflicting hash functions for CA"); - } - catch(const Botan::Invalid_Argument& e) - { - test_result.test_eq("Configured conflicting hash functions for CA", - e.what(), - "Invalid argument Hash function from opts and hash_fn argument need to be identical"); - } - - // Create X509 CA object: its signer will use the padding scheme from the CA certificate, i.e. EMSA3 - Botan::X509_CA ca_def(ca_cert_def, (*sk), "SHA-512", Test::rng()); - Botan::X509_Certificate end_cert_emsa3 = ca_def.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); - test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa3.signature_algorithm().oid), "RSA/EMSA3(SHA-512)"); - - // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is different from the CA certificate's scheme - Botan::X509_CA ca_diff(ca_cert_def, (*sk), {{"padding","EMSA-PSS"}}, "SHA-512", Test::rng()); - Botan::X509_Certificate end_cert_diff_emsa4 = ca_diff.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); - test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_diff_emsa4.signature_algorithm().oid), "RSA/EMSA4"); - - // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is identical to the CA certificate's scheme - Botan::X509_CA ca_exp(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-512,MGF1,64)"}},"SHA-512", Test::rng()); - Botan::X509_Certificate end_cert_emsa4= ca_exp.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); - test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa4.signature_algorithm().oid), "RSA/EMSA4"); - - // Check CRL signature algorithm - Botan::X509_CRL crl = ca_exp.new_crl(Test::rng()); - test_result.test_eq("CRL signature algorithm", Botan::OIDS::lookup(crl.signature_algorithm().oid), "RSA/EMSA4"); - - // sanity check for verification, the heavy lifting is done in the other unit tests - const Botan::Certificate_Store_In_Memory trusted(ca_exp.ca_certificate()); - const Botan::Path_Validation_Restrictions restrictions(false, 80); - const Botan::Path_Validation_Result validation_result = Botan::x509_path_validate( - end_cert_emsa4, restrictions, trusted); - test_result.confirm("EMSA4-signed certificate validates", validation_result.successful_validation()); - - return test_result; -} - class X509_Cert_Unit_Tests final : public Test { public: @@ -1425,6 +1429,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(self_issued_result); results.push_back(extensions_result); +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) Test::Result pad_config_result("X509 Padding Config"); try { @@ -1435,6 +1440,7 @@ class X509_Cert_Unit_Tests final : public Test pad_config_result.test_failure("test_padding_config", e.what()); } results.push_back(pad_config_result); +#endif const std::vector pk_algos { @@ -1453,16 +1459,19 @@ class X509_Cert_Unit_Tests final : public Test valid_constraints_result.merge(test_valid_constraints(algo)); } - results.push_back(valid_constraints_result); - results.push_back(test_x509_dates()); - results.push_back(test_cert_status_strings()); - results.push_back(test_hashes("ECDSA")); +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) results.push_back(test_x509_utf8()); results.push_back(test_x509_bmpstring()); results.push_back(test_crl_dn_name()); - results.push_back(test_x509_uninit()); results.push_back(test_x509_decode_list()); results.push_back(test_x509_authority_info_access_extension()); +#endif + + results.push_back(valid_constraints_result); + results.push_back(test_x509_dates()); + results.push_back(test_cert_status_strings()); + results.push_back(test_hashes("ECDSA")); + results.push_back(test_x509_uninit()); return results; } From 64c27be0b95e01c055038b09889fff7f36d7f8ac Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 19 Jan 2018 07:13:29 -0500 Subject: [PATCH 0561/1008] Add configure.py --list-os-features GH #1422 --- configure.py | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/configure.py b/configure.py index 2c1c353de0..3891ce6922 100755 --- a/configure.py +++ b/configure.py @@ -490,9 +490,6 @@ def process_command_line(args): # pylint: disable=too-many-locals mods_group.add_option('--disable-modules', dest='disabled_modules', metavar='MODS', action='append', help='disable specific modules') - mods_group.add_option('--list-modules', dest='list_modules', - action='store_true', - help='list available modules and exit') mods_group.add_option('--no-autoload', action='store_true', default=False, help=optparse.SUPPRESS_HELP) mods_group.add_option('--minimized-build', action='store_true', dest='no_autoload', @@ -542,12 +539,23 @@ def process_command_line(args): # pylint: disable=too-many-locals misc_group.add_option('--house-curve', metavar='STRING', dest='house_curve', help='a custom in-house curve of the format: curve.pem,NAME,OID,CURVEID') + info_group = optparse.OptionGroup(parser, 'Informational') + + info_group.add_option('--list-modules', dest='list_modules', + action='store_true', + help='list available modules and exit') + + info_group.add_option('--list-os-features', dest='list_os_features', + action='store_true', + help='list available OS features and exit') + parser.add_option_group(target_group) parser.add_option_group(build_group) parser.add_option_group(docs_group) parser.add_option_group(mods_group) parser.add_option_group(install_group) parser.add_option_group(misc_group) + parser.add_option_group(info_group) # These exist only for autoconf compatibility (requested by zw for mtn) compat_with_autoconf_options = [ @@ -2925,6 +2933,17 @@ def link_headers(headers, visibility, directory): if options.unsafe_fuzzer_mode: logging.warning("The fuzzer mode flag is labeled unsafe for a reason, this version is for testing only") +def list_os_features(all_os_features, info_os): + for feat in all_os_features: + os_with_feat = [o for o in info_os.keys() if feat in info_os[o].target_features] + os_without_feat = [o for o in info_os.keys() if feat not in info_os[o].target_features] + + if len(os_with_feat) < len(os_without_feat): + print("%s: %s" % (feat, ' '.join(sorted(os_with_feat)))) + else: + print("%s: %s" % (feat, '!' + ' !'.join(sorted(os_without_feat)))) + return 0 + def main(argv): """ @@ -2946,16 +2965,15 @@ def main(argv): print(mod) return 0 - logging.info('%s invoked with options "%s"' % (argv[0], ' '.join(argv[1:]))) - logging.debug('Platform running configuration (autodetected): OS="%s" machine="%s" proc="%s"' % ( - platform.system(), platform.machine(), platform.processor())) - info_arch = load_build_data_info_files(source_paths, 'CPU info', 'arch', ArchInfo) info_os = load_build_data_info_files(source_paths, 'OS info', 'os', OsInfo) info_cc = load_build_data_info_files(source_paths, 'compiler info', 'cc', CompilerInfo) info_module_policies = load_build_data_info_files(source_paths, 'module policy', 'policy', ModulePolicyInfo) - all_os_features = set(flatten([o.target_features for o in info_os.values()])) + all_os_features = sorted(set(flatten([o.target_features for o in info_os.values()]))) + + if options.list_os_features: + return list_os_features(all_os_features, info_os) for mod in info_modules.values(): mod.cross_check(info_arch, info_cc, all_os_features) @@ -2963,6 +2981,10 @@ def main(argv): for policy in info_module_policies.values(): policy.cross_check(info_modules) + logging.info('%s invoked with options "%s"' % (argv[0], ' '.join(argv[1:]))) + logging.debug('Platform running configuration (autodetected): OS="%s" machine="%s" proc="%s"' % ( + platform.system(), platform.machine(), platform.processor())) + logging.debug('Known CPU names: ' + ' '.join( sorted(flatten([[ainfo.basename] + ainfo.aliases for ainfo in info_arch.values()])))) From 023a245c7524e3aeacf3d818c43d436290a8e588 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 19 Jan 2018 09:46:25 -0500 Subject: [PATCH 0562/1008] Build fix when threads are disabled [ci skip] GH #1423 --- src/tests/unit_tls.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index a154d2e180..0aa33d213b 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -756,8 +756,10 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version, while(true) { +#if defined(BOTAN_TARGET_OS_HAS_THREADS) // TODO: client and server should be in different threads std::this_thread::sleep_for(std::chrono::microseconds(rng.next_byte() % 128)); +#endif ++rounds; if(rounds > 100) From 6c9dcd8c25337f52a65dbdcc9a9181143792b4a6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 19 Jan 2018 12:44:40 -0500 Subject: [PATCH 0563/1008] Avoid using CMAKE_CURRENT_LIST_DIR Blind attempt at fixing GH #1424 --- src/build-data/cmake.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/build-data/cmake.in b/src/build-data/cmake.in index eadf7d471a..1595401f66 100644 --- a/src/build-data/cmake.in +++ b/src/build-data/cmake.in @@ -7,24 +7,24 @@ endif() set(BOTAN_SOURCES %{for lib_srcs} - "${CMAKE_CURRENT_LIST_DIR}/%{i}" + "%{i}" %{endfor} ) set(BOTAN_CLI %{for cli_srcs} - "${CMAKE_CURRENT_LIST_DIR}/%{i}" + "%{i}" %{endfor} ) set(BOTAN_TESTS %{for test_srcs} - "${CMAKE_CURRENT_LIST_DIR}/%{i}" + "%{i}" %{endfor} ) %{for isa_build_info} -set_source_files_properties("${CMAKE_CURRENT_LIST_DIR}/%{src}" PROPERTIES COMPILE_FLAGS "%{isa_flags}") +set_source_files_properties("%{src}" PROPERTIES COMPILE_FLAGS "%{isa_flags}") %{endfor} option(ENABLED_OPTIONAL_WARINIGS "If enabled more strict warning policy will be used" OFF) From aadd0595c6aca0b3f040e1e3baabdcd00a5df8bd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 11:47:13 -0500 Subject: [PATCH 0564/1008] Add Pipe::prepend_filter Fixes #1402 --- src/lib/filters/pipe.cpp | 15 ++++++++++++++- src/lib/filters/pipe.h | 18 ++++++++++++++++++ src/tests/test_filters.cpp | 14 +++++++++++++- 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/src/lib/filters/pipe.cpp b/src/lib/filters/pipe.cpp index ed6abbad84..0bba81bf2d 100644 --- a/src/lib/filters/pipe.cpp +++ b/src/lib/filters/pipe.cpp @@ -214,6 +214,19 @@ void Pipe::append_filter(Filter* filter) do_append(filter); } +void Pipe::prepend(Filter* filter) + { + do_prepend(filter); + } + +void Pipe::prepend_filter(Filter* filter) + { + if(m_outputs->message_count() != 0) + throw Invalid_State("Cannot call Pipe::prepend_filter after start_msg"); + + do_prepend(filter); + } + /* * Append a Filter to the Pipe */ @@ -238,7 +251,7 @@ void Pipe::do_append(Filter* filter) /* * Prepend a Filter to the Pipe */ -void Pipe::prepend(Filter* filter) +void Pipe::do_prepend(Filter* filter) { if(m_inside_msg) throw Invalid_State("Cannot prepend to a Pipe while it is processing"); diff --git a/src/lib/filters/pipe.h b/src/lib/filters/pipe.h index 9ba299024d..03b5160835 100644 --- a/src/lib/filters/pipe.h +++ b/src/lib/filters/pipe.h @@ -270,6 +270,9 @@ class BOTAN_PUBLIC_API(2,0) Pipe final : public DataSource /** * Insert a new filter at the front of the pipe + * Deprecated because runtime modification of Pipes is deprecated. + * You can instead use prepend_filter which only works before the first + * message is processed. * @param filt the new filter to insert */ BOTAN_DEPRECATED("Runtime modification of Pipe deprecated") @@ -277,6 +280,9 @@ class BOTAN_PUBLIC_API(2,0) Pipe final : public DataSource /** * Insert a new filter at the back of the pipe + * Deprecated because runtime modification of Pipes is deprecated. + * You can instead use append_filter which only works before the first + * message is processed. * @param filt the new filter to insert */ BOTAN_DEPRECATED("Runtime modification of Pipe deprecated") @@ -305,6 +311,17 @@ class BOTAN_PUBLIC_API(2,0) Pipe final : public DataSource */ void append_filter(Filter* filt); + /** + * Prepend a new filter onto the filter sequence. This may only be + * called immediately after initial construction, before _any_ + * calls to start_msg have been made. + * + * This function (unlike prepend) is not deprecated, as it allows + * only modification of the pipe at initialization (before use) + * rather than after messages have been processed. + */ + void prepend_filter(Filter* filt); + /** * Construct a Pipe of up to four filters. The filters are set up * in the same order as the arguments. @@ -325,6 +342,7 @@ class BOTAN_PUBLIC_API(2,0) Pipe final : public DataSource private: void destruct(Filter*); void do_append(Filter* filt); + void do_prepend(Filter* filt); void find_endpoints(Filter*); void clear_endpoints(Filter*); diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index ef80e12215..536019d85f 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -199,9 +199,10 @@ class Filter_Tests final : public Test Botan::Pipe pipe; - pipe.append_filter(nullptr); // ignored pipe.append(nullptr); // ignored + pipe.append_filter(nullptr); // ignored pipe.prepend(nullptr); // ignored + pipe.prepend_filter(nullptr); // ignored pipe.pop(); // empty pipe, so ignored std::unique_ptr queue_filter(new Botan::SecureQueue); @@ -218,6 +219,9 @@ class Filter_Tests final : public Test pipe.append_filter(new Botan::BitBucket); // succeeds pipe.pop(); + pipe.prepend_filter(new Botan::BitBucket); // succeeds + pipe.pop(); + pipe.start_msg(); std::unique_ptr filter(new Botan::BitBucket); @@ -228,6 +232,10 @@ class Filter_Tests final : public Test "Cannot call Pipe::append_filter after start_msg", [&]() { pipe.append_filter(filter.get()); }); + result.test_throws("pipe error", + "Cannot call Pipe::prepend_filter after start_msg", + [&]() { pipe.prepend_filter(filter.get()); }); + result.test_throws("pipe error", "Cannot append to a Pipe while it is processing", [&]() { pipe.append(filter.get()); }); @@ -246,6 +254,10 @@ class Filter_Tests final : public Test "Cannot call Pipe::append_filter after start_msg", [&]() { pipe.append_filter(filter.get()); }); + result.test_throws("pipe error", + "Cannot call Pipe::prepend_filter after start_msg", + [&]() { pipe.prepend_filter(filter.get()); }); + result.test_throws("pipe error", "Invalid argument Pipe::read: Invalid message number 100", [&]() { uint8_t b; size_t got = pipe.read(&b, 1, 100); BOTAN_UNUSED(got); }); From 25d5cc16886f60f4f0d36009c9f057628b6905fe Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 11:47:32 -0500 Subject: [PATCH 0565/1008] Hide --with-cmake in help output If you don't know it's there you probably shouldn't be using it. --- configure.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.py b/configure.py index 3891ce6922..ee0d142771 100755 --- a/configure.py +++ b/configure.py @@ -428,9 +428,9 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--with-valgrind', help='use valgrind API', dest='with_valgrind', action='store_true', default=False) + # Cmake and bakefile options are hidden as they should not be used by end users build_group.add_option('--with-cmake', action='store_true', - default=False, - help='Generate CMakeLists.txt which can be used to create many IDEs project files') + default=False, help=optparse.SUPPRESS_HELP) build_group.add_option('--with-bakefile', action='store_true', default=False, help=optparse.SUPPRESS_HELP) From 935a1ccd64891065d0092249c569e965ee30b4c1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 12:11:47 -0500 Subject: [PATCH 0566/1008] Fix a bug in command line handling If --help was provided to a command line that required at least one argument (such as hmac), a usage error would be shown before the help output. But we should not require any arguments if the --help option is given since no arguments will be used in that case. --- src/cli/argparse.h | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/cli/argparse.h b/src/cli/argparse.h index ebedfefb1c..1b61d86760 100644 --- a/src/cli/argparse.h +++ b/src/cli/argparse.h @@ -151,19 +151,22 @@ void Argument_Parser::parse_args(const std::vector& params) } } + if(flag_set("help")) + return; + + if(args.size() < m_spec_args.size()) + { + // not enough arguments + throw CLI_Usage_Error("Invalid argument count, got " + + std::to_string(args.size()) + + " expected " + + std::to_string(m_spec_args.size())); + } + bool seen_stdin_flag = false; size_t arg_i = 0; for(auto const& arg : m_spec_args) { - if(arg_i >= args.size()) - { - // not enough arguments - throw CLI_Usage_Error("Invalid argument count, got " + - std::to_string(args.size()) + - " expected " + - std::to_string(m_spec_args.size())); - } - m_user_args.insert(std::make_pair(arg, args[arg_i])); if(args[arg_i] == "-") From ef66431c16730eadd0dbb657ae29d3229c70c21f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 12:21:29 -0500 Subject: [PATCH 0567/1008] Logic cleanups --- configure.py | 55 ++++++++++++++++++++++++---------------------------- 1 file changed, 25 insertions(+), 30 deletions(-) diff --git a/configure.py b/configure.py index ee0d142771..6c36378d40 100755 --- a/configure.py +++ b/configure.py @@ -2639,19 +2639,22 @@ def deduce_compiler_type_from_cc_bin(cc_bin): options.compiler = 'gcc' else: options.compiler = 'msvc' - elif options.os in ['darwin', 'freebsd', 'ios']: - if have_program('clang++'): - options.compiler = 'clang' - elif options.os == 'openbsd': + elif options.os in ['darwin', 'freebsd', 'openbsd', 'ios']: + # Prefer Clang on these systems if have_program('clang++'): options.compiler = 'clang' else: options.compiler = 'gcc' - # The assembler shipping with OpenBSD 5.9 does not support avx2 - del info_cc['gcc'].isa_flags['avx2'] + if options.os == 'openbsd': + # The assembler shipping with OpenBSD 5.9 does not support avx2 + del info_cc['gcc'].isa_flags['avx2'] else: options.compiler = 'gcc' - logging.info('Guessing to use compiler %s (use --cc to set)' % (options.compiler)) + + if options.compiler is None: + logging.error('Could not guess which compiler to use, use --cc or CXX to set') + else: + logging.info('Guessing to use compiler %s (use --cc or CXX to set)' % (options.compiler)) if options.cpu is None: options.cpu = options.arch = guess_processor(info_arch) @@ -2784,20 +2787,6 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.os == 'windows' and options.compiler != 'msvc': logging.warning('The windows target is oriented towards MSVC; maybe you want cygwin or mingw') -def prepare_configure_build(info_modules, source_paths, options, - cc, cc_min_version, arch, osinfo, module_policy): - chooser = ModulesChooser(info_modules, module_policy, arch, osinfo, cc, cc_min_version, options) - loaded_module_names = chooser.choose() - using_mods = [info_modules[modname] for modname in loaded_module_names] - - build_config = BuildPaths(source_paths, options, using_mods) - build_config.public_headers.append(os.path.join(build_config.build_dir, 'build.h')) - - template_vars = create_template_vars(source_paths, build_config, options, using_mods, cc, arch, osinfo) - - return using_mods, build_config, template_vars - - def calculate_cc_min_version(options, ccinfo, source_paths): version_patterns = { 'msvc': r'^ *MSVC ([0-9]{2})([0-9]{2})$', @@ -2841,15 +2830,11 @@ def cleanup_output(output): logging.info('Auto-detected compiler version %s' % (cc_version)) return cc_version -def main_action_configure_build(info_modules, source_paths, options, - cc, cc_min_version, arch, osinfo, module_policy): +def do_io_for_build(cc, arch, osinfo, + using_mods, build_config, template_vars, + source_paths, options): # pylint: disable=too-many-locals - using_mods, build_config, template_vars = prepare_configure_build( - info_modules, source_paths, options, cc, cc_min_version, arch, osinfo, module_policy) - - # Now we start writing to disk - try: robust_rmtree(build_config.build_dir) except OSError as e: @@ -3001,8 +2986,18 @@ def main(argv): logging.info('Target is %s:%s-%s-%s' % ( options.compiler, cc_min_version, options.os, options.arch)) - main_action_configure_build(info_modules, source_paths, options, - cc, cc_min_version, arch, osinfo, module_policy) + chooser = ModulesChooser(info_modules, module_policy, arch, osinfo, cc, cc_min_version, options) + loaded_module_names = chooser.choose() + using_mods = [info_modules[modname] for modname in loaded_module_names] + + build_config = BuildPaths(source_paths, options, using_mods) + build_config.public_headers.append(os.path.join(build_config.build_dir, 'build.h')) + + template_vars = create_template_vars(source_paths, build_config, options, using_mods, cc, arch, osinfo) + + # Now we start writing to disk + do_io_for_build(cc, arch, osinfo, using_mods, build_config, template_vars, source_paths, options) + return 0 if __name__ == '__main__': From 66d6ee2761e5152f9777b90dccdb569ce5156001 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 12:35:00 -0500 Subject: [PATCH 0568/1008] Use build_paths to refer to BuildPaths object build_config makes it sound like it is something besides just path info --- configure.py | 64 ++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/configure.py b/configure.py index 6c36378d40..d1b6a93072 100755 --- a/configure.py +++ b/configure.py @@ -1664,7 +1664,7 @@ def _read_pem(filepath): 'PEM ' + _read_pem(filepath=p[0]), 'TLS_ID ' + hex(curve_id)] -def create_template_vars(source_paths, build_config, options, modules, cc, arch, osinfo): +def create_template_vars(source_paths, build_paths, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches,too-many-statements """ @@ -1797,10 +1797,10 @@ def choose_endian(arch_info, options): 'with_doxygen': options.with_doxygen, 'out_dir': options.with_build_dir or os.path.curdir, - 'build_dir': build_config.build_dir, + 'build_dir': build_paths.build_dir, - 'doc_stamp_file': os.path.join(build_config.build_dir, 'doc.stamp'), - 'makefile_path': os.path.join(build_config.build_dir, '..', 'Makefile'), + 'doc_stamp_file': os.path.join(build_paths.build_dir, 'doc.stamp'), + 'makefile_path': os.path.join(build_paths.build_dir, '..', 'Makefile'), 'build_static_lib': options.build_static_lib, 'build_fuzzers': options.build_fuzzers, @@ -1809,15 +1809,15 @@ def choose_endian(arch_info, options): 'build_unix_shared_lib': options.build_shared_lib and options.compiler != 'msvc', 'build_msvc_shared_lib': options.build_shared_lib and options.compiler == 'msvc', - 'libobj_dir': build_config.libobj_dir, - 'cliobj_dir': build_config.cliobj_dir, - 'testobj_dir': build_config.testobj_dir, - 'fuzzobj_dir': build_config.fuzzobj_dir, + 'libobj_dir': build_paths.libobj_dir, + 'cliobj_dir': build_paths.cliobj_dir, + 'testobj_dir': build_paths.testobj_dir, + 'fuzzobj_dir': build_paths.fuzzobj_dir, - 'fuzzer_output_dir': build_config.fuzzer_output_dir if build_config.fuzzer_output_dir else '', - 'doc_output_dir': build_config.doc_output_dir, - 'doc_output_dir_manual': build_config.doc_output_dir_manual, - 'doc_output_dir_doxygen': build_config.doc_output_dir_doxygen, + 'fuzzer_output_dir': build_paths.fuzzer_output_dir if build_paths.fuzzer_output_dir else '', + 'doc_output_dir': build_paths.doc_output_dir, + 'doc_output_dir_manual': build_paths.doc_output_dir_manual, + 'doc_output_dir_doxygen': build_paths.doc_output_dir_doxygen, 'os': options.os, 'arch': options.arch, @@ -1879,7 +1879,7 @@ def choose_endian(arch_info, options): 'fuzzer_lib': (cc.add_lib_option + options.fuzzer_lib) if options.fuzzer_lib else '', 'libs_used': [lib.replace('.lib', '') for lib in link_to('libs')], - 'include_paths': build_config.format_include_paths(cc, options.with_external_includedir), + 'include_paths': build_paths.format_include_paths(cc, options.with_external_includedir), 'module_defines': sorted(flatten([m.defines() for m in modules])), 'os_features': osinfo.enabled_features(options), @@ -1897,7 +1897,7 @@ def choose_endian(arch_info, options): } if options.os != 'windows': - variables['botan_pkgconfig'] = os.path.join(build_config.build_dir, 'botan-%d.pc' % (Version.major())) + variables['botan_pkgconfig'] = os.path.join(build_paths.build_dir, 'botan-%d.pc' % (Version.major())) # The name is always set because Windows build needs it variables['static_lib_name'] = '%s%s.%s' % (variables['lib_prefix'], variables['libname'], @@ -2831,17 +2831,17 @@ def cleanup_output(output): return cc_version def do_io_for_build(cc, arch, osinfo, - using_mods, build_config, template_vars, + using_mods, build_paths, template_vars, source_paths, options): # pylint: disable=too-many-locals try: - robust_rmtree(build_config.build_dir) + robust_rmtree(build_paths.build_dir) except OSError as e: if e.errno != errno.ENOENT: logging.error('Problem while removing build dir: %s' % (e)) - for build_dir in build_config.build_dirs(): + for build_dir in build_paths.build_dirs(): try: robust_makedirs(build_dir) except OSError as e: @@ -2853,7 +2853,7 @@ def write_template(sink, template): f.write(process_template(template, template_vars)) def in_build_dir(p): - return os.path.join(build_config.build_dir, p) + return os.path.join(build_paths.build_dir, p) def in_build_data(p): return os.path.join(source_paths.build_data_dir, p) @@ -2878,23 +2878,23 @@ def link_headers(headers, visibility, directory): if e.errno != errno.EEXIST: raise UserError('Error linking %s into %s: %s' % (header_file, directory, e)) - link_headers(build_config.public_headers, 'public', - build_config.botan_include_dir) + link_headers(build_paths.public_headers, 'public', + build_paths.botan_include_dir) - link_headers(build_config.internal_headers, 'internal', - build_config.internal_include_dir) + link_headers(build_paths.internal_headers, 'internal', + build_paths.internal_include_dir) - link_headers(build_config.external_headers, 'external', - build_config.external_include_dir) + link_headers(build_paths.external_headers, 'external', + build_paths.external_include_dir) if options.amalgamation: - (amalg_cpp_files, amalg_headers) = AmalgamationGenerator(build_config, using_mods, options).generate() - build_config.lib_sources = amalg_cpp_files + (amalg_cpp_files, amalg_headers) = AmalgamationGenerator(build_paths, using_mods, options).generate() + build_paths.lib_sources = amalg_cpp_files template_vars['generated_files'] = ' '.join(amalg_cpp_files + amalg_headers) - template_vars.update(generate_build_info(build_config, using_mods, cc, arch, osinfo)) + template_vars.update(generate_build_info(build_paths, using_mods, cc, arch, osinfo)) - with open(os.path.join(build_config.build_dir, 'build_config.json'), 'w') as f: + with open(os.path.join(build_paths.build_dir, 'build_config.json'), 'w') as f: json.dump(template_vars, f, sort_keys=True, indent=2) if options.with_cmake: @@ -2990,13 +2990,13 @@ def main(argv): loaded_module_names = chooser.choose() using_mods = [info_modules[modname] for modname in loaded_module_names] - build_config = BuildPaths(source_paths, options, using_mods) - build_config.public_headers.append(os.path.join(build_config.build_dir, 'build.h')) + build_paths = BuildPaths(source_paths, options, using_mods) + build_paths.public_headers.append(os.path.join(build_paths.build_dir, 'build.h')) - template_vars = create_template_vars(source_paths, build_config, options, using_mods, cc, arch, osinfo) + template_vars = create_template_vars(source_paths, build_paths, options, using_mods, cc, arch, osinfo) # Now we start writing to disk - do_io_for_build(cc, arch, osinfo, using_mods, build_config, template_vars, source_paths, options) + do_io_for_build(cc, arch, osinfo, using_mods, build_paths, template_vars, source_paths, options) return 0 From 65f375348c0773af6e9bbe3a005aef177dfd4ac3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 12:49:15 -0500 Subject: [PATCH 0569/1008] Fix headers of command line docs Sphinx and rst2man want slightly different things, so just edit the Sphinx-formatted ReST into a file in build dir Fixes #1398 --- configure.py | 32 +++++++++++++++++++++++++++----- doc/manual/cli.rst | 5 +---- src/scripts/build_docs.py | 3 ++- 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/configure.py b/configure.py index d1b6a93072..9d7cf364b2 100755 --- a/configure.py +++ b/configure.py @@ -2830,10 +2830,8 @@ def cleanup_output(output): logging.info('Auto-detected compiler version %s' % (cc_version)) return cc_version -def do_io_for_build(cc, arch, osinfo, - using_mods, build_paths, template_vars, - source_paths, options): - # pylint: disable=too-many-locals +def do_io_for_build(cc, arch, osinfo, using_mods, build_paths, source_paths, template_vars, options): + # pylint: disable=too-many-locals,too-many-branches try: robust_rmtree(build_paths.build_dir) @@ -2909,6 +2907,30 @@ def link_headers(headers, visibility, directory): makefile_template = os.path.join(source_paths.build_data_dir, 'makefile.in') write_template(template_vars['makefile_path'], makefile_template) + if options.with_rst2man: + rst2man_file = os.path.join(build_paths.build_dir, 'botan.rst') + cli_doc = os.path.join(source_paths.doc_dir, 'manual/cli.rst') + + cli_doc_contents = open(cli_doc).readlines() + + while cli_doc_contents[0] != "\n": + cli_doc_contents.pop(0) + + rst2man_header = """ +botan +============================= + +:Subtitle: Botan command line util +:Manual section: 1 + + """.strip() + + with open(rst2man_file, 'w') as f: + f.write(rst2man_header) + f.write("\n") + for line in cli_doc_contents: + f.write(line) + logging.info('Botan %s (revision %s) (%s %s) build setup is complete' % ( Version.as_string(), Version.vc_rev(), @@ -2996,7 +3018,7 @@ def main(argv): template_vars = create_template_vars(source_paths, build_paths, options, using_mods, cc, arch, osinfo) # Now we start writing to disk - do_io_for_build(cc, arch, osinfo, using_mods, build_paths, template_vars, source_paths, options) + do_io_for_build(cc, arch, osinfo, using_mods, build_paths, source_paths, template_vars, options) return 0 diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index 69b6d454eb..47641aa3b1 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -1,9 +1,6 @@ -botan +Command Line Interface ======================================== -:Subtitle: Botan command line util -:Manual section: 1 - Outline ------------ diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index 1787016e0b..da36b5348b 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -158,7 +158,8 @@ def main(args=None): cmds.append(['cp', manual_src, manual_output]) if with_rst2man: - cmds.append(['rst2man', os.path.join(manual_src, 'cli.rst'), + cmds.append(['rst2man', + os.path.join(cfg['build_dir'], 'botan.rst'), os.path.join(cfg['build_dir'], 'botan.1')]) cmds.append(['touch', doc_stamp_file]) From 08b7ca1d35c0e4d06695e8744708ae6cf3f5af7a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 4 Jan 2018 08:48:00 -0500 Subject: [PATCH 0570/1008] Remove vestigial support for TLS compression It was never supported and never will be. Removing negotiation entirely simplifies the code a bit. --- doc/manual/tls.rst | 9 ---- src/lib/tls/msg_client_hello.cpp | 7 +-- src/lib/tls/msg_server_hello.cpp | 4 +- src/lib/tls/tls_channel.cpp | 4 +- src/lib/tls/tls_client.cpp | 6 +-- src/lib/tls/tls_magic.h | 5 -- src/lib/tls/tls_messages.h | 86 +++++++++++++++----------------- src/lib/tls/tls_policy.cpp | 8 --- src/lib/tls/tls_policy.h | 9 ---- src/lib/tls/tls_server.cpp | 24 --------- src/lib/tls/tls_session.cpp | 15 ++++-- src/lib/tls/tls_session.h | 10 +--- 12 files changed, 60 insertions(+), 127 deletions(-) diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 32f6c5fb24..a412454489 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -923,15 +923,6 @@ policy settings from a file. Default: false - .. cpp:function:: std::vector compression() const - - Return the list of compression methods we are willing to use, in order of - preference. Default is null compression only. - - .. note:: - - TLS data compression is not currently supported. - .. cpp:function:: bool acceptable_protocol_version(Protocol_Version version) Return true if this version of the protocol is one that we are diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index cde2b737aa..eeeaf8c719 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -88,7 +88,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_version(client_settings.protocol_version()), m_random(make_hello_random(rng, policy)), m_suites(policy.ciphersuite_list(m_version, !client_settings.srp_identifier().empty())), - m_comp_methods(policy.compression()) + m_comp_methods(1) { BOTAN_ASSERT(policy.acceptable_protocol_version(client_settings.protocol_version()), "Our policy accepts the version we are offering"); @@ -160,14 +160,11 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_session_id(session.session_id()), m_random(make_hello_random(rng, policy)), m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))), - m_comp_methods(policy.compression()) + m_comp_methods(1) { if(!value_exists(m_suites, session.ciphersuite_code())) m_suites.push_back(session.ciphersuite_code()); - if(!value_exists(m_comp_methods, session.compression_method())) - m_comp_methods.push_back(session.compression_method()); - /* We always add the EMS extension, even if not used in the original session. If the server understands it and follows the RFC it should reject our resume diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 9eb33645b0..5e290eb682 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -32,7 +32,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_session_id(server_settings.session_id()), m_random(make_hello_random(rng, policy)), m_ciphersuite(server_settings.ciphersuite()), - m_comp_method(server_settings.compression()) + m_comp_method(0) { if(client_hello.supports_extended_master_secret()) m_extensions.add(new Extended_Master_Secret); @@ -100,7 +100,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_session_id(client_hello.session_id()), m_random(make_hello_random(rng, policy)), m_ciphersuite(resumed_session.ciphersuite_code()), - m_comp_method(resumed_session.compression_method()) + m_comp_method(0) { if(client_hello.supports_extended_master_secret()) m_extensions.add(new Extended_Master_Secret); diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index f56cff24b0..e92b298deb 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -200,7 +200,7 @@ void Channel::change_cipher_spec_reader(Connection_Side side) BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello"); - if(pending->server_hello()->compression_method() != NO_COMPRESSION) + if(pending->server_hello()->compression_method() != 0) throw Internal_Error("Negotiated unknown compression algorithm"); sequence_numbers().new_read_cipher_state(); @@ -229,7 +229,7 @@ void Channel::change_cipher_spec_writer(Connection_Side side) BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello"); - if(pending->server_hello()->compression_method() != NO_COMPRESSION) + if(pending->server_hello()->compression_method() != 0) throw Internal_Error("Negotiated unknown compression algorithm"); sequence_numbers().new_write_cipher_state(); diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 631779e998..c88b6a7dbc 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -261,11 +261,10 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Server replied with a signaling ciphersuite"); } - if(!value_exists(state.client_hello()->compression_methods(), - state.server_hello()->compression_method())) + if(state.server_hello()->compression_method() != 0) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Server replied with compression method we didn't send"); + "Server replied with non-null compression method"); } auto client_extn = state.client_hello()->extension_types(); @@ -609,7 +608,6 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.session_keys().master_secret(), state.server_hello()->version(), state.server_hello()->ciphersuite(), - state.server_hello()->compression_method(), CLIENT, state.server_hello()->supports_extended_master_secret(), state.server_hello()->supports_encrypt_then_mac(), diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h index 70b94f90de..f9643f0044 100644 --- a/src/lib/tls/tls_magic.h +++ b/src/lib/tls/tls_magic.h @@ -58,11 +58,6 @@ enum Handshake_Type { const char* handshake_type_to_string(Handshake_Type t); -enum Compression_Method { - NO_COMPRESSION = 0x00, - DEFLATE_COMPRESSION = 0x01 -}; - } } diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 767635830a..35ec3c83c8 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -69,24 +69,24 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message { public: class Settings final - { - public: - Settings(const Protocol_Version version, - const std::string& hostname = "", - const std::string& srp_identifier = "") - : m_new_session_version(version), - m_hostname(hostname), - m_srp_identifier(srp_identifier) {} - - const Protocol_Version protocol_version() const { return m_new_session_version; } - const std::string& hostname() const { return m_hostname; } - const std::string& srp_identifier() const { return m_srp_identifier; } - - private: - const Protocol_Version m_new_session_version; - const std::string m_hostname; - const std::string m_srp_identifier; - }; + { + public: + Settings(const Protocol_Version version, + const std::string& hostname = "", + const std::string& srp_identifier = "") : + m_new_session_version(version), + m_hostname(hostname), + m_srp_identifier(srp_identifier) {} + + const Protocol_Version protocol_version() const { return m_new_session_version; } + const std::string& hostname() const { return m_hostname; } + const std::string& srp_identifier() const { return m_srp_identifier; } + + private: + const Protocol_Version m_new_session_version; + const std::string m_hostname; + const std::string m_srp_identifier; + }; Handshake_Type type() const override { return CLIENT_HELLO; } @@ -98,8 +98,6 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message const std::vector& ciphersuites() const { return m_suites; } - const std::vector& compression_methods() const { return m_comp_methods; } - bool offered_suite(uint16_t ciphersuite) const; bool sent_fallback_scsv() const; @@ -185,32 +183,28 @@ class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message { public: class Settings final - { - public: - Settings(const std::vector new_session_id, - Protocol_Version new_session_version, - uint16_t ciphersuite, - uint8_t compression, - bool offer_session_ticket) - : m_new_session_id(new_session_id), - m_new_session_version(new_session_version), - m_ciphersuite(ciphersuite), - m_compression(compression), - m_offer_session_ticket(offer_session_ticket) {} - - const std::vector& session_id() const { return m_new_session_id; } - Protocol_Version protocol_version() const { return m_new_session_version; } - uint16_t ciphersuite() const { return m_ciphersuite; } - uint8_t compression() const { return m_compression; } - bool offer_session_ticket() const { return m_offer_session_ticket; } - - private: - const std::vector m_new_session_id; - Protocol_Version m_new_session_version; - uint16_t m_ciphersuite; - uint8_t m_compression; - bool m_offer_session_ticket; - }; + { + public: + Settings(const std::vector new_session_id, + Protocol_Version new_session_version, + uint16_t ciphersuite, + bool offer_session_ticket) : + m_new_session_id(new_session_id), + m_new_session_version(new_session_version), + m_ciphersuite(ciphersuite), + m_offer_session_ticket(offer_session_ticket) {} + + const std::vector& session_id() const { return m_new_session_id; } + Protocol_Version protocol_version() const { return m_new_session_version; } + uint16_t ciphersuite() const { return m_ciphersuite; } + bool offer_session_ticket() const { return m_offer_session_ticket; } + + private: + const std::vector m_new_session_id; + Protocol_Version m_new_session_version; + uint16_t m_ciphersuite; + bool m_offer_session_ticket; + }; Handshake_Type type() const override { return SERVER_HELLO; } diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index d849faf9df..ce87edac19 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -270,14 +270,6 @@ void Policy::check_peer_key_acceptable(const Public_Key& public_key) const std::to_string(expected_keylength)); } -/* -* Return allowed compression algorithms -*/ -std::vector Policy::compression() const - { - return std::vector{ NO_COMPRESSION }; - } - uint32_t Policy::session_ticket_lifetime() const { return 86400; // ~1 day diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 786cdeea87..84da00bfb3 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -101,15 +101,6 @@ class BOTAN_PUBLIC_API(2,0) Policy */ virtual bool use_ecc_point_compression() const; - /** - * Returns a list of compression algorithms we are willing to use, - * in order of preference. Allowed values any value of - * Compression_Method. - * - * @note Compression is not currently supported - */ - virtual std::vector compression() const; - /** * Choose an elliptic curve to use */ diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index cd52c92f2b..2d2fb769bf 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -98,11 +98,6 @@ bool check_for_resume(Session& session_info, session_info.ciphersuite_code())) return false; - // client didn't send original compression method - if(!value_exists(client_hello->compression_methods(), - session_info.compression_method())) - return false; - #if defined(BOTAN_HAS_SRP6) // client sent a different SRP identity if(client_hello->srp_identifier() != "") @@ -264,23 +259,6 @@ uint16_t choose_ciphersuite( "Can't agree on a ciphersuite with client"); } - -/* -* Choose which compression algorithm to use -*/ -uint8_t choose_compression(const Policy& policy, - const std::vector& c_comp) - { - std::vector s_comp = policy.compression(); - - for(size_t i = 0; i != s_comp.size(); ++i) - for(size_t j = 0; j != c_comp.size(); ++j) - if(s_comp[i] == c_comp[j]) - return s_comp[i]; - - return NO_COMPRESSION; - } - std::map > get_server_certs(const std::string& hostname, Credentials_Manager& creds) @@ -615,7 +593,6 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state, pending_state.session_keys().master_secret(), pending_state.server_hello()->version(), pending_state.server_hello()->ciphersuite(), - pending_state.server_hello()->compression_method(), SERVER, pending_state.server_hello()->supports_extended_master_secret(), pending_state.server_hello()->supports_encrypt_then_mac(), @@ -811,7 +788,6 @@ void Server::session_create(Server_Handshake_State& pending_state, make_hello_random(rng(), policy()), // new session ID pending_state.version(), ciphersuite, - choose_compression(policy(), pending_state.client_hello()->compression_methods()), have_session_ticket_key); pending_state.server_hello(new Server_Hello( diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index e73aa4fa67..f595101f24 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -22,7 +22,6 @@ Session::Session(const std::vector& session_identifier, const secure_vector& master_secret, Protocol_Version version, uint16_t ciphersuite, - uint8_t compression_method, Connection_Side side, bool extended_master_secret, bool encrypt_then_mac, @@ -37,7 +36,6 @@ Session::Session(const std::vector& session_identifier, m_master_secret(master_secret), m_version(version), m_ciphersuite(ciphersuite), - m_compression_method(compression_method), m_connection_side(side), m_srtp_profile(srtp_profile), m_extended_master_secret(extended_master_secret), @@ -71,6 +69,7 @@ Session::Session(const uint8_t ber[], size_t ber_len) size_t start_time = 0; size_t srtp_profile = 0; size_t fragment_size = 0; + size_t compression_method = 0; BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) @@ -82,7 +81,7 @@ Session::Session(const uint8_t ber[], size_t ber_len) .decode(m_identifier, OCTET_STRING) .decode(m_session_ticket, OCTET_STRING) .decode_integer_type(m_ciphersuite) - .decode_integer_type(m_compression_method) + .decode_integer_type(compression_method) .decode_integer_type(side_code) .decode_integer_type(fragment_size) .decode(m_extended_master_secret) @@ -97,6 +96,14 @@ Session::Session(const uint8_t ber[], size_t ber_len) .end_cons() .verify_end(); + /* + * Compression is not supported and must be zero + */ + if(compression_method != 0) + { + throw Decoding_Error("Serialized TLS session contains non-null compression method"); + } + /* Fragment size is not supported anymore, but the field is still set in the session object. @@ -142,7 +149,7 @@ secure_vector Session::DER_encode() const .encode(m_identifier, OCTET_STRING) .encode(m_session_ticket, OCTET_STRING) .encode(static_cast(m_ciphersuite)) - .encode(static_cast(m_compression_method)) + .encode(static_cast(/*old compression method*/0)) .encode(static_cast(m_connection_side)) .encode(static_cast(/*old fragment size*/0)) .encode(m_extended_master_secret) diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 62e2b2df98..5a75e6a32b 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -35,7 +35,6 @@ class BOTAN_PUBLIC_API(2,0) Session final m_start_time(std::chrono::system_clock::time_point::min()), m_version(), m_ciphersuite(0), - m_compression_method(0), m_connection_side(static_cast(0)), m_srtp_profile(0), m_extended_master_secret(false), @@ -49,7 +48,6 @@ class BOTAN_PUBLIC_API(2,0) Session final const secure_vector& master_secret, Protocol_Version version, uint16_t ciphersuite, - uint8_t compression_method, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, @@ -129,11 +127,6 @@ class BOTAN_PUBLIC_API(2,0) Session final */ Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); } - /** - * Get the compression method used in the saved session - */ - uint8_t compression_method() const { return m_compression_method; } - /** * Get which side of the connection the resumed session we are/were * acting as. @@ -190,7 +183,7 @@ class BOTAN_PUBLIC_API(2,0) Session final const Server_Information& server_info() const { return m_server_info; } private: - enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812}; + enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812 }; std::chrono::system_clock::time_point m_start_time; @@ -200,7 +193,6 @@ class BOTAN_PUBLIC_API(2,0) Session final Protocol_Version m_version; uint16_t m_ciphersuite; - uint8_t m_compression_method; Connection_Side m_connection_side; uint16_t m_srtp_profile; bool m_extended_master_secret; From 45bda8b0429170036ae30ed5d3133011f9e3fe8a Mon Sep 17 00:00:00 2001 From: Krzysztof Kwiatkowski Date: Tue, 16 Jan 2018 23:01:17 +0000 Subject: [PATCH 0571/1008] FFI function for DSA key generation Adds function for DSA key generation that allows usage of 'p' and 'q' chosen by the caller. --- src/lib/ffi/ffi.h | 1 + src/lib/ffi/ffi_pkey_algs.cpp | 18 ++++++++++++++++++ src/tests/test_ffi.cpp | 23 ++++++++++++++++------- 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 1a6014f714..77d4eb306d 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -702,6 +702,7 @@ BOTAN_PUBLIC_API(2,0) int botan_privkey_create_ecdsa(botan_privkey_t* key, botan BOTAN_PUBLIC_API(2,0) int botan_privkey_create_ecdh(botan_privkey_t* key, botan_rng_t rng, const char* params); BOTAN_PUBLIC_API(2,0) int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t); BOTAN_PUBLIC_API(2,0) int botan_privkey_create_dh(botan_privkey_t* key, botan_rng_t rng, const char* param); +BOTAN_PUBLIC_API(2,0) int botan_privkey_create_dsa(botan_privkey_t* key, botan_rng_t rng, size_t pbits, size_t qbits); /* * Input currently assumed to be PKCS #8 structure; diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 694edfeb32..1a2737834a 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -333,6 +333,24 @@ int botan_pubkey_rsa_get_n(botan_mp_t n, botan_pubkey_t key) } /* DSA specific operations */ +int botan_privkey_create_dsa(botan_privkey_t* key, botan_rng_t rng_obj, size_t pbits, size_t qbits) + { +#if defined(BOTAN_HAS_DSA) + + if(rng_obj == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; + + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { + Botan::RandomNumberGenerator& rng = safe_get(rng_obj); + Botan::DL_Group group(rng, Botan::DL_Group::Prime_Subgroup, pbits, qbits); + *key = new botan_privkey_struct(new Botan::DSA_PrivateKey(rng, group)); + return BOTAN_FFI_SUCCESS; + }); +#else + BOTAN_UNUSED(key, rng_obj, pbits, qbits); + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; +#endif + } int botan_privkey_load_dsa(botan_privkey_t* key, botan_mp_t p, botan_mp_t q, botan_mp_t g, botan_mp_t x) diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 53bd7d0e7d..974909563d 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -1300,13 +1300,7 @@ class FFI_Unit_Tests final : public Test return result; } - Test::Result ffi_test_dsa(botan_rng_t rng) - { - Test::Result result("FFI DSA"); - - botan_privkey_t priv; - - if(TEST_FFI_OK(botan_privkey_create, (&priv, "DSA", "dsa/jce/1024", rng))) + void do_dsa_test(botan_privkey_t priv, botan_rng_t rng, Test::Result &result) { TEST_FFI_OK(botan_privkey_check_key, (priv, rng, 0)); @@ -1404,6 +1398,21 @@ class FFI_Unit_Tests final : public Test TEST_FFI_OK(botan_privkey_destroy, (priv)); } + Test::Result ffi_test_dsa(botan_rng_t rng) + { + Test::Result result("FFI DSA"); + botan_privkey_t priv; + + if(TEST_FFI_OK(botan_privkey_create, (&priv, "DSA", "dsa/jce/1024", rng))) + { + do_dsa_test(priv, rng, result); + } + + if(TEST_FFI_OK(botan_privkey_create_dsa, (&priv, rng, 1024, 160))) + { + do_dsa_test(priv, rng, result); + } + return result; } Test::Result ffi_test_ecdsa(botan_rng_t rng) From c1b2f99de72ea619a4faf94ed2b51817395f8b03 Mon Sep 17 00:00:00 2001 From: Krzysztof Kwiatkowski Date: Wed, 17 Jan 2018 09:31:38 +0000 Subject: [PATCH 0572/1008] FFI function for Elgamal key generation Adds function for Elgamal key generation that allows usage of 'p' chosen by the caller. --- src/lib/ffi/ffi.h | 1 + src/lib/ffi/ffi_pkey_algs.cpp | 18 ++++++ src/tests/test_ffi.cpp | 110 +++++++++++++++++++--------------- 3 files changed, 81 insertions(+), 48 deletions(-) diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 77d4eb306d..cfb7b853ef 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -703,6 +703,7 @@ BOTAN_PUBLIC_API(2,0) int botan_privkey_create_ecdh(botan_privkey_t* key, botan_ BOTAN_PUBLIC_API(2,0) int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t); BOTAN_PUBLIC_API(2,0) int botan_privkey_create_dh(botan_privkey_t* key, botan_rng_t rng, const char* param); BOTAN_PUBLIC_API(2,0) int botan_privkey_create_dsa(botan_privkey_t* key, botan_rng_t rng, size_t pbits, size_t qbits); +BOTAN_PUBLIC_API(2,0) int botan_privkey_create_elgamal(botan_privkey_t* key, botan_rng_t rng, size_t pbits); /* * Input currently assumed to be PKCS #8 structure; diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 1a2737834a..3b4bde7ebd 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -459,6 +459,24 @@ int botan_privkey_load_ecdsa(botan_privkey_t* key, } /* ElGamal specific operations */ +int botan_privkey_create_elgamal(botan_privkey_t* key, botan_rng_t rng_obj, size_t pbits) + { +#if defined(BOTAN_HAS_ELGAMAL) + + if(rng_obj == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; + + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { + Botan::RandomNumberGenerator& rng = safe_get(rng_obj); + Botan::DL_Group group(rng, Botan::DL_Group::Strong, pbits); + *key = new botan_privkey_struct(new Botan::ElGamal_PrivateKey(rng, group)); + return BOTAN_FFI_SUCCESS; + }); +#else + BOTAN_UNUSED(key, rng_obj, pbits); + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; +#endif + } int botan_pubkey_load_elgamal(botan_pubkey_t* key, botan_mp_t p, botan_mp_t g, botan_mp_t y) diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 974909563d..af6f57b80c 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -1880,71 +1880,85 @@ class FFI_Unit_Tests final : public Test return result; } - Test::Result ffi_test_elgamal(botan_rng_t rng) + void do_elgamal_test(botan_privkey_t priv, botan_rng_t rng, Test::Result& result) { - Test::Result result("FFI ELGAMAL"); - - botan_privkey_t priv; - - if(TEST_FFI_OK(botan_privkey_create, (&priv, "ElGamal", nullptr, rng))) - { - TEST_FFI_OK(botan_privkey_check_key, (priv, rng, 0)); + TEST_FFI_OK(botan_privkey_check_key, (priv, rng, 0)); - botan_pubkey_t pub; - TEST_FFI_OK(botan_privkey_export_pubkey, (&pub, priv)); - TEST_FFI_OK(botan_pubkey_check_key, (pub, rng, 0)); + botan_pubkey_t pub; + TEST_FFI_OK(botan_privkey_export_pubkey, (&pub, priv)); + TEST_FFI_OK(botan_pubkey_check_key, (pub, rng, 0)); - ffi_test_pubkey_export(result, pub, priv, rng); - botan_mp_t p, g, x, y; - botan_mp_init(&p); - botan_mp_init(&g); - botan_mp_init(&x); - botan_mp_init(&y); + ffi_test_pubkey_export(result, pub, priv, rng); + botan_mp_t p, g, x, y; + botan_mp_init(&p); + botan_mp_init(&g); + botan_mp_init(&x); + botan_mp_init(&y); - TEST_FFI_OK(botan_pubkey_get_field, (p, pub, "p")); - TEST_FFI_OK(botan_pubkey_get_field, (g, pub, "g")); - TEST_FFI_OK(botan_pubkey_get_field, (y, pub, "y")); - TEST_FFI_OK(botan_privkey_get_field, (x, priv, "x")); + TEST_FFI_OK(botan_pubkey_get_field, (p, pub, "p")); + TEST_FFI_OK(botan_pubkey_get_field, (g, pub, "g")); + TEST_FFI_OK(botan_pubkey_get_field, (y, pub, "y")); + TEST_FFI_OK(botan_privkey_get_field, (x, priv, "x")); - size_t p_len = 0; - TEST_FFI_OK(botan_mp_num_bytes, (p, &p_len)); + size_t p_len = 0; + TEST_FFI_OK(botan_mp_num_bytes, (p, &p_len)); - botan_privkey_t loaded_privkey; - TEST_FFI_OK(botan_privkey_load_elgamal, (&loaded_privkey, p, g, x)); - TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0)); + botan_privkey_t loaded_privkey; + TEST_FFI_OK(botan_privkey_load_elgamal, (&loaded_privkey, p, g, x)); + TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0)); - botan_pubkey_t loaded_pubkey; - TEST_FFI_OK(botan_pubkey_load_elgamal, (&loaded_pubkey, p, g, y)); - TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0)); + botan_pubkey_t loaded_pubkey; + TEST_FFI_OK(botan_pubkey_load_elgamal, (&loaded_pubkey, p, g, y)); + TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0)); - botan_mp_destroy(p); - botan_mp_destroy(g); - botan_mp_destroy(y); - botan_mp_destroy(x); + botan_mp_destroy(p); + botan_mp_destroy(g); + botan_mp_destroy(y); + botan_mp_destroy(x); - std::vector plaintext(16, 0xFF); - std::vector ciphertext(p_len*2, 0); - std::vector decryption(16, 0); + std::vector plaintext(16, 0xFF); + std::vector ciphertext(p_len*2, 0); + std::vector decryption(16, 0); - // Test encryption - botan_pk_op_encrypt_t op_enc; - size_t ct_len = ciphertext.size(); - REQUIRE_FFI_OK(botan_pk_op_encrypt_create, (&op_enc, loaded_pubkey, "Raw", 0)); + // Test encryption + botan_pk_op_encrypt_t op_enc; + size_t ct_len = ciphertext.size(); + if (TEST_FFI_OK(botan_pk_op_encrypt_create, (&op_enc, loaded_pubkey, "Raw", 0))) + { TEST_FFI_OK(botan_pk_op_encrypt, (op_enc, rng, ciphertext.data(), &ct_len, plaintext.data(), plaintext.size())); TEST_FFI_OK(botan_pk_op_encrypt_destroy, (op_enc)); + } - // Test decryption - botan_pk_op_decrypt_t op_dec; - size_t pt_len = decryption.size(); - REQUIRE_FFI_OK(botan_pk_op_decrypt_create, (&op_dec, loaded_privkey, "Raw", 0)); + // Test decryption + botan_pk_op_decrypt_t op_dec; + size_t pt_len = decryption.size(); + if (TEST_FFI_OK(botan_pk_op_decrypt_create, (&op_dec, loaded_privkey, "Raw", 0))) + { TEST_FFI_OK(botan_pk_op_decrypt, (op_dec, decryption.data(), &pt_len, ciphertext.data(), ct_len)); TEST_FFI_OK(botan_pk_op_decrypt_destroy, (op_dec)); + } - TEST_FFI_OK(botan_pubkey_destroy, (loaded_pubkey)); - TEST_FFI_OK(botan_pubkey_destroy, (pub)); - TEST_FFI_OK(botan_privkey_destroy, (loaded_privkey)); - TEST_FFI_OK(botan_privkey_destroy, (priv)); + TEST_FFI_OK(botan_pubkey_destroy, (loaded_pubkey)); + TEST_FFI_OK(botan_pubkey_destroy, (pub)); + TEST_FFI_OK(botan_privkey_destroy, (loaded_privkey)); + TEST_FFI_OK(botan_privkey_destroy, (priv)); + } + + Test::Result ffi_test_elgamal(botan_rng_t rng) + { + Test::Result result("FFI ELGAMAL"); + + botan_privkey_t priv; + + if(TEST_FFI_OK(botan_privkey_create, (&priv, "ElGamal", nullptr, rng))) + { + do_elgamal_test(priv, rng, result); + } + + if(TEST_FFI_OK(botan_privkey_create_elgamal, (&priv, rng, 2048))) + { + do_elgamal_test(priv, rng, result); } return result; From 2e5a1df57957539292ec30738cb26abc7e5e3759 Mon Sep 17 00:00:00 2001 From: Krzysztof Kwiatkowski Date: Mon, 22 Jan 2018 07:48:19 +0000 Subject: [PATCH 0573/1008] Comments from code review --- src/lib/ffi/ffi.h | 52 +++++++++++++++++++++++++++++++++-- src/lib/ffi/ffi_pkey_algs.cpp | 25 ++++++++++++++--- src/tests/test_ffi.cpp | 3 +- 3 files changed, 73 insertions(+), 7 deletions(-) diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index cfb7b853ef..296d64ef29 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -702,8 +702,56 @@ BOTAN_PUBLIC_API(2,0) int botan_privkey_create_ecdsa(botan_privkey_t* key, botan BOTAN_PUBLIC_API(2,0) int botan_privkey_create_ecdh(botan_privkey_t* key, botan_rng_t rng, const char* params); BOTAN_PUBLIC_API(2,0) int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t); BOTAN_PUBLIC_API(2,0) int botan_privkey_create_dh(botan_privkey_t* key, botan_rng_t rng, const char* param); -BOTAN_PUBLIC_API(2,0) int botan_privkey_create_dsa(botan_privkey_t* key, botan_rng_t rng, size_t pbits, size_t qbits); -BOTAN_PUBLIC_API(2,0) int botan_privkey_create_elgamal(botan_privkey_t* key, botan_rng_t rng, size_t pbits); + + +/* + * Generates DSA key pair. Gives to a caller control over key length + * and order of a subgroup 'q'. + * + * @param key handler to the resulting key + * @param rng initialized PRNG + * @param pbits length of the key in bits. Must be between in range (1024, 3072) + * and multiple of 64. Bit size of the prime 'p' + * @param qbits order of the subgroup. Must be in range (160, 256) and multiple + * of 8 + * + * @returns BOTAN_FFI_SUCCESS Success, `key' initialized with DSA key + * @returns BOTAN_FFI_ERROR_NULL_POINTER either `key' or `rng' is NULL + * @returns BOTAN_FFI_ERROR_BAD_PARAMETER unexpected value for either `pbits' or + * `qbits' + * @returns BOTAN_FFI_ERROR_NOT_IMPLEMENTED functionality not implemented + * +-------------------------------------------------------------------------------- */ +BOTAN_PUBLIC_API(2,5) int botan_privkey_create_dsa( + botan_privkey_t* key, + botan_rng_t rng, + size_t pbits, + size_t qbits); + +/* + * Generates ElGamal key pair. Caller has a control over key length + * and order of a subgroup 'q'. Function is able to use two types of + * primes: + * * if pbits-1 == qbits then safe primes are used for key generation + * * otherwise generation uses group of prime order + * + * @param key handler to the resulting key + * @param rng initialized PRNG + * @param pbits length of the key in bits. Must be at least 1024 + * @param qbits order of the subgroup. Must be at least 160 + * + * @returns BOTAN_FFI_SUCCESS Success, `key' initialized with DSA key + * @returns BOTAN_FFI_ERROR_NULL_POINTER either `key' or `rng' is NULL + * @returns BOTAN_FFI_ERROR_BAD_PARAMETER unexpected value for either `pbits' or + * `qbits' + * @returns BOTAN_FFI_ERROR_NOT_IMPLEMENTED functionality not implemented + * +-------------------------------------------------------------------------------- */ +BOTAN_PUBLIC_API(2,5) int botan_privkey_create_elgamal( + botan_privkey_t* key, + botan_rng_t rng, + size_t pbits, + size_t qbits); /* * Input currently assumed to be PKCS #8 structure; diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 3b4bde7ebd..a20d7de403 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -337,9 +337,15 @@ int botan_privkey_create_dsa(botan_privkey_t* key, botan_rng_t rng_obj, size_t p { #if defined(BOTAN_HAS_DSA) - if(rng_obj == nullptr) + if ((rng_obj == nullptr) || (key == nullptr)) return BOTAN_FFI_ERROR_NULL_POINTER; + if ((pbits % 64) || (qbits % 8) || + (pbits < 1024) || (pbits > 3072) || + (qbits < 160) || (qbits > 256)) { + return BOTAN_FFI_ERROR_BAD_PARAMETER; + } + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::RandomNumberGenerator& rng = safe_get(rng_obj); Botan::DL_Group group(rng, Botan::DL_Group::Prime_Subgroup, pbits, qbits); @@ -459,16 +465,27 @@ int botan_privkey_load_ecdsa(botan_privkey_t* key, } /* ElGamal specific operations */ -int botan_privkey_create_elgamal(botan_privkey_t* key, botan_rng_t rng_obj, size_t pbits) +int botan_privkey_create_elgamal(botan_privkey_t* key, + botan_rng_t rng_obj, + size_t pbits, + size_t qbits) { #if defined(BOTAN_HAS_ELGAMAL) - if(rng_obj == nullptr) + if ((rng_obj == nullptr) || (key == nullptr)) return BOTAN_FFI_ERROR_NULL_POINTER; + if ((pbits < 1024) || (qbits<160)) { + return BOTAN_FFI_ERROR_BAD_PARAMETER; + } + + Botan::DL_Group::PrimeType prime_type = ((pbits-1) == qbits) + ? Botan::DL_Group::Strong + : Botan::DL_Group::Prime_Subgroup; + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { Botan::RandomNumberGenerator& rng = safe_get(rng_obj); - Botan::DL_Group group(rng, Botan::DL_Group::Strong, pbits); + Botan::DL_Group group(rng, prime_type, pbits, qbits); *key = new botan_privkey_struct(new Botan::ElGamal_PrivateKey(rng, group)); return BOTAN_FFI_SUCCESS; }); diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index af6f57b80c..00deabb062 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -1,6 +1,7 @@ /* * (C) 2015 Jack Lloyd * (C) 2016 René Korthaus +* (C) 2018 Ribose Inc, Krzysztof Kwiatkowski * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -1956,7 +1957,7 @@ class FFI_Unit_Tests final : public Test do_elgamal_test(priv, rng, result); } - if(TEST_FFI_OK(botan_privkey_create_elgamal, (&priv, rng, 2048))) + if(TEST_FFI_OK(botan_privkey_create_elgamal, (&priv, rng, 1024, 160))) { do_elgamal_test(priv, rng, result); } From bf1548695aea625c3af91e53c294aabeeb03f873 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 23 Jan 2018 12:38:38 -0500 Subject: [PATCH 0574/1008] Allow applications to easily override extensions in cert requests Refactor the code so it's possible to create a cert request without going through x509self.h (PKCS10_Request::create). Add Extensions::add_new, so we can add an extension to a PKCS10 request without stomping on one already included by the application. Refactor the X509 unit tests to avoid (some) duplicated key creations. Just create a key once at the start and use it for all of the tests. GH #1428 --- src/lib/x509/pkcs10.cpp | 56 +++++++ src/lib/x509/pkcs10.h | 22 +++ src/lib/x509/x509_ca.cpp | 63 +------- src/lib/x509/x509_ext.cpp | 15 ++ src/lib/x509/x509_ext.h | 10 ++ src/lib/x509/x509_obj.cpp | 67 ++++++++ src/lib/x509/x509_obj.h | 9 ++ src/lib/x509/x509self.cpp | 80 +++------- src/tests/unit_x509.cpp | 319 +++++++++++++++++++------------------- 9 files changed, 360 insertions(+), 281 deletions(-) diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 78fea8dc63..2da002cd16 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -9,6 +9,8 @@ #include #include #include +#include +#include #include #include @@ -52,6 +54,60 @@ PKCS10_Request::PKCS10_Request(const std::string& fsname) } #endif +//static +PKCS10_Request PKCS10_Request::create(const Private_Key& key, + const X509_DN& subject_dn, + const Extensions& extensions, + const std::string& hash_fn, + RandomNumberGenerator& rng, + const std::string& padding_scheme, + const std::string& challenge) + { + const std::map sig_opts = { {"padding", padding_scheme} }; + + AlgorithmIdentifier sig_algo; + std::unique_ptr signer = choose_sig_format(sig_algo, key, rng, hash_fn, padding_scheme); + + const size_t PKCS10_VERSION = 0; + + DER_Encoder tbs_req; + + tbs_req.start_cons(SEQUENCE) + .encode(PKCS10_VERSION) + .encode(subject_dn) + .raw_bytes(key.subject_public_key()) + .start_explicit(0); + + if(challenge.empty() == false) + { + ASN1_String challenge_str(challenge, DIRECTORY_STRING); + + tbs_req.encode( + Attribute("PKCS9.ChallengePassword", + DER_Encoder().encode(challenge_str).get_contents_unlocked() + ) + ); + } + + tbs_req.encode( + Attribute("PKCS9.ExtensionRequest", + DER_Encoder() + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .get_contents_unlocked() + ) + ) + .end_explicit() + .end_cons(); + + const std::vector req = + X509_Object::make_signed(signer.get(), rng, sig_algo, + tbs_req.get_contents()); + + return PKCS10_Request(req); + } + /* * Decode the CertificateRequestInfo */ diff --git a/src/lib/x509/pkcs10.h b/src/lib/x509/pkcs10.h index b3a75fd5ea..bd8cdb2e14 100644 --- a/src/lib/x509/pkcs10.h +++ b/src/lib/x509/pkcs10.h @@ -18,6 +18,7 @@ namespace Botan { +class Private_Key; class Extensions; struct PKCS10_Data; @@ -109,6 +110,27 @@ class BOTAN_PUBLIC_API(2,0) PKCS10_Request final : public X509_Object * @param vec a std::vector containing the DER value */ explicit PKCS10_Request(const std::vector& vec); + + /** + * Create a new PKCS10 certificate request + * @param key the key that will be included in the certificate request + * @param subject_dn the DN to be placed in the request + * @param extensions extensions to include in the request + * @param hash_fn the hash function to use to create the signature + * @param rng a random number generator + * @param padding_scheme if set specifies the padding scheme, otherwise an + * algorithm-specific default is used. + * @param challenge a challenge string to be included in the PKCS10 request, + * sometimes used for revocation purposes. + */ + static PKCS10_Request create(const Private_Key& key, + const X509_DN& subject_dn, + const Extensions& extensions, + const std::string& hash_fn, + RandomNumberGenerator& rng, + const std::string& padding_scheme = "", + const std::string& challenge = ""); + private: std::string PEM_label() const override; diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 1560140c75..294a564d56 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -277,76 +277,19 @@ PK_Signer* choose_sig_format(const Private_Key& key, const std::string& hash_fn, AlgorithmIdentifier& sig_algo) { - return choose_sig_format(key, std::map(), - rng, hash_fn, sig_algo); + return X509_Object::choose_sig_format(sig_algo, key, rng, hash_fn, "").release(); } -/* -* Choose a signing format for the key -*/ PK_Signer* choose_sig_format(const Private_Key& key, const std::map& opts, RandomNumberGenerator& rng, const std::string& hash_fn, AlgorithmIdentifier& sig_algo) { - const std::string algo_name = key.algo_name(); - - std::unique_ptr hash(HashFunction::create_or_throw(hash_fn)); - std::string hash_name = hash->name(); - - // check algo_name and set default std::string padding; - if(algo_name == "RSA") - { - // set to EMSA3 for compatibility reasons, originally it was the only option - padding = "EMSA3(" + hash_name + ")"; - } - else if(algo_name == "DSA" || - algo_name == "ECDSA" || - algo_name == "ECGDSA" || - algo_name == "ECKCDSA" || - algo_name == "GOST-34.10") - { - padding = "EMSA1(" + hash_name + ")"; - } - else - { - throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); - } - - if(opts.count("padding") > 0 && !opts.at("padding").empty()) - { + if(opts.count("padding")) padding = opts.at("padding"); - } - - // try to construct an EMSA object from the padding options or default - std::unique_ptr emsa = nullptr; - try - { - emsa.reset(get_emsa(padding)); - } - /* - * get_emsa will throw if opts contains {"padding",} but - * does not specify a hash function. - * Omitting it is valid since it needs to be identical to hash_fn. - * If it still throws, something happened that we cannot repair here, - * e.g. the algorithm/padding combination is not supported. - */ - catch(...) - { - emsa.reset(get_emsa(padding + "(" + hash_fn + ")")); - } - if(emsa == nullptr) - { - throw Invalid_Argument("Could not parse padding scheme " + padding); - } - - const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; - - sig_algo = emsa->config_for_x509(key, hash_name); - - return new PK_Signer(key, rng, emsa->name(), format); + return X509_Object::choose_sig_format(sig_algo, key, rng, hash_fn, padding).release(); } } diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 44c469c484..b969ad7cfd 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -131,6 +131,21 @@ void Extensions::add(Certificate_Extension* extn, bool critical) m_extension_info.emplace(oid, info); } +bool Extensions::add_new(Certificate_Extension* extn, bool critical) + { + if(m_extension_info.count(extn->oid_of()) > 0) + { + delete extn; + return false; // already exists + } + + const OID oid = extn->oid_of(); + Extensions_Info info(critical, extn); + m_extension_oids.push_back(oid); + m_extension_info.emplace(oid, info); + return true; + } + void Extensions::replace(Certificate_Extension* extn, bool critical) { // Remove it if it existed diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 8e702daf1a..7c8a8569c1 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -154,6 +154,16 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object */ void add(Certificate_Extension* extn, bool critical = false); + /** + * Adds a new extension to the list unless it already exists. If the extension + * already exists within the Extensions object, the extn pointer will be deleted. + * + * @param extn pointer to the certificate extension (Extensions takes ownership) + * @param critical whether this extension should be marked as critical + * @return true if the object was added false if the extension was already used + */ + bool add_new(Certificate_Extension* extn, bool critical = false); + /** * Adds an extension to the list or replaces it. * @param extn the certificate extension diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 01a92a001a..78413c1214 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -12,6 +12,7 @@ #include #include #include +#include #include namespace Botan { @@ -284,4 +285,70 @@ std::vector X509_Object::make_signed(PK_Signer* signer, .get_contents_unlocked(); } +/* +* Choose a signing format for the key +*/ +std::unique_ptr X509_Object::choose_sig_format(AlgorithmIdentifier& sig_algo, + const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& hash_fn, + const std::string& padding_algo) + { + const std::string algo_name = key.algo_name(); + + std::string padding; + + // check algo_name and set default + if(algo_name == "RSA") + { + // set to EMSA3 for compatibility reasons, originally it was the only option + padding = "EMSA3(" + hash_fn + ")"; + } + else if(algo_name == "DSA" || + algo_name == "ECDSA" || + algo_name == "ECGDSA" || + algo_name == "ECKCDSA" || + algo_name == "GOST-34.10") + { + padding = "EMSA1(" + hash_fn + ")"; + } + else + { + throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); + } + + if(padding_algo.empty() == false) + { + padding = padding_algo; + } + + // try to construct an EMSA object from the padding options or default + std::unique_ptr emsa = nullptr; + try + { + emsa.reset(get_emsa(padding)); + } + /* + * get_emsa will throw if opts contains {"padding",} but + * does not specify a hash function. + * Omitting it is valid since it needs to be identical to hash_fn. + * If it still throws, something happened that we cannot repair here, + * e.g. the algorithm/padding combination is not supported. + */ + catch(...) + { + emsa.reset(get_emsa(padding + "(" + hash_fn + ")")); + } + if(emsa == nullptr) + { + throw Invalid_Argument("Could not parse padding scheme " + padding); + } + + const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; + + sig_algo = emsa->config_for_x509(key, hash_fn); + + return std::unique_ptr(new PK_Signer(key, rng, emsa->name(), format)); + } + } diff --git a/src/lib/x509/x509_obj.h b/src/lib/x509/x509_obj.h index 72ba0f5347..1e4abe00b1 100644 --- a/src/lib/x509/x509_obj.h +++ b/src/lib/x509/x509_obj.h @@ -16,6 +16,7 @@ namespace Botan { class Public_Key; +class Private_Key; class RandomNumberGenerator; /** @@ -119,6 +120,14 @@ class BOTAN_PUBLIC_API(2,0) X509_Object : public ASN1_Object { return std::vector(); } virtual ~X509_Object() = default; + + static std::unique_ptr + choose_sig_format(AlgorithmIdentifier& sig_algo, + const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& hash_fn, + const std::string& padding_algo); + protected: X509_Object() = default; diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index 108e0496bd..78cdfe741e 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -56,6 +56,8 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, std::unique_ptr signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); + Extensions extensions = opts.extensions; + Key_Constraints constraints; if(opts.is_CA) { @@ -67,23 +69,21 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, constraints = opts.constraints; } - Extensions extensions = opts.extensions; - - extensions.add( + extensions.add_new( new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit), true); if(constraints != NO_CONSTRAINTS) { - extensions.add(new Cert_Extension::Key_Usage(constraints), true); + extensions.add_new(new Cert_Extension::Key_Usage(constraints), true); } - extensions.add(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn)); + extensions.add_new(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn)); - extensions.add( + extensions.add_new( new Cert_Extension::Subject_Alternative_Name(subject_alt)); - extensions.add( + extensions.add_new( new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key, @@ -100,19 +100,10 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, const std::string& hash_fn, RandomNumberGenerator& rng) { - AlgorithmIdentifier sig_algo; X509_DN subject_dn; AlternativeName subject_alt; - - // for now, only the padding option is used - std::map sig_opts = { {"padding",opts.padding_scheme} }; - - std::vector pub_key = X509::BER_encode(key); - std::unique_ptr signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); - const size_t PKCS10_VERSION = 0; - Key_Constraints constraints; if(opts.is_CA) { @@ -126,55 +117,22 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, Extensions extensions = opts.extensions; - extensions.add( - new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); + extensions.add_new(new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); if(constraints != NO_CONSTRAINTS) { - extensions.add( - new Cert_Extension::Key_Usage(constraints)); - } - extensions.add( - new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); - extensions.add( - new Cert_Extension::Subject_Alternative_Name(subject_alt)); - - DER_Encoder tbs_req; - - tbs_req.start_cons(SEQUENCE) - .encode(PKCS10_VERSION) - .encode(subject_dn) - .raw_bytes(pub_key) - .start_explicit(0); - - if(!opts.challenge.empty()) - { - ASN1_String challenge(opts.challenge, DIRECTORY_STRING); - - tbs_req.encode( - Attribute("PKCS9.ChallengePassword", - DER_Encoder().encode(challenge).get_contents_unlocked() - ) - ); + extensions.add_new(new Cert_Extension::Key_Usage(constraints)); } - - tbs_req.encode( - Attribute("PKCS9.ExtensionRequest", - DER_Encoder() - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .get_contents_unlocked() - ) - ) - .end_explicit() - .end_cons(); - - const std::vector req = - X509_Object::make_signed(signer.get(), rng, sig_algo, - tbs_req.get_contents()); - - return PKCS10_Request(req); + extensions.add_new(new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); + extensions.add_new(new Cert_Extension::Subject_Alternative_Name(subject_alt)); + + return PKCS10_Request::create(key, + subject_dn, + extensions, + hash_fn, + rng, + opts.padding_scheme, + opts.challenge); } } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 5e787d72d1..d0f284bf30 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -5,6 +5,7 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include #include "tests.h" #if defined(BOTAN_HAS_X509_CERTIFICATES) @@ -617,22 +618,48 @@ Test::Result test_padding_config() { #endif -Test::Result test_x509_cert(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") +Test::Result test_pkcs10_ext(const Botan::Private_Key& key, + const std::string& sig_padding, + const std::string& hash_fn = "SHA-256") { - Test::Result result("X509 Unit"); + Test::Result result("PKCS10 extensions"); - /* Create the CA's key and self-signed cert */ - std::unique_ptr ca_key(make_a_private_key(sig_algo)); + Botan::X509_Cert_Options opts; - if(!ca_key) - { - // Failure because X.509 enabled but requested signature algorithm is not present - result.test_note("Skipping due to missing signature algorithm: " + sig_algo); - return result; - } + opts.padding_scheme = sig_padding; + + Botan::AlternativeName alt_name; + alt_name.add_attribute("DNS", "example.org"); + alt_name.add_attribute("DNS", "example.com"); + alt_name.add_attribute("DNS", "example.net"); + + opts.extensions.add(new Botan::Cert_Extension::Subject_Alternative_Name(alt_name)); + + Botan::PKCS10_Request req = Botan::X509::create_cert_req(opts, key, hash_fn, Test::rng()); + + std::vector alt_dns_names = req.subject_alt_name().get_attribute("DNS"); + + result.test_eq("Expected number of DNS names", alt_dns_names.size(), 3); + + // The order is not guaranteed so sort before comparing + std::sort(alt_dns_names.begin(), alt_dns_names.end()); + + result.test_eq("Expected DNS name 1", alt_dns_names.at(0), "example.com"); + result.test_eq("Expected DNS name 2", alt_dns_names.at(1), "example.net"); + result.test_eq("Expected DNS name 3", alt_dns_names.at(2), "example.org"); + + return result; + } + +Test::Result test_x509_cert(const Botan::Private_Key& ca_key, + const std::string& sig_algo, + const std::string& sig_padding = "", + const std::string& hash_fn = "SHA-256") + { + Test::Result result("X509 Unit"); /* Create the self-signed cert */ - const auto ca_cert = Botan::X509::create_self_signed_cert(ca_opts(sig_padding), *ca_key, hash_fn, Test::rng()); + const auto ca_cert = Botan::X509::create_self_signed_cert(ca_opts(sig_padding), ca_key, hash_fn, Test::rng()); { const auto constraints = Botan::Key_Constraints(Botan::KEY_CERT_SIGN | Botan::CRL_SIGN); @@ -661,7 +688,7 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& sig_ Test::rng()); /* Create the CA object */ - Botan::X509_CA ca(ca_cert, *ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); + Botan::X509_CA ca(ca_cert, ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); /* Sign the requests to create the certs */ Botan::X509_Certificate user1_cert = @@ -787,31 +814,23 @@ Test::Result test_x509_cert(const std::string& sig_algo, const std::string& sig_ return result; } -Test::Result test_usage(const std::string& sig_algo, const std::string& hash_fn = "SHA-256") +Test::Result test_usage(const Botan::Private_Key& ca_key, + const std::string& sig_algo, + const std::string& hash_fn = "SHA-256") { using Botan::Key_Constraints; Test::Result result("X509 Usage"); - /* Create the CA's key and self-signed cert */ - std::unique_ptr ca_key(make_a_private_key(sig_algo)); - - if(!ca_key) - { - // Failure because X.509 enabled but requested signature algorithm is not present - result.test_note("Skipping due to missing signature algorithm: " + sig_algo); - return result; - } - /* Create the self-signed cert */ const Botan::X509_Certificate ca_cert = Botan::X509::create_self_signed_cert( ca_opts(), - *ca_key, + ca_key, hash_fn, Test::rng()); /* Create the CA object */ - const Botan::X509_CA ca(ca_cert, *ca_key, hash_fn, Test::rng()); + const Botan::X509_CA ca(ca_cert, ca_key, hash_fn, Test::rng()); std::unique_ptr user1_key(make_a_private_key(sig_algo)); @@ -875,28 +894,21 @@ Test::Result test_usage(const std::string& sig_algo, const std::string& hash_fn return result; } -Test::Result test_self_issued(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") +Test::Result test_self_issued(const Botan::Private_Key& ca_key, + const std::string& sig_algo, + const std::string& sig_padding = "", + const std::string& hash_fn = "SHA-256") { using Botan::Key_Constraints; Test::Result result("X509 Self Issued"); - // create the CA's key and self-signed cert - std::unique_ptr ca_key(make_a_private_key(sig_algo)); - - if(!ca_key) - { - // Failure because X.509 enabled but requested signature algorithm is not present - result.test_note("Skipping due to missing signature algorithm: " + sig_algo); - return result; - } - // create the self-signed cert const Botan::X509_Certificate ca_cert = Botan::X509::create_self_signed_cert( - ca_opts(sig_padding), *ca_key, hash_fn, Test::rng()); + ca_opts(sig_padding), ca_key, hash_fn, Test::rng()); /* Create the CA object */ - const Botan::X509_CA ca(ca_cert, *ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); + const Botan::X509_CA ca(ca_cert, ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); std::unique_ptr user_key(make_a_private_key(sig_algo)); @@ -983,21 +995,13 @@ struct typical_usage_constraints }; -Test::Result test_valid_constraints(const std::string& pk_algo) +Test::Result test_valid_constraints(const Botan::Private_Key& key, + const std::string& pk_algo) { Test::Result result("X509 Valid Constraints"); - std::unique_ptr key(make_a_private_key(pk_algo)); - - if(!key) - { - // Failure because X.509 enabled but requested algorithm is not present - result.test_note("Skipping due to missing signature algorithm: " + pk_algo); - return result; - } - // should not throw on empty constraints - verify_cert_constraints_valid_for_key_type(*key, Key_Constraints(Key_Constraints::NO_CONSTRAINTS)); + verify_cert_constraints_valid_for_key_type(key, Key_Constraints(Key_Constraints::NO_CONSTRAINTS)); // now check some typical usage scenarios for the given key type typical_usage_constraints typical_usage; @@ -1007,40 +1011,40 @@ Test::Result test_valid_constraints(const std::string& pk_algo) // DH and ECDH only for key agreement result.test_throws("all constraints not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.all); + verify_cert_constraints_valid_for_key_type(key, typical_usage.all); }); result.test_throws("cert sign not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.ca); + verify_cert_constraints_valid_for_key_type(key, typical_usage.ca); }); result.test_throws("signature not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_data); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_data); }); result.test_throws("non repudiation not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.non_repudiation); + verify_cert_constraints_valid_for_key_type(key, typical_usage.non_repudiation); }); result.test_throws("key encipherment not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_encipherment); }); result.test_throws("data encipherment not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.data_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.data_encipherment); }); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_encipher_only); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_decipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_encipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_decipher_only); result.test_throws("crl sign not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.crl_sign); + verify_cert_constraints_valid_for_key_type(key, typical_usage.crl_sign); }); result.test_throws("sign, cert sign, crl sign not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_everything); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_everything); }); } else if(pk_algo == "RSA") @@ -1048,65 +1052,65 @@ Test::Result test_valid_constraints(const std::string& pk_algo) // RSA can do everything except key agreement result.test_throws("all constraints not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.all); + verify_cert_constraints_valid_for_key_type(key, typical_usage.all); }); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.ca); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_data); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.non_repudiation); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_encipherment); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.data_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.ca); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_data); + verify_cert_constraints_valid_for_key_type(key, typical_usage.non_repudiation); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.data_encipherment); result.test_throws("key agreement not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement); }); result.test_throws("key agreement, encipher only not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_encipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_encipher_only); }); result.test_throws("key agreement, decipher only not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_decipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_decipher_only); }); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.crl_sign); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_everything); + verify_cert_constraints_valid_for_key_type(key, typical_usage.crl_sign); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_everything); } else if(pk_algo == "ElGamal") { // only ElGamal encryption is currently implemented result.test_throws("all constraints not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.all); + verify_cert_constraints_valid_for_key_type(key, typical_usage.all); }); result.test_throws("cert sign not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.ca); + verify_cert_constraints_valid_for_key_type(key, typical_usage.ca); }); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.data_encipherment); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.data_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_encipherment); result.test_throws("key agreement not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement); }); result.test_throws("key agreement, encipher only not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_encipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_encipher_only); }); result.test_throws("key agreement, decipher only not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_decipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_decipher_only); }); result.test_throws("crl sign not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.crl_sign); + verify_cert_constraints_valid_for_key_type(key, typical_usage.crl_sign); }); result.test_throws("sign, cert sign, crl sign not permitted not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_everything); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_everything); }); } else if(pk_algo == "DSA" || pk_algo == "ECDSA" || pk_algo == "ECGDSA" || pk_algo == "ECKCDSA" || @@ -1115,36 +1119,36 @@ Test::Result test_valid_constraints(const std::string& pk_algo) // these are signature algorithms only result.test_throws("all constraints not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.all); + verify_cert_constraints_valid_for_key_type(key, typical_usage.all); }); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.ca); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_data); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.non_repudiation); + verify_cert_constraints_valid_for_key_type(key, typical_usage.ca); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_data); + verify_cert_constraints_valid_for_key_type(key, typical_usage.non_repudiation); result.test_throws("key encipherment not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_encipherment); }); result.test_throws("data encipherment not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.data_encipherment); + verify_cert_constraints_valid_for_key_type(key, typical_usage.data_encipherment); }); result.test_throws("key agreement not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement); }); result.test_throws("key agreement, encipher only not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_encipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_encipher_only); }); result.test_throws("key agreement, decipher only not permitted", [&key, &typical_usage]() { - verify_cert_constraints_valid_for_key_type(*key, typical_usage.key_agreement_decipher_only); + verify_cert_constraints_valid_for_key_type(key, typical_usage.key_agreement_decipher_only); }); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.crl_sign); - verify_cert_constraints_valid_for_key_type(*key, typical_usage.sign_everything); + verify_cert_constraints_valid_for_key_type(key, typical_usage.crl_sign); + verify_cert_constraints_valid_for_key_type(key, typical_usage.sign_everything); } return result; @@ -1203,28 +1207,21 @@ class String_Extension final : public Botan::Certificate_Extension std::string m_contents; }; -Test::Result test_x509_extensions(const std::string& sig_algo, const std::string& sig_padding = "", const std::string& hash_fn = "SHA-256") +Test::Result test_x509_extensions(const Botan::Private_Key& ca_key, + const std::string& sig_algo, + const std::string& sig_padding = "", + const std::string& hash_fn = "SHA-256") { using Botan::Key_Constraints; Test::Result result("X509 Extensions"); - /* Create the CA's key and self-signed cert */ - std::unique_ptr ca_key(make_a_private_key(sig_algo)); - - if(!ca_key) - { - // Failure because X.509 enabled but requested signature algorithm is not present - result.test_note("Skipping due to missing signature algorithm: " + sig_algo); - return result; - } - /* Create the self-signed cert */ Botan::X509_Certificate ca_cert = - Botan::X509::create_self_signed_cert(ca_opts(sig_padding), *ca_key, hash_fn, Test::rng()); + Botan::X509::create_self_signed_cert(ca_opts(sig_padding), ca_key, hash_fn, Test::rng()); /* Create the CA object */ - Botan::X509_CA ca(ca_cert, *ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); + Botan::X509_CA ca(ca_cert, ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); std::unique_ptr user_key(make_a_private_key(sig_algo)); @@ -1290,18 +1287,11 @@ Test::Result test_x509_extensions(const std::string& sig_algo, const std::string return result; } -Test::Result test_hashes(const std::string& algo, const std::string& hash_fn = "SHA-256") +Test::Result test_hashes(const Botan::Private_Key& key, + const std::string& hash_fn = "SHA-256") { Test::Result result("X509 Hashes"); - const std::unique_ptr key(make_a_private_key(algo)); - - if(!key) - { - result.test_note("Skipping due to missing signature algorithm: " + algo); - return result; - } - struct TestData { const std::string issuer, subject, issuer_hash, subject_hash; @@ -1345,14 +1335,14 @@ Test::Result test_hashes(const std::string& algo, const std::string& hash_fn = " opts.CA_key(); const Botan::X509_Certificate issuer_cert = - Botan::X509::create_self_signed_cert(opts, *key, hash_fn, Test::rng()); + Botan::X509::create_self_signed_cert(opts, key, hash_fn, Test::rng()); result.test_eq(a.issuer, Botan::hex_encode(issuer_cert.raw_issuer_dn_sha256()), a.issuer_hash); result.test_eq(a.issuer, Botan::hex_encode(issuer_cert.raw_subject_dn_sha256()), a.issuer_hash); - const Botan::X509_CA ca(issuer_cert, *key, hash_fn, Test::rng()); + const Botan::X509_CA ca(issuer_cert, key, hash_fn, Test::rng()); const Botan::PKCS10_Request req = - Botan::X509::create_cert_req(a.subject, *key, hash_fn, Test::rng()); + Botan::X509::create_cert_req(a.subject, key, hash_fn, Test::rng()); const Botan::X509_Certificate subject_cert = ca.sign_request(req, Test::rng(), from_date(2008, 01, 01), from_date(2033, 01, 01)); @@ -1370,10 +1360,6 @@ class X509_Cert_Unit_Tests final : public Test std::vector results; const std::string sig_algos[] { "RSA", "DSA", "ECDSA", "ECGDSA", "ECKCDSA", "GOST-34.10" }; - Test::Result cert_result("X509 Unit"); - Test::Result usage_result("X509 Usage"); - Test::Result self_issued_result("X509 Self Issued"); - Test::Result extensions_result("X509 Extensions"); for(const std::string& algo : sig_algos) { @@ -1381,53 +1367,85 @@ class X509_Cert_Unit_Tests final : public Test if(algo == "RSA") continue; #endif - for(auto padding_scheme : Botan::get_sig_paddings(algo)) - { - try - { - cert_result.merge(test_x509_cert(algo, padding_scheme)); - } - catch(std::exception& e) - { - cert_result.test_failure("test_x509_cert " + algo, e.what()); - } - } + + std::unique_ptr key = make_a_private_key(algo); + + if(key == nullptr) + continue; + + results.push_back(test_hashes(*key)); + results.push_back(test_valid_constraints(*key, algo)); + + Test::Result usage_result("X509 Usage"); try { - usage_result.merge(test_usage(algo)); + usage_result.merge(test_usage(*key, algo)); } catch(std::exception& e) { usage_result.test_failure("test_usage " + algo, e.what()); } + results.push_back(usage_result); + for(auto padding_scheme : Botan::get_sig_paddings(algo)) { + Test::Result cert_result("X509 Unit"); try { - self_issued_result.merge(test_self_issued(algo, padding_scheme)); + cert_result.merge(test_x509_cert(*key, algo, padding_scheme)); + } + catch(std::exception& e) + { + cert_result.test_failure("test_x509_cert " + algo, e.what()); + } + results.push_back(cert_result); + + Test::Result pkcs10_result("PKCS10 extensions"); + try + { + pkcs10_result.merge(test_pkcs10_ext(*key, padding_scheme)); + } + catch(std::exception& e) + { + pkcs10_result.test_failure("test_pkcs10_ext " + algo, e.what()); + } + results.push_back(pkcs10_result); + + Test::Result self_issued_result("X509 Self Issued"); + try + { + self_issued_result.merge(test_self_issued(*key, algo, padding_scheme)); } catch(std::exception& e) { self_issued_result.test_failure("test_self_issued " + algo, e.what()); } - } - for(auto padding_scheme : Botan::get_sig_paddings(algo)) - { + results.push_back(self_issued_result); + + Test::Result extensions_result("X509 Extensions"); try { - extensions_result.merge(test_x509_extensions(algo, padding_scheme)); + extensions_result.merge(test_x509_extensions(*key, algo, padding_scheme)); } catch(std::exception& e) { extensions_result.test_failure("test_extensions " + algo, e.what()); } + results.push_back(extensions_result); } + } - results.push_back(cert_result); - results.push_back(usage_result); - results.push_back(self_issued_result); - results.push_back(extensions_result); + /* + These are algos which cannot sign but can be included in certs + */ + const std::vector enc_algos = { "DH", "ECDH", "ElGamal" }; + + for(std::string algo : enc_algos) + { + std::unique_ptr key = make_a_private_key(algo); + results.push_back(test_valid_constraints(*key, algo)); + } #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) Test::Result pad_config_result("X509 Padding Config"); @@ -1442,23 +1460,6 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(pad_config_result); #endif - const std::vector pk_algos - { - "DH", "ECDH", "RSA", "ElGamal", "GOST-34.10", - "DSA", "ECDSA", "ECGDSA", "ECKCDSA" - }; - - Test::Result valid_constraints_result("X509 Valid Constraints"); - - for(const std::string& algo : pk_algos) - { -#if !defined(BOTAN_HAS_EMSA_PKCS1) - if(algo == "RSA") - continue; -#endif - valid_constraints_result.merge(test_valid_constraints(algo)); - } - #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) results.push_back(test_x509_utf8()); results.push_back(test_x509_bmpstring()); @@ -1467,10 +1468,8 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_x509_authority_info_access_extension()); #endif - results.push_back(valid_constraints_result); results.push_back(test_x509_dates()); results.push_back(test_cert_status_strings()); - results.push_back(test_hashes("ECDSA")); results.push_back(test_x509_uninit()); return results; From 3648a72198f709da53a4903e242af7269897ebad Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 24 Jan 2018 06:32:09 -0500 Subject: [PATCH 0575/1008] Remove iostream includes [ci skip] --- src/cli/utils.cpp | 1 - src/tests/unit_x509.cpp | 1 - 2 files changed, 2 deletions(-) diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 6238f0b037..fadeac188c 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -14,7 +14,6 @@ #include #include #include -#include #include #include diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index d0f284bf30..40138a0f93 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -5,7 +5,6 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include #include "tests.h" #if defined(BOTAN_HAS_X509_CERTIFICATES) From cfe57137e5957b84b6b749db8d9f02c3ee1f8c1e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 09:41:56 -0500 Subject: [PATCH 0576/1008] Fix speed test of cipher modes [ci skip] Add BOTAN_HAS_CIPHER_MODES which is an easier to read/remember macro than BOTAN_HAS_MODES --- src/cli/speed.cpp | 6 +++--- src/lib/modes/info.txt | 1 + src/tests/test_modes.cpp | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index b60e26ef16..73b4b6a06f 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -35,7 +35,7 @@ #include #endif -#if defined(BOTAN_HAS_CIPHER_MODE) +#if defined(BOTAN_HAS_CIPHER_MODES) #include #endif @@ -742,7 +742,7 @@ class Speed final : public Command std::bind(&Speed::bench_stream_cipher, this, _1, _2, _3, _4)); } #endif -#if defined(BOTAN_HAS_CIPHER_MODE) +#if defined(BOTAN_HAS_CIPHER_MODES) else if(auto enc = Botan::get_cipher_mode(algo, Botan::ENCRYPTION)) { auto dec = Botan::get_cipher_mode(algo, Botan::DECRYPTION); @@ -1087,7 +1087,7 @@ class Speed final : public Command } #endif -#if defined(BOTAN_HAS_CIPHER_MODE) +#if defined(BOTAN_HAS_CIPHER_MODES) void bench_cipher_mode( Botan::Cipher_Mode& enc, Botan::Cipher_Mode& dec, diff --git a/src/lib/modes/info.txt b/src/lib/modes/info.txt index 70bd189d7e..4c19db04ca 100644 --- a/src/lib/modes/info.txt +++ b/src/lib/modes/info.txt @@ -1,5 +1,6 @@ MODES -> 20150626 +CIPHER_MODES -> 20180124 diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index 3ac34760d4..d707f44194 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -7,13 +7,13 @@ #include "tests.h" -#if defined(BOTAN_HAS_MODES) +#if defined(BOTAN_HAS_CIPHER_MODES) #include #endif namespace Botan_Tests { -#if defined(BOTAN_HAS_MODES) +#if defined(BOTAN_HAS_CIPHER_MODES) class Cipher_Mode_Tests final : public Text_Based_Test { From 936da0514b06b341e6fab372477e32c90df05d57 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 7 Jan 2018 16:48:07 -0500 Subject: [PATCH 0577/1008] Add ability for application to control which TLS extensions are used GH #1186 --- src/lib/tls/msg_client_hello.cpp | 7 +++++++ src/lib/tls/msg_server_hello.cpp | 7 +++++++ src/lib/tls/tls_callbacks.cpp | 4 ++++ src/lib/tls/tls_callbacks.h | 12 ++++++++++++ src/lib/tls/tls_client.cpp | 2 ++ src/lib/tls/tls_extensions.cpp | 9 +++++++++ src/lib/tls/tls_extensions.h | 7 +++++++ src/lib/tls/tls_messages.h | 7 ++++++- src/lib/tls/tls_server.cpp | 2 ++ 9 files changed, 56 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index eeeaf8c719..77068a928b 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -81,6 +82,7 @@ std::vector Hello_Request::serialize() const Client_Hello::Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& reneg_info, const Client_Hello::Settings& client_settings, @@ -140,6 +142,8 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), policy.allowed_signature_methods())); + cb.tls_modify_extensions(m_extensions); + if(policy.send_fallback_scsv(client_settings.protocol_version())) m_suites.push_back(TLS_FALLBACK_SCSV); @@ -152,6 +156,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, Client_Hello::Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& reneg_info, const Session& session, @@ -201,6 +206,8 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); + cb.tls_modify_extensions(m_extensions); + hash.update(io.send(*this)); } diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 5e290eb682..815fd37f00 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -23,6 +24,7 @@ namespace TLS { Server_Hello::Server_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& reneg_info, const Client_Hello& client_hello, @@ -83,6 +85,8 @@ Server_Hello::Server_Hello(Handshake_IO& io, } } + cb.tls_modify_extensions(m_extensions); + hash.update(io.send(*this)); } @@ -90,6 +94,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, Server_Hello::Server_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& reneg_info, const Client_Hello& client_hello, @@ -130,6 +135,8 @@ Server_Hello::Server_Hello(Handshake_IO& io, if(!next_protocol.empty() && client_hello.supports_alpn()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol)); + cb.tls_modify_extensions(m_extensions); + hash.update(io.send(*this)); } diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index b8f38589ee..b13aa2406f 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -32,6 +32,10 @@ std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector& cert_chain, const std::vector>& ocsp_responses, diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 4437a222a7..3ac1a9d2f1 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -30,6 +30,7 @@ namespace TLS { class Handshake_Message; class Policy; +class Extensions; /** * Encapsulates the callbacks that a TLS channel will make which are due to @@ -249,6 +250,17 @@ class BOTAN_PUBLIC_API(2,0) Callbacks */ virtual std::string tls_server_choose_app_protocol(const std::vector& client_protos); + /** + * Optional callback: examine/modify Extensions before sending. Both + * client and server will call this callback on the Extensions object + * before serializing it in the client/server hellos. This allows a client + * to modify which extensions are sent during the handshake. This also + * allows creating custom extensions. + * + * Default implementation does nothing. + */ + virtual void tls_modify_extensions(Extensions& extn); + /** * Optional callback: error logging. (not currently called) * @param err An error message related to this connection. diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index c88b6a7dbc..e041c1a778 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -169,6 +169,7 @@ void Client::send_client_hello(Handshake_State& state_base, new Client_Hello(state.handshake_io(), state.hash(), policy(), + callbacks(), rng(), secure_renegotiation_data_for_client_hello(), session_info, @@ -188,6 +189,7 @@ void Client::send_client_hello(Handshake_State& state_base, state.handshake_io(), state.hash(), policy(), + callbacks(), rng(), secure_renegotiation_data_for_client_hello(), client_settings, diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index d521f6bf86..6497c3c119 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -124,6 +124,15 @@ std::vector Extensions::serialize() const return buf; } +bool Extensions::remove_extension(Handshake_Extension_Type typ) + { + auto i = m_extensions.find(typ); + if(i == m_extensions.end()) + return false; + m_extensions.erase(i); + return true; + } + std::set Extensions::extension_types() const { std::set offers; diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 221d8b46f1..7b7b645bf8 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -466,6 +466,13 @@ class BOTAN_UNSTABLE_API Extensions final void deserialize(TLS_Data_Reader& reader); + /** + * Remvoe an extension from this extensions object, if it exists. + * Returns true if the extension existed (and thus is now removed), + * otherwise false (the extension wasn't set in the first place). + */ + bool remove_extension(Handshake_Extension_Type typ); + Extensions() = default; explicit Extensions(TLS_Data_Reader& reader) { deserialize(reader); } diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 35ec3c83c8..471467fc2f 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -38,9 +38,10 @@ namespace TLS { class Session; class Handshake_IO; class Handshake_State; +class Callbacks; std::vector make_hello_random(RandomNumberGenerator& rng, - const Policy& policy); + const Policy& policy); /** * DTLS Hello Verify Request @@ -148,6 +149,7 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& reneg_info, const Client_Hello::Settings& client_settings, @@ -156,6 +158,7 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& reneg_info, const Session& resumed_session, @@ -286,6 +289,7 @@ class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message Server_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& secure_reneg_info, const Client_Hello& client_hello, @@ -295,6 +299,7 @@ class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message Server_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, + Callbacks& cb, RandomNumberGenerator& rng, const std::vector& secure_reneg_info, const Client_Hello& client_hello, diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 2d2fb769bf..3ed1b120d3 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -703,6 +703,7 @@ void Server::session_resume(Server_Handshake_State& pending_state, pending_state.handshake_io(), pending_state.hash(), policy(), + callbacks(), rng(), secure_renegotiation_data_for_server_hello(), *pending_state.client_hello(), @@ -794,6 +795,7 @@ void Server::session_create(Server_Handshake_State& pending_state, pending_state.handshake_io(), pending_state.hash(), policy(), + callbacks(), rng(), secure_renegotiation_data_for_server_hello(), *pending_state.client_hello(), From dd960f0a5e34ec4b0319c8069fb1ccb58ef8c901 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 21 Jan 2018 14:00:12 -0500 Subject: [PATCH 0578/1008] Add an examine callback also --- src/lib/tls/msg_client_hello.cpp | 4 ++-- src/lib/tls/msg_server_hello.cpp | 4 ++-- src/lib/tls/tls_callbacks.cpp | 6 +++++- src/lib/tls/tls_callbacks.h | 34 ++++++++++++++++++++++++++------ src/lib/tls/tls_client.cpp | 2 ++ src/lib/tls/tls_messages.h | 4 ++++ src/lib/tls/tls_server.cpp | 2 ++ 7 files changed, 45 insertions(+), 11 deletions(-) diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 77068a928b..68753fa26a 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -142,7 +142,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), policy.allowed_signature_methods())); - cb.tls_modify_extensions(m_extensions); + cb.tls_modify_extensions(m_extensions, CLIENT); if(policy.send_fallback_scsv(client_settings.protocol_version())) m_suites.push_back(TLS_FALLBACK_SCSV); @@ -206,7 +206,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); - cb.tls_modify_extensions(m_extensions); + cb.tls_modify_extensions(m_extensions, CLIENT); hash.update(io.send(*this)); } diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 815fd37f00..2d5a185f0e 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -85,7 +85,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, } } - cb.tls_modify_extensions(m_extensions); + cb.tls_modify_extensions(m_extensions, SERVER); hash.update(io.send(*this)); } @@ -135,7 +135,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, if(!next_protocol.empty() && client_hello.supports_alpn()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol)); - cb.tls_modify_extensions(m_extensions); + cb.tls_modify_extensions(m_extensions, SERVER); hash.update(io.send(*this)); } diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index b13aa2406f..7a64291c80 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -32,7 +32,11 @@ std::string TLS::Callbacks::tls_server_choose_app_protocol(const std::vector& client_protos); /** - * Optional callback: examine/modify Extensions before sending. Both - * client and server will call this callback on the Extensions object - * before serializing it in the client/server hellos. This allows a client - * to modify which extensions are sent during the handshake. This also - * allows creating custom extensions. + * Optional callback: examine/modify Extensions before sending. + * + * Both client and server will call this callback on the Extensions object + * before serializing it in the client/server hellos. This allows an + * application to modify which extensions are sent during the + * handshake. * * Default implementation does nothing. + * + * @param extn the extensions + * @param which_side will be CLIENT or SERVER which is the current + * applications role in the exchange. + */ + virtual void tls_modify_extensions(Extensions& extn, Connection_Side which_side); + + /** + * Optional callback: examine peer extensions. + * + * Both client and server will call this callback with the Extensions + * object after receiving it from the peer. This allows examining the + * Extensions, for example to implement a custom extension. It also allows + * an application to require that a particular extension be implemented; + * throw an exception from this function to abort the handshake. + * + * Default implementation does nothing. + * + * @param extn the extensions + * @param which_side will be CLIENT if these are are the clients extensions (ie we are + * the server) or SERVER if these are the server extensions (we are the client). */ - virtual void tls_modify_extensions(Extensions& extn); + virtual void tls_examine_extensions(const Extensions& extn, Connection_Side which_side); /** * Optional callback: error logging. (not currently called) diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index e041c1a778..5f84481ac9 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -296,6 +296,8 @@ void Client::process_handshake_msg(const Handshake_State* active_state, "Server replied with DTLS-SRTP alg we did not send"); } + callbacks().tls_examine_extensions(state.server_hello()->extensions(), SERVER); + state.set_version(state.server_hello()->version()); m_application_protocol = state.server_hello()->next_protocol(); diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 471467fc2f..75e65fa7fe 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -146,6 +146,8 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message std::set extension_types() const { return m_extensions.extension_types(); } + const Extensions& extensions() const { return m_extensions; } + Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, @@ -277,6 +279,8 @@ class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message std::set extension_types() const { return m_extensions.extension_types(); } + const Extensions& extensions() const { return m_extensions; } + bool prefers_compressed_ec_points() const { if(auto ecc_formats = m_extensions.get()) diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 3ed1b120d3..38c5cf2caf 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -460,6 +460,8 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, pending_state.set_version(negotiated_version); + callbacks().tls_examine_extensions(pending_state.client_hello()->extensions(), CLIENT); + Session session_info; const bool resuming = pending_state.allow_session_resumption() && From ef741f408e4fd793fe75a142ac63863e906cc61a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 11:39:38 -0500 Subject: [PATCH 0579/1008] Make it possible to test custom extensions --- src/lib/tls/tls_extensions.cpp | 21 +- src/lib/tls/tls_extensions.h | 41 ++- src/lib/tls/tls_server.h | 10 +- src/tests/unit_tls.cpp | 528 +++++++++++++++++---------------- 4 files changed, 331 insertions(+), 269 deletions(-) diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 6497c3c119..522cf4a4f0 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -59,7 +59,8 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size) return new Session_Ticket(reader, size); } - return nullptr; // not known + return new Unknown_Extension(static_cast(code), + reader, size); } } @@ -82,10 +83,7 @@ void Extensions::deserialize(TLS_Data_Reader& reader) extension_code, extension_size); - if(extn) - this->add(extn); - else // unknown/unhandled extension - reader.discard_next(extension_size); + this->add(extn); } } } @@ -141,6 +139,19 @@ std::set Extensions::extension_types() const return offers; } +Unknown_Extension::Unknown_Extension(Handshake_Extension_Type type, + TLS_Data_Reader& reader, + uint16_t extension_size) : + m_type(type), + m_value(reader.get_fixed(extension_size)) + { + } + +std::vector Unknown_Extension::serialize() const + { + throw Invalid_State("Cannot encode an unknown TLS extension"); + } + Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, uint16_t extension_size) { diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 7b7b645bf8..114b164891 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -431,6 +431,30 @@ class Certificate_Status_Request final : public Extension bool m_server_side; }; +/** +* Unknown extensions are deserialized as this type +*/ +class BOTAN_UNSTABLE_API Unknown_Extension final : public Extension + { + public: + Unknown_Extension(Handshake_Extension_Type type, + TLS_Data_Reader& reader, + uint16_t extension_size); + + std::vector serialize() const override; // always fails + + const std::vector& value() { return m_value; } + + bool empty() const { return false; } + + Handshake_Extension_Type type() const { return m_type; } + + private: + Handshake_Extension_Type m_type; + std::vector m_value; + + }; + /** * Represents a block of extensions in a hello message */ @@ -442,13 +466,7 @@ class BOTAN_UNSTABLE_API Extensions final template T* get() const { - Handshake_Extension_Type type = T::static_type(); - - auto i = m_extensions.find(type); - - if(i != m_extensions.end()) - return dynamic_cast(i->second.get()); - return nullptr; + return dynamic_cast(get(T::static_type())); } template @@ -462,6 +480,15 @@ class BOTAN_UNSTABLE_API Extensions final m_extensions[extn->type()].reset(extn); } + Extension* get(Handshake_Extension_Type type) const + { + auto i = m_extensions.find(type); + + if(i != m_extensions.end()) + return i->second.get(); + return nullptr; + } + std::vector serialize() const; void deserialize(TLS_Data_Reader& reader); diff --git a/src/lib/tls/tls_server.h b/src/lib/tls/tls_server.h index eb6e710e19..7c5d9668fd 100644 --- a/src/lib/tls/tls_server.h +++ b/src/lib/tls/tls_server.h @@ -96,12 +96,20 @@ class BOTAN_PUBLIC_API(2,0) Server final : public Channel /** * Return the protocol notification set by the client (using the - * NPN extension) for this connection, if any. This value is not + * ALPN extension) for this connection, if any. This value is not * tied to the session and a later renegotiation of the same * session can choose a new protocol. */ std::string next_protocol() const { return m_next_protocol; } + /** + * Return the protocol notification set by the client (using the + * ALPN extension) for this connection, if any. This value is not + * tied to the session and a later renegotiation of the same + * session can choose a new protocol. + */ + std::string application_protocol() const { return m_next_protocol; } + private: std::vector get_peer_cert_chain(const Handshake_State& state) const override; diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 0aa33d213b..f57ea11076 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1,5 +1,5 @@ /* -* (C) 2014,2015 Jack Lloyd +* (C) 2014,2015,2018 Jack Lloyd * 2016 Matthias Gierlings * 2017 René Korthaus, Rohde & Schwarz Cybersecurity * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity @@ -21,6 +21,8 @@ #include #include #include + #include + #include #include #include @@ -300,325 +302,339 @@ void alert_cb_with_data(Botan::TLS::Alert, const uint8_t[], size_t) { } -Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, - Botan::Credentials_Manager& creds, - const Botan::TLS::Policy& client_policy, - const Botan::TLS::Policy& server_policy, - Botan::RandomNumberGenerator& rng, - Botan::TLS::Session_Manager& client_sessions, - Botan::TLS::Session_Manager& server_sessions) +class TLS_Handshake_Test final { - Test::Result result(offer_version.to_string()); - - result.start_timer(); - - for(size_t r = 1; r <= 4; ++r) - { - bool handshake_done = false; - - result.test_note("Test round " + std::to_string(r)); - - auto handshake_complete = [&](const Botan::TLS::Session& session) + public: + TLS_Handshake_Test(Botan::TLS::Protocol_Version offer_version, + Botan::Credentials_Manager& creds, + const Botan::TLS::Policy& client_policy, + const Botan::TLS::Policy& server_policy, + Botan::RandomNumberGenerator& rng, + Botan::TLS::Session_Manager& client_sessions, + Botan::TLS::Session_Manager& server_sessions) : + m_offer_version(offer_version), + m_results(offer_version.to_string()), // TODO descriptive constructor arg + m_creds(creds), + m_client_policy(client_policy), + m_client_sessions(client_sessions), + m_rng(rng) { - handshake_done = true; + m_server_cb.reset(new Test_Callbacks(m_results, offer_version, m_s2c, m_server_recv)); + m_client_cb.reset(new Test_Callbacks(m_results, offer_version, m_c2s, m_client_recv)); - const std::string session_report = - "Session established " + session.version().to_string() + " " + - session.ciphersuite().to_string() + " " + - Botan::hex_encode(session.session_id()); + m_server.reset( + new Botan::TLS::Server(*m_server_cb, server_sessions, m_creds, server_policy, m_rng) + ); - result.test_note(session_report); + } - if(session.version() != offer_version) - { - result.test_failure("Offered " + offer_version.to_string() + " got " + session.version().to_string()); - } + void go(); - if(r <= 2) - { - return true; - } - return false; - }; + const Test::Result& results() const { return m_results; } + private: - auto next_protocol_chooser = [&](std::vector protos) -> std::string + class Test_Extension : public Botan::TLS::Extension { - if(r <= 2) - { - result.test_eq("protocol count", protos.size(), 2); - result.test_eq("protocol[0]", protos[0], "test/1"); - result.test_eq("protocol[1]", protos[1], "test/2"); - } - return "test/3"; - }; + public: + static Botan::TLS::Handshake_Extension_Type static_type() + { return static_cast(666); } - const std::vector protocols_offered = { "test/1", "test/2" }; + Botan::TLS::Handshake_Extension_Type type() const override { return static_type(); } - try - { - std::vector c2s_traffic, s2c_traffic, client_recv, server_recv, client_sent, server_sent; + std::vector serialize() const override { return m_buf; } - std::unique_ptr server_cb(new Botan::TLS::Compat_Callbacks( - queue_inserter(s2c_traffic), - queue_inserter(server_recv), - std::function(alert_cb_with_data), - handshake_complete, - nullptr, - next_protocol_chooser)); + const std::vector& value() const { return m_buf; } - // TLS::Server object constructed by new constructor using virtual callback interface. - std::unique_ptr server( - new Botan::TLS::Server(*server_cb, - server_sessions, - creds, - server_policy, - rng, - false)); + bool empty() const override { return false; } - std::unique_ptr client_cb(new Botan::TLS::Compat_Callbacks( - queue_inserter(c2s_traffic), - queue_inserter(client_recv), - std::function(alert_cb_with_data), - handshake_complete)); + Test_Extension(Botan::TLS::Connection_Side side) + { + const uint8_t client_extn[6] = { 'c', 'l', 'i', 'e', 'n', 't' }; + const uint8_t server_extn[6] = { 's', 'e', 'r', 'v', 'e', 'r' }; - // TLS::Client object constructed by new constructor using virtual callback interface. - std::unique_ptr client( - new Botan::TLS::Client(*client_cb, - client_sessions, - creds, - client_policy, - rng, - Botan::TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered)); + Botan::TLS::append_tls_length_value(m_buf, + (side == Botan::TLS::CLIENT) ? client_extn : server_extn, + 6, 1); + } - size_t rounds = 0; + Test_Extension(Botan::TLS::TLS_Data_Reader& reader, uint16_t extension_size) + { + m_buf = reader.get_range_vector(1, 6, 6); + } + private: + std::vector m_buf; + }; - // Test TLS using both new and legacy constructors. - for(size_t ctor_sel = 0; ctor_sel < 2; ctor_sel++) - { - if(ctor_sel == 1) + class Test_Callbacks : public Botan::TLS::Callbacks + { + public: + Test_Callbacks(Test::Result& results, + Botan::TLS::Protocol_Version expected_version, + std::vector& outbound, + std::vector& recv_buf) : + m_results(results), + m_expected_version(expected_version), + m_outbound(outbound), + m_recv(recv_buf) + {} + + void tls_emit_data(const uint8_t bits[], size_t len) override { - c2s_traffic.clear(); - s2c_traffic.clear(); - server_recv.clear(); - client_recv.clear(); - client_sent.clear(); - server_sent.clear(); + m_outbound.insert(m_outbound.end(), bits, bits + len); + } - // TLS::Server object constructed by legacy constructor. - server.reset( - new Botan::TLS::Server(queue_inserter(s2c_traffic), - queue_inserter(server_recv), - alert_cb_with_data, - handshake_complete, - server_sessions, - creds, - server_policy, - rng, - next_protocol_chooser, - false)); + void tls_record_received(uint64_t /*seq*/, const uint8_t bits[], size_t len) override + { + m_recv.insert(m_recv.end(), bits, bits + len); + } - // TLS::Client object constructed by legacy constructor. - client.reset( - new Botan::TLS::Client(queue_inserter(c2s_traffic), - queue_inserter(client_recv), - alert_cb_with_data, - handshake_complete, - client_sessions, - creds, - server_policy, - rng, - Botan::TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered)); + void tls_alert(Botan::TLS::Alert /*alert*/) override + { + // TODO test that it is a no_renegotiation alert + // ignore } - while(true) + void tls_modify_extensions(Botan::TLS::Extensions& extn, Botan::TLS::Connection_Side which_side) override { - ++rounds; + extn.add(new Test_Extension(which_side)); + } - if(rounds > 25) - { - if(r <= 2) - { - result.test_failure("Still here after many rounds, deadlock?"); - } - break; - } + void tls_examine_extensions(const Botan::TLS::Extensions& extn, Botan::TLS::Connection_Side which_side) override + { + Botan::TLS::Extension* test_extn = extn.get(static_cast(666)); - if(handshake_done && (client->is_closed() || server->is_closed())) + if(test_extn == nullptr) { - break; + m_results.test_failure("Did not receive test extension from peer"); } - - if(client->is_active() && client_sent.empty()) + else { - // Choose random application data to send - const size_t c_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); - client_sent = unlock(rng.random_vec(c_len)); + Botan::TLS::Unknown_Extension* unknown_ext = dynamic_cast(test_extn); - size_t sent_so_far = 0; - while(sent_so_far != client_sent.size()) - { - const size_t left = client_sent.size() - sent_so_far; - const size_t rnd12 = (rng.next_byte() << 4) ^ rng.next_byte(); - const size_t sending = std::min(left, rnd12); + const std::vector val = unknown_ext->value(); - client->send(&client_sent[sent_so_far], sending); - sent_so_far += sending; + if(m_results.test_eq("Expected size for test extn", val.size(), 7)) + { + if(which_side == Botan::TLS::CLIENT) + m_results.test_eq("Expected extension value", val, "06636C69656E74"); + else + m_results.test_eq("Expected extension value", val, "06736572766572"); } - client->send_warning_alert(Botan::TLS::Alert::NO_RENEGOTIATION); + } + } - if(server->is_active() && server_sent.empty()) - { - result.test_eq("server->protocol", server->next_protocol(), "test/3"); + bool tls_session_established(const Botan::TLS::Session& session) override + { + const std::string session_report = + "Session established " + session.version().to_string() + " " + + session.ciphersuite().to_string() + " " + + Botan::hex_encode(session.session_id()); - const size_t s_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); - server_sent = unlock(rng.random_vec(s_len)); + m_results.test_note(session_report); - size_t sent_so_far = 0; - while(sent_so_far != server_sent.size()) - { - const size_t left = server_sent.size() - sent_so_far; - const size_t rnd12 = (rng.next_byte() << 4) ^ rng.next_byte(); - const size_t sending = std::min(left, rnd12); + if(session.version() != m_expected_version) + { + m_results.test_failure("Expected " + m_expected_version.to_string() + + " negotiated " + session.version().to_string()); + } - server->send(&server_sent[sent_so_far], sending); - sent_so_far += sending; - } + return true; + } - server->send_warning_alert(Botan::TLS::Alert::NO_RENEGOTIATION); - } + std::string tls_server_choose_app_protocol(const std::vector& protos) override + { + m_results.test_eq("ALPN protocol count", protos.size(), 2); + m_results.test_eq("ALPN protocol 1", protos[0], "test/1"); + m_results.test_eq("ALPN protocol 2", protos[1], "test/2"); + return "test/3"; + } - const bool corrupt_client_data = (r == 3); - const bool corrupt_server_data = (r == 4); + private: + Test::Result& m_results; + const Botan::TLS::Protocol_Version m_expected_version; + std::vector& m_outbound; + std::vector& m_recv; + }; - if(c2s_traffic.size() > 0) - { - /* - * Use this as a temp value to hold the queues as otherwise they - * might end up appending more in response to messages during the - * handshake. - */ - std::vector input; - std::swap(c2s_traffic, input); + const Botan::TLS::Protocol_Version m_offer_version; + Test::Result m_results; - if(corrupt_server_data) - { - input = Test::mutate_vec(input, true, 5); - size_t needed = server->received_data(input.data(), input.size()); + Botan::Credentials_Manager& m_creds; + const Botan::TLS::Policy& m_client_policy; + Botan::TLS::Session_Manager& m_client_sessions; + Botan::RandomNumberGenerator& m_rng; - size_t total_consumed = needed; + std::unique_ptr m_client_cb; - while(needed > 0 && - result.test_lt("Never requesting more than max protocol len", needed, Botan::TLS::MAX_CIPHERTEXT_SIZE + 1) && - result.test_lt("Total requested is readonable", total_consumed, 128 * 1024)) - { - input.resize(needed); - rng.randomize(input.data(), input.size()); - needed = server->received_data(input.data(), input.size()); - total_consumed += needed; - } - } - else - { - size_t needed = server->received_data(input.data(), input.size()); - result.test_eq("full packet received", needed, 0); - } + std::unique_ptr m_server_cb; + std::unique_ptr m_server; - continue; - } + std::vector m_c2s, m_s2c, m_client_recv, m_server_recv; + }; - if(s2c_traffic.size() > 0) - { - std::vector input; - std::swap(s2c_traffic, input); +void TLS_Handshake_Test::go() + { + m_results.start_timer(); - if(corrupt_client_data) - { - input = Test::mutate_vec(input, true, 5); - size_t needed = client->received_data(input.data(), input.size()); + Botan::RandomNumberGenerator& rng = Test::rng(); - size_t total_consumed = 0; + const std::vector protocols_offered = { "test/1", "test/2" }; - while(needed > 0 && - result.test_lt("Never requesting more than max protocol len", needed, Botan::TLS::MAX_CIPHERTEXT_SIZE + 1)) - { - input.resize(needed); - rng.randomize(input.data(), input.size()); - needed = client->received_data(input.data(), input.size()); - total_consumed += needed; - } - } - else - { - size_t needed = client->received_data(input.data(), input.size()); - result.test_eq("full packet received", needed, 0); - } + // Choose random application data to send + //const size_t c_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); + const size_t c_len = 180; + std::vector client_msg(c_len); + Test::rng().randomize(client_msg.data(), client_msg.size()); + bool client_has_written = false; - continue; - } + //const size_t s_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); + const size_t s_len = 400; + std::vector server_msg(s_len); + Test::rng().randomize(server_msg.data(), server_msg.size()); + bool server_has_written = false; - if(client_recv.size()) - { - result.test_eq("client recv", client_recv, server_sent); - } + std::unique_ptr client; + client.reset( + new Botan::TLS::Client(*m_client_cb, m_client_sessions, m_creds, + m_client_policy, m_rng, + Botan::TLS::Server_Information("server.example.com"), + m_offer_version, + protocols_offered)); - if(server_recv.size()) - { - result.test_eq("server->recv", server_recv, client_sent); - } + size_t rounds = 0; - if(r > 2) - { - if(client_recv.size() && server_recv.size()) - { - result.test_failure("Negotiated in the face of data corruption " + std::to_string(r)); - } - } + bool client_handshake_completed = false; + bool server_handshake_completed = false; - if(client->is_closed() && server->is_closed()) - { - break; - } + while(true) + { + ++rounds; - if(server_recv.size() && client_recv.size()) - { - Botan::SymmetricKey client_key = client->key_material_export("label", "context", 32); - Botan::SymmetricKey server_key = server->key_material_export("label", "context", 32); + if(rounds > 25) + { + m_results.test_failure("Still here after many rounds, deadlock?"); + break; + } - result.test_eq("TLS key material export", client_key.bits_of(), server_key.bits_of()); + if(client_handshake_completed == false && client->is_active()) + client_handshake_completed = true; - if(r % 2 == 0) - { - client->close(); - } - else - { - server->close(); - } - } - } - } + if(server_handshake_completed == false && m_server->is_active()) + server_handshake_completed = true; + + if(client->is_closed() || m_server->is_closed()) + { + break; } - catch(std::exception& e) + + if(client->is_active() && client_has_written == false) { - if(r > 2) + m_results.test_eq("client ALPN protocol", client->application_protocol(), "test/3"); + + size_t sent_so_far = 0; + while(sent_so_far != client_msg.size()) { - result.test_note("Corruption caused exception"); + const size_t left = client_msg.size() - sent_so_far; + const size_t rnd12 = (rng.next_byte() << 4) ^ rng.next_byte(); + const size_t sending = std::min(left, rnd12); + + client->send(&client_msg[sent_so_far], sending); + sent_so_far += sending; } - else + client->send_warning_alert(Botan::TLS::Alert::NO_RENEGOTIATION); + client_has_written = true; + } + + if(m_server->is_active() && server_has_written == false) + { + m_results.test_eq("server ALPN protocol", m_server->application_protocol(), "test/3"); + + size_t sent_so_far = 0; + while(sent_so_far != server_msg.size()) { - result.test_failure("TLS client", e.what()); + const size_t left = server_msg.size() - sent_so_far; + const size_t rnd12 = (rng.next_byte() << 4) ^ rng.next_byte(); + const size_t sending = std::min(left, rnd12); + + m_server->send(&server_msg[sent_so_far], sending); + sent_so_far += sending; } + + m_server->send_warning_alert(Botan::TLS::Alert::NO_RENEGOTIATION); + server_has_written = true; + } + + if(m_c2s.size() > 0) + { + /* + * Use this as a temp value to hold the queues as otherwise they + * might end up appending more in response to messages during the + * handshake. + */ + std::vector input; + std::swap(m_c2s, input); + + size_t needed = m_server->received_data(input.data(), input.size()); + m_results.test_eq("full packet received", needed, 0); + + continue; + } + + if(m_s2c.size() > 0) + { + std::vector input; + std::swap(m_s2c, input); + + size_t needed = client->received_data(input.data(), input.size()); + m_results.test_eq("full packet received", needed, 0); + + continue; + } + + if(m_client_recv.size()) + { + m_results.test_eq("client recv", m_client_recv, server_msg); + } + + if(m_server_recv.size()) + { + m_results.test_eq("server recv", m_server_recv, client_msg); + } + + if(client->is_closed() && m_server->is_closed()) + { + break; + } + + if(m_server_recv.size() && m_client_recv.size()) + { + Botan::SymmetricKey client_key = client->key_material_export("label", "context", 32); + Botan::SymmetricKey server_key = m_server->key_material_export("label", "context", 32); + + m_results.test_eq("TLS key material export", client_key.bits_of(), server_key.bits_of()); + + client->close(); } } - result.end_timer(); + m_results.end_timer(); + } - return result; +Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, + Botan::Credentials_Manager& creds, + const Botan::TLS::Policy& client_policy, + const Botan::TLS::Policy& server_policy, + Botan::RandomNumberGenerator& rng, + Botan::TLS::Session_Manager& client_sessions, + Botan::TLS::Session_Manager& server_sessions) + { + TLS_Handshake_Test test(offer_version, creds, + client_policy, server_policy, rng, + client_sessions, server_sessions); + + test.go(); + return test.results(); } Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, From 7e54475fa3cae8f8f6f8072993fa8cc079bce9a1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 11:52:52 -0500 Subject: [PATCH 0580/1008] Update TLS parser tests Now all extensions are parsed at least to the extent of creating an unknown extension object. --- src/tests/data/tls/client_hello.vec | 6 +++--- src/tests/data/tls/server_hello.vec | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tests/data/tls/client_hello.vec b/src/tests/data/tls/client_hello.vec index 827f2ea4d5..afd8e83c17 100644 --- a/src/tests/data/tls/client_hello.vec +++ b/src/tests/data/tls/client_hello.vec @@ -13,13 +13,13 @@ Exception = # with extensions: point formats, ec curves, session ticket, signature algorithms, heartbeat (point formats and heartbeat not supported, empty renegotiation generated) Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 Protocol = 0303 -AdditionalData = 000A000B000D0023FF01 +AdditionalData = 000A000B000D000F0023FF01 Exception = # with extensions: point formats, ec curves, session ticket, signature algorithms, heartbeat, Encrypt-then-MAC, Extended Master Secret (point formats and heartbeat not supported, empty renegotiation generated) Buffer = 0303e00da23523058b5dc9c445d97b2bb6315b019e97838ac4f16c23b2cb031b6a490000e2c0afc0adc030c02cc028c024c014c00ac0a3c09f00a500a300a1009f006b006a006900680039003800370036cca9cca8c077c073ccaa00c400c300c200c10088008700860085c032c02ec02ac026c00fc005c079c075c0a1c09d009d003d003500c00084c0aec0acc02fc02bc027c023c013c009c0a2c09e00a400a200a0009e00670040003f003e0033003200310030c076c07200be00bd00bc00bb009a0099009800970045004400430042c031c02dc029c025c00ec004c078c074c0a0c09c009c003c002f00ba009600410007c012c008001600130010000dc00dc003000a00ff0100005f000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d00220020060106020603050105020503040104020403030103020303020102020203eded000f0001010016000000170000 Protocol = 0303 -AdditionalData = 000A000B000D001600170023FF01 +AdditionalData = 000A000B000D000F001600170023FF01 Exception = # empty @@ -65,4 +65,4 @@ Exception = Invalid argument Decoding error: Invalid ClientHello: Expected 255 b #invalid length of the heartbeat extension Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000201 Protocol = 0303 -Exception = Invalid argument Decoding error: Invalid ClientHello: Expected 2 bytes remaining, only 1 left \ No newline at end of file +Exception = Invalid argument Decoding error: Invalid ClientHello: Expected 2 bytes remaining, only 1 left diff --git a/src/tests/data/tls/server_hello.vec b/src/tests/data/tls/server_hello.vec index f3bf889cb7..c4daed84ef 100644 --- a/src/tests/data/tls/server_hello.vec +++ b/src/tests/data/tls/server_hello.vec @@ -9,14 +9,14 @@ Buffer = 0303ffea0bcfba564a4ce177c6a444b0ebdff5629b277293c618c1125f231e8628dd00c030000016ff01000100000b00040300010200230000000f000101 Protocol = 0303 Ciphersuite = C030 -AdditionalData = 000B0023FF01 +AdditionalData = 000B000F0023FF01 Exception = # correct, with session ticket, extended master secret, and renegotiation info Buffer = 03019f9cafa88664d9095f85dd64a39e5dd5c09f5a4a5362938af3718ee4e818af6a00c03000001aff01000100000b00040300010200230000000f00010100170000 Protocol = 0301 Ciphersuite = C030 -AdditionalData = 000B00170023FF01 +AdditionalData = 000B000F00170023FF01 Exception = # incorrect, corrupted @@ -45,4 +45,4 @@ Buffer = 03039f9cafa88664d9095f85dd64a39e5dd5c09f5a4a5362938af3718ee4e818af6a00c Protocol = 0303 Ciphersuite = C030 AdditionalData = 00170023FF01 -Exception = Invalid argument Decoding error: Invalid ServerHello: Expected 256 bytes remaining, only 9 left \ No newline at end of file +Exception = Invalid argument Decoding error: Invalid ServerHello: Expected 256 bytes remaining, only 9 left From 7f7feb41880d87ea170633b47f5dede30ea528de Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 12:02:00 -0500 Subject: [PATCH 0581/1008] Fix a few warnings --- src/lib/tls/tls_extensions.h | 4 ++-- src/tests/unit_tls.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 114b164891..5ba3c0b8e8 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -445,9 +445,9 @@ class BOTAN_UNSTABLE_API Unknown_Extension final : public Extension const std::vector& value() { return m_value; } - bool empty() const { return false; } + bool empty() const override { return false; } - Handshake_Extension_Type type() const { return m_type; } + Handshake_Extension_Type type() const override { return m_type; } private: Handshake_Extension_Type m_type; diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index f57ea11076..ae2146304e 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -357,7 +357,7 @@ class TLS_Handshake_Test final 6, 1); } - Test_Extension(Botan::TLS::TLS_Data_Reader& reader, uint16_t extension_size) + Test_Extension(Botan::TLS::TLS_Data_Reader& reader, uint16_t) { m_buf = reader.get_range_vector(1, 6, 6); } From d708030ecb20cebc548fced882141cc7f03a8ac1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 7 Jan 2018 16:57:55 -0500 Subject: [PATCH 0582/1008] For TLS client auth add callback giving list of trusted CA names Fixes #1261 --- src/lib/tls/credentials_manager.cpp | 11 ++++++++++- src/lib/tls/credentials_manager.h | 25 +++++++++++++++++++++++++ src/lib/tls/tls_client.cpp | 7 ++++--- src/lib/tls/tls_messages.h | 2 +- 4 files changed, 40 insertions(+), 5 deletions(-) diff --git a/src/lib/tls/credentials_manager.cpp b/src/lib/tls/credentials_manager.cpp index 9a7e25ddff..158d6f77cb 100644 --- a/src/lib/tls/credentials_manager.cpp +++ b/src/lib/tls/credentials_manager.cpp @@ -59,6 +59,15 @@ bool Credentials_Manager::srp_verifier(const std::string&, return false; } +std::vector Credentials_Manager::find_cert_chain( + const std::vector& key_types, + const std::vector&, + const std::string& type, + const std::string& context) + { + return cert_chain(key_types, type, context); + } + std::vector Credentials_Manager::cert_chain( const std::vector&, const std::string&, @@ -74,7 +83,7 @@ std::vector Credentials_Manager::cert_chain_single_type( { std::vector cert_types; cert_types.push_back(cert_key_type); - return cert_chain(cert_types, type, context); + return find_cert_chain(cert_types, std::vector(), type, context); } Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&, diff --git a/src/lib/tls/credentials_manager.h b/src/lib/tls/credentials_manager.h index e544fd51d8..627894a87f 100644 --- a/src/lib/tls/credentials_manager.h +++ b/src/lib/tls/credentials_manager.h @@ -16,6 +16,7 @@ namespace Botan { +class X509_DN; class BigInt; /** @@ -55,6 +56,30 @@ class BOTAN_PUBLIC_API(2,0) Credentials_Manager * "DSA", "ECDSA", etc), or empty if there * is no preference by the caller. * + * @param acceptable_CAs the CAs the requestor will accept (possibly empty) + * @param type specifies the type of operation occurring + * @param context specifies a context relative to type. + */ + virtual std::vector find_cert_chain( + const std::vector& cert_key_types, + const std::vector& acceptable_CAs, + const std::string& type, + const std::string& context); + + /** + * Return a cert chain we can use, ordered from leaf to root, + * or else an empty vector. + * + * This virtual function is deprecated, and will be removed in a + * future release. Use (and override) find_cert_chain instead. + * + * It is assumed that the caller can get the private key of the + * leaf with private_key_for + * + * @param cert_key_types specifies the key types desired ("RSA", + * "DSA", "ECDSA", etc), or empty if there + * is no preference by the caller. + * * @param type specifies the type of operation occurring * * @param context specifies a context relative to type. diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 5f84481ac9..4647e11cbe 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -522,9 +522,10 @@ void Client::process_handshake_msg(const Handshake_State* active_state, const auto& types = state.cert_req()->acceptable_cert_types(); std::vector client_certs = - m_creds.cert_chain(types, - "tls-client", - m_info.hostname()); + m_creds.find_cert_chain(types, + state.cert_req()->acceptable_CAs(), + "tls-client", + m_info.hostname()); state.client_certs(new Certificate(state.handshake_io(), state.hash(), diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 75e65fa7fe..cd06517d74 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -412,7 +412,7 @@ class BOTAN_UNSTABLE_API Certificate_Req final : public Handshake_Message const std::vector& acceptable_cert_types() const { return m_cert_key_types; } - std::vector acceptable_CAs() const { return m_names; } + const std::vector& acceptable_CAs() const { return m_names; } std::vector > supported_algos() const { return m_supported_algos; } From ca32f9fd4128bf8ab4e8b78a16c44777bf7b041f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 14:23:42 -0500 Subject: [PATCH 0583/1008] Add tests for server passing CA names for client auth --- src/tests/unit_tls.cpp | 885 ++++++++++++++--------------------------- 1 file changed, 289 insertions(+), 596 deletions(-) diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index ae2146304e..8368445e06 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -105,13 +105,17 @@ class Credentials_Manager_Test final : public Botan::Credentials_Manager return v; } - std::vector cert_chain( + std::vector find_cert_chain( const std::vector& cert_key_types, + const std::vector& acceptable_CAs, const std::string& type, const std::string& context) override { std::vector chain; + if(m_acceptable_cas.empty()) + m_acceptable_cas = acceptable_CAs; + if(type == "tls-server" || (type == "tls-client" && m_provides_client_certs)) { for(auto const& key_type : cert_key_types) @@ -189,6 +193,8 @@ class Credentials_Manager_Test final : public Botan::Credentials_Manager throw Test_Error("No PSK set for " + type + "/" + context); } + const std::vector& get_acceptable_cas() const { return m_acceptable_cas; } + private: Botan::X509_Certificate m_rsa_cert, m_rsa_ca; std::unique_ptr m_rsa_key; @@ -201,6 +207,7 @@ class Credentials_Manager_Test final : public Botan::Credentials_Manager std::unique_ptr m_dsa_crl; std::vector> m_stores; bool m_provides_client_certs; + std::vector m_acceptable_cas; }; Botan::Credentials_Manager* @@ -289,41 +296,196 @@ create_creds(Botan::RandomNumberGenerator& rng, return cmt; } -std::function queue_inserter(std::vector& q) +class Test_TLS_Alert_Strings : public Test { - return [&](const uint8_t buf[], size_t sz) { q.insert(q.end(), buf, buf + sz); }; - } + public: + std::vector run() override + { + Test::Result result("TLS::Alert::type_string"); + + const std::vector alert_types = + { + Botan::TLS::Alert::CLOSE_NOTIFY, + Botan::TLS::Alert::UNEXPECTED_MESSAGE, + Botan::TLS::Alert::BAD_RECORD_MAC, + Botan::TLS::Alert::DECRYPTION_FAILED, + Botan::TLS::Alert::RECORD_OVERFLOW, + Botan::TLS::Alert::DECOMPRESSION_FAILURE, + Botan::TLS::Alert::HANDSHAKE_FAILURE, + Botan::TLS::Alert::NO_CERTIFICATE, + Botan::TLS::Alert::BAD_CERTIFICATE, + Botan::TLS::Alert::UNSUPPORTED_CERTIFICATE, + Botan::TLS::Alert::CERTIFICATE_REVOKED, + Botan::TLS::Alert::CERTIFICATE_EXPIRED, + Botan::TLS::Alert::CERTIFICATE_UNKNOWN, + Botan::TLS::Alert::ILLEGAL_PARAMETER, + Botan::TLS::Alert::UNKNOWN_CA, + Botan::TLS::Alert::ACCESS_DENIED, + Botan::TLS::Alert::DECODE_ERROR, + Botan::TLS::Alert::DECRYPT_ERROR, + Botan::TLS::Alert::EXPORT_RESTRICTION, + Botan::TLS::Alert::PROTOCOL_VERSION, + Botan::TLS::Alert::INSUFFICIENT_SECURITY, + Botan::TLS::Alert::INTERNAL_ERROR, + Botan::TLS::Alert::INAPPROPRIATE_FALLBACK, + Botan::TLS::Alert::USER_CANCELED, + Botan::TLS::Alert::NO_RENEGOTIATION, + Botan::TLS::Alert::UNSUPPORTED_EXTENSION, + Botan::TLS::Alert::CERTIFICATE_UNOBTAINABLE, + Botan::TLS::Alert::UNRECOGNIZED_NAME, + Botan::TLS::Alert::BAD_CERTIFICATE_STATUS_RESPONSE, + Botan::TLS::Alert::BAD_CERTIFICATE_HASH_VALUE, + Botan::TLS::Alert::UNKNOWN_PSK_IDENTITY, + Botan::TLS::Alert:: NO_APPLICATION_PROTOCOL, + }; + + std::set seen; + + for(auto alert : alert_types) + { + const std::string str = Botan::TLS::Alert(alert).type_string(); + result.test_eq("No duplicate strings", seen.count(str), 0); + seen.insert(str); + } + + Botan::TLS::Alert unknown_alert = Botan::TLS::Alert({01, 66}); + + result.test_eq("Unknown alert str", unknown_alert.type_string(), "unrecognized_alert_66"); + + return {result}; + } + }; -void print_alert(Botan::TLS::Alert) +BOTAN_REGISTER_TEST("tls_alert_strings", Test_TLS_Alert_Strings); + +class Test_TLS_Ciphersuites : public Test { - } + public: + std::vector run() override + { + Test::Result result("TLS::Ciphersuite"); + + for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) + { + Botan::TLS::Ciphersuite ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id); + + if(ciphersuite.valid()) + { + result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id), false); -void alert_cb_with_data(Botan::TLS::Alert, const uint8_t[], size_t) + if(ciphersuite.cbc_ciphersuite() == false) + { + result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite.mac_algo(), "AEAD"); + } + else + { + result.test_eq("MAC algo and PRF algo same for CBC suites", ciphersuite.prf_algo(), ciphersuite.mac_algo()); + } + + // TODO more tests here + } + } + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("tls_ciphersuites", Test_TLS_Ciphersuites); + +class Test_TLS_Policy_Test : public Test { - } + public: + std::vector run() override + { + Test::Result result("TLS Policy"); + + const std::vector policies = { "default", "suiteb", "strict", "datagram", "bsi" }; + + for(std::string policy : policies) + { + result.test_eq("Values for TLS " + policy + " policy", + tls_policy_string(policy), + read_tls_policy(policy)); + } + + return {result}; + } + + private: + std::string read_tls_policy(const std::string& policy_str) + { + const std::string fspath = Test::data_file("tls-policy/" + policy_str + ".txt"); + + std::ifstream is(fspath.c_str()); + if(!is.good()) + { + throw Test_Error("Missing policy file " + fspath); + } + + Botan::TLS::Text_Policy policy(is); + return policy.to_string(); + } + + std::string tls_policy_string(const std::string& policy_str) + { + std::unique_ptr policy; + if(policy_str == "default") + { + policy.reset(new Botan::TLS::Policy); + } + else if(policy_str == "suiteb") + { + policy.reset(new Botan::TLS::NSA_Suite_B_128); + } + else if(policy_str == "bsi") + { + policy.reset(new Botan::TLS::BSI_TR_02102_2); + } + else if(policy_str == "strict") + { + policy.reset(new Botan::TLS::Strict_Policy); + } + else if(policy_str == "datagram") + { + policy.reset(new Botan::TLS::Datagram_Policy); + } + else + { + throw Test_Error("Unknown TLS policy type '" + policy_str + "'"); + } + + return policy->to_string(); + } + }; + +BOTAN_REGISTER_TEST("tls_policy_test", Test_TLS_Policy_Test); class TLS_Handshake_Test final { public: - TLS_Handshake_Test(Botan::TLS::Protocol_Version offer_version, + TLS_Handshake_Test(const std::string& test_descr, + Botan::TLS::Protocol_Version offer_version, Botan::Credentials_Manager& creds, const Botan::TLS::Policy& client_policy, const Botan::TLS::Policy& server_policy, Botan::RandomNumberGenerator& rng, Botan::TLS::Session_Manager& client_sessions, - Botan::TLS::Session_Manager& server_sessions) : + Botan::TLS::Session_Manager& server_sessions, + bool expect_client_auth) : m_offer_version(offer_version), - m_results(offer_version.to_string()), // TODO descriptive constructor arg + m_results(test_descr), m_creds(creds), m_client_policy(client_policy), m_client_sessions(client_sessions), - m_rng(rng) + m_rng(rng), + m_client_auth(expect_client_auth) { m_server_cb.reset(new Test_Callbacks(m_results, offer_version, m_s2c, m_server_recv)); m_client_cb.reset(new Test_Callbacks(m_results, offer_version, m_c2s, m_client_recv)); m_server.reset( - new Botan::TLS::Server(*m_server_cb, server_sessions, m_creds, server_policy, m_rng) + new Botan::TLS::Server(*m_server_cb, server_sessions, m_creds, server_policy, m_rng, + offer_version.is_datagram_protocol()) ); } @@ -470,6 +632,8 @@ class TLS_Handshake_Test final std::unique_ptr m_server_cb; std::unique_ptr m_server; + const bool m_client_auth; + std::vector m_c2s, m_s2c, m_client_recv, m_server_recv; }; @@ -482,14 +646,12 @@ void TLS_Handshake_Test::go() const std::vector protocols_offered = { "test/1", "test/2" }; // Choose random application data to send - //const size_t c_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); - const size_t c_len = 180; + const size_t c_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); std::vector client_msg(c_len); Test::rng().randomize(client_msg.data(), client_msg.size()); bool client_has_written = false; - //const size_t s_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); - const size_t s_len = 400; + const size_t s_len = 1 + ((static_cast(rng.next_byte()) << 4) ^ rng.next_byte()); std::vector server_msg(s_len); Test::rng().randomize(server_msg.data(), server_msg.size()); bool server_has_written = false; @@ -607,364 +769,43 @@ void TLS_Handshake_Test::go() break; } - if(m_server_recv.size() && m_client_recv.size()) + if(m_server->is_active()) { - Botan::SymmetricKey client_key = client->key_material_export("label", "context", 32); - Botan::SymmetricKey server_key = m_server->key_material_export("label", "context", 32); - - m_results.test_eq("TLS key material export", client_key.bits_of(), server_key.bits_of()); - - client->close(); - } - } - - m_results.end_timer(); - } - -Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, - Botan::Credentials_Manager& creds, - const Botan::TLS::Policy& client_policy, - const Botan::TLS::Policy& server_policy, - Botan::RandomNumberGenerator& rng, - Botan::TLS::Session_Manager& client_sessions, - Botan::TLS::Session_Manager& server_sessions) - { - TLS_Handshake_Test test(offer_version, creds, - client_policy, server_policy, rng, - client_sessions, server_sessions); - - test.go(); - return test.results(); - } - -Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, - Botan::Credentials_Manager& creds, - const Botan::TLS::Policy& policy, - Botan::RandomNumberGenerator& rng, - Botan::TLS::Session_Manager& client_sessions, - Botan::TLS::Session_Manager& server_sessions) - { - return test_tls_handshake(offer_version, creds, policy, policy, rng, - client_sessions, server_sessions); - } - -Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version, - Botan::Credentials_Manager& creds, - const Botan::TLS::Policy& client_policy, - const Botan::TLS::Policy& server_policy, - Botan::RandomNumberGenerator& rng, - Botan::TLS::Session_Manager& client_sessions, - Botan::TLS::Session_Manager& server_sessions) - { - BOTAN_ASSERT(offer_version.is_datagram_protocol(), "Test is for datagram version"); - - Test::Result result(offer_version.to_string()); - - result.start_timer(); - - for(size_t r = 1; r <= 2; ++r) - { - bool handshake_done = false; - - auto handshake_complete = [&](const Botan::TLS::Session & session) -> bool - { - handshake_done = true; - - if(session.version() != offer_version) + std::vector certs = m_server->peer_cert_chain(); + if(m_client_auth) { - result.test_failure("Offered " + offer_version.to_string() + " got " + session.version().to_string()); - } + m_results.test_eq("got client certs", certs.size(), 2); - return true; - }; + Credentials_Manager_Test& test_creds = dynamic_cast(m_creds); - auto next_protocol_chooser = [&](std::vector protos) -> std::string - { - if(r <= 2) - { - result.test_eq("protocol count", protos.size(), 2); - result.test_eq("protocol[0]", protos[0], "test/1"); - result.test_eq("protocol[1]", protos[1], "test/2"); - } - return "test/3"; - }; + std::vector acceptable_CAs = test_creds.get_acceptable_cas(); - const std::vector protocols_offered = { "test/1", "test/2" }; + m_results.test_gte("client got CA list", acceptable_CAs.size(), 2); // DSA is optional - try - { - std::vector c2s_traffic, s2c_traffic, client_recv, server_recv, client_sent, server_sent; - - std::unique_ptr server_cb(new Botan::TLS::Compat_Callbacks( - queue_inserter(s2c_traffic), - queue_inserter(server_recv), - std::function(print_alert), - handshake_complete, - nullptr, - next_protocol_chooser)); - - std::unique_ptr client_cb(new Botan::TLS::Compat_Callbacks( - queue_inserter(c2s_traffic), - queue_inserter(client_recv), - std::function(print_alert), - handshake_complete)); - - // TLS::Server object constructed by new constructor using virtual callback interface. - std::unique_ptr server( - new Botan::TLS::Server(*server_cb, - server_sessions, - creds, - server_policy, - rng, - true)); - - // TLS::Client object constructed by new constructor using virtual callback interface. - std::unique_ptr client( - new Botan::TLS::Client(*client_cb, - client_sessions, - creds, - client_policy, - rng, - Botan::TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered)); - - size_t rounds = 0; - - // Test DTLS using both new and legacy constructors. - for(size_t ctor_sel = 0; ctor_sel < 2; ++ctor_sel) - { - if(ctor_sel == 1) + for(const Botan::X509_DN& dn : acceptable_CAs) { - c2s_traffic.clear(); - s2c_traffic.clear(); - server_recv.clear(); - client_recv.clear(); - client_sent.clear(); - server_sent.clear(); - // TLS::Server object constructed by legacy constructor. - server.reset( - new Botan::TLS::Server(queue_inserter(s2c_traffic), - queue_inserter(server_recv), - alert_cb_with_data, - handshake_complete, - server_sessions, - creds, - server_policy, - rng, - next_protocol_chooser, - true)); - - // TLS::Client object constructed by legacy constructor. - client.reset( - new Botan::TLS::Client(queue_inserter(c2s_traffic), - queue_inserter(client_recv), - alert_cb_with_data, - handshake_complete, - client_sessions, - creds, - client_policy, - rng, - Botan::TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered)); - } - - while(true) - { -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - // TODO: client and server should be in different threads - std::this_thread::sleep_for(std::chrono::microseconds(rng.next_byte() % 128)); -#endif - ++rounds; - - if(rounds > 100) - { - result.test_failure("Still here after many rounds"); - break; - } - - if(handshake_done && (client->is_closed() || server->is_closed())) - { - break; - } - - if(client->is_active() && client_sent.empty()) - { - // Choose a len between 1 and 511, todo use random chunks - const size_t c_len = 1 + rng.next_byte() + rng.next_byte(); - client_sent = unlock(rng.random_vec(c_len)); - client->send(client_sent); - } - - if(server->is_active() && server_sent.empty()) - { - result.test_eq("server ALPN", server->next_protocol(), "test/3"); - - const size_t s_len = 1 + rng.next_byte() + rng.next_byte(); - server_sent = unlock(rng.random_vec(s_len)); - server->send(server_sent); - } - - const bool corrupt_client_data = (r == 3 && rng.next_byte() % 3 <= 1 && rounds < 10); - const bool corrupt_server_data = (r == 4 && rng.next_byte() % 3 <= 1 && rounds < 10); - - if(c2s_traffic.size() > 0) - { - /* - * Use this as a temp value to hold the queues as otherwise they - * might end up appending more in response to messages during the - * handshake. - */ - std::vector input; - std::swap(c2s_traffic, input); - - if(corrupt_server_data) - { - try - { - input = Test::mutate_vec(input, true, 5); - size_t needed = server->received_data(input.data(), input.size()); - - if(needed > 0 && - result.test_lt("Never requesting more than max protocol len", needed, Botan::TLS::MAX_CIPHERTEXT_SIZE + 1)) - { - input.resize(needed); - rng.randomize(input.data(), input.size()); - client->received_data(input.data(), input.size()); - } - } - catch(std::exception&) - { - result.test_note("corruption caused server exception"); - } - } - else - { - try - { - size_t needed = server->received_data(input.data(), input.size()); - result.test_eq("full packet received", needed, 0); - } - catch(std::exception& e) - { - result.test_failure("server error", e.what()); - } - } - - continue; - } - - if(s2c_traffic.size() > 0) - { - std::vector input; - std::swap(s2c_traffic, input); - - if(corrupt_client_data) - { - try - { - input = Test::mutate_vec(input, true, 5); - size_t needed = client->received_data(input.data(), input.size()); - - if(needed > 0 && - result.test_lt("Never requesting more than max protocol len", needed, Botan::TLS::MAX_CIPHERTEXT_SIZE + 1)) - { - input.resize(needed); - rng.randomize(input.data(), input.size()); - client->received_data(input.data(), input.size()); - } - } - catch(std::exception&) - { - result.test_note("corruption caused client exception"); - } - } - else - { - try - { - size_t needed = client->received_data(input.data(), input.size()); - result.test_eq("full packet received", needed, 0); - } - catch(std::exception& e) - { - result.test_failure("client error", e.what()); - } - } - - continue; - } - - // If we corrupted a DTLS application message, resend it: - if(client->is_active() && corrupt_client_data && server_recv.empty()) - { - client->send(client_sent); - } - if(server->is_active() && corrupt_server_data && client_recv.empty()) - { - server->send(server_sent); - } - - if(client_recv.size()) - { - result.test_eq("client recv", client_recv, server_sent); - } - - if(server_recv.size()) - { - result.test_eq("server recv", server_recv, client_sent); - } - - if(client->is_closed() && server->is_closed()) - { - break; - } - - if(server_recv.size() && client_recv.size()) - { - Botan::SymmetricKey client_key = client->key_material_export("label", "context", 32); - Botan::SymmetricKey server_key = server->key_material_export("label", "context", 32); - - result.test_eq("key material export", client_key.bits_of(), server_key.bits_of()); - - if(r % 2 == 0) - { - client->close(); - } - else - { - server->close(); - } - } + m_results.test_eq("Expected CA country field", + dn.get_first_attribute("C"), "VT"); } } - } - catch(std::exception& e) - { - if(r > 2) - { - result.test_note("Corruption caused failure"); - } else { - result.test_failure("DTLS handshake", e.what()); + m_results.test_eq("no client certs", certs.size(), 0); } } - } - result.end_timer(); - return result; - } + if(m_server_recv.size() && m_client_recv.size()) + { + Botan::SymmetricKey client_key = client->key_material_export("label", "context", 32); + Botan::SymmetricKey server_key = m_server->key_material_export("label", "context", 32); -Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version, - Botan::Credentials_Manager& creds, - const Botan::TLS::Policy& policy, - Botan::RandomNumberGenerator& rng, - Botan::TLS::Session_Manager& client_ses, - Botan::TLS::Session_Manager& server_ses) - { - return test_dtls_handshake(offer_version, creds, policy, policy, rng, client_ses, server_ses); + m_results.test_eq("TLS key material export", client_key.bits_of(), server_key.bits_of()); + + client->close(); + } + } + + m_results.end_timer(); } class Test_Policy final : public Botan::TLS::Text_Policy @@ -1000,157 +841,40 @@ class Test_Policy final : public Botan::TLS::Text_Policy } }; -Test::Result test_tls_alert_strings() - { - Test::Result result("TLS::Alert::type_string"); - - const std::vector alert_types = - { - Botan::TLS::Alert::CLOSE_NOTIFY, - Botan::TLS::Alert::UNEXPECTED_MESSAGE, - Botan::TLS::Alert::BAD_RECORD_MAC, - Botan::TLS::Alert::DECRYPTION_FAILED, - Botan::TLS::Alert::RECORD_OVERFLOW, - Botan::TLS::Alert::DECOMPRESSION_FAILURE, - Botan::TLS::Alert::HANDSHAKE_FAILURE, - Botan::TLS::Alert::NO_CERTIFICATE, - Botan::TLS::Alert::BAD_CERTIFICATE, - Botan::TLS::Alert::UNSUPPORTED_CERTIFICATE, - Botan::TLS::Alert::CERTIFICATE_REVOKED, - Botan::TLS::Alert::CERTIFICATE_EXPIRED, - Botan::TLS::Alert::CERTIFICATE_UNKNOWN, - Botan::TLS::Alert::ILLEGAL_PARAMETER, - Botan::TLS::Alert::UNKNOWN_CA, - Botan::TLS::Alert::ACCESS_DENIED, - Botan::TLS::Alert::DECODE_ERROR, - Botan::TLS::Alert::DECRYPT_ERROR, - Botan::TLS::Alert::EXPORT_RESTRICTION, - Botan::TLS::Alert::PROTOCOL_VERSION, - Botan::TLS::Alert::INSUFFICIENT_SECURITY, - Botan::TLS::Alert::INTERNAL_ERROR, - Botan::TLS::Alert::INAPPROPRIATE_FALLBACK, - Botan::TLS::Alert::USER_CANCELED, - Botan::TLS::Alert::NO_RENEGOTIATION, - Botan::TLS::Alert::UNSUPPORTED_EXTENSION, - Botan::TLS::Alert::CERTIFICATE_UNOBTAINABLE, - Botan::TLS::Alert::UNRECOGNIZED_NAME, - Botan::TLS::Alert::BAD_CERTIFICATE_STATUS_RESPONSE, - Botan::TLS::Alert::BAD_CERTIFICATE_HASH_VALUE, - Botan::TLS::Alert::UNKNOWN_PSK_IDENTITY, - Botan::TLS::Alert:: NO_APPLICATION_PROTOCOL, - }; - - std::set seen; - - for(auto alert : alert_types) - { - const std::string str = Botan::TLS::Alert(alert).type_string(); - result.test_eq("No duplicate strings", seen.count(str), 0); - seen.insert(str); - } - - Botan::TLS::Alert unknown_alert = Botan::TLS::Alert({01, 66}); - - result.test_eq("Unknown alert str", unknown_alert.type_string(), "unrecognized_alert_66"); - - return result; - } - - -std::string read_tls_policy(const std::string& policy_str) - { - const std::string fspath = Test::data_file("tls-policy/" + policy_str + ".txt"); - - std::ifstream is(fspath.c_str()); - if(!is.good()) - { - throw Test_Error("Missing policy file " + fspath); - } - - Botan::TLS::Text_Policy policy(is); - return policy.to_string(); - } - -std::string tls_policy_string(const std::string& policy_str) - { - std::unique_ptr policy; - if(policy_str == "default") - { - policy.reset(new Botan::TLS::Policy); - } - else if(policy_str == "suiteb") - { - policy.reset(new Botan::TLS::NSA_Suite_B_128); - } - else if(policy_str == "bsi") - { - policy.reset(new Botan::TLS::BSI_TR_02102_2); - } - else if(policy_str == "strict") - { - policy.reset(new Botan::TLS::Strict_Policy); - } - else if(policy_str == "datagram") - { - policy.reset(new Botan::TLS::Datagram_Policy); - } - else - { - throw Test_Error("Unknown TLS policy type '" + policy_str + "'"); - } - - return policy->to_string(); - } - -Test::Result test_tls_policy() - { - Test::Result result("TLS Policy"); - - const std::vector policies = { "default", "suiteb", "strict", "datagram", "bsi" }; - - for(std::string policy : policies) - { - result.test_eq("Values for TLS " + policy + " policy", - tls_policy_string(policy), - read_tls_policy(policy)); - } - - return result; - } - class TLS_Unit_Tests final : public Test { private: - void test_with_policy(std::vector& results, + void test_with_policy(const std::string& test_descr, + std::vector& results, Botan::TLS::Session_Manager& client_ses, Botan::TLS::Session_Manager& server_ses, Botan::Credentials_Manager& creds, const std::vector& versions, - const Botan::TLS::Policy& policy) + const Botan::TLS::Policy& policy, + bool client_auth = false) { Botan::RandomNumberGenerator& rng = Test::rng(); for(auto const& version : versions) { - if(version.is_datagram_protocol()) - { - results.push_back(test_dtls_handshake(version, creds, policy, rng, client_ses, server_ses)); - } - else - { - results.push_back(test_tls_handshake(version, creds, policy, rng, client_ses, server_ses)); - } + TLS_Handshake_Test test( + version.to_string() + " " + test_descr, + version, creds, policy, policy, rng, client_ses, server_ses, client_auth); + test.go(); + results.push_back(test.results()); } } - void test_all_versions(std::vector& results, + void test_all_versions(const std::string& test_descr, + std::vector& results, Botan::TLS::Session_Manager& client_ses, Botan::TLS::Session_Manager& server_ses, Botan::Credentials_Manager& creds, const std::string& kex_policy, const std::string& cipher_policy, const std::string& mac_policy, - const std::string& etm_policy) + const std::string& etm_policy, + bool client_auth = false) { Test_Policy policy; policy.set("ciphers", cipher_policy); @@ -1172,30 +896,34 @@ class TLS_Unit_Tests final : public Test Botan::TLS::Protocol_Version::DTLS_V12 }; - return test_with_policy(results, client_ses, server_ses, creds, versions, policy); + return test_with_policy(test_descr, results, client_ses, server_ses, creds, versions, policy, client_auth); } - void test_modern_versions(std::vector& results, + void test_modern_versions(const std::string& test_descr, + std::vector& results, Botan::TLS::Session_Manager& client_ses, Botan::TLS::Session_Manager& server_ses, Botan::Credentials_Manager& creds, const std::string& kex_policy, const std::string& cipher_policy, - const std::string& mac_policy = "AEAD") + const std::string& mac_policy = "AEAD", + bool client_auth = false) { std::map no_extra_policies; - return test_modern_versions(results, client_ses, server_ses, creds, - kex_policy, cipher_policy, mac_policy, no_extra_policies); + return test_modern_versions(test_descr, results, client_ses, server_ses, creds, + kex_policy, cipher_policy, mac_policy, no_extra_policies, client_auth); } - void test_modern_versions(std::vector& results, + void test_modern_versions(const std::string& test_descr, + std::vector& results, Botan::TLS::Session_Manager& client_ses, Botan::TLS::Session_Manager& server_ses, Botan::Credentials_Manager& creds, const std::string& kex_policy, const std::string& cipher_policy, const std::string& mac_policy, - const std::map& extra_policies) + const std::map& extra_policies, + bool client_auth = false) { Test_Policy policy; policy.set("ciphers", cipher_policy); @@ -1213,44 +941,13 @@ class TLS_Unit_Tests final : public Test Botan::TLS::Protocol_Version::DTLS_V12 }; - return test_with_policy(results, client_ses, server_ses, creds, versions, policy); - } - - Test::Result test_tls_ciphersuites() - { - Test::Result result("TLS::Ciphersuite"); - - for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) - { - Botan::TLS::Ciphersuite ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id); - - if(ciphersuite.valid()) - { - result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id), false); - - if(ciphersuite.cbc_ciphersuite() == false) - { - result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite.mac_algo(), "AEAD"); - } - else - { - result.test_eq("MAC algo and PRF algo same for CBC suites", ciphersuite.prf_algo(), ciphersuite.mac_algo()); - } - - // TODO more tests here - } - } - - return result; + return test_with_policy(test_descr, results, client_ses, server_ses, creds, versions, policy, client_auth); } public: std::vector run() override { std::vector results; - results.push_back(test_tls_alert_strings()); - results.push_back(test_tls_policy()); - results.push_back(test_tls_ciphersuites()); Botan::RandomNumberGenerator& rng = Test::rng(); @@ -1259,11 +956,10 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) client_ses.reset( - new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 5, - std::chrono::seconds(2))); + new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 5, std::chrono::seconds(2))); server_ses.reset( - new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 10, - std::chrono::seconds(4))); + new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 10, std::chrono::seconds(4))); + #else client_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); server_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); @@ -1274,119 +970,115 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HAS_TLS_CBC) for(std::string etm_setting : { "false", "true" }) { - test_all_versions(results, *client_ses, *server_ses, *creds, "RSA", "AES-128", "SHA-256 SHA-1", etm_setting); - test_all_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128", "SHA-256 SHA-1", etm_setting); - - test_all_versions(results, *client_ses, *server_ses, *creds, "RSA", "AES-256", "SHA-1", etm_setting); - test_all_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-256", "SHA-1", etm_setting); + test_all_versions("AES-128 RSA", results, *client_ses, *server_ses, *creds, "RSA", "AES-128", "SHA-256 SHA-1", etm_setting); + test_all_versions("AES-128 ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "AES-128", "SHA-256 SHA-1", etm_setting); #if defined(BOTAN_HAS_CAMELLIA) - test_all_versions(results, *client_ses, *server_ses, *creds, "RSA", "Camellia-128", "SHA-256 SHA-1", etm_setting); - test_all_versions(results, *client_ses, *server_ses, *creds, "RSA", "Camellia-256", "SHA-256 SHA-384 SHA-1", - etm_setting); + test_all_versions("Camellia-128 RSA", results, *client_ses, *server_ses, + *creds, "RSA", "Camellia-128", "SHA-256 SHA-1", etm_setting); + test_all_versions("Camellia-128 RSA SHA-2", results, *client_ses, *server_ses, + *creds, "RSA", "Camellia-256", "SHA-256 SHA-384 SHA-1", etm_setting); #endif #if defined(BOTAN_HAS_DES) - test_all_versions(results, *client_ses, *server_ses, *creds, "RSA", "3DES", "SHA-1", etm_setting); - test_all_versions(results, *client_ses, *server_ses, *creds, "ECDH", "3DES", "SHA-1", etm_setting); + test_all_versions("3DES RSA", results, *client_ses, *server_ses, *creds, "RSA", "3DES", "SHA-1", etm_setting); + test_all_versions("3DES ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "3DES", "SHA-1", etm_setting); #endif #if defined(BOTAN_HAS_SEED) - test_all_versions(results, *client_ses, *server_ses, *creds, "RSA", "SEED", "SHA-1", etm_setting); + test_all_versions("SEED RSA", results, *client_ses, *server_ses, *creds, "RSA", "SEED", "SHA-1", etm_setting); #endif server_ses->remove_all(); } client_ses->remove_all(); - test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128", "SHA-256"); + test_modern_versions("AES-128 DH", results, *client_ses, *server_ses, *creds, "DH", "AES-128", "SHA-256"); #if defined(BOTAN_HAS_DSA) - test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128", "SHA-256", - { { "signature_methods", "DSA" } }); - test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-256", "SHA-256", - { { "signature_methods", "DSA" } }); + test_modern_versions("AES-128 DSA", results, *client_ses, *server_ses, *creds, "DH", "AES-128", "SHA-256", + { { "signature_methods", "DSA" } }); + + test_modern_versions("AES-128/GCM DSA", results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD", + { { "signature_methods", "DSA" } }); #endif #endif Botan::TLS::Strict_Policy strict_policy; - test_with_policy(results, *client_ses, *server_ses, *creds, + test_with_policy("Strict policy", results, *client_ses, *server_ses, *creds, {Botan::TLS::Protocol_Version::TLS_V12}, strict_policy); Botan::TLS::NSA_Suite_B_128 suiteb_128; - test_with_policy(results, *client_ses, *server_ses, *creds, + test_with_policy("Suite B", results, *client_ses, *server_ses, *creds, {Botan::TLS::Protocol_Version::TLS_V12}, suiteb_128); // Remove server sessions before client, so clients retry with session server doesn't know server_ses->remove_all(); - test_modern_versions(results, *client_ses, *server_ses, *creds, "RSA", "AES-128/GCM"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM"); - - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "signature_methods", "RSA" } }); + test_modern_versions("AES-128/GCM RSA", results, *client_ses, *server_ses, *creds, "RSA", "AES-128/GCM"); + test_modern_versions("AES-128/GCM ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "support_cert_status_message", "false" } }); + test_modern_versions("AES-128/GCM ECDH RSA", + results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "signature_methods", "RSA" } }); -#if defined(BOTAN_HAS_DSA) - test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD", - { { "signature_methods", "DSA" } }); - test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-256/GCM", "AEAD", - { { "signature_methods", "DSA" } }); -#endif + test_modern_versions("AES-128/GCM ECDH no OCSP", + results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "support_cert_status_message", "false" } }); client_ses->remove_all(); #if defined(BOTAN_HAS_CAMELLIA) - test_modern_versions(results, *client_ses, *server_ses, *creds, "RSA", "Camellia-128", "SHA-256"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "RSA", "Camellia-256", "SHA-384 SHA-256"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "Camellia-128/GCM", "AEAD"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "Camellia-256/GCM", "AEAD"); + test_modern_versions("Camellia-256 SHA-2", results, *client_ses, *server_ses, *creds, "RSA", "Camellia-256", "SHA-384 SHA-256"); + test_modern_versions("Camellia-128/GCM ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "Camellia-128/GCM", "AEAD"); #endif #if defined(BOTAN_HAS_ARIA) - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "ARIA-128/GCM", "AEAD"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "ARIA-256/GCM", "AEAD"); + test_modern_versions("ARIA ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "ARIA-128/GCM", "AEAD"); #endif #if defined(BOTAN_HAS_CECPQ1) #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_GCM) - test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/GCM", "AEAD"); + test_modern_versions("AES-256/GCM CECPQ1", results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/GCM", "AEAD"); #endif #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_OCB) - test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/OCB(12)", "AEAD"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/OCB(12)", "AEAD", - {{ "signature_methods", "RSA" }}); + test_modern_versions("AES-256/OCB CECPQ1", results, *client_ses, *server_ses, *creds, + "CECPQ1", "AES-256/OCB(12)", "AEAD"); + test_modern_versions("AES-256/OCB CECPQ1 RSA", results, *client_ses, *server_ses, *creds, + "CECPQ1", "AES-256/OCB(12)", "AEAD", + {{ "signature_methods", "RSA" }}); #endif #if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) - test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "ChaCha20Poly1305", "AEAD", - { { "signature_methods", "RSA" }}); + test_modern_versions("ChaCha20Poly1305 CECPQ1", results, *client_ses, *server_ses, *creds, + "CECPQ1", "ChaCha20Poly1305", "AEAD", + { { "signature_methods", "RSA" }}); #endif #endif - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "use_ecc_point_compression", "true" } }); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-256/GCM", "AEAD", - { { "groups", "secp521r1" } }); - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "groups", "brainpool256r1" } }); + test_modern_versions("AES-128/GCM point compression", results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "use_ecc_point_compression", "true" } }); + test_modern_versions("AES-256/GCM p521", results, *client_ses, *server_ses, *creds, "ECDH", "AES-256/GCM", "AEAD", + { { "groups", "secp521r1" } }); + test_modern_versions("AES-128/GCM bp256r1", results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "groups", "brainpool256r1" } }); #if defined(BOTAN_HAS_CURVE_25519) - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "groups", "x25519" } }); + test_modern_versions("AES-128/GCM x25519", results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "groups", "x25519" } }); #endif - test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD", - { { "groups", "ffdhe/ietf/2048" } }); + test_modern_versions("AES-128/GCM FFDHE-2048", + results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD", + { { "groups", "ffdhe/ietf/2048" } }); std::unique_ptr creds_with_client_cert(create_creds(rng, true)); - test_modern_versions(results, *client_ses, *server_ses, *creds_with_client_cert, "ECDH", "AES-256/GCM"); + test_modern_versions("AES-256/GCM client certs", + results, *client_ses, *server_ses, *creds_with_client_cert, "ECDH", "AES-256/GCM", "AEAD", true); #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) client_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); @@ -1394,31 +1086,32 @@ class TLS_Unit_Tests final : public Test #endif #if defined(BOTAN_HAS_AEAD_OCB) - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/OCB(12)"); + test_modern_versions("AES-128/OCB ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/OCB(12)"); #endif server_ses->remove_all(); #if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "ChaCha20Poly1305"); + test_modern_versions("ChaCha20Poly1305 ECDH", results, *client_ses, *server_ses, *creds, "ECDH", "ChaCha20Poly1305"); #endif - test_modern_versions(results, *client_ses, *server_ses, *creds, "PSK", "AES-128/GCM"); + test_modern_versions("AES-128/GCM PSK", results, *client_ses, *server_ses, *creds, "PSK", "AES-128/GCM"); #if defined(BOTAN_HAS_CCM) - test_modern_versions(results, *client_ses, *server_ses, *creds, "PSK", "AES-128/CCM"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "PSK", "AES-128/CCM(8)"); + test_modern_versions("AES-128/CCM PSK", results, *client_ses, *server_ses, *creds, "PSK", "AES-128/CCM"); + test_modern_versions("AES-128/CCM-8 PSK", results, *client_ses, *server_ses, *creds, "PSK", "AES-128/CCM(8)"); #endif #if defined(BOTAN_HAS_TLS_CBC) // For whatever reason no (EC)DHE_PSK GCM ciphersuites are defined - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDHE_PSK", "AES-128", "SHA-256"); - test_modern_versions(results, *client_ses, *server_ses, *creds, "DHE_PSK", "AES-128", "SHA-1"); + test_modern_versions("AES-128 ECDHE_PSK", results, *client_ses, *server_ses, *creds, "ECDHE_PSK", "AES-128", "SHA-256"); + test_modern_versions("AES-128 DHE_PSK", results, *client_ses, *server_ses, *creds, "DHE_PSK", "AES-128", "SHA-1"); #endif #if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "groups", BOTAN_HOUSE_ECC_CURVE_NAME } }); + test_modern_versions("AES-128/GCM house curve", + results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", + { { "groups", BOTAN_HOUSE_ECC_CURVE_NAME } }); #endif return results; From 0cf756d657838070c22c06883871c693885ff116 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 15:26:12 -0500 Subject: [PATCH 0584/1008] In client hello printer, don't require the handshake header --- src/cli/tls_utils.cpp | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index cc5a8549ca..81c4fa328e 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -189,22 +189,19 @@ class TLS_Client_Hello_Reader final : public Command } // Assume the handshake header is there, strip it - if(input[0] != 1) + if(input[0] == 1) { - error_output() << "Input message is not a TLS client hello\n"; - return; - } + const size_t hs_len = Botan::make_uint32(0, input[1], input[2], input[3]); - const size_t hs_len = Botan::make_uint32(0, input[1], input[2], input[3]); + if(input.size() != hs_len + 4) + { + error_output() << "Handshake layer length invalid\n"; + return; + } - if(input.size() != hs_len + 4) - { - error_output() << "Handshake layer length invalid\n"; - return; + input = std::vector(input.begin() + 4, input.end()); } - input = std::vector(input.begin() + 4, input.end()); - try { Botan::TLS::Client_Hello hello(input); From 377e75b4649e9546393d20bc511da3f30ea5aa19 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 27 Jan 2018 15:31:18 -0500 Subject: [PATCH 0585/1008] Note release schedule on index page --- readme.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/readme.rst b/readme.rst index 37de3f7f32..287805d3e2 100644 --- a/readme.rst +++ b/readme.rst @@ -100,8 +100,9 @@ these are often out of date; using the latest source release is recommended. Current Stable Release ---------------------------------------- -Version 2 requires a C++11 compiler; GCC 4.8 and later, Clang 3.5 and -later, and MSVC 2015/2017 are regularly tested. +Version 2 requires a C++11 compiler; GCC 4.8 and later, Clang 3.8 and later, and +MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a +quarterly basis. The latest 2.x release is `2.4.0 `_ From ce0c28bffff30d9a1ce2fd93507012b1174600ac Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 10:33:40 -0500 Subject: [PATCH 0586/1008] Fix amalgamation pragma for SSE 4.1 Missed by Travis builds because GCC is too old there. --- configure.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configure.py b/configure.py index 9d7cf364b2..9502dc3e4a 100755 --- a/configure.py +++ b/configure.py @@ -2465,6 +2465,12 @@ def _generate_sources(self, amalgamation_headers, included_in_headers): #pylint: f.write('\n') for isa in self._isas_for_target(target): + + if isa == 'sse41': + isa = 'sse4.1' + elif isa == 'sse42': + isa = 'ssse4.2' + f.write('#if defined(__GNUG__) && !defined(__clang__)\n') f.write('#pragma GCC target ("%s")\n' % (isa)) f.write('#endif\n') From 0d20406285e776b5a60d2ff4f5e3a4f6a06f7806 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 10:53:29 -0500 Subject: [PATCH 0587/1008] Fix a leak in OpenSSL block ciphers Introduced when support for 1.1.0 API was added in #1056 --- src/lib/prov/openssl/openssl_block.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/prov/openssl/openssl_block.cpp b/src/lib/prov/openssl/openssl_block.cpp index 3cf2039616..8b0c419d15 100644 --- a/src/lib/prov/openssl/openssl_block.cpp +++ b/src/lib/prov/openssl/openssl_block.cpp @@ -125,6 +125,9 @@ OpenSSL_BlockCipher::~OpenSSL_BlockCipher() { EVP_CIPHER_CTX_cleanup(m_encrypt); EVP_CIPHER_CTX_cleanup(m_decrypt); + + EVP_CIPHER_CTX_free(m_encrypt); + EVP_CIPHER_CTX_free(m_decrypt); } /* From d23f665738e46971b3593ea9082046facc8d8105 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 11:14:02 -0500 Subject: [PATCH 0588/1008] Blind attempt at fixing #1431 --- src/tests/unit_tls.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 8368445e06..b3aed639d0 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -7,9 +7,6 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -// Deprecated TLS APIs are tested below -#define BOTAN_NO_DEPRECATED_WARNINGS - #include "tests.h" #include #include @@ -1077,6 +1074,8 @@ class TLS_Unit_Tests final : public Test { { "groups", "ffdhe/ietf/2048" } }); std::unique_ptr creds_with_client_cert(create_creds(rng, true)); + + server_ses->remove_all(); test_modern_versions("AES-256/GCM client certs", results, *client_ses, *server_ses, *creds_with_client_cert, "ECDH", "AES-256/GCM", "AEAD", true); From 1c667d34bf71336d33bb76309176a993f13a2aac Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 11:45:32 -0500 Subject: [PATCH 0589/1008] Avoid resuming a session if policy doesn't allow it Previously if the policy changed we'd continue to resume. #1431 --- src/lib/tls/tls_client.cpp | 2 +- src/lib/tls/tls_policy.cpp | 5 +++-- src/tests/unit_tls.cpp | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 4647e11cbe..c35149d6bd 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -161,7 +161,7 @@ void Client::send_client_hello(Handshake_State& state_base, Ensure that the session protocol type matches what we want to use If not skip the resume and establish a new session */ - if(version == session_info.version()) + if(version == session_info.version() && policy().acceptable_ciphersuite(session_info.ciphersuite())) { if(srp_identifier == "" || session_info.srp_identifier() == srp_identifier) { diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index ce87edac19..a46fcee925 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -317,9 +317,10 @@ Protocol_Version Policy::latest_supported_version(bool datagram) const } } -bool Policy::acceptable_ciphersuite(const Ciphersuite&) const +bool Policy::acceptable_ciphersuite(const Ciphersuite& ciphersuite) const { - return true; + return value_exists(allowed_ciphers(), ciphersuite.cipher_algo()) && + value_exists(allowed_macs(), ciphersuite.mac_algo()); } bool Policy::allow_client_initiated_renegotiation() const { return false; } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index b3aed639d0..f82d432b42 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -953,9 +953,9 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) client_ses.reset( - new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 5, std::chrono::seconds(2))); + new Botan::TLS::Session_Manager_SQLite("client pass", rng, ":memory:", 5, std::chrono::seconds(2))); server_ses.reset( - new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 10, std::chrono::seconds(4))); + new Botan::TLS::Session_Manager_SQLite("server pass", rng, ":memory:", 10, std::chrono::seconds(4))); #else client_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); @@ -973,7 +973,7 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HAS_CAMELLIA) test_all_versions("Camellia-128 RSA", results, *client_ses, *server_ses, *creds, "RSA", "Camellia-128", "SHA-256 SHA-1", etm_setting); - test_all_versions("Camellia-128 RSA SHA-2", results, *client_ses, *server_ses, + test_all_versions("Camellia-256 RSA SHA-2", results, *client_ses, *server_ses, *creds, "RSA", "Camellia-256", "SHA-256 SHA-384 SHA-1", etm_setting); #endif From b2b55e6c2fdb824f49923b60d2c3ffff8f0fb99a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 21 Dec 2017 15:37:39 -0500 Subject: [PATCH 0590/1008] Use enums to represent TLS signature and kex algorithms. Adds support for PSS signatures (currently verifying only). --- src/cli/tls_utils.cpp | 6 +- src/lib/tls/info.txt | 1 + src/lib/tls/msg_cert_req.cpp | 21 +- src/lib/tls/msg_cert_verify.cpp | 15 +- src/lib/tls/msg_client_hello.cpp | 27 +- src/lib/tls/msg_client_kex.cpp | 50 ++-- src/lib/tls/msg_server_kex.cpp | 56 ++-- src/lib/tls/tls_algos.cpp | 355 +++++++++++++++++++++++++ src/lib/tls/tls_algos.h | 168 ++++++++++++ src/lib/tls/tls_ciphersuite.cpp | 50 +++- src/lib/tls/tls_ciphersuite.h | 42 +-- src/lib/tls/tls_client.cpp | 21 +- src/lib/tls/tls_extensions.cpp | 131 ++-------- src/lib/tls/tls_extensions.h | 27 +- src/lib/tls/tls_handshake_state.cpp | 213 +++++++-------- src/lib/tls/tls_handshake_state.h | 6 +- src/lib/tls/tls_messages.h | 23 +- src/lib/tls/tls_policy.cpp | 34 ++- src/lib/tls/tls_policy.h | 3 + src/lib/tls/tls_record.cpp | 153 ++++++----- src/lib/tls/tls_record.h | 10 +- src/lib/tls/tls_server.cpp | 83 +++--- src/lib/tls/tls_suite_info.cpp | 371 +++++++++++++-------------- src/scripts/tls_suite_info.py | 39 ++- src/tests/data/tls-policy/compat.txt | 2 +- src/tests/data/tls/cert_verify.vec | 2 +- src/tests/unit_tls.cpp | 9 +- 27 files changed, 1171 insertions(+), 747 deletions(-) create mode 100644 src/lib/tls/tls_algos.cpp create mode 100644 src/lib/tls/tls_algos.h diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index 81c4fa328e..784125de11 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -228,14 +228,14 @@ class TLS_Client_Hello_Reader final : public Command oss << "Supported signature schemes: "; - if(hello.supported_algos().empty()) + if(hello.signature_schemes().empty()) { oss << "Did not send signature_algorithms extension\n"; } else { - for(auto&& hash_and_sig : hello.supported_algos()) - oss << hash_and_sig.second << '+' << hash_and_sig.first << ' '; + for(Botan::TLS::Signature_Scheme scheme : hello.signature_schemes()) + oss << sig_scheme_to_string(scheme) << " "; oss << "\n"; } diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt index 68e560f2d7..2bda6622fc 100644 --- a/src/lib/tls/info.txt +++ b/src/lib/tls/info.txt @@ -7,6 +7,7 @@ load_on auto credentials_manager.h tls_alert.h +tls_algos.h tls_blocking.h tls_callbacks.h tls_channel.h diff --git a/src/lib/tls/msg_cert_req.cpp b/src/lib/tls/msg_cert_req.cpp index c6d09481e4..90c9369784 100644 --- a/src/lib/tls/msg_cert_req.cpp +++ b/src/lib/tls/msg_cert_req.cpp @@ -61,12 +61,7 @@ Certificate_Req::Certificate_Req(Handshake_IO& io, { if(version.supports_negotiable_signature_algorithms()) { - std::vector hashes = policy.allowed_signature_hashes(); - std::vector sigs = policy.allowed_signature_methods(); - - for(size_t i = 0; i != hashes.size(); ++i) - for(size_t j = 0; j != sigs.size(); ++j) - m_supported_algos.push_back(std::make_pair(hashes[i], sigs[j])); + m_schemes = policy.allowed_signature_schemes(); } hash.update(io.send(*this)); @@ -97,16 +92,14 @@ Certificate_Req::Certificate_Req(const std::vector& buf, if(version.supports_negotiable_signature_algorithms()) { - std::vector sig_hash_algs = reader.get_range_vector(2, 2, 65534); + const std::vector algs = reader.get_range_vector(2, 2, 65534); - if(sig_hash_algs.size() % 2 != 0) + if(algs.size() % 2 != 0) throw Decoding_Error("Bad length for signature IDs in certificate request"); - for(size_t i = 0; i != sig_hash_algs.size(); i += 2) + for(size_t i = 0; i != algs.size(); i += 2) { - std::string hash = Signature_Algorithms::hash_algo_name(sig_hash_algs[i]); - std::string sig = Signature_Algorithms::sig_algo_name(sig_hash_algs[i+1]); - m_supported_algos.push_back(std::make_pair(hash, sig)); + m_schemes.push_back(static_cast(make_uint16(algs[i], algs[i+1]))); } } @@ -140,8 +133,8 @@ std::vector Certificate_Req::serialize() const append_tls_length_value(buf, cert_types, 1); - if(!m_supported_algos.empty()) - buf += Signature_Algorithms(m_supported_algos).serialize(); + if(m_schemes.size() > 0) + buf += Signature_Algorithms(m_schemes).serialize(); std::vector encoded_names; diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index ce7a303744..8ca01043ab 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -28,7 +28,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io, BOTAN_ASSERT_NONNULL(priv_key); std::pair format = - state.choose_sig_format(*priv_key, m_hash_algo, m_sig_algo, true, policy); + state.choose_sig_format(*priv_key, m_scheme, true, policy); m_signature = state.callbacks().tls_sign_message(*priv_key, rng, format.first, format.second, @@ -47,8 +47,7 @@ Certificate_Verify::Certificate_Verify(const std::vector& buf, if(version.supports_negotiable_signature_algorithms()) { - m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte()); - m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte()); + m_scheme = static_cast(reader.get_uint16_t()); } m_signature = reader.get_range(2, 0, 65535); @@ -61,10 +60,11 @@ std::vector Certificate_Verify::serialize() const { std::vector buf; - if(!m_hash_algo.empty() && !m_sig_algo.empty()) + if(m_scheme != Signature_Scheme::NONE) { - buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo)); - buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); + const uint16_t scheme_code = static_cast(m_scheme); + buf.push_back(get_byte(0, scheme_code)); + buf.push_back(get_byte(1, scheme_code)); } const uint16_t sig_len = static_cast(m_signature.size()); @@ -87,8 +87,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, policy.check_peer_key_acceptable(*key); std::pair format = - state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, - true, policy); + state.parse_sig_format(*key.get(), m_scheme, true, policy); const bool signature_valid = state.callbacks().tls_verify_message(*key, format.first, format.second, diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 68753fa26a..158238de20 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -115,8 +115,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); if(m_version.supports_negotiable_signature_algorithms()) - m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), - policy.allowed_signature_methods())); + m_extensions.add(new Signature_Algorithms(policy.allowed_signature_schemes())); if(m_version.is_datagram_protocol()) m_extensions.add(new SRTP_Protection_Profiles(policy.srtp_profiles())); @@ -138,10 +137,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } - if(m_version.supports_negotiable_signature_algorithms()) - m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), - policy.allowed_signature_methods())); - cb.tls_modify_extensions(m_extensions, CLIENT); if(policy.send_fallback_scsv(client_settings.protocol_version())) @@ -200,8 +195,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, #endif if(m_version.supports_negotiable_signature_algorithms()) - m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(), - policy.allowed_signature_methods())); + m_extensions.add(new Signature_Algorithms(policy.allowed_signature_schemes())); if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); @@ -318,19 +312,16 @@ bool Client_Hello::offered_suite(uint16_t ciphersuite) const return false; } -std::vector> Client_Hello::supported_algos() const +std::vector Client_Hello::signature_schemes() const { + std::vector schemes; + if(Signature_Algorithms* sigs = m_extensions.get()) - return sigs->supported_signature_algorthms(); - return std::vector>(); - } + { + schemes = sigs->supported_schemes(); + } -std::set Client_Hello::supported_sig_algos() const - { - std::set sig; - for(auto&& hash_and_sig : supported_algos()) - sig.insert(hash_and_sig.second); - return sig; + return schemes; } std::vector Client_Hello::supported_ecc_curves() const diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 0ff99462c1..6e767d4d60 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -42,9 +42,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, const std::string& hostname, RandomNumberGenerator& rng) { - const std::string kex_algo = state.ciphersuite().kex_algo(); + const Kex_Algo kex_algo = state.ciphersuite().kex_method(); - if(kex_algo == "PSK") + if(kex_algo == Kex_Algo::PSK) { std::string identity_hint = ""; @@ -72,7 +72,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, SymmetricKey psk; - if(kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK") + if(kex_algo == Kex_Algo::DHE_PSK || + kex_algo == Kex_Algo::ECDHE_PSK) { std::string identity_hint = reader.get_string(2, 0, 65535); @@ -84,7 +85,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, psk = creds.psk("tls-client", hostname, psk_identity); } - if(kex_algo == "DH" || kex_algo == "DHE_PSK") + if(kex_algo == Kex_Algo::DH || + kex_algo == Kex_Algo::DHE_PSK) { const std::vector modulus = reader.get_range(2, 1, 65535); const std::vector generator = reader.get_range(2, 1, 65535); @@ -96,7 +98,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, const std::pair, std::vector> dh_result = state.callbacks().tls_dh_agree(modulus, generator, peer_public_value, policy, rng); - if(kex_algo == "DH") + if(kex_algo == Kex_Algo::DH) m_pre_master = dh_result.first; else { @@ -106,7 +108,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_key_material, dh_result.second, 2); } - else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") + else if(kex_algo == Kex_Algo::ECDH || + kex_algo == Kex_Algo::ECDHE_PSK) { const uint8_t curve_type = reader.get_byte(); @@ -131,7 +134,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng, state.server_hello()->prefers_compressed_ec_points()); - if(kex_algo == "ECDH") + if(kex_algo == Kex_Algo::ECDH) m_pre_master = ecdh_result.first; else { @@ -142,7 +145,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_key_material, ecdh_result.second, 1); } #if defined(BOTAN_HAS_SRP6) - else if(kex_algo == "SRP_SHA") + else if(kex_algo == Kex_Algo::SRP_SHA) { const BigInt N = BigInt::decode(reader.get_range(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range(2, 1, 65535)); @@ -172,7 +175,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, #endif #if defined(BOTAN_HAS_CECPQ1) - else if(kex_algo == "CECPQ1") + else if(kex_algo == Kex_Algo::CECPQ1) { const std::vector cecpq1_offer = reader.get_range(2, 1, 65535); @@ -188,7 +191,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, #endif else { - throw Internal_Error("Client_Key_Exchange: Unknown kex " + kex_algo); + throw Internal_Error("Client_Key_Exchange: Unknown key exchange method was negotiated"); } reader.assert_done(); @@ -197,8 +200,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, { // No server key exchange msg better mean RSA kex + RSA key in cert - if(kex_algo != "RSA") - throw Unexpected_Message("No server kex but negotiated kex " + kex_algo); + if(kex_algo != Kex_Algo::STATIC_RSA) + throw Unexpected_Message("No server kex message, but negotiated a key exchange that required it"); if(!server_public_key) throw Internal_Error("No server public key for RSA exchange"); @@ -236,9 +239,9 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, const Policy& policy, RandomNumberGenerator& rng) { - const std::string kex_algo = state.ciphersuite().kex_algo(); + const Kex_Algo kex_algo = state.ciphersuite().kex_method(); - if(kex_algo == "RSA") + if(kex_algo == Kex_Algo::STATIC_RSA) { BOTAN_ASSERT(state.server_certs() && !state.server_certs()->cert_chain().empty(), "RSA key exchange negotiated so server sent a certificate"); @@ -283,7 +286,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, SymmetricKey psk; - if(kex_algo == "PSK" || kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK") + if(key_exchange_is_psk(kex_algo)) { const std::string psk_identity = reader.get_string(2, 0, 65535); @@ -301,14 +304,14 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, } } - if(kex_algo == "PSK") + if(kex_algo == Kex_Algo::PSK) { std::vector zeros(psk.length()); append_tls_length_value(m_pre_master, zeros, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); } #if defined(BOTAN_HAS_SRP6) - else if(kex_algo == "SRP_SHA") + else if(kex_algo == Kex_Algo::SRP_SHA) { SRP6_Server_Session& srp = state.server_kex()->server_srp_params(); @@ -316,7 +319,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, } #endif #if defined(BOTAN_HAS_CECPQ1) - else if(kex_algo == "CECPQ1") + else if(kex_algo == Kex_Algo::CECPQ1) { const CECPQ1_key& cecpq1_offer = state.server_kex()->cecpq1_key(); @@ -328,8 +331,10 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, CECPQ1_finish(m_pre_master.data(), cecpq1_offer, cecpq1_accept.data()); } #endif - else if(kex_algo == "DH" || kex_algo == "DHE_PSK" || - kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") + else if(kex_algo == Kex_Algo::DH || + kex_algo == Kex_Algo::DHE_PSK || + kex_algo == Kex_Algo::ECDH || + kex_algo == Kex_Algo::ECDHE_PSK) { const Private_Key& private_key = state.server_kex()->server_kex_key(); @@ -360,7 +365,8 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, if(ka_key->algo_name() == "DH") shared_secret = CT::strip_leading_zeros(shared_secret); - if(kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK") + if(kex_algo == Kex_Algo::DHE_PSK || + kex_algo == Kex_Algo::ECDHE_PSK) { append_tls_length_value(m_pre_master, shared_secret, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); @@ -380,7 +386,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, } } else - throw Internal_Error("Client_Key_Exchange: Unknown kex type " + kex_algo); + throw Internal_Error("Client_Key_Exchange: Unknown key exchange negotiated"); } } diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 631273eb79..56ff3017f7 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -45,9 +45,9 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, const Private_Key* signing_key) { const std::string hostname = state.client_hello()->sni_hostname(); - const std::string kex_algo = state.ciphersuite().kex_algo(); + const Kex_Algo kex_algo = state.ciphersuite().kex_method(); - if(kex_algo == "PSK" || kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK") + if(kex_algo == Kex_Algo::PSK || kex_algo == Kex_Algo::DHE_PSK || kex_algo == Kex_Algo::ECDHE_PSK) { std::string identity_hint = creds.psk_identity_hint("tls-server", hostname); @@ -55,7 +55,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_params, identity_hint, 2); } - if(kex_algo == "DH" || kex_algo == "DHE_PSK") + if(kex_algo == Kex_Algo::DH || kex_algo == Kex_Algo::DHE_PSK) { const std::vector& dh_groups = state.client_hello()->supported_dh_groups(); @@ -85,7 +85,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_params, dh->public_value(), 2); m_kex_key.reset(dh.release()); } - else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") + else if(kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { const std::vector& curves = state.client_hello()->supported_ecc_curves(); @@ -135,7 +135,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_params, ecdh_public_val, 1); } #if defined(BOTAN_HAS_SRP6) - else if(kex_algo == "SRP_SHA") + else if(kex_algo == Kex_Algo::SRP_SHA) { const std::string srp_identifier = state.client_hello()->srp_identifier(); @@ -166,7 +166,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, } #endif #if defined(BOTAN_HAS_CECPQ1) - else if(kex_algo == "CECPQ1") + else if(kex_algo == Kex_Algo::CECPQ1) { std::vector cecpq1_offer(CECPQ1_OFFER_BYTES); m_cecpq1_key.reset(new CECPQ1_key); @@ -174,17 +174,18 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_params, cecpq1_offer, 2); } #endif - else if(kex_algo != "PSK") + else if(kex_algo != Kex_Algo::PSK) { - throw Internal_Error("Server_Key_Exchange: Unknown kex type " + kex_algo); + throw Internal_Error("Server_Key_Exchange: Unknown kex type " + + kex_method_to_string(kex_algo)); } - if(state.ciphersuite().sig_algo() != "") + if(state.ciphersuite().signature_used()) { BOTAN_ASSERT(signing_key, "Signing key was set"); std::pair format = - state.choose_sig_format(*signing_key, m_hash_algo, m_sig_algo, false, policy); + state.choose_sig_format(*signing_key, m_scheme, false, policy); std::vector buf = state.client_hello()->random(); @@ -203,8 +204,8 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, * Deserialize a Server Key Exchange message */ Server_Key_Exchange::Server_Key_Exchange(const std::vector& buf, - const std::string& kex_algo, - const std::string& sig_algo, + const Kex_Algo kex_algo, + const Auth_Method auth_method, Protocol_Version version) { TLS_Data_Reader reader("ServerKeyExchange", buf); @@ -215,12 +216,12 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector& buf, * is prepared. */ - if(kex_algo == "PSK" || kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK") + if(kex_algo == Kex_Algo::PSK || kex_algo == Kex_Algo::DHE_PSK || kex_algo == Kex_Algo::ECDHE_PSK) { reader.get_string(2, 0, 65535); // identity hint } - if(kex_algo == "DH" || kex_algo == "DHE_PSK") + if(kex_algo == Kex_Algo::DH || kex_algo == Kex_Algo::DHE_PSK) { // 3 bigints, DH p, g, Y @@ -229,13 +230,13 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector& buf, reader.get_range(2, 1, 65535); } } - else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") + else if(kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { reader.get_byte(); // curve type reader.get_uint16_t(); // curve id reader.get_range(1, 1, 255); // public key } - else if(kex_algo == "SRP_SHA") + else if(kex_algo == Kex_Algo::SRP_SHA) { // 2 bigints (N,g) then salt, then server B @@ -244,22 +245,22 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector& buf, reader.get_range(1, 1, 255); reader.get_range(2, 1, 65535); } - else if(kex_algo == "CECPQ1") + else if(kex_algo == Kex_Algo::CECPQ1) { // u16 blob reader.get_range(2, 1, 65535); } - else if(kex_algo != "PSK") - throw Decoding_Error("Server_Key_Exchange: Unsupported kex type " + kex_algo); + else if(kex_algo != Kex_Algo::PSK) + throw Decoding_Error("Server_Key_Exchange: Unsupported kex type " + + kex_method_to_string(kex_algo)); m_params.assign(buf.data(), buf.data() + reader.read_so_far()); - if(sig_algo != "") + if(auth_method != Auth_Method::ANONYMOUS && auth_method != Auth_Method::IMPLICIT) { if(version.supports_negotiable_signature_algorithms()) { - m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte()); - m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte()); + m_scheme = static_cast(reader.get_uint16_t()); } m_signature = reader.get_range(2, 0, 65535); @@ -277,11 +278,11 @@ std::vector Server_Key_Exchange::serialize() const if(m_signature.size()) { - // This should be an explicit version check - if(m_hash_algo != "" && m_sig_algo != "") + if(m_scheme != Signature_Scheme::NONE) { - buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo)); - buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); + const uint16_t scheme_code = static_cast(m_scheme); + buf.push_back(get_byte(0, scheme_code)); + buf.push_back(get_byte(1, scheme_code)); } append_tls_length_value(buf, m_signature, 2); @@ -300,8 +301,7 @@ bool Server_Key_Exchange::verify(const Public_Key& server_key, policy.check_peer_key_acceptable(server_key); std::pair format = - state.parse_sig_format(server_key, m_hash_algo, m_sig_algo, - false, policy); + state.parse_sig_format(server_key, m_scheme, false, policy); std::vector buf = state.client_hello()->random(); diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp new file mode 100644 index 0000000000..415d3eb664 --- /dev/null +++ b/src/lib/tls/tls_algos.cpp @@ -0,0 +1,355 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include + +namespace Botan { + +namespace TLS { + +std::string kdf_algo_to_string(KDF_Algo algo) + { + switch(algo) + { + case KDF_Algo::SHA_1: + return "SHA-1"; + case KDF_Algo::SHA_256: + return "SHA-256"; + case KDF_Algo::SHA_384: + return "SHA-384"; + } + + throw Invalid_State("kdf_algo_to_string unknown enum value"); + } + +std::string kex_method_to_string(Kex_Algo method) + { + switch(method) + { + case Kex_Algo::STATIC_RSA: + return "RSA"; + case Kex_Algo::DH: + return "DH"; + case Kex_Algo::ECDH: + return "ECDH"; + case Kex_Algo::CECPQ1: + return "CECPQ1"; + case Kex_Algo::SRP_SHA: + return "SRP_SHA"; + case Kex_Algo::PSK: + return "PSK"; + case Kex_Algo::DHE_PSK: + return "DHE_PSK"; + case Kex_Algo::ECDHE_PSK: + return "ECDHE_PSK"; + } + + throw Invalid_State("kex_method_to_string unknown enum value"); + } + +Kex_Algo kex_method_from_string(const std::string& str) + { + if(str == "RSA") + return Kex_Algo::STATIC_RSA; + + if(str == "DH") + return Kex_Algo::DH; + + if(str == "ECDH") + return Kex_Algo::ECDH; + + if(str == "CECPQ1") + return Kex_Algo::CECPQ1; + + if(str == "SRP_SHA") + return Kex_Algo::SRP_SHA; + + if(str == "PSK") + return Kex_Algo::PSK; + + if(str == "DHE_PSK") + return Kex_Algo::DHE_PSK; + + if(str == "ECDHE_PSK") + return Kex_Algo::ECDHE_PSK; + + throw Invalid_Argument("Unknown kex method " + str); + } + +std::string auth_method_to_string(Auth_Method method) + { + switch(method) + { + case Auth_Method::RSA: + return "RSA"; + case Auth_Method::DSA: + return "DSA"; + case Auth_Method::ECDSA: + return "ECDSA"; + case Auth_Method::IMPLICIT: + return "IMPLICIT"; + case Auth_Method::ANONYMOUS: + return "ANONYMOUS"; + } + + throw Invalid_State("auth_method_to_string unknown enum value"); + } + +Auth_Method auth_method_from_string(const std::string& str) + { + if(str == "RSA") + return Auth_Method::RSA; + if(str == "DSA") + return Auth_Method::DSA; + if(str == "ECDSA") + return Auth_Method::ECDSA; + if(str == "ANONYMOUS" || str == "") + return Auth_Method::ANONYMOUS; + + throw Invalid_Argument("Bad signature method " + str); + } + +std::string group_param_to_string(Group_Params group) + { + switch(group) + { + case Group_Params::SECP256R1: + return "secp256r1"; + case Group_Params::SECP384R1: + return "secp384r1"; + case Group_Params::SECP521R1: + return "secp521r1"; + case Group_Params::BRAINPOOL256R1: + return "brainpool256r1"; + case Group_Params::BRAINPOOL384R1: + return "brainpool384r1"; + case Group_Params::BRAINPOOL512R1: + return "brainpool512r1"; + case Group_Params::X25519: + return "x25519"; + + case Group_Params::FFDHE_2048: + return "ffdhe/ietf/2048"; + case Group_Params::FFDHE_3072: + return "ffdhe/ietf/3072"; + case Group_Params::FFDHE_4096: + return "ffdhe/ietf/4096"; + case Group_Params::FFDHE_6144: + return "ffdhe/ietf/6144"; + case Group_Params::FFDHE_8192: + return "ffdhe/ietf/8192"; + +#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) + case BOTAN_HOUSE_ECC_CURVE_TLS_ID: + return BOTAN_HOUSE_ECC_CURVE_NAME; +#endif + + default: + return ""; + } + } + + +std::string hash_function_of_scheme(Signature_Scheme scheme) + { + switch(scheme) + { + case Signature_Scheme::DSA_SHA1: + case Signature_Scheme::ECDSA_SHA1: + case Signature_Scheme::RSA_PKCS1_SHA1: + return "SHA-1"; + + case Signature_Scheme::DSA_SHA256: + case Signature_Scheme::ECDSA_SHA256: + case Signature_Scheme::RSA_PKCS1_SHA256: + case Signature_Scheme::RSA_PSS_SHA256: + return "SHA-256"; + + case Signature_Scheme::DSA_SHA384: + case Signature_Scheme::ECDSA_SHA384: + case Signature_Scheme::RSA_PKCS1_SHA384: + case Signature_Scheme::RSA_PSS_SHA384: + return "SHA-384"; + + case Signature_Scheme::DSA_SHA512: + case Signature_Scheme::ECDSA_SHA512: + case Signature_Scheme::RSA_PKCS1_SHA512: + case Signature_Scheme::RSA_PSS_SHA512: + return "SHA-512"; + + case Signature_Scheme::EDDSA_25519: + case Signature_Scheme::EDDSA_448: + return "Pure"; + + case Signature_Scheme::NONE: + return ""; + } + + throw Invalid_State("Unknown signature algorithm enum"); + } + +const std::vector& all_signature_schemes() + { + static const std::vector all_schemes = { + Signature_Scheme::RSA_PKCS1_SHA1, + Signature_Scheme::RSA_PKCS1_SHA256, + Signature_Scheme::RSA_PKCS1_SHA384, + Signature_Scheme::RSA_PKCS1_SHA512, + Signature_Scheme::DSA_SHA1, + Signature_Scheme::DSA_SHA256, + Signature_Scheme::DSA_SHA384, + Signature_Scheme::DSA_SHA512, + Signature_Scheme::ECDSA_SHA1, + Signature_Scheme::ECDSA_SHA256, + Signature_Scheme::ECDSA_SHA384, + Signature_Scheme::ECDSA_SHA512, + Signature_Scheme::RSA_PSS_SHA256, + Signature_Scheme::RSA_PSS_SHA384, + Signature_Scheme::RSA_PSS_SHA512, + Signature_Scheme::EDDSA_25519, + Signature_Scheme::EDDSA_448, + }; + + return all_schemes; + } + +std::string signature_algorithm_of_scheme(Signature_Scheme scheme) + { + switch(scheme) + { + case Signature_Scheme::RSA_PKCS1_SHA1: + case Signature_Scheme::RSA_PKCS1_SHA256: + case Signature_Scheme::RSA_PKCS1_SHA384: + case Signature_Scheme::RSA_PKCS1_SHA512: + case Signature_Scheme::RSA_PSS_SHA256: + case Signature_Scheme::RSA_PSS_SHA384: + case Signature_Scheme::RSA_PSS_SHA512: + return "RSA"; + + case Signature_Scheme::DSA_SHA1: + case Signature_Scheme::DSA_SHA256: + case Signature_Scheme::DSA_SHA384: + case Signature_Scheme::DSA_SHA512: + return "DSA"; + + case Signature_Scheme::ECDSA_SHA1: + case Signature_Scheme::ECDSA_SHA256: + case Signature_Scheme::ECDSA_SHA384: + case Signature_Scheme::ECDSA_SHA512: + return "ECDSA"; + + case Signature_Scheme::EDDSA_25519: + return "Ed25519"; + + case Signature_Scheme::EDDSA_448: + return "Ed448"; + + case Signature_Scheme::NONE: + return ""; + } + + throw Invalid_State("Unknown signature algorithm enum"); + } + +std::string sig_scheme_to_string(Signature_Scheme scheme) + { + switch(scheme) + { + case Signature_Scheme::RSA_PKCS1_SHA1: + return "RSA_PKCS1_SHA1"; + case Signature_Scheme::RSA_PKCS1_SHA256: + return "RSA_PKCS1_SHA256"; + case Signature_Scheme::RSA_PKCS1_SHA384: + return "RSA_PKCS1_SHA384"; + case Signature_Scheme::RSA_PKCS1_SHA512: + return "RSA_PKCS1_SHA512"; + + case Signature_Scheme::DSA_SHA1: + return "DSA_SHA1"; + case Signature_Scheme::DSA_SHA256: + return "DSA_SHA256"; + case Signature_Scheme::DSA_SHA384: + return "DSA_SHA384"; + case Signature_Scheme::DSA_SHA512: + return "DSA_SHA512"; + + case Signature_Scheme::ECDSA_SHA1: + return "ECDSA_SHA1"; + case Signature_Scheme::ECDSA_SHA256: + return "ECDSA_SHA256"; + case Signature_Scheme::ECDSA_SHA384: + return "ECDSA_SHA384"; + case Signature_Scheme::ECDSA_SHA512: + return "ECDSA_SHA512"; + + case Signature_Scheme::RSA_PSS_SHA256: + return "RSA_PSS_SHA256"; + case Signature_Scheme::RSA_PSS_SHA384: + return "RSA_PSS_SHA384"; + case Signature_Scheme::RSA_PSS_SHA512: + return "RSA_PSS_SHA512"; + + case Signature_Scheme::EDDSA_25519: + return "EDDSA_25519"; + case Signature_Scheme::EDDSA_448: + return "EDDSA_448"; + + case Signature_Scheme::NONE: + return ""; + } + + throw Invalid_State("Unknown signature algorithm enum"); + } + +std::string padding_string_for_scheme(Signature_Scheme scheme) + { + switch(scheme) + { + case Signature_Scheme::RSA_PKCS1_SHA1: + return "EMSA_PKCS1(SHA-1)"; + case Signature_Scheme::RSA_PKCS1_SHA256: + return "EMSA_PKCS1(SHA-256)"; + case Signature_Scheme::RSA_PKCS1_SHA384: + return "EMSA_PKCS1(SHA-384)"; + case Signature_Scheme::RSA_PKCS1_SHA512: + return "EMSA_PKCS1(SHA-512)"; + + case Signature_Scheme::DSA_SHA1: + case Signature_Scheme::ECDSA_SHA1: + return "EMSA1(SHA-1)"; + case Signature_Scheme::DSA_SHA256: + case Signature_Scheme::ECDSA_SHA256: + return "EMSA1(SHA-256)"; + case Signature_Scheme::DSA_SHA384: + case Signature_Scheme::ECDSA_SHA384: + return "EMSA1(SHA-384)"; + case Signature_Scheme::DSA_SHA512: + case Signature_Scheme::ECDSA_SHA512: + return "EMSA1(SHA-512)"; + + case Signature_Scheme::RSA_PSS_SHA256: + return "PSSR(SHA-256,MGF1,32)"; + case Signature_Scheme::RSA_PSS_SHA384: + return "PSSR(SHA-384,MGF1,48)"; + case Signature_Scheme::RSA_PSS_SHA512: + return "PSSR(SHA-512,MGF1,64)"; + + case Signature_Scheme::EDDSA_25519: + return "Pure"; + case Signature_Scheme::EDDSA_448: + return "Pure"; + + case Signature_Scheme::NONE: + return ""; + } + + throw Invalid_State("Unknown signature algorithm enum"); + } + +} + +} diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h new file mode 100644 index 0000000000..b65aad1855 --- /dev/null +++ b/src/lib/tls/tls_algos.h @@ -0,0 +1,168 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_TLS_ALGO_IDS_H_ +#define BOTAN_TLS_ALGO_IDS_H_ + +#include +#include +#include + +namespace Botan { + +namespace TLS { + +enum class Cipher_Algo { + CHACHA20_POLY1305, + + AES_128_CBC_HMAC_SHA1 = 100, + AES_128_CBC_HMAC_SHA256, + AES_128_CCM, + AES_128_CCM_8, + AES_128_GCM, + AES_128_OCB, + + AES_256_CBC_HMAC_SHA1 = 200, + AES_256_CBC_HMAC_SHA256, + AES_256_CBC_HMAC_SHA384, + AES_256_CCM, + AES_256_CCM_8, + AES_256_GCM, + AES_256_OCB, + + CAMELLIA_128_CBC_HMAC_SHA1 = 300, + CAMELLIA_128_CBC_HMAC_SHA256, + CAMELLIA_128_GCM, + + CAMELLIA_256_CBC_HMAC_SHA1 = 400, + CAMELLIA_256_CBC_HMAC_SHA256, + CAMELLIA_256_CBC_HMAC_SHA384, + CAMELLIA_256_GCM, + + ARIA_128_GCM = 500, + ARIA_256_GCM, + + DES_EDE_CBC_HMAC_SHA1 = 1000, + SEED_CBC_HMAC_SHA1, +}; + +enum class KDF_Algo { + SHA_1, + SHA_256, + SHA_384, +}; + +std::string BOTAN_DLL kdf_algo_to_string(KDF_Algo algo); + +enum class Nonce_Format { + CBC_MODE, + AEAD_IMPLICIT_4, + AEAD_XOR_12, +}; + +// TODO encoding should match signature_algorithms extension +// TODO this should include hash etc as in TLS v1.3 +enum class Auth_Method { + RSA, + DSA, + ECDSA, + + // These are placed outside the encodable range + IMPLICIT = 0x10000, + ANONYMOUS +}; + +std::string auth_method_to_string(Auth_Method method); +Auth_Method auth_method_from_string(const std::string& str); + +/* +* This matches the wire encoding +*/ +enum class Signature_Scheme : uint16_t { + NONE = 0x0000, + + RSA_PKCS1_SHA1 = 0x0201, + RSA_PKCS1_SHA256 = 0x0401, + RSA_PKCS1_SHA384 = 0x0501, + RSA_PKCS1_SHA512 = 0x0601, + + DSA_SHA1 = 0x0202, + DSA_SHA256 = 0x0402, + DSA_SHA384 = 0x0502, + DSA_SHA512 = 0x0602, + + ECDSA_SHA1 = 0x0203, + ECDSA_SHA256 = 0x0403, + ECDSA_SHA384 = 0x0503, + ECDSA_SHA512 = 0x0603, + + RSA_PSS_SHA256 = 0x0804, + RSA_PSS_SHA384 = 0x0805, + RSA_PSS_SHA512 = 0x0806, + + EDDSA_25519 = 0x0807, + EDDSA_448 = 0x0808, +}; + +const std::vector& all_signature_schemes(); + +std::string BOTAN_UNSTABLE_API sig_scheme_to_string(Signature_Scheme scheme); +std::string hash_function_of_scheme(Signature_Scheme scheme); +std::string padding_string_for_scheme(Signature_Scheme scheme); +std::string signature_algorithm_of_scheme(Signature_Scheme scheme); + +/* +* Matches with wire encoding +*/ +enum class Group_Params : uint16_t { + SECP256R1 = 23, + SECP384R1 = 24, + SECP521R1 = 25, + BRAINPOOL256R1 = 26, + BRAINPOOL384R1 = 27, + BRAINPOOL512R1 = 28, + + X25519 = 29, + + FFDHE_2048 = 256, + FFDHE_3072 = 257, + FFDHE_4096 = 258, + FFDHE_6144 = 259, + FFDHE_8192 = 260, + +#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) + HOUSE_CURVE = BOTAN_HOUSE_ECC_CURVE_TLS_ID, +#endif +}; + +std::string group_param_to_string(Group_Params group); + +enum class Kex_Algo { + STATIC_RSA, + DH, + ECDH, + CECPQ1, + SRP_SHA, + PSK, + DHE_PSK, + ECDHE_PSK, +}; + +std::string kex_method_to_string(Kex_Algo method); +Kex_Algo kex_method_from_string(const std::string& str); + +inline bool key_exchange_is_psk(Kex_Algo m) + { + return (m == Kex_Algo::PSK || + m == Kex_Algo::DHE_PSK || + m == Kex_Algo::ECDHE_PSK); + } + +} + +} + +#endif diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index cef6bb3c70..d1a509d78f 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -16,6 +16,26 @@ namespace Botan { namespace TLS { +size_t Ciphersuite::nonce_bytes_from_handshake() const + { + switch(m_nonce_format) + { + case Nonce_Format::CBC_MODE: + { + if(cipher_algo() == "3DES") + return 8; + else + return 16; + } + case Nonce_Format::AEAD_IMPLICIT_4: + return 4; + case Nonce_Format::AEAD_XOR_12: + return 12; + } + + throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); + } + bool Ciphersuite::is_scsv(uint16_t suite) { // TODO: derive from IANA file in script @@ -24,14 +44,16 @@ bool Ciphersuite::is_scsv(uint16_t suite) bool Ciphersuite::psk_ciphersuite() const { - return (kex_algo() == "PSK" || - kex_algo() == "DHE_PSK" || - kex_algo() == "ECDHE_PSK"); + return kex_method() == Kex_Algo::PSK || + kex_method() == Kex_Algo::DHE_PSK || + kex_method() == Kex_Algo::ECDHE_PSK; } bool Ciphersuite::ecc_ciphersuite() const { - return (sig_algo() == "ECDSA" || kex_algo() == "ECDH" || kex_algo() == "ECDHE_PSK"); + return kex_method() == Kex_Algo::ECDH || + kex_method() == Kex_Algo::ECDHE_PSK || + auth_method() == Auth_Method::ECDSA; } bool Ciphersuite::cbc_ciphersuite() const @@ -39,6 +61,12 @@ bool Ciphersuite::cbc_ciphersuite() const return (mac_algo() != "AEAD"); } +bool Ciphersuite::signature_used() const + { + return auth_method() != Auth_Method::ANONYMOUS && + auth_method() != Auth_Method::IMPLICIT; + } + Ciphersuite Ciphersuite::by_id(uint16_t suite) { const std::vector& all_suites = all_known_ciphersuites(); @@ -122,44 +150,44 @@ bool Ciphersuite::is_usable() const return false; } - if(kex_algo() == "SRP_SHA") + if(kex_method() == Kex_Algo::SRP_SHA) { #if !defined(BOTAN_HAS_SRP6) return false; #endif } - else if(kex_algo() == "ECDH" || kex_algo() == "ECDHE_PSK") + else if(kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK) { #if !defined(BOTAN_HAS_ECDH) return false; #endif } - else if(kex_algo() == "DH" || kex_algo() == "DHE_PSK") + else if(kex_method() == Kex_Algo::DH || kex_method() == Kex_Algo::DHE_PSK) { #if !defined(BOTAN_HAS_DIFFIE_HELLMAN) return false; #endif } - else if(kex_algo() == "CECPQ1") + else if(kex_method() == Kex_Algo::CECPQ1) { #if !defined(BOTAN_HAS_CECPQ1) return false; #endif } - if(sig_algo() == "DSA") + if(auth_method() == Auth_Method::DSA) { #if !defined(BOTAN_HAS_DSA) return false; #endif } - else if(sig_algo() == "ECDSA") + else if(auth_method() == Auth_Method::ECDSA) { #if !defined(BOTAN_HAS_ECDSA) return false; #endif } - else if(sig_algo() == "RSA") + else if(auth_method() == Auth_Method::RSA) { #if !defined(BOTAN_HAS_RSA) return false; diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h index 6c2836f9d9..2ee3df20e6 100644 --- a/src/lib/tls/tls_ciphersuite.h +++ b/src/lib/tls/tls_ciphersuite.h @@ -9,6 +9,7 @@ #define BOTAN_TLS_CIPHER_SUITES_H_ #include +#include #include #include @@ -67,15 +68,21 @@ class BOTAN_PUBLIC_API(2,0) Ciphersuite final */ bool cbc_ciphersuite() const; + bool signature_used() const; + /** * @return key exchange algorithm used by this ciphersuite */ - std::string kex_algo() const { return m_kex_algo; } + std::string kex_algo() const { return kex_method_to_string(kex_method()); } + + Kex_Algo kex_method() const { return m_kex_algo; } /** * @return signature algorithm used by this ciphersuite */ - std::string sig_algo() const { return m_sig_algo; } + std::string sig_algo() const { return auth_method_to_string(auth_method()); } + + Auth_Method auth_method() const { return m_auth_method; } /** * @return symmetric cipher algorithm used by this ciphersuite @@ -89,9 +96,7 @@ class BOTAN_PUBLIC_API(2,0) Ciphersuite final std::string prf_algo() const { - if(m_prf_algo && *m_prf_algo) - return m_prf_algo; - return m_mac_algo; + return kdf_algo_to_string(m_prf_algo); } /** @@ -99,9 +104,9 @@ class BOTAN_PUBLIC_API(2,0) Ciphersuite final */ size_t cipher_keylen() const { return m_cipher_keylen; } - size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; } + size_t nonce_bytes_from_handshake() const; - size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; } + Nonce_Format nonce_format() const { return m_nonce_format; } size_t mac_keylen() const { return m_mac_keylen; } @@ -121,25 +126,23 @@ class BOTAN_PUBLIC_API(2,0) Ciphersuite final Ciphersuite(uint16_t ciphersuite_code, const char* iana_id, - const char* sig_algo, - const char* kex_algo, + Auth_Method auth_method, + Kex_Algo kex_algo, const char* cipher_algo, size_t cipher_keylen, - size_t nonce_bytes_from_handshake, - size_t nonce_bytes_from_record, const char* mac_algo, size_t mac_keylen, - const char* prf_algo) : + KDF_Algo prf_algo, + Nonce_Format nonce_format) : m_ciphersuite_code(ciphersuite_code), m_iana_id(iana_id), - m_sig_algo(sig_algo), + m_auth_method(auth_method), m_kex_algo(kex_algo), m_prf_algo(prf_algo), + m_nonce_format(nonce_format), m_cipher_algo(cipher_algo), m_mac_algo(mac_algo), m_cipher_keylen(cipher_keylen), - m_nonce_bytes_from_handshake(nonce_bytes_from_handshake), - m_nonce_bytes_from_record(nonce_bytes_from_record), m_mac_keylen(mac_keylen) { m_usable = is_usable(); @@ -153,16 +156,15 @@ class BOTAN_PUBLIC_API(2,0) Ciphersuite final */ const char* m_iana_id = nullptr; - const char* m_sig_algo = nullptr; - const char* m_kex_algo = nullptr; - const char* m_prf_algo = nullptr; + Auth_Method m_auth_method = Auth_Method::ANONYMOUS; + Kex_Algo m_kex_algo = Kex_Algo::STATIC_RSA; + KDF_Algo m_prf_algo = KDF_Algo::SHA_1; + Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE; const char* m_cipher_algo = nullptr; const char* m_mac_algo = nullptr; size_t m_cipher_keylen = 0; - size_t m_nonce_bytes_from_handshake = 0; - size_t m_nonce_bytes_from_record = 0; size_t m_mac_keylen = 0; bool m_usable = false; diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index c35149d6bd..39e69d8ea3 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -361,11 +361,11 @@ void Client::process_handshake_msg(const Handshake_State* active_state, " is unacceptable by policy"); } - if(state.ciphersuite().sig_algo() != "") + if(state.ciphersuite().signature_used() || state.ciphersuite().kex_method() == Kex_Algo::STATIC_RSA) { state.set_expected_next(CERTIFICATE); } - else if(state.ciphersuite().kex_algo() == "PSK") + else if(state.ciphersuite().kex_method() == Kex_Algo::PSK) { /* PSK is anonymous so no certificate/cert req message is ever sent. The server may or may not send a server kex, @@ -378,7 +378,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.set_expected_next(SERVER_KEX); state.set_expected_next(SERVER_HELLO_DONE); } - else if(state.ciphersuite().kex_algo() != "RSA") + else if(state.ciphersuite().kex_method() != Kex_Algo::STATIC_RSA) { state.set_expected_next(SERVER_KEX); } @@ -408,13 +408,16 @@ void Client::process_handshake_msg(const Handshake_State* active_state, std::unique_ptr peer_key(server_certs[0].subject_public_key()); - if(peer_key->algo_name() != state.ciphersuite().sig_algo()) + const std::string expected_key_type = + state.ciphersuite().signature_used() ? state.ciphersuite().sig_algo() : "RSA"; + + if(peer_key->algo_name() != expected_key_type) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Certificate key type did not match ciphersuite"); state.server_public_key.reset(peer_key.release()); - if(state.ciphersuite().kex_algo() != "RSA") + if(state.ciphersuite().kex_method() != Kex_Algo::STATIC_RSA) { state.set_expected_next(SERVER_KEX); } @@ -451,7 +454,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { state.server_cert_status(new Certificate_Status(contents)); - if(state.ciphersuite().kex_algo() != "RSA") + if(state.ciphersuite().kex_method() != Kex_Algo::STATIC_RSA) { state.set_expected_next(SERVER_KEX); } @@ -468,12 +471,12 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.server_kex( new Server_Key_Exchange(contents, - state.ciphersuite().kex_algo(), - state.ciphersuite().sig_algo(), + state.ciphersuite().kex_method(), + state.ciphersuite().auth_method(), state.version()) ); - if(state.ciphersuite().sig_algo() != "") + if(state.ciphersuite().signature_used()) { const Public_Key& server_key = state.get_server_public_key(); diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 522cf4a4f0..6d69d7b45e 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -442,16 +442,19 @@ Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, for(size_t i = 0; i != len; ++i) { const uint16_t id = reader.get_uint16_t(); - const std::string name = curve_id_to_name(id); + const Group_Params group_id = static_cast(id); + + const bool is_dh = (id >= 256 && id <= 511); + const std::string name = group_param_to_string(group_id); if(!name.empty()) { m_groups.push_back(name); - if(is_dh_group(name)) + if(is_dh) { m_dh_groups.push_back(name); } - else + else { m_curves.push_back(name); } @@ -501,137 +504,41 @@ Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, } } -std::string Signature_Algorithms::hash_algo_name(uint8_t code) - { - switch(code) - { - // code 1 is MD5 - ignore it - - case 2: - return "SHA-1"; - - // code 3 is SHA-224 - - case 4: - return "SHA-256"; - case 5: - return "SHA-384"; - case 6: - return "SHA-512"; - default: - return ""; - } - } - -uint8_t Signature_Algorithms::hash_algo_code(const std::string& name) - { - if(name == "SHA-1") - return 2; - - if(name == "SHA-256") - return 4; - - if(name == "SHA-384") - return 5; - - if(name == "SHA-512") - return 6; - - throw Internal_Error("Unknown hash ID " + name + " for signature_algorithms"); - } - -std::string Signature_Algorithms::sig_algo_name(uint8_t code) - { - switch(code) - { - case 1: - return "RSA"; - case 2: - return "DSA"; - case 3: - return "ECDSA"; - default: - return ""; - } - } - -uint8_t Signature_Algorithms::sig_algo_code(const std::string& name) +std::vector Signature_Algorithms::serialize() const { - if(name == "RSA") - return 1; - - if(name == "DSA") - return 2; + std::vector buf; - if(name == "ECDSA") - return 3; + const uint16_t len = m_schemes.size() * 2; - throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); - } + buf.push_back(get_byte(0, len)); + buf.push_back(get_byte(1, len)); -std::vector Signature_Algorithms::serialize() const - { - std::vector buf(2); - - for(size_t i = 0; i != m_supported_algos.size(); ++i) + for(Signature_Scheme scheme : m_schemes) { - try - { - const uint8_t hash_code = hash_algo_code(m_supported_algos[i].first); - const uint8_t sig_code = sig_algo_code(m_supported_algos[i].second); + const uint16_t scheme_code = static_cast(scheme); - buf.push_back(hash_code); - buf.push_back(sig_code); - } - catch(...) - {} + buf.push_back(get_byte(0, scheme_code)); + buf.push_back(get_byte(1, scheme_code)); } - buf[0] = get_byte(0, static_cast(buf.size()-2)); - buf[1] = get_byte(1, static_cast(buf.size()-2)); - return buf; } -Signature_Algorithms::Signature_Algorithms(const std::vector& hashes, - const std::vector& sigs) - { - for(size_t i = 0; i != hashes.size(); ++i) - for(size_t j = 0; j != sigs.size(); ++j) - m_supported_algos.push_back(std::make_pair(hashes[i], sigs[j])); - } - Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, uint16_t extension_size) { uint16_t len = reader.get_uint16_t(); if(len + 2 != extension_size || len % 2 == 1 || len == 0) + { throw Decoding_Error("Bad encoding on signature algorithms extension"); + } while(len) { - const uint8_t hash_code = reader.get_byte(); - const uint8_t sig_code = reader.get_byte(); + const uint16_t scheme_code = reader.get_uint16_t(); + m_schemes.push_back(static_cast(scheme_code)); len -= 2; - - if(sig_code == 0) - { - /* - RFC 5247 7.4.1.4.1 explicitly prohibits anonymous (0) signature code in - the client hello. ("It MUST NOT appear in this extension.") - */ - throw TLS_Exception(Alert::DECODE_ERROR, "Client sent ANON signature"); - } - - const std::string hash_name = hash_algo_name(hash_code); - const std::string sig_name = sig_algo_name(sig_code); - - // If not something we know, ignore it completely - if(hash_name.empty() || sig_name.empty()) - continue; - - m_supported_algos.push_back(std::make_pair(hash_name, sig_name)); } } diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 5ba3c0b8e8..a1ed3f8583 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -10,8 +10,9 @@ #ifndef BOTAN_TLS_EXTENSIONS_H_ #define BOTAN_TLS_EXTENSIONS_H_ +#include #include -#include +#include #include #include #include @@ -306,33 +307,19 @@ class Signature_Algorithms final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - static std::string hash_algo_name(uint8_t code); - static uint8_t hash_algo_code(const std::string& name); - - static std::string sig_algo_name(uint8_t code); - static uint8_t sig_algo_code(const std::string& name); - - // [(hash,sig),(hash,sig),...] - const std::vector>& - supported_signature_algorthms() const - { - return m_supported_algos; - } + const std::vector& supported_schemes() const { return m_schemes; } std::vector serialize() const override; - bool empty() const override { return false; } - - Signature_Algorithms(const std::vector& hashes, - const std::vector& sig_algos); + bool empty() const override { return m_schemes.empty(); } - explicit Signature_Algorithms(const std::vector>& algos) : - m_supported_algos(algos) {} + explicit Signature_Algorithms(const std::vector& schemes) : + m_schemes(schemes) {} Signature_Algorithms(TLS_Data_Reader& reader, uint16_t extension_size); private: - std::vector> m_supported_algos; + std::vector m_schemes; }; /** diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 0fcf0d2abe..ab023834bb 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -341,7 +341,7 @@ std::string Handshake_State::srp_identifier() const { #if defined(BOTAN_HAS_SRP6) // Authenticated via the successful key exchange - if(ciphersuite().valid() && ciphersuite().kex_algo() == "SRP_SHA") + if(ciphersuite().valid() && ciphersuite().kex_method() == Kex_Algo::SRP_SHA) return client_hello()->srp_identifier(); #endif @@ -373,93 +373,70 @@ KDF* Handshake_State::protocol_specific_prf() const return get_kdf("TLS-PRF"); } -namespace { - -std::string choose_hash(const std::string& sig_algo, - std::vector>& supported_algos, - Protocol_Version negotiated_version, - const Policy& policy) +std::pair +Handshake_State::choose_sig_format(const Private_Key& key, + Signature_Scheme& chosen_scheme, + bool for_client_auth, + const Policy& policy) const { - if(!negotiated_version.supports_negotiable_signature_algorithms()) - { - if(sig_algo == "RSA") - return "Parallel(MD5,SHA-160)"; + const std::string sig_algo = key.algo_name(); - if(sig_algo == "DSA") - return "SHA-1"; + if(this->version().supports_negotiable_signature_algorithms()) + { + const std::vector allowed = policy.allowed_signature_schemes(); - if(sig_algo == "ECDSA") - return "SHA-1"; + std::vector schemes = + (for_client_auth) ? cert_req()->signature_schemes() : client_hello()->signature_schemes(); - throw Internal_Error("Unknown TLS signature algo " + sig_algo); - } - - if(!supported_algos.empty()) - { - const std::vector hashes = policy.allowed_signature_hashes(); + if(schemes.empty()) + { + // Implicit SHA-1 + schemes.push_back(Signature_Scheme::RSA_PKCS1_SHA1); + schemes.push_back(Signature_Scheme::ECDSA_SHA1); + schemes.push_back(Signature_Scheme::DSA_SHA1); + } - /* - * Choose our most preferred hash that the counterparty supports - * in pairing with the signature algorithm we want to use. - */ - for(std::string hash : hashes) + for(Signature_Scheme scheme : schemes) { - for(auto algo : supported_algos) + if(signature_algorithm_of_scheme(scheme) == sig_algo) { - if(algo.first == hash && algo.second == sig_algo) - return hash; + if(std::find(allowed.begin(), allowed.end(), scheme) != allowed.end()) + { + chosen_scheme = scheme; + break; + } } } - } - // TLS v1.2 default hash if the counterparty sent nothing - return "SHA-1"; - } + const std::string hash = hash_function_of_scheme(chosen_scheme); -} - -std::pair -Handshake_State::choose_sig_format(const Private_Key& key, - std::string& hash_algo_out, - std::string& sig_algo_out, - bool for_client_auth, - const Policy& policy) const - { - const std::string sig_algo = key.algo_name(); - - std::vector> supported_algos = - (for_client_auth) ? cert_req()->supported_algos() : client_hello()->supported_algos(); - - const std::string hash_algo = choose_hash(sig_algo, - supported_algos, - this->version(), - policy); - - if(this->version().supports_negotiable_signature_algorithms()) - { - // We skip this check for v1.0 since you're stuck with SHA-1 regardless - - if(!policy.allowed_signature_hash(hash_algo)) + if(!policy.allowed_signature_hash(hash)) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Policy refuses to accept signing with any hash supported by peer"); } - hash_algo_out = hash_algo; - sig_algo_out = sig_algo; - } - - if(sig_algo == "RSA") - { - const std::string padding = "EMSA3(" + hash_algo + ")"; - - return std::make_pair(padding, IEEE_1363); + if(sig_algo == "RSA") + { + return std::make_pair(padding_string_for_scheme(chosen_scheme), IEEE_1363); + } + else if(sig_algo == "DSA" || sig_algo == "ECDSA") + { + return std::make_pair(padding_string_for_scheme(chosen_scheme), DER_SEQUENCE); + } } - else if(sig_algo == "DSA" || sig_algo == "ECDSA") + else { - const std::string padding = "EMSA1(" + hash_algo + ")"; - - return std::make_pair(padding, DER_SEQUENCE); + if(sig_algo == "RSA") + { + const std::string padding = "EMSA3(Parallel(MD5,SHA-160))"; + return std::make_pair(padding, IEEE_1363); + } + else if(sig_algo == "DSA" || sig_algo == "ECDSA") + { + const std::string padding = "EMSA1(SHA-1)"; + return std::make_pair(padding, DER_SEQUENCE); + } } throw Invalid_Argument(sig_algo + " is invalid/unknown for TLS signatures"); @@ -468,13 +445,14 @@ Handshake_State::choose_sig_format(const Private_Key& key, namespace { bool supported_algos_include( - const std::vector>& algos, + const std::vector& schemes, const std::string& key_type, const std::string& hash_type) { - for(auto&& algo : algos) + for(Signature_Scheme scheme : schemes) { - if(algo.first == hash_type && algo.second == key_type) + if(hash_function_of_scheme(scheme) == hash_type && + signature_algorithm_of_scheme(scheme) == key_type) { return true; } @@ -487,8 +465,7 @@ bool supported_algos_include( std::pair Handshake_State::parse_sig_format(const Public_Key& key, - const std::string& input_hash_algo, - const std::string& input_sig_algo, + Signature_Scheme scheme, bool for_client_auth, const Policy& policy) const { @@ -500,73 +477,67 @@ Handshake_State::parse_sig_format(const Public_Key& key, "Rejecting " + key_type + " signature"); } - std::string hash_algo; - - if(this->version().supports_negotiable_signature_algorithms()) + if(this->version().supports_negotiable_signature_algorithms() == false) { - if(input_sig_algo != key_type) - throw Decoding_Error("Counterparty sent inconsistent key and sig types"); - - if(input_hash_algo == "") - throw Decoding_Error("Counterparty did not send hash/sig IDS"); - - hash_algo = input_hash_algo; - - if(for_client_auth && !cert_req()) - { - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "No certificate verify set"); - } + if(scheme != Signature_Scheme::NONE) + throw Decoding_Error("Counterparty sent hash/sig IDs with old version"); /* - Confirm the signature type we just received against the - supported_algos list that we sent; it better be there. + There is no check on the acceptability of a v1.0/v1.1 hash type, + since it's implicit with use of the protocol */ - const auto supported_algos = - for_client_auth ? cert_req()->supported_algos() : - client_hello()->supported_algos(); - - if(!supported_algos_include(supported_algos, key_type, hash_algo)) - { - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "TLS signature extension did not allow for " + - key_type + "/" + hash_algo + " signature"); - } - } - else - { - if(input_hash_algo != "" || input_sig_algo != "") - throw Decoding_Error("Counterparty sent hash/sig IDs with old version"); - if(key_type == "RSA") { - hash_algo = "Parallel(MD5,SHA-160)"; + const std::string padding = "EMSA3(Parallel(MD5,SHA-160))"; + return std::make_pair(padding, IEEE_1363); } else if(key_type == "DSA" || key_type == "ECDSA") { - hash_algo = "SHA-1"; + const std::string padding = "EMSA1(SHA-1)"; + return std::make_pair(padding, DER_SEQUENCE); } else - { throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); - } + } - /* - There is no check on the acceptability of a v1.0/v1.1 hash type, - since it's implicit with use of the protocol - */ + if(scheme == Signature_Scheme::NONE) + throw Decoding_Error("Counterparty did not send hash/sig IDS"); + + if(key_type != signature_algorithm_of_scheme(scheme)) + throw Decoding_Error("Counterparty sent inconsistent key and sig types"); + + if(for_client_auth && !cert_req()) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "No certificate verify set"); + } + + /* + Confirm the signature type we just received against the + supported_algos list that we sent; it better be there. + */ + + const std::vector supported_algos = + for_client_auth ? cert_req()->signature_schemes() : + client_hello()->signature_schemes(); + + const std::string hash_algo = hash_function_of_scheme(scheme); + + if(!supported_algos_include(supported_algos, key_type, hash_algo)) + { + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "TLS signature extension did not allow for " + + key_type + "/" + hash_algo + " signature"); } if(key_type == "RSA") { - const std::string padding = "EMSA3(" + hash_algo + ")"; - return std::make_pair(padding, IEEE_1363); + return std::make_pair(padding_string_for_scheme(scheme), IEEE_1363); } else if(key_type == "DSA" || key_type == "ECDSA") { - const std::string padding = "EMSA1(" + hash_algo + ")"; - return std::make_pair(padding, DER_SEQUENCE); + return std::make_pair(padding_string_for_scheme(scheme), DER_SEQUENCE); } throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures"); diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index 437625cedd..3321a6210e 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -83,15 +83,13 @@ class Handshake_State std::pair parse_sig_format(const Public_Key& key, - const std::string& hash_algo, - const std::string& sig_algo, + Signature_Scheme scheme, bool for_client_auth, const Policy& policy) const; std::pair choose_sig_format(const Private_Key& key, - std::string& hash_algo, - std::string& sig_algo, + Signature_Scheme& scheme, bool for_client_auth, const Policy& policy) const; diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index cd06517d74..03b07fe27c 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -103,9 +104,7 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message bool sent_fallback_scsv() const; - std::vector> supported_algos() const; - - std::set supported_sig_algos() const; + std::vector signature_schemes() const; std::vector supported_ecc_curves() const; @@ -414,8 +413,10 @@ class BOTAN_UNSTABLE_API Certificate_Req final : public Handshake_Message const std::vector& acceptable_CAs() const { return m_names; } - std::vector > supported_algos() const - { return m_supported_algos; } + const std::vector& signature_schemes() const + { + return m_schemes; + } Certificate_Req(Handshake_IO& io, Handshake_Hash& hash, @@ -431,7 +432,7 @@ class BOTAN_UNSTABLE_API Certificate_Req final : public Handshake_Message std::vector m_names; std::vector m_cert_key_types; - std::vector > m_supported_algos; + std::vector m_schemes; }; /** @@ -463,9 +464,8 @@ class BOTAN_UNSTABLE_API Certificate_Verify final : public Handshake_Message private: std::vector serialize() const override; - std::string m_sig_algo; // sig algo used to create signature - std::string m_hash_algo; // hash used to create signature std::vector m_signature; + Signature_Scheme m_scheme = Signature_Scheme::NONE; }; /** @@ -550,8 +550,8 @@ class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message const Private_Key* signing_key = nullptr); Server_Key_Exchange(const std::vector& buf, - const std::string& kex_alg, - const std::string& sig_alg, + Kex_Algo kex_alg, + Auth_Method sig_alg, Protocol_Version version); ~Server_Key_Exchange() = default; @@ -570,9 +570,8 @@ class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message std::vector m_params; - std::string m_sig_algo; // sig algo used to create signature - std::string m_hash_algo; // hash used to create signature std::vector m_signature; + Signature_Scheme m_scheme = Signature_Scheme::NONE; }; /** diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index a46fcee925..2c63aa8400 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -20,6 +20,24 @@ namespace Botan { namespace TLS { +std::vector Policy::allowed_signature_schemes() const + { + std::vector schemes; + + for(Signature_Scheme scheme : all_signature_schemes()) + { + const bool sig_allowed = allowed_signature_method(signature_algorithm_of_scheme(scheme)); + const bool hash_allowed = allowed_signature_hash(hash_function_of_scheme(scheme)); + + if(sig_allowed && hash_allowed) + { + schemes.push_back(scheme); + } + } + + return schemes; + } + std::vector Policy::allowed_ciphers() const { return { @@ -90,7 +108,8 @@ std::vector Policy::allowed_signature_methods() const "ECDSA", "RSA", //"DSA", - //"" (anon) + //"IMPLICIT", + //"ANONYMOUS" (anon) }; } @@ -153,6 +172,9 @@ std::string Policy::choose_curve(const std::vector& curve_names) co */ std::string Policy::choose_dh_group(const std::vector& dh_groups) const { + if(dh_groups.empty()) + return dh_group(); + const std::vector our_groups = allowed_groups(); for(size_t i = 0; i != our_groups.size(); ++i) @@ -365,7 +387,7 @@ class Ciphersuite_Preference_Ordering final bool operator()(const Ciphersuite& a, const Ciphersuite& b) const { - if(a.kex_algo() != b.kex_algo()) + if(a.kex_method() != b.kex_method()) { for(size_t i = 0; i != m_kex.size(); ++i) { @@ -395,7 +417,7 @@ class Ciphersuite_Preference_Ordering final return true; } - if(a.sig_algo() != b.sig_algo()) + if(a.auth_method() != b.auth_method()) { for(size_t i = 0; i != m_sigs.size(); ++i) { @@ -446,7 +468,7 @@ std::vector Policy::ciphersuite_list(Protocol_Version version, continue; // Are we doing SRP? - if(!have_srp && suite.kex_algo() == "SRP_SHA") + if(!have_srp && suite.kex_method() == Kex_Algo::SRP_SHA) continue; if(!version.supports_aead_modes()) @@ -472,7 +494,7 @@ std::vector Policy::ciphersuite_list(Protocol_Version version, if(!value_exists(sigs, suite.sig_algo())) { // allow if it's an empty sig algo and we want to use PSK - if(suite.sig_algo() != "" || !suite.psk_ciphersuite()) + if(suite.auth_method() != Auth_Method::IMPLICIT || !suite.psk_ciphersuite()) continue; } @@ -481,7 +503,7 @@ std::vector Policy::ciphersuite_list(Protocol_Version version, removal of x25519 from the ECC curve list as equivalent to saying they do not trust CECPQ1 */ - if(suite.kex_algo() == "CECPQ1" && allowed_ecc_curve("x25519") == false) + if(suite.kex_method() == Kex_Algo::CECPQ1 && allowed_ecc_curve("x25519") == false) continue; // OK, consider it diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 84da00bfb3..a3d1752016 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -10,6 +10,7 @@ #define BOTAN_TLS_POLICY_H_ #include +#include #include #include #include @@ -58,6 +59,8 @@ class BOTAN_PUBLIC_API(2,0) Policy */ virtual std::vector allowed_signature_methods() const; + virtual std::vector allowed_signature_schemes() const; + /** * The minimum signature strength we will accept * Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 996abbfc4a..8c86ef3c70 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -31,9 +31,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, const Ciphersuite& suite, const Session_Keys& keys, bool uses_encrypt_then_mac) : - m_start_time(std::chrono::system_clock::now()), - m_nonce_bytes_from_handshake(suite.nonce_bytes_from_handshake()), - m_nonce_bytes_from_record(suite.nonce_bytes_from_record()) + m_start_time(std::chrono::system_clock::now()) { SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -51,27 +49,11 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, mac_key = keys.server_mac_key(); } - BOTAN_ASSERT_EQUAL(iv.length(), nonce_bytes_from_handshake(), "Matching nonce sizes"); - m_nonce = unlock(iv.bits_of()); + m_nonce_bytes_from_handshake = m_nonce.size(); + m_nonce_format = suite.nonce_format(); - if(suite.mac_algo() == "AEAD") - { - m_aead.reset(get_aead(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION)); - BOTAN_ASSERT(m_aead, "Have AEAD"); - - m_aead->set_key(cipher_key + mac_key); - - BOTAN_ASSERT(nonce_bytes_from_record() == 0 || nonce_bytes_from_record() == 8, - "Ciphersuite uses implemented IV length"); - - m_cbc_nonce = false; - if(m_nonce.size() != 12) - { - m_nonce.resize(m_nonce.size() + 8); - } - } - else + if(nonce_format() == Nonce_Format::CBC_MODE) { #if defined(BOTAN_HAS_TLS_CBC) // legacy CBC+HMAC mode @@ -98,7 +80,8 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, m_aead->set_key(cipher_key + mac_key); - m_cbc_nonce = true; + m_nonce_bytes_from_record = 0; + if(version.supports_explicit_cbc_ivs()) m_nonce_bytes_from_record = m_nonce_bytes_from_handshake; else if(our_side == false) @@ -107,77 +90,89 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, throw Exception("Negotiated disabled TLS CBC+HMAC ciphersuite"); #endif } + else + { + m_aead.reset(get_aead(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION)); + BOTAN_ASSERT(m_aead, "Have AEAD"); + + m_aead->set_key(cipher_key + mac_key); + + if(nonce_format() == Nonce_Format::AEAD_IMPLICIT_4) + { + m_nonce_bytes_from_record = 8; + m_nonce.resize(m_nonce.size() + 8); + } + else if(nonce_format() != Nonce_Format::AEAD_XOR_12) + { + throw Invalid_State("Invalid AEAD nonce format used"); + } + } } std::vector Connection_Cipher_State::aead_nonce(uint64_t seq, RandomNumberGenerator& rng) { - if(m_cbc_nonce) + switch(m_nonce_format) { - if(m_nonce.size()) + case Nonce_Format::CBC_MODE: { - std::vector nonce; - nonce.swap(m_nonce); + if(m_nonce.size()) + { + std::vector nonce; + nonce.swap(m_nonce); + return nonce; + } + std::vector nonce(nonce_bytes_from_record()); + rng.randomize(nonce.data(), nonce.size()); + return nonce; + } + case Nonce_Format::AEAD_XOR_12: + { + std::vector nonce(12); + store_be(seq, nonce.data() + 4); + xor_buf(nonce, m_nonce.data(), m_nonce.size()); + return nonce; + } + case Nonce_Format::AEAD_IMPLICIT_4: + { + std::vector nonce = m_nonce; + store_be(seq, &nonce[nonce_bytes_from_handshake()]); return nonce; } - std::vector nonce(nonce_bytes_from_record()); - rng.randomize(nonce.data(), nonce.size()); - return nonce; - } - else if(nonce_bytes_from_handshake() == 12) - { - std::vector nonce(12); - store_be(seq, nonce.data() + 4); - xor_buf(nonce, m_nonce.data(), m_nonce.size()); - return nonce; - } - else - { - std::vector nonce = m_nonce; - store_be(seq, &nonce[nonce_bytes_from_handshake()]); - return nonce; } + + throw Invalid_State("Unknown nonce format specified"); } std::vector Connection_Cipher_State::aead_nonce(const uint8_t record[], size_t record_len, uint64_t seq) { - if(m_cbc_nonce) - { - if(record_len < nonce_bytes_from_record()) - throw Decoding_Error("Invalid CBC packet too short to be valid"); - std::vector nonce(record, record + nonce_bytes_from_record()); - return nonce; - } - else if(nonce_bytes_from_handshake() == 12) - { - /* - Assumes if the suite specifies 12 bytes come from the handshake then - use the XOR nonce construction from draft-ietf-tls-chacha20-poly1305 - */ - - std::vector nonce(12); - store_be(seq, nonce.data() + 4); - xor_buf(nonce, m_nonce.data(), m_nonce.size()); - return nonce; - } - else if(nonce_bytes_from_record() > 0) - { - if(record_len < nonce_bytes_from_record()) - throw Decoding_Error("Invalid AEAD packet too short to be valid"); - std::vector nonce = m_nonce; - copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); - return nonce; - } - else + switch(m_nonce_format) { - /* - nonce_len == 0 is assumed to mean no nonce in the message but - instead the AEAD uses the seq number in network order. - */ - std::vector nonce = m_nonce; - store_be(seq, &nonce[nonce_bytes_from_handshake()]); - return nonce; + case Nonce_Format::CBC_MODE: + { + if(record_len < nonce_bytes_from_record()) + throw Decoding_Error("Invalid CBC packet too short to be valid"); + std::vector nonce(record, record + nonce_bytes_from_record()); + return nonce; + } + case Nonce_Format::AEAD_XOR_12: + { + std::vector nonce(12); + store_be(seq, nonce.data() + 4); + xor_buf(nonce, m_nonce.data(), m_nonce.size()); + return nonce; + } + case Nonce_Format::AEAD_IMPLICIT_4: + { + if(record_len < nonce_bytes_from_record()) + throw Decoding_Error("Invalid AEAD packet too short to be valid"); + std::vector nonce = m_nonce; + copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); + return nonce; + } } + + throw Invalid_State("Unknown nonce format specified"); } std::vector @@ -251,7 +246,7 @@ void write_record(secure_vector& output, if(cs->nonce_bytes_from_record() > 0) { - if(cs->cbc_nonce()) + if(cs->nonce_format() == Nonce_Format::CBC_MODE) output += nonce; else output += std::make_pair(&nonce[cs->nonce_bytes_from_handshake()], cs->nonce_bytes_from_record()); diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h index 1fe3a558b4..7ccd78b86d 100644 --- a/src/lib/tls/tls_record.h +++ b/src/lib/tls/tls_record.h @@ -9,6 +9,7 @@ #ifndef BOTAN_TLS_RECORDS_H_ #define BOTAN_TLS_RECORDS_H_ +#include #include #include #include @@ -53,7 +54,8 @@ class Connection_Cipher_State final size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; } size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; } - bool cbc_nonce() const { return m_cbc_nonce; } + + Nonce_Format nonce_format() const { return m_nonce_format; } std::chrono::seconds age() const { @@ -66,9 +68,9 @@ class Connection_Cipher_State final std::unique_ptr m_aead; std::vector m_nonce; - size_t m_nonce_bytes_from_handshake; - size_t m_nonce_bytes_from_record; - bool m_cbc_nonce; + Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE; + size_t m_nonce_bytes_from_handshake = 0; + size_t m_nonce_bytes_from_record = 0; }; class Record final diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 38c5cf2caf..61a360ba9c 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -177,8 +177,6 @@ uint16_t choose_ciphersuite( if(!our_choice) std::swap(pref_list, other_list); - const std::set client_sig_algos = client_hello.supported_sig_algos(); - for(auto suite_id : pref_list) { if(!value_exists(other_list, suite_id)) @@ -187,39 +185,50 @@ uint16_t choose_ciphersuite( const Ciphersuite suite = Ciphersuite::by_id(suite_id); if(suite.valid() == false) + { continue; + } - if(suite.ecc_ciphersuite() && have_shared_ecc_curve == false) + if(have_shared_ecc_curve == false && suite.ecc_ciphersuite()) + { continue; + } // For non-anon ciphersuites - if(suite.sig_algo() != "") + if(suite.signature_used()) { + const std::string sig_algo = suite.sig_algo(); + // Do we have any certificates for this sig? - if(cert_chains.count(suite.sig_algo()) == 0) + if(cert_chains.count(sig_algo) == 0) + { continue; + } - // Client reques - if(!client_sig_algos.empty() && client_sig_algos.count(suite.sig_algo()) == 0) - continue; - } + if(version.supports_negotiable_signature_algorithms()) + { + const std::vector allowed = + policy.allowed_signature_schemes(); - if(version.supports_negotiable_signature_algorithms() && suite.sig_algo() != "") - { - const std::vector> client_sig_hash_pairs = - client_hello.supported_algos(); + std::vector client_sig_methods = + client_hello.signature_schemes(); - if(client_hello.supported_algos().empty() == false) - { - bool we_support_some_hash_by_client = false; + if(client_sig_methods.empty()) + { + // If empty, then implicit SHA-1 (TLS v1.2 rules) + client_sig_methods.push_back(Signature_Scheme::RSA_PKCS1_SHA1); + client_sig_methods.push_back(Signature_Scheme::ECDSA_SHA1); + client_sig_methods.push_back(Signature_Scheme::DSA_SHA1); + } + + bool we_support_some_hash_by_client = true; - for(auto&& hash_and_sig : client_hello.supported_algos()) + for(Signature_Scheme scheme : client_sig_methods) { - if(hash_and_sig.second == suite.sig_algo() && - policy.allowed_signature_hash(hash_and_sig.first)) + if(signature_algorithm_of_scheme(scheme) == suite.sig_algo() && + policy.allowed_signature_hash(hash_function_of_scheme(scheme))) { we_support_some_hash_by_client = true; - break; } } @@ -229,13 +238,6 @@ uint16_t choose_ciphersuite( "Policy does not accept any hash function supported by client"); } } - else - { - if(policy.allowed_signature_hash("SHA-1") == false) - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Client did not send signature_algorithms extension " - "and policy prohibits SHA-1 fallback"); - } } #if defined(BOTAN_HAS_SRP6) @@ -247,7 +249,7 @@ uint16_t choose_ciphersuite( client hello message. - RFC 5054 section 2.5.1.2 */ - if(suite.kex_algo() == "SRP_SHA" && client_hello.srp_identifier() == "") + if(suite.kex_method() == Kex_Algo::SRP_SHA && client_hello.srp_identifier() == "") throw TLS_Exception(Alert::UNKNOWN_PSK_IDENTITY, "Client wanted SRP but did not send username"); #endif @@ -806,23 +808,22 @@ void Server::session_create(Server_Handshake_State& pending_state, secure_renegotiation_check(pending_state.server_hello()); - const std::string sig_algo = pending_state.ciphersuite().sig_algo(); - const std::string kex_algo = pending_state.ciphersuite().kex_algo(); + const Ciphersuite& pending_suite = pending_state.ciphersuite(); - if(sig_algo != "") + Private_Key* private_key = nullptr; + + if(pending_suite.signature_used() || pending_suite.kex_method() == Kex_Algo::STATIC_RSA) { - BOTAN_ASSERT(!cert_chains[sig_algo].empty(), - "Attempting to send empty certificate chain"); + const std::string algo_used = + pending_suite.signature_used() ? pending_suite.sig_algo() : "RSA"; + + BOTAN_ASSERT(!cert_chains[algo_used].empty(), + "Attempting to send empty certificate chain"); pending_state.server_certs(new Certificate(pending_state.handshake_io(), pending_state.hash(), - cert_chains[sig_algo])); - } + cert_chains[algo_used])); - Private_Key* private_key = nullptr; - - if(kex_algo == "RSA" || sig_algo != "") - { private_key = m_creds.private_key_for( pending_state.server_certs()->cert_chain()[0], "tls-server", @@ -832,7 +833,7 @@ void Server::session_create(Server_Handshake_State& pending_state, throw Internal_Error("No private key located for associated server cert"); } - if(kex_algo == "RSA") + if(pending_suite.kex_method() == Kex_Algo::STATIC_RSA) { pending_state.set_server_rsa_kex_key(private_key); } @@ -853,7 +854,7 @@ void Server::session_create(Server_Handshake_State& pending_state, client_auth_CAs.insert(client_auth_CAs.end(), subjects.begin(), subjects.end()); } - if(!client_auth_CAs.empty() && pending_state.ciphersuite().sig_algo() != "") + if(!client_auth_CAs.empty() && pending_state.ciphersuite().signature_used()) { pending_state.cert_req( new Certificate_Req(pending_state.handshake_io(), diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index 90b158457a..574b4e5b88 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash ac96406c0080f669ca9442b0f5efcb31549ecb2e) -* by ./src/scripts/tls_suite_info.py on 2017-11-03 +* by ./src/scripts/tls_suite_info.py on 2017-11-05 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -19,192 +19,189 @@ const std::vector& Ciphersuite::all_known_ciphersuites() { // Note that this list of ciphersuites is ordered by id! static const std::vector g_ciphersuite_list = { - Ciphersuite(0x000A, "RSA_WITH_3DES_EDE_CBC_SHA", "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0x0013, "DHE_DSS_WITH_3DES_EDE_CBC_SHA", "DSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0x0016, "DHE_RSA_WITH_3DES_EDE_CBC_SHA", "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0x001B, "DH_anon_WITH_3DES_EDE_CBC_SHA", "", "DH", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0x002F, "RSA_WITH_AES_128_CBC_SHA", "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0032, "DHE_DSS_WITH_AES_128_CBC_SHA", "DSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0033, "DHE_RSA_WITH_AES_128_CBC_SHA", "RSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0034, "DH_anon_WITH_AES_128_CBC_SHA", "", "DH", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0035, "RSA_WITH_AES_256_CBC_SHA", "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0038, "DHE_DSS_WITH_AES_256_CBC_SHA", "DSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0039, "DHE_RSA_WITH_AES_256_CBC_SHA", "RSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x003A, "DH_anon_WITH_AES_256_CBC_SHA", "", "DH", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x003C, "RSA_WITH_AES_128_CBC_SHA256", "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x003D, "RSA_WITH_AES_256_CBC_SHA256", "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x0040, "DHE_DSS_WITH_AES_128_CBC_SHA256", "DSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x0041, "RSA_WITH_CAMELLIA_128_CBC_SHA", "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0044, "DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0045, "DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0046, "DH_anon_WITH_CAMELLIA_128_CBC_SHA", "", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0067, "DHE_RSA_WITH_AES_128_CBC_SHA256", "RSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x006A, "DHE_DSS_WITH_AES_256_CBC_SHA256", "DSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x006B, "DHE_RSA_WITH_AES_256_CBC_SHA256", "RSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x006C, "DH_anon_WITH_AES_128_CBC_SHA256", "", "DH", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x006D, "DH_anon_WITH_AES_256_CBC_SHA256", "", "DH", "AES-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x0084, "RSA_WITH_CAMELLIA_256_CBC_SHA", "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0087, "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0088, "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0089, "DH_anon_WITH_CAMELLIA_256_CBC_SHA", "", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x008B, "PSK_WITH_3DES_EDE_CBC_SHA", "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0x008C, "PSK_WITH_AES_128_CBC_SHA", "", "PSK", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x008D, "PSK_WITH_AES_256_CBC_SHA", "", "PSK", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x008F, "DHE_PSK_WITH_3DES_EDE_CBC_SHA", "", "DHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0x0090, "DHE_PSK_WITH_AES_128_CBC_SHA", "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0091, "DHE_PSK_WITH_AES_256_CBC_SHA", "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0096, "RSA_WITH_SEED_CBC_SHA", "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x0099, "DHE_DSS_WITH_SEED_CBC_SHA", "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x009A, "DHE_RSA_WITH_SEED_CBC_SHA", "RSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x009B, "DH_anon_WITH_SEED_CBC_SHA", "", "DH", "SEED", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0x009C, "RSA_WITH_AES_128_GCM_SHA256", "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0x009D, "RSA_WITH_AES_256_GCM_SHA384", "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x009E, "DHE_RSA_WITH_AES_128_GCM_SHA256", "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0x009F, "DHE_RSA_WITH_AES_256_GCM_SHA384", "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x00A2, "DHE_DSS_WITH_AES_128_GCM_SHA256", "DSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0x00A3, "DHE_DSS_WITH_AES_256_GCM_SHA384", "DSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x00A6, "DH_anon_WITH_AES_128_GCM_SHA256", "", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0x00A7, "DH_anon_WITH_AES_256_GCM_SHA384", "", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x00A8, "PSK_WITH_AES_128_GCM_SHA256", "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0x00A9, "PSK_WITH_AES_256_GCM_SHA384", "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x00AA, "DHE_PSK_WITH_AES_128_GCM_SHA256", "", "DHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0x00AB, "DHE_PSK_WITH_AES_256_GCM_SHA384", "", "DHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x00AE, "PSK_WITH_AES_128_CBC_SHA256", "", "PSK", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00AF, "PSK_WITH_AES_256_CBC_SHA384", "", "PSK", "AES-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0x00B2, "DHE_PSK_WITH_AES_128_CBC_SHA256", "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00B3, "DHE_PSK_WITH_AES_256_CBC_SHA384", "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0x00BA, "RSA_WITH_CAMELLIA_128_CBC_SHA256", "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00BD, "DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00BE, "DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00BF, "DH_anon_WITH_CAMELLIA_128_CBC_SHA256", "", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00C0, "RSA_WITH_CAMELLIA_256_CBC_SHA256", "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00C3, "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00C4, "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x00C5, "DH_anon_WITH_CAMELLIA_256_CBC_SHA256", "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0x16B7, "CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256", "RSA", "CECPQ1", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0x16B8, "CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDSA", "CECPQ1", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0x16B9, "CECPQ1_RSA_WITH_AES_256_GCM_SHA384", "RSA", "CECPQ1", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0x16BA, "CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384", "ECDSA", "CECPQ1", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC017, "ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC018, "ECDH_anon_WITH_AES_128_CBC_SHA", "", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC019, "ECDH_anon_WITH_AES_256_CBC_SHA", "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC01A, "SRP_SHA_WITH_3DES_EDE_CBC_SHA", "", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC01B, "SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", "RSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC01C, "SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", "DSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC01D, "SRP_SHA_WITH_AES_128_CBC_SHA", "", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC01E, "SRP_SHA_RSA_WITH_AES_128_CBC_SHA", "RSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC01F, "SRP_SHA_DSS_WITH_AES_128_CBC_SHA", "DSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC020, "SRP_SHA_WITH_AES_256_CBC_SHA", "", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC021, "SRP_SHA_RSA_WITH_AES_256_CBC_SHA", "RSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC022, "SRP_SHA_DSS_WITH_AES_256_CBC_SHA", "DSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC028, "ECDHE_RSA_WITH_AES_256_CBC_SHA384", "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC02B, "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC02C, "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC02F, "ECDHE_RSA_WITH_AES_128_GCM_SHA256", "RSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC030, "ECDHE_RSA_WITH_AES_256_GCM_SHA384", "RSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC034, "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20, ""), - Ciphersuite(0xC035, "ECDHE_PSK_WITH_AES_128_CBC_SHA", "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20, ""), - Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", "RSA", "RSA", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", "RSA", "RSA", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", "RSA", "DH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", "RSA", "DH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC056, "DHE_DSS_WITH_ARIA_128_GCM_SHA256", "DSA", "DH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC057, "DHE_DSS_WITH_ARIA_256_GCM_SHA384", "DSA", "DH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC05A, "DH_anon_WITH_ARIA_128_GCM_SHA256", "", "DH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC05B, "DH_anon_WITH_ARIA_256_GCM_SHA384", "", "DH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", "ECDSA", "ECDH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", "ECDSA", "ECDH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", "RSA", "ECDH", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", "RSA", "ECDH", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", "", "PSK", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", "", "PSK", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC06C, "DHE_PSK_WITH_ARIA_128_GCM_SHA256", "", "DHE_PSK", "ARIA-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC06D, "DHE_PSK_WITH_ARIA_256_GCM_SHA384", "", "DHE_PSK", "ARIA-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC072, "ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC073, "ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC076, "ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC077, "ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", "RSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC07A, "RSA_WITH_CAMELLIA_128_GCM_SHA256", "RSA", "RSA", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC07B, "RSA_WITH_CAMELLIA_256_GCM_SHA384", "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC07C, "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", "RSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC07D, "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", "RSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC080, "DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", "DSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC081, "DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC084, "DH_anon_WITH_CAMELLIA_128_GCM_SHA256", "", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC085, "DH_anon_WITH_CAMELLIA_256_GCM_SHA384", "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC086, "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC087, "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC08A, "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", "RSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC08B, "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", "RSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC08E, "PSK_WITH_CAMELLIA_128_GCM_SHA256", "", "PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC08F, "PSK_WITH_CAMELLIA_256_GCM_SHA384", "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC090, "DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", "", "DHE_PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC091, "DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xC094, "PSK_WITH_CAMELLIA_128_CBC_SHA256", "", "PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC095, "PSK_WITH_CAMELLIA_256_CBC_SHA384", "", "PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC096, "DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", "", "DHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC097, "DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", "", "DHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC09A, "ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", "", "ECDHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32, ""), - Ciphersuite(0xC09B, "ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48, ""), - Ciphersuite(0xC09C, "RSA_WITH_AES_128_CCM", "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC09D, "RSA_WITH_AES_256_CCM", "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC09E, "DHE_RSA_WITH_AES_128_CCM", "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC09F, "DHE_RSA_WITH_AES_256_CCM", "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A0, "RSA_WITH_AES_128_CCM_8", "RSA", "RSA", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A1, "RSA_WITH_AES_256_CCM_8", "RSA", "RSA", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A2, "DHE_RSA_WITH_AES_128_CCM_8", "RSA", "DH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A3, "DHE_RSA_WITH_AES_256_CCM_8", "RSA", "DH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A4, "PSK_WITH_AES_128_CCM", "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A5, "PSK_WITH_AES_256_CCM", "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A6, "DHE_PSK_WITH_AES_128_CCM", "", "DHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A7, "DHE_PSK_WITH_AES_256_CCM", "", "DHE_PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A8, "PSK_WITH_AES_128_CCM_8", "", "PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0A9, "PSK_WITH_AES_256_CCM_8", "", "PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0AA, "PSK_DHE_WITH_AES_128_CCM_8", "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0AB, "PSK_DHE_WITH_AES_256_CCM_8", "", "DHE_PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0AC, "ECDHE_ECDSA_WITH_AES_128_CCM", "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0AD, "ECDHE_ECDSA_WITH_AES_256_CCM", "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0AE, "ECDHE_ECDSA_WITH_AES_128_CCM_8", "ECDSA", "ECDH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xC0AF, "ECDHE_ECDSA_WITH_AES_256_CCM_8", "ECDSA", "ECDH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCC13, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "RSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCC14, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCC15, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "RSA", "DH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCCA8, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "RSA", "ECDH", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCCA9, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCCAA, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "RSA", "DH", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", "", "PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "", "ECDHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xCCAD, "DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "", "DHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", "", "ECDHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", "", "ECDHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), - Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", "", "ECDHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", "", "ECDHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC0, "DHE_RSA_WITH_AES_128_OCB_SHA256", "RSA", "DH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC1, "DHE_RSA_WITH_AES_256_OCB_SHA256", "RSA", "DH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC2, "ECDHE_RSA_WITH_AES_128_OCB_SHA256", "RSA", "ECDH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC3, "ECDHE_RSA_WITH_AES_256_OCB_SHA256", "RSA", "ECDH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC4, "ECDHE_ECDSA_WITH_AES_128_OCB_SHA256", "ECDSA", "ECDH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC5, "ECDHE_ECDSA_WITH_AES_256_OCB_SHA256", "ECDSA", "ECDH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC6, "PSK_WITH_AES_128_OCB_SHA256", "", "PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC7, "PSK_WITH_AES_256_OCB_SHA256", "", "PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC8, "DHE_PSK_WITH_AES_128_OCB_SHA256", "", "DHE_PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFC9, "DHE_PSK_WITH_AES_256_OCB_SHA256", "", "DHE_PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFCA, "ECDHE_PSK_WITH_AES_128_OCB_SHA256", "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFCC, "CECPQ1_RSA_WITH_AES_256_OCB_SHA256", "RSA", "CECPQ1", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), - Ciphersuite(0xFFCD, "CECPQ1_ECDSA_WITH_AES_256_OCB_SHA256", "ECDSA", "CECPQ1", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), + Ciphersuite(0x000A, "RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0013, "DHE_DSS_WITH_3DES_EDE_CBC_SHA", Auth_Method::DSA, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0016, "DHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x001B, "DH_anon_WITH_3DES_EDE_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x002F, "RSA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0032, "DHE_DSS_WITH_AES_128_CBC_SHA", Auth_Method::DSA, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0033, "DHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0034, "DH_anon_WITH_AES_128_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0035, "RSA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0038, "DHE_DSS_WITH_AES_256_CBC_SHA", Auth_Method::DSA, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0039, "DHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x003A, "DH_anon_WITH_AES_256_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x003C, "RSA_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x003D, "RSA_WITH_AES_256_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x0040, "DHE_DSS_WITH_AES_128_CBC_SHA256", Auth_Method::DSA, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x0041, "RSA_WITH_CAMELLIA_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0044, "DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", Auth_Method::DSA, Kex_Algo::DH, "Camellia-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0045, "DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0046, "DH_anon_WITH_CAMELLIA_128_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::DH, "Camellia-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0067, "DHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x006A, "DHE_DSS_WITH_AES_256_CBC_SHA256", Auth_Method::DSA, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x006B, "DHE_RSA_WITH_AES_256_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x006C, "DH_anon_WITH_AES_128_CBC_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x006D, "DH_anon_WITH_AES_256_CBC_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x0084, "RSA_WITH_CAMELLIA_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0087, "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", Auth_Method::DSA, Kex_Algo::DH, "Camellia-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0088, "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0089, "DH_anon_WITH_CAMELLIA_256_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::DH, "Camellia-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x008B, "PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x008C, "PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x008D, "PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x008F, "DHE_PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0090, "DHE_PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0091, "DHE_PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0096, "RSA_WITH_SEED_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "SEED", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x0099, "DHE_DSS_WITH_SEED_CBC_SHA", Auth_Method::DSA, Kex_Algo::DH, "SEED", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x009A, "DHE_RSA_WITH_SEED_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "SEED", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x009B, "DH_anon_WITH_SEED_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::DH, "SEED", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0x009C, "RSA_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x009D, "RSA_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x009E, "DHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x009F, "DHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00A2, "DHE_DSS_WITH_AES_128_GCM_SHA256", Auth_Method::DSA, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00A3, "DHE_DSS_WITH_AES_256_GCM_SHA384", Auth_Method::DSA, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00A6, "DH_anon_WITH_AES_128_GCM_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00A7, "DH_anon_WITH_AES_256_GCM_SHA384", Auth_Method::ANONYMOUS, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00A8, "PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00A9, "PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00AA, "DHE_PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00AB, "DHE_PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x00AE, "PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00AF, "PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0x00B2, "DHE_PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00B3, "DHE_PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0x00BA, "RSA_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00BD, "DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::DSA, Kex_Algo::DH, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00BE, "DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00BF, "DH_anon_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00C0, "RSA_WITH_CAMELLIA_256_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00C3, "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", Auth_Method::DSA, Kex_Algo::DH, "Camellia-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00C4, "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x00C5, "DH_anon_WITH_CAMELLIA_256_CBC_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "Camellia-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0x16B7, "CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::CECPQ1, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0x16B8, "CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::ECDSA, Kex_Algo::CECPQ1, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0x16B9, "CECPQ1_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::CECPQ1, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0x16BA, "CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::CECPQ1, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC017, "ECDH_anon_WITH_3DES_EDE_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC018, "ECDH_anon_WITH_AES_128_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC019, "ECDH_anon_WITH_AES_256_CBC_SHA", Auth_Method::ANONYMOUS, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC01A, "SRP_SHA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::SRP_SHA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC01B, "SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::SRP_SHA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC01C, "SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", Auth_Method::DSA, Kex_Algo::SRP_SHA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC01D, "SRP_SHA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::SRP_SHA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC01E, "SRP_SHA_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::SRP_SHA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC01F, "SRP_SHA_DSS_WITH_AES_128_CBC_SHA", Auth_Method::DSA, Kex_Algo::SRP_SHA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC020, "SRP_SHA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::SRP_SHA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC021, "SRP_SHA_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::SRP_SHA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC022, "SRP_SHA_DSS_WITH_AES_256_CBC_SHA", Auth_Method::DSA, Kex_Algo::SRP_SHA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC028, "ECDHE_RSA_WITH_AES_256_CBC_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC02B, "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC02C, "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC02F, "ECDHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC030, "ECDHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC034, "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC035, "ECDHE_PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), + Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC056, "DHE_DSS_WITH_ARIA_128_GCM_SHA256", Auth_Method::DSA, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC057, "DHE_DSS_WITH_ARIA_256_GCM_SHA384", Auth_Method::DSA, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC05A, "DH_anon_WITH_ARIA_128_GCM_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC05B, "DH_anon_WITH_ARIA_256_GCM_SHA384", Auth_Method::ANONYMOUS, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC06C, "DHE_PSK_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC06D, "DHE_PSK_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC072, "ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC073, "ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC076, "ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC077, "ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC07A, "RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC07B, "RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC07C, "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC07D, "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC080, "DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::DSA, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC081, "DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::DSA, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC084, "DH_anon_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::ANONYMOUS, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC085, "DH_anon_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::ANONYMOUS, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC086, "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC087, "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC08A, "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC08B, "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC08E, "PSK_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC08F, "PSK_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC090, "DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC091, "DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC094, "PSK_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC095, "PSK_WITH_CAMELLIA_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC096, "DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC097, "DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "Camellia-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC09A, "ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "Camellia-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), + Ciphersuite(0xC09B, "ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "Camellia-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), + Ciphersuite(0xC09C, "RSA_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC09D, "RSA_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC09E, "DHE_RSA_WITH_AES_128_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC09F, "DHE_RSA_WITH_AES_256_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A0, "RSA_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A1, "RSA_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A2, "DHE_RSA_WITH_AES_128_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A3, "DHE_RSA_WITH_AES_256_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A4, "PSK_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A5, "PSK_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A6, "DHE_PSK_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A7, "DHE_PSK_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A8, "PSK_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0A9, "PSK_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0AA, "PSK_DHE_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0AB, "PSK_DHE_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0AC, "ECDHE_ECDSA_WITH_AES_128_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0AD, "ECDHE_ECDSA_WITH_AES_256_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0AE, "ECDHE_ECDSA_WITH_AES_128_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xC0AF, "ECDHE_ECDSA_WITH_AES_256_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xCCA8, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xCCA9, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xCCAA, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xCCAD, "DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), + Ciphersuite(0xFFC0, "DHE_RSA_WITH_AES_128_OCB_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128/OCB(12)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC1, "DHE_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC2, "ECDHE_RSA_WITH_AES_128_OCB_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128/OCB(12)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC3, "ECDHE_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC4, "ECDHE_ECDSA_WITH_AES_128_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/OCB(12)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC5, "ECDHE_ECDSA_WITH_AES_256_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC6, "PSK_WITH_AES_128_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/OCB(12)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC7, "PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC8, "DHE_PSK_WITH_AES_128_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-128/OCB(12)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFC9, "DHE_PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::DHE_PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFCA, "ECDHE_PSK_WITH_AES_128_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/OCB(12)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFCC, "CECPQ1_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::CECPQ1, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), + Ciphersuite(0xFFCD, "CECPQ1_ECDSA_WITH_AES_256_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::CECPQ1, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), }; return g_ciphersuite_list; diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index fd944f3760..124a583e14 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -19,16 +19,16 @@ def to_ciphersuite_info(code, name): (sig_and_kex,cipher_and_mac) = name.split('_WITH_') if sig_and_kex == 'RSA': - sig_algo = 'RSA' + sig_algo = 'IMPLICIT' kex_algo = 'RSA' elif 'PSK' in sig_and_kex: - sig_algo = '' + sig_algo = 'IMPLICIT' kex_algo = sig_and_kex elif 'SRP' in sig_and_kex: srp_info = sig_and_kex.split('_') if len(srp_info) == 2: # 'SRP_' + hash kex_algo = sig_and_kex - sig_algo = '' + sig_algo = 'IMPLICIT' else: kex_algo = '_'.join(srp_info[0:-1]) sig_algo = srp_info[-1] @@ -67,7 +67,9 @@ def to_ciphersuite_info(code, name): } tls_to_botan_names = { - 'anon': '', + 'IMPLICIT': 'IMPLICIT', + + 'anon': 'ANONYMOUS', 'MD5': 'MD5', 'SHA': 'SHA-1', 'SHA256': 'SHA-256', @@ -105,6 +107,8 @@ def to_ciphersuite_info(code, name): mac_algo = tls_to_botan_names[mac_algo] sig_algo = tls_to_botan_names[sig_algo] kex_algo = tls_to_botan_names[kex_algo] + if kex_algo == 'RSA': + kex_algo = 'STATIC_RSA' (cipher_algo, cipher_keylen) = cipher_info[cipher[0]] @@ -116,22 +120,14 @@ def to_ciphersuite_info(code, name): modestr = '' mode = '' - ivlen = 0 if cipher[0] == 'CHACHA20' and cipher[1] == 'POLY1305': - iv_len = 12 - if code in ['CC13', 'CC14', 'CC15']: - iv_len = 0 # Google variant - record_iv_len = 0 - - return (name, code, sig_algo, kex_algo, "ChaCha20Poly1305", cipher_keylen, iv_len, record_iv_len, "AEAD", 0, mac_algo) + return (name, code, sig_algo, kex_algo, "ChaCha20Poly1305", cipher_keylen, "AEAD", 0, mac_algo, 'AEAD_XOR_12') mode = cipher[-1] if mode not in ['CBC', 'GCM', 'CCM(8)', 'CCM', 'OCB']: print "#warning Unknown mode '%s' for ciphersuite %s (0x%d)" % (' '.join(cipher), name, code) - ivlen = 8 if cipher_algo == '3DES' else 16 - if mode != 'CBC': if mode == 'OCB': cipher_algo += '/OCB(12)' @@ -139,16 +135,16 @@ def to_ciphersuite_info(code, name): cipher_algo += '/' + mode if mode == 'CBC': - return (name, code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, 0, mac_algo, mac_keylen[mac_algo], "") + return (name, code, sig_algo, kex_algo, cipher_algo, cipher_keylen, mac_algo, mac_keylen[mac_algo], mac_algo, 'CBC_MODE') elif mode == 'OCB': - return (name, code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 12, 0, "AEAD", 0, mac_algo) + return (name, code, sig_algo, kex_algo, cipher_algo, cipher_keylen, "AEAD", 0, mac_algo, 'AEAD_XOR_12') else: iv_bytes_from_hs = 4 iv_bytes_from_rec = 8 - return (name, code, sig_algo, kex_algo, cipher_algo, cipher_keylen, iv_bytes_from_hs, iv_bytes_from_rec, "AEAD", 0, mac_algo) + return (name, code, sig_algo, kex_algo, cipher_algo, cipher_keylen, "AEAD", 0, mac_algo, 'AEAD_IMPLICIT_4') def open_input(args): iana_url = 'https://www.iana.org/assignments/tls-parameters/tls-parameters.txt' @@ -249,11 +245,6 @@ def main(args = None): def define_custom_ciphersuite(name, code): suites[code] = to_ciphersuite_info(code, name) - # Google servers - draft-agl-tls-chacha20poly1305-04 - define_custom_ciphersuite('ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC13') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14') - define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15') - if options.with_cecpq1: # CECPQ1 key exchange define_custom_ciphersuite('CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256', '16B7') @@ -328,9 +319,9 @@ def header(): for code in sorted(suites.keys()): info = suites[code] - assert len(info) == 11 - suite_expr = 'Ciphersuite(0x%s, "%s", "%s", "%s", "%s", %d, %d, %d, "%s", %d, "%s")' % ( - code, info[0], info[2], info[3], info[4], info[5], info[6], info[7], info[8], info[9], info[10]) + assert len(info) == 10 + suite_expr = 'Ciphersuite(0x%s, "%s", Auth_Method::%s, Kex_Algo::%s, "%s", %d, "%s", %d, KDF_Algo::%s, Nonce_Format::%s)' % ( + code, info[0], info[2], info[3], info[4], info[5], info[6], info[7], info[8].replace('-','_'), info[9]) suite_info += " " + suite_expr + ",\n" diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt index 39564b51b7..473453ab05 100644 --- a/src/tests/data/tls-policy/compat.txt +++ b/src/tests/data/tls-policy/compat.txt @@ -12,7 +12,7 @@ allow_dtls12 = false ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM AES-256 AES-128 3DES macs = AEAD SHA-256 SHA-384 SHA-1 signature_hashes = SHA-512 SHA-384 SHA-256 SHA-1 -signature_methods = ECDSA RSA +signature_methods = ECDSA RSA IMPLICIT key_exchange_methods = CECPQ1 ECDH DH RSA ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 allow_insecure_renegotiation = false diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec index 7f09002ce9..d36156cc21 100644 --- a/src/tests/data/tls/cert_verify.vec +++ b/src/tests/data/tls/cert_verify.vec @@ -24,7 +24,7 @@ Exception = #Incomplete algorithm Buffer = 06 Protocol = 0303 -Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 1 bytes remaining, only 0 left +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left #Incomplete certificate Buffer = 0601000500 diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index f82d432b42..f9132d60ab 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -879,9 +879,9 @@ class TLS_Unit_Tests final : public Test policy.set("key_exchange_methods", kex_policy); policy.set("negotiate_encrypt_then_mac", etm_policy); - if(kex_policy == "RSA") + if(kex_policy.find("RSA") != std::string::npos) { - policy.set("signature_methods", "RSA"); + policy.set("signature_methods", "IMPLICIT"); } std::vector versions = @@ -927,6 +927,11 @@ class TLS_Unit_Tests final : public Test policy.set("macs", mac_policy); policy.set("key_exchange_methods", kex_policy); + if(kex_policy.find("RSA") != std::string::npos) + { + policy.set("signature_methods", "IMPLICIT"); + } + for(auto const& kv : extra_policies) { policy.set(kv.first, kv.second); From aa2d16c81404ced37df474ab49fa980739e29294 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 12:27:09 -0500 Subject: [PATCH 0591/1008] Reorder signature scheme list Now PSS shows up first and we negotiate it by default ;) --- src/lib/tls/tls_algos.cpp | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index 415d3eb664..2a4d7ba263 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -194,24 +194,32 @@ std::string hash_function_of_scheme(Signature_Scheme scheme) const std::vector& all_signature_schemes() { + /* + * This is ordered in some approximate order of preference + */ static const std::vector all_schemes = { - Signature_Scheme::RSA_PKCS1_SHA1, - Signature_Scheme::RSA_PKCS1_SHA256, + //Signature_Scheme::EDDSA_448, + //Signature_Scheme::EDDSA_25519, + + Signature_Scheme::RSA_PSS_SHA384, + Signature_Scheme::RSA_PSS_SHA256, + Signature_Scheme::RSA_PSS_SHA512, + Signature_Scheme::RSA_PKCS1_SHA384, Signature_Scheme::RSA_PKCS1_SHA512, - Signature_Scheme::DSA_SHA1, - Signature_Scheme::DSA_SHA256, + Signature_Scheme::RSA_PKCS1_SHA256, + + Signature_Scheme::ECDSA_SHA384, + Signature_Scheme::ECDSA_SHA512, + Signature_Scheme::ECDSA_SHA256, + Signature_Scheme::DSA_SHA384, Signature_Scheme::DSA_SHA512, + Signature_Scheme::DSA_SHA256, + + Signature_Scheme::RSA_PKCS1_SHA1, Signature_Scheme::ECDSA_SHA1, - Signature_Scheme::ECDSA_SHA256, - Signature_Scheme::ECDSA_SHA384, - Signature_Scheme::ECDSA_SHA512, - Signature_Scheme::RSA_PSS_SHA256, - Signature_Scheme::RSA_PSS_SHA384, - Signature_Scheme::RSA_PSS_SHA512, - Signature_Scheme::EDDSA_25519, - Signature_Scheme::EDDSA_448, + Signature_Scheme::DSA_SHA1, }; return all_schemes; From ec2718a583ee6a4c6273fa0b2b8f86c961eb1d94 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 16:12:25 -0500 Subject: [PATCH 0592/1008] Move generic TLS tests to test_tls.cpp Leaves unit_tls.cpp for the handshake level tests. Add some basic tests of the string<->enum conversions in tls_algos.h --- src/lib/tls/tls_algos.cpp | 2 + src/lib/tls/tls_algos.h | 10 +- src/tests/test_tls.cpp | 303 +++++++++++++++++++++++++++++++++++++ src/tests/test_tls_cbc.cpp | 40 ----- src/tests/unit_tls.cpp | 166 -------------------- 5 files changed, 310 insertions(+), 211 deletions(-) create mode 100644 src/tests/test_tls.cpp delete mode 100644 src/tests/test_tls_cbc.cpp diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index 2a4d7ba263..33b00d5192 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -107,6 +107,8 @@ Auth_Method auth_method_from_string(const std::string& str) return Auth_Method::DSA; if(str == "ECDSA") return Auth_Method::ECDSA; + if(str == "IMPLICIT") + return Auth_Method::IMPLICIT; if(str == "ANONYMOUS" || str == "") return Auth_Method::ANONYMOUS; diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h index b65aad1855..4f7a35ec8e 100644 --- a/src/lib/tls/tls_algos.h +++ b/src/lib/tls/tls_algos.h @@ -75,8 +75,8 @@ enum class Auth_Method { ANONYMOUS }; -std::string auth_method_to_string(Auth_Method method); -Auth_Method auth_method_from_string(const std::string& str); +std::string BOTAN_TEST_API auth_method_to_string(Auth_Method method); +Auth_Method BOTAN_TEST_API auth_method_from_string(const std::string& str); /* * This matches the wire encoding @@ -107,7 +107,7 @@ enum class Signature_Scheme : uint16_t { EDDSA_448 = 0x0808, }; -const std::vector& all_signature_schemes(); +BOTAN_UNSTABLE_API const std::vector& all_signature_schemes(); std::string BOTAN_UNSTABLE_API sig_scheme_to_string(Signature_Scheme scheme); std::string hash_function_of_scheme(Signature_Scheme scheme); @@ -151,8 +151,8 @@ enum class Kex_Algo { ECDHE_PSK, }; -std::string kex_method_to_string(Kex_Algo method); -Kex_Algo kex_method_from_string(const std::string& str); +std::string BOTAN_TEST_API kex_method_to_string(Kex_Algo method); +Kex_Algo BOTAN_TEST_API kex_method_from_string(const std::string& str); inline bool key_exchange_is_psk(Kex_Algo m) { diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp new file mode 100644 index 0000000000..4762653ac3 --- /dev/null +++ b/src/tests/test_tls.cpp @@ -0,0 +1,303 @@ +/* +* (C) 2014,2015,2017,2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" +#include +#include + +#if defined(BOTAN_HAS_TLS) + #include + #include + + #if defined(BOTAN_HAS_TLS_CBC) + #include + #endif + +#endif + +namespace Botan_Tests { + +#if defined(BOTAN_HAS_TLS) + +#if defined(BOTAN_HAS_TLS_CBC) + +class TLS_CBC_Padding_Tests final : public Text_Based_Test + { + public: + TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc.vec", "Record,Output") {} + + Test::Result run_one_test(const std::string&, const VarMap& vars) override + { + const std::vector record = get_req_bin(vars, "Record"); + const size_t output = get_req_sz(vars, "Output"); + + uint16_t res = Botan::TLS::check_tls_cbc_padding(record.data(), record.size()); + + Test::Result result("TLS CBC padding check"); + result.test_eq("Expected", res, output); + return result; + } + }; + +BOTAN_REGISTER_TEST("tls_cbc_padding", TLS_CBC_Padding_Tests); + +#endif + +class Test_TLS_Alert_Strings : public Test + { + public: + std::vector run() override + { + Test::Result result("TLS::Alert::type_string"); + + const std::vector alert_types = + { + Botan::TLS::Alert::CLOSE_NOTIFY, + Botan::TLS::Alert::UNEXPECTED_MESSAGE, + Botan::TLS::Alert::BAD_RECORD_MAC, + Botan::TLS::Alert::DECRYPTION_FAILED, + Botan::TLS::Alert::RECORD_OVERFLOW, + Botan::TLS::Alert::DECOMPRESSION_FAILURE, + Botan::TLS::Alert::HANDSHAKE_FAILURE, + Botan::TLS::Alert::NO_CERTIFICATE, + Botan::TLS::Alert::BAD_CERTIFICATE, + Botan::TLS::Alert::UNSUPPORTED_CERTIFICATE, + Botan::TLS::Alert::CERTIFICATE_REVOKED, + Botan::TLS::Alert::CERTIFICATE_EXPIRED, + Botan::TLS::Alert::CERTIFICATE_UNKNOWN, + Botan::TLS::Alert::ILLEGAL_PARAMETER, + Botan::TLS::Alert::UNKNOWN_CA, + Botan::TLS::Alert::ACCESS_DENIED, + Botan::TLS::Alert::DECODE_ERROR, + Botan::TLS::Alert::DECRYPT_ERROR, + Botan::TLS::Alert::EXPORT_RESTRICTION, + Botan::TLS::Alert::PROTOCOL_VERSION, + Botan::TLS::Alert::INSUFFICIENT_SECURITY, + Botan::TLS::Alert::INTERNAL_ERROR, + Botan::TLS::Alert::INAPPROPRIATE_FALLBACK, + Botan::TLS::Alert::USER_CANCELED, + Botan::TLS::Alert::NO_RENEGOTIATION, + Botan::TLS::Alert::UNSUPPORTED_EXTENSION, + Botan::TLS::Alert::CERTIFICATE_UNOBTAINABLE, + Botan::TLS::Alert::UNRECOGNIZED_NAME, + Botan::TLS::Alert::BAD_CERTIFICATE_STATUS_RESPONSE, + Botan::TLS::Alert::BAD_CERTIFICATE_HASH_VALUE, + Botan::TLS::Alert::UNKNOWN_PSK_IDENTITY, + Botan::TLS::Alert:: NO_APPLICATION_PROTOCOL, + }; + + std::set seen; + + for(auto alert : alert_types) + { + const std::string str = Botan::TLS::Alert(alert).type_string(); + result.test_eq("No duplicate strings", seen.count(str), 0); + seen.insert(str); + } + + Botan::TLS::Alert unknown_alert = Botan::TLS::Alert({01, 66}); + + result.test_eq("Unknown alert str", unknown_alert.type_string(), "unrecognized_alert_66"); + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("tls_alert_strings", Test_TLS_Alert_Strings); + +class Test_TLS_Policy_Test : public Test + { + public: + std::vector run() override + { + Test::Result result("TLS Policy"); + + const std::vector policies = { "default", "suiteb", "strict", "datagram", "bsi" }; + + for(std::string policy : policies) + { + result.test_eq("Values for TLS " + policy + " policy", + tls_policy_string(policy), + read_tls_policy(policy)); + } + + return {result}; + } + + private: + std::string read_tls_policy(const std::string& policy_str) + { + const std::string fspath = Test::data_file("tls-policy/" + policy_str + ".txt"); + + std::ifstream is(fspath.c_str()); + if(!is.good()) + { + throw Test_Error("Missing policy file " + fspath); + } + + Botan::TLS::Text_Policy policy(is); + return policy.to_string(); + } + + std::string tls_policy_string(const std::string& policy_str) + { + std::unique_ptr policy; + if(policy_str == "default") + { + policy.reset(new Botan::TLS::Policy); + } + else if(policy_str == "suiteb") + { + policy.reset(new Botan::TLS::NSA_Suite_B_128); + } + else if(policy_str == "bsi") + { + policy.reset(new Botan::TLS::BSI_TR_02102_2); + } + else if(policy_str == "strict") + { + policy.reset(new Botan::TLS::Strict_Policy); + } + else if(policy_str == "datagram") + { + policy.reset(new Botan::TLS::Datagram_Policy); + } + else + { + throw Test_Error("Unknown TLS policy type '" + policy_str + "'"); + } + + return policy->to_string(); + } + }; + +BOTAN_REGISTER_TEST("tls_policy_test", Test_TLS_Policy_Test); + +class Test_TLS_Ciphersuites : public Test + { + public: + std::vector run() override + { + Test::Result result("TLS::Ciphersuite"); + + for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) + { + Botan::TLS::Ciphersuite ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id); + + if(ciphersuite.valid()) + { + result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id), false); + + if(ciphersuite.cbc_ciphersuite() == false) + { + result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite.mac_algo(), "AEAD"); + } + else + { + result.test_eq("MAC algo and PRF algo same for CBC suites", ciphersuite.prf_algo(), ciphersuite.mac_algo()); + } + + // TODO more tests here + } + } + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("tls_ciphersuites", Test_TLS_Ciphersuites); + +class Test_TLS_Algo_Strings : public Test + { + public: + + std::vector run() override + { + std::vector results; + + results.push_back(test_auth_method_strings()); + results.push_back(test_kex_algo_strings()); + results.push_back(test_tls_sig_method_strings()); + + return results; + } + + private: + Test::Result test_tls_sig_method_strings() + { + Test::Result result("TLS::Signature_Scheme"); + + std::vector schemes = Botan::TLS::all_signature_schemes(); + + std::set scheme_strs; + for(auto scheme : schemes) + { + std::string scheme_str = Botan::TLS::sig_scheme_to_string(scheme); + + result.test_eq("Scheme strings unique", scheme_strs.count(scheme_str), 0); + + scheme_strs.insert(scheme_str); + } + + return result; + } + + Test::Result test_auth_method_strings() + { + Test::Result result("TLS::Auth_Method"); + + const std::vector auth_methods({ + Botan::TLS::Auth_Method::RSA, + Botan::TLS::Auth_Method::DSA, + Botan::TLS::Auth_Method::ECDSA, + Botan::TLS::Auth_Method::IMPLICIT, + Botan::TLS::Auth_Method::ANONYMOUS + }); + + for(Botan::TLS::Auth_Method meth : auth_methods) + { + std::string meth_str = Botan::TLS::auth_method_to_string(meth); + result.test_ne("Method string is not empty", meth_str, ""); + Botan::TLS::Auth_Method meth2 = Botan::TLS::auth_method_from_string(meth_str); + result.confirm("Decoded method matches", meth == meth2); + } + + return result; + } + + Test::Result test_kex_algo_strings() + { + Test::Result result("TLS::Kex_Algo"); + + const std::vector kex_algos({ + Botan::TLS::Kex_Algo::STATIC_RSA, + Botan::TLS::Kex_Algo::DH, + Botan::TLS::Kex_Algo::ECDH, + Botan::TLS::Kex_Algo::CECPQ1, + Botan::TLS::Kex_Algo::SRP_SHA, + Botan::TLS::Kex_Algo::PSK, + Botan::TLS::Kex_Algo::DHE_PSK, + Botan::TLS::Kex_Algo::ECDHE_PSK + }); + + for(Botan::TLS::Kex_Algo meth : kex_algos) + { + std::string meth_str = Botan::TLS::kex_method_to_string(meth); + result.test_ne("Method string is not empty", meth_str, ""); + Botan::TLS::Kex_Algo meth2 = Botan::TLS::kex_method_from_string(meth_str); + result.confirm("Decoded method matches", meth == meth2); + } + + return result; + } + + }; + +BOTAN_REGISTER_TEST("tls_algo_strings", Test_TLS_Algo_Strings); + +#endif + +} diff --git a/src/tests/test_tls_cbc.cpp b/src/tests/test_tls_cbc.cpp deleted file mode 100644 index b8359d4838..0000000000 --- a/src/tests/test_tls_cbc.cpp +++ /dev/null @@ -1,40 +0,0 @@ -/* -* (C) 2017 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include "tests.h" - -#if defined(BOTAN_HAS_TLS_CBC) - #include -#endif - -namespace Botan_Tests { - -#if defined(BOTAN_HAS_TLS_CBC) - -class TLS_CBC_Padding_Tests final : public Text_Based_Test - { - public: - TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc.vec", "Record,Output") {} - - Test::Result run_one_test(const std::string&, const VarMap& vars) override - { - const std::vector record = get_req_bin(vars, "Record"); - const size_t output = get_req_sz(vars, "Output"); - - uint16_t res = Botan::TLS::check_tls_cbc_padding(record.data(), record.size()); - - Test::Result result("TLS CBC padding check"); - result.test_eq("Expected", res, output); - return result; - } - }; - -BOTAN_REGISTER_TEST("tls_cbc_padding", TLS_CBC_Padding_Tests); - -#endif - -} - diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index f9132d60ab..30c5ca7798 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -10,8 +10,6 @@ #include "tests.h" #include #include -#include -#include #if defined(BOTAN_HAS_TLS) @@ -293,170 +291,6 @@ create_creds(Botan::RandomNumberGenerator& rng, return cmt; } -class Test_TLS_Alert_Strings : public Test - { - public: - std::vector run() override - { - Test::Result result("TLS::Alert::type_string"); - - const std::vector alert_types = - { - Botan::TLS::Alert::CLOSE_NOTIFY, - Botan::TLS::Alert::UNEXPECTED_MESSAGE, - Botan::TLS::Alert::BAD_RECORD_MAC, - Botan::TLS::Alert::DECRYPTION_FAILED, - Botan::TLS::Alert::RECORD_OVERFLOW, - Botan::TLS::Alert::DECOMPRESSION_FAILURE, - Botan::TLS::Alert::HANDSHAKE_FAILURE, - Botan::TLS::Alert::NO_CERTIFICATE, - Botan::TLS::Alert::BAD_CERTIFICATE, - Botan::TLS::Alert::UNSUPPORTED_CERTIFICATE, - Botan::TLS::Alert::CERTIFICATE_REVOKED, - Botan::TLS::Alert::CERTIFICATE_EXPIRED, - Botan::TLS::Alert::CERTIFICATE_UNKNOWN, - Botan::TLS::Alert::ILLEGAL_PARAMETER, - Botan::TLS::Alert::UNKNOWN_CA, - Botan::TLS::Alert::ACCESS_DENIED, - Botan::TLS::Alert::DECODE_ERROR, - Botan::TLS::Alert::DECRYPT_ERROR, - Botan::TLS::Alert::EXPORT_RESTRICTION, - Botan::TLS::Alert::PROTOCOL_VERSION, - Botan::TLS::Alert::INSUFFICIENT_SECURITY, - Botan::TLS::Alert::INTERNAL_ERROR, - Botan::TLS::Alert::INAPPROPRIATE_FALLBACK, - Botan::TLS::Alert::USER_CANCELED, - Botan::TLS::Alert::NO_RENEGOTIATION, - Botan::TLS::Alert::UNSUPPORTED_EXTENSION, - Botan::TLS::Alert::CERTIFICATE_UNOBTAINABLE, - Botan::TLS::Alert::UNRECOGNIZED_NAME, - Botan::TLS::Alert::BAD_CERTIFICATE_STATUS_RESPONSE, - Botan::TLS::Alert::BAD_CERTIFICATE_HASH_VALUE, - Botan::TLS::Alert::UNKNOWN_PSK_IDENTITY, - Botan::TLS::Alert:: NO_APPLICATION_PROTOCOL, - }; - - std::set seen; - - for(auto alert : alert_types) - { - const std::string str = Botan::TLS::Alert(alert).type_string(); - result.test_eq("No duplicate strings", seen.count(str), 0); - seen.insert(str); - } - - Botan::TLS::Alert unknown_alert = Botan::TLS::Alert({01, 66}); - - result.test_eq("Unknown alert str", unknown_alert.type_string(), "unrecognized_alert_66"); - - return {result}; - } - }; - -BOTAN_REGISTER_TEST("tls_alert_strings", Test_TLS_Alert_Strings); - -class Test_TLS_Ciphersuites : public Test - { - public: - std::vector run() override - { - Test::Result result("TLS::Ciphersuite"); - - for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) - { - Botan::TLS::Ciphersuite ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id); - - if(ciphersuite.valid()) - { - result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id), false); - - if(ciphersuite.cbc_ciphersuite() == false) - { - result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite.mac_algo(), "AEAD"); - } - else - { - result.test_eq("MAC algo and PRF algo same for CBC suites", ciphersuite.prf_algo(), ciphersuite.mac_algo()); - } - - // TODO more tests here - } - } - - return {result}; - } - }; - -BOTAN_REGISTER_TEST("tls_ciphersuites", Test_TLS_Ciphersuites); - -class Test_TLS_Policy_Test : public Test - { - public: - std::vector run() override - { - Test::Result result("TLS Policy"); - - const std::vector policies = { "default", "suiteb", "strict", "datagram", "bsi" }; - - for(std::string policy : policies) - { - result.test_eq("Values for TLS " + policy + " policy", - tls_policy_string(policy), - read_tls_policy(policy)); - } - - return {result}; - } - - private: - std::string read_tls_policy(const std::string& policy_str) - { - const std::string fspath = Test::data_file("tls-policy/" + policy_str + ".txt"); - - std::ifstream is(fspath.c_str()); - if(!is.good()) - { - throw Test_Error("Missing policy file " + fspath); - } - - Botan::TLS::Text_Policy policy(is); - return policy.to_string(); - } - - std::string tls_policy_string(const std::string& policy_str) - { - std::unique_ptr policy; - if(policy_str == "default") - { - policy.reset(new Botan::TLS::Policy); - } - else if(policy_str == "suiteb") - { - policy.reset(new Botan::TLS::NSA_Suite_B_128); - } - else if(policy_str == "bsi") - { - policy.reset(new Botan::TLS::BSI_TR_02102_2); - } - else if(policy_str == "strict") - { - policy.reset(new Botan::TLS::Strict_Policy); - } - else if(policy_str == "datagram") - { - policy.reset(new Botan::TLS::Datagram_Policy); - } - else - { - throw Test_Error("Unknown TLS policy type '" + policy_str + "'"); - } - - return policy->to_string(); - } - }; - -BOTAN_REGISTER_TEST("tls_policy_test", Test_TLS_Policy_Test); - class TLS_Handshake_Test final { public: From bb02b60dae96361818ac362d13ac69243d655387 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 28 Jan 2018 17:52:51 -0500 Subject: [PATCH 0593/1008] Update news --- news.rst | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/news.rst b/news.rst index 1199600285..2022e04e6e 100644 --- a/news.rst +++ b/news.rst @@ -4,6 +4,24 @@ Release Notes Version 2.5.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Add support for RSA-PSS signatures in TLS (GH #1285) + +* Add a new Credentials_Manager callback that specifies which CAs the server + has indicated it trusts (GH #1395 fixing #1261) + +* Add new TLS::Callbacks methods that allow creating or removing extensions, + as well as examining extensions sent by the peer (GH #1394 #1186) + +* Make it possible for PKCS10 requests to include custom extensions. This also + makes it possible to use muliple SubjectAlternativeNames of a single type in + a request, which was previously not possible. (GH #1429 #1428) + +* Add DSA and ElGamal keygen functions to FFI (#1426) + +* Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402) + +* Fix a memory leak in the OpenSSL block cipher integration, introduced in 2.2.0 + * Use an improved algorithm for generating safe primes which is several tens of times faster. Also, fix a bug in the prime sieving algorithm which caused standard prime generation (like for RSA keys) to be slower than necessary. @@ -17,6 +35,13 @@ Version 2.5.0, Not Yet Released * Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392) +* The output of ``botan --help`` has been improved (GH #1387) + +* Add ``--der-format`` flag to command line utils, making it possible verify + DSA/ECDSA signatures generated by OpenSSL command line (GH #1409) + +* Add support for ``--library-suffix`` option to ``configure.py`` (GH #1405 #1404) + * Use feature flags to enable/disable system specific code (GH #1378) * The Perl XS based wrapper has been removed, as it was unmaintained and From 65ab80df80333acedf7f8c7dfc16b3da0daa6bd9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 29 Jan 2018 05:19:47 -0500 Subject: [PATCH 0594/1008] Catch exceptions from subprocess in build_docs [ci skip] If eg binary file not found, this just crashed with no useful diagnostic. --- src/scripts/build_docs.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index da36b5348b..df99ba9c32 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -54,13 +54,19 @@ def run_and_check(cmd_line, cwd=None): logging.debug("Executing %s", ' '.join(cmd_line)) - proc = subprocess.Popen(cmd_line, - close_fds=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - cwd=cwd) + stdout = None + stderr = None - (stdout, stderr) = proc.communicate() + try: + proc = subprocess.Popen(cmd_line, + close_fds=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=cwd) + + (stdout, stderr) = proc.communicate() + except OSError as e: + logging.error("Executing %s failed (%s)", ' '.join(cmd_line), e) if stdout: logging.debug(stdout.decode()) From 38a8939f9cf04bf5a76c270d99fe922cde152ff5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 24 Jan 2018 12:58:27 -0500 Subject: [PATCH 0595/1008] Improve X.509 documentation GH #1428 --- doc/manual/x509.rst | 226 +++++++++++++++++++++++++--------------- src/lib/x509/x509cert.h | 10 +- 2 files changed, 150 insertions(+), 86 deletions(-) diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index f9431c3620..7bbce5e2e9 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -10,24 +10,50 @@ signature on the certificate, which is placed there by some authority the certificate really "owns" the private key corresponding to the public key in the certificate. -The major certificate format in use today is X.509v3, used for instance -in the :doc:`tls` protocol. A X.509 certificate is represented by +The major certificate format in use today is X.509v3, used for instance in the +:doc:`tls` protocol. A X.509 certificate is represented by the class +``X509_Certificate``. The data of an X.509 certificate is stored as a +``shared_ptr`` to a structure containing the decoded information. So copying +``X509_Certificate`` objects is quite cheap. + .. cpp:class:: X509_Certificate - .. cpp:function:: X509_Certificate(const std::string& filename) + .. cpp:function:: X509_Certificate(const std::string& filename) Load a certificate from a file. PEM or DER is accepted. - .. cpp:function:: X509_Certificate(const std::vector& in) + .. cpp:function:: X509_Certificate(const std::vector& in) Load a certificate from a byte string. - .. cpp:function:: X509_Certificate(DataSource& source) + .. cpp:function:: X509_Certificate(DataSource& source) Load a certificate from an abstract ``DataSource``. - .. cpp:function:: std::unique_ptr load_subject_public_key() const + .. cpp:function:: X509_DN subject_dn() const + + Returns the distinguished name (DN) of the certificate's subject. This is + the primary place where information about the subject of the certificate is + stored. However "modern" information that doesn't fit in the X.500 + framework, such as DNS name, email, IP address, or XMPP address, appears + instead in the subject alternative name. + + .. cpp:function:: X509_DN issuer_dn() const + + Returns the distinguished name (DN) of the certificate's issuer, ie the CA + that issued this certificate. + + .. cpp:function:: const AlternativeName& subject_alt_name() const + + Return the subjects alternative name. This is used to store + values like associated URIs, DNS addresses, and email addresses. + + .. cpp:function:: const AlternativeName& issuer_alt_name() const + + Return alternative names for the issuer. + + .. cpp:function:: std::unique_ptr load_subject_public_key() const Deserialize the stored public key and return a new object. This might throw, if it happens that the public key object stored in @@ -38,45 +64,72 @@ in the :doc:`tls` protocol. A X.509 certificate is represented by with the returned object. It may be any type of key, in principle, though RSA and ECDSA are most common. - .. cpp:function:: std::vector serial_number() const + .. cpp:function:: std::vector subject_public_key_bits() const + + Return the binary encoding of the subject public key. This value (or a hash of + it) is used in various protocols, eg for public key pinning. + + .. cpp:function:: AlgorithmIdentifier subject_public_key_algo() const + + Return an algorithm identifier that identifies the algorithm used in the + subject's public key. + + .. cpp:function:: std::vector serial_number() const Return the certificates serial number. The tuple of issuer DN and serial number should be unique. - .. cpp:function:: X509_DN subject_dn() const + .. cpp:function:: std::vector raw_subject_dn() const - Returns the distinguished name (DN) of the certificate's subject. + Return the binary encoding of the subject DN. - .. cpp:function:: X509_DN issuer_dn() const + .. cpp:function:: std::vector raw_issuer_dn() const - Returns the distinguished name (DN) of the certificate's issuer + Return the binary encoding of the issuer DN. - .. cpp:function:: X509_Time not_before() const + .. cpp:function:: X509_Time not_before() const Returns the point in time the certificate becomes valid - .. cpp:function:: X509_Time not_after() const + .. cpp:function:: X509_Time not_after() const Returns the point in time the certificate expires - .. cpp:function:: const Extensions& v3_extensions() const + .. cpp:function:: const Extensions& v3_extensions() const Returns all extensions of this certificate. You can use this to examine any extension data associated with the certificate, including custom extensions the library doesn't know about. - .. cpp:function:: const AlternativeName& subject_alt_name() const + .. cpp:function:: std::vector authority_key_id() const - Return the subjects alternative name. This is used to store - values like associated URIs, DNS addresses, and email addresses. + Return the authority key id, if set. This is an arbitrary string; in the + issuing certificate this will be the subject key id. - .. cpp:function:: const AlternativeName& issuer_alt_name() const + .. cpp:function:: std::vector subject_key_id() const - Return alternative names for the issuer. + Return the subject key id, if set. + + .. cpp:function:: bool allowed_extended_usage(const OID& usage) const + + Return true if and only if the usage OID appears in the extended key usage + extension. Also will return true if the extended key usage extension is + not used in the current certificate. + + .. cpp:function: std::vector extended_key_usage() const - .. cpp:function:: std::string fingerprint(const std::string& hash_name = "SHA-1") const + Return the list of extended key usages. May be empty. - Return a fingerprint for the certificate. + .. cpp:function:: std::string fingerprint(const std::string& hash_fn = "SHA-1") const + + Return a fingerprint for the certificate, which is basically just a hash + of the binary contents. Normally SHA-1 or SHA-256 is used, but any hash + function is allowed. + + .. cpp:function:: bool matches_dns_name(const std::string& name) const + + Returns true if ``name`` matches the DNS name in the certificate. This function + accounts for wildcard certificates. .. cpp:function:: Key_Constraints constraints() const @@ -99,64 +152,51 @@ in the :doc:`tls` protocol. A X.509 certificate is represented by Returns a free-form human readable string describing the certificate. -The ``X509_Certificate`` class has several other functions not described here. -See the header ``x509cert.h`` for details. - -The data of an X.509 certificate is stored as a ``shared_ptr`` to a structure -containing the decoded information. So copying ``X509_Certificate`` objects is -quite cheap. - -So what's in an X.509 certificate? ------------------------------------ - -Obviously, you want to be able to get the public key. This is achieved -by calling the member function ``subject_public_key``, which will -return a ``Public_Key``\*. As to what to do with this, read about -``load_key`` in :ref:`serializing_public_keys`. In the general case, -this could be any kind of public key, though 99% of the time it will -be an RSA key. However, Diffie-Hellman, DSA, and ECDSA keys are also -supported, so be careful about how you treat this. It is also a wise -idea to examine the value returned by ``constraints``, to see what -uses the public key is approved for. - -The second major piece of information you'll want is the -name/email/etc of the person to whom this certificate is -assigned. Here is where things get a little nasty. X.509v3 has two -(well, mostly just two...) different places where you can stick -information about the user: the *subject* field, and in an extension -called *subjectAlternativeName*. The *subject* field is supposed to -only included the following information: country, organization, an -organizational sub-unit name, and a so-called common name. The common -name is usually the name of the person, or it could be a title -associated with a position of some sort in the organization. It may -also include fields for state/province and locality. What a locality -is, nobody knows, but it's usually given as a city name. - -Like the distinguished names, subject alternative names can contain a lot of -things that Botan will flat out ignore (most of which you would likely never -want to use). However, there are three very useful pieces of information that -this extension might hold: an email address (mailbox@example.com), a DNS name -(somehost.example.com), or a URI (http://www.example.com). - -So, how to get the information? Call ``subject_info`` with the name of -the piece of information you want, and it will return a -``std::string`` that is either empty (signifying that the certificate -doesn't have this information), or has the information -requested. There are several names for each possible item, but the -most easily readable ones are: "Name", "Country", "Organization", -"Organizational Unit", "Locality", "State", "RFC822", "URI", and -"DNS". These values are returned as a ``std::string``. - -You can also get information about the issuer of the certificate in the same -way, using ``issuer_info``. +X.509 Distinguished Names +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. cpp:class:: X509_DN + + .. cpp:function:: bool has_field(const std::string& attr) const + + Returns true if ``get_attribute`` or ``get_first_attribute`` will return a value. + + .. cpp:function:: std::vector get_attribute(const std::string& attr) const + + Return all attributes associated with a certain attribute type. + + .. cpp:function:: std::string get_first_attribute(const std::string& attr) const + + Like ``get_attribute`` but returns just the first attribute, or + empty if the DN has no attribute of the specified type. + + .. cpp:function:: std::multimap get_attributes() const + + Get all attributes of the DN. The OID maps to a DN component such as + 2.5.4.10 ("Organization"), and the strings are UTF-8 encoded. + + .. cpp:function:: std::multimap contents() const + + Similar to ``get_attributes``, but the OIDs are decoded to strings. + + .. cpp:function:: void add_attribute(const std::string& key, const std::string& val) + + Add an attribute to a DN. + + .. cpp:function:: void add_attribute(const OID& oid, const std::string& val) + + Add an attribute to a DN using an OID instead of string-valued attribute type. + +The ``X509_DN`` type also supports iostream extraction and insertion operators, +for formatted input and output. X.509v3 Extensions ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -X.509v3 specifies a large number of possible extensions. Botan -supports some, but by no means all of them. -The following listing lists which X.509v3 extensions are supported -and notes areas where there may be problems with the handling. +X.509v3 specifies a large number of possible extensions. Botan supports some, +but by no means all of them. The following listing lists which X.509v3 +extensions are supported and notes areas where there may be problems with the +handling. - Key Usage and Extended Key Usage: No problems known. @@ -199,10 +239,16 @@ functions are provided to search them. .. cpp:function:: void add(Certificate_Extension* extn, bool critical = false) - Adds a new extension to the list. ``critical`` specifies whether the extension - should be marked as critical. + Adds a new extension to the extensions object. If an extension of the same + type already exists, ``extn`` will replace it. If ``critical`` is true the + extension will be marked as critical in the encoding. - .. cpp:function:: replace(Certificate_Extension* extn, bool critical = false) + .. cpp:function:: bool add_new(Certificate_Extension* extn, bool critical = false) + + Like ``add`` but an existing extension will not be replaced. Returns true if the + extension was used, false if an extension of the same type was already in place. + + .. cpp:function:: void replace(Certificate_Extension* extn, bool critical = false) Adds an extension to the list or replaces it, if the same extension was already added @@ -641,6 +687,20 @@ This function acts quite similarly to transmit it to a CA, who signs it and returns a freshly minted X.509 certificate. +.. cpp:function:: PKCS10_Request PKCS10_Request::create(const Private_Key& key, \ + const X509_DN& subject_dn, \ + const Extensions& extensions, \ + const std::string& hash_fn, \ + RandomNumberGenerator& rng, \ + const std::string& padding_scheme = "", \ + const std::string& challenge = "") + + This function (added in 2.5) is similar to ``create_cert_req`` but allows + specifying all the parameters directly. In fact ``create_cert_req`` just + creates the DN and extensions from the options, then uses this call to + actually create the ``PKCS10_Request`` object. + + Certificate Options ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -718,13 +778,9 @@ are named "PKIX.ServerAuth" (for TLS server authentication), times - each new OID will be added to the list to include in the certificate. -Lastly, you can add any X.509v3 extensions in the `extensions` -member. This is really only useful if you want to encode custom -extensions in the certificate. Most users probably won't need this. -Note that extensions added this way will be overwritten by an -``X509_CA`` if also added by the ``X509_CA`` itself. This currently -includes the Basic Constraints, Key Usage, Authority Key ID, Subject -Key ID, Subject Alternative Name and Extended Key Usage extension. +Lastly, you can add any X.509v3 extensions in the `extensions` member, which is +useful if you want to encode a custom extension, or encode an extension in a way +differently from how Botan defaults. OCSP Requests ---------------------------------------- diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 79d16d37f2..637efd569a 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -337,7 +337,14 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ const std::vector& v2_subject_key_id() const; + /** + * Return the subject alternative names (DNS, IP, ...) + */ const AlternativeName& subject_alt_name() const; + + /** + * Return the issuer alternative names (DNS, IP, ...) + */ const AlternativeName& issuer_alt_name() const; /** @@ -380,7 +387,8 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object bool operator==(const X509_Certificate& other) const; /** - * Impose an arbitrary (but consistent) ordering + * Impose an arbitrary (but consistent) ordering, eg to allow sorting + * a container of certificate objects. * @return true if this is less than other by some unspecified criteria */ bool operator<(const X509_Certificate& other) const; From b0d23786bee4cc97510a5fe223ce1a4b2959a921 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 05:15:49 -0500 Subject: [PATCH 0596/1008] Add test for non-null pointer --- src/tests/tests.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/tests/tests.h b/src/tests/tests.h index 36a6d4862e..fa5dc34b6d 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -192,6 +192,15 @@ class Test } } + template + bool test_not_null(const std::string& what, T* ptr) + { + if(ptr == nullptr) + return test_failure(what + " was null"); + else + return test_success(what + " was not null"); + } + bool test_eq(const std::string& what, const char* produced, const char* expected); bool test_is_nonempty(const std::string& what_is_it, const std::string& to_examine); From e6dae25b44bc669932782389c51c800c8cef8a47 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 05:16:59 -0500 Subject: [PATCH 0597/1008] Add botan_x509_cert_hostname_match --- src/lib/ffi/ffi.h | 6 ++++++ src/lib/ffi/ffi_cert.cpp | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 296d64ef29..20611fde9d 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -1201,6 +1201,12 @@ enum botan_x509_cert_key_constraints { BOTAN_PUBLIC_API(2,0) int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage); +/** +* Check if the certificate matches the specified hostname via alternative name or CN match. +* RFC 5280 wildcards also supported. +*/ +BOTAN_PUBLIC_API(2,5) int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char* hostname); + /** * Key wrapping as per RFC 3394 */ diff --git a/src/lib/ffi/ffi_cert.cpp b/src/lib/ffi/ffi_cert.cpp index 6031d02aa3..3c5f17277f 100644 --- a/src/lib/ffi/ffi_cert.cpp +++ b/src/lib/ffi/ffi_cert.cpp @@ -133,4 +133,13 @@ int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], s return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, { return write_vec_output(out, out_len, c.subject_public_key_bits()); }); } +int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char* hostname) + { + if(hostname == nullptr) + return BOTAN_FFI_ERROR_NULL_POINTER; + + return BOTAN_FFI_DO(Botan::X509_Certificate, cert, c, + { return c.matches_dns_name(hostname) ? 0 : -1; }); + } + } From d8e6c5bd2912e19654ad46389fb27dcb00610b66 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 05:17:14 -0500 Subject: [PATCH 0598/1008] Move FFI tests to sub-functions Add a test for hostname match function --- src/tests/test_ffi.cpp | 527 +++++++++++++++++++++++------------------ 1 file changed, 292 insertions(+), 235 deletions(-) diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 00deabb062..47de5e7fb9 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -38,45 +38,12 @@ class FFI_Unit_Tests final : public Test { Test::Result result("FFI"); - result.test_is_eq("FFI API version", botan_ffi_api_version(), uint32_t(BOTAN_HAS_FFI)); - result.test_is_eq("Major version", botan_version_major(), Botan::version_major()); - result.test_is_eq("Minor version", botan_version_minor(), Botan::version_minor()); - result.test_is_eq("Patch version", botan_version_patch(), Botan::version_patch()); - result.test_is_eq("Botan version", botan_version_string(), Botan::version_cstr()); - result.test_is_eq("Botan version datestamp", botan_version_datestamp(), Botan::version_datestamp()); - result.test_is_eq("FFI supports its own version", botan_ffi_supports_api(botan_ffi_api_version()), 0); - - const std::vector mem1 = { 0xFF, 0xAA, 0xFF }; - const std::vector mem2 = mem1; - const std::vector mem3 = { 0xFF, 0xA9, 0xFF }; - - TEST_FFI_RC(0, botan_same_mem, (mem1.data(), mem2.data(), mem1.size())); - TEST_FFI_RC(-1, botan_same_mem, (mem1.data(), mem3.data(), mem1.size())); - - std::vector to_zero = { 0xFF, 0xA0 }; - TEST_FFI_OK(botan_scrub_mem, (to_zero.data(), to_zero.size())); - result.confirm("scrub_memory zeros", to_zero[0] == 0 && to_zero[1] == 0); - - const std::vector bin = { 0xAA, 0xDE, 0x01 }; - const char* input_str = "ABC"; - - std::string outstr; - std::vector outbuf; - //char namebuf[32]; - - outstr.resize(2 * bin.size()); - TEST_FFI_OK(botan_hex_encode, (bin.data(), bin.size(), &outstr[0], 0)); - result.test_eq("uppercase hex", outstr, "AADE01"); - - TEST_FFI_OK(botan_hex_encode, (bin.data(), bin.size(), &outstr[0], BOTAN_FFI_HEX_LOWER_CASE)); - result.test_eq("lowercase hex", outstr, "aade01"); - // RNG test and initialization botan_rng_t rng; TEST_FFI_FAIL("invalid rng type", botan_rng_init, (&rng, "invalid_type")); - outbuf.resize(512); + std::vector outbuf(512); if(TEST_FFI_OK(botan_rng_init, (&rng, "system"))) { @@ -97,178 +64,134 @@ class FFI_Unit_Tests final : public Test return {result}; } - // hashing test - botan_hash_t hash; - TEST_FFI_FAIL("invalid hash name", botan_hash_init, (&hash, "SHA-255", 0)); - TEST_FFI_FAIL("invalid flags", botan_hash_init, (&hash, "SHA-256", 1)); - - if(TEST_FFI_OK(botan_hash_init, (&hash, "SHA-256", 0))) - { - /* - TEST_FFI_FAIL("output buffer too short", botan_hash_name, (hash, namebuf, 5)); - - if(TEST_FFI_OK(botan_hash_name, (hash, namebuf, sizeof(namebuf)))) - { - result.test_eq("hash name", std::string(namebuf), "SHA-256"); - } - */ - size_t block_size; - if (TEST_FFI_OK(botan_hash_block_size, (hash, &block_size))) - { - result.test_eq("hash block size", block_size, 64); - } - - size_t output_len; - if(TEST_FFI_OK(botan_hash_output_length, (hash, &output_len))) - { - result.test_eq("hash output length", output_len, 32); - - outbuf.resize(output_len); - - // Test that after clear or final the object can be reused - for(size_t r = 0; r != 2; ++r) - { - TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(input_str), 1)); - TEST_FFI_OK(botan_hash_clear, (hash)); - - TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(input_str), std::strlen(input_str))); - TEST_FFI_OK(botan_hash_final, (hash, outbuf.data())); + std::vector results; + results.push_back(ffi_test_utils()); + results.push_back(ffi_test_errors()); + results.push_back(ffi_test_base64()); + results.push_back(ffi_test_hash()); + results.push_back(ffi_test_mac()); + results.push_back(ffi_test_kdf(rng)); + results.push_back(ffi_test_mp(rng)); + results.push_back(ffi_test_block_ciphers()); + results.push_back(ffi_test_ciphers_cbc()); + results.push_back(ffi_test_ciphers_aead_gcm()); + results.push_back(ffi_test_ciphers_aead_eax()); + results.push_back(ffi_test_stream_ciphers()); + results.push_back(ffi_test_pkcs_hash_id()); - result.test_eq("SHA-256 output", outbuf, "B5D4045C3F466FA91FE2CC6ABE79232A1A57CDF104F7A26E716E0A1E2789DF78"); - } +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + results.push_back(ffi_test_keywrap()); +#endif - // Test botan_hash_copy_state - const char *msg = "message digest"; - const char *expected = "F7846F55CF23E14EEBEAB5B4E1550CAD5B509E3348FBC4EFA3A1413D393CB650"; - TEST_FFI_OK(botan_hash_clear, (hash)); - TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(&msg[0]), 1)); - botan_hash_t fork; - if (TEST_FFI_OK(botan_hash_copy_state, (&fork, hash))) - { - TEST_FFI_OK(botan_hash_update, (fork, reinterpret_cast(&msg[1]), std::strlen(msg) - 2)); +#if defined(BOTAN_HAS_RSA) + results.push_back(ffi_test_rsa(rng)); + results.push_back(ffi_test_rsa_cert()); +#endif - TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(&msg[1]), std::strlen(msg) - 1)); - TEST_FFI_OK(botan_hash_final, (hash, outbuf.data())); - result.test_eq("hashing split", outbuf, expected); +#if defined(BOTAN_HAS_DSA) + results.push_back(ffi_test_dsa(rng)); +#endif - TEST_FFI_OK(botan_hash_update, (fork, reinterpret_cast(&msg[std::strlen(msg)-1]), 1)); - TEST_FFI_OK(botan_hash_final, (fork, outbuf.data())); - result.test_eq("hashing split", outbuf, expected); +#if defined(BOTAN_HAS_ECDSA) + results.push_back(ffi_test_ecdsa(rng)); + results.push_back(ffi_test_ecdsa_cert()); +#endif - TEST_FFI_OK(botan_hash_destroy, (fork)); - } - } +#if defined(BOTAN_HAS_ECDH) + results.push_back(ffi_test_ecdh(rng)); +#endif - TEST_FFI_OK(botan_hash_destroy, (hash)); - } +#if defined(BOTAN_HAS_SM2) + results.push_back(ffi_test_sm2(rng)); + results.push_back(ffi_test_sm2_enc(rng)); +#endif - // MAC test - botan_mac_t mac; - TEST_FFI_FAIL("bad flag", botan_mac_init, (&mac, "HMAC(SHA-256)", 1)); - TEST_FFI_FAIL("bad name", botan_mac_init, (&mac, "HMAC(SHA-259)", 0)); +#if defined(BOTAN_HAS_MCELIECE) + results.push_back(ffi_test_mceliece(rng)); +#endif - if(TEST_FFI_OK(botan_mac_init, (&mac, "HMAC(SHA-256)", 0))) - { - /* - TEST_FFI_FAIL("output buffer too short", botan_mac_name, (mac, namebuf, 5)); +#if defined(BOTAN_HAS_ELGAMAL) + results.push_back(ffi_test_elgamal(rng)); +#endif - if(TEST_FFI_OK(botan_mac_name, (mac, namebuf, 20))) - { - result.test_eq("mac name", std::string(namebuf), "HMAC(SHA-256)"); - } - */ +#if defined(BOTAN_HAS_DIFFIE_HELLMAN) + results.push_back(ffi_test_dh(rng)); +#endif - size_t output_len; - if(TEST_FFI_OK(botan_mac_output_length, (mac, &output_len))) - { - result.test_eq("MAC output length", output_len, 32); +#if defined(BOTAN_HAS_ED25519) + results.push_back(ffi_test_ed25519(rng)); +#endif - const uint8_t mac_key[] = { 0xAA, 0xBB, 0xCC, 0xDD }; - outbuf.resize(output_len); + TEST_FFI_OK(botan_rng_destroy, (rng)); - // Test that after clear or final the object can be reused - for(size_t r = 0; r != 2; ++r) - { - TEST_FFI_OK(botan_mac_set_key, (mac, mac_key, sizeof(mac_key))); - TEST_FFI_OK(botan_mac_update, (mac, reinterpret_cast(input_str), std::strlen(input_str))); - TEST_FFI_OK(botan_mac_clear, (mac)); + results.push_back(result); + return results; + } - TEST_FFI_OK(botan_mac_set_key, (mac, mac_key, sizeof(mac_key))); - TEST_FFI_OK(botan_mac_update, (mac, reinterpret_cast(input_str), std::strlen(input_str))); - TEST_FFI_OK(botan_mac_final, (mac, outbuf.data())); + private: - result.test_eq("HMAC output", outbuf, "1A82EEA984BC4A7285617CC0D05F1FE1D6C96675924A81BC965EE8FF7B0697A7"); - } - } + Test::Result ffi_test_utils() + { + Test::Result result("FFI"); + result.test_is_eq("FFI API version", botan_ffi_api_version(), uint32_t(BOTAN_HAS_FFI)); + result.test_is_eq("Major version", botan_version_major(), Botan::version_major()); + result.test_is_eq("Minor version", botan_version_minor(), Botan::version_minor()); + result.test_is_eq("Patch version", botan_version_patch(), Botan::version_patch()); + result.test_is_eq("Botan version", botan_version_string(), Botan::version_cstr()); + result.test_is_eq("Botan version datestamp", botan_version_datestamp(), Botan::version_datestamp()); + result.test_is_eq("FFI supports its own version", botan_ffi_supports_api(botan_ffi_api_version()), 0); - TEST_FFI_OK(botan_mac_destroy, (mac)); - } + const std::vector mem1 = { 0xFF, 0xAA, 0xFF }; + const std::vector mem2 = mem1; + const std::vector mem3 = { 0xFF, 0xA9, 0xFF }; - // KDF test - const std::vector pbkdf_salt = Botan::hex_decode("ED1F39A0A7F3889AAF7E60743B3BC1CC2C738E60"); - const std::string passphrase = "ltexmfeyylmlbrsyikaw"; - const size_t pbkdf_out_len = 10; - const size_t pbkdf_iterations = 1000; + TEST_FFI_RC(0, botan_same_mem, (mem1.data(), mem2.data(), mem1.size())); + TEST_FFI_RC(-1, botan_same_mem, (mem1.data(), mem3.data(), mem1.size())); - outbuf.resize(pbkdf_out_len); + std::vector to_zero = { 0xFF, 0xA0 }; + TEST_FFI_OK(botan_scrub_mem, (to_zero.data(), to_zero.size())); + result.confirm("scrub_memory zeros", to_zero[0] == 0 && to_zero[1] == 0); - if(TEST_FFI_OK(botan_pbkdf, ("PBKDF2(SHA-1)", - outbuf.data(), outbuf.size(), - passphrase.c_str(), - pbkdf_salt.data(), pbkdf_salt.size(), - pbkdf_iterations))) - { - result.test_eq("PBKDF output", outbuf, "027AFADD48F4BE8DCC4F"); - } + const std::vector bin = { 0xAA, 0xDE, 0x01 }; - size_t iters_10ms, iters_100ms; + std::string outstr; + std::vector outbuf; + //char namebuf[32]; - TEST_FFI_OK(botan_pbkdf_timed, ("PBKDF2(SHA-1)", outbuf.data(), outbuf.size(), - passphrase.c_str(), - pbkdf_salt.data(), pbkdf_salt.size(), - 10, &iters_10ms)); - TEST_FFI_OK(botan_pbkdf_timed, ("PBKDF2(SHA-1)", outbuf.data(), outbuf.size(), - passphrase.c_str(), - pbkdf_salt.data(), pbkdf_salt.size(), - 100, &iters_100ms)); + outstr.resize(2 * bin.size()); + TEST_FFI_OK(botan_hex_encode, (bin.data(), bin.size(), &outstr[0], 0)); + result.test_eq("uppercase hex", outstr, "AADE01"); - result.test_note("PBKDF timed 10 ms " + std::to_string(iters_10ms) + " iterations " + - "100 ms " + std::to_string(iters_100ms) + " iterations"); + TEST_FFI_OK(botan_hex_encode, (bin.data(), bin.size(), &outstr[0], BOTAN_FFI_HEX_LOWER_CASE)); + result.test_eq("lowercase hex", outstr, "aade01"); + return result; + } -#if defined(BOTAN_HAS_KDF2) - const std::vector kdf_secret = Botan::hex_decode("92167440112E"); - const std::vector kdf_salt = Botan::hex_decode("45A9BEDED69163123D0348F5185F61ABFB1BF18D6AEA454F"); - const size_t kdf_out_len = 18; - outbuf.resize(kdf_out_len); + Test::Result ffi_test_rsa_cert() + { + Test::Result result("FFI RSA cert"); - if(TEST_FFI_OK(botan_kdf, ("KDF2(SHA-1)", outbuf.data(), outbuf.size(), - kdf_secret.data(), - kdf_secret.size(), - kdf_salt.data(), - kdf_salt.size(), - nullptr, - 0))) +#if defined(BOTAN_HAS_ECDSA) && defined(BOTAN_HAS_X509_CERTIFICATES) + botan_x509_cert_t cert; + if(TEST_FFI_OK(botan_x509_cert_load_file, (&cert, Test::data_file("x509/ocsp/randombit.pem").c_str()))) { - result.test_eq("KDF output", outbuf, "3A5DC9AA1C872B4744515AC2702D6396FC2A"); + TEST_FFI_RC(0, botan_x509_cert_hostname_match, (cert, "randombit.net")); + TEST_FFI_RC(0, botan_x509_cert_hostname_match, (cert, "www.randombit.net")); + TEST_FFI_RC(-1, botan_x509_cert_hostname_match, (cert, "*.randombit.net")); + TEST_FFI_RC(-1, botan_x509_cert_hostname_match, (cert, "flub.randombit.net")); + TEST_FFI_RC(-1, botan_x509_cert_hostname_match, (cert, "randombit.net.com")); + TEST_FFI_OK(botan_x509_cert_destroy, (cert)); } #endif - size_t out_len = 64; - outstr.resize(out_len); - - int rc = botan_bcrypt_generate(reinterpret_cast(&outstr[0]), - &out_len, passphrase.c_str(), rng, 4, 0); - - if(rc == 0) - { - result.test_eq("bcrypt output size", out_len, 61); + return result; + } - TEST_FFI_OK(botan_bcrypt_is_valid, (passphrase.c_str(), outstr.data())); - TEST_FFI_FAIL("bad password", botan_bcrypt_is_valid, ("nope", outstr.data())); - } + Test::Result ffi_test_ecdsa_cert() + { + Test::Result result("FFI ECDSA cert"); -#if defined(BOTAN_HAS_ECDSA) - // x509 cert test +#if defined(BOTAN_HAS_ECDSA) && defined(BOTAN_HAS_X509_CERTIFICATES) botan_x509_cert_t cert; if(TEST_FFI_OK(botan_x509_cert_load_file, (&cert, Test::data_file("x509/ecc/CSCA.CSCA.csca-germany.1.crt").c_str()))) { @@ -364,66 +287,9 @@ class FFI_Unit_Tests final : public Test TEST_FFI_OK(botan_x509_cert_destroy, (cert)); } #endif - - std::vector results; - results.push_back(ffi_test_errors()); - results.push_back(ffi_test_base64()); - results.push_back(ffi_test_mp(rng)); - results.push_back(ffi_test_block_ciphers()); - results.push_back(ffi_test_ciphers_cbc()); - results.push_back(ffi_test_ciphers_aead_gcm()); - results.push_back(ffi_test_ciphers_aead_eax()); - results.push_back(ffi_test_stream_ciphers()); - results.push_back(ffi_test_pkcs_hash_id()); - -#if defined(BOTAN_HAS_RFC3394_KEYWRAP) - results.push_back(ffi_test_keywrap()); -#endif - -#if defined(BOTAN_HAS_RSA) - results.push_back(ffi_test_rsa(rng)); -#endif - -#if defined(BOTAN_HAS_DSA) - results.push_back(ffi_test_dsa(rng)); -#endif - -#if defined(BOTAN_HAS_ECDSA) - results.push_back(ffi_test_ecdsa(rng)); -#endif - -#if defined(BOTAN_HAS_ECDH) - results.push_back(ffi_test_ecdh(rng)); -#endif - -#if defined(BOTAN_HAS_SM2) - results.push_back(ffi_test_sm2(rng)); - results.push_back(ffi_test_sm2_enc(rng)); -#endif - -#if defined(BOTAN_HAS_MCELIECE) - results.push_back(ffi_test_mceliece(rng)); -#endif - -#if defined(BOTAN_HAS_ELGAMAL) - results.push_back(ffi_test_elgamal(rng)); -#endif - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - results.push_back(ffi_test_dh(rng)); -#endif - -#if defined(BOTAN_HAS_ED25519) - results.push_back(ffi_test_ed25519(rng)); -#endif - - TEST_FFI_OK(botan_rng_destroy, (rng)); - - results.push_back(result); - return results; + return result; } - private: Test::Result ffi_test_pkcs_hash_id() { Test::Result result("FFI PKCS hash id"); @@ -741,6 +607,197 @@ class FFI_Unit_Tests final : public Test return result; } + Test::Result ffi_test_hash() + { + Test::Result result("FFI hash"); + + const char* input_str = "ABC"; + + botan_hash_t hash; + TEST_FFI_FAIL("invalid hash name", botan_hash_init, (&hash, "SHA-255", 0)); + TEST_FFI_FAIL("invalid flags", botan_hash_init, (&hash, "SHA-256", 1)); + + if(TEST_FFI_OK(botan_hash_init, (&hash, "SHA-256", 0))) + { + /* + TEST_FFI_FAIL("output buffer too short", botan_hash_name, (hash, namebuf, 5)); + + if(TEST_FFI_OK(botan_hash_name, (hash, namebuf, sizeof(namebuf)))) + { + result.test_eq("hash name", std::string(namebuf), "SHA-256"); + } + */ + size_t block_size; + if (TEST_FFI_OK(botan_hash_block_size, (hash, &block_size))) + { + result.test_eq("hash block size", block_size, 64); + } + + size_t output_len; + if(TEST_FFI_OK(botan_hash_output_length, (hash, &output_len))) + { + result.test_eq("hash output length", output_len, 32); + + std::vector outbuf(output_len); + + // Test that after clear or final the object can be reused + for(size_t r = 0; r != 2; ++r) + { + TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(input_str), 1)); + TEST_FFI_OK(botan_hash_clear, (hash)); + + TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(input_str), std::strlen(input_str))); + TEST_FFI_OK(botan_hash_final, (hash, outbuf.data())); + + result.test_eq("SHA-256 output", outbuf, "B5D4045C3F466FA91FE2CC6ABE79232A1A57CDF104F7A26E716E0A1E2789DF78"); + } + + // Test botan_hash_copy_state + const char *msg = "message digest"; + const char *expected = "F7846F55CF23E14EEBEAB5B4E1550CAD5B509E3348FBC4EFA3A1413D393CB650"; + TEST_FFI_OK(botan_hash_clear, (hash)); + TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(&msg[0]), 1)); + botan_hash_t fork; + if (TEST_FFI_OK(botan_hash_copy_state, (&fork, hash))) + { + TEST_FFI_OK(botan_hash_update, (fork, reinterpret_cast(&msg[1]), std::strlen(msg) - 2)); + + TEST_FFI_OK(botan_hash_update, (hash, reinterpret_cast(&msg[1]), std::strlen(msg) - 1)); + TEST_FFI_OK(botan_hash_final, (hash, outbuf.data())); + result.test_eq("hashing split", outbuf, expected); + + TEST_FFI_OK(botan_hash_update, (fork, reinterpret_cast(&msg[std::strlen(msg)-1]), 1)); + TEST_FFI_OK(botan_hash_final, (fork, outbuf.data())); + result.test_eq("hashing split", outbuf, expected); + + TEST_FFI_OK(botan_hash_destroy, (fork)); + } + } + + TEST_FFI_OK(botan_hash_destroy, (hash)); + } + return result; + } + + Test::Result ffi_test_mac() + { + Test::Result result("FFI MAC"); + + const char* input_str = "ABC"; + + // MAC test + botan_mac_t mac; + TEST_FFI_FAIL("bad flag", botan_mac_init, (&mac, "HMAC(SHA-256)", 1)); + TEST_FFI_FAIL("bad name", botan_mac_init, (&mac, "HMAC(SHA-259)", 0)); + + if(TEST_FFI_OK(botan_mac_init, (&mac, "HMAC(SHA-256)", 0))) + { + /* + TEST_FFI_FAIL("output buffer too short", botan_mac_name, (mac, namebuf, 5)); + + if(TEST_FFI_OK(botan_mac_name, (mac, namebuf, 20))) + { + result.test_eq("mac name", std::string(namebuf), "HMAC(SHA-256)"); + } + */ + + size_t output_len; + if(TEST_FFI_OK(botan_mac_output_length, (mac, &output_len))) + { + result.test_eq("MAC output length", output_len, 32); + + const uint8_t mac_key[] = { 0xAA, 0xBB, 0xCC, 0xDD }; + std::vector outbuf(output_len); + + // Test that after clear or final the object can be reused + for(size_t r = 0; r != 2; ++r) + { + TEST_FFI_OK(botan_mac_set_key, (mac, mac_key, sizeof(mac_key))); + TEST_FFI_OK(botan_mac_update, (mac, reinterpret_cast(input_str), std::strlen(input_str))); + TEST_FFI_OK(botan_mac_clear, (mac)); + + TEST_FFI_OK(botan_mac_set_key, (mac, mac_key, sizeof(mac_key))); + TEST_FFI_OK(botan_mac_update, (mac, reinterpret_cast(input_str), std::strlen(input_str))); + TEST_FFI_OK(botan_mac_final, (mac, outbuf.data())); + + result.test_eq("HMAC output", outbuf, "1A82EEA984BC4A7285617CC0D05F1FE1D6C96675924A81BC965EE8FF7B0697A7"); + } + } + + TEST_FFI_OK(botan_mac_destroy, (mac)); + } + + return result; + } + + Test::Result ffi_test_kdf(botan_rng_t rng) + { + Test::Result result("FFI KDF"); + const std::vector pbkdf_salt = Botan::hex_decode("ED1F39A0A7F3889AAF7E60743B3BC1CC2C738E60"); + const std::string passphrase = "ltexmfeyylmlbrsyikaw"; + const size_t pbkdf_out_len = 10; + const size_t pbkdf_iterations = 1000; + + std::vector outbuf(pbkdf_out_len); + + if(TEST_FFI_OK(botan_pbkdf, ("PBKDF2(SHA-1)", + outbuf.data(), outbuf.size(), + passphrase.c_str(), + pbkdf_salt.data(), pbkdf_salt.size(), + pbkdf_iterations))) + { + result.test_eq("PBKDF output", outbuf, "027AFADD48F4BE8DCC4F"); + } + + size_t iters_10ms, iters_100ms; + + TEST_FFI_OK(botan_pbkdf_timed, ("PBKDF2(SHA-1)", outbuf.data(), outbuf.size(), + passphrase.c_str(), + pbkdf_salt.data(), pbkdf_salt.size(), + 10, &iters_10ms)); + TEST_FFI_OK(botan_pbkdf_timed, ("PBKDF2(SHA-1)", outbuf.data(), outbuf.size(), + passphrase.c_str(), + pbkdf_salt.data(), pbkdf_salt.size(), + 100, &iters_100ms)); + + result.test_note("PBKDF timed 10 ms " + std::to_string(iters_10ms) + " iterations " + + "100 ms " + std::to_string(iters_100ms) + " iterations"); + +#if defined(BOTAN_HAS_KDF2) + const std::vector kdf_secret = Botan::hex_decode("92167440112E"); + const std::vector kdf_salt = Botan::hex_decode("45A9BEDED69163123D0348F5185F61ABFB1BF18D6AEA454F"); + const size_t kdf_out_len = 18; + outbuf.resize(kdf_out_len); + + if(TEST_FFI_OK(botan_kdf, ("KDF2(SHA-1)", outbuf.data(), outbuf.size(), + kdf_secret.data(), + kdf_secret.size(), + kdf_salt.data(), + kdf_salt.size(), + nullptr, + 0))) + { + result.test_eq("KDF output", outbuf, "3A5DC9AA1C872B4744515AC2702D6396FC2A"); + } +#endif + + size_t out_len = 64; + std::string outstr; + outstr.resize(out_len); + + int rc = botan_bcrypt_generate(reinterpret_cast(&outstr[0]), + &out_len, passphrase.c_str(), rng, 4, 0); + + if(rc == 0) + { + result.test_eq("bcrypt output size", out_len, 61); + + TEST_FFI_OK(botan_bcrypt_is_valid, (passphrase.c_str(), outstr.data())); + TEST_FFI_FAIL("bad password", botan_bcrypt_is_valid, ("nope", outstr.data())); + } + return result; + } + Test::Result ffi_test_block_ciphers() { Test::Result result("FFI block ciphers"); From c3a2c598f7f9ac714681e7f7c7568dd022451382 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 12:16:50 -0500 Subject: [PATCH 0599/1008] Avoid allocating zero bytes for SHA-3 padding Inspired by #1433 --- src/lib/hash/keccak/keccak.cpp | 7 +------ src/lib/hash/sha3/sha3.cpp | 17 +++++++++++------ src/lib/hash/sha3/sha3.h | 14 ++++++++++++++ src/lib/hash/shake/shake.cpp | 17 ++--------------- 4 files changed, 28 insertions(+), 27 deletions(-) diff --git a/src/lib/hash/keccak/keccak.cpp b/src/lib/hash/keccak/keccak.cpp index 94e3f70ba8..a4d4cef7df 100644 --- a/src/lib/hash/keccak/keccak.cpp +++ b/src/lib/hash/keccak/keccak.cpp @@ -53,12 +53,7 @@ void Keccak_1600::add_data(const uint8_t input[], size_t length) void Keccak_1600::final_result(uint8_t output[]) { - std::vector padding(m_bitrate / 8 - m_S_pos); - - padding[0] = 0x01; - padding[padding.size()-1] |= 0x80; - - add_data(padding.data(), padding.size()); + SHA_3::finish(m_bitrate, m_S, m_S_pos, 0x01, 0x80); /* * We never have to run the permutation again because we only support diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index 1556e54986..df6fa64e5e 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -176,6 +176,16 @@ size_t SHA_3::absorb(size_t bitrate, return S_pos; } +//static +void SHA_3::finish(size_t bitrate, + secure_vector& S, size_t S_pos, + uint8_t init_pad, uint8_t fini_pad) + { + S[S_pos / 8] ^= static_cast(init_pad) << (8 * (S_pos % 8)); + S[(bitrate / 64) - 1] ^= static_cast(fini_pad) << 56; + SHA_3::permute(S.data()); + } + //static void SHA_3::expand(size_t bitrate, secure_vector& S, @@ -211,12 +221,7 @@ void SHA_3::add_data(const uint8_t input[], size_t length) void SHA_3::final_result(uint8_t output[]) { - std::vector padding(m_bitrate / 8 - m_S_pos); - - padding[0] = 0x06; - padding[padding.size()-1] |= 0x80; - - add_data(padding.data(), padding.size()); + SHA_3::finish(m_bitrate, m_S, m_S_pos, 0x06, 0x80); /* * We never have to run the permutation again because we only support diff --git a/src/lib/hash/sha3/sha3.h b/src/lib/hash/sha3/sha3.h index ac01ca6dc1..a3a666971c 100644 --- a/src/lib/hash/sha3/sha3.h +++ b/src/lib/hash/sha3/sha3.h @@ -49,6 +49,20 @@ class BOTAN_PUBLIC_API(2,0) SHA_3 : public HashFunction secure_vector& S, size_t S_pos, const uint8_t input[], size_t length); + /** + * Add final padding and permute. The padding is assumed to be + * init_pad || 00... || fini_pad + * + * @param bitrate the bitrate to absorb into the sponge + * @param S the sponge state + * @param S_pos where to begin absorbing into S + * @param init_pad the leading pad bits + * @param fini_pad the final pad bits + */ + static void finish(size_t bitrate, + secure_vector& S, size_t S_pos, + uint8_t init_pad, uint8_t fini_pad); + /** * Expand from provided state * @param bitrate sponge parameter diff --git a/src/lib/hash/shake/shake.cpp b/src/lib/hash/shake/shake.cpp index ab7c9debe2..76ed79a274 100644 --- a/src/lib/hash/shake/shake.cpp +++ b/src/lib/hash/shake/shake.cpp @@ -47,15 +47,8 @@ void SHAKE_128::add_data(const uint8_t input[], size_t length) void SHAKE_128::final_result(uint8_t output[]) { - std::vector padding(SHAKE_128_BITRATE / 8 - m_S_pos); - - padding[0] = 0x1F; - padding[padding.size()-1] |= 0x80; - - add_data(padding.data(), padding.size()); - + SHA_3::finish(SHAKE_128_BITRATE, m_S, m_S_pos, 0x1F, 0x80); SHA_3::expand(SHAKE_128_BITRATE, m_S, output, output_length()); - clear(); } @@ -95,13 +88,7 @@ void SHAKE_256::add_data(const uint8_t input[], size_t length) void SHAKE_256::final_result(uint8_t output[]) { - std::vector padding(SHAKE_256_BITRATE / 8 - m_S_pos); - - padding[0] = 0x1F; - padding[padding.size()-1] |= 0x80; - - add_data(padding.data(), padding.size()); - + SHA_3::finish(SHAKE_256_BITRATE, m_S, m_S_pos, 0x1F, 0x80); SHA_3::expand(SHAKE_256_BITRATE, m_S, output, output_length()); clear(); From 3aaec2e7e62185f4c954b0d454fa01008b1bef44 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 12:31:33 -0500 Subject: [PATCH 0600/1008] Add a set of SHAKE-128 test vectors from NIST CAVS --- src/tests/data/hash/shake.vec | 627 ++++++++++++++++++++++++++++++++++ 1 file changed, 627 insertions(+) diff --git a/src/tests/data/hash/shake.vec b/src/tests/data/hash/shake.vec index 9de8fd53db..1546c854cd 100644 --- a/src/tests/data/hash/shake.vec +++ b/src/tests/data/hash/shake.vec @@ -1,6 +1,633 @@ # Selected values from the NIST CAVS file for SHAKE [SHAKE-128(128)] +In = +Out = 7f9c2ba4e88f827d616045507605853e + +In = 0e +Out = fa996dafaa208d72287c23bc4ed4bfd5 + +In = d9e8 +Out = c7211512340734235bb8d3c4651495aa + +In = 1b3b6e +Out = d7335497e4cd3666885edbb0824d7a75 + +In = 983f235a +Out = a5597fff9277088ab56d4d5485023fec + +In = 76fc16763f +Out = a539f540f3e69e2d25a46ef0b1cf16dd + +In = cb1b0103501c +Out = a07d5bd636c2ecca4b239124ef9fcac0 + +In = 7216a825029da1 +Out = 9de6ffacf3e59693a3de81b02f7db77a + +In = 7bf2fef375bcaff3 +Out = 5ef5578b89c50532131b7843de7329a3 + +In = fc948f094aa4b4e035 +Out = 9dfe4efaa2c43081702cbfe8636859ce + +In = f83091fff290c4b333fb +Out = 637e1cb6bdbebb4793447e81e2a2bb60 + +In = ae7cafada3e3e9f4314fa2 +Out = ae03aecba2995b344aa8e874808b5b7e + +In = 84f6cb3dc77b9bf856caf54e +Out = 56538d52b26f967bb9405e0f54fdf6e2 + +In = 2af26c79175fcca8e13fb783b1 +Out = 9cca3ec830b2d9ef819b377a96a6c94e + +In = 52977e532bccdb89dfeff7e9e4ad +Out = fbfba5c1e179df1469fcc8588ae5d2cc + +In = e49706130f266af2946e496e0e722a +Out = 4d84336572ccaabb827e81a0d887ec9a + +In = d4d67b00ca51397791b81205d5582c0a +Out = d0acfb2a14928caf8c168ae514925e4e + +In = 6159096096f4cba469db393377c57d9be0 +Out = 281b6b007cb17235b8aab33781c4cf59 + +In = 43bdb11eac71031f02a11c15a1885fa42898 +Out = de68027da130663a73980e3525b88c75 + +In = 1e5dff69ea217bdd182fc8d6d25b74792db36d +Out = e1905b84d9c060db55cc119f328695d9 + +In = b0438cd9e8853e976cfc13abbbb62fb8b5a50d59 +Out = c3ffe9ea9fa6c9cf59ad26f44ea0b82a + +In = e63b13334669de132c6a0175e2eebdaa48ec7e7dd1 +Out = 50377225df64d18fe6c645a6091e82a1 + +In = ce9b33631d7e628bbd93805b157c391c5574668d4ed8 +Out = 43611af9675b642fe8fa7e95de3e4389 + +In = efa36e0c2049129d37eabc310521714a54a6d38f8267eb +Out = 5f735cc0076c2f01454ad90a713e3583 + +In = 741950a661e7613f6e77c9ff8e432cc5abd4fb10e22a487a +Out = 0b9f45cd316d62b2f882c641bee51ea2 + +In = 878677c98d8582cf4e0fc3b0f9610e470fcc06f87571d594c8 +Out = 78a194799c3334a880ad9f31144a1c28 + +In = f8fe47cdc43511636f316ab2b40f0968198fc0de2175529dc32f +Out = a92b196b0ac4077b58e134852fad841a + +In = 3fc3dc539de2171e05909d1f89a6b01b302036f69c29756bea781b +Out = 585739f75aaf8f980e7505e841981450 + +In = 805e90c72b97798d936c10c9252bba561ab42736402d35e1fef712dd +Out = 53790f771045d51abcd6c79ab7938e3b + +In = c4e3ab950463b426942d279c03a89dbc56d1f57ff48c5108bf3762d884 +Out = 52725b1f753eb91ee906f803148097dd + +In = 8203912752fdacfca1e89f45a86c857a8e64ddf4dd8598ad334070483ae9 +Out = eef9b5940a9f1785cd33d8fd73d690ea + +In = 9fe97ba305fcb1f8630d3c5a71833981dbea557b44e9eb448b746d964d4205 +Out = 8e912e50c56fe5df4bc24e573eabd3e3 + +In = 6fe69ddaec89a72124f7575bd40cee57e1261f883e7b16fd10b0b99310a72e6a +Out = d1042a7f5580f4fc08afdc2e4a5c7dec + +In = bde187d2ec9cc9f6ff26197b53c3be5992bee6d96e50f49d96c41be0e2d92cffd1 +Out = 3ac47340e1bc4a64c2cf0ecf600f8b1e + +In = 4a206a5b8aa3586c0667a40020d65ff511d52b732ef7a0c569f1ee681a4fc3620065 +Out = 7bb433752b98f915be5182bc1f096648 + +In = 8978b2e5ddb1b12b7dbb0fd86280a3b155759c7f02652afd4e707bf4ea53e9a528ea72 +Out = 63b47adf8ba0e1bae29e2afe71fb95e6 + +In = d33dfbbdb48c7d2bd04086e36d5d98b135afdf62d10e6528bae185404ce1a2d11d201918 +Out = 02e7e41029d136a2ed8443462f24c926 + +In = 8776095da3b9b0553dabdd04ca7a5532c24bf64fa52ee3084051e1182d740161999c803b49 +Out = d1eed93306ce2cce1fe666e70b66067b + +In = f2f64383bdce4def1a1697e8e6c68b40834a32edd77b55a497cfe2a9c5cc90e577c3c639dbba +Out = 90b213c6c7dc5e37020e3c0f17e0704d + +In = abff6aa08a5bb1ff1118bb5bd29837349d762228e85f45667423ff662e0b44d8546ee6dad87f13 +Out = 7af40a1e58a75f965bfc07cecacae609 + +In = 22c1fd7342356b0a1a0ef75e7346c2df8a76148407f7f1132e47ed9d59ae4147a6211d51ed664050 +Out = f99123f410a594dda2238d0007ec8d01 + +In = 9b6e2fb189d797cb844c4bbccf51cad30c51e570af40d0c3b27f7ad68b001ace5baa0a6e68ffd9dccd +Out = 1da2e22ba2e322767d13d2870d1d05f9 + +In = 3080da1ec624fad699f4e92d6c3d0d0071f4da0753a7f46579b2937d8ab62c082c474e6412e5ca2f352e +Out = 4f45c853a4a76e583ca36ef95df2e718 + +In = 2e2b06b3ddfa4143aa5ef8b3d79d299bee2c414560c7de626cc0d9fb429884aa69cc30095ef1f36b7e03a8 +Out = dd43105b5c2f188676e7e9f79e3d7ab8 + +In = 6f6233796a7efb074693035c40f910b8e815c2c97f2e1920a47d37e6308368cb5ea05f402fe0c3e60c18ea46 +Out = ceb6686a7aa897179ae12fdcbb4d909e + +In = f0f1a1e7c1206eb1135b641843e1d7f160ce83d9273e207632b537006cbf3300c8d3bb58337d3f84c7bdd11f41 +Out = dc881c49d71353ca2489d4fb44dfc6af + +In = ff093f4c06651167463729b2e41a88c17955273473b07f2fb8864e0a8c1c9949b431edcedbd6eb4d36800401645c +Out = 3423d5def632c8c20a7bbf1a6a3da6c6 + +In = fd6dd3b63dc7b9664895c51fc17c57d59c349621dd3c5694a3cc404c660c2cc47d83d2f0e3d2a28a3aa2f0a710db54 +Out = c8db32bf81bf75621db30264750954f8 + +In = f5d61cfee8666d41b6750f2ebd3c6663b0f1e1668ceb89e9cd07da4de14ad166ddc8467e6fc47c9c1318f7068ad88d04 +Out = 2af858f1905ee1f11e28460c62f58dd3 + +In = 29d97029326800f97f8db0d37078f91c6e3cb21e2033e099e29ecf7a738d62eaedffa78afb49aefd46bc9ca83082fbb5c5 +Out = e087f5cc78aef2d5e3ec450d2270458b + +In = f322a6524f46c88053d6864062f67e8b29efeb80d48c77f182c45121f69880cc8f3f77687a81e9ab2661de4df8fe070f41bb +Out = b24fa4c9668707961e846e2d34542140 + +In = c521710a951c7f1fda05ddf7b78366976ce6f8ee7abbbf0c089db690854e6a5f8f06029c130a7cd4b68139787483bc918774af +Out = 65fa398b3a99fa2c9a122f46a4ac4896 + +In = 0e5bb6d22a8ae26081c0cd367f8a64d9a141261988d4dbf54cc782b9127c8b69e1b24662b14b9c3fc552fdfa3b3c9953e26ed376 +Out = 64686a23de4ec8dd62928abd95490943 + +In = 3e7a8fe54d477687a7bec4c5b86a682010689945b86fc931c60dd4982f337e88ddf41c4a018a9189ab9a7cb598b9b0aa4a2ee58d5e +Out = 688f96bc9d1eb72407eb5fe1fce772e9 + +In = 7edd5f6d39e3e642afd745bdbd784746b51906619b02bc329413d5409baa497976c72876e86e7701294d3ad4939fd2a49e50895e0e62 +Out = e6dff62dec74b1761f86000cb95af92a + +In = 569ed436714efd4eaf3a841970d266b0371fdd74aeb184a4ead9bc2fef184fc677d65436ef5753f5c3eca9fadb662dd266d013f1d65e11 +Out = c07f2b75da65d3e56da5864724c9a014 + +In = fe4804b6e3c35aa19879f6ce4cf01a0ae28d640797aa980ce6e9a0eaa9c7d132807470a576e275ece21b8e8a8cd9670e1150298d894f414f +Out = 0229e7c29c032d198c4865b62ff0d524 + +In = b212f7ef04ffcdcf72c39a6309486c0eeb390ff8f218d6bd978b976612f7f898c350e90bd130723e1126af69295019b4f52c06a629ab74e038 +Out = e6684c673e7f126631a44a6ce2b1d717 + +In = 88fe1b3aaa60db86678a7899a98f4abfa1a933a25f7dd3b3a0a0facbe7596312cfa99f219f884f631f7296c1aa22ce7e859e7a5f6f737c107942 +Out = 7283737747bdc8c80d31a25fa227d2f3 + +In = 02c73cfc12c10f84b565bfdea9c6274bb8d67cf9eacf2584f9d2ccbc05ceb5a989a44ecc8e8908a81eab6681fc17536492dab9672b664f326238b3 +Out = b7e570204d38b7a0e53ab8ff9bdcc1bf + +In = 7117a23fa001bf90eaa783654d1f79a854d924613a2e43e5533c5249a8f2541de167d05769701a8ecc71d3696473b3563477867f140a75fa0f1a873f +Out = 485fd3fa3352fcef48a6b158429049fe + +In = 03be6940e859f9b072660dff28a187551c2425481dd0555d2dee4acc36164f84f8505b6f467ae6f772eafcc9065490d9b4ed12a690d044bf7da14986e5 +Out = 3ee166d18e8f1e2e99e73cae7338a58a + +In = 65ee51a2f70fb080a94e31815a62c1ae7a4b70a7bf35c89e199e5da6e9bba62e6e180bc87f803f30801cd0898fdefde9fe21c71806894b95b9314eda3905 +Out = 6466505b7538dcd2976bd6dc41b733bc + +In = 0db2c8242af9549bb0e55b67e7a8176a7c4f2d44df9a31c5ea0b6da8c33dde7e037780e81881cc09e8b67e3bb65b9b014a2fb33e4c4363a4f20c1f6edbb72e +Out = 2b00fb3c1f10398ea50b09d936ea0af3 + +In = 2c77910745db9b8247bf6fc67c5741c4672a4b60a968cc69217d51cf57e633101b4361f469ae5f7a904c8f129321b00cd029a451dfa47651bdb19b3c2a1e7875 +Out = eabada7d7e1006e90b3e4515a453657c + +In = 25cf2df2390e437d72184b3229ae917e294354f6c1b9773e186c7929c171a7218f2090caabcfbae2e3e1936c4500aa0deda61fb61be259838959f6e3fb8b08fa17 +Out = bf61e7630a35170b0d1716009423f38c + +In = 2841ea01ba076375008a1bcdb95de6db7c8c34a44cdd41c16c558b0574fe8960a5e89a037a6e3cc57fba7ec6668cb8525836790889ecc13b0f3a7098f4d6ff098a98 +Out = b12b908b047ded5120cb93c1022ccadd + +In = c4265d53949a9916249acc2a2522cc98c6bad938d502dcdc278feccb3bf516711a255e5481fa014a420efdeae8d2d3409ade8cc54285fa8deead40c376dd95535f9844 +Out = 60df88966b16c136453e6f906ed3fc33 + +In = 488fc4b5263553cecdaedf82e11ed0309ae8ca766dc476e9e9138609df70f374c58889595c2ba63091a33fa8a14423e1814484dc7dcdb3301f512bfe521ed126c7327abb +Out = 9b0ffd44730f9e79a34d727a457aee2e + +In = 8d926382e52900c121c96506322faa1b9181a78280885b5092198f3f6dd4b6fecf1218cbcf182f446691517a2d3b904868e0dfe3448876b15ded775f832fd12ebec9648d8f +Out = c64c31e504f8ca9aec161a74e74173f9 + +In = e3d12ae6c985154e5ac1d8d97967238ce7c3574dc40933f752feb0aafdf5296598fdbfd6ea59fc706930b7bf458637f8a86b9bd53d72789fef65c58cf337f44c083a62dffd92 +Out = 98109ed8f3bd25e5bdb08120101d17c9 + +In = dc27ccbdfb02dfe1bd70b3481ae00e76198a57008954f193f2f2c737cb5228d5ed37d6f7482459d0d57b997ccbe6ac8916f6edb5050a4ef94373efc708d5ef9190d0828acde043 +Out = f4e5b69a73e7a5902139f0faa0cf6769 + +In = 5a4583f87eec910dc7bb63108e35c8a8ad5c0613416ac172aec21f67e3262ae2df2a763873e903764af664f42896212d6f2c5bcde7f4ae0cbef45c3bce30a79c1f1e7e77ad595c6a +Out = e3b8c83579bbdfc5a3ee384ccaececdf + +In = 724206140c277b819d3267dc6f52873c50eb40c3e9d98fc64bb3432dcb4c6a1d108009d56a2d10d6657f8c479f711f97d690ad644502599c31c8b0e2bf40233308eebbc96f7b083f33 +Out = 1ff78d4835871b5ac61695cd0dd74011 + +In = 17380b9ac2fbaf2be077012560e621ba031c66747818a46bc5d9aabbe8730f35be612f55251d70745deeca3fb501866863bc459cb34f45b4648ce02f4ef855e04922cbe44b3393d7d0c7 +Out = a0784b18be3739e413ad67db00da26f7 + +In = 1a26596839fb83304bc469fbb56434d99884b8e3f82ab2711e8d4e8d3a28eda74d0d248a467c088e6bb4a90ffb09dc1f12373e78ccf675b4adceb9c1412d948fffb7e50b73dd2b519db100 +Out = b92054016375be5e524cd5f5f4d35859 + +In = e729a6d311f98e570f9d0507ff0b3a26a64734706285665b608e839d0f6493eed529470f003d890bffa758bdd2b6d392bfe79391470a3e9858a159e8c4895ee3f2dc0f15d415097218759cde +Out = bbadb8e84fa9b6180fc150a227934d93 + +In = 68fc87075184692cbfe38e3a5eea0f3533574466755636fd9f4757fbc3c2714f21d8dd3ff89cf50a9ce3cbccc9471ca137727f0d6e99e29cdc4637c5255b6b14ba549889adcc7b3bc4422840cc +Out = 7c684261b9f70af503a1862f621bd0ad + +In = 701f7bdb5258763e71664a0976617d3db45cad9153f3d1abad23c196f85ff97126df9964093cb1d9bb3abce83de46a125edfa333def8c8b2d4ff3cfb4dd8232f36cf69197c2c06657107810c725e +Out = 45f89e231913d34d10d5acd69e3b559f + +In = 01689bbb62cb2256415b266ae22022d8b49c1fd4264f288ebb81fd12613b0c6dff979c124d394c7ce81ebc14a6958a54268a802dac0a0ba62c04efc7a54d3ab5b1e7761e598323d72d4465c495c6f9 +Out = c32c9a3bd124c5d6345b74c0468de6d4 + +In = ea54c5d628906e084a434dc2599fde5dda66eb4e00505ea71fad54e1644b72d8c49a7c17320e235615c51f41f96a7e7b84593ce3ac0313162894943524d477e8394b30a29ca9c3279665d84c34a312fe +Out = b86ddeca073f876404af9ef30fda3efb + +In = d89f058df62bef6ad66ad4160585ca9c71834ce27b0fe98a4d7c39176e061551935b07eab95a0061701a49277a2ebc01942734ad945b42c8b4e522ef2eeded25092a0f7432a4fcd7cebf1f58cf751376c5 +Out = ad9292bf5f0f5072d510d5def5c488d1 + +In = 82652b77ebfb363361d14496d3eed375cb83e02f43705747ba0acf52871c74146c2c44e66eff7f5ae45f5822cf1bf12e6950861501e7e9b6055f2e1f61cca7ae07201375cfaa12e382dcdca1315133bbcc0f +Out = 29e3122580ca889e0cabacd839a87462 + +In = 2469f101c9b499a930a97ef1b34673ec74393fd9faf658e31f06ee0b29a22b623780ba7bdfed8620151cc4444ebe3339e6d2a223bfbfb4ad2ca0e0fa0ddfbbdf3b057a4f26d0b216bc8763ca8d8a35ff2d2d01 +Out = 00ff5ef0cd7f8f90ad94b797e9d4dd30 + +In = 6785ddb0d10d2f3de7dcd06c5f9c53d6863a826e8fea50aa2b6c0fe45a8de3ff80f0774dbb0eeeb0747c1d00346df7adb97748a64a9aa779477ea5bb04fc4baad7e0c41170ed566c6922974d1e3cddfebf7cf668 +Out = d4b8a003adc9d2f013a17f983d61b924 + +In = 69ab543865088fd6d608d0916d2edf1fd30b59b832b35628f66f4821d5b127d50c4dcbc4ece599d396a5619f0331871047dc6131161be13f87397400184c2955f26716136f11f80fdaf6197876dd776ac1da22bff9 +Out = 7e91dab959964ca2bd44bec7fdf797d7 + +In = a72771a19908e83341381e80cc81c44594232d5d97785c8827d4626ce3afe7d9e50606513dfe5ec89ecb65a858d000188607517e89a4d042b5f59ed6498d16f3a5a1a425b7b2da89b76cc0d514cf6c9aae8cd3c645b2 +Out = 05e226a5323f74ebb65f81e3b135e55b + +In = f3fbeaf967bc8ba6ecc6e95f8cc688e5132ab0b221e31dde7d69f843ac0006e0c33b207b79bee38a8047a85416f0b654d7aeb7ded51e6905ea8196bb4d04463a644633a3d9147de5f0779fe118f0a2ccc00291d46bf12c +Out = 186ed64b27580f3f96fc3e0537be9343 + +In = 2e2c00cd7b5e5f0bebd4efcf897daab4d3edadf86468f62ed03c6c32d0541f629f0bd20ba33eb72250a579354a637fa0c9db700442c6f2f54482b8f3a0adbb9cccf3c71f89243af4c48a09cbba7903c260275ada02be5fac +Out = 872d32913d632d57119412dea946f5d3 + +In = 24263f4a142bf5171a07ce8337ce60585abfbdefca19f8a2c331e58364c0214fc981529d74fcb05bf19cc57bb90870ea58b030c2cba69fc02cb03df8919b6fc731d2c80ac82f868d3d1060c782ae7fc4bdaaca62a5e966c02e +Out = 9845df02929f6d8eb8bc39d59a1807e2 + +In = 48d08239a1f7bad06165a2bafad5e292e9e173fb965fa7927bf16a2189d8c716c709ae333d83f48610df9b9cee2954f2acee42ac2e96018988f4e717621c8923a1758174440f6fb98b363ebf5f47a9e7eec2fdd896a1207104e8 +Out = 470d85598d4cf1331c359dc61a010bbb + +In = ae6d4141b918177a21ebbc69f6c36ee6044eef3db26586272a9c46f9ba17921c7a9fe1bd30f4bfc57065150c089fa9c99bc3e84e8bbbe4f21ccd994ed77074ac2d5f16bc5ded5589989883ac62e0f3bf3b5aba157f00b3a88bcbc6 +Out = 42d1e5e0f41fe163302f345d193e95b1 + +In = c4d4374992a941d33f092c2b2ba38009457fb457d984a1dba93d371740dd6f6d8380808789b356f6ac374019e002e94144878912f7375c2d2d48540c82b50b2c8e86fb72b951f1c85001bf07d9d63119a4ad435fa38291507b330f63 +Out = 57cdcacbfd756c5f59375d341020b55a + +In = a9fbc9058dadd2c10a5e888b2eb383e57af9731439211039100954bed5fee7f3a47edbf9304299e0587c1b0cfb5d5cdd0cda0d8fe9b08a5ee8a50cee331120ebd79e58ec174c409e06b8931e559dafa6699b476cb03758c736245e9473 +Out = 367f7c45ac26167c1446d311a7af37b8 + +In = a0917412156a806fbe69d6b35aa04e2d897eb14f83ac10b40a365b629deb2f4cef06ee1b970e152d09facadec599b507ce3111c55e67037cd85e2a1bfe2377a164493fe024d08e80d44cbf48b54249992dd6dc3b78a3ad5d9aeb0ed698f0 +Out = da04c0b3223f5623ee5d71ea097afd4d + +In = aa538ac429b0270a381e51757df704dd0371b3bbe97e973357f04652b6e18794215265a91612827872e2ae659cd6b8cf00fe84ddbf465e7ba49b8e9f5b4f2dd1ddbf37ea2f33e11c4c052c326006ba19361de0a0f431fe7c06490b8f58f274 +Out = 458468889dd5d1ffd4f4a4d2c7943f5f + +In = 01f88c14a3b7a40d37b99c6993958098b94e16d5432763a104b97170ec4250a22c405bb49b3fbcb858ef3302b179132544138d1e64d330cebfc0b1ae3d2fe8be2b4d1cbe98f880a1ffd3fd3f2799324a48b1ba836f03ad2d230b69c2492b92e6 +Out = c1aee409c197ed7d16e121fb2d24742e + +In = 49598e351faf44274685298931cc7480046e7fcf04e9d99c4c3d9777c309ea984af1f7683a42e2440dd92c7d5b4140a3091b4803bdc3456e94305f3c181c79916c6509dfcab427ac305ce4965585dc94e2890f7edf9eecd06bb6afabb1a3ed1c17 +Out = afedb5a285c35a1db65a9c14f51b82e7 + +In = e64e6ff3e30e4c427af8c092cc7913529b1d340b5d5266438f6f36a14cf4b0521e13d2aa1470410f15263b13730acde0c33346d9edbaeb7e7fbeec9047ab977620bccce00cbfb1aa8319a6030b097cce0931e148d7521fec16570794469527e09451 +Out = a1be0b57d4ce80754fae7b241111ad0b + +In = 97914f444848138135ccdf545db73938188edc0c9c3c5f22c6bf1293182229d5feab1c8f55554dab2d80ecadcee81744fad4461f7290e702bc1c45192226ae8cfe36d5533529754c02e0378bf539d6f13b3e81001f9d81edd1591bf766beb8f8219a43 +Out = 10d8103ce220b34df39854e2a42c6b10 + +In = dcd5ac9481ff27771d9f280fc87f25855c21639ed89a743302a3ffe151eebf0109b6cedaa89a241681ab5a73a7c4b4bb0c1a5ff6ea13f7de625c4d9364366690ce10c7ded85bef87af9a264e60b8759df89ff6bfe9064e4fb08a77f1b501c340730b1d07 +Out = 87666c2d795dfe4e99986f9775b0ddc5 + +In = deaeea60ec338c23eb9a6c88f033e789d8f9591f8ac787137cc83a1079302dfea129298bb1106f0a84e25681daf135fd59dc8329d1bd3d1fc4a4887e264598bd61edd0bf9cbb2ba73d0cdaedac372fb25a7bb9500335b136305694f3ff15129026e1272336 +Out = 2fe407f43bef4c3ec15a859d3937cb95 + +In = a32e9cd68a79fc3144269f8bb49f15bc9dabdede0740e5b9e5994a7ff48764bae60c0782c02602f381e9ecde04d021bf275507ef2dbf961b613c17f5fc2f2b2949cb109307e120af0ff69a513799a59675f4921a48a0626b53be88be4b43f0e114933f712752 +Out = 576e47e7113cd173c1dbd132fac167ac + +In = 07641fed3240b006c33eebf93b26847d030f45035d83a5f39ade9b398ef7b400410264bde7b5997012aa96272705ffc30e5630fe2ec1d3ad995cb24383d8c997f964a0e7d0ced81cdbeb034f613ab98dcdc4e8d7a8466b6dc592de4dbb33b1f698507c71d4d392 +Out = 729e1e3ff876a9771e416dfece5a3707 + +In = 26a0d6f4467bccbc303864c2f0bfb94a0e8c26cc6c0150ec710166ac67baa7e122c225e4e366c9897c3f9855b40634ebeca8a6c8039d5a3078766b68ceb6222635e3b94666dd64becf6e92d4f0216f8f0558ae6be59987502a29fbc592dc5f62a52b18839887a444 +Out = cf3cfc0aed5b91ddafd06f4b0663c155 + +In = 87533477e7196f58cf0505cf06cf9880ed6531e8633d3c4be7e9d4eefcec4187d2ccbff2226881255a8cf666fac34bbc3e6c31a3fd10e003d1f35c6378e9f75a7a6b17470cea3942356336532f34c5e1102e426daaebae80af62f6e119b8780cc85ac3e06d489e98a8 +Out = 5f43b8efec5f8a7e349c04e592714148 + +In = 45828e50ccc09922b71982c9dd9682a9e1dcf6b7b7a3088a636a8cb40469285212c8b8e2e40ef05575dc436567db042948f3cce715be1b29fc3c421366c880f3354a6b1a4aaf91eb4b966031a34c43b6cafb0e11c61e9cbff238b675fec637b537726ea00889c40bc1af +Out = 921dbb1a3813f98c6fecdd66429c33b6 + +In = 0f55d0708ea8aaa1f6b7e9e7600a7dbe62add91d28eca659c75ab946cf18439f1f5348a8fe0f53116723671ea38538051ec89b9873e33c23c9348f9862c509e971cd8fb62c7a2f2823ed0e1dd087a1856f63200b102338f9eaf00155f2bc2f50acca8ce24171a6aed31dc4 +Out = fe7707c6ffcb18b321cad4268f0e47e1 + +In = f532cfe60ad57d5b728ada11233db2fa570e34d6e254ea54c3e2ef7af98a5c4698e003961b406045fc13cc97824df4d7db3a8a3e6a7b3a17624ce0219408f83585ee5528c42517f37afed711437a24293c0c33ed5e9fd2420adb9ea1e4a476bde5e42f66ac8b89ad15d46249 +Out = af13516966e1509a79559ed22702b563 + +In = 3361a7d406329818320943c84c77059dbf8ac4b4c1f382d6856431fcb23cc912156699fc927edad761368a8177f9785b41ce9b4d987ea70bf2f9e297d5f6340892da7e892fdb2da4a5650fc14cbc65e993e439d0f4bef213277325be9615ae1112840084c48fb908665c7a90b3 +Out = 0d31647ea4c5f0f4bc981c93bd4f5f55 + +In = 0cb4c13ec85d7363f15a518399889783621099f6e33b49914e87ffdf50fa7a3639b622ea5dce8fc0ba584fa6dbc3e4a1fc6b0d066e6b47ed3db292e3115a78df52354c788fa8b05421bc59e40b72174e25570fab7a594b73eed976352401e08c9e58c94e2693db066daff8a5f33c +Out = dea0ec107ccacab24530c8676be1f47b + +In = bdd11f478abf985534834794ccf969e2090e07afead2c0b19dcfc9d9a09a328526a76bf7bc6106062c7abe13a180b93f0db20adbc8117a217aba88213a72aefdf783e65917c76d0e5f02c71e137403ed5eaf40aef3a7701bf5085c6915cce97bfa0c9956e51654d595c1699d68fdd0 +Out = a590401b84868b9643f46a261f88af2a + +In = d80e1b1a18db4feb9f9767fba330ecc38710e92f5a9795aca1c83282564235643072a7452508cb6e2ea701ce4ae1ea91c562cdf4ba6b3a57d783ed936069f48f764c150e9a3e6acb6de74ec8b9767de3b5dd76aa853e247001a0bea1b7e7ec5233032b1c7e67722be4bd1692fad8ebe1 +Out = 29ec417e5b84748bfca63564a4ee396e + +In = 46b9791df7c72bb0829d88411c2a0f5eea91ab5ac3d993a038e66f48d1a8bce89a9271adde4ee3aa33afe66fb6e735de98fa143ada7233815455d6fcfc54331465451b6786d3dd1bbd746872149caf9fc23152d9f53e7aadceeb0498adade3d5b0babf7476c0e2ac29d65572bbb3464a6f +Out = fdc00e8a84cafd60f6adb4105dcf1f91 + +In = f2e2e8c9fbd7201e4653cdeaa33d50e08588df2cfb571cb4e264ec9e5aa286127621ca413832d5a6bccdd28bb32f12d013c760e80d538e24404754342c6e5bebe9d3944218e2cea01bcb885881270373c4de9cb1374859ca3a92c2f9b064f2bbb3c0edd5862e3494ca169758f56d4b540193 +Out = 0260be4857782edb5993dca908972de9 + +In = b17977aced3a1184b14b0e41a04dd8b513c925ca19211e1abdc6c1b987ac845545fb3b820a083b4f7883c01d3bf28cb1d65dd187a24b516913eec4413e9b7a2c987d41cf018989ee01b4c63a5164166b9d25248f889e4ca2f1c3005e744c6a543465523cd8a7438ad447e942ea8dbe0cf088e6 +Out = 0c80f62f0bce5ce7691f7ef5ac030570 + +In = 14790ff0914cf26deb136019423c9d791a09747eb19329aa910eae74614e19ee008a56a5d56119c8601a178d153076d16b0e82ff3017a1321fe9899eb4e3b02c3fe504643856dd90d26c301ed2a70547a29f2beea1002acbbed379c845fff1abf80f82f66235250b688f119421aa3222e845d714 +Out = 180b94e0c7dbf8f92cecdcd153144959 + +In = 422332e171598833bcf48512df8fe793a795fe170404602a6070ddab2f4ab52ec762099e72ab9027c23e8b5225a2fb72b94b11406260e6c219c26c718749a59ad2511205b7756fd5d99a9daf5830e01ea6b44a3696797778b6a97bf6df8619b80af6365d653f8c05a70fa36fa0bffd5f14d89143c9 +Out = 18bc40d359a6d6e9a0f83a079dd35c4d + +In = 2265498645181a92e52f375b67445bfe8dec5f46fff465152bea57054fdf904ed46cd8ebdef396f82127415ff6cf18b3aec7135c264719f59b6773f2c0e381860e1cabc45c609b04af6ba988532e975f2bcf7f8a45f0095eb134e12994ff6918787eab58e6e8917c3703581fa7e942caab0c8b188578 +Out = fb3e3a867883478b0ce57988b449d15d + +In = 7ad0280104c1ec381f77f3e512eede76a59fd0d33446233f01e85a7fce15573fac6bcfb10e5bfa7721308fc3604cefbd63b5a025f7d1fe39746e2dd94b0552e9df4003f796b9fc1d2f05132956f16efc750bf330ce6500fec7955c5e84006e6fbb59ad1ac46458f2f000675f1c64c1fc86a9af3ddf8991 +Out = eeb8c3255db1bbc8ff19dd1d2166aee0 + +In = 408bb29980e78b8981b204d1d09338f179b6b11b7a727ef378298594b1701bd33270d2c74a8c92893e45ec383e5aaa409833abdc2c7feeda201dec9fd5382b6a19b710dd9ed4f5b9aa0a7be9113521c261f516895c534c35aba7ce77d0b953f85d2613e26305d9a12ecb5aeb2f6cc5fd3ac39b28f234c18d +Out = c26ed296dd0c193ca7c6e7c458de9d64 + +In = c8a49c7f25343031ff109f1ed01759c0b642857723875088d6fd85650a405f2fed179b795354d04facfc037633a876f6692bc2d6c27525279eb81d447ac9365768c8201fbc0304f1091818fd4c5a72d366761a26d05762cf8a467a1454563f2b21ff54fac9097421feab063a81f5f25f956bb4edb5f3af8882 +Out = 5a70dc0967a8888868426d55b3a38c7e + +In = 507007d1727fbc4e6a8eebe47c1d2aa40273b1b61a85b1569c19e71d4f2b70825c90dfa002d98d3a8c7a30fc802caf031a8f35a0f8148559171a8d31fe573d2a397a9907090e0d565aa201aef527ae36f799306682e2dc12b2fbd3a4d354d7a9d1765e8fefe7e5acbc4d878344d7ce4383d9c9911fb65f875603 +Out = 3cbe0f7d4945d5fe01c56b2d3fd02d47 + +In = f6bece16c4554441da934e18bdf5451a3d1c180f59204bf65d26403f4d35b63a86458fd0a399d6719e4f004d373672c79adf44263cf7458e06d33f30b54d7cbd81cf8820fcad396c3eb8ed133f10135a8439ed09fe7193672f413c658e53b91a2d83426f9938751c01f59cd39b2b2fba44529a1f67373f681f98bf +Out = 5cf7162112ce8fa0a69996153a8a37e4 + +In = 985285fae3fa2a6d9fc9fe724dc24350ea856ebb2d7d88a40a5ad4557ac2b2bc7e43c307618d4e723edee25dc3bd3da234eb6d25b39735adbed1b2f2f9413ef72e199599924837684af10db72d1b4eefccaaa429af8e8bfbe23afa91b1574600afba43d8fd94acf8c8e9c5a714443ee0b8a85becaac952377d7cf55c +Out = 3701f0d8da5ca00fecc32fc52ed08311 + +In = 117666695855f097ab032f45a9364efa87dfce4e555ce1b483ef1498a36f31aa703d6479107a9c439677340bcb6dd3ed2e6f91af399c5b98e6999885723f0c396190fdf5c2f09548b49288292930f743eaff9390dce2052981dd8e5dc1cdea00eb577b05f71fa3500e3a72c54ce581a5c4771d1ac494a8105ba43d4719 +Out = 4712859d533486608b32d665f02982d0 + +In = 566d841ee05768c62ce5a78e86030c6336a7439755594587dff2177b09a4b4cdd43a484ee2a19ee588a8dc7926046e11b397403a9cf230aacf18c322128416999a6e1896d94bf7de9793d84f44c6cb0c8db1feda2dee31ca06aa691970aae954d1905ebf6e5b5af8802e03d88b520d9aeb7de53faf552f30ab307326c91e +Out = a7689c5485a0e7503990b6cb8d7d2778 + +In = 44d9a1a7a7dd4cbc6009051aebb65084125860afbf0489ee0f2ff80fa7b9a27f4b2a7ab5ad3be7ce82987575dbe4cb06b3fdddf3c4826266a0938928fcd8e7c14fc5b4e19c1c38fe8bb3803fbf77559964b16f380788e520abc7e81419e1b1b67733b8f11c882794a3e28e3f3e78d8834dfb7e45301dfa6359547f9ba5dbe7 +Out = 1cb05aab531e549214aca9a522dbd880 + +In = d001753414c6ac3943c162613201ba4dcf4fac2960606385104fe360a74aef86998b2a1d42897c7a7070b73922cf7b8c8f9157d36a2f306d6524e7cef4a036d25380db51ca7ef9f430a5bb47ae093a0fc5b4a1dd92e38fe35173bc072196e03606cad0fb340cea508b48b4b45e15c07d789fd37061e4458fdd24ab32b692b459 +Out = 1ef6463fee4fa79aba911967a32e692f + +In = 3c8943238ca224403006462eaff08b9226dd0d7299910f52875c339dc19bed477c8137b1a41886cd7382fd824385e152a0474e3aa25528d979ea53d54a6f277b3a3e1ea5c8abd0e15f4522cf2b59bacb2db8b6cc8aba9d8c298395ea7c85d78c9e4661c89f64eac51cd61bdd1274fc46f3baadf2fac956b3bcae60a301e7e6c3d1 +Out = f0a9566889259e0357d0f9111854d9d4 + +In = 93fdfb3cfda1ac94f20dc95c83dc129f9f14072ee5a85a43b741a565903d598b97f8f684744b829662533466857470177f9df8b63ecd60d617d6c2771961b42d9b32777e18ad718b3d99ddf33f25c2f4722821d318ad737e76af53712e2177d6c832e4f092ce62b9aa682eca59f7f07ca23eec4d1b517c85fc55be1976878acf4680 +Out = 32f96dbd1b30644a05413ae0ad892555 + +In = ad26e1281d5612990144bb80df2ac37de947f9728b274be4402638a4a93088aee0ca3a510a56be902b9264c93f63159486d141ee1f521897d84bfdb845d437c90fbceab28fcc46309b50ff7ba0d4fd26f12c54465fb776d60ae4a85a77f4b2c3e202db93d5411441f98674df2d06e4fad5601cc274dece6a7ef720d26719606400a6f3 +Out = 3c75bbe0221272a5ec4c606812616c32 + +In = 25c1b2c065b7eef15d6947dc038af5e3fcb17f81aa52dfdd66ede19f0a85cc02b354442ac5bd6fb92f82579df0378f2bdaf71a72955588c9e89562ab341dc8c54126594c3db7539402d4fbdf98f34073fbaf9bef1ec039de2f2b5c8d1db6ff1a589fb9ced88de3ac60c7fd4a04a44ee0e943cb9f4c7b3a44c51597eccd39b72a7f272b57 +Out = 19d5f80b7fa46d61f6d4f7fa8035e115 + +In = e49706130f266af2946e496e0e722a494a9966c09eb124b37c33880646c92847640dc091959426b0822b80859960b4ac1845205d68708c90ad465c659b7a0ac28bd0d43ece27b23e41b68b5d2196a8122180698dbad937e1c3ebb96841764b638067ace263e7f6e4f897d4be4f1aefc18dd5a9173cf20eeee5ab07d9e1c5d1726c5aae45fb +Out = 88aaefdc72313bafbfa868feff53cdc9 + +In = a9aa9635a131f96c2282cbe23df753d01aae8866f57f3063673145e4e7ed9c7990f2c97e258b3da9523eb1df3447c84c1c45efb290328801939849292702de2c0fb1d677d991bc721c6c8456ff5c2a3ffa869582e105c1401e251d3b3dd232e9af5086c7c72cc0f009720ceea420c1d03ddb427ceee122478f3f8bc33444e0d8f635a117f742 +Out = f21f8bad47c06af5b968e83c7c7a6ca5 + +In = 5f7737d0a8a5cde906d1bff195703da824e7a837464e4816a774412d9d23c33affa582723a86666ba19c833905454bd886f002caa8df7300aa2be2fe1308413b8d4aa7c6f628fd2fb540fba54adc535c29742b32c974d191f83eaa9771736c74b06f8d140512fcffe8c60e7d8cbdbbfdb77b0ab7d095ca913ab8833fe0ecacaf111a1ea48fccc9 +Out = 67fb9e1b7469ecba15d43309e96a9a26 + +In = 5b2f29497050e5fbe78e845097b1c3da5c7678efc77addaa135a2c335b196c400bc28adc954eab6865c7c1df16ae5c5ee69bc4e36723445478fec8c47469abf3a9caca130c93ddd22a6807946284ab00525982bf8f76ea8099ae81400e77f3c81d9010773ee7224120b97df8e3fb57ca88f9da0ca63d78365eb27f2e9009edc94f5c858f931122be +Out = b829a25a9e73fdc82cbd43aee2247f7a + +In = ec3b7ed4671b26402cec9591a7773cfc82d0b644c8e309e84b50289b4379bcf437d823672197b974cd5a571e82601a9fe4ca665a193a2a112ba06558ad51e949a25a5f7a9a138b2c1ef7d1c54eb2f881c97c2f64cda64d73a0725d232e285a12f36637f51bb822d1e8680a6f55985f0af98d194a2d4efb76716e19e50c2698b5f3a7b5c0ecad08ccf3 +Out = d72fdcf12946460a0f5731de3ec06ec4 + +In = c73393b8ee0f52c23a2e29e329aa1a1f7fc6adf78b244a3bad38e62015fce292cde52fcbfa16b7255fd5f82c223bf2f8d32f44baaa95929410c229ae6133e686f17f54874d8b14dec3fd828924f395b0c8f40739d327b697b7c24be2fac6192d3aea48146ed432946e8f0d20b63acbf066fd3e9d8e4280eba92192e5671b4330b00c5399e55bd9f06974 +Out = 2a41a378c52712e73094a19ad0ce03f4 + +In = ae6e347bcf8d95681da09ebfff868b60253e2a716b41df520015ecd3c71fefa5fdb9ac0f1d840de200ff67af4959ff370084cd237d8b80f68825c23fbe8abc133785ddba65cbd7a93f8bebb09f466775e9e16d21eef9f55910761570a66381dba2fd4ee57109fba4226bb12bcbf5ca01287d91d286324865df3070ce475144e5864687f607e77fbaf1c842 +Out = f5406549788a55d25950fc88f89a6d1c + +In = 1c991670df4762c9606c43779f106eee955e36c3d2b3526165f5dffefc26a9cd4c39a675b324c3c31c36e39b24ab25357b7e66868c7e08fb60a4f16dbfa4d65299c2b930a5e7b05848f4e9d0b856eb9161db1ef288c38e652e1bec613746d69fcbdd5789fdb9b2f0aa4d5bfda439476a101d65f10dab6d059701d8c1aa352f1eaa31896802c150f30cea430a +Out = c8a695da4acd0cab62c743a13cca569e + +In = 0435139767d033a04a6dcbcc27ef43b4c940e63f033b3bb1a1ca92e49f4bddd49939c1628308ed519a50ab959a2eb4cd32e8490eb5cf7fe2126adb9006d01e9e90566295a66a660426bf27c70fabb089f1cd3288a2f257983339d46b22763e0fd1d51eb837c047c0d60267eced2cddf1ee37ca37326c6bdcec81a6fc5c05e23045fe1c54a0d0378e9260948b9c +Out = fca70413d3798cd2563da6c8e348c570 + +In = 0dafd5f0ef32170c2dfb6e3185e71539b2ce55dfd759022e21134839a8c3a80d97fa3de48de8449b4373db666e8b09c3e7b7ffac09f49d115ac038856e729b3809cc4b2584d3108c72deb0a383eefe89a83d137b771adc4ad2f3d50cc3b41312ab50881b9c9c83c70364764f8ab9fc723c881ab3ea71c5c1ced5a5376f311985c4ab7b2e9ceba5353e2cb4d14c93 +Out = 90ddcfe28cf08ccc8c129be1d1b45bef + +In = 8d50b1c455f21bd0925cc07910b57a3f2299c2c99e11d17c2ac2044cb66485d24a76289f023093d157baa2e49f9b0acad7743c3da1ee8c5489f192548c17d0c9db6096d6dc2723ca72540df37ed4e3b7a64610e055f7023802118c56b60f89b7c874c311ebbd13e36c94c951b4464d2f1477075cc2157d511e8abbf93a36f8c49a1c76f738dbaa46cbe19da449db92 +Out = c8c416c086849ce94db149e8c11fe7ec + +In = d6fbfe4d47d71b22842e30d4d9269bda380266a593f3c81e8a30ef4f4648fc60a5b750c697b806b7c85bc0e17fd7a75bc621addccbbe162b86d536d69c887c278384af54e7d778f64d0321bcf7509c610766c7dbe71aeed6e7899160286368e6ba8aa55f01dc79c75d4cd9cf093882d344f73b0cafb15a07f7738955b382ca8590f0b94fab6e11123e6172817f386298 +Out = 2fcdc92660425ec5d5385280ea201194 + +In = 6a9019fc8e1eca20bcfb370ab24421445a86e97b426ba73d4c997701a7d71368fd71a7c2eedee0d4bea146d94a6dcdc6418ca6d290825b361eed1b31baaf5350524f7eec659d3df4ba95aaed5386e9369d740191e9baeadf1ff3e82bb11b17eacff24681daa108081aa0094eb3d79f1dd504a1bf345c7cc0b87583f6756387bfdd22a88a34346a99458a0c0554a8150253 +Out = 67406422554ca2cdae7d92157ff8c888 + +In = 83fabe6b289596285eeaec662848e584f2b285441086c887675cee586a31162c49c50e6864416a24061dd32f5041a253736aaeda23d061504806128bf6218ee99f1cf8d9877bd49d792f5e4eb9ba20203993c3e70fcc26da27f2ad973535dc68eec824c5788bfc1a1fe834ca49fa8673acf56f74bec23dac6de9688511b425319f9239341fb90b23600ffeabea4bfdd43457 +Out = e2b709e60f5e1d8ccb21a79e7c117bf0 + +In = 4f03eb5814853935680c59fae9516e4e7c381d4e8e04f16da0c7fe7e021dc50fde1a58f97981bf35b63799f1dcf706e39846c5de46aa9aa36c17f3f987aaca000b9acdc2a56bbd0bc364147b5644ead9d63119aa87f1a002fc5c459bd9117f24dd6992db1fa9fc5e977c10bee1a0e1d63edf61dbdc41ca3457803d8b7fbca9245c70ef6d6fa544d73b65d6e50473b282d739e5 +Out = 6c41bc961c02b8deec7cd98bc65494b4 + +In = 3d74ee502b47d8a81ace8614ba87cf1a435a4dffb9ccbe976e75aa5bc8b447bc44a199b7bb43ddaae50428661b614c8561e6fbfea35a2ff63f37c8d9c45d77aaf906dc9722fdebd17e0b949a14b2a3a0b01ee58928598ccfe3bed4ce9cb0e71b648cfe18e6dbcac5efcd12d92ee39d1238eb52c9ce319ec963f41661d9175eb88c1949619147412f4030ea4bef5a028301338ce5 +Out = 13e5b6a3816628dbdf519187f851c3ee + +In = c3cba960bdd0073e74f01608731e4a6f72c1c12b1d65264a17b0d5c83f983f5f32d490a0119090438465c7bcfe88e50f434261e428a05fde9a6bd729e25af4522787ba5c3520ec107d5f2d945cbc653fa06166ac48ded00d8b1e31c21c99712badcc6ebab2e6e34c67c58eb9142092a98f061aaa03873f80f1b12cbc74be7f91c98bf3e20e4c3c9f4a7f3352ae1e33f51b19c307e4 +Out = 2acd2d70aae90cb75126b3ae89564ea1 + +In = c4d91eb7e3e5fc50bda9fbb897279eb430f0c7f099a12a9e47ae0260675e026871178fdd00dc2c81e11436926a8dd1ee0dc0227a2d57bfc32fec63e6d514e7aec79c6dfd7312df6d178798361c946053a69b9ee0694fc9c7be77209bf6ef9bc4eeef21dde38ffb5a888b896e5644332c2408a3ecf79331f01bd69f4773f707f20d981146f95c69915ca77100c0a633c0ae9099647f2b +Out = 8067a8cc08465b4297e1eda12fbb37db + +In = cba06a5ef87af99bc3cc1f0ff3d76d193c0dddda06c5b58f7032ae1e939656ee0bb3b3fcb482292cb1289dddb326dbbf77d035e991006d26690bd69083f4b56103e0ed0570cadc74b87880be74aedee76ea1a4f660ae0d49ff4c052b38408ea9ba1062a1b4b9d91be0a40edcc0d73d392869702afc385b9f3bde84173ce0a76e382958f609b7eaca3195905f1e09c25cad0ee2acec0420 +Out = 942a63e059f5896cf029eb58b9fc2643 + +In = e00e40e9e5febbda27345f5ba01902b8f800be714107473ee43e7b51db0c3bdb21ce7ad167c093f00921e0ff4092885499c09899a64256d0f3c5d2953b66bda3dc5f7e9a89e683003f52d5857a80f08ba875d1e5de4450dfca32b07fe919750bf90a75cbb2363210b10f6776b5aae1650d6890de51d5de7451d03f984bed0a1a611787ed497a492b47a0be5858d904ebb0e1fe0a67bda896 +Out = 554a139b58c24dd2ccd00d943638d7c5 + +In = a4846a5b1006d38c7531851ffa207a390534e352fec1128857069639c963a8d0e0c6c6dfb9679d6f0bb52c94648f2744b5b899681185ce34b2d970b43d53f0a846c6279217ea3e0dad51cb60049c3c5395ee79421ca1c56f9e38e59cab9585dae16dd79cb1f87d0f66eda9ae62ad8311abbecb05a77cbfe2240b3f199b902f0db6a11d240ffa231d3b710fa4072cc2230111d6dc3b7e84354b +Out = a44d7cf5ce2619161b742a7d2c198be9 + +In = 290cb37bd8d4136fff966fb5630a6fe38fa4872f326779e1c3fe1b0866095a6c13b57fc5f58fb12a109abbcc279e10e4ddc40cea1a607d08b00e62ce3f00f3275696e18cda2fde77ac40601b86a3a2522631ecd7af9215b54c5446ff163b00c238d86138505da33e19b0e50848be2e14b312af5cb8a648d0ddf94e03b4618c2502a387311fc10767a013d2fd3499bb12cc90dbe3ff431f41ac24 +Out = 2fbada4ccfcfd91d3cc28e58562b2c96 + +In = 0b2daa7b5f1a66fa08f0ad096b53220f6772c8562e8c71b253b4796424d1b33d39e8a4074d9eef204df81168af664e5d0500eb85d20f9e0d9ccf43af4273d0d9906a8b0b11e17b8024891c12529a5758df18b0119f55c2c50bb7e8a994bb3ec4383ac85052ebf063b62a36cefdf723451e427ec13f66c323caf3d11ac2b0e34658e0c19eb9c5380f2b63c76558869b6fe906be5e574a8b6ffe0b65 +Out = 0e8258e842021f27a4f509151b2d2adf + +In = 4c386d97ace346b2a06faab35663ce8a4c54c295b5b9f6161efafce451ca8f617ab7d5ab88ffe117d6a67cdb0bc5250a3f2556c65f0c09b1d2577ba45cc930a443a33711b175af215a338a8d5e8b918a7176a8fb390e54e5f79f7a236a006a5bf1241b30efecb8b9733f5c32195d1bf22b70419d0c65de9bd7f982c94317456eca610a700a0d05c86bf27b3302e2c92ab53ba815a0b9afbcb88e1afe +Out = ac71d8e087ae133f3da590e1a2b54d48 + +In = 51d83cd6a58e428b72a7ba21fd64ad0747cfcfb7344ebde9ec798307822961e2d4d1cfa3b212be04428921c0a2ecac47d055dbb7c7dd3708eb6dd586a7d11f85550ed6505ef65862a2f91fd91a3e8b27bbf3e10b9ee193c05f43c274c3d801fb9d375cc5f263990d5b9fbd54ab83d20ed250e89b01815a780fa252b71c658fac74f366eab580076e352202199ee30a64db15f84f38e5139ac4338e38fa +Out = e6521aaeed7a34a1d90bf96b57436122 + +In = de1a0cb3f86e6db7b7121d17851aec36cd96bc38b072da09fa9b8ea15463f087bb27fe94302fecfab1d5bb8569ea0d202455389a05fd99aa7bea2b3171a757c0c5ea0e5afc76167b3441a15859d224699cee66252173d80df88424eb4fe6085ce6aa658cc30d9341269cf81bbf9cd91a1fa86f606d9c3e385ab2a25856ebab6305b12ab2ecba0c54712fe753020ed33994cd7bd34f40743587bccdfeef7d +Out = 28377f8e69d70ef26124d852686c93f4 + +In = 812a535be7c8484fd3ee5acc80b9c377138ce6732b5885cdb91b341812a70e5442a5a615a3d941e1afa842d913d7e59b04953068d6bc2782cb5440d8295916e58fbd61d688b126eb61212b1f387dae0b56bf5608bfaa6a94064f41f766d6fa260f7b6de7bed760369061ffe71834868eaf13419c0baab6ca141621bbf2a820dc6be6b0906cd3588ae571a479da83d5ebb897d76be54473ed9ab1c66df556f2 +Out = 6788c3fb69eaae58cc8fb2706f8487d7 + +In = d67c7b5a16092b862469ac62b297dce62b621c7f95c35404bc6e38eb8da7cabdc05720c7ba5f6813b12c2996118bccab1ebf5ac0dbd2874f2b28f011375aa16e0f41da379450139795273d4738664b029cbff139bc50ab07972f02678e460ba50d6130126d8532fc19846fddf0ce61d3eb8a685000e5c91346aaf6575914104a00e0aac00da5d029856847c0016b17065447476f6e3ae85b81c25547626bb845 +Out = 8e397d263b820763fa2eefc4ebe7da9c + +In = 11ec5b788ef8e8feba7a92b3bf42f39d182e8817480704d1cca6ea184e5b5a581b8f2bdfd7a73be3702c03c750296f9ad7d5ece10872c2968275a470b2e78565480bae6ee7410e8a212ad105a20d34faab7a9717c32dd3a0a934cfb68c554eda7eaa0bad278e08f9b6bd23f51db6eac57e64b041e0fee1f7272c9273436b5cbea7b26b24fd56d23a182b21202aec3a0437dc60e7c9ae91a4e6a2162e3ff25819aa +Out = 5b8d71a40d39a84644888577b8e36702 + +In = d69c572c0ff38e1acc65839b6b6333c870f6d80284ae0e88bedc3448220015f66785c75cfeacd4f14fc798ac46a7ea1a0e57ffaf1c0b8a5a7053285b1794fc59f5b996afc1261a0851ed9e2b1845d318ed38e8530d9bab806443f230087639fb07a08ccf6247a88759415dbfe92536e794ff5c976048b8222215586efc8e140325a27161e8f9c597f02a9c11c22f5bb28b1623231cf8f86a332f23befcc4d499d727 +Out = ba052f0712f398e3689421d1e3fd9632 + +In = 356068e7143f9e1079afb0f1d2f71a2710d6f47dab721675e7917f24570bf8439f80f4847d46bb220ba5c7bc3e476e63b3eac2f2ab58b69d549982cd4a67482c5de2f7fb958570ac7359e7ad7a688c82ee756b16dcea91535a1271f01088868af7f039f761e404d73a31d86b8d44bcab49dfb8924611f1bd83641534b258f988f610811eeb4cc1cae797619f7fc246064d906e0ef1b31c0356f7364237beeb4be1ac98 +Out = 19dad5c027dd8b7b92aaa19b26d004c6 + +In = 5fa787ee1349a3d102f0919c2542b13d7bcea5e25041b1c7bfdc684c7625854bb9dd17a8aa33e12ac7370089b491cec83b7307c491cc2a0edabf22f6f05326e8606cdefcb6fac7c8fb70d8797b786622cce445530be830ee69876a36e64ca6295d3a2510c1051e54a6836293035d40f3360aa6b648fe8a0f731e8834e178cdb5b731330c52bead75d057e600d3a925e481cc7416d074011a006bc41a693f623576385219 +Out = ddb5585952baa3f4571fe1eaab700ca2 + +In = cdb093f88db6efd65c4b69ff5a20bcd1c19a88ffc5275386bed3cde2881658812af0c778b738667572323bf4355f8cb61499a26f3d5fccc0226da664db8f9aaec5b8a833704e63c4b8c93c9f317c03e5c9b2ab4fa8fd4e1d5bcb7050323a8819e62ebd917fa0edaa7539f366161f2a47270f2d06ceace188b016b60d56bf29abd57a8efbaed50c12f3a9e9b2abef07c278d5affc77128ee66876fd030fc5864ad9c5a3d7c3 +Out = 2820a119caa0001cb0eb3a457d74f960 + +In = e4e932fc9907620ebebffd32b10fda7890a5bc20e5f41d5589882a18c2960e7aafd8730ee697469e5b0abb1d84de92ddba169802e31570374ef9939fde2b960e6b34ac7a65d36bacba4cd33bfa028cbbba486f32367548cb3a36dacf422924d0e0a7e3285ee158a2a42e4b765da3507b56e54998263b2c7b14e7078e35b74127d5d7220018e995e6e1572db5f3e8678357922f1cfd90a5afa6b420c600fd737b136c70e9dd14 +Out = 459ce4fa824ee1910a678abc77c1f769 + +In = 18636f702f216b1b9302e59d82192f4e002f82d526c3f04cbd4f9b9f0bcd2535ed7a67d326da66bdf7fc821ef0fff1a905d56c81e4472856863908d104301133ad111e39552cd542ef78d9b35f20419b893f4a93aee848e9f86ae3fd53d27fea7fb1fc69631fa0f3a5ff51267785086ab4f682d42baf394b3b6992e9a0bb58a38ce0692df9bbaf183e18523ee1352c5fad817e0c04a3e1c476be7f5e92f482a6fb29cd4bbf09ea +Out = b7b9db481898f888e5ee4ed629859844 + +In = 5d9ff9fe63c328ddbe0c865ac6ba605c52a14ee8e4870ba320ce849283532f2551959e74cf1a54c8b30ed75dd92e076637e4ad5213b3574e73d6640bd6245bc121378174dccdaa769e6e4f2dc650e1166c775d0a982021c0b160fe9438098e86b6cdc786f2a6d1ef68751551f7e99773daa28598d9961002c0b47ab511c8707df69f9b32796b723bf7685251d2c0d08567ad4e8540ddcc1b8a1a01f6c92aaaadcaf42301d9e53463 +Out = f50af2684408915871948779a14c147c + +In = 38c0be76e7b60f262f1499e328e0519f864bbb9d134d00345d8942d0ab762c3936c0cd1896eca6b77b3c01089dd285e9f61708a62e5ea4bf57c50decda5c215fb18ac149d7ace09ffdfed91e7fbf068d96908e42cf1e7ee7bc001c7ee9e378a311e44311923de4681f24c92eb5f0fb13d07ef679ded3b733f402168dc050568dbf97fb79afe8db994874783e27ad8d040ba8e75343c6762c6793a42247eee5a6216b908817f5edbbdf +Out = e4786ad8f2ea9c8e420a6f50b5feec9a + +In = ec586d52ad2ced1f96bd9458a5a1f64bc1b4cce1fa52517513c9ebe63d0d0eeb26ae5da73208137e08baa22651599a01bc65cbaa467baeceb8cd013d71d0b2406534fe2e6619da3aa380928f6effb09f42ba1fb7048e90d7898f1dc259b52c51b2d2970cd0c70afb6cf8acba83fd01cc589b0f31bcf2bf3b8df7879d7d2546c514706f6cf97b6a6b6d0a37d018ba553108f0e240f70f03a0ccee86f76589c64594f6cf74679bc330ad9f +Out = 191a3710c72d11da7a2410bc73ba9d9f + +In = c201dfe59e03574476e3c220c971c1685ea96ea137daed2ac10845c54d8e6e53c307acdf956f1bdef3868ab53e758c7cbeb4cd02972ba311f998e5f3983000345c8947aa59b78bb301b6ecbe9808ee0de99ed0b938fc19f677997398bd84bcd6f34d5b4ed123d04a093a8f42c1700fa2472f1ecc00957761a2d296bda3d2cbc0f21d8ed4e4fb122b71db1d49a0f516c3402f6046d93de6dae20df7683462557abfbf88437c8678dfa2613b +Out = 464121895e5c9d85190bcee0437453dd + +In = bd34acd613e0e0da6bebc45ba73fefa0bd8aa8ebba34040a07944f29eb63adea527101b8cd960e58d9ecddc0643b5e2d8db55170ace4678892e0a57612c50a4dc0647189f839b9a1229e22e0353dfa707acb7ab893f4ebe8bb910cd14f21b8fb8e77c4f19db027e0cd685d60212e0d920b34e96b774bd54f0a0f4ce2ac5f001b4411c19ac2e3a03b63b454eb30f4ddbac959673260d370e708c32d5030682ad56a99322972ba6eda6be9d027 +Out = 8e167ceae101ea0b3b98175f66e46b0e + +In = 166b4fec6967c2a25f80c0075379978124833b84894c3cb3a538f649dcee08b8e41707901f6273a128cce964ac1e9b977bb7fe28de8bc2542c6c07109889cea84d34ada6bde8c8f5358afc46b5ef5db3009fe3a2efd860ed0ad6b540595246c27849abf7eafea9e5af42607519f3c51ddbc353bc633afec56aff69a0c953584d8ede684b4faefeb8be7d7db97e32bc1c35abb73ce3ba8425726d89f98e93ed93b67b4c6993ffafb789c1bbda8d +Out = eb2fa0e8e04e698ca511d6abf7de84fb + +In = 62c625d31a400c5ff092d6fd638f1ea911ad912f2aabffea2377b1d2af4efeb6eb2519c5d8482d530f41acdab0fbe43f9c27d357e4df3caa8189fa7745ff95f811ed13e6497a1040852a1149890216d078ee6eb34461cfa6693ba631dbefacf83ce5ba3f531ddeadba16ae50d6eedce20cca0b4b3278e16644535e0859676c3fd5d6b7d7df7bbe2316cc2bfa7f055fffc2835225976d9a737b9ac905a7affc544288b1b7d6dad92901162f4c6d90 +Out = bb0acc4423c1d8cfc788e748ade8d5fd + +In = 8af63bbe701b84ff9b0c9d2fd830e28b7d557af3fcf4874bb7b69f2116388090d70bff64a600427eeea22f7bee0324900fbce9b8752fe312d40f8a8485231da5d94694daadb3d6bf3e7f2cc83f67f52829cc9cf1d3fcc87d42b3d20ec2e27cb135aee068acbca68734ac7a5ff3e3bd1a738e7be63de39e56aaaa6104f6fd077c964ccc55cba41ca1783003883100e52f94096fdfdc6dcd63b3fd1db148fc24cda22640eb34f19ed4b113ad8a2144d3 +Out = 4a824cae0f236eab147bd6ebf66eafc2 + +In = a8c0f0e4afcda47e02afaaa2357c589e6b94168a6f6f142b019938186efa5b1b645bb4da032694b7376d54f4462e8c1ba5d6869d1003f3b9d98edc9f81c9dbd685058adb7a583c0b5c9debc224bb72c5982bfcdd67b4bdc57579e0467436c0a1b4c75a2d3cea034119455654f6ab7163ed9b61949d09da187d612b556fca724599a80c1970645023156f7df2e584f0bf4c2e9b08d98bb27a984fa7149c0b598adbb089e73f4f8d77f92248e419d0599f +Out = 4800f8f5e598a26ee05a0ea141f849d0 + +In = a035c12af3fb705602540bd0f4a00395e1625edf2d44af4a145b463585aba46b34ee3203eb9132842000f54dcd234e347c28486ea18414af2d3445916049403adfa3ed3906fdb3b27f2aa4bb149df405c12fb0bf0e1dacb79c50bec3fde2295fc8dd5c97ed46dd28475a80e27017dc50d9feff9b1a1861ac86371791037e49221923e6e44874962d9f18f1898a98ee5dec1e9eca6d7c1ad4166fbac41b2587caf7fef3e7be90c80aafed5f7a0928127321 +Out = 2d124d81a4a45ad9c0b91cca23cc2991 + +In = d41739834414a0792470d53dee0f3f6c5a197314d3a14d75278440048294eab69df6eb7a33c9f807b5082bd93eb29d76c92837f6a2d6c5c21a154c9c7f509ee04b662b099c501a76e404996fe2997163d1abdd73df019c35e06d45b144f4dbb0462fa13767f12f4e1b2bc605c20ce1b9d96c0c94726af953e154d14cb9c8c8aff719f40c7cf45f15c1445ba6c65215024b316d60435905a686929874c6148e64c4eccd90c3a1d1553d18ff57d6b536c58ec3 +Out = 551fc7eceeee151523be716538258e2e + +In = 5bbb333460ffac345e4d2bc2dba303ef75b85c57233590fabd22d547bf9e1d7a4ad43a286b2a4618a0bb42559808fd813bea376ceacc07e608167ad1b9ec7d7ae919fd2991464cf63570c7dfb299b61836bd73a29007cf1faa45b1e5539a00514272c35d58bb877526530187afbcf55a6f1757209c50af4eab96c2ab160e6ea75dc8d6ef4bf2bf3e7a4b3a7619db84efede22a0f960e701b14f0f44c89b18f2640017c05ef51bcf93942b8d3775d2980b80435 +Out = 2c98dce5b1ec5f1f23554a755fac7700 + +In = 8040a7296d7553886e5b25c7cf1f64a6a0a143185a83abf5c5813bef18008ec762e9bcc12ab7235552cf67274210b73942ac525f26364af431fc88cc34961169f6bf8872d864f360b9fbc27b18160d0578381db509e72e678402731157555bf9026b1325c1a34c136b863eab9a58ec720cedaa0049bfddb4863d03a6ca65f3dd4f9465c32b9db4d52f19e39f10ffdfe8c475032a2fe5e145ff524073d5ed617fa5e387325f7ab50fcf5cba40c2326bcf6a753019 +Out = c0bb8427ef0ca4e457d2887878d91310 + +In = cbaceb762e6c2f5f96052d4a681b899b84de459d198b3624bd35b471bdc59655b1405e9a5448b09e93e60941e486ad01d943e164f5655b97be28f75413c0ab08c099bd3650e33316234e8c83c012ad146b331e88fb037667e6e814e69e5f100b20417113c946a1116cc71ed7a3c87119623564d0d26c70dd5cfc75ef03acaea6f8c0e3f96877e0d599d8270635aee25be6d21b0522a82f4149ec8037edaf6b21709c7aafd580daaad00a0fd91fcfe6211d90abef95 +Out = 626bd9eb0982b6db884d38e8c234854e + +In = 1bbee570394bc18d0f8713c7149cabb84e0567dd184510e922d97f5fb96b045f494808c02014f06074bd45b8a8ad12b4cb448ec16285fb27670fce99914f100ad6f504c32fa40ab39beec306667f76f9ab98b3ec18c036b8f1b60d4457a9fe53cbab23a0ee64d72d8a03d6d8d67a9f2ff6eb1d85c25d8746c8b4858794e094e12f54ab80e5ba1f774be5c456810755ffb52415b5e8c6b776f5f37b8bcf5c9b5d0ad7e58a9d0fa938e67ad5aaee8c5f11ef2be3a41362 +Out = a489ab3eb43f65ffbd4d4c34169ee762 + +In = aeacffca0e87bfdb2e6e74bfb67c9c90a8b6fb918b9be164cafcab7d570d8cd693bd8ee47243d3cbdaf921ce4d6e9e09c8b6d762eb0507bd597d976f6243e1f5e0d839e75ea72e2780da0d5e9f72a7a9b397548f762c3837c6a7c5d74b2081705ba70ab91adb5758e6b94058f2b141d830ff7b007538fb3ad8233f9e5bcbf6adcdd20843ee08d6c7d53cc3a58f53f3fe0997539e2f51d92e56990daad76dc816fd013b6d225634db140e9d2bbe7f45830406e44fee9d59 +Out = 4eaa27b085d08fc6a7473e672ea2ca1b + +In = a22314d2173ca4d53897924c4b395f0ae52c7fff4880525cee9055f866879af35f22759903b779898676a216feefd4ed75d484f83c00b58383b9279e2732cbc2cb5479b72abee5b4ab0bd0c937537b7a47f461ad419225c6045cca10c191225f0e4389f3355cd3a0d2de822c9d6f3cf984147de3fd3d8a6c9a02a617ddac87114f770b16cc96289321782108d94a00b153bd40651809cabe6c32237a2389e321b67769e89676cdd6c060162592ecadebdd7512fa3bfece04 +Out = eea88229becc3608df892998b80cf57b + +In = f99bba3e3b14c8de38c8edecd9c983aa641320a251130f45596a00d2cfeefe7933f1a2c105c78627d782fd07a60001c06a286d14ec706dcdd8a232a613e1ea684ee7ef54dc903ec1c09c2c060bb0549a659fd47ae9e8b9cb3680b7c1c2d11ebf720209c06879d8f51d9ee1afafe263807c01bb9def83db879a89f7eb85c681c6c6cc58cc52893d0b131186cc3b9e16bad7d48c46a74abb492d475beb04c9fdc573cc454242c8534bcc7c822356ea558f9fa3ae3bb844415916 +Out = 5109746cb7a61482e6e28de02db1a4a5 + +In = 564da8460dc0c3d20b1fda3628349a399ba52446b5d3626fd0039ab282bc437b166f186b3c5e6c58ffb6bd95f8fe8b73c1b56a07ad37572eb6e148cfb7750760dcc03fac567ad7d3536d80922dda8ac4e118fc29c47ee3677183ea4e06242b6090864591c3ddaf4bef8c4cb52f8e3f35e4140034616faf21e831a9b8d68f5a841a0a52a2eb4f9ac9bb5b488766e251cdb0f29faeeed463640333ad948e7f3ad362948c68379740539f219d8f3ba069952efa0021d273a738aad0 +Out = f43552da8b2623a130196e70a770230d + +In = 8a54e8bf30eeb2e098955f2eef10af3c0a32391656fdff82120e4785bb35a629c8635e7e98c9eadfa93ed6760ae1d40313000dd85339b528cadfe28258a09e9976643a462477e6d022eb7f6a6338a8fdbf261c28e8ed43869f9a032f28b4d881fb202720bc42cf3b6d650211e35d53b4766a0f0dfd60d121fa05519211bb7d69bf5fcb124870cda8f17406747097fcb0a1968e907adb888341ea75b6fcfbb4d92ae8ce27b04a07a016df3399f330cb77a67040b847a68f33de0f16 +Out = c51c6e34cef091a05dfcf30d45b21536 + +In = 2a64753a74d768b82c5638a0b24ef0da181bc7d6e2c4ffdb0ae50d9c48ecfa0d90880974db5f9ac32a004e25c8186cd7d0e88439f0f652256c03e47f663eff0d5cb7c089f2167ff5f28df82f910badc5f4b3860af28cbb6a1c7af3fafa6dae5398d8e0a14165def78be77ee6948f7a4d8a64167271ed0352203082368de1cd874bd3b2e351b28170fdf42871590d9d179ce27c99f481f287820fd95ba60124517e907e78a9662e09519e3ef868ebdcca311700a603b04fae4afe4090 +Out = 2d2ee67938422ae12f8cfa8b2e744577 + +In = a7d645b70f27f01617e76abc2ae514164f18d6fd4f3464e71a7fc05a67e101a79b3b52d4ecfa3ddac6ec2a116d5222e8e536d9d90fffec9c1442679b06db8aa7c53dcde92006211b3dd779f83b6289f015c4cd21ca16ce83bb3ea162540bb012ee82bddef4722341454f5f59da3cd098a96abbbdc9a19202d61c7697979afa50deb22a9bb067ccb4a6fce51c930a7f4767cfaa9454c9c1832f83ee2318b0f0c95d761c079c0ca2dc28871229aef11f64199ca290b2b5e26d8c1c12ec1f +Out = ec989e0290fc737952de37dd1ebc01c6 + +In = 3436fe321f2a41478164b8b408a7a8f54ff2a79cb2020bf36118a2e3b3fca414bd42e55624cc4f402f909016209b10f0c55626194a098bb6519d0fa844a68ab3eaa116df39797b1e6c51eb30557df0c4f3d1a2e0471f1d8264fb3288c6c15dcde4daf795083aad2b5f2d31c84c542fb702ea83b7524ca9a1c1b9754ade5604abd375f23f3916cdad31aecaa7b028b7121a2a316713991759925f3fb8366c6795defa6ea77416c4ed095c1f9527026f1d621815b8310d4ff3fc76f798760b +Out = bb5e48212442ad7ae83697092024c22b + +In = 01bdb4f89f84b728a9d6b3a03f60709900571c1a2a0f912702cad73677ceeae202babde3d0197e3e23381cb9f6350792e05937703aa76f9a84b5c36705bb58f6b2ea6b1e51ff94a8de174cbc2ec5ae9ad2627a8b3ea45f162b727a7639f71a4cd9f6c6926a5d81d0a21c4c923037ed199f1aef517e2eea03bea9044c5baab84e3f85d625635bcb1c37ef232144b44c770f2b9dab416b96c906016acfb3fbba62ab40a4c08323fcf66437d953b164541cea3a8c81d186eed0cb23b3e98813a9 +Out = 8bb7ffa4572616f3bc7c33bd70bbcd59 + +In = 9ae51ed483306c9a5a6db027f03cd4472cf3a71df5f1e11852306123d01ab81c259eeb88128275858efb8cff207ba5278dca3a21b358cbfdb5d223e958f3dca5ad9d2537f128c3dfb1fa564d3157de120f7b7d5524e67fc7abf897d9a5bd6b2c7c0a5348e6c95e920c919778ec7a86effb2ff91f0f44045c7dca46597e216e98d80efe25ba0d4f84e7e9d5e81689a5a6990d34e83e1a62a67371b7d2adc7ecd30ad1ad35359e9d9f8a299b057a2f441e313eb819770fa18cd41572adf856edc4 +Out = e7f66f49f70d506a9b5508cc50f65cf2 + +In = 899c81ea1162514ea7a2d3487d0efcc4648a3067f891131918d59cc19a266b4f3c955c00ddd95cddedf27b86220c432d6ca548e52cf2011da17fd667a2177a7f93e37b8892d51898f1485277e9e046a48cb8b999fcbcf550db53d40602421a3f76cd070a971e2d869beb80a53b54ac30ac0aab0cd1b696bbaf99bb25216ff199cd9a280f567c44b0d4252c98812e1ddab4e445c414aa8d650598b64d6768a7948093051e36b7051c823c7ed6213743a98d8eaf4b2b5e8157c699ea053cf4e53877 +Out = 52173b139c76a744b7a4d2221d4178c4 + +In = e50422869373abac1c26e738fb3ccb577b65975a7998ba096b04ef3aa148ada2cbe6beeabcf52d056d1766c245ab999d97445fdb6d59a0d6843eb4959752c89fe07b8411ddcfebef509482b8896bb43de7c875b29da52606b278b8704c62154b2da9bb237e68aa10cb85814250e4e4de73da200991e51241fd9a45f446de5a4bb959ad4727283510e9d2ac8a207ef0284163aa05d27f2d316e8ca1480f30604a8d74a0a661775398af644bb584a1a2c55c4959d0e7dd3f7c0c3614962fbeefeeafe0 +Out = f4c517a82c850c3c4c96d23a8f3106b8 + +In = 066febbe205ea342cde69fd4c72889442e14a5977d886252bdbc2ff5f8dd8fc5f1f870ce121ab929a6b6227b484648be9b3501443cfdecf8f58d4de834ed1800bb244c18985a8232583ac6fc789aa59d1c5e87ad03994085bbf6e1ba1157d4e4ccbb28a49b6529e54b3b34613d6cc9671855e2dcbba6838176c093737962eaf88c85ab780184d4cae78013b28103dca7f7e3b8d94a6ae0728db30a1c535783c4644a7e9eb4ffac6a95d30cf52ba805e220d0b2aa9a2e7de26a97efbd877ec6d1bad148 +Out = bac7162dc8328911fa639f26ba952ab0 + +In = ccf92b17b9cf0d8577c1f3db9c19d3c86f16bab4058611f6aa97204783ebd07671eab55e375c4b16e03780675bb5738369aa7cf3b9156cd250f516392f5e0efa30cbb09132b66457756621f947093029e10233938c846513086023252d1bac9dd3442598f004e0b200f7dd79aa3a9122a0c6e77bc7fc8521988050f3c64b32c620fc1b5bba6f458e4791bdcfca731fd66e9da093b1a45264c8ffa48b3f1628dfe19c9ac1d71f1d5214ddc7e4f0da60ae122f67c394a55645628228d5e3a3174fdccbaab4 +Out = 19a9eadf9c7c000fe340603f27bd830b + +In = a37dcfab50a317e6a7cc51524b5d611a53652b59fc7df0229af3dac4d527d54c1134a14b2ed325d9727d07d9c3d0797f1a34561034be6de98b551dc384132235eaedae7a9b97bb7581a2a0f2c4e8e32f3e294f9b30f646dd33ce58187188146e14f01dc3ffb581c3bc834726b66c4732a98c3f8256ed22077ba8b34c024d53fe798517abc2f61eca0c6722fc02254c9141a54d4e106aaa6d4b2957e6a12c88ed00f4c4bc4c223b92579859fc0edb9b53f0bba286c53786198c9b6c6eb5eb5b4490844b7d06 +Out = b9e1455d06233d14b8d3020441351a76 + +In = 0248b909e1f31ee855a03b6c81366757aa3732d2eca0b06a2b1015584c2d8205a4431fcdb02f6a03077ccf368ecb78b3eb78664b3c7ac157088b6cf9758adda4bc1d2cdedb9a69448a2833cf6f21865795bbd5551be859ed297aa82c288b898e331c07c3c8fcc4b2c4ec90bf8e003a499248a677f1b020357625f079cdf92fcbef89d904e11d23569e0f0e8c52303c93c867023a269bc036d8d36d69ca9c7664daacc92a8dc42c3600dbd4c02278333d216011252271def835ce4783883c0760dbcc00bc33bb +Out = ea4606777e21f27d4ae860b3c25283b7 + +In = ce283768aa91488c75c71ee80a4df9495377b6a9ae3351a5962aa8317f08818a0117cf6c391331866d3abc2beea2fa4a43cf32a08385ea2c03dbabe3319104a6c0a3d171061ebed5a23306a8618a81fb63d9dd4c79b42bfdd2a79e05d78290e653f4c6dfd75bf5625ddb85c82bad9444faba3e1558691c004bb50afe37822e320131361d7572e015e559c0f313b53e0d529dde64e74bc41eb52e77361a3ae5721483a795a80a87d684d63f92e347843eb1a8439fef032b3d5a396b154751bd8ed211a3ae37cbf0 +Out = dca4d5f9f9b7f8011f4c2f547ce42847 + +In = 19265f48c1ea240990847dc15d8198785d55ea6243ef7012ac903beabbdc2bd60032fb3a9f397d28aebb27d7deb7cf505eb1b36bfc4dbcfa8e1c044490b695b50e0974d3c5f0de748508d12ed9bfce10eaadde8fa128d3c30c12d0d403f60baf0b53d2fd7a38cc55dc1182b096c11d1ec9f171b879a73bd6ef1aa7825bc5162cbeba1d9f0739d1337c8142445ce645e4c32477cdcdf37e99fedb9236e24a3d94f0e45ea0b41a74762efe19d27555cdc89feef5b6e533237603fe98d8deae084f69799deac9043e86 +Out = 688e532e15bde53b0b652291edfb7681 + +In = 1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75 +Out = cbf8ee5d477630dac9457a9a0659497d + +In = 44f69025edee139bc9da04e2e9df0ad2513c754cf172d17bd7a8bb5aa24df4773affb4f6beac41d8bef7bf7eabdd4a688b984243f1c3e6232dc0250dc057b0b8139f54946822870c103c4108dec40db7ddee5f8b3e70288594e4a8b2446e83f6369e1808d1980ebe27722f8b6cdd7a46ad08732cbec1be2975deec5315db95b70dc4a759e355fd766b61340c3c70ba9d64ac272f5bfed19736749af71de60d86ffd9aa8f84a37dbd44d0f69536c5f4446ba3239bfc6e8858416f5aa743d614e874a4c8b39ec8b6191a88 +Out = 50f90a2b7723aaf816a5e0e1b10acdfd + +In = 5f594e32eb83a7e4e1bfd5ef3f64e7f8aad5c31960a5be2a6efe6a3f2343af71c4f41ee281d281fba844b7f819fabfa7fad0126cabf53689fc4c909c9e127a69d8c295da7b356044180e0aec705585ca2c62dc8dcffdc6dfe8c37be98cccc61a038a5c24c2f46c4899e477d42ebe62eaaa53ca82b20597b2992bd42ed4b7be0bae161ac83d57cc8e9490a6b73a7d7e8edb6b83553e54d18d774c42715e1b87c43f2c78ccd3a6a99f6fd83e9d7cda003e2771b00e59349bf5eaed6ebc12424ccd20951e3a6e282a019485e8 +Out = e50d415c6cfe7f756f1ed53867852777 + +In = 2e9922208799419eb74ba05e1e65af61c88a0f118a1349244e0fbfc3ab88e3ecb909a615235c34127d98de38d85c57c39455247576064e80fac85aa6eb0f7a9f30f005bbe9e025c8bbbfd0366715f979a29b07af21fd8683f3de1c51131cbf8b3e56265b02ac7d8918c65da0f318fb4c9964a007b28059f4de59ef0b4c3819778944f13c9549a51d3cb76fbda3eec70422b8d7c451172f9d6642ba1ebeeaf02cb9c14ea8cb3d034cd099edd6a01ec369e4a09430284b704431a065d090baad7377d625e5cc1201de7c75be33 +Out = 088cef5ecd31af1c37e37f23944d6b73 + +In = 7f874c155ec634a807e7c26cae58796b839d9d6892a13bcde84e69e5f85bcf4b3d6566a3204280871b9209c41f960cc7334678525f9d2574c83812b71c1ff19b30e3e543e8e98a6f580536aa284a7ec53d21fc839599509673fe65cabdadf681a226505f7f6359460469d185931cd84ce857b064ff3cc51c32c9ea87a3ace6e4d9592f5eae59f5f668e562bd26b321467e101d5b642f8bef4dc12a5495c5c9ae1ea20ba83b736765cca272baaab8619a4573c9d18b1aaaf50c0dac9a5ca0a8c6b9296aa5ee58b67d77c788e3e6 +Out = 5f0cbea9083dd22a806a3dd87de3780a + +In = 7aa5c532724871a7e6b7048d97bdeb2bfffa1740363501f216f4eb079e49685794ee1e816e94cbde737986b31e3948abc3e6aa84745af00826cc473f10a24be35486cc14e1bcd24d98b3de97aeda73fc51b4d53f8e2f11ca72323de86f7501340295575293688edc9d8e959f0e487608f18d21d94a5b6b20414c566a83699334e64245a24c3f0874c9313235082c59b5ea9915ba718706f3dd42192d142708c947b6206ed3e947fb65c43dc0622e22ed86ff394acb5aeb298c3d0f9aea5668dd6f196f1df10f535bb9713fa8e5f5 +Out = 2c32e3578f1e5521c96c0c7f43bd52ce + +In = 687c03141fb6788f601d09c8375a4f4226b7fa3f7726c2e3d185a1970a203fac3c78ae401b43576685b334815bfb40f190102cf27fac54c08299f100c02c905b4610c36c5a4416dc0b6744cb0d34ab72c449fe079f2c3ae1a78fdbdd58d34f00afccab5e84c49d3a1ac2a16ef50c780eebead7487ead5c8e69f0c5f8791e64e39e34cedf42c8d4c8d94bb432ba8b900a2d7b1e7bc537a20ff0431917cc13b74c3cd194b63c5aa3cd718ae3df04b9d9b1b1853d691bd2f4ab63103e03f8bd3183b12a66ad1981f2930a07973c7d9f3c +Out = aa6190f53e78e3e9778c2090796731a4 + +In = 8eab65b72cbdada84106769bc2b9fd687592dbd656ae870e3aa01c4fb2c15ce432c7f553739a04d81563d81189e5f8fb2e10671dbad32603dc33fbee209a71ca12712060a6f02ecdd73516338f94a8aec72f528aefc69db390d0fa6c30cabf4476cf6d468e693471cfa7b9689b6f166a87162283bc2ef4049e9fa232abfa4e3ba509646ef3ab1daa45de4817771e4915b8ee6272ebb431e04dc97aa658d12795e8488d3e9d5ef16280054baae9484998a0de97be42ff5e2ee6760b3101f8513c87b4711f532bb980c9424a88ba951fdc +Out = be645825ef7cfc378c455093c9410270 + In = 84e950051876050dc851fbd99e6247b8 Out = 8599bd89f63a848c49ca593ec37a12c6 From dffb5e7f8b5736e3c1c84a4b2bb656a70b26630e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 13:54:08 -0500 Subject: [PATCH 0601/1008] Have to remove sessions on client side Clearing server side state doesn't help because we resume with a session ticket. --- src/tests/unit_tls.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 30c5ca7798..0a5739c3d7 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -914,7 +914,7 @@ class TLS_Unit_Tests final : public Test std::unique_ptr creds_with_client_cert(create_creds(rng, true)); - server_ses->remove_all(); + client_ses->remove_all(); test_modern_versions("AES-256/GCM client certs", results, *client_ses, *server_ses, *creds_with_client_cert, "ECDH", "AES-256/GCM", "AEAD", true); From 4d3f7ebb72339a85ed3eb39d5428512405320042 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 14:06:26 -0500 Subject: [PATCH 0602/1008] Reorganize SHA-3 source file [ci skip] Put all the statics at beginning followed by member functions. --- src/lib/hash/sha3/sha3.cpp | 70 +++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index df6fa64e5e..0fd980b334 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -10,11 +10,6 @@ namespace Botan { -std::unique_ptr SHA_3::copy_state() const - { - return std::unique_ptr(new SHA_3(*this)); - } - //static void SHA_3::permute(uint64_t A[25]) { @@ -99,36 +94,6 @@ void SHA_3::permute(uint64_t A[25]) } } -SHA_3::SHA_3(size_t output_bits) : - m_output_bits(output_bits), - m_bitrate(1600 - 2*output_bits), - m_S(25), - m_S_pos(0) - { - // We only support the parameters for SHA-3 in this constructor - - if(output_bits != 224 && output_bits != 256 && - output_bits != 384 && output_bits != 512) - throw Invalid_Argument("SHA_3: Invalid output length " + - std::to_string(output_bits)); - } - -std::string SHA_3::name() const - { - return "SHA-3(" + std::to_string(m_output_bits) + ")"; - } - -HashFunction* SHA_3::clone() const - { - return new SHA_3(m_output_bits); - } - -void SHA_3::clear() - { - zeroise(m_S); - m_S_pos = 0; - } - //static size_t SHA_3::absorb(size_t bitrate, secure_vector& S, size_t S_pos, @@ -214,6 +179,41 @@ void SHA_3::expand(size_t bitrate, } } +SHA_3::SHA_3(size_t output_bits) : + m_output_bits(output_bits), + m_bitrate(1600 - 2*output_bits), + m_S(25), + m_S_pos(0) + { + // We only support the parameters for SHA-3 in this constructor + + if(output_bits != 224 && output_bits != 256 && + output_bits != 384 && output_bits != 512) + throw Invalid_Argument("SHA_3: Invalid output length " + + std::to_string(output_bits)); + } + +std::string SHA_3::name() const + { + return "SHA-3(" + std::to_string(m_output_bits) + ")"; + } + +std::unique_ptr SHA_3::copy_state() const + { + return std::unique_ptr(new SHA_3(*this)); + } + +HashFunction* SHA_3::clone() const + { + return new SHA_3(m_output_bits); + } + +void SHA_3::clear() + { + zeroise(m_S); + m_S_pos = 0; + } + void SHA_3::add_data(const uint8_t input[], size_t length) { m_S_pos = SHA_3::absorb(m_bitrate, m_S, m_S_pos, input, length); From 5260041e76162b0c8d89f0053cf6382b828d363d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 14:15:22 -0500 Subject: [PATCH 0603/1008] Use copy_out_vec_le instead of explicit loop in SHA-3 and Keccak --- src/lib/hash/keccak/keccak.cpp | 3 +-- src/lib/hash/sha3/sha3.cpp | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/lib/hash/keccak/keccak.cpp b/src/lib/hash/keccak/keccak.cpp index a4d4cef7df..f79a7f3ceb 100644 --- a/src/lib/hash/keccak/keccak.cpp +++ b/src/lib/hash/keccak/keccak.cpp @@ -59,8 +59,7 @@ void Keccak_1600::final_result(uint8_t output[]) * We never have to run the permutation again because we only support * limited output lengths */ - for(size_t i = 0; i != m_output_bits/8; ++i) - output[i] = get_byte(7 - (i % 8), m_S[i/8]); + copy_out_vec_le(output, m_output_bits/8, m_S); clear(); } diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index 0fd980b334..d1d3f7d2ec 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -227,8 +227,7 @@ void SHA_3::final_result(uint8_t output[]) * We never have to run the permutation again because we only support * limited output lengths */ - for(size_t i = 0; i != m_output_bits/8; ++i) - output[i] = get_byte(7 - (i % 8), m_S[i/8]); + copy_out_vec_le(output, m_output_bits/8, m_S); clear(); } From 46582336d4689599984d38c60daae3da81d80ca5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 14:17:28 -0500 Subject: [PATCH 0604/1008] Whitespace --- src/lib/hash/sha3/sha3.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index d1d3f7d2ec..c9000d81a8 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -39,16 +39,16 @@ void SHA_3::permute(uint64_t A[25]) const uint64_t D4 = rotl<1>(C4) ^ C2; const uint64_t B00 = A[ 0] ^ D1; - const uint64_t B10 = rotl<1>(A[ 1] ^ D2); + const uint64_t B10 = rotl< 1>(A[ 1] ^ D2); const uint64_t B20 = rotl<62>(A[ 2] ^ D3); const uint64_t B05 = rotl<28>(A[ 3] ^ D4); const uint64_t B15 = rotl<27>(A[ 4] ^ D0); const uint64_t B16 = rotl<36>(A[ 5] ^ D1); const uint64_t B01 = rotl<44>(A[ 6] ^ D2); - const uint64_t B11 = rotl<6>(A[ 7] ^ D3); + const uint64_t B11 = rotl< 6>(A[ 7] ^ D3); const uint64_t B21 = rotl<55>(A[ 8] ^ D4); const uint64_t B06 = rotl<20>(A[ 9] ^ D0); - const uint64_t B07 = rotl<3>(A[10] ^ D1); + const uint64_t B07 = rotl< 3>(A[10] ^ D1); const uint64_t B17 = rotl<10>(A[11] ^ D2); const uint64_t B02 = rotl<43>(A[12] ^ D3); const uint64_t B12 = rotl<25>(A[13] ^ D4); @@ -57,9 +57,9 @@ void SHA_3::permute(uint64_t A[25]) const uint64_t B08 = rotl<45>(A[16] ^ D2); const uint64_t B18 = rotl<15>(A[17] ^ D3); const uint64_t B03 = rotl<21>(A[18] ^ D4); - const uint64_t B13 = rotl<8>(A[19] ^ D0); + const uint64_t B13 = rotl< 8>(A[19] ^ D0); const uint64_t B14 = rotl<18>(A[20] ^ D1); - const uint64_t B24 = rotl<2>(A[21] ^ D2); + const uint64_t B24 = rotl< 2>(A[21] ^ D2); const uint64_t B09 = rotl<61>(A[22] ^ D3); const uint64_t B19 = rotl<56>(A[23] ^ D4); const uint64_t B04 = rotl<14>(A[24] ^ D0); From 04694e1da112c213f294ed4ad0e1e21dd231a06e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 14:18:15 -0500 Subject: [PATCH 0605/1008] For hash/mac speed tests finalize the computation under the timer Otherwise this misses the perf difference between SHAKE-128(512) and SHAKE-128(5120000) all the extra computation happens in the final function. --- src/cli/speed.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 73b4b6a06f..04b8cc3ff1 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1054,12 +1054,14 @@ class Speed final : public Command const std::chrono::milliseconds runtime, const std::vector& buf_sizes) { + std::vector output(hash.output_length()); + for(auto buf_size : buf_sizes) { Botan::secure_vector buffer = rng().random_vec(buf_size); Timer timer(hash.name(), buffer.size(), "hash", provider, buf_size); - timer.run_until_elapsed(runtime, [&]() { hash.update(buffer); }); + timer.run_until_elapsed(runtime, [&]() { hash.update(buffer); hash.final(output.data()); }); record_result(timer); } } @@ -1072,6 +1074,8 @@ class Speed final : public Command const std::chrono::milliseconds runtime, const std::vector& buf_sizes) { + std::vector output(mac.output_length()); + for(auto buf_size : buf_sizes) { Botan::secure_vector buffer = rng().random_vec(buf_size); @@ -1082,6 +1086,7 @@ class Speed final : public Command Timer timer(mac.name(), buffer.size(), "mac", provider, buf_size); timer.run_until_elapsed(runtime, [&]() { mac.update(buffer); }); + timer.run([&]() { mac.final(output.data()); }); record_result(timer); } } From 5730fe65460ae832b981fd651f4662eaccc69cdd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 19:42:11 -0500 Subject: [PATCH 0606/1008] Add function to query if filesystem support is enabled. Makes for much simpler code. --- src/lib/utils/filesystem.cpp | 15 +++++ src/lib/utils/filesystem.h | 2 + src/tests/test_certstor.cpp | 18 ++---- src/tests/test_x509_path.cpp | 108 +++++++++++++---------------------- 4 files changed, 63 insertions(+), 80 deletions(-) diff --git a/src/lib/utils/filesystem.cpp b/src/lib/utils/filesystem.cpp index 29f73fcb37..9ce23d0c6d 100644 --- a/src/lib/utils/filesystem.cpp +++ b/src/lib/utils/filesystem.cpp @@ -160,6 +160,21 @@ std::vector impl_win32(const std::string& dir_path) } +bool has_filesystem_impl() + { +#if defined(BOTAN_TARGET_OS_HAS_STL_FILESYSTEM_MSVC) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) + return true; +#elif defined(BOTAN_HAS_BOOST_FILESYSTEM) + return true; +#elif defined(BOTAN_TARGET_OS_HAS_POSIX1) + return true; +#elif defined(BOTAN_TARGET_OS_HAS_WIN32) + return true; +#else + return false; +#endif + } + std::vector get_files_recursive(const std::string& dir) { std::vector files; diff --git a/src/lib/utils/filesystem.h b/src/lib/utils/filesystem.h index f105c7aeb4..382da7de34 100644 --- a/src/lib/utils/filesystem.h +++ b/src/lib/utils/filesystem.h @@ -24,6 +24,8 @@ class BOTAN_PUBLIC_API(2,0) No_Filesystem_Access final : public Exception {} }; +BOTAN_TEST_API bool has_filesystem_impl(); + BOTAN_TEST_API std::vector get_files_recursive(const std::string& dir); } diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index d48973ac43..e5b6ce8148 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -334,6 +334,12 @@ class Certstor_Tests final : public Test public: std::vector run() override { + if(Botan::has_filesystem_impl() == false) + { + return {Test::Result::Note("Certificate Store", + "Skipping due to missing filesystem access")}; + } + const std::string test_dir = Test::data_dir() + "/x509/certstor"; struct CertificateAndKeyFilenames { @@ -349,18 +355,6 @@ class Certstor_Tests final : public Test {"cert5b.crt", "key06.pem"}, }; - try - { - // Do nothing, just test filesystem access - Botan::get_files_recursive(test_dir); - } - catch(Botan::No_Filesystem_Access&) - { - Test::Result result("Certificate Store"); - result.test_note("Skipping due to missing filesystem access"); - return {result}; - } - const std::vector all_files = Botan::get_files_recursive(test_dir); if(all_files.empty()) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 3a33e150c8..3e45f6072b 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -150,6 +150,12 @@ class NIST_Path_Validation_Tests final : public Test std::vector NIST_Path_Validation_Tests::run() { + if(Botan::has_filesystem_impl() == false) + { + return {Test::Result::Note("NIST path validation", + "Skipping due to missing filesystem access")}; + } + std::vector results; /** @@ -164,19 +170,6 @@ std::vector NIST_Path_Validation_Tests::run() */ const std::string nist_test_dir = Test::data_dir() + "/x509/nist"; - try - { - // Do nothing, just test filesystem access - Botan::get_files_recursive(nist_test_dir); - } - catch(Botan::No_Filesystem_Access&) - { - Test::Result result("NIST path validation"); - result.test_note("Skipping due to missing filesystem access"); - results.push_back(result); - return results; - } - std::map expected = read_results(Test::data_file("x509/nist/expected.txt")); @@ -260,23 +253,16 @@ class Extended_Path_Validation_Tests final : public Test std::vector Extended_Path_Validation_Tests::run() { + if(Botan::has_filesystem_impl() == false) + { + return {Test::Result::Note("Extended x509 path validation", + "Skipping due to missing filesystem access")}; + } + std::vector results; const std::string extended_x509_test_dir = Test::data_dir() + "/x509/extended"; - try - { - // Do nothing, just test filesystem access - Botan::get_files_recursive(extended_x509_test_dir); - } - catch(Botan::No_Filesystem_Access&) - { - Test::Result result("Extended x509 path validation"); - result.test_note("Skipping due to missing filesystem access"); - results.push_back(result); - return results; - } - std::map expected = read_results(Test::data_file("x509/extended/expected.txt")); @@ -338,23 +324,16 @@ class PSS_Path_Validation_Tests : public Test std::vector PSS_Path_Validation_Tests::run() { + if(Botan::has_filesystem_impl() == false) + { + return {Test::Result::Note("RSA-PSS X509 signature validation", + "Skipping due to missing filesystem access")}; + } + std::vector results; const std::string pss_x509_test_dir = Test::data_dir() + "/x509/pss_certs"; - try - { - // Do nothing, just test filesystem access - Botan::get_files_recursive(pss_x509_test_dir); - } - catch(Botan::No_Filesystem_Access&) - { - Test::Result result("RSA-PSS X509 signature validation"); - result.test_note("Skipping due to missing filesystem access"); - results.push_back(result); - return results; - } - std::map expected = read_results(Test::data_file("x509/pss_certs/expected.txt")); @@ -457,32 +436,25 @@ BOTAN_REGISTER_TEST("x509_path_rsa_pss", PSS_Path_Validation_Tests); class BSI_Path_Validation_Tests final : public Test { public: - std::vector run() override; + std::vector run() override; }; std::vector BSI_Path_Validation_Tests::run() { + if(Botan::has_filesystem_impl() == false) + { + return {Test::Result::Note("BSI path validation", + "Skipping due to missing filesystem access")}; + } + std::vector results; const std::string bsi_test_dir = Test::data_dir() + "/x509/bsi"; - try - { - // Do nothing, just test filesystem access - Botan::get_files_recursive(bsi_test_dir); - } - catch (Botan::No_Filesystem_Access&) - { - Test::Result result("BSI path validation"); - result.test_note("Skipping due to missing filesystem access"); - results.push_back(result); - return results; - } - - std::map expected = read_results( + const std::map expected = read_results( Test::data_file("/x509/bsi/expected.txt"), '$'); - for (auto& i : expected) + for(auto& i : expected) { const std::string test_name = i.first; std::string expected_result = i.second; @@ -500,7 +472,7 @@ std::vector BSI_Path_Validation_Tests::run() const std::vector all_files = Botan::get_files_recursive(test_dir); - if (all_files.empty()) + if(all_files.empty()) { result.test_failure("No test files found in " + test_dir); results.push_back(result); @@ -516,31 +488,31 @@ std::vector BSI_Path_Validation_Tests::run() // By convention: if CRL is a substring if the directory name, // we need to check the CRLs bool use_crl = false; - if (test_dir.find("CRL") != std::string::npos) + if(test_dir.find("CRL") != std::string::npos) { use_crl = true; } try { - for (auto const& file : all_files) + for(auto const& file : all_files) { // found a trust anchor - if (file.find("TA") != std::string::npos) + if(file.find("TA") != std::string::npos) { trusted.add_certificate(Botan::X509_Certificate(file)); } // found the target certificate. It needs to be at the front of certs - else if (file.find("TC") != std::string::npos) + else if(file.find("TC") != std::string::npos) { certs.insert(certs.begin(), Botan::X509_Certificate(file)); } // found a certificate that might be part of a valid certificate chain to the trust anchor - else if (file.find(".crt") != std::string::npos) + else if(file.find(".crt") != std::string::npos) { certs.push_back(Botan::X509_Certificate(file)); } - else if (file.find(".crl") != std::string::npos) + else if(file.find(".crl") != std::string::npos) { trusted.add_crl(Botan::X509_CRL(file)); } @@ -564,7 +536,7 @@ std::vector BSI_Path_Validation_Tests::run() return s % m; }; - for (size_t r = 0; r < 16; r++) + for(size_t r = 0; r < 16; r++) { std::random_shuffle(++(certs.begin()), certs.end(), uniform_shuffle); @@ -608,17 +580,17 @@ std::vector BSI_Path_Validation_Tests::run() /* Some certificates are rejected when executing the X509_Certificate constructor * by throwing a Decoding_Error exception. */ - catch (const Botan::Decoding_Error& d) + catch(const Botan::Decoding_Error& d) { result.test_eq(test_name + " path validation result", d.what(), - expected_result); + expected_result); } - catch (const Botan::X509_CRL::X509_CRL_Error& e) + catch(const Botan::X509_CRL::X509_CRL_Error& e) { result.test_eq(test_name + " path validation result", e.what(), - expected_result); + expected_result); } - catch (const std::exception& e) + catch(const std::exception& e) { result.test_failure(test_name, e.what()); } From d84a5b6f1a3ddff739c602d6dd80d5409ce992c8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 19:54:34 -0500 Subject: [PATCH 0607/1008] Fix copy paste error --- src/tests/test_mac.cpp | 2 +- src/tests/test_stream.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/test_mac.cpp b/src/tests/test_mac.cpp index 18ba82b30d..2f5afe7833 100644 --- a/src/tests/test_mac.cpp +++ b/src/tests/test_mac.cpp @@ -40,7 +40,7 @@ class Message_Auth_Tests final : public Text_Based_Test if(providers.empty()) { - result.note_missing("block cipher " + algo); + result.note_missing("MAC " + algo); return result; } diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp index cc6db5bc62..219d58e4b9 100644 --- a/src/tests/test_stream.cpp +++ b/src/tests/test_stream.cpp @@ -39,7 +39,7 @@ class Stream_Cipher_Tests final : public Text_Based_Test if(providers.empty()) { - result.note_missing("block cipher " + algo); + result.note_missing("stream cipher " + algo); return result; } From 439bf83d41ee9176659c15f17d3ed7db1ad1437f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 30 Jan 2018 19:55:13 -0500 Subject: [PATCH 0608/1008] Add a few more tests of the test suite code --- src/tests/test_tests.cpp | 58 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/src/tests/test_tests.cpp b/src/tests/test_tests.cpp index 7b74dbbd8a..63509d3f05 100644 --- a/src/tests/test_tests.cpp +++ b/src/tests/test_tests.cpp @@ -1,11 +1,15 @@ /* -* (C) 2017 Jack Lloyd +* (C) 2017,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include "tests.h" +#if defined(BOTAN_HAS_BIGINT) + #include +#endif + namespace Botan_Tests { /* @@ -54,11 +58,25 @@ class Test_Tests final : public Test { Test::Result test_result("Testcase"); - std::vector vec1(5), vec2(3); + std::vector vec1(5), vec2(3, 9); test_result.test_eq("test vectors equal", vec1, vec2); verify_failure("test vectors equal", result, test_result); } + { + Test::Result test_result("Testcase"); + std::vector vec1(5), vec2(5); + test_result.test_ne("test vectors not equal", vec1, vec2); + verify_failure("test vectors equal", result, test_result); + } + + { + Test::Result test_result("Testcase"); + std::vector vec1(5), vec2(5); + test_result.test_ne("test arrays not equal", vec1.data(), vec1.size(), vec2.data(), vec2.size()); + verify_failure("test vectors equal", result, test_result); + } + { Test::Result test_result("Testcase"); size_t x = 5, y = 6; @@ -66,6 +84,13 @@ class Test_Tests final : public Test verify_failure("test ints equal", result, test_result); } + { + Test::Result test_result("Testcase"); + size_t x = 5, y = 5; + test_result.test_ne("test ints not equal", x, y); + verify_failure("test ints not equal", result, test_result); + } + { Test::Result test_result("Testcase"); test_result.test_is_nonempty("empty", ""); @@ -128,6 +153,29 @@ class Test_Tests final : public Test verify_failure("test_throws", result, test_result); } + { + Test::Result test_result("Testcase"); + test_result.test_throws("test_throws", "expected msg", + []() { ; }); + verify_failure("test_throws", result, test_result); + } + +#if defined(BOTAN_HAS_BIGINT) + { + Test::Result test_result("Testcase"); + Botan::BigInt x = 5, y = 6; + test_result.test_eq("test ints equal", x, y); + verify_failure("test ints equal", result, test_result); + } + + { + Test::Result test_result("Testcase"); + Botan::BigInt x = 5, y = 5; + test_result.test_ne("test ints not equal", x, y); + verify_failure("test ints not equal", result, test_result); + } +#endif + return {result}; } @@ -137,7 +185,13 @@ class Test_Tests final : public Test const Test::Result& test_result) { if(test_result.tests_failed() > 0) + { result.test_success("Got expected failure for " + what); + const std::string result_str = test_result.result_string(true); + + result.confirm("result string contains FAIL", + result_str.find("FAIL") != std::string::npos); + } else result.test_failure("Expected test to fail for " + what); } From 439d2ead033142365f092c7882bad31e4257ed09 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 31 Jan 2018 12:07:45 -0500 Subject: [PATCH 0609/1008] Optimize SHA_3::expand Noticable speedup for SHAKE esp with longer output lengths --- src/lib/hash/sha3/sha3.cpp | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index c9000d81a8..cf45e69031 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -146,6 +146,8 @@ void SHA_3::finish(size_t bitrate, secure_vector& S, size_t S_pos, uint8_t init_pad, uint8_t fini_pad) { + BOTAN_ARG_CHECK(bitrate % 64 == 0); + S[S_pos / 8] ^= static_cast(init_pad) << (8 * (S_pos % 8)); S[(bitrate / 64) - 1] ^= static_cast(fini_pad) << 56; SHA_3::permute(S.data()); @@ -156,26 +158,23 @@ void SHA_3::expand(size_t bitrate, secure_vector& S, uint8_t output[], size_t output_length) { - BOTAN_ARG_CHECK(bitrate % 8 == 0); + BOTAN_ARG_CHECK(bitrate % 64 == 0); - size_t Si = 0; + const size_t byterate = bitrate / 8; - for(size_t i = 0; i != output_length; ++i) + while(output_length > 0) { - if(i > 0) + const size_t copying = std::min(byterate, output_length); + + copy_out_vec_le(output, copying, S); + + output += copying; + output_length -= copying; + + if(output_length > 0) { - if(i % (bitrate / 8) == 0) - { - SHA_3::permute(S.data()); - Si = 0; - } - else if(i % 8 == 0) - { - Si += 1; - } + SHA_3::permute(S.data()); } - - output[i] = get_byte(7 - (i % 8), S[Si]); } } From e5b9ee2345affb56307070298ded9c2d5e1914be Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 31 Jan 2018 14:03:05 -0500 Subject: [PATCH 0610/1008] Use shared representation of EC_Group Hide CurveGFp with an eye for eventual removal --- src/cli/pubkey.cpp | 6 +- src/cli/speed.cpp | 7 +- src/fuzzer/os2ecp.cpp | 2 +- src/lib/ffi/ffi_pkey_algs.cpp | 8 +- src/lib/prov/pkcs11/p11_ecc_key.cpp | 10 +- src/lib/pubkey/ec_group/ec_group.cpp | 249 +++++++++++++++++++------ src/lib/pubkey/ec_group/ec_group.h | 92 ++++++--- src/lib/pubkey/ecc_key/ecc_key.cpp | 19 +- src/lib/pubkey/ecdh/ecdh.cpp | 18 +- src/lib/pubkey/ecies/ecies.cpp | 13 +- src/lib/pubkey/gost_3410/gost_3410.cpp | 4 +- src/lib/pubkey/sm2/sm2.cpp | 6 +- src/lib/pubkey/sm2/sm2_enc.cpp | 6 +- src/lib/tls/tls_callbacks.cpp | 2 +- src/tests/test_ecdsa.cpp | 2 +- src/tests/test_gost_3410.cpp | 2 +- src/tests/unit_ecc.cpp | 103 ++++------ 17 files changed, 347 insertions(+), 202 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index ffe1470dc2..0e515d2eaf 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -340,9 +340,9 @@ class EC_Group_Info final : public Command } else { - output() << "P = " << std::hex << group.get_curve().get_p() << "\n" - << "A = " << std::hex << group.get_curve().get_a() << "\n" - << "B = " << std::hex << group.get_curve().get_b() << "\n" + output() << "P = " << std::hex << group.get_p() << "\n" + << "A = " << std::hex << group.get_a() << "\n" + << "B = " << std::hex << group.get_b() << "\n" << "G = " << group.get_base_point().get_affine_x() << "," << group.get_base_point().get_affine_y() << "\n"; } diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 04b8cc3ff1..7dbc7922c6 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1215,7 +1215,7 @@ class Speed final : public Command Timer mult_timer(group_name + " scalar mult"); Timer blinded_mult_timer(group_name + " blinded scalar mult"); - const Botan::BigInt scalar(rng(), group.get_curve().get_p().bits()); + const Botan::BigInt scalar(rng(), group.get_p_bits()); const Botan::PointGFp& base_point = group.get_base_point(); Botan::Blinded_Point_Multiply scalar_mult(base_point, group.get_order(), 4); @@ -1242,7 +1242,6 @@ class Speed final : public Command for(std::string group_name : groups) { const Botan::EC_Group group(group_name); - const Botan::CurveGFp& curve = group.get_curve(); while(uncmp_timer.under(runtime) && cmp_timer.under(runtime)) { @@ -1251,8 +1250,8 @@ class Speed final : public Command const Botan::secure_vector os_cmp = Botan::EC2OSP(p, Botan::PointGFp::COMPRESSED); const Botan::secure_vector os_uncmp = Botan::EC2OSP(p, Botan::PointGFp::UNCOMPRESSED); - uncmp_timer.run([&]() { OS2ECP(os_uncmp, curve); }); - cmp_timer.run([&]() { OS2ECP(os_cmp, curve); }); + uncmp_timer.run([&]() { group.OS2ECP(os_uncmp); }); + cmp_timer.run([&]() { group.OS2ECP(os_cmp); }); } record_result(uncmp_timer); diff --git a/src/fuzzer/os2ecp.cpp b/src/fuzzer/os2ecp.cpp index dba6dbdfec..cb4a50b474 100644 --- a/src/fuzzer/os2ecp.cpp +++ b/src/fuzzer/os2ecp.cpp @@ -13,7 +13,7 @@ void check_os2ecp(const Botan::EC_Group& group, const uint8_t in[], size_t len) { try { - Botan::PointGFp point = Botan::OS2ECP(in, len, group.get_curve()); + Botan::PointGFp point = group.OS2ECP(in, len); } catch(Botan::Exception& e) {} } diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index a20d7de403..7091708a87 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -96,7 +96,7 @@ int pubkey_load_ec(std::unique_ptr& key, return BOTAN_FFI_ERROR_NULL_POINTER; Botan::EC_Group grp(curve_name); - Botan::PointGFp uncompressed_point(grp.get_curve(), public_x, public_y); + Botan::PointGFp uncompressed_point = grp.point(public_x, public_y); key.reset(new ECPublicKey_t(grp, uncompressed_point)); return BOTAN_FFI_SUCCESS; } @@ -149,11 +149,11 @@ Botan::BigInt pubkey_get_field(const Botan::Public_Key& key, else if(field == "base_y") return ecc->domain().get_base_point().get_affine_y(); else if(field == "p") - return ecc->domain().get_curve().get_p(); + return ecc->domain().get_p(); else if(field == "a") - return ecc->domain().get_curve().get_a(); + return ecc->domain().get_a(); else if(field == "b") - return ecc->domain().get_curve().get_b(); + return ecc->domain().get_b(); else if(field == "cofactor") return ecc->domain().get_cofactor(); else if(field == "order") diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp index df55b9ffb3..3a0fa63503 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.cpp +++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp @@ -17,11 +17,11 @@ namespace Botan { namespace PKCS11 { namespace { /// Converts a DER-encoded ANSI X9.62 ECPoint to PointGFp -PointGFp decode_public_point(const secure_vector& ec_point_data, const CurveGFp& curve) +PointGFp decode_public_point(const secure_vector& ec_point_data, const EC_Group& group) { secure_vector ec_point; BER_Decoder(ec_point_data).decode(ec_point, OCTET_STRING); - return OS2ECP(ec_point, curve); + return group.OS2ECP(ec_point); } } @@ -44,7 +44,7 @@ PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, ObjectHandle handle) { secure_vector ec_parameters = get_attribute_value(AttributeType::EcParams); m_domain_params = EC_Group(unlock(ec_parameters)); - m_public_key = decode_public_point(get_attribute_value(AttributeType::EcPoint), m_domain_params.get_curve()); + m_public_key = decode_public_point(get_attribute_value(AttributeType::EcPoint), m_domain_params); m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; } @@ -55,7 +55,7 @@ PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, const EC_PublicKeyImp secure_vector ec_point; BER_Decoder(props.ec_point()).decode(ec_point, OCTET_STRING); - m_public_key = OS2ECP(ec_point, m_domain_params.get_curve()); + m_public_key = m_domain_params.OS2ECP(ec_point); m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; } @@ -100,7 +100,7 @@ PKCS11_EC_PrivateKey::PKCS11_EC_PrivateKey(Session& session, const std::vectorreset_handle(priv_key_handle); Object public_key(session, pub_key_handle); - m_public_key = decode_public_point(public_key.get_attribute_value(AttributeType::EcPoint), m_domain_params.get_curve()); + m_public_key = decode_public_point(public_key.get_attribute_value(AttributeType::EcPoint), m_domain_params); } size_t PKCS11_EC_PrivateKey::key_length() const diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 6ae8c16d8c..8a3ffa7183 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -2,7 +2,7 @@ * ECC Domain Parameters * * (C) 2007 Falko Strenzke, FlexSecure GmbH -* 2008 Jack Lloyd +* 2008,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -16,56 +16,42 @@ namespace Botan { -EC_Group::EC_Group(const OID& domain_oid) +struct EC_Group_Data { - const std::string pem = PEM_for_named_group(OIDS::lookup(domain_oid)); + CurveGFp m_curve; + PointGFp m_base_point; + BigInt m_order; + BigInt m_cofactor; + OID m_oid; + size_t m_p_bits, m_p_bytes; + }; - if(pem == "") - { - throw Lookup_Error("No ECC domain data for '" + domain_oid.as_string() + "'"); - } +namespace { - *this = EC_Group(pem); - m_oid = domain_oid.as_string(); - } +std::shared_ptr lookup_EC_group_by_oid(const OID& oid); -EC_Group::EC_Group(const std::string& str) +std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t len) { - if(str == "") - return; // no initialization / uninitialized - - try - { - std::vector ber = - unlock(PEM_Code::decode_check_label(str, "EC PARAMETERS")); - - *this = EC_Group(ber); - } - catch(Decoding_Error) // hmm, not PEM? - { - *this = EC_Group(OIDS::lookup(str)); - } - } - -EC_Group::EC_Group(const std::vector& ber_data) - { - BER_Decoder ber(ber_data); + BER_Decoder ber(bits, len); BER_Object obj = ber.get_next_object(); if(obj.type() == NULL_TAG) - throw Decoding_Error("Cannot handle ImplicitCA ECDSA parameters"); + { + throw Decoding_Error("Cannot handle ImplicitCA ECC parameters"); + } else if(obj.type() == OBJECT_ID) { OID dom_par_oid; - BER_Decoder(ber_data).decode(dom_par_oid); - *this = EC_Group(dom_par_oid); + BER_Decoder(bits, len).decode(dom_par_oid); + return lookup_EC_group_by_oid(dom_par_oid); } else if(obj.type() == SEQUENCE) { + std::shared_ptr data = std::make_shared(); BigInt p, a, b; std::vector sv_base_point; - BER_Decoder(ber_data) + BER_Decoder(bits, len) .start_cons(SEQUENCE) .decode_and_check(1, "Unknown ECC param version code") .start_cons(SEQUENCE) @@ -78,16 +64,166 @@ EC_Group::EC_Group(const std::vector& ber_data) .decode_octet_string_bigint(b) .end_cons() .decode(sv_base_point, OCTET_STRING) - .decode(m_order) - .decode(m_cofactor) + .decode(data->m_order) + .decode(data->m_cofactor) .end_cons() .verify_end(); - m_curve = CurveGFp(p, a, b); - m_base_point = OS2ECP(sv_base_point, m_curve); + data->m_curve = CurveGFp(p, a, b); + data->m_base_point = Botan::OS2ECP(sv_base_point, data->m_curve); + + data->m_p_bits = p.bits(); + data->m_p_bytes = p.bytes(); + return data; } else + { throw Decoding_Error("Unexpected tag while decoding ECC domain params"); + } + } + +std::shared_ptr BER_decode_EC_group(const std::string& pem) + { + secure_vector ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS"); + return BER_decode_EC_group(ber.data(), ber.size()); + } + +std::shared_ptr lookup_EC_group_by_oid(const OID& oid) + { + if(oid.empty()) + throw Invalid_Argument("lookup_EC_group_by_oid with empty oid"); + + const std::string oid_name = OIDS::oid2str(oid); + if(oid_name.empty()) + throw Invalid_Argument("Unknown EC group OID " + oid.as_string()); + + const std::string pem = EC_Group::PEM_for_named_group(oid_name); + if(pem.empty()) + throw Invalid_Argument("EC group OID (" + oid_name + ") is not known"); + std::shared_ptr data = BER_decode_EC_group(pem); + data->m_oid = oid; + return data; + } + +} + +EC_Group::EC_Group(const OID& domain_oid) + { + this->m_data = lookup_EC_group_by_oid(domain_oid); + } + +EC_Group::EC_Group(const std::string& str) + { + if(str == "") + return; // no initialization / uninitialized + + try + { + OID oid = OIDS::lookup(str); + if(oid.empty() == false) + m_data = lookup_EC_group_by_oid(oid); + } + catch(Invalid_OID) + { + } + + if(m_data == nullptr) + { + // OK try it as PEM ... + this->m_data = BER_decode_EC_group(str); + } + } + +EC_Group::EC_Group(const CurveGFp& curve, + const PointGFp& base_point, + const BigInt& order, + const BigInt& cofactor) + { + m_data.reset(new EC_Group_Data); + + m_data->m_curve = curve; + m_data->m_base_point = base_point; + m_data->m_order = order; + m_data->m_cofactor = cofactor; + m_data->m_p_bits = curve.get_p().bits(); + m_data->m_p_bytes = curve.get_p().bytes(); + } + +EC_Group::EC_Group(const std::vector& ber) + { + m_data = BER_decode_EC_group(ber.data(), ber.size()); + } + +const EC_Group_Data& EC_Group::data() const + { + if(m_data == nullptr) + throw Invalid_State("EC_Group uninitialized"); + return *m_data; + } + +const CurveGFp& EC_Group::get_curve() const + { + return data().m_curve; + } + +size_t EC_Group::get_p_bits() const + { + return data().m_p_bits; + } + +size_t EC_Group::get_p_bytes() const + { + return data().m_p_bytes; + } + +const BigInt& EC_Group::get_p() const + { + return data().m_curve.get_p(); + } + +const BigInt& EC_Group::get_a() const + { + return data().m_curve.get_a(); + } + +const BigInt& EC_Group::get_b() const + { + return data().m_curve.get_b(); + } + +const PointGFp& EC_Group::get_base_point() const + { + return data().m_base_point; + } + +const BigInt& EC_Group::get_order() const + { + return data().m_order; + } + +const BigInt& EC_Group::get_cofactor() const + { + return data().m_cofactor; + } + +const OID& EC_Group::get_curve_oid() const + { + return data().m_oid; + } + +PointGFp EC_Group::OS2ECP(const uint8_t bits[], size_t len) const + { + return Botan::OS2ECP(bits, len, get_curve()); + } + +PointGFp EC_Group::point(const BigInt& x, const BigInt& y) const + { + return PointGFp(get_curve(), x, y); + } + +PointGFp EC_Group::zero_point() const + { + return PointGFp(get_curve()); } std::vector @@ -96,36 +232,37 @@ EC_Group::DER_encode(EC_Group_Encoding form) const if(form == EC_DOMPAR_ENC_EXPLICIT) { const size_t ecpVers1 = 1; - OID curve_type("1.2.840.10045.1.1"); + OID curve_type("1.2.840.10045.1.1"); // prime field - const size_t p_bytes = m_curve.get_p().bytes(); + const size_t p_bytes = get_p_bytes(); return DER_Encoder() .start_cons(SEQUENCE) .encode(ecpVers1) .start_cons(SEQUENCE) .encode(curve_type) - .encode(m_curve.get_p()) + .encode(get_p()) .end_cons() .start_cons(SEQUENCE) - .encode(BigInt::encode_1363(m_curve.get_a(), p_bytes), + .encode(BigInt::encode_1363(get_a(), p_bytes), OCTET_STRING) - .encode(BigInt::encode_1363(m_curve.get_b(), p_bytes), + .encode(BigInt::encode_1363(get_b(), p_bytes), OCTET_STRING) .end_cons() - .encode(EC2OSP(m_base_point, PointGFp::UNCOMPRESSED), OCTET_STRING) - .encode(m_order) - .encode(m_cofactor) + .encode(EC2OSP(get_base_point(), PointGFp::UNCOMPRESSED), OCTET_STRING) + .encode(get_order()) + .encode(get_cofactor()) .end_cons() .get_contents_unlocked(); } else if(form == EC_DOMPAR_ENC_OID) { - if(get_oid().empty()) + const OID oid = get_curve_oid(); + if(oid.empty()) { throw Encoding_Error("Cannot encode EC_Group as OID because OID not set"); } - return DER_Encoder().encode(OID(get_oid())).get_contents_unlocked(); + return DER_Encoder().encode(oid).get_contents_unlocked(); } else if(form == EC_DOMPAR_ENC_IMPLICITCA) return DER_Encoder().encode_null().get_contents_unlocked(); @@ -143,9 +280,9 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng, bool) const { //compute the discriminant - Modular_Reducer p(m_curve.get_p()); - BigInt discriminant = p.multiply(4, m_curve.get_a()); - discriminant += p.multiply(27, m_curve.get_b()); + Modular_Reducer p(get_p()); + BigInt discriminant = p.multiply(4, get_a()); + discriminant += p.multiply(27, get_b()); discriminant = p.reduce(discriminant); //check the discriminant if(discriminant == 0) @@ -153,26 +290,26 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng, return false; } //check for valid cofactor - if(m_cofactor < 1) + if(get_cofactor() < 1) { return false; } //check if the base point is on the curve - if(!m_base_point.on_the_curve()) + if(!get_base_point().on_the_curve()) { return false; } - if((m_base_point * m_cofactor).is_zero()) + if((get_base_point() * get_cofactor()).is_zero()) { return false; } //check if order is prime - if(!is_prime(m_order, rng, 128)) + if(!is_prime(get_order(), rng, 128)) { return false; } //check if order of the base point is correct - if(!(m_base_point * m_order).is_zero()) + if(!(get_base_point() * get_order()).is_zero()) { return false; } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 18ffed12c8..3da38a7da0 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -13,6 +13,7 @@ #include #include #include +#include #include namespace Botan { @@ -26,6 +27,8 @@ enum EC_Group_Encoding { EC_DOMPAR_ENC_OID = 2 }; +struct EC_Group_Data; + /** * Class representing an elliptic curve */ @@ -43,13 +46,7 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final EC_Group(const CurveGFp& curve, const PointGFp& base_point, const BigInt& order, - const BigInt& cofactor) : - m_curve(curve), - m_base_point(base_point), - m_order(order), - m_cofactor(cofactor), - m_oid("") - {} + const BigInt& cofactor); /** * Decode a BER encoded ECC domain parameter set @@ -68,7 +65,7 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final * from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7") * @param pem_or_oid PEM-encoded data, or an OID */ - EC_Group(const std::string& pem_or_oid = ""); + explicit EC_Group(const std::string& pem_or_oid = ""); /** * Create the DER encoding of this domain @@ -87,41 +84,90 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final * Return domain parameter curve * @result domain parameter curve */ - const CurveGFp& get_curve() const { return m_curve; } + const CurveGFp& BOTAN_DEPRECATED("Avoid CurveGFp") get_curve() const; + + /** + * Return the size of p in bits (same as get_p().bits()) + */ + size_t get_p_bits() const; + + /** + * Return the size of p in bits (same as get_p().bytes()) + */ + size_t get_p_bytes() const; + + /** + * Return the prime modulus of the field + */ + const BigInt& get_p() const; + + /** + * Return the a parameter of the elliptic curve equation + */ + const BigInt& get_a() const; + + /** + * Return the b parameter of the elliptic curve equation + */ + const BigInt& get_b() const; /** * Return group base point * @result base point */ - const PointGFp& get_base_point() const { return m_base_point; } + const PointGFp& get_base_point() const; /** * Return the order of the base point * @result order of the base point */ - const BigInt& get_order() const { return m_order; } + const BigInt& get_order() const; + + /** + * Return the OID of these domain parameters + * @result the OID as a string + */ + std::string BOTAN_DEPRECATED("Use get_curve_oid") get_oid() const { return get_curve_oid().as_string(); } + + /** + * Return the OID of these domain parameters + * @result the OID + */ + const OID& get_curve_oid() const; /** * Return the cofactor * @result the cofactor */ - const BigInt& get_cofactor() const { return m_cofactor; } + const BigInt& get_cofactor() const; - bool initialized() const { return !m_base_point.is_zero(); } + /** + * Return a point on this curve with the affine values x, y + */ + PointGFp point(const BigInt& x, const BigInt& y) const; /** - * Return the OID of these domain parameters - * @result the OID + * Return the zero (or infinite) point on this curve */ - std::string get_oid() const { return m_oid; } - + PointGFp zero_point() const; + + PointGFp OS2ECP(const uint8_t bits[], size_t len) const; + + template + PointGFp OS2ECP(const std::vector& vec) const + { + return this->OS2ECP(vec.data(), vec.size()); + } + + bool initialized() const { return (m_data != nullptr); } + /** * Verify EC_Group domain * @returns true if group is valid. false otherwise */ bool verify_group(RandomNumberGenerator& rng, - bool strong = false) const; - + bool strong = false) const; + bool operator==(const EC_Group& other) const { return ((get_curve() == other.get_curve()) && @@ -140,11 +186,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ static const std::set& known_named_groups(); + static void add_named_group(const std::string& name, const OID& oid, const EC_Group& group); + private: - CurveGFp m_curve; - PointGFp m_base_point; - BigInt m_order, m_cofactor; - std::string m_oid; + const EC_Group_Data& data() const; + std::shared_ptr m_data; }; inline bool operator!=(const EC_Group& lhs, diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 34062c3623..17b6e6484b 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -19,7 +19,7 @@ namespace Botan { size_t EC_PublicKey::key_length() const { - return domain().get_curve().get_p().bits(); + return domain().get_p_bits(); } size_t EC_PublicKey::estimated_strength() const @@ -31,20 +31,23 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, const PointGFp& pub_point) : m_domain_params(dom_par), m_public_key(pub_point) { - if (!dom_par.get_oid().empty()) + if (!dom_par.get_curve_oid().empty()) m_domain_encoding = EC_DOMPAR_ENC_OID; else m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + +#if 0 if(domain().get_curve() != public_point().get_curve()) throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor"); +#endif } EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, const std::vector& key_bits) : m_domain_params{EC_Group(alg_id.get_parameters())}, - m_public_key{OS2ECP(key_bits, domain().get_curve())} + m_public_key{domain().OS2ECP(key_bits)} { - if (!domain().get_oid().empty()) + if (!domain().get_curve_oid().empty()) m_domain_encoding = EC_DOMPAR_ENC_OID; else m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; @@ -101,7 +104,7 @@ void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) form != EC_DOMPAR_ENC_OID) throw Invalid_Argument("Invalid encoding form for EC-key object specified"); - if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_oid() == "")) + if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_curve_oid().empty())) throw Invalid_Argument("Invalid encoding form OID specified for " "EC-key object whose corresponding domain " "parameters are without oid"); @@ -126,7 +129,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, bool with_modular_inverse) { m_domain_params = ec_group; - if (!ec_group.get_oid().empty()) + if (!ec_group.get_curve_oid().empty()) m_domain_encoding = EC_DOMPAR_ENC_OID; else m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; @@ -165,7 +168,7 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, m_domain_params = EC_Group(alg_id.get_parameters()); m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; - if (!domain().get_oid().empty()) + if (!domain().get_curve_oid().empty()) m_domain_encoding = EC_DOMPAR_ENC_OID; else m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; @@ -191,7 +194,7 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, } else { - m_public_key = OS2ECP(public_key_bits, domain().get_curve()); + m_public_key = domain().OS2ECP(public_key_bits); // OS2ECP verifies that the point is on the curve } } diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index c05f22d1bb..1850696e15 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -28,27 +28,23 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf, RandomNumberGenerator& rng) : PK_Ops::Key_Agreement_with_KDF(kdf), - m_curve(key.domain().get_curve()), - m_cofactor(key.domain().get_cofactor()), - m_order(key.domain().get_order()), + m_domain(key.domain()), m_rng(rng) { - m_l_times_priv = inverse_mod(m_cofactor, m_order) * key.private_value(); + m_l_times_priv = inverse_mod(m_domain.get_cofactor(), m_domain.get_order()) * key.private_value(); } secure_vector raw_agree(const uint8_t w[], size_t w_len) override { - PointGFp point = OS2ECP(w, w_len, m_curve); - PointGFp S = m_cofactor * point; - Blinded_Point_Multiply blinder(S, m_order); + PointGFp point = m_domain.OS2ECP(w, w_len); + PointGFp S = m_domain.get_cofactor() * point; + Blinded_Point_Multiply blinder(S, m_domain.get_order()); S = blinder.blinded_multiply(m_l_times_priv, m_rng); BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); - return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes()); + return BigInt::encode_1363(S.get_affine_x(), m_domain.get_p_bytes()); } private: - const CurveGFp& m_curve; - const BigInt& m_cofactor; - const BigInt& m_order; + const EC_Group& m_domain; BigInt m_l_times_priv; RandomNumberGenerator& m_rng; diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index e2d574dcfa..cd09b4c528 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -66,12 +66,11 @@ class ECIES_ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF secure_vector raw_agree(const uint8_t w[], size_t w_len) override { - const CurveGFp& curve = m_key.domain().get_curve(); - PointGFp point = OS2ECP(w, w_len, curve); + PointGFp point = m_key.domain().OS2ECP(w, w_len); Blinded_Point_Multiply blinder(point, m_key.domain().get_order()); PointGFp S = blinder.blinded_multiply(m_key.private_value(), m_rng); BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); - return BigInt::encode_1363(S.get_affine_x(), curve.get_p().bytes()); + return BigInt::encode_1363(S.get_affine_x(), m_key.domain().get_p_bytes()); } private: @@ -241,7 +240,7 @@ ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, { // ISO 18033: step d // convert only if necessary; m_eph_public_key_bin has been initialized with the uncompressed format - m_eph_public_key_bin = unlock(EC2OSP(OS2ECP(m_eph_public_key_bin, m_params.domain().get_curve()), + m_eph_public_key_bin = unlock(EC2OSP(m_params.domain().OS2ECP(m_eph_public_key_bin), static_cast(ecies_params.compression_type()))); } } @@ -311,7 +310,7 @@ ECIES_Decryptor::ECIES_Decryptor(const PK_Key_Agreement_Key& key, // ISO 18033: "If v > 1 and CheckMode = 0, then we must have gcd(u, v) = 1." (v = index, u= order) if(!ecies_params.check_mode()) { - Botan::BigInt cofactor = m_params.domain().get_cofactor(); + const Botan::BigInt& cofactor = m_params.domain().get_cofactor(); if(cofactor > 1 && Botan::gcd(cofactor, m_params.domain().get_order()) != 1) { throw Invalid_Argument("ECIES: gcd of cofactor and order must be 1 if check_mode is 0"); @@ -324,7 +323,7 @@ ECIES_Decryptor::ECIES_Decryptor(const PK_Key_Agreement_Key& key, */ secure_vector ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const uint8_t in[], size_t in_len) const { - size_t point_size = m_params.domain().get_curve().get_p().bytes(); + size_t point_size = m_params.domain().get_p_bytes(); if(m_params.compression_type() != PointGFp::COMPRESSED) { point_size *= 2; // uncompressed and hybrid contains x AND y @@ -345,7 +344,7 @@ secure_vector ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui const std::vector mac_data(in + in_len - mac->output_length(), in + in_len); // ISO 18033: step a - PointGFp other_public_key = OS2ECP(other_public_key_bin, m_params.domain().get_curve()); + PointGFp other_public_key = m_params.domain().OS2ECP(other_public_key_bin); // ISO 18033: step b if(m_params.check_mode() && !other_public_key.on_the_curve()) diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index acd127a2df..f005a349bf 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -41,7 +41,7 @@ AlgorithmIdentifier GOST_3410_PublicKey::algorithm_identifier() const { std::vector params = DER_Encoder().start_cons(SEQUENCE) - .encode(OID(domain().get_oid())) + .encode(domain().get_curve_oid()) .end_cons() .get_contents_unlocked(); @@ -73,7 +73,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, BigInt x(bits.data(), part_size); BigInt y(&bits[part_size], part_size); - m_public_key = PointGFp(domain().get_curve(), x, y); + m_public_key = domain().point(x, y); BOTAN_ASSERT(m_public_key.on_the_curve(), "Loaded GOST 34.10 public key is on the curve"); diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 28f455ba3d..652985ec9e 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -54,10 +54,10 @@ std::vector sm2_compute_za(HashFunction& hash, hash.update(get_byte(1, uid_len)); hash.update(user_id); - const size_t p_bytes = domain.get_curve().get_p().bytes(); + const size_t p_bytes = domain.get_p_bytes(); - hash.update(BigInt::encode_1363(domain.get_curve().get_a(), p_bytes)); - hash.update(BigInt::encode_1363(domain.get_curve().get_b(), p_bytes)); + hash.update(BigInt::encode_1363(domain.get_a(), p_bytes)); + hash.update(BigInt::encode_1363(domain.get_b(), p_bytes)); hash.update(BigInt::encode_1363(domain.get_base_point().get_affine_x(), p_bytes)); hash.update(BigInt::encode_1363(domain.get_base_point().get_affine_y(), p_bytes)); hash.update(BigInt::encode_1363(pubkey.get_affine_x(), p_bytes)); diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index b697daf1e8..9ba2780608 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -46,7 +46,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption { public: SM2_Encryption_Operation(const SM2_Encryption_PublicKey& key, const std::string& kdf_hash) : - m_p_bytes(key.domain().get_curve().get_p().bytes()), + m_p_bytes(key.domain().get_p_bytes()), m_order(key.domain().get_order()), m_base_point(key.domain().get_base_point(), m_order), m_public_point(key.public_point(), m_order), @@ -135,7 +135,7 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption size_t ciphertext_len) override { const BigInt& cofactor = m_key.domain().get_cofactor(); - const size_t p_bytes = m_key.domain().get_curve().get_p().bytes(); + const size_t p_bytes = m_key.domain().get_p_bytes(); valid_mask = 0x00; @@ -160,7 +160,7 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption .end_cons() .verify_end(); - const PointGFp C1(m_key.domain().get_curve(), x1, y1); + const PointGFp C1 = m_key.domain().point(x1, y1); if(!C1.on_the_curve()) return secure_vector(); diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 7a64291c80..b3b1b79bb6 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -164,7 +164,7 @@ std::pair, std::vector> TLS::Callbacks::tls_ecdh else { EC_Group group(OIDS::lookup(curve_name)); - ECDH_PublicKey peer_key(group, OS2ECP(peer_public_value, group.get_curve())); + ECDH_PublicKey peer_key(group, group.OS2ECP(peer_public_value)); policy.check_peer_key_acceptable(peer_key); ECDH_PrivateKey priv_key(rng, group); PK_Key_Agreement ka(priv_key, rng, "Raw"); diff --git a/src/tests/test_ecdsa.cpp b/src/tests/test_ecdsa.cpp index 36ca729428..2105250cb9 100644 --- a/src/tests/test_ecdsa.cpp +++ b/src/tests/test_ecdsa.cpp @@ -104,7 +104,7 @@ class ECDSA_Invalid_Key_Tests final : public Text_Based_Test try { - public_point.reset(new Botan::PointGFp(group.get_curve(), x, y)); + public_point.reset(new Botan::PointGFp(group.point(x, y))); } catch(Botan::Invalid_Argument&) { diff --git a/src/tests/test_gost_3410.cpp b/src/tests/test_gost_3410.cpp index a1443a7aec..fe9e91f586 100644 --- a/src/tests/test_gost_3410.cpp +++ b/src/tests/test_gost_3410.cpp @@ -30,7 +30,7 @@ class GOST_3410_2001_Verification_Tests final : public PK_Signature_Verification { const std::string group_id = get_req_str(vars, "Group"); Botan::EC_Group group(Botan::OIDS::lookup(group_id)); - const Botan::PointGFp public_point = Botan::OS2ECP(get_req_bin(vars, "Pubkey"), group.get_curve()); + const Botan::PointGFp public_point = group.OS2ECP(get_req_bin(vars, "Pubkey")); std::unique_ptr key(new Botan::GOST_3410_PublicKey(group, public_point)); return key; diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index b9355e6f0e..f1eb3dc997 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -83,9 +83,9 @@ Botan::BigInt test_integer(Botan::RandomNumberGenerator& rng, size_t bits, BigIn } Botan::PointGFp create_random_point(Botan::RandomNumberGenerator& rng, - const Botan::CurveGFp& curve) + const Botan::EC_Group& group) { - const Botan::BigInt& p = curve.get_p(); + const Botan::BigInt& p = group.get_p(); Botan::Modular_Reducer mod_p(p); @@ -93,14 +93,14 @@ Botan::PointGFp create_random_point(Botan::RandomNumberGenerator& rng, { const Botan::BigInt x = Botan::BigInt::random_integer(rng, 1, p); const Botan::BigInt x3 = mod_p.multiply(x, mod_p.square(x)); - const Botan::BigInt ax = mod_p.multiply(curve.get_a(), x); - const Botan::BigInt y = mod_p.reduce(x3 + ax + curve.get_b()); + const Botan::BigInt ax = mod_p.multiply(group.get_a(), x); + const Botan::BigInt y = mod_p.reduce(x3 + ax + group.get_b()); const Botan::BigInt sqrt_y = ressol(y, p); if(sqrt_y > 1) { BOTAN_ASSERT_EQUAL(mod_p.square(sqrt_y), y, "Square root is correct"); - Botan::PointGFp point(curve, x, sqrt_y); + Botan::PointGFp point = group.point(x, sqrt_y); return point; } } @@ -276,7 +276,7 @@ Test::Result test_groups() for(auto const& group_name : named_groups) { const Botan::EC_Group group(group_name); - result.confirm("EC_Group is known", !group.get_oid().empty()); + result.confirm("EC_Group is known", !group.get_curve_oid().empty()); } return result; } @@ -290,10 +290,9 @@ Test::Result test_coordinates() // precalculation const Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); const Botan::PointGFp& p_G = secp160r1.get_base_point(); - const Botan::PointGFp point_exp(curve, exp_affine_x, exp_affine_y); + const Botan::PointGFp point_exp = secp160r1.point(exp_affine_x, exp_affine_y); result.confirm("Point is on the curve", point_exp.on_the_curve()); const Botan::PointGFp p1 = p_G * 2; @@ -372,11 +371,9 @@ Test::Result test_zeropoint() Test::Result result("ECC Unit"); Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); - Botan::PointGFp p1(curve, - Botan::BigInt("16984103820118642236896513183038186009872590470"), - Botan::BigInt("1373093393927139016463695321221277758035357890939")); + Botan::PointGFp p1 = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), + Botan::BigInt("1373093393927139016463695321221277758035357890939")); result.confirm("point is on the curve", p1.on_the_curve()); @@ -392,19 +389,18 @@ Test::Result test_zeropoint_enc_dec() Test::Result result("ECC Unit"); Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); - Botan::PointGFp p(curve); + Botan::PointGFp p = secp160r1.zero_point(); result.confirm("zero point is zero", p.is_zero()); std::vector sv_p = unlock(EC2OSP(p, Botan::PointGFp::UNCOMPRESSED)); - result.test_eq("encoded/decode rt works", OS2ECP(sv_p, curve), p); + result.test_eq("encoded/decode rt works", secp160r1.OS2ECP(sv_p), p); sv_p = unlock(EC2OSP(p, Botan::PointGFp::COMPRESSED)); - result.test_eq("encoded/decode compressed rt works", OS2ECP(sv_p, curve), p); + result.test_eq("encoded/decode compressed rt works", secp160r1.OS2ECP(sv_p), p); sv_p = unlock(EC2OSP(p, Botan::PointGFp::HYBRID)); - result.test_eq("encoded/decode hybrid rt works", OS2ECP(sv_p, curve), p); + result.test_eq("encoded/decode hybrid rt works", secp160r1.OS2ECP(sv_p), p); return result; } @@ -413,16 +409,14 @@ Test::Result test_calc_with_zeropoint() Test::Result result("ECC Unit"); Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); - Botan::PointGFp p(curve, - Botan::BigInt("16984103820118642236896513183038186009872590470"), - Botan::BigInt("1373093393927139016463695321221277758035357890939")); + Botan::PointGFp p = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), + Botan::BigInt("1373093393927139016463695321221277758035357890939")); result.confirm("point is on the curve", p.on_the_curve()); result.confirm("point is not zero", !p.is_zero()); - Botan::PointGFp zero(curve); + Botan::PointGFp zero = secp160r1.zero_point(); result.confirm("zero point is zero", zero.is_zero()); Botan::PointGFp res = p + zero; @@ -442,7 +436,6 @@ Test::Result test_add_point() // precalculation Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::PointGFp p0 = p_G; @@ -450,9 +443,8 @@ Test::Result test_add_point() p1 += p0; - Botan::PointGFp expected(curve, - Botan::BigInt("704859595002530890444080436569091156047721708633"), - Botan::BigInt("1147993098458695153857594941635310323215433166682")); + Botan::PointGFp expected = secp160r1.point(Botan::BigInt("704859595002530890444080436569091156047721708633"), + Botan::BigInt("1147993098458695153857594941635310323215433166682")); result.test_eq("point addition", p1, expected); return result; @@ -463,7 +455,6 @@ Test::Result test_sub_point() Test::Result result("ECC Unit"); Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::PointGFp p0 = p_G; @@ -471,9 +462,8 @@ Test::Result test_sub_point() p1 -= p0; - Botan::PointGFp expected(curve, - Botan::BigInt("425826231723888350446541592701409065913635568770"), - Botan::BigInt("203520114162904107873991457957346892027982641970")); + Botan::PointGFp expected = secp160r1.point(Botan::BigInt("425826231723888350446541592701409065913635568770"), + Botan::BigInt("203520114162904107873991457957346892027982641970")); result.test_eq("point subtraction", p1, expected); return result; @@ -484,7 +474,6 @@ Test::Result test_mult_point() Test::Result result("ECC Unit"); Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::PointGFp p0 = p_G; @@ -494,7 +483,7 @@ Test::Result test_mult_point() const Botan::BigInt exp_mult_x(std::string("967697346845926834906555988570157345422864716250")); const Botan::BigInt exp_mult_y(std::string("512319768365374654866290830075237814703869061656")); - Botan::PointGFp expected(curve, exp_mult_x, exp_mult_y); + Botan::PointGFp expected = secp160r1.point(exp_mult_x, exp_mult_y); result.test_eq("point mult", p1, expected); return result; @@ -506,7 +495,6 @@ Test::Result test_basic_operations() // precalculation Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); const Botan::PointGFp& p_G = secp160r1.get_base_point(); const Botan::PointGFp p0 = p_G; @@ -516,16 +504,14 @@ Test::Result test_basic_operations() result.test_eq("p1 affine y", p1.get_affine_y(), Botan::BigInt("1373093393927139016463695321221277758035357890939")); const Botan::PointGFp simplePlus = p1 + p0; - const Botan::PointGFp exp_simplePlus(curve, - Botan::BigInt("704859595002530890444080436569091156047721708633"), - Botan::BigInt("1147993098458695153857594941635310323215433166682")); + const Botan::PointGFp exp_simplePlus = secp160r1.point(Botan::BigInt("704859595002530890444080436569091156047721708633"), + Botan::BigInt("1147993098458695153857594941635310323215433166682")); result.test_eq("point addition", simplePlus, exp_simplePlus); const Botan::PointGFp simpleMinus = p1 - p0; - const Botan::PointGFp exp_simpleMinus(curve, - Botan::BigInt("425826231723888350446541592701409065913635568770"), - Botan::BigInt("203520114162904107873991457957346892027982641970")); + const Botan::PointGFp exp_simpleMinus= secp160r1.point(Botan::BigInt("425826231723888350446541592701409065913635568770"), + Botan::BigInt("203520114162904107873991457957346892027982641970")); result.test_eq("point subtraction", simpleMinus, exp_simpleMinus); @@ -545,11 +531,10 @@ Test::Result test_enc_dec_compressed_160() // Test for compressed conversion (02/03) 160bit Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); const std::vector G_comp = Botan::hex_decode("024A96B5688EF573284664698968C38BB913CBFC82"); - const Botan::PointGFp p = Botan::OS2ECP(G_comp, curve); + const Botan::PointGFp p = secp160r1.OS2ECP(G_comp); std::vector sv_result = unlock(Botan::EC2OSP(p, Botan::PointGFp::COMPRESSED)); @@ -696,7 +681,7 @@ Test::Result test_gfp_store_restore() Botan::PointGFp p = dom_pars.get_base_point(); std::vector sv_mes = unlock(EC2OSP(p, Botan::PointGFp::COMPRESSED)); - Botan::PointGFp new_p = Botan::OS2ECP(sv_mes, dom_pars.get_curve()); + Botan::PointGFp new_p = dom_pars.OS2ECP(sv_mes); result.test_eq("original and restored points are same", p, new_p); return result; @@ -733,11 +718,9 @@ Test::Result test_more_zeropoint() // by Falko Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); - const Botan::CurveGFp& curve = secp160r1.get_curve(); - Botan::PointGFp p1(curve, - Botan::BigInt("16984103820118642236896513183038186009872590470"), - Botan::BigInt("1373093393927139016463695321221277758035357890939")); + Botan::PointGFp p1 = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), + Botan::BigInt("1373093393927139016463695321221277758035357890939")); result.confirm("point is on the curve", p1.on_the_curve()); Botan::PointGFp minus_p1 = -p1; @@ -747,12 +730,12 @@ Test::Result test_more_zeropoint() result.confirm("point is zero", shouldBeZero.is_zero()); Botan::BigInt y1 = p1.get_affine_y(); - y1 = curve.get_p() - y1; + y1 = secp160r1.get_p() - y1; result.test_eq("minus point x", minus_p1.get_affine_x(), p1.get_affine_x()); result.test_eq("minus point y", minus_p1.get_affine_y(), y1); - Botan::PointGFp zero(curve); + Botan::PointGFp zero = secp160r1.zero_point(); result.confirm("zero point is on the curve", zero.on_the_curve()); result.test_eq("addition of zero does nothing", p1, p1 + zero); @@ -778,8 +761,8 @@ Test::Result test_point_swap() Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); - Botan::PointGFp a(create_random_point(Test::rng(), dom_pars.get_curve())); - Botan::PointGFp b(create_random_point(Test::rng(), dom_pars.get_curve())); + Botan::PointGFp a(create_random_point(Test::rng(), dom_pars)); + Botan::PointGFp b(create_random_point(Test::rng(), dom_pars)); b *= Botan::BigInt(Test::rng(), 20); Botan::PointGFp c(a); @@ -805,7 +788,7 @@ Test::Result test_mult_sec_mass() { try { - Botan::PointGFp a(create_random_point(Test::rng(), dom_pars.get_curve())); + Botan::PointGFp a(create_random_point(Test::rng(), dom_pars)); Botan::BigInt scal(Botan::BigInt(Test::rng(), 40)); Botan::PointGFp b = a * scal; Botan::PointGFp c(a); @@ -822,23 +805,6 @@ Test::Result test_mult_sec_mass() return result; } -Test::Result test_curve_cp_ctor() - { - Test::Result result("ECC Unit"); - - try - { - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); - Botan::CurveGFp curve(dom_pars.get_curve()); - } - catch(std::exception& e) - { - result.test_failure("curve_cp_ctor", e.what()); - } - - return result; - } - class ECC_Unit_Tests final : public Test { public: @@ -869,7 +835,6 @@ class ECC_Unit_Tests final : public Test results.push_back(test_mult_by_order()); results.push_back(test_point_swap()); results.push_back(test_mult_sec_mass()); - results.push_back(test_curve_cp_ctor()); return results; } From 1e926cb739a9fd430985f2a60b7a0fba1114c286 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 31 Jan 2018 16:44:28 -0500 Subject: [PATCH 0611/1008] Avoid CurveGFp in EC_Group interface --- src/lib/pubkey/ec_group/ec_group.cpp | 93 ++++++++++++++++++++++------ src/lib/pubkey/ec_group/ec_group.h | 32 +++++++++- src/lib/pubkey/ecc_key/info.txt | 1 - src/tests/test_ecies.cpp | 5 +- src/tests/test_sm2.cpp | 8 +-- src/tests/unit_ecc.cpp | 2 + src/tests/unit_ecdsa.cpp | 28 ++++----- 7 files changed, 125 insertions(+), 44 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 8a3ffa7183..978e599853 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -28,6 +28,49 @@ struct EC_Group_Data namespace { +std::shared_ptr new_EC_group_data(const BigInt& p, + const BigInt& a, + const BigInt& b, + const BigInt& g_x, + const BigInt& g_y, + const BigInt& order, + const BigInt& cofactor, + const OID& oid = OID()) + { + std::shared_ptr data = std::make_shared(); + + data->m_curve = CurveGFp(p, a, b); + data->m_base_point = PointGFp(data->m_curve, g_x, g_y); + data->m_order = order; + data->m_cofactor = cofactor; + data->m_oid = oid; + + data->m_p_bits = p.bits(); + data->m_p_bytes = p.bytes(); + return data; + } + +std::shared_ptr new_EC_group_data(const BigInt& p, + const BigInt& a, + const BigInt& b, + const std::vector& base_point, + const BigInt& order, + const BigInt& cofactor, + const OID& oid = OID()) + { + std::shared_ptr data = std::make_shared(); + + data->m_curve = CurveGFp(p, a, b); + data->m_base_point = Botan::OS2ECP(base_point, data->m_curve); + data->m_order = order; + data->m_cofactor = cofactor; + data->m_oid = oid; + + data->m_p_bits = p.bits(); + data->m_p_bytes = p.bytes(); + return data; + } + std::shared_ptr lookup_EC_group_by_oid(const OID& oid); std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t len) @@ -47,8 +90,7 @@ std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t } else if(obj.type() == SEQUENCE) { - std::shared_ptr data = std::make_shared(); - BigInt p, a, b; + BigInt p, a, b, order, cofactor; std::vector sv_base_point; BER_Decoder(bits, len) @@ -64,17 +106,12 @@ std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t .decode_octet_string_bigint(b) .end_cons() .decode(sv_base_point, OCTET_STRING) - .decode(data->m_order) - .decode(data->m_cofactor) + .decode(order) + .decode(cofactor) .end_cons() .verify_end(); - data->m_curve = CurveGFp(p, a, b); - data->m_base_point = Botan::OS2ECP(sv_base_point, data->m_curve); - - data->m_p_bits = p.bits(); - data->m_p_bytes = p.bytes(); - return data; + return new_EC_group_data(p, a, b, sv_base_point, order, cofactor); } else { @@ -107,6 +144,15 @@ std::shared_ptr lookup_EC_group_by_oid(const OID& oid) } +EC_Group::EC_Group() + { + } + +EC_Group::~EC_Group() + { + // shared_ptr possibly freed here + } + EC_Group::EC_Group(const OID& domain_oid) { this->m_data = lookup_EC_group_by_oid(domain_oid); @@ -134,19 +180,30 @@ EC_Group::EC_Group(const std::string& str) } } +EC_Group::EC_Group(const BigInt& p, + const BigInt& a, + const BigInt& b, + const BigInt& base_x, + const BigInt& base_y, + const BigInt& order, + const BigInt& cofactor, + const OID& oid) + { + m_data = new_EC_group_data(p, a, b, base_x, base_y, order, cofactor, oid); + } + EC_Group::EC_Group(const CurveGFp& curve, const PointGFp& base_point, const BigInt& order, const BigInt& cofactor) { - m_data.reset(new EC_Group_Data); - - m_data->m_curve = curve; - m_data->m_base_point = base_point; - m_data->m_order = order; - m_data->m_cofactor = cofactor; - m_data->m_p_bits = curve.get_p().bits(); - m_data->m_p_bytes = curve.get_p().bytes(); + m_data = new_EC_group_data(curve.get_p(), + curve.get_a(), + curve.get_b(), + base_point.get_affine_x(), + base_point.get_affine_y(), + order, + cofactor); } EC_Group::EC_Group(const std::vector& ber) diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 3da38a7da0..f1a3f8fff3 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -43,11 +43,32 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final * @param order the order of the base point * @param cofactor the cofactor */ + BOTAN_DEPRECATED("Use version taking all BigInts") EC_Group(const CurveGFp& curve, const PointGFp& base_point, const BigInt& order, const BigInt& cofactor); + /** + * Construct Domain paramers from specified parameters + * @param p the elliptic curve p + * @param a the elliptic curve a param + * @param b the elliptic curve b param + * @param base_x the x coordinate of the base point + * @param base_y the y coordinate of the base point + * @param order the order of the base point + * @param cofactor the cofactor + * @param oid an optional OID used to identify this curve + */ + EC_Group(const BigInt& p, + const BigInt& a, + const BigInt& b, + const BigInt& base_x, + const BigInt& base_y, + const BigInt& order, + const BigInt& cofactor, + const OID& oid = OID()); + /** * Decode a BER encoded ECC domain parameter set * @param ber_encoding the bytes of the BER encoding @@ -65,7 +86,14 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final * from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7") * @param pem_or_oid PEM-encoded data, or an OID */ - explicit EC_Group(const std::string& pem_or_oid = ""); + explicit EC_Group(const std::string& pem_or_oid); + + /** + * Create an uninitialized EC_Group + */ + EC_Group(); + + ~EC_Group(); /** * Create the DER encoding of this domain @@ -154,7 +182,7 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final PointGFp OS2ECP(const uint8_t bits[], size_t len) const; template - PointGFp OS2ECP(const std::vector& vec) const + PointGFp OS2ECP(const std::vector& vec) const { return this->OS2ECP(vec.data(), vec.size()); } diff --git a/src/lib/pubkey/ecc_key/info.txt b/src/lib/pubkey/ecc_key/info.txt index ac345a0897..f46c9bb544 100644 --- a/src/lib/pubkey/ecc_key/info.txt +++ b/src/lib/pubkey/ecc_key/info.txt @@ -5,7 +5,6 @@ ECC_PUBLIC_KEY_CRYPTO -> 20131128 asn1 bigint -ec_gfp ec_group numbertheory diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp index 5c5af0a416..2ce931bae3 100644 --- a/src/tests/test_ecies.cpp +++ b/src/tests/test_ecies.cpp @@ -127,12 +127,11 @@ class ECIES_ISO_Tests final : public Text_Based_Test const std::vector c0 = get_req_bin(vars, "C0"); // expected encoded (ephemeral) public key const std::vector k = get_req_bin(vars, "K"); // expected derived secret - const Botan::CurveGFp curve(p, a, b); - const Botan::EC_Group domain(curve, Botan::PointGFp(curve, gx, gy), mu, nu); + const Botan::EC_Group domain(p, a, b, gx, gy, mu, nu); // keys of bob const Botan::ECDH_PrivateKey other_private_key(Test::rng(), domain, x); - const Botan::PointGFp other_public_key_point(curve, hx, hy); + const Botan::PointGFp other_public_key_point = domain.point(hx, hy); const Botan::ECDH_PublicKey other_public_key(domain, other_public_key_point); // (ephemeral) keys of alice diff --git a/src/tests/test_sm2.cpp b/src/tests/test_sm2.cpp index 16b82b792d..c4ddf6ddf1 100644 --- a/src/tests/test_sm2.cpp +++ b/src/tests/test_sm2.cpp @@ -51,9 +51,7 @@ class SM2_Signature_KAT_Tests final : public PK_Signature_Generation_Test const BigInt cofactor = get_req_bn(vars, "Cofactor"); const BigInt x = get_req_bn(vars, "x"); - Botan::CurveGFp curve(p, a, b); - Botan::PointGFp base_point(curve, xG, yG); - Botan::EC_Group domain(curve, base_point, order, cofactor); + Botan::EC_Group domain(p, a, b, xG, yG, order, cofactor); Botan::Null_RNG null_rng; std::unique_ptr key(new Botan::SM2_Signature_PrivateKey(null_rng, domain, x)); @@ -97,9 +95,7 @@ class SM2_Encryption_KAT_Tests final : public PK_Encryption_Decryption_Test const BigInt cofactor = get_req_bn(vars, "Cofactor"); const BigInt x = get_req_bn(vars, "x"); - Botan::CurveGFp curve(p, a, b); - Botan::PointGFp base_point(curve, xG, yG); - Botan::EC_Group domain(curve, base_point, order, cofactor); + Botan::EC_Group domain(p, a, b, xG, yG, order, cofactor); Botan::Null_RNG null_rng; std::unique_ptr key(new Botan::SM2_Encryption_PrivateKey(null_rng, domain, x)); diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index f1eb3dc997..3d62e68f06 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -277,6 +277,8 @@ Test::Result test_groups() { const Botan::EC_Group group(group_name); result.confirm("EC_Group is known", !group.get_curve_oid().empty()); + result.test_eq("EC_Group has correct bit size", group.get_p().bits(), group.get_p_bits()); + result.test_eq("EC_Group has byte size", group.get_p().bytes(), group.get_p_bytes()); } return result; } diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 5d137bacfb..081b686e6e 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -233,20 +233,20 @@ Test::Result test_unusual_curve() Test::Result result("ECDSA Unit"); //calc a curve which is not in the registry - const std::string G_secp_comp = - "04081523d03d4f12cd02879dea4bf6a4f3a7df26ed888f10c5b2235a1274c386a2f218300dee6ed217841164533bcdc903f07a096f9fbf4ee95bac098a111f296f5830fe5c35b3e344d5df3a2256985f64fbe6d0edcc4c61d18bef681dd399df3d0194c5a4315e012e0245ecea56365baa9e8be1f7"; - const Botan::BigInt - bi_p_secp("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); - const Botan::BigInt - bi_a_secp("0x0a377dede6b523333d36c78e9b0eaa3bf48ce93041f6d4fc34014d08f6833807498deedd4290101c5866e8dfb589485d13357b9e78c2d7fbe9fe"); - const Botan::BigInt - bi_b_secp("0x0a9acf8c8ba617777e248509bcb4717d4db346202bf9e352cd5633731dd92a51b72a4dc3b3d17c823fcc8fbda4da08f25dea89046087342595a7"); - Botan::BigInt bi_order_g("0x0e1a16196e6000000000bc7f1618d867b15bb86474418f"); - Botan::CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp); - Botan::PointGFp p_G = Botan::OS2ECP(Botan::hex_decode(G_secp_comp), curve); - - Botan::EC_Group dom_params(curve, p_G, bi_order_g, Botan::BigInt(1)); - if(!result.confirm("point is on curve", p_G.on_the_curve())) + const Botan::BigInt p("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); + const Botan::BigInt a("0x0a377dede6b523333d36c78e9b0eaa3bf48ce93041f6d4fc34014d08f6833807498deedd4290101c5866e8dfb589485d13357b9e78c2d7fbe9fe"); + const Botan::BigInt b("0x0a9acf8c8ba617777e248509bcb4717d4db346202bf9e352cd5633731dd92a51b72a4dc3b3d17c823fcc8fbda4da08f25dea89046087342595a7"); + const Botan::BigInt order_g("0x0e1a16196e6000000000bc7f1618d867b15bb86474418f"); + const Botan::BigInt cofactor = 1; + + const BigInt Gx("1503931002566715881584977704503341991763310127581173321974500299341775226206001860606586625324214456299149080935147329869147994265934715820"); + const BigInt Gy("1774988776970033741491814582357926984496972046739476148938345272681378523636129776486407268230155403536112014267092770854858769258781598199"); + + Botan::EC_Group dom_params(p, a, b, Gx, Gy, order_g, cofactor); + + Botan::PointGFp p_G = dom_params.point(Gx, Gy); + + if(!result.confirm("G is on curve", p_G.on_the_curve())) { return result; } From a0d7b60d5f95475793ee627cedf71d6a2f1d624b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 31 Jan 2018 17:27:57 -0500 Subject: [PATCH 0612/1008] Simplify ECC test OID lookup --- src/tests/unit_ecc.cpp | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 3d62e68f06..8d8cdb5383 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -17,7 +17,6 @@ #include #include #include - #include #include #include #include @@ -291,7 +290,7 @@ Test::Result test_coordinates() const Botan::BigInt exp_affine_y("1373093393927139016463695321221277758035357890939"); // precalculation - const Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + const Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); const Botan::PointGFp point_exp = secp160r1.point(exp_affine_x, exp_affine_y); @@ -320,7 +319,7 @@ Test::Result test_point_transformation() Test::Result result("ECC Unit"); // get a valid point - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::PointGFp p = dom_pars.get_base_point() * Test::rng().next_nonzero_byte(); // get a copy @@ -338,7 +337,7 @@ Test::Result test_point_mult() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::BigInt d_U("0xaa374ffc3ce144e6b073307972cb6d57b2a4e982"); @@ -353,7 +352,7 @@ Test::Result test_point_negative() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); const Botan::PointGFp p1 = p_G * 2; @@ -372,7 +371,7 @@ Test::Result test_zeropoint() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); Botan::PointGFp p1 = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), Botan::BigInt("1373093393927139016463695321221277758035357890939")); @@ -390,7 +389,7 @@ Test::Result test_zeropoint_enc_dec() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); Botan::PointGFp p = secp160r1.zero_point(); result.confirm("zero point is zero", p.is_zero()); @@ -410,7 +409,7 @@ Test::Result test_calc_with_zeropoint() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); Botan::PointGFp p = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), Botan::BigInt("1373093393927139016463695321221277758035357890939")); @@ -437,7 +436,7 @@ Test::Result test_add_point() Test::Result result("ECC Unit"); // precalculation - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::PointGFp p0 = p_G; @@ -456,7 +455,7 @@ Test::Result test_sub_point() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::PointGFp p0 = p_G; @@ -475,7 +474,7 @@ Test::Result test_mult_point() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); Botan::PointGFp p0 = p_G; @@ -496,7 +495,7 @@ Test::Result test_basic_operations() Test::Result result("ECC Unit"); // precalculation - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const Botan::PointGFp& p_G = secp160r1.get_base_point(); const Botan::PointGFp p0 = p_G; @@ -532,7 +531,7 @@ Test::Result test_enc_dec_compressed_160() Test::Result result("ECC Unit"); // Test for compressed conversion (02/03) 160bit - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); const std::vector G_comp = Botan::hex_decode("024A96B5688EF573284664698968C38BB913CBFC82"); @@ -679,7 +678,7 @@ Test::Result test_gfp_store_restore() Test::Result result("ECC Unit"); // generate point - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::PointGFp p = dom_pars.get_base_point(); std::vector sv_mes = unlock(EC2OSP(p, Botan::PointGFp::COMPRESSED)); @@ -719,7 +718,7 @@ Test::Result test_more_zeropoint() // by Falko - Botan::EC_Group secp160r1(Botan::OIDS::lookup("secp160r1")); + Botan::EC_Group secp160r1("secp160r1"); Botan::PointGFp p1 = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), Botan::BigInt("1373093393927139016463695321221277758035357890939")); @@ -749,7 +748,7 @@ Test::Result test_mult_by_order() Test::Result result("ECC Unit"); // generate point - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::PointGFp p = dom_pars.get_base_point(); Botan::PointGFp shouldBeZero = p * dom_pars.get_order(); @@ -761,7 +760,7 @@ Test::Result test_point_swap() { Test::Result result("ECC Unit"); - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::PointGFp a(create_random_point(Test::rng(), dom_pars)); Botan::PointGFp b(create_random_point(Test::rng(), dom_pars)); @@ -785,7 +784,7 @@ Test::Result test_mult_sec_mass() { Test::Result result("ECC Unit"); - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); for(int i = 0; i < 50; i++) { try From 8ba88feb44a972e14499741bfade75d117552736 Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Thu, 1 Feb 2018 09:16:04 +0000 Subject: [PATCH 0613/1008] Load every certificates of files found. --- src/lib/x509/certstor.cpp | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp index 23e8185c4b..904e322b1f 100644 --- a/src/lib/x509/certstor.cpp +++ b/src/lib/x509/certstor.cpp @@ -9,6 +9,7 @@ #include #include #include +#include namespace Botan { @@ -184,8 +185,20 @@ Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir) for(auto&& cert_file : maybe_certs) { try - { - m_certs.push_back(std::make_shared(cert_file)); + { + DataSource_Stream src(cert_file, true); + while(!src.end_of_data()) + { + try + { + m_certs.push_back(std::make_shared(src)); + } + catch(std::exception&) + { + // stop searching for other certificate at first exception + break; + } + } } catch(std::exception&) { From 5213f9a5ed5c39b28d5226183231cf1121c59235 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Feb 2018 10:25:38 -0500 Subject: [PATCH 0614/1008] Fix deprecation warnings --- src/lib/pubkey/ec_group/ec_group.cpp | 21 ++++++++++++++++++--- src/lib/pubkey/ec_group/ec_group.h | 10 ++-------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 978e599853..93747a1663 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -270,17 +270,17 @@ const OID& EC_Group::get_curve_oid() const PointGFp EC_Group::OS2ECP(const uint8_t bits[], size_t len) const { - return Botan::OS2ECP(bits, len, get_curve()); + return Botan::OS2ECP(bits, len, data().m_curve); } PointGFp EC_Group::point(const BigInt& x, const BigInt& y) const { - return PointGFp(get_curve(), x, y); + return PointGFp(data().m_curve, x, y); } PointGFp EC_Group::zero_point() const { - return PointGFp(get_curve()); + return PointGFp(data().m_curve); } std::vector @@ -333,6 +333,21 @@ std::string EC_Group::PEM_encode() const return PEM_Code::encode(der, "EC PARAMETERS"); } +bool EC_Group::operator==(const EC_Group& other) const + { + if(m_data == other.m_data) + return true; // same shared rep + + /* + * No point comparing order/cofactor as they are uniquely determined + * by the curve equation (p,a,b) and the base point. + */ + return (get_p() == other.get_p() && + get_a() == other.get_a() && + get_b() == other.get_b() && + get_base_point() == other.get_base_point()); + } + bool EC_Group::verify_group(RandomNumberGenerator& rng, bool) const { diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index f1a3f8fff3..0e6b57b5a9 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -112,7 +112,7 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final * Return domain parameter curve * @result domain parameter curve */ - const CurveGFp& BOTAN_DEPRECATED("Avoid CurveGFp") get_curve() const; + BOTAN_DEPRECATED("Avoid CurveGFp") const CurveGFp& get_curve() const; /** * Return the size of p in bits (same as get_p().bits()) @@ -196,13 +196,7 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final bool verify_group(RandomNumberGenerator& rng, bool strong = false) const; - bool operator==(const EC_Group& other) const - { - return ((get_curve() == other.get_curve()) && - (get_base_point() == other.get_base_point()) && - (get_order() == other.get_order()) && - (get_cofactor() == other.get_cofactor())); - } + bool operator==(const EC_Group& other) const; /** * Return PEM representation of named EC group From 0c84944402d03436c6982b370ace2d519add9751 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Feb 2018 11:26:00 -0500 Subject: [PATCH 0615/1008] Fix crash in x509_unit if any of DH, ECDH, or ElGamal were disabled Introduced in bf1548695aea Was missed by CI because the BSI and NIST modules don't require x509, so none of the tests ran in that configuration. Explicitly add x509 for such builds. Fixes #1437 --- src/scripts/ci_build.py | 5 ++++- src/tests/unit_x509.cpp | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index beb9622c1d..dfb65d629f 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -79,7 +79,10 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro if target in ['bsi', 'nist']: # Arbitrarily test disable static on module policy builds - flags += ['--module-policy=%s' % (target), '--disable-static'] + # x509 is optional for bsi/nist but add it so verify tests work with these minimized configs + flags += ['--module-policy=%s' % (target), + '--enable-modules=x509', + '--disable-static'] if target == 'docs': flags += ['--with-doxygen', '--with-sphinx', '--with-rst2man'] diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 40138a0f93..5ca5a2edc6 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -528,7 +528,8 @@ Test::Result test_x509_authority_info_access_extension() * * For the other algorithms than RSA, only one padding is supported right now. */ -Test::Result test_padding_config() { +#if defined(BOTAN_HAS_EMSA_PKCS1) && defined(BOTAN_HAS_EMSA_PSSR) && defined(BOTAN_HAS_RSA) + Test::Result test_padding_config() { // Throughout the test, some synonyms for EMSA4 are used, e.g. PSSR, EMSA-PSS Test::Result test_result("X509 Padding Config"); @@ -538,6 +539,7 @@ Test::Result test_padding_config() { // Create X509 CA certificate; EMSA3 is used for signing by default Botan::X509_Cert_Options opt("TESTCA"); opt.CA_key(); + Botan::X509_Certificate ca_cert_def = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); test_result.test_eq("CA certificate signature algorithm (default)", Botan::OIDS::lookup(ca_cert_def.signature_algorithm().oid),"RSA/EMSA3(SHA-512)"); @@ -553,7 +555,7 @@ Test::Result test_padding_config() { try { Botan::X509_Certificate ca_cert_wrong = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); - test_result.test_failure("Could build CA certitiface with invalid encoding scheme EMSA1 for key type " + sk->algo_name()); + test_result.test_failure("Could build CA cert with invalid encoding scheme EMSA1 for key type " + sk->algo_name()); } catch (const Botan::Invalid_Argument& e) { @@ -614,6 +616,7 @@ Test::Result test_padding_config() { return test_result; } +#endif #endif @@ -1443,10 +1446,15 @@ class X509_Cert_Unit_Tests final : public Test for(std::string algo : enc_algos) { std::unique_ptr key = make_a_private_key(algo); - results.push_back(test_valid_constraints(*key, algo)); + + if(key) + { + results.push_back(test_valid_constraints(*key, algo)); + } } -#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) + +#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && defined(BOTAN_HAS_EMSA_PKCS1) && defined(BOTAN_HAS_EMSA_PSSR) && defined(BOTAN_HAS_RSA) Test::Result pad_config_result("X509 Padding Config"); try { From fc3e1ed8c4f461285dc7a29dd6b69847cd61f30d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Feb 2018 16:14:52 -0500 Subject: [PATCH 0616/1008] Avoid deprecated functions in OpenSSL provider [ci skip] --- src/lib/prov/openssl/openssl_ec.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index 66c3d286bc..90b5e2023e 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -251,7 +251,7 @@ class OpenSSL_ECDSA_Signing_Operation final : public PK_Ops::Signature_with_EMSA std::unique_ptr make_openssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params) { - const int nid = OpenSSL_EC_nid_for(key.domain().get_oid()); + const int nid = OpenSSL_EC_nid_for(key.domain().get_curve_oid()); if(nid < 0) { throw Lookup_Error("OpenSSL ECDSA does not support this curve"); @@ -262,7 +262,7 @@ make_openssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params) std::unique_ptr make_openssl_ecdsa_sig_op(const ECDSA_PrivateKey& key, const std::string& params) { - const int nid = OpenSSL_EC_nid_for(key.domain().get_oid()); + const int nid = OpenSSL_EC_nid_for(key.domain().get_curve_oid()); if(nid < 0) { throw Lookup_Error("OpenSSL ECDSA does not support this curve"); @@ -333,7 +333,7 @@ class OpenSSL_ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF std::unique_ptr make_openssl_ecdh_ka_op(const ECDH_PrivateKey& key, const std::string& params) { - const int nid = OpenSSL_EC_nid_for(key.domain().get_oid()); + const int nid = OpenSSL_EC_nid_for(key.domain().get_curve_oid()); if(nid < 0) { throw Lookup_Error("OpenSSL ECDH does not support this curve"); From 0e47fb62a9b901398da02f661ff7c413f3472239 Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Fri, 2 Feb 2018 13:51:28 +0000 Subject: [PATCH 0617/1008] Load every certificates of files found - add test. --- .../x509test/bundledcertdir/ValidCert.pem | 37 +++++++++++++++++++ src/tests/test_certstor.cpp | 32 ++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 src/tests/data/x509/x509test/bundledcertdir/ValidCert.pem diff --git a/src/tests/data/x509/x509test/bundledcertdir/ValidCert.pem b/src/tests/data/x509/x509test/bundledcertdir/ValidCert.pem new file mode 100644 index 0000000000..204789966e --- /dev/null +++ b/src/tests/data/x509/x509test/bundledcertdir/ValidCert.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgICBRUwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MjAxMFoXDTE2MTAyMTE2MjAxMFowgcAxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRUwEwYDVQQDDAx3d3cudGxzLnRlc3QxHzAdBgkq +hkiG9w0BCQEWEHNvbWVvbmVAbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAN6X3nIL0PLqwnjANgHFOCxezp1eg/sfyofyei1Tp3hafq9ZWQn62pyg +2Aqt0z7SRq4fLKGwyuh1sEhazf5xPgy8L8RGUU+ZRyJAHwQXs15W+sbfphs1liDk +BLuFgcUCEEZ5HfH8kmH1lYOfgisxgVhALQseUCBUNfGXbkX/xIrHAgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEAVpHtniZAAgBrjbV0Kk0IgYyJYY1zCwZ4oiYpl+WeJpE5 +ygClBCwluCfDbFZMBtpV48mYR4f0KfISFy2W5rdOSi2fdo3NlBUUASUuZCBmPS9t +jy6d1QsK3SCMJa9PV6KR7o6ETbRGoji2HvzlpzGxmh7iN88kFBCjZrYEcuQ+RW0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAn2gAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwgcQxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQK +DCVDZXJ0aWZpY2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQL +DBlYNTA5IFZlcmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUw +OS50ZXN0MR8wHQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMB4XDTE1MTAy +MDE2MDM1OFoXDTE2MTAyMTE2MDM1OFowgcQxCzAJBgNVBAYTAlVTMQswCQYDVQQI +DAJDQTEYMBYGA1UEBwwPU2FuIEx1aXMgT2Jpc3BvMS4wLAYDVQQKDCVDZXJ0aWZp +Y2F0ZSBWYWxpZGF0aW9uIGFuZCBDb21wbGlhbmNlMSIwIAYDVQQLDBlYNTA5IFZl +cmlmaWNhdGlvbiBDaGVja2VyMRkwFwYDVQQDDBB2ZXJpZnkueDUwOS50ZXN0MR8w +HQYJKoZIhvcNAQkBFhBzb21lb25lQG1haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDI2TejJ3VtoPlkcjQsqbaiMRCtLGdIN7Ful9z7PWU7AVbuJZxD +QCeFuFmYsCpBgZD3Rw8JaNfMZLKG3D/peIQ/Hjc44BsFR8H9oa0bIDkZN3kS9O80 +vU4urBwTwt9AFDvGPD4UiFulXsAAHDA4KoBg03R56bm2B+8y2JKiGEQ92QIDAQAB +oxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALqNB/JaqkTX +slppJEaBHTY5/bGGWwV/0t3WMDNFaMrFgcsEY/KjUSyfWh9c6BHOdr21MmNe4YDh +T8gv9TmcGNsEJRIYD1jly3tCDyA2W0AUIzob1GMGkV8ddKBUrmt/+qLzagxdOrQ0 +dRcxFarWaAJVGhJ+p6kWJt7XJnK341bP +-----END CERTIFICATE----- diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index e5b6ce8148..efa206753a 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -6,6 +6,9 @@ #include "tests.h" +#include +#include + #if defined(BOTAN_HAS_CERTSTOR_SQL) #include #include @@ -329,6 +332,34 @@ Test::Result test_certstor_find_hash_subject(const std::vector key_id; + result.confirm("Root cert found", store.find_cert(root_cert.subject_dn(), key_id) != nullptr); + result.confirm("ValidCert found", store.find_cert(valid_cert.subject_dn(), key_id) != nullptr); + return result; + } + catch(std::exception& e) + { + result.test_failure(e.what()); + return result; + } + } + class Certstor_Tests final : public Test { public: @@ -386,6 +417,7 @@ class Certstor_Tests final : public Test std::vector results; results.push_back(test_certstor_find_hash_subject(certsandkeys)); + results.push_back(test_certstor_load_allcert()); #if defined(BOTAN_HAS_CERTSTOR_SQLITE3) results.push_back(test_certstor_sqlite3_insert_find_remove_test(certsandkeys)); results.push_back(test_certstor_sqlite3_crl_test(certsandkeys)); From e9b1771b72a6b405e270dd21751b30e5e9b495f4 Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Fri, 2 Feb 2018 15:25:18 +0000 Subject: [PATCH 0618/1008] Load every certificates of files found - fix test. --- src/tests/test_certstor.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index efa206753a..582c540504 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -6,9 +6,6 @@ #include "tests.h" -#include -#include - #if defined(BOTAN_HAS_CERTSTOR_SQL) #include #include From f48a22b74229f2ccf9926b952e77f5dfb6a8ffb4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Feb 2018 11:17:11 -0500 Subject: [PATCH 0619/1008] Increase default speed --msec to 300 A good balance between being responsive and reasonable accurate. At 100 msec lots of errors wrt dynamic throttling etc. --- src/cli/speed.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 7dbc7922c6..e6ea877e0b 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -575,7 +575,7 @@ class Speed final : public Command { public: Speed() - : Command("speed --msec=100 --format=default --provider= --buf-size=1024 --clear-cpuid= --ecc-groups= *algos") {} + : Command("speed --msec=300 --format=default --provider= --buf-size=1024 --clear-cpuid= --ecc-groups= *algos") {} std::vector default_benchmark_list() { From deeca72a3e5f875c87601e0da673288a798c55d5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Feb 2018 11:17:53 -0500 Subject: [PATCH 0620/1008] Use -m32 for x86-32 builds with GCC This used to not work but is fine with GCC 4.8 which is the minimum version we support. Fixes #1438 --- src/build-data/cc/gcc.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 8c8620552f..a67b878d98 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -82,6 +82,7 @@ s390x -> "-m64" sparc32 -> "-m32 -mno-app-regs" sparc64 -> "-m64 -mno-app-regs" ppc64 -> "-m64" +x86_32 -> "-m32" x86_64 -> "-m64" netbsd -> "-D_NETBSD_SOURCE" From 0d63e98483e304a385013a4568312ab94dff3822 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Feb 2018 11:41:08 -0500 Subject: [PATCH 0621/1008] Move bundledcertdir to x509/misc --- .../data/x509/{x509test => misc}/bundledcertdir/ValidCert.pem | 0 src/tests/test_certstor.cpp | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename src/tests/data/x509/{x509test => misc}/bundledcertdir/ValidCert.pem (100%) diff --git a/src/tests/data/x509/x509test/bundledcertdir/ValidCert.pem b/src/tests/data/x509/misc/bundledcertdir/ValidCert.pem similarity index 100% rename from src/tests/data/x509/x509test/bundledcertdir/ValidCert.pem rename to src/tests/data/x509/misc/bundledcertdir/ValidCert.pem diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index 582c540504..26c1b26d17 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -334,7 +334,7 @@ Test::Result test_certstor_load_allcert() Test::Result result("Certificate Store - Load every cert of every files"); // test_dir_bundled dir should contain only one file with 2 certificates // concatenated (ValidCert and root) - const std::string test_dir_bundled = Test::data_dir() + "/x509/x509test/bundledcertdir"; + const std::string test_dir_bundled = Test::data_dir() + "/x509/misc/bundledcertdir"; try { From 912f3b6f042855b4983a7ee86250fc670e3738e5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Feb 2018 18:51:54 -0500 Subject: [PATCH 0622/1008] Create a persistent registry for ECC group data Now a single copy is maintained of each EC group info --- doc/manual/deprecated.rst | 5 +- src/lib/asn1/asn1_oid.cpp | 2 +- src/lib/asn1/asn1_oid.h | 18 +- src/lib/math/ec_gfp/point_gfp.cpp | 46 ++- src/lib/math/ec_gfp/point_gfp.h | 15 +- src/lib/pubkey/ec_group/ec_group.cpp | 318 +++++++++++------ src/lib/pubkey/ec_group/ec_group.h | 34 +- src/lib/pubkey/ec_group/ec_named.cpp | 508 +++++++++++++-------------- src/tests/unit_ecc.cpp | 26 ++ src/tests/unit_x509.cpp | 3 +- 10 files changed, 572 insertions(+), 403 deletions(-) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 29a7b35fe3..0d46e40784 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -58,7 +58,10 @@ in the source. - Old (Google specific) ChaCha20 TLS ciphersuites -- All built in ECC groups < 256 bits +- Weak or rarely used ECC builtin groups including "secp160k1", "secp160r1", + "secp160r2", "secp192k1", "secp192r1", "secp224k1", "secp224r1", + "brainpool160r1", "brainpool192r1", "brainpool224r1", "brainpool320r1", + "x962_p192v2", "x962_p192v3", "x962_p239v1", "x962_p239v2", "x962_p239v3". - All built in MODP groups < 2048 bits diff --git a/src/lib/asn1/asn1_oid.cpp b/src/lib/asn1/asn1_oid.cpp index 2aa453c2b2..81450becfa 100644 --- a/src/lib/asn1/asn1_oid.cpp +++ b/src/lib/asn1/asn1_oid.cpp @@ -47,7 +47,7 @@ void OID::clear() /* * Return this OID as a string */ -std::string OID::as_string() const +std::string OID::to_string() const { std::string oid_str; for(size_t i = 0; i != m_id.size(); ++i) diff --git a/src/lib/asn1/asn1_oid.h b/src/lib/asn1/asn1_oid.h index 8f3f20f2fd..6198819ad9 100644 --- a/src/lib/asn1/asn1_oid.h +++ b/src/lib/asn1/asn1_oid.h @@ -27,7 +27,13 @@ class BOTAN_PUBLIC_API(2,0) OID final : public ASN1_Object * Find out whether this OID is empty * @return true is no OID value is set */ - bool empty() const { return m_id.size() == 0; } + bool empty() const { return m_id.empty(); } + + /** + * Find out whether this OID has a value + * @return true is this OID has a value + */ + bool has_value() const { return (m_id.empty() == false); } /** * Get this OID as list (vector) of its components. @@ -39,7 +45,13 @@ class BOTAN_PUBLIC_API(2,0) OID final : public ASN1_Object * Get this OID as a string * @return string representing this OID */ - std::string as_string() const; + std::string as_string() const { return this->to_string(); } + + /** + * Get this OID as a string + * @return string representing this OID + */ + std::string to_string() const; /** * Compare two OIDs. @@ -64,6 +76,8 @@ class BOTAN_PUBLIC_API(2,0) OID final : public ASN1_Object * @param str a string in the form "a.b.c" etc., where a,b,c are numbers */ OID(const std::string& str = ""); + + explicit OID(std::initializer_list init) : m_id(init) {} private: std::vector m_id; }; diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index 0b615b88bf..f00f030d7c 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -516,24 +516,24 @@ namespace { BigInt decompress_point(bool yMod2, const BigInt& x, - const CurveGFp& curve) + const BigInt& curve_p, + const BigInt& curve_a, + const BigInt& curve_b) { BigInt xpow3 = x * x * x; - const BigInt& p = curve.get_p(); - - BigInt g = curve.get_a() * x; + BigInt g = curve_a * x; g += xpow3; - g += curve.get_b(); - g = g % p; + g += curve_b; + g = g % curve_p; - BigInt z = ressol(g, p); + BigInt z = ressol(g, curve_p); if(z < 0) throw Illegal_Point("error during EC point decompression"); if(z.get_bit(0) != yMod2) - z = p - z; + z = curve_p - z; return z; } @@ -543,9 +543,28 @@ BigInt decompress_point(bool yMod2, PointGFp OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp& curve) { + // Should we really be doing this? if(data_len <= 1) return PointGFp(curve); // return zero + std::pair xy = OS2ECP(data, data_len, curve.get_p(), curve.get_a(), curve.get_b()); + + PointGFp point(curve, xy.first, xy.second); + + if(!point.on_the_curve()) + throw Illegal_Point("OS2ECP: Decoded point was not on the curve"); + + return point; + } + +std::pair OS2ECP(const uint8_t data[], size_t data_len, + const BigInt& curve_p, + const BigInt& curve_a, + const BigInt& curve_b) + { + if(data_len <= 1) + throw Decoding_Error("OS2ECP invalid point"); + const uint8_t pc = data[0]; BigInt x, y; @@ -556,7 +575,7 @@ PointGFp OS2ECP(const uint8_t data[], size_t data_len, x = BigInt::decode(&data[1], data_len - 1); const bool y_mod_2 = ((pc & 0x01) == 1); - y = decompress_point(y_mod_2, x, curve); + y = decompress_point(y_mod_2, x, curve_p, curve_a, curve_b); } else if(pc == 4) { @@ -576,18 +595,13 @@ PointGFp OS2ECP(const uint8_t data[], size_t data_len, const bool y_mod_2 = ((pc & 0x01) == 1); - if(decompress_point(y_mod_2, x, curve) != y) + if(decompress_point(y_mod_2, x, curve_p, curve_a, curve_b) != y) throw Illegal_Point("OS2ECP: Decoding error in hybrid format"); } else throw Invalid_Argument("OS2ECP: Unknown format type " + std::to_string(pc)); - PointGFp result(curve, x, y); - - if(!result.on_the_curve()) - throw Illegal_Point("OS2ECP: Decoded point was not on the curve"); - - return result; + return std::make_pair(x, y); } } diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index 61239df807..2e1c626bda 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -279,7 +279,20 @@ inline PointGFp operator*(const PointGFp& point, const BigInt& scalar) secure_vector BOTAN_PUBLIC_API(2,0) EC2OSP(const PointGFp& point, uint8_t format); PointGFp BOTAN_PUBLIC_API(2,0) OS2ECP(const uint8_t data[], size_t data_len, - const CurveGFp& curve); + const CurveGFp& curve); + +/** +* Perform point decoding +* @param data the encoded point +* @param data_len length of data in bytes +* @param curve_p the curve equation prime +* @param curve_a the curve equation a parameter +* @param curve_b the curve equation b parameter +*/ +std::pair BOTAN_PUBLIC_API(2,5) OS2ECP(const uint8_t data[], size_t data_len, + const BigInt& curve_p, + const BigInt& curve_a, + const BigInt& curve_b); template PointGFp OS2ECP(const std::vector& data, const CurveGFp& curve) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 93747a1663..ddd7251e2e 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -2,7 +2,8 @@ * ECC Domain Parameters * * (C) 2007 Falko Strenzke, FlexSecure GmbH -* 2008,2018 Jack Lloyd +* (C) 2008,2018 Jack Lloyd +* (C) 2018 Tobias Niemann * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -13,67 +14,190 @@ #include #include #include +#include +#include namespace Botan { -struct EC_Group_Data +class EC_Group_Data final { - CurveGFp m_curve; - PointGFp m_base_point; - BigInt m_order; - BigInt m_cofactor; - OID m_oid; - size_t m_p_bits, m_p_bytes; - }; + public: + + EC_Group_Data(const BigInt& p, + const BigInt& a, + const BigInt& b, + const BigInt& g_x, + const BigInt& g_y, + const BigInt& order, + const BigInt& cofactor, + const OID& oid) : + m_curve(p, a, b), + m_base_point(m_curve, g_x, g_y), + m_order(order), + m_cofactor(cofactor), + m_oid(oid), + m_p_bits(p.bits()), + m_p_bytes(p.bytes()) + { + } + + bool match(const BigInt& p, const BigInt& a, const BigInt& b, + const BigInt& g_x, const BigInt& g_y, + const BigInt& order, const BigInt& cofactor) const + { + return (this->p() == p && this->a() == a && this->b() == b && + this->order() == order && this->cofactor() == cofactor && + this->g_x() == g_x && this->g_y() == g_y); + } -namespace { + const OID& oid() const { return m_oid; } + const BigInt& p() const { return m_curve.get_p(); } + const BigInt& a() const { return m_curve.get_a(); } + const BigInt& b() const { return m_curve.get_b(); } + const BigInt& order() const { return m_order; } + const BigInt& cofactor() const { return m_cofactor; } + BigInt g_x() const { return m_base_point.get_affine_x(); } + BigInt g_y() const { return m_base_point.get_affine_y(); } + + size_t p_bits() const { return m_p_bits; } + size_t p_bytes() const { return m_p_bytes; } + + const CurveGFp& curve() const { return m_curve; } + const PointGFp& base_point() const { return m_base_point; } + + private: + CurveGFp m_curve; + PointGFp m_base_point; + BigInt m_order; + BigInt m_cofactor; + OID m_oid; + size_t m_p_bits, m_p_bytes; + }; -std::shared_ptr new_EC_group_data(const BigInt& p, - const BigInt& a, - const BigInt& b, - const BigInt& g_x, - const BigInt& g_y, - const BigInt& order, - const BigInt& cofactor, - const OID& oid = OID()) +class EC_Group_Data_Map final { - std::shared_ptr data = std::make_shared(); + public: + EC_Group_Data_Map() {} - data->m_curve = CurveGFp(p, a, b); - data->m_base_point = PointGFp(data->m_curve, g_x, g_y); - data->m_order = order; - data->m_cofactor = cofactor; - data->m_oid = oid; + std::shared_ptr lookup(const OID& oid) + { + lock_guard_type lock(m_mutex); - data->m_p_bits = p.bits(); - data->m_p_bytes = p.bytes(); - return data; - } + for(auto i : m_registered_curves) + { + if(i->oid() == oid) + return i; + } -std::shared_ptr new_EC_group_data(const BigInt& p, - const BigInt& a, - const BigInt& b, - const std::vector& base_point, - const BigInt& order, - const BigInt& cofactor, - const OID& oid = OID()) - { - std::shared_ptr data = std::make_shared(); + // Not found, check hardcoded data + std::shared_ptr data = EC_Group::EC_group_info(oid); + + if(data) + { + m_registered_curves.push_back(data); + return data; + } - data->m_curve = CurveGFp(p, a, b); - data->m_base_point = Botan::OS2ECP(base_point, data->m_curve); - data->m_order = order; - data->m_cofactor = cofactor; - data->m_oid = oid; + // Nope, unknown curve + return std::shared_ptr(); + } - data->m_p_bits = p.bits(); - data->m_p_bytes = p.bytes(); - return data; + std::shared_ptr lookup_or_create(const BigInt& p, + const BigInt& a, + const BigInt& b, + const BigInt& g_x, + const BigInt& g_y, + const BigInt& order, + const BigInt& cofactor, + const OID& oid) + { + lock_guard_type lock(m_mutex); + + for(auto i : m_registered_curves) + { + if(oid.has_value()) + { + if(i->oid() == oid) + return i; + else if(i->oid().has_value()) + continue; + } + + if(i->match(p, a, b, g_x, g_y, order, cofactor)) + return i; + } + + // Not found - if OID is set try looking up that way + + if(oid.has_value()) + { + // Not located in existing store - try hardcoded data set + std::shared_ptr data = EC_Group::EC_group_info(oid); + + if(data) + { + m_registered_curves.push_back(data); + return data; + } + } + + // Not found or no OID, add data and return + return add_curve(p, a, b, g_x, g_y, order, cofactor, oid); + } + + private: + + std::shared_ptr add_curve(const BigInt& p, + const BigInt& a, + const BigInt& b, + const BigInt& g_x, + const BigInt& g_y, + const BigInt& order, + const BigInt& cofactor, + const OID& oid) + { + std::shared_ptr d = + std::make_shared(p, a, b, g_x, g_y, order, cofactor, oid); + + // This function is always called with the lock held + m_registered_curves.push_back(d); + return d; + } + + mutex_type m_mutex; + std::vector> m_registered_curves; + }; + +//static +EC_Group_Data_Map& EC_Group::ec_group_data() + { + static EC_Group_Data_Map g_ec_data; + return g_ec_data; } -std::shared_ptr lookup_EC_group_by_oid(const OID& oid); +//static +std::shared_ptr +EC_Group::load_EC_group_info(const char* p_str, + const char* a_str, + const char* b_str, + const char* g_x_str, + const char* g_y_str, + const char* order_str, + const OID& oid) + { + const BigInt p(p_str); + const BigInt a(a_str); + const BigInt b(b_str); + const BigInt g_x(g_x_str); + const BigInt g_y(g_y_str); + const BigInt order(order_str); + const BigInt cofactor(1); // implicit + + return std::make_shared(p, a, b, g_x, g_y, order, cofactor, oid); + } -std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t len) +//static +std::shared_ptr EC_Group::BER_decode_EC_group(const uint8_t bits[], size_t len) { BER_Decoder ber(bits, len); BER_Object obj = ber.get_next_object(); @@ -86,12 +210,12 @@ std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t { OID dom_par_oid; BER_Decoder(bits, len).decode(dom_par_oid); - return lookup_EC_group_by_oid(dom_par_oid); + return ec_group_data().lookup(dom_par_oid); } else if(obj.type() == SEQUENCE) { BigInt p, a, b, order, cofactor; - std::vector sv_base_point; + std::vector base_pt; BER_Decoder(bits, len) .start_cons(SEQUENCE) @@ -105,13 +229,15 @@ std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t .decode_octet_string_bigint(a) .decode_octet_string_bigint(b) .end_cons() - .decode(sv_base_point, OCTET_STRING) + .decode(base_pt, OCTET_STRING) .decode(order) .decode(cofactor) .end_cons() .verify_end(); - return new_EC_group_data(p, a, b, sv_base_point, order, cofactor); + std::pair base_xy = Botan::OS2ECP(base_pt.data(), base_pt.size(), p, a, b); + + return ec_group_data().lookup_or_create(p, a, b, base_xy.first, base_xy.second, order, cofactor, OID()); } else { @@ -119,31 +245,6 @@ std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t } } -std::shared_ptr BER_decode_EC_group(const std::string& pem) - { - secure_vector ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS"); - return BER_decode_EC_group(ber.data(), ber.size()); - } - -std::shared_ptr lookup_EC_group_by_oid(const OID& oid) - { - if(oid.empty()) - throw Invalid_Argument("lookup_EC_group_by_oid with empty oid"); - - const std::string oid_name = OIDS::oid2str(oid); - if(oid_name.empty()) - throw Invalid_Argument("Unknown EC group OID " + oid.as_string()); - - const std::string pem = EC_Group::PEM_for_named_group(oid_name); - if(pem.empty()) - throw Invalid_Argument("EC group OID (" + oid_name + ") is not known"); - std::shared_ptr data = BER_decode_EC_group(pem); - data->m_oid = oid; - return data; - } - -} - EC_Group::EC_Group() { } @@ -155,7 +256,9 @@ EC_Group::~EC_Group() EC_Group::EC_Group(const OID& domain_oid) { - this->m_data = lookup_EC_group_by_oid(domain_oid); + this->m_data = ec_group_data().lookup(domain_oid); + if(!this->m_data) + throw Invalid_Argument("Unknown EC_Group " + domain_oid.as_string()); } EC_Group::EC_Group(const std::string& str) @@ -167,7 +270,7 @@ EC_Group::EC_Group(const std::string& str) { OID oid = OIDS::lookup(str); if(oid.empty() == false) - m_data = lookup_EC_group_by_oid(oid); + m_data = ec_group_data().lookup(oid); } catch(Invalid_OID) { @@ -176,7 +279,22 @@ EC_Group::EC_Group(const std::string& str) if(m_data == nullptr) { // OK try it as PEM ... - this->m_data = BER_decode_EC_group(str); + secure_vector ber = PEM_Code::decode_check_label(str, "EC PARAMETERS"); + this->m_data = BER_decode_EC_group(ber.data(), ber.size()); + } + } + +//static +std::string EC_Group::PEM_for_named_group(const std::string& name) + { + try + { + EC_Group group(name); + return group.PEM_encode(); + } + catch(...) + { + return ""; } } @@ -189,21 +307,7 @@ EC_Group::EC_Group(const BigInt& p, const BigInt& cofactor, const OID& oid) { - m_data = new_EC_group_data(p, a, b, base_x, base_y, order, cofactor, oid); - } - -EC_Group::EC_Group(const CurveGFp& curve, - const PointGFp& base_point, - const BigInt& order, - const BigInt& cofactor) - { - m_data = new_EC_group_data(curve.get_p(), - curve.get_a(), - curve.get_b(), - base_point.get_affine_x(), - base_point.get_affine_y(), - order, - cofactor); + m_data = ec_group_data().lookup_or_create(p, a, b, base_x, base_y, order, cofactor, oid); } EC_Group::EC_Group(const std::vector& ber) @@ -220,67 +324,67 @@ const EC_Group_Data& EC_Group::data() const const CurveGFp& EC_Group::get_curve() const { - return data().m_curve; + return data().curve(); } size_t EC_Group::get_p_bits() const { - return data().m_p_bits; + return data().p_bits(); } size_t EC_Group::get_p_bytes() const { - return data().m_p_bytes; + return data().p_bytes(); } const BigInt& EC_Group::get_p() const { - return data().m_curve.get_p(); + return data().p(); } const BigInt& EC_Group::get_a() const { - return data().m_curve.get_a(); + return data().a(); } const BigInt& EC_Group::get_b() const { - return data().m_curve.get_b(); + return data().b(); } const PointGFp& EC_Group::get_base_point() const { - return data().m_base_point; + return data().base_point(); } const BigInt& EC_Group::get_order() const { - return data().m_order; + return data().order(); } const BigInt& EC_Group::get_cofactor() const { - return data().m_cofactor; + return data().cofactor(); } const OID& EC_Group::get_curve_oid() const { - return data().m_oid; + return data().oid(); } PointGFp EC_Group::OS2ECP(const uint8_t bits[], size_t len) const { - return Botan::OS2ECP(bits, len, data().m_curve); + return Botan::OS2ECP(bits, len, data().curve()); } PointGFp EC_Group::point(const BigInt& x, const BigInt& y) const { - return PointGFp(data().m_curve, x, y); + return PointGFp(data().curve(), x, y); } PointGFp EC_Group::zero_point() const { - return PointGFp(data().m_curve); + return PointGFp(data().curve()); } std::vector diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 0e6b57b5a9..1dc839540a 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -27,7 +27,8 @@ enum EC_Group_Encoding { EC_DOMPAR_ENC_OID = 2 }; -struct EC_Group_Data; +class EC_Group_Data; +class EC_Group_Data_Map; /** * Class representing an elliptic curve @@ -47,7 +48,14 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final EC_Group(const CurveGFp& curve, const PointGFp& base_point, const BigInt& order, - const BigInt& cofactor); + const BigInt& cofactor) : + EC_Group(curve.get_p(), + curve.get_a(), + curve.get_b(), + base_point.get_affine_x(), + base_point.get_affine_y(), + order, + cofactor) {} /** * Construct Domain paramers from specified parameters @@ -200,17 +208,35 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final /** * Return PEM representation of named EC group + * Deprecated: Use EC_Group(name).PEM_encode() if this is needed */ - static std::string PEM_for_named_group(const std::string& name); + static std::string BOTAN_DEPRECATED("See header comment") PEM_for_named_group(const std::string& name); /** * Return a set of known named EC groups */ static const std::set& known_named_groups(); - static void add_named_group(const std::string& name, const OID& oid, const EC_Group& group); + /* + * For internal use only + */ + static std::shared_ptr EC_group_info(const OID& oid); private: + static EC_Group_Data_Map& ec_group_data(); + + static std::shared_ptr BER_decode_EC_group(const uint8_t bits[], size_t len); + + static std::shared_ptr + load_EC_group_info(const char* p, + const char* a, + const char* b, + const char* g_x, + const char* g_y, + const char* order, + const OID& oid); + + // Member data const EC_Group_Data& data() const; std::shared_ptr m_data; }; diff --git a/src/lib/pubkey/ec_group/ec_named.cpp b/src/lib/pubkey/ec_group/ec_named.cpp index 2a8e1a1869..cfab1fafd9 100644 --- a/src/lib/pubkey/ec_group/ec_named.cpp +++ b/src/lib/pubkey/ec_group/ec_named.cpp @@ -1,6 +1,6 @@ /* * List of ECC groups -* (C) 2013 Jack Lloyd +* (C) 2013,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,280 +10,250 @@ namespace Botan { //static -std::string EC_Group::PEM_for_named_group(const std::string& name) +std::shared_ptr EC_Group::EC_group_info(const OID& oid) { - if(name == "secp160k1") - return - "-----BEGIN EC PARAMETERS-----" - "MIGYAgEBMCAGByqGSM49AQECFQD////////////////////+//+sczAsBBQAAAAA" - "AAAAAAAAAAAAAAAAAAAAAAQUAAAAAAAAAAAAAAAAAAAAAAAAAAcEKQQ7TDgs43qh" - "kqQBnnYwNvT13U1+u5OM+TUxj9zta8KChlMXM8PwPE/uAhUBAAAAAAAAAAAAAbj6" - "Ft+rmsoWtrMCAQE=" - "-----END EC PARAMETERS-----"; + // P-256 + if(oid == OID{1,2,840,10045,3,1,7}) + return load_EC_group_info("0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", + "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", + "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", + "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", + "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", + "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", + oid); - if(name == "secp160r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIGYAgEBMCAGByqGSM49AQECFQD/////////////////////f////zAsBBT/////" - "////////////////f////AQUHJe+/FS9eotlrPifgdTUrcVl+kUEKQRKlrVojvVz" - "KEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAAAAAAAfTI" - "+Seu08p1IlcCAQE=" - "-----END EC PARAMETERS-----"; + // P-384 + if(oid == OID{1,3,132,0,34}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", + "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", + "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", + "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", + oid); + // P-521 + if(oid == OID{1,3,132,0,35}) + return load_EC_group_info("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", + "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", + "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", + oid); - if(name == "secp160r2") - return - "-----BEGIN EC PARAMETERS-----" - "MIGYAgEBMCAGByqGSM49AQECFQD////////////////////+//+sczAsBBT/////" - "///////////////+//+scAQUtOE00/tZ64urVydJBGZNWvUDiLoEKQRS3LA0KToR" - "fh9P8Rsw9xmdMUTObf6v/vLjMfKW4HH6DfmYLP6n1D8uAhUBAAAAAAAAAAAAADUe" - "54aoGPOhoWsCAQE=" - "-----END EC PARAMETERS-----"; + // brainpool160r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,1}) + return load_EC_group_info("0xE95E4A5F737059DC60DFC7AD95B3D8139515620F", + "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300", + "0x1E589A8595423412134FAA2DBDEC95C8D8675E58", + "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", + "0x1667CB477A1A8EC338F94741669C976316DA6321", + "0xE95E4A5F737059DC60DF5991D45029409E60FC09", + oid); + // brainpool192r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,3}) + return load_EC_group_info("0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", + "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", + "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", + "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", + "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", + "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", + oid); + // brainpool224r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,5}) + return load_EC_group_info("0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", + "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", + "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", + "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", + "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", + "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", + oid); + // brainpool256r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,7}) + return load_EC_group_info("0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + oid); + // brainpool320r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,9}) + return load_EC_group_info("0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", + "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", + "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", + "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", + "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", + "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", + oid); + // brainpool384r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,11}) + return load_EC_group_info("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + oid); + // brainpool512r1 + if(oid == OID{1,3,36,3,3,2,8,1,1,13}) + return load_EC_group_info("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + oid); + // frp256v1 + if(oid == OID{1,2,250,1,223,101,256,1}) + return load_EC_group_info("0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03", + "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00", + "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F", + "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF", + "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB", + "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1", + oid); + // gost_256A + if(oid == OID{1,2,643,2,2,35,1}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", + "0xA6", + "0x1", + "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", + oid); + // secp160k1 + if(oid == OID{1,3,132,0,9}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "0x0", + "0x7", + "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", + "0x938CF935318FDCED6BC28286531733C3F03C4FEE", + "0x100000000000000000001B8FA16DFAB9ACA16B6B3", + oid); + // secp160r1 + if(oid == OID{1,3,132,0,8}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", + "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", + "0x4A96B5688EF573284664698968C38BB913CBFC82", + "0x23A628553168947D59DCC912042351377AC5FB32", + "0x100000000000000000001F4C8F927AED3CA752257", + oid); + // secp160r2 + if(oid == OID{1,3,132,0,30}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", + "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA", + "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D", + "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", + "0x100000000000000000000351EE786A818F3A1A16B", + oid); + // secp192k1 + if(oid == OID{1,3,132,0,31}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", + "0x0", + "0x3", + "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", + "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", + "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", + oid); + // secp192r1 + if(oid == OID{1,2,840,10045,3,1,1}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", + "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", + "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", + "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", + oid); + // secp224k1 + if(oid == OID{1,3,132,0,32}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", + "0x0", + "0x5", + "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", + "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", + "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", + oid); + // secp224r1 + if(oid == OID{1,3,132,0,33}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + oid); + // secp256k1 + if(oid == OID{1,3,132,0,10}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", + "0x0", + "0x7", + "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + oid); - if(name == "secp192k1") - return - "-----BEGIN EC PARAMETERS-----" - "MIGwAgEBMCQGByqGSM49AQECGQD//////////////////////////v//7jcwNAQY" - "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - "AAMEMQTbT/EOwFfpriawfQKAt/Q0HaXRsergbH2bLy9tnFYop4RBY9AVvoY0QIKq" - "iNleL50CGQD///////////////4m8vwXD2lGanTe/Y0CAQE=" - "-----END EC PARAMETERS-----"; + // sm2p256v1 + if(oid == OID{1,2,156,10197,1,301}) + return load_EC_group_info("0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", + "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", + "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", + "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", + "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", + "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", + oid); + // x962_p192v2 + if(oid == OID{1,2,840,10045,3,1,2}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", + "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", + "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", + "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", + oid); + // x962_p192v3 + if(oid == OID{1,2,840,10045,3,1,3}) + return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", + "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", + "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", + "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", + "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", + oid); + // x962_p239v1 + if(oid == OID{1,2,840,10045,3,1,4}) + return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", + "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", + "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", + "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", + oid); + // x962_p239v2 + if(oid == OID{1,2,840,10045,3,1,5}) + return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", + "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", + "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", + "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", + oid); + // x962_p239v3 + if(oid == OID{1,2,840,10045,3,1,6}) + return load_EC_group_info("0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", + "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", + "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", + "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", + "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", + "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", + oid); - if(name == "secp192r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIGwAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wNAQY" - "/////////////////////v/////////8BBhkIQUZ5ZyA5w+n6atyJDBJ/rje7MFG" - "ubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3" - "oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "secp224k1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHIAgEBMCgGByqGSM49AQECHQD///////////////////////////////7//+Vt" - "MDwEHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEHAAAAAAAAAAAAAAAAAAA" - "AAAAAAAAAAAAAAAAAAUEOQShRVszTfCZ3zD8KKFppGfp5HB1qQ9+ZQ62t6Rcfgif" - "7X+6NEKCyvvW9+MZ98CwvVniykvbVW1hpQIdAQAAAAAAAAAAAAAAAAAB3OjS7GGE" - "yvCpcXafsfcCAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "secp224r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHIAgEBMCgGByqGSM49AQECHQD/////////////////////AAAAAAAAAAAAAAAB" - "MDwEHP////////////////////7///////////////4EHLQFCoUMBLOr9UEyVlBE" - "sLfXv9i6Jws5QyNV/7QEOQS3Dgy9a7S/fzITkLlKA8HTVsIRIjQygNYRXB0hvTdj" - "iLX3I/tMIt/mzUN1oFoHR2RE1YGZhQB+NAIdAP//////////////////FqLguPA+" - "E90pRVxcKj0CAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "secp256k1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHgAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+" - "///8LzBEBCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQgAAAAAAAA" - "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEQQR5vmZ++dy7rFWgYpXOhwsHApv8" - "2y3OKNlZ8oFbFvgXmEg62ncmo8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA" - "/////////////////////rqu3OavSKA7v9JejNA2QUECAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "secp256r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHgAgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////" - "/////zBEBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6" - "k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsEQQRrF9Hy4SxCR/i85uVjpEDydwN9" - "gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA" - "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "secp384r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIIBQAIBATA8BgcqhkjOPQEBAjEA////////////////////////////////////" - "//////7/////AAAAAAAAAAD/////MGQEMP//////////////////////////////" - "///////////+/////wAAAAAAAAAA/////AQwszEvp+I+5+SYjgVr4/gtGRgdnG7+" - "gUESAxQIj1ATh1rGVjmNii7RnSqFyO3T7CrvBGEEqofKIr6LBTeOscce8yCtdG4d" - "O2KLp5uYWfdB4IJUKjhVAvJdv1UpbDpUXjhydgq3NhfeSpYmLG9dnpi/kpLcKfj0" - "Hb0omhR86doxE7XwuMAKYLHOHX6BnXpDHXyQ6g5fAjEA////////////////////" - "////////////x2NNgfQ3Ld9YGg2ySLCneuzsGWrMxSlzAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "secp521r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIIBrAIBATBNBgcqhkjOPQEBAkIB////////////////////////////////////" - "//////////////////////////////////////////////////8wgYgEQgH/////" - "////////////////////////////////////////////////////////////////" - "/////////////////ARCAFGVPrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ" - "4VYZOVHsfpN7FlLAvTuxvwc1c9+IPSw08e9FH9RrUD8ABIGFBADGhY4GtwQE6c2e" - "PstmI5W0QpxkgTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5" - "fn4xwuW9ZgEYOSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQm" - "QMVQuQE/rQdhNTxwhqJywkCIvpR2n9FmUAJCAf//////////////////////////" - "////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool160r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIGYAgEBMCAGByqGSM49AQECFQDpXkpfc3BZ3GDfx62Vs9gTlRViDzAsBBQ0Dnvi" - "ooDrdOK+YbradF2X6PfDAAQUHliahZVCNBITT6otveyVyNhnXlgEKQS+1a8W6j9q" - "T2KTjEYx61r3vbzbwxZny0d6Go7DOPlHQWacl2MW2mMhAhUA6V5KX3NwWdxg31mR" - "1FApQJ5g/AkCAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool192r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIGwAgEBMCQGByqGSM49AQECGQDDAvQdkyo2zaejRjCT0Y23j85HbeGoYpcwNAQY" - "apEXQHax4OGcOcAx/oaFwcrgQOXGmijvBBhGmijvfCjMo9xyHQRPRJa8yn70FG+/" - "JckEMQTAoGR+qrakh1OwM8VssPCQCi9cSFM3X9YUtpCGar1buItfSCjBSQAC5nc/" - "ovopm48CGQDDAvQdkyo2zaejRi+enpFrW+jxAprErMECAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool224r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHIAgEBMCgGByqGSM49AQECHQDXwTSqJkNmhioYMCV10deHsJ8HV5faifV+yMD/" - "MDwEHGil5iypzmwcKZgDpsFTC1FOGCrYsAQqWcrSn0MEHCWA9jzP5EE4hwcTsakj" - "aeM+ITXSZtuzcjhsQAsEOQQNkCmtLH5c9DQII7KofcaMnkzjF0webv3uEsB9WKpW" - "93LAcm8kxrieTs2sJDVLnpnKo/bTdhQCzQIdANfBNKomQ2aGKhgwJXXQ+5jRFrxL" - "bd68o6Wnk58CAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool256r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHgAgEBMCwGByqGSM49AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gd" - "H25TdzBEBCB9Wgl1/CwwV+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlK" - "S0TzMLXZu9d8v5WEFilc9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n" - "4eO9I8I6RFO9ms4yYlR++DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEA" - "qftX26Huqbw+ZgqQnYONcYw5eqO1Yab3kB4OgpdIVqcCAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool320r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIIBEAIBATA0BgcqhkjOPQEBAikA015HIDa8T7fhPHhe0gHgZfmPz6b29A3vT5K5" - "7HiT7Cj81BKx8bMuJzBUBCg+4wtWj7qw+IPM69RtPzu4oqc1E/XredpmGQ6whf+p" - "9JLzdal9hg60BChSCIOUnf28QtOtGYZAaIpv4T9BNJVUtJrMMdzNiEU5gW9etKyP" - "sfGmBFEEQ71+mvtT2LhSibzEjuW/5vIBN9EKCH6254ceKhClmccQr40NOeIGERT9" - "0FVF7BzIq0CTJH93J14HQ//tEXGC6qnHeHeqrGrH01JF0WkujuECKQDTXkcgNrxP" - "t+E8eF7SAeBl+Y/PpbaPEqMtSC7H7oZY6YaRVVtExZMRAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool384r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIIBQAIBATA8BgcqhkjOPQEBAjEAjLkegqM4bSgPXW9+UOZB3xUvcQntVFa0ErHa" - "GX+3ESOs06cpkB0acYdHABMxB+xTMGQEMHvDgsY9jBUMPHIICs4Fr6DCvqKOT7In" - "hxORZe+6kfkPiqWBSlA61OsEqMfdIs4oJgQwBKjH3SLOKCaLObVUFvBEfC+3feEH" - "3NKmLogOpT7rYtV8tDkCldvJlDq3hpb6UEwRBGEEHRxk8GjPRf+ipjqBt8E/a4hH" - "o+d+8U/j23/K/gy9EOjoJuA0NtZGqu+HsuJH1K8eir4ddSD5wqRcseuOlc/VUmK3" - "Cyn+7Fhk4ZwFT/mRKSgORkYhd5GBEUKCA0EmPFMVAjEAjLkegqM4bSgPXW9+UOZB" - "3xUvcQntVFazHxZubKwEJafPOrava3/DEDuIMgLpBGVlAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "brainpool512r1") - return - "-----BEGIN EC PARAMETERS-----" - "MIIBogIBATBMBgcqhkjOPQEBAkEAqt2duNvpxIs/1OauM8n8B8swjbOzydIO1mOc" - "ynAzCHF9TZsAm8ZoQq7NoSrmo4DmKIH/Ly2CxoUoqmBWWDpI8zCBhARAeDCjMYtg" - "O4niMnFFrCNMxZTL3Y09+RYQqDRByuqYY7wt7V1aqCU6oQou8cmLmsi1fxEXpyvy" - "x7nnwaxNd/yUygRAPfkWEKg0QcrqmGO8Le1dWqglOqEKLvHJi5rItX8RF6cr8se5" - "58GsTXf8lMrcCD5nmEBQt1665d0oCb1jgBb3IwSBgQSBruS92C7ZZFohMi6cTGqT" - "he2fcLXZFsG0O2Lu9NAJjv87H3ji0NSNUNFoe5O5fV98bVBHQGpeaIs1Igm8ufgi" - "fd44XVZjMuzA6r+pz3gi/fIJ9wAkpXsaoADFW4gfgRGy3N5JSl9IXlvKS9iKJ2Ou" - "0corL6jwVAZ4zR4POtgIkgJBAKrdnbjb6cSLP9TmrjPJ/AfLMI2zs8nSDtZjnMpw" - "MwhwVT5cQUypJhlBhmEZf6wQRx2x04EIXdrdtYeWgpypAGkCAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "x962_p192v2") - return - "-----BEGIN EC PARAMETERS-----" - "MIGwAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wNAQY" - "/////////////////////v/////////8BBjMItbfuVxrJeScDWNkpOWYDDk6ohZo" - "2VMEMQTuorrn4Ul4QvLed2nP6cmJwHKtaW9IA0pldNEdabbsemcruCoIPfLysIR9" - "6XCy3hUCGQD///////////////5fsack3IBBhkjY3TECAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "x962_p192v3") - return - "-----BEGIN EC PARAMETERS-----" - "MIGwAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wNAQY" - "/////////////////////v/////////8BBgiEj3COVoFyqdCPa7MyUdgp9RiJWvV" - "aRYEMQR9KXeBAMZaHaF4NxZYjc4ri0rujiKPGJY4qQ8iY3M3M0tJ3LZqbcj5l4rK" - "dkipQ7ACGQD///////////////96YtAxyD9ClPZA7BMCAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "x962_p239v1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHSAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH//////" - "/zBABB5///////////////9///////+AAAAAAAB///////wEHmsBbDvc8YlB0NZU" - "khR1ynGp2y+yfR03eWGFwpQsCgQ9BA/6ljzcqIFszDO4ZCvt+QXD01hXPT8n+707" - "PLmqr33r6OTpCl2ubkBUylMLoEZUs2gYziJrOfzLewLxrgIef///////////////" - "f///nl6an12QcfvRUiaIkJ0LAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "x962_p239v2") - return - "-----BEGIN EC PARAMETERS-----" - "MIHSAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH//////" - "/zBABB5///////////////9///////+AAAAAAAB///////wEHmF/q2gyV2y7/tUN" - "mfAknD/uWLlLoAOMeuhMjIMvLAQ9BDivCdmHJ3BRIMkhu16eJilqPNzy81dXoOr9" - "h7gw51sBJeTb6g7HIG2g/AHZsIEyn7VV3m70YCN9/4vkugIef///////////////" - "gAAAz6foWUN31BTAOCG8WCBjAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "x962_p239v3") - return - "-----BEGIN EC PARAMETERS-----" - "MIHSAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH//////" - "/zBABB5///////////////9///////+AAAAAAAB///////wEHiVXBfoqMGZUsfTL" - "A9anUKMMJQEC1JiHF9m6FattPgQ9BGdoro4Yu5LPzwBclJqixtlIU9DmYLv4VLHJ" - "UF/pWhYH5omPOQwGvB1VK60ibztvz+SLboGEma8Y4+1s8wIef///////////////" - "f///l13rQbOmBXw8QyFGUmVRAgEB" - "-----END EC PARAMETERS-----"; - - if(name == "gost_256A") - return - "-----BEGIN EC PARAMETERS-----" - "MIHgAgEBMCwGByqGSM49AQECIQD/////////////////////////////////////" - "///9lzBEBCD////////////////////////////////////////9lAQgAAAAAAAA" - "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKYEQQQAAAAAAAAAAAAAAAAAAAAAAAAA" - "AAAAAAAAAAAAAAAAAY2R5HHgmJzaJ99QWkU/K3Y1KU8t3yPjsSKsyZyenx4UAiEA" - "/////////////////////2xhEHCZWtEARYQbCbdhuJMCAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "frp256v1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHgAgEBMCwGByqGSM49AQECIQDx/ReMCzrVjxASbejOQkNbOWGtvKvIym3o/PNT" - "2G6cAzBEBCDx/ReMCzrVjxASbejOQkNbOWGtvKvIym3o/PNT2G6cAAQg7jU/ylQo" - "qTANSrp1SkTAD9/sDJrksaGAMHXtlnt7tz8EQQS2s9TDVsE56zEYPUdJ1COVjCfS" - "3K+YtwFkyXot2Y9c/2FC4PfIsgSRH5Jx8PPs74wnAcMH6OTJ4YMRWhVUBiz7AiEA" - "8f0XjAs61Y8QEm3ozkJDW1PcZ+FA0r+UH/3UWcbWVeECAQE=" - "-----END EC PARAMETERS-----"; - - if(name == "sm2p256v1") - return - "-----BEGIN EC PARAMETERS-----" - "MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD/////" - "/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f" - "XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML" - "v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA" - "/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE=" - "-----END EC PARAMETERS-----"; - -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(name == BOTAN_HOUSE_ECC_CURVE_NAME) - return BOTAN_HOUSE_ECC_CURVE_PEM; -#endif - - return ""; + return std::shared_ptr(); } +//static const std::set& EC_Group::known_named_groups() { static const std::set named_groups = { @@ -317,6 +287,6 @@ const std::set& EC_Group::known_named_groups() ,BOTAN_HOUSE_ECC_CURVE_NAME #endif }; - return named_groups; + return named_groups; } } diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 8d8cdb5383..96e2438b36 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -806,6 +806,31 @@ Test::Result test_mult_sec_mass() return result; } +Test::Result test_ecc_registration() + { + Test::Result result("ECC registration"); + + // secp112r1 + const Botan::BigInt p("0xDB7C2ABF62E35E668076BEAD208B"); + const Botan::BigInt a("0xDB7C2ABF62E35E668076BEAD2088"); + const Botan::BigInt b("0x659EF8BA043916EEDE8911702B22"); + + const Botan::BigInt g_x("0x09487239995A5EE76B55F9C2F098"); + const Botan::BigInt g_y("0xA89CE5AF8724C0A23E0E0FF77500"); + const Botan::BigInt order("0xDB7C2ABF62E35E7628DFAC6561C5"); + + const Botan::OID oid("1.3.132.0.6"); + + // Creating this object implicitly registers the curve for future use ... + Botan::EC_Group reg_group(p, a, b, g_x, g_y, order, 1, oid); + + Botan::EC_Group group(oid); + + result.test_eq("Group registration worked", group.get_p(), p); + + return result; + } + class ECC_Unit_Tests final : public Test { public: @@ -836,6 +861,7 @@ class ECC_Unit_Tests final : public Test results.push_back(test_mult_by_order()); results.push_back(test_point_swap()); results.push_back(test_mult_sec_mass()); + results.push_back(test_ecc_registration()); return results; } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 5ca5a2edc6..94fa953922 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -1177,7 +1177,7 @@ class String_Extension final : public Botan::Certificate_Extension Botan::OID oid_of() const override { - return m_oid; + return Botan::OID("1.2.3.4.5.6.7.8.9.1"); } bool should_encode() const override @@ -1205,7 +1205,6 @@ class String_Extension final : public Botan::Certificate_Extension } private: - Botan::OID m_oid {"1.2.3.4.5.6.7.8.9.1"}; std::string m_contents; }; From a17f1b71254e7e4c9de1a86a246fb85a3a4f25b9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Feb 2018 14:25:34 -0500 Subject: [PATCH 0623/1008] Add hack to deal with initialization fiasco --- src/lib/pubkey/ec_group/ec_group.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index ddd7251e2e..c5c39b6b33 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -171,6 +171,12 @@ class EC_Group_Data_Map final //static EC_Group_Data_Map& EC_Group::ec_group_data() { + /* + * This exists purely to ensure the allocator is constructed before g_ec_data, + * which ensures that its destructor runs after ~g_ec_data is complete. + */ + secure_vector initialize_allocator(1); + static EC_Group_Data_Map g_ec_data; return g_ec_data; } From 2cb0fa04472f4bc60f02d822daa8f4f8ad487e7e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Feb 2018 15:27:40 -0500 Subject: [PATCH 0624/1008] Alternate method of forcing allocator initialization That doesn't require a malloc/free every time we call ec_group_data() --- src/lib/pubkey/ec_group/ec_group.cpp | 7 ++++++- src/lib/utils/mem_ops.cpp | 7 +++++++ src/lib/utils/mem_ops.h | 5 +++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index c5c39b6b33..0c2cd566cd 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -175,8 +175,13 @@ EC_Group_Data_Map& EC_Group::ec_group_data() * This exists purely to ensure the allocator is constructed before g_ec_data, * which ensures that its destructor runs after ~g_ec_data is complete. */ - secure_vector initialize_allocator(1); + class Allocator_Initializer + { + public: + Allocator_Initializer() { initialize_allocator(); } + }; + static Allocator_Initializer g_init_allocator; static EC_Group_Data_Map g_ec_data; return g_ec_data; } diff --git a/src/lib/utils/mem_ops.cpp b/src/lib/utils/mem_ops.cpp index 3fd4631956..b7ecd53260 100644 --- a/src/lib/utils/mem_ops.cpp +++ b/src/lib/utils/mem_ops.cpp @@ -41,6 +41,13 @@ void deallocate_memory(void* p, size_t elems, size_t elem_size) std::free(p); } +void initialize_allocator() + { +#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) + mlock_allocator::instance(); +#endif + } + bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len) diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index be75da6552..5fb5752fcd 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -32,6 +32,11 @@ BOTAN_PUBLIC_API(2,3) BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t */ BOTAN_PUBLIC_API(2,3) void deallocate_memory(void* p, size_t elems, size_t elem_size); +/** +* Ensure the allocator is initialized +*/ +void initialize_allocator(); + /** * Scrub memory contents in a way that a compiler should not elide, * using some system specific technique. Note that this function might From a32a1c30c024613da58b9a563c3d180fc0f307fb Mon Sep 17 00:00:00 2001 From: Never Date: Tue, 9 Jan 2018 14:31:39 +0100 Subject: [PATCH 0625/1008] Reintroduce ability to register OIDs at runtime This was removed in 62e55f484a7a03e2532875696eb2479a577878e9 in favor of a faster and smaller lookup. The ability is however required if we want to use custom curves at runtime. --- src/lib/asn1/oid_maps.cpp | 423 ++++++++++++++++++++++++++++++ src/lib/asn1/oids.cpp | 522 +++++++++----------------------------- src/lib/asn1/oids.h | 28 +- src/scripts/oids.py | 2 +- 4 files changed, 561 insertions(+), 414 deletions(-) create mode 100644 src/lib/asn1/oid_maps.cpp diff --git a/src/lib/asn1/oid_maps.cpp b/src/lib/asn1/oid_maps.cpp new file mode 100644 index 0000000000..c291a9cd60 --- /dev/null +++ b/src/lib/asn1/oid_maps.cpp @@ -0,0 +1,423 @@ +/* +* OID maps +* +* This file was automatically generated by src/scripts/oids.py on 2018-01-09 +* +* All manual edits to this file will be lost. Edit the script +* then regenerate this source file. +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include + +namespace Botan { + +std::unordered_map OIDS::load_oid2str_map() + { + return std::unordered_map{ + { "1.0.14888.3.0.5", "ECKCDSA" }, + { "1.2.156.10197.1.301", "sm2p256v1" }, + { "1.2.156.10197.1.301.1", "SM2_Sig" }, + { "1.2.156.10197.1.301.2", "SM2_Kex" }, + { "1.2.156.10197.1.301.3", "SM2_Enc" }, + { "1.2.156.10197.1.401", "SM3" }, + { "1.2.156.10197.1.504", "RSA/EMSA3(SM3)" }, + { "1.2.250.1.223.101.256.1", "frp256v1" }, + { "1.2.410.200004.1.100.4.3", "ECKCDSA/EMSA1(SHA-1)" }, + { "1.2.410.200004.1.100.4.4", "ECKCDSA/EMSA1(SHA-224)" }, + { "1.2.410.200004.1.100.4.5", "ECKCDSA/EMSA1(SHA-256)" }, + { "1.2.410.200004.1.4", "SEED/CBC" }, + { "1.2.643.2.2.19", "GOST-34.10" }, + { "1.2.643.2.2.3", "GOST-34.10/EMSA1(GOST-R-34.11-94)" }, + { "1.2.643.2.2.35.1", "gost_256A" }, + { "1.2.643.2.2.36.0", "gost_256A" }, + { "1.2.643.7.1.1.2.2", "Streebog-256" }, + { "1.2.643.7.1.1.2.3", "Streebog-512" }, + { "1.2.840.10040.4.1", "DSA" }, + { "1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)" }, + { "1.2.840.10045.2.1", "ECDSA" }, + { "1.2.840.10045.3.1.1", "secp192r1" }, + { "1.2.840.10045.3.1.2", "x962_p192v2" }, + { "1.2.840.10045.3.1.3", "x962_p192v3" }, + { "1.2.840.10045.3.1.4", "x962_p239v1" }, + { "1.2.840.10045.3.1.5", "x962_p239v2" }, + { "1.2.840.10045.3.1.6", "x962_p239v3" }, + { "1.2.840.10045.3.1.7", "secp256r1" }, + { "1.2.840.10045.4.1", "ECDSA/EMSA1(SHA-160)" }, + { "1.2.840.10045.4.3.1", "ECDSA/EMSA1(SHA-224)" }, + { "1.2.840.10045.4.3.2", "ECDSA/EMSA1(SHA-256)" }, + { "1.2.840.10045.4.3.3", "ECDSA/EMSA1(SHA-384)" }, + { "1.2.840.10045.4.3.4", "ECDSA/EMSA1(SHA-512)" }, + { "1.2.840.10046.2.1", "DH" }, + { "1.2.840.113533.7.66.10", "CAST-128/CBC" }, + { "1.2.840.113533.7.66.15", "KeyWrap.CAST-128" }, + { "1.2.840.113549.1.1.1", "RSA" }, + { "1.2.840.113549.1.1.10", "RSA/EMSA4" }, + { "1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)" }, + { "1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)" }, + { "1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)" }, + { "1.2.840.113549.1.1.14", "RSA/EMSA3(SHA-224)" }, + { "1.2.840.113549.1.1.16", "RSA/EMSA3(SHA-512-256)" }, + { "1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)" }, + { "1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)" }, + { "1.2.840.113549.1.1.7", "RSA/OAEP" }, + { "1.2.840.113549.1.1.8", "MGF1" }, + { "1.2.840.113549.1.5.12", "PKCS5.PBKDF2" }, + { "1.2.840.113549.1.5.13", "PBE-PKCS5v20" }, + { "1.2.840.113549.1.9.1", "PKCS9.EmailAddress" }, + { "1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest" }, + { "1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES" }, + { "1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2" }, + { "1.2.840.113549.1.9.16.3.8", "Compression.Zlib" }, + { "1.2.840.113549.1.9.2", "PKCS9.UnstructuredName" }, + { "1.2.840.113549.1.9.3", "PKCS9.ContentType" }, + { "1.2.840.113549.1.9.4", "PKCS9.MessageDigest" }, + { "1.2.840.113549.1.9.7", "PKCS9.ChallengePassword" }, + { "1.2.840.113549.2.10", "HMAC(SHA-384)" }, + { "1.2.840.113549.2.11", "HMAC(SHA-512)" }, + { "1.2.840.113549.2.5", "MD5" }, + { "1.2.840.113549.2.7", "HMAC(SHA-160)" }, + { "1.2.840.113549.2.8", "HMAC(SHA-224)" }, + { "1.2.840.113549.2.9", "HMAC(SHA-256)" }, + { "1.2.840.113549.3.2", "RC2/CBC" }, + { "1.2.840.113549.3.7", "TripleDES/CBC" }, + { "1.3.101.110", "Curve25519" }, + { "1.3.101.112", "Ed25519" }, + { "1.3.132.0.10", "secp256k1" }, + { "1.3.132.0.30", "secp160r2" }, + { "1.3.132.0.31", "secp192k1" }, + { "1.3.132.0.32", "secp224k1" }, + { "1.3.132.0.33", "secp224r1" }, + { "1.3.132.0.34", "secp384r1" }, + { "1.3.132.0.35", "secp521r1" }, + { "1.3.132.0.8", "secp160r1" }, + { "1.3.132.0.9", "secp160k1" }, + { "1.3.132.1.12", "ECDH" }, + { "1.3.14.3.2.26", "SHA-160" }, + { "1.3.14.3.2.7", "DES/CBC" }, + { "1.3.36.3.2.1", "RIPEMD-160" }, + { "1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)" }, + { "1.3.36.3.3.2.5.2.1", "ECGDSA" }, + { "1.3.36.3.3.2.5.4.1", "ECGDSA/EMSA1(RIPEMD-160)" }, + { "1.3.36.3.3.2.5.4.2", "ECGDSA/EMSA1(SHA-160)" }, + { "1.3.36.3.3.2.5.4.3", "ECGDSA/EMSA1(SHA-224)" }, + { "1.3.36.3.3.2.5.4.4", "ECGDSA/EMSA1(SHA-256)" }, + { "1.3.36.3.3.2.5.4.5", "ECGDSA/EMSA1(SHA-384)" }, + { "1.3.36.3.3.2.5.4.6", "ECGDSA/EMSA1(SHA-512)" }, + { "1.3.36.3.3.2.8.1.1.1", "brainpool160r1" }, + { "1.3.36.3.3.2.8.1.1.11", "brainpool384r1" }, + { "1.3.36.3.3.2.8.1.1.13", "brainpool512r1" }, + { "1.3.36.3.3.2.8.1.1.3", "brainpool192r1" }, + { "1.3.36.3.3.2.8.1.1.5", "brainpool224r1" }, + { "1.3.36.3.3.2.8.1.1.7", "brainpool256r1" }, + { "1.3.36.3.3.2.8.1.1.9", "brainpool320r1" }, + { "1.3.6.1.4.1.11591.12.2", "Tiger(24,3)" }, + { "1.3.6.1.4.1.25258.1.3", "McEliece" }, + { "1.3.6.1.4.1.25258.1.5", "XMSS" }, + { "1.3.6.1.4.1.25258.1.6.1", "GOST-34.10/EMSA1(SHA-256)" }, + { "1.3.6.1.4.1.25258.3.1", "Serpent/CBC" }, + { "1.3.6.1.4.1.25258.3.101", "Serpent/GCM" }, + { "1.3.6.1.4.1.25258.3.102", "Twofish/GCM" }, + { "1.3.6.1.4.1.25258.3.2", "Threefish-512/CBC" }, + { "1.3.6.1.4.1.25258.3.2.1", "AES-128/OCB" }, + { "1.3.6.1.4.1.25258.3.2.2", "AES-192/OCB" }, + { "1.3.6.1.4.1.25258.3.2.3", "AES-256/OCB" }, + { "1.3.6.1.4.1.25258.3.2.4", "Serpent/OCB" }, + { "1.3.6.1.4.1.25258.3.2.5", "Twofish/OCB" }, + { "1.3.6.1.4.1.25258.3.3", "Twofish/CBC" }, + { "1.3.6.1.4.1.3029.1.2.1", "ElGamal" }, + { "1.3.6.1.4.1.311.20.2.2", "Microsoft SmartcardLogon" }, + { "1.3.6.1.4.1.8301.3.1.2.9.0.38", "secp521r1" }, + { "1.3.6.1.5.5.7.1.1", "PKIX.AuthorityInformationAccess" }, + { "1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth" }, + { "1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth" }, + { "1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning" }, + { "1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection" }, + { "1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem" }, + { "1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel" }, + { "1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser" }, + { "1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping" }, + { "1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning" }, + { "1.3.6.1.5.5.7.48.1", "PKIX.OCSP" }, + { "1.3.6.1.5.5.7.48.1.1", "PKIX.OCSP.BasicResponse" }, + { "1.3.6.1.5.5.7.48.2", "PKIX.CertificateAuthorityIssuers" }, + { "1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr" }, + { "2.16.840.1.101.3.4.1.2", "AES-128/CBC" }, + { "2.16.840.1.101.3.4.1.22", "AES-192/CBC" }, + { "2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192" }, + { "2.16.840.1.101.3.4.1.26", "AES-192/GCM" }, + { "2.16.840.1.101.3.4.1.27", "AES-192/CCM" }, + { "2.16.840.1.101.3.4.1.42", "AES-256/CBC" }, + { "2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256" }, + { "2.16.840.1.101.3.4.1.46", "AES-256/GCM" }, + { "2.16.840.1.101.3.4.1.47", "AES-256/CCM" }, + { "2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128" }, + { "2.16.840.1.101.3.4.1.6", "AES-128/GCM" }, + { "2.16.840.1.101.3.4.1.7", "AES-128/CCM" }, + { "2.16.840.1.101.3.4.2.1", "SHA-256" }, + { "2.16.840.1.101.3.4.2.10", "SHA-3(512)" }, + { "2.16.840.1.101.3.4.2.11", "SHAKE-128" }, + { "2.16.840.1.101.3.4.2.12", "SHAKE-256" }, + { "2.16.840.1.101.3.4.2.2", "SHA-384" }, + { "2.16.840.1.101.3.4.2.3", "SHA-512" }, + { "2.16.840.1.101.3.4.2.4", "SHA-224" }, + { "2.16.840.1.101.3.4.2.6", "SHA-512-256" }, + { "2.16.840.1.101.3.4.2.7", "SHA-3(224)" }, + { "2.16.840.1.101.3.4.2.8", "SHA-3(256)" }, + { "2.16.840.1.101.3.4.2.9", "SHA-3(384)" }, + { "2.16.840.1.101.3.4.3.1", "DSA/EMSA1(SHA-224)" }, + { "2.16.840.1.101.3.4.3.10", "ECDSA/EMSA1(SHA-3(256))" }, + { "2.16.840.1.101.3.4.3.11", "ECDSA/EMSA1(SHA-3(384))" }, + { "2.16.840.1.101.3.4.3.12", "ECDSA/EMSA1(SHA-3(512))" }, + { "2.16.840.1.101.3.4.3.13", "RSA/EMSA3(SHA-3(224))" }, + { "2.16.840.1.101.3.4.3.14", "RSA/EMSA3(SHA-3(256))" }, + { "2.16.840.1.101.3.4.3.15", "RSA/EMSA3(SHA-3(384))" }, + { "2.16.840.1.101.3.4.3.16", "RSA/EMSA3(SHA-3(512))" }, + { "2.16.840.1.101.3.4.3.2", "DSA/EMSA1(SHA-256)" }, + { "2.16.840.1.101.3.4.3.3", "DSA/EMSA1(SHA-384)" }, + { "2.16.840.1.101.3.4.3.4", "DSA/EMSA1(SHA-512)" }, + { "2.16.840.1.101.3.4.3.5", "DSA/EMSA1(SHA-3(224))" }, + { "2.16.840.1.101.3.4.3.6", "DSA/EMSA1(SHA-3(256))" }, + { "2.16.840.1.101.3.4.3.7", "DSA/EMSA1(SHA-3(384))" }, + { "2.16.840.1.101.3.4.3.8", "DSA/EMSA1(SHA-3(512))" }, + { "2.16.840.1.101.3.4.3.9", "ECDSA/EMSA1(SHA-3(224))" }, + { "2.5.29.14", "X509v3.SubjectKeyIdentifier" }, + { "2.5.29.15", "X509v3.KeyUsage" }, + { "2.5.29.17", "X509v3.SubjectAlternativeName" }, + { "2.5.29.18", "X509v3.IssuerAlternativeName" }, + { "2.5.29.19", "X509v3.BasicConstraints" }, + { "2.5.29.20", "X509v3.CRLNumber" }, + { "2.5.29.21", "X509v3.ReasonCode" }, + { "2.5.29.23", "X509v3.HoldInstructionCode" }, + { "2.5.29.24", "X509v3.InvalidityDate" }, + { "2.5.29.28", "X509v3.CRLIssuingDistributionPoint" }, + { "2.5.29.30", "X509v3.NameConstraints" }, + { "2.5.29.31", "X509v3.CRLDistributionPoints" }, + { "2.5.29.32", "X509v3.CertificatePolicies" }, + { "2.5.29.32.0", "X509v3.AnyPolicy" }, + { "2.5.29.35", "X509v3.AuthorityKeyIdentifier" }, + { "2.5.29.36", "X509v3.PolicyConstraints" }, + { "2.5.29.37", "X509v3.ExtendedKeyUsage" }, + { "2.5.4.10", "X520.Organization" }, + { "2.5.4.11", "X520.OrganizationalUnit" }, + { "2.5.4.12", "X520.Title" }, + { "2.5.4.3", "X520.CommonName" }, + { "2.5.4.4", "X520.Surname" }, + { "2.5.4.42", "X520.GivenName" }, + { "2.5.4.43", "X520.Initials" }, + { "2.5.4.44", "X520.GenerationalQualifier" }, + { "2.5.4.46", "X520.DNQualifier" }, + { "2.5.4.5", "X520.SerialNumber" }, + { "2.5.4.6", "X520.Country" }, + { "2.5.4.65", "X520.Pseudonym" }, + { "2.5.4.7", "X520.Locality" }, + { "2.5.4.8", "X520.State" }, + { "2.5.8.1.1", "RSA" } + }; + } + +std::unordered_map OIDS::load_str2oid_map() + { + return std::unordered_map{ + { "AES-128/CBC", OID("2.16.840.1.101.3.4.1.2") }, + { "AES-128/CCM", OID("2.16.840.1.101.3.4.1.7") }, + { "AES-128/GCM", OID("2.16.840.1.101.3.4.1.6") }, + { "AES-128/OCB", OID("1.3.6.1.4.1.25258.3.2.1") }, + { "AES-192/CBC", OID("2.16.840.1.101.3.4.1.22") }, + { "AES-192/CCM", OID("2.16.840.1.101.3.4.1.27") }, + { "AES-192/GCM", OID("2.16.840.1.101.3.4.1.26") }, + { "AES-192/OCB", OID("1.3.6.1.4.1.25258.3.2.2") }, + { "AES-256/CBC", OID("2.16.840.1.101.3.4.1.42") }, + { "AES-256/CCM", OID("2.16.840.1.101.3.4.1.47") }, + { "AES-256/GCM", OID("2.16.840.1.101.3.4.1.46") }, + { "AES-256/OCB", OID("1.3.6.1.4.1.25258.3.2.3") }, + { "CAST-128/CBC", OID("1.2.840.113533.7.66.10") }, + { "Compression.Zlib", OID("1.2.840.113549.1.9.16.3.8") }, + { "Curve25519", OID("1.3.101.110") }, + { "DES/CBC", OID("1.3.14.3.2.7") }, + { "DH", OID("1.2.840.10046.2.1") }, + { "DSA", OID("1.2.840.10040.4.1") }, + { "DSA/EMSA1(SHA-160)", OID("1.2.840.10040.4.3") }, + { "DSA/EMSA1(SHA-224)", OID("2.16.840.1.101.3.4.3.1") }, + { "DSA/EMSA1(SHA-256)", OID("2.16.840.1.101.3.4.3.2") }, + { "DSA/EMSA1(SHA-3(224))", OID("2.16.840.1.101.3.4.3.5") }, + { "DSA/EMSA1(SHA-3(256))", OID("2.16.840.1.101.3.4.3.6") }, + { "DSA/EMSA1(SHA-3(384))", OID("2.16.840.1.101.3.4.3.7") }, + { "DSA/EMSA1(SHA-3(512))", OID("2.16.840.1.101.3.4.3.8") }, + { "DSA/EMSA1(SHA-384)", OID("2.16.840.1.101.3.4.3.3") }, + { "DSA/EMSA1(SHA-512)", OID("2.16.840.1.101.3.4.3.4") }, + { "ECDH", OID("1.3.132.1.12") }, + { "ECDSA", OID("1.2.840.10045.2.1") }, + { "ECDSA/EMSA1(SHA-160)", OID("1.2.840.10045.4.1") }, + { "ECDSA/EMSA1(SHA-224)", OID("1.2.840.10045.4.3.1") }, + { "ECDSA/EMSA1(SHA-256)", OID("1.2.840.10045.4.3.2") }, + { "ECDSA/EMSA1(SHA-3(224))", OID("2.16.840.1.101.3.4.3.9") }, + { "ECDSA/EMSA1(SHA-3(256))", OID("2.16.840.1.101.3.4.3.10") }, + { "ECDSA/EMSA1(SHA-3(384))", OID("2.16.840.1.101.3.4.3.11") }, + { "ECDSA/EMSA1(SHA-3(512))", OID("2.16.840.1.101.3.4.3.12") }, + { "ECDSA/EMSA1(SHA-384)", OID("1.2.840.10045.4.3.3") }, + { "ECDSA/EMSA1(SHA-512)", OID("1.2.840.10045.4.3.4") }, + { "ECGDSA", OID("1.3.36.3.3.2.5.2.1") }, + { "ECGDSA/EMSA1(RIPEMD-160)", OID("1.3.36.3.3.2.5.4.1") }, + { "ECGDSA/EMSA1(SHA-160)", OID("1.3.36.3.3.2.5.4.2") }, + { "ECGDSA/EMSA1(SHA-224)", OID("1.3.36.3.3.2.5.4.3") }, + { "ECGDSA/EMSA1(SHA-256)", OID("1.3.36.3.3.2.5.4.4") }, + { "ECGDSA/EMSA1(SHA-384)", OID("1.3.36.3.3.2.5.4.5") }, + { "ECGDSA/EMSA1(SHA-512)", OID("1.3.36.3.3.2.5.4.6") }, + { "ECKCDSA", OID("1.0.14888.3.0.5") }, + { "ECKCDSA/EMSA1(SHA-1)", OID("1.2.410.200004.1.100.4.3") }, + { "ECKCDSA/EMSA1(SHA-224)", OID("1.2.410.200004.1.100.4.4") }, + { "ECKCDSA/EMSA1(SHA-256)", OID("1.2.410.200004.1.100.4.5") }, + { "Ed25519", OID("1.3.101.112") }, + { "ElGamal", OID("1.3.6.1.4.1.3029.1.2.1") }, + { "GOST-34.10", OID("1.2.643.2.2.19") }, + { "GOST-34.10/EMSA1(GOST-R-34.11-94)", OID("1.2.643.2.2.3") }, + { "GOST-34.10/EMSA1(SHA-256)", OID("1.3.6.1.4.1.25258.1.6.1") }, + { "HMAC(SHA-160)", OID("1.2.840.113549.2.7") }, + { "HMAC(SHA-224)", OID("1.2.840.113549.2.8") }, + { "HMAC(SHA-256)", OID("1.2.840.113549.2.9") }, + { "HMAC(SHA-384)", OID("1.2.840.113549.2.10") }, + { "HMAC(SHA-512)", OID("1.2.840.113549.2.11") }, + { "KeyWrap.AES-128", OID("2.16.840.1.101.3.4.1.5") }, + { "KeyWrap.AES-192", OID("2.16.840.1.101.3.4.1.25") }, + { "KeyWrap.AES-256", OID("2.16.840.1.101.3.4.1.45") }, + { "KeyWrap.CAST-128", OID("1.2.840.113533.7.66.15") }, + { "KeyWrap.RC2", OID("1.2.840.113549.1.9.16.3.7") }, + { "KeyWrap.TripleDES", OID("1.2.840.113549.1.9.16.3.6") }, + { "MD5", OID("1.2.840.113549.2.5") }, + { "MGF1", OID("1.2.840.113549.1.1.8") }, + { "McEliece", OID("1.3.6.1.4.1.25258.1.3") }, + { "Microsoft SmartcardLogon", OID("1.3.6.1.4.1.311.20.2.2") }, + { "PBE-PKCS5v20", OID("1.2.840.113549.1.5.13") }, + { "PKCS5.PBKDF2", OID("1.2.840.113549.1.5.12") }, + { "PKCS9.ChallengePassword", OID("1.2.840.113549.1.9.7") }, + { "PKCS9.ContentType", OID("1.2.840.113549.1.9.3") }, + { "PKCS9.EmailAddress", OID("1.2.840.113549.1.9.1") }, + { "PKCS9.ExtensionRequest", OID("1.2.840.113549.1.9.14") }, + { "PKCS9.MessageDigest", OID("1.2.840.113549.1.9.4") }, + { "PKCS9.UnstructuredName", OID("1.2.840.113549.1.9.2") }, + { "PKIX.AuthorityInformationAccess", OID("1.3.6.1.5.5.7.1.1") }, + { "PKIX.CertificateAuthorityIssuers", OID("1.3.6.1.5.5.7.48.2") }, + { "PKIX.ClientAuth", OID("1.3.6.1.5.5.7.3.2") }, + { "PKIX.CodeSigning", OID("1.3.6.1.5.5.7.3.3") }, + { "PKIX.EmailProtection", OID("1.3.6.1.5.5.7.3.4") }, + { "PKIX.IPsecEndSystem", OID("1.3.6.1.5.5.7.3.5") }, + { "PKIX.IPsecTunnel", OID("1.3.6.1.5.5.7.3.6") }, + { "PKIX.IPsecUser", OID("1.3.6.1.5.5.7.3.7") }, + { "PKIX.OCSP", OID("1.3.6.1.5.5.7.48.1") }, + { "PKIX.OCSP.BasicResponse", OID("1.3.6.1.5.5.7.48.1.1") }, + { "PKIX.OCSPSigning", OID("1.3.6.1.5.5.7.3.9") }, + { "PKIX.ServerAuth", OID("1.3.6.1.5.5.7.3.1") }, + { "PKIX.TimeStamping", OID("1.3.6.1.5.5.7.3.8") }, + { "PKIX.XMPPAddr", OID("1.3.6.1.5.5.7.8.5") }, + { "RC2/CBC", OID("1.2.840.113549.3.2") }, + { "RIPEMD-160", OID("1.3.36.3.2.1") }, + { "RSA", OID("1.2.840.113549.1.1.1") }, + { "RSA/EMSA3(MD5)", OID("1.2.840.113549.1.1.4") }, + { "RSA/EMSA3(RIPEMD-160)", OID("1.3.36.3.3.1.2") }, + { "RSA/EMSA3(SHA-160)", OID("1.2.840.113549.1.1.5") }, + { "RSA/EMSA3(SHA-224)", OID("1.2.840.113549.1.1.14") }, + { "RSA/EMSA3(SHA-256)", OID("1.2.840.113549.1.1.11") }, + { "RSA/EMSA3(SHA-3(224))", OID("2.16.840.1.101.3.4.3.13") }, + { "RSA/EMSA3(SHA-3(256))", OID("2.16.840.1.101.3.4.3.14") }, + { "RSA/EMSA3(SHA-3(384))", OID("2.16.840.1.101.3.4.3.15") }, + { "RSA/EMSA3(SHA-3(512))", OID("2.16.840.1.101.3.4.3.16") }, + { "RSA/EMSA3(SHA-384)", OID("1.2.840.113549.1.1.12") }, + { "RSA/EMSA3(SHA-512)", OID("1.2.840.113549.1.1.13") }, + { "RSA/EMSA3(SHA-512-256)", OID("1.2.840.113549.1.1.16") }, + { "RSA/EMSA3(SM3)", OID("1.2.156.10197.1.504") }, + { "RSA/EMSA4", OID("1.2.840.113549.1.1.10") }, + { "RSA/OAEP", OID("1.2.840.113549.1.1.7") }, + { "SEED/CBC", OID("1.2.410.200004.1.4") }, + { "SHA-160", OID("1.3.14.3.2.26") }, + { "SHA-224", OID("2.16.840.1.101.3.4.2.4") }, + { "SHA-256", OID("2.16.840.1.101.3.4.2.1") }, + { "SHA-3(224)", OID("2.16.840.1.101.3.4.2.7") }, + { "SHA-3(256)", OID("2.16.840.1.101.3.4.2.8") }, + { "SHA-3(384)", OID("2.16.840.1.101.3.4.2.9") }, + { "SHA-3(512)", OID("2.16.840.1.101.3.4.2.10") }, + { "SHA-384", OID("2.16.840.1.101.3.4.2.2") }, + { "SHA-512", OID("2.16.840.1.101.3.4.2.3") }, + { "SHA-512-256", OID("2.16.840.1.101.3.4.2.6") }, + { "SHAKE-128", OID("2.16.840.1.101.3.4.2.11") }, + { "SHAKE-256", OID("2.16.840.1.101.3.4.2.12") }, + { "SM2_Enc", OID("1.2.156.10197.1.301.3") }, + { "SM2_Kex", OID("1.2.156.10197.1.301.2") }, + { "SM2_Sig", OID("1.2.156.10197.1.301.1") }, + { "SM3", OID("1.2.156.10197.1.401") }, + { "Serpent/CBC", OID("1.3.6.1.4.1.25258.3.1") }, + { "Serpent/GCM", OID("1.3.6.1.4.1.25258.3.101") }, + { "Serpent/OCB", OID("1.3.6.1.4.1.25258.3.2.4") }, + { "Streebog-256", OID("1.2.643.7.1.1.2.2") }, + { "Streebog-512", OID("1.2.643.7.1.1.2.3") }, + { "Threefish-512/CBC", OID("1.3.6.1.4.1.25258.3.2") }, + { "Tiger(24,3)", OID("1.3.6.1.4.1.11591.12.2") }, + { "TripleDES/CBC", OID("1.2.840.113549.3.7") }, + { "Twofish/CBC", OID("1.3.6.1.4.1.25258.3.3") }, + { "Twofish/GCM", OID("1.3.6.1.4.1.25258.3.102") }, + { "Twofish/OCB", OID("1.3.6.1.4.1.25258.3.2.5") }, + { "X509v3.AnyPolicy", OID("2.5.29.32.0") }, + { "X509v3.AuthorityKeyIdentifier", OID("2.5.29.35") }, + { "X509v3.BasicConstraints", OID("2.5.29.19") }, + { "X509v3.CRLDistributionPoints", OID("2.5.29.31") }, + { "X509v3.CRLIssuingDistributionPoint", OID("2.5.29.28") }, + { "X509v3.CRLNumber", OID("2.5.29.20") }, + { "X509v3.CertificatePolicies", OID("2.5.29.32") }, + { "X509v3.ExtendedKeyUsage", OID("2.5.29.37") }, + { "X509v3.HoldInstructionCode", OID("2.5.29.23") }, + { "X509v3.InvalidityDate", OID("2.5.29.24") }, + { "X509v3.IssuerAlternativeName", OID("2.5.29.18") }, + { "X509v3.KeyUsage", OID("2.5.29.15") }, + { "X509v3.NameConstraints", OID("2.5.29.30") }, + { "X509v3.PolicyConstraints", OID("2.5.29.36") }, + { "X509v3.ReasonCode", OID("2.5.29.21") }, + { "X509v3.SubjectAlternativeName", OID("2.5.29.17") }, + { "X509v3.SubjectKeyIdentifier", OID("2.5.29.14") }, + { "X520.CommonName", OID("2.5.4.3") }, + { "X520.Country", OID("2.5.4.6") }, + { "X520.DNQualifier", OID("2.5.4.46") }, + { "X520.GenerationalQualifier", OID("2.5.4.44") }, + { "X520.GivenName", OID("2.5.4.42") }, + { "X520.Initials", OID("2.5.4.43") }, + { "X520.Locality", OID("2.5.4.7") }, + { "X520.Organization", OID("2.5.4.10") }, + { "X520.OrganizationalUnit", OID("2.5.4.11") }, + { "X520.Pseudonym", OID("2.5.4.65") }, + { "X520.SerialNumber", OID("2.5.4.5") }, + { "X520.State", OID("2.5.4.8") }, + { "X520.Surname", OID("2.5.4.4") }, + { "X520.Title", OID("2.5.4.12") }, + { "XMSS", OID("1.3.6.1.4.1.25258.1.5") }, + { "brainpool160r1", OID("1.3.36.3.3.2.8.1.1.1") }, + { "brainpool192r1", OID("1.3.36.3.3.2.8.1.1.3") }, + { "brainpool224r1", OID("1.3.36.3.3.2.8.1.1.5") }, + { "brainpool256r1", OID("1.3.36.3.3.2.8.1.1.7") }, + { "brainpool320r1", OID("1.3.36.3.3.2.8.1.1.9") }, + { "brainpool384r1", OID("1.3.36.3.3.2.8.1.1.11") }, + { "brainpool512r1", OID("1.3.36.3.3.2.8.1.1.13") }, + { "frp256v1", OID("1.2.250.1.223.101.256.1") }, + { "gost_256A", OID("1.2.643.2.2.35.1") }, + { "secp160k1", OID("1.3.132.0.9") }, + { "secp160r1", OID("1.3.132.0.8") }, + { "secp160r2", OID("1.3.132.0.30") }, + { "secp192k1", OID("1.3.132.0.31") }, + { "secp192r1", OID("1.2.840.10045.3.1.1") }, + { "secp224k1", OID("1.3.132.0.32") }, + { "secp224r1", OID("1.3.132.0.33") }, + { "secp256k1", OID("1.3.132.0.10") }, + { "secp256r1", OID("1.2.840.10045.3.1.7") }, + { "secp384r1", OID("1.3.132.0.34") }, + { "secp521r1", OID("1.3.132.0.35") }, + { "sm2p256v1", OID("1.2.156.10197.1.301") }, + { "x962_p192v2", OID("1.2.840.10045.3.1.2") }, + { "x962_p192v3", OID("1.2.840.10045.3.1.3") }, + { "x962_p239v1", OID("1.2.840.10045.3.1.4") }, + { "x962_p239v2", OID("1.2.840.10045.3.1.5") }, + { "x962_p239v3", OID("1.2.840.10045.3.1.6") } + }; + } + +} + diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index b60ec24d29..47d1c1c4ba 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -1,435 +1,139 @@ /* -* OID maps -* -* This file was automatically generated by ./src/scripts/oids.py on 2018-01-03 -* -* All manual edits to this file will be lost. Edit the script -* then regenerate this source file. +* OID Registry +* (C) 1999-2008,2013 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include +#include namespace Botan { namespace OIDS { -std::string lookup(const OID& oid) +namespace { + +class OID_Map { - const std::string oid_str = oid.as_string(); - if(oid_str == "1.0.14888.3.0.5") return "ECKCDSA"; - if(oid_str == "1.2.156.10197.1.301") return "sm2p256v1"; - if(oid_str == "1.2.156.10197.1.301.1") return "SM2_Sig"; - if(oid_str == "1.2.156.10197.1.301.2") return "SM2_Kex"; - if(oid_str == "1.2.156.10197.1.301.3") return "SM2_Enc"; - if(oid_str == "1.2.156.10197.1.401") return "SM3"; - if(oid_str == "1.2.156.10197.1.504") return "RSA/EMSA3(SM3)"; - if(oid_str == "1.2.250.1.223.101.256.1") return "frp256v1"; - if(oid_str == "1.2.410.200004.1.100.4.3") return "ECKCDSA/EMSA1(SHA-1)"; - if(oid_str == "1.2.410.200004.1.100.4.4") return "ECKCDSA/EMSA1(SHA-224)"; - if(oid_str == "1.2.410.200004.1.100.4.5") return "ECKCDSA/EMSA1(SHA-256)"; - if(oid_str == "1.2.410.200004.1.4") return "SEED/CBC"; - if(oid_str == "1.2.643.2.2.19") return "GOST-34.10"; - if(oid_str == "1.2.643.2.2.3") return "GOST-34.10/EMSA1(GOST-R-34.11-94)"; - if(oid_str == "1.2.643.2.2.35.1") return "gost_256A"; - if(oid_str == "1.2.643.2.2.36.0") return "gost_256A"; - if(oid_str == "1.2.643.7.1.1.2.2") return "Streebog-256"; - if(oid_str == "1.2.643.7.1.1.2.3") return "Streebog-512"; - if(oid_str == "1.2.840.10040.4.1") return "DSA"; - if(oid_str == "1.2.840.10040.4.3") return "DSA/EMSA1(SHA-160)"; - if(oid_str == "1.2.840.10045.2.1") return "ECDSA"; - if(oid_str == "1.2.840.10045.3.1.1") return "secp192r1"; - if(oid_str == "1.2.840.10045.3.1.2") return "x962_p192v2"; - if(oid_str == "1.2.840.10045.3.1.3") return "x962_p192v3"; - if(oid_str == "1.2.840.10045.3.1.4") return "x962_p239v1"; - if(oid_str == "1.2.840.10045.3.1.5") return "x962_p239v2"; - if(oid_str == "1.2.840.10045.3.1.6") return "x962_p239v3"; - if(oid_str == "1.2.840.10045.3.1.7") return "secp256r1"; - if(oid_str == "1.2.840.10045.4.1") return "ECDSA/EMSA1(SHA-160)"; - if(oid_str == "1.2.840.10045.4.3.1") return "ECDSA/EMSA1(SHA-224)"; - if(oid_str == "1.2.840.10045.4.3.2") return "ECDSA/EMSA1(SHA-256)"; - if(oid_str == "1.2.840.10045.4.3.3") return "ECDSA/EMSA1(SHA-384)"; - if(oid_str == "1.2.840.10045.4.3.4") return "ECDSA/EMSA1(SHA-512)"; - if(oid_str == "1.2.840.10046.2.1") return "DH"; - if(oid_str == "1.2.840.113533.7.66.10") return "CAST-128/CBC"; - if(oid_str == "1.2.840.113533.7.66.15") return "KeyWrap.CAST-128"; - if(oid_str == "1.2.840.113549.1.1.1") return "RSA"; - if(oid_str == "1.2.840.113549.1.1.10") return "RSA/EMSA4"; - if(oid_str == "1.2.840.113549.1.1.11") return "RSA/EMSA3(SHA-256)"; - if(oid_str == "1.2.840.113549.1.1.12") return "RSA/EMSA3(SHA-384)"; - if(oid_str == "1.2.840.113549.1.1.13") return "RSA/EMSA3(SHA-512)"; - if(oid_str == "1.2.840.113549.1.1.14") return "RSA/EMSA3(SHA-224)"; - if(oid_str == "1.2.840.113549.1.1.16") return "RSA/EMSA3(SHA-512-256)"; - if(oid_str == "1.2.840.113549.1.1.4") return "RSA/EMSA3(MD5)"; - if(oid_str == "1.2.840.113549.1.1.5") return "RSA/EMSA3(SHA-160)"; - if(oid_str == "1.2.840.113549.1.1.7") return "RSA/OAEP"; - if(oid_str == "1.2.840.113549.1.1.8") return "MGF1"; - if(oid_str == "1.2.840.113549.1.5.12") return "PKCS5.PBKDF2"; - if(oid_str == "1.2.840.113549.1.5.13") return "PBE-PKCS5v20"; - if(oid_str == "1.2.840.113549.1.9.1") return "PKCS9.EmailAddress"; - if(oid_str == "1.2.840.113549.1.9.14") return "PKCS9.ExtensionRequest"; - if(oid_str == "1.2.840.113549.1.9.16.3.6") return "KeyWrap.TripleDES"; - if(oid_str == "1.2.840.113549.1.9.16.3.7") return "KeyWrap.RC2"; - if(oid_str == "1.2.840.113549.1.9.16.3.8") return "Compression.Zlib"; - if(oid_str == "1.2.840.113549.1.9.2") return "PKCS9.UnstructuredName"; - if(oid_str == "1.2.840.113549.1.9.3") return "PKCS9.ContentType"; - if(oid_str == "1.2.840.113549.1.9.4") return "PKCS9.MessageDigest"; - if(oid_str == "1.2.840.113549.1.9.7") return "PKCS9.ChallengePassword"; - if(oid_str == "1.2.840.113549.2.10") return "HMAC(SHA-384)"; - if(oid_str == "1.2.840.113549.2.11") return "HMAC(SHA-512)"; - if(oid_str == "1.2.840.113549.2.5") return "MD5"; - if(oid_str == "1.2.840.113549.2.7") return "HMAC(SHA-160)"; - if(oid_str == "1.2.840.113549.2.8") return "HMAC(SHA-224)"; - if(oid_str == "1.2.840.113549.2.9") return "HMAC(SHA-256)"; - if(oid_str == "1.2.840.113549.3.2") return "RC2/CBC"; - if(oid_str == "1.2.840.113549.3.7") return "TripleDES/CBC"; - if(oid_str == "1.3.101.110") return "Curve25519"; - if(oid_str == "1.3.101.112") return "Ed25519"; - if(oid_str == "1.3.132.0.10") return "secp256k1"; - if(oid_str == "1.3.132.0.30") return "secp160r2"; - if(oid_str == "1.3.132.0.31") return "secp192k1"; - if(oid_str == "1.3.132.0.32") return "secp224k1"; - if(oid_str == "1.3.132.0.33") return "secp224r1"; - if(oid_str == "1.3.132.0.34") return "secp384r1"; - if(oid_str == "1.3.132.0.35") return "secp521r1"; - if(oid_str == "1.3.132.0.8") return "secp160r1"; - if(oid_str == "1.3.132.0.9") return "secp160k1"; - if(oid_str == "1.3.132.1.12") return "ECDH"; - if(oid_str == "1.3.14.3.2.26") return "SHA-160"; - if(oid_str == "1.3.14.3.2.7") return "DES/CBC"; - if(oid_str == "1.3.36.3.2.1") return "RIPEMD-160"; - if(oid_str == "1.3.36.3.3.1.2") return "RSA/EMSA3(RIPEMD-160)"; - if(oid_str == "1.3.36.3.3.2.5.2.1") return "ECGDSA"; - if(oid_str == "1.3.36.3.3.2.5.4.1") return "ECGDSA/EMSA1(RIPEMD-160)"; - if(oid_str == "1.3.36.3.3.2.5.4.2") return "ECGDSA/EMSA1(SHA-160)"; - if(oid_str == "1.3.36.3.3.2.5.4.3") return "ECGDSA/EMSA1(SHA-224)"; - if(oid_str == "1.3.36.3.3.2.5.4.4") return "ECGDSA/EMSA1(SHA-256)"; - if(oid_str == "1.3.36.3.3.2.5.4.5") return "ECGDSA/EMSA1(SHA-384)"; - if(oid_str == "1.3.36.3.3.2.5.4.6") return "ECGDSA/EMSA1(SHA-512)"; - if(oid_str == "1.3.36.3.3.2.8.1.1.1") return "brainpool160r1"; - if(oid_str == "1.3.36.3.3.2.8.1.1.11") return "brainpool384r1"; - if(oid_str == "1.3.36.3.3.2.8.1.1.13") return "brainpool512r1"; - if(oid_str == "1.3.36.3.3.2.8.1.1.3") return "brainpool192r1"; - if(oid_str == "1.3.36.3.3.2.8.1.1.5") return "brainpool224r1"; - if(oid_str == "1.3.36.3.3.2.8.1.1.7") return "brainpool256r1"; - if(oid_str == "1.3.36.3.3.2.8.1.1.9") return "brainpool320r1"; - if(oid_str == "1.3.6.1.4.1.11591.12.2") return "Tiger(24,3)"; - if(oid_str == "1.3.6.1.4.1.25258.1.3") return "McEliece"; - if(oid_str == "1.3.6.1.4.1.25258.1.5") return "XMSS"; - if(oid_str == "1.3.6.1.4.1.25258.1.6.1") return "GOST-34.10/EMSA1(SHA-256)"; - if(oid_str == "1.3.6.1.4.1.25258.3.1") return "Serpent/CBC"; - if(oid_str == "1.3.6.1.4.1.25258.3.101") return "Serpent/GCM"; - if(oid_str == "1.3.6.1.4.1.25258.3.102") return "Twofish/GCM"; - if(oid_str == "1.3.6.1.4.1.25258.3.2") return "Threefish-512/CBC"; - if(oid_str == "1.3.6.1.4.1.25258.3.2.1") return "AES-128/OCB"; - if(oid_str == "1.3.6.1.4.1.25258.3.2.2") return "AES-192/OCB"; - if(oid_str == "1.3.6.1.4.1.25258.3.2.3") return "AES-256/OCB"; - if(oid_str == "1.3.6.1.4.1.25258.3.2.4") return "Serpent/OCB"; - if(oid_str == "1.3.6.1.4.1.25258.3.2.5") return "Twofish/OCB"; - if(oid_str == "1.3.6.1.4.1.25258.3.3") return "Twofish/CBC"; - if(oid_str == "1.3.6.1.4.1.3029.1.2.1") return "ElGamal"; - if(oid_str == "1.3.6.1.4.1.311.20.2.2") return "Microsoft SmartcardLogon"; - if(oid_str == "1.3.6.1.4.1.8301.3.1.2.9.0.38") return "secp521r1"; - if(oid_str == "1.3.6.1.5.5.7.1.1") return "PKIX.AuthorityInformationAccess"; - if(oid_str == "1.3.6.1.5.5.7.3.1") return "PKIX.ServerAuth"; - if(oid_str == "1.3.6.1.5.5.7.3.2") return "PKIX.ClientAuth"; - if(oid_str == "1.3.6.1.5.5.7.3.3") return "PKIX.CodeSigning"; - if(oid_str == "1.3.6.1.5.5.7.3.4") return "PKIX.EmailProtection"; - if(oid_str == "1.3.6.1.5.5.7.3.5") return "PKIX.IPsecEndSystem"; - if(oid_str == "1.3.6.1.5.5.7.3.6") return "PKIX.IPsecTunnel"; - if(oid_str == "1.3.6.1.5.5.7.3.7") return "PKIX.IPsecUser"; - if(oid_str == "1.3.6.1.5.5.7.3.8") return "PKIX.TimeStamping"; - if(oid_str == "1.3.6.1.5.5.7.3.9") return "PKIX.OCSPSigning"; - if(oid_str == "1.3.6.1.5.5.7.48.1") return "PKIX.OCSP"; - if(oid_str == "1.3.6.1.5.5.7.48.1.1") return "PKIX.OCSP.BasicResponse"; - if(oid_str == "1.3.6.1.5.5.7.48.2") return "PKIX.CertificateAuthorityIssuers"; - if(oid_str == "1.3.6.1.5.5.7.8.5") return "PKIX.XMPPAddr"; - if(oid_str == "2.16.840.1.101.3.4.1.2") return "AES-128/CBC"; - if(oid_str == "2.16.840.1.101.3.4.1.22") return "AES-192/CBC"; - if(oid_str == "2.16.840.1.101.3.4.1.25") return "KeyWrap.AES-192"; - if(oid_str == "2.16.840.1.101.3.4.1.26") return "AES-192/GCM"; - if(oid_str == "2.16.840.1.101.3.4.1.27") return "AES-192/CCM"; - if(oid_str == "2.16.840.1.101.3.4.1.42") return "AES-256/CBC"; - if(oid_str == "2.16.840.1.101.3.4.1.45") return "KeyWrap.AES-256"; - if(oid_str == "2.16.840.1.101.3.4.1.46") return "AES-256/GCM"; - if(oid_str == "2.16.840.1.101.3.4.1.47") return "AES-256/CCM"; - if(oid_str == "2.16.840.1.101.3.4.1.5") return "KeyWrap.AES-128"; - if(oid_str == "2.16.840.1.101.3.4.1.6") return "AES-128/GCM"; - if(oid_str == "2.16.840.1.101.3.4.1.7") return "AES-128/CCM"; - if(oid_str == "2.16.840.1.101.3.4.2.1") return "SHA-256"; - if(oid_str == "2.16.840.1.101.3.4.2.10") return "SHA-3(512)"; - if(oid_str == "2.16.840.1.101.3.4.2.11") return "SHAKE-128"; - if(oid_str == "2.16.840.1.101.3.4.2.12") return "SHAKE-256"; - if(oid_str == "2.16.840.1.101.3.4.2.2") return "SHA-384"; - if(oid_str == "2.16.840.1.101.3.4.2.3") return "SHA-512"; - if(oid_str == "2.16.840.1.101.3.4.2.4") return "SHA-224"; - if(oid_str == "2.16.840.1.101.3.4.2.6") return "SHA-512-256"; - if(oid_str == "2.16.840.1.101.3.4.2.7") return "SHA-3(224)"; - if(oid_str == "2.16.840.1.101.3.4.2.8") return "SHA-3(256)"; - if(oid_str == "2.16.840.1.101.3.4.2.9") return "SHA-3(384)"; - if(oid_str == "2.16.840.1.101.3.4.3.1") return "DSA/EMSA1(SHA-224)"; - if(oid_str == "2.16.840.1.101.3.4.3.10") return "ECDSA/EMSA1(SHA-3(256))"; - if(oid_str == "2.16.840.1.101.3.4.3.11") return "ECDSA/EMSA1(SHA-3(384))"; - if(oid_str == "2.16.840.1.101.3.4.3.12") return "ECDSA/EMSA1(SHA-3(512))"; - if(oid_str == "2.16.840.1.101.3.4.3.13") return "RSA/EMSA3(SHA-3(224))"; - if(oid_str == "2.16.840.1.101.3.4.3.14") return "RSA/EMSA3(SHA-3(256))"; - if(oid_str == "2.16.840.1.101.3.4.3.15") return "RSA/EMSA3(SHA-3(384))"; - if(oid_str == "2.16.840.1.101.3.4.3.16") return "RSA/EMSA3(SHA-3(512))"; - if(oid_str == "2.16.840.1.101.3.4.3.2") return "DSA/EMSA1(SHA-256)"; - if(oid_str == "2.16.840.1.101.3.4.3.3") return "DSA/EMSA1(SHA-384)"; - if(oid_str == "2.16.840.1.101.3.4.3.4") return "DSA/EMSA1(SHA-512)"; - if(oid_str == "2.16.840.1.101.3.4.3.5") return "DSA/EMSA1(SHA-3(224))"; - if(oid_str == "2.16.840.1.101.3.4.3.6") return "DSA/EMSA1(SHA-3(256))"; - if(oid_str == "2.16.840.1.101.3.4.3.7") return "DSA/EMSA1(SHA-3(384))"; - if(oid_str == "2.16.840.1.101.3.4.3.8") return "DSA/EMSA1(SHA-3(512))"; - if(oid_str == "2.16.840.1.101.3.4.3.9") return "ECDSA/EMSA1(SHA-3(224))"; - if(oid_str == "2.5.29.14") return "X509v3.SubjectKeyIdentifier"; - if(oid_str == "2.5.29.15") return "X509v3.KeyUsage"; - if(oid_str == "2.5.29.17") return "X509v3.SubjectAlternativeName"; - if(oid_str == "2.5.29.18") return "X509v3.IssuerAlternativeName"; - if(oid_str == "2.5.29.19") return "X509v3.BasicConstraints"; - if(oid_str == "2.5.29.20") return "X509v3.CRLNumber"; - if(oid_str == "2.5.29.21") return "X509v3.ReasonCode"; - if(oid_str == "2.5.29.23") return "X509v3.HoldInstructionCode"; - if(oid_str == "2.5.29.24") return "X509v3.InvalidityDate"; - if(oid_str == "2.5.29.28") return "X509v3.CRLIssuingDistributionPoint"; - if(oid_str == "2.5.29.30") return "X509v3.NameConstraints"; - if(oid_str == "2.5.29.31") return "X509v3.CRLDistributionPoints"; - if(oid_str == "2.5.29.32") return "X509v3.CertificatePolicies"; - if(oid_str == "2.5.29.32.0") return "X509v3.AnyPolicy"; - if(oid_str == "2.5.29.35") return "X509v3.AuthorityKeyIdentifier"; - if(oid_str == "2.5.29.36") return "X509v3.PolicyConstraints"; - if(oid_str == "2.5.29.37") return "X509v3.ExtendedKeyUsage"; - if(oid_str == "2.5.4.10") return "X520.Organization"; - if(oid_str == "2.5.4.11") return "X520.OrganizationalUnit"; - if(oid_str == "2.5.4.12") return "X520.Title"; - if(oid_str == "2.5.4.3") return "X520.CommonName"; - if(oid_str == "2.5.4.4") return "X520.Surname"; - if(oid_str == "2.5.4.42") return "X520.GivenName"; - if(oid_str == "2.5.4.43") return "X520.Initials"; - if(oid_str == "2.5.4.44") return "X520.GenerationalQualifier"; - if(oid_str == "2.5.4.46") return "X520.DNQualifier"; - if(oid_str == "2.5.4.5") return "X520.SerialNumber"; - if(oid_str == "2.5.4.6") return "X520.Country"; - if(oid_str == "2.5.4.65") return "X520.Pseudonym"; - if(oid_str == "2.5.4.7") return "X520.Locality"; - if(oid_str == "2.5.4.8") return "X520.State"; - if(oid_str == "2.5.8.1.1") return "RSA"; + public: + void add_oid(const OID& oid, const std::string& str) + { + add_str2oid(oid, str); + add_oid2str(oid, str); + } + + void add_str2oid(const OID& oid, const std::string& str) + { + lock_guard_type lock(m_mutex); + auto i = m_str2oid.find(str); + if(i == m_str2oid.end()) + m_str2oid.insert(std::make_pair(str, oid.as_string())); + } + + void add_oid2str(const OID& oid, const std::string& str) + { + const std::string oid_str = oid.as_string(); + lock_guard_type lock(m_mutex); + auto i = m_oid2str.find(oid_str); + if(i == m_oid2str.end()) + m_oid2str.insert(std::make_pair(oid_str, str)); + } + + std::string lookup(const OID& oid) + { + lock_guard_type lock(m_mutex); + + auto i = m_oid2str.find(oid.as_string()); + if(i != m_oid2str.end()) + return i->second; #if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) return BOTAN_HOUSE_ECC_CURVE_NAME; + if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) return BOTAN_HOUSE_ECC_CURVE_NAME; #endif + return ""; + } + + OID lookup(const std::string& str) + { + lock_guard_type lock(m_mutex); + auto i = m_str2oid.find(str); + if(i != m_str2oid.end()) + return i->second; - return std::string(); +#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) + if(name == BOTAN_HOUSE_ECC_CURVE_NAME) return OID(BOTAN_HOUSE_ECC_CURVE_OID); +#endif + return OID(); + } + + bool have_oid(const std::string& str) + { + lock_guard_type lock(m_mutex); + return m_str2oid.find(str) != m_str2oid.end(); + } + + static OID_Map& global_registry() + { + static OID_Map g_map; + return g_map; + } + + private: + + OID_Map() + { + m_str2oid = load_str2oid_map(); + m_oid2str = load_oid2str_map(); + } + + mutex_type m_mutex; + std::unordered_map m_str2oid; + std::unordered_map m_oid2str; + }; + +} + +void add_oid(const OID& oid, const std::string& name) + { + OID_Map::global_registry().add_oid(oid, name); } -OID lookup(const std::string& name) +void add_oidstr(const char* oidstr, const char* name) { - if(name == "AES-128/CBC") return OID("2.16.840.1.101.3.4.1.2"); - if(name == "AES-128/CCM") return OID("2.16.840.1.101.3.4.1.7"); - if(name == "AES-128/GCM") return OID("2.16.840.1.101.3.4.1.6"); - if(name == "AES-128/OCB") return OID("1.3.6.1.4.1.25258.3.2.1"); - if(name == "AES-192/CBC") return OID("2.16.840.1.101.3.4.1.22"); - if(name == "AES-192/CCM") return OID("2.16.840.1.101.3.4.1.27"); - if(name == "AES-192/GCM") return OID("2.16.840.1.101.3.4.1.26"); - if(name == "AES-192/OCB") return OID("1.3.6.1.4.1.25258.3.2.2"); - if(name == "AES-256/CBC") return OID("2.16.840.1.101.3.4.1.42"); - if(name == "AES-256/CCM") return OID("2.16.840.1.101.3.4.1.47"); - if(name == "AES-256/GCM") return OID("2.16.840.1.101.3.4.1.46"); - if(name == "AES-256/OCB") return OID("1.3.6.1.4.1.25258.3.2.3"); - if(name == "CAST-128/CBC") return OID("1.2.840.113533.7.66.10"); - if(name == "Compression.Zlib") return OID("1.2.840.113549.1.9.16.3.8"); - if(name == "Curve25519") return OID("1.3.101.110"); - if(name == "DES/CBC") return OID("1.3.14.3.2.7"); - if(name == "DH") return OID("1.2.840.10046.2.1"); - if(name == "DSA") return OID("1.2.840.10040.4.1"); - if(name == "DSA/EMSA1(SHA-160)") return OID("1.2.840.10040.4.3"); - if(name == "DSA/EMSA1(SHA-224)") return OID("2.16.840.1.101.3.4.3.1"); - if(name == "DSA/EMSA1(SHA-256)") return OID("2.16.840.1.101.3.4.3.2"); - if(name == "DSA/EMSA1(SHA-3(224))") return OID("2.16.840.1.101.3.4.3.5"); - if(name == "DSA/EMSA1(SHA-3(256))") return OID("2.16.840.1.101.3.4.3.6"); - if(name == "DSA/EMSA1(SHA-3(384))") return OID("2.16.840.1.101.3.4.3.7"); - if(name == "DSA/EMSA1(SHA-3(512))") return OID("2.16.840.1.101.3.4.3.8"); - if(name == "DSA/EMSA1(SHA-384)") return OID("2.16.840.1.101.3.4.3.3"); - if(name == "DSA/EMSA1(SHA-512)") return OID("2.16.840.1.101.3.4.3.4"); - if(name == "ECDH") return OID("1.3.132.1.12"); - if(name == "ECDSA") return OID("1.2.840.10045.2.1"); - if(name == "ECDSA/EMSA1(SHA-160)") return OID("1.2.840.10045.4.1"); - if(name == "ECDSA/EMSA1(SHA-224)") return OID("1.2.840.10045.4.3.1"); - if(name == "ECDSA/EMSA1(SHA-256)") return OID("1.2.840.10045.4.3.2"); - if(name == "ECDSA/EMSA1(SHA-3(224))") return OID("2.16.840.1.101.3.4.3.9"); - if(name == "ECDSA/EMSA1(SHA-3(256))") return OID("2.16.840.1.101.3.4.3.10"); - if(name == "ECDSA/EMSA1(SHA-3(384))") return OID("2.16.840.1.101.3.4.3.11"); - if(name == "ECDSA/EMSA1(SHA-3(512))") return OID("2.16.840.1.101.3.4.3.12"); - if(name == "ECDSA/EMSA1(SHA-384)") return OID("1.2.840.10045.4.3.3"); - if(name == "ECDSA/EMSA1(SHA-512)") return OID("1.2.840.10045.4.3.4"); - if(name == "ECGDSA") return OID("1.3.36.3.3.2.5.2.1"); - if(name == "ECGDSA/EMSA1(RIPEMD-160)") return OID("1.3.36.3.3.2.5.4.1"); - if(name == "ECGDSA/EMSA1(SHA-160)") return OID("1.3.36.3.3.2.5.4.2"); - if(name == "ECGDSA/EMSA1(SHA-224)") return OID("1.3.36.3.3.2.5.4.3"); - if(name == "ECGDSA/EMSA1(SHA-256)") return OID("1.3.36.3.3.2.5.4.4"); - if(name == "ECGDSA/EMSA1(SHA-384)") return OID("1.3.36.3.3.2.5.4.5"); - if(name == "ECGDSA/EMSA1(SHA-512)") return OID("1.3.36.3.3.2.5.4.6"); - if(name == "ECKCDSA") return OID("1.0.14888.3.0.5"); - if(name == "ECKCDSA/EMSA1(SHA-1)") return OID("1.2.410.200004.1.100.4.3"); - if(name == "ECKCDSA/EMSA1(SHA-224)") return OID("1.2.410.200004.1.100.4.4"); - if(name == "ECKCDSA/EMSA1(SHA-256)") return OID("1.2.410.200004.1.100.4.5"); - if(name == "Ed25519") return OID("1.3.101.112"); - if(name == "ElGamal") return OID("1.3.6.1.4.1.3029.1.2.1"); - if(name == "GOST-34.10") return OID("1.2.643.2.2.19"); - if(name == "GOST-34.10/EMSA1(GOST-R-34.11-94)") return OID("1.2.643.2.2.3"); - if(name == "GOST-34.10/EMSA1(SHA-256)") return OID("1.3.6.1.4.1.25258.1.6.1"); - if(name == "HMAC(SHA-160)") return OID("1.2.840.113549.2.7"); - if(name == "HMAC(SHA-224)") return OID("1.2.840.113549.2.8"); - if(name == "HMAC(SHA-256)") return OID("1.2.840.113549.2.9"); - if(name == "HMAC(SHA-384)") return OID("1.2.840.113549.2.10"); - if(name == "HMAC(SHA-512)") return OID("1.2.840.113549.2.11"); - if(name == "KeyWrap.AES-128") return OID("2.16.840.1.101.3.4.1.5"); - if(name == "KeyWrap.AES-192") return OID("2.16.840.1.101.3.4.1.25"); - if(name == "KeyWrap.AES-256") return OID("2.16.840.1.101.3.4.1.45"); - if(name == "KeyWrap.CAST-128") return OID("1.2.840.113533.7.66.15"); - if(name == "KeyWrap.RC2") return OID("1.2.840.113549.1.9.16.3.7"); - if(name == "KeyWrap.TripleDES") return OID("1.2.840.113549.1.9.16.3.6"); - if(name == "MD5") return OID("1.2.840.113549.2.5"); - if(name == "MGF1") return OID("1.2.840.113549.1.1.8"); - if(name == "McEliece") return OID("1.3.6.1.4.1.25258.1.3"); - if(name == "Microsoft SmartcardLogon") return OID("1.3.6.1.4.1.311.20.2.2"); - if(name == "PBE-PKCS5v20") return OID("1.2.840.113549.1.5.13"); - if(name == "PKCS5.PBKDF2") return OID("1.2.840.113549.1.5.12"); - if(name == "PKCS9.ChallengePassword") return OID("1.2.840.113549.1.9.7"); - if(name == "PKCS9.ContentType") return OID("1.2.840.113549.1.9.3"); - if(name == "PKCS9.EmailAddress") return OID("1.2.840.113549.1.9.1"); - if(name == "PKCS9.ExtensionRequest") return OID("1.2.840.113549.1.9.14"); - if(name == "PKCS9.MessageDigest") return OID("1.2.840.113549.1.9.4"); - if(name == "PKCS9.UnstructuredName") return OID("1.2.840.113549.1.9.2"); - if(name == "PKIX.AuthorityInformationAccess") return OID("1.3.6.1.5.5.7.1.1"); - if(name == "PKIX.CertificateAuthorityIssuers") return OID("1.3.6.1.5.5.7.48.2"); - if(name == "PKIX.ClientAuth") return OID("1.3.6.1.5.5.7.3.2"); - if(name == "PKIX.CodeSigning") return OID("1.3.6.1.5.5.7.3.3"); - if(name == "PKIX.EmailProtection") return OID("1.3.6.1.5.5.7.3.4"); - if(name == "PKIX.IPsecEndSystem") return OID("1.3.6.1.5.5.7.3.5"); - if(name == "PKIX.IPsecTunnel") return OID("1.3.6.1.5.5.7.3.6"); - if(name == "PKIX.IPsecUser") return OID("1.3.6.1.5.5.7.3.7"); - if(name == "PKIX.OCSP") return OID("1.3.6.1.5.5.7.48.1"); - if(name == "PKIX.OCSP.BasicResponse") return OID("1.3.6.1.5.5.7.48.1.1"); - if(name == "PKIX.OCSPSigning") return OID("1.3.6.1.5.5.7.3.9"); - if(name == "PKIX.ServerAuth") return OID("1.3.6.1.5.5.7.3.1"); - if(name == "PKIX.TimeStamping") return OID("1.3.6.1.5.5.7.3.8"); - if(name == "PKIX.XMPPAddr") return OID("1.3.6.1.5.5.7.8.5"); - if(name == "RC2/CBC") return OID("1.2.840.113549.3.2"); - if(name == "RIPEMD-160") return OID("1.3.36.3.2.1"); - if(name == "RSA") return OID("1.2.840.113549.1.1.1"); - if(name == "RSA/EMSA3(MD5)") return OID("1.2.840.113549.1.1.4"); - if(name == "RSA/EMSA3(RIPEMD-160)") return OID("1.3.36.3.3.1.2"); - if(name == "RSA/EMSA3(SHA-160)") return OID("1.2.840.113549.1.1.5"); - if(name == "RSA/EMSA3(SHA-224)") return OID("1.2.840.113549.1.1.14"); - if(name == "RSA/EMSA3(SHA-256)") return OID("1.2.840.113549.1.1.11"); - if(name == "RSA/EMSA3(SHA-3(224))") return OID("2.16.840.1.101.3.4.3.13"); - if(name == "RSA/EMSA3(SHA-3(256))") return OID("2.16.840.1.101.3.4.3.14"); - if(name == "RSA/EMSA3(SHA-3(384))") return OID("2.16.840.1.101.3.4.3.15"); - if(name == "RSA/EMSA3(SHA-3(512))") return OID("2.16.840.1.101.3.4.3.16"); - if(name == "RSA/EMSA3(SHA-384)") return OID("1.2.840.113549.1.1.12"); - if(name == "RSA/EMSA3(SHA-512)") return OID("1.2.840.113549.1.1.13"); - if(name == "RSA/EMSA3(SHA-512-256)") return OID("1.2.840.113549.1.1.16"); - if(name == "RSA/EMSA3(SM3)") return OID("1.2.156.10197.1.504"); - if(name == "RSA/EMSA4") return OID("1.2.840.113549.1.1.10"); - if(name == "RSA/OAEP") return OID("1.2.840.113549.1.1.7"); - if(name == "SEED/CBC") return OID("1.2.410.200004.1.4"); - if(name == "SHA-160") return OID("1.3.14.3.2.26"); - if(name == "SHA-224") return OID("2.16.840.1.101.3.4.2.4"); - if(name == "SHA-256") return OID("2.16.840.1.101.3.4.2.1"); - if(name == "SHA-3(224)") return OID("2.16.840.1.101.3.4.2.7"); - if(name == "SHA-3(256)") return OID("2.16.840.1.101.3.4.2.8"); - if(name == "SHA-3(384)") return OID("2.16.840.1.101.3.4.2.9"); - if(name == "SHA-3(512)") return OID("2.16.840.1.101.3.4.2.10"); - if(name == "SHA-384") return OID("2.16.840.1.101.3.4.2.2"); - if(name == "SHA-512") return OID("2.16.840.1.101.3.4.2.3"); - if(name == "SHA-512-256") return OID("2.16.840.1.101.3.4.2.6"); - if(name == "SHAKE-128") return OID("2.16.840.1.101.3.4.2.11"); - if(name == "SHAKE-256") return OID("2.16.840.1.101.3.4.2.12"); - if(name == "SM2_Enc") return OID("1.2.156.10197.1.301.3"); - if(name == "SM2_Kex") return OID("1.2.156.10197.1.301.2"); - if(name == "SM2_Sig") return OID("1.2.156.10197.1.301.1"); - if(name == "SM3") return OID("1.2.156.10197.1.401"); - if(name == "Serpent/CBC") return OID("1.3.6.1.4.1.25258.3.1"); - if(name == "Serpent/GCM") return OID("1.3.6.1.4.1.25258.3.101"); - if(name == "Serpent/OCB") return OID("1.3.6.1.4.1.25258.3.2.4"); - if(name == "Streebog-256") return OID("1.2.643.7.1.1.2.2"); - if(name == "Streebog-512") return OID("1.2.643.7.1.1.2.3"); - if(name == "Threefish-512/CBC") return OID("1.3.6.1.4.1.25258.3.2"); - if(name == "Tiger(24,3)") return OID("1.3.6.1.4.1.11591.12.2"); - if(name == "TripleDES/CBC") return OID("1.2.840.113549.3.7"); - if(name == "Twofish/CBC") return OID("1.3.6.1.4.1.25258.3.3"); - if(name == "Twofish/GCM") return OID("1.3.6.1.4.1.25258.3.102"); - if(name == "Twofish/OCB") return OID("1.3.6.1.4.1.25258.3.2.5"); - if(name == "X509v3.AnyPolicy") return OID("2.5.29.32.0"); - if(name == "X509v3.AuthorityKeyIdentifier") return OID("2.5.29.35"); - if(name == "X509v3.BasicConstraints") return OID("2.5.29.19"); - if(name == "X509v3.CRLDistributionPoints") return OID("2.5.29.31"); - if(name == "X509v3.CRLIssuingDistributionPoint") return OID("2.5.29.28"); - if(name == "X509v3.CRLNumber") return OID("2.5.29.20"); - if(name == "X509v3.CertificatePolicies") return OID("2.5.29.32"); - if(name == "X509v3.ExtendedKeyUsage") return OID("2.5.29.37"); - if(name == "X509v3.HoldInstructionCode") return OID("2.5.29.23"); - if(name == "X509v3.InvalidityDate") return OID("2.5.29.24"); - if(name == "X509v3.IssuerAlternativeName") return OID("2.5.29.18"); - if(name == "X509v3.KeyUsage") return OID("2.5.29.15"); - if(name == "X509v3.NameConstraints") return OID("2.5.29.30"); - if(name == "X509v3.PolicyConstraints") return OID("2.5.29.36"); - if(name == "X509v3.ReasonCode") return OID("2.5.29.21"); - if(name == "X509v3.SubjectAlternativeName") return OID("2.5.29.17"); - if(name == "X509v3.SubjectKeyIdentifier") return OID("2.5.29.14"); - if(name == "X520.CommonName") return OID("2.5.4.3"); - if(name == "X520.Country") return OID("2.5.4.6"); - if(name == "X520.DNQualifier") return OID("2.5.4.46"); - if(name == "X520.GenerationalQualifier") return OID("2.5.4.44"); - if(name == "X520.GivenName") return OID("2.5.4.42"); - if(name == "X520.Initials") return OID("2.5.4.43"); - if(name == "X520.Locality") return OID("2.5.4.7"); - if(name == "X520.Organization") return OID("2.5.4.10"); - if(name == "X520.OrganizationalUnit") return OID("2.5.4.11"); - if(name == "X520.Pseudonym") return OID("2.5.4.65"); - if(name == "X520.SerialNumber") return OID("2.5.4.5"); - if(name == "X520.State") return OID("2.5.4.8"); - if(name == "X520.Surname") return OID("2.5.4.4"); - if(name == "X520.Title") return OID("2.5.4.12"); - if(name == "XMSS") return OID("1.3.6.1.4.1.25258.1.5"); - if(name == "brainpool160r1") return OID("1.3.36.3.3.2.8.1.1.1"); - if(name == "brainpool192r1") return OID("1.3.36.3.3.2.8.1.1.3"); - if(name == "brainpool224r1") return OID("1.3.36.3.3.2.8.1.1.5"); - if(name == "brainpool256r1") return OID("1.3.36.3.3.2.8.1.1.7"); - if(name == "brainpool320r1") return OID("1.3.36.3.3.2.8.1.1.9"); - if(name == "brainpool384r1") return OID("1.3.36.3.3.2.8.1.1.11"); - if(name == "brainpool512r1") return OID("1.3.36.3.3.2.8.1.1.13"); - if(name == "frp256v1") return OID("1.2.250.1.223.101.256.1"); - if(name == "gost_256A") return OID("1.2.643.2.2.35.1"); - if(name == "secp160k1") return OID("1.3.132.0.9"); - if(name == "secp160r1") return OID("1.3.132.0.8"); - if(name == "secp160r2") return OID("1.3.132.0.30"); - if(name == "secp192k1") return OID("1.3.132.0.31"); - if(name == "secp192r1") return OID("1.2.840.10045.3.1.1"); - if(name == "secp224k1") return OID("1.3.132.0.32"); - if(name == "secp224r1") return OID("1.3.132.0.33"); - if(name == "secp256k1") return OID("1.3.132.0.10"); - if(name == "secp256r1") return OID("1.2.840.10045.3.1.7"); - if(name == "secp384r1") return OID("1.3.132.0.34"); - if(name == "secp521r1") return OID("1.3.132.0.35"); - if(name == "sm2p256v1") return OID("1.2.156.10197.1.301"); - if(name == "x962_p192v2") return OID("1.2.840.10045.3.1.2"); - if(name == "x962_p192v3") return OID("1.2.840.10045.3.1.3"); - if(name == "x962_p239v1") return OID("1.2.840.10045.3.1.4"); - if(name == "x962_p239v2") return OID("1.2.840.10045.3.1.5"); - if(name == "x962_p239v3") return OID("1.2.840.10045.3.1.6"); + add_oid(OID(oidstr), name); + } -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(name == BOTAN_HOUSE_ECC_CURVE_NAME) return OID(BOTAN_HOUSE_ECC_CURVE_OID); -#endif +void add_oid2str(const OID& oid, const std::string& name) + { + OID_Map::global_registry().add_oid2str(oid, name); + } - return OID(); +void add_str2oid(const OID& oid, const std::string& name) + { + OID_Map::global_registry().add_str2oid(oid, name); } -} +std::string lookup(const OID& oid) + { + return OID_Map::global_registry().lookup(oid); + } + +OID lookup(const std::string& name) + { + return OID_Map::global_registry().lookup(name); + } + +bool have_oid(const std::string& name) + { + return OID_Map::global_registry().have_oid(name); + } + +bool name_of(const OID& oid, const std::string& name) + { + return (oid == lookup(name)); + } } +} \ No newline at end of file diff --git a/src/lib/asn1/oids.h b/src/lib/asn1/oids.h index 5b175e9a5c..7b87b5eafe 100644 --- a/src/lib/asn1/oids.h +++ b/src/lib/asn1/oids.h @@ -9,11 +9,27 @@ #define BOTAN_OIDS_H_ #include +#include namespace Botan { namespace OIDS { +/** +* Register an OID to string mapping. +* @param oid the oid to register +* @param name the name to be associated with the oid +*/ +BOTAN_UNSTABLE_API void add_oid(const OID& oid, const std::string& name); + +BOTAN_UNSTABLE_API void add_oid2str(const OID& oid, const std::string& name); +BOTAN_UNSTABLE_API void add_str2oid(const OID& oid, const std::string& name); + +BOTAN_UNSTABLE_API void add_oidstr(const char* oidstr, const char* name); + +std::unordered_map load_oid2str_map(); +std::unordered_map load_str2oid_map(); + /** * Resolve an OID * @param oid the OID to look up @@ -44,11 +60,15 @@ inline OID str2oid(const std::string& name) * @param oid the oid to check for * @return true if the oid is registered */ -inline bool have_oid(const std::string& oid) - { - return (lookup(oid).empty() == false); - } +BOTAN_UNSTABLE_API bool have_oid(const std::string& oid); +/** +* Tests whether the specified OID stands for the specified name. +* @param oid the OID to check +* @param name the name to check +* @return true if the specified OID stands for the specified name +*/ +BOTAN_UNSTABLE_API bool name_of(const OID& oid, const std::string& name); } } diff --git a/src/scripts/oids.py b/src/scripts/oids.py index 1a162e7324..882104d7bb 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -323,7 +323,7 @@ def main(args = None): str2oid[nam] = oid if args[1] == "oids": - print format_as_ifs(oid2str, str2oid) + print format_as_map(oid2str, str2oid) elif args[1] == "dn_ub": print format_dn_ub_as_map(dn_ub,oid2str) elif args[1] == "pads": From 9cf0b093de0b58bab6f9377c1e16e1ed32f8a4a5 Mon Sep 17 00:00:00 2001 From: Never Date: Tue, 9 Jan 2018 14:34:57 +0100 Subject: [PATCH 0626/1008] Add previously removed OID tests Originally removed in 62e55f484a7a03e2532875696eb2479a577878e9 --- src/tests/test_oid.cpp | 109 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 src/tests/test_oid.cpp diff --git a/src/tests/test_oid.cpp b/src/tests/test_oid.cpp new file mode 100644 index 0000000000..3431f6f317 --- /dev/null +++ b/src/tests/test_oid.cpp @@ -0,0 +1,109 @@ +/* +* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_ASN1) + #include +#endif + +namespace Botan_Tests { + +namespace { + +#if defined(BOTAN_HAS_ASN1) + +Test::Result test_add_have_OID() + { + Test::Result result("OID add"); + + result.test_eq("there is no OID 'botan-test-oid1'", Botan::OIDS::have_oid("botan-test-oid1"), false); + + Botan::OIDS::add_oid(Botan::OID("1.2.345.6.666"), "botan-test-oid1"); + + result.test_eq("OID 'botan-test-oid1' added successfully", Botan::OIDS::have_oid("botan-test-oid1"), true); + + result.test_eq("name of OID '1.2.345.6.666' is 'botan-test-oid1'", Botan::OIDS::name_of(Botan::OID("1.2.345.6.666"), + "botan-test-oid1"), true); + + return result; + } + +Test::Result test_add_have_OID_str() + { + Test::Result result("OID add string"); + + result.test_eq("there is no OID 'botan-test-oid2'", Botan::OIDS::have_oid("botan-test-oid2"), false); + + Botan::OIDS::add_oidstr("1.2.345.6.777", "botan-test-oid2"); + + result.test_eq("OID 'botan-test-oid2' added successfully", Botan::OIDS::have_oid("botan-test-oid2"), true); + + result.test_eq("name of OID '1.2.345.6.777' is 'botan-test-oid2'", Botan::OIDS::name_of(Botan::OID("1.2.345.6.777"), + "botan-test-oid2"), true); + return result; + } + +Test::Result test_add_and_lookup() + { + Test::Result result("OID add and lookup"); + + result.test_eq("OIDS::lookup returns empty string for non-existent OID object", + Botan::OIDS::lookup(Botan::OID("1.2.345.6.888")), std::string()); + + result.test_eq("OIDS::lookup returns empty OID for non-existent OID name", Botan::OIDS::lookup("botan-test-oid3").as_string(), Botan::OID().as_string()); + + // add oid -> string mapping + Botan::OIDS::add_oid2str(Botan::OID("1.2.345.6.888"), "botan-test-oid3"); + result.test_eq("", Botan::OIDS::lookup(Botan::OID("1.2.345.6.888")), "botan-test-oid3"); + + // still returns empty OID + result.test_eq("OIDS::lookup still returns empty OID without adding name mapping", Botan::OIDS::lookup("botan-test-oid3").as_string(), Botan::OID().as_string()); + + // add string -> oid mapping + Botan::OIDS::add_str2oid(Botan::OID("1.2.345.6.888"), "botan-test-oid3"); + Botan::OIDS::lookup("botan-test-oid3"); + + return result; + } + +class OID_Tests final : public Test + { + public: + std::vector run() override + { + std::vector results; + + std::vector> fns = + { + test_add_have_OID, + test_add_have_OID_str, + test_add_and_lookup, + }; + + for(size_t i = 0; i != fns.size(); ++i) + { + try + { + results.push_back(fns[ i ]()); + } + catch(std::exception& e) + { + results.push_back(Test::Result::Failure("OID tests " + std::to_string(i), e.what())); + } + } + + return results; + } + }; + +BOTAN_REGISTER_TEST("oid", OID_Tests); + +#endif + +} + +} \ No newline at end of file From 5f55f0eac95cd6f1c2962aef261af285bf37bfb6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Feb 2018 10:48:41 -0500 Subject: [PATCH 0627/1008] Detect compiler architecture at configure time Avoids build confusions like #1442 --- configure.py | 69 ++++++++++++++++++++++++---------- src/build-data/detect_arch.cpp | 50 ++++++++++++++++++++++++ 2 files changed, 100 insertions(+), 19 deletions(-) create mode 100644 src/build-data/detect_arch.cpp diff --git a/configure.py b/configure.py index 9502dc3e4a..eb3740345c 100755 --- a/configure.py +++ b/configure.py @@ -2793,49 +2793,75 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.os == 'windows' and options.compiler != 'msvc': logging.warning('The windows target is oriented towards MSVC; maybe you want cygwin or mingw') -def calculate_cc_min_version(options, ccinfo, source_paths): - version_patterns = { - 'msvc': r'^ *MSVC ([0-9]{2})([0-9]{2})$', - 'gcc': r'^ *GCC ([0-9]+) ([0-9]+)$', - 'clang': r'^ *CLANG ([0-9]+) ([0-9]+)$', - 'xlc': r'^ *XLC (0x[0-9a-fA-F]{2})([0-9a-fA-F]{2})$' - } - - if ccinfo.basename not in version_patterns: - logging.info("No compiler version detection available for %s" % (ccinfo.basename)) - return "0.0" - - detect_version_source = os.path.join(source_paths.build_data_dir, "detect_version.cpp") +def run_compiler_preproc(options, ccinfo, source_file, default_return, extra_flags=None): + if extra_flags is None: + extra_flags = [] cc_bin = options.compiler_binary or ccinfo.binary_name - cmd = cc_bin.split(' ') + ccinfo.preproc_flags.split(' ') + [detect_version_source] + cmd = cc_bin.split(' ') + ccinfo.preproc_flags.split(' ') + extra_flags + [source_file] try: logging.debug("Running '%s'", ' '.join(cmd)) - stdout, stderr = subprocess.Popen( + stdout, _ = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True).communicate() - cc_output = stdout + "\n" + stderr + cc_output = stdout except OSError as e: - logging.warning('Could not execute %s for version check: %s' % (cmd, e)) - return "0.0" + logging.warning('Could not execute %s: %s' % (cmd, e)) + return default_return def cleanup_output(output): return ('\n'.join([l for l in output.splitlines() if l.startswith('#') is False])).strip() + return cleanup_output(cc_output) + +def calculate_cc_min_version(options, ccinfo, source_paths): + version_patterns = { + 'msvc': r'^ *MSVC ([0-9]{2})([0-9]{2})$', + 'gcc': r'^ *GCC ([0-9]+) ([0-9]+)$', + 'clang': r'^ *CLANG ([0-9]+) ([0-9]+)$', + 'xlc': r'^ *XLC (0x[0-9a-fA-F]{2})([0-9a-fA-F]{2})$' + } + + if ccinfo.basename not in version_patterns: + logging.info("No compiler version detection available for %s" % (ccinfo.basename)) + return "0.0" + + detect_version_source = os.path.join(source_paths.build_data_dir, "detect_version.cpp") + + cc_output = run_compiler_preproc(options, ccinfo, detect_version_source, "0.0") + match = re.search(version_patterns[ccinfo.basename], cc_output, flags=re.MULTILINE) if match is None: logging.warning("Tried to get %s version, but output '%s' does not match expected version format" % ( - ccinfo.basename, cleanup_output(cc_output))) + ccinfo.basename, cc_output)) return "0.0" cc_version = "%d.%d" % (int(match.group(1), 0), int(match.group(2), 0)) logging.info('Auto-detected compiler version %s' % (cc_version)) return cc_version +def check_compiler_arch(options, ccinfo, archinfo, source_paths): + detect_version_source = os.path.join(source_paths.build_data_dir, 'detect_arch.cpp') + + abi_flags = ccinfo.mach_abi_link_flags(options).split(' ') + cc_output = run_compiler_preproc(options, ccinfo, detect_version_source, 'UNKNOWN', abi_flags).lower() + + if cc_output in ['', 'unknown']: + logging.warning('Unable to detect target architecture via compiler macro checks') + return None + + if cc_output not in archinfo: + # Should not happen + logging.warning("Error detecting compiler target arch: '%s'", cc_output) + return None + + logging.info('Auto-detected compiler arch %s' % (cc_output)) + return cc_output + def do_io_for_build(cc, arch, osinfo, using_mods, build_paths, source_paths, template_vars, options): # pylint: disable=too-many-locals,too-many-branches @@ -3011,6 +3037,11 @@ def main(argv): module_policy = info_module_policies[options.module_policy] if options.module_policy else None cc_min_version = options.cc_min_version or calculate_cc_min_version(options, cc, source_paths) + cc_arch = check_compiler_arch(options, cc, info_arch, source_paths) + + if cc_arch is not None and cc_arch != options.arch: + logging.error("Configured target is %s but compiler probe indicates %s", options.arch, cc_arch) + logging.info('Target is %s:%s-%s-%s' % ( options.compiler, cc_min_version, options.os, options.arch)) diff --git a/src/build-data/detect_arch.cpp b/src/build-data/detect_arch.cpp new file mode 100644 index 0000000000..aa50540936 --- /dev/null +++ b/src/build-data/detect_arch.cpp @@ -0,0 +1,50 @@ + +#if defined(__x86_64__) || defined(_M_X64) + X86_64 + +#elif defined(__i386__) || defined(__i386) || defined(_M_IX86) + X86_32 + +#elif defined(__aarch64__) || defined(__ARM_ARCH_ISA_A64) + ARM64 + +#elif defined(__arm__) || defined(_M_ARM) || defined(__ARM_ARCH_7A__) + ARM32 + +#elif defined(__powerpc64__) || defined(__ppc64__) || defined(_ARCH_PPC64) + PPC64 + +#elif defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC) + PPC32 + +#elif defined(__mips__) || defined(__mips) + MIPS32 + +#elif defined(__sparc__) + SPARC32 + +#elif defined(__alpha__) + ALPHA + +#elif defined(__hppa__) || defined(__hppa) + HPPA + +#elif defined(__ia64__) + IA64 + +#elif defined(__m68k__) + M68K + +#elif defined(__sh__) + SH + +#elif defined(__s390x__) + S390X + +#elif defined(__s390__) + S390 + +#else + UNKNOWN + +#endif From d4ef204878ed7c675c16531a482cd373b8fa8b0b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 7 Feb 2018 10:53:02 -0500 Subject: [PATCH 0628/1008] Fix compliation problem in PKCS11 ./configure.py --amal --mini --enable-modules=pkcs11 would fail to build because the guarded includes of pk_keys.h ended up hiding the declaration entirely. This is really a bug in how the amalgamation is generated but may be hard to fix in the general case. --- src/lib/prov/pkcs11/info.txt | 1 + src/lib/prov/pkcs11/p11_ecc_key.cpp | 1 + src/lib/prov/pkcs11/p11_ecc_key.h | 2 +- src/lib/prov/pkcs11/p11_ecdsa.h | 1 + src/lib/prov/pkcs11/p11_rsa.cpp | 1 + src/lib/prov/pkcs11/p11_rsa.h | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/lib/prov/pkcs11/info.txt b/src/lib/prov/pkcs11/info.txt index b47fc6b294..730fd9ef61 100644 --- a/src/lib/prov/pkcs11/info.txt +++ b/src/lib/prov/pkcs11/info.txt @@ -5,6 +5,7 @@ PKCS11 -> 20160219 dyn_load rng +pubkey pk_pad diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp index 3a0fa63503..d5a9a2b76c 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.cpp +++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp @@ -7,6 +7,7 @@ */ #include +#include #if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) diff --git a/src/lib/prov/pkcs11/p11_ecc_key.h b/src/lib/prov/pkcs11/p11_ecc_key.h index 2372ae07c6..5522b07cad 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.h +++ b/src/lib/prov/pkcs11/p11_ecc_key.h @@ -10,9 +10,9 @@ #define BOTAN_P11_ECC_H_ #include +#include #if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) -#include #include #include #include diff --git a/src/lib/prov/pkcs11/p11_ecdsa.h b/src/lib/prov/pkcs11/p11_ecdsa.h index ae1a9c0bcb..0843c85ba1 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.h +++ b/src/lib/prov/pkcs11/p11_ecdsa.h @@ -10,6 +10,7 @@ #define BOTAN_P11_ECDSA_H_ #include +#include #if defined(BOTAN_HAS_ECDSA) diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp index 4962982b02..e62c038ec5 100644 --- a/src/lib/prov/pkcs11/p11_rsa.cpp +++ b/src/lib/prov/pkcs11/p11_rsa.cpp @@ -7,6 +7,7 @@ */ #include +#include #if defined(BOTAN_HAS_RSA) diff --git a/src/lib/prov/pkcs11/p11_rsa.h b/src/lib/prov/pkcs11/p11_rsa.h index a4f3a04d74..7531a00ccf 100644 --- a/src/lib/prov/pkcs11/p11_rsa.h +++ b/src/lib/prov/pkcs11/p11_rsa.h @@ -11,6 +11,7 @@ #include #include +#include #if defined(BOTAN_HAS_RSA) #include From dc5b0ab629942d6675f70b5450f7fd12c05320ed Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 7 Feb 2018 15:21:46 -0500 Subject: [PATCH 0629/1008] Use new literal syntax for OIDs Reduces size of oid_maps object file by a ~16K --- src/lib/asn1/oid_maps.cpp | 392 +++++++++++++++++++------------------- src/lib/asn1/oids.cpp | 22 ++- src/scripts/oids.py | 7 +- 3 files changed, 215 insertions(+), 206 deletions(-) diff --git a/src/lib/asn1/oid_maps.cpp b/src/lib/asn1/oid_maps.cpp index c291a9cd60..d0d961e275 100644 --- a/src/lib/asn1/oid_maps.cpp +++ b/src/lib/asn1/oid_maps.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by src/scripts/oids.py on 2018-01-09 +* This file was automatically generated by ./src/scripts/oids.py on 2018-02-07 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -221,201 +221,201 @@ std::unordered_map OIDS::load_oid2str_map() std::unordered_map OIDS::load_str2oid_map() { return std::unordered_map{ - { "AES-128/CBC", OID("2.16.840.1.101.3.4.1.2") }, - { "AES-128/CCM", OID("2.16.840.1.101.3.4.1.7") }, - { "AES-128/GCM", OID("2.16.840.1.101.3.4.1.6") }, - { "AES-128/OCB", OID("1.3.6.1.4.1.25258.3.2.1") }, - { "AES-192/CBC", OID("2.16.840.1.101.3.4.1.22") }, - { "AES-192/CCM", OID("2.16.840.1.101.3.4.1.27") }, - { "AES-192/GCM", OID("2.16.840.1.101.3.4.1.26") }, - { "AES-192/OCB", OID("1.3.6.1.4.1.25258.3.2.2") }, - { "AES-256/CBC", OID("2.16.840.1.101.3.4.1.42") }, - { "AES-256/CCM", OID("2.16.840.1.101.3.4.1.47") }, - { "AES-256/GCM", OID("2.16.840.1.101.3.4.1.46") }, - { "AES-256/OCB", OID("1.3.6.1.4.1.25258.3.2.3") }, - { "CAST-128/CBC", OID("1.2.840.113533.7.66.10") }, - { "Compression.Zlib", OID("1.2.840.113549.1.9.16.3.8") }, - { "Curve25519", OID("1.3.101.110") }, - { "DES/CBC", OID("1.3.14.3.2.7") }, - { "DH", OID("1.2.840.10046.2.1") }, - { "DSA", OID("1.2.840.10040.4.1") }, - { "DSA/EMSA1(SHA-160)", OID("1.2.840.10040.4.3") }, - { "DSA/EMSA1(SHA-224)", OID("2.16.840.1.101.3.4.3.1") }, - { "DSA/EMSA1(SHA-256)", OID("2.16.840.1.101.3.4.3.2") }, - { "DSA/EMSA1(SHA-3(224))", OID("2.16.840.1.101.3.4.3.5") }, - { "DSA/EMSA1(SHA-3(256))", OID("2.16.840.1.101.3.4.3.6") }, - { "DSA/EMSA1(SHA-3(384))", OID("2.16.840.1.101.3.4.3.7") }, - { "DSA/EMSA1(SHA-3(512))", OID("2.16.840.1.101.3.4.3.8") }, - { "DSA/EMSA1(SHA-384)", OID("2.16.840.1.101.3.4.3.3") }, - { "DSA/EMSA1(SHA-512)", OID("2.16.840.1.101.3.4.3.4") }, - { "ECDH", OID("1.3.132.1.12") }, - { "ECDSA", OID("1.2.840.10045.2.1") }, - { "ECDSA/EMSA1(SHA-160)", OID("1.2.840.10045.4.1") }, - { "ECDSA/EMSA1(SHA-224)", OID("1.2.840.10045.4.3.1") }, - { "ECDSA/EMSA1(SHA-256)", OID("1.2.840.10045.4.3.2") }, - { "ECDSA/EMSA1(SHA-3(224))", OID("2.16.840.1.101.3.4.3.9") }, - { "ECDSA/EMSA1(SHA-3(256))", OID("2.16.840.1.101.3.4.3.10") }, - { "ECDSA/EMSA1(SHA-3(384))", OID("2.16.840.1.101.3.4.3.11") }, - { "ECDSA/EMSA1(SHA-3(512))", OID("2.16.840.1.101.3.4.3.12") }, - { "ECDSA/EMSA1(SHA-384)", OID("1.2.840.10045.4.3.3") }, - { "ECDSA/EMSA1(SHA-512)", OID("1.2.840.10045.4.3.4") }, - { "ECGDSA", OID("1.3.36.3.3.2.5.2.1") }, - { "ECGDSA/EMSA1(RIPEMD-160)", OID("1.3.36.3.3.2.5.4.1") }, - { "ECGDSA/EMSA1(SHA-160)", OID("1.3.36.3.3.2.5.4.2") }, - { "ECGDSA/EMSA1(SHA-224)", OID("1.3.36.3.3.2.5.4.3") }, - { "ECGDSA/EMSA1(SHA-256)", OID("1.3.36.3.3.2.5.4.4") }, - { "ECGDSA/EMSA1(SHA-384)", OID("1.3.36.3.3.2.5.4.5") }, - { "ECGDSA/EMSA1(SHA-512)", OID("1.3.36.3.3.2.5.4.6") }, - { "ECKCDSA", OID("1.0.14888.3.0.5") }, - { "ECKCDSA/EMSA1(SHA-1)", OID("1.2.410.200004.1.100.4.3") }, - { "ECKCDSA/EMSA1(SHA-224)", OID("1.2.410.200004.1.100.4.4") }, - { "ECKCDSA/EMSA1(SHA-256)", OID("1.2.410.200004.1.100.4.5") }, - { "Ed25519", OID("1.3.101.112") }, - { "ElGamal", OID("1.3.6.1.4.1.3029.1.2.1") }, - { "GOST-34.10", OID("1.2.643.2.2.19") }, - { "GOST-34.10/EMSA1(GOST-R-34.11-94)", OID("1.2.643.2.2.3") }, - { "GOST-34.10/EMSA1(SHA-256)", OID("1.3.6.1.4.1.25258.1.6.1") }, - { "HMAC(SHA-160)", OID("1.2.840.113549.2.7") }, - { "HMAC(SHA-224)", OID("1.2.840.113549.2.8") }, - { "HMAC(SHA-256)", OID("1.2.840.113549.2.9") }, - { "HMAC(SHA-384)", OID("1.2.840.113549.2.10") }, - { "HMAC(SHA-512)", OID("1.2.840.113549.2.11") }, - { "KeyWrap.AES-128", OID("2.16.840.1.101.3.4.1.5") }, - { "KeyWrap.AES-192", OID("2.16.840.1.101.3.4.1.25") }, - { "KeyWrap.AES-256", OID("2.16.840.1.101.3.4.1.45") }, - { "KeyWrap.CAST-128", OID("1.2.840.113533.7.66.15") }, - { "KeyWrap.RC2", OID("1.2.840.113549.1.9.16.3.7") }, - { "KeyWrap.TripleDES", OID("1.2.840.113549.1.9.16.3.6") }, - { "MD5", OID("1.2.840.113549.2.5") }, - { "MGF1", OID("1.2.840.113549.1.1.8") }, - { "McEliece", OID("1.3.6.1.4.1.25258.1.3") }, - { "Microsoft SmartcardLogon", OID("1.3.6.1.4.1.311.20.2.2") }, - { "PBE-PKCS5v20", OID("1.2.840.113549.1.5.13") }, - { "PKCS5.PBKDF2", OID("1.2.840.113549.1.5.12") }, - { "PKCS9.ChallengePassword", OID("1.2.840.113549.1.9.7") }, - { "PKCS9.ContentType", OID("1.2.840.113549.1.9.3") }, - { "PKCS9.EmailAddress", OID("1.2.840.113549.1.9.1") }, - { "PKCS9.ExtensionRequest", OID("1.2.840.113549.1.9.14") }, - { "PKCS9.MessageDigest", OID("1.2.840.113549.1.9.4") }, - { "PKCS9.UnstructuredName", OID("1.2.840.113549.1.9.2") }, - { "PKIX.AuthorityInformationAccess", OID("1.3.6.1.5.5.7.1.1") }, - { "PKIX.CertificateAuthorityIssuers", OID("1.3.6.1.5.5.7.48.2") }, - { "PKIX.ClientAuth", OID("1.3.6.1.5.5.7.3.2") }, - { "PKIX.CodeSigning", OID("1.3.6.1.5.5.7.3.3") }, - { "PKIX.EmailProtection", OID("1.3.6.1.5.5.7.3.4") }, - { "PKIX.IPsecEndSystem", OID("1.3.6.1.5.5.7.3.5") }, - { "PKIX.IPsecTunnel", OID("1.3.6.1.5.5.7.3.6") }, - { "PKIX.IPsecUser", OID("1.3.6.1.5.5.7.3.7") }, - { "PKIX.OCSP", OID("1.3.6.1.5.5.7.48.1") }, - { "PKIX.OCSP.BasicResponse", OID("1.3.6.1.5.5.7.48.1.1") }, - { "PKIX.OCSPSigning", OID("1.3.6.1.5.5.7.3.9") }, - { "PKIX.ServerAuth", OID("1.3.6.1.5.5.7.3.1") }, - { "PKIX.TimeStamping", OID("1.3.6.1.5.5.7.3.8") }, - { "PKIX.XMPPAddr", OID("1.3.6.1.5.5.7.8.5") }, - { "RC2/CBC", OID("1.2.840.113549.3.2") }, - { "RIPEMD-160", OID("1.3.36.3.2.1") }, - { "RSA", OID("1.2.840.113549.1.1.1") }, - { "RSA/EMSA3(MD5)", OID("1.2.840.113549.1.1.4") }, - { "RSA/EMSA3(RIPEMD-160)", OID("1.3.36.3.3.1.2") }, - { "RSA/EMSA3(SHA-160)", OID("1.2.840.113549.1.1.5") }, - { "RSA/EMSA3(SHA-224)", OID("1.2.840.113549.1.1.14") }, - { "RSA/EMSA3(SHA-256)", OID("1.2.840.113549.1.1.11") }, - { "RSA/EMSA3(SHA-3(224))", OID("2.16.840.1.101.3.4.3.13") }, - { "RSA/EMSA3(SHA-3(256))", OID("2.16.840.1.101.3.4.3.14") }, - { "RSA/EMSA3(SHA-3(384))", OID("2.16.840.1.101.3.4.3.15") }, - { "RSA/EMSA3(SHA-3(512))", OID("2.16.840.1.101.3.4.3.16") }, - { "RSA/EMSA3(SHA-384)", OID("1.2.840.113549.1.1.12") }, - { "RSA/EMSA3(SHA-512)", OID("1.2.840.113549.1.1.13") }, - { "RSA/EMSA3(SHA-512-256)", OID("1.2.840.113549.1.1.16") }, - { "RSA/EMSA3(SM3)", OID("1.2.156.10197.1.504") }, - { "RSA/EMSA4", OID("1.2.840.113549.1.1.10") }, - { "RSA/OAEP", OID("1.2.840.113549.1.1.7") }, - { "SEED/CBC", OID("1.2.410.200004.1.4") }, - { "SHA-160", OID("1.3.14.3.2.26") }, - { "SHA-224", OID("2.16.840.1.101.3.4.2.4") }, - { "SHA-256", OID("2.16.840.1.101.3.4.2.1") }, - { "SHA-3(224)", OID("2.16.840.1.101.3.4.2.7") }, - { "SHA-3(256)", OID("2.16.840.1.101.3.4.2.8") }, - { "SHA-3(384)", OID("2.16.840.1.101.3.4.2.9") }, - { "SHA-3(512)", OID("2.16.840.1.101.3.4.2.10") }, - { "SHA-384", OID("2.16.840.1.101.3.4.2.2") }, - { "SHA-512", OID("2.16.840.1.101.3.4.2.3") }, - { "SHA-512-256", OID("2.16.840.1.101.3.4.2.6") }, - { "SHAKE-128", OID("2.16.840.1.101.3.4.2.11") }, - { "SHAKE-256", OID("2.16.840.1.101.3.4.2.12") }, - { "SM2_Enc", OID("1.2.156.10197.1.301.3") }, - { "SM2_Kex", OID("1.2.156.10197.1.301.2") }, - { "SM2_Sig", OID("1.2.156.10197.1.301.1") }, - { "SM3", OID("1.2.156.10197.1.401") }, - { "Serpent/CBC", OID("1.3.6.1.4.1.25258.3.1") }, - { "Serpent/GCM", OID("1.3.6.1.4.1.25258.3.101") }, - { "Serpent/OCB", OID("1.3.6.1.4.1.25258.3.2.4") }, - { "Streebog-256", OID("1.2.643.7.1.1.2.2") }, - { "Streebog-512", OID("1.2.643.7.1.1.2.3") }, - { "Threefish-512/CBC", OID("1.3.6.1.4.1.25258.3.2") }, - { "Tiger(24,3)", OID("1.3.6.1.4.1.11591.12.2") }, - { "TripleDES/CBC", OID("1.2.840.113549.3.7") }, - { "Twofish/CBC", OID("1.3.6.1.4.1.25258.3.3") }, - { "Twofish/GCM", OID("1.3.6.1.4.1.25258.3.102") }, - { "Twofish/OCB", OID("1.3.6.1.4.1.25258.3.2.5") }, - { "X509v3.AnyPolicy", OID("2.5.29.32.0") }, - { "X509v3.AuthorityKeyIdentifier", OID("2.5.29.35") }, - { "X509v3.BasicConstraints", OID("2.5.29.19") }, - { "X509v3.CRLDistributionPoints", OID("2.5.29.31") }, - { "X509v3.CRLIssuingDistributionPoint", OID("2.5.29.28") }, - { "X509v3.CRLNumber", OID("2.5.29.20") }, - { "X509v3.CertificatePolicies", OID("2.5.29.32") }, - { "X509v3.ExtendedKeyUsage", OID("2.5.29.37") }, - { "X509v3.HoldInstructionCode", OID("2.5.29.23") }, - { "X509v3.InvalidityDate", OID("2.5.29.24") }, - { "X509v3.IssuerAlternativeName", OID("2.5.29.18") }, - { "X509v3.KeyUsage", OID("2.5.29.15") }, - { "X509v3.NameConstraints", OID("2.5.29.30") }, - { "X509v3.PolicyConstraints", OID("2.5.29.36") }, - { "X509v3.ReasonCode", OID("2.5.29.21") }, - { "X509v3.SubjectAlternativeName", OID("2.5.29.17") }, - { "X509v3.SubjectKeyIdentifier", OID("2.5.29.14") }, - { "X520.CommonName", OID("2.5.4.3") }, - { "X520.Country", OID("2.5.4.6") }, - { "X520.DNQualifier", OID("2.5.4.46") }, - { "X520.GenerationalQualifier", OID("2.5.4.44") }, - { "X520.GivenName", OID("2.5.4.42") }, - { "X520.Initials", OID("2.5.4.43") }, - { "X520.Locality", OID("2.5.4.7") }, - { "X520.Organization", OID("2.5.4.10") }, - { "X520.OrganizationalUnit", OID("2.5.4.11") }, - { "X520.Pseudonym", OID("2.5.4.65") }, - { "X520.SerialNumber", OID("2.5.4.5") }, - { "X520.State", OID("2.5.4.8") }, - { "X520.Surname", OID("2.5.4.4") }, - { "X520.Title", OID("2.5.4.12") }, - { "XMSS", OID("1.3.6.1.4.1.25258.1.5") }, - { "brainpool160r1", OID("1.3.36.3.3.2.8.1.1.1") }, - { "brainpool192r1", OID("1.3.36.3.3.2.8.1.1.3") }, - { "brainpool224r1", OID("1.3.36.3.3.2.8.1.1.5") }, - { "brainpool256r1", OID("1.3.36.3.3.2.8.1.1.7") }, - { "brainpool320r1", OID("1.3.36.3.3.2.8.1.1.9") }, - { "brainpool384r1", OID("1.3.36.3.3.2.8.1.1.11") }, - { "brainpool512r1", OID("1.3.36.3.3.2.8.1.1.13") }, - { "frp256v1", OID("1.2.250.1.223.101.256.1") }, - { "gost_256A", OID("1.2.643.2.2.35.1") }, - { "secp160k1", OID("1.3.132.0.9") }, - { "secp160r1", OID("1.3.132.0.8") }, - { "secp160r2", OID("1.3.132.0.30") }, - { "secp192k1", OID("1.3.132.0.31") }, - { "secp192r1", OID("1.2.840.10045.3.1.1") }, - { "secp224k1", OID("1.3.132.0.32") }, - { "secp224r1", OID("1.3.132.0.33") }, - { "secp256k1", OID("1.3.132.0.10") }, - { "secp256r1", OID("1.2.840.10045.3.1.7") }, - { "secp384r1", OID("1.3.132.0.34") }, - { "secp521r1", OID("1.3.132.0.35") }, - { "sm2p256v1", OID("1.2.156.10197.1.301") }, - { "x962_p192v2", OID("1.2.840.10045.3.1.2") }, - { "x962_p192v3", OID("1.2.840.10045.3.1.3") }, - { "x962_p239v1", OID("1.2.840.10045.3.1.4") }, - { "x962_p239v2", OID("1.2.840.10045.3.1.5") }, - { "x962_p239v3", OID("1.2.840.10045.3.1.6") } + { "AES-128/CBC", OID({2,16,840,1,101,3,4,1,2}) }, + { "AES-128/CCM", OID({2,16,840,1,101,3,4,1,7}) }, + { "AES-128/GCM", OID({2,16,840,1,101,3,4,1,6}) }, + { "AES-128/OCB", OID({1,3,6,1,4,1,25258,3,2,1}) }, + { "AES-192/CBC", OID({2,16,840,1,101,3,4,1,22}) }, + { "AES-192/CCM", OID({2,16,840,1,101,3,4,1,27}) }, + { "AES-192/GCM", OID({2,16,840,1,101,3,4,1,26}) }, + { "AES-192/OCB", OID({1,3,6,1,4,1,25258,3,2,2}) }, + { "AES-256/CBC", OID({2,16,840,1,101,3,4,1,42}) }, + { "AES-256/CCM", OID({2,16,840,1,101,3,4,1,47}) }, + { "AES-256/GCM", OID({2,16,840,1,101,3,4,1,46}) }, + { "AES-256/OCB", OID({1,3,6,1,4,1,25258,3,2,3}) }, + { "CAST-128/CBC", OID({1,2,840,113533,7,66,10}) }, + { "Compression.Zlib", OID({1,2,840,113549,1,9,16,3,8}) }, + { "Curve25519", OID({1,3,101,110}) }, + { "DES/CBC", OID({1,3,14,3,2,7}) }, + { "DH", OID({1,2,840,10046,2,1}) }, + { "DSA", OID({1,2,840,10040,4,1}) }, + { "DSA/EMSA1(SHA-160)", OID({1,2,840,10040,4,3}) }, + { "DSA/EMSA1(SHA-224)", OID({2,16,840,1,101,3,4,3,1}) }, + { "DSA/EMSA1(SHA-256)", OID({2,16,840,1,101,3,4,3,2}) }, + { "DSA/EMSA1(SHA-3(224))", OID({2,16,840,1,101,3,4,3,5}) }, + { "DSA/EMSA1(SHA-3(256))", OID({2,16,840,1,101,3,4,3,6}) }, + { "DSA/EMSA1(SHA-3(384))", OID({2,16,840,1,101,3,4,3,7}) }, + { "DSA/EMSA1(SHA-3(512))", OID({2,16,840,1,101,3,4,3,8}) }, + { "DSA/EMSA1(SHA-384)", OID({2,16,840,1,101,3,4,3,3}) }, + { "DSA/EMSA1(SHA-512)", OID({2,16,840,1,101,3,4,3,4}) }, + { "ECDH", OID({1,3,132,1,12}) }, + { "ECDSA", OID({1,2,840,10045,2,1}) }, + { "ECDSA/EMSA1(SHA-160)", OID({1,2,840,10045,4,1}) }, + { "ECDSA/EMSA1(SHA-224)", OID({1,2,840,10045,4,3,1}) }, + { "ECDSA/EMSA1(SHA-256)", OID({1,2,840,10045,4,3,2}) }, + { "ECDSA/EMSA1(SHA-3(224))", OID({2,16,840,1,101,3,4,3,9}) }, + { "ECDSA/EMSA1(SHA-3(256))", OID({2,16,840,1,101,3,4,3,10}) }, + { "ECDSA/EMSA1(SHA-3(384))", OID({2,16,840,1,101,3,4,3,11}) }, + { "ECDSA/EMSA1(SHA-3(512))", OID({2,16,840,1,101,3,4,3,12}) }, + { "ECDSA/EMSA1(SHA-384)", OID({1,2,840,10045,4,3,3}) }, + { "ECDSA/EMSA1(SHA-512)", OID({1,2,840,10045,4,3,4}) }, + { "ECGDSA", OID({1,3,36,3,3,2,5,2,1}) }, + { "ECGDSA/EMSA1(RIPEMD-160)", OID({1,3,36,3,3,2,5,4,1}) }, + { "ECGDSA/EMSA1(SHA-160)", OID({1,3,36,3,3,2,5,4,2}) }, + { "ECGDSA/EMSA1(SHA-224)", OID({1,3,36,3,3,2,5,4,3}) }, + { "ECGDSA/EMSA1(SHA-256)", OID({1,3,36,3,3,2,5,4,4}) }, + { "ECGDSA/EMSA1(SHA-384)", OID({1,3,36,3,3,2,5,4,5}) }, + { "ECGDSA/EMSA1(SHA-512)", OID({1,3,36,3,3,2,5,4,6}) }, + { "ECKCDSA", OID({1,0,14888,3,0,5}) }, + { "ECKCDSA/EMSA1(SHA-1)", OID({1,2,410,200004,1,100,4,3}) }, + { "ECKCDSA/EMSA1(SHA-224)", OID({1,2,410,200004,1,100,4,4}) }, + { "ECKCDSA/EMSA1(SHA-256)", OID({1,2,410,200004,1,100,4,5}) }, + { "Ed25519", OID({1,3,101,112}) }, + { "ElGamal", OID({1,3,6,1,4,1,3029,1,2,1}) }, + { "GOST-34.10", OID({1,2,643,2,2,19}) }, + { "GOST-34.10/EMSA1(GOST-R-34.11-94)", OID({1,2,643,2,2,3}) }, + { "GOST-34.10/EMSA1(SHA-256)", OID({1,3,6,1,4,1,25258,1,6,1}) }, + { "HMAC(SHA-160)", OID({1,2,840,113549,2,7}) }, + { "HMAC(SHA-224)", OID({1,2,840,113549,2,8}) }, + { "HMAC(SHA-256)", OID({1,2,840,113549,2,9}) }, + { "HMAC(SHA-384)", OID({1,2,840,113549,2,10}) }, + { "HMAC(SHA-512)", OID({1,2,840,113549,2,11}) }, + { "KeyWrap.AES-128", OID({2,16,840,1,101,3,4,1,5}) }, + { "KeyWrap.AES-192", OID({2,16,840,1,101,3,4,1,25}) }, + { "KeyWrap.AES-256", OID({2,16,840,1,101,3,4,1,45}) }, + { "KeyWrap.CAST-128", OID({1,2,840,113533,7,66,15}) }, + { "KeyWrap.RC2", OID({1,2,840,113549,1,9,16,3,7}) }, + { "KeyWrap.TripleDES", OID({1,2,840,113549,1,9,16,3,6}) }, + { "MD5", OID({1,2,840,113549,2,5}) }, + { "MGF1", OID({1,2,840,113549,1,1,8}) }, + { "McEliece", OID({1,3,6,1,4,1,25258,1,3}) }, + { "Microsoft SmartcardLogon", OID({1,3,6,1,4,1,311,20,2,2}) }, + { "PBE-PKCS5v20", OID({1,2,840,113549,1,5,13}) }, + { "PKCS5.PBKDF2", OID({1,2,840,113549,1,5,12}) }, + { "PKCS9.ChallengePassword", OID({1,2,840,113549,1,9,7}) }, + { "PKCS9.ContentType", OID({1,2,840,113549,1,9,3}) }, + { "PKCS9.EmailAddress", OID({1,2,840,113549,1,9,1}) }, + { "PKCS9.ExtensionRequest", OID({1,2,840,113549,1,9,14}) }, + { "PKCS9.MessageDigest", OID({1,2,840,113549,1,9,4}) }, + { "PKCS9.UnstructuredName", OID({1,2,840,113549,1,9,2}) }, + { "PKIX.AuthorityInformationAccess", OID({1,3,6,1,5,5,7,1,1}) }, + { "PKIX.CertificateAuthorityIssuers", OID({1,3,6,1,5,5,7,48,2}) }, + { "PKIX.ClientAuth", OID({1,3,6,1,5,5,7,3,2}) }, + { "PKIX.CodeSigning", OID({1,3,6,1,5,5,7,3,3}) }, + { "PKIX.EmailProtection", OID({1,3,6,1,5,5,7,3,4}) }, + { "PKIX.IPsecEndSystem", OID({1,3,6,1,5,5,7,3,5}) }, + { "PKIX.IPsecTunnel", OID({1,3,6,1,5,5,7,3,6}) }, + { "PKIX.IPsecUser", OID({1,3,6,1,5,5,7,3,7}) }, + { "PKIX.OCSP", OID({1,3,6,1,5,5,7,48,1}) }, + { "PKIX.OCSP.BasicResponse", OID({1,3,6,1,5,5,7,48,1,1}) }, + { "PKIX.OCSPSigning", OID({1,3,6,1,5,5,7,3,9}) }, + { "PKIX.ServerAuth", OID({1,3,6,1,5,5,7,3,1}) }, + { "PKIX.TimeStamping", OID({1,3,6,1,5,5,7,3,8}) }, + { "PKIX.XMPPAddr", OID({1,3,6,1,5,5,7,8,5}) }, + { "RC2/CBC", OID({1,2,840,113549,3,2}) }, + { "RIPEMD-160", OID({1,3,36,3,2,1}) }, + { "RSA", OID({1,2,840,113549,1,1,1}) }, + { "RSA/EMSA3(MD5)", OID({1,2,840,113549,1,1,4}) }, + { "RSA/EMSA3(RIPEMD-160)", OID({1,3,36,3,3,1,2}) }, + { "RSA/EMSA3(SHA-160)", OID({1,2,840,113549,1,1,5}) }, + { "RSA/EMSA3(SHA-224)", OID({1,2,840,113549,1,1,14}) }, + { "RSA/EMSA3(SHA-256)", OID({1,2,840,113549,1,1,11}) }, + { "RSA/EMSA3(SHA-3(224))", OID({2,16,840,1,101,3,4,3,13}) }, + { "RSA/EMSA3(SHA-3(256))", OID({2,16,840,1,101,3,4,3,14}) }, + { "RSA/EMSA3(SHA-3(384))", OID({2,16,840,1,101,3,4,3,15}) }, + { "RSA/EMSA3(SHA-3(512))", OID({2,16,840,1,101,3,4,3,16}) }, + { "RSA/EMSA3(SHA-384)", OID({1,2,840,113549,1,1,12}) }, + { "RSA/EMSA3(SHA-512)", OID({1,2,840,113549,1,1,13}) }, + { "RSA/EMSA3(SHA-512-256)", OID({1,2,840,113549,1,1,16}) }, + { "RSA/EMSA3(SM3)", OID({1,2,156,10197,1,504}) }, + { "RSA/EMSA4", OID({1,2,840,113549,1,1,10}) }, + { "RSA/OAEP", OID({1,2,840,113549,1,1,7}) }, + { "SEED/CBC", OID({1,2,410,200004,1,4}) }, + { "SHA-160", OID({1,3,14,3,2,26}) }, + { "SHA-224", OID({2,16,840,1,101,3,4,2,4}) }, + { "SHA-256", OID({2,16,840,1,101,3,4,2,1}) }, + { "SHA-3(224)", OID({2,16,840,1,101,3,4,2,7}) }, + { "SHA-3(256)", OID({2,16,840,1,101,3,4,2,8}) }, + { "SHA-3(384)", OID({2,16,840,1,101,3,4,2,9}) }, + { "SHA-3(512)", OID({2,16,840,1,101,3,4,2,10}) }, + { "SHA-384", OID({2,16,840,1,101,3,4,2,2}) }, + { "SHA-512", OID({2,16,840,1,101,3,4,2,3}) }, + { "SHA-512-256", OID({2,16,840,1,101,3,4,2,6}) }, + { "SHAKE-128", OID({2,16,840,1,101,3,4,2,11}) }, + { "SHAKE-256", OID({2,16,840,1,101,3,4,2,12}) }, + { "SM2_Enc", OID({1,2,156,10197,1,301,3}) }, + { "SM2_Kex", OID({1,2,156,10197,1,301,2}) }, + { "SM2_Sig", OID({1,2,156,10197,1,301,1}) }, + { "SM3", OID({1,2,156,10197,1,401}) }, + { "Serpent/CBC", OID({1,3,6,1,4,1,25258,3,1}) }, + { "Serpent/GCM", OID({1,3,6,1,4,1,25258,3,101}) }, + { "Serpent/OCB", OID({1,3,6,1,4,1,25258,3,2,4}) }, + { "Streebog-256", OID({1,2,643,7,1,1,2,2}) }, + { "Streebog-512", OID({1,2,643,7,1,1,2,3}) }, + { "Threefish-512/CBC", OID({1,3,6,1,4,1,25258,3,2}) }, + { "Tiger(24,3)", OID({1,3,6,1,4,1,11591,12,2}) }, + { "TripleDES/CBC", OID({1,2,840,113549,3,7}) }, + { "Twofish/CBC", OID({1,3,6,1,4,1,25258,3,3}) }, + { "Twofish/GCM", OID({1,3,6,1,4,1,25258,3,102}) }, + { "Twofish/OCB", OID({1,3,6,1,4,1,25258,3,2,5}) }, + { "X509v3.AnyPolicy", OID({2,5,29,32,0}) }, + { "X509v3.AuthorityKeyIdentifier", OID({2,5,29,35}) }, + { "X509v3.BasicConstraints", OID({2,5,29,19}) }, + { "X509v3.CRLDistributionPoints", OID({2,5,29,31}) }, + { "X509v3.CRLIssuingDistributionPoint", OID({2,5,29,28}) }, + { "X509v3.CRLNumber", OID({2,5,29,20}) }, + { "X509v3.CertificatePolicies", OID({2,5,29,32}) }, + { "X509v3.ExtendedKeyUsage", OID({2,5,29,37}) }, + { "X509v3.HoldInstructionCode", OID({2,5,29,23}) }, + { "X509v3.InvalidityDate", OID({2,5,29,24}) }, + { "X509v3.IssuerAlternativeName", OID({2,5,29,18}) }, + { "X509v3.KeyUsage", OID({2,5,29,15}) }, + { "X509v3.NameConstraints", OID({2,5,29,30}) }, + { "X509v3.PolicyConstraints", OID({2,5,29,36}) }, + { "X509v3.ReasonCode", OID({2,5,29,21}) }, + { "X509v3.SubjectAlternativeName", OID({2,5,29,17}) }, + { "X509v3.SubjectKeyIdentifier", OID({2,5,29,14}) }, + { "X520.CommonName", OID({2,5,4,3}) }, + { "X520.Country", OID({2,5,4,6}) }, + { "X520.DNQualifier", OID({2,5,4,46}) }, + { "X520.GenerationalQualifier", OID({2,5,4,44}) }, + { "X520.GivenName", OID({2,5,4,42}) }, + { "X520.Initials", OID({2,5,4,43}) }, + { "X520.Locality", OID({2,5,4,7}) }, + { "X520.Organization", OID({2,5,4,10}) }, + { "X520.OrganizationalUnit", OID({2,5,4,11}) }, + { "X520.Pseudonym", OID({2,5,4,65}) }, + { "X520.SerialNumber", OID({2,5,4,5}) }, + { "X520.State", OID({2,5,4,8}) }, + { "X520.Surname", OID({2,5,4,4}) }, + { "X520.Title", OID({2,5,4,12}) }, + { "XMSS", OID({1,3,6,1,4,1,25258,1,5}) }, + { "brainpool160r1", OID({1,3,36,3,3,2,8,1,1,1}) }, + { "brainpool192r1", OID({1,3,36,3,3,2,8,1,1,3}) }, + { "brainpool224r1", OID({1,3,36,3,3,2,8,1,1,5}) }, + { "brainpool256r1", OID({1,3,36,3,3,2,8,1,1,7}) }, + { "brainpool320r1", OID({1,3,36,3,3,2,8,1,1,9}) }, + { "brainpool384r1", OID({1,3,36,3,3,2,8,1,1,11}) }, + { "brainpool512r1", OID({1,3,36,3,3,2,8,1,1,13}) }, + { "frp256v1", OID({1,2,250,1,223,101,256,1}) }, + { "gost_256A", OID({1,2,643,2,2,35,1}) }, + { "secp160k1", OID({1,3,132,0,9}) }, + { "secp160r1", OID({1,3,132,0,8}) }, + { "secp160r2", OID({1,3,132,0,30}) }, + { "secp192k1", OID({1,3,132,0,31}) }, + { "secp192r1", OID({1,2,840,10045,3,1,1}) }, + { "secp224k1", OID({1,3,132,0,32}) }, + { "secp224r1", OID({1,3,132,0,33}) }, + { "secp256k1", OID({1,3,132,0,10}) }, + { "secp256r1", OID({1,2,840,10045,3,1,7}) }, + { "secp384r1", OID({1,3,132,0,34}) }, + { "secp521r1", OID({1,3,132,0,35}) }, + { "sm2p256v1", OID({1,2,156,10197,1,301}) }, + { "x962_p192v2", OID({1,2,840,10045,3,1,2}) }, + { "x962_p192v3", OID({1,2,840,10045,3,1,3}) }, + { "x962_p239v1", OID({1,2,840,10045,3,1,4}) }, + { "x962_p239v2", OID({1,2,840,10045,3,1,5}) }, + { "x962_p239v3", OID({1,2,840,10045,3,1,6}) } }; } diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index 47d1c1c4ba..b9ba1f858f 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -42,28 +42,34 @@ class OID_Map std::string lookup(const OID& oid) { + const std::string oid_str = oid.as_string(); + +#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) + if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) + return BOTAN_HOUSE_ECC_CURVE_NAME; +#endif + lock_guard_type lock(m_mutex); - auto i = m_oid2str.find(oid.as_string()); + auto i = m_oid2str.find(oid_str); if(i != m_oid2str.end()) return i->second; -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) return BOTAN_HOUSE_ECC_CURVE_NAME; -#endif return ""; } OID lookup(const std::string& str) { +#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) + if(str == BOTAN_HOUSE_ECC_CURVE_NAME) + return OID(BOTAN_HOUSE_ECC_CURVE_OID); +#endif + lock_guard_type lock(m_mutex); auto i = m_str2oid.find(str); if(i != m_str2oid.end()) return i->second; -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(name == BOTAN_HOUSE_ECC_CURVE_NAME) return OID(BOTAN_HOUSE_ECC_CURVE_OID); -#endif return OID(); } @@ -136,4 +142,4 @@ bool name_of(const OID& oid, const std::string& name) } -} \ No newline at end of file +} diff --git a/src/scripts/oids.py b/src/scripts/oids.py index 882104d7bb..61a31a6f67 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -12,6 +12,9 @@ import re from collections import defaultdict +def format_oid(oid): + #return '"' + oid + '"' + return "{" + oid.replace('.', ',') + '}' def format_map(m, for_oid = False): s = '' @@ -22,7 +25,7 @@ def format_map(m, for_oid = False): s += ' ' if for_oid: - s += '{ "%s", OID("%s") },\n' % (k,v) + s += '{ "%s", OID(%s) },\n' % (k,format_oid(v)) else: s += '{ "%s", "%s" },\n' % (k,v) @@ -73,7 +76,7 @@ def format_if(m, nm,t=False): v = m[k] if t: - s += ' if(%s == "%s") return OID("%s");\n' % (nm,k, v) + s += ' if(%s == "%s") return OID(%s);\n' % (nm,k, format_oid(v)) else: s += ' if(%s == "%s") return "%s";\n' % (nm,k, v) From 3d868667ab5a29c31acde34c22b5b4176619260e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 7 Feb 2018 17:46:38 -0500 Subject: [PATCH 0630/1008] Make FFI errors an enum, and add a function to translate to strings --- src/lib/ffi/ffi.cpp | 45 ++++++++++++++++++++++++- src/lib/ffi/ffi.h | 80 +++++++++++++++------------------------------ 2 files changed, 71 insertions(+), 54 deletions(-) diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index 39749c4d45..ecc8d28990 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -26,6 +26,50 @@ extern "C" { using namespace Botan_FFI; +const char* botan_error_description(int err) + { + switch(err) + { + case BOTAN_FFI_SUCCESS: + return "OK"; + + case BOTAN_FFI_INVALID_VERIFIER: + return "Invalid verifier"; + + case BOTAN_FFI_ERROR_INVALID_INPUT: + return "Invalid input"; + + case BOTAN_FFI_ERROR_BAD_MAC: + return "Invalid authentication code"; + + case BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE: + return "Insufficient buffer space"; + + case BOTAN_FFI_ERROR_EXCEPTION_THROWN: + return "Exception thrown"; + + case BOTAN_FFI_ERROR_BAD_FLAG: + return "Bad flag"; + + case BOTAN_FFI_ERROR_NULL_POINTER: + return "Null pointer argument"; + + case BOTAN_FFI_ERROR_BAD_PARAMETER: + return "Bad parameter"; + + case BOTAN_FFI_ERROR_NOT_IMPLEMENTED: + return "Not implemented"; + + case BOTAN_FFI_ERROR_INVALID_OBJECT: + return "Invalid object handle"; + + case BOTAN_FFI_ERROR_UNKNOWN_ERROR: + return "Unknown error"; + } + + return "Unknown error"; + } + /* * Versioning */ @@ -120,4 +164,3 @@ int botan_base64_decode(const char* base64_str, size_t in_len, } } - diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 20611fde9d..323bf54de1 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -61,6 +61,33 @@ how to provide the cleanest API for such users would be most welcome. #include #include +/** +* Error codes +*/ +enum BOTAN_FFI_ERROR { + BOTAN_FFI_SUCCESS = 0, + BOTAN_FFI_INVALID_VERIFIER = 1, + + BOTAN_FFI_ERROR_INVALID_INPUT = -1, + BOTAN_FFI_ERROR_BAD_MAC = -2, + + BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE = -10, + BOTAN_FFI_ERROR_EXCEPTION_THROWN = -20, + BOTAN_FFI_ERROR_BAD_FLAG = -30, + BOTAN_FFI_ERROR_NULL_POINTER = -31, + BOTAN_FFI_ERROR_BAD_PARAMETER = -32, + BOTAN_FFI_ERROR_NOT_IMPLEMENTED = -40, + BOTAN_FFI_ERROR_INVALID_OBJECT = -50, + + BOTAN_FFI_ERROR_UNKNOWN_ERROR = -100, +}; + +/** +* Convert an error code into a string. Returns "Unknown error" +* if the error code is not a known one. +*/ +const char* botan_error_description(int err); + /** * Return the version of the currently supported FFI API. This is * expressed in the form YYYYMMDD of the release date of this version @@ -100,59 +127,6 @@ BOTAN_PUBLIC_API(2,0) uint32_t botan_version_patch(); */ BOTAN_PUBLIC_API(2,0) uint32_t botan_version_datestamp(); -/* -* Error handling -* -* Some way of exporting these values to other languages would be useful - - - THIS FUNCTION ASSUMES BOTH ARGUMENTS ARE LITERAL STRINGS - so it retains only the pointers and does not make a copy. - -int botan_make_error(const char* msg, const char* func, int line); -* This value is returned to callers ^^ - - normally called like - return botan_make_error(BOTAN_ERROR_STRING_NOT_IMPLEMENTED, BOTAN_FUNCTION, __LINE__); - -// This would seem to require both saving the message permanently -catch(std::exception& e) { -return botan_make_error_from_transient_string(e.what(), BOTAN_FUNCTION, __LINE__); -} - -#define botan_make_error_inf(s) return botan_make_error(s, BOTAN_FUNCTION, __LINE__); - -Easier to return a const char* from each function directly? However, - -catch(std::exception& e) { return e.what(); } - -doesn't exactly work well either! - -* -* Later call: -* const char* botan_get_error_str(int); -* To recover the msg, func, and line - -*/ -#define BOTAN_FFI_SUCCESS (0) - -#define BOTAN_FFI_INVALID_VERIFIER (1) - -#define BOTAN_FFI_ERROR_INVALID_INPUT (-1) -#define BOTAN_FFI_ERROR_BAD_MAC (-2) - -#define BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE (-10) -#define BOTAN_FFI_ERROR_EXCEPTION_THROWN (-20) -#define BOTAN_FFI_ERROR_BAD_FLAG (-30) -#define BOTAN_FFI_ERROR_NULL_POINTER (-31) -#define BOTAN_FFI_ERROR_BAD_PARAMETER (-32) -#define BOTAN_FFI_ERROR_NOT_IMPLEMENTED (-40) -#define BOTAN_FFI_ERROR_INVALID_OBJECT (-50) - -#define BOTAN_FFI_ERROR_UNKNOWN_ERROR (-100) - -//const char* botan_error_description(int err); - /** * Returns 0 if x[0..len] == y[0..len], or otherwise -1 */ From ffc60894c2b4cb733050f008a8f229bb94de5745 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Feb 2018 06:05:08 -0500 Subject: [PATCH 0631/1008] Tiny optimization in BigInt::const_time_lookup --- src/lib/math/bigint/bigint.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index 28fe68f00b..caa78de452 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -314,8 +314,10 @@ void BigInt::const_time_lookup(secure_vector& output, BOTAN_ASSERT(vec[i].size() >= words, "Word size as expected in const_time_lookup"); + const word mask = CT::is_equal(i, idx); + for(size_t w = 0; w != words; ++w) - output[w] |= CT::select(CT::is_equal(i, idx), vec[i].word_at(w), 0); + output[w] |= CT::select(mask, vec[i].word_at(w), 0); } CT::unpoison(idx); From f8744562284897c18d2c02102191a77de1a2afa0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Feb 2018 06:05:20 -0500 Subject: [PATCH 0632/1008] Enable VirtualLock on MinGW builds For some reason one of the blocks was guarded to be MSVC only, but it works fine on MinGW also. --- src/lib/utils/os_utils.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 0f3ab7a326..57439e8ca1 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -245,7 +245,7 @@ size_t OS::get_memory_locking_limit() return 0; #endif -#elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) +#elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) SIZE_T working_min = 0, working_max = 0; DWORD working_flags = 0; if(!::GetProcessWorkingSetSizeEx(::GetCurrentProcess(), &working_min, &working_max, &working_flags)) @@ -317,7 +317,7 @@ void* OS::allocate_locked_pages(size_t length) ::memset(ptr, 0, length); return ptr; -#elif defined BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK +#elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) LPVOID ptr = ::VirtualAlloc(nullptr, length, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); if(!ptr) { From b558340da83e2fadc14ac25eb95d3bbac5c973a6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Feb 2018 05:21:34 -0500 Subject: [PATCH 0633/1008] Use enums for TLS key exchange group params --- src/lib/tls/msg_client_hello.cpp | 24 +++-- src/lib/tls/msg_client_kex.cpp | 19 ++-- src/lib/tls/msg_server_kex.cpp | 47 ++++----- src/lib/tls/tls_algos.cpp | 37 +++++++ src/lib/tls/tls_algos.h | 4 + src/lib/tls/tls_extensions.cpp | 66 ++++++------- src/lib/tls/tls_extensions.h | 26 +++-- src/lib/tls/tls_messages.h | 4 +- src/lib/tls/tls_policy.cpp | 132 +++++++++++-------------- src/lib/tls/tls_policy.h | 69 +++++-------- src/lib/tls/tls_server.cpp | 2 +- src/lib/tls/tls_text_policy.cpp | 40 +++++--- src/tests/data/tls-policy/bsi.txt | 41 ++++---- src/tests/data/tls-policy/compat.txt | 3 +- src/tests/data/tls-policy/datagram.txt | 2 +- src/tests/data/tls-policy/default.txt | 3 +- src/tests/data/tls-policy/strict.txt | 3 +- src/tests/data/tls-policy/suiteb.txt | 4 +- src/tests/test_tls.cpp | 11 ++- src/tests/unit_tls.cpp | 19 ++-- 20 files changed, 290 insertions(+), 266 deletions(-) diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 158238de20..a9da82f070 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -129,14 +129,15 @@ Client_Hello::Client_Hello(Handshake_IO& io, } #endif - Supported_Groups* supported_groups = new Supported_Groups(policy.allowed_groups()); - m_extensions.add(supported_groups); + std::unique_ptr supported_groups(new Supported_Groups(policy.key_exchange_groups())); - if(!supported_groups->curves().empty()) + if(supported_groups->ec_groups().size() > 0) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } + m_extensions.add(supported_groups.release()); + cb.tls_modify_extensions(m_extensions, CLIENT); if(policy.send_fallback_scsv(client_settings.protocol_version())) @@ -175,13 +176,16 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Renegotiation_Extension(reneg_info)); m_extensions.add(new Server_Name_Indicator(session.server_info().hostname())); m_extensions.add(new Session_Ticket(session.session_ticket())); - m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves())); - if(!policy.allowed_ecc_curves().empty()) + std::unique_ptr supported_groups(new Supported_Groups(policy.key_exchange_groups())); + + if(supported_groups->ec_groups().size() > 0) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } + m_extensions.add(supported_groups.release()); + if(session.supports_encrypt_then_mac()) m_extensions.add(new Encrypt_then_MAC); @@ -324,18 +328,18 @@ std::vector Client_Hello::signature_schemes() const return schemes; } -std::vector Client_Hello::supported_ecc_curves() const +std::vector Client_Hello::supported_ecc_curves() const { if(Supported_Groups* groups = m_extensions.get()) - return groups->curves(); - return std::vector(); + return groups->ec_groups(); + return std::vector(); } -std::vector Client_Hello::supported_dh_groups() const +std::vector Client_Hello::supported_dh_groups() const { if(Supported_Groups* groups = m_extensions.get()) return groups->dh_groups(); - return std::vector(); + return std::vector(); } bool Client_Hello::prefers_compressed_ec_points() const diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 6e767d4d60..b94e9839e3 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -112,30 +112,31 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, kex_algo == Kex_Algo::ECDHE_PSK) { const uint8_t curve_type = reader.get_byte(); - if(curve_type != 3) throw Decoding_Error("Server sent non-named ECC curve"); const uint16_t curve_id = reader.get_uint16_t(); + const std::vector peer_public_value = reader.get_range(1, 1, 255); - const std::string curve_name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); - - if(curve_name == "") - throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id)); - - if(!policy.allowed_ecc_curve(curve_name)) + if(policy.choose_key_exchange_group({static_cast(curve_id)}) == Group_Params::NONE) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Server sent ECC curve prohibited by policy"); } - const std::vector peer_public_value = reader.get_range(1, 1, 255); - const std::pair, std::vector> ecdh_result = + const std::string curve_name = Supported_Groups::curve_id_to_name(curve_id); + + if(curve_name == "") + throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id)); + + const std::pair, std::vector> ecdh_result = state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng, state.server_hello()->prefers_compressed_ec_points()); if(kex_algo == Kex_Algo::ECDH) + { m_pre_master = ecdh_result.first; + } else { append_tls_length_value(m_pre_master, ecdh_result.first, 2); diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 56ff3017f7..4cb204c683 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -57,27 +57,31 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, if(kex_algo == Kex_Algo::DH || kex_algo == Kex_Algo::DHE_PSK) { - const std::vector& dh_groups = - state.client_hello()->supported_dh_groups(); + const std::vector dh_groups = state.client_hello()->supported_dh_groups(); - std::string group_name; + Group_Params shared_group = Group_Params::NONE; - // if the client does not send any DH groups in - // the supported groups extension, but does offer DH ciphersuites, - // we select a group arbitrarily - if (dh_groups.empty()) + /* + If the client does not send any DH groups in the supported groups + extension, but does offer DH ciphersuites, we select a group arbitrarily + */ + + if(dh_groups.empty()) { - group_name = policy.dh_group(); + shared_group = policy.default_dh_group(); } else { - group_name = policy.choose_dh_group(dh_groups); + shared_group = policy.choose_key_exchange_group(dh_groups); } - if (group_name.empty()) + if(shared_group == Group_Params::NONE) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Could not agree on a DH group with the client"); + BOTAN_ASSERT(group_param_is_dh(shared_group), "DH groups for the DH ciphersuites god"); + + const std::string group_name = group_param_to_string(shared_group); std::unique_ptr dh(new DH_PrivateKey(rng, DL_Group(group_name))); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); @@ -87,25 +91,19 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, } else if(kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { - const std::vector& curves = - state.client_hello()->supported_ecc_curves(); + const std::vector ec_groups = state.client_hello()->supported_ecc_curves(); - if(curves.empty()) + if(ec_groups.empty()) throw Internal_Error("Client sent no ECC extension but we negotiated ECDH"); - const std::string curve_name = policy.choose_curve(curves); - - if(curve_name == "") - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Could not agree on an ECC curve with the client"); + Group_Params shared_group = policy.choose_key_exchange_group(ec_groups); - const uint16_t named_curve_id = Supported_Elliptic_Curves::name_to_curve_id(curve_name); - if(named_curve_id == 0) - throw Internal_Error("TLS does not support ECC with " + curve_name); + if(shared_group == Group_Params::NONE) + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "No shared ECC group with client"); std::vector ecdh_public_val; - if(curve_name == "x25519") + if(shared_group == Group_Params::X25519) { #if defined(BOTAN_HAS_CURVE_25519) std::unique_ptr x25519(new Curve25519_PrivateKey(rng)); @@ -117,6 +115,10 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, } else { + Group_Params curve = policy.choose_key_exchange_group(ec_groups); + + const std::string curve_name = group_param_to_string(curve); + EC_Group ec_group(curve_name); std::unique_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); @@ -128,6 +130,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, m_kex_key.reset(ecdh.release()); } + const uint16_t named_curve_id = static_cast(shared_group); m_params.push_back(3); // named curve m_params.push_back(get_byte(0, named_curve_id)); m_params.push_back(get_byte(1, named_curve_id)); diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index 33b00d5192..ce32963b78 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -115,6 +115,43 @@ Auth_Method auth_method_from_string(const std::string& str) throw Invalid_Argument("Bad signature method " + str); } +bool group_param_is_dh(Group_Params group) + { + uint16_t group_id = static_cast(group); + return (group_id >= 256 && group_id < 512); + } + +Group_Params group_param_from_string(const std::string& group_name) + { + if(group_name == "secp256r1") + return Group_Params::SECP256R1; + if(group_name == "secp384r1") + return Group_Params::SECP384R1; + if(group_name == "secp521r1") + return Group_Params::SECP521R1; + if(group_name == "brainpool256r1") + return Group_Params::BRAINPOOL256R1; + if(group_name == "brainpool384r1") + return Group_Params::BRAINPOOL384R1; + if(group_name == "brainpool512r1") + return Group_Params::BRAINPOOL512R1; + if(group_name == "x25519") + return Group_Params::X25519; + + if(group_name == "ffdhe/ietf/2048") + return Group_Params::FFDHE_2048; + if(group_name == "ffdhe/ietf/3072") + return Group_Params::FFDHE_3072; + if(group_name == "ffdhe/ietf/4096") + return Group_Params::FFDHE_4096; + if(group_name == "ffdhe/ietf/6144") + return Group_Params::FFDHE_6144; + if(group_name == "ffdhe/ietf/8192") + return Group_Params::FFDHE_8192; + + return Group_Params::NONE; // unknown + } + std::string group_param_to_string(Group_Params group) { switch(group) diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h index 4f7a35ec8e..9ad1a7a854 100644 --- a/src/lib/tls/tls_algos.h +++ b/src/lib/tls/tls_algos.h @@ -118,6 +118,8 @@ std::string signature_algorithm_of_scheme(Signature_Scheme scheme); * Matches with wire encoding */ enum class Group_Params : uint16_t { + NONE = 0, + SECP256R1 = 23, SECP384R1 = 24, SECP521R1 = 25, @@ -139,6 +141,8 @@ enum class Group_Params : uint16_t { }; std::string group_param_to_string(Group_Params group); +Group_Params group_param_from_string(const std::string& group_name); +bool group_param_is_dh(Group_Params group); enum class Kex_Algo { STATIC_RSA, diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 6d69d7b45e..f796a39dfc 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -28,8 +28,8 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size) return new SRP_Identifier(reader, size); #endif - case TLSEXT_USABLE_ELLIPTIC_CURVES: - return new Supported_Elliptic_Curves(reader, size); + case TLSEXT_SUPPORTED_GROUPS: + return new Supported_Groups(reader, size); case TLSEXT_CERT_STATUS_REQUEST: return new Certificate_Status_Request(reader, size); @@ -295,20 +295,30 @@ std::vector Application_Layer_Protocol_Notification::serialize() const return buf; } -Supported_Groups::Supported_Groups(const std::vector& groups) : - m_groups(groups) +Supported_Groups::Supported_Groups(const std::vector& groups) : m_groups(groups) { - for(const auto& group : m_groups) + } + +std::vector Supported_Groups::ec_groups() const + { + std::vector ec; + for(auto g : m_groups) { - if(is_dh_group(group)) - { - m_dh_groups.push_back(group); - } - else - { - m_curves.push_back(group); - } + if(group_param_is_dh(g) == false) + ec.push_back(g); } + return ec; + } + +std::vector Supported_Groups::dh_groups() const + { + std::vector dh; + for(auto g : m_groups) + { + if(group_param_is_dh(g) == true) + dh.push_back(g); + } + return dh; } std::string Supported_Groups::curve_id_to_name(uint16_t id) @@ -409,9 +419,9 @@ std::vector Supported_Groups::serialize() const { std::vector buf(2); - for(size_t i = 0; i != m_groups.size(); ++i) + for(auto g : m_groups) { - const uint16_t id = name_to_curve_id(m_groups[i]); + const uint16_t id = static_cast(g); if(id > 0) { @@ -427,9 +437,9 @@ std::vector Supported_Groups::serialize() const } Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, - uint16_t extension_size) + uint16_t extension_size) { - uint16_t len = reader.get_uint16_t(); + const uint16_t len = reader.get_uint16_t(); if(len + 2 != extension_size) throw Decoding_Error("Inconsistent length field in supported groups list"); @@ -437,28 +447,10 @@ Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, if(len % 2 == 1) throw Decoding_Error("Supported groups list of strange size"); - len /= 2; - - for(size_t i = 0; i != len; ++i) + for(size_t i = 0; i != len / 2; ++i) { const uint16_t id = reader.get_uint16_t(); - const Group_Params group_id = static_cast(id); - - const bool is_dh = (id >= 256 && id <= 511); - const std::string name = group_param_to_string(group_id); - - if(!name.empty()) - { - m_groups.push_back(name); - if(is_dh) - { - m_dh_groups.push_back(name); - } - else - { - m_curves.push_back(name); - } - } + m_groups.push_back(static_cast(id)); } } diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index a1ed3f8583..27917a1451 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -1,8 +1,8 @@ /* * TLS Extensions -* (C) 2011,2012,2016 Jack Lloyd -* 2016 Juraj Somorovsky -* 2016 Matthias Gierlings +* (C) 2011,2012,2016,2018 Jack Lloyd +* (C) 2016 Juraj Somorovsky +* (C) 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -29,7 +29,7 @@ enum Handshake_Extension_Type { TLSEXT_CERT_STATUS_REQUEST = 5, TLSEXT_CERTIFICATE_TYPES = 9, - TLSEXT_USABLE_ELLIPTIC_CURVES = 10, + TLSEXT_SUPPORTED_GROUPS = 10, TLSEXT_EC_POINT_FORMATS = 11, TLSEXT_SRP_IDENTIFIER = 12, TLSEXT_SIGNATURE_ALGORITHMS = 13, @@ -234,34 +234,32 @@ class Supported_Groups final : public Extension { public: static Handshake_Extension_Type static_type() - { return TLSEXT_USABLE_ELLIPTIC_CURVES; } + { return TLSEXT_SUPPORTED_GROUPS; } Handshake_Extension_Type type() const override { return static_type(); } static std::string curve_id_to_name(uint16_t id); static uint16_t name_to_curve_id(const std::string& name); - static bool is_dh_group( const std::string& group_name ); + static bool is_dh_group(const std::string& group_name); - const std::vector& curves() const { return m_curves; } - const std::vector& dh_groups() const { return m_dh_groups; } + std::vector ec_groups() const; + std::vector dh_groups() const; std::vector serialize() const override; - explicit Supported_Groups(const std::vector& groups); + explicit Supported_Groups(const std::vector& groups); Supported_Groups(TLS_Data_Reader& reader, - uint16_t extension_size); + uint16_t extension_size); bool empty() const override { return m_groups.empty(); } private: - std::vector m_groups; - std::vector m_curves; - std::vector m_dh_groups; + std::vector m_groups; }; // previously Supported Elliptic Curves Extension (RFC 4492) -using Supported_Elliptic_Curves = Supported_Groups; +//using Supported_Elliptic_Curves = Supported_Groups; /** * Supported Point Formats Extension (RFC 4492) diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 03b07fe27c..98c46dfa8d 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -106,9 +106,9 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message std::vector signature_schemes() const; - std::vector supported_ecc_curves() const; + std::vector supported_ecc_curves() const; - std::vector supported_dh_groups() const; + std::vector supported_dh_groups() const; bool prefers_compressed_ec_points() const; diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 2c63aa8400..7fd7af2359 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -9,9 +9,8 @@ #include #include -#include +#include #include -#include #include #include #include @@ -123,90 +122,58 @@ bool Policy::allowed_signature_hash(const std::string& sig_hash) const return value_exists(allowed_signature_hashes(), sig_hash); } -std::vector Policy::allowed_ecc_curves() const - { - // Default list is ordered by performance - - return { - "x25519", - "secp256r1", - "secp521r1", - "secp384r1", - "brainpool256r1", - "brainpool384r1", - "brainpool512r1", - }; - } - -bool Policy::allowed_ecc_curve(const std::string& curve) const - { - if(!allowed_ecc_curves().empty()) - { - return value_exists(allowed_ecc_curves(), curve); - } - return value_exists(allowed_groups(), curve); - } - bool Policy::use_ecc_point_compression() const { return false; } -/* -* Choose an ECC curve to use -*/ -std::string Policy::choose_curve(const std::vector& curve_names) const +Group_Params Policy::choose_key_exchange_group(const std::vector& peer_groups) const { - const std::vector our_groups = allowed_groups(); + if(peer_groups.empty()) + return Group_Params::NONE; - for(size_t i = 0; i != our_groups.size(); ++i) - if(!Supported_Groups::is_dh_group(our_groups[i]) - && value_exists(curve_names, our_groups[i])) - return our_groups[i]; + const std::vector our_groups = key_exchange_groups(); - return ""; // no shared curve - } - -/* -* Choose an FFDHE group to use -*/ -std::string Policy::choose_dh_group(const std::vector& dh_groups) const - { - if(dh_groups.empty()) - return dh_group(); - - const std::vector our_groups = allowed_groups(); - - for(size_t i = 0; i != our_groups.size(); ++i) - if(Supported_Groups::is_dh_group(our_groups[i]) - && value_exists(dh_groups, our_groups[i])) - return our_groups[i]; + for(auto g : our_groups) + { + if(value_exists(peer_groups, g)) + return g; + } - return ""; // no shared ffdhe group + return Group_Params::NONE; } -std::string Policy::dh_group() const +Group_Params Policy::default_dh_group() const { - // We offer 2048 bit DH because we can - return "modp/ietf/2048"; + /* + * Return the first listed or just default to 2048 + */ + for(auto g : key_exchange_groups()) + { + if(group_param_is_dh(g)) + return g; + } + + return Group_Params::FFDHE_2048; } -std::vector Policy::allowed_groups() const +std::vector Policy::key_exchange_groups() const { // Default list is ordered by performance return { - "x25519", - "secp256r1", - "secp521r1", - "secp384r1", - "brainpool256r1", - "brainpool384r1", - "brainpool512r1", - "ffdhe/ietf/2048", - "ffdhe/ietf/3072", - "ffdhe/ietf/4096", - "ffdhe/ietf/6144", - "ffdhe/ietf/8192" + Group_Params::X25519, + Group_Params::SECP256R1, + Group_Params::SECP521R1, + Group_Params::SECP384R1, + Group_Params::BRAINPOOL256R1, + Group_Params::BRAINPOOL384R1, + Group_Params::BRAINPOOL512R1, + + Group_Params::FFDHE_2048, + Group_Params::FFDHE_3072, + Group_Params::FFDHE_4096, + Group_Params::FFDHE_6144, + Group_Params::FFDHE_8192, }; } @@ -448,7 +415,7 @@ class Ciphersuite_Preference_Ordering final } std::vector Policy::ciphersuite_list(Protocol_Version version, - bool have_srp) const + bool have_srp) const { const std::vector ciphers = allowed_ciphers(); const std::vector macs = allowed_macs(); @@ -503,8 +470,11 @@ std::vector Policy::ciphersuite_list(Protocol_Version version, removal of x25519 from the ECC curve list as equivalent to saying they do not trust CECPQ1 */ - if(suite.kex_method() == Kex_Algo::CECPQ1 && allowed_ecc_curve("x25519") == false) - continue; + if(suite.kex_method() == Kex_Algo::CECPQ1) + { + if(value_exists(key_exchange_groups(), Group_Params::X25519) == false) + continue; + } // OK, consider it ciphersuites.push_back(suite); @@ -540,6 +510,20 @@ void print_vec(std::ostream& o, o << '\n'; } +void print_vec(std::ostream& o, + const char* key, + const std::vector& v) + { + o << key << " = "; + for(size_t i = 0; i != v.size(); ++i) + { + o << group_param_to_string(v[i]); + if(i != v.size() - 1) + o << ' '; + } + o << '\n'; + } + void print_bool(std::ostream& o, const char* key, bool b) { @@ -560,8 +544,7 @@ void Policy::print(std::ostream& o) const print_vec(o, "signature_hashes", allowed_signature_hashes()); print_vec(o, "signature_methods", allowed_signature_methods()); print_vec(o, "key_exchange_methods", allowed_key_exchange_methods()); - print_vec(o, "ecc_curves", allowed_ecc_curves()); - print_vec(o, "groups", allowed_groups()); + print_vec(o, "key_exchange_groups", key_exchange_groups()); print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation()); print_bool(o, "include_time_in_hello_random", include_time_in_hello_random()); @@ -571,7 +554,6 @@ void Policy::print(std::ostream& o) const print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac()); print_bool(o, "support_cert_status_message", support_cert_status_message()); o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n'; - o << "dh_group = " << dh_group() << '\n'; o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n'; o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n'; o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n'; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index a3d1752016..c483770f80 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -81,23 +81,10 @@ class BOTAN_PUBLIC_API(2,0) Policy bool allowed_signature_hash(const std::string& hash) const; /** - * Return list of ECC curves we are willing to use in order of preference. - * Allowed values: x25519, secp256r1, secp384r1, secp521r1, - * brainpool256r1, brainpool384r1, brainpool512r1 + * Return list of ECC curves and FFDHE groups we are willing to + * use in order of preference. */ - virtual std::vector allowed_ecc_curves() const; - - bool allowed_ecc_curve(const std::string& curve) const; - - /** - * Return list of ECC curves and FFDHE groups - * we are willing to use in order of preference. - * Allowed values: x25519, secp256r1, secp384r1, secp521r1, - * brainpool256r1, brainpool384r1, brainpool512r1, - * ffdhe/ietf/2048, ffdhe/ietf/3072, ffdhe/ietf/4096, - * ffdhe/ietf/6144, ffdhe/ietf/8192 - */ - virtual std::vector allowed_groups() const; + virtual std::vector key_exchange_groups() const; /** * Request that ECC curve points are sent compressed @@ -105,14 +92,10 @@ class BOTAN_PUBLIC_API(2,0) Policy virtual bool use_ecc_point_compression() const; /** - * Choose an elliptic curve to use - */ - virtual std::string choose_curve(const std::vector& curve_names) const; - - /** - * Choose an FFHDE group to use + * Select a key exchange group to use, from the list of groups sent by the + * peer. If none are acceptable, return Group_Params::NONE */ - virtual std::string choose_dh_group(const std::vector& dh_group_names) const; + virtual Group_Params choose_key_exchange_group(const std::vector& peer_groups) const; /** * Allow renegotiation even if the counterparty doesn't @@ -166,7 +149,7 @@ class BOTAN_PUBLIC_API(2,0) Policy */ virtual bool allow_dtls12() const; - virtual std::string dh_group() const; + virtual Group_Params default_dh_group() const; /** * Return the minimum DH group size we're willing to use @@ -291,7 +274,7 @@ class BOTAN_PUBLIC_API(2,0) Policy * Return allowed ciphersuites, in order of preference */ virtual std::vector ciphersuite_list(Protocol_Version version, - bool have_srp) const; + bool have_srp) const; /** * @return the default MTU for DTLS @@ -323,6 +306,8 @@ class BOTAN_PUBLIC_API(2,0) Policy virtual ~Policy() = default; }; +typedef Policy Default_Policy; + /** * NSA Suite B 128-bit security level (RFC 6460) */ @@ -344,11 +329,8 @@ class BOTAN_PUBLIC_API(2,0) NSA_Suite_B_128 : public Policy std::vector allowed_signature_methods() const override { return std::vector({"ECDSA"}); } - std::vector allowed_ecc_curves() const override - { return std::vector({"secp256r1"}); } - - std::vector allowed_groups() const override - { return allowed_ecc_curves(); } + std::vector key_exchange_groups() const override + { return {Group_Params::SECP256R1}; } size_t minimum_signature_strength() const override { return 128; } @@ -390,15 +372,20 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy return std::vector({"ECDSA", "RSA", "DSA"}); } - std::vector allowed_ecc_curves() const override + std::vector key_exchange_groups() const override { - return std::vector({"brainpool512r1", "brainpool384r1", "brainpool256r1", "secp384r1", "secp256r1"}); - } - - std::vector allowed_groups() const override - { - return std::vector({"brainpool512r1", "brainpool384r1", "brainpool256r1", "secp384r1", - "secp256r1", "ffdhe/ietf/8192", "ffdhe/ietf/6144", "ffdhe/ietf/4096", "ffdhe/ietf/3072", "ffdhe/ietf/2048"}); + return std::vector({ + Group_Params::BRAINPOOL512R1, + Group_Params::BRAINPOOL384R1, + Group_Params::BRAINPOOL256R1, + Group_Params::SECP384R1, + Group_Params::SECP256R1, + Group_Params::FFDHE_8192, + Group_Params::FFDHE_6144, + Group_Params::FFDHE_4096, + Group_Params::FFDHE_3072, + Group_Params::FFDHE_2048 + }); } bool allow_insecure_renegotiation() const override { return false; } @@ -475,9 +462,7 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy std::vector allowed_signature_methods() const override; - std::vector allowed_ecc_curves() const override; - - std::vector allowed_groups() const override; + std::vector key_exchange_groups() const; bool use_ecc_point_compression() const override; @@ -504,8 +489,6 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy bool support_cert_status_message() const override; - std::string dh_group() const override; - size_t minimum_ecdh_group_size() const override; size_t minimum_ecdsa_group_size() const override; diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 61a360ba9c..b4e74c7756 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -166,7 +166,7 @@ uint16_t choose_ciphersuite( "Policy forbids us from negotiating any ciphersuite"); const bool have_shared_ecc_curve = - (policy.choose_curve(client_hello.supported_ecc_curves()) != ""); + (policy.choose_key_exchange_group(client_hello.supported_ecc_curves()) != Group_Params::NONE); /* Walk down one list in preference order diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 97a6da31a3..28783a430a 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -40,11 +40,6 @@ std::vector Text_Policy::allowed_signature_methods() const return get_list("signature_methods", Policy::allowed_signature_methods()); } -std::vector Text_Policy::allowed_ecc_curves() const - { - return get_list("ecc_curves", Policy::allowed_ecc_curves()); - } - bool Text_Policy::use_ecc_point_compression() const { return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression()); @@ -89,6 +84,7 @@ bool Text_Policy::allow_client_initiated_renegotiation() const { return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation()); } + bool Text_Policy::allow_server_initiated_renegotiation() const { return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation()); @@ -109,14 +105,36 @@ bool Text_Policy::support_cert_status_message() const return get_bool("support_cert_status_message", Policy::support_cert_status_message()); } -std::string Text_Policy::dh_group() const +std::vector Text_Policy::key_exchange_groups() const { - return get_str("dh_group", Policy::dh_group()); - } + std::string group_str = get_str("key_exchange_groups"); -std::vector Text_Policy::allowed_groups() const - { - return get_list("groups", Policy::allowed_groups()); + if(group_str.empty()) + { + // fall back to previously used name + group_str = get_str("ecc_curves"); + } + + if(group_str.empty()) + { + return Policy::key_exchange_groups(); + } + + std::vector groups; + for(std::string group_name : split_on(group_str, ' ')) + { + Group_Params group_id = group_param_from_string(group_name); + + if(group_id == Group_Params::NONE) + { + // TODO accept hex codes in text file + continue; + } + + groups.push_back(group_id); + } + + return groups; } size_t Text_Policy::minimum_ecdh_group_size() const diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index 9879b87f57..c627774723 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -1,23 +1,22 @@ -allow_tls10=false -allow_tls11=false -allow_tls12=true -allow_dtls10=false -allow_dtls12=false +allow_tls10 = false +allow_tls11 = false +allow_tls12 = true +allow_dtls10 = false +allow_dtls12 = false -ciphers=AES-256/GCM AES-128/GCM AES-256 AES-128 -signature_hashes=SHA-384 SHA-256 -macs=AEAD SHA-384 SHA-256 -key_exchange_methods=ECDH DH PSK ECDHE_PSK DHE_PSK -signature_methods=ECDSA RSA DSA -ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 -groups=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 -minimum_dh_group_size=2000 -minimum_dsa_group_size=2000 -minimum_ecdh_group_size=250 -minimum_ecdsa_group_size=250 -minimum_rsa_bits=2000 +ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 +signature_hashes = SHA-384 SHA-256 +macs = AEAD SHA-384 SHA-256 +key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK +signature_methods = ECDSA RSA DSA +key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 +minimum_dh_group_size = 2000 +minimum_dsa_group_size = 2000 +minimum_ecdh_group_size = 250 +minimum_ecdsa_group_size = 250 +minimum_rsa_bits = 2000 -allow_insecure_renegotiation=false -allow_server_initiated_renegotiation=true -server_uses_own_ciphersuite_preferences=true -negotiate_encrypt_then_mac=true +allow_insecure_renegotiation = false +allow_server_initiated_renegotiation = true +server_uses_own_ciphersuite_preferences = true +negotiate_encrypt_then_mac = true diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt index 473453ab05..cd419e91af 100644 --- a/src/tests/data/tls-policy/compat.txt +++ b/src/tests/data/tls-policy/compat.txt @@ -14,7 +14,7 @@ macs = AEAD SHA-256 SHA-384 SHA-1 signature_hashes = SHA-512 SHA-384 SHA-256 SHA-1 signature_methods = ECDSA RSA IMPLICIT key_exchange_methods = CECPQ1 ECDH DH RSA -ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 +key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 allow_insecure_renegotiation = false include_time_in_hello_random = true allow_client_initiated_renegotiation = true @@ -23,7 +23,6 @@ hide_unknown_users = false server_uses_own_ciphersuite_preferences = true negotiate_encrypt_then_mac = true session_ticket_lifetime = 86400 -dh_group = modp/ietf/1024 minimum_dh_group_size = 1024 minimum_ecdh_group_size = 255 minimum_rsa_bits = 1024 diff --git a/src/tests/data/tls-policy/datagram.txt b/src/tests/data/tls-policy/datagram.txt index 6a9819afff..d6071a9062 100644 --- a/src/tests/data/tls-policy/datagram.txt +++ b/src/tests/data/tls-policy/datagram.txt @@ -8,7 +8,7 @@ macs = AEAD signature_hashes = SHA-512 SHA-384 SHA-256 signature_methods = ECDSA RSA key_exchange_methods = CECPQ1 ECDH DH -ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 +key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192 allow_insecure_renegotiation = false include_time_in_hello_random = true allow_server_initiated_renegotiation = false diff --git a/src/tests/data/tls-policy/default.txt b/src/tests/data/tls-policy/default.txt index c96f91d96a..0cf3dbbf8e 100644 --- a/src/tests/data/tls-policy/default.txt +++ b/src/tests/data/tls-policy/default.txt @@ -8,7 +8,7 @@ macs = AEAD SHA-256 SHA-384 SHA-1 signature_hashes = SHA-512 SHA-384 SHA-256 signature_methods = ECDSA RSA key_exchange_methods = CECPQ1 ECDH DH -ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 +key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192 allow_insecure_renegotiation = false include_time_in_hello_random = true allow_server_initiated_renegotiation = false @@ -16,7 +16,6 @@ hide_unknown_users = false server_uses_own_ciphersuite_preferences = true negotiate_encrypt_then_mac = true session_ticket_lifetime = 86400 -dh_group = modp/ietf/2048 minimum_dh_group_size = 2048 minimum_ecdh_group_size = 255 minimum_rsa_bits = 2048 diff --git a/src/tests/data/tls-policy/strict.txt b/src/tests/data/tls-policy/strict.txt index f59aaf2712..7cb55bb838 100644 --- a/src/tests/data/tls-policy/strict.txt +++ b/src/tests/data/tls-policy/strict.txt @@ -8,7 +8,7 @@ macs = AEAD signature_hashes = SHA-512 SHA-384 signature_methods = ECDSA RSA key_exchange_methods = CECPQ1 ECDH -ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 +key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192 allow_insecure_renegotiation = false include_time_in_hello_random = true allow_server_initiated_renegotiation = false @@ -16,7 +16,6 @@ hide_unknown_users = false server_uses_own_ciphersuite_preferences = true negotiate_encrypt_then_mac = true session_ticket_lifetime = 86400 -dh_group = modp/ietf/2048 minimum_dh_group_size = 2048 minimum_ecdh_group_size = 255 minimum_rsa_bits = 2048 diff --git a/src/tests/data/tls-policy/suiteb.txt b/src/tests/data/tls-policy/suiteb.txt index 7c0b3e7d8e..90ef68f4a8 100644 --- a/src/tests/data/tls-policy/suiteb.txt +++ b/src/tests/data/tls-policy/suiteb.txt @@ -8,7 +8,7 @@ macs = AEAD signature_hashes = SHA-256 signature_methods = ECDSA key_exchange_methods = ECDH -ecc_curves = secp256r1 +key_exchange_groups = secp256r1 allow_insecure_renegotiation = false include_time_in_hello_random = true allow_server_initiated_renegotiation = false @@ -16,8 +16,6 @@ hide_unknown_users = false server_uses_own_ciphersuite_preferences = true negotiate_encrypt_then_mac = true session_ticket_lifetime = 86400 -dh_group = modp/ietf/2048 -groups = secp256r1 minimum_dh_group_size = 2048 minimum_ecdh_group_size = 255 minimum_rsa_bits = 2048 diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index 4762653ac3..728c137351 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -108,7 +108,7 @@ class Test_TLS_Alert_Strings : public Test BOTAN_REGISTER_TEST("tls_alert_strings", Test_TLS_Alert_Strings); -class Test_TLS_Policy_Test : public Test +class Test_TLS_Policy_Text : public Test { public: std::vector run() override @@ -119,9 +119,10 @@ class Test_TLS_Policy_Test : public Test for(std::string policy : policies) { - result.test_eq("Values for TLS " + policy + " policy", - tls_policy_string(policy), - read_tls_policy(policy)); + const std::string from_policy_obj = tls_policy_string(policy); + const std::string from_file = read_tls_policy(policy); + + result.test_eq("Values for TLS " + policy + " policy", from_file, from_policy_obj); } return {result}; @@ -174,7 +175,7 @@ class Test_TLS_Policy_Test : public Test } }; -BOTAN_REGISTER_TEST("tls_policy_test", Test_TLS_Policy_Test); +BOTAN_REGISTER_TEST("tls_policy_text", Test_TLS_Policy_Text); class Test_TLS_Ciphersuites : public Test { diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 0a5739c3d7..186822d2f8 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -686,13 +686,20 @@ class TLS_Unit_Tests final : public Test { Botan::RandomNumberGenerator& rng = Test::rng(); - for(auto const& version : versions) + try { - TLS_Handshake_Test test( - version.to_string() + " " + test_descr, - version, creds, policy, policy, rng, client_ses, server_ses, client_auth); - test.go(); - results.push_back(test.results()); + for(auto const& version : versions) + { + TLS_Handshake_Test test( + version.to_string() + " " + test_descr, + version, creds, policy, policy, rng, client_ses, server_ses, client_auth); + test.go(); + results.push_back(test.results()); + } + } + catch(std::exception& e) + { + results.push_back(Test::Result::Failure(test_descr, e.what())); } } From 9ec1b8f701988603c0018bc879832afd5174114f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Feb 2018 06:42:40 -0500 Subject: [PATCH 0634/1008] Remove cruft --- src/lib/tls/msg_client_kex.cpp | 11 ++-- src/lib/tls/tls_extensions.cpp | 94 ---------------------------------- src/lib/tls/tls_extensions.h | 5 -- src/lib/tls/tls_policy.h | 20 ++++---- 4 files changed, 16 insertions(+), 114 deletions(-) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index b94e9839e3..2d0c2d0194 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -115,21 +115,22 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, if(curve_type != 3) throw Decoding_Error("Server sent non-named ECC curve"); - const uint16_t curve_id = reader.get_uint16_t(); + const Group_Params curve_id = static_cast(reader.get_uint16_t()); const std::vector peer_public_value = reader.get_range(1, 1, 255); - if(policy.choose_key_exchange_group({static_cast(curve_id)}) == Group_Params::NONE) + if(policy.choose_key_exchange_group({curve_id}) != curve_id) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Server sent ECC curve prohibited by policy"); } - const std::string curve_name = Supported_Groups::curve_id_to_name(curve_id); + const std::string curve_name = group_param_to_string(curve_id); if(curve_name == "") - throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + + std::to_string(static_cast(curve_id))); - const std::pair, std::vector> ecdh_result = + const std::pair, std::vector> ecdh_result = state.callbacks().tls_ecdh_agree(curve_name, peer_public_value, policy, rng, state.server_hello()->prefers_compressed_ec_points()); diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index f796a39dfc..e77de9c5e1 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -321,100 +321,6 @@ std::vector Supported_Groups::dh_groups() const return dh; } -std::string Supported_Groups::curve_id_to_name(uint16_t id) - { - switch(id) - { - case 23: - return "secp256r1"; - case 24: - return "secp384r1"; - case 25: - return "secp521r1"; - case 26: - return "brainpool256r1"; - case 27: - return "brainpool384r1"; - case 28: - return "brainpool512r1"; - -#if defined(BOTAN_HAS_CURVE_25519) - case 29: - return "x25519"; -#endif - -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - case BOTAN_HOUSE_ECC_CURVE_TLS_ID: - return BOTAN_HOUSE_ECC_CURVE_NAME; -#endif - - case 256: - return "ffdhe/ietf/2048"; - case 257: - return "ffdhe/ietf/3072"; - case 258: - return "ffdhe/ietf/4096"; - case 259: - return "ffdhe/ietf/6144"; - case 260: - return "ffdhe/ietf/8192"; - - default: - return ""; // something we don't know or support - } - } - -uint16_t Supported_Groups::name_to_curve_id(const std::string& name) - { - if(name == "secp256r1") - return 23; - if(name == "secp384r1") - return 24; - if(name == "secp521r1") - return 25; - if(name == "brainpool256r1") - return 26; - if(name == "brainpool384r1") - return 27; - if(name == "brainpool512r1") - return 28; - -#if defined(BOTAN_HAS_CURVE_25519) - if(name == "x25519") - return 29; -#endif - -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(name == BOTAN_HOUSE_ECC_CURVE_NAME) - return BOTAN_HOUSE_ECC_CURVE_TLS_ID; -#endif - - if(name == "ffdhe/ietf/2048") - return 256; - if(name == "ffdhe/ietf/3072") - return 257; - if(name == "ffdhe/ietf/4096") - return 258; - if(name == "ffdhe/ietf/6144") - return 259; - if(name == "ffdhe/ietf/8192") - return 260; - - // Unknown/unavailable DH groups/EC curves are ignored - return 0; - } - -bool Supported_Groups::is_dh_group( const std::string& group_name ) - { - if(group_name == "ffdhe/ietf/2048" || group_name == "ffdhe/ietf/3072" - || group_name == "ffdhe/ietf/4096" || group_name == "ffdhe/ietf/6144" - || group_name == "ffdhe/ietf/8192") - { - return true; - } - return false; - } - std::vector Supported_Groups::serialize() const { std::vector buf(2); diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index 27917a1451..f87c07f2e9 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -238,11 +238,6 @@ class Supported_Groups final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - static std::string curve_id_to_name(uint16_t id); - static uint16_t name_to_curve_id(const std::string& name); - - static bool is_dh_group(const std::string& group_name); - std::vector ec_groups() const; std::vector dh_groups() const; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index c483770f80..615e1674b1 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -376,16 +376,16 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy { return std::vector({ Group_Params::BRAINPOOL512R1, - Group_Params::BRAINPOOL384R1, - Group_Params::BRAINPOOL256R1, - Group_Params::SECP384R1, - Group_Params::SECP256R1, - Group_Params::FFDHE_8192, - Group_Params::FFDHE_6144, - Group_Params::FFDHE_4096, - Group_Params::FFDHE_3072, - Group_Params::FFDHE_2048 - }); + Group_Params::BRAINPOOL384R1, + Group_Params::BRAINPOOL256R1, + Group_Params::SECP384R1, + Group_Params::SECP256R1, + Group_Params::FFDHE_8192, + Group_Params::FFDHE_6144, + Group_Params::FFDHE_4096, + Group_Params::FFDHE_3072, + Group_Params::FFDHE_2048 + }); } bool allow_insecure_renegotiation() const override { return false; } From 7f07e4a86c098715f93a453066ded0c1a6c63d55 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Feb 2018 06:51:49 -0500 Subject: [PATCH 0635/1008] Add callback for decoding TLS group params --- src/lib/tls/msg_client_kex.cpp | 2 +- src/lib/tls/msg_server_kex.cpp | 4 ++-- src/lib/tls/tls_callbacks.cpp | 6 ++++++ src/lib/tls/tls_callbacks.h | 11 +++++++++++ 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 2d0c2d0194..b3dff072ec 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -124,7 +124,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, "Server sent ECC curve prohibited by policy"); } - const std::string curve_name = group_param_to_string(curve_id); + const std::string curve_name = state.callbacks().tls_decode_group_param(curve_id); if(curve_name == "") throw Decoding_Error("Server sent unknown named curve " + diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 4cb204c683..1b42cba999 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -81,7 +81,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, BOTAN_ASSERT(group_param_is_dh(shared_group), "DH groups for the DH ciphersuites god"); - const std::string group_name = group_param_to_string(shared_group); + const std::string group_name = state.callbacks().tls_decode_group_param(shared_group); std::unique_ptr dh(new DH_PrivateKey(rng, DL_Group(group_name))); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); @@ -117,7 +117,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, { Group_Params curve = policy.choose_key_exchange_group(ec_groups); - const std::string curve_name = group_param_to_string(curve); + const std::string curve_name = state.callbacks().tls_decode_group_param(curve); EC_Group ec_group(curve_name); std::unique_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index b3b1b79bb6..6919c36cad 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -8,6 +8,7 @@ #include #include +#include #include #include #include @@ -40,6 +41,11 @@ void TLS::Callbacks::tls_examine_extensions(const Extensions&, Connection_Side) { } +std::string TLS::Callbacks::tls_decode_group_param(Group_Params group_param) + { + return group_param_to_string(group_param); + } + void TLS::Callbacks::tls_verify_cert_chain( const std::vector& cert_chain, const std::vector>& ocsp_responses, diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index dd6ad2d4b9..88e502e891 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -283,6 +283,17 @@ class BOTAN_PUBLIC_API(2,0) Callbacks */ virtual void tls_examine_extensions(const Extensions& extn, Connection_Side which_side); + /** + * Optional callback: decode TLS group ID + * + * TLS uses a 16-bit field to identify ECC and DH groups. This callback + * handles the decoding. You only need to implement this if you are using + * a custom ECC or DH group (this is extremely uncommon). + * + * Default implementation uses the standard (IETF-defined) mappings. + */ + virtual std::string tls_decode_group_param(Group_Params group_param); + /** * Optional callback: error logging. (not currently called) * @param err An error message related to this connection. From af6b860d327e523503da694a7dca9316b6501e34 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Feb 2018 07:31:33 -0500 Subject: [PATCH 0636/1008] Add a test of TLS handshake with custom curve (secp112r1 in this case) --- src/lib/tls/tls_text_policy.cpp | 25 +++++++++++++++++++---- src/tests/unit_tls.cpp | 36 ++++++++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 9 deletions(-) diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 28783a430a..5c7a4b278a 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -112,7 +112,7 @@ std::vector Text_Policy::key_exchange_groups() const if(group_str.empty()) { // fall back to previously used name - group_str = get_str("ecc_curves"); + group_str = get_str("groups"); } if(group_str.empty()) @@ -127,11 +127,28 @@ std::vector Text_Policy::key_exchange_groups() const if(group_id == Group_Params::NONE) { - // TODO accept hex codes in text file - continue; + try + { + size_t consumed = 0; + unsigned long ll_id = std::stoul(group_name, &consumed, 0); + if(consumed != group_name.size()) + continue; // some other cruft + + const uint16_t id = static_cast(ll_id); + + if(id != ll_id) + continue; // integer too large + + group_id = static_cast(id); + } + catch(...) + { + continue; + } } - groups.push_back(group_id); + if(group_id != Group_Params::NONE) + groups.push_back(group_id); } return groups; diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 186822d2f8..9d95a199a1 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -21,6 +21,7 @@ #include #include + #include #include #include #include @@ -443,6 +444,14 @@ class TLS_Handshake_Test final return "test/3"; } + virtual std::string tls_decode_group_param(Botan::TLS::Group_Params group_param) + { + if(static_cast(group_param) == 0xFEE1) + return "secp112r1"; + + return Botan::TLS::Callbacks::tls_decode_group_param(group_param); + } + private: Test::Result& m_results; const Botan::TLS::Protocol_Version m_expected_version; @@ -953,11 +962,28 @@ class TLS_Unit_Tests final : public Test test_modern_versions("AES-128 DHE_PSK", results, *client_ses, *server_ses, *creds, "DHE_PSK", "AES-128", "SHA-1"); #endif -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - test_modern_versions("AES-128/GCM house curve", - results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", - { { "groups", BOTAN_HOUSE_ECC_CURVE_NAME } }); -#endif + // Test with a custom curve + + /* + * First register a curve, in this case secp112r1 + */ + const Botan::BigInt p("0xDB7C2ABF62E35E668076BEAD208B"); + const Botan::BigInt a("0xDB7C2ABF62E35E668076BEAD2088"); + const Botan::BigInt b("0x659EF8BA043916EEDE8911702B22"); + + const Botan::BigInt g_x("0x09487239995A5EE76B55F9C2F098"); + const Botan::BigInt g_y("0xA89CE5AF8724C0A23E0E0FF77500"); + const Botan::BigInt order("0xDB7C2ABF62E35E7628DFAC6561C5"); + + const Botan::OID oid("1.3.132.0.6"); + + // Creating this object implicitly registers the curve for future use ... + Botan::EC_Group reg_secp112r1(p, a, b, g_x, g_y, order, 1, oid); + + Botan::OIDS::add_oid(oid, "secp112r1"); + + test_modern_versions("AES-256/GCM secp112r1", results, *client_ses, *server_ses, *creds, "ECDH", "AES-256/GCM", "AEAD", + { { "groups", "0xFEE1" }, { "minimum_ecdh_group_size", "112" } }); return results; } From 2a9e0a9cd5aacdb74cb12e0faaa9f8f5342549c7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Feb 2018 07:34:10 -0500 Subject: [PATCH 0637/1008] Remove house curve support --- configure.py | 35 ---------------------------- src/build-data/buildh.in | 4 ---- src/lib/asn1/oids.cpp | 10 -------- src/lib/pubkey/ec_group/ec_named.cpp | 3 --- src/lib/tls/tls_algos.cpp | 5 ---- src/lib/tls/tls_algos.h | 4 ---- src/scripts/oids.py | 8 ------- 7 files changed, 69 deletions(-) diff --git a/configure.py b/configure.py index eb3740345c..4555e08185 100755 --- a/configure.py +++ b/configure.py @@ -534,11 +534,6 @@ def process_command_line(args): # pylint: disable=too-many-locals install_group.add_option('--includedir', metavar='DIR', help='set the include file install dir') - misc_group = optparse.OptionGroup(parser, 'Miscellaneous options') - - misc_group.add_option('--house-curve', metavar='STRING', dest='house_curve', - help='a custom in-house curve of the format: curve.pem,NAME,OID,CURVEID') - info_group = optparse.OptionGroup(parser, 'Informational') info_group.add_option('--list-modules', dest='list_modules', @@ -554,7 +549,6 @@ def process_command_line(args): # pylint: disable=too-many-locals parser.add_option_group(docs_group) parser.add_option_group(mods_group) parser.add_option_group(install_group) - parser.add_option_group(misc_group) parser.add_option_group(info_group) # These exist only for autoconf compatibility (requested by zw for mtn) @@ -1636,34 +1630,6 @@ def _build_info(sources, objects, target_type): return out -def house_ecc_curve_macros(house_curve): - def _read_pem(filepath): - try: - with open(filepath) as f: - lines = [line.rstrip() for line in f] - except IOError: - raise UserError("Error reading file '%s'" % filepath) - - for ndx, _ in enumerate(lines): - lines[ndx] = ' \"%s\"' % lines[ndx] - return "\\\n" + ' \\\n'.join(lines) - - if house_curve is None: - return [] - else: - p = house_curve.split(",") - if len(p) != 4: - raise UserError('--house-curve must have 4 comma separated parameters. See --help') - # make sure TLS curve id is in reserved for private use range (0xFE00..0xFEFF) - curve_id = int(p[3], 16) - if curve_id < 0xfe00 or curve_id > 0xfeff: - raise UserError('TLS curve ID not in reserved range (see RFC 4492)') - - return ['NAME \"' + p[1] + '\"', - 'OID \"' + p[2] + '\"', - 'PEM ' + _read_pem(filepath=p[0]), - 'TLS_ID ' + hex(curve_id)] - def create_template_vars(source_paths, build_paths, options, modules, cc, arch, osinfo): #pylint: disable=too-many-locals,too-many-branches,too-many-statements @@ -1885,7 +1851,6 @@ def choose_endian(arch_info, options): 'os_features': osinfo.enabled_features(options), 'os_name': osinfo.basename, 'cpu_features': arch.supported_isa_extensions(cc, options), - 'house_ecc_curve_defines': house_ecc_curve_macros(options.house_curve), 'fuzzer_mode': options.unsafe_fuzzer_mode, 'fuzzer_type': options.build_fuzzers.upper() if options.build_fuzzers else '', diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 9333cfb8a8..8ddf85b2b8 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -87,10 +87,6 @@ */ %{local_config} -%{for house_ecc_curve_defines} -#define BOTAN_HOUSE_ECC_CURVE_%{i} -%{endfor} - /* * Things you can edit (but probably shouldn't) */ diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index b9ba1f858f..59ce08b357 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -44,11 +44,6 @@ class OID_Map { const std::string oid_str = oid.as_string(); -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) - return BOTAN_HOUSE_ECC_CURVE_NAME; -#endif - lock_guard_type lock(m_mutex); auto i = m_oid2str.find(oid_str); @@ -60,11 +55,6 @@ class OID_Map OID lookup(const std::string& str) { -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(str == BOTAN_HOUSE_ECC_CURVE_NAME) - return OID(BOTAN_HOUSE_ECC_CURVE_OID); -#endif - lock_guard_type lock(m_mutex); auto i = m_str2oid.find(str); if(i != m_str2oid.end()) diff --git a/src/lib/pubkey/ec_group/ec_named.cpp b/src/lib/pubkey/ec_group/ec_named.cpp index cfab1fafd9..ba91b5eaaf 100644 --- a/src/lib/pubkey/ec_group/ec_named.cpp +++ b/src/lib/pubkey/ec_group/ec_named.cpp @@ -283,9 +283,6 @@ const std::set& EC_Group::known_named_groups() "gost_256A", "frp256v1", "sm2p256v1" -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - ,BOTAN_HOUSE_ECC_CURVE_NAME -#endif }; return named_groups; } diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index ce32963b78..db75bf14ec 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -182,11 +182,6 @@ std::string group_param_to_string(Group_Params group) case Group_Params::FFDHE_8192: return "ffdhe/ietf/8192"; -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - case BOTAN_HOUSE_ECC_CURVE_TLS_ID: - return BOTAN_HOUSE_ECC_CURVE_NAME; -#endif - default: return ""; } diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h index 9ad1a7a854..e0b2dabc23 100644 --- a/src/lib/tls/tls_algos.h +++ b/src/lib/tls/tls_algos.h @@ -134,10 +134,6 @@ enum class Group_Params : uint16_t { FFDHE_4096 = 258, FFDHE_6144 = 259, FFDHE_8192 = 260, - -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - HOUSE_CURVE = BOTAN_HOUSE_ECC_CURVE_TLS_ID, -#endif }; std::string group_param_to_string(Group_Params group); diff --git a/src/scripts/oids.py b/src/scripts/oids.py index 61a31a6f67..8b9d8ba3ef 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -107,10 +107,6 @@ def format_as_ifs(oid2str, str2oid): const std::string oid_str = oid.as_string(); %s -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) return BOTAN_HOUSE_ECC_CURVE_NAME; -#endif - return std::string(); } @@ -118,10 +114,6 @@ def format_as_ifs(oid2str, str2oid): { %s -#if defined(BOTAN_HOUSE_ECC_CURVE_NAME) - if(name == BOTAN_HOUSE_ECC_CURVE_NAME) return OID(BOTAN_HOUSE_ECC_CURVE_OID); -#endif - return OID(); } From 9abd3b8ac7927c40082e4e2956bdce7f5254fdea Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Feb 2018 08:44:48 -0500 Subject: [PATCH 0638/1008] Fix server use of EC point format extension In the resumption case it would use that extension for any ECC ciphersuite, but is only allowed to do so if the client sent the extension. --- src/lib/tls/msg_server_hello.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 2d5a185f0e..223bddde5c 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -121,7 +121,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } - if(resumed_session.ciphersuite().ecc_ciphersuite()) + if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS)) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } From 68a3f15c94f158c7eec258709973cc338f873edc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Feb 2018 09:30:26 -0500 Subject: [PATCH 0639/1008] Add BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS Makes such things easier to find in the future. Also adds BOTAN_NO_DEPRECATED which causes them to be private instead. --- src/build-data/buildh.in | 10 ++++++++++ src/lib/asn1/alg_id.h | 1 + src/lib/asn1/asn1_attribute.h | 1 + src/lib/asn1/asn1_obj.h | 2 +- src/lib/utils/calendar.h | 1 + 5 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 9333cfb8a8..2a0858d8c1 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -95,6 +95,16 @@ * Things you can edit (but probably shouldn't) */ +#if !defined(BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS) + + #if defined(BOTAN_NO_DEPRECATED) + #define BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS private + #else + #define BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS public + #endif + +#endif + /* How much to allocate for a buffer of no particular size */ #define BOTAN_DEFAULT_BUFFER_SIZE 1024 diff --git a/src/lib/asn1/alg_id.h b/src/lib/asn1/alg_id.h index b9af37c8a7..20541ead5b 100644 --- a/src/lib/asn1/alg_id.h +++ b/src/lib/asn1/alg_id.h @@ -37,6 +37,7 @@ class BOTAN_PUBLIC_API(2,0) AlgorithmIdentifier final : public ASN1_Object const OID& get_oid() const { return oid; } const std::vector& get_parameters() const { return parameters; } + BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: /* * These values are public for historical reasons, but in a future release * they will be made private. Do not access them. diff --git a/src/lib/asn1/asn1_attribute.h b/src/lib/asn1/asn1_attribute.h index 077850a652..b1d6885624 100644 --- a/src/lib/asn1/asn1_attribute.h +++ b/src/lib/asn1/asn1_attribute.h @@ -31,6 +31,7 @@ class BOTAN_PUBLIC_API(2,0) Attribute final : public ASN1_Object const std::vector& get_parameters() const { return parameters; } + BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: /* * These values are public for historical reasons, but in a future release * they will be made private. Do not access them. diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 814b8f4f20..5e3d156248 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -108,7 +108,7 @@ class BOTAN_PUBLIC_API(2,0) BER_Object final bool is_a(int type_tag, ASN1_Tag class_tag) const; - public: + BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: /* * The following member variables are public for historical reasons, but * will be made private in a future major release. Use the accessor diff --git a/src/lib/utils/calendar.h b/src/lib/utils/calendar.h index 3f6952524a..7c8c45d5aa 100644 --- a/src/lib/utils/calendar.h +++ b/src/lib/utils/calendar.h @@ -65,6 +65,7 @@ class BOTAN_PUBLIC_API(2,0) calendar_point */ std::string to_string() const; + BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: /* The member variables are public for historical reasons. Use the get_xxx() functions defined above. These members will be made private in a future major release. From 989ca96ca489a6367b659305d4932575800916f5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Feb 2018 09:33:20 -0500 Subject: [PATCH 0640/1008] Of course they are public member variables, not functions ... --- src/build-data/buildh.in | 6 +++--- src/lib/asn1/alg_id.h | 2 +- src/lib/asn1/asn1_attribute.h | 2 +- src/lib/asn1/asn1_obj.h | 2 +- src/lib/utils/calendar.h | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 2a0858d8c1..24eae539af 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -95,12 +95,12 @@ * Things you can edit (but probably shouldn't) */ -#if !defined(BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS) +#if !defined(BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES) #if defined(BOTAN_NO_DEPRECATED) - #define BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS private + #define BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES private #else - #define BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS public + #define BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES public #endif #endif diff --git a/src/lib/asn1/alg_id.h b/src/lib/asn1/alg_id.h index 20541ead5b..22978b847f 100644 --- a/src/lib/asn1/alg_id.h +++ b/src/lib/asn1/alg_id.h @@ -37,7 +37,7 @@ class BOTAN_PUBLIC_API(2,0) AlgorithmIdentifier final : public ASN1_Object const OID& get_oid() const { return oid; } const std::vector& get_parameters() const { return parameters; } - BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: + BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES: /* * These values are public for historical reasons, but in a future release * they will be made private. Do not access them. diff --git a/src/lib/asn1/asn1_attribute.h b/src/lib/asn1/asn1_attribute.h index b1d6885624..c9f69eb772 100644 --- a/src/lib/asn1/asn1_attribute.h +++ b/src/lib/asn1/asn1_attribute.h @@ -31,7 +31,7 @@ class BOTAN_PUBLIC_API(2,0) Attribute final : public ASN1_Object const std::vector& get_parameters() const { return parameters; } - BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: + BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES: /* * These values are public for historical reasons, but in a future release * they will be made private. Do not access them. diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 5e3d156248..2c2a3097a0 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -108,7 +108,7 @@ class BOTAN_PUBLIC_API(2,0) BER_Object final bool is_a(int type_tag, ASN1_Tag class_tag) const; - BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: + BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES: /* * The following member variables are public for historical reasons, but * will be made private in a future major release. Use the accessor diff --git a/src/lib/utils/calendar.h b/src/lib/utils/calendar.h index 7c8c45d5aa..83759070b8 100644 --- a/src/lib/utils/calendar.h +++ b/src/lib/utils/calendar.h @@ -65,7 +65,7 @@ class BOTAN_PUBLIC_API(2,0) calendar_point */ std::string to_string() const; - BOTAN_DEPRECATED_PUBLIC_MEMBER_FUNCTIONS: + BOTAN_DEPRECATED_PUBLIC_MEMBER_VARIABLES: /* The member variables are public for historical reasons. Use the get_xxx() functions defined above. These members will be made private in a future major release. From 03cdf8c82d0e792c34c5087c8b3ecc0a23213423 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Feb 2018 20:44:22 -0500 Subject: [PATCH 0641/1008] Remove handling of even e in RSA keygen This is a holdover from Rabin-Williams support and just confusing in RSA-specific code. --- src/lib/pubkey/rsa/rsa.cpp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index bd02d1f193..a3b40df021 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -117,11 +117,8 @@ RSA_PrivateKey::RSA_PrivateKey(const BigInt& prime1, if(m_d == 0) { - BigInt inv_for_d = lcm(m_p - 1, m_q - 1); - if(m_e.is_even()) - inv_for_d >>= 1; - - m_d = inverse_mod(m_e, inv_for_d); + const BigInt phi_n = lcm(m_p - 1, m_q - 1); + m_d = inverse_mod(m_e, phi_n); } m_d1 = m_d % (m_p - 1); From 3d0c37e03a8c353ff8cb2f8ae2b4890fd57baf3e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Feb 2018 20:51:47 -0500 Subject: [PATCH 0642/1008] Tighten up RSA key validity tests They allowed even e, another leftover from Rabin-Williams --- src/lib/pubkey/rsa/rsa.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index a3b40df021..cfb1ae7ba5 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -66,7 +66,7 @@ RSA_PublicKey::RSA_PublicKey(const AlgorithmIdentifier&, */ bool RSA_PublicKey::check_key(RandomNumberGenerator&, bool) const { - if(m_n < 35 || m_n.is_even() || m_e < 2) + if(m_n < 35 || m_n.is_even() || m_e < 3 || m_e.is_even()) return false; return true; } @@ -146,7 +146,8 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng, m_n = m_p * m_q; } while(m_n.bits() != bits); - m_d = inverse_mod(m_e, lcm(m_p - 1, m_q - 1)); + const BigInt phi_n = lcm(m_p - 1, m_q - 1); + m_d = inverse_mod(m_e, phi_n); m_d1 = m_d % (m_p - 1); m_d2 = m_d % (m_q - 1); m_c = inverse_mod(m_q, m_p); @@ -157,7 +158,10 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng, */ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(m_n < 35 || m_n.is_even() || m_e < 2 || m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n) + if(m_n < 35 || m_n.is_even() || m_e < 3 || m_e.is_even()) + return false; + + if(m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n) return false; if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c != inverse_mod(m_q, m_p)) From 10f3cd2d72349488075c0c6246823c0c3881e067 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Feb 2018 08:48:31 -0500 Subject: [PATCH 0643/1008] Add a flag to disable use of ARMv8 crypto extensions [ci skip] --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index eb3740345c..5ccf1e97a9 100755 --- a/configure.py +++ b/configure.py @@ -329,7 +329,7 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--without-os-features', action='append', metavar='FEAT', help='specify OS features to disable') - for isa_extn_name in ['SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', 'AES-NI', 'SHA', 'AltiVec', 'NEON']: + for isa_extn_name in ['SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', 'AES-NI', 'SHA', 'AltiVec', 'NEON', 'ARMv8Crypto']: isa_extn = isa_extn_name.lower() target_group.add_option('--disable-%s' % (isa_extn), From 292c32bd73b3c114621ac2e4a668f6aca02c0cea Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Feb 2018 13:36:20 -0500 Subject: [PATCH 0644/1008] Wrap line for lint [ci skip] --- configure.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/configure.py b/configure.py index 5ccf1e97a9..c6b9fde642 100755 --- a/configure.py +++ b/configure.py @@ -329,7 +329,12 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--without-os-features', action='append', metavar='FEAT', help='specify OS features to disable') - for isa_extn_name in ['SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', 'AES-NI', 'SHA', 'AltiVec', 'NEON', 'ARMv8Crypto']: + isa_extensions = [ + 'SSE2', 'SSSE3', 'SSE4.1', 'SSE4.2', 'AVX2', + 'AES-NI', 'SHA', + 'AltiVec', 'NEON', 'ARMv8Crypto'] + + for isa_extn_name in isa_extensions: isa_extn = isa_extn_name.lower() target_group.add_option('--disable-%s' % (isa_extn), From 9772e10e3112f9b14669d372574bcc01981028f2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Feb 2018 12:01:43 -0500 Subject: [PATCH 0645/1008] Add functions to reduce integers mod the order to EC_Group This allows calculating the Barett reduction params just once, when the group is initialized, then sharing them across all operations which use that group. --- src/lib/pubkey/ec_group/ec_group.cpp | 42 ++++++++++++++-- src/lib/pubkey/ec_group/ec_group.h | 32 +++++++++--- src/lib/pubkey/ecdsa/ecdsa.cpp | 66 ++++++++++++------------- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 60 ++++++++++------------- src/lib/pubkey/eckcdsa/eckcdsa.cpp | 52 ++++++++++---------- src/lib/pubkey/gost_3410/gost_3410.cpp | 68 +++++++++++++------------- src/lib/pubkey/sm2/sm2.cpp | 38 ++++++-------- src/tests/unit_ecc.cpp | 12 +++-- 8 files changed, 205 insertions(+), 165 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 0c2cd566cd..beff90eec7 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -35,9 +35,10 @@ class EC_Group_Data final m_base_point(m_curve, g_x, g_y), m_order(order), m_cofactor(cofactor), + m_mod_order(order), m_oid(oid), m_p_bits(p.bits()), - m_p_bytes(p.bytes()) + m_order_bits(order.bits()) { } @@ -60,18 +61,30 @@ class EC_Group_Data final BigInt g_y() const { return m_base_point.get_affine_y(); } size_t p_bits() const { return m_p_bits; } - size_t p_bytes() const { return m_p_bytes; } + size_t p_bytes() const { return (m_p_bits + 7) / 8; } + + size_t order_bits() const { return m_order_bits; } + size_t order_bytes() const { return (m_order_bits + 7) / 8; } const CurveGFp& curve() const { return m_curve; } const PointGFp& base_point() const { return m_base_point; } + BigInt mod_order(const BigInt& x) const { return m_mod_order.reduce(x); } + + BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const + { + return m_mod_order.multiply(x, y); + } + private: CurveGFp m_curve; PointGFp m_base_point; BigInt m_order; BigInt m_cofactor; + Modular_Reducer m_mod_order; OID m_oid; - size_t m_p_bits, m_p_bytes; + size_t m_p_bits; + size_t m_order_bits; }; class EC_Group_Data_Map final @@ -246,6 +259,9 @@ std::shared_ptr EC_Group::BER_decode_EC_group(const uint8_t bits[ .end_cons() .verify_end(); + if(p.bits() < 64 || p.is_negative() || a.is_negative() || b.is_negative() || order <= 0 || cofactor <= 0) + throw Decoding_Error("Invalid ECC parameters"); + std::pair base_xy = Botan::OS2ECP(base_pt.data(), base_pt.size(), p, a, b); return ec_group_data().lookup_or_create(p, a, b, base_xy.first, base_xy.second, order, cofactor, OID()); @@ -348,6 +364,16 @@ size_t EC_Group::get_p_bytes() const return data().p_bytes(); } +size_t EC_Group::get_order_bits() const + { + return data().order_bits(); + } + +size_t EC_Group::get_order_bytes() const + { + return data().order_bytes(); + } + const BigInt& EC_Group::get_p() const { return data().p(); @@ -378,6 +404,16 @@ const BigInt& EC_Group::get_cofactor() const return data().cofactor(); } +BigInt EC_Group::mod_order(const BigInt& k) const + { + return data().mod_order(k); + } + +BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y) const + { + return data().multiply_mod_order(x, y); + } + const OID& EC_Group::get_curve_oid() const { return data().oid(); diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 1dc839540a..b4b0ec9b31 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -132,6 +132,16 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ size_t get_p_bytes() const; + /** + * Return the size of group order in bits (same as get_order().bits()) + */ + size_t get_order_bits() const; + + /** + * Return the size of p in bytes (same as get_order().bytes()) + */ + size_t get_order_bytes() const; + /** * Return the prime modulus of the field */ @@ -159,6 +169,22 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ const BigInt& get_order() const; + /* + * Reduce x modulo the order + */ + BigInt mod_order(const BigInt& x) const; + + /* + * Reduce (x*y) modulo the order + */ + BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const; + + /** + * Return the cofactor + * @result the cofactor + */ + const BigInt& get_cofactor() const; + /** * Return the OID of these domain parameters * @result the OID as a string @@ -171,12 +197,6 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ const OID& get_curve_oid() const; - /** - * Return the cofactor - * @result the cofactor - */ - const BigInt& get_cofactor() const; - /** * Return a point on this curve with the affine values x, y */ diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 96bc50ec0e..163936c081 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -2,7 +2,7 @@ * ECDSA implemenation * (C) 2007 Manuel Hartl, FlexSecure GmbH * 2007 Falko Strenzke, FlexSecure GmbH -* 2008-2010,2015,2016 Jack Lloyd +* 2008-2010,2015,2016,2018 Jack Lloyd * 2016 René Korthaus * * Botan is released under the Simplified BSD License (see license.txt) @@ -52,26 +52,25 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - m_order(ecdsa.domain().get_order()), - m_base_point(ecdsa.domain().get_base_point(), m_order), - m_x(ecdsa.private_value()), - m_mod_order(m_order) + m_group(ecdsa.domain()), + m_base_point(m_group.get_base_point(), m_group.get_order()), + m_x(ecdsa.private_value()) { #if defined(BOTAN_HAS_RFC6979_GENERATOR) m_rfc6979_hash = hash_for_emsa(emsa); #endif } - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } secure_vector raw_sign(const uint8_t msg[], size_t msg_len, - RandomNumberGenerator& rng) override; + RandomNumberGenerator& rng) override; private: - const BigInt& m_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; const BigInt& m_x; - Modular_Reducer m_mod_order; + #if defined(BOTAN_HAS_RFC6979_GENERATOR) std::string m_rfc6979_hash; #endif @@ -84,20 +83,21 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, const BigInt m(msg, msg_len); #if defined(BOTAN_HAS_RFC6979_GENERATOR) - const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, m_rfc6979_hash); + const BigInt k = generate_rfc6979_nonce(m_x, m_group.get_order(), m, m_rfc6979_hash); #else - const BigInt k = BigInt::random_integer(rng, 1, m_order); + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); #endif + const BigInt k_inv = inverse_mod(k, m_group.get_order()); const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); - const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); - const BigInt s = m_mod_order.multiply(inverse_mod(k, m_order), mul_add(m_x, r, m)); + const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); + const BigInt s = m_group.multiply_mod_order(k_inv, mul_add(m_x, r, m)); // With overwhelming probability, a bug rather than actual zero r/s - BOTAN_ASSERT(s != 0, "invalid s"); - BOTAN_ASSERT(r != 0, "invalid r"); + if(r.is_zero() || s.is_zero()) + throw Internal_Error("During ECDSA signature generated zero r/s"); - return BigInt::encode_fixed_length_int_pair(r, s, m_order.bytes()); + return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order_bytes()); } /** @@ -109,52 +109,46 @@ class ECDSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA ECDSA_Verification_Operation(const ECDSA_PublicKey& ecdsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_base_point(ecdsa.domain().get_base_point()), - m_public_point(ecdsa.public_point()), - m_order(ecdsa.domain().get_order()), - m_mod_order(m_order) + m_group(ecdsa.domain()), + m_public_point(ecdsa.public_point()) { - //m_public_point.precompute_multiples(); } - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } bool with_recovery() const override { return false; } bool verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) override; private: - const PointGFp& m_base_point; + const EC_Group m_group; const PointGFp& m_public_point; - const BigInt& m_order; - // FIXME: should be offered by curve - Modular_Reducer m_mod_order; }; bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) { - if(sig_len != m_order.bytes()*2) + if(sig_len != m_group.get_order_bytes() * 2) return false; - BigInt e(msg, msg_len); + const BigInt e(msg, msg_len); - BigInt r(sig, sig_len / 2); - BigInt s(sig + sig_len / 2, sig_len / 2); + const BigInt r(sig, sig_len / 2); + const BigInt s(sig + sig_len / 2, sig_len / 2); - if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) + if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order()) return false; - BigInt w = inverse_mod(s, m_order); + const BigInt w = inverse_mod(s, m_group.get_order()); - const BigInt u1 = m_mod_order.reduce(e * w); - const BigInt u2 = m_mod_order.reduce(r * w); - const PointGFp R = multi_exponentiate(m_base_point, u1, m_public_point, u2); + const BigInt u1 = m_group.multiply_mod_order(e, w); + const BigInt u2 = m_group.multiply_mod_order(r, w); + const PointGFp R = multi_exponentiate(m_group.get_base_point(), u1, m_public_point, u2); if(R.is_zero()) return false; - const BigInt v = m_mod_order.reduce(R.get_affine_x()); + const BigInt v = m_group.mod_order(R.get_affine_x()); return (v == r); } diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index e5e17623f6..3685306c64 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -1,6 +1,7 @@ /* * ECGDSA (BSI-TR-03111, version 2.0) * (C) 2016 René Korthaus +* (C) 2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -36,23 +37,21 @@ class ECGDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA ECGDSA_Signature_Operation(const ECGDSA_PrivateKey& ecgdsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - m_order(ecgdsa.domain().get_order()), - m_base_point(ecgdsa.domain().get_base_point(), m_order), - m_x(ecgdsa.private_value()), - m_mod_order(m_order) + m_group(ecgdsa.domain()), + m_base_point(m_group.get_base_point(), m_group.get_order()), + m_x(ecgdsa.private_value()) { } secure_vector raw_sign(const uint8_t msg[], size_t msg_len, - RandomNumberGenerator& rng) override; + RandomNumberGenerator& rng) override; - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } private: - const BigInt& m_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; const BigInt& m_x; - Modular_Reducer m_mod_order; }; secure_vector @@ -61,17 +60,17 @@ ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, { const BigInt m(msg, msg_len); - BigInt k = BigInt::random_integer(rng, 1, m_order); + BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); - const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); - const BigInt s = m_mod_order.multiply(m_x, mul_sub(k, r, m)); + const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); + const BigInt s = m_group.multiply_mod_order(m_x, mul_sub(k, r, m)); // With overwhelming probability, a bug rather than actual zero r/s - BOTAN_ASSERT(s != 0, "invalid s"); - BOTAN_ASSERT(r != 0, "invalid r"); + if(r.is_zero() || s.is_zero()) + throw Internal_Error("During ECGDSA signature generated zero r/s"); - return BigInt::encode_fixed_length_int_pair(r, s, m_order.bytes()); + return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order_bytes()); } /** @@ -84,51 +83,46 @@ class ECGDSA_Verification_Operation final : public PK_Ops::Verification_with_EMS ECGDSA_Verification_Operation(const ECGDSA_PublicKey& ecgdsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_base_point(ecgdsa.domain().get_base_point()), - m_public_point(ecgdsa.public_point()), - m_order(ecgdsa.domain().get_order()), - m_mod_order(m_order) + m_group(ecgdsa.domain()), + m_public_point(ecgdsa.public_point()) { } - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } bool with_recovery() const override { return false; } bool verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) override; private: - const PointGFp& m_base_point; + const EC_Group m_group; const PointGFp& m_public_point; - const BigInt& m_order; - // FIXME: should be offered by curve - Modular_Reducer m_mod_order; }; bool ECGDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) { - if(sig_len != m_order.bytes()*2) + if(sig_len != m_group.get_order_bytes() * 2) return false; - BigInt e(msg, msg_len); + const BigInt e(msg, msg_len); - BigInt r(sig, sig_len / 2); - BigInt s(sig + sig_len / 2, sig_len / 2); + const BigInt r(sig, sig_len / 2); + const BigInt s(sig + sig_len / 2, sig_len / 2); - if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) + if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order()) return false; - BigInt w = inverse_mod(r, m_order); + const BigInt w = inverse_mod(r, m_group.get_order()); - const BigInt u1 = m_mod_order.reduce(e * w); - const BigInt u2 = m_mod_order.reduce(s * w); - const PointGFp R = multi_exponentiate(m_base_point, u1, m_public_point, u2); + const BigInt u1 = m_group.multiply_mod_order(e, w); + const BigInt u2 = m_group.multiply_mod_order(s, w); + const PointGFp R = multi_exponentiate(m_group.get_base_point(), u1, m_public_point, u2); if(R.is_zero()) return false; - const BigInt v = m_mod_order.reduce(R.get_affine_x()); + const BigInt v = m_group.mod_order(R.get_affine_x()); return (v == r); } diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index 4d88f4cf84..d6e0957f65 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -1,6 +1,7 @@ /* * ECKCDSA (ISO/IEC 14888-3:2006/Cor.2:2009) * (C) 2016 René Korthaus, Sirrix AG +* (C) 2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -43,10 +44,9 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA ECKCDSA_Signature_Operation(const ECKCDSA_PrivateKey& eckcdsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - m_order(eckcdsa.domain().get_order()), - m_base_point(eckcdsa.domain().get_base_point(), m_order), + m_group(eckcdsa.domain()), + m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(eckcdsa.private_value()), - m_mod_order(m_order), m_prefix() { const BigInt public_point_x = eckcdsa.public_point().get_affine_x(); @@ -59,18 +59,17 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA } secure_vector raw_sign(const uint8_t msg[], size_t msg_len, - RandomNumberGenerator& rng) override; + RandomNumberGenerator& rng) override; - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } bool has_prefix() override { return true; } secure_vector message_prefix() const override { return m_prefix; } private: - const BigInt& m_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; const BigInt& m_x; - Modular_Reducer m_mod_order; secure_vector m_prefix; }; @@ -78,7 +77,7 @@ secure_vector ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t, RandomNumberGenerator& rng) { - const BigInt k = BigInt::random_integer(rng, 1, m_order); + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); const BigInt k_times_P_x = k_times_P.get_affine_x(); @@ -94,13 +93,14 @@ ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t, xor_buf(c, msg, c.size()); BigInt w(c.data(), c.size()); - w = m_mod_order.reduce(w); + w = m_group.mod_order(w); - const BigInt s = m_mod_order.multiply(m_x, k - w); - BOTAN_ASSERT(s != 0, "invalid s"); + const BigInt s = m_group.multiply_mod_order(m_x, k - w); + if(s.is_zero()) + throw Internal_Error("During ECKCDSA signature generation created zero s"); secure_vector output = BigInt::encode_1363(r, c.size()); - output += BigInt::encode_1363(s, m_order.bytes()); + output += BigInt::encode_1363(s, m_group.get_order_bytes()); return output; } @@ -114,10 +114,8 @@ class ECKCDSA_Verification_Operation final : public PK_Ops::Verification_with_EM ECKCDSA_Verification_Operation(const ECKCDSA_PublicKey& eckcdsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_base_point(eckcdsa.domain().get_base_point()), + m_group(eckcdsa.domain()), m_public_point(eckcdsa.public_point()), - m_order(eckcdsa.domain().get_order()), - m_mod_order(m_order), m_prefix() { const BigInt public_point_x = m_public_point.get_affine_x(); @@ -132,18 +130,15 @@ class ECKCDSA_Verification_Operation final : public PK_Ops::Verification_with_EM bool has_prefix() override { return true; } secure_vector message_prefix() const override { return m_prefix; } - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } bool with_recovery() const override { return false; } bool verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) override; private: - const PointGFp& m_base_point; + const EC_Group m_group; const PointGFp& m_public_point; - const BigInt& m_order; - // FIXME: should be offered by curve - Modular_Reducer m_mod_order; secure_vector m_prefix; }; @@ -152,8 +147,11 @@ bool ECKCDSA_Verification_Operation::verify(const uint8_t msg[], size_t, { const std::unique_ptr hash = HashFunction::create(hash_for_signature()); //calculate size of r - size_t size_r = std::min(hash -> output_length(), m_order.bytes()); - if(sig_len != size_r+m_order.bytes()) + + const size_t order_bytes = m_group.get_order_bytes(); + + const size_t size_r = std::min(hash -> output_length(), order_bytes); + if(sig_len != size_r + order_bytes) { return false; } @@ -161,9 +159,9 @@ bool ECKCDSA_Verification_Operation::verify(const uint8_t msg[], size_t, secure_vector r(sig, sig + size_r); // check that 0 < s < q - const BigInt s(sig + size_r, m_order.bytes()); + const BigInt s(sig + size_r, order_bytes); - if(s <= 0 || s >= m_order) + if(s <= 0 || s >= m_group.get_order()) { return false; } @@ -171,9 +169,9 @@ bool ECKCDSA_Verification_Operation::verify(const uint8_t msg[], size_t, secure_vector r_xor_e(r); xor_buf(r_xor_e, msg, r.size()); BigInt w(r_xor_e.data(), r_xor_e.size()); - w = m_mod_order.reduce(w); - - const PointGFp q = multi_exponentiate(m_base_point, w, m_public_point, s); + w = m_group.mod_order(w); + + const PointGFp q = multi_exponentiate(m_group.get_base_point(), w, m_public_point, s); const BigInt q_x = q.get_affine_x(); secure_vector c(q_x.bytes()); q_x.binary_encode(c.data()); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index f005a349bf..5d7c425d0b 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -2,7 +2,7 @@ * GOST 34.10-2001 implemenation * (C) 2007 Falko Strenzke, FlexSecure GmbH * Manuel Hartl, FlexSecure GmbH -* (C) 2008-2010,2015 Jack Lloyd +* (C) 2008-2010,2015,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -100,19 +100,18 @@ class GOST_3410_Signature_Operation final : public PK_Ops::Signature_with_EMSA GOST_3410_Signature_Operation(const GOST_3410_PrivateKey& gost_3410, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - m_order(gost_3410.domain().get_order()), - m_mod_order(m_order), - m_base_point(gost_3410.domain().get_base_point(), m_order), - m_x(gost_3410.private_value()) {} + m_group(gost_3410.domain()), + m_base_point(m_group.get_base_point(), m_group.get_order()), + m_x(gost_3410.private_value()) + {} - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } secure_vector raw_sign(const uint8_t msg[], size_t msg_len, - RandomNumberGenerator& rng) override; + RandomNumberGenerator& rng) override; private: - const BigInt& m_order; - Modular_Reducer m_mod_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; const BigInt& m_x; }; @@ -122,29 +121,28 @@ GOST_3410_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) { BigInt k; + do - k.randomize(rng, m_order.bits()-1); - while(k >= m_order); + { + k.randomize(rng, m_group.get_order_bits() - 1); + } while(k >= m_group.get_order()); BigInt e = decode_le(msg, msg_len); - e = m_mod_order.reduce(e); + e = m_group.mod_order(e); if(e == 0) e = 1; const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); BOTAN_ASSERT(k_times_P.on_the_curve(), "GOST 34.10 k*g is on the curve"); - const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); - const BigInt s = m_mod_order.reduce(r*m_x + k*e); + const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); + const BigInt s = m_group.mod_order(r*m_x + k*e); if(r == 0 || s == 0) - throw Invalid_State("GOST 34.10: r == 0 || s == 0"); + throw Internal_Error("GOST 34.10 signature generation failed, r/s equal to zero"); - secure_vector output(2*m_order.bytes()); - s.binary_encode(&output[output.size() / 2 - s.bytes()]); - r.binary_encode(&output[output.size() - r.bytes()]); - return output; + return BigInt::encode_fixed_length_int_pair(s, r, m_group.get_order_bytes()); } /** @@ -157,46 +155,46 @@ class GOST_3410_Verification_Operation final : public PK_Ops::Verification_with_ GOST_3410_Verification_Operation(const GOST_3410_PublicKey& gost, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_base_point(gost.domain().get_base_point()), - m_public_point(gost.public_point()), - m_order(gost.domain().get_order()) {} + m_group(gost.domain()), + m_public_point(gost.public_point()) + {} - size_t max_input_bits() const override { return m_order.bits(); } + size_t max_input_bits() const override { return m_group.get_order_bits(); } bool with_recovery() const override { return false; } bool verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) override; private: - const PointGFp& m_base_point; + const EC_Group m_group; const PointGFp& m_public_point; - const BigInt& m_order; }; bool GOST_3410_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) { - if(sig_len != m_order.bytes()*2) + if(sig_len != m_group.get_order_bytes() * 2) return false; - BigInt e = decode_le(msg, msg_len); + const BigInt s(sig, sig_len / 2); + const BigInt r(sig + sig_len / 2, sig_len / 2); - BigInt s(sig, sig_len / 2); - BigInt r(sig + sig_len / 2, sig_len / 2); + const BigInt& order = m_group.get_order(); - if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) + if(r <= 0 || r >= order || s <= 0 || s >= order) return false; - e %= m_order; + BigInt e = decode_le(msg, msg_len); + e = m_group.mod_order(e); if(e == 0) e = 1; - BigInt v = inverse_mod(e, m_order); + const BigInt v = inverse_mod(e, order); - BigInt z1 = (s*v) % m_order; - BigInt z2 = (-r*v) % m_order; + const BigInt z1 = m_group.multiply_mod_order(s, v); + const BigInt z2 = m_group.multiply_mod_order(-r, v); - PointGFp R = multi_exponentiate(m_base_point, z1, + PointGFp R = multi_exponentiate(m_group.get_base_point(), z1, m_public_point, z2); if(R.is_zero()) diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 652985ec9e..05c8417ecc 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -1,14 +1,15 @@ /* * SM2 Signatures * (C) 2017 Ribose Inc +* (C) 2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include +#include #include -#include #include namespace Botan { @@ -81,11 +82,10 @@ class SM2_Signature_Operation final : public PK_Ops::Signature SM2_Signature_Operation(const SM2_Signature_PrivateKey& sm2, const std::string& ident, const std::string& hash) : - m_order(sm2.domain().get_order()), - m_base_point(sm2.domain().get_base_point(), m_order), + m_group(sm2.domain()), + m_base_point(sm2.domain().get_base_point(), sm2.domain().get_order()), m_x(sm2.private_value()), m_da_inv(sm2.get_da_inv()), - m_mod_order(m_order), m_hash(HashFunction::create_or_throw(hash)) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) @@ -101,11 +101,10 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector sign(RandomNumberGenerator& rng) override; private: - const BigInt& m_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; const BigInt& m_x; const BigInt& m_da_inv; - Modular_Reducer m_mod_order; std::vector m_za; std::unique_ptr m_hash; @@ -114,18 +113,18 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { - const BigInt k = BigInt::random_integer(rng, 1, m_order); + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); const BigInt e = BigInt::decode(m_hash->final()); - const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x() + e); - const BigInt s = m_mod_order.multiply(m_da_inv, (k - r*m_x)); + const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e); + const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x)); // prepend ZA for next signature if any m_hash->update(m_za); - return BigInt::encode_fixed_length_int_pair(r, s, m_order.bytes()); + return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order().bytes()); } /** @@ -137,10 +136,8 @@ class SM2_Verification_Operation final : public PK_Ops::Verification SM2_Verification_Operation(const SM2_Signature_PublicKey& sm2, const std::string& ident, const std::string& hash) : - m_base_point(sm2.domain().get_base_point()), + m_group(sm2.domain()), m_public_point(sm2.public_point()), - m_order(sm2.domain().get_order()), - m_mod_order(m_order), m_hash(HashFunction::create_or_throw(hash)) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) @@ -155,11 +152,8 @@ class SM2_Verification_Operation final : public PK_Ops::Verification bool is_valid_signature(const uint8_t sig[], size_t sig_len) override; private: - const PointGFp& m_base_point; + const EC_Group m_group; const PointGFp& m_public_point; - const BigInt& m_order; - // FIXME: should be offered by curve - Modular_Reducer m_mod_order; std::vector m_za; std::unique_ptr m_hash; }; @@ -171,27 +165,27 @@ bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t // Update for next verification m_hash->update(m_za); - if(sig_len != m_order.bytes()*2) + if(sig_len != m_group.get_order().bytes()*2) return false; const BigInt r(sig, sig_len / 2); const BigInt s(sig + sig_len / 2, sig_len / 2); - if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) + if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order()) return false; - const BigInt t = m_mod_order.reduce(r + s); + const BigInt t = m_group.mod_order(r + s); if(t == 0) return false; - const PointGFp R = multi_exponentiate(m_base_point, s, m_public_point, t); + const PointGFp R = multi_exponentiate(m_group.get_base_point(), s, m_public_point, t); // ??? if(R.is_zero()) return false; - return (m_mod_order.reduce(R.get_affine_x() + e) == r); + return (m_group.mod_order(R.get_affine_x() + e) == r); } } diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 96e2438b36..bd8295033a 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -889,9 +889,15 @@ class ECC_Invalid_Key_Tests final : public Text_Based_Test const std::string encoded = get_req_str(vars, "SubjectPublicKey"); Botan::DataSource_Memory key_data(Botan::hex_decode(encoded)); - std::unique_ptr key(Botan::X509::load_key(key_data)); - result.test_eq("public key fails check", key->check_key(Test::rng(), false), false); - + try + { + std::unique_ptr key(Botan::X509::load_key(key_data)); + result.test_eq("public key fails check", key->check_key(Test::rng(), false), false); + } + catch(Botan::Decoding_Error&) + { + result.test_success("Decoding invalid ECC key results in decoding error exception"); + } return result; } From 93dc617bb11600fe25f46c3a4f2211478708247d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Feb 2018 12:28:18 -0500 Subject: [PATCH 0646/1008] Add point_multiply operation to EC_Group Allows precomputations in the future. --- src/lib/pubkey/ec_group/ec_group.cpp | 5 +++++ src/lib/pubkey/ec_group/ec_group.h | 9 +++++++++ src/lib/pubkey/ecdsa/ecdsa.cpp | 2 +- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 2 +- src/lib/pubkey/eckcdsa/eckcdsa.cpp | 2 +- src/lib/pubkey/gost_3410/gost_3410.cpp | 3 +-- src/lib/pubkey/sm2/sm2.cpp | 2 +- 7 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index beff90eec7..4123994b5f 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -429,6 +429,11 @@ PointGFp EC_Group::point(const BigInt& x, const BigInt& y) const return PointGFp(data().curve(), x, y); } +PointGFp EC_Group::point_multiply(const BigInt& x, const PointGFp& pt, const BigInt& y) const + { + return multi_exponentiate(get_base_point(), x, pt, y); + } + PointGFp EC_Group::zero_point() const { return PointGFp(data().curve()); diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index b4b0ec9b31..a60c711578 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -32,6 +32,9 @@ class EC_Group_Data_Map; /** * Class representing an elliptic curve +* +* The internal representation is stored in a shared_ptr, so copying an +* EC_Group is inexpensive. */ class BOTAN_PUBLIC_API(2,0) EC_Group final { @@ -202,6 +205,12 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ PointGFp point(const BigInt& x, const BigInt& y) const; + /** + * Multi exponentiate + * @return base_point*x + pt*y + */ + PointGFp point_multiply(const BigInt& x, const PointGFp& pt, const BigInt& y) const; + /** * Return the zero (or infinite) point on this curve */ diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 163936c081..12ccd96085 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -143,7 +143,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const BigInt u1 = m_group.multiply_mod_order(e, w); const BigInt u2 = m_group.multiply_mod_order(r, w); - const PointGFp R = multi_exponentiate(m_group.get_base_point(), u1, m_public_point, u2); + const PointGFp R = m_group.point_multiply(u1, m_public_point, u2); if(R.is_zero()) return false; diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index 3685306c64..f8e5744d92 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -117,7 +117,7 @@ bool ECGDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const BigInt u1 = m_group.multiply_mod_order(e, w); const BigInt u2 = m_group.multiply_mod_order(s, w); - const PointGFp R = multi_exponentiate(m_group.get_base_point(), u1, m_public_point, u2); + const PointGFp R = m_group.point_multiply(u1, m_public_point, u2); if(R.is_zero()) return false; diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index d6e0957f65..743d5ab95b 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -171,7 +171,7 @@ bool ECKCDSA_Verification_Operation::verify(const uint8_t msg[], size_t, BigInt w(r_xor_e.data(), r_xor_e.size()); w = m_group.mod_order(w); - const PointGFp q = multi_exponentiate(m_group.get_base_point(), w, m_public_point, s); + const PointGFp q = m_group.point_multiply(w, m_public_point, s); const BigInt q_x = q.get_affine_x(); secure_vector c(q_x.bytes()); q_x.binary_encode(c.data()); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 5d7c425d0b..760e667aa5 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -194,8 +194,7 @@ bool GOST_3410_Verification_Operation::verify(const uint8_t msg[], size_t msg_le const BigInt z1 = m_group.multiply_mod_order(s, v); const BigInt z2 = m_group.multiply_mod_order(-r, v); - PointGFp R = multi_exponentiate(m_group.get_base_point(), z1, - m_public_point, z2); + const PointGFp R = m_group.point_multiply(z1, m_public_point, z2); if(R.is_zero()) return false; diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 05c8417ecc..e2bc5d92df 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -179,7 +179,7 @@ bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t if(t == 0) return false; - const PointGFp R = multi_exponentiate(m_group.get_base_point(), s, m_public_point, t); + const PointGFp R = m_group.point_multiply(s, m_public_point, t); // ??? if(R.is_zero()) From 238ec6202d1fc6d402ac124cc51a8b8856402f04 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Feb 2018 16:17:12 -0500 Subject: [PATCH 0647/1008] Further simplifications in SM2 code --- src/lib/pubkey/sm2/sm2.cpp | 6 +++--- src/lib/pubkey/sm2/sm2_enc.cpp | 22 +++++++++++----------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index e2bc5d92df..2af888bbca 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -83,13 +83,13 @@ class SM2_Signature_Operation final : public PK_Ops::Signature const std::string& ident, const std::string& hash) : m_group(sm2.domain()), - m_base_point(sm2.domain().get_base_point(), sm2.domain().get_order()), + m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(sm2.private_value()), m_da_inv(sm2.get_da_inv()), m_hash(HashFunction::create_or_throw(hash)) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - m_za = sm2_compute_za(*m_hash, ident, sm2.domain(), sm2.public_point()); + m_za = sm2_compute_za(*m_hash, ident, m_group, sm2.public_point()); m_hash->update(m_za); } @@ -141,7 +141,7 @@ class SM2_Verification_Operation final : public PK_Ops::Verification m_hash(HashFunction::create_or_throw(hash)) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - m_za = sm2_compute_za(*m_hash, ident, sm2.domain(), sm2.public_point()); + m_za = sm2_compute_za(*m_hash, ident, m_group, m_public_point); m_hash->update(m_za); } diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index 9ba2780608..462c4b9684 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -46,10 +46,9 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption { public: SM2_Encryption_Operation(const SM2_Encryption_PublicKey& key, const std::string& kdf_hash) : - m_p_bytes(key.domain().get_p_bytes()), - m_order(key.domain().get_order()), - m_base_point(key.domain().get_base_point(), m_order), - m_public_point(key.public_point(), m_order), + m_group(key.domain()), + m_base_point(m_group.get_base_point(), m_group.get_order()), + m_public_point(key.public_point(), m_group.get_order()), m_kdf_hash(kdf_hash) {} @@ -66,13 +65,15 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption std::unique_ptr hash = HashFunction::create_or_throw(m_kdf_hash); std::unique_ptr kdf = KDF::create_or_throw("KDF2(" + m_kdf_hash + ")"); - const BigInt k = BigInt::random_integer(rng, 1, m_order); + const size_t p_bytes = m_group.get_p_bytes(); + + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); const PointGFp C1 = m_base_point.blinded_multiply(k, rng); const BigInt x1 = C1.get_affine_x(); const BigInt y1 = C1.get_affine_y(); - std::vector x1_bytes(m_p_bytes); - std::vector y1_bytes(m_p_bytes); + std::vector x1_bytes(p_bytes); + std::vector y1_bytes(p_bytes); BigInt::encode_1363(x1_bytes.data(), x1_bytes.size(), x1); BigInt::encode_1363(y1_bytes.data(), y1_bytes.size(), y1); @@ -80,8 +81,8 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption const BigInt x2 = kPB.get_affine_x(); const BigInt y2 = kPB.get_affine_y(); - std::vector x2_bytes(m_p_bytes); - std::vector y2_bytes(m_p_bytes); + std::vector x2_bytes(p_bytes); + std::vector y2_bytes(p_bytes); BigInt::encode_1363(x2_bytes.data(), x2_bytes.size(), x2); BigInt::encode_1363(y2_bytes.data(), y2_bytes.size(), y2); @@ -112,8 +113,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption } private: - size_t m_p_bytes; - const BigInt& m_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; Blinded_Point_Multiply m_public_point; const std::string m_kdf_hash; From 9792c0eb8203a4982d28afebb19b027444753f90 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Feb 2018 16:29:27 -0500 Subject: [PATCH 0648/1008] Add benchmarks for ElGamal and DSA Weird these didn't already exist --- src/cli/speed.cpp | 59 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index e6ea877e0b..78cbdccf6e 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -799,6 +799,18 @@ class Speed final : public Command bench_dh(provider, msec); } #endif +#if defined(BOTAN_HAS_DSA) + else if(algo == "DSA") + { + bench_dsa(provider, msec); + } +#endif +#if defined(BOTAN_HAS_ELGAMAL) + else if(algo == "ElGamal") + { + bench_elgamal(provider, msec); + } +#endif #if defined(BOTAN_HAS_ECDH) else if(algo == "ECDH") { @@ -1730,6 +1742,53 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_DSA) + void bench_dsa(const std::string& provider, std::chrono::milliseconds msec) + { + for(size_t bits : { 1024, 2048, 3072 }) + { + const std::string nm = "DSA-" + std::to_string(bits); + + const std::string params = + (bits == 1024) ? "dsa/jce/1024" : ("dsa/botan/" + std::to_string(bits)); + + Timer keygen_timer(nm, provider, "keygen"); + + std::unique_ptr key(keygen_timer.run([&] + { + return Botan::create_private_key("DSA", rng(), params); + })); + + record_result(keygen_timer); + + bench_pk_sig(*key, nm, provider, "EMSA1(SHA-256)", msec); + } + } +#endif + +#if defined(BOTAN_HAS_ELGAMAL) + void bench_elgamal(const std::string& provider, std::chrono::milliseconds msec) + { + for(size_t keylen : { 1024, 2048, 3072, 4096 }) + { + const std::string nm = "ElGamal-" + std::to_string(keylen); + + const std::string params = "modp/ietf/" + std::to_string(keylen); + + Timer keygen_timer(nm, provider, "keygen"); + + std::unique_ptr key(keygen_timer.run([&] + { + return Botan::create_private_key("ElGamal", rng(), params); + })); + + record_result(keygen_timer); + + bench_pk_enc(*key, nm, provider, "EME-PKCS1-v1_5", msec); + } + } +#endif + #if defined(BOTAN_HAS_ECDH) void bench_ecdh(const std::vector& groups, const std::string& provider, From 6baa9c20eb3f4d6ff81b357ff3d5760a7daaad41 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 11:40:23 -0500 Subject: [PATCH 0649/1008] Move allocator initializer RAII class to mem_ops.h May be needed elsewhere --- src/lib/pubkey/ec_group/ec_group.cpp | 5 ----- src/lib/utils/mem_ops.h | 6 ++++++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 4123994b5f..771bd4b0f0 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -188,11 +188,6 @@ EC_Group_Data_Map& EC_Group::ec_group_data() * This exists purely to ensure the allocator is constructed before g_ec_data, * which ensures that its destructor runs after ~g_ec_data is complete. */ - class Allocator_Initializer - { - public: - Allocator_Initializer() { initialize_allocator(); } - }; static Allocator_Initializer g_init_allocator; static EC_Group_Data_Map g_ec_data; diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index 5fb5752fcd..c59c02d5a5 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -37,6 +37,12 @@ BOTAN_PUBLIC_API(2,3) void deallocate_memory(void* p, size_t elems, size_t elem_ */ void initialize_allocator(); +class Allocator_Initializer + { + public: + Allocator_Initializer() { initialize_allocator(); } + }; + /** * Scrub memory contents in a way that a compiler should not elide, * using some system specific technique. Note that this function might From 77506bcf956120826d6ecab52f310469bd9dceb0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 11:40:55 -0500 Subject: [PATCH 0650/1008] Minor optimizations for BigInt operator/ Detect divisions by small powers of 2 --- src/lib/math/bigint/big_ops3.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/math/bigint/big_ops3.cpp b/src/lib/math/bigint/big_ops3.cpp index 48d84c8b48..eed8a29a05 100644 --- a/src/lib/math/bigint/big_ops3.cpp +++ b/src/lib/math/bigint/big_ops3.cpp @@ -107,6 +107,9 @@ BigInt operator*(const BigInt& x, const BigInt& y) */ BigInt operator/(const BigInt& x, const BigInt& y) { + if(y.sig_words() == 1 && is_power_of_2(y.word_at(0))) + return (x >> (y.bits() - 1)); + BigInt q, r; divide(x, y, q, r); return q; @@ -137,6 +140,9 @@ word operator%(const BigInt& n, word mod) if(mod == 0) throw BigInt::DivideByZero(); + if(mod == 1) + return 0; + if(is_power_of_2(mod)) return (n.word_at(0) & (mod - 1)); From 5a13fe1059233eedba27b387b9dfffc7031b15fe Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 11:42:25 -0500 Subject: [PATCH 0651/1008] Split out Montgomery exponentation state The existing Power_Mod classes are not thread safe so can't be used in shared contexts. --- src/lib/math/numbertheory/def_powm.h | 11 +- src/lib/math/numbertheory/info.txt | 1 + src/lib/math/numbertheory/monty_exp.cpp | 153 ++++++++++++++++++++++++ src/lib/math/numbertheory/monty_exp.h | 36 ++++++ src/lib/math/numbertheory/powm_mnt.cpp | 115 ++---------------- 5 files changed, 204 insertions(+), 112 deletions(-) create mode 100644 src/lib/math/numbertheory/monty_exp.cpp create mode 100644 src/lib/math/numbertheory/monty_exp.h diff --git a/src/lib/math/numbertheory/def_powm.h b/src/lib/math/numbertheory/def_powm.h index 826ffb49fc..fe705bf96f 100644 --- a/src/lib/math/numbertheory/def_powm.h +++ b/src/lib/math/numbertheory/def_powm.h @@ -36,6 +36,8 @@ class Fixed_Window_Exponentiator final : public Modular_Exponentiator Power_Mod::Usage_Hints m_hints; }; +class Montgomery_Exponentation_State; + /** * Montgomery Exponentiator */ @@ -51,12 +53,11 @@ class Montgomery_Exponentiator final : public Modular_Exponentiator Montgomery_Exponentiator(const BigInt&, Power_Mod::Usage_Hints); private: - BigInt m_exp, m_modulus, m_R_mod, m_R2_mod; - Modular_Reducer m_reducer; - word m_mod_prime; - size_t m_mod_words, m_exp_bits, m_window_bits; + std::shared_ptr m_monty; + BigInt m_p; + Modular_Reducer m_mod_p; + BigInt m_e; Power_Mod::Usage_Hints m_hints; - std::vector m_g; }; } diff --git a/src/lib/math/numbertheory/info.txt b/src/lib/math/numbertheory/info.txt index 0a386b9f32..01adb73455 100644 --- a/src/lib/math/numbertheory/info.txt +++ b/src/lib/math/numbertheory/info.txt @@ -12,6 +12,7 @@ reducer.h def_powm.h +monty_exp.h diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp new file mode 100644 index 0000000000..35f04fc5dc --- /dev/null +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -0,0 +1,153 @@ +/* +* Montgomery Exponentiation +* (C) 1999-2010,2012,2018 Jack Lloyd +* 2016 Matthias Gierlings +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include + +namespace Botan { + +class Montgomery_Exponentation_State + { + public: + Montgomery_Exponentation_State(const BigInt& g, + const BigInt& p, + const Modular_Reducer& mod_p, + size_t window_bits); + + BigInt exponentiation(const BigInt& k) const; + private: + BigInt m_p; + BigInt m_R_mod; + BigInt m_R2_mod; + word m_mod_prime; + size_t m_p_words; + size_t m_window_bits; + std::vector m_g; + }; + +Montgomery_Exponentation_State::Montgomery_Exponentation_State(const BigInt& g, + const BigInt& p, + const Modular_Reducer& mod_p, + size_t window_bits) : + m_p(p), + m_p_words(p.sig_words()), + m_window_bits(window_bits) + { + if(p.is_positive() == false || p.is_even()) + throw Invalid_Argument("Cannot use Montgomery reduction on even or negative integer"); + + if(window_bits > 12) // really even 8 is too large ... + throw Invalid_Argument("Montgomery window bits too large"); + + m_mod_prime = monty_inverse(m_p.word_at(0)); + + const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS); + m_R_mod = mod_p.reduce(r); + m_R2_mod = mod_p.square(m_R_mod); + + m_g.resize(1U << m_window_bits); + + BigInt z(BigInt::Positive, 2 * (m_p_words + 1)); + secure_vector workspace(z.size()); + + m_g[0] = 1; + + bigint_monty_mul(z, m_g[0], m_R2_mod, + m_p.data(), m_p_words, m_mod_prime, + workspace.data()); + m_g[0] = z; + + m_g[1] = mod_p.reduce(g); + + bigint_monty_mul(z, m_g[1], m_R2_mod, + m_p.data(), m_p_words, m_mod_prime, + workspace.data()); + + m_g[1] = z; + + const BigInt& x = m_g[1]; + + for(size_t i = 2; i != m_g.size(); ++i) + { + const BigInt& y = m_g[i-1]; + + bigint_monty_mul(z, x, y, m_p.data(), m_p_words, m_mod_prime, + workspace.data()); + + m_g[i] = z; + m_g[i].shrink_to_fit(); + m_g[i].grow_to(m_p_words); + } + } + +BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& k) const + { + const size_t exp_nibbles = (k.bits() + m_window_bits - 1) / m_window_bits; + + BigInt x = m_R_mod; + + const size_t z_size = 2*(m_p_words + 1); + + BigInt z(BigInt::Positive, z_size); + secure_vector workspace(z.size()); + secure_vector e(m_p_words); + + for(size_t i = exp_nibbles; i > 0; --i) + { + for(size_t k = 0; k != m_window_bits; ++k) + { + bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_mod_prime, + workspace.data()); + + x = z; + } + + const uint32_t nibble = k.get_substring(m_window_bits*(i-1), m_window_bits); + + BigInt::const_time_lookup(e, m_g, nibble); + + bigint_mul(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + e.data(), m_p_words, m_p_words, + workspace.data()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_mod_prime, + workspace.data()); + + x = z; + } + + x.grow_to(2*m_p_words + 1); + + bigint_monty_redc(x.mutable_data(), + m_p.data(), m_p_words, m_mod_prime, + workspace.data()); + + return x; + } + +std::shared_ptr +monty_precompute(const BigInt& g, + const BigInt& p, + const Modular_Reducer& mod_p, + size_t window_bits) + { + return std::make_shared(g, p, mod_p, window_bits); + } + +BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, + const BigInt& k) + { + return precomputed_state.exponentiation(k); + } + +} + diff --git a/src/lib/math/numbertheory/monty_exp.h b/src/lib/math/numbertheory/monty_exp.h new file mode 100644 index 0000000000..65fc9ce4ba --- /dev/null +++ b/src/lib/math/numbertheory/monty_exp.h @@ -0,0 +1,36 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_MONTY_EXP_H_ +#define BOTAN_MONTY_EXP_H_ + +#include + +namespace Botan { + +class BigInt; +class Modular_Reducer; + +class Montgomery_Exponentation_State; + +/* +* Precompute for calculating values g^x mod p +*/ +std::shared_ptr +monty_precompute(const BigInt& g, + const BigInt& p, + const Modular_Reducer& mod_p, + size_t window_bits); + +/* +* Return g^x mod p +*/ +BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, + const BigInt& k); + +} + +#endif diff --git a/src/lib/math/numbertheory/powm_mnt.cpp b/src/lib/math/numbertheory/powm_mnt.cpp index d3b5805e48..81102188b1 100644 --- a/src/lib/math/numbertheory/powm_mnt.cpp +++ b/src/lib/math/numbertheory/powm_mnt.cpp @@ -1,6 +1,6 @@ /* * Montgomery Exponentiation -* (C) 1999-2010,2012 Jack Lloyd +* (C) 1999-2010,2012,2018 Jack Lloyd * 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) @@ -9,131 +9,32 @@ #include #include #include +#include namespace Botan { -/* -* Set the exponent -*/ void Montgomery_Exponentiator::set_exponent(const BigInt& exp) { - m_exp = exp; - m_exp_bits = exp.bits(); + m_e = exp; } -/* -* Set the base -*/ void Montgomery_Exponentiator::set_base(const BigInt& base) { - m_window_bits = Power_Mod::window_bits(m_exp.bits(), base.bits(), m_hints); - - m_g.resize(1U << m_window_bits); - - BigInt z(BigInt::Positive, 2 * (m_mod_words + 1)); - secure_vector workspace(z.size()); - - m_g[0] = 1; - - bigint_monty_mul(z, m_g[0], m_R2_mod, - m_modulus.data(), m_mod_words, m_mod_prime, - workspace.data()); - m_g[0] = z; - - m_g[1] = m_reducer.reduce(base); - - bigint_monty_mul(z, m_g[1], m_R2_mod, - m_modulus.data(), m_mod_words, m_mod_prime, - workspace.data()); - - m_g[1] = z; - - const BigInt& x = m_g[1]; - - for(size_t i = 2; i != m_g.size(); ++i) - { - const BigInt& y = m_g[i-1]; - - bigint_monty_mul(z, x, y, m_modulus.data(), m_mod_words, m_mod_prime, - workspace.data()); - - m_g[i] = z; - m_g[i].shrink_to_fit(); - m_g[i].grow_to(m_mod_words); - } + size_t window_bits = Power_Mod::window_bits(m_e.bits(), base.bits(), m_hints); + m_monty = monty_precompute(base, m_p, m_mod_p, window_bits); } -/* -* Compute the result -*/ BigInt Montgomery_Exponentiator::execute() const { - const size_t exp_nibbles = (m_exp_bits + m_window_bits - 1) / m_window_bits; - - BigInt x = m_R_mod; - - const size_t z_size = 2*(m_mod_words + 1); - - BigInt z(BigInt::Positive, z_size); - secure_vector workspace(z.size()); - secure_vector e(m_mod_words); - - for(size_t i = exp_nibbles; i > 0; --i) - { - for(size_t k = 0; k != m_window_bits; ++k) - { - bigint_monty_sqr(z, x, m_modulus.data(), m_mod_words, m_mod_prime, - workspace.data()); - - x = z; - } - - const uint32_t nibble = m_exp.get_substring(m_window_bits*(i-1), m_window_bits); - - BigInt::const_time_lookup(e, m_g, nibble); - - bigint_mul(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), - e.data(), m_mod_words, m_mod_words, - workspace.data()); - - bigint_monty_redc(z.mutable_data(), - m_modulus.data(), m_mod_words, m_mod_prime, - workspace.data()); - - x = z; - } - - x.grow_to(2*m_mod_words + 1); - - bigint_monty_redc(x.mutable_data(), - m_modulus.data(), m_mod_words, m_mod_prime, - workspace.data()); - - return x; + return monty_execute(*m_monty, m_e); } -/* -* Montgomery_Exponentiator Constructor -*/ Montgomery_Exponentiator::Montgomery_Exponentiator(const BigInt& mod, Power_Mod::Usage_Hints hints) : - m_modulus(mod), - m_reducer(m_modulus), - m_mod_words(m_modulus.sig_words()), - m_window_bits(1), + m_p(mod), + m_mod_p(mod), m_hints(hints) { - // Montgomery reduction only works for positive odd moduli - if(!m_modulus.is_positive() || m_modulus.is_even()) - throw Invalid_Argument("Montgomery_Exponentiator: invalid modulus"); - - m_mod_prime = monty_inverse(mod.word_at(0)); - - const BigInt r = BigInt::power_of_2(m_mod_words * BOTAN_MP_WORD_BITS); - m_R_mod = m_reducer.reduce(r); - m_R2_mod = m_reducer.square(m_R_mod); - m_exp_bits = 0; } } From 0c730407a73d26eb5a5c9cb2a5fdb6b6042081ed Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 11:43:09 -0500 Subject: [PATCH 0652/1008] Add consts --- src/lib/math/numbertheory/numthry.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index 12ac519537..e80ae43ab1 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -473,15 +473,15 @@ bool is_prime(const BigInt& n, RandomNumberGenerator& rng, const BigInt n_minus_1 = n - 1; const size_t s = low_zero_bits(n_minus_1); - Fixed_Exponent_Power_Mod pow_mod(n_minus_1 >> s, n); - Modular_Reducer reducer(n); + const Modular_Reducer mod_n(n); + const Fixed_Exponent_Power_Mod pow_mod(n_minus_1 >> s, n); for(size_t i = 0; i != test_iterations; ++i) { const BigInt a = BigInt::random_integer(rng, 2, n_minus_1); BigInt y = pow_mod(a); - if(mr_witness(std::move(y), reducer, n_minus_1, s)) + if(mr_witness(std::move(y), mod_n, n_minus_1, s)) return false; } From 6d4affbbc27f021c6e87f74c5db420b75ca96581 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 11:43:40 -0500 Subject: [PATCH 0653/1008] Add shared_ptr for DL_Group state Add precomputations for mod-p math and g^x%p calcualations. --- src/lib/pubkey/dl_group/dl_group.cpp | 412 +++++++++++------- src/lib/pubkey/dl_group/dl_group.h | 187 ++++++--- src/lib/pubkey/dl_group/dl_named.cpp | 602 ++++++--------------------- src/tests/test_dl_group.cpp | 24 +- 4 files changed, 521 insertions(+), 704 deletions(-) diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index ea47c71a13..6d9418241f 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -1,40 +1,189 @@ /* * Discrete Logarithm Parameters -* (C) 1999-2008,2015 Jack Lloyd +* (C) 1999-2008,2015,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include +#include #include #include #include #include +#include +#include namespace Botan { +class DL_Group_Data final + { + public: + DL_Group_Data(const BigInt& p, const BigInt& q, const BigInt& g) : + m_p(p), m_q(q), m_g(g), + m_mod_p(p), + m_monty(monty_precompute(m_g, m_p, m_mod_p, /*window bits=*/4)), + m_p_bits(p.bits()) + {} + + ~DL_Group_Data() = default; + + DL_Group_Data(const DL_Group_Data& other) = delete; + DL_Group_Data& operator=(const DL_Group_Data& other) = delete; + + const BigInt& p() const { return m_p; } + const BigInt& q() const { return m_q; } + const BigInt& g() const { return m_g; } + + BigInt mod_p(const BigInt& x) const { return m_mod_p.reduce(x); } + + BigInt multiply_mod_p(const BigInt& x, const BigInt& y) const + { + return m_mod_p.multiply(x, y); + } + + size_t p_bits() const { return m_p_bits; } + size_t p_bytes() const { return (m_p_bits + 7) / 8; } + + BigInt power_g_p(const BigInt& k) const { return monty_execute(*m_monty, k); } + + private: + BigInt m_p; + BigInt m_q; + BigInt m_g; + Modular_Reducer m_mod_p; + std::shared_ptr m_monty; + size_t m_p_bits; + size_t m_q_bits; + }; + +//static +std::shared_ptr DL_Group::BER_decode_DL_group(const uint8_t data[], size_t data_len, DL_Group::Format format) + { + BigInt p, q, g; + + BER_Decoder decoder(data, data_len); + BER_Decoder ber = decoder.start_cons(SEQUENCE); + + if(format == DL_Group::ANSI_X9_57) + { + ber.decode(p) + .decode(q) + .decode(g) + .verify_end(); + } + else if(format == DL_Group::ANSI_X9_42) + { + ber.decode(p) + .decode(g) + .decode(q) + .discard_remaining(); + } + else if(format == DL_Group::PKCS_3) + { + // q is left as zero + ber.decode(p) + .decode(g) + .discard_remaining(); + } + else + throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); + + return std::make_shared(p, q, g); + } + +//static +std::shared_ptr +DL_Group::load_DL_group_info(const char* p_str, + const char* q_str, + const char* g_str) + { + const BigInt p(p_str); + const BigInt q(q_str); + const BigInt g(g_str); + + return std::make_shared(p, q, g); + } + +//static +std::shared_ptr +DL_Group::load_DL_group_info(const char* p_str, + const char* g_str) + { + const BigInt p(p_str); + const BigInt q = (p - 1) / 2; + const BigInt g(g_str); + + return std::make_shared(p, q, g); + } + +namespace { + +DL_Group::Format pem_label_to_dl_format(const std::string& label) + { + if(label == "DH PARAMETERS") + return DL_Group::PKCS_3; + else if(label == "DSA PARAMETERS") + return DL_Group::ANSI_X9_57; + else if(label == "X942 DH PARAMETERS" || label == "X9.42 DH PARAMETERS") + return DL_Group::ANSI_X9_42; + else + throw Decoding_Error("DL_Group: Invalid PEM label " + label); + } + +} + /* * DL_Group Constructor */ -DL_Group::DL_Group() +DL_Group::DL_Group(const std::string& str) { - m_initialized = false; + // Either a name or a PEM block, try name first + m_data = DL_group_info(str); + + if(m_data == nullptr) + { + try + { + std::string label; + const std::vector ber = unlock(PEM_Code::decode(str, label)); + Format format = pem_label_to_dl_format(label); + + m_data = BER_decode_DL_group(ber.data(), ber.size(), format); + } + catch(...) {} + } + + if(m_data == nullptr) + throw Invalid_Argument("DL_Group: Unknown group " + str); } +namespace { + /* -* DL_Group Constructor +* Create generator of the q-sized subgroup (DSA style generator) */ -DL_Group::DL_Group(const std::string& name) +BigInt make_dsa_generator(const BigInt& p, const BigInt& q) { - const std::string pem = PEM_for_named_group(name); + const BigInt e = (p - 1) / q; - if(pem == "") - throw Invalid_Argument("DL_Group: Unknown group " + name); + if(e == 0 || (p - 1) % q > 0) + throw Invalid_Argument("make_dsa_generator q does not divide p-1"); + + for(size_t i = 0; i != PRIME_TABLE_SIZE; ++i) + { + // TODO precompute! + BigInt g = power_mod(PRIMES[i], e, p); + if(g > 1) + return g; + } - PEM_decode(pem); + throw Internal_Error("DL_Group: Couldn't create a suitable generator"); } +} + /* * DL_Group Constructor */ @@ -42,55 +191,63 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, PrimeType type, size_t pbits, size_t qbits) { if(pbits < 1024) - throw Invalid_Argument("DL_Group: prime size " + std::to_string(pbits) + - " is too small"); + throw Invalid_Argument("DL_Group: prime size " + std::to_string(pbits) + " is too small"); if(type == Strong) { - m_p = random_safe_prime(rng, pbits); - m_q = (m_p - 1) / 2; - m_g = 2; + const BigInt p = random_safe_prime(rng, pbits); + const BigInt q = (p - 1) / 2; /* Always choose a generator that is quadratic reside mod p, this forces g to be a generator of the subgroup of size q. */ - if(jacobi(m_g, m_p) != 1) + BigInt g = 2; + if(jacobi(g, p) != 1) { // prime table does not contain 2 for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i) { - m_g = PRIMES[i]; - if(jacobi(m_g, m_p) == 1) + g = PRIMES[i]; + if(jacobi(g, p) == 1) break; } } + + m_data = std::make_shared(p, q, g); } else if(type == Prime_Subgroup) { - if(!qbits) + if(qbits == 0) qbits = dl_exponent_size(pbits); - m_q = random_prime(rng, qbits); + const BigInt q = random_prime(rng, qbits); + Modular_Reducer mod_2q(2*q); BigInt X; - while(m_p.bits() != pbits || !is_prime(m_p, rng)) + BigInt p; + while(p.bits() != pbits || !is_prime(p, rng)) { X.randomize(rng, pbits); - m_p = X - (X % (2*m_q) - 1); + p = X - mod_2q.reduce(X) + 1; } - m_g = make_dsa_generator(m_p, m_q); + const BigInt g = make_dsa_generator(p, q); + m_data = std::make_shared(p, q, g); } else if(type == DSA_Kosherizer) { - qbits = qbits ? qbits : ((pbits <= 1024) ? 160 : 256); + if(qbits == 0) + qbits = ((pbits <= 1024) ? 160 : 256); - generate_dsa_primes(rng, m_p, m_q, pbits, qbits); - - m_g = make_dsa_generator(m_p, m_q); + BigInt p, q; + generate_dsa_primes(rng, p, q, pbits, qbits); + const BigInt g = make_dsa_generator(p, q); + m_data = std::make_shared(p, q, g); + } + else + { + throw Invalid_Argument("DL_Group unknown PrimeType"); } - - m_initialized = true; } /* @@ -100,57 +257,38 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, const std::vector& seed, size_t pbits, size_t qbits) { - if(!generate_dsa_primes(rng, m_p, m_q, pbits, qbits, seed)) - throw Invalid_Argument("DL_Group: The seed given does not " - "generate a DSA group"); + BigInt p, q; - m_g = make_dsa_generator(m_p, m_q); + if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) + throw Invalid_Argument("DL_Group: The seed given does not generate a DSA group"); - m_initialized = true; + BigInt g = make_dsa_generator(p, q); + + m_data = std::make_shared(p, q, g); } /* * DL_Group Constructor */ -DL_Group::DL_Group(const BigInt& p1, const BigInt& g1) +DL_Group::DL_Group(const BigInt& p, const BigInt& g) { - initialize(p1, 0, g1); + m_data = std::make_shared(p, 0, g); } /* * DL_Group Constructor */ -DL_Group::DL_Group(const BigInt& p1, const BigInt& q1, const BigInt& g1) +DL_Group::DL_Group(const BigInt& p, const BigInt& q, const BigInt& g) { - initialize(p1, q1, g1); + m_data = std::make_shared(p, q, g); } -/* -* DL_Group Initializer -*/ -void DL_Group::initialize(const BigInt& p1, const BigInt& q1, const BigInt& g1) +const DL_Group_Data& DL_Group::data() const { - if(p1 < 3) - throw Invalid_Argument("DL_Group: Prime invalid"); - if(g1 < 2 || g1 >= p1) - throw Invalid_Argument("DL_Group: Generator invalid"); - if(q1 < 0 || q1 >= p1) - throw Invalid_Argument("DL_Group: Subgroup invalid"); - - m_p = p1; - m_g = g1; - m_q = q1; - - m_initialized = true; - } + if(m_data) + return *m_data; -/* -* Verify that the group has been set -*/ -void DL_Group::init_check() const - { - if(!m_initialized) - throw Invalid_State("DLP group cannot be used uninitialized"); + throw Invalid_State("DL_Group uninitialized"); } /* @@ -159,29 +297,28 @@ void DL_Group::init_check() const bool DL_Group::verify_group(RandomNumberGenerator& rng, bool strong) const { - init_check(); - - if(m_g < 2 || m_p < 3 || m_q < 0) + if(get_g() < 2 || get_p() < 3 || get_q() < 0) return false; const size_t prob = (strong) ? 128 : 10; - if(m_q != 0) + if(get_q() != 0) { - if((m_p - 1) % m_q != 0) + if((get_p() - 1) % get_q() != 0) { return false; } - if(power_mod(m_g, m_q, m_p) != 1) + if(this->power_g_p(get_q()) != 1) { return false; } - if(!is_prime(m_q, rng, prob)) + if(!is_prime(get_q(), rng, prob)) { return false; } } - if(!is_prime(m_p, rng, prob)) + + if(!is_prime(get_p(), rng, prob)) { return false; } @@ -193,8 +330,7 @@ bool DL_Group::verify_group(RandomNumberGenerator& rng, */ const BigInt& DL_Group::get_p() const { - init_check(); - return m_p; + return data().p(); } /* @@ -202,8 +338,7 @@ const BigInt& DL_Group::get_p() const */ const BigInt& DL_Group::get_g() const { - init_check(); - return m_g; + return data().g(); } /* @@ -211,10 +346,38 @@ const BigInt& DL_Group::get_g() const */ const BigInt& DL_Group::get_q() const { - init_check(); - if(m_q == 0) - throw Invalid_State("DLP group has no q prime specified"); - return m_q; + return data().q(); + } + +size_t DL_Group::p_bits() const + { + return data().p_bits(); + } + +size_t DL_Group::p_bytes() const + { + return data().p_bytes(); + } + +BigInt DL_Group::inverse_mod_p(const BigInt& x) const + { + // precompute?? + return inverse_mod(x, get_p()); + } + +BigInt DL_Group::mod_p(const BigInt& x) const + { + return data().mod_p(x); + } + +BigInt DL_Group::multiply_mod_p(const BigInt& x, const BigInt& y) const + { + return data().multiply_mod_p(x, y); + } + +BigInt DL_Group::power_g_p(const BigInt& x) const + { + return data().power_g_p(x); } /* @@ -222,18 +385,13 @@ const BigInt& DL_Group::get_q() const */ std::vector DL_Group::DER_encode(Format format) const { - init_check(); - - if((m_q == 0) && (format != PKCS_3)) - throw Encoding_Error("The ANSI DL parameter formats require a subgroup"); - if(format == ANSI_X9_57) { return DER_Encoder() .start_cons(SEQUENCE) - .encode(m_p) - .encode(m_q) - .encode(m_g) + .encode(get_p()) + .encode(get_q()) + .encode(get_g()) .end_cons() .get_contents_unlocked(); } @@ -241,9 +399,9 @@ std::vector DL_Group::DER_encode(Format format) const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(m_p) - .encode(m_g) - .encode(m_q) + .encode(get_p()) + .encode(get_g()) + .encode(get_q()) .end_cons() .get_contents_unlocked(); } @@ -251,8 +409,8 @@ std::vector DL_Group::DER_encode(Format format) const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(m_p) - .encode(m_g) + .encode(get_p()) + .encode(get_g()) .end_cons() .get_contents_unlocked(); } @@ -277,41 +435,14 @@ std::string DL_Group::PEM_encode(Format format) const throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); } -/* -* Decode BER encoded parameters -*/ -void DL_Group::BER_decode(const std::vector& data, - Format format) +DL_Group::DL_Group(const uint8_t ber[], size_t ber_len, Format format) { - BigInt new_p, new_q, new_g; - - BER_Decoder decoder(data); - BER_Decoder ber = decoder.start_cons(SEQUENCE); - - if(format == ANSI_X9_57) - { - ber.decode(new_p) - .decode(new_q) - .decode(new_g) - .verify_end(); - } - else if(format == ANSI_X9_42) - { - ber.decode(new_p) - .decode(new_g) - .decode(new_q) - .discard_remaining(); - } - else if(format == PKCS_3) - { - ber.decode(new_p) - .decode(new_g) - .discard_remaining(); - } - else - throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); + m_data = BER_decode_DL_group(ber, ber_len, format); + } - initialize(new_p, new_q, new_g); +void DL_Group::BER_decode(const std::vector& ber, Format format) + { + m_data = BER_decode_DL_group(ber.data(), ber.size(), format); } /* @@ -320,37 +451,18 @@ void DL_Group::BER_decode(const std::vector& data, void DL_Group::PEM_decode(const std::string& pem) { std::string label; + const std::vector ber = unlock(PEM_Code::decode(pem, label)); + Format format = pem_label_to_dl_format(label); - auto ber = unlock(PEM_Code::decode(pem, label)); - - if(label == "DH PARAMETERS") - BER_decode(ber, PKCS_3); - else if(label == "DSA PARAMETERS") - BER_decode(ber, ANSI_X9_57); - else if(label == "X942 DH PARAMETERS" || label == "X9.42 DH PARAMETERS") - BER_decode(ber, ANSI_X9_42); - else - throw Decoding_Error("DL_Group: Invalid PEM label " + label); + m_data = BER_decode_DL_group(ber.data(), ber.size(), format); } -/* -* Create generator of the q-sized subgroup (DSA style generator) -*/ -BigInt DL_Group::make_dsa_generator(const BigInt& p, const BigInt& q) +//static +std::string DL_Group::PEM_for_named_group(const std::string& name) { - const BigInt e = (p - 1) / q; - - if(e == 0 || (p - 1) % q > 0) - throw Invalid_Argument("make_dsa_generator q does not divide p-1"); - - for(size_t i = 0; i != PRIME_TABLE_SIZE; ++i) - { - BigInt g = power_mod(PRIMES[i], e, p); - if(g > 1) - return g; - } - - throw Internal_Error("DL_Group: Couldn't create a suitable generator"); + DL_Group group(name); + DL_Group::Format format = group.get_q().is_zero() ? DL_Group::PKCS_3 : DL_Group::ANSI_X9_42; + return group.PEM_encode(format); } } diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 24b829bd99..823c0ba954 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -1,6 +1,6 @@ /* * Discrete Logarithm Group -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2008,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -12,31 +12,20 @@ namespace Botan { +class DL_Group_Data; + /** -* This class represents discrete logarithm groups. It holds a prime p, -* a prime q = (p-1)/2 and g = x^((p-1)/q) mod p. +* This class represents discrete logarithm groups. It holds a prime +* modulus p, a generator g, and (optionally) a prime q which is a +* factor of (p-1). In most cases g generates the order-q subgroup. */ class BOTAN_PUBLIC_API(2,0) DL_Group final { public: - - /** - * Get the prime p. - * @return prime p - */ - const BigInt& get_p() const; - /** - * Get the prime q. - * @return prime q - */ - const BigInt& get_q() const; - - /** - * Get the base g. - * @return base g + * Determine the prime creation for DL groups. */ - const BigInt& get_g() const; + enum PrimeType { Strong, Prime_Subgroup, DSA_Kosherizer }; /** * The DL group encoding format variants. @@ -52,53 +41,12 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final PKCS3_DH_PARAMETERS = PKCS_3 }; - /** - * Determine the prime creation for DL groups. - */ - enum PrimeType { Strong, Prime_Subgroup, DSA_Kosherizer }; - - /** - * Perform validity checks on the group. - * @param rng the rng to use - * @param strong whether to perform stronger by lengthier tests - * @return true if the object is consistent, false otherwise - */ - bool verify_group(RandomNumberGenerator& rng, bool strong) const; - - /** - * Encode this group into a string using PEM encoding. - * @param format the encoding format - * @return string holding the PEM encoded group - */ - std::string PEM_encode(Format format) const; - - /** - * Encode this group into a string using DER encoding. - * @param format the encoding format - * @return string holding the DER encoded group - */ - std::vector DER_encode(Format format) const; - - /** - * Decode a DER/BER encoded group into this instance. - * @param ber a vector containing the DER/BER encoded group - * @param format the format of the encoded group - */ - void BER_decode(const std::vector& ber, - Format format); - - /** - * Decode a PEM encoded group into this instance. - * @param pem the PEM encoding of the group - */ - void PEM_decode(const std::string& pem); - /** * Construct a DL group with uninitialized internal value. * Use this constructor is you wish to set the groups values * from a DER or PEM encoded group. */ - DL_Group(); + DL_Group() = default; /** * Construct a DL group that is registered in the configuration. @@ -137,7 +85,7 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final size_t pbits = 1024, size_t qbits = 0); /** - * Create a DL group. The prime q will be determined according to p. + * Create a DL group. * @param p the prime p * @param g the base g */ @@ -151,17 +99,120 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final */ DL_Group(const BigInt& p, const BigInt& q, const BigInt& g); + /** + * Decode a BER-encoded DL group param + */ + DL_Group(const uint8_t ber[], size_t ber_len, Format format); + + /** + * Get the prime p. + * @return prime p + */ + const BigInt& get_p() const; + + /** + * Get the prime q, returns zero if q is not used + * @return prime q + */ + const BigInt& get_q() const; + + /** + * Get the base g. + * @return base g + */ + const BigInt& get_g() const; + + /** + * Perform validity checks on the group. + * @param rng the rng to use + * @param strong whether to perform stronger by lengthier tests + * @return true if the object is consistent, false otherwise + */ + bool verify_group(RandomNumberGenerator& rng, bool strong) const; + + /** + * Encode this group into a string using PEM encoding. + * @param format the encoding format + * @return string holding the PEM encoded group + */ + std::string PEM_encode(Format format) const; + + /** + * Encode this group into a string using DER encoding. + * @param format the encoding format + * @return string holding the DER encoded group + */ + std::vector DER_encode(Format format) const; + + /* + * Reduce an integer modulo p + * @return x % p + */ + BigInt mod_p(const BigInt& x) const; + + /* + * Multiply and reduce an integer modulo p + * @return (x*y) % p + */ + BigInt multiply_mod_p(const BigInt& x, const BigInt& y) const; + + BigInt inverse_mod_p(const BigInt& x) const; + + /* + * Modular exponentiation + * @return (g^x) % p + */ + BigInt power_g_p(const BigInt& x) const; + + /** + * Return the size of p in bits + * Same as get_p().bits() + */ + size_t p_bits() const; + + /** + * Return the size of p in bytes + * Same as get_p().bytes() + */ + size_t p_bytes() const; + + /** + * Decode a DER/BER encoded group into this instance. + * @param ber a vector containing the DER/BER encoded group + * @param format the format of the encoded group + */ + void BOTAN_DEPRECATED("Use DL_Group(ber, Format)") BER_decode(const std::vector& ber, Format format); + + /** + * Decode a PEM encoded group into this instance. + * @param pem the PEM encoding of the group + */ + void BOTAN_DEPRECATED("Use DL_Group(std::string)") PEM_decode(const std::string& pem); + /** * Return PEM representation of named DL group */ - static std::string PEM_for_named_group(const std::string& name); + static std::string BOTAN_DEPRECATED("Use DL_Group(name).PEM_encode()") + PEM_for_named_group(const std::string& name); + + /* + * For internal use only + */ + static std::shared_ptr DL_group_info(const std::string& name); + private: - static BigInt make_dsa_generator(const BigInt&, const BigInt&); + static std::shared_ptr load_DL_group_info(const char* p_str, + const char* q_str, + const char* g_str); + + static std::shared_ptr load_DL_group_info(const char* p_str, + const char* g_str); + + static std::shared_ptr + BER_decode_DL_group(const uint8_t data[], size_t data_len, DL_Group::Format format); - void init_check() const; - void initialize(const BigInt&, const BigInt&, const BigInt&); - bool m_initialized; - BigInt m_p, m_q, m_g; + const DL_Group_Data& data() const; + std::shared_ptr m_data; }; } diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index 6750984060..94729d1365 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -9,503 +9,159 @@ namespace Botan { -std::string DL_Group::PEM_for_named_group(const std::string& name) +//static +std::shared_ptr DL_Group::DL_group_info(const std::string& name) { - if(name == "modp/ietf/1024") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIIBCgKBgQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si" - "UUoIeY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummN+1r" - "C/9ctvQGt+3uOGv7Womfpa6fJBF8Sx/mSShmUezmU4H//////////wIBAgKBgH//" - "////////5IftURC0YRpiYzFFwG4OaJSBJwRFM+Y6AQXfUx2JzZEopQQ8xxoCbvfK" - "jNnmnSGNmBWFNvkvihun8Jq2tqjhIvJC2rsxLz9jeiYhdNMb9rWF/65begNb9vcc" - "Nf2tRM/S10+SCL4lj/MklDMo9nMpwP//////////" - "-----END X942 DH PARAMETERS-----"; + /* TLS FFDHE groups */ - if(name == "modp/srp/1024") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIIBCgKBgQDurwq5rbON1pwz+Ar6j8XoYHJhh3X/PAueojFMnCVldtZ033SW6oHT" - "ODtIE9aSxuDg1djiULmL5I5JXB1gidrRXcfXtGFU1rbOjvStabFdSYJVmyl7zxiF" - "xSn1ZmYOV+xo7bw8BXJswC/Uy/SXbqqa/VE4/oN2Q1ufxh0vwOsG4wIBAgKBgHdX" - "hVzW2cbrThn8BX1H4vQwOTDDuv+eBc9RGKZOErK7azpvukt1QOmcHaQJ60ljcHBq" - "7HEoXMXyRySuDrBE7Wiu4+vaMKprW2dHela02K6kwSrNlL3njELilPqzMwcr9jR2" - "3h4CuTZgF+pl+ku3VU1+qJx/Qbshrc/jDpfgdYNx" - "-----END X942 DH PARAMETERS-----"; + if(name == "ffdhe/ietf/2048") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/ietf/1536") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIIBigKBwQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si" - "UUoIeY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummN+1r" - "C/9ctvQGt+3uOGv7Womfpa6fJBF8Sx/mSShmUezkWz3CAHy4oWO/BZjaSDYcVdOa" - "aRY/qP0kz1+DZV0j3KOtlhxi81YghVK7ntUpB3CWlm1nDDVOSryYBPF0bAjKI3Mn" - "//////////8CAQICgcB//////////+SH7VEQtGEaYmMxRcBuDmiUgScERTPmOgEF" - "31Mdic2RKKUEPMcaAm73yozZ5p0hjZgVhTb5L4obp/Catrao4SLyQtq7MS8/Y3om" - "IXTTG/a1hf+uW3oDW/b3HDX9rUTP0tdPkgi+JY/zJJQzKPZyLZ7hAD5cULHfgsxt" - "JBsOKunNNIsf1H6SZ6/Bsq6R7lHWyw4xeasQQqldz2qUg7hLSzazhhqnJV5MAni6" - "NgRlEbmT//////////8=" - "-----END X942 DH PARAMETERS-----"; + if(name == "ffdhe/ietf/3072") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/srp/1536") - return - "-----BEGIN DH PARAMETERS-----" - "MIHHAoHBAJ3vPK+5OSd6sfEqhheke7vbpR30maxMgL7uqWFLGcxNX09fVW4ny95R" - "xqlL5GB6KRVYkDug0PhDgLZVu5oi6NzfAop87Gfw0IE0sci5eYkUm2CeC+O6tj1H" - "VIOB28Wx/HZOP0tT3Z2hFYv9PiucjPVu3wGVOTSWJ9sv1T0kt8SGZXcuQ31sf4zk" - "QnNK98y3roN8Jkrjqb64f4ov6bi1KS5aAh//XpFHnoznoowkQsbzFRgPk0maI03P" - "duP+0TX5uwIBAg==" - "-----END DH PARAMETERS-----"; + if(name == "ffdhe/ietf/4096") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/ietf/2048") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIICDAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAgKCAQB//////////+SH7VEQtGEa" - "YmMxRcBuDmiUgScERTPmOgEF31Mdic2RKKUEPMcaAm73yozZ5p0hjZgVhTb5L4ob" - "p/Catrao4SLyQtq7MS8/Y3omIXTTG/a1hf+uW3oDW/b3HDX9rUTP0tdPkgi+JY/z" - "JJQzKPZyLZ7hAD5cULHfgsxtJBsOKunNNIsf1H6SZ6/Bsq6R7lHWyw4xeasQQqld" - "z2qUg7hLSzazhhqnJV5MAni6NgRlDBC+GUgvIxcbZx3xzzuWDAdDAc2TwdF2A9FH" - "2uKu+DemKWTvFeX7SqwLjBzKpL51SrVyiukTDEx9AogKuUctRVZVNH//////////" - "-----END X942 DH PARAMETERS-----"; + if(name == "ffdhe/ietf/6144") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/srp/2048") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIICDAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ" - "7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq" - "6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA" - "Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z" - "eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96" - "5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAgKCAQBWNe2gmSVNTfizby8JxKwX" - "17lbMozD9wP+GMlKHtqwKFG5lOXaUEz2wMnwOruz0J7qkYlVpYGYhua/pFTtAn6o" - "dAQctPbbs9hnsEqLzQsdWbMNAv3q/VV0FIxUyxeFydwq/LzJ9kuvdVQGugVt+n+6" - "OazoIOrhn1OOlA8iNYo7neVL2h0R/cALO16QPSG2MkD46VyDw4ujDS3OmXNEfDuk" - "KiKR2pJYar6vU70Tuul2fQGWfe36l9m8MLATyAJyvXNXw6c5gecplM5mAg494YRs" - "FStMedRoYcE41xr8dO3920pa5AHsT71yGu8RtqkvqjrNsvG5fmtHeQfTiI/PJX+5" - "-----END X942 DH PARAMETERS-----"; + if(name == "ffdhe/ietf/8192") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/ietf/3072") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIIDDAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS" - "yv//////////AgECAoIBgH//////////5IftURC0YRpiYzFFwG4OaJSBJwRFM+Y6" - "AQXfUx2JzZEopQQ8xxoCbvfKjNnmnSGNmBWFNvkvihun8Jq2tqjhIvJC2rsxLz9j" - "eiYhdNMb9rWF/65begNb9vccNf2tRM/S10+SCL4lj/MklDMo9nItnuEAPlxQsd+C" - "zG0kGw4q6c00ix/UfpJnr8GyrpHuUdbLDjF5qxBCqV3PapSDuEtLNrOGGqclXkwC" - "eLo2BGUMEL4ZSC8jFxtnHfHPO5YMB0MBzZPB0XYD0Ufa4q74N6YpZO8V5ftKrAuM" - "HMqkvnVKtXKK6RMMTH0CiAq5Ry1FVWIW1pmLhoIoPRnUKpDV745dMnZ9woIsbfeF" - "RXU4q66DBj7Zy4fC03DyY9X610ZthJnrj0ZKcCUSsM7ncekTDWl3NfiX/QNsxQQy" - "bDsBOZ9kNTIpD5WMC72QBl3wi6u9MK62O4TEYF1so3EEcSfQOnLVmKHtrf5wfohH" - "JcFokFSdaWV//////////w==" - "-----END X942 DH PARAMETERS-----"; + /* IETF IPsec groups */ - if(name == "modp/srp/3072") - return - "-----BEGIN DH PARAMETERS-----" - "MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS" - "yv//////////AgEF" - "-----END DH PARAMETERS-----"; + if(name == "modp/ietf/1024") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/ietf/4096") - return - "-----BEGIN X942 DH PARAMETERS-----" - "MIIEDAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" - "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" - "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" - "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQICggIA" - "f//////////kh+1RELRhGmJjMUXAbg5olIEnBEUz5joBBd9THYnNkSilBDzHGgJu" - "98qM2eadIY2YFYU2+S+KG6fwmra2qOEi8kLauzEvP2N6JiF00xv2tYX/rlt6A1v2" - "9xw1/a1Ez9LXT5IIviWP8ySUMyj2ci2e4QA+XFCx34LMbSQbDirpzTSLH9R+kmev" - "wbKuke5R1ssOMXmrEEKpXc9qlIO4S0s2s4YapyVeTAJ4ujYEZQwQvhlILyMXG2cd" - "8c87lgwHQwHNk8HRdgPRR9rirvg3pilk7xXl+0qsC4wcyqS+dUq1corpEwxMfQKI" - "CrlHLUVVYhbWmYuGgig9GdQqkNXvjl0ydn3Cgixt94VFdTirroMGPtnLh8LTcPJj" - "1frXRm2EmeuPRkpwJRKwzudx6RMNaXc1+Jf9A2zFBDJsOwE5n2Q1MikPlYwLvZAG" - "XfCLq70wrrY7hMRgXWyjcQRxJ9A6ctWYoe2t/nB+iEclwWiQVJCEAI05HglTw/Nr" - "xDjNCF7dLZNM4ZOMNXpxHg1KNBpbCoXtEsH05RVqJnRt3eFtgm9HfJdHfgoP32VT" - "FD4so6c14C7M2Usn0Ehh0RGd0MMorfP2j7CUuGdxa9fcDe67ELgkDmgDSJPq2C1U" - "ydp1TEbH7uDDf9vuSFNgR6b6GuSaAxjM//////////8=" - "-----END X942 DH PARAMETERS-----"; + if(name == "modp/ietf/1536") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/srp/4096") - return - "-----BEGIN DH PARAMETERS-----" - "MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" - "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" - "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" - "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU=" - "-----END DH PARAMETERS-----"; + if(name == "modp/ietf/2048") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/ietf/6144") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIGDAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" - "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" - "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" - "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG" - "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU" - "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId" - "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha" - "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/" - "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA" - "JP//////////AoIDAH//////////5IftURC0YRpiYzFFwG4OaJSBJwRFM+Y6AQXf" - "Ux2JzZEopQQ8xxoCbvfKjNnmnSGNmBWFNvkvihun8Jq2tqjhIvJC2rsxLz9jeiYh" - "dNMb9rWF/65begNb9vccNf2tRM/S10+SCL4lj/MklDMo9nItnuEAPlxQsd+CzG0k" - "Gw4q6c00ix/UfpJnr8GyrpHuUdbLDjF5qxBCqV3PapSDuEtLNrOGGqclXkwCeLo2" - "BGUMEL4ZSC8jFxtnHfHPO5YMB0MBzZPB0XYD0Ufa4q74N6YpZO8V5ftKrAuMHMqk" - "vnVKtXKK6RMMTH0CiAq5Ry1FVWIW1pmLhoIoPRnUKpDV745dMnZ9woIsbfeFRXU4" - "q66DBj7Zy4fC03DyY9X610ZthJnrj0ZKcCUSsM7ncekTDWl3NfiX/QNsxQQybDsB" - "OZ9kNTIpD5WMC72QBl3wi6u9MK62O4TEYF1so3EEcSfQOnLVmKHtrf5wfohHJcFo" - "kFSQhACNOR4JU8Pza8Q4zQhe3S2TTOGTjDV6cR4NSjQaWwqF7RLB9OUVaiZ0bd3h" - "bYJvR3yXR34KD99lUxQ+LKOnNeAuzNlLJ9BIYdERndDDKK3z9o+wlLhncWvX3A3u" - "uxC4JA5oA0iT6tgtVMnadUxGx+7gw3/b7khTYEem+hrkmgFCSRth/VppPjgTYOpu" - "WTATI29kuo87Ht0b3vx/ygNWzymHcu2cF6CYANdYNSn2yBPsGIvLk9hDLUSMbR9t" - "9efNinaiZzZdZ2pdje2/iiPzZhKlmZAoqJXr16E33HoAm8ZpX6zB5QDjJcl2eBl1" - "Cui5DoH6QWvnNzp/e2qvOBejTAZBWtQgGMgFjk8s8+S/32P0eZHUvT8bZkRfB46i" - "2/+sLWKl6gPZFaCqVWZHtr9fpHDsCmYvaQfAG/BTy4r3eU3xlANQ6sXb4u07eqhV" - "HsUP3/h1jOZY0Ynqrm0rZPYXeUsZHD/0a7ceAjQCH0ezH6Qwdwlflq2Fujprc0p8" - "jzbmIBJ//////////wIBAg==" - "-----END DSA PARAMETERS-----"; + if(name == "modp/ietf/3072") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/srp/6144") - return - "-----BEGIN DH PARAMETERS-----" - "MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" - "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" - "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" - "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG" - "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU" - "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId" - "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha" - "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/" - "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA" - "JP//////////AgEF" - "-----END DH PARAMETERS-----"; + if(name == "modp/ietf/4096") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF", + "0x2"); + } + + if(name == "modp/ietf/6144") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF", + "0x2"); + } if(name == "modp/ietf/8192") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIIDAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" - "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" - "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" - "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG" - "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU" - "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId" - "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha" - "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/" - "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R" - "WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk" - "ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw" - "xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4" - "Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i" - "aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU" - "38gfVuiAuW5xYMmA3Zjt09///////////wKCBAB//////////+SH7VEQtGEaYmMx" - "RcBuDmiUgScERTPmOgEF31Mdic2RKKUEPMcaAm73yozZ5p0hjZgVhTb5L4obp/Ca" - "trao4SLyQtq7MS8/Y3omIXTTG/a1hf+uW3oDW/b3HDX9rUTP0tdPkgi+JY/zJJQz" - "KPZyLZ7hAD5cULHfgsxtJBsOKunNNIsf1H6SZ6/Bsq6R7lHWyw4xeasQQqldz2qU" - "g7hLSzazhhqnJV5MAni6NgRlDBC+GUgvIxcbZx3xzzuWDAdDAc2TwdF2A9FH2uKu" - "+DemKWTvFeX7SqwLjBzKpL51SrVyiukTDEx9AogKuUctRVViFtaZi4aCKD0Z1CqQ" - "1e+OXTJ2fcKCLG33hUV1OKuugwY+2cuHwtNw8mPV+tdGbYSZ649GSnAlErDO53Hp" - "Ew1pdzX4l/0DbMUEMmw7ATmfZDUyKQ+VjAu9kAZd8IurvTCutjuExGBdbKNxBHEn" - "0Dpy1Zih7a3+cH6IRyXBaJBUkIQAjTkeCVPD82vEOM0IXt0tk0zhk4w1enEeDUo0" - "GlsKhe0SwfTlFWomdG3d4W2Cb0d8l0d+Cg/fZVMUPiyjpzXgLszZSyfQSGHREZ3Q" - "wyit8/aPsJS4Z3Fr19wN7rsQuCQOaANIk+rYLVTJ2nVMRsfu4MN/2+5IU2BHpvoa" - "5JoBQkkbYf1aaT44E2DqblkwEyNvZLqPOx7dG978f8oDVs8ph3LtnBegmADXWDUp" - "9sgT7BiLy5PYQy1EjG0fbfXnzYp2omc2XWdqXY3tv4oj82YSpZmQKKiV69ehN9x6" - "AJvGaV+sweUA4yXJdngZdQrouQ6B+kFr5zc6f3tqrzgXo0wGQVrUIBjIBY5PLPPk" - "v99j9HmR1L0/G2ZEXweOotv/rC1ipeoD2RWgqlVmR7a/X6Rw7ApmL2kHwBvwU8uK" - "93lN8ZQDUOrF2+LtO3qoVR7FD9/4dYzmWNGJ6q5tK2T2F3lLGRw/9Gu3HgI0Ah9H" - "sx+kMHcJX5athbo6a3NKfI823wisulHJN4l/cvIcO75bVJlvxmxfYmg53JjdHeQZ" - "W0bO6YA6D9PfxX4j9pK7e0m10hIzHVWxzi1yerQaEdo6FfjkvBHHi2XxzrKW8f7c" - "X35CRWyRERcCUgG+A4n1q9QNEfhjmjn+MjZ1GDWl5eRDF8HC7v1Opb/RYEP0PLQZ" - "gfat7p0DFZ562dE8UzaVCfwfonwW75iHcDpVtRsiy/RM0BKu4LJ5jmKEI0KO/NWk" - "DK72v1DY6ohev3Omuf15teGPZ9E0GsgjenXDz8kgBKHFpA42a8RNABdq9xwV5IyG" - "034BNyPKrHIjqzv01U8YKHE7K0pv5A+rdEBctziwZMBuzHbp7///////////AgEC" - "-----END DSA PARAMETERS-----"; + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", + "0x2"); + } - if(name == "modp/srp/8192") - return - "-----BEGIN DH PARAMETERS-----" - "MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" - "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" - "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" - "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh" - "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq" - "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM" - "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq" - "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI" - "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O" - "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI" - "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG" - "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU" - "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId" - "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha" - "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/" - "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R" - "WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk" - "ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw" - "xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4" - "Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i" - "aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU" - "38gfVuiAuW5xYMmA3Zjt09///////////wIBEw==" - "-----END DH PARAMETERS-----"; + /* SRP groups */ - if(name == "dsa/jce/1024") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIBHgKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9" - "jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX" - "58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8V" - "IwvMspK5gqLrhAvwWBz1AoGARpYDUS4wJ4zTlHWV2yLuyYJqYyKtyXNE9B10DDJX" - "JMj577qn1NgD/4xgnc0QDrxb38+tfGpCX66nhuogUOvpg1HqH9of3yTWlHqmuaoj" - "dmlTgC9NfUqOy6BtGXaKJJH/sW0O+cQ6mbX3FnL/bwoktETQc20E04oaEyLa9s3Y" - "jJ0=" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/1024") + { + return load_DL_group_info("0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", + "0x2"); + } - if(name == "dsa/botan/2048") - return - "-----BEGIN DSA PARAMETERS-----" - "MIICLAKCAQEAkcSKT9+898Aq6V59oSYSK13Shk9Vm4fo50oobVL1m9HeaN/WRdDg" - "DGDAgAMYkZgDdO61lKUyv9Z7mgnqxLhmOgeRDmjzlGX7cEDSXfE5MuusQ0elMOy6" - "YchU+biA08DDZgCAWHxFVm2t4mvVo5S+CTtMDyS1r/747GxbPlf7iQJam8FnaZMh" - "MeFtPJTvyrGNDfBhIDzFPmEDvHLVWUv9QMplOA9EqahR3LB1SV/AM6ilgHGhvXj+" - "BS9mVVZI60txnSr+i0iA+NrW8VgYuhePiSdMhwvpuW6wjEbEAEDMLv4d+xsYaN0x" - "nePDSjKmOrbrEiQgmkGWgMx5AtFyjU354QIhAIzX1FD4bwrZTu5M5GmodW0evRBY" - "JBlD6v+ws1RYXpJNAoIBAA2fXgdhtNvRgz1qsalhoJlsXyIwP3LYTBQPZ8Qx2Uq1" - "cVvqgaDJjTnOS8941rnryJXTT+idlAkdWEhhXvFfXobxHZb2yWniA936WDVkIKSc" - "tES1lbkBqTPP4HZ7WU8YoHt/kd7NukRriJkPePL/kfL+fNQ/0uRtGOraH3u2YCxh" - "f27zpLKE8v2boQo2BC3o+oeiyjZZf+yBFXoUheRAQd8CgwERy4gLvm7UlIFIhvll" - "zcMTX1zPE4Nyi/ZbgG+WksCxDWxMCcdabKO0ATyxarLBBfa+I66pAA6rIXiYX5cs" - "mAV+HIbkTnIYaI6krg82NtzKdFydzU5q/7Z8y8E9YTE=" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/1536") + { + /* + (p-1)/2 is prime, but g is not a generator of subgroup q so set q == 0 to bypass generator check - if(name == "dsa/botan/3072") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIDLAKCAYEA5LUIgHWWY1heFCRgyi2d/xMviuTIQN2jomZoiRJP5WOLhOiim3rz" - "+hIJvmv8S1By7Tsrc4e68/hX9HioAijvNgC3az3Pth0g00RlslBtLK+H3259wM6R" - "vS0Wekb2rcwxxTHk+cervbkq3fNbCoBsZikqX14X6WTdCZkDczrEKKs12A6m9oW/" - "uovkBo5UGK5eytno/wc94rY+Tn6tNciptwtb1Hz7iNNztm83kxk5sKtxvVWVgJCG" - "2gFVM30YWg5Ps2pRmxtiArhZHmACRJzxzTpmOE9tIHOxzXO+ypO68eGmEX0COPIi" - "rh7X/tGFqJDn9n+rj+uXU8wTSlGD3+h64llfe1wtn7tCJJ/dWVE+HTOWs+sv2GaE" - "8oWoRI/nV6ApiBxAdguU75Gb35dAw4OJWZ7FGm6btRmo4GhJHpzgovz+PLYNZs8N" - "+tIKjsaEBIaEphREV1vRck1zUrRKdgB3s71r04XOWwpyUMwL92jagpI4Buuc+7E4" - "hDcxthggjHWbAiEAs+vTZOxp74zzuvZDt1c0sWM5suSeXN4bWcHp+0DuDFsCggGA" - "K+0h7vg5ZKIwrom7px2ffDnFL8gim047x+WUTTKdoQ8BDqyee69sAJ/E6ylgcj4r" - "Vt9GY+TDrIAOkljeL3ZJ0gZ4KJP4Ze/KSY0u7zAHTqXop6smJxKk2UovOwuaku5A" - "D7OKPMWaXcfkNtXABLIuNQKDgbUck0B+sy1K4P1Cy0XhLQ7O6KJiOO3iCCp7FSIR" - "PGbO+NdFxs88uUX4TS9N4W1Epx3hmCcOE/A1U8iLjTI60LlIob8hA6lJl5tu0W+1" - "88lT2Vt8jojKZ9z1pjb7nKOdkkIV96iE7Wx+48ltjZcVQnl0t8Q1EoLhPTdz99KL" - "RS8QiSoTx1hzKN6kgntrNpsqjcFyrcWD9R8qZZjFSD5bxGewL5HQWcQC0Y4sJoD3" - "dqoG9JKAoscsF8xC1bbnQMXEsas8UcLtCSviotiwU65Xc9FCXtKwjwbi3VBZLfGk" - "eMFVkc39EVZP+I/zi3IdQjkv2kcyEtz9jS2IqXagCv/m//tDCjWeZMorNRyiQSOU" - "-----END DSA PARAMETERS-----"; + This doesn't matter for SRP + */ + return load_DL_group_info("0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB", + "0", + "0x2"); + } - if(name == "ffdhe/ietf/2048") - return - "-----BEGIN DSA PARAMETERS-----" - "MIICDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" - "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" - "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" - "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" - "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" - "ssbzSibBsu/6iGtCOGEoXJf//////////wKCAQB//////////9b8KixRXaVNV+4r" - "EBOennjsXOLB5xabStTwmyCKMhn95knO5xJNn3y+l/GxsYY67HtA2QFXYjC9ae+P" - "aur+srCSGfqPr4M3aEKxsqqe9o152quJrz+r5JrMJ4Y4cHNFu/FTRO159/Q5Dvis" - "UJtW85qYVmUnpB08vV4FWMFZkn2w6IRUpdlkcf3ctW1bsGv6NA6noVHvHKb6Vyt2" - "87G5XYyFg9PkdwU2uE8BfnDm+/F2YBoCZpQaF7DIuX9OdMLB/8cniRl3eUDB4f8d" - "jaY31rmd2v5eF2EQAuLHeMG+i0HZY3mlE2DZd/1ENaEcMJQuS///////////AgEC" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/2048") + { + return load_DL_group_info("0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73", + "0x2"); + } - if(name == "ffdhe/ietf/3072") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIDDAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" - "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" - "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" - "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" - "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" - "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" - "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" - "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu" - "N///////////AoIBgH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" - "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" - "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" - "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" - "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" - "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" - "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" - "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" - "lbNjFxv//////////wIBAg==" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/3072") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF", + "0x5"); + } - if(name == "ffdhe/ietf/4096") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIEDAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" - "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" - "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" - "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" - "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" - "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" - "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" - "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" - "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" - "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" - "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CggIAf///" - "///////W/CosUV2lTVfuKxATnp547FziwecWm0rU8JsgijIZ/eZJzucSTZ98vpfx" - "sbGGOux7QNkBV2IwvWnvj2rq/rKwkhn6j6+DN2hCsbKqnvaNedqria8/q+SazCeG" - "OHBzRbvxU0Tteff0OQ74rFCbVvOamFZlJ6QdPL1eBVjBWZJ9sOiEVKXZZHH93LVt" - "W7Br+jQOp6FR7xym+lcrdvOxuV2MhYPT5HcFNrhPAX5w5vvxdmAaAmaUGhewyLl/" - "TnTCwf/HJ4kZd3lAweH/HY2mN9a5ndr+XhdhEALix3jBvotB2WN5pRNg2Xf9RDWh" - "HDCP5+5vGq2dsoyBrd4aem98zgEcMNo35OtzZIO9bI6TSPv79yzGWH1gw2yOV38J" - "hMKJyThaCYZJ3iG8onp+oilxa6bpsnlxDzj6pf+uV0FVzk77T3Q2leKRGx0G1eKQ" - "y82G9W0O380hauIkJwVeaDX9Ke73ng2Qdx/qzr4S8g6Vs08PeLc3qWGLJvp9vJh0" - "8nLEK9tWPq+ha0+2jDux546qgaACQ/qt0r8Y5j04muRDd9oYxXa1DwCWzzQZVIOw" - "BUjAmGI247x8uNaAHASUzNGZ5cW9DQ7cnrigAB4VJ2dU/MaFZgVBSObnZL7nx2Ta" - "rT/EUjWm2tQo+iDBcONFAD8vMq+1f/////////8CAQI=" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/4096") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF", + "0x5"); + } - if(name == "ffdhe/ietf/6144") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIGDAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" - "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" - "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" - "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" - "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" - "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" - "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" - "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" - "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" - "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" - "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq" - "OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE" - "HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj" - "w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8" - "vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70" - "A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO" - "Zf//////////AoIDAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCb" - "IIoyGf3mSc7nEk2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGy" - "qp72jXnaq4mvP6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVY" - "wVmSfbDohFSl2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+" - "cOb78XZgGgJmlBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4" - "wb6LQdljeaUTYNl3/UQ1oRwwj+fubxqtnbKMga3eGnpvfM4BHDDaN+Trc2SDvWyO" - "k0j7+/csxlh9YMNsjld/CYTCick4WgmGSd4hvKJ6fqIpcWum6bJ5cQ84+qX/rldB" - "Vc5O+090NpXikRsdBtXikMvNhvVtDt/NIWriJCcFXmg1/Snu954NkHcf6s6+EvIO" - "lbNPD3i3N6lhiyb6fbyYdPJyxCvbVj6voWtPtow7seeOqoGgAkP6rdK/GOY9OJrk" - "Q3faGMV2tQ8Als80GVSDsAVIwJhiNuO8fLjWgBwElMzRmeXFvQ0O3J64oAAeFSdn" - "VPzGhWYFQUjm52S+58dk2q0/xFI1ptrUKPogwXDjRQA/LwbsgQX+slsigbY9JzO+" - "lhwplR0R3SIhZXqfUx3aKhlNuxJkSL3usljgfqZZx0YZpjgOHWbWgyv+Z/Y4zY+u" - "HycjAg+cQKP9pn7aO9KSOPvU1LSIXCqZF22xoGxQB3hJGoKI8YVfYP/88dE3P9lP" - "xgwYEeGsPxxtADvs2jsfJyXKWV3gymMyjzvlfMl3VWARlRQN+1nTnOCRMItBBXRt" - "rCPTPl985ISNoxapxmuVgbo1c7+vMRSWGIqxVCMoLuQW3CoZxXJPqRrkrciLxmeW" - "6uVnegH2TowIYxOVgi2duPzuNcBrH+6lR01tjzSxU0qTahiw4NIOq4a8nG1qUgcZ" - "TmhyBzL//////////wIBAg==" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/6144") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF", + "0x5"); + } - if(name == "ffdhe/ietf/8192") - return - "-----BEGIN DSA PARAMETERS-----" - "MIIIDAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz" - "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a" - "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7" - "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi" - "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD" - "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3" - "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32" - "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e" - "8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx" - "iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K" - "zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq" - "OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE" - "HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj" - "w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8" - "vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70" - "A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq" - "qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI" - "KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C" - "UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh" - "e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm" - "bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh" - "TgEeKpSDj/iM1oyLt8XGQkz//////////wKCBAB//////////9b8KixRXaVNV+4r" - "EBOennjsXOLB5xabStTwmyCKMhn95knO5xJNn3y+l/GxsYY67HtA2QFXYjC9ae+P" - "aur+srCSGfqPr4M3aEKxsqqe9o152quJrz+r5JrMJ4Y4cHNFu/FTRO159/Q5Dvis" - "UJtW85qYVmUnpB08vV4FWMFZkn2w6IRUpdlkcf3ctW1bsGv6NA6noVHvHKb6Vyt2" - "87G5XYyFg9PkdwU2uE8BfnDm+/F2YBoCZpQaF7DIuX9OdMLB/8cniRl3eUDB4f8d" - "jaY31rmd2v5eF2EQAuLHeMG+i0HZY3mlE2DZd/1ENaEcMI/n7m8arZ2yjIGt3hp6" - "b3zOARww2jfk63Nkg71sjpNI+/v3LMZYfWDDbI5XfwmEwonJOFoJhkneIbyien6i" - "KXFrpumyeXEPOPql/65XQVXOTvtPdDaV4pEbHQbV4pDLzYb1bQ7fzSFq4iQnBV5o" - "Nf0p7veeDZB3H+rOvhLyDpWzTw94tzepYYsm+n28mHTycsQr21Y+r6FrT7aMO7Hn" - "jqqBoAJD+q3SvxjmPTia5EN32hjFdrUPAJbPNBlUg7AFSMCYYjbjvHy41oAcBJTM" - "0Znlxb0NDtyeuKAAHhUnZ1T8xoVmBUFI5udkvufHZNqtP8RSNaba1Cj6IMFw40UA" - "Py8G7IEF/rJbIoG2PSczvpYcKZUdEd0iIWV6n1Md2ioZTbsSZEi97rJY4H6mWcdG" - "GaY4Dh1m1oMr/mf2OM2Prh8nIwIPnECj/aZ+2jvSkjj71NS0iFwqmRdtsaBsUAd4" - "SRqCiPGFX2D//PHRNz/ZT8YMGBHhrD8cbQA77No7Hyclylld4MpjMo875XzJd1Vg" - "EZUUDftZ05zgkTCLQQV0bawj0z5ffOSEjaMWqcZrlYG6NXO/rzEUlhiKsVQjKC7k" - "FtwqGcVyT6ka5K3Ii8ZnlurlZ3oB9k6MCGMTlYItnbj87jXAax/upUdNbY80sVNK" - "k2oYsODSDquGvJxtalIHGU5n+jVVG1aAJnsAZBwPIS0Y7KjXMn7ZH+dkqE6htD/1" - "tPbo5i8FxmHe+yWId8NbGKFR1cQUqq2Xuj5JkzLllgeOYA3rgRScRBzpV4LyKigl" - "Y8W6wUEUI2BdGuGvriyLBmAjfsEoqg/jRk5DWBFduEzDtSMHOijUVJiEuB/3DhC/" - "NhwTcpYo1TSPByEefkz08YsoYJC9sSQLZtbNSvzq3ADKRGzgUFD/GDrSu/EYwfwO" - "pR+X0iuPfkZwXUUn9FtCrv85WFM3b2l91f3yxRh9fV8OLrjUPxe6D3xg/0N/U13+" - "8pgzv4bL6I6k+9QiHoQRcoNU+jCnAI8VSkHH/EZrRkXb4uMhJn//////////AgEC" - "-----END DSA PARAMETERS-----"; + if(name == "modp/srp/8192") + { + return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", + "0x13"); + } + + /* DSA groups */ + + if(name == "dsa/jce/1024") + { + return load_DL_group_info("0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7", + "0x9760508F15230BCCB292B982A2EB840BF0581CF5", + "0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D"); + } + + if(name == "dsa/botan/2048") + { + return load_DL_group_info("0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1", + "0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D", + "0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131"); + } + + if(name == "dsa/botan/3072") + { + return load_DL_group_info("0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B", + "0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B", + "0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394"); + } - return ""; + return std::shared_ptr(); } } diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index d402931c50..70aa526ef7 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -43,25 +43,23 @@ class DL_Group_Tests final : public Test const std::string pem2 = orig.PEM_encode(Botan::DL_Group::ANSI_X9_57); const std::string pem3 = orig.PEM_encode(Botan::DL_Group::PKCS_3); - Botan::DL_Group group; + Botan::DL_Group group1(pem1); - group.PEM_decode(pem1); + result.test_eq("Same p in X9.42 decoding", group1.get_p(), orig.get_p()); + result.test_eq("Same q in X9.42 decoding", group1.get_q(), orig.get_q()); + result.test_eq("Same g in X9.42 decoding", group1.get_g(), orig.get_g()); - result.test_eq("Same p in X9.42 decoding", group.get_p(), orig.get_p()); - result.test_eq("Same q in X9.42 decoding", group.get_q(), orig.get_q()); - result.test_eq("Same g in X9.42 decoding", group.get_g(), orig.get_g()); + Botan::DL_Group group2(pem2); - group.PEM_decode(pem2); + result.test_eq("Same p in X9.57 decoding", group2.get_p(), orig.get_p()); + result.test_eq("Same q in X9.57 decoding", group2.get_q(), orig.get_q()); + result.test_eq("Same g in X9.57 decoding", group2.get_g(), orig.get_g()); - result.test_eq("Same p in X9.57 decoding", group.get_p(), orig.get_p()); - result.test_eq("Same q in X9.57 decoding", group.get_q(), orig.get_q()); - result.test_eq("Same g in X9.57 decoding", group.get_g(), orig.get_g()); + Botan::DL_Group group3(pem3); - group.PEM_decode(pem3); - - result.test_eq("Same p in X9.57 decoding", group.get_p(), orig.get_p()); + result.test_eq("Same p in X9.57 decoding", group3.get_p(), orig.get_p()); // no q in PKCS #3 format - result.test_eq("Same g in X9.57 decoding", group.get_g(), orig.get_g()); + result.test_eq("Same g in X9.57 decoding", group3.get_g(), orig.get_g()); return result; } From 4dcff1874ad430269bb7d75818b906b34331d919 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 11:45:35 -0500 Subject: [PATCH 0654/1008] Use new DL_Group functions --- src/lib/misc/srp6/srp6.cpp | 16 +++---- src/lib/pubkey/dh/dh.cpp | 10 ++-- src/lib/pubkey/dl_algo/dl_algo.h | 10 ++++ src/lib/pubkey/dsa/dsa.cpp | 66 ++++++++++++++------------ src/lib/pubkey/elgamal/elgamal.cpp | 75 +++++++++++++----------------- src/lib/pubkey/rsa/rsa.cpp | 2 +- 6 files changed, 93 insertions(+), 86 deletions(-) diff --git a/src/lib/misc/srp6/srp6.cpp b/src/lib/misc/srp6/srp6.cpp index e41c67c819..94a6fe4a45 100644 --- a/src/lib/misc/srp6/srp6.cpp +++ b/src/lib/misc/srp6/srp6.cpp @@ -86,24 +86,24 @@ srp6_client_agree(const std::string& identifier, const BigInt& g = group.get_g(); const BigInt& p = group.get_p(); - const size_t p_bytes = group.get_p().bytes(); + const size_t p_bytes = group.p_bytes(); if(B <= 0 || B >= p) throw Exception("Invalid SRP parameter from server"); - BigInt k = hash_seq(hash_id, p_bytes, p, g); + const BigInt k = hash_seq(hash_id, p_bytes, p, g); - BigInt a(rng, 256); + const BigInt a(rng, 256); - BigInt A = power_mod(g, a, p); + const BigInt A = group.power_g_p(a); - BigInt u = hash_seq(hash_id, p_bytes, A, B); + const BigInt u = hash_seq(hash_id, p_bytes, A, B); const BigInt x = compute_x(hash_id, identifier, password, salt); - BigInt S = power_mod((B - (k * power_mod(g, x, p))) % p, (a + (u * x)), p); + const BigInt S = power_mod((B - (k * power_mod(g, x, p))) % p, (a + (u * x)), p); - SymmetricKey Sk(BigInt::encode_1363(S, p_bytes)); + const SymmetricKey Sk(BigInt::encode_1363(S, p_bytes)); return std::make_pair(A, Sk); } @@ -137,7 +137,7 @@ BigInt SRP6_Server_Session::step1(const BigInt& v, const BigInt k = hash_seq(hash_id, m_p_bytes, p, g); - m_B = (v*k + power_mod(g, m_b, p)) % p; + m_B = group.mod_p(v*k + group.power_g_p(m_b));; return m_B; } diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 2a7742738f..b8b09ec3ff 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -49,9 +49,9 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, m_x = x_arg; } - if(m_y == 0) + if(m_y.is_zero()) { - m_y = power_mod(group_g(), m_x, group_p()); + m_y = m_group.power_g_p(m_x); } } @@ -62,8 +62,10 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector& key_bits) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { - if(m_y == 0) - m_y = power_mod(group_g(), m_x, group_p()); + if(m_y.is_zero()) + { + m_y = m_group.power_g_p(m_x); + } } /* diff --git a/src/lib/pubkey/dl_algo/dl_algo.h b/src/lib/pubkey/dl_algo/dl_algo.h index 52b38a529d..9364f4c5da 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.h +++ b/src/lib/pubkey/dl_algo/dl_algo.h @@ -31,6 +31,12 @@ class BOTAN_PUBLIC_API(2,0) DL_Scheme_PublicKey : public virtual Public_Key */ const DL_Group& get_domain() const { return m_group; } + /** + * Get the DL domain parameters of this key. + * @return DL domain parameters of this key + */ + const DL_Group& get_group() const { return m_group; } + /** * Get the public value y with y = g^x mod p where x is the secret key. */ @@ -73,6 +79,10 @@ class BOTAN_PUBLIC_API(2,0) DL_Scheme_PublicKey : public virtual Public_Key const std::vector& key_bits, DL_Group::Format group_format); + DL_Scheme_PublicKey(const DL_Group& group, const BigInt& y) : + m_y(y), m_group(group) + {} + DL_Scheme_PublicKey& operator=(const DL_Scheme_PublicKey& other) = default; protected: diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 9a8418d46a..7b4cbebfbc 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -81,9 +81,8 @@ class DSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA public: DSA_Signature_Operation(const DSA_PrivateKey& dsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - m_q(dsa.group_q()), + m_group(dsa.get_group()), m_x(dsa.get_x()), - m_powermod_g_p(dsa.group_g(), dsa.group_p()), m_mod_q(dsa.group_q()) { #if defined(BOTAN_HAS_RFC6979_GENERATOR) @@ -91,14 +90,13 @@ class DSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA #endif } - size_t max_input_bits() const override { return m_q.bits(); } + size_t max_input_bits() const override { return m_group.get_q().bits(); } secure_vector raw_sign(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& m_q; + const DL_Group m_group; const BigInt& m_x; - Fixed_Base_Power_Mod m_powermod_g_p; Modular_Reducer m_mod_q; #if defined(BOTAN_HAS_RFC6979_GENERATOR) std::string m_rfc6979_hash; @@ -109,36 +107,38 @@ secure_vector DSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) { + const BigInt& q = m_group.get_q(); + BigInt i(msg, msg_len); - while(i >= m_q) - i -= m_q; + while(i >= q) + i -= q; #if defined(BOTAN_HAS_RFC6979_GENERATOR) BOTAN_UNUSED(rng); - const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, m_rfc6979_hash); + const BigInt k = generate_rfc6979_nonce(m_x, q, i, m_rfc6979_hash); #else - const BigInt k = BigInt::random_integer(rng, 1, m_q); + const BigInt k = BigInt::random_integer(rng, 1, q); #endif #if defined(BOTAN_TARGET_OS_HAS_THREADS) auto future_r = std::async(std::launch::async, - [&]() { return m_mod_q.reduce(m_powermod_g_p(k)); }); + [&]() { return m_mod_q.reduce(m_group.power_g_p(k)); }); - BigInt s = inverse_mod(k, m_q); + BigInt s = inverse_mod(k, q); const BigInt r = future_r.get(); #else - BigInt s = inverse_mod(k, m_q); - const BigInt r = m_mod_q.reduce(m_powermod_g_p(k)); + BigInt s = inverse_mod(k, q); + const BigInt r = m_mod_q.reduce(m_group.power_g_p(k)); #endif s = m_mod_q.multiply(s, mul_add(m_x, r, i)); // With overwhelming probability, a bug rather than actual zero r/s - BOTAN_ASSERT(s != 0, "invalid s"); - BOTAN_ASSERT(r != 0, "invalid r"); + if(r.is_zero() || s.is_zero()) + throw Internal_Error("Computed zero r/s during DSA signature"); - return BigInt::encode_fixed_length_int_pair(r, s, m_q.bytes()); + return BigInt::encode_fixed_length_int_pair(r, s, q.bytes()); } /** @@ -150,52 +150,56 @@ class DSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA DSA_Verification_Operation(const DSA_PublicKey& dsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - m_q(dsa.group_q()), m_y(dsa.get_y()), m_powermod_g_p{Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p())}, - m_powermod_y_p{Fixed_Base_Power_Mod(m_y, dsa.group_p())}, m_mod_p{Modular_Reducer(dsa.group_p())}, - m_mod_q{Modular_Reducer(dsa.group_q())} + m_group(dsa.get_group()), + m_y(dsa.get_y()), + m_powermod_y_p(m_y, dsa.group_p()), + m_mod_q(dsa.group_q()) {} - size_t max_input_bits() const override { return m_q.bits(); } + size_t max_input_bits() const override { return m_group.get_q().bits(); } bool with_recovery() const override { return false; } bool verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) override; private: - const BigInt& m_q; + const DL_Group m_group; const BigInt& m_y; - Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; - Modular_Reducer m_mod_p, m_mod_q; + Fixed_Base_Power_Mod m_powermod_y_p; + Modular_Reducer m_mod_q; }; bool DSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const uint8_t sig[], size_t sig_len) { - if(sig_len != 2*m_q.bytes() || msg_len > m_q.bytes()) + const BigInt& q = m_group.get_q(); + const size_t q_bytes = q.bytes(); + + if(sig_len != 2*q_bytes || msg_len > q_bytes) return false; - BigInt r(sig, m_q.bytes()); - BigInt s(sig + m_q.bytes(), m_q.bytes()); + BigInt r(sig, q_bytes); + BigInt s(sig + q_bytes, q_bytes); BigInt i(msg, msg_len); - if(r <= 0 || r >= m_q || s <= 0 || s >= m_q) + if(r <= 0 || r >= q || s <= 0 || s >= q) return false; - s = inverse_mod(s, m_q); + s = inverse_mod(s, q); #if defined(BOTAN_TARGET_OS_HAS_THREADS) auto future_s_i = std::async(std::launch::async, - [&]() { return m_powermod_g_p(m_mod_q.multiply(s, i)); }); + [&]() { return m_group.power_g_p(m_mod_q.multiply(s, i)); }); BigInt s_r = m_powermod_y_p(m_mod_q.multiply(s, r)); BigInt s_i = future_s_i.get(); #else BigInt s_r = m_powermod_y_p(m_mod_q.multiply(s, r)); - BigInt s_i = m_powermod_g_p(m_mod_q.multiply(s, i)); + BigInt s_i = m_group.power_g_p(m_mod_q.multiply(s, i)); #endif - s = m_mod_p.multiply(s_i, s_r); + s = m_group.multiply_mod_p(s_i, s_r); return (m_mod_q.reduce(s) == r); } diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index a44f352f5e..3a5d8b81ee 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -1,6 +1,6 @@ /* * ElGamal -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -18,33 +18,34 @@ namespace Botan { /* * ElGamal_PublicKey Constructor */ -ElGamal_PublicKey::ElGamal_PublicKey(const DL_Group& grp, const BigInt& y1) +ElGamal_PublicKey::ElGamal_PublicKey(const DL_Group& group, const BigInt& y) : + DL_Scheme_PublicKey(group, y) { - m_group = grp; - m_y = y1; } /* * ElGamal_PrivateKey Constructor */ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, - const DL_Group& grp, - const BigInt& x_arg) + const DL_Group& group, + const BigInt& x) { - m_group = grp; - m_x = x_arg; + m_x = x; + m_group = group; - if(m_x == 0) + if(m_x.is_zero()) + { m_x.randomize(rng, dl_exponent_size(group_p().bits())); + } - m_y = power_mod(group_g(), m_x, group_p()); + m_y = m_group.power_g_p(m_x); } ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector& key_bits) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { - m_y = power_mod(group_g(), m_x, group_p()); + m_y = m_group.power_g_p(m_x); } /* @@ -71,7 +72,7 @@ class ElGamal_Encryption_Operation final : public PK_Ops::Encryption_with_EME { public: - size_t max_raw_input_bits() const override { return m_mod_p.get_modulus().bits() - 1; } + size_t max_raw_input_bits() const override { return m_group.p_bits() - 1; } ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, const std::string& eme); @@ -79,41 +80,34 @@ class ElGamal_Encryption_Operation final : public PK_Ops::Encryption_with_EME RandomNumberGenerator& rng) override; private: - Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; - Modular_Reducer m_mod_p; + const DL_Group m_group; + Fixed_Base_Power_Mod m_powermod_y_p; }; ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, const std::string& eme) : - PK_Ops::Encryption_with_EME(eme) + PK_Ops::Encryption_with_EME(eme), + m_group(key.get_group()), + m_powermod_y_p(key.get_y(), m_group.get_p()) { - const BigInt& p = key.group_p(); - - m_powermod_g_p = Fixed_Base_Power_Mod(key.group_g(), p); - m_powermod_y_p = Fixed_Base_Power_Mod(key.get_y(), p); - m_mod_p = Modular_Reducer(p); } secure_vector ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) { - const BigInt& p = m_mod_p.get_modulus(); - BigInt m(msg, msg_len); - if(m >= p) + if(m >= m_group.get_p()) throw Invalid_Argument("ElGamal encryption: Input is too large"); - BigInt k(rng, dl_exponent_size(p.bits())); + const size_t k_bits = dl_exponent_size(m_group.p_bits()); + const BigInt k(rng, k_bits); - BigInt a = m_powermod_g_p(k); - BigInt b = m_mod_p.multiply(m, m_powermod_y_p(k)); + const BigInt a = m_group.power_g_p(k); + const BigInt b = m_group.multiply_mod_p(m, m_powermod_y_p(k)); - secure_vector output(2*p.bytes()); - a.binary_encode(&output[p.bytes() - a.bytes()]); - b.binary_encode(&output[output.size() / 2 + (p.bytes() - b.bytes())]); - return output; + return BigInt::encode_fixed_length_int_pair(a, b, m_group.p_bytes()); } /** @@ -123,8 +117,7 @@ class ElGamal_Decryption_Operation final : public PK_Ops::Decryption_with_EME { public: - size_t max_raw_input_bits() const override - { return m_mod_p.get_modulus().bits() - 1; } + size_t max_raw_input_bits() const override { return m_group.p_bits() - 1; } ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key, const std::string& eme, @@ -132,8 +125,8 @@ class ElGamal_Decryption_Operation final : public PK_Ops::Decryption_with_EME secure_vector raw_decrypt(const uint8_t msg[], size_t msg_len) override; private: + const DL_Group m_group; Fixed_Exponent_Power_Mod m_powermod_x_p; - Modular_Reducer m_mod_p; Blinder m_blinder; }; @@ -141,9 +134,9 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private const std::string& eme, RandomNumberGenerator& rng) : PK_Ops::Decryption_with_EME(eme), - m_powermod_x_p(Fixed_Exponent_Power_Mod(key.get_x(), key.group_p())), - m_mod_p(Modular_Reducer(key.group_p())), - m_blinder(key.group_p(), + m_group(key.get_group()), + m_powermod_x_p(key.get_x(), m_group.get_p()), + m_blinder(m_group.get_p(), rng, [](const BigInt& k) { return k; }, [this](const BigInt& k) { return m_powermod_x_p(k); }) @@ -153,22 +146,20 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private secure_vector ElGamal_Decryption_Operation::raw_decrypt(const uint8_t msg[], size_t msg_len) { - const BigInt& p = m_mod_p.get_modulus(); - - const size_t p_bytes = p.bytes(); + const size_t p_bytes = m_group.p_bytes(); if(msg_len != 2 * p_bytes) throw Invalid_Argument("ElGamal decryption: Invalid message"); BigInt a(msg, p_bytes); - BigInt b(msg + p_bytes, p_bytes); + const BigInt b(msg + p_bytes, p_bytes); - if(a >= p || b >= p) + if(a >= m_group.get_p() || b >= m_group.get_p()) throw Invalid_Argument("ElGamal decryption: Invalid message"); a = m_blinder.blind(a); - BigInt r = m_mod_p.multiply(b, inverse_mod(m_powermod_x_p(a), p)); + const BigInt r = m_group.multiply_mod_p(m_group.inverse_mod_p(m_powermod_x_p(a)), b); return BigInt::encode_1363(m_blinder.unblind(r), p_bytes); } diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index cfb1ae7ba5..1ba4d6b256 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -219,7 +219,7 @@ class RSA_Private_Operation BigInt private_op(const BigInt& m) const { #if defined(BOTAN_TARGET_OS_HAS_THREADS) - auto future_j1 = std::async(std::launch::async, m_powermod_d1_p, m); + auto future_j1 = std::async(std::launch::async, std::ref(m_powermod_d1_p), m); BigInt j2 = m_powermod_d2_q(m); BigInt j1 = future_j1.get(); #else From b300eb0515b2a392793d887435b8ca44a1de7898 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 12:30:20 -0500 Subject: [PATCH 0655/1008] Small fixes --- src/lib/math/numbertheory/monty_exp.cpp | 2 +- src/lib/misc/srp6/srp6.cpp | 2 +- src/lib/pubkey/dl_algo/dl_algo.cpp | 14 +++++++++----- src/lib/pubkey/dl_algo/dl_algo.h | 20 +++++++++----------- src/lib/pubkey/dl_group/dl_group.cpp | 1 - src/lib/pubkey/dl_group/dl_group.h | 11 +++++++++-- src/lib/pubkey/dsa/dsa.cpp | 4 ++-- 7 files changed, 31 insertions(+), 23 deletions(-) diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 35f04fc5dc..35d4cd6683 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -101,7 +101,7 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& k) const for(size_t i = exp_nibbles; i > 0; --i) { - for(size_t k = 0; k != m_window_bits; ++k) + for(size_t j = 0; j != m_window_bits; ++j) { bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_mod_prime, workspace.data()); diff --git a/src/lib/misc/srp6/srp6.cpp b/src/lib/misc/srp6/srp6.cpp index 94a6fe4a45..213fdc533e 100644 --- a/src/lib/misc/srp6/srp6.cpp +++ b/src/lib/misc/srp6/srp6.cpp @@ -117,7 +117,7 @@ BigInt generate_srp6_verifier(const std::string& identifier, const BigInt x = compute_x(hash_id, identifier, password, salt); DL_Group group(group_id); - return power_mod(group.get_g(), x, group.get_p()); + return group.power_g_p(x); } BigInt SRP6_Server_Session::step1(const BigInt& v, diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index c28ccaee0a..0ac6bfce50 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -34,12 +34,17 @@ std::vector DL_Scheme_PublicKey::public_key_bits() const return DER_Encoder().encode(m_y).get_contents_unlocked(); } +DL_Scheme_PublicKey::DL_Scheme_PublicKey(const DL_Group& group, const BigInt& y) : + m_y(y), + m_group(group) + { + } + DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, const std::vector& key_bits, - DL_Group::Format format) + DL_Group::Format format) : + m_group(alg_id.get_parameters(), format) { - m_group.BER_decode(alg_id.get_parameters(), format); - BER_Decoder(key_bits).decode(m_y); } @@ -91,7 +96,6 @@ bool DL_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { const BigInt& p = group_p(); - const BigInt& g = group_g(); if(m_y < 2 || m_y >= p || m_x < 2 || m_x >= p) return false; @@ -101,7 +105,7 @@ bool DL_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, if(!strong) return true; - if(m_y != power_mod(g, m_x, p)) + if(m_y != m_group.power_g_p(m_x)) return false; return true; diff --git a/src/lib/pubkey/dl_algo/dl_algo.h b/src/lib/pubkey/dl_algo/dl_algo.h index 9364f4c5da..af01bc217a 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.h +++ b/src/lib/pubkey/dl_algo/dl_algo.h @@ -69,6 +69,11 @@ class BOTAN_PUBLIC_API(2,0) DL_Scheme_PublicKey : public virtual Public_Key size_t key_length() const override; size_t estimated_strength() const override; + DL_Scheme_PublicKey& operator=(const DL_Scheme_PublicKey& other) = default; + + protected: + DL_Scheme_PublicKey() = default; + /** * Create a public key. * @param alg_id the X.509 algorithm identifier @@ -79,14 +84,7 @@ class BOTAN_PUBLIC_API(2,0) DL_Scheme_PublicKey : public virtual Public_Key const std::vector& key_bits, DL_Group::Format group_format); - DL_Scheme_PublicKey(const DL_Group& group, const BigInt& y) : - m_y(y), m_group(group) - {} - - DL_Scheme_PublicKey& operator=(const DL_Scheme_PublicKey& other) = default; - - protected: - DL_Scheme_PublicKey() = default; + DL_Scheme_PublicKey(const DL_Group& group, const BigInt& y); /** * The DL public key @@ -116,6 +114,9 @@ class BOTAN_PUBLIC_API(2,0) DL_Scheme_PrivateKey : public virtual DL_Scheme_Publ secure_vector private_key_bits() const override; + DL_Scheme_PrivateKey& operator=(const DL_Scheme_PrivateKey& other) = default; + + protected: /** * Create a private key. * @param alg_id the X.509 algorithm identifier @@ -126,9 +127,6 @@ class BOTAN_PUBLIC_API(2,0) DL_Scheme_PrivateKey : public virtual DL_Scheme_Publ const secure_vector& key_bits, DL_Group::Format group_format); - DL_Scheme_PrivateKey& operator=(const DL_Scheme_PrivateKey& other) = default; - - protected: DL_Scheme_PrivateKey() = default; /** diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 6d9418241f..9eedeccf3c 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -55,7 +55,6 @@ class DL_Group_Data final Modular_Reducer m_mod_p; std::shared_ptr m_monty; size_t m_p_bits; - size_t m_q_bits; }; //static diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 823c0ba954..2bd79e3dd2 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -104,6 +104,13 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final */ DL_Group(const uint8_t ber[], size_t ber_len, Format format); + /** + * Decode a BER-encoded DL group param + */ + template + DL_Group(const std::vector& ber, Format format) : + DL_Group(ber.data(), ber.size(), format) {} + /** * Get the prime p. * @return prime p @@ -181,13 +188,13 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final * @param ber a vector containing the DER/BER encoded group * @param format the format of the encoded group */ - void BOTAN_DEPRECATED("Use DL_Group(ber, Format)") BER_decode(const std::vector& ber, Format format); + void BER_decode(const std::vector& ber, Format format); /** * Decode a PEM encoded group into this instance. * @param pem the PEM encoding of the group */ - void BOTAN_DEPRECATED("Use DL_Group(std::string)") PEM_decode(const std::string& pem); + void PEM_decode(const std::string& pem); /** * Return PEM representation of named DL group diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 7b4cbebfbc..f1d412013e 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -47,14 +47,14 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, else m_x = x_arg; - m_y = power_mod(group_g(), m_x, group_p()); + m_y = m_group.power_g_p(m_x); } DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector& key_bits) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { - m_y = power_mod(group_g(), m_x, group_p()); + m_y = m_group.power_g_p(m_x); } /* From 67c6704457f49da06f97464f145bf9a9f1367055 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 15:13:57 -0500 Subject: [PATCH 0656/1008] Add missing overrides [ci skip] --- src/lib/tls/tls_policy.h | 2 +- src/tests/unit_tls.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 615e1674b1..c409379deb 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -462,7 +462,7 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy std::vector allowed_signature_methods() const override; - std::vector key_exchange_groups() const; + std::vector key_exchange_groups() const override; bool use_ecc_point_compression() const override; diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 9d95a199a1..57d436ff4d 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -444,7 +444,7 @@ class TLS_Handshake_Test final return "test/3"; } - virtual std::string tls_decode_group_param(Botan::TLS::Group_Params group_param) + virtual std::string tls_decode_group_param(Botan::TLS::Group_Params group_param) override { if(static_cast(group_param) == 0xFEE1) return "secp112r1"; From 8a6a6091838dd76edaa29137e26340a760a895c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 16:07:04 -0500 Subject: [PATCH 0657/1008] Remove PK_Ops::Decryption_with_EME::max_raw_input_bits Unused and not exposed to higher levels. RSA and ElGamal both check their inputs vs the system parameters (n, p) after decoding. --- src/lib/pubkey/elgamal/elgamal.cpp | 2 -- src/lib/pubkey/pk_ops_impl.h | 1 - src/lib/pubkey/rsa/rsa.cpp | 2 -- 3 files changed, 5 deletions(-) diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index 3a5d8b81ee..e03fd0bb6e 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -117,8 +117,6 @@ class ElGamal_Decryption_Operation final : public PK_Ops::Decryption_with_EME { public: - size_t max_raw_input_bits() const override { return m_group.p_bits() - 1; } - ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key, const std::string& eme, RandomNumberGenerator& rng); diff --git a/src/lib/pubkey/pk_ops_impl.h b/src/lib/pubkey/pk_ops_impl.h index 1576911fb7..1878a74177 100644 --- a/src/lib/pubkey/pk_ops_impl.h +++ b/src/lib/pubkey/pk_ops_impl.h @@ -46,7 +46,6 @@ class Decryption_with_EME : public Decryption protected: explicit Decryption_with_EME(const std::string& eme); private: - virtual size_t max_raw_input_bits() const = 0; virtual secure_vector raw_decrypt(const uint8_t msg[], size_t len) = 0; std::unique_ptr m_eme; }; diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 1ba4d6b256..e1c3e49db5 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -269,8 +269,6 @@ class RSA_Decryption_Operation final : public PK_Ops::Decryption_with_EME, { public: - size_t max_raw_input_bits() const override { return get_max_input_bits(); } - RSA_Decryption_Operation(const RSA_PrivateKey& rsa, const std::string& eme, RandomNumberGenerator& rng) : PK_Ops::Decryption_with_EME(eme), RSA_Private_Operation(rsa, rng) From 9a730019d5d9ea15671a59094ede4c729ac17047 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Feb 2018 16:12:08 -0500 Subject: [PATCH 0658/1008] Fix validation of SRP groups For whatever reason in the SRP groups g generates the group mod p rather than the subgroup of size q. --- src/lib/pubkey/dl_group/dl_group.cpp | 16 ++++++++++------ src/lib/pubkey/dl_group/dl_named.cpp | 20 ++++++++++++++------ src/tests/test_dl_group.cpp | 23 ++++++++--------------- 3 files changed, 32 insertions(+), 27 deletions(-) diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 9eedeccf3c..3e362801e7 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -296,28 +296,32 @@ const DL_Group_Data& DL_Group::data() const bool DL_Group::verify_group(RandomNumberGenerator& rng, bool strong) const { - if(get_g() < 2 || get_p() < 3 || get_q() < 0) + const BigInt& p = get_p(); + const BigInt& q = get_q(); + const BigInt& g = get_g(); + + if(g < 2 || p < 3 || q < 0) return false; const size_t prob = (strong) ? 128 : 10; - if(get_q() != 0) + if(q != 0) { - if((get_p() - 1) % get_q() != 0) + if((p - 1) % q != 0) { return false; } - if(this->power_g_p(get_q()) != 1) + if(this->power_g_p(q) != 1) { return false; } - if(!is_prime(get_q(), rng, prob)) + if(!is_prime(q, rng, prob)) { return false; } } - if(!is_prime(get_p(), rng, prob)) + if(!is_prime(p, rng, prob)) { return false; } diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index 94729d1365..4d7b71bc1d 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -88,21 +88,24 @@ std::shared_ptr DL_Group::DL_group_info(const std::string& name) "0x2"); } - /* SRP groups */ + /* SRP groups + + SRP groups have a p st (p-1)/2 is prime, but g is not a generator + of subgroup of size q, so set q == 0 to bypass generator check + + Missing q doesn't matter for SRP, and nothing but SRP should be + using these parameters. + */ if(name == "modp/srp/1024") { return load_DL_group_info("0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", + "0", "0x2"); } if(name == "modp/srp/1536") { - /* - (p-1)/2 is prime, but g is not a generator of subgroup q so set q == 0 to bypass generator check - - This doesn't matter for SRP - */ return load_DL_group_info("0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB", "0", "0x2"); @@ -111,30 +114,35 @@ std::shared_ptr DL_Group::DL_group_info(const std::string& name) if(name == "modp/srp/2048") { return load_DL_group_info("0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73", + "0", "0x2"); } if(name == "modp/srp/3072") { return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF", + "0", "0x5"); } if(name == "modp/srp/4096") { return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF", + "0", "0x5"); } if(name == "modp/srp/6144") { return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF", + "0", "0x5"); } if(name == "modp/srp/8192") { return load_DL_group_info("0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF", + "0", "0x13"); } diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 70aa526ef7..94ddf7cc21 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -150,25 +150,18 @@ class DL_Group_Tests final : public Test result.test_ne("DL_Group p is set", group.get_p(), 0); result.test_ne("DL_Group g is set", group.get_g(), 0); - if(name.find("/srp/") == std::string::npos) + if(name.find("modp/srp/") == std::string::npos) { - try - { - group.get_q(); // confirm all our non-SRP groups have q - } - catch(Botan::Invalid_State&) - { - result.test_failure("Group " + name + " has no q"); - } + result.test_ne("DL_Group q is set", group.get_q(), 0); + } + else + { + result.test_eq("DL_Group q is not set for SRP groups", group.get_q(), 0); } - if(group.get_p().bits() < 2048 || Test::run_long_tests()) + if(group.p_bits() < 2048 || Test::run_long_tests()) { - // These two groups fail verification because pow(g,q,p) != 1 - if(name != "modp/srp/1024" && name != "modp/srp/2048") - { - result.test_eq(name + " verifies", group.verify_group(rng, false), true); - } + result.test_eq(name + " verifies", group.verify_group(rng, false), true); } } From a999868535ef9c9bf160650c32ce16a10d8a3e63 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Feb 2018 09:31:54 -0500 Subject: [PATCH 0659/1008] Support generating DSA groups in gen_dl_group CLI --- src/cli/pubkey.cpp | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 0e515d2eaf..a2aded02b2 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -10,6 +10,7 @@ #if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO) #include +#include #include #include @@ -393,7 +394,7 @@ BOTAN_REGISTER_COMMAND("dl_group_info", DL_Group_Info); class Gen_DL_Group final : public Command { public: - Gen_DL_Group() : Command("gen_dl_group --pbits=1024 --qbits=0 --type=subgroup") {} + Gen_DL_Group() : Command("gen_dl_group --pbits=1024 --qbits=0 --seed= --type=subgroup") {} std::string group() const override { @@ -408,6 +409,7 @@ class Gen_DL_Group final : public Command void go() override { const size_t pbits = get_arg_sz("pbits"); + const size_t qbits = get_arg_sz("qbits"); const std::string type = get_arg("type"); @@ -418,7 +420,31 @@ class Gen_DL_Group final : public Command } else if(type == "subgroup") { - Botan::DL_Group grp(rng(), Botan::DL_Group::Prime_Subgroup, pbits, get_arg_sz("qbits")); + Botan::DL_Group grp(rng(), Botan::DL_Group::Prime_Subgroup, pbits, qbits); + output() << grp.PEM_encode(Botan::DL_Group::ANSI_X9_42); + } + else if(type == "dsa") + { + const std::string seed_str = get_arg("seed"); + const std::vector seed = Botan::hex_decode(seed_str); + + if(seed.empty()) + { + throw CLI_Usage_Error("Generating DSA parameter set requires providing seed"); + } + + size_t dsa_qbits = qbits; + if(dsa_qbits == 0) + { + if(pbits == 1024) + dsa_qbits = 160; + else if(pbits == 2048 || pbits == 3072) + dsa_qbits = 256; + else + throw CLI_Usage_Error("Invalid DSA p/q sizes"); + } + + Botan::DL_Group grp(rng(), seed, pbits, dsa_qbits); output() << grp.PEM_encode(Botan::DL_Group::ANSI_X9_42); } else From f55ee3c51b21da881e48526255ac448cfe1c06ef Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Feb 2018 09:32:15 -0500 Subject: [PATCH 0660/1008] Add some additional error checking to DL_Group --- src/lib/pubkey/dl_group/dl_group.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 3e362801e7..791cab8aa2 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -194,6 +194,9 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, if(type == Strong) { + if(qbits != 0 && qbits != pbits - 1) + throw Invalid_Argument("Cannot create strong-prime DL_Group with specified q bits"); + const BigInt p = random_safe_prime(rng, pbits); const BigInt q = (p - 1) / 2; @@ -388,6 +391,9 @@ BigInt DL_Group::power_g_p(const BigInt& x) const */ std::vector DL_Group::DER_encode(Format format) const { + if(get_q().is_zero() && (format == ANSI_X9_57 || format == ANSI_X9_42)) + throw Encoding_Error("Cannot encode DL_Group in ANSI formats when q param is missing"); + if(format == ANSI_X9_57) { return DER_Encoder() From ee756051a251900708c9ed21890e99dba4d96e6d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Feb 2018 09:32:29 -0500 Subject: [PATCH 0661/1008] Improve exception message in DSA group generation when seed is short --- src/lib/math/numbertheory/dsa_gen.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/math/numbertheory/dsa_gen.cpp b/src/lib/math/numbertheory/dsa_gen.cpp index 30be0eaabb..383c24d5cc 100644 --- a/src/lib/math/numbertheory/dsa_gen.cpp +++ b/src/lib/math/numbertheory/dsa_gen.cpp @@ -49,7 +49,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, if(seed_c.size() * 8 < qbits) throw Invalid_Argument( "Generating a DSA parameter set with a " + std::to_string(qbits) + - "long q requires a seed at least as many bits long"); + " bit long q requires a seed at least as many bits long"); const std::string hash_name = "SHA-" + std::to_string(qbits); std::unique_ptr hash(HashFunction::create_or_throw(hash_name)); From 061182a46f8b9e42808d57ec7bbafc13db7cf809 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Feb 2018 09:32:43 -0500 Subject: [PATCH 0662/1008] Improve DL_Group tests --- src/tests/test_dl_group.cpp | 49 +++++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 94ddf7cc21..36ae025313 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -4,10 +4,13 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#define BOTAN_NO_DEPRECATED_WARNINGS + #include "tests.h" #if defined(BOTAN_HAS_DL_GROUP) #include + #include #endif namespace Botan_Tests { @@ -28,11 +31,29 @@ class DL_Group_Tests final : public Test results.push_back(test_dl_encoding()); results.push_back(test_dl_named(rng)); results.push_back(test_dl_generate(rng)); + results.push_back(test_dl_errors()); return results; } private: + Test::Result test_dl_errors() + { + Test::Result result("DL_Group errors"); + result.test_throws("Uninitialized", + "DL_Group uninitialized", + []() { Botan::DL_Group dl; dl.get_p(); }); + + result.test_throws("Bad generator param", + "Invalid argument DL_Group unknown PrimeType", + []() { + auto invalid_type = static_cast(666); + Botan::DL_Group dl(Test::rng(), invalid_type, 1024); + }); + + return result; + } + Test::Result test_dl_encoding() { Test::Result result("DL_Group encoding"); @@ -49,6 +70,10 @@ class DL_Group_Tests final : public Test result.test_eq("Same q in X9.42 decoding", group1.get_q(), orig.get_q()); result.test_eq("Same g in X9.42 decoding", group1.get_g(), orig.get_g()); + result.test_eq("PEM encodings match", + group1.PEM_encode(Botan::DL_Group::ANSI_X9_42), + Botan::DL_Group::PEM_for_named_group("modp/ietf/1024")); + Botan::DL_Group group2(pem2); result.test_eq("Same p in X9.57 decoding", group2.get_p(), orig.get_p()); @@ -76,15 +101,35 @@ class DL_Group_Tests final : public Test result.test_lte("DH g size", dh1050.get_g().bits(), 1050); result.test_eq("DH group verifies", dh1050.verify_group(rng, true), true); + Botan::DL_Group dh_implicit_q(rng, Botan::DL_Group::Prime_Subgroup, 1040); + result.test_eq("DH p size", dh_implicit_q.get_p().bits(), 1040); + result.test_eq("DH q size", dh_implicit_q.get_q().bits(), Botan::dl_exponent_size(1040)); + result.test_eq("DH group verifies", dh_implicit_q.verify_group(rng, true), true); + + Botan::DL_Group dh_strong(rng, Botan::DL_Group::Strong, 1025); + result.test_eq("DH p size", dh_strong.get_p().bits(), 1025); + result.test_eq("DH q size", dh_strong.get_q().bits(), 1024); + result.test_eq("DH group verifies", dh_strong.verify_group(rng, true), true); + #if defined(BOTAN_HAS_SHA1) Botan::DL_Group dsa1024(rng, Botan::DL_Group::DSA_Kosherizer, 1024); result.test_eq("DSA p size", dsa1024.get_p().bits(), 1024); result.test_eq("DSA q size", dsa1024.get_q().bits(), 160); result.test_lte("DSA g size", dsa1024.get_g().bits(), 1024); result.test_eq("DSA group verifies", dsa1024.verify_group(rng, true), true); -#endif -#if defined(BOTAN_HAS_SHA1) + const std::vector short_seed(16); + const std::vector invalid_seed(20); + const std::vector working_seed = Botan::hex_decode("0000000000000000000000000000000000000021"); + + result.test_throws("DSA seed does not generate group", + "Invalid argument DL_Group: The seed given does not generate a DSA group", + [&rng,&invalid_seed]() { Botan::DL_Group dsa(rng, invalid_seed, 1024, 160); }); + + result.test_throws("DSA seed is too short", + "Invalid argument Generating a DSA parameter set with a 160 bit long q requires a seed at least as many bits long", + [&rng,&short_seed]() { Botan::DL_Group dsa(rng, short_seed, 1024, 160); }); + // From FIPS 186-3 test data const std::vector seed = Botan::hex_decode("1F5DA0AF598EEADEE6E6665BF880E63D8B609BA2"); From 1d07f8287a452420db969cafd61bc223214cff03 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 11:12:32 -0500 Subject: [PATCH 0663/1008] New API for blinded ECC point multiplication No shared state --- src/cli/speed.cpp | 7 +- src/cli/timing_tests.cpp | 119 ++++++++++++++--- src/fuzzer/ecc_helper.h | 8 +- src/lib/math/bigint/bigint.cpp | 2 +- src/lib/math/ec_gfp/point_gfp.cpp | 82 ------------ src/lib/math/ec_gfp/point_gfp.h | 90 ++++++++++--- src/lib/math/ec_gfp/point_mul.cpp | 175 +++++++++++++++++++++++++ src/lib/pubkey/ec_group/ec_group.cpp | 23 ++++ src/lib/pubkey/ec_group/ec_group.h | 11 +- src/lib/pubkey/ecdh/ecdh.cpp | 24 ++-- src/lib/pubkey/ecdsa/ecdsa.cpp | 6 +- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 5 +- src/lib/pubkey/ecies/ecies.cpp | 18 ++- src/lib/pubkey/eckcdsa/eckcdsa.cpp | 5 +- src/lib/pubkey/gost_3410/gost_3410.cpp | 5 +- src/lib/pubkey/sm2/sm2.cpp | 5 +- src/lib/pubkey/sm2/sm2_enc.cpp | 29 ++-- src/tests/data/timing/ecc_mul.vec | 4 + src/tests/data/timing/inverse_mod.vec | 2 + 19 files changed, 451 insertions(+), 169 deletions(-) create mode 100644 src/lib/math/ec_gfp/point_mul.cpp create mode 100644 src/tests/data/timing/ecc_mul.vec create mode 100644 src/tests/data/timing/inverse_mod.vec diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 78cbdccf6e..465389dc9d 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1229,14 +1229,17 @@ class Speed final : public Command const Botan::BigInt scalar(rng(), group.get_p_bits()); const Botan::PointGFp& base_point = group.get_base_point(); - Botan::Blinded_Point_Multiply scalar_mult(base_point, group.get_order(), 4); + + const Botan::PointGFp_Blinded_Multiplier scalar_mult(base_point); + + std::vector ws; while(blinded_mult_timer.under(runtime)) { const Botan::PointGFp r1 = mult_timer.run([&]() { return base_point * scalar; }); const Botan::PointGFp r2 = blinded_mult_timer.run( - [&]() { return scalar_mult.blinded_multiply(scalar, rng()); }); + [&]() { return scalar_mult.mul(scalar, group.get_order(), rng(), ws); }); BOTAN_ASSERT_EQUAL(r1, r2, "Same point computed by both methods"); } diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 86c1572acf..3e267829fd 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -44,7 +44,6 @@ #if defined(BOTAN_HAS_ECDSA) #include - #include #include #endif @@ -251,19 +250,17 @@ class ECDSA_Timing_Test final : public Timing_Test ticks measure_critical_function(std::vector input) override; private: + const Botan::EC_Group m_group; const Botan::ECDSA_PrivateKey m_privkey; - const Botan::BigInt m_order; - Botan::Blinded_Point_Multiply m_base_point; - const Botan::BigInt m_x; - const Botan::Modular_Reducer m_mod_order; + const Botan::BigInt& m_x; + std::vector m_ws; }; ECDSA_Timing_Test::ECDSA_Timing_Test(std::string ecgroup) - : m_privkey(Timing_Test::timing_test_rng(), Botan::EC_Group(ecgroup)) - , m_order(m_privkey.domain().get_order()) - , m_base_point(m_privkey.domain().get_base_point(), m_order) + : m_group(ecgroup) + , m_privkey(Timing_Test::timing_test_rng(), m_group) , m_x(m_privkey.private_value()) - , m_mod_order(m_order) {} + {} std::vector ECDSA_Timing_Test::prepare_input(std::string input) { @@ -274,16 +271,94 @@ std::vector ECDSA_Timing_Test::prepare_input(std::string input) ticks ECDSA_Timing_Test::measure_critical_function(std::vector input) { const Botan::BigInt k(input.data(), input.size()); - const Botan::BigInt msg(Timing_Test::timing_test_rng(), m_order.bits()); + const Botan::BigInt msg(5); // fixed message to minimize noise ticks start = get_ticks(); //The following ECDSA operations involve and should not leak any information about k. - const Botan::PointGFp k_times_P = m_base_point.blinded_multiply(k, Timing_Test::timing_test_rng()); - const Botan::BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); - const Botan::BigInt s = m_mod_order.multiply(inverse_mod(k, m_order), mul_add(m_x, r, msg)); - BOTAN_UNUSED(r); - BOTAN_UNUSED(s); + + const Botan::BigInt k_inv = Botan::inverse_mod(k, m_group.get_order()); + const Botan::PointGFp k_times_P = m_group.blinded_base_point_multiply(k, Timing_Test::timing_test_rng(), m_ws); + const Botan::BigInt r = m_group.mod_order(k_times_P.get_affine_x()); + const Botan::BigInt s = m_group.multiply_mod_order(k_inv, mul_add(m_x, r, msg)); + + BOTAN_UNUSED(r, s); + + ticks end = get_ticks(); + + return (end - start); + } + +#endif + +#if defined(BOTAN_HAS_EC_CURVE_GFP) + +class ECC_Mul_Timing_Test final : public Timing_Test + { + public: + ECC_Mul_Timing_Test(std::string ecgroup) : + m_group(ecgroup) + {} + + std::vector prepare_input(std::string input) override; + ticks measure_critical_function(std::vector input) override; + + private: + const Botan::EC_Group m_group; + std::vector m_ws; + }; + +std::vector ECC_Mul_Timing_Test::prepare_input(std::string input) + { + const std::vector input_vector = Botan::hex_decode(input); + return input_vector; + } + +ticks ECC_Mul_Timing_Test::measure_critical_function(std::vector input) + { + const Botan::BigInt k(input.data(), input.size()); + + ticks start = get_ticks(); + + const Botan::PointGFp k_times_P = m_group.blinded_base_point_multiply(k, Timing_Test::timing_test_rng(), m_ws); + + ticks end = get_ticks(); + + return (end - start); + } + +#endif + +#if defined(BOTAN_HAS_NUMBERTHEORY) + +class Invmod_Timing_Test final : public Timing_Test + { + public: + Invmod_Timing_Test(size_t p_bits) + { + m_p = Botan::random_prime(timing_test_rng(), p_bits); + } + + std::vector prepare_input(std::string input) override; + ticks measure_critical_function(std::vector input) override; + + private: + Botan::BigInt m_p; + }; + +std::vector Invmod_Timing_Test::prepare_input(std::string input) + { + const std::vector input_vector = Botan::hex_decode(input); + return input_vector; + } + +ticks Invmod_Timing_Test::measure_critical_function(std::vector input) + { + const Botan::BigInt k(input.data(), input.size()); + + ticks start = get_ticks(); + + const Botan::BigInt inv = inverse_mod(k, m_p); ticks end = get_ticks(); @@ -458,6 +533,20 @@ std::unique_ptr Timing_Test_Command::lookup_timing_test(const std:: } #endif +#if defined(BOTAN_HAS_EC_CURVE_GFP) + if(test_type == "ecc_mul") + { + return std::unique_ptr(new ECC_Mul_Timing_Test("brainpool512r1")); + } +#endif + +#if defined(BOTAN_HAS_NUMBERTHEORY) + if(test_type == "inverse_mod") + { + return std::unique_ptr(new Invmod_Timing_Test(512)); + } +#endif + #if defined(BOTAN_HAS_TLS_CBC) if(test_type == "lucky13sha1sec3" || test_type == "lucky13sha1sec4") { diff --git a/src/fuzzer/ecc_helper.h b/src/fuzzer/ecc_helper.h index b427bc976a..f3b212730c 100644 --- a/src/fuzzer/ecc_helper.h +++ b/src/fuzzer/ecc_helper.h @@ -25,7 +25,7 @@ void check_ecc_math(const Botan::EC_Group& group, { // These depend only on the group, which is also static static const Botan::PointGFp base_point = group.get_base_point(); - static Botan::Blinded_Point_Multiply blind(base_point, group.get_order(), 4); + static Botan::PointGFp_Blinded_Multiplier blind(base_point); const size_t hlen = len / 2; const Botan::BigInt a = Botan::BigInt::decode(in, hlen); @@ -42,9 +42,9 @@ void check_ecc_math(const Botan::EC_Group& group, FUZZER_ASSERT_EQUAL(A1, A2); - const Botan::PointGFp P1 = blind.blinded_multiply(a, fuzzer_rng()); - const Botan::PointGFp Q1 = blind.blinded_multiply(b, fuzzer_rng()); - const Botan::PointGFp R1 = blind.blinded_multiply(c, fuzzer_rng()); + const Botan::PointGFp P1 = blind.blinded_multiply(a, group.get_order(), fuzzer_rng()); + const Botan::PointGFp Q1 = blind.blinded_multiply(b, group.get_order(), fuzzer_rng()); + const Botan::PointGFp R1 = blind.blinded_multiply(c, group.get_order(), fuzzer_rng()); const Botan::PointGFp S1 = P1 + Q1; const Botan::PointGFp S2 = Q1 + P1; diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index caa78de452..b63bd9be8c 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -119,7 +119,7 @@ int32_t BigInt::cmp(const BigInt& other, bool check_signs) const uint32_t BigInt::get_substring(size_t offset, size_t length) const { if(length > 32) - throw Invalid_Argument("BigInt::get_substring: Substring size too big"); + throw Invalid_Argument("BigInt::get_substring: Substring size " + std::to_string(length) + " too big"); uint64_t piece = 0; for(size_t i = 0; i != 8; ++i) diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index f00f030d7c..1489065a0d 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -304,88 +304,6 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) return R[0]; } -Blinded_Point_Multiply::Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h) : - m_h(h > 0 ? h : 4), m_order(order), m_ws(9) - { - // Upper bound is a sanity check rather than hard limit - if(m_h < 1 || m_h > 8) - throw Invalid_Argument("Blinded_Point_Multiply invalid h param"); - - const CurveGFp& curve = base.get_curve(); - - const PointGFp inv = -base; - - m_U.resize(6*m_h + 3); - - m_U[3*m_h+0] = inv; - m_U[3*m_h+1] = PointGFp::zero_of(curve); - m_U[3*m_h+2] = base; - - for(size_t i = 1; i <= 3 * m_h + 1; ++i) - { - m_U[3*m_h+1+i] = m_U[3*m_h+i]; - m_U[3*m_h+1+i].add(base, m_ws); - - m_U[3*m_h+1-i] = m_U[3*m_h+2-i]; - m_U[3*m_h+1-i].add(inv, m_ws); - } - } - -PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar_in, - RandomNumberGenerator& rng) - { - if(scalar_in.is_negative()) - throw Invalid_Argument("Blinded_Point_Multiply scalar must be positive"); - -#if BOTAN_POINTGFP_USE_SCALAR_BLINDING - // Choose a small mask m and use k' = k + m*order (Coron's 1st countermeasure) - const BigInt mask(rng, (m_order.bits()+1)/2, false); - const BigInt scalar = scalar_in + m_order * mask; -#else - const BigInt& scalar = scalar_in; -#endif - - const size_t scalar_bits = scalar.bits(); - - // Randomize each point representation (Coron's 3rd countermeasure) - for(size_t i = 0; i != m_U.size(); ++i) - m_U[i].randomize_repr(rng); - - PointGFp R = m_U.at(3*m_h + 2); // base point - int32_t alpha = 0; - - R.randomize_repr(rng); - - /* - Algorithm 7 from "Randomizing the Montgomery Powering Ladder" - Duc-Phong Le, Chik How Tan and Michael Tunstall - https://eprint.iacr.org/2015/657 - - It takes a random walk through (a subset of) the set of addition - chains that end in k. - */ - for(size_t i = scalar_bits; i > 0; i--) - { - const int32_t ki = scalar.get_bit(i); - - // choose gamma from -h,...,h - const int32_t gamma = static_cast((rng.next_byte() % (2*m_h))) - m_h; - const int32_t l = gamma - 2*alpha + ki - (ki ^ 1); - - R.mult2(m_ws); - R.add(m_U.at(3*m_h + 1 + l), m_ws); - alpha = gamma; - } - - const int32_t k0 = scalar.get_bit(0); - R.add(m_U[3*m_h + 1 - alpha - (k0 ^ 1)], m_ws); - - - //BOTAN_ASSERT(R.on_the_curve(), "Output is on the curve"); - - return R; - } - BigInt PointGFp::get_affine_x() const { if(is_zero()) diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index 2e1c626bda..db3e02baa1 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -202,9 +202,20 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final * Equality operator */ bool operator==(const PointGFp& other) const; - private: - friend class Blinded_Point_Multiply; + /** + * Point addition + * @param workspace temp space, at least 11 elements + */ + void add(const PointGFp& other, std::vector& workspace); + + /** + * Point doubling + * @param workspace temp space, at least 9 elements + */ + void mult2(std::vector& workspace); + + private: BigInt curve_mult(const BigInt& x, const BigInt& y) const { BigInt z; @@ -229,18 +240,6 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final m_curve.sqr(z, x, m_monty_ws); } - /** - * Point addition - * @param workspace temp space, at least 11 elements - */ - void add(const PointGFp& other, std::vector& workspace); - - /** - * Point doubling - * @param workspace temp space, at least 9 elements - */ - void mult2(std::vector& workspace); - CurveGFp m_curve; BigInt m_coord_x, m_coord_y, m_coord_z; mutable secure_vector m_monty_ws; // workspace for Montgomery @@ -299,19 +298,68 @@ PointGFp OS2ECP(const std::vector& data, const CurveGFp& curve) { return OS2ECP(data.data(), data.size(), curve); } /** - +* Blinded ECC point multiplication */ -class BOTAN_PUBLIC_API(2,0) Blinded_Point_Multiply final +class BOTAN_PUBLIC_API(2,5) PointGFp_Blinded_Multiplier final { public: - Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h = 0); + /** + * @param base_point the point that will be multiplied (eg, the base point of the curve) + * @param w the window bits (leave as zero to take a default value) + */ + PointGFp_Blinded_Multiplier(const PointGFp& base_point, + size_t w = 0); + + /** + * @param base_point the point that will be multiplied (eg, the base point of the curve) + * @param ws a temporary workspace + * @param w the window bits (leave as zero to take a default value) + */ + PointGFp_Blinded_Multiplier(const PointGFp& base_point, + std::vector& ws, + size_t w = 0); - PointGFp blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng); + /** + * Randomize the internal state. Changing the values may provide + * some protection against side channel attacks. + * @param rng a random number generator + */ + void randomize(RandomNumberGenerator& rng); + + /** + * Perform blinded point multiplication + * @param k the scalar + * @param group_order the order of the group + * @param rng a random number generator + * @param ws a temporary workspace + * @return base_point*k + */ + PointGFp mul(const BigInt& k, + const BigInt& group_order, + RandomNumberGenerator& rng, + std::vector& ws) const; private: - const size_t m_h; - const BigInt& m_order; - std::vector m_ws; + void init(const PointGFp& base_point, size_t w, std::vector& ws); + std::vector m_U; + size_t m_h; + }; + +class BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("Use PointGFp_Blinded_Multiplier") Blinded_Point_Multiply final + { + public: + Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h = 0) : + m_ws(9), m_order(order), m_point_mul(base, m_ws, h) {} + + PointGFp blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng) + { + m_point_mul.randomize(rng); + return m_point_mul.mul(scalar, m_order, rng, m_ws); + } + private: + std::vector m_ws; + const BigInt& m_order; + PointGFp_Blinded_Multiplier m_point_mul; }; } diff --git a/src/lib/math/ec_gfp/point_mul.cpp b/src/lib/math/ec_gfp/point_mul.cpp new file mode 100644 index 0000000000..d87f83349c --- /dev/null +++ b/src/lib/math/ec_gfp/point_mul.cpp @@ -0,0 +1,175 @@ +/* +* (C) 2015,2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include + +namespace Botan { + +PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, + std::vector& ws, + size_t w) + { + init(base, w, ws); + } + +PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, + size_t w) + { + std::vector ws(9); + init(base, w, ws); + } + +#define USE_RANDOM_MONTY_WALK 0 + +void PointGFp_Blinded_Multiplier::init(const PointGFp& base, + size_t w, + std::vector& ws) + { + m_h = (w == 0 ? 5 : w); + + if(ws.size() < 9) + ws.resize(9); + + // Upper bound is a sanity check rather than hard limit + if(m_h < 1 || m_h > 8) + throw Invalid_Argument("PointGFp_Blinded_Multiplier invalid w param"); + + const CurveGFp& curve = base.get_curve(); + + #if USE_RANDOM_MONTY_WALK + const PointGFp inv = -base; + + m_U.resize(6*m_h + 3); + + m_U[3*m_h+0] = inv; + m_U[3*m_h+1] = PointGFp::zero_of(curve); + m_U[3*m_h+2] = base; + + for(size_t i = 1; i <= 3 * m_h + 1; ++i) + { + m_U[3*m_h+1+i] = m_U[3*m_h+i]; + m_U[3*m_h+1+i].add(base, ws); + + m_U[3*m_h+1-i] = m_U[3*m_h+2-i]; + m_U[3*m_h+1-i].add(inv, ws); + } + #else + + m_U.resize(1 << m_h); + m_U[0] = PointGFp::zero_of(curve); + m_U[1] = base; + + for(size_t i = 2; i < m_U.size(); ++i) + { + m_U[i] = m_U[i-1]; + m_U[i].add(base, ws); + } + + #endif + } + +void PointGFp_Blinded_Multiplier::randomize(RandomNumberGenerator& rng) + { + // Randomize each point representation (Coron's 3rd countermeasure) + for(size_t i = 0; i != m_U.size(); ++i) + m_U[i].randomize_repr(rng); + } + +PointGFp PointGFp_Blinded_Multiplier::mul(const BigInt& k, + const BigInt& group_order, + RandomNumberGenerator& rng, + std::vector& ws) const + { + if(k.is_negative()) + throw Invalid_Argument("PointGFp_Blinded_Multiplier scalar must be positive"); + +#if BOTAN_POINTGFP_USE_SCALAR_BLINDING + // Choose a small mask m and use k' = k + m*order (Coron's 1st countermeasure) + const BigInt mask(rng, group_order.bits() / 4, false); + const BigInt scalar = k + group_order * mask; +#else + const BigInt& scalar = k; +#endif + + if(ws.size() < 9) + ws.resize(9); + + const size_t scalar_bits = scalar.bits(); + +#if USE_RANDOM_MONTY_WALK + const size_t w = (m_U.size() - 3) / 6; + + PointGFp R = m_U.at(3*w + 2); // base point + int32_t alpha = 0; + + R.randomize_repr(rng); + + /* + Algorithm 7 from "Randomizing the Montgomery Powering Ladder" + Duc-Phong Le, Chik How Tan and Michael Tunstall + https://eprint.iacr.org/2015/657 + + It takes a random walk through (a subset of) the set of addition + chains that end in k. + */ + for(size_t i = scalar_bits; i > 0; i--) + { + const int32_t ki = scalar.get_bit(i); + + // choose gamma from -h,...,h + const int32_t gamma = static_cast((rng.next_byte() % (2*w))) - w; + const int32_t l = gamma - 2*alpha + ki - (ki ^ 1); + + R.mult2(ws); + R.add(m_U.at(3*w + 1 + l), ws); + alpha = gamma; + } + + const int32_t k0 = scalar.get_bit(0); + R.add(m_U[3*w + 1 - alpha - (k0 ^ 1)], ws); + + #else + + size_t windows = round_up(scalar_bits, m_h) / m_h; + + PointGFp R = m_U[0]; + + if(windows > 0) + { + windows--; + const uint32_t nibble = scalar.get_substring(windows*m_h, m_h); + R.add(m_U[nibble], ws); + + /* + Randomize after adding the first nibble as before the addition R + is zero, and we cannot effectively randomize the point + representation of the zero point. + */ + R.randomize_repr(rng); + + while(windows) + { + for(size_t i = 0; i != m_h; ++i) + R.mult2(ws); + + const uint32_t inner_nibble = scalar.get_substring((windows-1)*m_h, m_h); + // cache side channel here, we are relying on blinding... + R.add(m_U[inner_nibble], ws); + windows--; + } + } + + + #endif + + //BOTAN_ASSERT(R.on_the_curve(), "Output is on the curve"); + + return R; + } + +} diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 771bd4b0f0..a41a59b669 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -17,6 +17,10 @@ #include #include +#if defined(BOTAN_HAS_SYSTEM_RNG) + #include +#endif + namespace Botan { class EC_Group_Data final @@ -36,10 +40,14 @@ class EC_Group_Data final m_order(order), m_cofactor(cofactor), m_mod_order(order), + m_base_mult(m_base_point, 5), m_oid(oid), m_p_bits(p.bits()), m_order_bits(order.bits()) { +#if defined(BOTAN_HAS_SYSTEM_RNG) + m_base_mult.randomize(system_rng()); +#endif } bool match(const BigInt& p, const BigInt& a, const BigInt& b, @@ -76,12 +84,20 @@ class EC_Group_Data final return m_mod_order.multiply(x, y); } + PointGFp blinded_base_point_multiply(const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const + { + return m_base_mult.mul(k, m_order, rng, ws); + } + private: CurveGFp m_curve; PointGFp m_base_point; BigInt m_order; BigInt m_cofactor; Modular_Reducer m_mod_order; + PointGFp_Blinded_Multiplier m_base_mult; OID m_oid; size_t m_p_bits; size_t m_order_bits; @@ -429,6 +445,13 @@ PointGFp EC_Group::point_multiply(const BigInt& x, const PointGFp& pt, const Big return multi_exponentiate(get_base_point(), x, pt, y); } +PointGFp EC_Group::blinded_base_point_multiply(const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const + { + return data().blinded_base_point_multiply(k, rng, ws); + } + PointGFp EC_Group::zero_point() const { return PointGFp(data().curve()); diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index a60c711578..0e5f352f2e 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -206,11 +206,20 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final PointGFp point(const BigInt& x, const BigInt& y) const; /** - * Multi exponentiate + * Multi exponentiate. Not constant time. * @return base_point*x + pt*y */ PointGFp point_multiply(const BigInt& x, const PointGFp& pt, const BigInt& y) const; + /** + * Blinded point multiplication, attempts resistance to side channels + * @param k the scalar + * @param rng a random number generator + * @param ws a temp workspace + * @return base_point*k + */ + PointGFp blinded_base_point_multiply(const BigInt& k, RandomNumberGenerator& rng, std::vector& ws) const; + /** * Return the zero (or infinite) point on this curve */ diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 1850696e15..4989fa0a5a 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -28,26 +28,30 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf, RandomNumberGenerator& rng) : PK_Ops::Key_Agreement_with_KDF(kdf), - m_domain(key.domain()), + m_group(key.domain()), m_rng(rng) { - m_l_times_priv = inverse_mod(m_domain.get_cofactor(), m_domain.get_order()) * key.private_value(); + m_l_times_priv = inverse_mod(m_group.get_cofactor(), m_group.get_order()) * key.private_value(); } secure_vector raw_agree(const uint8_t w[], size_t w_len) override { - PointGFp point = m_domain.OS2ECP(w, w_len); - PointGFp S = m_domain.get_cofactor() * point; - Blinded_Point_Multiply blinder(S, m_domain.get_order()); - S = blinder.blinded_multiply(m_l_times_priv, m_rng); - BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); - return BigInt::encode_1363(S.get_affine_x(), m_domain.get_p_bytes()); + PointGFp input_point = m_group.get_cofactor() * m_group.OS2ECP(w, w_len); + input_point.randomize_repr(m_rng); + + PointGFp_Blinded_Multiplier blinder(input_point, m_ws); + + const PointGFp S = blinder.mul(m_l_times_priv, m_group.get_order(), m_rng, m_ws); + + if(S.on_the_curve() == false) + throw Internal_Error("ECDH agreed value was not on the curve"); + return BigInt::encode_1363(S.get_affine_x(), m_group.get_p_bytes()); } private: - const EC_Group& m_domain; + const EC_Group m_group; BigInt m_l_times_priv; RandomNumberGenerator& m_rng; - + std::vector m_ws; }; } diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 12ccd96085..57bc197c50 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -53,7 +53,6 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), m_group(ecdsa.domain()), - m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(ecdsa.private_value()) { #if defined(BOTAN_HAS_RFC6979_GENERATOR) @@ -68,12 +67,13 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA private: const EC_Group m_group; - Blinded_Point_Multiply m_base_point; const BigInt& m_x; #if defined(BOTAN_HAS_RFC6979_GENERATOR) std::string m_rfc6979_hash; #endif + + std::vector m_ws; }; secure_vector @@ -89,7 +89,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, #endif const BigInt k_inv = inverse_mod(k, m_group.get_order()); - const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); + const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); const BigInt s = m_group.multiply_mod_order(k_inv, mul_add(m_x, r, m)); diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index f8e5744d92..6cbd3453b7 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -38,7 +38,6 @@ class ECGDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), m_group(ecgdsa.domain()), - m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(ecgdsa.private_value()) { } @@ -50,8 +49,8 @@ class ECGDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA private: const EC_Group m_group; - Blinded_Point_Multiply m_base_point; const BigInt& m_x; + std::vector m_ws; }; secure_vector @@ -62,7 +61,7 @@ ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); + const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); const BigInt s = m_group.multiply_mod_order(m_x, mul_sub(k, r, m)); diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index cd09b4c528..1120a850a4 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -66,16 +66,24 @@ class ECIES_ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF secure_vector raw_agree(const uint8_t w[], size_t w_len) override { - PointGFp point = m_key.domain().OS2ECP(w, w_len); - Blinded_Point_Multiply blinder(point, m_key.domain().get_order()); - PointGFp S = blinder.blinded_multiply(m_key.private_value(), m_rng); - BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); - return BigInt::encode_1363(S.get_affine_x(), m_key.domain().get_p_bytes()); + const EC_Group& group = m_key.domain(); + + PointGFp input_point = group.OS2ECP(w, w_len); + input_point.randomize_repr(m_rng); + + PointGFp_Blinded_Multiplier blinder(input_point, m_ws); + + const PointGFp S = blinder.mul(m_key.private_value(), group.get_order(), m_rng, m_ws); + + if(S.on_the_curve() == false) + throw Internal_Error("ECDH agreed value was not on the curve"); + return BigInt::encode_1363(S.get_affine_x(), group.get_p_bytes()); } private: ECIES_PrivateKey m_key; RandomNumberGenerator& m_rng; + std::vector m_ws; }; std::unique_ptr diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index 743d5ab95b..be721a6b60 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -45,7 +45,6 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), m_group(eckcdsa.domain()), - m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(eckcdsa.private_value()), m_prefix() { @@ -68,9 +67,9 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA private: const EC_Group m_group; - Blinded_Point_Multiply m_base_point; const BigInt& m_x; secure_vector m_prefix; + std::vector m_ws; }; secure_vector @@ -78,7 +77,7 @@ ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t, RandomNumberGenerator& rng) { const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); + const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt k_times_P_x = k_times_P.get_affine_x(); secure_vector to_be_hashed(k_times_P_x.bytes()); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 760e667aa5..79d3f204d2 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -101,7 +101,6 @@ class GOST_3410_Signature_Operation final : public PK_Ops::Signature_with_EMSA const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), m_group(gost_3410.domain()), - m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(gost_3410.private_value()) {} @@ -112,8 +111,8 @@ class GOST_3410_Signature_Operation final : public PK_Ops::Signature_with_EMSA private: const EC_Group m_group; - Blinded_Point_Multiply m_base_point; const BigInt& m_x; + std::vector m_ws; }; secure_vector @@ -133,7 +132,7 @@ GOST_3410_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, if(e == 0) e = 1; - const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); + const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); BOTAN_ASSERT(k_times_P.on_the_curve(), "GOST 34.10 k*g is on the curve"); const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 2af888bbca..9ef30d9bf0 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -83,7 +83,6 @@ class SM2_Signature_Operation final : public PK_Ops::Signature const std::string& ident, const std::string& hash) : m_group(sm2.domain()), - m_base_point(m_group.get_base_point(), m_group.get_order()), m_x(sm2.private_value()), m_da_inv(sm2.get_da_inv()), m_hash(HashFunction::create_or_throw(hash)) @@ -102,12 +101,12 @@ class SM2_Signature_Operation final : public PK_Ops::Signature private: const EC_Group m_group; - Blinded_Point_Multiply m_base_point; const BigInt& m_x; const BigInt& m_da_inv; std::vector m_za; std::unique_ptr m_hash; + std::vector m_ws; }; secure_vector @@ -115,7 +114,7 @@ SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); + const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt e = BigInt::decode(m_hash->final()); const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e); diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index 462c4b9684..b0d7736354 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -47,8 +47,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption public: SM2_Encryption_Operation(const SM2_Encryption_PublicKey& key, const std::string& kdf_hash) : m_group(key.domain()), - m_base_point(m_group.get_base_point(), m_group.get_order()), - m_public_point(key.public_point(), m_group.get_order()), + m_mul_public_point(key.public_point()), m_kdf_hash(kdf_hash) {} @@ -69,7 +68,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp C1 = m_base_point.blinded_multiply(k, rng); + const PointGFp C1 = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt x1 = C1.get_affine_x(); const BigInt y1 = C1.get_affine_y(); std::vector x1_bytes(p_bytes); @@ -77,7 +76,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption BigInt::encode_1363(x1_bytes.data(), x1_bytes.size(), x1); BigInt::encode_1363(y1_bytes.data(), y1_bytes.size(), y1); - const PointGFp kPB = m_public_point.blinded_multiply(k, rng); + const PointGFp kPB = m_mul_public_point.mul(k, m_group.get_order(), rng, m_ws); const BigInt x2 = kPB.get_affine_x(); const BigInt y2 = kPB.get_affine_y(); @@ -114,9 +113,9 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption private: const EC_Group m_group; - Blinded_Point_Multiply m_base_point; - Blinded_Point_Multiply m_public_point; + PointGFp_Blinded_Multiplier m_mul_public_point; const std::string m_kdf_hash; + std::vector m_ws; }; class SM2_Decryption_Operation final : public PK_Ops::Decryption @@ -134,8 +133,9 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption const uint8_t ciphertext[], size_t ciphertext_len) override { - const BigInt& cofactor = m_key.domain().get_cofactor(); - const size_t p_bytes = m_key.domain().get_p_bytes(); + const EC_Group& group = m_key.domain(); + const BigInt& cofactor = group.get_cofactor(); + const size_t p_bytes = group.get_p_bytes(); valid_mask = 0x00; @@ -160,18 +160,20 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption .end_cons() .verify_end(); - const PointGFp C1 = m_key.domain().point(x1, y1); + PointGFp C1 = group.point(x1, y1); if(!C1.on_the_curve()) return secure_vector(); - Blinded_Point_Multiply C1_mul(C1, m_key.domain().get_order()); - - if(cofactor > 1 && C1_mul.blinded_multiply(cofactor, m_rng).is_zero()) + if(cofactor > 1 && (C1 * cofactor).is_zero()) { return secure_vector(); } - const PointGFp dbC1 = C1_mul.blinded_multiply(m_key.private_value(), m_rng); + C1.randomize_repr(m_rng); + + PointGFp_Blinded_Multiplier C1_mul(C1); + + const PointGFp dbC1 = C1_mul.mul(m_key.private_value(), group.get_order(), m_rng, m_ws); const BigInt x2 = dbC1.get_affine_x(); const BigInt y2 = dbC1.get_affine_y(); @@ -205,6 +207,7 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption const SM2_Encryption_PrivateKey& m_key; RandomNumberGenerator& m_rng; const std::string m_kdf_hash; + std::vector m_ws; }; } diff --git a/src/tests/data/timing/ecc_mul.vec b/src/tests/data/timing/ecc_mul.vec new file mode 100644 index 0000000000..fc703efbf0 --- /dev/null +++ b/src/tests/data/timing/ecc_mul.vec @@ -0,0 +1,4 @@ +# leading zeros +01 +# no leading zeros +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF diff --git a/src/tests/data/timing/inverse_mod.vec b/src/tests/data/timing/inverse_mod.vec new file mode 100644 index 0000000000..5ecd03f7b8 --- /dev/null +++ b/src/tests/data/timing/inverse_mod.vec @@ -0,0 +1,2 @@ +02 +FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF From 171e999ce1d6fd2b23e7a5f15b2b33ba9eed8403 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 11:29:23 -0500 Subject: [PATCH 0664/1008] Remove mutable worksspace from PointGFp Was not thread safe, big problem now that we share elements in EC_Group --- src/lib/math/ec_gfp/point_gfp.cpp | 132 +++++++++++++++++------------- src/lib/math/ec_gfp/point_gfp.h | 43 +++------- src/lib/math/ec_gfp/point_mul.cpp | 14 ++-- src/tests/unit_ecc.cpp | 13 +-- 4 files changed, 97 insertions(+), 105 deletions(-) diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index 1489065a0d..e76095d9c3 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -13,16 +13,16 @@ namespace Botan { - PointGFp::PointGFp(const CurveGFp& curve) : m_curve(curve), m_coord_x(0), m_coord_y(1), m_coord_z(0) { - m_curve.to_rep(m_coord_x, m_monty_ws); - m_curve.to_rep(m_coord_y, m_monty_ws); - m_curve.to_rep(m_coord_z, m_monty_ws); + secure_vector monty_ws; + m_curve.to_rep(m_coord_x, monty_ws); + m_curve.to_rep(m_coord_y, monty_ws); + m_curve.to_rep(m_coord_z, monty_ws); } PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) : @@ -36,9 +36,10 @@ PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) : if(y <= 0 || y >= curve.get_p()) throw Invalid_Argument("Invalid PointGFp affine y"); - m_curve.to_rep(m_coord_x, m_monty_ws); - m_curve.to_rep(m_coord_y, m_monty_ws); - m_curve.to_rep(m_coord_z, m_monty_ws); + secure_vector monty_ws; + m_curve.to_rep(m_coord_x, monty_ws); + m_curve.to_rep(m_coord_y, monty_ws); + m_curve.to_rep(m_coord_z, monty_ws); } void PointGFp::randomize_repr(RandomNumberGenerator& rng) @@ -49,13 +50,15 @@ void PointGFp::randomize_repr(RandomNumberGenerator& rng) while(mask.is_zero()) mask.randomize(rng, BOTAN_POINTGFP_RANDOMIZE_BLINDING_BITS, false); - m_curve.to_rep(mask, m_monty_ws); - const BigInt mask2 = curve_mult(mask, mask); - const BigInt mask3 = curve_mult(mask2, mask); + secure_vector monty_ws; + + m_curve.to_rep(mask, monty_ws); + const BigInt mask2 = m_curve.mul(mask, mask, monty_ws); + const BigInt mask3 = m_curve.mul(mask2, mask, monty_ws); - m_coord_x = curve_mult(m_coord_x, mask2); - m_coord_y = curve_mult(m_coord_y, mask3); - m_coord_z = curve_mult(m_coord_z, mask); + m_coord_x = m_curve.mul(m_coord_x, mask2, monty_ws); + m_coord_y = m_curve.mul(m_coord_y, mask3, monty_ws); + m_coord_z = m_curve.mul(m_coord_z, mask, monty_ws); } } @@ -85,17 +88,23 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) BigInt& H = ws_bn[6]; BigInt& r = ws_bn[7]; + secure_vector& monty_ws = ws_bn[8].get_word_vector(); + /* https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 */ - curve_sqr(rhs_z2, rhs.m_coord_z); - curve_mult(U1, m_coord_x, rhs_z2); - curve_mult(S1, m_coord_y, curve_mult(rhs.m_coord_z, rhs_z2)); + m_curve.sqr(rhs_z2, rhs.m_coord_z, monty_ws); + m_curve.mul(U1, m_coord_x, rhs_z2, monty_ws); + m_curve.mul(S1, m_coord_y, + m_curve.mul(rhs.m_coord_z, rhs_z2, monty_ws), + monty_ws); - curve_sqr(lhs_z2, m_coord_z); - curve_mult(U2, rhs.m_coord_x, lhs_z2); - curve_mult(S2, rhs.m_coord_y, curve_mult(m_coord_z, lhs_z2)); + m_curve.sqr(lhs_z2, m_coord_z, monty_ws); + m_curve.mul(U2, rhs.m_coord_x, lhs_z2, monty_ws); + m_curve.mul(S2, rhs.m_coord_y, + m_curve.mul(m_coord_z, lhs_z2, monty_ws), + monty_ws); H = U2; H -= U1; @@ -122,13 +131,13 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) return; } - curve_sqr(U2, H); + m_curve.sqr(U2, H, monty_ws); - curve_mult(S2, U2, H); + m_curve.mul(S2, U2, H, monty_ws); - U2 = curve_mult(U1, U2); + U2 = m_curve.mul(U1, U2, monty_ws); - curve_sqr(m_coord_x, r); + m_curve.sqr(m_coord_x, r, monty_ws); m_coord_x -= S2; m_coord_x -= (U2 << 1); while(m_coord_x.is_negative()) @@ -138,12 +147,14 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) if(U2.is_negative()) U2 += p; - curve_mult(m_coord_y, r, U2); - m_coord_y -= curve_mult(S1, S2); + m_curve.mul(m_coord_y, r, U2, monty_ws); + m_coord_y -= m_curve.mul(S1, S2, monty_ws); if(m_coord_y.is_negative()) m_coord_y += p; - curve_mult(m_coord_z, curve_mult(m_coord_z, rhs.m_coord_z), H); + m_curve.mul(m_coord_z, + m_curve.mul(m_coord_z, rhs.m_coord_z, monty_ws), + H, monty_ws); } // *this *= 2 @@ -173,28 +184,30 @@ void PointGFp::mult2(std::vector& ws_bn) BigInt& y = ws_bn[7]; BigInt& z = ws_bn[8]; - curve_sqr(y_2, m_coord_y); + secure_vector& monty_ws = ws_bn[9].get_word_vector(); - curve_mult(S, m_coord_x, y_2); + m_curve.sqr(y_2, m_coord_y, monty_ws); + + m_curve.mul(S, m_coord_x, y_2, monty_ws); S <<= 2; // * 4 while(S >= p) S -= p; - curve_sqr(z4, curve_sqr(m_coord_z)); - curve_mult(a_z4, m_curve.get_a_rep(), z4); + m_curve.sqr(z4, m_curve.sqr(m_coord_z, monty_ws), monty_ws); + m_curve.mul(a_z4, m_curve.get_a_rep(), z4, monty_ws); - M = curve_sqr(m_coord_x); + M = m_curve.sqr(m_coord_x, monty_ws); M *= 3; M += a_z4; while(M >= p) M -= p; - curve_sqr(x, M); + m_curve.sqr(x, M, monty_ws); x -= (S << 1); while(x.is_negative()) x += p; - curve_sqr(U, y_2); + m_curve.sqr(U, y_2, monty_ws); U <<= 3; while(U >= p) U -= p; @@ -203,12 +216,12 @@ void PointGFp::mult2(std::vector& ws_bn) while(S.is_negative()) S += p; - curve_mult(y, M, S); + m_curve.mul(y, M, S, monty_ws); y -= U; if(y.is_negative()) y += p; - curve_mult(z, m_coord_y, m_coord_z); + m_curve.mul(z, m_coord_y, m_coord_z, monty_ws); z <<= 1; if(z >= p) z -= p; @@ -221,7 +234,7 @@ void PointGFp::mult2(std::vector& ws_bn) // arithmetic operators PointGFp& PointGFp::operator+=(const PointGFp& rhs) { - std::vector ws(9); + std::vector ws(PointGFp::WORKSPACE_SIZE); add(rhs, ws); return *this; } @@ -249,10 +262,10 @@ PointGFp multi_exponentiate(const PointGFp& p1, const BigInt& z1, { const PointGFp p3 = p1 + p2; - PointGFp H(p1.get_curve()); // create as zero + PointGFp H = p1.zero(); size_t bits_left = std::max(z1.bits(), z2.bits()); - std::vector ws(9); + std::vector ws(PointGFp::WORKSPACE_SIZE); while(bits_left) { @@ -281,13 +294,11 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) { //BOTAN_ASSERT(point.on_the_curve(), "Input is on the curve"); - const CurveGFp& curve = point.get_curve(); - const size_t scalar_bits = scalar.bits(); - std::vector ws(9); + std::vector ws(PointGFp::WORKSPACE_SIZE); - PointGFp R[2] = { PointGFp(curve), point }; + PointGFp R[2] = { point.zero(), point }; for(size_t i = scalar_bits; i > 0; i--) { @@ -309,11 +320,12 @@ BigInt PointGFp::get_affine_x() const if(is_zero()) throw Illegal_Transformation("Cannot convert zero point to affine"); - BigInt z2 = curve_sqr(m_coord_z); - m_curve.from_rep(z2, m_monty_ws); + secure_vector monty_ws; + BigInt z2 = m_curve.sqr(m_coord_z, monty_ws); + m_curve.from_rep(z2, monty_ws); z2 = inverse_mod(z2, m_curve.get_p()); - return curve_mult(z2, m_coord_x); + return m_curve.mul(z2, m_coord_x, monty_ws); } BigInt PointGFp::get_affine_y() const @@ -321,11 +333,12 @@ BigInt PointGFp::get_affine_y() const if(is_zero()) throw Illegal_Transformation("Cannot convert zero point to affine"); - BigInt z3 = curve_mult(m_coord_z, curve_sqr(m_coord_z)); + secure_vector monty_ws; + BigInt z3 = m_curve.mul(m_coord_z, m_curve.sqr(m_coord_z, monty_ws), monty_ws); z3 = inverse_mod(z3, m_curve.get_p()); - m_curve.to_rep(z3, m_monty_ws); + m_curve.to_rep(z3, monty_ws); - return curve_mult(z3, m_coord_y); + return m_curve.mul(z3, m_coord_y, monty_ws); } bool PointGFp::on_the_curve() const @@ -339,22 +352,24 @@ bool PointGFp::on_the_curve() const if(is_zero()) return true; - const BigInt y2 = m_curve.from_rep(curve_sqr(m_coord_y), m_monty_ws); - const BigInt x3 = curve_mult(m_coord_x, curve_sqr(m_coord_x)); - const BigInt ax = curve_mult(m_coord_x, m_curve.get_a_rep()); - const BigInt z2 = curve_sqr(m_coord_z); + secure_vector monty_ws; + + const BigInt y2 = m_curve.from_rep(m_curve.sqr(m_coord_y, monty_ws), monty_ws); + const BigInt x3 = m_curve.mul(m_coord_x, m_curve.sqr(m_coord_x, monty_ws), monty_ws); + const BigInt ax = m_curve.mul(m_coord_x, m_curve.get_a_rep(), monty_ws); + const BigInt z2 = m_curve.sqr(m_coord_z, monty_ws); if(m_coord_z == z2) // Is z equal to 1 (in Montgomery form)? { - if(y2 != m_curve.from_rep(x3 + ax + m_curve.get_b_rep(), m_monty_ws)) + if(y2 != m_curve.from_rep(x3 + ax + m_curve.get_b_rep(), monty_ws)) return false; } - const BigInt z3 = curve_mult(m_coord_z, z2); - const BigInt ax_z4 = curve_mult(ax, curve_sqr(z2)); - const BigInt b_z6 = curve_mult(m_curve.get_b_rep(), curve_sqr(z3)); + const BigInt z3 = m_curve.mul(m_coord_z, z2, monty_ws); + const BigInt ax_z4 = m_curve.mul(ax, m_curve.sqr(z2, monty_ws), monty_ws); + const BigInt b_z6 = m_curve.mul(m_curve.get_b_rep(), m_curve.sqr(z3, monty_ws), monty_ws); - if(y2 != m_curve.from_rep(x3 + ax_z4 + b_z6, m_monty_ws)) + if(y2 != m_curve.from_rep(x3 + ax_z4 + b_z6, monty_ws)) return false; return true; @@ -367,12 +382,11 @@ void PointGFp::swap(PointGFp& other) m_coord_x.swap(other.m_coord_x); m_coord_y.swap(other.m_coord_y); m_coord_z.swap(other.m_coord_z); - m_monty_ws.swap(other.m_monty_ws); } bool PointGFp::operator==(const PointGFp& other) const { - if(get_curve() != other.get_curve()) + if(m_curve != other.m_curve) return false; // If this is zero, only equal if other is also zero diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index db3e02baa1..51f8a1cf8d 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -49,6 +49,8 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final HYBRID = 2 }; + enum { WORKSPACE_SIZE = 10 }; + /** * Construct an uninitialized PointGFp */ @@ -60,11 +62,6 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ explicit PointGFp(const CurveGFp& curve); - static PointGFp zero_of(const CurveGFp& curve) - { - return PointGFp(curve); - } - /** * Copy constructor */ @@ -205,44 +202,24 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final /** * Point addition - * @param workspace temp space, at least 11 elements + * @param workspace temp space, at least 9 elements */ void add(const PointGFp& other, std::vector& workspace); /** * Point doubling - * @param workspace temp space, at least 9 elements + * @param workspace temp space, at least 10 elements */ void mult2(std::vector& workspace); - private: - BigInt curve_mult(const BigInt& x, const BigInt& y) const - { - BigInt z; - m_curve.mul(z, x, y, m_monty_ws); - return z; - } - - void curve_mult(BigInt& z, const BigInt& x, const BigInt& y) const - { - m_curve.mul(z, x, y, m_monty_ws); - } - - BigInt curve_sqr(const BigInt& x) const - { - BigInt z; - m_curve.sqr(z, x, m_monty_ws); - return z; - } - - void curve_sqr(BigInt& z, const BigInt& x) const - { - m_curve.sqr(z, x, m_monty_ws); - } + /** + * Return the zero (aka infinite) point associated with this curve + */ + PointGFp zero() const { return PointGFp(m_curve); } + private: CurveGFp m_curve; BigInt m_coord_x, m_coord_y, m_coord_z; - mutable secure_vector m_monty_ws; // workspace for Montgomery }; // relational operators @@ -349,7 +326,7 @@ class BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("Use PointGFp_Blinded_Multiplier") { public: Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h = 0) : - m_ws(9), m_order(order), m_point_mul(base, m_ws, h) {} + m_ws(PointGFp::WORKSPACE_SIZE), m_order(order), m_point_mul(base, m_ws, h) {} PointGFp blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng) { diff --git a/src/lib/math/ec_gfp/point_mul.cpp b/src/lib/math/ec_gfp/point_mul.cpp index d87f83349c..5fc5081261 100644 --- a/src/lib/math/ec_gfp/point_mul.cpp +++ b/src/lib/math/ec_gfp/point_mul.cpp @@ -32,22 +32,20 @@ void PointGFp_Blinded_Multiplier::init(const PointGFp& base, { m_h = (w == 0 ? 5 : w); - if(ws.size() < 9) - ws.resize(9); + if(ws.size() < PointGFp::WORKSPACE_SIZE) + ws.resize(PointGFp::WORKSPACE_SIZE); // Upper bound is a sanity check rather than hard limit if(m_h < 1 || m_h > 8) throw Invalid_Argument("PointGFp_Blinded_Multiplier invalid w param"); - const CurveGFp& curve = base.get_curve(); - #if USE_RANDOM_MONTY_WALK const PointGFp inv = -base; m_U.resize(6*m_h + 3); m_U[3*m_h+0] = inv; - m_U[3*m_h+1] = PointGFp::zero_of(curve); + m_U[3*m_h+1] = base.zero(); m_U[3*m_h+2] = base; for(size_t i = 1; i <= 3 * m_h + 1; ++i) @@ -61,7 +59,7 @@ void PointGFp_Blinded_Multiplier::init(const PointGFp& base, #else m_U.resize(1 << m_h); - m_U[0] = PointGFp::zero_of(curve); + m_U[0] = base.zero(); m_U[1] = base; for(size_t i = 2; i < m_U.size(); ++i) @@ -96,8 +94,8 @@ PointGFp PointGFp_Blinded_Multiplier::mul(const BigInt& k, const BigInt& scalar = k; #endif - if(ws.size() < 9) - ws.resize(9); + if(ws.size() < PointGFp::WORKSPACE_SIZE) + ws.resize(PointGFp::WORKSPACE_SIZE); const size_t scalar_bits = scalar.bits(); diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index bd8295033a..1a2f1d61c3 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -130,13 +130,16 @@ std::vector ECC_Randomized_Tests::run() result.test_eq("infinite order correct", inf.is_zero(), true); result.test_eq("infinity on the curve", inf.on_the_curve(), true); + std::vector blind_ws; + try { const size_t trials = (Test::run_long_tests() ? 10 : 3); for(size_t i = 0; i < trials; ++i) { - const size_t h = 1 + (Test::rng().next_byte() % 8); - Botan::Blinded_Point_Multiply blind(base_point, group_order, h); + const size_t w = 1 + (Test::rng().next_byte() % 8); + + Botan::PointGFp_Blinded_Multiplier blinded(base_point, w); const Botan::BigInt a = Botan::BigInt::random_integer(Test::rng(), 2, group_order); const Botan::BigInt b = Botan::BigInt::random_integer(Test::rng(), 2, group_order); @@ -146,9 +149,9 @@ std::vector ECC_Randomized_Tests::run() const Botan::PointGFp Q = base_point * b; const Botan::PointGFp R = base_point * c; - const Botan::PointGFp P1 = blind.blinded_multiply(a, Test::rng()); - const Botan::PointGFp Q1 = blind.blinded_multiply(b, Test::rng()); - const Botan::PointGFp R1 = blind.blinded_multiply(c, Test::rng()); + const Botan::PointGFp P1 = blinded.mul(a, group_order, Test::rng(), blind_ws); + const Botan::PointGFp Q1 = blinded.mul(b, group_order, Test::rng(), blind_ws); + const Botan::PointGFp R1 = blinded.mul(c, group_order, Test::rng(), blind_ws); const Botan::PointGFp A1 = P + Q; const Botan::PointGFp A2 = Q + P; From 3d7609c80b6ff2ac6e10ab2a9eb59d7676fcf807 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 12:15:56 -0500 Subject: [PATCH 0665/1008] Remove the randomized Montgomery point mul code --- src/lib/math/ec_gfp/point_gfp.cpp | 3 +- src/lib/math/ec_gfp/point_mul.cpp | 60 ------------------------------- 2 files changed, 2 insertions(+), 61 deletions(-) diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index e76095d9c3..85236d2dbe 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -162,7 +162,8 @@ void PointGFp::mult2(std::vector& ws_bn) { if(is_zero()) return; - else if(m_coord_y.is_zero()) + + if(m_coord_y.is_zero()) { *this = PointGFp(m_curve); // setting myself to zero return; diff --git a/src/lib/math/ec_gfp/point_mul.cpp b/src/lib/math/ec_gfp/point_mul.cpp index 5fc5081261..7fea02280e 100644 --- a/src/lib/math/ec_gfp/point_mul.cpp +++ b/src/lib/math/ec_gfp/point_mul.cpp @@ -24,8 +24,6 @@ PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, init(base, w, ws); } -#define USE_RANDOM_MONTY_WALK 0 - void PointGFp_Blinded_Multiplier::init(const PointGFp& base, size_t w, std::vector& ws) @@ -39,25 +37,6 @@ void PointGFp_Blinded_Multiplier::init(const PointGFp& base, if(m_h < 1 || m_h > 8) throw Invalid_Argument("PointGFp_Blinded_Multiplier invalid w param"); - #if USE_RANDOM_MONTY_WALK - const PointGFp inv = -base; - - m_U.resize(6*m_h + 3); - - m_U[3*m_h+0] = inv; - m_U[3*m_h+1] = base.zero(); - m_U[3*m_h+2] = base; - - for(size_t i = 1; i <= 3 * m_h + 1; ++i) - { - m_U[3*m_h+1+i] = m_U[3*m_h+i]; - m_U[3*m_h+1+i].add(base, ws); - - m_U[3*m_h+1-i] = m_U[3*m_h+2-i]; - m_U[3*m_h+1-i].add(inv, ws); - } - #else - m_U.resize(1 << m_h); m_U[0] = base.zero(); m_U[1] = base; @@ -67,8 +46,6 @@ void PointGFp_Blinded_Multiplier::init(const PointGFp& base, m_U[i] = m_U[i-1]; m_U[i].add(base, ws); } - - #endif } void PointGFp_Blinded_Multiplier::randomize(RandomNumberGenerator& rng) @@ -99,40 +76,6 @@ PointGFp PointGFp_Blinded_Multiplier::mul(const BigInt& k, const size_t scalar_bits = scalar.bits(); -#if USE_RANDOM_MONTY_WALK - const size_t w = (m_U.size() - 3) / 6; - - PointGFp R = m_U.at(3*w + 2); // base point - int32_t alpha = 0; - - R.randomize_repr(rng); - - /* - Algorithm 7 from "Randomizing the Montgomery Powering Ladder" - Duc-Phong Le, Chik How Tan and Michael Tunstall - https://eprint.iacr.org/2015/657 - - It takes a random walk through (a subset of) the set of addition - chains that end in k. - */ - for(size_t i = scalar_bits; i > 0; i--) - { - const int32_t ki = scalar.get_bit(i); - - // choose gamma from -h,...,h - const int32_t gamma = static_cast((rng.next_byte() % (2*w))) - w; - const int32_t l = gamma - 2*alpha + ki - (ki ^ 1); - - R.mult2(ws); - R.add(m_U.at(3*w + 1 + l), ws); - alpha = gamma; - } - - const int32_t k0 = scalar.get_bit(0); - R.add(m_U[3*w + 1 - alpha - (k0 ^ 1)], ws); - - #else - size_t windows = round_up(scalar_bits, m_h) / m_h; PointGFp R = m_U[0]; @@ -162,9 +105,6 @@ PointGFp PointGFp_Blinded_Multiplier::mul(const BigInt& k, } } - - #endif - //BOTAN_ASSERT(R.on_the_curve(), "Output is on the curve"); return R; From a706d6b6b4344388b9a5b0a2e506ce4cd3c83cf3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 12:20:31 -0500 Subject: [PATCH 0666/1008] Use a table in multi_exponentiate --- src/lib/math/ec_gfp/point_gfp.cpp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index 85236d2dbe..d9599e6509 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -261,28 +261,28 @@ PointGFp& PointGFp::operator*=(const BigInt& scalar) PointGFp multi_exponentiate(const PointGFp& p1, const BigInt& z1, const PointGFp& p2, const BigInt& z2) { - const PointGFp p3 = p1 + p2; - PointGFp H = p1.zero(); - size_t bits_left = std::max(z1.bits(), z2.bits()); + const size_t z_bits = std::max(z1.bits(), z2.bits()); std::vector ws(PointGFp::WORKSPACE_SIZE); - while(bits_left) + PointGFp M[4] = { + p1.zero(), + p1, + p2, + p1 + p2, + }; + + for(size_t i = 0; i != z_bits; ++i) { H.mult2(ws); - const bool z1_b = z1.get_bit(bits_left - 1); - const bool z2_b = z2.get_bit(bits_left - 1); + const uint8_t z1_b = z1.get_bit(z_bits - i - 1); + const uint8_t z2_b = z2.get_bit(z_bits - i - 1); - if(z1_b == true && z2_b == true) - H.add(p3, ws); - else if(z1_b) - H.add(p1, ws); - else if(z2_b) - H.add(p2, ws); + const uint8_t z12 = (2*z2_b) + z1_b; - --bits_left; + H.add(M[z12], ws); } if(z1.is_negative() != z2.is_negative()) From fdbcf2dcc45094f6eee2fe2f17ee287118dc6cfd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 12:36:53 -0500 Subject: [PATCH 0667/1008] Expose EC_Group::a_is_minus_3 --- src/lib/pubkey/ec_group/ec_group.cpp | 11 ++++++++++- src/lib/pubkey/ec_group/ec_group.h | 5 +++++ src/tests/unit_ecc.cpp | 7 +++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index a41a59b669..26af32a16e 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -43,7 +43,8 @@ class EC_Group_Data final m_base_mult(m_base_point, 5), m_oid(oid), m_p_bits(p.bits()), - m_order_bits(order.bits()) + m_order_bits(order.bits()), + m_a_is_minus_3(a == p - 3) { #if defined(BOTAN_HAS_SYSTEM_RNG) m_base_mult.randomize(system_rng()); @@ -77,6 +78,8 @@ class EC_Group_Data final const CurveGFp& curve() const { return m_curve; } const PointGFp& base_point() const { return m_base_point; } + bool a_is_minus_3() const { return m_a_is_minus_3; } + BigInt mod_order(const BigInt& x) const { return m_mod_order.reduce(x); } BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const @@ -101,6 +104,7 @@ class EC_Group_Data final OID m_oid; size_t m_p_bits; size_t m_order_bits; + bool m_a_is_minus_3; }; class EC_Group_Data_Map final @@ -365,6 +369,11 @@ const CurveGFp& EC_Group::get_curve() const return data().curve(); } +bool EC_Group::a_is_minus_3() const + { + return data().a_is_minus_3(); + } + size_t EC_Group::get_p_bits() const { return data().p_bits(); diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 0e5f352f2e..16a6abe289 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -125,6 +125,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ BOTAN_DEPRECATED("Avoid CurveGFp") const CurveGFp& get_curve() const; + /** + * Return if a == -3 mod p + */ + bool a_is_minus_3() const; + /** * Return the size of p in bits (same as get_p().bits()) */ diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 1a2f1d61c3..166dfcd144 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -281,6 +281,13 @@ Test::Result test_groups() result.confirm("EC_Group is known", !group.get_curve_oid().empty()); result.test_eq("EC_Group has correct bit size", group.get_p().bits(), group.get_p_bits()); result.test_eq("EC_Group has byte size", group.get_p().bytes(), group.get_p_bytes()); + + bool a_is_minus_3 = group.a_is_minus_3(); + + if(a_is_minus_3) + result.test_eq("Group A equals -3", group.get_a(), group.get_p() - 3); + else + result.test_ne("Group " + group_name + " A does not equal -3", group.get_a(), group.get_p() - 3); } return result; } From 961a266b3e4378d46f980090f76c2f31d03b52f8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 14:56:35 -0500 Subject: [PATCH 0668/1008] Minimize header dependencies --- src/fuzzer/ecc_helper.h | 1 - src/lib/pubkey/ec_group/ec_group.h | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/fuzzer/ecc_helper.h b/src/fuzzer/ecc_helper.h index f3b212730c..b6b4aba9cc 100644 --- a/src/fuzzer/ecc_helper.h +++ b/src/fuzzer/ecc_helper.h @@ -8,7 +8,6 @@ #define ECC_HELPERS_H_ #include "fuzzers.h" -#include #include #include diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 16a6abe289..2baa2555e3 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -11,7 +11,6 @@ #define BOTAN_ECC_DOMAIN_PARAMETERS_H_ #include -#include #include #include #include @@ -27,6 +26,8 @@ enum EC_Group_Encoding { EC_DOMPAR_ENC_OID = 2 }; +class CurveGFp; + class EC_Group_Data; class EC_Group_Data_Map; From bb2352f8861683999fb8a226fb5b79e2f89ab3e8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 15:10:06 -0500 Subject: [PATCH 0669/1008] Small cleanup --- src/lib/pubkey/ec_group/ec_group.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 26af32a16e..102eed6e57 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -55,9 +55,13 @@ class EC_Group_Data final const BigInt& g_x, const BigInt& g_y, const BigInt& order, const BigInt& cofactor) const { - return (this->p() == p && this->a() == a && this->b() == b && - this->order() == order && this->cofactor() == cofactor && - this->g_x() == g_x && this->g_y() == g_y); + return (this->p() == p && + this->a() == a && + this->b() == b && + this->order() == order && + this->cofactor() == cofactor && + this->g_x() == g_x && + this->g_y() == g_y); } const OID& oid() const { return m_oid; } @@ -446,6 +450,7 @@ PointGFp EC_Group::OS2ECP(const uint8_t bits[], size_t len) const PointGFp EC_Group::point(const BigInt& x, const BigInt& y) const { + // TODO: randomize the representation? return PointGFp(data().curve(), x, y); } From b647b159a7ac81d544250dd11aafe9541b477b37 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Feb 2018 17:49:51 -0500 Subject: [PATCH 0670/1008] Move declarations that don't need to be friends of PointGFp --- src/lib/math/ec_gfp/point_gfp.h | 41 ++++++++++++++++----------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index 51f8a1cf8d..a2c7ae86a3 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -117,29 +117,8 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final * @param scalar the PointGFp to multiply with *this * @result resulting PointGFp */ - PointGFp& operator*=(const BigInt& scalar); - /** - * Multiplication Operator - * @param scalar the scalar value - * @param point the point value - * @return scalar*point on the curve - */ - friend BOTAN_PUBLIC_API(2,0) PointGFp operator*(const BigInt& scalar, const PointGFp& point); - - /** - * Multiexponentiation - * @param p1 a point - * @param z1 a scalar - * @param p2 a point - * @param z2 a scalar - * @result (p1 * z1 + p2 * z2) - */ - friend BOTAN_PUBLIC_API(2,0) PointGFp multi_exponentiate( - const PointGFp& p1, const BigInt& z1, - const PointGFp& p2, const BigInt& z2); - /** * Negate this point * @return *this @@ -222,6 +201,26 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final BigInt m_coord_x, m_coord_y, m_coord_z; }; +/** +* Point multiplication operator +* @param scalar the scalar value +* @param point the point value +* @return scalar*point on the curve +*/ +BOTAN_PUBLIC_API(2,0) PointGFp operator*(const BigInt& scalar, const PointGFp& point); + +/** +* ECC point multiexponentiation +* @param p1 a point +* @param z1 a scalar +* @param p2 a point +* @param z2 a scalar +* @result (p1 * z1 + p2 * z2) +*/ +BOTAN_PUBLIC_API(2,0) PointGFp multi_exponentiate( + const PointGFp& p1, const BigInt& z1, + const PointGFp& p2, const BigInt& z2); + // relational operators inline bool operator!=(const PointGFp& lhs, const PointGFp& rhs) { From 901eb327fb9989abe7b8327b2f691bff7221cea6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Feb 2018 09:51:56 -0500 Subject: [PATCH 0671/1008] Fix missing semicolon in pubkey example [ci skip] --- doc/manual/pubkey.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/manual/pubkey.rst b/doc/manual/pubkey.rst index f6bbca4122..17ebea231d 100644 --- a/doc/manual/pubkey.rst +++ b/doc/manual/pubkey.rst @@ -722,7 +722,7 @@ applies the key derivation function KDF2(SHA-256) with 256 bit output length to int main() { - Botan::AutoSeeded_RNG rng + Botan::AutoSeeded_RNG rng; // ec domain and Botan::EC_Group domain("secp521r1"); std::string kdf = "KDF2(SHA-256)"; From 4e8459231443c855315b7ef6fb1c61b92fc81da2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Feb 2018 10:45:58 -0500 Subject: [PATCH 0672/1008] Fix fuzzer build --- src/fuzzer/ecc_helper.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/fuzzer/ecc_helper.h b/src/fuzzer/ecc_helper.h index b6b4aba9cc..cd0ef0ac9d 100644 --- a/src/fuzzer/ecc_helper.h +++ b/src/fuzzer/ecc_helper.h @@ -26,6 +26,9 @@ void check_ecc_math(const Botan::EC_Group& group, static const Botan::PointGFp base_point = group.get_base_point(); static Botan::PointGFp_Blinded_Multiplier blind(base_point); + // This is shared across runs to reduce overhead + static std::vector ws(10); + const size_t hlen = len / 2; const Botan::BigInt a = Botan::BigInt::decode(in, hlen); const Botan::BigInt b = Botan::BigInt::decode(in + hlen, len - hlen); @@ -41,9 +44,9 @@ void check_ecc_math(const Botan::EC_Group& group, FUZZER_ASSERT_EQUAL(A1, A2); - const Botan::PointGFp P1 = blind.blinded_multiply(a, group.get_order(), fuzzer_rng()); - const Botan::PointGFp Q1 = blind.blinded_multiply(b, group.get_order(), fuzzer_rng()); - const Botan::PointGFp R1 = blind.blinded_multiply(c, group.get_order(), fuzzer_rng()); + const Botan::PointGFp P1 = blind.mul(a, group.get_order(), fuzzer_rng(), ws); + const Botan::PointGFp Q1 = blind.mul(b, group.get_order(), fuzzer_rng(), ws); + const Botan::PointGFp R1 = blind.mul(c, group.get_order(), fuzzer_rng(), ws); const Botan::PointGFp S1 = P1 + Q1; const Botan::PointGFp S2 = Q1 + P1; From 0731dd51bd28629d0c5854610f1e04a07c348d94 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Feb 2018 11:02:15 -0500 Subject: [PATCH 0673/1008] Remove unused include [ci skip] --- src/lib/pubkey/dl_group/dl_group.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 791cab8aa2..c96dea677f 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -13,7 +13,6 @@ #include #include #include -#include namespace Botan { From 46a914e2d1732f0903436b74cbef7aa01607f075 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Feb 2018 12:39:05 -0500 Subject: [PATCH 0674/1008] Update news --- news.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/news.rst b/news.rst index 2022e04e6e..a533520f63 100644 --- a/news.rst +++ b/news.rst @@ -12,6 +12,15 @@ Version 2.5.0, Not Yet Released * Add new TLS::Callbacks methods that allow creating or removing extensions, as well as examining extensions sent by the peer (GH #1394 #1186) +* Add new TLS::Callbacks methods that allow an application to + negotiate use of custom elliptic curves. (GH #1448) + +* Add ability to create custom ellipcic curves (GH #1441 #1444) + +* Change DL_Group and EC_Group to store their data as shared_ptr for + fast copying. Also both classes precompute additional useful values + (eg for modular reductions). (GH #1435 #1454) + * Make it possible for PKCS10 requests to include custom extensions. This also makes it possible to use muliple SubjectAlternativeNames of a single type in a request, which was previously not possible. (GH #1429 #1428) @@ -35,6 +44,8 @@ Version 2.5.0, Not Yet Released * Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392) +* Various minor optimizations for SHA-3 (GH #1433 #1434) + * The output of ``botan --help`` has been improved (GH #1387) * Add ``--der-format`` flag to command line utils, making it possible verify From 363e5a26e96c539c029352b9ab00bd9d11d905d7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Feb 2018 14:17:40 -0500 Subject: [PATCH 0675/1008] Fix incorrect check in DL key check get_q returns zero instead of throwing if q is not set --- src/lib/pubkey/dl_algo/dl_algo.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index 0ac6bfce50..c5fc1e0822 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -75,16 +75,13 @@ bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng, if(!m_group.verify_group(rng, strong)) return false; - try + const BigInt& q = group_q(); + + if(q.is_zero() == false) { - const BigInt& q = group_q(); if(power_mod(m_y, q, p) != 1) return false; } - catch(const Invalid_State&) - { - return true; - } return true; } From 03c2136d24baeb0e7c6eb568a82b1effbe449c5a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Feb 2018 18:35:22 -0500 Subject: [PATCH 0676/1008] Update news --- news.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news.rst b/news.rst index a533520f63..9c772af06f 100644 --- a/news.rst +++ b/news.rst @@ -6,6 +6,9 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) +* A faster algorithm for ECC point multiplications is now used, resulting + in ECDSA and ECDH being approximately 2-2.5x faster. (GH #1457) + * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) From 1152261ca45a55f368ea31aa9a5eb89d9c35abc4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 06:33:00 -0500 Subject: [PATCH 0677/1008] In PointGFp add/double avoid creating temporaries We already had the temp workspace passed in but did not use it effectively... :/ Improves ECDSA sign and verify by 5-15% --- src/lib/math/bigint/bigint.h | 8 +++- src/lib/math/ec_gfp/curve_gfp.h | 16 ++++--- src/lib/math/ec_gfp/point_gfp.cpp | 76 ++++++++++++++++++------------- 3 files changed, 60 insertions(+), 40 deletions(-) diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index e6015b7b3f..611c2e2ddf 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -342,10 +342,16 @@ class BOTAN_PUBLIC_API(2,0) BigInt final void set_word_at(size_t i, word w) { - grow_to(i + 1); + if(i >= m_reg.size()) + grow_to(i + 1); m_reg[i] = w; } + void ensure_capacity(size_t sz) + { + m_reg.reserve(sz); + } + /** * Tests if the sign of the integer is negative * @result true, iff the integer has a negative sign diff --git a/src/lib/math/ec_gfp/curve_gfp.h b/src/lib/math/ec_gfp/curve_gfp.h index a0d9bc1c74..ab654dccdc 100644 --- a/src/lib/math/ec_gfp/curve_gfp.h +++ b/src/lib/math/ec_gfp/curve_gfp.h @@ -90,6 +90,8 @@ class BOTAN_PUBLIC_API(2,0) CurveGFp final */ const BigInt& get_p() const { return m_repr->get_p(); } + size_t get_p_words() const { return m_repr->get_p_words(); } + const BigInt& get_a_rep() const { return m_repr->get_a_rep(); } const BigInt& get_b_rep() const { return m_repr->get_b_rep(); } @@ -118,19 +120,19 @@ class BOTAN_PUBLIC_API(2,0) CurveGFp final m_repr->curve_mul(z, x, y, ws); } - BigInt mul(const BigInt& x, const BigInt& y, secure_vector& ws) const + void sqr(BigInt& z, const BigInt& x, secure_vector& ws) const { - BigInt z; - m_repr->curve_mul(z, x, y, ws); - return z; + m_repr->curve_sqr(z, x, ws); } - void sqr(BigInt& z, const BigInt& x, secure_vector& ws) const + BigInt mul_to_tmp(const BigInt& x, const BigInt& y, secure_vector& ws) const { - m_repr->curve_sqr(z, x, ws); + BigInt z; + m_repr->curve_mul(z, x, y, ws); + return z; } - BigInt sqr(const BigInt& x, secure_vector& ws) const + BigInt sqr_to_tmp(const BigInt& x, secure_vector& ws) const { BigInt z; m_repr->curve_sqr(z, x, ws); diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index d9599e6509..4cb54f10bb 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -53,12 +53,12 @@ void PointGFp::randomize_repr(RandomNumberGenerator& rng) secure_vector monty_ws; m_curve.to_rep(mask, monty_ws); - const BigInt mask2 = m_curve.mul(mask, mask, monty_ws); - const BigInt mask3 = m_curve.mul(mask2, mask, monty_ws); + const BigInt mask2 = m_curve.mul_to_tmp(mask, mask, monty_ws); + const BigInt mask3 = m_curve.mul_to_tmp(mask2, mask, monty_ws); - m_coord_x = m_curve.mul(m_coord_x, mask2, monty_ws); - m_coord_y = m_curve.mul(m_coord_y, mask3, monty_ws); - m_coord_z = m_curve.mul(m_coord_z, mask, monty_ws); + m_coord_x = m_curve.mul_to_tmp(m_coord_x, mask2, monty_ws); + m_coord_y = m_curve.mul_to_tmp(m_coord_y, mask3, monty_ws); + m_coord_z = m_curve.mul_to_tmp(m_coord_z, mask, monty_ws); } } @@ -77,6 +77,10 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) const BigInt& p = m_curve.get_p(); + const size_t cap_size = 2*m_curve.get_p_words() + 2; + for(size_t i = 0; i != ws_bn.size(); ++i) + ws_bn[i].ensure_capacity(cap_size); + BigInt& rhs_z2 = ws_bn[0]; BigInt& U1 = ws_bn[1]; BigInt& S1 = ws_bn[2]; @@ -88,6 +92,8 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) BigInt& H = ws_bn[6]; BigInt& r = ws_bn[7]; + BigInt& tmp = ws_bn[9]; + secure_vector& monty_ws = ws_bn[8].get_word_vector(); /* @@ -96,15 +102,15 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) m_curve.sqr(rhs_z2, rhs.m_coord_z, monty_ws); m_curve.mul(U1, m_coord_x, rhs_z2, monty_ws); - m_curve.mul(S1, m_coord_y, - m_curve.mul(rhs.m_coord_z, rhs_z2, monty_ws), - monty_ws); + + m_curve.mul(tmp, rhs.m_coord_z, rhs_z2, monty_ws); // z^3 + m_curve.mul(S1, m_coord_y, tmp, monty_ws); m_curve.sqr(lhs_z2, m_coord_z, monty_ws); m_curve.mul(U2, rhs.m_coord_x, lhs_z2, monty_ws); - m_curve.mul(S2, rhs.m_coord_y, - m_curve.mul(m_coord_z, lhs_z2, monty_ws), - monty_ws); + + m_curve.mul(tmp, m_coord_z, lhs_z2, monty_ws); + m_curve.mul(S2, rhs.m_coord_y, tmp, monty_ws); H = U2; H -= U1; @@ -135,7 +141,8 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) m_curve.mul(S2, U2, H, monty_ws); - U2 = m_curve.mul(U1, U2, monty_ws); + m_curve.mul(tmp, U1, U2, monty_ws); + U2 = tmp; m_curve.sqr(m_coord_x, r, monty_ws); m_coord_x -= S2; @@ -148,13 +155,13 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) U2 += p; m_curve.mul(m_coord_y, r, U2, monty_ws); - m_coord_y -= m_curve.mul(S1, S2, monty_ws); + m_curve.mul(tmp, S1, S2, monty_ws); + m_coord_y -= tmp; if(m_coord_y.is_negative()) m_coord_y += p; - m_curve.mul(m_coord_z, - m_curve.mul(m_coord_z, rhs.m_coord_z, monty_ws), - H, monty_ws); + m_curve.mul(tmp, m_coord_z, rhs.m_coord_z, monty_ws); + m_curve.mul(m_coord_z, tmp, H, monty_ws); } // *this *= 2 @@ -173,11 +180,15 @@ void PointGFp::mult2(std::vector& ws_bn) https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc */ + const size_t cap_size = 2*m_curve.get_p_words() + 2; + for(size_t i = 0; i != ws_bn.size(); ++i) + ws_bn[i].ensure_capacity(cap_size); + const BigInt& p = m_curve.get_p(); BigInt& y_2 = ws_bn[0]; BigInt& S = ws_bn[1]; - BigInt& z4 = ws_bn[2]; + BigInt& tmp = ws_bn[2]; BigInt& a_z4 = ws_bn[3]; BigInt& M = ws_bn[4]; BigInt& U = ws_bn[5]; @@ -194,10 +205,11 @@ void PointGFp::mult2(std::vector& ws_bn) while(S >= p) S -= p; - m_curve.sqr(z4, m_curve.sqr(m_coord_z, monty_ws), monty_ws); - m_curve.mul(a_z4, m_curve.get_a_rep(), z4, monty_ws); + m_curve.sqr(a_z4, m_coord_z, monty_ws); // z^2 + m_curve.sqr(tmp, a_z4, monty_ws); // z^4 + m_curve.mul(a_z4, m_curve.get_a_rep(), tmp, monty_ws); - M = m_curve.sqr(m_coord_x, monty_ws); + m_curve.sqr(M, m_coord_x, monty_ws); M *= 3; M += a_z4; while(M >= p) @@ -266,7 +278,7 @@ PointGFp multi_exponentiate(const PointGFp& p1, const BigInt& z1, std::vector ws(PointGFp::WORKSPACE_SIZE); - PointGFp M[4] = { + const PointGFp M[4] = { p1.zero(), p1, p2, @@ -322,11 +334,11 @@ BigInt PointGFp::get_affine_x() const throw Illegal_Transformation("Cannot convert zero point to affine"); secure_vector monty_ws; - BigInt z2 = m_curve.sqr(m_coord_z, monty_ws); + BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); m_curve.from_rep(z2, monty_ws); z2 = inverse_mod(z2, m_curve.get_p()); - return m_curve.mul(z2, m_coord_x, monty_ws); + return m_curve.mul_to_tmp(z2, m_coord_x, monty_ws); } BigInt PointGFp::get_affine_y() const @@ -335,11 +347,11 @@ BigInt PointGFp::get_affine_y() const throw Illegal_Transformation("Cannot convert zero point to affine"); secure_vector monty_ws; - BigInt z3 = m_curve.mul(m_coord_z, m_curve.sqr(m_coord_z, monty_ws), monty_ws); + BigInt z3 = m_curve.mul_to_tmp(m_coord_z, m_curve.sqr_to_tmp(m_coord_z, monty_ws), monty_ws); z3 = inverse_mod(z3, m_curve.get_p()); m_curve.to_rep(z3, monty_ws); - return m_curve.mul(z3, m_coord_y, monty_ws); + return m_curve.mul_to_tmp(z3, m_coord_y, monty_ws); } bool PointGFp::on_the_curve() const @@ -355,10 +367,10 @@ bool PointGFp::on_the_curve() const secure_vector monty_ws; - const BigInt y2 = m_curve.from_rep(m_curve.sqr(m_coord_y, monty_ws), monty_ws); - const BigInt x3 = m_curve.mul(m_coord_x, m_curve.sqr(m_coord_x, monty_ws), monty_ws); - const BigInt ax = m_curve.mul(m_coord_x, m_curve.get_a_rep(), monty_ws); - const BigInt z2 = m_curve.sqr(m_coord_z, monty_ws); + const BigInt y2 = m_curve.from_rep(m_curve.sqr_to_tmp(m_coord_y, monty_ws), monty_ws); + const BigInt x3 = m_curve.mul_to_tmp(m_coord_x, m_curve.sqr_to_tmp(m_coord_x, monty_ws), monty_ws); + const BigInt ax = m_curve.mul_to_tmp(m_coord_x, m_curve.get_a_rep(), monty_ws); + const BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); if(m_coord_z == z2) // Is z equal to 1 (in Montgomery form)? { @@ -366,9 +378,9 @@ bool PointGFp::on_the_curve() const return false; } - const BigInt z3 = m_curve.mul(m_coord_z, z2, monty_ws); - const BigInt ax_z4 = m_curve.mul(ax, m_curve.sqr(z2, monty_ws), monty_ws); - const BigInt b_z6 = m_curve.mul(m_curve.get_b_rep(), m_curve.sqr(z3, monty_ws), monty_ws); + const BigInt z3 = m_curve.mul_to_tmp(m_coord_z, z2, monty_ws); + const BigInt ax_z4 = m_curve.mul_to_tmp(ax, m_curve.sqr_to_tmp(z2, monty_ws), monty_ws); + const BigInt b_z6 = m_curve.mul_to_tmp(m_curve.get_b_rep(), m_curve.sqr_to_tmp(z3, monty_ws), monty_ws); if(y2 != m_curve.from_rep(x3 + ax_z4 + b_z6, monty_ws)) return false; From 971749b8486e4a17eba54c32a8fdff942eb37af2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 07:13:31 -0500 Subject: [PATCH 0678/1008] Fix an error in BigInt operator- (x) - (-x) would result in -2x instead of the correct 2x --- src/lib/math/bigint/big_ops3.cpp | 1 + src/tests/data/bn/add.vec | 26 +++++++++++++++++++--- src/tests/data/bn/sub.vec | 38 +++++++++++++++++++++++++++++--- 3 files changed, 59 insertions(+), 6 deletions(-) diff --git a/src/lib/math/bigint/big_ops3.cpp b/src/lib/math/bigint/big_ops3.cpp index eed8a29a05..680eca635e 100644 --- a/src/lib/math/bigint/big_ops3.cpp +++ b/src/lib/math/bigint/big_ops3.cpp @@ -66,6 +66,7 @@ BigInt operator-(const BigInt& x, const BigInt& y) { if(x.sign() != y.sign()) bigint_shl2(z.mutable_data(), x.data(), x_sw, 0, 1); + z.set_sign(y.reverse_sign()); } else if(relative_size > 0) { diff --git a/src/tests/data/bn/add.vec b/src/tests/data/bn/add.vec index d7fb72d573..4829e1706e 100644 --- a/src/tests/data/bn/add.vec +++ b/src/tests/data/bn/add.vec @@ -15,9 +15,29 @@ In1 = 0x1 In2 = 0x1 Output = 0x2 -In1 = 0x1 -In2 = -0x1 -Output = 0x0 +In1 = 1 +In2 = -1 +Output = 0 + +In1 = -1 +In2 = 1 +Output = 0 + +In1 = -1 +In2 = -1 +Output = -2 + +In1 = 1 +In2 = -2 +Output = -1 + +In1 = -2 +In2 = 1 +Output = -1 + +In1 = -2 +In2 = -1 +Output = -3 In1 = 0x5 In2 = 0x0 diff --git a/src/tests/data/bn/sub.vec b/src/tests/data/bn/sub.vec index 5b649ef879..a3cac42067 100644 --- a/src/tests/data/bn/sub.vec +++ b/src/tests/data/bn/sub.vec @@ -7,9 +7,41 @@ In1 = 0x0 In2 = 0x1 Output = -0x1 -In1 = 0x1 -In2 = -0x1 -Output = 0x2 +In1 = 1 +In2 = -1 +Output = 2 + +In1 = -1 +In2 = 1 +Output = -2 + +In1 = -1 +In2 = -1 +Output = 0 + +In1 = 1 +In2 = 1 +Output = 0 + +In1 = 1 +In2 = -1 +Output = 2 + +In1 = 1 +In2 = -2 +Output = 3 + +In1 = -1 +In2 = 2 +Output = -3 + +In1 = -3 +In2 = -1 +Output = -2 + +In1 = -3 +In2 = 1 +Output = -4 In1 = 0x64 In2 = -0x64 From a37a5d75ce414bc0a8b12a28088442beae07cb4b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 07:39:16 -0500 Subject: [PATCH 0679/1008] Small cleanups in NIST reduction code --- src/lib/math/ec_gfp/curve_nistp.cpp | 57 +++++++++++------------------ 1 file changed, 22 insertions(+), 35 deletions(-) diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp index fb94a81d2c..bc86ed3582 100644 --- a/src/lib/math/ec_gfp/curve_nistp.cpp +++ b/src/lib/math/ec_gfp/curve_nistp.cpp @@ -18,9 +18,6 @@ void normalize(const BigInt& p, BigInt& x, secure_vector& ws, size_t bound const word* prime = p.data(); const size_t p_words = p.sig_words(); - while(x.is_negative()) - x += p; - // TODO: provide a high level function for this compare-and-sub operation x.grow_to(p_words + 1); @@ -384,26 +381,31 @@ void redc_p256(BigInt& x, secure_vector& ws) BOTAN_ASSERT_EQUAL(S >> 32, 0, "No underflow"); - #if 0 - if(S >= 2) +#if 0 + BOTAN_ASSERT(S <= 10, "Expected overflow"); + static const BigInt P256_mults[11] = { + prime_p256(), + 2*prime_p256(), + 3*prime_p256(), + 4*prime_p256(), + 5*prime_p256(), + 6*prime_p256(), + 7*prime_p256(), + 8*prime_p256(), + 9*prime_p256(), + 10*prime_p256(), + 11*prime_p256() + }; + + x -= P256_mults[S]; + + while(x.is_negative()) { - BOTAN_ASSERT(S <= 10, "Expected overflow"); - static const BigInt P256_mults[9] = { - 2*CurveGFp_P256::prime(), - 3*CurveGFp_P256::prime(), - 4*CurveGFp_P256::prime(), - 5*CurveGFp_P256::prime(), - 6*CurveGFp_P256::prime(), - 7*CurveGFp_P256::prime(), - 8*CurveGFp_P256::prime(), - 9*CurveGFp_P256::prime(), - 10*CurveGFp_P256::prime() - }; - x -= P256_mults[S - 2]; + x += prime_p256(); } - #endif - +#else normalize(prime_p256(), x, ws, 10); + #endif } const BigInt& prime_p384() @@ -558,21 +560,6 @@ void redc_p384(BigInt& x, secure_vector& ws) BOTAN_ASSERT_EQUAL(S >> 32, 0, "No underflow"); set_uint32_t(x, 12, S); - #if 0 - if(S >= 2) - { - BOTAN_ASSERT(S <= 4, "Expected overflow"); - - static const BigInt P384_mults[3] = { - 2*CurveGFp_P384::prime(), - 3*CurveGFp_P384::prime(), - 4*CurveGFp_P384::prime() - }; - - x -= P384_mults[S - 2]; - } - #endif - normalize(prime_p384(), x, ws, 4); } From e8bd6207f9de23c5a2709b9a8ad45cb5cf71beb3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 07:49:49 -0500 Subject: [PATCH 0680/1008] Avoid unneeded grow_to calls --- src/lib/math/ec_gfp/curve_nistp.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp index bc86ed3582..62d11d4a96 100644 --- a/src/lib/math/ec_gfp/curve_nistp.cpp +++ b/src/lib/math/ec_gfp/curve_nistp.cpp @@ -19,7 +19,8 @@ void normalize(const BigInt& p, BigInt& x, secure_vector& ws, size_t bound const size_t p_words = p.sig_words(); // TODO: provide a high level function for this compare-and-sub operation - x.grow_to(p_words + 1); + if(x.size() < p_words + 1) + x.grow_to(p_words + 1); if(ws.size() < p_words + 1) ws.resize(p_words + 1); From 6fbe80af97d6788f82ae3e570e7279801ca6d9bf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 08:11:52 -0500 Subject: [PATCH 0681/1008] Minor optimizations in BigInt memory handling Makes 4-6% difference for ECDSA --- src/lib/math/bigint/big_ops2.cpp | 4 +++- src/lib/math/bigint/bigint.cpp | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index c203f363ad..639d87ceba 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -21,7 +21,9 @@ BigInt& BigInt::operator+=(const BigInt& y) const size_t x_sw = sig_words(), y_sw = y.sig_words(); const size_t reg_size = std::max(x_sw, y_sw) + 1; - grow_to(reg_size); + + if(m_reg.size() < reg_size) + grow_to(reg_size); if(sign() == y.sign()) bigint_add2(mutable_data(), reg_size - 1, y.data(), y_sw); diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index b63bd9be8c..e5f8974d5c 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -23,7 +23,7 @@ BigInt::BigInt(uint64_t n) const size_t limbs_needed = sizeof(uint64_t) / sizeof(word); - m_reg.resize(4*limbs_needed); + m_reg.resize(limbs_needed); for(size_t i = 0; i != limbs_needed; ++i) m_reg[i] = ((n >> (i*MP_WORD_BITS)) & MP_WORD_MASK); } From cad1e719dae651022f9fc3da9e431c2442d3827b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 08:31:25 -0500 Subject: [PATCH 0682/1008] Inline NIST normalize function, use bigint_sub3 --- src/lib/math/ec_gfp/curve_nistp.cpp | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp index 62d11d4a96..7990c541c9 100644 --- a/src/lib/math/ec_gfp/curve_nistp.cpp +++ b/src/lib/math/ec_gfp/curve_nistp.cpp @@ -13,29 +13,20 @@ namespace Botan { namespace { -void normalize(const BigInt& p, BigInt& x, secure_vector& ws, size_t bound) +inline void normalize(const BigInt& p, BigInt& x, secure_vector& ws, size_t bound) { const word* prime = p.data(); const size_t p_words = p.sig_words(); - // TODO: provide a high level function for this compare-and-sub operation if(x.size() < p_words + 1) x.grow_to(p_words + 1); if(ws.size() < p_words + 1) ws.resize(p_words + 1); - for(size_t i = 0; bound == 0 || i < bound; ++i) + for(size_t i = 0; i < bound; ++i) { - const word* xd = x.data(); - word borrow = 0; - - for(size_t j = 0; j != p_words; ++j) - { - ws[j] = word_sub(xd[j], prime[j], &borrow); - } - - ws[p_words] = word_sub(xd[p_words], 0, &borrow); + word borrow = bigint_sub3(ws.data(), x.data(), p_words + 1, prime, p_words); if(borrow) break; From 431ab823dbf5a9cf859b382da70d5a99a3a39411 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 09:32:10 -0500 Subject: [PATCH 0683/1008] Use 2-bit wide table in PointGFp multi_exponentiate ECDSA verification is 10-15% faster --- src/lib/math/ec_gfp/point_gfp.cpp | 56 +++++++++++++++++++++++-------- src/lib/math/ec_gfp/point_gfp.h | 17 ++++++++-- 2 files changed, 56 insertions(+), 17 deletions(-) diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index 4cb54f10bb..407da9dbec 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -10,6 +10,7 @@ #include #include #include +#include namespace Botan { @@ -270,29 +271,56 @@ PointGFp& PointGFp::operator*=(const BigInt& scalar) return *this; } -PointGFp multi_exponentiate(const PointGFp& p1, const BigInt& z1, - const PointGFp& p2, const BigInt& z2) +PointGFp multi_exponentiate(const PointGFp& x, const BigInt& z1, + const PointGFp& y, const BigInt& z2) { - PointGFp H = p1.zero(); - const size_t z_bits = std::max(z1.bits(), z2.bits()); + const size_t z_bits = round_up(std::max(z1.bits(), z2.bits()), 2); std::vector ws(PointGFp::WORKSPACE_SIZE); - const PointGFp M[4] = { - p1.zero(), - p1, - p2, - p1 + p2, + PointGFp x2 = x; + x2.mult2(ws); + + const PointGFp x3(x2.plus(x, ws)); + + PointGFp y2 = y; + y2.mult2(ws); + + const PointGFp y3(y2.plus(y, ws)); + + const PointGFp M[16] = { + x.zero(), // 0000 + x, // 0001 + x2, // 0010 + x3, // 0011 + y, // 0100 + y.plus(x, ws), // 0101 + y.plus(x2, ws), // 0110 + y.plus(x3, ws), // 0111 + y2, // 1000 + y2.plus(x, ws), // 1001 + y2.plus(x2, ws), // 1010 + y2.plus(x3, ws), // 1011 + y3, // 1100 + y3.plus(x, ws), // 1101 + y3.plus(x2, ws), // 1110 + y3.plus(x3, ws), // 1111 }; - for(size_t i = 0; i != z_bits; ++i) + PointGFp H = x.zero(); + + for(size_t i = 0; i != z_bits; i += 2) { - H.mult2(ws); + if(i > 0) + { + H.mult2(ws); + H.mult2(ws); + } - const uint8_t z1_b = z1.get_bit(z_bits - i - 1); - const uint8_t z2_b = z2.get_bit(z_bits - i - 1); + const uint8_t z1_b = z1.get_substring(z_bits - i - 2, 2); + const uint8_t z2_b = z2.get_substring(z_bits - i - 2, 2); - const uint8_t z12 = (2*z2_b) + z1_b; + const uint8_t z12 = (4*z2_b) + z1_b; H.add(M[z12], ws); } diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/math/ec_gfp/point_gfp.h index a2c7ae86a3..dddd40b43b 100644 --- a/src/lib/math/ec_gfp/point_gfp.h +++ b/src/lib/math/ec_gfp/point_gfp.h @@ -181,16 +181,27 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final /** * Point addition - * @param workspace temp space, at least 9 elements + * @param workspace temp space, at least WORKSPACE_SIZE elements */ void add(const PointGFp& other, std::vector& workspace); /** * Point doubling - * @param workspace temp space, at least 10 elements + * @param workspace temp space, at least WORKSPACE_SIZE elements */ void mult2(std::vector& workspace); + /** + * Point addition + * @param workspace temp space, at least WORKSPACE_SIZE elements + */ + PointGFp plus(const PointGFp& other, std::vector& workspace) const + { + PointGFp x = (*this); + x.add(other, workspace); + return x; + } + /** * Return the zero (aka infinite) point associated with this curve */ @@ -210,7 +221,7 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final BOTAN_PUBLIC_API(2,0) PointGFp operator*(const BigInt& scalar, const PointGFp& point); /** -* ECC point multiexponentiation +* ECC point multiexponentiation - not constant time! * @param p1 a point * @param z1 a scalar * @param p2 a point From 4dfc4420ae6c2215151fcdde4d82d7fe0cd613a0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 09:38:12 -0500 Subject: [PATCH 0684/1008] Update news [ci skip] --- news.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/news.rst b/news.rst index 9c772af06f..9d759d26c2 100644 --- a/news.rst +++ b/news.rst @@ -6,8 +6,9 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) -* A faster algorithm for ECC point multiplications is now used, resulting - in ECDSA and ECDH being approximately 2-2.5x faster. (GH #1457) +* A faster algorithm for ECC point multiplications is now used, resulting in + ECDSA signature generation being 2-3 times fater than previous releases. Other + optimizations have improved ECDSA verification time by about 25%. (GH #1457) * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) @@ -18,7 +19,7 @@ Version 2.5.0, Not Yet Released * Add new TLS::Callbacks methods that allow an application to negotiate use of custom elliptic curves. (GH #1448) -* Add ability to create custom ellipcic curves (GH #1441 #1444) +* Add ability to create custom elliptic curves (GH #1441 #1444) * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values From edf30c4474a161dba6abd16f86fa01917294839f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 12:05:58 -0500 Subject: [PATCH 0685/1008] Simplify IDEA key schedule --- src/lib/block/idea/idea.cpp | 51 ++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 23 deletions(-) diff --git a/src/lib/block/idea/idea.cpp b/src/lib/block/idea/idea.cpp index 26bd246907..ffd1bf56a1 100644 --- a/src/lib/block/idea/idea.cpp +++ b/src/lib/block/idea/idea.cpp @@ -190,37 +190,42 @@ void IDEA::key_schedule(const uint8_t key[], size_t) CT::poison(m_EK.data(), 52); CT::poison(m_DK.data(), 52); - for(size_t i = 0; i != 8; ++i) - m_EK[i] = load_be(key, i); + secure_vector K(2); - for(size_t i = 1, j = 8, offset = 0; j != 52; i %= 8, ++i, ++j) + K[0] = load_be(key, 0); + K[1] = load_be(key, 1); + + for(size_t off = 0; off != 48; off += 8) { - m_EK[i+7+offset] = static_cast((m_EK[(i % 8) + offset] << 9) | - (m_EK[((i+1) % 8) + offset] >> 7)); - offset += (i == 8) ? 8 : 0; + for(size_t i = 0; i != 8; ++i) + m_EK[off+i] = K[i/4] >> (48-16*(i % 4)); + + const uint64_t Kx = (K[0] >> 39); + const uint64_t Ky = (K[1] >> 39); + + K[0] = (K[0] << 25) | Ky; + K[1] = (K[1] << 25) | Kx; } - m_DK[51] = mul_inv(m_EK[3]); - m_DK[50] = -m_EK[2]; - m_DK[49] = -m_EK[1]; - m_DK[48] = mul_inv(m_EK[0]); + for(size_t i = 0; i != 4; ++i) + m_EK[48+i] = K[i/4] >> (48-16*(i % 4)); + + m_DK[0] = mul_inv(m_EK[48]); + m_DK[1] = -m_EK[49]; + m_DK[2] = -m_EK[50]; + m_DK[3] = mul_inv(m_EK[51]); - for(size_t i = 1, j = 4, counter = 47; i != 8; ++i, j += 6) + for(size_t i = 0; i != 8*6; i += 6) { - m_DK[counter--] = m_EK[j+1]; - m_DK[counter--] = m_EK[j]; - m_DK[counter--] = mul_inv(m_EK[j+5]); - m_DK[counter--] = -m_EK[j+3]; - m_DK[counter--] = -m_EK[j+4]; - m_DK[counter--] = mul_inv(m_EK[j+2]); + m_DK[i+4] = m_EK[46-i]; + m_DK[i+5] = m_EK[47-i]; + m_DK[i+6] = mul_inv(m_EK[42-i]); + m_DK[i+7] = -m_EK[44-i]; + m_DK[i+8] = -m_EK[43-i]; + m_DK[i+9] = mul_inv(m_EK[45-i]); } - m_DK[5] = m_EK[47]; - m_DK[4] = m_EK[46]; - m_DK[3] = mul_inv(m_EK[51]); - m_DK[2] = -m_EK[50]; - m_DK[1] = -m_EK[49]; - m_DK[0] = mul_inv(m_EK[48]); + std::swap(m_DK[49], m_DK[50]); CT::unpoison(key, 16); CT::unpoison(m_EK.data(), 52); From 8d9f83f87e146be428ad7d0684496f12cf34d4c8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 12:31:03 -0500 Subject: [PATCH 0686/1008] Add DL_Group functions to verify elements --- src/lib/pubkey/dl_algo/dl_algo.cpp | 32 ++-------------------------- src/lib/pubkey/dl_group/dl_group.cpp | 30 ++++++++++++++++++++++++++ src/lib/pubkey/dl_group/dl_group.h | 17 ++++++++++++++- 3 files changed, 48 insertions(+), 31 deletions(-) diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index c5fc1e0822..d31f927d7e 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -68,22 +68,7 @@ DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng, bool strong) const { - const BigInt& p = group_p(); - - if(m_y < 2 || m_y >= p) - return false; - if(!m_group.verify_group(rng, strong)) - return false; - - const BigInt& q = group_q(); - - if(q.is_zero() == false) - { - if(power_mod(m_y, q, p) != 1) - return false; - } - - return true; + return m_group.verify_group(rng, strong) && m_group.verify_public_element(m_y); } /* @@ -92,20 +77,7 @@ bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng, bool DL_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - const BigInt& p = group_p(); - - if(m_y < 2 || m_y >= p || m_x < 2 || m_x >= p) - return false; - if(!m_group.verify_group(rng, strong)) - return false; - - if(!strong) - return true; - - if(m_y != m_group.power_g_p(m_x)) - return false; - - return true; + return m_group.verify_group(rng, strong) && m_group.verify_element_pair(m_y, m_x); } } diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index c96dea677f..7d2ad15e9c 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -292,6 +292,36 @@ const DL_Group_Data& DL_Group::data() const throw Invalid_State("DL_Group uninitialized"); } +bool DL_Group::verify_public_element(const BigInt& y) const + { + const BigInt& p = get_p(); + const BigInt& q = get_q(); + + if(y <= 1 || y >= p) + return false; + + if(q.is_zero() == false) + { + if(power_mod(y, q, p) != 1) + return false; + } + + return true; + } + +bool DL_Group::verify_element_pair(const BigInt& y, const BigInt& x) const + { + const BigInt& p = get_p(); + + if(y <= 1 || y >= p || x <= 1 || x >= p) + return false; + + if(y != power_g_p(x)) + return false; + + return true; + } + /* * Verify the parameters */ diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 2bd79e3dd2..b9a7bb9922 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -135,7 +135,22 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final * @param strong whether to perform stronger by lengthier tests * @return true if the object is consistent, false otherwise */ - bool verify_group(RandomNumberGenerator& rng, bool strong) const; + bool verify_group(RandomNumberGenerator& rng, bool strong = true) const; + + /** + * Verify a public element, ie check if y = g^x for some x. + * + * This is not a perfect test. It verifies that 1 < y < p and (if q is set) + * that y is in the subgroup of size q. + */ + bool verify_public_element(const BigInt& y) const; + + /** + * Verify a pair of elements y = g^x + * + * This verifies that 1 < x,y < p and that y=g^x mod p + */ + bool verify_element_pair(const BigInt& y, const BigInt& x) const; /** * Encode this group into a string using PEM encoding. From e679629ef38aa608fffc22b91d3a1d9de308a8c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 12:38:13 -0500 Subject: [PATCH 0687/1008] Add EC_Group::verify_public_element --- src/lib/pubkey/ec_group/ec_group.cpp | 23 +++++++++++++++++++++ src/lib/pubkey/ec_group/ec_group.h | 8 ++++++++ src/lib/pubkey/ecc_key/ecc_key.cpp | 30 ++-------------------------- 3 files changed, 33 insertions(+), 28 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 102eed6e57..a8d5136c83 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -536,6 +536,29 @@ bool EC_Group::operator==(const EC_Group& other) const get_base_point() == other.get_base_point()); } +bool EC_Group::verify_public_element(const PointGFp& point) const + { + //check that public point is not at infinity + if(point.is_zero()) + return false; + + //check that public point is on the curve + if(point.on_the_curve() == false) + return false; + + //check that public point has order q + if((point * get_order()).is_zero() == false) + return false; + + if(get_cofactor() > 1) + { + if((point * get_cofactor()).is_zero()) + return false; + } + + return true; + } + bool EC_Group::verify_group(RandomNumberGenerator& rng, bool) const { diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 2baa2555e3..5b2a257565 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -194,6 +194,14 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ const BigInt& get_cofactor() const; + /** + * Check if y is a plausible point on the curve + * + * In particular, checks that it is a point on the curve, not infinity, + * and that it has order matching the group. + */ + bool verify_public_element(const PointGFp& y) const; + /** * Return the OID of these domain parameters * @result the OID as a string diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 17b6e6484b..baf99fb78a 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -56,34 +56,8 @@ EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, bool EC_PublicKey::check_key(RandomNumberGenerator& rng, bool) const { - //verify domain parameters - if(!m_domain_params.verify_group(rng)) - { - return false; - } - //check that public point is not at infinity - if(public_point().is_zero()) - { - return false; - } - //check that public point is on the curve - if(!public_point().on_the_curve()) - { - return false; - } - if(m_domain_params.get_cofactor() > 1) - { - if((public_point() * m_domain_params.get_cofactor()).is_zero()) - { - return false; - } - //check that public point has order q - if(!(public_point() * m_domain_params.get_order()).is_zero()) - { - return false; - } - } - return true; + return m_domain_params.verify_group(rng) && + m_domain_params.verify_public_element(public_point()); } From 517b0241f878b0603ffc02eb5829f0aa7403f38d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 12:48:59 -0500 Subject: [PATCH 0688/1008] Add DL_Group::estimated_strength --- src/lib/pubkey/dl_algo/dl_algo.cpp | 5 ++--- src/lib/pubkey/dl_group/dl_group.cpp | 11 ++++++++++- src/lib/pubkey/dl_group/dl_group.h | 8 ++++++++ src/tests/test_dl_group.cpp | 5 +++++ 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index d31f927d7e..f9d6178b05 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -7,7 +7,6 @@ #include #include -#include #include #include @@ -15,12 +14,12 @@ namespace Botan { size_t DL_Scheme_PublicKey::key_length() const { - return m_group.get_p().bits(); + return m_group.p_bits(); } size_t DL_Scheme_PublicKey::estimated_strength() const { - return dl_work_factor(key_length()); + return m_group.estimated_strength(); } AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 7d2ad15e9c..a1003f5082 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -23,7 +23,8 @@ class DL_Group_Data final m_p(p), m_q(q), m_g(g), m_mod_p(p), m_monty(monty_precompute(m_g, m_p, m_mod_p, /*window bits=*/4)), - m_p_bits(p.bits()) + m_p_bits(p.bits()), + m_estimated_strength(dl_work_factor(m_p_bits)) {} ~DL_Group_Data() = default; @@ -45,6 +46,8 @@ class DL_Group_Data final size_t p_bits() const { return m_p_bits; } size_t p_bytes() const { return (m_p_bits + 7) / 8; } + size_t estimated_strength() const { return m_estimated_strength; } + BigInt power_g_p(const BigInt& k) const { return monty_execute(*m_monty, k); } private: @@ -54,6 +57,7 @@ class DL_Group_Data final Modular_Reducer m_mod_p; std::shared_ptr m_monty; size_t m_p_bits; + size_t m_estimated_strength; }; //static @@ -394,6 +398,11 @@ size_t DL_Group::p_bytes() const return data().p_bytes(); } +size_t DL_Group::estimated_strength() const + { + return data().estimated_strength(); + } + BigInt DL_Group::inverse_mod_p(const BigInt& x) const { // precompute?? diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index b9a7bb9922..a3dcfbdf07 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -198,6 +198,14 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final */ size_t p_bytes() const; + /** + * Return an estimate of the strength of this group against + * discrete logarithm attacks (eg NFS). Warning: since this only + * takes into account known attacks it is by necessity an + * overestimate of the actual strength. + */ + size_t estimated_strength() const; + /** * Decode a DER/BER encoded group into this instance. * @param ber a vector containing the DER/BER encoded group diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 36ae025313..c513bcd554 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -195,6 +195,11 @@ class DL_Group_Tests final : public Test result.test_ne("DL_Group p is set", group.get_p(), 0); result.test_ne("DL_Group g is set", group.get_g(), 0); + const size_t strength = group.estimated_strength(); + + // 8192 bit ~~ 2**202 strength + result.confirm("Plausible strength", strength >= 80 && strength < 210); + if(name.find("modp/srp/") == std::string::npos) { result.test_ne("DL_Group q is set", group.get_q(), 0); From f0d6de271de6cdb482c504b756f9b2208ba424d5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 16:05:35 -0500 Subject: [PATCH 0689/1008] Use GetProcessWorkingSetSize instead of GetProcessWorkingSetSizeEx The Ex variant is not available in older Wine (including the version in Trusty) and GetProcessWorkingSetSize is sufficient. --- src/lib/utils/os_utils.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 57439e8ca1..b8c31234a2 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -247,8 +247,7 @@ size_t OS::get_memory_locking_limit() #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) SIZE_T working_min = 0, working_max = 0; - DWORD working_flags = 0; - if(!::GetProcessWorkingSetSizeEx(::GetCurrentProcess(), &working_min, &working_max, &working_flags)) + if(!::GetProcessWorkingSetSize(::GetCurrentProcess(), &working_min, &working_max)) { return 0; } From c0386f3ddfa5db09f98686912e23aa884afc15c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 17:16:38 -0500 Subject: [PATCH 0690/1008] Test block ciphers with mis-aligned inputs --- src/tests/test_block.cpp | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/src/tests/test_block.cpp b/src/tests/test_block.cpp index a274b260b9..78e828e17e 100644 --- a/src/tests/test_block.cpp +++ b/src/tests/test_block.cpp @@ -111,10 +111,36 @@ class Block_Cipher_Tests final : public Text_Based_Test cipher->decrypt(buf); } - cipher->clear(); - result.test_eq(provider, "decrypt", buf, input); + // Now test misaligned buffers + const size_t blocks = input.size() / cipher->block_size(); + buf.resize(input.size() + 1); + std::memcpy(buf.data() + 1, input.data(), input.size()); + + for(size_t i = 0; i != iterations; ++i) + { + cipher->encrypt_n(buf.data() + 1, buf.data() + 1, blocks); + } + + result.test_eq(provider.c_str(), "encrypt", + buf.data() + 1, buf.size() - 1, + expected.data(), expected.size()); + + // always decrypt expected ciphertext vs what we produced above + std::memcpy(buf.data() + 1, expected.data(), expected.size()); + + for(size_t i = 0; i != iterations; ++i) + { + cipher->decrypt_n(buf.data() + 1, buf.data() + 1, blocks); + } + + result.test_eq(provider.c_str(), "decrypt", + buf.data() + 1, buf.size() - 1, + input.data(), input.size()); + + cipher->clear(); + try { std::vector block(cipher->block_size()); From 9dce5f88e01beea39b34ae3f5f5231022c2e2076 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 17:44:03 -0500 Subject: [PATCH 0691/1008] Do runtime endian check when CPUID is initialized Otherwise cross-endian builds (ie building big-endian for little-endian) can have massive test breakage but with no hints. --- src/lib/utils/cpuid/cpuid.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/utils/cpuid/cpuid.cpp b/src/lib/utils/cpuid/cpuid.cpp index 1638ab6c5f..9dc56d59c5 100644 --- a/src/lib/utils/cpuid/cpuid.cpp +++ b/src/lib/utils/cpuid/cpuid.cpp @@ -93,6 +93,7 @@ void CPUID::initialize() #endif + g_endian_status = runtime_check_endian(); g_processor_features |= CPUID::CPUID_INITIALIZED_BIT; } From add911beb725b9582d731bc51dfc5f90a6533c63 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 17:53:22 -0500 Subject: [PATCH 0692/1008] Fix detection of specified-endian CPUs (eg ppc64le, armeb) --- configure.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 14f8a7dccc..b80f65017d 100755 --- a/configure.py +++ b/configure.py @@ -1390,7 +1390,7 @@ def guess_processor(archinfo): match = canon_processor(archinfo, info_part) if match != None: logging.debug("Matched '%s' to processor '%s'" % (info_part, match)) - return match + return match, info_part else: logging.debug("Failed to deduce CPU from '%s'" % info_part) @@ -1710,6 +1710,7 @@ def choose_endian(arch_info, options): elif options.cpu.endswith('el') or options.cpu.endswith('le'): return 'little' + logging.info('Defaulting to assuming %s endian', arch_info.endian) return arch_info.endian build_dir = options.with_build_dir or os.path.curdir @@ -2633,7 +2634,9 @@ def deduce_compiler_type_from_cc_bin(cc_bin): logging.info('Guessing to use compiler %s (use --cc or CXX to set)' % (options.compiler)) if options.cpu is None: - options.cpu = options.arch = guess_processor(info_arch) + (arch, cpu) = guess_processor(info_arch) + options.arch = arch + options.cpu = cpu logging.info('Guessing target processor is a %s (use --cpu to set)' % (options.arch)) if options.with_documentation is True: @@ -3010,7 +3013,7 @@ def main(argv): cc_arch = check_compiler_arch(options, cc, info_arch, source_paths) if cc_arch is not None and cc_arch != options.arch: - logging.error("Configured target is %s but compiler probe indicates %s", options.arch, cc_arch) + logging.warning("Configured target is %s but compiler probe indicates %s", options.arch, cc_arch) logging.info('Target is %s:%s-%s-%s' % ( options.compiler, cc_min_version, options.os, options.arch)) From c686924dd96f13899999647e1bcd6981a11f0211 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 19:26:57 -0500 Subject: [PATCH 0693/1008] Specify in test message that input is misaligned --- src/tests/test_block.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/test_block.cpp b/src/tests/test_block.cpp index 78e828e17e..cb2eff8077 100644 --- a/src/tests/test_block.cpp +++ b/src/tests/test_block.cpp @@ -123,7 +123,7 @@ class Block_Cipher_Tests final : public Text_Based_Test cipher->encrypt_n(buf.data() + 1, buf.data() + 1, blocks); } - result.test_eq(provider.c_str(), "encrypt", + result.test_eq(provider.c_str(), "encrypt misaligned", buf.data() + 1, buf.size() - 1, expected.data(), expected.size()); @@ -135,7 +135,7 @@ class Block_Cipher_Tests final : public Text_Based_Test cipher->decrypt_n(buf.data() + 1, buf.data() + 1, blocks); } - result.test_eq(provider.c_str(), "decrypt", + result.test_eq(provider.c_str(), "decrypt misaligned", buf.data() + 1, buf.size() - 1, input.data(), input.size()); From a134762751430a3d5ced3f90d6b0433bd0e8ebdd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 19:27:10 -0500 Subject: [PATCH 0694/1008] Add misaligned load/store test to SIMD --- src/tests/test_simd.cpp | 87 ++++++++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 35 deletions(-) diff --git a/src/tests/test_simd.cpp b/src/tests/test_simd.cpp index 60c46fc67a..5ff6047a9f 100644 --- a/src/tests/test_simd.cpp +++ b/src/tests/test_simd.cpp @@ -122,41 +122,58 @@ class SIMD_32_Tests final : public Test const Botan::SIMD_4x32& simd, uint32_t exp0, uint32_t exp1, uint32_t exp2, uint32_t exp3) { - uint8_t mem_be[16]; - simd.store_be(mem_be); - - result.test_int_eq("SIMD_4x32 " + op + " elem0 BE", Botan::make_uint32(mem_be[ 0], mem_be[ 1], mem_be[ 2], mem_be[ 3]), - exp0); - result.test_int_eq("SIMD_4x32 " + op + " elem1 BE", Botan::make_uint32(mem_be[ 4], mem_be[ 5], mem_be[ 6], mem_be[ 7]), - exp1); - result.test_int_eq("SIMD_4x32 " + op + " elem2 BE", Botan::make_uint32(mem_be[ 8], mem_be[ 9], mem_be[10], mem_be[11]), - exp2); - result.test_int_eq("SIMD_4x32 " + op + " elem3 BE", Botan::make_uint32(mem_be[12], mem_be[13], mem_be[14], mem_be[15]), - exp3); - - // Check load_be+store_be results in same value - const Botan::SIMD_4x32 reloaded_be = Botan::SIMD_4x32::load_be(mem_be); - uint8_t mem_be2[16]; - reloaded_be.store_be(mem_be2); - result.test_eq(nullptr, "SIMD_4x32 load_be", mem_be, 16, mem_be2, 16); - - uint8_t mem_le[16]; - simd.store_le(mem_le); - - result.test_int_eq("SIMD_4x32 " + op + " elem0 LE", Botan::make_uint32(mem_le[ 3], mem_le[ 2], mem_le[ 1], mem_le[ 0]), - exp0); - result.test_int_eq("SIMD_4x32 " + op + " elem1 LE", Botan::make_uint32(mem_le[ 7], mem_le[ 6], mem_le[ 5], mem_le[ 4]), - exp1); - result.test_int_eq("SIMD_4x32 " + op + " elem2 LE", Botan::make_uint32(mem_le[11], mem_le[10], mem_le[ 9], mem_le[ 8]), - exp2); - result.test_int_eq("SIMD_4x32 " + op + " elem3 LE", Botan::make_uint32(mem_le[15], mem_le[14], mem_le[13], mem_le[12]), - exp3); - - // Check load_le+store_le results in same value - const Botan::SIMD_4x32 reloaded_le = Botan::SIMD_4x32::load_le(mem_le); - uint8_t mem_le2[16]; - reloaded_le.store_le(mem_le2); - result.test_eq(nullptr, "SIMD_4x32 load_le", mem_le, 16, mem_le2, 16); + uint8_t arr_be[16 + 15]; + uint8_t arr_be2[16 + 15]; + uint8_t arr_le[16 + 15]; + uint8_t arr_le2[16 + 15]; + + for(size_t misalignment = 0; misalignment != 16; ++misalignment) + { + uint8_t* mem_be = arr_be + misalignment; + uint8_t* mem_be2 = arr_be2 + misalignment; + uint8_t* mem_le = arr_le + misalignment; + uint8_t* mem_le2 = arr_le2 + misalignment; + + simd.store_be(mem_be); + + result.test_int_eq("SIMD_4x32 " + op + " elem0 BE", + Botan::make_uint32(mem_be[ 0], mem_be[ 1], mem_be[ 2], mem_be[ 3]), + exp0); + result.test_int_eq("SIMD_4x32 " + op + " elem1 BE", + Botan::make_uint32(mem_be[ 4], mem_be[ 5], mem_be[ 6], mem_be[ 7]), + exp1); + result.test_int_eq("SIMD_4x32 " + op + " elem2 BE", + Botan::make_uint32(mem_be[ 8], mem_be[ 9], mem_be[10], mem_be[11]), + exp2); + result.test_int_eq("SIMD_4x32 " + op + " elem3 BE", + Botan::make_uint32(mem_be[12], mem_be[13], mem_be[14], mem_be[15]), + exp3); + + // Check load_be+store_be results in same value + const Botan::SIMD_4x32 reloaded_be = Botan::SIMD_4x32::load_be(mem_be); + reloaded_be.store_be(mem_be2); + result.test_eq(nullptr, "SIMD_4x32 load_be", mem_be, 16, mem_be2, 16); + + simd.store_le(mem_le); + + result.test_int_eq("SIMD_4x32 " + op + " elem0 LE", + Botan::make_uint32(mem_le[ 3], mem_le[ 2], mem_le[ 1], mem_le[ 0]), + exp0); + result.test_int_eq("SIMD_4x32 " + op + " elem1 LE", + Botan::make_uint32(mem_le[ 7], mem_le[ 6], mem_le[ 5], mem_le[ 4]), + exp1); + result.test_int_eq("SIMD_4x32 " + op + " elem2 LE", + Botan::make_uint32(mem_le[11], mem_le[10], mem_le[ 9], mem_le[ 8]), + exp2); + result.test_int_eq("SIMD_4x32 " + op + " elem3 LE", + Botan::make_uint32(mem_le[15], mem_le[14], mem_le[13], mem_le[12]), + exp3); + + // Check load_le+store_le results in same value + const Botan::SIMD_4x32 reloaded_le = Botan::SIMD_4x32::load_le(mem_le); + reloaded_le.store_le(mem_le2); + result.test_eq(nullptr, "SIMD_4x32 load_le", mem_le, 16, mem_le2, 16); + } } }; From 41daa7f4e7c637836279608f31fac4115e4fd7f0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 19:40:15 -0500 Subject: [PATCH 0695/1008] Fix handling of misaligned loads in AltiVec SIMD wrapper Handling little+big endian is a PITA, easier to bounce though a union here --- src/lib/utils/simd/simd_32.h | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/src/lib/utils/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index d9a41c8004..304ac72e1b 100644 --- a/src/lib/utils/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h @@ -133,21 +133,15 @@ class SIMD_4x32 final #if defined(BOTAN_SIMD_USE_SSE2) return SIMD_4x32(_mm_loadu_si128(reinterpret_cast(in))); #elif defined(BOTAN_SIMD_USE_ALTIVEC) - const uint32_t* in_32 = static_cast(in); - __vector unsigned int R0 = vec_ld(0, in_32); - __vector unsigned int R1 = vec_ld(12, in_32); - - __vector unsigned char perm = vec_lvsl(0, in_32); - - if(CPUID::is_big_endian()) - { - perm = vec_xor(perm, vec_splat_u8(3)); // bswap vector - } + union { + __vector unsigned int V; + uint32_t R[4]; + } vec; - R0 = vec_perm(R0, R1, perm); + Botan::load_le(vec.R, static_cast(in), 4); - return SIMD_4x32(R0); + return SIMD_4x32(vec.V); #elif defined(BOTAN_SIMD_USE_NEON) uint32_t in32[4]; @@ -176,18 +170,14 @@ class SIMD_4x32 final #elif defined(BOTAN_SIMD_USE_ALTIVEC) - const uint32_t* in_32 = static_cast(in); - __vector unsigned int R0 = vec_ld(0, in_32); - __vector unsigned int R1 = vec_ld(12, in_32); - __vector unsigned char perm = vec_lvsl(0, in_32); + union { + __vector unsigned int V; + uint32_t R[4]; + } vec; - if(CPUID::is_little_endian()) - { - perm = vec_xor(perm, vec_splat_u8(3)); // bswap vector - } + Botan::load_be(vec.R, static_cast(in), 4); - R0 = vec_perm(R0, R1, perm); - return SIMD_4x32(R0); + return SIMD_4x32(vec.V); #elif defined(BOTAN_SIMD_USE_NEON) From c6accf871af69b16f4b194fecc34db36367be969 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 18:06:17 -0500 Subject: [PATCH 0696/1008] AES encryption using POWER8 intrinsics --- src/build-data/arch/ppc64.txt | 1 + src/build-data/cc/gcc.txt | 2 + src/lib/block/aes/aes.cpp | 49 +++++ src/lib/block/aes/aes.h | 15 ++ src/lib/block/aes/aes_power8/aes_power8.cpp | 223 ++++++++++++++++++++ src/lib/block/aes/aes_power8/info.txt | 9 + 6 files changed, 299 insertions(+) create mode 100644 src/lib/block/aes/aes_power8/aes_power8.cpp create mode 100644 src/lib/block/aes/aes_power8/info.txt diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64.txt index f973344617..aed017f20d 100644 --- a/src/build-data/arch/ppc64.txt +++ b/src/build-data/arch/ppc64.txt @@ -10,4 +10,5 @@ ppc64le altivec +ppccrypto diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index a67b878d98..f1a2edbe24 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -57,6 +57,8 @@ rdseed -> "-mrdseed" sha -> "-msha" altivec -> "-maltivec" +ppccrypto -> "-mcrypto" + arm64:armv8crypto -> "" # For Aarch32 -mfpu=neon is required diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 9c375c362a..04f2cc21fd 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -430,6 +430,13 @@ const char* aes_provider() } #endif +#if defined(BOTAN_HAS_AES_POWER8) + if(CPUID::has_ppc_crypto()) + { + return "power8"; + } +#endif + #if defined(BOTAN_HAS_AES_ARMV8) if(CPUID::has_arm_aes()) { @@ -475,6 +482,13 @@ void AES_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif +#if defined(BOTAN_HAS_AES_POWER8) + if(CPUID::has_ppc_crypto()) + { + return power8_encrypt_n(in, out, blocks); + } +#endif + aes_encrypt_n(in, out, blocks, m_EK, m_ME); } @@ -503,6 +517,13 @@ void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif +#if defined(BOTAN_HAS_AES_POWER8) && 0 + if(CPUID::has_ppc_crypto()) + { + return power8_decrypt_n(in, out, blocks); + } +#endif + aes_decrypt_n(in, out, blocks, m_DK, m_MD); } @@ -558,6 +579,13 @@ void AES_192::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif +#if defined(BOTAN_HAS_AES_POWER8) + if(CPUID::has_ppc_crypto()) + { + return power8_encrypt_n(in, out, blocks); + } +#endif + aes_encrypt_n(in, out, blocks, m_EK, m_ME); } @@ -586,6 +614,13 @@ void AES_192::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif +#if defined(BOTAN_HAS_AES_POWER8) && 0 + if(CPUID::has_ppc_crypto()) + { + return power8_decrypt_n(in, out, blocks); + } +#endif + aes_decrypt_n(in, out, blocks, m_DK, m_MD); } @@ -641,6 +676,13 @@ void AES_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif +#if defined(BOTAN_HAS_AES_POWER8) + if(CPUID::has_ppc_crypto()) + { + return power8_encrypt_n(in, out, blocks); + } +#endif + aes_encrypt_n(in, out, blocks, m_EK, m_ME); } @@ -669,6 +711,13 @@ void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif +#if defined(BOTAN_HAS_AES_POWER8) && 0 + if(CPUID::has_ppc_crypto()) + { + return power8_decrypt_n(in, out, blocks); + } +#endif + aes_decrypt_n(in, out, blocks, m_DK, m_MD); } diff --git a/src/lib/block/aes/aes.h b/src/lib/block/aes/aes.h index 8af2423d06..294cdcad37 100644 --- a/src/lib/block/aes/aes.h +++ b/src/lib/block/aes/aes.h @@ -48,6 +48,11 @@ class BOTAN_PUBLIC_API(2,0) AES_128 final : public Block_Cipher_Fixed_Params<16, void armv8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; #endif +#if defined(BOTAN_HAS_AES_POWER8) + void power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; + void power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; +#endif + secure_vector m_EK, m_DK; secure_vector m_ME, m_MD; }; @@ -86,6 +91,11 @@ class BOTAN_PUBLIC_API(2,0) AES_192 final : public Block_Cipher_Fixed_Params<16, void armv8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; #endif +#if defined(BOTAN_HAS_AES_POWER8) + void power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; + void power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; +#endif + void key_schedule(const uint8_t key[], size_t length) override; secure_vector m_EK, m_DK; @@ -127,6 +137,11 @@ class BOTAN_PUBLIC_API(2,0) AES_256 final : public Block_Cipher_Fixed_Params<16, void armv8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; #endif +#if defined(BOTAN_HAS_AES_POWER8) + void power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; + void power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const; +#endif + void key_schedule(const uint8_t key[], size_t length) override; secure_vector m_EK, m_DK; diff --git a/src/lib/block/aes/aes_power8/aes_power8.cpp b/src/lib/block/aes/aes_power8/aes_power8.cpp new file mode 100644 index 0000000000..b6d42081ee --- /dev/null +++ b/src/lib/block/aes/aes_power8/aes_power8.cpp @@ -0,0 +1,223 @@ +/* +* AES using POWER8 crypto extensions +* +* Contributed by Jeffrey Walton +* +* Further changes +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include + +#include +#undef vector +#undef bool + +namespace Botan { + +namespace { + +__vector unsigned long long LoadKey(const uint32_t* src) + { + __vector unsigned int vec = vec_vsx_ld(0, src); + + if(CPUID::is_little_endian()) + { + const __vector unsigned char mask = {12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3}; + const __vector unsigned char zero = {0}; + return (__vector unsigned long long)vec_perm((__vector unsigned char)vec, zero, mask); + } + else + { + return (__vector unsigned long long)vec; + } + } + +__vector unsigned char Reverse8x16(const __vector unsigned char src) + { + if(CPUID::is_little_endian()) + { + const __vector unsigned char mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; + const __vector unsigned char zero = {0}; + return vec_perm(src, zero, mask); + } + else + { + return src; + } + } + +__vector unsigned long long LoadBlock(const uint8_t* src) + { + return (__vector unsigned long long)Reverse8x16(vec_vsx_ld(0, src)); + } + +void StoreBlock(const __vector unsigned long long src, uint8_t* dest) + { + vec_vsx_st(Reverse8x16((__vector unsigned char)src), 0, dest); + } + +} + +BOTAN_FUNC_ISA("crypto") +void AES_128::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + { + BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); + + const __vector unsigned long long K0 = LoadKey(&m_EK[0]); + const __vector unsigned long long K1 = LoadKey(&m_EK[4]); + const __vector unsigned long long K2 = LoadKey(&m_EK[8]); + const __vector unsigned long long K3 = LoadKey(&m_EK[12]); + const __vector unsigned long long K4 = LoadKey(&m_EK[16]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[32]); + const __vector unsigned long long K9 = LoadKey(&m_EK[36]); + const __vector unsigned long long K10 = LoadBlock(m_ME.data()); + + for(size_t i = 0; i != blocks; ++i) + { + __vector unsigned long long B = LoadBlock(in); + + B = vec_xor(B, K0); + B = __builtin_crypto_vcipher(B, K1); + B = __builtin_crypto_vcipher(B, K2); + B = __builtin_crypto_vcipher(B, K3); + B = __builtin_crypto_vcipher(B, K4); + B = __builtin_crypto_vcipher(B, K5); + B = __builtin_crypto_vcipher(B, K6); + B = __builtin_crypto_vcipher(B, K7); + B = __builtin_crypto_vcipher(B, K8); + B = __builtin_crypto_vcipher(B, K9); + B = __builtin_crypto_vcipherlast(B, K10); + + StoreBlock(B, out); + + out += 16; + in += 16; + } + } + +BOTAN_FUNC_ISA("crypto") +void AES_128::power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + { + BOTAN_ASSERT(m_DK.empty() == false, "Key was set"); + + BOTAN_UNUSED(in, out, blocks); + throw Not_Implemented("FIXME"); + } + +BOTAN_FUNC_ISA("crypto") +void AES_192::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + { + BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); + + const __vector unsigned long long K0 = LoadKey(&m_EK[0]); + const __vector unsigned long long K1 = LoadKey(&m_EK[4]); + const __vector unsigned long long K2 = LoadKey(&m_EK[8]); + const __vector unsigned long long K3 = LoadKey(&m_EK[12]); + const __vector unsigned long long K4 = LoadKey(&m_EK[16]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[32]); + const __vector unsigned long long K9 = LoadKey(&m_EK[36]); + const __vector unsigned long long K10 = LoadKey(&m_EK[40]); + const __vector unsigned long long K11 = LoadKey(&m_EK[44]); + const __vector unsigned long long K12 = LoadBlock(m_ME.data()); + + for(size_t i = 0; i != blocks; ++i) + { + __vector unsigned long long B = LoadBlock(in); + + B = vec_xor(B, K0); + B = __builtin_crypto_vcipher(B, K1); + B = __builtin_crypto_vcipher(B, K2); + B = __builtin_crypto_vcipher(B, K3); + B = __builtin_crypto_vcipher(B, K4); + B = __builtin_crypto_vcipher(B, K5); + B = __builtin_crypto_vcipher(B, K6); + B = __builtin_crypto_vcipher(B, K7); + B = __builtin_crypto_vcipher(B, K8); + B = __builtin_crypto_vcipher(B, K9); + B = __builtin_crypto_vcipher(B, K10); + B = __builtin_crypto_vcipher(B, K11); + B = __builtin_crypto_vcipherlast(B, K12); + + StoreBlock(B, out); + + out += 16; + in += 16; + } + } + +BOTAN_FUNC_ISA("crypto") +void AES_192::power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + { + BOTAN_ASSERT(m_DK.empty() == false, "Key was set"); + BOTAN_UNUSED(in, out, blocks); + throw Not_Implemented("FIXME"); + } + +BOTAN_FUNC_ISA("crypto") +void AES_256::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + { + BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); + const __vector unsigned long long K0 = LoadKey(&m_EK[0]); + const __vector unsigned long long K1 = LoadKey(&m_EK[4]); + const __vector unsigned long long K2 = LoadKey(&m_EK[8]); + const __vector unsigned long long K3 = LoadKey(&m_EK[12]); + const __vector unsigned long long K4 = LoadKey(&m_EK[16]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[32]); + const __vector unsigned long long K9 = LoadKey(&m_EK[36]); + const __vector unsigned long long K10 = LoadKey(&m_EK[40]); + const __vector unsigned long long K11 = LoadKey(&m_EK[44]); + const __vector unsigned long long K12 = LoadKey(&m_EK[48]); + const __vector unsigned long long K13 = LoadKey(&m_EK[52]); + const __vector unsigned long long K14 = LoadBlock(m_ME.data()); + + for(size_t i = 0; i != blocks; ++i) + { + __vector unsigned long long B = LoadBlock(in); + + B = vec_xor(B, K0); + B = __builtin_crypto_vcipher(B, K1); + B = __builtin_crypto_vcipher(B, K2); + B = __builtin_crypto_vcipher(B, K3); + B = __builtin_crypto_vcipher(B, K4); + B = __builtin_crypto_vcipher(B, K5); + B = __builtin_crypto_vcipher(B, K6); + B = __builtin_crypto_vcipher(B, K7); + B = __builtin_crypto_vcipher(B, K8); + B = __builtin_crypto_vcipher(B, K9); + B = __builtin_crypto_vcipher(B, K10); + B = __builtin_crypto_vcipher(B, K11); + B = __builtin_crypto_vcipher(B, K12); + B = __builtin_crypto_vcipher(B, K13); + B = __builtin_crypto_vcipherlast(B, K14); + + StoreBlock(B, out); + + out += 16; + in += 16; + } + + } + +BOTAN_FUNC_ISA("crypto") +void AES_256::power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const + { + BOTAN_ASSERT(m_DK.empty() == false, "Key was set"); + + BOTAN_UNUSED(in, out, blocks); + throw Not_Implemented("FIXME"); + } + +} diff --git a/src/lib/block/aes/aes_power8/info.txt b/src/lib/block/aes/aes_power8/info.txt new file mode 100644 index 0000000000..6aa52d25a0 --- /dev/null +++ b/src/lib/block/aes/aes_power8/info.txt @@ -0,0 +1,9 @@ + +AES_POWER8 -> 20180223 + + + +ppc64 + + +need_isa ppccrypto From f75693ad4ead4b51ec96b3da42d6076cfb3edbe3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 23 Feb 2018 20:55:40 -0500 Subject: [PATCH 0697/1008] Implement decryption --- src/lib/block/aes/aes.cpp | 6 +- src/lib/block/aes/aes_power8/aes_power8.cpp | 185 +++++++++++++++----- 2 files changed, 148 insertions(+), 43 deletions(-) diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 04f2cc21fd..c35bdabaaf 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -517,7 +517,7 @@ void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif -#if defined(BOTAN_HAS_AES_POWER8) && 0 +#if defined(BOTAN_HAS_AES_POWER8) if(CPUID::has_ppc_crypto()) { return power8_decrypt_n(in, out, blocks); @@ -614,7 +614,7 @@ void AES_192::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif -#if defined(BOTAN_HAS_AES_POWER8) && 0 +#if defined(BOTAN_HAS_AES_POWER8) if(CPUID::has_ppc_crypto()) { return power8_decrypt_n(in, out, blocks); @@ -711,7 +711,7 @@ void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const } #endif -#if defined(BOTAN_HAS_AES_POWER8) && 0 +#if defined(BOTAN_HAS_AES_POWER8) if(CPUID::has_ppc_crypto()) { return power8_decrypt_n(in, out, blocks); diff --git a/src/lib/block/aes/aes_power8/aes_power8.cpp b/src/lib/block/aes/aes_power8/aes_power8.cpp index b6d42081ee..98520a13cf 100644 --- a/src/lib/block/aes/aes_power8/aes_power8.cpp +++ b/src/lib/block/aes/aes_power8/aes_power8.cpp @@ -67,16 +67,16 @@ void AES_128::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) { BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); - const __vector unsigned long long K0 = LoadKey(&m_EK[0]); - const __vector unsigned long long K1 = LoadKey(&m_EK[4]); - const __vector unsigned long long K2 = LoadKey(&m_EK[8]); - const __vector unsigned long long K3 = LoadKey(&m_EK[12]); - const __vector unsigned long long K4 = LoadKey(&m_EK[16]); - const __vector unsigned long long K5 = LoadKey(&m_EK[20]); - const __vector unsigned long long K6 = LoadKey(&m_EK[24]); - const __vector unsigned long long K7 = LoadKey(&m_EK[28]); - const __vector unsigned long long K8 = LoadKey(&m_EK[32]); - const __vector unsigned long long K9 = LoadKey(&m_EK[36]); + const __vector unsigned long long K0 = LoadKey(&m_EK[0]); + const __vector unsigned long long K1 = LoadKey(&m_EK[4]); + const __vector unsigned long long K2 = LoadKey(&m_EK[8]); + const __vector unsigned long long K3 = LoadKey(&m_EK[12]); + const __vector unsigned long long K4 = LoadKey(&m_EK[16]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[32]); + const __vector unsigned long long K9 = LoadKey(&m_EK[36]); const __vector unsigned long long K10 = LoadBlock(m_ME.data()); for(size_t i = 0; i != blocks; ++i) @@ -105,10 +105,41 @@ void AES_128::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) BOTAN_FUNC_ISA("crypto") void AES_128::power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { - BOTAN_ASSERT(m_DK.empty() == false, "Key was set"); + BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); + + const __vector unsigned long long K0 = LoadBlock(m_ME.data()); + const __vector unsigned long long K1 = LoadKey(&m_EK[36]); + const __vector unsigned long long K2 = LoadKey(&m_EK[32]); + const __vector unsigned long long K3 = LoadKey(&m_EK[28]); + const __vector unsigned long long K4 = LoadKey(&m_EK[24]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[16]); + const __vector unsigned long long K7 = LoadKey(&m_EK[12]); + const __vector unsigned long long K8 = LoadKey(&m_EK[8]); + const __vector unsigned long long K9 = LoadKey(&m_EK[4]); + const __vector unsigned long long K10 = LoadKey(&m_EK[0]); + + for(size_t i = 0; i != blocks; ++i) + { + __vector unsigned long long B = LoadBlock(in); - BOTAN_UNUSED(in, out, blocks); - throw Not_Implemented("FIXME"); + B = vec_xor(B, K0); + B = __builtin_crypto_vncipher(B, K1); + B = __builtin_crypto_vncipher(B, K2); + B = __builtin_crypto_vncipher(B, K3); + B = __builtin_crypto_vncipher(B, K4); + B = __builtin_crypto_vncipher(B, K5); + B = __builtin_crypto_vncipher(B, K6); + B = __builtin_crypto_vncipher(B, K7); + B = __builtin_crypto_vncipher(B, K8); + B = __builtin_crypto_vncipher(B, K9); + B = __builtin_crypto_vncipherlast(B, K10); + + StoreBlock(B, out); + + out += 16; + in += 16; + } } BOTAN_FUNC_ISA("crypto") @@ -116,16 +147,16 @@ void AES_192::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) { BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); - const __vector unsigned long long K0 = LoadKey(&m_EK[0]); - const __vector unsigned long long K1 = LoadKey(&m_EK[4]); - const __vector unsigned long long K2 = LoadKey(&m_EK[8]); - const __vector unsigned long long K3 = LoadKey(&m_EK[12]); - const __vector unsigned long long K4 = LoadKey(&m_EK[16]); - const __vector unsigned long long K5 = LoadKey(&m_EK[20]); - const __vector unsigned long long K6 = LoadKey(&m_EK[24]); - const __vector unsigned long long K7 = LoadKey(&m_EK[28]); - const __vector unsigned long long K8 = LoadKey(&m_EK[32]); - const __vector unsigned long long K9 = LoadKey(&m_EK[36]); + const __vector unsigned long long K0 = LoadKey(&m_EK[0]); + const __vector unsigned long long K1 = LoadKey(&m_EK[4]); + const __vector unsigned long long K2 = LoadKey(&m_EK[8]); + const __vector unsigned long long K3 = LoadKey(&m_EK[12]); + const __vector unsigned long long K4 = LoadKey(&m_EK[16]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[32]); + const __vector unsigned long long K9 = LoadKey(&m_EK[36]); const __vector unsigned long long K10 = LoadKey(&m_EK[40]); const __vector unsigned long long K11 = LoadKey(&m_EK[44]); const __vector unsigned long long K12 = LoadBlock(m_ME.data()); @@ -158,25 +189,61 @@ void AES_192::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) BOTAN_FUNC_ISA("crypto") void AES_192::power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { - BOTAN_ASSERT(m_DK.empty() == false, "Key was set"); - BOTAN_UNUSED(in, out, blocks); - throw Not_Implemented("FIXME"); + BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); + + const __vector unsigned long long K0 = LoadBlock(m_ME.data()); + const __vector unsigned long long K1 = LoadKey(&m_EK[44]); + const __vector unsigned long long K2 = LoadKey(&m_EK[40]); + const __vector unsigned long long K3 = LoadKey(&m_EK[36]); + const __vector unsigned long long K4 = LoadKey(&m_EK[32]); + const __vector unsigned long long K5 = LoadKey(&m_EK[28]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[20]); + const __vector unsigned long long K8 = LoadKey(&m_EK[16]); + const __vector unsigned long long K9 = LoadKey(&m_EK[12]); + const __vector unsigned long long K10 = LoadKey(&m_EK[8]); + const __vector unsigned long long K11 = LoadKey(&m_EK[4]); + const __vector unsigned long long K12 = LoadKey(&m_EK[0]); + + for(size_t i = 0; i != blocks; ++i) + { + __vector unsigned long long B = LoadBlock(in); + + B = vec_xor(B, K0); + B = __builtin_crypto_vncipher(B, K1); + B = __builtin_crypto_vncipher(B, K2); + B = __builtin_crypto_vncipher(B, K3); + B = __builtin_crypto_vncipher(B, K4); + B = __builtin_crypto_vncipher(B, K5); + B = __builtin_crypto_vncipher(B, K6); + B = __builtin_crypto_vncipher(B, K7); + B = __builtin_crypto_vncipher(B, K8); + B = __builtin_crypto_vncipher(B, K9); + B = __builtin_crypto_vncipher(B, K10); + B = __builtin_crypto_vncipher(B, K11); + B = __builtin_crypto_vncipherlast(B, K12); + + StoreBlock(B, out); + + out += 16; + in += 16; + } } BOTAN_FUNC_ISA("crypto") void AES_256::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); - const __vector unsigned long long K0 = LoadKey(&m_EK[0]); - const __vector unsigned long long K1 = LoadKey(&m_EK[4]); - const __vector unsigned long long K2 = LoadKey(&m_EK[8]); - const __vector unsigned long long K3 = LoadKey(&m_EK[12]); - const __vector unsigned long long K4 = LoadKey(&m_EK[16]); - const __vector unsigned long long K5 = LoadKey(&m_EK[20]); - const __vector unsigned long long K6 = LoadKey(&m_EK[24]); - const __vector unsigned long long K7 = LoadKey(&m_EK[28]); - const __vector unsigned long long K8 = LoadKey(&m_EK[32]); - const __vector unsigned long long K9 = LoadKey(&m_EK[36]); + const __vector unsigned long long K0 = LoadKey(&m_EK[0]); + const __vector unsigned long long K1 = LoadKey(&m_EK[4]); + const __vector unsigned long long K2 = LoadKey(&m_EK[8]); + const __vector unsigned long long K3 = LoadKey(&m_EK[12]); + const __vector unsigned long long K4 = LoadKey(&m_EK[16]); + const __vector unsigned long long K5 = LoadKey(&m_EK[20]); + const __vector unsigned long long K6 = LoadKey(&m_EK[24]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[32]); + const __vector unsigned long long K9 = LoadKey(&m_EK[36]); const __vector unsigned long long K10 = LoadKey(&m_EK[40]); const __vector unsigned long long K11 = LoadKey(&m_EK[44]); const __vector unsigned long long K12 = LoadKey(&m_EK[48]); @@ -208,16 +275,54 @@ void AES_256::power8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) out += 16; in += 16; } - } BOTAN_FUNC_ISA("crypto") void AES_256::power8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { - BOTAN_ASSERT(m_DK.empty() == false, "Key was set"); + BOTAN_ASSERT(m_EK.empty() == false, "Key was set"); + + const __vector unsigned long long K0 = LoadBlock(m_ME.data()); + const __vector unsigned long long K1 = LoadKey(&m_EK[52]); + const __vector unsigned long long K2 = LoadKey(&m_EK[48]); + const __vector unsigned long long K3 = LoadKey(&m_EK[44]); + const __vector unsigned long long K4 = LoadKey(&m_EK[40]); + const __vector unsigned long long K5 = LoadKey(&m_EK[36]); + const __vector unsigned long long K6 = LoadKey(&m_EK[32]); + const __vector unsigned long long K7 = LoadKey(&m_EK[28]); + const __vector unsigned long long K8 = LoadKey(&m_EK[24]); + const __vector unsigned long long K9 = LoadKey(&m_EK[20]); + const __vector unsigned long long K10 = LoadKey(&m_EK[16]); + const __vector unsigned long long K11 = LoadKey(&m_EK[12]); + const __vector unsigned long long K12 = LoadKey(&m_EK[8]); + const __vector unsigned long long K13 = LoadKey(&m_EK[4]); + const __vector unsigned long long K14 = LoadKey(&m_EK[0]); + + for(size_t i = 0; i != blocks; ++i) + { + __vector unsigned long long B = LoadBlock(in); + + B = vec_xor(B, K0); + B = __builtin_crypto_vncipher(B, K1); + B = __builtin_crypto_vncipher(B, K2); + B = __builtin_crypto_vncipher(B, K3); + B = __builtin_crypto_vncipher(B, K4); + B = __builtin_crypto_vncipher(B, K5); + B = __builtin_crypto_vncipher(B, K6); + B = __builtin_crypto_vncipher(B, K7); + B = __builtin_crypto_vncipher(B, K8); + B = __builtin_crypto_vncipher(B, K9); + B = __builtin_crypto_vncipher(B, K10); + B = __builtin_crypto_vncipher(B, K11); + B = __builtin_crypto_vncipher(B, K12); + B = __builtin_crypto_vncipher(B, K13); + B = __builtin_crypto_vncipherlast(B, K14); - BOTAN_UNUSED(in, out, blocks); - throw Not_Implemented("FIXME"); + StoreBlock(B, out); + + out += 16; + in += 16; + } } } From 7ba53cde04f255662891ce75d6df922e2a7b45ac Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 24 Feb 2018 10:29:27 -0500 Subject: [PATCH 0698/1008] Update news/docs --- doc/manual/side_channels.rst | 12 +++++------- news.rst | 2 ++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/manual/side_channels.rst b/doc/manual/side_channels.rst index 7cf8a7b353..01d20a66d2 100644 --- a/doc/manual/side_channels.rst +++ b/doc/manual/side_channels.rst @@ -210,9 +210,9 @@ bytes runs in constant time, depending only on the block size of the cipher. AES ---------------------- -On x86 processors which support it, AES-NI instruction set is used, as it is -fast and (presumed) side channel silent. There is no support at the moment for -the similar ARMv8 or POWER AES instructions; patches would be welcome. +Some x86, ARMv8 and POWER processors support AES instructions which +are fast and are thought to be side channel silent. These instructions +are used when available. On x86 processors without AES-NI but with SSSE3 (which includes older Intel Atoms and Core2 Duos, and even now some embedded or low power x86 chips), a @@ -239,10 +239,8 @@ GCM On platforms that support a carryless multiply instruction (recent x86 and ARM), GCM is fast and constant time. -On all other platforms, GCM is slow and constant time. It uses a simple bit at -at time loop. It would be much faster using a table lookup, but we wish to avoid -side channels. One improvement here would be the option of using a 2K or 4K -table, but using a side-channel silent (masked) table lookup. +On all other platforms, GCM uses a slow but constant time algorithm. There is +also an SSSE3 variant of the same (still slow) algorithm. OCB ----------------------- diff --git a/news.rst b/news.rst index 9d759d26c2..9026bcc5a8 100644 --- a/news.rst +++ b/news.rst @@ -21,6 +21,8 @@ Version 2.5.0, Not Yet Released * Add ability to create custom elliptic curves (GH #1441 #1444) +* Add support for POWER8 AES instructions (GH #1459 #1206) + * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454) From 8c28cbca01326ba2fb208f8758e6cc96a1551043 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 09:12:06 -0500 Subject: [PATCH 0699/1008] Todo - PKCS12 [ci skip] --- doc/todo.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/todo.rst b/doc/todo.rst index 622963342a..1a76b3480f 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -110,6 +110,7 @@ New Protocols / Formats ---------------------------------------- * PKCS7 / Cryptographic Message Syntax +* PKCS12 / PFX * NaCl compatible cryptobox functions * Off-The-Record v3 https://otr.cypherpunks.ca/ * Some useful subset of OpenPGP From 7e6aea7a9bff0714756aff5c7470c5c55cb31e0c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 11:06:42 -0500 Subject: [PATCH 0700/1008] Fix autodetection of sparc64/mips64 [ci skip] --- src/build-data/detect_arch.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/build-data/detect_arch.cpp b/src/build-data/detect_arch.cpp index aa50540936..577b73adab 100644 --- a/src/build-data/detect_arch.cpp +++ b/src/build-data/detect_arch.cpp @@ -18,10 +18,20 @@ PPC32 #elif defined(__mips__) || defined(__mips) + + #if defined(__LP64__) || defined(_LP64) + MIPS64 + #else MIPS32 + #endif #elif defined(__sparc__) + + #if defined(__LP64__) || defined(_LP64) + SPARC64 + #else SPARC32 + #endif #elif defined(__alpha__) ALPHA From 974899425d1da0a6c09f1fc85e6acbbf7f7d6c46 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 10:52:17 -0500 Subject: [PATCH 0701/1008] Unroll ARMv8 AES instructions by 4 to allow pipelining Runs as much as 50% faster for bulk operations. Improves GCM by 10% --- src/lib/block/aes/aes_armv8/aes_armv8.cpp | 391 +++++++++++++++++----- 1 file changed, 307 insertions(+), 84 deletions(-) diff --git a/src/lib/block/aes/aes_armv8/aes_armv8.cpp b/src/lib/block/aes/aes_armv8/aes_armv8.cpp index 417854bfb0..8a332ceafd 100644 --- a/src/lib/block/aes/aes_armv8/aes_armv8.cpp +++ b/src/lib/block/aes/aes_armv8/aes_armv8.cpp @@ -2,6 +2,9 @@ * AES using ARMv8 * Contributed by Jeffrey Walton * +* Further changes +* (C) 2017,2018 Jack Lloyd +* * Botan is released under the Simplified BSD License (see license.txt) */ @@ -11,6 +14,42 @@ namespace Botan { +#define AES_ENC_4_ROUNDS(K) \ + do \ + { \ + B0 = vaesmcq_u8(vaeseq_u8(B0, K)); \ + B1 = vaesmcq_u8(vaeseq_u8(B1, K)); \ + B2 = vaesmcq_u8(vaeseq_u8(B2, K)); \ + B3 = vaesmcq_u8(vaeseq_u8(B3, K)); \ + } while(0) + +#define AES_ENC_4_LAST_ROUNDS(K, K2) \ + do \ + { \ + B0 = veorq_u8(vaeseq_u8(B0, K), K2); \ + B1 = veorq_u8(vaeseq_u8(B1, K), K2); \ + B2 = veorq_u8(vaeseq_u8(B2, K), K2); \ + B3 = veorq_u8(vaeseq_u8(B3, K), K2); \ + } while(0) + +#define AES_DEC_4_ROUNDS(K) \ + do \ + { \ + B0 = vaesimcq_u8(vaesdq_u8(B0, K)); \ + B1 = vaesimcq_u8(vaesdq_u8(B1, K)); \ + B2 = vaesimcq_u8(vaesdq_u8(B2, K)); \ + B3 = vaesimcq_u8(vaesdq_u8(B3, K)); \ + } while(0) + +#define AES_DEC_4_LAST_ROUNDS(K, K2) \ + do \ + { \ + B0 = veorq_u8(vaesdq_u8(B0, K), K2); \ + B1 = veorq_u8(vaesdq_u8(B1, K), K2); \ + B2 = veorq_u8(vaesdq_u8(B2, K), K2); \ + B3 = veorq_u8(vaesdq_u8(B3, K), K2); \ + } while(0) + /* * AES-128 Encryption */ @@ -34,20 +73,48 @@ void AES_128::armv8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint8x16_t K9 = vld1q_u8(skey + 144); const uint8x16_t K10 = vld1q_u8(mkey); + while(blocks >= 4) + { + uint8x16_t B0 = vld1q_u8(in); + uint8x16_t B1 = vld1q_u8(in+16); + uint8x16_t B2 = vld1q_u8(in+32); + uint8x16_t B3 = vld1q_u8(in+48); + + AES_ENC_4_ROUNDS(K0); + AES_ENC_4_ROUNDS(K1); + AES_ENC_4_ROUNDS(K2); + AES_ENC_4_ROUNDS(K3); + AES_ENC_4_ROUNDS(K4); + AES_ENC_4_ROUNDS(K5); + AES_ENC_4_ROUNDS(K6); + AES_ENC_4_ROUNDS(K7); + AES_ENC_4_ROUNDS(K8); + AES_ENC_4_LAST_ROUNDS(K9, K10); + + vst1q_u8(out, B0); + vst1q_u8(out+16, B1); + vst1q_u8(out+32, B2); + vst1q_u8(out+48, B3); + + in += 16*4; + out += 16*4; + blocks -= 4; + } + for(size_t i = 0; i != blocks; ++i) { - uint8x16_t data = vld1q_u8(in+16*i); - data = vaesmcq_u8(vaeseq_u8(data, K0)); - data = vaesmcq_u8(vaeseq_u8(data, K1)); - data = vaesmcq_u8(vaeseq_u8(data, K2)); - data = vaesmcq_u8(vaeseq_u8(data, K3)); - data = vaesmcq_u8(vaeseq_u8(data, K4)); - data = vaesmcq_u8(vaeseq_u8(data, K5)); - data = vaesmcq_u8(vaeseq_u8(data, K6)); - data = vaesmcq_u8(vaeseq_u8(data, K7)); - data = vaesmcq_u8(vaeseq_u8(data, K8)); - data = veorq_u8(vaeseq_u8(data, K9), K10); - vst1q_u8(out+16*i, data); + uint8x16_t B = vld1q_u8(in+16*i); + B = vaesmcq_u8(vaeseq_u8(B, K0)); + B = vaesmcq_u8(vaeseq_u8(B, K1)); + B = vaesmcq_u8(vaeseq_u8(B, K2)); + B = vaesmcq_u8(vaeseq_u8(B, K3)); + B = vaesmcq_u8(vaeseq_u8(B, K4)); + B = vaesmcq_u8(vaeseq_u8(B, K5)); + B = vaesmcq_u8(vaeseq_u8(B, K6)); + B = vaesmcq_u8(vaeseq_u8(B, K7)); + B = vaesmcq_u8(vaeseq_u8(B, K8)); + B = veorq_u8(vaeseq_u8(B, K9), K10); + vst1q_u8(out+16*i, B); } } @@ -74,20 +141,48 @@ void AES_128::armv8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint8x16_t K9 = vld1q_u8(skey + 144); const uint8x16_t K10 = vld1q_u8(mkey); + while(blocks >= 4) + { + uint8x16_t B0 = vld1q_u8(in); + uint8x16_t B1 = vld1q_u8(in+16); + uint8x16_t B2 = vld1q_u8(in+32); + uint8x16_t B3 = vld1q_u8(in+48); + + AES_DEC_4_ROUNDS(K0); + AES_DEC_4_ROUNDS(K1); + AES_DEC_4_ROUNDS(K2); + AES_DEC_4_ROUNDS(K3); + AES_DEC_4_ROUNDS(K4); + AES_DEC_4_ROUNDS(K5); + AES_DEC_4_ROUNDS(K6); + AES_DEC_4_ROUNDS(K7); + AES_DEC_4_ROUNDS(K8); + AES_DEC_4_LAST_ROUNDS(K9, K10); + + vst1q_u8(out, B0); + vst1q_u8(out+16, B1); + vst1q_u8(out+32, B2); + vst1q_u8(out+48, B3); + + in += 16*4; + out += 16*4; + blocks -= 4; + } + for(size_t i = 0; i != blocks; ++i) { - uint8x16_t data = vld1q_u8(in+16*i); - data = vaesimcq_u8(vaesdq_u8(data, K0)); - data = vaesimcq_u8(vaesdq_u8(data, K1)); - data = vaesimcq_u8(vaesdq_u8(data, K2)); - data = vaesimcq_u8(vaesdq_u8(data, K3)); - data = vaesimcq_u8(vaesdq_u8(data, K4)); - data = vaesimcq_u8(vaesdq_u8(data, K5)); - data = vaesimcq_u8(vaesdq_u8(data, K6)); - data = vaesimcq_u8(vaesdq_u8(data, K7)); - data = vaesimcq_u8(vaesdq_u8(data, K8)); - data = veorq_u8(vaesdq_u8(data, K9), K10); - vst1q_u8(out+16*i, data); + uint8x16_t B = vld1q_u8(in+16*i); + B = vaesimcq_u8(vaesdq_u8(B, K0)); + B = vaesimcq_u8(vaesdq_u8(B, K1)); + B = vaesimcq_u8(vaesdq_u8(B, K2)); + B = vaesimcq_u8(vaesdq_u8(B, K3)); + B = vaesimcq_u8(vaesdq_u8(B, K4)); + B = vaesimcq_u8(vaesdq_u8(B, K5)); + B = vaesimcq_u8(vaesdq_u8(B, K6)); + B = vaesimcq_u8(vaesdq_u8(B, K7)); + B = vaesimcq_u8(vaesdq_u8(B, K8)); + B = veorq_u8(vaesdq_u8(B, K9), K10); + vst1q_u8(out+16*i, B); } } @@ -116,22 +211,52 @@ void AES_192::armv8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint8x16_t K11 = vld1q_u8(skey + 176); const uint8x16_t K12 = vld1q_u8(mkey); + while(blocks >= 4) + { + uint8x16_t B0 = vld1q_u8(in); + uint8x16_t B1 = vld1q_u8(in+16); + uint8x16_t B2 = vld1q_u8(in+32); + uint8x16_t B3 = vld1q_u8(in+48); + + AES_ENC_4_ROUNDS(K0); + AES_ENC_4_ROUNDS(K1); + AES_ENC_4_ROUNDS(K2); + AES_ENC_4_ROUNDS(K3); + AES_ENC_4_ROUNDS(K4); + AES_ENC_4_ROUNDS(K5); + AES_ENC_4_ROUNDS(K6); + AES_ENC_4_ROUNDS(K7); + AES_ENC_4_ROUNDS(K8); + AES_ENC_4_ROUNDS(K9); + AES_ENC_4_ROUNDS(K10); + AES_ENC_4_LAST_ROUNDS(K11, K12); + + vst1q_u8(out, B0); + vst1q_u8(out+16, B1); + vst1q_u8(out+32, B2); + vst1q_u8(out+48, B3); + + in += 16*4; + out += 16*4; + blocks -= 4; + } + for(size_t i = 0; i != blocks; ++i) { - uint8x16_t data = vld1q_u8(in+16*i); - data = vaesmcq_u8(vaeseq_u8(data, K0)); - data = vaesmcq_u8(vaeseq_u8(data, K1)); - data = vaesmcq_u8(vaeseq_u8(data, K2)); - data = vaesmcq_u8(vaeseq_u8(data, K3)); - data = vaesmcq_u8(vaeseq_u8(data, K4)); - data = vaesmcq_u8(vaeseq_u8(data, K5)); - data = vaesmcq_u8(vaeseq_u8(data, K6)); - data = vaesmcq_u8(vaeseq_u8(data, K7)); - data = vaesmcq_u8(vaeseq_u8(data, K8)); - data = vaesmcq_u8(vaeseq_u8(data, K9)); - data = vaesmcq_u8(vaeseq_u8(data, K10)); - data = veorq_u8(vaeseq_u8(data, K11), K12); - vst1q_u8(out+16*i, data); + uint8x16_t B = vld1q_u8(in+16*i); + B = vaesmcq_u8(vaeseq_u8(B, K0)); + B = vaesmcq_u8(vaeseq_u8(B, K1)); + B = vaesmcq_u8(vaeseq_u8(B, K2)); + B = vaesmcq_u8(vaeseq_u8(B, K3)); + B = vaesmcq_u8(vaeseq_u8(B, K4)); + B = vaesmcq_u8(vaeseq_u8(B, K5)); + B = vaesmcq_u8(vaeseq_u8(B, K6)); + B = vaesmcq_u8(vaeseq_u8(B, K7)); + B = vaesmcq_u8(vaeseq_u8(B, K8)); + B = vaesmcq_u8(vaeseq_u8(B, K9)); + B = vaesmcq_u8(vaeseq_u8(B, K10)); + B = veorq_u8(vaeseq_u8(B, K11), K12); + vst1q_u8(out+16*i, B); } } @@ -159,22 +284,52 @@ void AES_192::armv8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint8x16_t K11 = vld1q_u8(skey + 176); const uint8x16_t K12 = vld1q_u8(mkey); + while(blocks >= 4) + { + uint8x16_t B0 = vld1q_u8(in); + uint8x16_t B1 = vld1q_u8(in+16); + uint8x16_t B2 = vld1q_u8(in+32); + uint8x16_t B3 = vld1q_u8(in+48); + + AES_DEC_4_ROUNDS(K0); + AES_DEC_4_ROUNDS(K1); + AES_DEC_4_ROUNDS(K2); + AES_DEC_4_ROUNDS(K3); + AES_DEC_4_ROUNDS(K4); + AES_DEC_4_ROUNDS(K5); + AES_DEC_4_ROUNDS(K6); + AES_DEC_4_ROUNDS(K7); + AES_DEC_4_ROUNDS(K8); + AES_DEC_4_ROUNDS(K9); + AES_DEC_4_ROUNDS(K10); + AES_DEC_4_LAST_ROUNDS(K11, K12); + + vst1q_u8(out, B0); + vst1q_u8(out+16, B1); + vst1q_u8(out+32, B2); + vst1q_u8(out+48, B3); + + in += 16*4; + out += 16*4; + blocks -= 4; + } + for(size_t i = 0; i != blocks; ++i) { - uint8x16_t data = vld1q_u8(in+16*i); - data = vaesimcq_u8(vaesdq_u8(data, K0)); - data = vaesimcq_u8(vaesdq_u8(data, K1)); - data = vaesimcq_u8(vaesdq_u8(data, K2)); - data = vaesimcq_u8(vaesdq_u8(data, K3)); - data = vaesimcq_u8(vaesdq_u8(data, K4)); - data = vaesimcq_u8(vaesdq_u8(data, K5)); - data = vaesimcq_u8(vaesdq_u8(data, K6)); - data = vaesimcq_u8(vaesdq_u8(data, K7)); - data = vaesimcq_u8(vaesdq_u8(data, K8)); - data = vaesimcq_u8(vaesdq_u8(data, K9)); - data = vaesimcq_u8(vaesdq_u8(data, K10)); - data = veorq_u8(vaesdq_u8(data, K11), K12); - vst1q_u8(out+16*i, data); + uint8x16_t B = vld1q_u8(in+16*i); + B = vaesimcq_u8(vaesdq_u8(B, K0)); + B = vaesimcq_u8(vaesdq_u8(B, K1)); + B = vaesimcq_u8(vaesdq_u8(B, K2)); + B = vaesimcq_u8(vaesdq_u8(B, K3)); + B = vaesimcq_u8(vaesdq_u8(B, K4)); + B = vaesimcq_u8(vaesdq_u8(B, K5)); + B = vaesimcq_u8(vaesdq_u8(B, K6)); + B = vaesimcq_u8(vaesdq_u8(B, K7)); + B = vaesimcq_u8(vaesdq_u8(B, K8)); + B = vaesimcq_u8(vaesdq_u8(B, K9)); + B = vaesimcq_u8(vaesdq_u8(B, K10)); + B = veorq_u8(vaesdq_u8(B, K11), K12); + vst1q_u8(out+16*i, B); } } @@ -205,24 +360,56 @@ void AES_256::armv8_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint8x16_t K13 = vld1q_u8(skey + 208); const uint8x16_t K14 = vld1q_u8(mkey); + while(blocks >= 4) + { + uint8x16_t B0 = vld1q_u8(in); + uint8x16_t B1 = vld1q_u8(in+16); + uint8x16_t B2 = vld1q_u8(in+32); + uint8x16_t B3 = vld1q_u8(in+48); + + AES_ENC_4_ROUNDS(K0); + AES_ENC_4_ROUNDS(K1); + AES_ENC_4_ROUNDS(K2); + AES_ENC_4_ROUNDS(K3); + AES_ENC_4_ROUNDS(K4); + AES_ENC_4_ROUNDS(K5); + AES_ENC_4_ROUNDS(K6); + AES_ENC_4_ROUNDS(K7); + AES_ENC_4_ROUNDS(K8); + AES_ENC_4_ROUNDS(K9); + AES_ENC_4_ROUNDS(K10); + AES_ENC_4_ROUNDS(K11); + AES_ENC_4_ROUNDS(K12); + AES_ENC_4_LAST_ROUNDS(K13, K14); + + vst1q_u8(out, B0); + vst1q_u8(out+16, B1); + vst1q_u8(out+32, B2); + vst1q_u8(out+48, B3); + + in += 16*4; + out += 16*4; + blocks -= 4; + } + for(size_t i = 0; i != blocks; ++i) { - uint8x16_t data = vld1q_u8(in+16*i); - data = vaesmcq_u8(vaeseq_u8(data, K0)); - data = vaesmcq_u8(vaeseq_u8(data, K1)); - data = vaesmcq_u8(vaeseq_u8(data, K2)); - data = vaesmcq_u8(vaeseq_u8(data, K3)); - data = vaesmcq_u8(vaeseq_u8(data, K4)); - data = vaesmcq_u8(vaeseq_u8(data, K5)); - data = vaesmcq_u8(vaeseq_u8(data, K6)); - data = vaesmcq_u8(vaeseq_u8(data, K7)); - data = vaesmcq_u8(vaeseq_u8(data, K8)); - data = vaesmcq_u8(vaeseq_u8(data, K9)); - data = vaesmcq_u8(vaeseq_u8(data, K10)); - data = vaesmcq_u8(vaeseq_u8(data, K11)); - data = vaesmcq_u8(vaeseq_u8(data, K12)); - data = veorq_u8(vaeseq_u8(data, K13), K14); - vst1q_u8(out+16*i, data); + uint8x16_t B = vld1q_u8(in+16*i); + B = vaesmcq_u8(vaeseq_u8(B, K0)); + B = vaesmcq_u8(vaeseq_u8(B, K1)); + B = vaesmcq_u8(vaeseq_u8(B, K2)); + B = vaesmcq_u8(vaeseq_u8(B, K3)); + B = vaesmcq_u8(vaeseq_u8(B, K4)); + B = vaesmcq_u8(vaeseq_u8(B, K5)); + B = vaesmcq_u8(vaeseq_u8(B, K6)); + B = vaesmcq_u8(vaeseq_u8(B, K7)); + B = vaesmcq_u8(vaeseq_u8(B, K8)); + B = vaesmcq_u8(vaeseq_u8(B, K9)); + B = vaesmcq_u8(vaeseq_u8(B, K10)); + B = vaesmcq_u8(vaeseq_u8(B, K11)); + B = vaesmcq_u8(vaeseq_u8(B, K12)); + B = veorq_u8(vaeseq_u8(B, K13), K14); + vst1q_u8(out+16*i, B); } } @@ -253,26 +440,62 @@ void AES_256::armv8_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint8x16_t K13 = vld1q_u8(skey + 208); const uint8x16_t K14 = vld1q_u8(mkey); + while(blocks >= 4) + { + uint8x16_t B0 = vld1q_u8(in); + uint8x16_t B1 = vld1q_u8(in+16); + uint8x16_t B2 = vld1q_u8(in+32); + uint8x16_t B3 = vld1q_u8(in+48); + + AES_DEC_4_ROUNDS(K0); + AES_DEC_4_ROUNDS(K1); + AES_DEC_4_ROUNDS(K2); + AES_DEC_4_ROUNDS(K3); + AES_DEC_4_ROUNDS(K4); + AES_DEC_4_ROUNDS(K5); + AES_DEC_4_ROUNDS(K6); + AES_DEC_4_ROUNDS(K7); + AES_DEC_4_ROUNDS(K8); + AES_DEC_4_ROUNDS(K9); + AES_DEC_4_ROUNDS(K10); + AES_DEC_4_ROUNDS(K11); + AES_DEC_4_ROUNDS(K12); + AES_DEC_4_LAST_ROUNDS(K13, K14); + + vst1q_u8(out, B0); + vst1q_u8(out+16, B1); + vst1q_u8(out+32, B2); + vst1q_u8(out+48, B3); + + in += 16*4; + out += 16*4; + blocks -= 4; + } + for(size_t i = 0; i != blocks; ++i) { - uint8x16_t data = vld1q_u8(in+16*i); - data = vaesimcq_u8(vaesdq_u8(data, K0)); - data = vaesimcq_u8(vaesdq_u8(data, K1)); - data = vaesimcq_u8(vaesdq_u8(data, K2)); - data = vaesimcq_u8(vaesdq_u8(data, K3)); - data = vaesimcq_u8(vaesdq_u8(data, K4)); - data = vaesimcq_u8(vaesdq_u8(data, K5)); - data = vaesimcq_u8(vaesdq_u8(data, K6)); - data = vaesimcq_u8(vaesdq_u8(data, K7)); - data = vaesimcq_u8(vaesdq_u8(data, K8)); - data = vaesimcq_u8(vaesdq_u8(data, K9)); - data = vaesimcq_u8(vaesdq_u8(data, K10)); - data = vaesimcq_u8(vaesdq_u8(data, K11)); - data = vaesimcq_u8(vaesdq_u8(data, K12)); - data = veorq_u8(vaesdq_u8(data, K13), K14); - vst1q_u8(out+16*i, data); + uint8x16_t B = vld1q_u8(in+16*i); + B = vaesimcq_u8(vaesdq_u8(B, K0)); + B = vaesimcq_u8(vaesdq_u8(B, K1)); + B = vaesimcq_u8(vaesdq_u8(B, K2)); + B = vaesimcq_u8(vaesdq_u8(B, K3)); + B = vaesimcq_u8(vaesdq_u8(B, K4)); + B = vaesimcq_u8(vaesdq_u8(B, K5)); + B = vaesimcq_u8(vaesdq_u8(B, K6)); + B = vaesimcq_u8(vaesdq_u8(B, K7)); + B = vaesimcq_u8(vaesdq_u8(B, K8)); + B = vaesimcq_u8(vaesdq_u8(B, K9)); + B = vaesimcq_u8(vaesdq_u8(B, K10)); + B = vaesimcq_u8(vaesdq_u8(B, K11)); + B = vaesimcq_u8(vaesdq_u8(B, K12)); + B = veorq_u8(vaesdq_u8(B, K13), K14); + vst1q_u8(out+16*i, B); } } +#undef AES_ENC_4_ROUNDS +#undef AES_ENC_4_LAST_ROUNDS +#undef AES_DEC_4_ROUNDS +#undef AES_DEC_4_LAST_ROUNDS } From 896fd7d5d3ef2c4d546fbf0fecb1b1201d022202 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 12:09:09 -0500 Subject: [PATCH 0702/1008] Change pow_mod fuzzer to also accept p from input Previously it used a hardcoded (random) prime, but accepting all three inputs allows much better coverage of corner cases. --- src/fuzzer/pow_mod.cpp | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/src/fuzzer/pow_mod.cpp b/src/fuzzer/pow_mod.cpp index e74902bd95..0151609fd6 100644 --- a/src/fuzzer/pow_mod.cpp +++ b/src/fuzzer/pow_mod.cpp @@ -1,5 +1,5 @@ /* -* (C) 2016 Jack Lloyd +* (C) 2016,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -13,8 +13,7 @@ namespace { Botan::BigInt simple_power_mod(Botan::BigInt x, Botan::BigInt n, - const Botan::BigInt& p, - const Botan::Modular_Reducer& mod_p) + const Botan::BigInt& p) { if(n == 0) { @@ -23,6 +22,7 @@ Botan::BigInt simple_power_mod(Botan::BigInt x, return 1; } + Botan::Modular_Reducer mod_p(p); Botan::BigInt y = 1; while(n > 1) @@ -41,19 +41,23 @@ Botan::BigInt simple_power_mod(Botan::BigInt x, void fuzz(const uint8_t in[], size_t len) { - static const size_t p_bits = 1024; - static const Botan::BigInt p = random_prime(fuzzer_rng(), p_bits); - static Botan::Modular_Reducer mod_p(p); + static const size_t max_bits = 2048; - if(len == 0 || len > p_bits/8) + if(len % 3 != 0) return; + const size_t part_size = len / 3; + + if(part_size * 8 > max_bits) + return; + + const Botan::BigInt g = Botan::BigInt::decode(in, part_size); + const Botan::BigInt x = Botan::BigInt::decode(in + part_size, part_size); + const Botan::BigInt p = Botan::BigInt::decode(in + 2*part_size, part_size); + try { - const Botan::BigInt g = Botan::BigInt::decode(in, len / 2); - const Botan::BigInt x = Botan::BigInt::decode(in + len / 2, len / 2); - - const Botan::BigInt ref = simple_power_mod(g, x, p, mod_p); + const Botan::BigInt ref = simple_power_mod(g, x, p); const Botan::BigInt z = Botan::power_mod(g, x, p); if(ref != z) From 4536e240238d0b0ecb896c11978b58df108a6ad3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 12:23:41 -0500 Subject: [PATCH 0703/1008] Pass workspace size to various bigint_ functions These functions made assumptions about the workspace size available, which if incorrect would cause memory corruption. Since the length is always available at the caller, just provide it and avoid problems. --- src/lib/math/bigint/big_ops2.cpp | 2 +- src/lib/math/bigint/big_ops3.cpp | 2 +- src/lib/math/ec_gfp/curve_gfp.cpp | 14 ++++++++------ src/lib/math/mp/mp_core.h | 17 ++++++++++------- src/lib/math/mp/mp_karat.cpp | 16 +++++++++------- src/lib/math/mp/mp_monty.cpp | 22 +++++++++++++--------- src/lib/math/numbertheory/monty_exp.cpp | 14 +++++++------- src/lib/math/numbertheory/mp_numth.cpp | 6 +++--- 8 files changed, 52 insertions(+), 41 deletions(-) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 639d87ceba..2f81989c39 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -119,7 +119,7 @@ BigInt& BigInt::operator*=(const BigInt& y) { grow_to(size() + y.size()); secure_vector workspace(size()); - bigint_mul(*this, BigInt(*this), y, workspace.data()); + bigint_mul(*this, BigInt(*this), y, workspace.data(), workspace.size()); } return (*this); diff --git a/src/lib/math/bigint/big_ops3.cpp b/src/lib/math/bigint/big_ops3.cpp index 680eca635e..8bff790a6a 100644 --- a/src/lib/math/bigint/big_ops3.cpp +++ b/src/lib/math/bigint/big_ops3.cpp @@ -95,7 +95,7 @@ BigInt operator*(const BigInt& x, const BigInt& y) else if(x_sw && y_sw) { secure_vector workspace(z.size()); - bigint_mul(z, x, y, workspace.data()); + bigint_mul(z, x, y, workspace.data(), workspace.size()); } if(x_sw && y_sw && x.sign() != y.sign()) diff --git a/src/lib/math/ec_gfp/curve_gfp.cpp b/src/lib/math/ec_gfp/curve_gfp.cpp index efeb5210f4..83d1c841c1 100644 --- a/src/lib/math/ec_gfp/curve_gfp.cpp +++ b/src/lib/math/ec_gfp/curve_gfp.cpp @@ -88,8 +88,9 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, z.grow_to(output_size); z.clear(); - bigint_monty_mul(z, x, y, m_p.data(), m_p_words, m_p_dash, ws.data()); - + bigint_monty_mul(z, x, y, + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); } void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, @@ -112,7 +113,7 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, z.clear(); bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_p_dash, - ws.data()); + ws.data(), ws.size()); } class CurveGFp_NIST : public CurveGFp_Repr @@ -168,7 +169,7 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, z.grow_to(output_size); z.clear(); - bigint_mul(z, x, y, ws.data()); + bigint_mul(z, x, y, ws.data(), ws.size()); this->redc(z, ws); } @@ -190,8 +191,9 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, z.grow_to(output_size); z.clear(); - bigint_sqr(z.mutable_data(), output_size, ws.data(), - x.data(), x.size(), x.sig_words()); + bigint_sqr(z.mutable_data(), output_size, + x.data(), x.size(), x.sig_words(), + ws.data(), ws.size()); this->redc(z, ws); } diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index 06f87015f3..9efcec952b 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -132,21 +132,22 @@ void bigint_linmul3(word z[], const word x[], size_t x_size, word y); void bigint_monty_redc(word z[], const word p[], size_t p_size, word p_dash, - word workspace[]); + word workspace[], + size_t ws_size); /* * Montgomery Multiplication */ void bigint_monty_mul(BigInt& z, const BigInt& x, const BigInt& y, const word p[], size_t p_size, word p_dash, - word workspace[]); + word workspace[], size_t ws_size); /* * Montgomery Squaring */ void bigint_monty_sqr(BigInt& z, const BigInt& x, const word p[], size_t p_size, word p_dash, - word workspace[]); + word workspace[], size_t ws_size); /** * Compare x and y @@ -182,15 +183,17 @@ void bigint_comba_sqr16(word out[32], const word in[16]); /* * High Level Multiplication/Squaring Interfaces */ -void bigint_mul(BigInt& z, const BigInt& x, const BigInt& y, word workspace[]); +void bigint_mul(BigInt& z, const BigInt& x, const BigInt& y, + word workspace[], size_t ws_size); void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, - word workspace[]); + word workspace[], size_t ws_size); -void bigint_sqr(word z[], size_t z_size, word workspace[], - const word x[], size_t x_size, size_t x_sw); +void bigint_sqr(word z[], size_t z_size, + const word x[], size_t x_size, size_t x_sw, + word workspace[], size_t ws_size); } diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 8348025d91..fb8b16161c 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -250,18 +250,19 @@ size_t karatsuba_size(size_t z_size, size_t x_size, size_t x_sw) /* * Multiplication Algorithm Dispatcher */ -void bigint_mul(BigInt& z, const BigInt& x, const BigInt& y, word workspace[]) +void bigint_mul(BigInt& z, const BigInt& x, const BigInt& y, + word workspace[], size_t ws_size) { return bigint_mul(z.mutable_data(), z.size(), x.data(), x.size(), x.sig_words(), y.data(), y.size(), y.sig_words(), - workspace); + workspace, ws_size); } void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, - word workspace[]) + word workspace[], size_t ws_size) { clear_mem(z, z_size); @@ -308,7 +309,7 @@ void bigint_mul(word z[], size_t z_size, { const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw); - if(N) + if(N && ws_size >= 2*N) karatsuba_mul(z, x, y, N, workspace); else basecase_mul(z, x, x_sw, y, y_sw); @@ -318,8 +319,9 @@ void bigint_mul(word z[], size_t z_size, /* * Squaring Algorithm Dispatcher */ -void bigint_sqr(word z[], size_t z_size, word workspace[], - const word x[], size_t x_size, size_t x_sw) +void bigint_sqr(word z[], size_t z_size, + const word x[], size_t x_size, size_t x_sw, + word workspace[], size_t ws_size) { BOTAN_ASSERT(z_size/2 >= x_sw, "Output size is sufficient"); @@ -355,7 +357,7 @@ void bigint_sqr(word z[], size_t z_size, word workspace[], { const size_t N = karatsuba_size(z_size, x_size, x_sw); - if(N) + if(N && ws_size >= 2*N) karatsuba_sqr(z, x, N, workspace); else basecase_mul(z, x, x_sw, x, x_sw); diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index 2599266b03..cc6388f4dc 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -20,11 +20,14 @@ namespace Botan { * Montgomery Reduction Algorithm */ void bigint_monty_redc(word z[], - const word p[], size_t p_size, - word p_dash, word ws[]) + const word p[], size_t p_size, word p_dash, + word ws[], size_t ws_size) { const size_t z_size = 2*(p_size+1); + if(ws_size < z_size) + throw Invalid_Argument("bigint_monty_redc workspace too small"); + CT::poison(z, z_size); CT::poison(p, p_size); CT::poison(ws, 2*(p_size+1)); @@ -96,24 +99,25 @@ void bigint_monty_redc(word z[], void bigint_monty_mul(BigInt& z, const BigInt& x, const BigInt& y, const word p[], size_t p_size, word p_dash, - word ws[]) + word ws[], size_t ws_size) { - bigint_mul(z, x, y, &ws[0]); + bigint_mul(z, x, y, ws, ws_size); bigint_monty_redc(z.mutable_data(), p, p_size, p_dash, - ws); + ws, ws_size); } void bigint_monty_sqr(BigInt& z, const BigInt& x, const word p[], - size_t p_size, word p_dash, word ws[]) + size_t p_size, word p_dash, word ws[], size_t ws_size) { - bigint_sqr(z.mutable_data(), z.size(), &ws[0], - x.data(), x.size(), x.sig_words()); + bigint_sqr(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + ws, ws_size); bigint_monty_redc(z.mutable_data(), p, p_size, p_dash, - ws); + ws, ws_size); } } diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 35d4cd6683..bfb17a87c7 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -61,14 +61,14 @@ Montgomery_Exponentation_State::Montgomery_Exponentation_State(const BigInt& g, bigint_monty_mul(z, m_g[0], m_R2_mod, m_p.data(), m_p_words, m_mod_prime, - workspace.data()); + workspace.data(), workspace.size()); m_g[0] = z; m_g[1] = mod_p.reduce(g); bigint_monty_mul(z, m_g[1], m_R2_mod, m_p.data(), m_p_words, m_mod_prime, - workspace.data()); + workspace.data(), workspace.size()); m_g[1] = z; @@ -79,7 +79,7 @@ Montgomery_Exponentation_State::Montgomery_Exponentation_State(const BigInt& g, const BigInt& y = m_g[i-1]; bigint_monty_mul(z, x, y, m_p.data(), m_p_words, m_mod_prime, - workspace.data()); + workspace.data(), workspace.size()); m_g[i] = z; m_g[i].shrink_to_fit(); @@ -104,7 +104,7 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& k) const for(size_t j = 0; j != m_window_bits; ++j) { bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_mod_prime, - workspace.data()); + workspace.data(), workspace.size()); x = z; } @@ -116,11 +116,11 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& k) const bigint_mul(z.mutable_data(), z.size(), x.data(), x.size(), x.sig_words(), e.data(), m_p_words, m_p_words, - workspace.data()); + workspace.data(), workspace.size()); bigint_monty_redc(z.mutable_data(), m_p.data(), m_p_words, m_mod_prime, - workspace.data()); + workspace.data(), workspace.size()); x = z; } @@ -129,7 +129,7 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& k) const bigint_monty_redc(x.mutable_data(), m_p.data(), m_p_words, m_mod_prime, - workspace.data()); + workspace.data(), workspace.size()); return x; } diff --git a/src/lib/math/numbertheory/mp_numth.cpp b/src/lib/math/numbertheory/mp_numth.cpp index d6eb39e4a7..c39c40520e 100644 --- a/src/lib/math/numbertheory/mp_numth.cpp +++ b/src/lib/math/numbertheory/mp_numth.cpp @@ -24,8 +24,8 @@ BigInt square(const BigInt& x) secure_vector workspace(z.size()); bigint_sqr(z.mutable_data(), z.size(), - workspace.data(), - x.data(), x.size(), x_sw); + x.data(), x.size(), x_sw, + workspace.data(), workspace.size()); return z; } @@ -44,7 +44,7 @@ BigInt mul_add(const BigInt& a, const BigInt& b, const BigInt& c) BigInt r(sign, std::max(a.size() + b.size(), c.sig_words()) + 1); secure_vector workspace(r.size()); - bigint_mul(r, a, b, workspace.data()); + bigint_mul(r, a, b, workspace.data(), workspace.size()); const size_t r_size = std::max(r.sig_words(), c.sig_words()); bigint_add2(r.mutable_data(), r_size, c.data(), c.sig_words()); From aba2c7973362cf941e7dd72a4be182bec538b12f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 12:40:55 -0500 Subject: [PATCH 0704/1008] Add a size check for basecase mul --- src/lib/math/mp/mp_karat.cpp | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index fb8b16161c..f279f07970 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -21,13 +21,16 @@ const size_t KARATSUBA_SQUARE_THRESHOLD = 32; /* * Simple O(N^2) Multiplication */ -void basecase_mul(word z[], +void basecase_mul(word z[], size_t z_size, const word x[], size_t x_size, const word y[], size_t y_size) { + if(z_size < x_size + y_size) + throw Invalid_Argument("basecase_mul z_size too small"); + const size_t x_size_8 = x_size - (x_size % 8); - clear_mem(z, x_size + y_size); + clear_mem(z, z_size); for(size_t i = 0; i != y_size; ++i) { @@ -60,7 +63,7 @@ void karatsuba_mul(word z[], const word x[], const word y[], size_t N, else if(N == 16) return bigint_comba_mul16(z, x, y); else - return basecase_mul(z, x, N, y, N); + return basecase_mul(z, 2*N, x, N, y, N); } const size_t N2 = N / 2; @@ -130,7 +133,7 @@ void karatsuba_sqr(word z[], const word x[], size_t N, word workspace[]) else if(N == 16) return bigint_comba_sqr16(z, x); else - return basecase_mul(z, x, N, x, N); + return basecase_mul(z, 2*N, x, N, x, N); } const size_t N2 = N / 2; @@ -303,7 +306,7 @@ void bigint_mul(word z[], size_t z_size, y_sw < KARATSUBA_MULTIPLY_THRESHOLD || !workspace) { - basecase_mul(z, x, x_sw, y, y_sw); + basecase_mul(z, z_size, x, x_sw, y, y_sw); } else { @@ -312,7 +315,7 @@ void bigint_mul(word z[], size_t z_size, if(N && ws_size >= 2*N) karatsuba_mul(z, x, y, N, workspace); else - basecase_mul(z, x, x_sw, y, y_sw); + basecase_mul(z, z_size, x, x_sw, y, y_sw); } } @@ -351,7 +354,7 @@ void bigint_sqr(word z[], size_t z_size, } else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace) { - basecase_mul(z, x, x_sw, x, x_sw); + basecase_mul(z, z_size, x, x_sw, x, x_sw); } else { @@ -360,7 +363,7 @@ void bigint_sqr(word z[], size_t z_size, if(N && ws_size >= 2*N) karatsuba_sqr(z, x, N, workspace); else - basecase_mul(z, x, x_sw, x, x_sw); + basecase_mul(z, z_size, x, x_sw, x, x_sw); } } From 59246c7cf7cb80dacd3e1678ec654e1a54f26c27 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 12:43:16 -0500 Subject: [PATCH 0705/1008] Check z_size before doing Karatsuba mul/sqr Since the Karatsuba functions assume z_size >= 2*N The size chooser functions should handle this already by not returning a value that is too large, but good to be sure. --- src/lib/math/mp/mp_karat.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index f279f07970..4d600efabf 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -312,7 +312,7 @@ void bigint_mul(word z[], size_t z_size, { const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw); - if(N && ws_size >= 2*N) + if(N && z_size >= 2*N && ws_size >= 2*N) karatsuba_mul(z, x, y, N, workspace); else basecase_mul(z, z_size, x, x_sw, y, y_sw); @@ -360,7 +360,7 @@ void bigint_sqr(word z[], size_t z_size, { const size_t N = karatsuba_size(z_size, x_size, x_sw); - if(N && ws_size >= 2*N) + if(N && z_size >= 2*N && ws_size >= 2*N) karatsuba_sqr(z, x, N, workspace); else basecase_mul(z, z_size, x, x_sw, x, x_sw); From 2b0bffcea6167315b9a2264e4b1c56edd386e6a2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 13:16:49 -0500 Subject: [PATCH 0706/1008] Benchmark larger DH values --- src/cli/speed.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 465389dc9d..7158f6e207 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1735,7 +1735,7 @@ class Speed final : public Command void bench_dh(const std::string& provider, std::chrono::milliseconds msec) { - for(size_t bits : { 1024, 2048, 3072 }) + for(size_t bits : { 1024, 2048, 3072, 4096, 6144, 8192 }) { bench_pk_ka("DH", "DH-" + std::to_string(bits), From bec06ddfbf65f93af997ff3af99ccc77c118a446 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 13:39:21 -0500 Subject: [PATCH 0707/1008] Add BigInt::reduce_below --- src/lib/math/bigint/bigint.cpp | 24 ++++++++++++++++++++++++ src/lib/math/bigint/bigint.h | 9 +++++++++ 2 files changed, 33 insertions(+) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index e5f8974d5c..50e93c38dd 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -247,6 +247,30 @@ BigInt BigInt::operator-() const return x; } +void BigInt::reduce_below(const BigInt& p, secure_vector& ws) + { + if(p.is_negative()) + throw Invalid_Argument("BigInt::reduce_below mod must be positive"); + + const size_t p_words = p.sig_words(); + + if(size() < p_words + 1) + grow_to(p_words + 1); + + if(ws.size() < p_words + 1) + ws.resize(p_words + 1); + + for(;;) + { + word borrow = bigint_sub3(ws.data(), data(), p_words + 1, p.data(), p_words); + + if(borrow) + break; + + m_reg.swap(ws); + } + } + /* * Return the absolute value of this number */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 611c2e2ddf..71629b3aae 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -215,6 +215,15 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ bool operator !() const { return (!is_nonzero()); } + /** + * Return *this below mod + * + * Assumes that *this is (if anything) only slightly larger than + * mod and performs repeated subtractions. It should not be used if + * *this is much larger than mod, instead of modulo operator. + */ + void reduce_below(const BigInt& mod, secure_vector &ws); + /** * Zeroize the BigInt. The size of the underlying register is not * modified. From c297a4b32f20a9870a6dab468f1c9a74382c55b3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 13:40:36 -0500 Subject: [PATCH 0708/1008] Use BigInt::reduce_below in NIST prime reductions --- src/lib/math/ec_gfp/curve_nistp.cpp | 36 ++++------------------------- 1 file changed, 5 insertions(+), 31 deletions(-) diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp index 7990c541c9..29771036d7 100644 --- a/src/lib/math/ec_gfp/curve_nistp.cpp +++ b/src/lib/math/ec_gfp/curve_nistp.cpp @@ -11,32 +11,6 @@ namespace Botan { -namespace { - -inline void normalize(const BigInt& p, BigInt& x, secure_vector& ws, size_t bound) - { - const word* prime = p.data(); - const size_t p_words = p.sig_words(); - - if(x.size() < p_words + 1) - x.grow_to(p_words + 1); - - if(ws.size() < p_words + 1) - ws.resize(p_words + 1); - - for(size_t i = 0; i < bound; ++i) - { - word borrow = bigint_sub3(ws.data(), x.data(), p_words + 1, prime, p_words); - - if(borrow) - break; - - x.swap_reg(ws); - } - } - -} - const BigInt& prime_p521() { static const BigInt p521("0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" @@ -67,7 +41,7 @@ void redc_p521(BigInt& x, secure_vector& ws) word carry = bigint_add3_nc(x.mutable_data(), x.data(), p_words, ws.data(), p_words); BOTAN_ASSERT_EQUAL(carry, 0, "Final final carry in P-521 reduction"); - normalize(prime_p521(), x, ws, 1); + x.reduce_below(prime_p521(), ws); } #if defined(BOTAN_HAS_NIST_PRIME_REDUCERS_W32) @@ -171,7 +145,7 @@ void redc_p192(BigInt& x, secure_vector& ws) // No underflow possible - normalize(prime_p192(), x, ws, 3); + x.reduce_below(prime_p192(), ws); } const BigInt& prime_p224() @@ -249,7 +223,7 @@ void redc_p224(BigInt& x, secure_vector& ws) BOTAN_ASSERT_EQUAL(S >> 32, 0, "No underflow"); - normalize(prime_p224(), x, ws, 3); + x.reduce_below(prime_p224(), ws); } const BigInt& prime_p256() @@ -396,7 +370,7 @@ void redc_p256(BigInt& x, secure_vector& ws) x += prime_p256(); } #else - normalize(prime_p256(), x, ws, 10); + x.reduce_below(prime_p256(), ws); #endif } @@ -552,7 +526,7 @@ void redc_p384(BigInt& x, secure_vector& ws) BOTAN_ASSERT_EQUAL(S >> 32, 0, "No underflow"); set_uint32_t(x, 12, S); - normalize(prime_p384(), x, ws, 4); + x.reduce_below(prime_p384(), ws); } #endif From 8c3ce8fba6802b821ce1307e3ca10b06d82a04ce Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 13:40:52 -0500 Subject: [PATCH 0709/1008] Only test strong DL_Group generation in long tests --- src/tests/test_dl_group.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index c513bcd554..99724a7fb7 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -106,10 +106,13 @@ class DL_Group_Tests final : public Test result.test_eq("DH q size", dh_implicit_q.get_q().bits(), Botan::dl_exponent_size(1040)); result.test_eq("DH group verifies", dh_implicit_q.verify_group(rng, true), true); - Botan::DL_Group dh_strong(rng, Botan::DL_Group::Strong, 1025); - result.test_eq("DH p size", dh_strong.get_p().bits(), 1025); - result.test_eq("DH q size", dh_strong.get_q().bits(), 1024); - result.test_eq("DH group verifies", dh_strong.verify_group(rng, true), true); + if(Test::run_long_tests()) + { + Botan::DL_Group dh_strong(rng, Botan::DL_Group::Strong, 1025); + result.test_eq("DH p size", dh_strong.get_p().bits(), 1025); + result.test_eq("DH q size", dh_strong.get_q().bits(), 1024); + result.test_eq("DH group verifies", dh_strong.verify_group(rng, true), true); + } #if defined(BOTAN_HAS_SHA1) Botan::DL_Group dsa1024(rng, Botan::DL_Group::DSA_Kosherizer, 1024); From 68e5aa78138e9e2de84aab58e1cdf0e7084fda87 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 13:24:25 -0500 Subject: [PATCH 0710/1008] Add Montgomery_Int type --- src/lib/math/numbertheory/def_powm.h | 5 +- src/lib/math/numbertheory/info.txt | 1 + src/lib/math/numbertheory/monty.cpp | 254 ++++++++++++++++++++++++ src/lib/math/numbertheory/monty.h | 134 +++++++++++++ src/lib/math/numbertheory/monty_exp.cpp | 137 ++++++------- src/lib/math/numbertheory/monty_exp.h | 7 +- src/lib/math/numbertheory/powm_mnt.cpp | 5 +- src/lib/pubkey/dl_group/dl_group.cpp | 5 +- 8 files changed, 460 insertions(+), 88 deletions(-) create mode 100644 src/lib/math/numbertheory/monty.cpp create mode 100644 src/lib/math/numbertheory/monty.h diff --git a/src/lib/math/numbertheory/def_powm.h b/src/lib/math/numbertheory/def_powm.h index fe705bf96f..6b1f33835f 100644 --- a/src/lib/math/numbertheory/def_powm.h +++ b/src/lib/math/numbertheory/def_powm.h @@ -36,6 +36,7 @@ class Fixed_Window_Exponentiator final : public Modular_Exponentiator Power_Mod::Usage_Hints m_hints; }; +class Montgomery_Params; class Montgomery_Exponentation_State; /** @@ -53,9 +54,11 @@ class Montgomery_Exponentiator final : public Modular_Exponentiator Montgomery_Exponentiator(const BigInt&, Power_Mod::Usage_Hints); private: - std::shared_ptr m_monty; BigInt m_p; Modular_Reducer m_mod_p; + std::shared_ptr m_monty_params; + std::shared_ptr m_monty; + BigInt m_e; Power_Mod::Usage_Hints m_hints; }; diff --git a/src/lib/math/numbertheory/info.txt b/src/lib/math/numbertheory/info.txt index 01adb73455..eb348b7ef8 100644 --- a/src/lib/math/numbertheory/info.txt +++ b/src/lib/math/numbertheory/info.txt @@ -8,6 +8,7 @@ load_on auto numthry.h pow_mod.h reducer.h +monty.h diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp new file mode 100644 index 0000000000..64646a61a0 --- /dev/null +++ b/src/lib/math/numbertheory/monty.cpp @@ -0,0 +1,254 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include + +namespace Botan { + +Montgomery_Params::Montgomery_Params(const BigInt& p, + const Modular_Reducer& mod_p) + { + if(p.is_negative() || p.is_even()) + throw Invalid_Argument("Montgomery_Params invalid modulus"); + + m_p = p; + m_p_words = m_p.sig_words(); + m_p_dash = monty_inverse(m_p.word_at(0)); + + const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS); + + m_r1 = mod_p.reduce(r); + m_r2 = mod_p.square(m_r1); + m_r3 = mod_p.multiply(m_r1, m_r2); + } + +BigInt Montgomery_Params::inv_mod_p(const BigInt& x) const + { + return ct_inverse_mod_odd_modulus(x, p()); + } + +BigInt Montgomery_Params::redc(const BigInt& x) const + { + const size_t output_size = 2*m_p_words + 2; + std::vector ws(output_size); + BigInt z = x; + z.grow_to(output_size); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); + + secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); + return z; + } + +BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y) const + { + const size_t output_size = 2*m_p_words + 2; + std::vector ws(output_size); + BigInt z(BigInt::Positive, output_size); + bigint_monty_mul(z, x, y, + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); + secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); + return z; + } + +BigInt Montgomery_Params::mul(const BigInt& x, const secure_vector& y) const + { + const size_t output_size = 2*m_p_words + 2; + std::vector ws(output_size); + BigInt z(BigInt::Positive, output_size); + + bigint_mul(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + y.data(), y.size(), y.size(), + ws.data(), ws.size()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); + + secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); + return z; + } + +BigInt Montgomery_Params::sqr(const BigInt& x) const + { + const size_t output_size = 2*m_p_words + 2; + std::vector ws(output_size); + BigInt z(BigInt::Positive, output_size); + + bigint_sqr(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + ws.data(), ws.size()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); + + secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); + return z; + } + +Montgomery_Int::Montgomery_Int(const std::shared_ptr params, + const BigInt& v, + bool redc_needed) : + m_params(params), + m_v(redc_needed ? m_params->mul(v % m_params->p(), m_params->R2()) : v) + {} + +void Montgomery_Int::fix_size() + { + const size_t p_words = m_params->p_words(); + + if(m_v.sig_words() > p_words) + throw Internal_Error("Montgomery_Int::fix_size v too large"); + + secure_vector& w = m_v.get_word_vector(); + + if(w.size() != p_words) + { + w.resize(p_words); + w.shrink_to_fit(); + } + } + +bool Montgomery_Int::operator==(const Montgomery_Int& other) const + { + return m_v == other.m_v && m_params->p() == other.m_params->p(); + } + +std::vector Montgomery_Int::serialize() const + { + std::vector v(size()); + BigInt::encode_1363(v.data(), v.size(), value()); + return v; + } + +size_t Montgomery_Int::size() const + { + return m_params->p().bytes(); + } + +bool Montgomery_Int::is_one() const + { + return m_v == m_params->R1(); + } + +bool Montgomery_Int::is_zero() const + { + return m_v.is_zero(); + } + +BigInt Montgomery_Int::value() const + { + return m_params->redc(m_v); + } + +Montgomery_Int Montgomery_Int::operator+(const Montgomery_Int& other) const + { + BigInt z = m_v + other.m_v; + secure_vector ws; + z.reduce_below(m_params->p(), ws); + return Montgomery_Int(m_params, z, false); + } + +Montgomery_Int Montgomery_Int::operator-(const Montgomery_Int& other) const + { + BigInt z = m_v - other.m_v; + if(z.is_negative()) + z += m_params->p(); + return Montgomery_Int(m_params, z, false); + } + +Montgomery_Int& Montgomery_Int::operator+=(const Montgomery_Int& other) + { + m_v += other.m_v; + secure_vector ws; + m_v.reduce_below(m_params->p(), ws); + return (*this); + } + +Montgomery_Int& Montgomery_Int::operator-=(const Montgomery_Int& other) + { + m_v -= other.m_v; + if(m_v.is_negative()) + m_v += m_params->p(); + return (*this); + } + +Montgomery_Int Montgomery_Int::operator*(const Montgomery_Int& other) const + { + return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v), false); + } + +Montgomery_Int& Montgomery_Int::operator*=(const Montgomery_Int& other) + { + m_v = m_params->mul(m_v, other.m_v); + return (*this); + } + +Montgomery_Int& Montgomery_Int::operator*=(const secure_vector& other) + { + m_v = m_params->mul(m_v, other); + return (*this); + } + +Montgomery_Int& Montgomery_Int::square_this() + { + m_v = m_params->sqr(m_v); + return (*this); + } + +Montgomery_Int Montgomery_Int::square() const + { + const BigInt v = m_params->sqr(m_v); + return Montgomery_Int(m_params, v, false); + } + +Montgomery_Int Montgomery_Int::multiplicative_inverse() const + { + const BigInt iv = m_params->mul(m_params->inv_mod_p(m_v), m_params->R3()); + return Montgomery_Int(m_params, iv, false); + } + +Montgomery_Int Montgomery_Int::additive_inverse() const + { + return Montgomery_Int(m_params, m_params->p()) - (*this); + } + +Montgomery_Int& Montgomery_Int::mul_by_2(secure_vector& ws) + { + m_v <<= 1; + m_v.reduce_below(m_params->p(), ws); + return (*this); + } + +Montgomery_Int& Montgomery_Int::mul_by_3(secure_vector& ws) + { + m_v *= 3; + m_v.reduce_below(m_params->p(), ws); + return (*this); + } + +Montgomery_Int& Montgomery_Int::mul_by_4(secure_vector& ws) + { + m_v <<= 2; + m_v.reduce_below(m_params->p(), ws); + return (*this); + } + +Montgomery_Int& Montgomery_Int::mul_by_8(secure_vector& ws) + { + m_v <<= 3; + m_v.reduce_below(m_params->p(), ws); + return (*this); + } + +} diff --git a/src/lib/math/numbertheory/monty.h b/src/lib/math/numbertheory/monty.h new file mode 100644 index 0000000000..ea08789e10 --- /dev/null +++ b/src/lib/math/numbertheory/monty.h @@ -0,0 +1,134 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_MONTY_INT_H_ +#define BOTAN_MONTY_INT_H_ + +#include + +namespace Botan { + +class Modular_Reducer; + +class Montgomery_Params; + +/** +* The Montgomery representation of an integer +*/ +class Montgomery_Int final + { + public: + /** + * Create a zero-initialized Montgomery_Int + */ + Montgomery_Int(std::shared_ptr params) : m_params(params) {} + + /** + * Create a Montgomery_Int + */ + Montgomery_Int(std::shared_ptr params, + const BigInt& v, + bool redc_needed = true); + + bool operator==(const Montgomery_Int& other) const; + bool operator!=(const Montgomery_Int& other) const { return (m_v != other.m_v); } + + std::vector serialize() const; + + size_t size() const; + bool is_one() const; + bool is_zero() const; + + void fix_size(); + + /** + * Return the value to normal mod-p space + */ + BigInt value() const; + + /** + * Return the Montgomery representation + */ + const BigInt& repr() const { return m_v; } + + Montgomery_Int operator+(const Montgomery_Int& other) const; + + Montgomery_Int operator-(const Montgomery_Int& other) const; + + Montgomery_Int& operator+=(const Montgomery_Int& other); + + Montgomery_Int& operator-=(const Montgomery_Int& other); + + Montgomery_Int operator*(const Montgomery_Int& other) const; + + Montgomery_Int& operator*=(const Montgomery_Int& other); + + Montgomery_Int& operator*=(const secure_vector& other); + + Montgomery_Int square() const; + + Montgomery_Int& square_this(); + + Montgomery_Int multiplicative_inverse() const; + + Montgomery_Int additive_inverse() const; + + Montgomery_Int& mul_by_2(secure_vector& ws); + + Montgomery_Int& mul_by_3(secure_vector& ws); + + Montgomery_Int& mul_by_4(secure_vector& ws); + + Montgomery_Int& mul_by_8(secure_vector& ws); + + private: + std::shared_ptr m_params; + BigInt m_v; + }; + +/** +* Parameters for Montgomery Reduction +*/ +class Montgomery_Params final + { + public: + /** + * Initialize a set of Montgomery reduction parameters. These values + * can be shared by all values in a specific Montgomery domain. + */ + Montgomery_Params(const BigInt& p, const Modular_Reducer& mod_p); + + const BigInt& p() const { return m_p; } + const BigInt& R1() const { return m_r1; } + const BigInt& R2() const { return m_r2; } + const BigInt& R3() const { return m_r3; } + + word p_dash() const { return m_p_dash; } + + size_t p_words() const { return m_p_words; } + + BigInt redc(const BigInt& x) const; + + BigInt mul(const BigInt& x, const BigInt& y) const; + + BigInt mul(const BigInt& x, const secure_vector& y) const; + + BigInt sqr(const BigInt& x) const; + + BigInt inv_mod_p(const BigInt& x) const; + + private: + BigInt m_p; + BigInt m_r1; + BigInt m_r2; + BigInt m_r3; + word m_p_dash; + size_t m_p_words; + }; + +} + +#endif diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index bfb17a87c7..6b7af3b09a 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -7,140 +7,115 @@ */ #include +#include #include #include -#include +#include namespace Botan { class Montgomery_Exponentation_State { public: - Montgomery_Exponentation_State(const BigInt& g, - const BigInt& p, - const Modular_Reducer& mod_p, + Montgomery_Exponentation_State(std::shared_ptr params, + const BigInt& g, size_t window_bits); BigInt exponentiation(const BigInt& k) const; private: - BigInt m_p; - BigInt m_R_mod; - BigInt m_R2_mod; - word m_mod_prime; - size_t m_p_words; + std::shared_ptr m_params; + std::vector m_g; size_t m_window_bits; - std::vector m_g; }; -Montgomery_Exponentation_State::Montgomery_Exponentation_State(const BigInt& g, - const BigInt& p, - const Modular_Reducer& mod_p, +Montgomery_Exponentation_State::Montgomery_Exponentation_State(std::shared_ptr params, + const BigInt& g, size_t window_bits) : - m_p(p), - m_p_words(p.sig_words()), - m_window_bits(window_bits) + m_params(params), + m_window_bits(window_bits == 0 ? 4 : window_bits) { - if(p.is_positive() == false || p.is_even()) - throw Invalid_Argument("Cannot use Montgomery reduction on even or negative integer"); + if(m_window_bits < 1 || m_window_bits > 12) // really even 8 is too large ... + throw Invalid_Argument("Invalid window bits for Montgomery exponentiation"); - if(window_bits > 12) // really even 8 is too large ... - throw Invalid_Argument("Montgomery window bits too large"); + const size_t window_size = (1U << m_window_bits); - m_mod_prime = monty_inverse(m_p.word_at(0)); + m_g.reserve(window_size); - const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS); - m_R_mod = mod_p.reduce(r); - m_R2_mod = mod_p.square(m_R_mod); + m_g.push_back(Montgomery_Int(m_params, m_params->R1(), false));; - m_g.resize(1U << m_window_bits); + m_g.push_back(Montgomery_Int(m_params, g)); - BigInt z(BigInt::Positive, 2 * (m_p_words + 1)); - secure_vector workspace(z.size()); + const Montgomery_Int& monty_g = m_g[1]; - m_g[0] = 1; - - bigint_monty_mul(z, m_g[0], m_R2_mod, - m_p.data(), m_p_words, m_mod_prime, - workspace.data(), workspace.size()); - m_g[0] = z; + for(size_t i = 2; i != window_size; ++i) + { + m_g.push_back(monty_g * m_g[i - 1]); + } - m_g[1] = mod_p.reduce(g); + // Resize each element to exactly p words + for(size_t i = 0; i != window_size; ++i) + { + m_g[i].fix_size(); + } + } - bigint_monty_mul(z, m_g[1], m_R2_mod, - m_p.data(), m_p_words, m_mod_prime, - workspace.data(), workspace.size()); +namespace { - m_g[1] = z; +void const_time_lookup(secure_vector& output, + const std::vector& g, + size_t nibble) + { + const size_t words = output.size(); - const BigInt& x = m_g[1]; + clear_mem(output.data(), output.size()); - for(size_t i = 2; i != m_g.size(); ++i) + for(size_t i = 0; i != g.size(); ++i) { - const BigInt& y = m_g[i-1]; + const secure_vector& vec = g[i].repr().get_word_vector(); + + BOTAN_ASSERT(vec.size() >= words, + "Word size as expected in const_time_lookup"); - bigint_monty_mul(z, x, y, m_p.data(), m_p_words, m_mod_prime, - workspace.data(), workspace.size()); + const word mask = CT::is_equal(i, nibble); - m_g[i] = z; - m_g[i].shrink_to_fit(); - m_g[i].grow_to(m_p_words); + for(size_t w = 0; w != words; ++w) + output[w] |= (mask & vec[w]); } } -BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& k) const - { - const size_t exp_nibbles = (k.bits() + m_window_bits - 1) / m_window_bits; +} - BigInt x = m_R_mod; +BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) const + { + const size_t exp_nibbles = (scalar.bits() + m_window_bits - 1) / m_window_bits; - const size_t z_size = 2*(m_p_words + 1); + Montgomery_Int x(m_params, m_params->R1(), false); - BigInt z(BigInt::Positive, z_size); - secure_vector workspace(z.size()); - secure_vector e(m_p_words); + secure_vector e_bits(m_params->p_words()); for(size_t i = exp_nibbles; i > 0; --i) { for(size_t j = 0; j != m_window_bits; ++j) { - bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_mod_prime, - workspace.data(), workspace.size()); - - x = z; + x.square_this(); } - const uint32_t nibble = k.get_substring(m_window_bits*(i-1), m_window_bits); + const uint32_t nibble = scalar.get_substring(m_window_bits*(i-1), m_window_bits); - BigInt::const_time_lookup(e, m_g, nibble); + const_time_lookup(e_bits, m_g, nibble); - bigint_mul(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), - e.data(), m_p_words, m_p_words, - workspace.data(), workspace.size()); - - bigint_monty_redc(z.mutable_data(), - m_p.data(), m_p_words, m_mod_prime, - workspace.data(), workspace.size()); - - x = z; + x *= e_bits; } - x.grow_to(2*m_p_words + 1); - - bigint_monty_redc(x.mutable_data(), - m_p.data(), m_p_words, m_mod_prime, - workspace.data(), workspace.size()); - - return x; + return x.value(); } std::shared_ptr -monty_precompute(const BigInt& g, - const BigInt& p, - const Modular_Reducer& mod_p, +monty_precompute(std::shared_ptr params, + const BigInt& g, size_t window_bits) { - return std::make_shared(g, p, mod_p, window_bits); + return std::make_shared(params, g, window_bits); } BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, diff --git a/src/lib/math/numbertheory/monty_exp.h b/src/lib/math/numbertheory/monty_exp.h index 65fc9ce4ba..8c644d221e 100644 --- a/src/lib/math/numbertheory/monty_exp.h +++ b/src/lib/math/numbertheory/monty_exp.h @@ -14,15 +14,16 @@ namespace Botan { class BigInt; class Modular_Reducer; +class Montgomery_Params; + class Montgomery_Exponentation_State; /* * Precompute for calculating values g^x mod p */ std::shared_ptr -monty_precompute(const BigInt& g, - const BigInt& p, - const Modular_Reducer& mod_p, +monty_precompute(std::shared_ptr params_p, + const BigInt& g, size_t window_bits); /* diff --git a/src/lib/math/numbertheory/powm_mnt.cpp b/src/lib/math/numbertheory/powm_mnt.cpp index 81102188b1..5da91796f3 100644 --- a/src/lib/math/numbertheory/powm_mnt.cpp +++ b/src/lib/math/numbertheory/powm_mnt.cpp @@ -8,7 +8,7 @@ #include #include -#include +#include #include namespace Botan { @@ -21,7 +21,7 @@ void Montgomery_Exponentiator::set_exponent(const BigInt& exp) void Montgomery_Exponentiator::set_base(const BigInt& base) { size_t window_bits = Power_Mod::window_bits(m_e.bits(), base.bits(), m_hints); - m_monty = monty_precompute(base, m_p, m_mod_p, window_bits); + m_monty = monty_precompute(m_monty_params, base, window_bits); } BigInt Montgomery_Exponentiator::execute() const @@ -33,6 +33,7 @@ Montgomery_Exponentiator::Montgomery_Exponentiator(const BigInt& mod, Power_Mod::Usage_Hints hints) : m_p(mod), m_mod_p(mod), + m_monty_params(std::make_shared(m_p, m_mod_p)), m_hints(hints) { } diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index a1003f5082..ff8ba37276 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -22,7 +23,8 @@ class DL_Group_Data final DL_Group_Data(const BigInt& p, const BigInt& q, const BigInt& g) : m_p(p), m_q(q), m_g(g), m_mod_p(p), - m_monty(monty_precompute(m_g, m_p, m_mod_p, /*window bits=*/4)), + m_monty_params(std::make_shared(m_p, m_mod_p)), + m_monty(monty_precompute(m_monty_params, m_g, /*window bits=*/4)), m_p_bits(p.bits()), m_estimated_strength(dl_work_factor(m_p_bits)) {} @@ -55,6 +57,7 @@ class DL_Group_Data final BigInt m_q; BigInt m_g; Modular_Reducer m_mod_p; + std::shared_ptr m_monty_params; std::shared_ptr m_monty; size_t m_p_bits; size_t m_estimated_strength; From 2ccc0c1efb44c8756b346ba5874c219790b606cf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 18:18:49 -0500 Subject: [PATCH 0711/1008] Use reduce_below in PointGFp Improves ECDSA times by 2-3% --- src/lib/math/bigint/bigint.cpp | 2 ++ src/lib/math/ec_gfp/point_gfp.cpp | 12 ++++-------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index 50e93c38dd..c822a94e15 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -260,6 +260,8 @@ void BigInt::reduce_below(const BigInt& p, secure_vector& ws) if(ws.size() < p_words + 1) ws.resize(p_words + 1); + clear_mem(ws.data(), ws.size()); + for(;;) { word borrow = bigint_sub3(ws.data(), data(), p_words + 1, p.data(), p_words); diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/math/ec_gfp/point_gfp.cpp index 407da9dbec..f054c51ff0 100644 --- a/src/lib/math/ec_gfp/point_gfp.cpp +++ b/src/lib/math/ec_gfp/point_gfp.cpp @@ -203,8 +203,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(S, m_coord_x, y_2, monty_ws); S <<= 2; // * 4 - while(S >= p) - S -= p; + S.reduce_below(p, monty_ws); m_curve.sqr(a_z4, m_coord_z, monty_ws); // z^2 m_curve.sqr(tmp, a_z4, monty_ws); // z^4 @@ -213,8 +212,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.sqr(M, m_coord_x, monty_ws); M *= 3; M += a_z4; - while(M >= p) - M -= p; + M.reduce_below(p, monty_ws); m_curve.sqr(x, M, monty_ws); x -= (S << 1); @@ -223,8 +221,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.sqr(U, y_2, monty_ws); U <<= 3; - while(U >= p) - U -= p; + U.reduce_below(p, monty_ws); S -= x; while(S.is_negative()) @@ -237,8 +234,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(z, m_coord_y, m_coord_z, monty_ws); z <<= 1; - if(z >= p) - z -= p; + z.reduce_below(p, monty_ws); m_coord_x = x; m_coord_y = y; From f77753951a034e730ace3ea169d28b4b137ce7f2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 18:43:28 -0500 Subject: [PATCH 0712/1008] In ECC tests don't recreate groups that are built in --- src/tests/unit_ecc.cpp | 62 ++++++++++-------------------------------- 1 file changed, 15 insertions(+), 47 deletions(-) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 166dfcd144..f70050fe0c 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -11,7 +11,6 @@ #if defined(BOTAN_HAS_ECC_GROUP) #include #include - #include #include #include #include @@ -557,24 +556,12 @@ Test::Result test_enc_dec_compressed_256() { Test::Result result("ECC Unit"); - // Test for compressed conversion (02/03) 256bit - std::string p_secp = "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"; - std::string a_secp = "ffffffff00000001000000000000000000000000ffffffffffffffffffffffFC"; - std::string b_secp = "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"; - std::string G_secp_comp = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; + Botan::EC_Group group("secp256r1"); - std::vector sv_p_secp = Botan::hex_decode(p_secp); - std::vector sv_a_secp = Botan::hex_decode(a_secp); - std::vector sv_b_secp = Botan::hex_decode(b_secp); - std::vector sv_G_secp_comp = Botan::hex_decode(G_secp_comp); - - Botan::BigInt bi_p_secp = Botan::BigInt::decode(sv_p_secp.data(), sv_p_secp.size()); - Botan::BigInt bi_a_secp = Botan::BigInt::decode(sv_a_secp.data(), sv_a_secp.size()); - Botan::BigInt bi_b_secp = Botan::BigInt::decode(sv_b_secp.data(), sv_b_secp.size()); - - Botan::CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp); + const std::string G_secp_comp = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; + const std::vector sv_G_secp_comp = Botan::hex_decode(G_secp_comp); - Botan::PointGFp p_G = OS2ECP(sv_G_secp_comp, curve); + Botan::PointGFp p_G = group.OS2ECP(sv_G_secp_comp); std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::COMPRESSED)); result.test_eq("compressed_256", sv_result, sv_G_secp_comp); @@ -588,21 +575,14 @@ Test::Result test_enc_dec_uncompressed_112() // Test for uncompressed conversion (04) 112bit - std::string p_secp = "db7c2abf62e35e668076bead208b"; - std::string a_secp = "6127C24C05F38A0AAAF65C0EF02C"; - std::string b_secp = "51DEF1815DB5ED74FCC34C85D709"; - std::string G_secp_uncomp = "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97"; + const Botan::BigInt p("0xdb7c2abf62e35e668076bead208b"); + const Botan::BigInt a("0x6127C24C05F38A0AAAF65C0EF02C"); + const Botan::BigInt b("0x51DEF1815DB5ED74FCC34C85D709"); - std::vector sv_p_secp = Botan::hex_decode(p_secp); - std::vector sv_a_secp = Botan::hex_decode(a_secp); - std::vector sv_b_secp = Botan::hex_decode(b_secp); - std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); - - Botan::BigInt bi_p_secp = Botan::BigInt::decode(sv_p_secp.data(), sv_p_secp.size()); - Botan::BigInt bi_a_secp = Botan::BigInt::decode(sv_a_secp.data(), sv_a_secp.size()); - Botan::BigInt bi_b_secp = Botan::BigInt::decode(sv_b_secp.data(), sv_b_secp.size()); + Botan::CurveGFp curve(p, a, b); - Botan::CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp); + const std::string G_secp_uncomp = "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97"; + const std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); Botan::PointGFp p_G = OS2ECP(sv_G_secp_uncomp, curve); std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::UNCOMPRESSED)); @@ -616,27 +596,15 @@ Test::Result test_enc_dec_uncompressed_521() Test::Result result("ECC Unit"); // Test for uncompressed conversion(04) with big values(521 bit) - std::string p_secp = - "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"; - std::string a_secp = - "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFC"; - std::string b_secp = - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"; - std::string G_secp_uncomp = - "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; - std::vector sv_p_secp = Botan::hex_decode(p_secp); - std::vector sv_a_secp = Botan::hex_decode(a_secp); - std::vector sv_b_secp = Botan::hex_decode(b_secp); - std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); + const std::string G_secp_uncomp = + "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; - Botan::BigInt bi_p_secp = Botan::BigInt::decode(sv_p_secp.data(), sv_p_secp.size()); - Botan::BigInt bi_a_secp = Botan::BigInt::decode(sv_a_secp.data(), sv_a_secp.size()); - Botan::BigInt bi_b_secp = Botan::BigInt::decode(sv_b_secp.data(), sv_b_secp.size()); + const std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); - Botan::CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp); + Botan::EC_Group group("secp521r1"); - Botan::PointGFp p_G = Botan::OS2ECP(sv_G_secp_uncomp, curve); + Botan::PointGFp p_G = group.OS2ECP(sv_G_secp_uncomp); std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::UNCOMPRESSED)); From b0971e8b7f44591c476454aef5a5a7da7e0389c4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 18:43:55 -0500 Subject: [PATCH 0713/1008] Remove a couple of fairly bogus ECC tests I cannot find what curve the cdc_curve_33 test is using, and the invalid prime test is just wtf. --- src/tests/unit_ecc.cpp | 77 ++++++------------------------------------ 1 file changed, 10 insertions(+), 67 deletions(-) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index f70050fe0c..8b196b472a 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -575,16 +575,24 @@ Test::Result test_enc_dec_uncompressed_112() // Test for uncompressed conversion (04) 112bit + // Curve is secp112r2 + const Botan::BigInt p("0xdb7c2abf62e35e668076bead208b"); const Botan::BigInt a("0x6127C24C05F38A0AAAF65C0EF02C"); const Botan::BigInt b("0x51DEF1815DB5ED74FCC34C85D709"); - Botan::CurveGFp curve(p, a, b); + const Botan::BigInt g_x("0x4BA30AB5E892B4E1649DD0928643"); + const Botan::BigInt g_y("0xADCD46F5882E3747DEF36E956E97"); + + const Botan::BigInt order("0x36DF0AAFD8B8D7597CA10520D04B"); + const Botan::BigInt cofactor("4"); // ! + + const Botan::EC_Group group(p, a, b, g_x, g_y, order, cofactor); const std::string G_secp_uncomp = "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97"; const std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); - Botan::PointGFp p_G = OS2ECP(sv_G_secp_uncomp, curve); + Botan::PointGFp p_G = group.OS2ECP(sv_G_secp_uncomp); std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::UNCOMPRESSED)); result.test_eq("uncompressed_112", sv_result, sv_G_secp_uncomp); @@ -612,45 +620,6 @@ Test::Result test_enc_dec_uncompressed_521() return result; } -Test::Result test_enc_dec_uncompressed_521_prime_too_large() - { - Test::Result result("ECC Unit"); - - // Test for uncompressed conversion(04) with big values(521 bit) - std::string p_secp = - "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"; // length increased by "ff" - std::string a_secp = - "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFC"; - std::string b_secp = - "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"; - std::string G_secp_uncomp = - "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; - - std::vector sv_p_secp = Botan::hex_decode(p_secp); - std::vector sv_a_secp = Botan::hex_decode(a_secp); - std::vector sv_b_secp = Botan::hex_decode(b_secp); - std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); - - Botan::BigInt bi_p_secp = Botan::BigInt::decode(sv_p_secp.data(), sv_p_secp.size()); - Botan::BigInt bi_a_secp = Botan::BigInt::decode(sv_a_secp.data(), sv_a_secp.size()); - Botan::BigInt bi_b_secp = Botan::BigInt::decode(sv_b_secp.data(), sv_b_secp.size()); - - Botan::CurveGFp secp521r1(bi_p_secp, bi_a_secp, bi_b_secp); - std::unique_ptr p_G; - - try - { - p_G = std::unique_ptr(new Botan::PointGFp(Botan::OS2ECP(sv_G_secp_uncomp, secp521r1))); - result.test_failure("point decoding with too large value accepted"); - } - catch(std::exception&) - { - result.test_note("rejected invalid point"); - } - - return result; - } - Test::Result test_gfp_store_restore() { Test::Result result("ECC Unit"); @@ -666,30 +635,6 @@ Test::Result test_gfp_store_restore() return result; } - -// maybe move this test -Test::Result test_cdc_curve_33() - { - Test::Result result("ECC Unit"); - - std::string G_secp_uncomp = - "04081523d03d4f12cd02879dea4bf6a4f3a7df26ed888f10c5b2235a1274c386a2f218300dee6ed217841164533bcdc903f07a096f9fbf4ee95bac098a111f296f5830fe5c35b3e344d5df3a2256985f64fbe6d0edcc4c61d18bef681dd399df3d0194c5a4315e012e0245ecea56365baa9e8be1f7"; - - std::vector sv_G_uncomp = Botan::hex_decode(G_secp_uncomp); - - Botan::BigInt bi_p_secp = - Botan::BigInt("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); - Botan::BigInt - bi_a_secp("0xa377dede6b523333d36c78e9b0eaa3bf48ce93041f6d4fc34014d08f6833807498deedd4290101c5866e8dfb589485d13357b9e78c2d7fbe9fe"); - Botan::BigInt - bi_b_secp("0xa9acf8c8ba617777e248509bcb4717d4db346202bf9e352cd5633731dd92a51b72a4dc3b3d17c823fcc8fbda4da08f25dea89046087342595a7"); - - Botan::CurveGFp curve(bi_p_secp, bi_a_secp, bi_b_secp); - Botan::PointGFp p_G = Botan::OS2ECP(sv_G_uncomp, curve); - result.confirm("point is on the curve", p_G.on_the_curve()); - return result; - } - Test::Result test_more_zeropoint() { Test::Result result("ECC Unit"); @@ -832,9 +777,7 @@ class ECC_Unit_Tests final : public Test results.push_back(test_enc_dec_compressed_256()); results.push_back(test_enc_dec_uncompressed_112()); results.push_back(test_enc_dec_uncompressed_521()); - results.push_back(test_enc_dec_uncompressed_521_prime_too_large()); results.push_back(test_gfp_store_restore()); - results.push_back(test_cdc_curve_33()); results.push_back(test_more_zeropoint()); results.push_back(test_mult_by_order()); results.push_back(test_point_swap()); From a3d712149cfe7fc8a2ce8885bd29264cff496639 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 18:46:18 -0500 Subject: [PATCH 0714/1008] Add comment explaining why we are using these useless lambdas --- src/tests/unit_ecc.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 8b196b472a..aecf6e5d47 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -188,6 +188,8 @@ class NIST_Curve_Reduction_Tests final : public Test { std::vector results; + // Using lambdas here to avoid strange UbSan warning (#1370) + #if defined(BOTAN_HAS_NIST_PRIME_REDUCERS_W32) results.push_back(random_redc_test( "P-384", From bccd06762895cd572a30858fd591753d4f769a4d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 18:56:20 -0500 Subject: [PATCH 0715/1008] Merge ec_gfp and ec_group modules They were already somewhat entangled and future work will increase that (eg by having PointGFp hold a pointer to EC_Group) --- src/lib/math/ec_gfp/info.txt | 9 --------- src/lib/math/{ec_gfp => numbertheory}/curve_nistp.h | 0 src/lib/math/numbertheory/info.txt | 1 + .../curve_nistp.cpp => numbertheory/nistp_redc.cpp} | 0 src/lib/{math/ec_gfp => pubkey/ec_group}/curve_gfp.cpp | 0 src/lib/{math/ec_gfp => pubkey/ec_group}/curve_gfp.h | 0 src/lib/pubkey/ec_group/info.txt | 4 ++-- src/lib/{math/ec_gfp => pubkey/ec_group}/point_gfp.cpp | 0 src/lib/{math/ec_gfp => pubkey/ec_group}/point_gfp.h | 0 src/lib/{math/ec_gfp => pubkey/ec_group}/point_mul.cpp | 0 10 files changed, 3 insertions(+), 11 deletions(-) delete mode 100644 src/lib/math/ec_gfp/info.txt rename src/lib/math/{ec_gfp => numbertheory}/curve_nistp.h (100%) rename src/lib/math/{ec_gfp/curve_nistp.cpp => numbertheory/nistp_redc.cpp} (100%) rename src/lib/{math/ec_gfp => pubkey/ec_group}/curve_gfp.cpp (100%) rename src/lib/{math/ec_gfp => pubkey/ec_group}/curve_gfp.h (100%) rename src/lib/{math/ec_gfp => pubkey/ec_group}/point_gfp.cpp (100%) rename src/lib/{math/ec_gfp => pubkey/ec_group}/point_gfp.h (100%) rename src/lib/{math/ec_gfp => pubkey/ec_group}/point_mul.cpp (100%) diff --git a/src/lib/math/ec_gfp/info.txt b/src/lib/math/ec_gfp/info.txt deleted file mode 100644 index c4e57da15b..0000000000 --- a/src/lib/math/ec_gfp/info.txt +++ /dev/null @@ -1,9 +0,0 @@ - -EC_CURVE_GFP -> 20131128 - - -load_on auto - - -numbertheory - diff --git a/src/lib/math/ec_gfp/curve_nistp.h b/src/lib/math/numbertheory/curve_nistp.h similarity index 100% rename from src/lib/math/ec_gfp/curve_nistp.h rename to src/lib/math/numbertheory/curve_nistp.h diff --git a/src/lib/math/numbertheory/info.txt b/src/lib/math/numbertheory/info.txt index 01adb73455..c9768ad78e 100644 --- a/src/lib/math/numbertheory/info.txt +++ b/src/lib/math/numbertheory/info.txt @@ -5,6 +5,7 @@ NUMBERTHEORY -> 20131128 load_on auto +curve_nistp.h numthry.h pow_mod.h reducer.h diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/numbertheory/nistp_redc.cpp similarity index 100% rename from src/lib/math/ec_gfp/curve_nistp.cpp rename to src/lib/math/numbertheory/nistp_redc.cpp diff --git a/src/lib/math/ec_gfp/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp similarity index 100% rename from src/lib/math/ec_gfp/curve_gfp.cpp rename to src/lib/pubkey/ec_group/curve_gfp.cpp diff --git a/src/lib/math/ec_gfp/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h similarity index 100% rename from src/lib/math/ec_gfp/curve_gfp.h rename to src/lib/pubkey/ec_group/curve_gfp.h diff --git a/src/lib/pubkey/ec_group/info.txt b/src/lib/pubkey/ec_group/info.txt index 922c9d663a..a0d0253793 100644 --- a/src/lib/pubkey/ec_group/info.txt +++ b/src/lib/pubkey/ec_group/info.txt @@ -1,10 +1,10 @@ -ECC_GROUP -> 20131128 +ECC_GROUP -> 20170225 +EC_CURVE_GFP -> 20131128 asn1 -ec_gfp numbertheory pem diff --git a/src/lib/math/ec_gfp/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp similarity index 100% rename from src/lib/math/ec_gfp/point_gfp.cpp rename to src/lib/pubkey/ec_group/point_gfp.cpp diff --git a/src/lib/math/ec_gfp/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h similarity index 100% rename from src/lib/math/ec_gfp/point_gfp.h rename to src/lib/pubkey/ec_group/point_gfp.h diff --git a/src/lib/math/ec_gfp/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp similarity index 100% rename from src/lib/math/ec_gfp/point_mul.cpp rename to src/lib/pubkey/ec_group/point_mul.cpp From e7b3f2c0b8da4f5e728cf683429ab9f62ab6d1cb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 19:06:15 -0500 Subject: [PATCH 0716/1008] Update docs --- doc/contributing.rst | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/doc/contributing.rst b/doc/contributing.rst index 0ce0cd9f6b..bdb3a5ac2a 100644 --- a/doc/contributing.rst +++ b/doc/contributing.rst @@ -28,22 +28,21 @@ Library Layout * ``kdf`` contains the key derivation functions * ``mac`` contains the message authentication codes * ``pbkdf`` contains password hashing algorithms for key derivation -* ``math`` is the math library for public key operations. It is divided into - four parts: ``mp`` which are the low level algorithms; ``bigint`` which is - a C++ wrapper around ``mp``; ``numbertheory`` which contains algorithms like - primality testing and exponentiation; and ``ec_gfp`` which defines elliptic - curves over prime fields. -* ``pubkey`` contains the public key implementations +* ``math`` is the big integer math library. It is divided into three parts: + ``mp`` which are the low level algorithms; ``bigint`` which is a C++ wrapper + around ``mp``, and ``numbertheory`` which contains higher level algorithms like + primality testing and exponentiation +* ``pubkey`` contains the public key algorithms * ``pk_pad`` contains padding schemes for public key algorithms * ``rng`` contains the random number generators -* ``entropy`` has various entropy sources +* ``entropy`` has various entropy sources used by some of the RNGs * ``asn1`` is the DER encoder/decoder -* ``cert/x509`` is X.509 certificates, PKCS #10 requests, OCSP +* ``x509`` is X.509 certificates, PKCS #10 requests, OCSP * ``tls`` contains the TLS implementation * ``filters`` is a filter/pipe API for data transforms * ``compression`` has the compression wrappers (zlib, bzip2, lzma) * ``ffi`` is the C99 API -* ``prov`` contains bindings to external libraries like OpenSSL +* ``prov`` contains bindings to external libraries like OpenSSL and PKCS #11 * ``misc`` contains odds and ends: format preserving encryption, SRP, threshold secret sharing, all or nothing transform, and others @@ -203,7 +202,7 @@ on, so there are some existing examples of appropriate use. Generally intrinsics or inline asm is preferred over bare assembly to avoid calling convention issues among different platforms; the improvement in -maintainability is seen as worth any potentially performance tradeoff. One risk +maintainability is seen as worth any potential performance tradeoff. One risk with intrinsics is that the compiler might rewrite your clever const-time SIMD into something with a conditional jump, but code intended to be const-time should in any case be annotated so it can be checked at runtime with tools. @@ -238,20 +237,19 @@ additional lines of code in the library. That is, if the library really does need this functionality, and it can be done in the library for less than that, then it makes sense to just write the code. Yup. -Given the entire library is (accoriding to SLOCcount) 62K lines of code, that +Given the entire library is (according to cloc) 92K lines of code, that may give some estimate of the bar - you can do pretty much anything in 1000 lines of well written C++11 (the implementations of *all* of the message authentication codes is much less than 1K SLOC). Current the (optional) external dependencies of the library are OpenSSL (for access to fast and side channel hardened RSA, ECDSA, AES), zlib, bzip2, lzma, -sqlite3, Trousers (TPM integration), plus various operating system utilities -like basic filesystem operations. These provide major pieces of functionality -which seem worth the trouble of maintaining an integration with. +sqlite3, Trousers (TPM integration), PKCS #11, plus various operating system +utilities like basic filesystem operations. These provide major pieces of +functionality which seem worth the trouble of maintaining an integration with. Examples of other external dependencies that would be appropriate include -integration with system crypto (PKCS #11, TPM, CommonCrypto, CryptoAPI -algorithms), potentially a parallelism framework such as Cilk (as part of a -larger design for parallel message processing, say), or hypothentically use of a -safe ASN.1 parser (that is, one written in a safe language like Rust or OCaml -providing a C API). +integration with system crypto (/dev/crypto, CommonCrypto, CryptoAPI, ...), +potentially a parallelism framework such as Cilk (as part of a larger design for +parallel message processing, say), or hypothentically use of a safe ASN.1 parser +(that is, one written in a safe language like Rust or OCaml providing a C API). From e479bae1d4b66e0984ce7791370e95aa69c4e3f6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Feb 2018 19:58:46 -0500 Subject: [PATCH 0717/1008] Add functions to EC_Group for getting base point coordinates --- src/cli/pubkey.cpp | 3 +-- src/lib/ffi/ffi_pkey_algs.cpp | 4 +-- src/lib/pubkey/ec_group/ec_group.cpp | 38 ++++++++++++++++++++++------ src/lib/pubkey/ec_group/ec_group.h | 14 +++++++++- src/lib/pubkey/ecc_key/ecc_key.cpp | 28 ++++++++++++++++---- src/lib/pubkey/sm2/sm2.cpp | 4 +-- src/tests/test_ffi.cpp | 12 ++++----- 7 files changed, 77 insertions(+), 26 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index a2aded02b2..3c84829d8f 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -344,8 +344,7 @@ class EC_Group_Info final : public Command output() << "P = " << std::hex << group.get_p() << "\n" << "A = " << std::hex << group.get_a() << "\n" << "B = " << std::hex << group.get_b() << "\n" - << "G = " << group.get_base_point().get_affine_x() << "," - << group.get_base_point().get_affine_y() << "\n"; + << "G = " << group.get_g_x() << "," << group.get_g_y() << "\n"; } } diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 7091708a87..7fa06b71b9 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -145,9 +145,9 @@ Botan::BigInt pubkey_get_field(const Botan::Public_Key& key, else if(field == "public_y") return ecc->public_point().get_affine_y(); else if(field == "base_x") - return ecc->domain().get_base_point().get_affine_x(); + return ecc->domain().get_g_x(); else if(field == "base_y") - return ecc->domain().get_base_point().get_affine_y(); + return ecc->domain().get_g_y(); else if(field == "p") return ecc->domain().get_p(); else if(field == "a") diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index a8d5136c83..942e7401a2 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -37,6 +37,8 @@ class EC_Group_Data final const OID& oid) : m_curve(p, a, b), m_base_point(m_curve, g_x, g_y), + m_g_x(g_x), + m_g_y(g_y), m_order(order), m_cofactor(cofactor), m_mod_order(order), @@ -70,8 +72,8 @@ class EC_Group_Data final const BigInt& b() const { return m_curve.get_b(); } const BigInt& order() const { return m_order; } const BigInt& cofactor() const { return m_cofactor; } - BigInt g_x() const { return m_base_point.get_affine_x(); } - BigInt g_y() const { return m_base_point.get_affine_y(); } + const BigInt& g_x() const { return m_g_x; } + const BigInt& g_y() const { return m_g_y; } size_t p_bits() const { return m_p_bits; } size_t p_bytes() const { return (m_p_bits + 7) / 8; } @@ -101,6 +103,9 @@ class EC_Group_Data final private: CurveGFp m_curve; PointGFp m_base_point; + + BigInt m_g_x; + BigInt m_g_y; BigInt m_order; BigInt m_cofactor; Modular_Reducer m_mod_order; @@ -423,6 +428,16 @@ const BigInt& EC_Group::get_order() const return data().order(); } +const BigInt& EC_Group::get_g_x() const + { + return data().g_x(); + } + +const BigInt& EC_Group::get_g_y() const + { + return data().g_y(); + } + const BigInt& EC_Group::get_cofactor() const { return data().cofactor(); @@ -477,7 +492,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const if(form == EC_DOMPAR_ENC_EXPLICIT) { const size_t ecpVers1 = 1; - OID curve_type("1.2.840.10045.1.1"); // prime field + const OID curve_type("1.2.840.10045.1.1"); // prime field const size_t p_bytes = get_p_bytes(); @@ -533,7 +548,8 @@ bool EC_Group::operator==(const EC_Group& other) const return (get_p() == other.get_p() && get_a() == other.get_a() && get_b() == other.get_b() && - get_base_point() == other.get_base_point()); + get_g_x() == other.get_g_x() && + get_g_y() == other.get_g_y()); } bool EC_Group::verify_public_element(const PointGFp& point) const @@ -577,22 +593,28 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng, { return false; } + + const PointGFp base_point = get_base_point(); + //check if the base point is on the curve - if(!get_base_point().on_the_curve()) + if(!base_point.on_the_curve()) { return false; } - if((get_base_point() * get_cofactor()).is_zero()) + if((base_point * get_cofactor()).is_zero()) { return false; } + + const BigInt& order = get_order(); + //check if order is prime - if(!is_prime(get_order(), rng, 128)) + if(!is_prime(order, rng, 128)) { return false; } //check if order of the base point is correct - if(!(get_base_point() * get_order()).is_zero()) + if(!(base_point * order).is_zero()) { return false; } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 5b2a257565..938059fc42 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -172,6 +172,16 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ const PointGFp& get_base_point() const; + /** + * Return the x coordinate of the base point + */ + const BigInt& get_g_x() const; + + /** + * Return the y coordinate of the base point + */ + const BigInt& get_g_y() const; + /** * Return the order of the base point * @result order of the base point @@ -232,7 +242,9 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final * @param ws a temp workspace * @return base_point*k */ - PointGFp blinded_base_point_multiply(const BigInt& k, RandomNumberGenerator& rng, std::vector& ws) const; + PointGFp blinded_base_point_multiply(const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const; /** * Return the zero (or infinite) point on this curve diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index baf99fb78a..4b591ff568 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -108,17 +108,27 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, else m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + const BigInt& order = m_domain_params.get_order(); + if(x == 0) { - m_private_key = BigInt::random_integer(rng, 1, domain().get_order()); + m_private_key = BigInt::random_integer(rng, 1, order); } else { m_private_key = x; } - m_public_key = domain().get_base_point() * - ((with_modular_inverse) ? inverse_mod(m_private_key, m_domain_params.get_order()) : m_private_key); + // Can't use rng here because ffi load functions use Null_RNG + if(with_modular_inverse) + { + // ECKCDSA + m_public_key = domain().get_base_point() * inverse_mod(m_private_key, order); + } + else + { + m_public_key = domain().get_base_point() * m_private_key; + } BOTAN_ASSERT(m_public_key.on_the_curve(), "Generated public key point was on the curve"); @@ -160,8 +170,16 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, if(public_key_bits.empty()) { - m_public_key = domain().get_base_point() * - ((with_modular_inverse) ? inverse_mod(m_private_key, m_domain_params.get_order()) : m_private_key); + if(with_modular_inverse) + { + // ECKCDSA + const BigInt& order = m_domain_params.get_order(); + m_public_key = domain().get_base_point() * inverse_mod(m_private_key, order); + } + else + { + m_public_key = domain().get_base_point() * m_private_key; + } BOTAN_ASSERT(m_public_key.on_the_curve(), "Public point derived from loaded key was on the curve"); diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 9ef30d9bf0..a23708944f 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -59,8 +59,8 @@ std::vector sm2_compute_za(HashFunction& hash, hash.update(BigInt::encode_1363(domain.get_a(), p_bytes)); hash.update(BigInt::encode_1363(domain.get_b(), p_bytes)); - hash.update(BigInt::encode_1363(domain.get_base_point().get_affine_x(), p_bytes)); - hash.update(BigInt::encode_1363(domain.get_base_point().get_affine_y(), p_bytes)); + hash.update(BigInt::encode_1363(domain.get_g_x(), p_bytes)); + hash.update(BigInt::encode_1363(domain.get_g_y(), p_bytes)); hash.update(BigInt::encode_1363(pubkey.get_affine_x(), p_bytes)); hash.update(BigInt::encode_1363(pubkey.get_affine_y(), p_bytes)); diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 47de5e7fb9..1eb7969235 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -1425,7 +1425,7 @@ class FFI_Unit_Tests final : public Test botan_pk_op_verify_t verifier; - if(TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-256)", 0))) + if(signature.size() > 0 && TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-256)", 0))) { TEST_FFI_OK(botan_pk_op_verify_update, (verifier, message.data(), message.size())); TEST_FFI_OK(botan_pk_op_verify_finish, (verifier, signature.data(), signature.size())); @@ -1524,7 +1524,7 @@ class FFI_Unit_Tests final : public Test botan_pk_op_verify_t verifier; - if(TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-384)", 0))) + if(signature.size() > 0 && TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-384)", 0))) { TEST_FFI_OK(botan_pk_op_verify_update, (verifier, message.data(), message.size())); TEST_FFI_OK(botan_pk_op_verify_finish, (verifier, signature.data(), signature.size())); @@ -1587,8 +1587,8 @@ class FFI_Unit_Tests final : public Test TEST_FFI_OK(botan_privkey_get_field, (private_scalar, priv, "x")); TEST_FFI_OK(botan_pubkey_get_field, (public_x, pub, "public_x")); TEST_FFI_OK(botan_pubkey_get_field, (public_y, pub, "public_y")); - TEST_FFI_OK(botan_privkey_load_sm2, (&loaded_privkey, private_scalar, kCurve)); - TEST_FFI_OK(botan_pubkey_load_sm2, (&loaded_pubkey, public_x, public_y, kCurve)); + REQUIRE_FFI_OK(botan_privkey_load_sm2, (&loaded_privkey, private_scalar, kCurve)); + REQUIRE_FFI_OK(botan_pubkey_load_sm2, (&loaded_pubkey, public_x, public_y, kCurve)); TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0)); TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0)); @@ -1678,8 +1678,8 @@ class FFI_Unit_Tests final : public Test TEST_FFI_OK(botan_privkey_get_field, (private_scalar, priv, "x")); TEST_FFI_OK(botan_pubkey_get_field, (public_x, pub, "public_x")); TEST_FFI_OK(botan_pubkey_get_field, (public_y, pub, "public_y")); - TEST_FFI_OK(botan_privkey_load_sm2_enc, (&loaded_privkey, private_scalar, kCurve)); - TEST_FFI_OK(botan_pubkey_load_sm2_enc, (&loaded_pubkey, public_x, public_y, kCurve)); + REQUIRE_FFI_OK(botan_privkey_load_sm2_enc, (&loaded_privkey, private_scalar, kCurve)); + REQUIRE_FFI_OK(botan_pubkey_load_sm2_enc, (&loaded_pubkey, public_x, public_y, kCurve)); TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0)); TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0)); From ac1d24cf06de5e800cbb8a3c7ab392c081aeb783 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 07:56:20 -0500 Subject: [PATCH 0718/1008] Add BigInt::operator*= taking a word Avoids memory allocation when multiplying by a small constant. --- src/lib/math/bigint/big_ops2.cpp | 19 +++++++++++++++++-- src/lib/math/bigint/bigint.h | 6 ++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 2f81989c39..7653884c98 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -107,12 +107,12 @@ BigInt& BigInt::operator*=(const BigInt& y) } else if(x_sw == 1 && y_sw) { - grow_to(y_sw + 2); + grow_to(y_sw + 1); bigint_linmul3(mutable_data(), y.data(), y_sw, word_at(0)); } else if(y_sw == 1 && x_sw) { - grow_to(x_sw + 2); + grow_to(x_sw + 1); bigint_linmul2(mutable_data(), x_sw, y.word_at(0)); } else @@ -125,6 +125,21 @@ BigInt& BigInt::operator*=(const BigInt& y) return (*this); } +BigInt& BigInt::operator*=(word y) + { + if(y == 0) + { + clear(); + set_sign(Positive); + } + + const size_t x_sw = sig_words(); + grow_to(x_sw + 1); + bigint_linmul2(mutable_data(), x_sw, y); + + return (*this); + } + /* * Division Operator */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 71629b3aae..2c1d5e9054 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -153,6 +153,12 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ BigInt& operator*=(const BigInt& y); + /** + * *= operator + * @param y the word to multiply with this + */ + BigInt& operator*=(word y); + /** * /= operator * @param y the BigInt to divide this by From 50c69e760b0f47e84f5a3c8d2bea6f072f3fd587 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 11:48:12 -0500 Subject: [PATCH 0719/1008] Optimize Barrett reduction OSS-Fuzz 6570 flagged an issue with slow modular exponentation. It turned out the problem was not in the library version but the simple square-and-multiply algorithm. Computing g^x % p with all three integers being dense (high Hamming weight) numbers took about 1.5 seconds on a fast machine with almost all of the time taken by the Barrett reductions. With these changes, same testcase now takes only a tiny fraction of a second. --- src/fuzzer/barrett.cpp | 41 +++++++++++++++++++ src/lib/math/bigint/big_ops2.cpp | 57 +++++++++++++++++++++++++-- src/lib/math/bigint/bigint.cpp | 5 +++ src/lib/math/bigint/bigint.h | 21 ++++++++++ src/lib/math/numbertheory/reducer.cpp | 31 +++++++-------- 5 files changed, 134 insertions(+), 21 deletions(-) create mode 100644 src/fuzzer/barrett.cpp diff --git a/src/fuzzer/barrett.cpp b/src/fuzzer/barrett.cpp new file mode 100644 index 0000000000..1c5d88f87d --- /dev/null +++ b/src/fuzzer/barrett.cpp @@ -0,0 +1,41 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "fuzzers.h" +#include +#include + +void fuzz(const uint8_t in[], size_t len) + { + static const size_t max_bits = 2048; + + if(len % 2 != 0) + return; + + const size_t part_size = len / 2; + + if(part_size * 8 > max_bits) + return; + + const Botan::BigInt x = Botan::BigInt::decode(in, part_size); + const Botan::BigInt p = Botan::BigInt::decode(in + part_size, part_size); + + if(p.is_zero()) + return; + + const Botan::BigInt ref = x % p; + + const Botan::Modular_Reducer mod_p(p); + const Botan::BigInt z = mod_p.reduce(x); + + if(ref != z) + { + FUZZER_WRITE_AND_CRASH("X = " << x << "\n" + << "P = " << p << "\n" + << "Z = " << z << "\n" + << "R = " << ref << "\n"); + } + } diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 7653884c98..fc6135c22c 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -92,12 +92,54 @@ BigInt& BigInt::operator-=(const BigInt& y) return (*this); } +BigInt& BigInt::rev_sub(const word y[], size_t y_sw, secure_vector& ws) + { + /* + *this = BigInt(y, y_sw) - *this; + return *this; + */ + if(this->sign() != BigInt::Positive) + throw Invalid_State("BigInt::sub_rev requires this is positive"); + + const size_t x_sw = this->sig_words(); + + const int32_t relative_size = bigint_cmp(y, y_sw, this->data(), x_sw); + + ws.resize(std::max(y_sw, x_sw) + 1); + clear_mem(ws.data(), ws.size()); + + if(relative_size < 0) + { + bigint_sub3(ws.data(), this->data(), x_sw, y, y_sw); + this->flip_sign(); + } + else if(relative_size == 0) + { + ws.clear(); + } + else if(relative_size > 0) + { + bigint_sub3(ws.data(), y, y_sw, this->data(), x_sw); + } + + m_reg.swap(ws); + + return (*this); + } + /* * Multiplication Operator */ BigInt& BigInt::operator*=(const BigInt& y) { - const size_t x_sw = sig_words(), y_sw = y.sig_words(); + secure_vector ws; + return this->mul(y, ws); + } + +BigInt& BigInt::mul(const BigInt& y, secure_vector& ws) + { + const size_t x_sw = sig_words(); + const size_t y_sw = y.sig_words(); set_sign((sign() == y.sign()) ? Positive : Negative); if(x_sw == 0 || y_sw == 0) @@ -117,9 +159,16 @@ BigInt& BigInt::operator*=(const BigInt& y) } else { - grow_to(size() + y.size()); - secure_vector workspace(size()); - bigint_mul(*this, BigInt(*this), y, workspace.data(), workspace.size()); + const size_t new_size = x_sw + y_sw + 1; + ws.resize(new_size); + secure_vector z_reg(new_size); + + bigint_mul(z_reg.data(), z_reg.size(), + data(), size(), x_sw, + y.data(), y.size(), y_sw, + ws.data(), ws.size()); + + z_reg.swap(m_reg); } return (*this); diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index c822a94e15..e99ddb50a4 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -13,6 +13,11 @@ namespace Botan { +BigInt::BigInt(const word words[], size_t length) + { + m_reg.assign(words, words + length); + } + /* * Construct a BigInt from a regular number */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 2c1d5e9054..ca35bd07de 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -78,6 +78,13 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ BigInt(const uint8_t buf[], size_t length, Base base = Binary); + /** + * Create a BigInt from an array of words + * @param words the words + * @param length number of words + */ + BigInt(const word words[], size_t length); + /** * \brief Create a random BigInt of the specified size * @@ -221,6 +228,20 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ bool operator !() const { return (!is_nonzero()); } + /** + * Multiply this with y + * @param y the BigInt to multiply with this + * @param ws a temp workspace + */ + BigInt& mul(const BigInt& y, secure_vector& ws); + + /** + * Set *this to y - *this + * @param y the BigInt to subtract from + * @param ws a temp workspace + */ + BigInt& rev_sub(const word y[], size_t y_size, secure_vector& ws); + /** * Return *this below mod * diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp index d5f1666e10..1d7c2259a1 100644 --- a/src/lib/math/numbertheory/reducer.cpp +++ b/src/lib/math/numbertheory/reducer.cpp @@ -34,7 +34,9 @@ BigInt Modular_Reducer::reduce(const BigInt& x) const if(m_mod_words == 0) throw Invalid_State("Modular_Reducer: Never initalized"); - if(x.cmp(m_modulus, false) < 0) + const size_t x_sw = x.sig_words(); + + if(x_sw < m_mod_words || x.cmp(m_modulus, false) < 0) { if(x.is_negative()) return x + m_modulus; // make positive @@ -42,34 +44,29 @@ BigInt Modular_Reducer::reduce(const BigInt& x) const } else if(x.cmp(m_modulus_2, false) < 0) { - BigInt t1 = x; - t1.set_sign(BigInt::Positive); - t1 >>= (MP_WORD_BITS * (m_mod_words - 1)); - t1 *= m_mu; + secure_vector ws; + + BigInt t1(x.data() + m_mod_words - 1, x_sw - (m_mod_words - 1)); + t1.mul(m_mu, ws); t1 >>= (MP_WORD_BITS * (m_mod_words + 1)); - t1 *= m_modulus; + t1.mul(m_modulus, ws); t1.mask_bits(MP_WORD_BITS * (m_mod_words + 1)); - BigInt t2 = x; - t2.set_sign(BigInt::Positive); - t2.mask_bits(MP_WORD_BITS * (m_mod_words + 1)); - - t2 -= t1; + t1.rev_sub(x.data(), std::min(x_sw, m_mod_words + 1), ws); - if(t2.is_negative()) + if(t1.is_negative()) { - t2 += BigInt::power_of_2(MP_WORD_BITS * (m_mod_words + 1)); + t1 += BigInt::power_of_2(MP_WORD_BITS * (m_mod_words + 1)); } - while(t2 >= m_modulus) - t2 -= m_modulus; + t1.reduce_below(m_modulus, ws); if(x.is_positive()) - return t2; + return t1; else - return (m_modulus - t2); + return (m_modulus - t1); } else { From 3b84e568bd591a9a76d8d3778d90a8d761c1698b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 15:04:39 -0500 Subject: [PATCH 0720/1008] Avoid some needless allocations --- src/lib/math/bigint/big_ops2.cpp | 38 +++++++++++++++++++-------- src/lib/pubkey/ec_group/point_gfp.cpp | 6 +++-- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index fc6135c22c..97d2aadfed 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -1,6 +1,5 @@ /* -* BigInt Assignment Operators -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2018 Jack Lloyd * 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) @@ -20,21 +19,25 @@ BigInt& BigInt::operator+=(const BigInt& y) { const size_t x_sw = sig_words(), y_sw = y.sig_words(); - const size_t reg_size = std::max(x_sw, y_sw) + 1; + if(sign() == y.sign()) + { + const size_t reg_size = std::max(x_sw, y_sw) + 1; - if(m_reg.size() < reg_size) - grow_to(reg_size); + if(m_reg.size() < reg_size) + grow_to(reg_size); - if(sign() == y.sign()) bigint_add2(mutable_data(), reg_size - 1, y.data(), y_sw); + } else { - int32_t relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw); + const int32_t relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - secure_vector z(reg_size - 1); - bigint_sub3(z.data(), y.data(), reg_size - 1, data(), x_sw); + const size_t reg_size = std::max(x_sw, y_sw); + + secure_vector z(reg_size); + bigint_sub3(z.data(), y.data(), reg_size, data(), x_sw); std::swap(m_reg, z); set_sign(y.sign()); } @@ -44,7 +47,9 @@ BigInt& BigInt::operator+=(const BigInt& y) set_sign(Positive); } else if(relative_size > 0) + { bigint_sub2(mutable_data(), x_sw, y.data(), y_sw); + } } return (*this); @@ -183,7 +188,9 @@ BigInt& BigInt::operator*=(word y) } const size_t x_sw = sig_words(); - grow_to(x_sw + 1); + + if(size() < x_sw + 1) + grow_to(x_sw + 1); bigint_linmul2(mutable_data(), x_sw, y); return (*this); @@ -254,7 +261,16 @@ BigInt& BigInt::operator<<=(size_t shift) shift_bits = shift % MP_WORD_BITS, words = sig_words(); - grow_to(words + shift_words + (shift_bits ? 1 : 0)); + /* + * FIXME - if shift_words == 0 && the top shift_bits of the top word + * are zero then we know that no additional word is needed and can + * skip the allocation. + */ + const size_t needed_size = words + shift_words + (shift_bits ? 1 : 0); + + if(m_reg.size() < needed_size) + grow_to(needed_size); + bigint_shl1(mutable_data(), words, shift_words, shift_bits); } diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index f054c51ff0..12a26f50c2 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -147,7 +147,8 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) m_curve.sqr(m_coord_x, r, monty_ws); m_coord_x -= S2; - m_coord_x -= (U2 << 1); + m_coord_x -= U2; + m_coord_x -= U2; while(m_coord_x.is_negative()) m_coord_x += p; @@ -215,7 +216,8 @@ void PointGFp::mult2(std::vector& ws_bn) M.reduce_below(p, monty_ws); m_curve.sqr(x, M, monty_ws); - x -= (S << 1); + x -= S; + x -= S; while(x.is_negative()) x += p; From 72b12e25bfdacc2e9553f64b3d87a48cb46bd682 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 16:34:44 -0500 Subject: [PATCH 0721/1008] Remove use of redc_helper in fuzzers This runs into the same weird UbSan issue as in #1370 --- src/fuzzer/redc_helper.h | 34 ---------------------------------- src/fuzzer/redc_p192.cpp | 13 +++++++++---- src/fuzzer/redc_p224.cpp | 16 ++++++++++++---- src/fuzzer/redc_p256.cpp | 13 +++++++++---- src/fuzzer/redc_p384.cpp | 13 +++++++++---- src/fuzzer/redc_p521.cpp | 13 +++++++++---- 6 files changed, 48 insertions(+), 54 deletions(-) delete mode 100644 src/fuzzer/redc_helper.h diff --git a/src/fuzzer/redc_helper.h b/src/fuzzer/redc_helper.h deleted file mode 100644 index f08df3656e..0000000000 --- a/src/fuzzer/redc_helper.h +++ /dev/null @@ -1,34 +0,0 @@ -/* -* (C) 2015,2016 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_FUZZ_REDC_HELPERS_H_ -#define BOTAN_FUZZ_REDC_HELPERS_H_ - -#include "fuzzers.h" -#include -#include - -namespace { - -void check_redc(std::function&)> redc_fn, - const Botan::Modular_Reducer& redc, - const Botan::BigInt& prime, - const Botan::BigInt& x) - { - const Botan::BigInt v1 = x % prime; - const Botan::BigInt v2 = redc.reduce(x); - - Botan::secure_vector ws; - Botan::BigInt v3 = x; - redc_fn(v3, ws); - - FUZZER_ASSERT_EQUAL(v1, v2); - FUZZER_ASSERT_EQUAL(v2, v3); - } - -} - -#endif diff --git a/src/fuzzer/redc_p192.cpp b/src/fuzzer/redc_p192.cpp index e1f7c753f5..6898cdbb95 100644 --- a/src/fuzzer/redc_p192.cpp +++ b/src/fuzzer/redc_p192.cpp @@ -5,7 +5,7 @@ */ #include "fuzzers.h" -#include "redc_helper.h" +#include #include void fuzz(const uint8_t in[], size_t len) @@ -17,10 +17,15 @@ void fuzz(const uint8_t in[], size_t len) static const Botan::BigInt prime_2 = prime * prime; static Botan::Modular_Reducer prime_redc(prime); - Botan::BigInt x = Botan::BigInt::decode(in, len); + Botan::BigInt input = Botan::BigInt::decode(in, len); - if(x < prime_2) + if(input < prime_2) { - check_redc(Botan::redc_p192, prime_redc, prime, x); + const Botan::BigInt ref = prime_redc.reduce(input); + + Botan::secure_vector ws; + Botan::redc_p192(input, ws); + + FUZZER_ASSERT_EQUAL(ref, input); } } diff --git a/src/fuzzer/redc_p224.cpp b/src/fuzzer/redc_p224.cpp index a8a4d5d725..b2dbac16e5 100644 --- a/src/fuzzer/redc_p224.cpp +++ b/src/fuzzer/redc_p224.cpp @@ -5,19 +5,27 @@ */ #include "fuzzers.h" -#include "redc_helper.h" +#include #include void fuzz(const uint8_t in[], size_t len) { + if(len > 2*224/8) + return; + static const Botan::BigInt& prime = Botan::prime_p224(); static const Botan::BigInt prime_2 = prime * prime; static Botan::Modular_Reducer prime_redc(prime); - Botan::BigInt x = Botan::BigInt::decode(in, len); + Botan::BigInt input = Botan::BigInt::decode(in, len); - if(x < prime_2) + if(input < prime_2) { - check_redc(Botan::redc_p224, prime_redc, prime, x); + const Botan::BigInt ref = prime_redc.reduce(input); + + Botan::secure_vector ws; + Botan::redc_p224(input, ws); + + FUZZER_ASSERT_EQUAL(ref, input); } } diff --git a/src/fuzzer/redc_p256.cpp b/src/fuzzer/redc_p256.cpp index b8d78e7bb0..4c3809f089 100644 --- a/src/fuzzer/redc_p256.cpp +++ b/src/fuzzer/redc_p256.cpp @@ -5,7 +5,7 @@ */ #include "fuzzers.h" -#include "redc_helper.h" +#include #include void fuzz(const uint8_t in[], size_t len) @@ -17,10 +17,15 @@ void fuzz(const uint8_t in[], size_t len) static const Botan::BigInt prime_2 = prime * prime; static Botan::Modular_Reducer prime_redc(prime); - Botan::BigInt x = Botan::BigInt::decode(in, len); + Botan::BigInt input = Botan::BigInt::decode(in, len); - if(x < prime_2) + if(input < prime_2) { - check_redc(Botan::redc_p256, prime_redc, prime, x); + const Botan::BigInt ref = prime_redc.reduce(input); + + Botan::secure_vector ws; + Botan::redc_p256(input, ws); + + FUZZER_ASSERT_EQUAL(ref, input); } } diff --git a/src/fuzzer/redc_p384.cpp b/src/fuzzer/redc_p384.cpp index 35e3ccfee6..1c3a777a0a 100644 --- a/src/fuzzer/redc_p384.cpp +++ b/src/fuzzer/redc_p384.cpp @@ -5,7 +5,7 @@ */ #include "fuzzers.h" -#include "redc_helper.h" +#include #include void fuzz(const uint8_t in[], size_t len) @@ -17,10 +17,15 @@ void fuzz(const uint8_t in[], size_t len) static const Botan::BigInt prime_2 = prime * prime; static Botan::Modular_Reducer prime_redc(prime); - Botan::BigInt x = Botan::BigInt::decode(in, len); + Botan::BigInt input = Botan::BigInt::decode(in, len); - if(x < prime_2) + if(input < prime_2) { - check_redc(Botan::redc_p384, prime_redc, prime, x); + const Botan::BigInt ref = prime_redc.reduce(input); + + Botan::secure_vector ws; + Botan::redc_p384(input, ws); + + FUZZER_ASSERT_EQUAL(ref, input); } } diff --git a/src/fuzzer/redc_p521.cpp b/src/fuzzer/redc_p521.cpp index c6c5d262bf..e148c94bb7 100644 --- a/src/fuzzer/redc_p521.cpp +++ b/src/fuzzer/redc_p521.cpp @@ -5,7 +5,7 @@ */ #include "fuzzers.h" -#include "redc_helper.h" +#include #include void fuzz(const uint8_t in[], size_t len) @@ -17,10 +17,15 @@ void fuzz(const uint8_t in[], size_t len) static const Botan::BigInt prime_2 = prime * prime; static Botan::Modular_Reducer prime_redc(prime); - Botan::BigInt x = Botan::BigInt::decode(in, len); + Botan::BigInt input = Botan::BigInt::decode(in, len); - if(x < prime_2) + if(input < prime_2) { - check_redc(Botan::redc_p521, prime_redc, prime, x); + const Botan::BigInt ref = prime_redc.reduce(input); + + Botan::secure_vector ws; + Botan::redc_p521(input, ws); + + FUZZER_ASSERT_EQUAL(ref, input); } } From a89255d933d02bb388f9a9fa1093b189f389732d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 17:26:40 -0500 Subject: [PATCH 0722/1008] Optimize P-256 and P-384 reduction Precompute the multiples of the prime and then subtract directly. --- news.rst | 6 +- src/lib/math/bigint/bigint.cpp | 12 ++- src/lib/math/bigint/bigint.h | 6 +- src/lib/math/numbertheory/nistp_redc.cpp | 113 +++++++++++++++++------ 4 files changed, 101 insertions(+), 36 deletions(-) diff --git a/news.rst b/news.rst index 9026bcc5a8..9f1ecde3fb 100644 --- a/news.rst +++ b/news.rst @@ -6,9 +6,9 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) -* A faster algorithm for ECC point multiplications is now used, resulting in - ECDSA signature generation being 2-3 times fater than previous releases. Other - optimizations have improved ECDSA verification time by about 25%. (GH #1457) +* Several optimizations in ECC operations have improved ECDSA signature + generation and ECDH key exchange performance by 2 to 4 times as compared to + previous releases. ECDSA verification is 1.25 to 2 times faster. (GH #1457) * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index e99ddb50a4..ec0df8f2d5 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -291,7 +291,12 @@ BigInt BigInt::abs() const void BigInt::grow_to(size_t n) { if(n > size()) - m_reg.resize(round_up(n, 8)); + { + if(n <= m_reg.capacity()) + m_reg.resize(m_reg.capacity()); + else + m_reg.resize(round_up(n, 8)); + } } /* @@ -325,9 +330,10 @@ void BigInt::binary_decode(const uint8_t buf[], size_t length) m_reg[length / WORD_BYTES] = (m_reg[length / WORD_BYTES] << 8) | buf[i]; } -void BigInt::shrink_to_fit() +void BigInt::shrink_to_fit(size_t min_size) { - m_reg.resize(sig_words()); + const size_t words = std::max(min_size, sig_words()); + m_reg.resize(words); } void BigInt::const_time_lookup(secure_vector& output, diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index ca35bd07de..6e2f8dbde3 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -480,7 +480,11 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ void grow_to(size_t n); - void shrink_to_fit(); + /** + * Resize the vector to the minimum word size to hold the integer, or + * min_size words, whichever is larger + */ + void shrink_to_fit(size_t min_size = 0); /** * Fill BigInt with a random number with size of bitsize diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp index 29771036d7..a2420e975a 100644 --- a/src/lib/math/numbertheory/nistp_redc.cpp +++ b/src/lib/math/numbertheory/nistp_redc.cpp @@ -1,6 +1,6 @@ /* * NIST prime reductions -* (C) 2014,2015 Jack Lloyd +* (C) 2014,2015,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -234,6 +234,10 @@ const BigInt& prime_p256() void redc_p256(BigInt& x, secure_vector& ws) { + static const size_t p256_limbs = (BOTAN_MP_WORD_BITS == 32) ? 8 : 4; + + BOTAN_UNUSED(ws); + const uint32_t X8 = get_uint32_t(x, 8); const uint32_t X9 = get_uint32_t(x, 9); const uint32_t X10 = get_uint32_t(x, 10); @@ -244,6 +248,7 @@ void redc_p256(BigInt& x, secure_vector& ws) const uint32_t X15 = get_uint32_t(x, 15); x.mask_bits(256); + x.shrink_to_fit(p256_limbs + 1); int64_t S = 0; @@ -342,36 +347,49 @@ void redc_p256(BigInt& x, secure_vector& ws) set_uint32_t(x, 7, S); S >>= 32; - S += 5; - set_uint32_t(x, 8, S); - - BOTAN_ASSERT_EQUAL(S >> 32, 0, "No underflow"); - -#if 0 - BOTAN_ASSERT(S <= 10, "Expected overflow"); - static const BigInt P256_mults[11] = { - prime_p256(), - 2*prime_p256(), - 3*prime_p256(), - 4*prime_p256(), - 5*prime_p256(), - 6*prime_p256(), - 7*prime_p256(), - 8*prime_p256(), - 9*prime_p256(), - 10*prime_p256(), - 11*prime_p256() + S += 5; // final carry of 6*P-256 + + BOTAN_ASSERT(S >= 0 && S <= 10, "Expected overflow"); + + /* + This is a table of (i*P-256) % 2**256 for i in 1...10 + */ + static const word p256_mults[11][p256_limbs] = { +#if (BOTAN_MP_WORD_BITS == 64) + {0xFFFFFFFFFFFFFFFF, 0x00000000FFFFFFFF, 0x0000000000000000, 0xFFFFFFFF00000001}, + {0xFFFFFFFFFFFFFFFE, 0x00000001FFFFFFFF, 0x0000000000000000, 0xFFFFFFFE00000002}, + {0xFFFFFFFFFFFFFFFD, 0x00000002FFFFFFFF, 0x0000000000000000, 0xFFFFFFFD00000003}, + {0xFFFFFFFFFFFFFFFC, 0x00000003FFFFFFFF, 0x0000000000000000, 0xFFFFFFFC00000004}, + {0xFFFFFFFFFFFFFFFB, 0x00000004FFFFFFFF, 0x0000000000000000, 0xFFFFFFFB00000005}, + {0xFFFFFFFFFFFFFFFA, 0x00000005FFFFFFFF, 0x0000000000000000, 0xFFFFFFFA00000006}, + {0xFFFFFFFFFFFFFFF9, 0x00000006FFFFFFFF, 0x0000000000000000, 0xFFFFFFF900000007}, + {0xFFFFFFFFFFFFFFF8, 0x00000007FFFFFFFF, 0x0000000000000000, 0xFFFFFFF800000008}, + {0xFFFFFFFFFFFFFFF7, 0x00000008FFFFFFFF, 0x0000000000000000, 0xFFFFFFF700000009}, + {0xFFFFFFFFFFFFFFF6, 0x00000009FFFFFFFF, 0x0000000000000000, 0xFFFFFFF60000000A}, + {0xFFFFFFFFFFFFFFF5, 0x0000000AFFFFFFFF, 0x0000000000000000, 0xFFFFFFF50000000B}, +#else + {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}, + {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE}, + {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD}, + {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC}, + {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB}, + {0xFFFFFFFA, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000005, 0x00000000, 0x00000000, 0x00000006, 0xFFFFFFFA}, + {0xFFFFFFF9, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000006, 0x00000000, 0x00000000, 0x00000007, 0xFFFFFFF9}, + {0xFFFFFFF8, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000007, 0x00000000, 0x00000000, 0x00000008, 0xFFFFFFF8}, + {0xFFFFFFF7, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000008, 0x00000000, 0x00000000, 0x00000009, 0xFFFFFFF7}, + {0xFFFFFFF6, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000009, 0x00000000, 0x00000000, 0x0000000A, 0xFFFFFFF6}, + {0xFFFFFFF5, 0xFFFFFFFF, 0xFFFFFFFF, 0x0000000A, 0x00000000, 0x00000000, 0x0000000B, 0xFFFFFFF5}, +#endif }; - x -= P256_mults[S]; + word borrow = bigint_sub2(x.mutable_data(), x.size(), p256_mults[S], p256_limbs); - while(x.is_negative()) + BOTAN_ASSERT(borrow == 0 || borrow == 1, "Expected borrow during P-256 reduction"); + + if(borrow) { - x += prime_p256(); + bigint_add2(x.mutable_data(), x.size() - 1, p256_mults[0], p256_limbs); } -#else - x.reduce_below(prime_p256(), ws); - #endif } const BigInt& prime_p384() @@ -382,6 +400,10 @@ const BigInt& prime_p384() void redc_p384(BigInt& x, secure_vector& ws) { + BOTAN_UNUSED(ws); + + static const size_t p384_limbs = (BOTAN_MP_WORD_BITS == 32) ? 12 : 6; + const uint32_t X12 = get_uint32_t(x, 12); const uint32_t X13 = get_uint32_t(x, 13); const uint32_t X14 = get_uint32_t(x, 14); @@ -396,6 +418,7 @@ void redc_p384(BigInt& x, secure_vector& ws) const uint32_t X23 = get_uint32_t(x, 23); x.mask_bits(384); + x.shrink_to_fit(p384_limbs + 1); int64_t S = 0; @@ -523,10 +546,42 @@ void redc_p384(BigInt& x, secure_vector& ws) S -= X22; set_uint32_t(x, 11, S); S >>= 32; - BOTAN_ASSERT_EQUAL(S >> 32, 0, "No underflow"); - set_uint32_t(x, 12, S); - x.reduce_below(prime_p384(), ws); + BOTAN_ASSERT(S >= 0 && S <= 4, "Expected overflow in P-384 reduction"); + + /* + This is a table of (i*P-384) % 2**384 for i in 1...4 + */ + static const word p384_mults[5][p384_limbs] = { +#if (BOTAN_MP_WORD_BITS == 64) + {0x00000000FFFFFFFF, 0xFFFFFFFF00000000, 0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, + {0x00000001FFFFFFFE, 0xFFFFFFFE00000000, 0xFFFFFFFFFFFFFFFD, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, + {0x00000002FFFFFFFD, 0xFFFFFFFD00000000, 0xFFFFFFFFFFFFFFFC, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, + {0x00000003FFFFFFFC, 0xFFFFFFFC00000000, 0xFFFFFFFFFFFFFFFB, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, + {0x00000004FFFFFFFB, 0xFFFFFFFB00000000, 0xFFFFFFFFFFFFFFFA, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, + +#else + {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, + {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, + {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, + {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, + {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, +#endif + }; + + word borrow = bigint_sub2(x.mutable_data(), x.size(), p384_mults[S], p384_limbs); + + BOTAN_ASSERT(borrow == 0 || borrow == 1, "Expected borrow during P-384 reduction"); + + if(borrow) + { + bigint_add2(x.mutable_data(), x.size() - 1, p384_mults[0], p384_limbs); + } } #endif From 539d364a5d6e52ed28684ecf2ae04e93fd3c46d8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 17:27:21 -0500 Subject: [PATCH 0723/1008] Avoid using monty workspace for reduce_below If the workspace is swapped, then it is too small for the Montgomery operation and will be reallocate on the next sqr/multiply operation. Also use ws[9] consistently for the Montgomery workspace, otherwise if add needs to pass off the mult2, the workspaces are not the expected size and again a reallocation occurs. --- src/lib/pubkey/ec_group/point_gfp.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 12a26f50c2..20b4e01798 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -93,9 +93,9 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) BigInt& H = ws_bn[6]; BigInt& r = ws_bn[7]; - BigInt& tmp = ws_bn[9]; + BigInt& tmp = ws_bn[8]; - secure_vector& monty_ws = ws_bn[8].get_word_vector(); + secure_vector& monty_ws = ws_bn[9].get_word_vector(); /* https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 @@ -204,7 +204,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(S, m_coord_x, y_2, monty_ws); S <<= 2; // * 4 - S.reduce_below(p, monty_ws); + S.reduce_below(p, tmp.get_word_vector()); m_curve.sqr(a_z4, m_coord_z, monty_ws); // z^2 m_curve.sqr(tmp, a_z4, monty_ws); // z^4 @@ -213,7 +213,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.sqr(M, m_coord_x, monty_ws); M *= 3; M += a_z4; - M.reduce_below(p, monty_ws); + M.reduce_below(p, tmp.get_word_vector()); m_curve.sqr(x, M, monty_ws); x -= S; @@ -223,7 +223,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.sqr(U, y_2, monty_ws); U <<= 3; - U.reduce_below(p, monty_ws); + U.reduce_below(p, tmp.get_word_vector()); S -= x; while(S.is_negative()) @@ -236,7 +236,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(z, m_coord_y, m_coord_z, monty_ws); z <<= 1; - z.reduce_below(p, monty_ws); + z.reduce_below(p, tmp.get_word_vector()); m_coord_x = x; m_coord_y = y; From 5fcc1c70d7ae2b2bac8598629e576a7a484b770a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Feb 2018 17:28:35 -0500 Subject: [PATCH 0724/1008] Avoid unnecessary calls to BigInt::grow_to --- src/lib/pubkey/ec_group/curve_gfp.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index 83d1c841c1..a55741fb05 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -85,7 +85,8 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, const size_t output_size = 2*m_p_words + 1; ws.resize(2*(m_p_words+2)); - z.grow_to(output_size); + if(z.size() < output_size) + z.grow_to(output_size); z.clear(); bigint_monty_mul(z, x, y, @@ -109,7 +110,8 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, ws.resize(2*(m_p_words+2)); - z.grow_to(output_size); + if(z.size() < output_size) + z.grow_to(output_size); z.clear(); bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_p_dash, @@ -164,9 +166,11 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, const size_t p_words = get_p_words(); const size_t output_size = 2*p_words + 1; + ws.resize(2*(p_words+2)); - z.grow_to(output_size); + if(z.size() < output_size) + z.grow_to(output_size); z.clear(); bigint_mul(z, x, y, ws.data(), ws.size()); @@ -188,7 +192,8 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, ws.resize(2*(p_words+2)); - z.grow_to(output_size); + if(z.size() < output_size) + z.grow_to(output_size); z.clear(); bigint_sqr(z.mutable_data(), output_size, From 10713717707abdcf0452d2711b77dab5f5cdc1cb Mon Sep 17 00:00:00 2001 From: Sergii Cherkavskyi Date: Tue, 27 Feb 2018 10:08:09 +0100 Subject: [PATCH 0725/1008] Added pkcs11 test results --- doc/manual/pkcs11.rst | 155 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) diff --git a/doc/manual/pkcs11.rst b/doc/manual/pkcs11.rst index 8e78b87974..5fb8a82885 100644 --- a/doc/manual/pkcs11.rst +++ b/doc/manual/pkcs11.rst @@ -1242,3 +1242,158 @@ also possible to execute only a subset with the following arguments: - pkcs11-session - pkcs11-slot - pkcs11-x509 + +The following PIN and SO-PIN/PUK values are used in tests: + +- PIN 123456 +- SO-PIN/PUK 12345678 + +!!! Warning !!! + +Unlike the CardOS (4.4, 5.0, 5.3), the aforementioned SO-PIN/PUK is inappropriate for Gemalto (IDPrime MD 3840) cards, +as it must be a byte array of length 24. For this reason some of the tests for Gemalto card involving SO-PIN will fail. +You run into a risk of exceding login attempts and as a result locking your card! +Currently, specifying pin via command-line option is not implemented, and therefore the desired PIN must +be modified in the header src/tests/test_pkcs11.h: + + +Code example: + + .. code-block:: cpp + + // SO PIN is expected to be set to "12345678" prior to running the tests + const std::string SO_PIN = "12345678"; + const auto SO_PIN_SECVEC = Botan::PKCS11::secure_string(SO_PIN.begin(), SO_PIN.end()); + + +Tested/Supported Smartcards +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +You are very welcome to contribute your own test results for other testing environments or other cards. + + +Test results + ++-------------------------------------+-------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+ +| Smartcard | Status | OS | Midleware | Botan | Errors | ++=====================================+===========================================+===================================================+===================================================+===================================================+===================================================+ +| CardOS 4.4 | mostly works | Windows 10, 64-bit, version 1709 | API Version 5.4.9.77 (Cryptoki v2.11) | 2.4.0, Cryptoki v2.40 | [50]_ | ++-------------------------------------+-------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+ +| CardOS 5.0 | mostly works | Windows 10, 64-bit, version 1709 | API Version 5.4.9.77 (Cryptoki v2.11) | 2.4.0, Cryptoki v2.40 | [51]_ | ++-------------------------------------+-------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+ +| CardOS 5.3 | mostly works | Windows 10, 64-bit, version 1709 | API Version 5.4.9.77 (Cryptoki v2.11) | 2.4.0, Cryptoki v2.40 | [52]_ | ++-------------------------------------+-------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+ +| Gemalto IDPrime MD 3840 | mostly works | Windows 10, 64-bit, version 1709 | IDGo 800, v1.2.4 (Cryptoki v2.20) | 2.4.0, Cryptoki v2.40 | [53]_ | ++-------------------------------------+-------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+ +| SoftHSM 2.3.0 (OpenSSL 1.0.2g) | works | Windows 10, 64-bit, version 1709 | Cryptoki v2.40 | 2.4.0, Cryptoki v2.40 | | ++-------------------------------------+-------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+---------------------------------------------------+ + +.. [50] Failing operations for CardOS 4.4: + + - object_copy [20]_ + + - rsa_privkey_export [21]_ + - rsa_generate_private_key [22]_ + - rsa_sign_verify [23]_ + + - ecdh_privkey_import [3]_ + - ecdh_privkey_export [2]_ + - ecdh_pubkey_import [4]_ + - ecdh_pubkey_export [4]_ + - ecdh_generate_private_key [3]_ + - ecdh_generate_keypair [3]_ + - ecdh_derive [3]_ + + - ecdsa_privkey_import [3]_ + - ecdsa_privkey_export [2]_ + - ecdsa_pubkey_import [4]_ + - ecdsa_pubkey_export [4]_ + - ecdsa_generate_private_key [3]_ + - ecdsa_generate_keypair [3]_ + - ecdsa_sign_verify [3]_ + + - rng_add_entropy [5]_ + + +.. [51] Failing operations for CardOS 5.0 + + - object_copy [20]_ + + - rsa_privkey_export [21]_ + - rsa_generate_private_key [22]_ + - rsa_sign_verify [23]_ + + - ecdh_privkey_export [2]_ + - ecdh_pubkey_import [4]_ + - ecdh_generate_private_key [32]_ + - ecdh_generate_keypair [3]_ + - ecdh_derive [33]_ + + - ecdsa_privkey_export [2]_ + - ecdsa_generate_private_key [30]_ + - ecdsa_generate_keypair [30]_ + - ecdsa_sign_verify [30]_ + + - rng_add_entropy [5]_ + +.. [52] Failing operations for CardOS 5.3 + + - object_copy [20]_ + + - rsa_privkey_export [21]_ + - rsa_generate_private_key [22]_ + - rsa_sign_verify [23]_ + + - ecdh_privkey_export [2]_ + - ecdh_pubkey_import [6]_ + - ecdh_pubkey_export [6]_ + - ecdh_generate_private_key [30]_ + - ecdh_generate_keypair [31]_ + - ecdh_derive [30]_ + + - ecdsa_privkey_export [2]_ + - ecdsa_pubkey_import [6]_ + - ecdsa_pubkey_export [6]_ + - ecdsa_generate_private_key [31]_ + - ecdsa_generate_keypair [31]_ + - ecdsa_sign_verify [34]_ + + - rng_add_entropy [5]_ + +.. [53] Failing operations for Gemalto IDPrime MD 3840 + + - session_login_logout [2]_ + - session_info [2]_ + - set_pin [2]_ + - initialize [2]_ + - change_so_pin [2]_ + + - object_copy [20]_ + + - rsa_generate_private_key [7]_ + - rsa_encrypt_decrypt [8]_ + - rsa_sign_verify [2]_ + + - rng_add_entropy [5]_ + +Error descriptions + +.. [1] CKR_TEMPLATE_INCOMPLETE (0xD0=208) +.. [2] CKR_ARGUMENTS_BAD (0x7=7) +.. [3] CKR_MECHANISM_INVALID (0x70=112) +.. [4] CKR_FUNCTION_NOT_SUPPORTED (0x54=84) +.. [5] CKR_RANDOM_SEED_NOT_SUPPORTED (0x120=288) +.. [6] CKM_X9_42_DH_KEY_PAIR_GEN | CKR_DEVICE_ERROR (0x30=48) +.. [7] CKR_TEMPLATE_INCONSISTENT (0xD1=209) +.. [8] CKR_ENCRYPTED_DATA_INVALID | CKM_SHA256_RSA_PKCS (0x40=64) + +.. [20] Test fails due to unsupported copy function (CKR_FUNCTION_NOT_SUPPORTED) +.. [21] Generating private key for extraction with property extractable fails (CKR_ARGUMENTS_BAD) +.. [22] Generate rsa private key operation fails (CKR_TEMPLATE_INCOMPLETE) +.. [23] Raw RSA sign-verify fails (CKR_MECHANISM_INVALID) + +.. [30] Invalid argument Decoding error: BER: Value truncated +.. [31] Invalid argument Decoding error: BER: Length field is to large +.. [32] Invalid argument OS2ECP: Unknown format type 155 +.. [33] Invalid argument OS2ECP: Unknown format type 92 +.. [34] Invalid argument OS2ECP: Unknown format type 57 From 74ca458b14d265b68ad25cf918aa216b3fa51103 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Feb 2018 09:28:13 -0500 Subject: [PATCH 0726/1008] Fix overflow in monty_redc OSS-Fuzz caught a bug introduced in 5fcc1c70d7a. bigint_monty_redc assumes z is 2*p_words+2 words long. Previously the implicit rounding up in grow_to ensured a resize would result in a sufficiently large value. OSS-Fuzz 6581 6588 6593 --- src/lib/pubkey/ec_group/curve_gfp.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index a55741fb05..1bca04d078 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -82,7 +82,7 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, return; } - const size_t output_size = 2*m_p_words + 1; + const size_t output_size = 2*m_p_words + 2; ws.resize(2*(m_p_words+2)); if(z.size() < output_size) @@ -106,7 +106,7 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, const size_t x_sw = x.sig_words(); BOTAN_ASSERT(x_sw <= m_p_words, "Input in range"); - const size_t output_size = 2*m_p_words + 1; + const size_t output_size = 2*m_p_words + 2; ws.resize(2*(m_p_words+2)); @@ -165,7 +165,7 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, } const size_t p_words = get_p_words(); - const size_t output_size = 2*p_words + 1; + const size_t output_size = 2*p_words + 2; ws.resize(2*(p_words+2)); @@ -188,7 +188,7 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, } const size_t p_words = get_p_words(); - const size_t output_size = 2*p_words + 1; + const size_t output_size = 2*p_words + 2; ws.resize(2*(p_words+2)); From 45edefdf92ced2fdbf16bd9ecfea8de24732dc52 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Feb 2018 09:49:24 -0500 Subject: [PATCH 0727/1008] Format warning in a ReST warning block [ci skip] --- doc/manual/pkcs11.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/manual/pkcs11.rst b/doc/manual/pkcs11.rst index cef8c6484c..e7b5bea26f 100644 --- a/doc/manual/pkcs11.rst +++ b/doc/manual/pkcs11.rst @@ -18,11 +18,12 @@ or HSM specific code for each device they want to support. The Botan PKCS#11 interface is implemented against version v2.40 of the standard. -Botan wraps the C PKCS#11 API to provide a C++ PKCS#11 interface. This is done in two -levels of abstraction: a low level API (see :ref:`pkcs11_low_level`) and a high level API (see :ref:`pkcs11_high_level`). The low level API provides -access to all functions that are specified by the standard. The high level API represents -an object oriented approach to use PKCS#11 compatible devices but only provides a subset -of the functions described in the standard. +Botan wraps the C PKCS#11 API to provide a C++ PKCS#11 interface. This is done +in two levels of abstraction: a low level API (see :ref:`pkcs11_low_level`) and +a high level API (see :ref:`pkcs11_high_level`). The low level API provides +access to all functions that are specified by the standard. The high level API +represents an object oriented approach to use PKCS#11 compatible devices but +only provides a subset of the functions described in the standard. To use the PKCS#11 implementation the ``pkcs11`` module has to be enabled. @@ -1248,16 +1249,15 @@ The following PIN and SO-PIN/PUK values are used in tests: - PIN 123456 - SO-PIN/PUK 12345678 -!!! Warning !!! + .. warning:: -Unlike the CardOS (4.4, 5.0, 5.3), the aforementioned SO-PIN/PUK is inappropriate for Gemalto (IDPrime MD 3840) cards, -as it must be a byte array of length 24. For this reason some of the tests for Gemalto card involving SO-PIN will fail. -You run into a risk of exceding login attempts and as a result locking your card! -Currently, specifying pin via command-line option is not implemented, and therefore the desired PIN must -be modified in the header src/tests/test_pkcs11.h: - - -Code example: + Unlike the CardOS (4.4, 5.0, 5.3), the aforementioned SO-PIN/PUK is + inappropriate for Gemalto (IDPrime MD 3840) cards, as it must be a byte array + of length 24. For this reason some of the tests for Gemalto card involving + SO-PIN will fail. You run into a risk of exceding login attempts and as a + result locking your card! Currently, specifying pin via command-line option + is not implemented, and therefore the desired PIN must be modified in the + header src/tests/test_pkcs11.h: .. code-block:: cpp From 804863233afb9c9804b2570b4ae3777399774275 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Wed, 28 Feb 2018 12:47:53 +0100 Subject: [PATCH 0728/1008] Minor code styling updates in cli_tests.py --- src/scripts/cli_tests.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/scripts/cli_tests.py b/src/scripts/cli_tests.py index 5af8cc07b1..185ff38809 100755 --- a/src/scripts/cli_tests.py +++ b/src/scripts/cli_tests.py @@ -22,7 +22,7 @@ 'AES-256/GCM', 'AES-128/OCB', 'AES-128/XTS', - 'AES-256/XTS' + 'AES-256/XTS', ] def append_ordered(base, additional_elements): @@ -65,7 +65,8 @@ def do_test_expected(self): mode = "aes-128-xts" elif algorithm == "AES-256/XTS": mode = "aes-256-xts" - else: raise Exception("Unknown algorithm: '" + algorithm + "'") + else: + raise Exception("Unknown algorithm: '" + algorithm + "'") cmd = [ cli_binary, From dc5782313299b2ead236cf2a333a2e0562073ca0 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Wed, 28 Feb 2018 12:48:18 +0100 Subject: [PATCH 0729/1008] Implement chacha20poly1305 in botan CLI --- src/cli/encryption.cpp | 1 + src/scripts/cli_tests.py | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index 533b3d9fbf..c17b00dbb4 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -28,6 +28,7 @@ auto VALID_MODES = std::map{ { "aes-128-ocb", "AES-128/OCB" }, { "aes-128-xts", "AES-128/XTS" }, { "aes-256-xts", "AES-256/XTS" }, + { "chacha20poly1305", "ChaCha20Poly1305" }, }; Botan::secure_vector diff --git a/src/scripts/cli_tests.py b/src/scripts/cli_tests.py index 185ff38809..48c9b1cf4a 100755 --- a/src/scripts/cli_tests.py +++ b/src/scripts/cli_tests.py @@ -23,6 +23,7 @@ 'AES-128/OCB', 'AES-128/XTS', 'AES-256/XTS', + 'ChaCha20Poly1305', ] def append_ordered(base, additional_elements): @@ -65,6 +66,9 @@ def do_test_expected(self): mode = "aes-128-xts" elif algorithm == "AES-256/XTS": mode = "aes-256-xts" + # ChaCha20Poly1305 + elif algorithm == "ChaCha20Poly1305": + mode = "chacha20poly1305" else: raise Exception("Unknown algorithm: '" + algorithm + "'") @@ -133,6 +137,7 @@ def get_testdata(document): vecfile_gcm = vecparser.VecDocument(os.path.join('src', 'tests', 'data', 'aead', 'gcm.vec')) vecfile_ocb = vecparser.VecDocument(os.path.join('src', 'tests', 'data', 'aead', 'ocb.vec')) vecfile_xts = vecparser.VecDocument(os.path.join('src', 'tests', 'data', 'modes', 'xts.vec')) + vecfile_chacha20poly1305 = vecparser.VecDocument(os.path.join('src', 'tests', 'data', 'aead', 'chacha20poly1305.vec')) #data = vecfile.get_data() #for algo in data: # print(algo) @@ -146,6 +151,7 @@ def get_testdata(document): append_ordered(testdata, get_testdata(vecfile_gcm.get_data())) append_ordered(testdata, get_testdata(vecfile_ocb.get_data())) append_ordered(testdata, get_testdata(vecfile_xts.get_data())) + append_ordered(testdata, get_testdata(vecfile_chacha20poly1305.get_data())) #for testname in testdata: # print(testname) From e904fb46c1337787780e12358a496017f9ceedcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Wed, 28 Feb 2018 14:52:01 +0100 Subject: [PATCH 0730/1008] One comment fix and one formatting fix [ci skip] --- src/lib/entropy/getentropy/getentropy.h | 2 +- src/lib/ffi/ffi_mp.cpp | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/lib/entropy/getentropy/getentropy.h b/src/lib/entropy/getentropy/getentropy.h index 997f4c55ed..26783cf78a 100644 --- a/src/lib/entropy/getentropy/getentropy.h +++ b/src/lib/entropy/getentropy/getentropy.h @@ -13,7 +13,7 @@ namespace Botan { /** -* Entropy source using the getentropy(2) sustem call first introduced in +* Entropy source using the getentropy(2) system call first introduced in * OpenBSD 5.6 and added to Solaris 11.3. */ class Getentropy final : public Entropy_Source diff --git a/src/lib/ffi/ffi_mp.cpp b/src/lib/ffi/ffi_mp.cpp index fc81310eac..cbd784d7a8 100644 --- a/src/lib/ffi/ffi_mp.cpp +++ b/src/lib/ffi/ffi_mp.cpp @@ -129,9 +129,10 @@ int botan_mp_to_bin(const botan_mp_t mp, uint8_t vec[]) int botan_mp_to_uint32(const botan_mp_t mp, uint32_t* val) { - if(val == nullptr) { - return BOTAN_FFI_ERROR_NULL_POINTER; - } + if(val == nullptr) + { + return BOTAN_FFI_ERROR_NULL_POINTER; + } return BOTAN_FFI_DO(Botan::BigInt, mp, bn, { *val = bn.to_u32bit(); }); } From b7da4348ef4e8abf68032a18f4e2cc2e3ae95a86 Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Wed, 28 Feb 2018 16:08:13 +0100 Subject: [PATCH 0731/1008] Fix Path_Validation_Result::no_warnings --- src/lib/x509/x509path.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 168acf144a..842e97fd07 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -1019,7 +1019,10 @@ bool Path_Validation_Result::successful_validation() const bool Path_Validation_Result::no_warnings() const { - return m_warnings.empty(); + for(auto status_set_i : m_warnings) + if(!status_set_i.empty()) + return false; + return true; } CertificatePathStatusCodes Path_Validation_Result::warnings() const From 66b5db4762b62be0ec0702bcdb37fb4e5466ad6e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 11:13:41 -0500 Subject: [PATCH 0732/1008] Splitout binary extended GCD algorithm Makes it easier to benchmark, or call in cases where the const time algorithm is not required. --- src/cli/speed.cpp | 4 ++-- src/lib/math/numbertheory/numthry.cpp | 13 +++++++++++++ src/lib/math/numbertheory/numthry.h | 12 +++++++++++- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 7158f6e207..1e8c3135fa 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1376,7 +1376,7 @@ class Speed final : public Command p.set_bit(521); p--; - Timer invmod_timer("inverse_mod"); + Timer invmod_timer("inverse_euclid"); Timer monty_timer("montgomery_inverse"); Timer ct_invmod_timer("ct_inverse_mod"); Timer powm_timer("exponentiation"); @@ -1389,7 +1389,7 @@ class Speed final : public Command const Botan::BigInt x_inv1 = invmod_timer.run([&] { - return Botan::inverse_mod(x + p, p); + return Botan::inverse_euclid(x + p, p); }); const Botan::BigInt x_inv2 = monty_timer.run([&] diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index e80ae43ab1..3a0914bd49 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -287,6 +287,19 @@ BigInt inverse_mod(const BigInt& n, const BigInt& mod) if(mod.is_odd()) return ct_inverse_mod_odd_modulus(n, mod); + return inverse_euclid(n, mod); + } + +BigInt inverse_euclid(const BigInt& n, const BigInt& mod) + { + if(mod.is_zero()) + throw BigInt::DivideByZero(); + if(mod.is_negative() || n.is_negative()) + throw Invalid_Argument("inverse_mod: arguments must be non-negative"); + + if(n.is_zero() || (n.is_even() && mod.is_even())) + return 0; // fast fail checks + BigInt u = mod, v = n; BigInt A = 1, B = 0, C = 0, D = 1; diff --git a/src/lib/math/numbertheory/numthry.h b/src/lib/math/numbertheory/numthry.h index b002ace914..61da93bcdb 100644 --- a/src/lib/math/numbertheory/numthry.h +++ b/src/lib/math/numbertheory/numthry.h @@ -84,7 +84,17 @@ BigInt BOTAN_PUBLIC_API(2,0) square(const BigInt& x); * Not const time */ BigInt BOTAN_PUBLIC_API(2,0) inverse_mod(const BigInt& x, - const BigInt& modulus); + const BigInt& modulus); + +/** +* Modular inversion using extended binary Euclidian algorithm +* @param x a positive integer +* @param modulus a positive integer +* @return y st (x*y) % modulus == 1 or 0 if no such value +* Not const time +*/ +BigInt BOTAN_PUBLIC_API(2,5) inverse_euclid(const BigInt& x, + const BigInt& modulus); /** * Const time modular inversion From 14e398eefd976ebaada92a951579f74a17d439c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 11:14:34 -0500 Subject: [PATCH 0733/1008] Unroll bigint_cnd_{add,sub} --- src/lib/math/mp/mp_core.cpp | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/src/lib/math/mp/mp_core.cpp b/src/lib/math/mp/mp_core.cpp index ffa5b31a82..8b7b7a8c5e 100644 --- a/src/lib/math/mp/mp_core.cpp +++ b/src/lib/math/mp/mp_core.cpp @@ -25,8 +25,8 @@ void bigint_cnd_swap(word cnd, word x[], word y[], size_t size) for(size_t i = 0; i != size; ++i) { - word a = x[i]; - word b = y[i]; + const word a = x[i]; + const word b = y[i]; x[i] = CT::select(mask, b, a); y[i] = CT::select(mask, a, b); } @@ -41,12 +41,20 @@ word bigint_cnd_add(word cnd, word x[], const word y[], size_t size) const word mask = CT::expand_mask(cnd); word carry = 0; - for(size_t i = 0; i != size; ++i) + word z[8]; + + const size_t blocks = size - (size % 8); + + for(size_t i = 0; i != blocks; i += 8) + { + carry = word8_add3(z, x + i, y + i, carry); + + for(size_t j = 0; j != 8; ++j) + x[i+j] = CT::select(mask, z[j], x[i+j]); + } + + for(size_t i = blocks; i != size; ++i) { - /* - Here we are relying on asm version of word_add being - a single addcl or equivalent. Fix this. - */ const word z = word_add(x[i], y[i], &carry); x[i] = CT::select(mask, z, x[i]); } @@ -63,7 +71,19 @@ word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size) const word mask = CT::expand_mask(cnd); word carry = 0; - for(size_t i = 0; i != size; ++i) + word z[8]; + + const size_t blocks = size - (size % 8); + + for(size_t i = 0; i != blocks; i += 8) + { + carry = word8_sub3(z, x + i, y + i, carry); + + for(size_t j = 0; j != 8; ++j) + x[i+j] = CT::select(mask, z[j], x[i+j]); + } + + for(size_t i = blocks; i != size; ++i) { const word z = word_sub(x[i], y[i], &carry); x[i] = CT::select(mask, z, x[i]); From 51fe75332f2cb8a76e1a265c51574457fb6bf8e3 Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Wed, 28 Feb 2018 17:27:27 +0100 Subject: [PATCH 0734/1008] Add Path_Validation_Result::warnings_string() method --- src/lib/x509/x509path.cpp | 14 ++++++++++++++ src/lib/x509/x509path.h | 5 +++++ src/tests/test_x509_path.cpp | 2 ++ 3 files changed, 21 insertions(+) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 842e97fd07..0914348eeb 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -1043,4 +1043,18 @@ const char* Path_Validation_Result::status_string(Certificate_Status_Code code) return "Unknown error"; } +std::string Path_Validation_Result::warnings_string() const + { + const std::string sep(", "); + std::string res; + for(size_t i = 0; i < m_warnings.size(); i++) + { + for(auto code : m_warnings[i]) + res += "[" + std::to_string(i) + "] " + status_string(code) + sep; + } + // remove last sep + if(res.size() >= sep.size()) + res = res.substr(0, res.size() - sep.size()); + return res; + } } diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 12a9248736..65497b2ccf 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -161,6 +161,11 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final */ std::string result_string() const; + /** + * @return string representation of the warnings + */ + std::string warnings_string() const; + /** * @param code validation status code * @return corresponding validation status message diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 3e45f6072b..7a9ff97bc8 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -112,6 +112,8 @@ class X509test_Path_Validation_Tests final : public Test } result.test_eq("test " + filename, path_result.result_string(), expected_result); + result.test_eq("test no warnings string", path_result.warnings_string(), ""); + result.confirm("test no warnings", path_result.no_warnings() == true); result.end_timer(); results.push_back(result); } From 3870a2a59a9940635a133fbe60ab05c9815a4d1c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 15:02:40 -0500 Subject: [PATCH 0735/1008] Fix duplicate document entries [ci skip] --- doc/manual/x509.rst | 9 --------- 1 file changed, 9 deletions(-) diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index 7bbce5e2e9..f998fc7151 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -126,11 +126,6 @@ The major certificate format in use today is X.509v3, used for instance in the of the binary contents. Normally SHA-1 or SHA-256 is used, but any hash function is allowed. - .. cpp:function:: bool matches_dns_name(const std::string& name) const - - Returns true if ``name`` matches the DNS name in the certificate. This function - accounts for wildcard certificates. - .. cpp:function:: Key_Constraints constraints() const Returns either an enumeration listing key constraints (what the @@ -139,10 +134,6 @@ The major certificate format in use today is X.509v3, used for instance in the ``DIGITAL_SIGNATURE`` and ``KEY_CERT_SIGN``. More than one value might be specified. - .. cpp:function:: bool allowed_extended_usage(const OID& usage) const - - Returns true if the OID is included in the extended usage extension. - .. cpp:function:: bool matches_dns_name(const std::string& name) const Check if the certificate's subject alternative name DNS fields From d7ee63924da94fe7e46af7012cde971ef7588732 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 13:51:54 -0500 Subject: [PATCH 0736/1008] Optimize FE1 format preserving encryption Expose the state as the FPE_FE1 class which allows most values to be precomputed. Approx 6-8 times faster. --- doc/manual/fpe.rst | 92 ++++++++++----- src/cli/speed.cpp | 7 +- src/lib/misc/fpe_fe1/fpe_fe1.cpp | 196 +++++++++++++++++-------------- src/lib/misc/fpe_fe1/fpe_fe1.h | 52 +++++++- src/tests/data/fpe_fe1.vec | 12 ++ 5 files changed, 235 insertions(+), 124 deletions(-) diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst index 283d6c1a7a..56a8399309 100644 --- a/doc/manual/fpe.rst +++ b/doc/manual/fpe.rst @@ -1,8 +1,6 @@ Format Preserving Encryption ======================================== -.. versionadded:: 1.9.17 - Format preserving encryption (FPE) refers to a set of techniques for encrypting data such that the ciphertext has the same format as the plaintext. For instance, you can use FPE to encrypt credit card @@ -18,39 +16,73 @@ Ristenpart, Phillip Rogaway, and Till Stegers. FPE is an area of ongoing standardization and it is likely that other schemes will be included in the future. -To use FE1, use these functions, from ``fpe_fe1.h``: +To encrypt an arbitrary value using FE1, you need to use a ranking +method. Basically, the idea is to assign an integer to every value you +might encrypt. For instance, a 16 digit credit card number consists of +a 15 digit code plus a 1 digit checksum. So to encrypt a credit card +number, you first remove the checksum, encrypt the 15 digit value +modulo 10\ :sup:`15`, and then calculate what the checksum is for the +new (ciphertext) number. + +The interfaces for FE1 are defined in the header ``fpe_fe1.h``: + +.. versionadded:: 2.5.0 + +.. cpp:class:: FPE_FE1 + + .. cpp:function:: FPE_FE1(const BigInt& n, size_t rounds = 3, std::string mac_algo = "HMAC(SHA-256)") + + Initialize an FPE operation to encrypt/decrypt integers less than *n*. It + is expected that *n* is trially factorable into small integers. + + The default rounds and mac algorithm match the original FPE implementation + first available in version 1.9.17. + + .. cpp:function:: BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const + + Encrypts the value *x* modulo the value *n* using the *key* and *tweak* + specified. Returns an integer less than *n*. The *tweak* is a value that + does not need to be secret that parameterizes the encryption function. For + instance, if you were encrypting a database column with a single key, you + could use a per-row-unique integer index value as the tweak. The same + tweak value must be used during decryption. + + .. cpp:function:: BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const + + Decrypts an FE1 ciphertext. The *tweak* must be the same as that provided + to the encryption function. Returns the plaintext integer. + + Note that there is not any implicit authentication or checking of data in + FE1, so if you provide an incorrect key or tweak the result is simply a + random integer. + + .. cpp:function:: BigInt encrypt(const BigInt& x, uint64_t tweak) + + Convenience version of encrypt taking an integer tweak. + + .. cpp:function:: BigInt decrypt(const BigInt& x, uint64_t tweak) + + Convenience version of decrypt taking an integer tweak. + +There are two functions that handle the entire FE1 encrypt/decrypt operation. +These are the original interface to FE1, first added in 1.9.17. However because +they do the entire setup cost for each operation, they are significantly slower +than the class-based API presented above. .. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \ - const SymmetricKey& key, const std::vector& tweak) - - Encrypts the value *X* modulo the value *n* using the *key* and - *tweak* specified. Returns an integer less than *n*. The *tweak* is - a value that does not need to be secret that parameterizes the - encryption function. For instance, if you were encrypting a - database column with a single key, you could use a per-row-unique - integer index value as the tweak. - - To encrypt an arbitrary value using FE1, you need to use a ranking - method. Basically, the idea is to assign an integer to every value - you might encrypt. For instance, a 16 digit credit card number - consists of a 15 digit code plus a 1 digit checksum. So to encrypt - a credit card number, you first remove the checksum, encrypt the 15 - digit value modulo 10\ :sup:`15`, and then calculate what the - checksum is for the new (ciphertext) number. + const SymmetricKey& key, const std::vector& tweak) -.. cpp:function:: BigInt FPE::fe1_decrypt(const BigInt& n, const BigInt& X, \ - const SymmetricKey& key, const std::vector& tweak) + This creates an FPE_FE1 object, sets the key, and encrypts *X* using + the provided tweak. - Decrypts an FE1 ciphertext produced by :cpp:func:`fe1_encrypt`; the - *n*, *key* and *tweak* should be the same as that provided to the - encryption function. Returns the plaintext. +.. cpp:function:: BigInt FPE::fe1_decrypt(const BigInt& n, const BigInt& X, \ + const SymmetricKey& key, const std::vector& tweak) - Note that there is not any implicit authentication or checking of - data, so if you provide an incorrect key or tweak the result is - simply a random integer. + This creates an FPE_FE1 object, sets the key, and decrypts *X* using + the provided tweak. -This example encrypts a credit card number with a valid -`Luhn checksum `_ to -another number with the same format, including a correct checksum. +This example encrypts a credit card number with a valid `Luhn checksum +`_ to another number with the same +format, including a correct checksum. .. literalinclude:: ../../src/cli/cc_enc.cpp diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 1e8c3135fa..b29c8b9e94 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1290,17 +1290,20 @@ class Speed final : public Command Botan::BigInt x = 1; + Botan::FPE_FE1 fpe_fe1(n, 3, "HMAC(SHA-256)"); + fpe_fe1.set_key(key); + while(enc_timer.under(runtime)) { enc_timer.start(); - x = Botan::FPE::fe1_encrypt(n, x, key, tweak); + x = fpe_fe1.encrypt(x, tweak.data(), tweak.size()); enc_timer.stop(); } for(size_t i = 0; i != enc_timer.events(); ++i) { dec_timer.start(); - x = Botan::FPE::fe1_decrypt(n, x, key, tweak); + x = fpe_fe1.decrypt(x, tweak.data(), tweak.size()); dec_timer.stop(); } diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.cpp b/src/lib/misc/fpe_fe1/fpe_fe1.cpp index 04503125c4..7166e480f0 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.cpp +++ b/src/lib/misc/fpe_fe1/fpe_fe1.cpp @@ -1,18 +1,17 @@ /* * Format Preserving Encryption (FE1 scheme) -* (C) 2009 Jack Lloyd +* (C) 2009,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include +#include #include namespace Botan { -namespace FPE { - namespace { // Normally FPE is for SSNs, CC#s, etc, nothing too big @@ -58,129 +57,154 @@ void factor(BigInt n, BigInt& a, BigInt& b) throw Exception("Could not factor n for use in FPE"); } -/* -* According to a paper by Rogaway, Bellare, etc, the min safe number -* of rounds to use for FPE is 2+log_a(b). If a >= b then log_a(b) <= 1 -* so 3 rounds is safe. The FPE factorization routine should always -* return a >= b, so just confirm that and return 3. -*/ -size_t rounds(const BigInt& a, const BigInt& b) +} + +FPE_FE1::FPE_FE1(const BigInt& n, size_t rounds, const std::string& mac_algo) : + m_rounds(rounds) { - if(a < b) + m_mac = MessageAuthenticationCode::create_or_throw(mac_algo); + + m_n_bytes = BigInt::encode(n); + + if(m_n_bytes.size() > MAX_N_BYTES) + throw Exception("N is too large for FPE encryption"); + + factor(n, m_a, m_b); + + mod_a = Modular_Reducer(m_a); + + /* + * According to a paper by Rogaway, Bellare, etc, the min safe number + * of rounds to use for FPE is 2+log_a(b). If a >= b then log_a(b) <= 1 + * so 3 rounds is safe. The FPE factorization routine should always + * return a >= b, so just confirm that and return 3. + */ + if(m_a < m_b) throw Internal_Error("FPE rounds: a < b"); - return 3; + + if(m_rounds < 3) + throw Invalid_Argument("FPE_FE1 rounds too small"); } -/* -* A simple round function based on HMAC(SHA-256) -*/ -class FPE_Encryptor final +void FPE_FE1::clear() { - public: - FPE_Encryptor(const SymmetricKey& key, - const BigInt& n, - const std::vector& tweak); - - BigInt operator()(size_t i, const BigInt& R); + m_mac->clear(); + } - private: - std::unique_ptr m_mac; - std::vector m_mac_n_t; - }; +std::string FPE_FE1::name() const + { + return "FPE_FE1(" + m_mac->name() + "," + std::to_string(m_rounds) + ")"; + } -FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, - const BigInt& n, - const std::vector& tweak) +Key_Length_Specification FPE_FE1::key_spec() const { - m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); - m_mac->set_key(key); + return m_mac->key_spec(); + } - std::vector n_bin = BigInt::encode(n); +void FPE_FE1::key_schedule(const uint8_t key[], size_t length) + { + m_mac->set_key(key, length); + } - if(n_bin.size() > MAX_N_BYTES) - throw Exception("N is too large for FPE encryption"); +BigInt FPE_FE1::F(const BigInt& R, size_t round, + const secure_vector& tweak_mac, + secure_vector& tmp) const + { + tmp = BigInt::encode_locked(R); - m_mac->update_be(static_cast(n_bin.size())); - m_mac->update(n_bin.data(), n_bin.size()); + m_mac->update(tweak_mac); + m_mac->update_be(static_cast(round)); - m_mac->update_be(static_cast(tweak.size())); - m_mac->update(tweak.data(), tweak.size()); + m_mac->update_be(static_cast(tmp.size())); + m_mac->update(tmp.data(), tmp.size()); - m_mac_n_t = unlock(m_mac->final()); + tmp = m_mac->final(); + return BigInt(tmp.data(), tmp.size()); } -BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) +secure_vector FPE_FE1::compute_tweak_mac(const uint8_t tweak[], size_t tweak_len) const { - secure_vector r_bin = BigInt::encode_locked(R); - - m_mac->update(m_mac_n_t); - m_mac->update_be(static_cast(round_no)); + m_mac->update_be(static_cast(m_n_bytes.size())); + m_mac->update(m_n_bytes.data(), m_n_bytes.size()); - m_mac->update_be(static_cast(r_bin.size())); - m_mac->update(r_bin.data(), r_bin.size()); + m_mac->update_be(static_cast(tweak_len)); + m_mac->update(tweak, tweak_len); - secure_vector X = m_mac->final(); - return BigInt(X.data(), X.size()); + return m_mac->final(); } -} - -/* -* Generic Z_n FPE encryption, FE1 scheme -*/ -BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, - const SymmetricKey& key, - const std::vector& tweak) +BigInt FPE_FE1::encrypt(const BigInt& input, const uint8_t tweak[], size_t tweak_len) const { - FPE_Encryptor F(key, n, tweak); - - BigInt a, b; - factor(n, a, b); + const secure_vector tweak_mac = compute_tweak_mac(tweak, tweak_len); - const size_t r = rounds(a, b); + BigInt X = input; - BigInt X = X0; + secure_vector tmp; - for(size_t i = 0; i != r; ++i) + BigInt L, R, Fi; + for(size_t i = 0; i != m_rounds; ++i) { - BigInt L = X / b; - BigInt R = X % b; - - BigInt W = (L + F(i, R)) % a; - X = a * R + W; + divide(X, m_b, L, R); + Fi = F(R, i, tweak_mac, tmp); + X = m_a * R + mod_a.reduce(L + Fi); } return X; } -/* -* Generic Z_n FPE decryption, FD1 scheme -*/ -BigInt fe1_decrypt(const BigInt& n, const BigInt& X0, - const SymmetricKey& key, - const std::vector& tweak) +BigInt FPE_FE1::decrypt(const BigInt& input, const uint8_t tweak[], size_t tweak_len) const { - FPE_Encryptor F(key, n, tweak); - - BigInt a, b; - factor(n, a, b); + const secure_vector tweak_mac = compute_tweak_mac(tweak, tweak_len); - const size_t r = rounds(a, b); + BigInt X = input; + secure_vector tmp; - BigInt X = X0; - - for(size_t i = 0; i != r; ++i) + BigInt W, R, Fi; + for(size_t i = 0; i != m_rounds; ++i) { - BigInt W = X % a; - BigInt R = X / a; + divide(X, m_a, R, W); - BigInt L = (W - F(r-i-1, R)) % a; - X = b * L + R; + Fi = F(R, m_rounds-i-1, tweak_mac, tmp); + X = m_b * mod_a.reduce(W - Fi) + R; } return X; } +BigInt FPE_FE1::encrypt(const BigInt& x, uint64_t tweak) const + { + uint8_t tweak8[8]; + store_be(tweak, tweak8); + return encrypt(x, tweak8, sizeof(tweak8)); + } + +BigInt FPE_FE1::decrypt(const BigInt& x, uint64_t tweak) const + { + uint8_t tweak8[8]; + store_be(tweak, tweak8); + return decrypt(x, tweak8, sizeof(tweak8)); + } + +namespace FPE { + +BigInt fe1_encrypt(const BigInt& n, const BigInt& X, + const SymmetricKey& key, + const std::vector& tweak) + { + FPE_FE1 fpe(n, 3, "HMAC(SHA-256)"); + fpe.set_key(key); + return fpe.encrypt(X, tweak.data(), tweak.size()); + } + +BigInt fe1_decrypt(const BigInt& n, const BigInt& X, + const SymmetricKey& key, + const std::vector& tweak) + { + FPE_FE1 fpe(n, 3, "HMAC(SHA-256)"); + fpe.set_key(key); + return fpe.decrypt(X, tweak.data(), tweak.size()); + } + } } diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h index 7f92f0601a..a38231aa63 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.h +++ b/src/lib/misc/fpe_fe1/fpe_fe1.h @@ -1,6 +1,6 @@ /* * Format Preserving Encryption (FE1 scheme) -* (C) 2009 Jack Lloyd +* (C) 2009,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -8,11 +8,51 @@ #ifndef BOTAN_FPE_FE1_H_ #define BOTAN_FPE_FE1_H_ +#include #include -#include +#include namespace Botan { +class MessageAuthenticationCode; + +class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm + { + public: + FPE_FE1(const BigInt& n, + size_t rounds = 3, + const std::string& mac_algo = "HMAC(SHA-256)"); + + Key_Length_Specification key_spec() const override; + + std::string name() const; + + void clear(); + + BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; + + BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; + + BigInt encrypt(const BigInt& x, uint64_t tweak) const; + + BigInt decrypt(const BigInt& x, uint64_t tweak) const; + private: + void key_schedule(const uint8_t key[], size_t length) override; + + BigInt F(const BigInt& R, size_t round, + const secure_vector& tweak, + secure_vector& tmp) const; + + secure_vector compute_tweak_mac(const uint8_t tweak[], size_t tweak_len) const; + + std::unique_ptr m_mac; + std::vector m_n_bytes; + BigInt m_a; + BigInt m_b; + Modular_Reducer mod_a; + size_t m_rounds; + }; + namespace FPE { /** @@ -27,8 +67,8 @@ namespace FPE { * @param tweak will modify the ciphertext (think of as an IV) */ BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X, - const SymmetricKey& key, - const std::vector& tweak); + const SymmetricKey& key, + const std::vector& tweak); /** * Decrypt X from and onto the group Z_n using key and tweak @@ -38,8 +78,8 @@ BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X, * @param tweak the same tweak used for encryption */ BigInt BOTAN_PUBLIC_API(2,0) fe1_decrypt(const BigInt& n, const BigInt& X, - const SymmetricKey& key, - const std::vector& tweak); + const SymmetricKey& key, + const std::vector& tweak); } diff --git a/src/tests/data/fpe_fe1.vec b/src/tests/data/fpe_fe1.vec index 4108a56a2d..ba67207441 100644 --- a/src/tests/data/fpe_fe1.vec +++ b/src/tests/data/fpe_fe1.vec @@ -12,3 +12,15 @@ In = 48166 Out = 69575 Key = AABB Tweak = CCDD + +Mod = 1000000000 +In = 8765309 +Out = 935673214 +Key = 00112233445566778899AABBCCDDEEFF +Tweak = 0123456789 + +Mod = 100000000000 +In = 8765309 +Out = 1082083628 +Key = 00112233445566778899AABBCCDDEEFF +Tweak = 0123456789 From 98de118c44a516df76a17775e76c17436289127a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 16:40:21 -0500 Subject: [PATCH 0737/1008] Hide FPE dependencies --- src/lib/misc/fpe_fe1/fpe_fe1.cpp | 12 +++++++++--- src/lib/misc/fpe_fe1/fpe_fe1.h | 6 ++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.cpp b/src/lib/misc/fpe_fe1/fpe_fe1.cpp index 7166e480f0..d06264413e 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.cpp +++ b/src/lib/misc/fpe_fe1/fpe_fe1.cpp @@ -8,6 +8,7 @@ #include #include #include +#include #include namespace Botan { @@ -71,7 +72,7 @@ FPE_FE1::FPE_FE1(const BigInt& n, size_t rounds, const std::string& mac_algo) : factor(n, m_a, m_b); - mod_a = Modular_Reducer(m_a); + mod_a.reset(new Modular_Reducer(m_a)); /* * According to a paper by Rogaway, Bellare, etc, the min safe number @@ -86,6 +87,11 @@ FPE_FE1::FPE_FE1(const BigInt& n, size_t rounds, const std::string& mac_algo) : throw Invalid_Argument("FPE_FE1 rounds too small"); } +FPE_FE1::~FPE_FE1() + { + // for ~unique_ptr + } + void FPE_FE1::clear() { m_mac->clear(); @@ -146,7 +152,7 @@ BigInt FPE_FE1::encrypt(const BigInt& input, const uint8_t tweak[], size_t tweak { divide(X, m_b, L, R); Fi = F(R, i, tweak_mac, tmp); - X = m_a * R + mod_a.reduce(L + Fi); + X = m_a * R + mod_a->reduce(L + Fi); } return X; @@ -165,7 +171,7 @@ BigInt FPE_FE1::decrypt(const BigInt& input, const uint8_t tweak[], size_t tweak divide(X, m_a, R, W); Fi = F(R, m_rounds-i-1, tweak_mac, tmp); - X = m_b * mod_a.reduce(W - Fi) + R; + X = m_b * mod_a->reduce(W - Fi) + R; } return X; diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h index a38231aa63..5d8ea9d372 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.h +++ b/src/lib/misc/fpe_fe1/fpe_fe1.h @@ -10,10 +10,10 @@ #include #include -#include namespace Botan { +class Modular_Reducer; class MessageAuthenticationCode; class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm @@ -23,6 +23,8 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm size_t rounds = 3, const std::string& mac_algo = "HMAC(SHA-256)"); + ~FPE_FE1(); + Key_Length_Specification key_spec() const override; std::string name() const; @@ -46,10 +48,10 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm secure_vector compute_tweak_mac(const uint8_t tweak[], size_t tweak_len) const; std::unique_ptr m_mac; + std::unique_ptr mod_a; std::vector m_n_bytes; BigInt m_a; BigInt m_b; - Modular_Reducer mod_a; size_t m_rounds; }; From c95b3967bf4213a36a0cceef5d578146b0afa9c7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 17:33:57 -0500 Subject: [PATCH 0738/1008] Optimize P-521 reduction ECDSA/ECDH both about 25% faster --- src/lib/math/numbertheory/nistp_redc.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp index a2420e975a..9d2e430d00 100644 --- a/src/lib/math/numbertheory/nistp_redc.cpp +++ b/src/lib/math/numbertheory/nistp_redc.cpp @@ -38,10 +38,26 @@ void redc_p521(BigInt& x, secure_vector& ws) x.mask_bits(521); + // Word-level carry will be zero word carry = bigint_add3_nc(x.mutable_data(), x.data(), p_words, ws.data(), p_words); BOTAN_ASSERT_EQUAL(carry, 0, "Final final carry in P-521 reduction"); - x.reduce_below(prime_p521(), ws); + // Now find the actual carry in bit 522 + const uint8_t bit_522_set = x.word_at(p_full_words) >> (p_top_bits); + + if(bit_522_set) + { +#if (BOTAN_MP_WORD_BITS == 64) + static const word p521_words[9] = { + 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, + 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, + 0x1FF }; + + bigint_sub2(x.mutable_data(), x.size(), p521_words, 9); +#else + x -= prime_p521(); +#endif + } } #if defined(BOTAN_HAS_NIST_PRIME_REDUCERS_W32) From 2674d453be668537fcf5cc1ea634659b1aefda9b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Feb 2018 17:41:50 -0500 Subject: [PATCH 0739/1008] Avoid needless allocation in BigInt operator+= Kind of amazing what a difference that made for overall ECDSA perf --- news.rst | 4 ++-- src/lib/math/bigint/big_ops2.cpp | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/news.rst b/news.rst index 9f1ecde3fb..d6c63284b6 100644 --- a/news.rst +++ b/news.rst @@ -7,8 +7,8 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) * Several optimizations in ECC operations have improved ECDSA signature - generation and ECDH key exchange performance by 2 to 4 times as compared to - previous releases. ECDSA verification is 1.25 to 2 times faster. (GH #1457) + generation and ECDH key exchange performance by 3 to 5 times as compared to + previous releases. ECDSA verification is 2 to 3 times faster. (GH #1457) * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 97d2aadfed..233a3ed198 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -35,10 +35,8 @@ BigInt& BigInt::operator+=(const BigInt& y) if(relative_size < 0) { const size_t reg_size = std::max(x_sw, y_sw); - - secure_vector z(reg_size); - bigint_sub3(z.data(), y.data(), reg_size, data(), x_sw); - std::swap(m_reg, z); + grow_to(reg_size); + bigint_sub2_rev(mutable_data(), y.data(), y_sw); set_sign(y.sign()); } else if(relative_size == 0) From 593af9d4e3d89f6a92cb2b6f4f127be728d10782 Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Mon, 26 Feb 2018 18:46:44 +0100 Subject: [PATCH 0740/1008] OCSP softfail revocation check --- src/lib/x509/cert_status.cpp | 4 +++ src/lib/x509/cert_status.h | 2 ++ src/lib/x509/ocsp.cpp | 16 ++++++++++++ src/lib/x509/ocsp.h | 8 ++++++ src/lib/x509/x509path.cpp | 50 +++++++++++++++++++++--------------- src/tests/test_ocsp.cpp | 33 ++++++++++++++++++++++++ src/tests/test_x509_path.cpp | 37 +++++++++++++++++++++++++- 7 files changed, 129 insertions(+), 21 deletions(-) diff --git a/src/lib/x509/cert_status.cpp b/src/lib/x509/cert_status.cpp index 2c0e74d36e..79bcd1b074 100644 --- a/src/lib/x509/cert_status.cpp +++ b/src/lib/x509/cert_status.cpp @@ -26,6 +26,10 @@ const char* to_string(Certificate_Status_Code code) return "Certificate serial number is negative"; case Certificate_Status_Code::DN_TOO_LONG: return "Distinguished name too long"; + case Certificate_Status_Code::OSCP_NO_REVOCATION_URL: + return "OCSP URL not available"; + case Certificate_Status_Code::OSCP_SERVER_NOT_AVAILABLE: + return "OSCP server not available"; case Certificate_Status_Code::NO_REVOCATION_DATA: return "No revocation data"; diff --git a/src/lib/x509/cert_status.h b/src/lib/x509/cert_status.h index 76dc9252bf..1c3a5de890 100644 --- a/src/lib/x509/cert_status.h +++ b/src/lib/x509/cert_status.h @@ -29,6 +29,8 @@ enum class Certificate_Status_Code { FIRST_WARNING_STATUS = 500, CERT_SERIAL_NEGATIVE = 500, DN_TOO_LONG = 501, + OSCP_NO_REVOCATION_URL = 502, + OSCP_SERVER_NOT_AVAILABLE = 503, // Errors FIRST_ERROR_STATUS = 1000, diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 10449b019f..751f858a58 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -87,9 +87,16 @@ std::string Request::base64_encode() const return Botan::base64_encode(BER_encode()); } +Response::Response(Certificate_Status_Code status) + { + m_dummy_response_status = status; + } + Response::Response(const uint8_t response_bits[], size_t response_bits_len) : m_response_bits(response_bits, response_bits + response_bits_len) { + m_dummy_response_status = Certificate_Status_Code::OCSP_RESPONSE_INVALID; + BER_Decoder response_outer = BER_Decoder(m_response_bits).start_cons(SEQUENCE); size_t resp_status = 0; @@ -143,6 +150,9 @@ Response::Response(const uint8_t response_bits[], size_t response_bits_len) : Certificate_Status_Code Response::verify_signature(const X509_Certificate& issuer) const { + if (m_responses.empty()) + return m_dummy_response_status; + try { std::unique_ptr pub_key(issuer.subject_public_key()); @@ -172,6 +182,9 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue Certificate_Status_Code Response::check_signature(const std::vector& trusted_roots, const std::vector>& ee_cert_path) const { + if (m_responses.empty()) + return m_dummy_response_status; + std::shared_ptr signing_cert; for(size_t i = 0; i != trusted_roots.size(); ++i) @@ -253,6 +266,9 @@ Certificate_Status_Code Response::status_for(const X509_Certificate& issuer, const X509_Certificate& subject, std::chrono::system_clock::time_point ref_time) const { + if (m_responses.empty()) + return m_dummy_response_status; + for(const auto& response : m_responses) { if(response.certid().is_id_for(issuer, subject)) diff --git a/src/lib/x509/ocsp.h b/src/lib/x509/ocsp.h index 1b780d63f4..884b1c5b33 100644 --- a/src/lib/x509/ocsp.h +++ b/src/lib/x509/ocsp.h @@ -76,6 +76,12 @@ class BOTAN_PUBLIC_API(2,0) Response final */ Response() = default; + /** + * Create a fake OCSP response from a given status code. + * @param status the status code the check functions will return + */ + Response(Certificate_Status_Code status); + /** * Parses an OCSP response. * @param response_bits response bits received @@ -161,6 +167,8 @@ class BOTAN_PUBLIC_API(2,0) Response final std::vector m_certs; std::vector m_responses; + + Certificate_Status_Code m_dummy_response_status; }; #if defined(BOTAN_HAS_HTTP_UTIL) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 0914348eeb..1a0db5035f 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -371,26 +371,34 @@ PKIX::check_ocsp_online(const std::vectorocsp_responder() == "") { ocsp_response_futures.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr { - throw Exception("No OCSP responder URL set for this certificate"); + return std::make_shared(Certificate_Status_Code::OSCP_NO_REVOCATION_URL); })); - } - else - { - ocsp_response_futures.emplace_back(std::async(std::launch::async, [&]() -> std::shared_ptr { - OCSP::Request req(*issuer, BigInt::decode(subject->serial_number())); - - auto http = HTTP::POST_sync(subject->ocsp_responder(), - "application/ocsp-request", - req.BER_encode(), - /*redirects*/1, - timeout); - - http.throw_unless_ok(); - // Check the MIME type? - - return std::make_shared(http.body()); - })); - } + } + else + { + ocsp_response_futures.emplace_back(std::async(std::launch::async, [&]() -> std::shared_ptr { + OCSP::Request req(*issuer, BigInt::decode(subject->serial_number())); + + HTTP::Response http; + try + { + http = HTTP::POST_sync(subject->ocsp_responder(), + "application/ocsp-request", + req.BER_encode(), + /*redirects*/1, + timeout); + } + catch(std::exception& e) + { + // log e.what() ? + } + if (http.status_code() != 200) + return std::make_shared(Certificate_Status_Code::OSCP_SERVER_NOT_AVAILABLE); + // Check the MIME type? + + return std::make_shared(http.body()); + })); + } } std::vector> ocsp_responses; @@ -774,7 +782,9 @@ void PKIX::merge_revocation_status(CertificatePathStatusCodes& chain_status, { for(auto&& code : ocsp[i]) { - if(code == Certificate_Status_Code::OCSP_RESPONSE_GOOD) + if(code == Certificate_Status_Code::OCSP_RESPONSE_GOOD || + code == Certificate_Status_Code::OSCP_NO_REVOCATION_URL || // softfail + code == Certificate_Status_Code::OSCP_SERVER_NOT_AVAILABLE) // softfail { had_ocsp = true; } diff --git a/src/tests/test_ocsp.cpp b/src/tests/test_ocsp.cpp index dc3c6f47e2..4b344891e1 100644 --- a/src/tests/test_ocsp.cpp +++ b/src/tests/test_ocsp.cpp @@ -11,6 +11,7 @@ #include #include #include + #include #include #endif @@ -153,6 +154,37 @@ class OCSP_Tests final : public Test return result; } + Test::Result test_response_verification_softfail() + { + Test::Result result("OCSP request softfail check"); + + std::shared_ptr ee = load_test_X509_cert("x509/ocsp/randombit.pem"); + std::shared_ptr ca = load_test_X509_cert("x509/ocsp/letsencrypt.pem"); + std::shared_ptr trust_root = load_test_X509_cert("x509/ocsp/geotrust.pem"); + + const std::vector> cert_path = { ee, ca, trust_root }; + + std::shared_ptr ocsp = + std::make_shared(Botan::Certificate_Status_Code::OSCP_NO_REVOCATION_URL); + + Botan::Certificate_Store_In_Memory certstore; + certstore.add_certificate(trust_root); + + // Some arbitrary time within the validity period of the test certs + const auto valid_time = Botan::calendar_point(2016, 11, 20, 8, 30, 0).to_std_timepoint(); + const auto ocsp_status = Botan::PKIX::check_ocsp(cert_path, { ocsp }, { &certstore }, valid_time); + + if(result.test_eq("Expected size of ocsp_status", ocsp_status.size(), 1)) + { + if(result.test_eq("Expected size of ocsp_status[0]", ocsp_status[0].size(), 1)) + { + result.confirm("Status warning", ocsp_status[0].count(Botan::Certificate_Status_Code::OSCP_NO_REVOCATION_URL)); + } + } + + return result; + } + #if defined(BOTAN_HAS_ONLINE_REVOCATION_CHECKS) Test::Result test_online_request() { @@ -193,6 +225,7 @@ class OCSP_Tests final : public Test results.push_back(test_response_parsing()); results.push_back(test_response_certificate_access()); results.push_back(test_response_verification()); + results.push_back(test_response_verification_softfail()); #if defined(BOTAN_HAS_ONLINE_REVOCATION_CHECKS) if(Test::run_online_tests()) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 7a9ff97bc8..db74d62080 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -113,11 +113,46 @@ class X509test_Path_Validation_Tests final : public Test result.test_eq("test " + filename, path_result.result_string(), expected_result); result.test_eq("test no warnings string", path_result.warnings_string(), ""); - result.confirm("test no warnings", path_result.no_warnings() == true); + result.confirm("test no warnings", path_result.no_warnings()); result.end_timer(); results.push_back(result); } + // test softfail + { + Test::Result result("X509test path validation softfail"); + result.start_timer(); + + // this certificate must not have a OCSP URL + const std::string filename = "ValidAltName.pem"; + std::vector certs = + load_cert_file(Test::data_file("x509/x509test/" + filename)); + if(certs.empty()) + { + throw Test_Error("Failed to read certs from " + filename); + } + + Botan::Path_Validation_Result path_result = Botan::x509_path_validate( + certs, restrictions, trusted, + "www.tls.test", Botan::Usage_Type::TLS_SERVER_AUTH, + validation_time, + /* activate check_ocsp_online */ std::chrono::milliseconds(1000), {}); + + if(path_result.successful_validation() && path_result.trust_root() != root) + { + path_result = Botan::Path_Validation_Result(Botan::Certificate_Status_Code::CANNOT_ESTABLISH_TRUST); + } + + // certificate verification succeed even if no OCSP URL (softfail) + result.confirm("test success", path_result.successful_validation()); + result.test_eq("test " + filename, path_result.result_string(), "Verified"); + // if softfail, there is warnings + result.confirm("test warnings", !path_result.no_warnings()); + result.test_eq("test warnings string", path_result.warnings_string(), "[0] OCSP URL not available"); + result.end_timer(); + results.push_back(result); + } + return results; } From 0b15b2da77565e6219b4fd342e5ca6831472d871 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 10:13:47 -0500 Subject: [PATCH 0741/1008] Correct error in P-521 reduction Introduced in c95b3967bf421, we failed to reduce if the result was exactly 2**521 - 1 OSS-Fuzz 6635 --- src/lib/math/numbertheory/nistp_redc.cpp | 31 +++++++++++++++++++----- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp index 9d2e430d00..94a8d28721 100644 --- a/src/lib/math/numbertheory/nistp_redc.cpp +++ b/src/lib/math/numbertheory/nistp_redc.cpp @@ -40,24 +40,43 @@ void redc_p521(BigInt& x, secure_vector& ws) // Word-level carry will be zero word carry = bigint_add3_nc(x.mutable_data(), x.data(), p_words, ws.data(), p_words); - BOTAN_ASSERT_EQUAL(carry, 0, "Final final carry in P-521 reduction"); + BOTAN_ASSERT_EQUAL(carry, 0, "Final carry in P-521 reduction"); // Now find the actual carry in bit 522 const uint8_t bit_522_set = x.word_at(p_full_words) >> (p_top_bits); +#if (BOTAN_MP_WORD_BITS == 64) + static const word p521_words[9] = { + 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, + 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, + 0x1FF }; +#endif + + /* + * If bit 522 is set then we overflowed and must reduce. Otherwise, if the + * top bit is set, it is possible we have x == 2**521 - 1 so check for that. + */ if(bit_522_set) { #if (BOTAN_MP_WORD_BITS == 64) - static const word p521_words[9] = { - 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, - 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, - 0x1FF }; - bigint_sub2(x.mutable_data(), x.size(), p521_words, 9); #else x -= prime_p521(); #endif } + else if(x.word_at(p_full_words) >> (p_top_bits - 1)) + { + /* + * Otherwise we must reduce if p is exactly 2^512-1 + */ + + word possibly_521 = MP_WORD_MAX;; + for(size_t i = 0; i != p_full_words; ++i) + possibly_521 &= x.word_at(i); + + if(possibly_521 == MP_WORD_MAX) + x.reduce_below(prime_p521(), ws); + } } #if defined(BOTAN_HAS_NIST_PRIME_REDUCERS_W32) From b02b5aae2ae9f687c28af29014c12da9c37347a7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 10:30:40 -0500 Subject: [PATCH 0742/1008] Update news --- news.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/news.rst b/news.rst index d6c63284b6..a5d795b736 100644 --- a/news.rst +++ b/news.rst @@ -31,6 +31,10 @@ Version 2.5.0, Not Yet Released makes it possible to use muliple SubjectAlternativeNames of a single type in a request, which was previously not possible. (GH #1429 #1428) +* Add new optimized interface for FE1 format preserving encryption. By caching a + number of values computed in the course of the FPE calculation, it provides a + 6-7x speedup versus the old API. (GH #1469) + * Add DSA and ElGamal keygen functions to FFI (#1426) * Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402) From 45eea5c4f3d5a582940cb488d660f3cb8ce189dc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 10:30:47 -0500 Subject: [PATCH 0743/1008] Simplify modular inversion fuzzer Now binary ext gcd algorithm has an exposed API so no need to duplicate the code here. --- src/fuzzer/invert.cpp | 56 +++++-------------------------------------- 1 file changed, 6 insertions(+), 50 deletions(-) diff --git a/src/fuzzer/invert.cpp b/src/fuzzer/invert.cpp index dd91fe83f2..81923b07e3 100644 --- a/src/fuzzer/invert.cpp +++ b/src/fuzzer/invert.cpp @@ -6,67 +6,23 @@ #include "fuzzers.h" #include -namespace { - -Botan::BigInt inverse_mod_ref(const Botan::BigInt& n, const Botan::BigInt& mod) - { - if(n == 0) - return 0; - - Botan::BigInt u = mod, v = n; - Botan::BigInt B = 0, D = 1; - - while(u.is_nonzero()) - { - const size_t u_zero_bits = low_zero_bits(u); - u >>= u_zero_bits; - for(size_t i = 0; i != u_zero_bits; ++i) - { - //B.cond_sub(B.is_odd(), mod); - if(B.is_odd()) - { B -= mod; } - B >>= 1; - } - - const size_t v_zero_bits = low_zero_bits(v); - v >>= v_zero_bits; - for(size_t i = 0; i != v_zero_bits; ++i) - { - if(D.is_odd()) - { D -= mod; } - D >>= 1; - } - - if(u >= v) { u -= v; B -= D; } - else { v -= u; D -= B; } - } - - if(v != 1) - return 0; // no modular inverse - - while(D.is_negative()) D += mod; - while(D >= mod) D -= mod; - - return D; - } - -} - void fuzz(const uint8_t in[], size_t len) { if(len % 2 == 1 || len > 2*4096/8) return; - const Botan::BigInt x = Botan::BigInt::decode(in, len / 2); - Botan::BigInt mod = Botan::BigInt::decode(in + len / 2, len / 2); + const size_t part_len = len / 2; + + const Botan::BigInt x = Botan::BigInt::decode(in, part_len); + Botan::BigInt mod = Botan::BigInt::decode(in + part_len, part_len); mod.set_bit(0); if(mod < 3 || x >= mod) return; - Botan::BigInt ref = inverse_mod_ref(x, mod); - Botan::BigInt ct = Botan::ct_inverse_mod_odd_modulus(x, mod); + const Botan::BigInt ref = Botan::inverse_euclid(x, mod); + const Botan::BigInt ct = Botan::ct_inverse_mod_odd_modulus(x, mod); //Botan::BigInt mon = Botan::normalized_montgomery_inverse(x, mod); if(ref != ct) From 4361438987347d0f2507b7dcb3c4179b5e38d034 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 11:00:23 -0500 Subject: [PATCH 0744/1008] Initialize z arrays within bigint_cnd_{sub,add} MSan requires compile time information about memory writes, so the inline asm writing to z is not seen. So OSS-Fuzz thinks the value is being used uninitialized. OSS-Fuzz 6626 --- src/lib/math/mp/mp_core.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/math/mp/mp_core.cpp b/src/lib/math/mp/mp_core.cpp index 8b7b7a8c5e..a86bbf3c0f 100644 --- a/src/lib/math/mp/mp_core.cpp +++ b/src/lib/math/mp/mp_core.cpp @@ -41,9 +41,9 @@ word bigint_cnd_add(word cnd, word x[], const word y[], size_t size) const word mask = CT::expand_mask(cnd); word carry = 0; - word z[8]; const size_t blocks = size - (size % 8); + word z[8] = { 0 }; for(size_t i = 0; i != blocks; i += 8) { @@ -55,8 +55,8 @@ word bigint_cnd_add(word cnd, word x[], const word y[], size_t size) for(size_t i = blocks; i != size; ++i) { - const word z = word_add(x[i], y[i], &carry); - x[i] = CT::select(mask, z, x[i]); + z[0] = word_add(x[i], y[i], &carry); + x[i] = CT::select(mask, z[0], x[i]); } return carry & mask; @@ -71,9 +71,9 @@ word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size) const word mask = CT::expand_mask(cnd); word carry = 0; - word z[8]; const size_t blocks = size - (size % 8); + word z[8] = { 0 }; for(size_t i = 0; i != blocks; i += 8) { @@ -85,8 +85,8 @@ word bigint_cnd_sub(word cnd, word x[], const word y[], size_t size) for(size_t i = blocks; i != size; ++i) { - const word z = word_sub(x[i], y[i], &carry); - x[i] = CT::select(mask, z, x[i]); + z[0] = word_sub(x[i], y[i], &carry); + x[i] = CT::select(mask, z[0], x[i]); } return carry & mask; From 64e626f93c3510cb4b2f629c369c070b48e96f7d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 12:54:58 -0500 Subject: [PATCH 0745/1008] RSA - just bench PKCS signatures The rest don't add any additional information --- src/cli/speed.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index b29c8b9e94..ac8a8ac8cc 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1681,11 +1681,11 @@ class Speed final : public Command record_result(keygen_timer); // Using PKCS #1 padding so OpenSSL provider can play along - bench_pk_enc(*key, nm, provider, "EME-PKCS1-v1_5", msec); - bench_pk_enc(*key, nm, provider, "OAEP(SHA-1)", msec); + bench_pk_sig(*key, nm, provider, "EMSA-PKCS1-v1_5(SHA-256)", msec); - bench_pk_sig(*key, nm, provider, "EMSA-PKCS1-v1_5(SHA-1)", msec); - bench_pk_sig(*key, nm, provider, "PSSR(SHA-256)", msec); + //bench_pk_sig(*key, nm, provider, "PSSR(SHA-256)", msec); + //bench_pk_enc(*key, nm, provider, "EME-PKCS1-v1_5", msec); + //bench_pk_enc(*key, nm, provider, "OAEP(SHA-1)", msec); } } #endif From 1b285e8eb041b1f79eda5db31c9361fec1020947 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 13:04:56 -0500 Subject: [PATCH 0746/1008] Fix crash bug in check_crl_online This function almost certainly needs more help. #951 --- src/lib/x509/x509path.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 0914348eeb..2b2489a1a9 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -422,7 +422,7 @@ PKIX::check_crl_online(const std::vector { for(size_t c = 0; c != certstores.size(); ++i) { - crls[i] = certstores[i]->find_crl_for(*cert_path[i]); + crls[i] = certstores[c]->find_crl_for(*cert_path[i]); if(crls[i]) break; } From df13f16b05ea70ce24f97ddd6050ca55fdad6c4f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 13:18:58 -0500 Subject: [PATCH 0747/1008] Merge news entries [ci skip] --- news.rst | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/news.rst b/news.rst index a5d795b736..6ac3865a2b 100644 --- a/news.rst +++ b/news.rst @@ -21,7 +21,7 @@ Version 2.5.0, Not Yet Released * Add ability to create custom elliptic curves (GH #1441 #1444) -* Add support for POWER8 AES instructions (GH #1459 #1206) +* Add support for POWER8 AES instructions (GH #1459 #1393 #1206) * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values @@ -49,8 +49,6 @@ Version 2.5.0, Not Yet Released * Correct the return value of PK_Encryptor::maximum_input_size which reported a much too small value (GH #1410) -* Support detecting POWER crypto extensions using getauxval (GH #1393) - * Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392) From 8661f69ad6c0f6f01eb4e41a2ae2d1a45522de70 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 13:29:09 -0500 Subject: [PATCH 0748/1008] Bump shared lib ABI version Many ABI changes in this release. --- version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.txt b/version.txt index b0b6ab9e34..c0f34a598a 100644 --- a/version.txt +++ b/version.txt @@ -2,7 +2,7 @@ release_major = 2 release_minor = 5 release_patch = 0 -release_so_abi_rev = 4 +release_so_abi_rev = 5 # These are set by the distribution script release_vc_rev = None From 1cb5e213a60c789f47576630224acbecb7e84e92 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 13:57:51 -0500 Subject: [PATCH 0749/1008] Confirm arch wordsize is expected in configure --- configure.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.py b/configure.py index b80f65017d..87cca54ce9 100755 --- a/configure.py +++ b/configure.py @@ -1001,6 +1001,9 @@ def __init__(self, infofile): self.isa_extensions = lex.isa_extensions self.wordsize = int(lex.wordsize) + if self.wordsize not in [32, 64]: + logging.error('Unexpected wordsize %d for arch %s', self.wordsize, infofile) + alphanumeric = re.compile('^[a-z0-9]+$') for isa in self.isa_extensions: if alphanumeric.match(isa) is None: From 798f62a8ec0b7a6103b518eb439724601a3ba103 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 15:43:39 -0500 Subject: [PATCH 0750/1008] Avoid ternary op during carry handling Makes it less likely compiler will use add-with-carry op --- src/lib/math/mp/mp_asmi.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/math/mp/mp_asmi.h b/src/lib/math/mp/mp_asmi.h index 4a0a2ec034..a69d82a15e 100644 --- a/src/lib/math/mp/mp_asmi.h +++ b/src/lib/math/mp/mp_asmi.h @@ -745,7 +745,7 @@ inline void word3_muladd(word* w2, word* w1, word* w0, word x, word y) word carry = *w0; *w0 = word_madd2(x, y, &carry); *w1 += carry; - *w2 += (*w1 < carry) ? 1 : 0; + *w2 += (*w1 < carry); #endif } From 23e248260ea913227a8d224f64cd9ff592ac8b6b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 16:34:12 -0500 Subject: [PATCH 0751/1008] Inline some simple BigInt sign handling functions --- src/lib/math/bigint/bigint.cpp | 29 ----------------------------- src/lib/math/bigint/bigint.h | 20 +++++++++++++++++--- 2 files changed, 17 insertions(+), 32 deletions(-) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index ec0df8f2d5..c21ce89fc8 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -213,35 +213,6 @@ size_t BigInt::encoded_size(Base base) const throw Invalid_Argument("Unknown base for BigInt encoding"); } -/* -* Set the sign -*/ -void BigInt::set_sign(Sign s) - { - if(is_zero()) - m_signedness = Positive; - else - m_signedness = s; - } - -/* -* Reverse the value of the sign flag -*/ -void BigInt::flip_sign() - { - set_sign(reverse_sign()); - } - -/* -* Return the opposite value of the current sign -*/ -BigInt::Sign BigInt::reverse_sign() const - { - if(sign() == Positive) - return Negative; - return Positive; - } - /* * Return the negation of this number */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 6e2f8dbde3..5092187d97 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -409,18 +409,32 @@ class BOTAN_PUBLIC_API(2,0) BigInt final /** * @result the opposite sign of the represented integer value */ - Sign reverse_sign() const; + Sign reverse_sign() const + { + if(sign() == Positive) + return Negative; + return Positive; + } /** * Flip the sign of this BigInt */ - void flip_sign(); + void flip_sign() + { + set_sign(reverse_sign()); + } /** * Set sign of the integer * @param sign new Sign to set */ - void set_sign(Sign sign); + void set_sign(Sign sign) + { + if(is_zero()) + m_signedness = Positive; + else + m_signedness = sign; + } /** * @result absolute (positive) value of this From 03e3d3dac4b50a6da3cfec2971460c1182cebd9d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 16:43:00 -0500 Subject: [PATCH 0752/1008] Remove BigInt using functions from mp layer --- src/lib/math/bigint/big_ops3.cpp | 6 +++++- src/lib/math/mp/info.txt | 4 ---- src/lib/math/mp/mp_core.h | 18 ------------------ src/lib/math/mp/mp_karat.cpp | 12 ------------ src/lib/math/mp/mp_monty.cpp | 23 ----------------------- src/lib/math/numbertheory/monty.cpp | 12 +++++++++--- src/lib/math/numbertheory/mp_numth.cpp | 15 +++++++++++---- src/lib/pubkey/ec_group/curve_gfp.cpp | 25 +++++++++++++++++++------ 8 files changed, 44 insertions(+), 71 deletions(-) diff --git a/src/lib/math/bigint/big_ops3.cpp b/src/lib/math/bigint/big_ops3.cpp index 8bff790a6a..db11eeea9c 100644 --- a/src/lib/math/bigint/big_ops3.cpp +++ b/src/lib/math/bigint/big_ops3.cpp @@ -95,7 +95,11 @@ BigInt operator*(const BigInt& x, const BigInt& y) else if(x_sw && y_sw) { secure_vector workspace(z.size()); - bigint_mul(z, x, y, workspace.data(), workspace.size()); + + bigint_mul(z.mutable_data(), z.size(), + x.data(), x.size(), x_sw, + y.data(), y.size(), y_sw, + workspace.data(), workspace.size()); } if(x_sw && y_sw && x.sign() != y.sign()) diff --git a/src/lib/math/mp/info.txt b/src/lib/math/mp/info.txt index 4d748a495a..0f5b075f0c 100644 --- a/src/lib/math/mp/info.txt +++ b/src/lib/math/mp/info.txt @@ -11,7 +11,3 @@ mp_core.h mp_madd.h mp_asmi.h - - -bigint - diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index 9efcec952b..877c0cad71 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -14,8 +14,6 @@ namespace Botan { -class BigInt; - /* * The size of the word type, in bits */ @@ -135,20 +133,6 @@ void bigint_monty_redc(word z[], word workspace[], size_t ws_size); -/* -* Montgomery Multiplication -*/ -void bigint_monty_mul(BigInt& z, const BigInt& x, const BigInt& y, - const word p[], size_t p_size, word p_dash, - word workspace[], size_t ws_size); - -/* -* Montgomery Squaring -*/ -void bigint_monty_sqr(BigInt& z, const BigInt& x, - const word p[], size_t p_size, word p_dash, - word workspace[], size_t ws_size); - /** * Compare x and y */ @@ -183,8 +167,6 @@ void bigint_comba_sqr16(word out[32], const word in[16]); /* * High Level Multiplication/Squaring Interfaces */ -void bigint_mul(BigInt& z, const BigInt& x, const BigInt& y, - word workspace[], size_t ws_size); void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 4d600efabf..6e1414cfa0 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -250,18 +250,6 @@ size_t karatsuba_size(size_t z_size, size_t x_size, size_t x_sw) } -/* -* Multiplication Algorithm Dispatcher -*/ -void bigint_mul(BigInt& z, const BigInt& x, const BigInt& y, - word workspace[], size_t ws_size) - { - return bigint_mul(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), - workspace, ws_size); - } - void bigint_mul(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, const word y[], size_t y_size, size_t y_sw, diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index cc6388f4dc..b2b3b5e4ee 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -97,27 +97,4 @@ void bigint_monty_redc(word z[], BOTAN_ASSERT(borrow == 0 || borrow == 1, "Expected borrow"); } -void bigint_monty_mul(BigInt& z, const BigInt& x, const BigInt& y, - const word p[], size_t p_size, word p_dash, - word ws[], size_t ws_size) - { - bigint_mul(z, x, y, ws, ws_size); - - bigint_monty_redc(z.mutable_data(), - p, p_size, p_dash, - ws, ws_size); - } - -void bigint_monty_sqr(BigInt& z, const BigInt& x, const word p[], - size_t p_size, word p_dash, word ws[], size_t ws_size) - { - bigint_sqr(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), - ws, ws_size); - - bigint_monty_redc(z.mutable_data(), - p, p_size, p_dash, - ws, ws_size); - } - } diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp index 64646a61a0..76575a88c1 100644 --- a/src/lib/math/numbertheory/monty.cpp +++ b/src/lib/math/numbertheory/monty.cpp @@ -52,9 +52,15 @@ BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y) const const size_t output_size = 2*m_p_words + 2; std::vector ws(output_size); BigInt z(BigInt::Positive, output_size); - bigint_monty_mul(z, x, y, - m_p.data(), m_p_words, m_p_dash, - ws.data(), ws.size()); + bigint_mul(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + y.data(), y.size(), y.sig_words(), + ws.data(), ws.size()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); + secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); return z; } diff --git a/src/lib/math/numbertheory/mp_numth.cpp b/src/lib/math/numbertheory/mp_numth.cpp index c39c40520e..5ad72cd478 100644 --- a/src/lib/math/numbertheory/mp_numth.cpp +++ b/src/lib/math/numbertheory/mp_numth.cpp @@ -41,13 +41,20 @@ BigInt mul_add(const BigInt& a, const BigInt& b, const BigInt& c) if(a.sign() != b.sign()) sign = BigInt::Negative; - BigInt r(sign, std::max(a.size() + b.size(), c.sig_words()) + 1); + const size_t a_sw = a.sig_words(); + const size_t b_sw = b.sig_words(); + const size_t c_sw = c.sig_words(); + + BigInt r(sign, std::max(a_sw + b_sw, c_sw) + 1); secure_vector workspace(r.size()); - bigint_mul(r, a, b, workspace.data(), workspace.size()); + bigint_mul(r.mutable_data(), r.size(), + a.data(), a.size(), a_sw, + b.data(), b.size(), b_sw, + workspace.data(), workspace.size()); - const size_t r_size = std::max(r.sig_words(), c.sig_words()); - bigint_add2(r.mutable_data(), r_size, c.data(), c.sig_words()); + const size_t r_size = std::max(r.sig_words(), c_sw); + bigint_add2(r.mutable_data(), r_size, c.data(), c_sw); return r; } diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index 1bca04d078..caaca0a9ac 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -89,9 +89,14 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, z.grow_to(output_size); z.clear(); - bigint_monty_mul(z, x, y, - m_p.data(), m_p_words, m_p_dash, - ws.data(), ws.size()); + bigint_mul(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + y.data(), y.size(), y.sig_words(), + ws.data(), ws.size()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); } void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, @@ -114,8 +119,13 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, z.grow_to(output_size); z.clear(); - bigint_monty_sqr(z, x, m_p.data(), m_p_words, m_p_dash, - ws.data(), ws.size()); + bigint_sqr(z.mutable_data(), z.size(), + x.data(), x.size(), x_sw, + ws.data(), ws.size()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); } class CurveGFp_NIST : public CurveGFp_Repr @@ -173,7 +183,10 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, z.grow_to(output_size); z.clear(); - bigint_mul(z, x, y, ws.data(), ws.size()); + bigint_mul(z.mutable_data(), z.size(), + x.data(), x.size(), x.sig_words(), + y.data(), y.size(), y.sig_words(), + ws.data(), ws.size()); this->redc(z, ws); } From 2bea955063e1df520531339a9f7e39531f68a2ca Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 16:54:27 -0500 Subject: [PATCH 0753/1008] Remove MP_WORD_BITS constant Use the BOTAN_MP_WORD_BITS consistently --- src/lib/math/bigint/big_ops2.cpp | 8 ++++---- src/lib/math/bigint/big_ops3.cpp | 8 ++++---- src/lib/math/bigint/bigint.cpp | 12 ++++++------ src/lib/math/bigint/divide.cpp | 6 +++--- src/lib/math/mp/mp_core.cpp | 24 ++++++++++++------------ src/lib/math/mp/mp_core.h | 5 ----- src/lib/math/numbertheory/nistp_redc.cpp | 4 ++-- src/lib/math/numbertheory/reducer.cpp | 9 ++++----- 8 files changed, 35 insertions(+), 41 deletions(-) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 233a3ed198..9277834ba3 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -255,8 +255,8 @@ BigInt& BigInt::operator<<=(size_t shift) { if(shift) { - const size_t shift_words = shift / MP_WORD_BITS, - shift_bits = shift % MP_WORD_BITS, + const size_t shift_words = shift / BOTAN_MP_WORD_BITS, + shift_bits = shift % BOTAN_MP_WORD_BITS, words = sig_words(); /* @@ -282,8 +282,8 @@ BigInt& BigInt::operator>>=(size_t shift) { if(shift) { - const size_t shift_words = shift / MP_WORD_BITS, - shift_bits = shift % MP_WORD_BITS; + const size_t shift_words = shift / BOTAN_MP_WORD_BITS, + shift_bits = shift % BOTAN_MP_WORD_BITS; bigint_shr1(mutable_data(), sig_words(), shift_words, shift_bits); diff --git a/src/lib/math/bigint/big_ops3.cpp b/src/lib/math/bigint/big_ops3.cpp index db11eeea9c..ce9047b15b 100644 --- a/src/lib/math/bigint/big_ops3.cpp +++ b/src/lib/math/bigint/big_ops3.cpp @@ -169,8 +169,8 @@ BigInt operator<<(const BigInt& x, size_t shift) if(shift == 0) return x; - const size_t shift_words = shift / MP_WORD_BITS, - shift_bits = shift % MP_WORD_BITS; + const size_t shift_words = shift / BOTAN_MP_WORD_BITS, + shift_bits = shift % BOTAN_MP_WORD_BITS; const size_t x_sw = x.sig_words(); @@ -189,8 +189,8 @@ BigInt operator>>(const BigInt& x, size_t shift) if(x.bits() <= shift) return 0; - const size_t shift_words = shift / MP_WORD_BITS, - shift_bits = shift % MP_WORD_BITS, + const size_t shift_words = shift / BOTAN_MP_WORD_BITS, + shift_bits = shift % BOTAN_MP_WORD_BITS, x_sw = x.sig_words(); BigInt y(x.sign(), x_sw - shift_words); diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index c21ce89fc8..a722e0e4b5 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -30,7 +30,7 @@ BigInt::BigInt(uint64_t n) m_reg.resize(limbs_needed); for(size_t i = 0; i != limbs_needed; ++i) - m_reg[i] = ((n >> (i*MP_WORD_BITS)) & MP_WORD_MASK); + m_reg[i] = ((n >> (i*BOTAN_MP_WORD_BITS)) & MP_WORD_MASK); } /* @@ -160,8 +160,8 @@ uint32_t BigInt::to_u32bit() const */ void BigInt::set_bit(size_t n) { - const size_t which = n / MP_WORD_BITS; - const word mask = static_cast(1) << (n % MP_WORD_BITS); + const size_t which = n / BOTAN_MP_WORD_BITS; + const word mask = static_cast(1) << (n % BOTAN_MP_WORD_BITS); if(which >= size()) grow_to(which + 1); m_reg[which] |= mask; } @@ -171,8 +171,8 @@ void BigInt::set_bit(size_t n) */ void BigInt::clear_bit(size_t n) { - const size_t which = n / MP_WORD_BITS; - const word mask = static_cast(1) << (n % MP_WORD_BITS); + const size_t which = n / BOTAN_MP_WORD_BITS; + const word mask = static_cast(1) << (n % BOTAN_MP_WORD_BITS); if(which < size()) m_reg[which] &= ~mask; } @@ -193,7 +193,7 @@ size_t BigInt::bits() const return 0; const size_t full_words = words - 1; - return (full_words * MP_WORD_BITS + high_bit(word_at(full_words))); + return (full_words * BOTAN_MP_WORD_BITS + high_bit(word_at(full_words))); } /* diff --git a/src/lib/math/bigint/divide.cpp b/src/lib/math/bigint/divide.cpp index 13696d6d39..63326d6552 100644 --- a/src/lib/math/bigint/divide.cpp +++ b/src/lib/math/bigint/divide.cpp @@ -101,7 +101,7 @@ void divide(const BigInt& x, const BigInt& y_arg, BigInt& q, BigInt& r) return; } - BigInt temp = y << (MP_WORD_BITS * (n-t)); + BigInt temp = y << (BOTAN_MP_WORD_BITS * (n-t)); while(r >= temp) { r -= temp; q_words[n-t] += 1; } @@ -123,11 +123,11 @@ void divide(const BigInt& x, const BigInt& y_arg, BigInt& q, BigInt& r) q_words[j-t-1] -= 1; } - r -= (q_words[j-t-1] * y) << (MP_WORD_BITS * (j-t-1)); + r -= (q_words[j-t-1] * y) << (BOTAN_MP_WORD_BITS * (j-t-1)); if(r.is_negative()) { - r += y << (MP_WORD_BITS * (j-t-1)); + r += y << (BOTAN_MP_WORD_BITS * (j-t-1)); q_words[j-t-1] -= 1; } } diff --git a/src/lib/math/mp/mp_core.cpp b/src/lib/math/mp/mp_core.cpp index a86bbf3c0f..52ad3a4d4f 100644 --- a/src/lib/math/mp/mp_core.cpp +++ b/src/lib/math/mp/mp_core.cpp @@ -290,7 +290,7 @@ void bigint_shl1(word x[], size_t x_size, size_t word_shift, size_t bit_shift) { word temp = x[j]; x[j] = (temp << bit_shift) | carry; - carry = (temp >> (MP_WORD_BITS - bit_shift)); + carry = (temp >> (BOTAN_MP_WORD_BITS - bit_shift)); } } } @@ -322,19 +322,19 @@ void bigint_shr1(word x[], size_t x_size, size_t word_shift, size_t bit_shift) { word w = x[top-1]; x[top-1] = (w >> bit_shift) | carry; - carry = (w << (MP_WORD_BITS - bit_shift)); + carry = (w << (BOTAN_MP_WORD_BITS - bit_shift)); w = x[top-2]; x[top-2] = (w >> bit_shift) | carry; - carry = (w << (MP_WORD_BITS - bit_shift)); + carry = (w << (BOTAN_MP_WORD_BITS - bit_shift)); w = x[top-3]; x[top-3] = (w >> bit_shift) | carry; - carry = (w << (MP_WORD_BITS - bit_shift)); + carry = (w << (BOTAN_MP_WORD_BITS - bit_shift)); w = x[top-4]; x[top-4] = (w >> bit_shift) | carry; - carry = (w << (MP_WORD_BITS - bit_shift)); + carry = (w << (BOTAN_MP_WORD_BITS - bit_shift)); top -= 4; } @@ -343,7 +343,7 @@ void bigint_shr1(word x[], size_t x_size, size_t word_shift, size_t bit_shift) { word w = x[top-1]; x[top-1] = (w >> bit_shift) | carry; - carry = (w << (MP_WORD_BITS - bit_shift)); + carry = (w << (BOTAN_MP_WORD_BITS - bit_shift)); top--; } @@ -365,7 +365,7 @@ void bigint_shl2(word y[], const word x[], size_t x_size, { word w = y[j]; y[j] = (w << bit_shift) | carry; - carry = (w >> (MP_WORD_BITS - bit_shift)); + carry = (w >> (BOTAN_MP_WORD_BITS - bit_shift)); } } } @@ -387,7 +387,7 @@ void bigint_shr2(word y[], const word x[], size_t x_size, { word w = y[j-1]; y[j-1] = (w >> bit_shift) | carry; - carry = (w << (MP_WORD_BITS - bit_shift)); + carry = (w << (BOTAN_MP_WORD_BITS - bit_shift)); } } } @@ -427,17 +427,17 @@ word bigint_divop(word n1, word n0, word d) throw Invalid_Argument("bigint_divop divide by zero"); #if defined(BOTAN_HAS_MP_DWORD) - return ((static_cast(n1) << MP_WORD_BITS) | n0) / d; + return ((static_cast(n1) << BOTAN_MP_WORD_BITS) | n0) / d; #else word high = n1 % d, quotient = 0; - for(size_t i = 0; i != MP_WORD_BITS; ++i) + for(size_t i = 0; i != BOTAN_MP_WORD_BITS; ++i) { word high_top_bit = (high & MP_WORD_TOP_BIT); high <<= 1; - high |= (n0 >> (MP_WORD_BITS-1-i)) & 1; + high |= (n0 >> (BOTAN_MP_WORD_BITS-1-i)) & 1; quotient <<= 1; if(high_top_bit || high >= d) @@ -457,7 +457,7 @@ word bigint_divop(word n1, word n0, word d) word bigint_modop(word n1, word n0, word d) { #if defined(BOTAN_HAS_MP_DWORD) - return ((static_cast(n1) << MP_WORD_BITS) | n0) % d; + return ((static_cast(n1) << BOTAN_MP_WORD_BITS) | n0) % d; #else word z = bigint_divop(n1, n0, d); word dummy = 0; diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index 877c0cad71..f9495c8dee 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -14,11 +14,6 @@ namespace Botan { -/* -* The size of the word type, in bits -*/ -const size_t MP_WORD_BITS = BOTAN_MP_WORD_BITS; - /* * If cond == 0, does nothing. * If cond > 0, swaps x[0:size] with y[0:size] diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp index 94a8d28721..36135f891e 100644 --- a/src/lib/math/numbertheory/nistp_redc.cpp +++ b/src/lib/math/numbertheory/nistp_redc.cpp @@ -21,8 +21,8 @@ const BigInt& prime_p521() void redc_p521(BigInt& x, secure_vector& ws) { - const size_t p_full_words = 521 / MP_WORD_BITS; - const size_t p_top_bits = 521 % MP_WORD_BITS; + const size_t p_full_words = 521 / BOTAN_MP_WORD_BITS; + const size_t p_top_bits = 521 % BOTAN_MP_WORD_BITS; const size_t p_words = p_full_words + 1; const size_t x_sw = x.sig_words(); diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp index 1d7c2259a1..e9db7753b4 100644 --- a/src/lib/math/numbertheory/reducer.cpp +++ b/src/lib/math/numbertheory/reducer.cpp @@ -6,7 +6,6 @@ */ #include -#include namespace Botan { @@ -23,7 +22,7 @@ Modular_Reducer::Modular_Reducer(const BigInt& mod) m_modulus_2 = Botan::square(m_modulus); - m_mu = BigInt::power_of_2(2 * MP_WORD_BITS * m_mod_words) / m_modulus; + m_mu = BigInt::power_of_2(2 * BOTAN_MP_WORD_BITS * m_mod_words) / m_modulus; } /* @@ -49,16 +48,16 @@ BigInt Modular_Reducer::reduce(const BigInt& x) const BigInt t1(x.data() + m_mod_words - 1, x_sw - (m_mod_words - 1)); t1.mul(m_mu, ws); - t1 >>= (MP_WORD_BITS * (m_mod_words + 1)); + t1 >>= (BOTAN_MP_WORD_BITS * (m_mod_words + 1)); t1.mul(m_modulus, ws); - t1.mask_bits(MP_WORD_BITS * (m_mod_words + 1)); + t1.mask_bits(BOTAN_MP_WORD_BITS * (m_mod_words + 1)); t1.rev_sub(x.data(), std::min(x_sw, m_mod_words + 1), ws); if(t1.is_negative()) { - t1 += BigInt::power_of_2(MP_WORD_BITS * (m_mod_words + 1)); + t1 += BigInt::power_of_2(BOTAN_MP_WORD_BITS * (m_mod_words + 1)); } t1.reduce_below(m_modulus, ws); From a5a9ca8d296d0b31de4c03b7dff2b401e6a6ec45 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 17:04:16 -0500 Subject: [PATCH 0754/1008] Move declaration of word to types.h --- src/lib/math/bigint/bigint.h | 2 +- src/lib/math/mp/info.txt | 4 ---- src/lib/math/mp/mp_core.h | 6 +++++- src/lib/math/mp/mp_madd.h | 2 +- src/lib/math/mp/mp_types.h | 33 --------------------------------- src/lib/utils/types.h | 12 ++++++++++++ 6 files changed, 19 insertions(+), 40 deletions(-) delete mode 100644 src/lib/math/mp/mp_types.h diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 5092187d97..c397a7659b 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -9,8 +9,8 @@ #ifndef BOTAN_BIGINT_H_ #define BOTAN_BIGINT_H_ +#include #include -#include #include #include #include diff --git a/src/lib/math/mp/info.txt b/src/lib/math/mp/info.txt index 0f5b075f0c..e93ff79b00 100644 --- a/src/lib/math/mp/info.txt +++ b/src/lib/math/mp/info.txt @@ -2,10 +2,6 @@ BIGINT_MP -> 20151225 - -mp_types.h - - mp_core.h mp_madd.h diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index f9495c8dee..5142401975 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -10,10 +10,14 @@ #ifndef BOTAN_MP_CORE_OPS_H_ #define BOTAN_MP_CORE_OPS_H_ -#include +#include namespace Botan { +const word MP_WORD_MASK = ~static_cast(0); +const word MP_WORD_TOP_BIT = static_cast(1) << (8*sizeof(word) - 1); +const word MP_WORD_MAX = MP_WORD_MASK; + /* * If cond == 0, does nothing. * If cond > 0, swaps x[0:size] with y[0:size] diff --git a/src/lib/math/mp/mp_madd.h b/src/lib/math/mp/mp_madd.h index 68b9ed6445..4807fcd040 100644 --- a/src/lib/math/mp/mp_madd.h +++ b/src/lib/math/mp/mp_madd.h @@ -9,7 +9,7 @@ #ifndef BOTAN_MP_WORD_MULADD_H_ #define BOTAN_MP_WORD_MULADD_H_ -#include +#include #include namespace Botan { diff --git a/src/lib/math/mp/mp_types.h b/src/lib/math/mp/mp_types.h deleted file mode 100644 index fb52c2e9a0..0000000000 --- a/src/lib/math/mp/mp_types.h +++ /dev/null @@ -1,33 +0,0 @@ -/* -* Low Level MPI Types -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_MPI_TYPES_H_ -#define BOTAN_MPI_TYPES_H_ - -#include - -namespace Botan { - -#if (BOTAN_MP_WORD_BITS == 8) - typedef uint8_t word; -#elif (BOTAN_MP_WORD_BITS == 16) - typedef uint16_t word; -#elif (BOTAN_MP_WORD_BITS == 32) - typedef uint32_t word; -#elif (BOTAN_MP_WORD_BITS == 64) - typedef uint64_t word; -#else - #error BOTAN_MP_WORD_BITS must be 8, 16, 32, or 64 -#endif - -const word MP_WORD_MASK = ~static_cast(0); -const word MP_WORD_TOP_BIT = static_cast(1) << (8*sizeof(word) - 1); -const word MP_WORD_MAX = MP_WORD_MASK; - -} - -#endif diff --git a/src/lib/utils/types.h b/src/lib/utils/types.h index 953471fb64..10650342b6 100644 --- a/src/lib/utils/types.h +++ b/src/lib/utils/types.h @@ -97,6 +97,18 @@ using s32bit = std::int32_t; */ static const size_t DEFAULT_BUFFERSIZE = BOTAN_DEFAULT_BUFFER_SIZE; +#if (BOTAN_MP_WORD_BITS == 8) + typedef uint8_t word; +#elif (BOTAN_MP_WORD_BITS == 16) + typedef uint16_t word; +#elif (BOTAN_MP_WORD_BITS == 32) + typedef uint32_t word; +#elif (BOTAN_MP_WORD_BITS == 64) + typedef uint64_t word; +#else + #error BOTAN_MP_WORD_BITS must be 8, 16, 32, or 64 +#endif + } #endif From fb44fe4f9ac094a7f223ef337796c3c4a2ed933f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 17:11:47 -0500 Subject: [PATCH 0755/1008] Use BOTAN_DEFAULT_BUFFER_SIZE instead of DEFAULT_BUFFERSIZE --- src/lib/asn1/ber_dec.cpp | 2 +- src/lib/filters/algo_filt.cpp | 8 ++++---- src/lib/filters/fd_unix/fd_unix.cpp | 4 ++-- src/lib/filters/pipe_io.cpp | 4 ++-- src/lib/filters/pipe_rw.cpp | 4 ++-- src/lib/filters/secqueue.cpp | 2 +- src/lib/utils/types.h | 5 ----- 7 files changed, 12 insertions(+), 17 deletions(-) diff --git a/src/lib/asn1/ber_dec.cpp b/src/lib/asn1/ber_dec.cpp index ca0056937f..28443f2d8c 100644 --- a/src/lib/asn1/ber_dec.cpp +++ b/src/lib/asn1/ber_dec.cpp @@ -109,7 +109,7 @@ size_t decode_length(DataSource* ber, size_t& field_size, size_t allow_indef) */ size_t find_eoc(DataSource* ber, size_t allow_indef) { - secure_vector buffer(DEFAULT_BUFFERSIZE), data; + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE), data; while(true) { diff --git a/src/lib/filters/algo_filt.cpp b/src/lib/filters/algo_filt.cpp index 099c413d3b..721f3a4716 100644 --- a/src/lib/filters/algo_filt.cpp +++ b/src/lib/filters/algo_filt.cpp @@ -13,26 +13,26 @@ namespace Botan { #if defined(BOTAN_HAS_STREAM_CIPHER) StreamCipher_Filter::StreamCipher_Filter(StreamCipher* cipher) : - m_buffer(DEFAULT_BUFFERSIZE), + m_buffer(BOTAN_DEFAULT_BUFFER_SIZE), m_cipher(cipher) { } StreamCipher_Filter::StreamCipher_Filter(StreamCipher* cipher, const SymmetricKey& key) : - m_buffer(DEFAULT_BUFFERSIZE), + m_buffer(BOTAN_DEFAULT_BUFFER_SIZE), m_cipher(cipher) { m_cipher->set_key(key); } StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name) : - m_buffer(DEFAULT_BUFFERSIZE), + m_buffer(BOTAN_DEFAULT_BUFFER_SIZE), m_cipher(StreamCipher::create_or_throw(sc_name)) { } StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name, const SymmetricKey& key) : - m_buffer(DEFAULT_BUFFERSIZE), + m_buffer(BOTAN_DEFAULT_BUFFER_SIZE), m_cipher(StreamCipher::create_or_throw(sc_name)) { m_cipher->set_key(key); diff --git a/src/lib/filters/fd_unix/fd_unix.cpp b/src/lib/filters/fd_unix/fd_unix.cpp index 5ce29e8759..657dde3b40 100644 --- a/src/lib/filters/fd_unix/fd_unix.cpp +++ b/src/lib/filters/fd_unix/fd_unix.cpp @@ -16,7 +16,7 @@ namespace Botan { */ int operator<<(int fd, Pipe& pipe) { - secure_vector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE); while(pipe.remaining()) { size_t got = pipe.read(buffer.data(), buffer.size()); @@ -39,7 +39,7 @@ int operator<<(int fd, Pipe& pipe) */ int operator>>(int fd, Pipe& pipe) { - secure_vector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE); while(true) { ssize_t ret = ::read(fd, buffer.data(), buffer.size()); diff --git a/src/lib/filters/pipe_io.cpp b/src/lib/filters/pipe_io.cpp index f38a7d4171..a909cba725 100644 --- a/src/lib/filters/pipe_io.cpp +++ b/src/lib/filters/pipe_io.cpp @@ -16,7 +16,7 @@ namespace Botan { */ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) { - secure_vector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE); while(stream.good() && pipe.remaining()) { const size_t got = pipe.read(buffer.data(), buffer.size()); @@ -32,7 +32,7 @@ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) */ std::istream& operator>>(std::istream& stream, Pipe& pipe) { - secure_vector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE); while(stream.good()) { stream.read(cast_uint8_ptr_to_char(buffer.data()), buffer.size()); diff --git a/src/lib/filters/pipe_rw.cpp b/src/lib/filters/pipe_rw.cpp index 082a215da3..dc7b973727 100644 --- a/src/lib/filters/pipe_rw.cpp +++ b/src/lib/filters/pipe_rw.cpp @@ -60,7 +60,7 @@ void Pipe::write(uint8_t input) */ void Pipe::write(DataSource& source) { - secure_vector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE); while(!source.end_of_data()) { size_t got = source.read(buffer.data(), buffer.size()); @@ -110,7 +110,7 @@ secure_vector Pipe::read_all(message_id msg) std::string Pipe::read_all_as_string(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - secure_vector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(BOTAN_DEFAULT_BUFFER_SIZE); std::string str; str.reserve(remaining(msg)); diff --git a/src/lib/filters/secqueue.cpp b/src/lib/filters/secqueue.cpp index 4b1a263a80..1c8d281493 100644 --- a/src/lib/filters/secqueue.cpp +++ b/src/lib/filters/secqueue.cpp @@ -17,7 +17,7 @@ namespace Botan { class SecureQueueNode final { public: - SecureQueueNode() : m_buffer(DEFAULT_BUFFERSIZE) + SecureQueueNode() : m_buffer(BOTAN_DEFAULT_BUFFER_SIZE) { m_next = nullptr; m_start = m_end = 0; } ~SecureQueueNode() { m_next = nullptr; m_start = m_end = 0; } diff --git a/src/lib/utils/types.h b/src/lib/utils/types.h index 10650342b6..51f0e3bc37 100644 --- a/src/lib/utils/types.h +++ b/src/lib/utils/types.h @@ -92,11 +92,6 @@ using u32bit = std::uint32_t; using u64bit = std::uint64_t; using s32bit = std::int32_t; -/** -* A default buffer size; typically a memory page -*/ -static const size_t DEFAULT_BUFFERSIZE = BOTAN_DEFAULT_BUFFER_SIZE; - #if (BOTAN_MP_WORD_BITS == 8) typedef uint8_t word; #elif (BOTAN_MP_WORD_BITS == 16) From 7801984d217b150c231b9e896179dc4ca729b831 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 17:24:08 -0500 Subject: [PATCH 0756/1008] Loosen restrictions on using bigint_comba_sqr9 --- src/lib/math/mp/mp_karat.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 6e1414cfa0..b10ea6fd94 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -332,7 +332,7 @@ void bigint_sqr(word z[], size_t z_size, { bigint_comba_sqr8(z, x); } - else if(x_sw == 9 && x_size >= 9 && z_size >= 18) + else if(x_sw <= 9 && x_size >= 9 && z_size >= 18) { bigint_comba_sqr9(z, x); } From d36a745ccfd3efec8a011dd1d76e34bbc3f193fb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 1 Mar 2018 17:39:56 -0500 Subject: [PATCH 0757/1008] Tiny but useful optimization in bigint_monty_redc Increases perf of larger DH by 5-8% --- src/lib/math/mp/mp_monty.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index b2b3b5e4ee..e2f93a9a79 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -60,7 +60,7 @@ void bigint_monty_redc(word z[], for(size_t j = p_size + 1; j < z_size - i; ++j) { z_i[j] += carry; - carry = carry & !z_i[j]; + carry = (z_i[j] < carry); } } From e5a9aed2dd2723b7af502e454a23d1b4fa28fbbf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 11:13:36 -0500 Subject: [PATCH 0758/1008] Use API annotations --- src/lib/asn1/asn1_print.h | 4 ++-- src/lib/pk_pad/emsa_pssr/pssr.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/asn1/asn1_print.h b/src/lib/asn1/asn1_print.h index d9e15f14b1..a6bc6b15f2 100644 --- a/src/lib/asn1/asn1_print.h +++ b/src/lib/asn1/asn1_print.h @@ -19,7 +19,7 @@ class BER_Decoder; /** * Format ASN.1 data and call a virtual to format */ -class BOTAN_DLL ASN1_Formatter +class BOTAN_PUBLIC_API(2,4) ASN1_Formatter { public: virtual ~ASN1_Formatter() = default; @@ -78,7 +78,7 @@ class BOTAN_DLL ASN1_Formatter * Format ASN.1 data into human readable output. The exact form of the output for * any particular input is not guaranteed and may change from release to release. */ -class BOTAN_DLL ASN1_Pretty_Printer final : public ASN1_Formatter +class BOTAN_PUBLIC_API(2,4) ASN1_Pretty_Printer final : public ASN1_Formatter { public: /** diff --git a/src/lib/pk_pad/emsa_pssr/pssr.h b/src/lib/pk_pad/emsa_pssr/pssr.h index 61a4b9448a..3b902dd6a8 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.h +++ b/src/lib/pk_pad/emsa_pssr/pssr.h @@ -58,7 +58,7 @@ class BOTAN_PUBLIC_API(2,0) PSSR final : public EMSA * PSSR_Raw * This accepts a pre-hashed buffer */ -class BOTAN_DLL PSSR_Raw final : public EMSA +class BOTAN_PUBLIC_API(2,3) PSSR_Raw final : public EMSA { public: From 158a47b44775a0acd3638bb4427ca5d78ffc6bdc Mon Sep 17 00:00:00 2001 From: Mathieu Souchaud Date: Fri, 2 Mar 2018 17:39:14 +0100 Subject: [PATCH 0759/1008] Fix check_crl_online segfaults, need tests. --- src/lib/x509/x509path.cpp | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 2b2489a1a9..aa35a5457d 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -420,9 +420,10 @@ PKIX::check_crl_online(const std::vector for(size_t i = 0; i != cert_path.size(); ++i) { - for(size_t c = 0; c != certstores.size(); ++i) + const std::shared_ptr& cert = cert_path.at(i); + for(size_t c = 0; c != certstores.size(); ++c) { - crls[i] = certstores[c]->find_crl_for(*cert_path[i]); + crls[i] = certstores[c]->find_crl_for(*cert); if(crls[i]) break; } @@ -438,7 +439,7 @@ PKIX::check_crl_online(const std::vector */ future_crls.emplace_back(std::future>()); } - else if(cert_path[i]->crl_distribution_point() == "") + else if(cert->crl_distribution_point() == "") { // Avoid creating a thread for this case future_crls.emplace_back(std::async(std::launch::deferred, [&]() -> std::shared_ptr { @@ -448,7 +449,9 @@ PKIX::check_crl_online(const std::vector else { future_crls.emplace_back(std::async(std::launch::async, [&]() -> std::shared_ptr { - auto http = HTTP::GET_sync(cert_path[i]->crl_distribution_point()); + auto http = HTTP::GET_sync(cert->crl_distribution_point(), + /*redirects*/ 1, timeout); + http.throw_unless_ok(); // check the mime type? return std::make_shared(http.body()); @@ -462,16 +465,12 @@ PKIX::check_crl_online(const std::vector { try { - std::future_status status = future_crls[i].wait_for(timeout); - - if(status == std::future_status::ready) - { - crls[i] = future_crls[i].get(); - } + crls[i] = future_crls[i].get(); } - catch(std::exception&) + catch(std::exception& e) { // crls[i] left null + // todo: log exception e.what() ? } } } From 4b6f451b837ac487996592ae449ba2ef95a83456 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 12:09:19 -0500 Subject: [PATCH 0760/1008] Add (untested) support for x32 build Needed for Debian --- src/build-data/arch/x32.txt | 16 ++++++++++++++++ src/build-data/cc/gcc.txt | 1 + src/build-data/detect_arch.cpp | 5 ++++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 src/build-data/arch/x32.txt diff --git a/src/build-data/arch/x32.txt b/src/build-data/arch/x32.txt new file mode 100644 index 0000000000..d69e1247d7 --- /dev/null +++ b/src/build-data/arch/x32.txt @@ -0,0 +1,16 @@ +endian little + +family x86 + + +aesni +avx2 +bmi2 +rdrand +rdseed +sha +sse2 +sse41 +sse42 +ssse3 + diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index f1a2edbe24..3d7eb98fef 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -86,6 +86,7 @@ sparc64 -> "-m64 -mno-app-regs" ppc64 -> "-m64" x86_32 -> "-m32" x86_64 -> "-m64" +x32 -> "-mx32" netbsd -> "-D_NETBSD_SOURCE" qnx -> "-fexceptions -D_QNX_SOURCE" diff --git a/src/build-data/detect_arch.cpp b/src/build-data/detect_arch.cpp index 577b73adab..f5e6ecd582 100644 --- a/src/build-data/detect_arch.cpp +++ b/src/build-data/detect_arch.cpp @@ -1,5 +1,8 @@ -#if defined(__x86_64__) || defined(_M_X64) +#if defined(__x86_64__) && defined(__ILP32__) + X32 + +#elif defined(__x86_64__) || defined(_M_X64) X86_64 #elif defined(__i386__) || defined(__i386) || defined(_M_IX86) From 67fc17e01bbafe0d759d32a9ffcc7cd7adc07dcf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 12:11:49 -0500 Subject: [PATCH 0761/1008] Add support for powerpcspe build Its a somewhat odd 32-bit PPC without AltiVec support --- src/build-data/arch/powerpcspe.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 src/build-data/arch/powerpcspe.txt diff --git a/src/build-data/arch/powerpcspe.txt b/src/build-data/arch/powerpcspe.txt new file mode 100644 index 0000000000..37d3b3c0f6 --- /dev/null +++ b/src/build-data/arch/powerpcspe.txt @@ -0,0 +1,3 @@ +endian big + +family ppc From c319fc1e211d648b69f31a24557206e0852694bf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 12:12:41 -0500 Subject: [PATCH 0762/1008] Log autodetected platform information at info level This is useful when debugging problems from build logs like https://buildd.debian.org/status/package.php?p=botan&suite=sid --- configure.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 87cca54ce9..db46d5b782 100755 --- a/configure.py +++ b/configure.py @@ -2996,9 +2996,10 @@ def main(argv): for policy in info_module_policies.values(): policy.cross_check(info_modules) - logging.info('%s invoked with options "%s"' % (argv[0], ' '.join(argv[1:]))) - logging.debug('Platform running configuration (autodetected): OS="%s" machine="%s" proc="%s"' % ( - platform.system(), platform.machine(), platform.processor())) + logging.info('%s invoked with options "%s"', argv[0], ' '.join(argv[1:])) + + logging.info('Autodetected platform information: OS="%s" machine="%s" proc="%s"', + platform.system(), platform.machine(), platform.processor()) logging.debug('Known CPU names: ' + ' '.join( sorted(flatten([[ainfo.basename] + ainfo.aliases for ainfo in info_arch.values()])))) From cca214ff3bfade7211676d018f51f7d803029b77 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 13:24:22 -0500 Subject: [PATCH 0763/1008] Fix pylint error --- configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.py b/configure.py index db46d5b782..9cd9c62e6e 100755 --- a/configure.py +++ b/configure.py @@ -2999,7 +2999,7 @@ def main(argv): logging.info('%s invoked with options "%s"', argv[0], ' '.join(argv[1:])) logging.info('Autodetected platform information: OS="%s" machine="%s" proc="%s"', - platform.system(), platform.machine(), platform.processor()) + platform.system(), platform.machine(), platform.processor()) logging.debug('Known CPU names: ' + ' '.join( sorted(flatten([[ainfo.basename] + ainfo.aliases for ainfo in info_arch.values()])))) From 537833f1bef3757adb7d12b5f27a2fa1b8d994b1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 15:26:51 -0500 Subject: [PATCH 0764/1008] Avoid close_fds=True in build_docs GH #1456 --- src/scripts/build_docs.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index df99ba9c32..0912ea1cf7 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -59,7 +59,6 @@ def run_and_check(cmd_line, cwd=None): try: proc = subprocess.Popen(cmd_line, - close_fds=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd) @@ -75,6 +74,8 @@ def run_and_check(cmd_line, cwd=None): logging.debug(stderr.decode()) if proc.returncode != 0: + logging.info(stdout.decode()) + logging.info(stderr.decode()) logging.error("Error running %s", ' '.join(cmd_line)) sys.exit(1) From 66f2068101325b904d317376c59389ad4b57408b Mon Sep 17 00:00:00 2001 From: souch Date: Fri, 2 Mar 2018 23:10:10 +0100 Subject: [PATCH 0765/1008] Document OCSP softfail/hardfail check behaviour. --- src/lib/x509/x509path.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 65497b2ccf..79ae02a10e 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -204,6 +204,9 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final * @param ocsp_timeout timeout for OCSP operations, 0 disables OCSP check * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation +* note: when enabled, OCSP check is softfail by default: if the OCSP server is not +* reachable, Path_Validation_Result::successful_validation() will return true. +* Hardfail OCSP check can be achieve by also calling Path_Validation_Result::no_warnings(). */ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( const std::vector& end_certs, From 76ecd3fedb0476d92afc30c1c68c82b5eddbff71 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 17:24:03 -0500 Subject: [PATCH 0766/1008] Implement product-scanning Montgomery reduction Results in 10-20% improvement for DH and RSA, 5% for ECC curves that use Montgomery form. --- src/lib/math/mp/mp_asmi.h | 36 ++++++++++++++++ src/lib/math/mp/mp_monty.cpp | 82 +++++++++++++++++++++++------------- 2 files changed, 88 insertions(+), 30 deletions(-) diff --git a/src/lib/math/mp/mp_asmi.h b/src/lib/math/mp/mp_asmi.h index a69d82a15e..0cbce3053a 100644 --- a/src/lib/math/mp/mp_asmi.h +++ b/src/lib/math/mp/mp_asmi.h @@ -749,6 +749,42 @@ inline void word3_muladd(word* w2, word* w1, word* w0, word x, word y) #endif } +/* +* 3-word addition +* (w2,w1,w0) += x +*/ +inline void word3_add(word* w2, word* w1, word* w0, word x) + { +#if defined(BOTAN_MP_USE_X86_32_ASM) + asm( + ASM("addl %[x],%[w0]") + ASM("adcl $0,%[w1]") + ASM("adcl $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [x]"r"(x), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); + +#elif defined(BOTAN_MP_USE_X86_64_ASM) + + asm( + ASM("addq %[x],%[w0]") + ASM("adcq $0,%[w1]") + ASM("adcq $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [x]"r"(x), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); + +#else + *w0 += x; + word c1 = (*w0 < x); + *w1 += c1; + word c2 = (*w1 < c1); + *w2 += c2; +#endif + } + /* * Multiply-Add Accumulator * (w2,w1,w0) += 2 * x * y diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index e2f93a9a79..ba94d1528d 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -8,7 +8,6 @@ */ #include -#include #include #include #include @@ -32,60 +31,83 @@ void bigint_monty_redc(word z[], CT::poison(p, p_size); CT::poison(ws, 2*(p_size+1)); - const size_t blocks_of_8 = p_size - (p_size % 8); + /* + Montgomery reduction - product scanning form - for(size_t i = 0; i != p_size; ++i) - { - word* z_i = z + i; + https://www.iacr.org/archive/ches2005/006.pdf + https://eprint.iacr.org/2013/882.pdf + https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf + */ + + word w2 = 0, w1 = 0, w0 = 0; - const word y = z_i[0] * p_dash; + w0 = z[0]; - /* - bigint_linmul3(ws, p, p_size, y); - bigint_add2(z_i, z_size - i, ws, p_size+1); - */ + ws[0] = w0 * p_dash; - word carry = 0; + word3_muladd(&w2, &w1, &w0, ws[0], p[0]); + + w0 = w1; + w1 = w2; + w2 = 0; + + for(size_t i = 1; i != p_size; ++i) + { + for(size_t j = 0; j < i; ++j) + { + word3_muladd(&w2, &w1, &w0, ws[j], p[i-j]); + } - for(size_t j = 0; j != blocks_of_8; j += 8) - carry = word8_madd3(z_i + j, p + j, y, carry); + word3_add(&w2, &w1, &w0, z[i]); - for(size_t j = blocks_of_8; j != p_size; ++j) - z_i[j] = word_madd3(p[j], y, z_i[j], &carry); + ws[i] = w0 * p_dash; - word z_sum = z_i[p_size] + carry; - carry = (z_sum < z_i[p_size]); - z_i[p_size] = z_sum; + word3_muladd(&w2, &w1, &w0, ws[i], p[0]); - for(size_t j = p_size + 1; j < z_size - i; ++j) + w0 = w1; + w1 = w2; + w2 = 0; + } + + for(size_t i = p_size; i != 2*p_size; ++i) + { + for(size_t j = i - p_size + 1; j != p_size; ++j) { - z_i[j] += carry; - carry = (z_i[j] < carry); + word3_muladd(&w2, &w1, &w0, ws[j], p[i-j]); } + + word3_add(&w2, &w1, &w0, z[i]); + + ws[i-p_size] = w0; + w0 = w1; + w1 = w2; + w2 = 0; } + word3_add(&w2, &w1, &w0, z[z_size-1]); + + ws[p_size] = w0; + ws[p_size+1] = w1; + /* * The result might need to be reduced mod p. To avoid a timing * channel, always perform the subtraction. If in the compution * of x - p a borrow is required then x was already < p. * - * x - p starts at ws[0] and is p_size+1 bytes long - * x starts at ws[p_size+1] and is also p_size+1 bytes log - * (that's the copy_mem) + * x starts at ws[0] and is p_size+1 bytes long. + * x - p starts at ws[p_size+1] and is also p_size+1 bytes log * * Select which address to copy from indexing off of the final * borrow. */ + // word borrow = bigint_sub3(ws + p_size + 1, ws, p_size + 1, p, p_size); word borrow = 0; for(size_t i = 0; i != p_size; ++i) - ws[i] = word_sub(z[p_size + i], p[i], &borrow); - - ws[p_size] = word_sub(z[p_size+p_size], 0, &borrow); - - copy_mem(ws + p_size + 1, z + p_size, p_size + 1); + ws[p_size + 1 + i] = word_sub(ws[i], p[i], &borrow); + ws[2*p_size+1] = word_sub(ws[p_size], 0, &borrow); - CT::conditional_copy_mem(borrow, z, ws + (p_size + 1), ws, (p_size + 1)); + CT::conditional_copy_mem(borrow, z, ws, ws + (p_size + 1), (p_size + 1)); clear_mem(z + p_size + 1, z_size - p_size - 1); CT::unpoison(z, z_size); From 9208d5ed5207a655babaed93e83768722415f859 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 18:39:01 -0500 Subject: [PATCH 0767/1008] Avoid confusing error if invalid EC_Group is used If an unknown group name was passed it would give a PEM error, instead of saying unknown group. --- src/lib/pubkey/ec_group/ec_group.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 942e7401a2..6064f869c0 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -329,10 +329,16 @@ EC_Group::EC_Group(const std::string& str) if(m_data == nullptr) { - // OK try it as PEM ... - secure_vector ber = PEM_Code::decode_check_label(str, "EC PARAMETERS"); - this->m_data = BER_decode_EC_group(ber.data(), ber.size()); + if(str.size() > 30 && str.substr(0, 29) == "-----BEGIN EC PARAMETERS-----") + { + // OK try it as PEM ... + secure_vector ber = PEM_Code::decode_check_label(str, "EC PARAMETERS"); + this->m_data = BER_decode_EC_group(ber.data(), ber.size()); + } } + + if(m_data == nullptr) + throw Invalid_Argument("Unknown ECC group '" + str + "'"); } //static From 27ab8fdbaaba4d128052025e0bbab4fa774fd1ac Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 19:38:53 -0500 Subject: [PATCH 0768/1008] Update news --- news.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news.rst b/news.rst index 6ac3865a2b..c0865042f0 100644 --- a/news.rst +++ b/news.rst @@ -10,6 +10,9 @@ Version 2.5.0, Not Yet Released generation and ECDH key exchange performance by 3 to 5 times as compared to previous releases. ECDSA verification is 2 to 3 times faster. (GH #1457) +* Implement product scanning Montgomery reduction, which improves Diffie-Hellman + and RSA performance by 10 to 20% on most platforms. (GH #1472) + * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) From 36451c67afd87876ab0b180c4f3f93a8dec5f9c8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 2 Mar 2018 19:47:05 -0500 Subject: [PATCH 0769/1008] Fix header includes --- src/lib/math/mp/mp_karat.cpp | 2 +- src/lib/math/mp/mp_monty.cpp | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index b10ea6fd94..6cf41503d1 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -8,8 +8,8 @@ #include #include -#include #include +#include namespace Botan { diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index ba94d1528d..ea32313d0d 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -7,11 +7,12 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include +#include #include #include #include #include +#include namespace Botan { From 9d552010688623e185e4ae15cd045b6c79b17cb7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 05:51:38 -0500 Subject: [PATCH 0770/1008] Simplify indexing in this loop --- src/lib/math/mp/mp_monty.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index ea32313d0d..1994752975 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -70,16 +70,16 @@ void bigint_monty_redc(word z[], w2 = 0; } - for(size_t i = p_size; i != 2*p_size; ++i) + for(size_t i = 0; i != p_size; ++i) { - for(size_t j = i - p_size + 1; j != p_size; ++j) + for(size_t j = i + 1; j != p_size; ++j) { - word3_muladd(&w2, &w1, &w0, ws[j], p[i-j]); + word3_muladd(&w2, &w1, &w0, ws[j], p[p_size + i-j]); } - word3_add(&w2, &w1, &w0, z[i]); + word3_add(&w2, &w1, &w0, z[p_size+i]); - ws[i-p_size] = w0; + ws[i] = w0; w0 = w1; w1 = w2; w2 = 0; From 9b2f336feba2aa0462a16625ab3cae34ce395f4a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 06:35:37 -0500 Subject: [PATCH 0771/1008] Fix timing_test names Closes #1465 --- src/cli/timing_tests.cpp | 20 +++++++++---------- ...ucky13sha384.vec => lucky13sec4sha384.vec} | 0 2 files changed, 10 insertions(+), 10 deletions(-) rename src/tests/data/timing/{lucky13sha384.vec => lucky13sec4sha384.vec} (100%) diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 3e267829fd..48dcbce1e5 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -495,14 +495,14 @@ class Timing_Test_Command final : public Command { // TODO check feature macros return (Command::help_text() + - "\ntest_type can take on values " + - "bleichenbacher " + + "\ntest_type can take on values " + "bleichenbacher " "manger " - "ecdsa " + - "lucky13sha1sec3 " + - "lucky13sha256sec3 " + - "lucky13sec4sha1 " + - "lucky13sec4sha256 " + + "ecdsa " + "ecc_mul " + "lucky13sec3 " + "lucky13sec4sha1 " + "lucky13sec4sha256 " "lucky13sec4sha384 " ); } @@ -548,15 +548,15 @@ std::unique_ptr Timing_Test_Command::lookup_timing_test(const std:: #endif #if defined(BOTAN_HAS_TLS_CBC) - if(test_type == "lucky13sha1sec3" || test_type == "lucky13sha1sec4") + if(test_type == "lucky13sec3" || test_type == "lucky13sec4sha1") { return std::unique_ptr(new Lucky13_Timing_Test("SHA-1", 20)); } - if(test_type == "lucky13sha256sec3" || test_type == "lucky13sha256sec4") + if(test_type == "lucky13sec4sha256") { return std::unique_ptr(new Lucky13_Timing_Test("SHA-256", 32)); } - if(test_type == "lucky13sha384") + if(test_type == "lucky13sec4sha384") { return std::unique_ptr(new Lucky13_Timing_Test("SHA-384", 48)); } diff --git a/src/tests/data/timing/lucky13sha384.vec b/src/tests/data/timing/lucky13sec4sha384.vec similarity index 100% rename from src/tests/data/timing/lucky13sha384.vec rename to src/tests/data/timing/lucky13sec4sha384.vec From c563f15c6fe7327c27a8f988e66dcf20ff23a523 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 06:37:13 -0500 Subject: [PATCH 0772/1008] Rename build_tests.py to make it more obvious this is not for end users GH #1456 --- src/scripts/{build_tests.py => test_all_configs.py} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/scripts/{build_tests.py => test_all_configs.py} (100%) diff --git a/src/scripts/build_tests.py b/src/scripts/test_all_configs.py similarity index 100% rename from src/scripts/build_tests.py rename to src/scripts/test_all_configs.py From 12bf67fee9ae4ec96605a9656beadebbcad83e84 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 06:42:56 -0500 Subject: [PATCH 0773/1008] Mention MSVC 2017 --- doc/manual/support.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/manual/support.rst b/doc/manual/support.rst index 5ba4d0612c..209f0d6c7d 100644 --- a/doc/manual/support.rst +++ b/doc/manual/support.rst @@ -10,7 +10,7 @@ For Botan 2, the tier-1 supported platforms are * Linux x86-64, Clang 3.5 or higher * Linux aarch64, GCC 4.8+ * Linux ppc64le, GCC 4.8+ -* Windows x86-64, Visual C++ 2013 and 2015 +* Windows x86-64, Visual C++ 2015 and 2017 These platforms are all tested by continuous integration, and the developers have access to hardware in order to test patches. Problems affecting these @@ -26,6 +26,7 @@ For Botan 2, the tier-2 supported platforms are * Android arm32, NDK Clang * FreeBSD x86-64, Clang 3.8+ * IncludeOS x86-32, Clang 3.8+ +* Windows x86-64, Visual C++ 2013 Some (but not all) of the tier-2 platforms are tested by CI. Things should mostly work, and if problems are encountered, the Botan devs will probably be From 4a1b5ceee146e314a1a65d789eba7a1750633cf1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 06:56:02 -0500 Subject: [PATCH 0774/1008] Remove Perl goop from .gitignore [ci skip] --- .gitignore | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.gitignore b/.gitignore index d9eba94287..e022539e5c 100644 --- a/.gitignore +++ b/.gitignore @@ -64,14 +64,6 @@ lcov-out/ cachegrind.* callgrind.* -src/contrib/perl-xs/Makefile -src/contrib/perl-xs/Makefile.old -src/contrib/perl-xs/Botan.bs -src/contrib/perl-xs/Botan.c -src/contrib/perl-xs/Botan.o -src/contrib/perl-xs/MYMETA* -src/contrib/perl-xs/*blib - # Ignore stuff in the top level dir that shouldn't be checked in /*.c /*.cpp From 815a3a8d7056aa0fb9b32209680a42b1cd0fc5f7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 08:03:23 -0500 Subject: [PATCH 0775/1008] Fix some MinGW build issues See #1450 and #1456 --- configure.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/configure.py b/configure.py index 9cd9c62e6e..2082025197 100755 --- a/configure.py +++ b/configure.py @@ -1719,6 +1719,12 @@ def choose_endian(arch_info, options): build_dir = options.with_build_dir or os.path.curdir program_suffix = options.program_suffix or osinfo.program_suffix + def join_with_build_dir(path): + # For some unknown reason MinGW doesn't like ./foo + if build_dir == os.path.curdir and options.os == 'mingw': + return path + return os.path.join(build_dir, path) + variables = { 'version_major': Version.major(), 'version_minor': Version.minor(), @@ -1738,12 +1744,12 @@ def choose_endian(arch_info, options): 'base_dir': source_paths.base_dir, 'src_dir': source_paths.src_dir, 'doc_dir': source_paths.doc_dir, - 'scripts_dir': source_paths.scripts_dir, + 'scripts_dir': normalize_source_path(source_paths.scripts_dir), 'python_dir': source_paths.python_dir, 'cli_exe_name': osinfo.cli_exe_name + program_suffix, - 'cli_exe': os.path.join(build_dir, osinfo.cli_exe_name + program_suffix), - 'test_exe': os.path.join(build_dir, 'botan-test' + program_suffix), + 'cli_exe': join_with_build_dir(osinfo.cli_exe_name + program_suffix), + 'test_exe': join_with_build_dir('botan-test' + program_suffix), 'lib_prefix': osinfo.lib_prefix, 'static_suffix': osinfo.static_suffix, @@ -1771,7 +1777,7 @@ def choose_endian(arch_info, options): 'sphinx_config_dir': source_paths.sphinx_config_dir, 'with_doxygen': options.with_doxygen, - 'out_dir': options.with_build_dir or os.path.curdir, + 'out_dir': build_dir, 'build_dir': build_paths.build_dir, 'doc_stamp_file': os.path.join(build_paths.build_dir, 'doc.stamp'), @@ -1806,7 +1812,7 @@ def choose_endian(arch_info, options): 'mp_bits': choose_mp_bits(), - 'python_exe': sys.executable, + 'python_exe': os.path.basename(sys.executable), 'python_version': options.python_version, 'cxx': (options.compiler_binary or cc.binary_name), @@ -1898,7 +1904,7 @@ def choose_endian(arch_info, options): if options.build_shared_lib: lib_targets.append('shared_lib_name') - variables['library_targets'] = ' '.join([os.path.join(build_dir, variables[t]) for t in lib_targets]) + variables['library_targets'] = ' '.join([join_with_build_dir(variables[t]) for t in lib_targets]) if options.os == 'llvm' or options.compiler == 'msvc': # llvm-link and msvc require just naming the file directly From aa50953ea45c3b4373f93b629368ac9d9a08f31a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 09:33:55 -0500 Subject: [PATCH 0776/1008] In ECC bench test brainpool too Allows comparing Solinas reduction vs Montgomery --- src/cli/speed.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index ac8a8ac8cc..ba5e9b6eab 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -689,7 +689,9 @@ class Speed final : public Command throw CLI_Usage_Error("Unknown --format type '" + format + "'"); if(ecc_groups.empty()) - ecc_groups = { "secp256r1", "secp384r1", "secp521r1" }; + ecc_groups = { "secp256r1", "brainpool256r1", + "secp384r1", "brainpool384r1", + "secp521r1", "brainpool512r1" }; std::vector algos = get_arg_list("algos"); From f69bff31fe0016074c74715be3ec3b378893fc97 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 08:32:36 -0500 Subject: [PATCH 0777/1008] Reduce temp usage in PointGFp addition and doubling No noticable change in performance --- src/lib/pubkey/ec_group/curve_gfp.h | 2 +- src/lib/pubkey/ec_group/point_gfp.cpp | 193 ++++++++++++-------------- src/lib/pubkey/ec_group/point_gfp.h | 2 +- src/lib/pubkey/ec_group/point_mul.cpp | 2 +- 4 files changed, 95 insertions(+), 104 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index ab654dccdc..60e1a485dd 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -50,7 +50,7 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr /** * This class represents an elliptic curve over GF(p) */ -class BOTAN_PUBLIC_API(2,0) CurveGFp final +class BOTAN_UNSTABLE_API CurveGFp final { public: diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 20b4e01798..da8b292f42 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -79,53 +79,48 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) const BigInt& p = m_curve.get_p(); const size_t cap_size = 2*m_curve.get_p_words() + 2; - for(size_t i = 0; i != ws_bn.size(); ++i) - ws_bn[i].ensure_capacity(cap_size); - BigInt& rhs_z2 = ws_bn[0]; - BigInt& U1 = ws_bn[1]; - BigInt& S1 = ws_bn[2]; + BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); - BigInt& lhs_z2 = ws_bn[3]; - BigInt& U2 = ws_bn[4]; - BigInt& S2 = ws_bn[5]; - - BigInt& H = ws_bn[6]; - BigInt& r = ws_bn[7]; + for(size_t i = 0; i != ws_bn.size(); ++i) + ws_bn[i].ensure_capacity(cap_size); - BigInt& tmp = ws_bn[8]; + secure_vector& ws = ws_bn[0].get_word_vector(); - secure_vector& monty_ws = ws_bn[9].get_word_vector(); + BigInt& T0 = ws_bn[1]; + BigInt& T1 = ws_bn[2]; + BigInt& T2 = ws_bn[3]; + BigInt& T3 = ws_bn[4]; + BigInt& T4 = ws_bn[5]; + BigInt& T5 = ws_bn[6]; /* https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 */ - m_curve.sqr(rhs_z2, rhs.m_coord_z, monty_ws); - m_curve.mul(U1, m_coord_x, rhs_z2, monty_ws); - - m_curve.mul(tmp, rhs.m_coord_z, rhs_z2, monty_ws); // z^3 - m_curve.mul(S1, m_coord_y, tmp, monty_ws); + m_curve.sqr(T0, rhs.m_coord_z, ws); // z2^2 + m_curve.mul(T1, m_coord_x, T0, ws); // x1*z2^2 + m_curve.mul(T3, rhs.m_coord_z, T0, ws); // z2^3 + m_curve.mul(T2, m_coord_y, T3, ws); // y1*z2^3 - m_curve.sqr(lhs_z2, m_coord_z, monty_ws); - m_curve.mul(U2, rhs.m_coord_x, lhs_z2, monty_ws); + m_curve.sqr(T3, m_coord_z, ws); // z1^2 + m_curve.mul(T4, rhs.m_coord_x, T3, ws); // x2*z1^2 - m_curve.mul(tmp, m_coord_z, lhs_z2, monty_ws); - m_curve.mul(S2, rhs.m_coord_y, tmp, monty_ws); + m_curve.mul(T5, m_coord_z, T3, ws); // z1^3 + m_curve.mul(T0, rhs.m_coord_y, T5, ws); // y2*z1^3 - H = U2; - H -= U1; - if(H.is_negative()) - H += p; + T4 -= T1; // x2*z1^2 - x1*z2^2 + if(T4.is_negative()) + T4 += p; - r = S2; - r -= S1; - if(r.is_negative()) - r += p; + T3 = T0; + T3 -= T2; + if(T3.is_negative()) + T3 += p; - if(H.is_zero()) + if(T4.is_zero()) { - if(r.is_zero()) + if(T3.is_zero()) { mult2(ws_bn); return; @@ -138,32 +133,31 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) return; } - m_curve.sqr(U2, H, monty_ws); + m_curve.sqr(T5, T4, ws); - m_curve.mul(S2, U2, H, monty_ws); + m_curve.mul(T0, T1, T5, ws); - m_curve.mul(tmp, U1, U2, monty_ws); - U2 = tmp; + m_curve.mul(T1, T5, T4, ws); - m_curve.sqr(m_coord_x, r, monty_ws); - m_coord_x -= S2; - m_coord_x -= U2; - m_coord_x -= U2; + m_curve.sqr(m_coord_x, T3, ws); + m_coord_x -= T1; + m_coord_x -= T0; + m_coord_x -= T0; while(m_coord_x.is_negative()) m_coord_x += p; - U2 -= m_coord_x; - if(U2.is_negative()) - U2 += p; + T0 -= m_coord_x; + if(T0.is_negative()) + T0 += p; - m_curve.mul(m_coord_y, r, U2, monty_ws); - m_curve.mul(tmp, S1, S2, monty_ws); - m_coord_y -= tmp; + m_curve.mul(m_coord_y, T3, T0, ws); + m_curve.mul(T0, T2, T1, ws); + m_coord_y -= T0; if(m_coord_y.is_negative()) m_coord_y += p; - m_curve.mul(tmp, m_coord_z, rhs.m_coord_z, monty_ws); - m_curve.mul(m_coord_z, tmp, H, monty_ws); + m_curve.mul(T0, m_coord_z, rhs.m_coord_z, ws); + m_curve.mul(m_coord_z, T0, T4, ws); } // *this *= 2 @@ -183,64 +177,61 @@ void PointGFp::mult2(std::vector& ws_bn) */ const size_t cap_size = 2*m_curve.get_p_words() + 2; + + BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); for(size_t i = 0; i != ws_bn.size(); ++i) ws_bn[i].ensure_capacity(cap_size); const BigInt& p = m_curve.get_p(); - BigInt& y_2 = ws_bn[0]; - BigInt& S = ws_bn[1]; - BigInt& tmp = ws_bn[2]; - BigInt& a_z4 = ws_bn[3]; - BigInt& M = ws_bn[4]; - BigInt& U = ws_bn[5]; - BigInt& x = ws_bn[6]; - BigInt& y = ws_bn[7]; - BigInt& z = ws_bn[8]; - - secure_vector& monty_ws = ws_bn[9].get_word_vector(); - - m_curve.sqr(y_2, m_coord_y, monty_ws); - - m_curve.mul(S, m_coord_x, y_2, monty_ws); - S <<= 2; // * 4 - S.reduce_below(p, tmp.get_word_vector()); - - m_curve.sqr(a_z4, m_coord_z, monty_ws); // z^2 - m_curve.sqr(tmp, a_z4, monty_ws); // z^4 - m_curve.mul(a_z4, m_curve.get_a_rep(), tmp, monty_ws); - - m_curve.sqr(M, m_coord_x, monty_ws); - M *= 3; - M += a_z4; - M.reduce_below(p, tmp.get_word_vector()); - - m_curve.sqr(x, M, monty_ws); - x -= S; - x -= S; - while(x.is_negative()) - x += p; - - m_curve.sqr(U, y_2, monty_ws); - U <<= 3; - U.reduce_below(p, tmp.get_word_vector()); - - S -= x; - while(S.is_negative()) - S += p; - - m_curve.mul(y, M, S, monty_ws); - y -= U; - if(y.is_negative()) - y += p; - - m_curve.mul(z, m_coord_y, m_coord_z, monty_ws); - z <<= 1; - z.reduce_below(p, tmp.get_word_vector()); - - m_coord_x = x; - m_coord_y = y; - m_coord_z = z; + secure_vector& ws = ws_bn[0].get_word_vector(); + BigInt& T0 = ws_bn[1]; + BigInt& T1 = ws_bn[2]; + BigInt& T2 = ws_bn[6]; + BigInt& T3 = ws_bn[4]; + BigInt& T4 = ws_bn[5]; + + m_curve.sqr(T0, m_coord_y, ws); + + m_curve.mul(T1, m_coord_x, T0, ws); + T1 <<= 2; // * 4 + T1.reduce_below(p, T3.get_word_vector()); + + m_curve.sqr(T3, m_coord_z, ws); // z^2 + m_curve.sqr(T4, T3, ws); // z^4 + m_curve.mul(T3, m_curve.get_a_rep(), T4, ws); + + m_curve.sqr(T4, m_coord_x, ws); + T4 *= 3; + T4 += T3; + T4.reduce_below(p, T3.get_word_vector()); + + m_curve.sqr(T2, T4, ws); + T2 -= T1; + T2 -= T1; + while(T2.is_negative()) + T2 += p; + m_coord_x = T2; + + m_curve.sqr(T3, T0, ws); + T3 <<= 3; + T3.reduce_below(p, T0.get_word_vector()); + + T1 -= T2; + while(T1.is_negative()) + T1 += p; + + m_curve.mul(T0, T4, T1, ws); + T0 -= T3; + if(T0.is_negative()) + T0 += p; + + m_curve.mul(T2, m_coord_y, m_coord_z, ws); + T2 <<= 1; + T2.reduce_below(p, T3.get_word_vector()); + + m_coord_y = T0; + m_coord_z = T2; } // arithmetic operators diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index dddd40b43b..abcc9656ed 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -49,7 +49,7 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final HYBRID = 2 }; - enum { WORKSPACE_SIZE = 10 }; + enum { WORKSPACE_SIZE = 7 }; /** * Construct an uninitialized PointGFp diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 7fea02280e..314807166d 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -20,7 +20,7 @@ PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, size_t w) { - std::vector ws(9); + std::vector ws(PointGFp::WORKSPACE_SIZE); init(base, w, ws); } From 86614915b55393a07686e58814a6a28a91e87113 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 09:52:24 -0500 Subject: [PATCH 0778/1008] Add speed comparison of Barrett vs % operator --- src/cli/speed.cpp | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index ba5e9b6eab..94dc08eb0e 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -86,6 +86,7 @@ #if defined(BOTAN_HAS_NUMBERTHEORY) #include #include + #include #endif #if defined(BOTAN_HAS_ECC_GROUP) @@ -860,6 +861,10 @@ class Speed final : public Command { bench_inverse_mod(msec); } + else if(algo == "bn_redc") + { + bench_bn_redc(msec); + } #endif #if defined(BOTAN_HAS_FPE_FE1) @@ -1375,6 +1380,33 @@ class Speed final : public Command #endif #if defined(BOTAN_HAS_NUMBERTHEORY) + void bench_bn_redc(const std::chrono::milliseconds runtime) + { + Botan::BigInt p; + p.set_bit(521); + p--; + + Timer barrett_timer("Barrett"); + Timer schoolbook_timer("Schoolbook"); + + Botan::Modular_Reducer mod_p(p); + + while(schoolbook_timer.under(runtime)) + { + const Botan::BigInt x(rng(), p.bits() * 2 - 2); + + const Botan::BigInt r1 = barrett_timer.run( + [&] { return mod_p.reduce(x); }); + const Botan::BigInt r2 = schoolbook_timer.run( + [&] { return x % p; }); + + BOTAN_ASSERT(r1 == r2, "Computed different results"); + } + + record_result(barrett_timer); + record_result(schoolbook_timer); + } + void bench_inverse_mod(const std::chrono::milliseconds runtime) { Botan::BigInt p; From ce637bf9b4010d33f8f7de5370beb8c4e247b8fe Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 09:54:25 -0500 Subject: [PATCH 0779/1008] Use Barrett instead of repeated divisions by p here Doesn't matter much since its a one time setup cost but can't hurt. --- src/lib/pubkey/ec_group/curve_gfp.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index caaca0a9ac..216f2a894b 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -26,9 +27,11 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr { const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS); - m_r2 = (r * r) % p; - m_a_r = (m_a * r) % p; - m_b_r = (m_b * r) % p; + Modular_Reducer mod_p(m_p); + + m_r2 = mod_p.square(r); + m_a_r = mod_p.multiply(r, m_a); + m_b_r = mod_p.multiply(r, m_b); } const BigInt& get_a() const override { return m_a; } From 8fe96b9384017b6d0f496c02c367e66ae6617a17 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 21:31:43 -0500 Subject: [PATCH 0780/1008] Enable SHA-1 intrinsics on MSVC GH #939 --- src/build-data/cc/msvc.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 66949970d2..98b392da75 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -44,6 +44,7 @@ aesni -> "" clmul -> "" rdrand -> "" rdseed -> "" +sha -> "" From a7d664192a7dce877225e6fbe35c3ad4a1d3cceb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Mar 2018 22:17:38 -0500 Subject: [PATCH 0781/1008] Support decoding of ECC groups with seed parameter Closes GH #874 --- src/lib/pubkey/ec_group/ec_group.cpp | 2 ++ src/tests/data/x509/ecc/secp384r1_seed.pem | 10 ++++++++++ src/tests/unit_ecc.cpp | 17 +++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 src/tests/data/x509/ecc/secp384r1_seed.pem diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 6064f869c0..9da1cd81fd 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -264,6 +264,7 @@ std::shared_ptr EC_Group::BER_decode_EC_group(const uint8_t bits[ { BigInt p, a, b, order, cofactor; std::vector base_pt; + std::vector seed; BER_Decoder(bits, len) .start_cons(SEQUENCE) @@ -276,6 +277,7 @@ std::shared_ptr EC_Group::BER_decode_EC_group(const uint8_t bits[ .start_cons(SEQUENCE) .decode_octet_string_bigint(a) .decode_octet_string_bigint(b) + .decode_optional_string(seed, BIT_STRING, BIT_STRING) .end_cons() .decode(base_pt, OCTET_STRING) .decode(order) diff --git a/src/tests/data/x509/ecc/secp384r1_seed.pem b/src/tests/data/x509/ecc/secp384r1_seed.pem new file mode 100644 index 0000000000..8f5598ed05 --- /dev/null +++ b/src/tests/data/x509/ecc/secp384r1_seed.pem @@ -0,0 +1,10 @@ +-----BEGIN EC PARAMETERS----- +MIIBVwIBATA8BgcqhkjOPQEBAjEA//////////////////////////////////// +//////7/////AAAAAAAAAAD/////MHsEMP////////////////////////////// +///////////+/////wAAAAAAAAAA/////AQwszEvp+I+5+SYjgVr4/gtGRgdnG7+ +gUESAxQIj1ATh1rGVjmNii7RnSqFyO3T7CrvAxUAozWSaqMZonodAIlqZ3OkgnrN +rHMEYQSqh8oivosFN46xxx7zIK10bh07Younm5hZ90HgglQqOFUC8l2/VSlsOlRe +OHJ2Crc2F95KliYsb12emL+Sktwp+PQdvSiaFHzp2jETtfC4wApgsc4dfoGdekMd +fJDqDl8CMQD////////////////////////////////HY02B9Dct31gaDbJIsKd6 +7OwZaszFKXMCAQE= +-----END EC PARAMETERS----- diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index aecf6e5d47..6f0d1a243b 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -293,6 +293,22 @@ Test::Result test_groups() return result; } +Test::Result test_decoding_with_seed() + { + Test::Result result("ECC Unit"); + + Botan::EC_Group secp384r1_with_seed( + Test::read_data_file("x509/ecc/secp384r1_seed.pem")); + + result.confirm("decoding worked", secp384r1_with_seed.initialized()); + + Botan::EC_Group secp384r1("secp384r1"); + + result.test_eq("P-384 prime", secp384r1_with_seed.get_p(), secp384r1.get_p()); + + return result; + } + Test::Result test_coordinates() { Test::Result result("ECC Unit"); @@ -765,6 +781,7 @@ class ECC_Unit_Tests final : public Test results.push_back(test_groups()); results.push_back(test_coordinates()); + results.push_back(test_decoding_with_seed()); results.push_back(test_point_transformation()); results.push_back(test_point_mult()); results.push_back(test_point_negative()); From 48409672cfad8aa1b4765fa45cd3634ad496bda8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Mar 2018 15:29:11 -0500 Subject: [PATCH 0782/1008] Allow decoding ASN.1 OID 0.0 I had no idea this was a valid OID but apparently it is. And for some who-knows-why reason FreeTSA certificate includes it in their certificate policy extension. GH #355 --- src/lib/asn1/asn1_oid.cpp | 4 +- src/tests/data/asn1_print/input6.der | Bin 0 -> 2053 bytes src/tests/data/asn1_print/input6.pem | 45 ++++++++ src/tests/data/asn1_print/output6.txt | 145 ++++++++++++++++++++++++++ src/tests/test_asn1.cpp | 2 +- 5 files changed, 194 insertions(+), 2 deletions(-) create mode 100644 src/tests/data/asn1_print/input6.der create mode 100644 src/tests/data/asn1_print/input6.pem create mode 100644 src/tests/data/asn1_print/output6.txt diff --git a/src/lib/asn1/asn1_oid.cpp b/src/lib/asn1/asn1_oid.cpp index 81450becfa..c94f7c8b54 100644 --- a/src/lib/asn1/asn1_oid.cpp +++ b/src/lib/asn1/asn1_oid.cpp @@ -167,8 +167,10 @@ void OID::decode_from(BER_Decoder& decoder) const size_t length = obj.length(); const uint8_t* bits = obj.bits(); - if(length < 2) + if(length < 2 && !(length == 1 && bits[0] == 0)) + { throw BER_Decoding_Error("OID encoding is too short"); + } clear(); m_id.push_back(bits[0] / 40); diff --git a/src/tests/data/asn1_print/input6.der b/src/tests/data/asn1_print/input6.der new file mode 100644 index 0000000000000000000000000000000000000000..ab6cac565d990c1578da8d08f836dc5fad5adff8 GIT binary patch literal 2053 zcmcJPX;f3!7RPfll0X0ng9U*r$Rv=QFaSuweO zz?l#0fzn#Ll#N@j8uT@BPL4{B^1eFJ}SdS0udj< zQ8+=AD8do3I1QGI5~XrD0plwqs1%pOh%^DlMG_R2P$lzPphw7LGKVo9UH3u^WeXvmYp?^RNLY{ ziJ=U6CVd*(}oc+{wC+Z9Q3eL2(_g9>+dClSw9&U zq};@IIT#J)#pj-lp=!sB=9;90KYYG3ccQt*lm2tkv)-=C^Zz?#x#wQo^8Lr^1f+WN ztK%el>KEI`UPXSZ(5^C~l(4<-UQW9Bis`x|KIUfT6W z^;KZS-AQ)l$Jrm>vkG1v)jzxc-1IOZa~`^qNA|lOs%*Lc6E>iId2?jCy%8BXq~X*R z*yq+F$IPy2&Y0r-jd{Z^wbmxdA16rbCV~Sl1x&1nB>VOp$#k0as8sOHDpADk_AXJ~ z@wICLUr;RGZ0l+|_)&LXOiR+}>f!6PoAR+Pard_7$#tz3^&CI6?l_R`zVP7g>REGs z&MWWzwSPl$@wzyXcUVIhcDdHu#Lx%MJ(+pWOEA?-Mt3EbckSL=K;eES-AW`u1gJs< z_3PH=*4r(!Ws!-10Bm*ZVQWmbB%4c94Y!7deK{C+RpOy>DK9_NpyUC2{jnoixBHpq zucDcId<5Y^YsN zFLPBpe>j`Nmx(zt9n@m^`U+x@bxH4p$yx0ns}*E5Q6U`^&j9atg^7@*%imn}Cjw&m zDRQNvXgAS2`ZvU*vgeP_s`B?ali^0waQ z)G+G;2$_sF8>fnr6MZWzEN)L9p}|M;FBopd#|O(Ek95#^Z?Y?VCK{YKKK9J-y@xD7 zcO+)~;_qQMd}fKX^2z5~=1B9zKFW;luZ;j$QQ)Ext;4ZD8}JyZME~7OgdIL(#hnw=lRK8gV$a zJ}6yT>h5PV+cif!mg^XVzoITFKn}!bqz9SG4}WeJcObuoa3s^mt=4PJON{IorQLdU z!_=L$@q@u9{PQN$p4fh;Hj5e+ce))iO>J5XM`Ho^S? z{;<&c=;>WKN%My>2nSY_<&d literal 0 HcmV?d00001 diff --git a/src/tests/data/asn1_print/input6.pem b/src/tests/data/asn1_print/input6.pem new file mode 100644 index 0000000000..4679262761 --- /dev/null +++ b/src/tests/data/asn1_print/input6.pem @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIIIATCCBemgAwIBAgIJAMHphhYNqOmCMA0GCSqGSIb3DQEBDQUAMIGVMREwDwYD +VQQKEwhGcmVlIFRTQTEQMA4GA1UECxMHUm9vdCBDQTEYMBYGA1UEAxMPd3d3LmZy +ZWV0c2Eub3JnMSIwIAYJKoZIhvcNAQkBFhNidXNpbGV6YXNAZ21haWwuY29tMRIw +EAYDVQQHEwlXdWVyemJ1cmcxDzANBgNVBAgTBkJheWVybjELMAkGA1UEBhMCREUw +HhcNMTYwMzEzMDE1NzM5WhcNMjYwMzExMDE1NzM5WjCCAQkxETAPBgNVBAoTCEZy +ZWUgVFNBMQwwCgYDVQQLEwNUU0ExdjB0BgNVBA0TbVRoaXMgY2VydGlmaWNhdGUg +ZGlnaXRhbGx5IHNpZ25zIGRvY3VtZW50cyBhbmQgdGltZSBzdGFtcCByZXF1ZXN0 +cyBtYWRlIHVzaW5nIHRoZSBmcmVldHNhLm9yZyBvbmxpbmUgc2VydmljZXMxGDAW +BgNVBAMTD3d3dy5mcmVldHNhLm9yZzEiMCAGCSqGSIb3DQEJARYTYnVzaWxlemFz +QGdtYWlsLmNvbTESMBAGA1UEBxMJV3VlcnpidXJnMQswCQYDVQQGEwJERTEPMA0G +A1UECBMGQmF5ZXJuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtZEE +jE5IbzTp3Ahif8I3UWIjaYS4LLEwvv9RfPw4+EvOXGWodNqyYhrgvOfjNWPg7ek0 +/V+IIxWfB4SICCJ0YMHtiCYXBvQoEzQ1nfu4G9E1P8F5YQrxqMjIZdwA6iOzqJvm +vQO6hansgn1gVlkF4i1qWE7ROArhUCgM7jl+mKAS84BGQAeGJEO8B3y5X0Ia8xcS +2Wg8223/uvPIululZq5SPUWdYXc0bU2EDieIa3wBxbiQ14ouJ7uo3S+aKBLhV9Yv +khxlliVIBp3Nt9Bt4YHeDpVw1m+HIgzii2KKtVkG8+4MIQ9wUej0hYr4uaktCeRq +8tnLpb/PrRaM32BEkaSwZgOxFMr3Ax8GXn7u+lPFdfNJDAWdLjLdx2rE1MTHEGg7 +l/0b5ZG8YQVRhtiPmgORswe2+R7ZVNqjb5rNah4Uqi5K3xdGS1TbGNu2/+MAgCRl +RzcENs5Od7rl3m/g8/nW5/++tGHnlOkvsJUfiq5hpBLM6bIQdGNci+MnrhoPa0pk +brD4RjvGO/hFUwQ10Z6AJRHsn2bDSWlS2L7LabCqTUxB9gUV/n3LuJMZzdpZumrq +S+POrnGOb8tszX25/FC7FbEvNmWwqjByicLm3UsRHOSLotnv21prmlBgaTNPs09v +x64zDws0IIqsgN8yZv3ZBGWHa6LLiY2VBTFbbnsCAwEAAaOCAdswggHXMAkGA1Ud +EwQCMAAwHQYDVR0OBBYEFG52C3tOT5zhYMptLOknoqKUs3c3MB8GA1UdIwQYMBaA +FPpVDYw0ZlFDTPfns6dsla965qSXMAsGA1UdDwQEAwIGwDAWBgNVHSUBAf8EDDAK +BggrBgEFBQcDCDBjBggrBgEFBQcBAQRXMFUwKgYIKwYBBQUHMAKGHmh0dHA6Ly93 +d3cuZnJlZXRzYS5vcmcvdHNhLmNydDAnBggrBgEFBQcwAYYbaHR0cDovL3d3dy5m +cmVldHNhLm9yZzoyNTYwMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuZnJl +ZXRzYS5vcmcvY3JsL3Jvb3RfY2EuY3JsMIHGBgNVHSAEgb4wgbswgbgGAQAwgbIw +MwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZnJlZXRzYS5vcmcvZnJlZXRzYV9jcHMu +aHRtbDAyBggrBgEFBQcCARYmaHR0cDovL3d3dy5mcmVldHNhLm9yZy9mcmVldHNh +X2Nwcy5wZGYwRwYIKwYBBQUHAgIwOxo5RnJlZVRTQSB0cnVzdGVkIHRpbWVzdGFt +cGluZyBTb2Z0d2FyZSBhcyBhIFNlcnZpY2UgKFNhYVMpMA0GCSqGSIb3DQEBDQUA +A4ICAQClyUTixvrAoU2TCn/QoLFytB/BSDw+lXxoorzZuXZPGpUBYf1yRy1Bpe7S +d3hiA7VCIkD7OibN4XYIe2+xAR30zBniVxqkoFEQlmXpTEb1C9Kt7mrEE34lGyWj +navaRRUV2P+eByCejsILeHT34aDt58AJN/6EozT4syZc7S2O2d9hOWWDZ3/rOCwe +47I+bqXwXfMN57n4kAXSUmb2EvOci09tq6bXv7rBljK5Bjcyn1Km8GahDkPqqB+E +mmxf4/6LXqIydfaH8gUuUC6mwwdipmjM4Hhx3Y6X4xW7qSniVYmXegoxLOlsUQax +Q3x3nys2GxgoiPPuiiNDdPoGPpVhkmJ/fEMQc5ZdEmCSjroAnoA0Ka4yTPlvBCNU +83vKWv3cefeTRqs4i/x58B3JhhJU6mzBKZQQdrg9IFVvO+UTJoN/KHb3gzs3Dnw9 +QQUjgn1PU0AMciGNdSKf8QxviJOpo6HAxCu0yJjBPfQcf2VztPxWUVlxphCnsNKF +fIIlqfsgTqzsouiXGqGvh4hqKuPHL+CgquhCmAp3vvFrkhFUWAkNmCtZRmA3ZOda +CtPRFFS5mG9ni5q2r+hJcDOuOr/U60O3vJ3uaIFZSeZIFYKoLnhSd/IoIQfv45Ag +DgUIrLjqguolBSdvPJ2io9O0rTi7+IQr2jb8JEgpH1WNwC3R4A== +-----END CERTIFICATE----- diff --git a/src/tests/data/asn1_print/output6.txt b/src/tests/data/asn1_print/output6.txt new file mode 100644 index 0000000000..d9c326af12 --- /dev/null +++ b/src/tests/data/asn1_print/output6.txt @@ -0,0 +1,145 @@ + d= 0, l=2049: SEQUENCE + d= 1, l=1513: SEQUENCE + d= 2, l= 3: cons [0] context + d= 3, l= 1: INTEGER 02 + d= 2, l= 9: INTEGER C1E986160DA8E982 + d= 2, l= 13: SEQUENCE + d= 3, l= 9: OBJECT RSA/EMSA3(SHA-512) [1.2.840.113549.1.1.13] + d= 3, l= 0: NULL + d= 2, l= 149: SEQUENCE + d= 3, l= 17: SET + d= 4, l= 15: SEQUENCE + d= 5, l= 3: OBJECT X520.Organization [2.5.4.10] + d= 5, l= 8: PRINTABLE STRING Free TSA + d= 3, l= 16: SET + d= 4, l= 14: SEQUENCE + d= 5, l= 3: OBJECT X520.OrganizationalUnit [2.5.4.11] + d= 5, l= 7: PRINTABLE STRING Root CA + d= 3, l= 24: SET + d= 4, l= 22: SEQUENCE + d= 5, l= 3: OBJECT X520.CommonName [2.5.4.3] + d= 5, l= 15: PRINTABLE STRING www.freetsa.org + d= 3, l= 34: SET + d= 4, l= 32: SEQUENCE + d= 5, l= 9: OBJECT PKCS9.EmailAddress [1.2.840.113549.1.9.1] + d= 5, l= 19: IA5 STRING busilezas@gmail.com + d= 3, l= 18: SET + d= 4, l= 16: SEQUENCE + d= 5, l= 3: OBJECT X520.Locality [2.5.4.7] + d= 5, l= 9: PRINTABLE STRING Wuerzburg + d= 3, l= 15: SET + d= 4, l= 13: SEQUENCE + d= 5, l= 3: OBJECT X520.State [2.5.4.8] + d= 5, l= 6: PRINTABLE STRING Bayern + d= 3, l= 11: SET + d= 4, l= 9: SEQUENCE + d= 5, l= 3: OBJECT X520.Country [2.5.4.6] + d= 5, l= 2: PRINTABLE STRING DE + d= 2, l= 30: SEQUENCE + d= 3, l= 13: UTC TIME 2016/03/13 01:57:39 UTC + d= 3, l= 13: UTC TIME 2026/03/11 01:57:39 UTC + d= 2, l= 265: SEQUENCE + d= 3, l= 17: SET + d= 4, l= 15: SEQUENCE + d= 5, l= 3: OBJECT X520.Organization [2.5.4.10] + d= 5, l= 8: PRINTABLE STRING Free TSA + d= 3, l= 12: SET + d= 4, l= 10: SEQUENCE + d= 5, l= 3: OBJECT X520.OrganizationalUnit [2.5.4.11] + d= 5, l= 3: PRINTABLE STRING TSA + d= 3, l= 118: SET + d= 4, l= 116: SEQUENCE + d= 5, l= 3: OBJECT 2.5.4.13 + d= 5, l= 109: PRINTABLE STRING This certificate digitally signs documents and time stamp requests made using the freetsa.org online services + d= 3, l= 24: SET + d= 4, l= 22: SEQUENCE + d= 5, l= 3: OBJECT X520.CommonName [2.5.4.3] + d= 5, l= 15: PRINTABLE STRING www.freetsa.org + d= 3, l= 34: SET + d= 4, l= 32: SEQUENCE + d= 5, l= 9: OBJECT PKCS9.EmailAddress [1.2.840.113549.1.9.1] + d= 5, l= 19: IA5 STRING busilezas@gmail.com + d= 3, l= 18: SET + d= 4, l= 16: SEQUENCE + d= 5, l= 3: OBJECT X520.Locality [2.5.4.7] + d= 5, l= 9: PRINTABLE STRING Wuerzburg + d= 3, l= 11: SET + d= 4, l= 9: SEQUENCE + d= 5, l= 3: OBJECT X520.Country [2.5.4.6] + d= 5, l= 2: PRINTABLE STRING DE + d= 3, l= 15: SET + d= 4, l= 13: SEQUENCE + d= 5, l= 3: OBJECT X520.State [2.5.4.8] + d= 5, l= 6: PRINTABLE STRING Bayern + d= 2, l= 546: SEQUENCE + d= 3, l= 13: SEQUENCE + d= 4, l= 9: OBJECT RSA [1.2.840.113549.1.1.1] + d= 4, l= 0: NULL + d= 3, l= 527: BIT STRING + d= 4, l= 522: SEQUENCE + d= 5, l= 513: INTEGER B591048C4E486F34E9DC08627FC2375162236984B82CB130BEFF517CFC38F84BCE5C65A874DAB2621AE0BCE7E33563E0EDE934FD5F8823159F07848808227460C1ED88261706F4281334359DFBB81BD1353FC179610AF1A8C8C865DC00EA23B3A89BE6BD03BA85A9EC827D60565905E22D6A584ED1380AE150280CEE397E98A012F380464007862443BC077CB95F421AF31712D9683CDB6DFFBAF3C8BA5BA566AE523D459D6177346D4D840E27886B7C01C5B890D78A2E27BBA8DD2F9A2812E157D62F921C65962548069DCDB7D06DE181DE0E9570D66F87220CE28B628AB55906F3EE0C210F7051E8F4858AF8B9A92D09E46AF2D9CBA5BFCFAD168CDF604491A4B06603B114CAF7031F065E7EEEFA53C575F3490C059D2E32DDC76AC4D4C4C710683B97FD1BE591BC61055186D88F9A0391B307B6F91ED954DAA36F9ACD6A1E14AA2E4ADF17464B54DB18DBB6FFE30080246547370436CE4E77BAE5DE6FE0F3F9D6E7FFBEB461E794E92FB0951F8AAE61A412CCE9B21074635C8BE327AE1A0F6B4A646EB0F8463BC63BF845530435D19E802511EC9F66C3496952D8BECB69B0AA4D4C41F60515FE7DCBB89319CDDA59BA6AEA4BE3CEAE718E6FCB6CCD7DB9FC50BB15B12F3665B0AA307289C2E6DD4B111CE48BA2D9EFDB5A6B9A506069334FB34F6FC7AE330F0B34208AAC80DF3266FDD90465876BA2CB898D9505315B6E7B + d= 5, l= 3: INTEGER 010001 + d= 2, l= 475: cons [3] context + d= 3, l= 471: SEQUENCE + d= 4, l= 9: SEQUENCE + d= 5, l= 3: OBJECT X509v3.BasicConstraints [2.5.29.19] + d= 5, l= 2: OCTET STRING + d= 6, l= 0: SEQUENCE + d= 4, l= 29: SEQUENCE + d= 5, l= 3: OBJECT X509v3.SubjectKeyIdentifier [2.5.29.14] + d= 5, l= 22: OCTET STRING + d= 6, l= 20: OCTET STRING 6E760B7B4E4F9CE160CA6D2CE927A2A294B37737 + d= 4, l= 31: SEQUENCE + d= 5, l= 3: OBJECT X509v3.AuthorityKeyIdentifier [2.5.29.35] + d= 5, l= 24: OCTET STRING + d= 6, l= 22: SEQUENCE + d= 7, l= 20: [0] context 8014FA550D8C346651434CF7E7B3A76C95AF7AE6A497 + d= 4, l= 11: SEQUENCE + d= 5, l= 3: OBJECT X509v3.KeyUsage [2.5.29.15] + d= 5, l= 4: OCTET STRING + d= 6, l= 2: BIT STRING C0 + d= 4, l= 22: SEQUENCE + d= 5, l= 3: OBJECT X509v3.ExtendedKeyUsage [2.5.29.37] + d= 5, l= 1: BOOLEAN true + d= 5, l= 12: OCTET STRING + d= 6, l= 10: SEQUENCE + d= 7, l= 8: OBJECT PKIX.TimeStamping [1.3.6.1.5.5.7.3.8] + d= 4, l= 99: SEQUENCE + d= 5, l= 8: OBJECT PKIX.AuthorityInformationAccess [1.3.6.1.5.5.7.1.1] + d= 5, l= 87: OCTET STRING + d= 6, l= 85: SEQUENCE + d= 7, l= 42: SEQUENCE + d= 8, l= 8: OBJECT PKIX.CertificateAuthorityIssuers [1.3.6.1.5.5.7.48.2] + d= 8, l= 30: [6] context 861E687474703A2F2F7777772E667265657473612E6F72672F7473612E637274 + d= 7, l= 39: SEQUENCE + d= 8, l= 8: OBJECT PKIX.OCSP [1.3.6.1.5.5.7.48.1] + d= 8, l= 27: [6] context 861B687474703A2F2F7777772E667265657473612E6F72673A32353630 + d= 4, l= 55: SEQUENCE + d= 5, l= 3: OBJECT X509v3.CRLDistributionPoints [2.5.29.31] + d= 5, l= 48: OCTET STRING + d= 6, l= 46: SEQUENCE + d= 7, l= 44: SEQUENCE + d= 8, l= 42: cons [0] context + d= 9, l= 40: cons [0] context + d=10, l= 38: [6] context 8626687474703A2F2F7777772E667265657473612E6F72672F63726C2F726F6F745F63612E63726C + d= 4, l= 198: SEQUENCE + d= 5, l= 3: OBJECT X509v3.CertificatePolicies [2.5.29.32] + d= 5, l= 190: OCTET STRING + d= 6, l= 187: SEQUENCE + d= 7, l= 184: SEQUENCE + d= 8, l= 1: OBJECT 0.0 + d= 8, l= 178: SEQUENCE + d= 9, l= 51: SEQUENCE + d=10, l= 8: OBJECT 1.3.6.1.5.5.7.2.1 + d=10, l= 39: IA5 STRING http://www.freetsa.org/freetsa_cps.html + d= 9, l= 50: SEQUENCE + d=10, l= 8: OBJECT 1.3.6.1.5.5.7.2.1 + d=10, l= 38: IA5 STRING http://www.freetsa.org/freetsa_cps.pdf + d= 9, l= 71: SEQUENCE + d=10, l= 8: OBJECT 1.3.6.1.5.5.7.2.2 + d=10, l= 59: SEQUENCE + d=11, l= 57: VISIBLE STRING FreeTSA trusted timestamping Software as a Service (SaaS) + d= 1, l= 13: SEQUENCE + d= 2, l= 9: OBJECT RSA/EMSA3(SHA-512) [1.2.840.113549.1.1.13] + d= 2, l= 0: NULL + d= 1, l= 513: BIT STRING A5C944E2C6FAC0A14D930A7FD0A0B172B41FC1483C3E957C68A2BCD9B9764F1A950161FD72472D41A5EED277786203B5422240FB3A26CDE176087B6FB1011DF4CC19E2571AA4A051109665E94C46F50BD2ADEE6AC4137E251B25A39DABDA451515D8FF9E07209E8EC20B7874F7E1A0EDE7C00937FE84A334F8B3265CED2D8ED9DF61396583677FEB382C1EE3B23E6EA5F05DF30DE7B9F89005D25266F612F39C8B4F6DABA6D7BFBAC19632B90637329F52A6F066A10E43EAA81F849A6C5FE3FE8B5EA23275F687F2052E502EA6C30762A668CCE07871DD8E97E315BBA929E25589977A0A312CE96C5106B1437C779F2B361B182888F3EE8A234374FA063E956192627F7C431073965D1260928EBA009E803429AE324CF96F042354F37BCA5AFDDC79F79346AB388BFC79F01DC9861254EA6CC129941076B83D20556F3BE51326837F2876F7833B370E7C3D410523827D4F53400C72218D75229FF10C6F8893A9A3A1C0C42BB4C898C13DF41C7F6573B4FC56515971A610A7B0D2857C8225A9FB204EACECA2E8971AA1AF87886A2AE3C72FE0A0AAE842980A77BEF16B92115458090D982B5946603764E75A0AD3D11454B9986F678B9AB6AFE8497033AE3ABFD4EB43B7BC9DEE68815949E6481582A82E785277F2282107EFE390200E0508ACB8EA82EA2505276F3C9DA2A3D3B4AD38BBF8842BDA36FC2448291F558DC02DD1E0 diff --git a/src/tests/test_asn1.cpp b/src/tests/test_asn1.cpp index 857754745a..ae9c1dafbb 100644 --- a/src/tests/test_asn1.cpp +++ b/src/tests/test_asn1.cpp @@ -300,7 +300,7 @@ class ASN1_Printer_Tests final : public Test Botan::ASN1_Pretty_Printer printer; - const size_t num_tests = 5; + const size_t num_tests = 6; for(size_t i = 1; i <= num_tests; ++i) { From 22ca08fca54ea9f3ae5691bb3e4e3625b7441b5d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Mar 2018 16:20:07 -0500 Subject: [PATCH 0783/1008] Fix ASN1 printer test --- src/cli/asn1.cpp | 2 +- src/tests/data/asn1_print/output6.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/cli/asn1.cpp b/src/cli/asn1.cpp index 71bea74520..8a424aad85 100644 --- a/src/cli/asn1.cpp +++ b/src/cli/asn1.cpp @@ -19,7 +19,7 @@ namespace Botan_CLI { class ASN1_Printer final : public Command { public: - ASN1_Printer() : Command("asn1print --print-limit=4096 --bin-limit=1024 --max-depth=64 --pem file") {} + ASN1_Printer() : Command("asn1print --print-context-specific --print-limit=4096 --bin-limit=2048 --max-depth=64 --pem file") {} std::string group() const override { diff --git a/src/tests/data/asn1_print/output6.txt b/src/tests/data/asn1_print/output6.txt index d9c326af12..db97ab06e8 100644 --- a/src/tests/data/asn1_print/output6.txt +++ b/src/tests/data/asn1_print/output6.txt @@ -110,10 +110,10 @@ d= 6, l= 85: SEQUENCE d= 7, l= 42: SEQUENCE d= 8, l= 8: OBJECT PKIX.CertificateAuthorityIssuers [1.3.6.1.5.5.7.48.2] - d= 8, l= 30: [6] context 861E687474703A2F2F7777772E667265657473612E6F72672F7473612E637274 + d= 8, l= 8: [6] context http://www.freetsa.org/tsa.crt d= 7, l= 39: SEQUENCE d= 8, l= 8: OBJECT PKIX.OCSP [1.3.6.1.5.5.7.48.1] - d= 8, l= 27: [6] context 861B687474703A2F2F7777772E667265657473612E6F72673A32353630 + d= 8, l= 8: [6] context http://www.freetsa.org:2560 d= 4, l= 55: SEQUENCE d= 5, l= 3: OBJECT X509v3.CRLDistributionPoints [2.5.29.31] d= 5, l= 48: OCTET STRING From 65d81676334a80829ab756725873ed62dc852c6b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Mar 2018 16:22:07 -0500 Subject: [PATCH 0784/1008] Add X509_Certificate::subject_public_key_info Fixes #277 --- src/lib/x509/x509cert.cpp | 13 ++++++++++--- src/lib/x509/x509cert.h | 6 ++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 66921ed66d..d47021247e 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -32,6 +32,7 @@ struct X509_Certificate_Data X509_Time m_not_before; X509_Time m_not_after; std::vector m_subject_public_key_bits; + std::vector m_subject_public_key_bits_seq; std::vector m_subject_public_key_bitstring; std::vector m_subject_public_key_bitstring_sha1; AlgorithmIdentifier m_subject_public_key_algid; @@ -186,6 +187,8 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); + data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits); + BER_Decoder(data->m_subject_public_key_bits) .decode(data->m_subject_public_key_algid) .decode(data->m_subject_public_key_bitstring, BIT_STRING); @@ -280,8 +283,7 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o try { - std::unique_ptr pub_key( - X509::load_key(ASN1::put_in_sequence(data->m_subject_public_key_bits))); + std::unique_ptr pub_key(X509::load_key(data->m_subject_public_key_bits_seq)); Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); @@ -375,6 +377,11 @@ const std::vector& X509_Certificate::subject_public_key_bits() const return data().m_subject_public_key_bits; } +const std::vector& X509_Certificate::subject_public_key_info() const + { + return data().m_subject_public_key_bits_seq; + } + const std::vector& X509_Certificate::subject_public_key_bitstring() const { return data().m_subject_public_key_bitstring; @@ -632,7 +639,7 @@ std::unique_ptr X509_Certificate::load_subject_public_key() const { try { - return std::unique_ptr(X509::load_key(ASN1::put_in_sequence(this->subject_public_key_bits()))); + return std::unique_ptr(X509::load_key(subject_public_key_info())); } catch(std::exception& e) { diff --git a/src/lib/x509/x509cert.h b/src/lib/x509/x509cert.h index 637efd569a..34be10e680 100644 --- a/src/lib/x509/x509cert.h +++ b/src/lib/x509/x509cert.h @@ -69,6 +69,12 @@ class BOTAN_PUBLIC_API(2,0) X509_Certificate : public X509_Object */ const std::vector& subject_public_key_bits() const; + /** + * Get the SubjectPublicKeyInfo associated with this certificate. + * @return subject public key info of this certificate + */ + const std::vector& subject_public_key_info() const; + /** * Return the algorithm identifier of the public key */ From 03a44b499a12bc4f965bf37f1625e09e7de2340c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Mar 2018 18:08:09 -0500 Subject: [PATCH 0785/1008] Avoid std::bind in Channel::received_data Lambda works just as well here. GH #493 --- src/lib/tls/tls_channel.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index e92b298deb..6e3e5987b4 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -314,8 +314,7 @@ size_t Channel::received_data(const uint8_t input[], size_t input_size) raw_input, record, m_sequence_numbers.get(), - std::bind(&TLS::Channel::read_cipher_state_epoch, this, - std::placeholders::_1)); + [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); }); BOTAN_ASSERT(consumed > 0, "Got to eat something"); From c7ad5439326d64c7fab30067aa5ced67583b0aad Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 05:58:05 -0500 Subject: [PATCH 0786/1008] Include AKID in generated self signed certificates GH #1007 --- src/lib/x509/x509_ext.h | 3 ++- src/lib/x509/x509self.cpp | 13 ++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 7c8a8569c1..6e71fb8797 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -346,6 +346,8 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension public: Subject_Key_ID() = default; + explicit Subject_Key_ID(const std::vector& k) : m_key_id(k) {} + Subject_Key_ID(const std::vector& public_key, const std::string& hash_fn); @@ -358,7 +360,6 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension OID oid_of() const override { return static_oid(); } private: - explicit Subject_Key_ID(const std::vector& k) : m_key_id(k) {} std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index 78cdfe741e..418fd85a45 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -1,6 +1,6 @@ /* * PKCS #10/Self Signed Cert Creation -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2008,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -11,6 +11,7 @@ #include #include #include +#include namespace Botan { @@ -52,7 +53,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, // for now, only the padding option is used std::map sig_opts = { {"padding",opts.padding_scheme} }; - std::vector pub_key = X509::BER_encode(key); + const std::vector pub_key = X509::BER_encode(key); std::unique_ptr signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -78,7 +79,13 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, extensions.add_new(new Cert_Extension::Key_Usage(constraints), true); } - extensions.add_new(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn)); + std::unique_ptr hash(HashFunction::create_or_throw(hash_fn)); + hash->update(pub_key); + std::vector skid(hash->output_length()); + hash->final(skid.data()); + + extensions.add_new(new Cert_Extension::Subject_Key_ID(skid)); + extensions.add_new(new Cert_Extension::Authority_Key_ID(skid)); extensions.add_new( new Cert_Extension::Subject_Alternative_Name(subject_alt)); From 7946a5cd5ef1f9b9eddea32ec2ac0abd7e64f6be Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 06:54:58 -0500 Subject: [PATCH 0787/1008] Replace BigInt::random_integer test with a Chi-square test GH #1476 --- src/tests/data/bn/random.vec | 10 ++++ src/tests/test_bigint.cpp | 93 ++++++++++++++++++++---------------- 2 files changed, 62 insertions(+), 41 deletions(-) create mode 100644 src/tests/data/bn/random.vec diff --git a/src/tests/data/bn/random.vec b/src/tests/data/bn/random.vec new file mode 100644 index 0000000000..a8961fea95 --- /dev/null +++ b/src/tests/data/bn/random.vec @@ -0,0 +1,10 @@ + +Seed = 1010 +Min = 0 +Max = 1000 +Output = 16 + +Seed = 802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802 +Min = 1 +Max = 0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Output = 0x2802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802802 diff --git a/src/tests/test_bigint.cpp b/src/tests/test_bigint.cpp index f63cce7feb..b095c8a6aa 100644 --- a/src/tests/test_bigint.cpp +++ b/src/tests/test_bigint.cpp @@ -11,6 +11,7 @@ #include #include #include + #include "test_rng.h" #endif namespace Botan_Tests { @@ -138,55 +139,40 @@ class BigInt_Unit_Tests final : public Test result.start_timer(); - // A value of 500 caused a non-negligible amount of test failures - const size_t ITERATIONS_PER_POSSIBLE_VALUE = 750; + const size_t SAMPLES = 50000; - std::vector min_ranges{ 0 }; - std::vector max_ranges{ 10 }; + const uint64_t range_min = 0; + const uint64_t range_max = 100; - if(Test::run_long_tests()) - { - // This gets slow quickly: - min_ranges.push_back(7); - max_ranges.push_back(113); - } - - for(size_t range_min : min_ranges) - { - for(size_t range_max : max_ranges) - { - if(range_min >= range_max) - { - continue; - } + /* + * We have a range of 0...100 thus 100 degrees of freedom. + * This bound is 99.9% probability of non-uniform + */ + const double CHI_CRIT = 148.230; - std::vector counts(range_max - range_min); + std::map counts; - for(size_t i = 0; i != counts.size() * ITERATIONS_PER_POSSIBLE_VALUE; ++i) - { - uint32_t r = BigInt::random_integer(Test::rng(), range_min, range_max).to_u32bit(); - result.test_gte("random_integer", r, range_min); - result.test_lt("random_integer", r, range_max); - counts[r - range_min] += 1; - } + for(size_t i = 0; i != SAMPLES; ++i) + { + uint32_t r = BigInt::random_integer(Test::rng(), range_min, range_max).to_u32bit(); + counts[r] += 1; + } - for(const auto count : counts) - { - double ratio = static_cast(count) / ITERATIONS_PER_POSSIBLE_VALUE; + // Chi-square test + const double expected = static_cast(SAMPLES) / (range_max - range_min); + double chi2 = 0; - if(ratio >= 0.85 && ratio <= 1.15) // +/-15 % - { - result.test_success("distribution within expected range"); - } - else - { - result.test_failure("distribution ratio outside expected range (+/-15 %): " + - std::to_string(ratio)); - } - } - } + for(auto sample : counts) + { + const double count = sample.second; + chi2 += ((count - expected)*(count - expected)) / expected; } + if(chi2 >= CHI_CRIT) + result.test_failure("Failed Chi-square test, value " + std::to_string(chi2)); + else + result.test_success("Passed Chi-square test, value " + std::to_string(chi2)); + result.end_timer(); return result; @@ -646,6 +632,31 @@ class BigInt_InvMod_Test final : public Text_Based_Test BOTAN_REGISTER_TEST("bn_invmod", BigInt_InvMod_Test); +class BigInt_Rand_Test final : public Text_Based_Test + { + public: + BigInt_Rand_Test() : Text_Based_Test("bn/random.vec", "Seed,Min,Max,Output") {} + + Test::Result run_one_test(const std::string&, const VarMap& vars) override + { + Test::Result result("BigInt Random"); + + const std::vector seed = get_req_bin(vars, "Seed"); + const Botan::BigInt min = get_req_bn(vars, "Min"); + const Botan::BigInt max = get_req_bn(vars, "Max"); + const Botan::BigInt expected = get_req_bn(vars, "Output"); + + Fixed_Output_RNG rng(seed); + Botan::BigInt generated = BigInt::random_integer(rng, min, max); + + result.test_eq("random_integer KAT", generated, expected); + + return result; + } + }; + +BOTAN_REGISTER_TEST("bn_rand", BigInt_Rand_Test); + class DSA_ParamGen_Test final : public Text_Based_Test { public: From ffb68f149f1c8b3905db96090e510181e35f668f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 07:01:01 -0500 Subject: [PATCH 0788/1008] Ensure exception types are exported from DLL GH #983 --- src/lib/ffi/ffi_util.h | 2 +- src/lib/prov/openssl/openssl.h | 2 +- src/lib/prov/pkcs11/p11.h | 4 ++-- src/lib/prov/tpm/tpm.h | 2 +- src/lib/utils/safeint.h | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/ffi/ffi_util.h b/src/lib/ffi/ffi_util.h index e49002e62f..9ff1b0e2f2 100644 --- a/src/lib/ffi/ffi_util.h +++ b/src/lib/ffi/ffi_util.h @@ -15,7 +15,7 @@ namespace Botan_FFI { -class FFI_Error final : public Botan::Exception +class BOTAN_UNSTABLE_API FFI_Error final : public Botan::Exception { public: explicit FFI_Error(const std::string& what) : Exception("FFI error", what) {} diff --git a/src/lib/prov/openssl/openssl.h b/src/lib/prov/openssl/openssl.h index 89bd0b1a79..2cb581bb33 100644 --- a/src/lib/prov/openssl/openssl.h +++ b/src/lib/prov/openssl/openssl.h @@ -30,7 +30,7 @@ class HashFunction; class RandomNumberGenerator; enum Cipher_Dir : int; -class OpenSSL_Error final : public Exception +class BOTAN_PUBLIC_API(2,0) OpenSSL_Error final : public Exception { public: OpenSSL_Error(const std::string& what) : diff --git a/src/lib/prov/pkcs11/p11.h b/src/lib/prov/pkcs11/p11.h index 50294d214e..a1f85af458 100644 --- a/src/lib/prov/pkcs11/p11.h +++ b/src/lib/prov/pkcs11/p11.h @@ -2821,7 +2821,7 @@ class BOTAN_PUBLIC_API(2,0) LowLevel const FunctionListPtr m_func_list_ptr; }; -class PKCS11_Error : public Exception +class BOTAN_PUBLIC_API(2,0) PKCS11_Error : public Exception { public: explicit PKCS11_Error(const std::string& what) : @@ -2830,7 +2830,7 @@ class PKCS11_Error : public Exception } }; -class PKCS11_ReturnError final : public PKCS11_Error +class BOTAN_PUBLIC_API(2,0) PKCS11_ReturnError final : public PKCS11_Error { public: explicit PKCS11_ReturnError(ReturnValue return_val) : diff --git a/src/lib/prov/tpm/tpm.h b/src/lib/prov/tpm/tpm.h index 8026340560..bb215a4763 100644 --- a/src/lib/prov/tpm/tpm.h +++ b/src/lib/prov/tpm/tpm.h @@ -21,7 +21,7 @@ namespace Botan { -class TPM_Error final : public Exception +class BOTAN_PUBLIC_API(2,0) TPM_Error final : public Exception { public: TPM_Error(const std::string& err) : Exception(err) {} diff --git a/src/lib/utils/safeint.h b/src/lib/utils/safeint.h index 86567db728..377f134187 100644 --- a/src/lib/utils/safeint.h +++ b/src/lib/utils/safeint.h @@ -13,7 +13,7 @@ namespace Botan { -class Integer_Overflow_Detected final : public Exception +class BOTAN_PUBLIC_API(2,0) Integer_Overflow_Detected final : public Exception { public: Integer_Overflow_Detected(const std::string& file, int line) : From cdd93a156d249ba721e74ec52bc1c13afc9921b1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 07:04:17 -0500 Subject: [PATCH 0789/1008] Handle cert.subject_info("Email") GH #1446 --- src/lib/x509/x509cert.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index d47021247e..7a49e479fa 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -583,6 +583,9 @@ const AlternativeName& X509_Certificate::issuer_alt_name() const std::vector X509_Certificate::subject_info(const std::string& req) const { + if(req == "Email") + return this->subject_info("RFC822"); + if(subject_dn().has_field(req)) return subject_dn().get_attribute(req); From d1c861c280d973990c25996ab8558e784283325b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 07:48:55 -0500 Subject: [PATCH 0790/1008] Extend speed to support ratio of CPU clocks This is to handle machines (like POWER8) where the CPU clock cycles increment at a slower rate than the actual machine clocks. GH #1460 --- src/cli/speed.cpp | 319 +++++++++++++++++++++++++--------------------- 1 file changed, 173 insertions(+), 146 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 94dc08eb0e..209e8d68ad 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1,5 +1,5 @@ /* -* (C) 2009,2010,2014,2015,2017 Jack Lloyd +* (C) 2009,2010,2014,2015,2017,2018 Jack Lloyd * (C) 2015 Simon Warta (Kullo GmbH) * * Botan is released under the Simplified BSD License (see license.txt) @@ -113,21 +113,18 @@ class Timer final { public: Timer(const std::string& name, - uint64_t event_mult = 1, - const std::string& doing = "", - const std::string& provider = "", - size_t buf_size = 0) + const std::string& provider, + const std::string& doing, + uint64_t event_mult, + size_t buf_size, + double clock_cycle_ratio) : m_name(name + ((provider.empty() || provider == "base") ? "" : " [" + provider + "]")) , m_doing(doing) , m_buf_size(buf_size) , m_event_mult(event_mult) + , m_clock_cycle_ratio(clock_cycle_ratio) {} - Timer(const std::string& name, - const std::string& provider, - const std::string& doing) - : Timer(name, 1, doing, provider, 0) {} - Timer(const Timer& other) = default; static uint64_t get_system_timestamp_ns() @@ -283,6 +280,7 @@ class Timer final std::string m_name, m_doing; size_t m_buf_size; uint64_t m_event_mult; + double m_clock_cycle_ratio; // set at runtime std::string m_custom_msg; @@ -310,7 +308,7 @@ void Timer::stop() uint64_t cycles_taken = Timer::get_cpu_cycle_counter() - m_cpu_cycles_start; if(cycles_taken > 0) { - m_cpu_cycles_used += cycles_taken; + m_cpu_cycles_used += static_cast(cycles_taken * m_clock_cycle_ratio); } } @@ -576,7 +574,7 @@ class Speed final : public Command { public: Speed() - : Command("speed --msec=300 --format=default --provider= --buf-size=1024 --clear-cpuid= --ecc-groups= *algos") {} + : Command("speed --msec=500 --format=default --ecc-groups= --provider= --buf-size=1024 --clear-cpuid= --cpu-clock-ratio=1.0 *algos") {} std::vector default_benchmark_list() { @@ -681,6 +679,18 @@ class Speed final : public Command const std::string provider = get_arg("provider"); std::vector ecc_groups = Botan::split_on(get_arg("ecc-groups"), ','); const std::string format = get_arg("format"); + const std::string clock_ratio = get_arg("cpu-clock-ratio"); + + m_clock_cycle_ratio = std::strtod(clock_ratio.c_str(), nullptr); + + /* + * This argument is intended to be the ratio between the cycle counter + * and the actual machine cycles. It is extremely unlikely that there is + * any machine where the cycle counter increments faster than the actual + * clock. + */ + if(m_clock_cycle_ratio < 0.0 || m_clock_cycle_ratio > 1.0) + throw CLI_Usage_Error("Unlikely CPU clock ratio of " + clock_ratio); if(format == "table") m_summary.reset(new Summary); @@ -952,20 +962,21 @@ class Speed final : public Command private: + double m_clock_cycle_ratio; std::unique_ptr m_summary; std::unique_ptr m_json; - void record_result(const Timer& t) + void record_result(const std::unique_ptr& t) { if(m_json) { - m_json->add(t); + m_json->add(*t); } else { - output() << t.to_string() << std::flush; + output() << t->to_string() << std::flush; if(m_summary) - m_summary->add(t); + m_summary->add(*t); } } @@ -996,17 +1007,33 @@ class Speed final : public Command } } + std::unique_ptr make_timer(const std::string& name, + uint64_t event_mult = 1, + const std::string& what = "", + const std::string& provider = "", + size_t buf_size = 0) + { + return std::unique_ptr( + new Timer(name, provider, what, event_mult, buf_size, m_clock_cycle_ratio)); + } + + std::unique_ptr make_timer(const std::string& algo, + const std::string& provider, + const std::string& what) + { + return make_timer(algo, 1, what, provider, 0); + } + #if defined(BOTAN_HAS_BLOCK_CIPHER) void bench_block_cipher(Botan::BlockCipher& cipher, const std::string& provider, std::chrono::milliseconds runtime, const std::vector& buf_sizes) { - - Timer ks_timer(cipher.name(), provider, "key schedule"); + std::unique_ptr ks_timer = make_timer(cipher.name(), provider, "key schedule"); const Botan::SymmetricKey key(rng(), cipher.maximum_keylength()); - ks_timer.run([&]() { cipher.set_key(key); }); + ks_timer->run([&]() { cipher.set_key(key); }); const size_t bs = cipher.block_size(); std::set buf_sizes_in_blocks; @@ -1022,13 +1049,13 @@ class Speed final : public Command { std::vector buffer(buf_size); - Timer encrypt_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); - Timer decrypt_timer(cipher.name(), buffer.size(), "decrypt", provider, buf_size); + std::unique_ptr encrypt_timer = make_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); + std::unique_ptr decrypt_timer = make_timer(cipher.name(), buffer.size(), "decrypt", provider, buf_size); - encrypt_timer.run_until_elapsed(runtime, [&]() { cipher.encrypt(buffer); }); + encrypt_timer->run_until_elapsed(runtime, [&]() { cipher.encrypt(buffer); }); record_result(encrypt_timer); - decrypt_timer.run_until_elapsed(runtime, [&]() { cipher.decrypt(buffer); }); + decrypt_timer->run_until_elapsed(runtime, [&]() { cipher.decrypt(buffer); }); record_result(decrypt_timer); } } @@ -1045,7 +1072,7 @@ class Speed final : public Command { Botan::secure_vector buffer = rng().random_vec(buf_size); - Timer encrypt_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); + std::unique_ptr encrypt_timer = make_timer(cipher.name(), buffer.size(), "encrypt", provider, buf_size); const Botan::SymmetricKey key(rng(), cipher.maximum_keylength()); cipher.set_key(key); @@ -1056,9 +1083,9 @@ class Speed final : public Command cipher.set_iv(iv.begin(), iv.size()); } - while(encrypt_timer.under(runtime)) + while(encrypt_timer->under(runtime)) { - encrypt_timer.run([&]() { cipher.encipher(buffer); }); + encrypt_timer->run([&]() { cipher.encipher(buffer); }); } record_result(encrypt_timer); @@ -1079,8 +1106,8 @@ class Speed final : public Command { Botan::secure_vector buffer = rng().random_vec(buf_size); - Timer timer(hash.name(), buffer.size(), "hash", provider, buf_size); - timer.run_until_elapsed(runtime, [&]() { hash.update(buffer); hash.final(output.data()); }); + std::unique_ptr timer = make_timer(hash.name(), buffer.size(), "hash", provider, buf_size); + timer->run_until_elapsed(runtime, [&]() { hash.update(buffer); hash.final(output.data()); }); record_result(timer); } } @@ -1103,9 +1130,9 @@ class Speed final : public Command mac.set_key(key); mac.start(nullptr, 0); - Timer timer(mac.name(), buffer.size(), "mac", provider, buf_size); - timer.run_until_elapsed(runtime, [&]() { mac.update(buffer); }); - timer.run([&]() { mac.final(output.data()); }); + std::unique_ptr timer = make_timer(mac.name(), buffer.size(), "mac", provider, buf_size); + timer->run_until_elapsed(runtime, [&]() { mac.update(buffer); }); + timer->run([&]() { mac.final(output.data()); }); record_result(timer); } } @@ -1118,12 +1145,12 @@ class Speed final : public Command const std::chrono::milliseconds runtime, const std::vector& buf_sizes) { - Timer ks_timer(enc.name(), enc.provider(), "key schedule"); + std::unique_ptr ks_timer = make_timer(enc.name(), enc.provider(), "key schedule"); const Botan::SymmetricKey key(rng(), enc.key_spec().maximum_keylength()); - ks_timer.run([&]() { enc.set_key(key); }); - ks_timer.run([&]() { dec.set_key(key); }); + ks_timer->run([&]() { enc.set_key(key); }); + ks_timer->run([&]() { dec.set_key(key); }); record_result(ks_timer); @@ -1131,19 +1158,19 @@ class Speed final : public Command { Botan::secure_vector buffer = rng().random_vec(buf_size); - Timer encrypt_timer(enc.name(), buffer.size(), "encrypt", enc.provider(), buf_size); - Timer decrypt_timer(dec.name(), buffer.size(), "decrypt", dec.provider(), buf_size); + std::unique_ptr encrypt_timer = make_timer(enc.name(), buffer.size(), "encrypt", enc.provider(), buf_size); + std::unique_ptr decrypt_timer = make_timer(dec.name(), buffer.size(), "decrypt", dec.provider(), buf_size); Botan::secure_vector iv = rng().random_vec(enc.default_nonce_length()); if(buf_size >= enc.minimum_final_size()) { - while(encrypt_timer.under(runtime) && decrypt_timer.under(runtime)) + while(encrypt_timer->under(runtime) && decrypt_timer->under(runtime)) { // Must run in this order, or AEADs will reject the ciphertext - encrypt_timer.run([&]() { enc.start(iv); enc.finish(buffer); }); + encrypt_timer->run([&]() { enc.start(iv); enc.finish(buffer); }); - decrypt_timer.run([&]() { dec.start(iv); dec.finish(buffer); }); + decrypt_timer->run([&]() { dec.start(iv); dec.finish(buffer); }); if(iv.size() > 0) { @@ -1172,8 +1199,8 @@ class Speed final : public Command rng.reseed_from_rng(Botan::system_rng(), 256); #endif - Timer timer(rng_name, buffer.size(), "generate", "", buf_size); - timer.run_until_elapsed(runtime, [&]() { rng.randomize(buffer.data(), buffer.size()); }); + std::unique_ptr timer = make_timer(rng_name, buffer.size(), "generate", "", buf_size); + timer->run_until_elapsed(runtime, [&]() { rng.randomize(buffer.data(), buffer.size()); }); record_result(timer); } } @@ -1187,8 +1214,8 @@ class Speed final : public Command size_t entropy_bits = 0; Botan_Tests::SeedCapturing_RNG rng; - Timer timer(src, "", "bytes"); - timer.run([&]() { entropy_bits = srcs.poll_just(rng, src); }); + std::unique_ptr timer = make_timer(src, "", "bytes"); + timer->run([&]() { entropy_bits = srcs.poll_just(rng, src); }); size_t compressed_size = 0; @@ -1209,7 +1236,7 @@ class Speed final : public Command std::ostringstream msg; msg << "Entropy source " << src << " output " << rng.seed_material().size() << " bytes" - << " estimated entropy " << entropy_bits << " in " << timer.milliseconds() << " ms"; + << " estimated entropy " << entropy_bits << " in " << timer->milliseconds() << " ms"; if(compressed_size > 0) { @@ -1218,7 +1245,7 @@ class Speed final : public Command msg << " total samples " << rng.samples() << "\n"; - timer.set_custom_msg(msg.str()); + timer->set_custom_msg(msg.str()); record_result(timer); } @@ -1231,8 +1258,8 @@ class Speed final : public Command { const Botan::EC_Group group(group_name); - Timer mult_timer(group_name + " scalar mult"); - Timer blinded_mult_timer(group_name + " blinded scalar mult"); + std::unique_ptr mult_timer = make_timer(group_name + " scalar mult"); + std::unique_ptr blinded_mult_timer = make_timer(group_name + " blinded scalar mult"); const Botan::BigInt scalar(rng(), group.get_p_bits()); const Botan::PointGFp& base_point = group.get_base_point(); @@ -1241,11 +1268,11 @@ class Speed final : public Command std::vector ws; - while(blinded_mult_timer.under(runtime)) + while(blinded_mult_timer->under(runtime)) { - const Botan::PointGFp r1 = mult_timer.run([&]() { return base_point * scalar; }); + const Botan::PointGFp r1 = mult_timer->run([&]() { return base_point * scalar; }); - const Botan::PointGFp r2 = blinded_mult_timer.run( + const Botan::PointGFp r2 = blinded_mult_timer->run( [&]() { return scalar_mult.mul(scalar, group.get_order(), rng(), ws); }); BOTAN_ASSERT_EQUAL(r1, r2, "Same point computed by both methods"); @@ -1258,22 +1285,22 @@ class Speed final : public Command void bench_os2ecp(const std::vector& groups, const std::chrono::milliseconds runtime) { - Timer uncmp_timer("OS2ECP uncompressed"); - Timer cmp_timer("OS2ECP compressed"); + std::unique_ptr uncmp_timer = make_timer("OS2ECP uncompressed"); + std::unique_ptr cmp_timer = make_timer("OS2ECP compressed"); for(std::string group_name : groups) { const Botan::EC_Group group(group_name); - while(uncmp_timer.under(runtime) && cmp_timer.under(runtime)) + while(uncmp_timer->under(runtime) && cmp_timer->under(runtime)) { const Botan::BigInt k(rng(), 256); const Botan::PointGFp p = group.get_base_point() * k; const Botan::secure_vector os_cmp = Botan::EC2OSP(p, Botan::PointGFp::COMPRESSED); const Botan::secure_vector os_uncmp = Botan::EC2OSP(p, Botan::PointGFp::UNCOMPRESSED); - uncmp_timer.run([&]() { group.OS2ECP(os_uncmp); }); - cmp_timer.run([&]() { group.OS2ECP(os_cmp); }); + uncmp_timer->run([&]() { group.OS2ECP(os_uncmp); }); + cmp_timer->run([&]() { group.OS2ECP(os_cmp); }); } record_result(uncmp_timer); @@ -1289,8 +1316,8 @@ class Speed final : public Command { const Botan::BigInt n = 1000000000000000; - Timer enc_timer("FPE_FE1 encrypt"); - Timer dec_timer("FPE_FE1 decrypt"); + std::unique_ptr enc_timer = make_timer("FPE_FE1 encrypt"); + std::unique_ptr dec_timer = make_timer("FPE_FE1 decrypt"); const Botan::SymmetricKey key(rng(), 32); const std::vector tweak(8); // 8 zeros @@ -1300,18 +1327,18 @@ class Speed final : public Command Botan::FPE_FE1 fpe_fe1(n, 3, "HMAC(SHA-256)"); fpe_fe1.set_key(key); - while(enc_timer.under(runtime)) + while(enc_timer->under(runtime)) { - enc_timer.start(); + enc_timer->start(); x = fpe_fe1.encrypt(x, tweak.data(), tweak.size()); - enc_timer.stop(); + enc_timer->stop(); } - for(size_t i = 0; i != enc_timer.events(); ++i) + for(size_t i = 0; i != enc_timer->events(); ++i) { - dec_timer.start(); + dec_timer->start(); x = fpe_fe1.decrypt(x, tweak.data(), tweak.size()); - dec_timer.stop(); + dec_timer->stop(); } BOTAN_ASSERT(x == 1, "FPE works"); @@ -1325,21 +1352,21 @@ class Speed final : public Command void bench_rfc3394(const std::chrono::milliseconds runtime) { - Timer wrap_timer("RFC3394 AES-256 key wrap"); - Timer unwrap_timer("RFC3394 AES-256 key unwrap"); + std::unique_ptr wrap_timer = make_timer("RFC3394 AES-256 key wrap"); + std::unique_ptr unwrap_timer = make_timer("RFC3394 AES-256 key unwrap"); const Botan::SymmetricKey kek(rng(), 32); Botan::secure_vector key(64, 0); - while(wrap_timer.under(runtime)) + while(wrap_timer->under(runtime)) { - wrap_timer.start(); + wrap_timer->start(); key = Botan::rfc3394_keywrap(key, kek); - wrap_timer.stop(); + wrap_timer->stop(); - unwrap_timer.start(); + unwrap_timer->start(); key = Botan::rfc3394_keyunwrap(key, kek); - unwrap_timer.stop(); + unwrap_timer->stop(); key[0] += 1; } @@ -1364,13 +1391,13 @@ class Speed final : public Command const Botan::BigInt random_e(rng(), e_bits); const Botan::BigInt random_f(rng(), f_bits); - Timer e_timer(group_bits_str + " short exponent", "", "modexp"); - Timer f_timer(group_bits_str + " full exponent", "", "modexp"); + std::unique_ptr e_timer = make_timer(group_bits_str + " short exponent", "", "modexp"); + std::unique_ptr f_timer = make_timer(group_bits_str + " full exponent", "", "modexp"); - while(f_timer.under(runtime)) + while(f_timer->under(runtime)) { - e_timer.run([&]() { Botan::power_mod(group.get_g(), random_e, group.get_p()); }); - f_timer.run([&]() { Botan::power_mod(group.get_g(), random_f, group.get_p()); }); + e_timer->run([&]() { Botan::power_mod(group.get_g(), random_e, group.get_p()); }); + f_timer->run([&]() { Botan::power_mod(group.get_g(), random_f, group.get_p()); }); } record_result(e_timer); @@ -1386,18 +1413,18 @@ class Speed final : public Command p.set_bit(521); p--; - Timer barrett_timer("Barrett"); - Timer schoolbook_timer("Schoolbook"); + std::unique_ptr barrett_timer = make_timer("Barrett"); + std::unique_ptr schoolbook_timer = make_timer("Schoolbook"); Botan::Modular_Reducer mod_p(p); - while(schoolbook_timer.under(runtime)) + while(schoolbook_timer->under(runtime)) { const Botan::BigInt x(rng(), p.bits() * 2 - 2); - const Botan::BigInt r1 = barrett_timer.run( + const Botan::BigInt r1 = barrett_timer->run( [&] { return mod_p.reduce(x); }); - const Botan::BigInt r2 = schoolbook_timer.run( + const Botan::BigInt r2 = schoolbook_timer->run( [&] { return x % p; }); BOTAN_ASSERT(r1 == r2, "Computed different results"); @@ -1413,33 +1440,33 @@ class Speed final : public Command p.set_bit(521); p--; - Timer invmod_timer("inverse_euclid"); - Timer monty_timer("montgomery_inverse"); - Timer ct_invmod_timer("ct_inverse_mod"); - Timer powm_timer("exponentiation"); + std::unique_ptr invmod_timer = make_timer("inverse_euclid"); + std::unique_ptr monty_timer = make_timer("montgomery_inverse"); + std::unique_ptr ct_invmod_timer = make_timer("ct_inverse_mod"); + std::unique_ptr powm_timer = make_timer("exponentiation"); Botan::Fixed_Exponent_Power_Mod powm_p(p - 2, p); - while(invmod_timer.under(runtime)) + while(invmod_timer->under(runtime)) { const Botan::BigInt x(rng(), p.bits() - 1); - const Botan::BigInt x_inv1 = invmod_timer.run([&] + const Botan::BigInt x_inv1 = invmod_timer->run([&] { return Botan::inverse_euclid(x + p, p); }); - const Botan::BigInt x_inv2 = monty_timer.run([&] + const Botan::BigInt x_inv2 = monty_timer->run([&] { return Botan::normalized_montgomery_inverse(x, p); }); - const Botan::BigInt x_inv3 = ct_invmod_timer.run([&] + const Botan::BigInt x_inv3 = ct_invmod_timer->run([&] { return Botan::ct_inverse_mod_odd_modulus(x, p); }); - const Botan::BigInt x_inv4 = powm_timer.run([&] + const Botan::BigInt x_inv4 = powm_timer->run([&] { return powm_p(x); }); @@ -1461,17 +1488,17 @@ class Speed final : public Command for(size_t bits : { 1024, 1536 }) { - Timer genprime_timer("random_prime " + std::to_string(bits)); - Timer is_prime_timer("is_prime " + std::to_string(bits)); + std::unique_ptr genprime_timer = make_timer("random_prime " + std::to_string(bits)); + std::unique_ptr is_prime_timer = make_timer("is_prime " + std::to_string(bits)); - while(genprime_timer.under(runtime) && is_prime_timer.under(runtime)) + while(genprime_timer->under(runtime) && is_prime_timer->under(runtime)) { - const Botan::BigInt p = genprime_timer.run([&] + const Botan::BigInt p = genprime_timer->run([&] { return Botan::random_prime(rng(), bits, coprime); }); - const bool ok = is_prime_timer.run([&] + const bool ok = is_prime_timer->run([&] { return Botan::is_prime(p, rng(), 64, true); }); @@ -1485,7 +1512,7 @@ class Speed final : public Command // Now test p+2, p+4, ... which may or may not be prime for(size_t i = 2; i != 64; i += 2) { - is_prime_timer.run([&]() { Botan::is_prime(p, rng(), 64, true); }); + is_prime_timer->run([&]() { Botan::is_prime(p, rng(), 64, true); }); } } @@ -1508,21 +1535,21 @@ class Speed final : public Command Botan::PK_Encryptor_EME enc(key, rng(), padding, provider); Botan::PK_Decryptor_EME dec(key, rng(), padding, provider); - Timer enc_timer(nm + " " + padding, provider, "encrypt"); - Timer dec_timer(nm + " " + padding, provider, "decrypt"); + std::unique_ptr enc_timer = make_timer(nm + " " + padding, provider, "encrypt"); + std::unique_ptr dec_timer = make_timer(nm + " " + padding, provider, "decrypt"); - while(enc_timer.under(msec) || dec_timer.under(msec)) + while(enc_timer->under(msec) || dec_timer->under(msec)) { // Generate a new random ciphertext to decrypt - if(ciphertext.empty() || enc_timer.under(msec)) + if(ciphertext.empty() || enc_timer->under(msec)) { plaintext = unlock(rng().random_vec(enc.maximum_input_size())); - ciphertext = enc_timer.run([&]() { return enc.encrypt(plaintext, rng()); }); + ciphertext = enc_timer->run([&]() { return enc.encrypt(plaintext, rng()); }); } - if(dec_timer.under(msec)) + if(dec_timer->under(msec)) { - auto dec_pt = dec_timer.run([&]() { return dec.decrypt(ciphertext); }); + auto dec_pt = dec_timer->run([&]() { return dec.decrypt(ciphertext); }); if(dec_pt != plaintext) // sanity check { @@ -1543,13 +1570,13 @@ class Speed final : public Command { const std::string kdf = "KDF2(SHA-256)"; // arbitrary choice - Timer keygen_timer(nm, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(nm, provider, "keygen"); - std::unique_ptr key1(keygen_timer.run([&] + std::unique_ptr key1(keygen_timer->run([&] { return Botan::create_private_key(algo, rng(), params); })); - std::unique_ptr key2(keygen_timer.run([&] + std::unique_ptr key2(keygen_timer->run([&] { return Botan::create_private_key(algo, rng(), params); })); @@ -1565,12 +1592,12 @@ class Speed final : public Command const std::vector ka1_pub = ka_key1.public_value(); const std::vector ka2_pub = ka_key2.public_value(); - Timer ka_timer(nm, provider, "key agreements"); + std::unique_ptr ka_timer = make_timer(nm, provider, "key agreements"); - while(ka_timer.under(msec)) + while(ka_timer->under(msec)) { - Botan::SymmetricKey symkey1 = ka_timer.run([&]() { return ka1.derive_key(32, ka2_pub); }); - Botan::SymmetricKey symkey2 = ka_timer.run([&]() { return ka2.derive_key(32, ka1_pub); }); + Botan::SymmetricKey symkey1 = ka_timer->run([&]() { return ka1.derive_key(32, ka2_pub); }); + Botan::SymmetricKey symkey2 = ka_timer->run([&]() { return ka2.derive_key(32, ka1_pub); }); if(symkey1 != symkey2) { @@ -1590,21 +1617,21 @@ class Speed final : public Command Botan::PK_KEM_Decryptor dec(key, rng(), kdf, provider); Botan::PK_KEM_Encryptor enc(key, rng(), kdf, provider); - Timer kem_enc_timer(nm, provider, "KEM encrypt"); - Timer kem_dec_timer(nm, provider, "KEM decrypt"); + std::unique_ptr kem_enc_timer = make_timer(nm, provider, "KEM encrypt"); + std::unique_ptr kem_dec_timer = make_timer(nm, provider, "KEM decrypt"); - while(kem_enc_timer.under(msec) && kem_dec_timer.under(msec)) + while(kem_enc_timer->under(msec) && kem_dec_timer->under(msec)) { Botan::secure_vector encap_key, enc_shared_key; Botan::secure_vector salt = rng().random_vec(16); - kem_enc_timer.start(); + kem_enc_timer->start(); enc.encrypt(encap_key, enc_shared_key, 64, rng(), salt); - kem_enc_timer.stop(); + kem_enc_timer->stop(); - kem_dec_timer.start(); + kem_dec_timer->start(); Botan::secure_vector dec_shared_key = dec.decrypt(encap_key, 64, salt); - kem_dec_timer.stop(); + kem_dec_timer->stop(); if(enc_shared_key != dec_shared_key) { @@ -1626,9 +1653,9 @@ class Speed final : public Command { const std::string nm = grp.empty() ? algo : (algo + "-" + grp); - Timer keygen_timer(nm, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(nm, provider, "keygen"); - std::unique_ptr key(keygen_timer.run([&] + std::unique_ptr key(keygen_timer->run([&] { return Botan::create_private_key(algo, rng(), grp); })); @@ -1649,12 +1676,12 @@ class Speed final : public Command Botan::PK_Signer sig(key, rng(), padding, Botan::IEEE_1363, provider); Botan::PK_Verifier ver(key, padding, Botan::IEEE_1363, provider); - Timer sig_timer(nm + " " + padding, provider, "sign"); - Timer ver_timer(nm + " " + padding, provider, "verify"); + std::unique_ptr sig_timer = make_timer(nm + " " + padding, provider, "sign"); + std::unique_ptr ver_timer = make_timer(nm + " " + padding, provider, "verify"); - while(ver_timer.under(msec) || sig_timer.under(msec)) + while(ver_timer->under(msec) || sig_timer->under(msec)) { - if(signature.empty() || sig_timer.under(msec)) + if(signature.empty() || sig_timer->under(msec)) { /* Length here is kind of arbitrary, but 48 bytes fits into a single @@ -1662,15 +1689,15 @@ class Speed final : public Command */ message = unlock(rng().random_vec(48)); - signature = sig_timer.run([&]() { return sig.sign_message(message, rng()); }); + signature = sig_timer->run([&]() { return sig.sign_message(message, rng()); }); bad_signature = signature; bad_signature[rng().next_byte() % bad_signature.size()] ^= rng().next_nonzero_byte(); } - if(ver_timer.under(msec)) + if(ver_timer->under(msec)) { - const bool verified = ver_timer.run([&] + const bool verified = ver_timer->run([&] { return ver.verify_message(message, signature); }); @@ -1680,7 +1707,7 @@ class Speed final : public Command error_output() << "Correct signature rejected in PK signature bench\n"; } - const bool verified_bad = ver_timer.run([&] + const bool verified_bad = ver_timer->run([&] { return ver.verify_message(message, bad_signature); }); @@ -1705,9 +1732,9 @@ class Speed final : public Command { const std::string nm = "RSA-" + std::to_string(keylen); - Timer keygen_timer(nm, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(nm, provider, "keygen"); - std::unique_ptr key(keygen_timer.run([&] + std::unique_ptr key(keygen_timer->run([&] { return Botan::create_private_key("RSA", rng(), std::to_string(keylen)); })); @@ -1792,9 +1819,9 @@ class Speed final : public Command const std::string params = (bits == 1024) ? "dsa/jce/1024" : ("dsa/botan/" + std::to_string(bits)); - Timer keygen_timer(nm, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(nm, provider, "keygen"); - std::unique_ptr key(keygen_timer.run([&] + std::unique_ptr key(keygen_timer->run([&] { return Botan::create_private_key("DSA", rng(), params); })); @@ -1815,9 +1842,9 @@ class Speed final : public Command const std::string params = "modp/ietf/" + std::to_string(keylen); - Timer keygen_timer(nm, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(nm, provider, "keygen"); - std::unique_ptr key(keygen_timer.run([&] + std::unique_ptr key(keygen_timer->run([&] { return Botan::create_private_key("ElGamal", rng(), params); })); @@ -1879,9 +1906,9 @@ class Speed final : public Command const std::string nm = "McEliece-" + std::to_string(n) + "," + std::to_string(t) + " (WF=" + std::to_string(Botan::mceliece_work_factor(n, t)) + ")"; - Timer keygen_timer(nm, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(nm, provider, "keygen"); - std::unique_ptr key(keygen_timer.run([&] + std::unique_ptr key(keygen_timer->run([&] { return new Botan::McEliece_PrivateKey(rng(), n, t); })); @@ -1907,9 +1934,9 @@ class Speed final : public Command for(std::string params : xmss_params) { - Timer keygen_timer(params, provider, "keygen"); + std::unique_ptr keygen_timer = make_timer(params, provider, "keygen"); - std::unique_ptr key(keygen_timer.run([&] + std::unique_ptr key(keygen_timer->run([&] { return Botan::create_private_key("XMSS", rng(), params); })); @@ -1927,30 +1954,30 @@ class Speed final : public Command { const std::string nm = "NEWHOPE"; - Timer keygen_timer(nm, "", "keygen"); - Timer shareda_timer(nm, "", "shareda"); - Timer sharedb_timer(nm, "", "sharedb"); + std::unique_ptr keygen_timer = make_timer(nm, "", "keygen"); + std::unique_ptr shareda_timer = make_timer(nm, "", "shareda"); + std::unique_ptr sharedb_timer = make_timer(nm, "", "sharedb"); Botan::ChaCha_RNG nh_rng(Botan::secure_vector(32)); - while(sharedb_timer.under(msec)) + while(sharedb_timer->under(msec)) { std::vector send_a(Botan::NEWHOPE_SENDABYTES), send_b(Botan::NEWHOPE_SENDBBYTES); std::vector shared_a(32), shared_b(32); Botan::newhope_poly sk_a; - keygen_timer.start(); + keygen_timer->start(); Botan::newhope_keygen(send_a.data(), &sk_a, nh_rng); - keygen_timer.stop(); + keygen_timer->stop(); - sharedb_timer.start(); + sharedb_timer->start(); Botan::newhope_sharedb(shared_b.data(), send_b.data(), send_a.data(), nh_rng); - sharedb_timer.stop(); + sharedb_timer->stop(); - shareda_timer.start(); + shareda_timer->start(); Botan::newhope_shareda(shared_a.data(), &sk_a, send_b.data()); - shareda_timer.stop(); + shareda_timer->stop(); BOTAN_ASSERT(shared_a == shared_b, "Same derived key"); } From d96477e0c2239ec7a8ef721333be1e2e70e1abef Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 08:01:34 -0500 Subject: [PATCH 0791/1008] Correctly read the POWER cycle counter The upper register can overflow so we need to re-read the upper register to ensure we we not on a boundary. GH #1460 --- src/lib/utils/os_utils.cpp | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index b8c31234a2..7696155439 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -95,16 +95,19 @@ uint64_t OS::get_processor_timestamp() } #elif defined(BOTAN_TARGET_ARCH_IS_PPC64) - uint32_t rtc_low = 0, rtc_high = 0; - asm volatile("mftbu %0; mftb %1" : "=r" (rtc_high), "=r" (rtc_low)); - /* - qemu-ppc seems to not support mftb instr, it always returns zero. - If both time bases are 0, assume broken and return another clock. - */ - if(rtc_high > 0 || rtc_low > 0) + for(;;) { - rtc = (static_cast(rtc_high) << 32) | rtc_low; + uint32_t rtc_low = 0, rtc_high = 0, rtc_high2 = 0; + asm volatile("mftbu %0" : "=r" (rtc_high)); + asm volatile("mftb %0" : "=r" (rtc_low)); + asm volatile("mftbu %0" : "=r" (rtc_high2)); + + if(rtc_high == rtc_high2) + { + rtc = (static_cast(rtc_high) << 32) | rtc_low; + break; + } } #elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) From 29d740f468ca6feb9782d65c675be7f4ced3cedc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 11:16:49 -0500 Subject: [PATCH 0792/1008] Rename threefish module to threefish_512 GH #1477 --- doc/manual/deprecated.rst | 2 +- news.rst | 3 +++ src/build-data/policy/bsi.txt | 4 ++-- src/build-data/policy/modern.txt | 4 ++-- src/build-data/policy/nist.txt | 4 ++-- src/lib/block/block_cipher.cpp | 2 +- .../{threefish => threefish_512}/info.txt | 0 src/lib/block/threefish_512/threefish.h | 19 +++++++++++++++++++ .../threefish_512.cpp} | 2 +- .../threefish_512.h} | 6 +++--- .../threefish_512_avx2}/info.txt | 0 .../threefish_512_avx2}/threefish_avx2.cpp | 2 +- src/lib/hash/skein/info.txt | 2 +- src/lib/hash/skein/skein_512.h | 2 +- 14 files changed, 37 insertions(+), 15 deletions(-) rename src/lib/block/{threefish => threefish_512}/info.txt (100%) create mode 100644 src/lib/block/threefish_512/threefish.h rename src/lib/block/{threefish/threefish.cpp => threefish_512/threefish_512.cpp} (99%) rename src/lib/block/{threefish/threefish.h => threefish_512/threefish_512.h} (95%) rename src/lib/block/{threefish/threefish_avx2 => threefish_512/threefish_512_avx2}/info.txt (100%) rename src/lib/block/{threefish/threefish_avx2 => threefish_512/threefish_512_avx2}/threefish_avx2.cpp (99%) diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 0d46e40784..05e83e4ed1 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -12,7 +12,7 @@ in the source. - Directly accessing the member variables of types calendar_point, ASN1_Attribute, AlgorithmIdentifier, and BER_Object -- The headers ``botan.h``, ``init.h``, ``lookup.h`` +- The headers ``botan.h``, ``init.h``, ``lookup.h``, ``threefish.h`` - All or nothing package transform (``package.h``) diff --git a/news.rst b/news.rst index c0865042f0..4bf0687ce0 100644 --- a/news.rst +++ b/news.rst @@ -66,6 +66,9 @@ Version 2.5.0, Not Yet Released * Use feature flags to enable/disable system specific code (GH #1378) +* The threefish module has been renamed threefish_512 since that is the + algorithm it provides. (GH #1477) + * The Perl XS based wrapper has been removed, as it was unmaintained and broken. (GH #1412) diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt index b02b82f84d..4626ade846 100644 --- a/src/build-data/policy/bsi.txt +++ b/src/build-data/policy/bsi.txt @@ -103,8 +103,8 @@ shacal2 shacal2_x86 shacal2_simd sm4 -threefish -threefish_avx2 +threefish_512 +threefish_512_avx2 twofish xtea diff --git a/src/build-data/policy/modern.txt b/src/build-data/policy/modern.txt index 212d06b1b6..2c3335af6e 100644 --- a/src/build-data/policy/modern.txt +++ b/src/build-data/policy/modern.txt @@ -1,7 +1,7 @@ aes serpent -threefish +threefish_512 chacha sha2_32 @@ -61,7 +61,7 @@ http_util # needed by x509 for OCSP online checks aes_ni aes_ssse3 serpent_simd -threefish_avx2 +threefish_512_avx2 chacha_sse2 sha1_sse2 diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt index b253ac9820..1bc2c752df 100644 --- a/src/build-data/policy/nist.txt +++ b/src/build-data/policy/nist.txt @@ -106,8 +106,8 @@ sm4 shacal2 shacal2_x86 shacal2_simd -threefish -threefish_avx2 +threefish_512 +threefish_512_avx2 twofish xtea diff --git a/src/lib/block/block_cipher.cpp b/src/lib/block/block_cipher.cpp index 8be2de6640..544cbbc36d 100644 --- a/src/lib/block/block_cipher.cpp +++ b/src/lib/block/block_cipher.cpp @@ -86,7 +86,7 @@ #endif #if defined(BOTAN_HAS_THREEFISH_512) - #include + #include #endif #if defined(BOTAN_HAS_XTEA) diff --git a/src/lib/block/threefish/info.txt b/src/lib/block/threefish_512/info.txt similarity index 100% rename from src/lib/block/threefish/info.txt rename to src/lib/block/threefish_512/info.txt diff --git a/src/lib/block/threefish_512/threefish.h b/src/lib/block/threefish_512/threefish.h new file mode 100644 index 0000000000..2c2a2750f4 --- /dev/null +++ b/src/lib/block/threefish_512/threefish.h @@ -0,0 +1,19 @@ +/* +* Threefish +* (C) 2013,2014 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_THREEFISH_H_ +#define BOTAN_THREEFISH_H_ + +#if defined(__GNUC__) + #warning "botan/threefish.h is deprecated" +#elif defined(_MSC_VER) + #pragma message ("botan/threefish.h is deprecated") +#endif + +#include + +#endif diff --git a/src/lib/block/threefish/threefish.cpp b/src/lib/block/threefish_512/threefish_512.cpp similarity index 99% rename from src/lib/block/threefish/threefish.cpp rename to src/lib/block/threefish_512/threefish_512.cpp index 60f793d64c..0e6ba8889e 100644 --- a/src/lib/block/threefish/threefish.cpp +++ b/src/lib/block/threefish_512/threefish_512.cpp @@ -5,7 +5,7 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include +#include #include #include diff --git a/src/lib/block/threefish/threefish.h b/src/lib/block/threefish_512/threefish_512.h similarity index 95% rename from src/lib/block/threefish/threefish.h rename to src/lib/block/threefish_512/threefish_512.h index 6b87c3eb28..24f15190cf 100644 --- a/src/lib/block/threefish/threefish.h +++ b/src/lib/block/threefish_512/threefish_512.h @@ -1,12 +1,12 @@ /* -* Threefish +* Threefish-512 * (C) 2013,2014 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_THREEFISH_H_ -#define BOTAN_THREEFISH_H_ +#ifndef BOTAN_THREEFISH_512_H_ +#define BOTAN_THREEFISH_512_H_ #include diff --git a/src/lib/block/threefish/threefish_avx2/info.txt b/src/lib/block/threefish_512/threefish_512_avx2/info.txt similarity index 100% rename from src/lib/block/threefish/threefish_avx2/info.txt rename to src/lib/block/threefish_512/threefish_512_avx2/info.txt diff --git a/src/lib/block/threefish/threefish_avx2/threefish_avx2.cpp b/src/lib/block/threefish_512/threefish_512_avx2/threefish_avx2.cpp similarity index 99% rename from src/lib/block/threefish/threefish_avx2/threefish_avx2.cpp rename to src/lib/block/threefish_512/threefish_512_avx2/threefish_avx2.cpp index b8e2320ae9..26dc400956 100644 --- a/src/lib/block/threefish/threefish_avx2/threefish_avx2.cpp +++ b/src/lib/block/threefish_512/threefish_512_avx2/threefish_avx2.cpp @@ -5,7 +5,7 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include +#include #include namespace Botan { diff --git a/src/lib/hash/skein/info.txt b/src/lib/hash/skein/info.txt index 3de41289a2..3445c376fe 100644 --- a/src/lib/hash/skein/info.txt +++ b/src/lib/hash/skein/info.txt @@ -3,5 +3,5 @@ SKEIN_512 -> 20131128 -threefish +threefish_512 diff --git a/src/lib/hash/skein/skein_512.h b/src/lib/hash/skein/skein_512.h index a602b4b5e9..8bf6e3e7a1 100644 --- a/src/lib/hash/skein/skein_512.h +++ b/src/lib/hash/skein/skein_512.h @@ -9,7 +9,7 @@ #define BOTAN_SKEIN_512_H_ #include -#include +#include #include #include From 0c30178c88513320ec2e515a5ae2f2748c45844b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 14:18:53 -0500 Subject: [PATCH 0793/1008] Support 1024-bit inputs in poly_double function GH #1477 --- src/lib/utils/poly_dbl/poly_dbl.cpp | 48 +++++++++++++++++++++-------- src/lib/utils/poly_dbl/poly_dbl.h | 2 +- 2 files changed, 36 insertions(+), 14 deletions(-) diff --git a/src/lib/utils/poly_dbl/poly_dbl.cpp b/src/lib/utils/poly_dbl/poly_dbl.cpp index 2b989db57f..62c7695daa 100644 --- a/src/lib/utils/poly_dbl/poly_dbl.cpp +++ b/src/lib/utils/poly_dbl/poly_dbl.cpp @@ -1,5 +1,5 @@ /* -* (C) 2017 Jack Lloyd +* (C) 2017,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -12,12 +12,28 @@ namespace Botan { namespace { -template +/* +* The minimum weight irreducible binary polynomial of size n +* +* See http://www.hpl.hp.com/techreports/98/HPL-98-135.pdf +*/ +enum class MinWeightPolynomial : uint64_t { + P64 = 0x1B, + P128 = 0x87, + P192 = 0x87, + P256 = 0x425, + P512 = 0x125, + P1024 = 0x80043, +}; + +template void poly_double(uint8_t out[], const uint8_t in[]) { uint64_t W[LIMBS]; load_be(W, in, LIMBS); + const uint64_t POLY = static_cast(P); + const uint64_t carry = POLY * (W[0] >> 63); for(size_t i = 0; i != LIMBS - 1; ++i) W[i] = (W[i] << 1) ^ (W[i+1] >> 63); @@ -26,12 +42,14 @@ void poly_double(uint8_t out[], const uint8_t in[]) copy_out_be(out, LIMBS*8, W); } -template +template void poly_double_le(uint8_t out[], const uint8_t in[]) { uint64_t W[LIMBS]; load_le(W, in, LIMBS); + const uint64_t POLY = static_cast(P); + const uint64_t carry = POLY * (W[LIMBS-1] >> 63); for(size_t i = 0; i != LIMBS - 1; ++i) W[LIMBS-1-i] = (W[LIMBS-1-i] << 1) ^ (W[LIMBS-2-i] >> 63); @@ -47,15 +65,17 @@ void poly_double_n(uint8_t out[], const uint8_t in[], size_t n) switch(n) { case 8: - return poly_double<1, 0x1B>(out, in); + return poly_double<1, MinWeightPolynomial::P64>(out, in); case 16: - return poly_double<2, 0x87>(out, in); + return poly_double<2, MinWeightPolynomial::P128>(out, in); case 24: - return poly_double<3, 0x87>(out, in); + return poly_double<3, MinWeightPolynomial::P192>(out, in); case 32: - return poly_double<4, 0x425>(out, in); + return poly_double<4, MinWeightPolynomial::P256>(out, in); case 64: - return poly_double<8, 0x125>(out, in); + return poly_double<8, MinWeightPolynomial::P512>(out, in); + case 128: + return poly_double<8, MinWeightPolynomial::P1024>(out, in); default: throw Invalid_Argument("Unsupported size for poly_double_n"); } @@ -66,15 +86,17 @@ void poly_double_n_le(uint8_t out[], const uint8_t in[], size_t n) switch(n) { case 8: - return poly_double_le<1, 0x1B>(out, in); + return poly_double_le<1, MinWeightPolynomial::P64>(out, in); case 16: - return poly_double_le<2, 0x87>(out, in); + return poly_double_le<2, MinWeightPolynomial::P128>(out, in); case 24: - return poly_double_le<3, 0x87>(out, in); + return poly_double_le<3, MinWeightPolynomial::P192>(out, in); case 32: - return poly_double_le<4, 0x425>(out, in); + return poly_double_le<4, MinWeightPolynomial::P256>(out, in); case 64: - return poly_double_le<8, 0x125>(out, in); + return poly_double_le<8, MinWeightPolynomial::P512>(out, in); + case 128: + return poly_double_le<8, MinWeightPolynomial::P1024>(out, in); default: throw Invalid_Argument("Unsupported size for poly_double_n_le"); } diff --git a/src/lib/utils/poly_dbl/poly_dbl.h b/src/lib/utils/poly_dbl/poly_dbl.h index 8f9c0d3aa1..931b4873ed 100644 --- a/src/lib/utils/poly_dbl/poly_dbl.h +++ b/src/lib/utils/poly_dbl/poly_dbl.h @@ -21,7 +21,7 @@ void BOTAN_PUBLIC_API(2,3) poly_double_n(uint8_t out[], const uint8_t in[], size */ inline bool poly_double_supported_size(size_t n) { - return (n == 8 || n == 16 || n == 24 || n == 32 || n == 64); + return (n == 8 || n == 16 || n == 24 || n == 32 || n == 64 || n == 128); } inline void poly_double_n(uint8_t buf[], size_t n) From 7cf75ca96b13ab9364cb39e5fc28bd2779f1e159 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 15:40:20 -0500 Subject: [PATCH 0794/1008] Increase sample count in random_integer Chi-square test --- src/tests/test_bigint.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_bigint.cpp b/src/tests/test_bigint.cpp index b095c8a6aa..9e3d718741 100644 --- a/src/tests/test_bigint.cpp +++ b/src/tests/test_bigint.cpp @@ -139,7 +139,7 @@ class BigInt_Unit_Tests final : public Test result.start_timer(); - const size_t SAMPLES = 50000; + const size_t SAMPLES = 500000; const uint64_t range_min = 0; const uint64_t range_max = 100; From 3dbffe6512e59e5ae6b4bfe4f265200054ed2471 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 15:49:14 -0500 Subject: [PATCH 0795/1008] Add longer test vector of Parallel hash --- src/tests/data/hash/parallel.vec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/data/hash/parallel.vec b/src/tests/data/hash/parallel.vec index 537e4941e7..c9943fbe94 100644 --- a/src/tests/data/hash/parallel.vec +++ b/src/tests/data/hash/parallel.vec @@ -10,3 +10,5 @@ Out = 0CC175B9C0F1B6A831C399E26977266186F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8 In = Out = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E +In = 6D65737361676520646967657374 +Out = F7846F55CF23E14EEBEAB5B4E1550CAD5B509E3348FBC4EFA3A1413D393CB650107DBF389D9E9F71A3A95F6C055B9251BC5268C2BE16D6C13492EA45B0199F3309E16455AB1E96118E8A905D5597B72038DDB372A89826046DE66687BB420E7C From 499afa8646d8e52411e35c0fbc4467a8a21b0f12 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 16:10:55 -0500 Subject: [PATCH 0796/1008] Add longer tests for SHA-224 and SHA-512-256 --- src/tests/data/hash/sha2_32.vec | 3 +++ src/tests/data/hash/sha2_64.vec | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/src/tests/data/hash/sha2_32.vec b/src/tests/data/hash/sha2_32.vec index 602891ea14..3ff472e898 100644 --- a/src/tests/data/hash/sha2_32.vec +++ b/src/tests/data/hash/sha2_32.vec @@ -7,6 +7,9 @@ Out = D14A028C2A3A2BC9476102BB288234C415A2B01F828EA62AC5B3E42F In = 61 Out = ABD37534C7D9A2EFB9465DE931CD7055FFDB8879563AE98078D6D6D5 +In = 6D65737361676520646967657374 +Out = 2CB21C83AE2F004DE7E81C3C7019CBCB65B71AB656B22D6D0C39B8EB + [SHA-256] In = Out = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 diff --git a/src/tests/data/hash/sha2_64.vec b/src/tests/data/hash/sha2_64.vec index e8d44e990a..5498201eca 100644 --- a/src/tests/data/hash/sha2_64.vec +++ b/src/tests/data/hash/sha2_64.vec @@ -46,3 +46,7 @@ Out = 72EC1EF1124A45B047E8B7C75A932195135BB61DE24EC0D1914042246E0AEC3A2354E093D7 In = Out = C672B8D1EF56ED28AB87C3622C5114069BDD3AD7B8F9737498D0C01ECEF0967A + +In = 6D65737361676520646967657374 +Out = 0CF471FD17ED69D990DAF3433C89B16D63DEC1BB9CB42A6094604EE5D7B4E9FB + From 5c8552b596c8ead5495625c4c276a23b6a15ff3a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 16:12:58 -0500 Subject: [PATCH 0797/1008] Add test that invalid hash function param strings cause errors --- src/tests/test_hash.cpp | 55 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/src/tests/test_hash.cpp b/src/tests/test_hash.cpp index 0424e94f3b..f97efe2492 100644 --- a/src/tests/test_hash.cpp +++ b/src/tests/test_hash.cpp @@ -1,5 +1,5 @@ /* -* (C) 2014,2015 Jack Lloyd +* (C) 2014,2015,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -16,6 +16,59 @@ namespace Botan_Tests { namespace { +class Invalid_Hash_Name_Tests final : public Test + { + public: + std::vector run() override + { + Test::Result result("Invalid HashFunction names"); + test_invalid_name(result, "NonExistentHash"); + test_invalid_name(result, "Blake2b(9)", "Bad output bits size for Blake2b"); + test_invalid_name(result, "Comb4P(MD5,MD5)", "Comb4P: Must use two distinct hashes"); + test_invalid_name(result, "Comb4P(MD5,SHA-1)", "Comb4P: Incompatible hashes MD5 and SHA-160"); + test_invalid_name(result, "Tiger(168)", "Tiger: Illegal hash output size: 168"); + test_invalid_name(result, "Tiger(20,2)", "Tiger: Invalid number of passes: 2"); + test_invalid_name(result, "Keccak-1600(160)", "Keccak_1600: Invalid output length 160"); + test_invalid_name(result, "SHA-3(160)", "SHA_3: Invalid output length 160"); + + return {result}; + } + + private: + void test_invalid_name(Result& result, + const std::string& name, + const std::string& expected_msg = "") const + { + try + { + auto hash = Botan::HashFunction::create_or_throw(name); + result.test_failure("Was successfully able to create " + name); + } + catch(Botan::Invalid_Argument& e) + { + const std::string msg = e.what(); + const std::string full_msg = "Invalid argument " + expected_msg; + result.test_eq("expected error message", msg, full_msg); + } + catch(Botan::Lookup_Error& e) + { + const std::string algo_not_found_msg = "Unavailable Hash " + name; + const std::string msg = e.what(); + result.test_eq("expected error message", msg, algo_not_found_msg); + } + catch(std::exception& e) + { + result.test_failure("some unknown exception", e.what()); + } + catch(...) + { + result.test_failure("some unknown exception"); + } + } + }; + +BOTAN_REGISTER_TEST("invalid_name_hash", Invalid_Hash_Name_Tests); + class Hash_Function_Tests final : public Text_Based_Test { public: From 7d5114aeb6431eac7deeffa29c25fdaa4b03f8d2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 16:23:35 -0500 Subject: [PATCH 0798/1008] Slight improvements in filter test coverage --- src/lib/filters/algo_filt.cpp | 9 +++------ src/tests/test_filters.cpp | 27 +++++++++++++++++++++++---- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/src/lib/filters/algo_filt.cpp b/src/lib/filters/algo_filt.cpp index 721f3a4716..c944b72e5b 100644 --- a/src/lib/filters/algo_filt.cpp +++ b/src/lib/filters/algo_filt.cpp @@ -19,8 +19,7 @@ StreamCipher_Filter::StreamCipher_Filter(StreamCipher* cipher) : } StreamCipher_Filter::StreamCipher_Filter(StreamCipher* cipher, const SymmetricKey& key) : - m_buffer(BOTAN_DEFAULT_BUFFER_SIZE), - m_cipher(cipher) + StreamCipher_Filter(cipher) { m_cipher->set_key(key); } @@ -32,8 +31,7 @@ StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name) : } StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name, const SymmetricKey& key) : - m_buffer(BOTAN_DEFAULT_BUFFER_SIZE), - m_cipher(StreamCipher::create_or_throw(sc_name)) + StreamCipher_Filter(sc_name) { m_cipher->set_key(key); } @@ -79,8 +77,7 @@ MAC_Filter::MAC_Filter(const std::string& mac_name, size_t len) : } MAC_Filter::MAC_Filter(const std::string& mac_name, const SymmetricKey& key, size_t len) : - m_mac(MessageAuthenticationCode::create_or_throw(mac_name)), - m_out_len(len) + MAC_Filter(mac_name, len) { m_mac->set_key(key); } diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index 536019d85f..c1bcf36031 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -275,7 +275,16 @@ class Filter_Tests final : public Test #if defined(BOTAN_HAS_CODEC_FILTERS) && defined(BOTAN_HAS_HMAC) && defined(BOTAN_HAS_SHA2_32) const Botan::SymmetricKey key("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); - Botan::Pipe pipe(new Botan::MAC_Filter("HMAC(SHA-256)", key, 12), + + Botan::Keyed_Filter* mac_filter = new Botan::MAC_Filter("HMAC(SHA-256)", key, 12); + + mac_filter->set_iv(Botan::InitializationVector()); // ignored + + result.test_throws("Keyed_Filter::set_iv throws if not implemented", + "Invalid argument IV length 1 is invalid for HMAC(SHA-256)", + [mac_filter]() { mac_filter->set_iv(Botan::InitializationVector("AA")); }); + + Botan::Pipe pipe(mac_filter, new Botan::Base64_Encoder); pipe.process_msg("Hi"); @@ -666,10 +675,20 @@ class Filter_Tests final : public Test Test::Result result("Filter Chain"); #if defined(BOTAN_HAS_CODEC_FILTERS) && defined(BOTAN_HAS_SHA2_32) && defined(BOTAN_HAS_SHA2_64) + + Botan::Filter* filters[2] = { + new Botan::Hash_Filter("SHA-256"), + new Botan::Hex_Encoder + }; + + std::unique_ptr chain(new Botan::Chain(filters, 2)); + + result.test_eq("Chain has a name", chain->name(), "Chain"); + std::unique_ptr fork( new Botan::Fork( - new Botan::Chain(new Botan::Hash_Filter("SHA-256"), new Botan::Hex_Encoder), - new Botan::Chain(new Botan::Hash_Filter("SHA-512-256"), new Botan::Hex_Encoder) + chain.release(), + new Botan::Chain(new Botan::Hash_Filter("SHA-512-256", 19), new Botan::Hex_Encoder) )); result.test_eq("Fork has a name", fork->name(), "Fork"); @@ -682,7 +701,7 @@ class Filter_Tests final : public Test result.test_eq("Hash 1", pipe.read_all_as_string(0), "C00862D1C6C1CF7C1B49388306E7B3C1BB79D8D6EC978B41035B556DBB3797DF"); result.test_eq("Hash 2", pipe.read_all_as_string(1), - "610480FFA82F24F6926544B976FE387878E3D973C03DFD591C2E9896EFB903E0"); + "610480FFA82F24F6926544B976FE387878E3D9"); #endif return result; From 34aa3778a0f426fb7487c62049570d504e447c2f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 6 Mar 2018 16:33:32 -0500 Subject: [PATCH 0799/1008] Fix test if OpenSSL provider enabled. OpenSSL hash object just reflects the arg vs Botan object which calls it SHA-160. Avoid the confusion by using SHA-256 instead. --- src/tests/test_hash.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_hash.cpp b/src/tests/test_hash.cpp index f97efe2492..009d93ea15 100644 --- a/src/tests/test_hash.cpp +++ b/src/tests/test_hash.cpp @@ -25,7 +25,7 @@ class Invalid_Hash_Name_Tests final : public Test test_invalid_name(result, "NonExistentHash"); test_invalid_name(result, "Blake2b(9)", "Bad output bits size for Blake2b"); test_invalid_name(result, "Comb4P(MD5,MD5)", "Comb4P: Must use two distinct hashes"); - test_invalid_name(result, "Comb4P(MD5,SHA-1)", "Comb4P: Incompatible hashes MD5 and SHA-160"); + test_invalid_name(result, "Comb4P(MD5,SHA-256)", "Comb4P: Incompatible hashes MD5 and SHA-256"); test_invalid_name(result, "Tiger(168)", "Tiger: Illegal hash output size: 168"); test_invalid_name(result, "Tiger(20,2)", "Tiger: Invalid number of passes: 2"); test_invalid_name(result, "Keccak-1600(160)", "Keccak_1600: Invalid output length 160"); From 300cc7e5523396bae65f61485406a0bf392d8320 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 07:21:43 -0500 Subject: [PATCH 0800/1008] Add mixed (J+A) point addition, new scalar mul for base points Adds PointGFp::force_affine(), ::add_affine(), and ::is_affine() Use a (very simple) technique for base point precomputations. Stick with fixed window for variable point inputs. Scalar blinding is now always enabled --- src/build-data/buildh.in | 6 - src/cli/speed.cpp | 23 ++-- src/fuzzer/ecc_helper.h | 40 ++++--- src/lib/pubkey/ec_group/curve_gfp.cpp | 42 +++++-- src/lib/pubkey/ec_group/curve_gfp.h | 11 ++ src/lib/pubkey/ec_group/ec_group.cpp | 24 ++-- src/lib/pubkey/ec_group/ec_group.h | 13 +++ src/lib/pubkey/ec_group/info.txt | 10 ++ src/lib/pubkey/ec_group/point_gfp.cpp | 160 ++++++++++++++++++++++++-- src/lib/pubkey/ec_group/point_gfp.h | 77 ++++--------- src/lib/pubkey/ec_group/point_mul.cpp | 131 ++++++++++++++------- src/lib/pubkey/ec_group/point_mul.h | 47 ++++++++ src/lib/pubkey/ecdh/ecdh.cpp | 5 +- src/lib/pubkey/ecies/ecies.cpp | 5 +- src/lib/pubkey/sm2/sm2_enc.cpp | 14 +-- src/tests/unit_ecc.cpp | 26 +++-- 16 files changed, 460 insertions(+), 174 deletions(-) create mode 100644 src/lib/pubkey/ec_group/point_mul.h diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 06ae5b5984..fcdd8e6d6e 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -123,12 +123,6 @@ */ #define BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO 1 -/* -* If enabled the ECC implementation will use scalar blinding with order.bits()/2 -* bit long masks. -*/ -#define BOTAN_POINTGFP_USE_SCALAR_BLINDING 1 - /* * Set number of bits used to generate mask for blinding the * representation of an ECC point. Set to zero to disable this diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 209e8d68ad..42cb10ca61 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1258,28 +1258,35 @@ class Speed final : public Command { const Botan::EC_Group group(group_name); - std::unique_ptr mult_timer = make_timer(group_name + " scalar mult"); - std::unique_ptr blinded_mult_timer = make_timer(group_name + " blinded scalar mult"); + std::unique_ptr mult_timer = make_timer(group_name + " Montgomery ladder"); + std::unique_ptr blinded_mult_timer = make_timer(group_name + " blinded comb"); + std::unique_ptr blinded_var_mult_timer = make_timer(group_name + " blinded window"); - const Botan::BigInt scalar(rng(), group.get_p_bits()); const Botan::PointGFp& base_point = group.get_base_point(); - const Botan::PointGFp_Blinded_Multiplier scalar_mult(base_point); - std::vector ws; - while(blinded_mult_timer->under(runtime)) + while(mult_timer->under(runtime) && + blinded_mult_timer->under(runtime) && + blinded_var_mult_timer->under(runtime)) { + const Botan::BigInt scalar(rng(), group.get_p_bits()); + const Botan::PointGFp r1 = mult_timer->run([&]() { return base_point * scalar; }); const Botan::PointGFp r2 = blinded_mult_timer->run( - [&]() { return scalar_mult.mul(scalar, group.get_order(), rng(), ws); }); + [&]() { return group.blinded_base_point_multiply(scalar, rng(), ws); }); + + const Botan::PointGFp r3 = blinded_var_mult_timer->run( + [&]() { return group.blinded_var_point_multiply(base_point, scalar, rng(), ws); }); - BOTAN_ASSERT_EQUAL(r1, r2, "Same point computed by both methods"); + BOTAN_ASSERT_EQUAL(r1, r2, "Same point computed by Montgomery and comb"); + BOTAN_ASSERT_EQUAL(r1, r3, "Same point computed by Montgomery and window"); } record_result(mult_timer); record_result(blinded_mult_timer); + record_result(blinded_var_mult_timer); } } diff --git a/src/fuzzer/ecc_helper.h b/src/fuzzer/ecc_helper.h index cd0ef0ac9d..ce0f569885 100644 --- a/src/fuzzer/ecc_helper.h +++ b/src/fuzzer/ecc_helper.h @@ -24,35 +24,45 @@ void check_ecc_math(const Botan::EC_Group& group, { // These depend only on the group, which is also static static const Botan::PointGFp base_point = group.get_base_point(); - static Botan::PointGFp_Blinded_Multiplier blind(base_point); // This is shared across runs to reduce overhead - static std::vector ws(10); + static std::vector ws(Botan::PointGFp::WORKSPACE_SIZE); const size_t hlen = len / 2; const Botan::BigInt a = Botan::BigInt::decode(in, hlen); const Botan::BigInt b = Botan::BigInt::decode(in + hlen, len - hlen); - const Botan::BigInt c = a + b; - const Botan::PointGFp P = base_point * a; - const Botan::PointGFp Q = base_point * b; - const Botan::PointGFp R = base_point * c; + const Botan::PointGFp P1 = base_point * a; + const Botan::PointGFp Q1 = base_point * b; + const Botan::PointGFp R1 = base_point * c; - const Botan::PointGFp A1 = P + Q; - const Botan::PointGFp A2 = Q + P; + const Botan::PointGFp S1 = P1 + Q1; + const Botan::PointGFp T1 = Q1 + P1; - FUZZER_ASSERT_EQUAL(A1, A2); + FUZZER_ASSERT_EQUAL(S1, R1); + FUZZER_ASSERT_EQUAL(T1, R1); - const Botan::PointGFp P1 = blind.mul(a, group.get_order(), fuzzer_rng(), ws); - const Botan::PointGFp Q1 = blind.mul(b, group.get_order(), fuzzer_rng(), ws); - const Botan::PointGFp R1 = blind.mul(c, group.get_order(), fuzzer_rng(), ws); + const Botan::PointGFp P2 = group.blinded_base_point_multiply(a, fuzzer_rng(), ws); + const Botan::PointGFp Q2 = group.blinded_base_point_multiply(b, fuzzer_rng(), ws); + const Botan::PointGFp R2 = group.blinded_base_point_multiply(c, fuzzer_rng(), ws); + const Botan::PointGFp S2 = P2 + Q2; + const Botan::PointGFp T2 = Q2 + P2; - const Botan::PointGFp S1 = P1 + Q1; - const Botan::PointGFp S2 = Q1 + P1; + FUZZER_ASSERT_EQUAL(S2, R2); + FUZZER_ASSERT_EQUAL(T2, R2); + + const Botan::PointGFp P3 = group.blinded_var_point_multiply(base_point, a, fuzzer_rng(), ws); + const Botan::PointGFp Q3 = group.blinded_var_point_multiply(base_point, b, fuzzer_rng(), ws); + const Botan::PointGFp R3 = group.blinded_var_point_multiply(base_point, c, fuzzer_rng(), ws); + const Botan::PointGFp S3 = P3 + Q3; + const Botan::PointGFp T3 = Q3 + P3; + + FUZZER_ASSERT_EQUAL(S3, R3); + FUZZER_ASSERT_EQUAL(T3, R3); FUZZER_ASSERT_EQUAL(S1, S2); - FUZZER_ASSERT_EQUAL(S1, A1); + FUZZER_ASSERT_EQUAL(S1, S3); } } diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index 216f2a894b..e17812ca4d 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -25,13 +25,15 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr m_p_words(m_p.sig_words()), m_p_dash(monty_inverse(m_p.word_at(0))) { - const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS); - Modular_Reducer mod_p(m_p); - m_r2 = mod_p.square(r); - m_a_r = mod_p.multiply(r, m_a); - m_b_r = mod_p.multiply(r, m_b); + m_r.set_bit(m_p_words * BOTAN_MP_WORD_BITS); + m_r = mod_p.reduce(m_r); + + m_r2 = mod_p.square(m_r); + m_r3 = mod_p.multiply(m_r, m_r2); + m_a_r = mod_p.multiply(m_r, m_a); + m_b_r = mod_p.multiply(m_r, m_b); } const BigInt& get_a() const override { return m_a; } @@ -44,8 +46,12 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr const BigInt& get_b_rep() const override { return m_b_r; } + bool is_one(const BigInt& x) const override { return x == m_r; } + size_t get_p_words() const override { return m_p_words; } + BigInt invert_element(const BigInt& x, secure_vector& ws) const override; + void to_curve_rep(BigInt& x, secure_vector& ws) const override; void from_curve_rep(BigInt& x, secure_vector& ws) const override; @@ -56,14 +62,25 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr void curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const override; private: - BigInt m_p, m_a, m_b; + BigInt m_p; + BigInt m_a, m_b; + BigInt m_a_r, m_b_r; size_t m_p_words; // cache of m_p.sig_words() // Montgomery parameters - BigInt m_r2, m_a_r, m_b_r; + BigInt m_r, m_r2, m_r3; word m_p_dash; }; +BigInt CurveGFp_Montgomery::invert_element(const BigInt& x, secure_vector& ws) const + { + // Should we use Montgomery inverse instead? + const BigInt inv = inverse_mod(x, m_p); + BigInt res; + curve_mul(res, inv, m_r3, ws); + return res; + } + void CurveGFp_Montgomery::to_curve_rep(BigInt& x, secure_vector& ws) const { const BigInt tx = x; @@ -149,12 +166,16 @@ class CurveGFp_NIST : public CurveGFp_Repr const BigInt& get_b_rep() const override { return m_b; } + bool is_one(const BigInt& x) const override { return x == 1; } + void to_curve_rep(BigInt& x, secure_vector& ws) const override { redc(x, ws); } void from_curve_rep(BigInt& x, secure_vector& ws) const override { redc(x, ws); } + BigInt invert_element(const BigInt& x, secure_vector& ws) const override; + void curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const override; @@ -168,6 +189,13 @@ class CurveGFp_NIST : public CurveGFp_Repr size_t m_p_words; // cache of m_p.sig_words() }; + +BigInt CurveGFp_NIST::invert_element(const BigInt& x, secure_vector& ws) const + { + BOTAN_UNUSED(ws); + return inverse_mod(x, get_p()); + } + void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index 60e1a485dd..d9649474bf 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -26,6 +26,8 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr virtual size_t get_p_words() const = 0; + virtual bool is_one(const BigInt& x) const = 0; + /* * Returns to_curve_rep(get_a()) */ @@ -36,6 +38,8 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr */ virtual const BigInt& get_b_rep() const = 0; + virtual BigInt invert_element(const BigInt& x, secure_vector& ws) const = 0; + virtual void to_curve_rep(BigInt& x, secure_vector& ws) const = 0; virtual void from_curve_rep(BigInt& x, secure_vector& ws) const = 0; @@ -96,6 +100,13 @@ class BOTAN_UNSTABLE_API CurveGFp final const BigInt& get_b_rep() const { return m_repr->get_b_rep(); } + bool is_one(const BigInt& x) const { return m_repr->is_one(x); } + + BigInt invert_element(const BigInt& x, secure_vector& ws) const + { + return m_repr->invert_element(x, ws); + } + void to_rep(BigInt& x, secure_vector& ws) const { m_repr->to_curve_rep(x, ws); diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 9da1cd81fd..723a4148e7 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -9,6 +9,7 @@ */ #include +#include #include #include #include @@ -17,10 +18,6 @@ #include #include -#if defined(BOTAN_HAS_SYSTEM_RNG) - #include -#endif - namespace Botan { class EC_Group_Data final @@ -42,15 +39,12 @@ class EC_Group_Data final m_order(order), m_cofactor(cofactor), m_mod_order(order), - m_base_mult(m_base_point, 5), + m_base_mult(m_base_point), m_oid(oid), m_p_bits(p.bits()), m_order_bits(order.bits()), m_a_is_minus_3(a == p - 3) { -#if defined(BOTAN_HAS_SYSTEM_RNG) - m_base_mult.randomize(system_rng()); -#endif } bool match(const BigInt& p, const BigInt& a, const BigInt& b, @@ -97,7 +91,7 @@ class EC_Group_Data final RandomNumberGenerator& rng, std::vector& ws) const { - return m_base_mult.mul(k, m_order, rng, ws); + return m_base_mult.mul(k, rng, m_order, ws); } private: @@ -109,7 +103,7 @@ class EC_Group_Data final BigInt m_order; BigInt m_cofactor; Modular_Reducer m_mod_order; - PointGFp_Blinded_Multiplier m_base_mult; + PointGFp_Base_Point_Precompute m_base_mult; OID m_oid; size_t m_p_bits; size_t m_order_bits; @@ -489,6 +483,16 @@ PointGFp EC_Group::blinded_base_point_multiply(const BigInt& k, return data().blinded_base_point_multiply(k, rng, ws); } +PointGFp EC_Group::blinded_var_point_multiply(const PointGFp& point, + const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const + { + PointGFp_Var_Point_Precompute mul(point); + mul.randomize_repr(rng); + return mul.mul(k, rng, get_order(), ws); + } + PointGFp EC_Group::zero_point() const { return PointGFp(data().curve()); diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 938059fc42..8238c2902e 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -246,6 +246,19 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final RandomNumberGenerator& rng, std::vector& ws) const; + /** + * Blinded point multiplication, attempts resistance to side channels + * @param point input point + * @param k the scalar + * @param rng a random number generator + * @param ws a temp workspace + * @return point*k + */ + PointGFp blinded_var_point_multiply(const PointGFp& point, + const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const; + /** * Return the zero (or infinite) point on this curve */ diff --git a/src/lib/pubkey/ec_group/info.txt b/src/lib/pubkey/ec_group/info.txt index a0d0253793..e382e25a5e 100644 --- a/src/lib/pubkey/ec_group/info.txt +++ b/src/lib/pubkey/ec_group/info.txt @@ -8,3 +8,13 @@ asn1 numbertheory pem + + +point_mul.h + + + +curve_gfp.h +ec_group.h +point_gfp.h + diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index da8b292f42..7968d2dcdd 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -63,9 +63,113 @@ void PointGFp::randomize_repr(RandomNumberGenerator& rng) } } +void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) + { + if(rhs.is_zero()) + return; + + if(is_zero()) + { + m_coord_x = rhs.m_coord_x; + m_coord_y = rhs.m_coord_y; + m_coord_z = rhs.m_coord_z; + return; + } + + BOTAN_ASSERT(rhs.is_affine(), "PointGFp::add_affine requires arg be affine point"); + + /* + https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 + simplified with Z2 = 1 + */ + + const BigInt& p = m_curve.get_p(); + + const size_t cap_size = 2*m_curve.get_p_words() + 2; + + BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); + + for(size_t i = 0; i != ws_bn.size(); ++i) + ws_bn[i].ensure_capacity(cap_size); + + secure_vector& ws = ws_bn[0].get_word_vector(); + + BigInt& T0 = ws_bn[1]; + BigInt& T1 = ws_bn[2]; + BigInt& T2 = ws_bn[3]; + BigInt& T3 = ws_bn[4]; + BigInt& T4 = ws_bn[5]; + + /* + https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 + */ + + m_curve.sqr(T3, m_coord_z, ws); // z1^2 + m_curve.mul(T4, rhs.m_coord_x, T3, ws); // x2*z1^2 + + m_curve.mul(T2, m_coord_z, T3, ws); // z1^3 + m_curve.mul(T0, rhs.m_coord_y, T2, ws); // y2*z1^3 + + T4 -= m_coord_x; // x2*z1^2 - x1*z2^2 + if(T4.is_negative()) + T4 += p; + + T0 -= m_coord_y; + if(T0.is_negative()) + T0 += p; + + if(T4.is_zero()) + { + if(T0.is_zero()) + { + mult2(ws_bn); + return; + } + + // setting to zero: + m_coord_x = 0; + m_coord_y = 1; + m_coord_z = 0; + return; + } + + m_curve.sqr(T2, T4, ws); + + m_curve.mul(T3, m_coord_x, T2, ws); + + m_curve.mul(T1, T2, T4, ws); + + m_curve.sqr(m_coord_x, T0, ws); + m_coord_x -= T1; + m_coord_x -= T3; + m_coord_x -= T3; + while(m_coord_x.is_negative()) + m_coord_x += p; + + T3 -= m_coord_x; + if(T3.is_negative()) + T3 += p; + + T2 = m_coord_y; + m_curve.mul(m_coord_y, T0, T3, ws); + m_curve.mul(T3, T2, T1, ws); + m_coord_y -= T3; + if(m_coord_y.is_negative()) + m_coord_y += p; + + T3 = m_coord_z; + m_curve.mul(m_coord_z, T3, T4, ws); + } + // Point addition void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) { + if(rhs.is_zero()) + return; + + if(rhs.is_affine()) + return this->add_affine(rhs, ws_bn); + if(is_zero()) { m_coord_x = rhs.m_coord_x; @@ -73,8 +177,6 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) m_coord_z = rhs.m_coord_z; return; } - else if(rhs.is_zero()) - return; const BigInt& p = m_curve.get_p(); @@ -345,17 +447,48 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) return R[0]; } +void PointGFp::force_affine() + { + if(is_zero()) + throw Invalid_State("Cannot convert zero ECC point to affine"); + + secure_vector ws; + BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, ws); + BigInt z3 = m_curve.mul_to_tmp(m_coord_z, z2, ws); + + const BigInt z5 = m_curve.mul_to_tmp(z2, z3, ws); + const BigInt z5_inv = m_curve.invert_element(z5, ws); + const BigInt z2_inv = m_curve.mul_to_tmp(z5_inv, z3, ws); + const BigInt z3_inv = m_curve.mul_to_tmp(z5_inv, z2, ws); + + m_coord_x = m_curve.mul_to_tmp(m_coord_x, z2_inv, ws); + m_coord_y = m_curve.mul_to_tmp(m_coord_y, z3_inv, ws); + m_coord_z = 1; + m_curve.to_rep(m_coord_z, ws); + } + +bool PointGFp::is_affine() const + { + return m_curve.is_one(m_coord_z); + } + BigInt PointGFp::get_affine_x() const { if(is_zero()) throw Illegal_Transformation("Cannot convert zero point to affine"); secure_vector monty_ws; - BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); - m_curve.from_rep(z2, monty_ws); - z2 = inverse_mod(z2, m_curve.get_p()); - return m_curve.mul_to_tmp(z2, m_coord_x, monty_ws); + if(is_affine()) + return m_curve.from_rep(m_coord_x, monty_ws); + + const BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); + const BigInt z2_inv = m_curve.invert_element(z2, monty_ws); + + BigInt r; + m_curve.mul(r, m_coord_x, z2_inv, monty_ws); + m_curve.from_rep(r, monty_ws); + return r; } BigInt PointGFp::get_affine_y() const @@ -364,11 +497,18 @@ BigInt PointGFp::get_affine_y() const throw Illegal_Transformation("Cannot convert zero point to affine"); secure_vector monty_ws; - BigInt z3 = m_curve.mul_to_tmp(m_coord_z, m_curve.sqr_to_tmp(m_coord_z, monty_ws), monty_ws); - z3 = inverse_mod(z3, m_curve.get_p()); - m_curve.to_rep(z3, monty_ws); - return m_curve.mul_to_tmp(z3, m_coord_y, monty_ws); + if(is_affine()) + return m_curve.from_rep(m_coord_y, monty_ws); + + const BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); + const BigInt z3 = m_curve.mul_to_tmp(m_coord_z, z2, monty_ws); + const BigInt z3_inv = m_curve.invert_element(z3, monty_ws); + + BigInt r; + m_curve.mul(r, m_coord_y, z3_inv, monty_ws); + m_curve.from_rep(r, monty_ws); + return r; } bool PointGFp::on_the_curve() const diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index abcc9656ed..71701d5870 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -148,6 +148,13 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ BigInt get_affine_y() const; + /** + * Force this point to affine coordinates + */ + void force_affine(); + + bool is_affine() const; + /** * Is this the point at infinity? * @result true, if this point is at infinity, false otherwise. @@ -185,6 +192,13 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ void add(const PointGFp& other, std::vector& workspace); + /** + * Point addition - mixed J+A + * @param other affine point to add + * @param workspace temp space, at least WORKSPACE_SIZE elements + */ + void add_affine(const PointGFp& other, std::vector& workspace); + /** * Point doubling * @param workspace temp space, at least WORKSPACE_SIZE elements @@ -284,69 +298,22 @@ template PointGFp OS2ECP(const std::vector& data, const CurveGFp& curve) { return OS2ECP(data.data(), data.size(), curve); } +class PointGFp_Var_Point_Precompute; + /** -* Blinded ECC point multiplication +* Deprecated API for point multiplication +* Use EC_Group::blinded_base_point_multiply or EC_Group::blinded_var_point_multiply */ -class BOTAN_PUBLIC_API(2,5) PointGFp_Blinded_Multiplier final - { - public: - /** - * @param base_point the point that will be multiplied (eg, the base point of the curve) - * @param w the window bits (leave as zero to take a default value) - */ - PointGFp_Blinded_Multiplier(const PointGFp& base_point, - size_t w = 0); - - /** - * @param base_point the point that will be multiplied (eg, the base point of the curve) - * @param ws a temporary workspace - * @param w the window bits (leave as zero to take a default value) - */ - PointGFp_Blinded_Multiplier(const PointGFp& base_point, - std::vector& ws, - size_t w = 0); - - /** - * Randomize the internal state. Changing the values may provide - * some protection against side channel attacks. - * @param rng a random number generator - */ - void randomize(RandomNumberGenerator& rng); - - /** - * Perform blinded point multiplication - * @param k the scalar - * @param group_order the order of the group - * @param rng a random number generator - * @param ws a temporary workspace - * @return base_point*k - */ - PointGFp mul(const BigInt& k, - const BigInt& group_order, - RandomNumberGenerator& rng, - std::vector& ws) const; - private: - void init(const PointGFp& base_point, size_t w, std::vector& ws); - - std::vector m_U; - size_t m_h; - }; - -class BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("Use PointGFp_Blinded_Multiplier") Blinded_Point_Multiply final +class BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("See comments") Blinded_Point_Multiply final { public: - Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h = 0) : - m_ws(PointGFp::WORKSPACE_SIZE), m_order(order), m_point_mul(base, m_ws, h) {} + Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h = 0); - PointGFp blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng) - { - m_point_mul.randomize(rng); - return m_point_mul.mul(scalar, m_order, rng, m_ws); - } + PointGFp blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng); private: std::vector m_ws; const BigInt& m_order; - PointGFp_Blinded_Multiplier m_point_mul; + std::unique_ptr m_point_mul; }; } diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 314807166d..556a05eb0d 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -4,86 +4,137 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include +#include #include #include namespace Botan { -PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, - std::vector& ws, - size_t w) +Blinded_Point_Multiply::Blinded_Point_Multiply(const PointGFp& base, + const BigInt& order, + size_t h) : + m_ws(PointGFp::WORKSPACE_SIZE), + m_order(order) { - init(base, w, ws); + BOTAN_UNUSED(h); + m_point_mul.reset(new PointGFp_Var_Point_Precompute(base)); } -PointGFp_Blinded_Multiplier::PointGFp_Blinded_Multiplier(const PointGFp& base, - size_t w) +PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar, + RandomNumberGenerator& rng) + { + return m_point_mul->mul(scalar, rng, m_order, m_ws); + } + + +PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& base) { std::vector ws(PointGFp::WORKSPACE_SIZE); - init(base, w, ws); + + const size_t p_bits = base.get_curve().get_p().bits(); + + /* + * Some of the curves (eg secp160k1) have an order slightly larger than + * the size of the prime modulus. In all cases they are at most 1 bit + * longer. The +1 compensates for this. + */ + const size_t T_bits = p_bits + PointGFp_SCALAR_BLINDING_BITS + 1; + + m_T.push_back(base); + + for(size_t i = 1; i != T_bits; ++i) + { + m_T.push_back(m_T[i-1]); + m_T[i].mult2(ws); + } + + for(size_t i = 0; i != m_T.size(); ++i) + m_T[i].force_affine(); } -void PointGFp_Blinded_Multiplier::init(const PointGFp& base, - size_t w, - std::vector& ws) +PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, + RandomNumberGenerator& rng, + const BigInt& group_order, + std::vector& ws) const { - m_h = (w == 0 ? 5 : w); + if(k.is_negative()) + throw Invalid_Argument("PointGFp_Base_Point_Precompute scalar must be positive"); + + // Choose a small mask m and use k' = k + m*order (Coron's 1st countermeasure) + const BigInt mask(rng, PointGFp_SCALAR_BLINDING_BITS, false); + const BigInt scalar = k + group_order * mask; + + const size_t scalar_bits = scalar.bits(); + + BOTAN_ASSERT(scalar_bits <= m_T.size(), + "Precomputed sufficient values for scalar mult"); + + PointGFp R = m_T[0].zero(); if(ws.size() < PointGFp::WORKSPACE_SIZE) ws.resize(PointGFp::WORKSPACE_SIZE); - // Upper bound is a sanity check rather than hard limit - if(m_h < 1 || m_h > 8) - throw Invalid_Argument("PointGFp_Blinded_Multiplier invalid w param"); + for(size_t i = 0; i != scalar_bits; ++i) + { + //if(i % 4 == 3) + if(i == 4) + { + R.randomize_repr(rng); + } + + if(scalar.get_bit(i)) + R.add(m_T[i], ws); + } + + return R; + } + +PointGFp_Var_Point_Precompute::PointGFp_Var_Point_Precompute(const PointGFp& point) + { + m_window_bits = 4; - m_U.resize(1 << m_h); - m_U[0] = base.zero(); - m_U[1] = base; + m_U.resize(1U << m_window_bits); + m_U[0] = point.zero(); + m_U[1] = point; + std::vector ws(PointGFp::WORKSPACE_SIZE); for(size_t i = 2; i < m_U.size(); ++i) { m_U[i] = m_U[i-1]; - m_U[i].add(base, ws); + m_U[i].add(point, ws); } } -void PointGFp_Blinded_Multiplier::randomize(RandomNumberGenerator& rng) +void PointGFp_Var_Point_Precompute::randomize_repr(RandomNumberGenerator& rng) { - // Randomize each point representation (Coron's 3rd countermeasure) - for(size_t i = 0; i != m_U.size(); ++i) + for(size_t i = 1; i != m_U.size(); ++i) m_U[i].randomize_repr(rng); } -PointGFp PointGFp_Blinded_Multiplier::mul(const BigInt& k, - const BigInt& group_order, - RandomNumberGenerator& rng, - std::vector& ws) const +PointGFp PointGFp_Var_Point_Precompute::mul(const BigInt& k, + RandomNumberGenerator& rng, + const BigInt& group_order, + std::vector& ws) const { if(k.is_negative()) - throw Invalid_Argument("PointGFp_Blinded_Multiplier scalar must be positive"); + throw Invalid_Argument("PointGFp_Base_Point_Precompute scalar must be positive"); + if(ws.size() < PointGFp::WORKSPACE_SIZE) + ws.resize(PointGFp::WORKSPACE_SIZE); -#if BOTAN_POINTGFP_USE_SCALAR_BLINDING // Choose a small mask m and use k' = k + m*order (Coron's 1st countermeasure) - const BigInt mask(rng, group_order.bits() / 4, false); + const BigInt mask(rng, PointGFp_SCALAR_BLINDING_BITS, false); const BigInt scalar = k + group_order * mask; -#else - const BigInt& scalar = k; -#endif - - if(ws.size() < PointGFp::WORKSPACE_SIZE) - ws.resize(PointGFp::WORKSPACE_SIZE); const size_t scalar_bits = scalar.bits(); - size_t windows = round_up(scalar_bits, m_h) / m_h; + size_t windows = round_up(scalar_bits, m_window_bits) / m_window_bits; PointGFp R = m_U[0]; if(windows > 0) { windows--; - const uint32_t nibble = scalar.get_substring(windows*m_h, m_h); + const uint32_t nibble = scalar.get_substring(windows*m_window_bits, m_window_bits); R.add(m_U[nibble], ws); /* @@ -95,18 +146,16 @@ PointGFp PointGFp_Blinded_Multiplier::mul(const BigInt& k, while(windows) { - for(size_t i = 0; i != m_h; ++i) + for(size_t i = 0; i != m_window_bits; ++i) R.mult2(ws); - const uint32_t inner_nibble = scalar.get_substring((windows-1)*m_h, m_h); + const uint32_t inner_nibble = scalar.get_substring((windows-1)*m_window_bits, m_window_bits); // cache side channel here, we are relying on blinding... R.add(m_U[inner_nibble], ws); windows--; } } - //BOTAN_ASSERT(R.on_the_curve(), "Output is on the curve"); - return R; } diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h new file mode 100644 index 0000000000..97fd326a28 --- /dev/null +++ b/src/lib/pubkey/ec_group/point_mul.h @@ -0,0 +1,47 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_POINT_MUL_H_ +#define BOTAN_POINT_MUL_H_ + +#include + +namespace Botan { + +static const size_t PointGFp_SCALAR_BLINDING_BITS = 80; + +class PointGFp_Base_Point_Precompute + { + public: + PointGFp_Base_Point_Precompute(const PointGFp& base_point); + + PointGFp mul(const BigInt& k, + RandomNumberGenerator& rng, + const BigInt& group_order, + std::vector& ws) const; + private: + std::vector m_T; + }; + +class PointGFp_Var_Point_Precompute + { + public: + PointGFp_Var_Point_Precompute(const PointGFp& point); + + void randomize_repr(RandomNumberGenerator& rng); + + PointGFp mul(const BigInt& k, + RandomNumberGenerator& rng, + const BigInt& group_order, + std::vector& ws) const; + private: + size_t m_window_bits; + std::vector m_U; + }; + +} + +#endif diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 4989fa0a5a..adadb27036 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -39,9 +39,8 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF PointGFp input_point = m_group.get_cofactor() * m_group.OS2ECP(w, w_len); input_point.randomize_repr(m_rng); - PointGFp_Blinded_Multiplier blinder(input_point, m_ws); - - const PointGFp S = blinder.mul(m_l_times_priv, m_group.get_order(), m_rng, m_ws); + const PointGFp S = m_group.blinded_var_point_multiply( + input_point, m_l_times_priv, m_rng, m_ws); if(S.on_the_curve() == false) throw Internal_Error("ECDH agreed value was not on the curve"); diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 1120a850a4..06d5cfeee7 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -71,9 +71,8 @@ class ECIES_ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF PointGFp input_point = group.OS2ECP(w, w_len); input_point.randomize_repr(m_rng); - PointGFp_Blinded_Multiplier blinder(input_point, m_ws); - - const PointGFp S = blinder.mul(m_key.private_value(), group.get_order(), m_rng, m_ws); + const PointGFp S = group.blinded_var_point_multiply( + input_point, m_key.private_value(), m_rng, m_ws); if(S.on_the_curve() == false) throw Internal_Error("ECDH agreed value was not on the curve"); diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index b0d7736354..4a6aa2b6eb 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -6,6 +6,7 @@ */ #include +#include #include #include #include @@ -76,7 +77,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption BigInt::encode_1363(x1_bytes.data(), x1_bytes.size(), x1); BigInt::encode_1363(y1_bytes.data(), y1_bytes.size(), y1); - const PointGFp kPB = m_mul_public_point.mul(k, m_group.get_order(), rng, m_ws); + const PointGFp kPB = m_mul_public_point.mul(k, rng, m_group.get_order(), m_ws); const BigInt x2 = kPB.get_affine_x(); const BigInt y2 = kPB.get_affine_y(); @@ -113,7 +114,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption private: const EC_Group m_group; - PointGFp_Blinded_Multiplier m_mul_public_point; + PointGFp_Var_Point_Precompute m_mul_public_point; const std::string m_kdf_hash; std::vector m_ws; }; @@ -161,6 +162,8 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption .verify_end(); PointGFp C1 = group.point(x1, y1); + C1.randomize_repr(m_rng); + if(!C1.on_the_curve()) return secure_vector(); @@ -169,11 +172,8 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption return secure_vector(); } - C1.randomize_repr(m_rng); - - PointGFp_Blinded_Multiplier C1_mul(C1); - - const PointGFp dbC1 = C1_mul.mul(m_key.private_value(), group.get_order(), m_rng, m_ws); + const PointGFp dbC1 = group.blinded_var_point_multiply( + C1, m_key.private_value(), m_rng, m_ws); const BigInt x2 = dbC1.get_affine_x(); const BigInt y2 = dbC1.get_affine_y(); diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 6f0d1a243b..cbff3ff4fb 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -136,10 +136,6 @@ std::vector ECC_Randomized_Tests::run() const size_t trials = (Test::run_long_tests() ? 10 : 3); for(size_t i = 0; i < trials; ++i) { - const size_t w = 1 + (Test::rng().next_byte() % 8); - - Botan::PointGFp_Blinded_Multiplier blinded(base_point, w); - const Botan::BigInt a = Botan::BigInt::random_integer(Test::rng(), 2, group_order); const Botan::BigInt b = Botan::BigInt::random_integer(Test::rng(), 2, group_order); const Botan::BigInt c = a + b; @@ -148,13 +144,18 @@ std::vector ECC_Randomized_Tests::run() const Botan::PointGFp Q = base_point * b; const Botan::PointGFp R = base_point * c; - const Botan::PointGFp P1 = blinded.mul(a, group_order, Test::rng(), blind_ws); - const Botan::PointGFp Q1 = blinded.mul(b, group_order, Test::rng(), blind_ws); - const Botan::PointGFp R1 = blinded.mul(c, group_order, Test::rng(), blind_ws); + Botan::PointGFp P1 = group.blinded_base_point_multiply(a, Test::rng(), blind_ws); + Botan::PointGFp Q1 = group.blinded_base_point_multiply(b, Test::rng(), blind_ws); + Botan::PointGFp R1 = group.blinded_base_point_multiply(c, Test::rng(), blind_ws); + + Botan::PointGFp A1 = P + Q; + Botan::PointGFp A2 = Q + P; - const Botan::PointGFp A1 = P + Q; - const Botan::PointGFp A2 = Q + P; + result.test_eq("p + q", A1, R); + result.test_eq("q + p", A2, R); + A1.force_affine(); + A2.force_affine(); result.test_eq("p + q", A1, R); result.test_eq("q + p", A2, R); @@ -162,6 +163,13 @@ std::vector ECC_Randomized_Tests::run() result.test_eq("q on the curve", Q.on_the_curve(), true); result.test_eq("r on the curve", R.on_the_curve(), true); + result.test_eq("P1", P1, P); + result.test_eq("Q1", Q1, Q); + result.test_eq("R1", R1, R); + + P1.force_affine(); + Q1.force_affine(); + R1.force_affine(); result.test_eq("P1", P1, P); result.test_eq("Q1", Q1, Q); result.test_eq("R1", R1, R); From 0138f2fca81cdf6d14b913c36f9ae1af140def81 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 08:31:27 -0500 Subject: [PATCH 0801/1008] Add estimate of cycle counter rate to speed output --- src/cli/speed.cpp | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 209e8d68ad..729ece949b 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -718,6 +718,12 @@ class Speed final : public Command } } + if(verbose() || m_summary) + { + output() << Botan::version_string() << "\n" + << "CPUID: " << Botan::CPUID::to_string() << "\n\n"; + } + const bool using_defaults = (algos.empty()); if(using_defaults) { @@ -954,20 +960,30 @@ class Speed final : public Command } if(m_summary) { - output() << m_summary->print() << "\n" - << Botan::version_string() << "\n" - << "CPUID: " << Botan::CPUID::to_string() << "\n"; + output() << m_summary->print() << "\n"; + } + + if(verbose() && m_cycles_consumed > 0 && m_ns_taken > 0) + { + const double seconds = static_cast(m_ns_taken) / 1000000000; + const double Hz = static_cast(m_cycles_consumed) / seconds; + const double MHz = Hz / 1000000; + output() << "\nEstimated clock speed " << MHz << " MHz\n"; } } private: double m_clock_cycle_ratio; + uint64_t m_cycles_consumed = 0; + uint64_t m_ns_taken = 0; std::unique_ptr m_summary; std::unique_ptr m_json; void record_result(const std::unique_ptr& t) { + m_ns_taken += t->value(); + m_cycles_consumed += t->cycles_consumed(); if(m_json) { m_json->add(*t); From b86e373ab1cee38362a04edf3a7310b545e739a9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 08:46:47 -0500 Subject: [PATCH 0802/1008] Add destructor for unique_ptr --- src/lib/pubkey/ec_group/point_gfp.h | 2 ++ src/lib/pubkey/ec_group/point_mul.cpp | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index 71701d5870..56844a26fb 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -309,6 +309,8 @@ class BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("See comments") Blinded_Point_Multi public: Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h = 0); + ~Blinded_Point_Multiply(); + PointGFp blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng); private: std::vector m_ws; diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 556a05eb0d..2a63a8221e 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -20,6 +20,11 @@ Blinded_Point_Multiply::Blinded_Point_Multiply(const PointGFp& base, m_point_mul.reset(new PointGFp_Var_Point_Precompute(base)); } +Blinded_Point_Multiply::~Blinded_Point_Multiply() + { + /* for ~unique_ptr */ + } + PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar, RandomNumberGenerator& rng) { From e9c634b9cb0d8c15b2c252e62f551f7f24dbaaf8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 09:13:32 -0500 Subject: [PATCH 0803/1008] Add a way of specifying CPU clock speed for output purposes --- src/cli/speed.cpp | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 729ece949b..d1a4f49466 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -117,12 +117,14 @@ class Timer final const std::string& doing, uint64_t event_mult, size_t buf_size, - double clock_cycle_ratio) + double clock_cycle_ratio, + uint64_t clock_speed) : m_name(name + ((provider.empty() || provider == "base") ? "" : " [" + provider + "]")) , m_doing(doing) , m_buf_size(buf_size) , m_event_mult(event_mult) , m_clock_cycle_ratio(clock_cycle_ratio) + , m_clock_speed(clock_speed) {} Timer(const Timer& other) = default; @@ -205,6 +207,10 @@ class Timer final uint64_t cycles_consumed() const { + if(m_clock_speed != 0) + { + return (static_cast(m_clock_speed) * value()) / 1000; + } return m_cpu_cycles_used; } @@ -281,6 +287,7 @@ class Timer final size_t m_buf_size; uint64_t m_event_mult; double m_clock_cycle_ratio; + uint64_t m_clock_speed; // set at runtime std::string m_custom_msg; @@ -574,7 +581,7 @@ class Speed final : public Command { public: Speed() - : Command("speed --msec=500 --format=default --ecc-groups= --provider= --buf-size=1024 --clear-cpuid= --cpu-clock-ratio=1.0 *algos") {} + : Command("speed --msec=500 --format=default --ecc-groups= --provider= --buf-size=1024 --clear-cpuid= --cpu-clock-speed=0 --cpu-clock-ratio=1.0 *algos") {} std::vector default_benchmark_list() { @@ -680,6 +687,7 @@ class Speed final : public Command std::vector ecc_groups = Botan::split_on(get_arg("ecc-groups"), ','); const std::string format = get_arg("format"); const std::string clock_ratio = get_arg("cpu-clock-ratio"); + m_clock_speed = get_arg_sz("cpu-clock-speed"); m_clock_cycle_ratio = std::strtod(clock_ratio.c_str(), nullptr); @@ -692,6 +700,13 @@ class Speed final : public Command if(m_clock_cycle_ratio < 0.0 || m_clock_cycle_ratio > 1.0) throw CLI_Usage_Error("Unlikely CPU clock ratio of " + clock_ratio); + if(m_clock_speed != 0 && Botan::OS::get_processor_timestamp() != 0) + { + error_output() << "The --cpu-clock-speed option is only intended to be used on " + "platforms without access to a cycle counter.\n" + "Expected incorrect results\n\n";; + } + if(format == "table") m_summary.reset(new Summary); else if(format == "json") @@ -963,7 +978,7 @@ class Speed final : public Command output() << m_summary->print() << "\n"; } - if(verbose() && m_cycles_consumed > 0 && m_ns_taken > 0) + if(verbose() && m_clock_speed == 0 && m_cycles_consumed > 0 && m_ns_taken > 0) { const double seconds = static_cast(m_ns_taken) / 1000000000; const double Hz = static_cast(m_cycles_consumed) / seconds; @@ -974,7 +989,8 @@ class Speed final : public Command private: - double m_clock_cycle_ratio; + size_t m_clock_speed = 0; + double m_clock_cycle_ratio = 0.0; uint64_t m_cycles_consumed = 0; uint64_t m_ns_taken = 0; std::unique_ptr m_summary; @@ -1030,7 +1046,8 @@ class Speed final : public Command size_t buf_size = 0) { return std::unique_ptr( - new Timer(name, provider, what, event_mult, buf_size, m_clock_cycle_ratio)); + new Timer(name, provider, what, event_mult, buf_size, + m_clock_cycle_ratio, m_clock_speed)); } std::unique_ptr make_timer(const std::string& algo, From a1654b5b4780bc74e4e86ea8076918b4378e47d2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 10:02:31 -0500 Subject: [PATCH 0804/1008] Update news --- news.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/news.rst b/news.rst index 4bf0687ce0..f958c72d0f 100644 --- a/news.rst +++ b/news.rst @@ -6,9 +6,9 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) -* Several optimizations in ECC operations have improved ECDSA signature - generation and ECDH key exchange performance by 3 to 5 times as compared to - previous releases. ECDSA verification is 2 to 3 times faster. (GH #1457) +* Many optimizations in ECC operations. ECDSA signatures are 6-8 times faster. + ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times + faster. (GH #1457 #1478) * Implement product scanning Montgomery reduction, which improves Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH #1472) From eb5d581724bc17dbdfdeb8e9b49326b00b1af8c6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 10:28:09 -0500 Subject: [PATCH 0805/1008] Require explicit calls to add_affine Skipping the checks saves 3-7% for ECDSA --- src/lib/pubkey/ec_group/point_gfp.cpp | 5 +---- src/lib/pubkey/ec_group/point_mul.cpp | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 7968d2dcdd..6c79253673 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -76,7 +76,7 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) return; } - BOTAN_ASSERT(rhs.is_affine(), "PointGFp::add_affine requires arg be affine point"); + //BOTAN_ASSERT(rhs.is_affine(), "PointGFp::add_affine requires arg be affine point"); /* https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 @@ -167,9 +167,6 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) if(rhs.is_zero()) return; - if(rhs.is_affine()) - return this->add_affine(rhs, ws_bn); - if(is_zero()) { m_coord_x = rhs.m_coord_x; diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 2a63a8221e..1320576432 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -88,7 +88,7 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, } if(scalar.get_bit(i)) - R.add(m_T[i], ws); + R.add_affine(m_T[i], ws); } return R; From da7c94cf809cc1c84b41e9313e64634675ace2bc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 16:55:55 -0500 Subject: [PATCH 0806/1008] Add PointGFp::force_all_affine using Montgomery's trick Also be somewhat smarter in force_affine avoids several muls --- src/lib/pubkey/ec_group/point_gfp.cpp | 69 ++++++++++++++++++++++++--- src/lib/pubkey/ec_group/point_gfp.h | 5 ++ src/lib/pubkey/ec_group/point_mul.cpp | 3 +- 3 files changed, 68 insertions(+), 9 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 6c79253673..f7d43bc26b 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -444,20 +444,75 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) return R[0]; } +//static +void PointGFp::force_all_affine(std::vector& points) + { + if(points.size() <= 1) + { + for(size_t i = 0; i != points.size(); ++i) + points[i].force_affine(); + return; + } + + /* + For >= 2 points use Montgomery's trick + + See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" + (Hankerson, Menezes, Vanstone) + + TODO is it really necessary to save all k points in c? + */ + + secure_vector ws; + + std::vector c; + + c.push_back(points[0].m_coord_z); + + BigInt rep_1 = 1; + + const CurveGFp& curve = points[0].m_curve; + curve.to_rep(rep_1, ws); + + for(size_t i = 1; i != points.size(); ++i) + { + c.push_back(curve.mul_to_tmp(c[i-1], points[i].m_coord_z, ws)); + } + + BigInt s_inv = curve.invert_element(c[c.size()-1], ws); + + for(size_t i = points.size() - 1; i != 0; i--) + { + PointGFp& point = points[i]; + + const BigInt z_inv = curve.mul_to_tmp(s_inv, c[i-1], ws); + + s_inv = curve.mul_to_tmp(s_inv, point.m_coord_z, ws); + + const BigInt z2_inv = curve.sqr_to_tmp(z_inv, ws); + const BigInt z3_inv = curve.mul_to_tmp(z_inv, z2_inv, ws); + point.m_coord_x = curve.mul_to_tmp(point.m_coord_x, z2_inv, ws); + point.m_coord_y = curve.mul_to_tmp(point.m_coord_y, z3_inv, ws); + point.m_coord_z = rep_1; + } + + const BigInt z2_inv = curve.sqr_to_tmp(s_inv, ws); + const BigInt z3_inv = curve.mul_to_tmp(s_inv, z2_inv, ws); + points[0].m_coord_x = curve.mul_to_tmp(points[0].m_coord_x, z2_inv, ws); + points[0].m_coord_y = curve.mul_to_tmp(points[0].m_coord_y, z3_inv, ws); + points[0].m_coord_z = rep_1; + } + void PointGFp::force_affine() { if(is_zero()) throw Invalid_State("Cannot convert zero ECC point to affine"); secure_vector ws; - BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, ws); - BigInt z3 = m_curve.mul_to_tmp(m_coord_z, z2, ws); - - const BigInt z5 = m_curve.mul_to_tmp(z2, z3, ws); - const BigInt z5_inv = m_curve.invert_element(z5, ws); - const BigInt z2_inv = m_curve.mul_to_tmp(z5_inv, z3, ws); - const BigInt z3_inv = m_curve.mul_to_tmp(z5_inv, z2, ws); + const BigInt z_inv = m_curve.invert_element(m_coord_z, ws); + const BigInt z2_inv = m_curve.sqr_to_tmp(z_inv, ws); + const BigInt z3_inv = m_curve.mul_to_tmp(z_inv, z2_inv, ws); m_coord_x = m_curve.mul_to_tmp(m_coord_x, z2_inv, ws); m_coord_y = m_curve.mul_to_tmp(m_coord_y, z3_inv, ws); m_coord_z = 1; diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index 56844a26fb..6f2e34f27c 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -153,6 +153,11 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ void force_affine(); + /** + * Force all points on the list to affine coordinates + */ + static void force_all_affine(std::vector& points); + bool is_affine() const; /** diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 1320576432..51d083ad28 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -53,8 +53,7 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b m_T[i].mult2(ws); } - for(size_t i = 0; i != m_T.size(); ++i) - m_T[i].force_affine(); + PointGFp::force_all_affine(m_T); } PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, From b713706554b3b14226f11106d35aa7c564d387e5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 17:41:26 -0500 Subject: [PATCH 0807/1008] Mul into temps to avoid allocations --- src/lib/pubkey/ec_group/point_gfp.cpp | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index f7d43bc26b..1f8dc31470 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -151,14 +151,15 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) T3 += p; T2 = m_coord_y; - m_curve.mul(m_coord_y, T0, T3, ws); - m_curve.mul(T3, T2, T1, ws); - m_coord_y -= T3; - if(m_coord_y.is_negative()) - m_coord_y += p; + m_curve.mul(T2, T0, T3, ws); + m_curve.mul(T3, m_coord_y, T1, ws); + T2 -= T3; + if(T2.is_negative()) + T2 += p; + m_coord_y = T2; - T3 = m_coord_z; - m_curve.mul(m_coord_z, T3, T4, ws); + m_curve.mul(T3, m_coord_z, T4, ws); + m_coord_z = T3; } // Point addition From cc22c1e0a7c53bb4fb92e674c0b2b9ef6fe39c68 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 18:00:11 -0500 Subject: [PATCH 0808/1008] Add blinded_base_point_multiply_x Often useful when the point is not needed --- src/lib/pubkey/ec_group/ec_group.cpp | 7 +++++++ src/lib/pubkey/ec_group/ec_group.h | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 723a4148e7..5fb79c9237 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -483,6 +483,13 @@ PointGFp EC_Group::blinded_base_point_multiply(const BigInt& k, return data().blinded_base_point_multiply(k, rng, ws); } +BigInt EC_Group::blinded_base_point_multiply_x(const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const + { + return data().blinded_base_point_multiply(k, rng, ws).get_affine_x(); + } + PointGFp EC_Group::blinded_var_point_multiply(const PointGFp& point, const BigInt& k, RandomNumberGenerator& rng, diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 8238c2902e..47652e1b4a 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -246,6 +246,19 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final RandomNumberGenerator& rng, std::vector& ws) const; + /** + * Blinded point multiplication, attempts resistance to side channels + * Returns just the x coordinate of the point + * + * @param k the scalar + * @param rng a random number generator + * @param ws a temp workspace + * @return x coordinate of base_point*k + */ + BigInt blinded_base_point_multiply_x(const BigInt& k, + RandomNumberGenerator& rng, + std::vector& ws) const; + /** * Blinded point multiplication, attempts resistance to side channels * @param point input point From 69b53b714b5bac4298a90f42753202d687bac8e8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 18:00:40 -0500 Subject: [PATCH 0809/1008] Avoid creating too-large values during ECDSA signing It would cause the Barrett reduction to fallback to schoolbook division. Small but noticable speedup (2-3%) --- src/lib/pubkey/ecdsa/ecdsa.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 57bc197c50..d473e466c7 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -89,9 +89,11 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, #endif const BigInt k_inv = inverse_mod(k, m_group.get_order()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); - const BigInt s = m_group.multiply_mod_order(k_inv, mul_add(m_x, r, m)); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply(k, rng, m_ws).get_affine_x()); + + const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m); + const BigInt s = m_group.multiply_mod_order(k_inv, xrm); // With overwhelming probability, a bug rather than actual zero r/s if(r.is_zero() || s.is_zero()) From 0c90eef7580ebd8c605c76ab2d3170d01c462bb9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 18:15:27 -0500 Subject: [PATCH 0810/1008] Small fiddly optimizations in locking_allocator --- src/lib/utils/locking_allocator/locking_allocator.cpp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/lib/utils/locking_allocator/locking_allocator.cpp b/src/lib/utils/locking_allocator/locking_allocator.cpp index c7ca1662fd..e457a203c8 100644 --- a/src/lib/utils/locking_allocator/locking_allocator.cpp +++ b/src/lib/utils/locking_allocator/locking_allocator.cpp @@ -17,15 +17,15 @@ namespace Botan { namespace { -bool ptr_in_pool(const void* pool_ptr, size_t poolsize, - const void* buf_ptr, size_t bufsize) +inline bool ptr_in_pool(const void* pool_ptr, size_t poolsize, + const void* buf_ptr, size_t bufsize) { const uintptr_t pool = reinterpret_cast(pool_ptr); const uintptr_t buf = reinterpret_cast(buf_ptr); return (buf >= pool) && (buf + bufsize <= pool + poolsize); } -size_t padding_for_alignment(size_t offset, size_t desired_alignment) +inline size_t padding_for_alignment(size_t offset, size_t desired_alignment) { size_t mod = offset % desired_alignment; if(mod == 0) @@ -70,8 +70,9 @@ void* mlock_allocator::allocate(size_t num_elems, size_t elem_size) return m_pool + offset; } - if((i->second >= (n + padding_for_alignment(i->first, alignment)) && - ((best_fit == m_freelist.end()) || (best_fit->second > i->second)))) + + if(((best_fit == m_freelist.end()) || (best_fit->second > i->second)) && + (i->second >= (n + padding_for_alignment(i->first, alignment)))) { best_fit = i; } From 5207365fd5cc99eb187101fe14cf1908aac20c10 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 18:16:24 -0500 Subject: [PATCH 0811/1008] Remove Coverity badge for now It's been down for 2 weeks already with no sign of return. Will add it back when they get sorted. --- readme.rst | 4 ---- 1 file changed, 4 deletions(-) diff --git a/readme.rst b/readme.rst index 287805d3e2..7997d0a48b 100644 --- a/readme.rst +++ b/readme.rst @@ -68,10 +68,6 @@ external build systems, see the manual for details. :target: https://codecov.io/github/randombit/botan :alt: Code coverage report -.. image:: https://scan.coverity.com/projects/624/badge.svg - :target: https://scan.coverity.com/projects/624 - :alt: Coverity results - .. image:: https://sonarcloud.io/api/badges/gate?key=botan :target: https://sonarcloud.io/dashboard/index/botan :alt: Sonarcloud analysis From af4aad7db642607fbf4e07b2f8d7c97865397e94 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 18:43:59 -0500 Subject: [PATCH 0812/1008] Add benchmark for GOST-34.10 signatures --- src/cli/speed.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 3a752a3d3a..e331354c95 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -815,6 +815,12 @@ class Speed final : public Command bench_eckcdsa(ecc_groups, provider, msec); } #endif +#if defined(BOTAN_HAS_GOST_34_10_2001) + else if(algo == "GOST-34.10") + { + bench_gost_3410(provider, msec); + } +#endif #if defined(BOTAN_HAS_ECGDSA) else if(algo == "ECGDSA") { @@ -1809,6 +1815,14 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_GOST_34_10_2001) + void bench_gost_3410(const std::string& provider, + std::chrono::milliseconds msec) + { + return bench_pk_sig_ecc("GOST-34.10", "EMSA1(GOST-34.11)", provider, {"gost_256A"}, msec); + } +#endif + #if defined(BOTAN_HAS_SM2) void bench_sm2(const std::vector& groups, const std::string& provider, From 87085b1c844555c1516dd8a930847aa3972b134e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Mar 2018 18:44:32 -0500 Subject: [PATCH 0813/1008] Use blinded_base_point_multiply_x in the various signature schemes --- src/lib/pubkey/ecdsa/ecdsa.cpp | 2 +- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 9 ++++++--- src/lib/pubkey/eckcdsa/eckcdsa.cpp | 3 +-- src/lib/pubkey/gost_3410/gost_3410.cpp | 9 +++++---- src/lib/pubkey/sm2/sm2.cpp | 8 ++++---- 5 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index d473e466c7..a2877f7fc6 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -90,7 +90,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, const BigInt k_inv = inverse_mod(k, m_group.get_order()); const BigInt r = m_group.mod_order( - m_group.blinded_base_point_multiply(k, rng, m_ws).get_affine_x()); + m_group.blinded_base_point_multiply_x(k, rng, m_ws)); const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m); const BigInt s = m_group.multiply_mod_order(k_inv, xrm); diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index 6cbd3453b7..db790b0d1a 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -61,9 +61,12 @@ ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); - const BigInt s = m_group.multiply_mod_order(m_x, mul_sub(k, r, m)); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply_x(k, rng, m_ws)); + + const BigInt kr = m_group.multiply_mod_order(k, r); + + const BigInt s = m_group.multiply_mod_order(m_x, kr - m); // With overwhelming probability, a bug rather than actual zero r/s if(r.is_zero() || s.is_zero()) diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index be721a6b60..f9d9b2f608 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -77,8 +77,7 @@ ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t, RandomNumberGenerator& rng) { const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - const BigInt k_times_P_x = k_times_P.get_affine_x(); + const BigInt k_times_P_x = m_group.blinded_base_point_multiply_x(k, rng, m_ws); secure_vector to_be_hashed(k_times_P_x.bytes()); k_times_P_x.binary_encode(to_be_hashed.data()); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 79d3f204d2..4e2df4cb87 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -132,11 +132,12 @@ GOST_3410_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, if(e == 0) e = 1; - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - BOTAN_ASSERT(k_times_P.on_the_curve(), "GOST 34.10 k*g is on the curve"); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply_x(k, rng, m_ws)); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); - const BigInt s = m_group.mod_order(r*m_x + k*e); + const BigInt s = m_group.mod_order( + m_group.multiply_mod_order(r, m_x) + + m_group.multiply_mod_order(k, e)); if(r == 0 || s == 0) throw Internal_Error("GOST 34.10 signature generation failed, r/s equal to zero"); diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index a23708944f..cec9eaa383 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -112,12 +112,12 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { - const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt e = BigInt::decode(m_hash->final()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const BigInt e = BigInt::decode(m_hash->final()); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e); const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x)); // prepend ZA for next signature if any From b16a5c460d785a41137f5c758f3e1fa5a4bc7cbd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 04:55:48 -0500 Subject: [PATCH 0814/1008] Cleanup comments --- src/lib/pubkey/ec_group/point_gfp.cpp | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 1f8dc31470..c71a6cffe8 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -78,11 +78,6 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) //BOTAN_ASSERT(rhs.is_affine(), "PointGFp::add_affine requires arg be affine point"); - /* - https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 - simplified with Z2 = 1 - */ - const BigInt& p = m_curve.get_p(); const size_t cap_size = 2*m_curve.get_p_words() + 2; @@ -102,6 +97,7 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) /* https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 + simplified with Z2 = 1 */ m_curve.sqr(T3, m_coord_z, ws); // z1^2 @@ -272,10 +268,6 @@ void PointGFp::mult2(std::vector& ws_bn) return; } - /* - https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc - */ - const size_t cap_size = 2*m_curve.get_p_words() + 2; BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); @@ -291,6 +283,10 @@ void PointGFp::mult2(std::vector& ws_bn) BigInt& T3 = ws_bn[4]; BigInt& T4 = ws_bn[5]; + /* + https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc + */ + m_curve.sqr(T0, m_coord_y, ws); m_curve.mul(T1, m_coord_x, T0, ws); @@ -311,7 +307,6 @@ void PointGFp::mult2(std::vector& ws_bn) T2 -= T1; while(T2.is_negative()) T2 += p; - m_coord_x = T2; m_curve.sqr(T3, T0, ws); T3 <<= 3; @@ -326,6 +321,8 @@ void PointGFp::mult2(std::vector& ws_bn) if(T0.is_negative()) T0 += p; + m_coord_x = T2; + m_curve.mul(T2, m_coord_y, m_coord_z, ws); T2 <<= 1; T2.reduce_below(p, T3.get_word_vector()); From 5185c2aaa8bf9556556e4507869042a71eaba6c0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 05:04:07 -0500 Subject: [PATCH 0815/1008] Use move to avoid needless some needless copies --- src/lib/pubkey/ec_group/point_gfp.cpp | 32 +++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index c71a6cffe8..8f1093418d 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -375,22 +375,22 @@ PointGFp multi_exponentiate(const PointGFp& x, const BigInt& z1, const PointGFp y3(y2.plus(y, ws)); const PointGFp M[16] = { - x.zero(), // 0000 - x, // 0001 - x2, // 0010 - x3, // 0011 - y, // 0100 - y.plus(x, ws), // 0101 - y.plus(x2, ws), // 0110 - y.plus(x3, ws), // 0111 - y2, // 1000 - y2.plus(x, ws), // 1001 - y2.plus(x2, ws), // 1010 - y2.plus(x3, ws), // 1011 - y3, // 1100 - y3.plus(x, ws), // 1101 - y3.plus(x2, ws), // 1110 - y3.plus(x3, ws), // 1111 + x.zero(), // 0000 + x, // 0001 + x2, // 0010 + x3, // 0011 + y, // 0100 + std::move(y.plus(x, ws)), // 0101 + std::move(y.plus(x2, ws)), // 0110 + std::move(y.plus(x3, ws)), // 0111 + y2, // 1000 + std::move(y2.plus(x, ws)), // 1001 + std::move(y2.plus(x2, ws)), // 1010 + std::move(y2.plus(x3, ws)), // 1011 + y3, // 1100 + std::move(y3.plus(x, ws)), // 1101 + std::move(y3.plus(x2, ws)), // 1110 + std::move(y3.plus(x3, ws)), // 1111 }; PointGFp H = x.zero(); From 869909163d08144e69c7f2b11e8053d68a07d390 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 07:13:07 -0500 Subject: [PATCH 0816/1008] Add OS::system_page_size --- src/lib/utils/os_utils.cpp | 23 +++++++++++++++++++---- src/lib/utils/os_utils.h | 6 ++++++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 7696155439..f2813b323b 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -197,6 +197,24 @@ uint64_t OS::get_system_timestamp_ns() return std::chrono::duration_cast(now).count(); } +size_t OS::system_page_size() + { +#if defined(BOTAN_TARGET_OS_HAS_POSIX1) + long p = ::sysconf(_SC_PAGESIZE); + if(p > 1) + return static_cast(p); + else + return 4096; +#elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) + SYSTEM_INFO sys_info; + ::GetSystemInfo(&sys_info); + return sys_info.dwPageSize; +#endif + + // default value + return 4096; + } + size_t OS::get_memory_locking_limit() { #if defined(BOTAN_TARGET_OS_HAS_POSIX1) @@ -255,16 +273,13 @@ size_t OS::get_memory_locking_limit() return 0; } - SYSTEM_INFO sSysInfo; - ::GetSystemInfo(&sSysInfo); - // According to Microsoft MSDN: // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages // But the information in the book seems to be inaccurate/outdated // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 // On all three OS the value is 11 instead of 8 - size_t overhead = sSysInfo.dwPageSize * 11ULL; + size_t overhead = OS::system_page_size() * 11ULL; if(working_min > overhead) { size_t lockable_bytes = working_min - overhead; diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h index feccdbe739..5210b2523b 100644 --- a/src/lib/utils/os_utils.h +++ b/src/lib/utils/os_utils.h @@ -67,6 +67,12 @@ uint64_t BOTAN_TEST_API get_system_timestamp_ns(); */ size_t get_memory_locking_limit(); +/** +* Return the size of a memory page, if that can be derived on the +* current system. Otherwise returns some default value (eg 4096) +*/ +size_t system_page_size(); + /** * Request so many bytes of page-aligned RAM locked into memory using * mlock, VirtualLock, or similar. Returns null on failure. The memory From 4b8cd92d78e7c0cdeca111d528db7d19918c34b3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 07:16:52 -0500 Subject: [PATCH 0817/1008] Split out the memory pool logic Making a clear seperation between the OS specific code to get the pool, the singleton mlock allocator, and the general allocator logic. --- src/lib/utils/locking_allocator/info.txt | 4 + .../locking_allocator/locking_allocator.cpp | 171 ++-------------- .../locking_allocator/locking_allocator.h | 11 +- src/lib/utils/mem_pool/info.txt | 7 + src/lib/utils/mem_pool/mem_pool.cpp | 190 ++++++++++++++++++ src/lib/utils/mem_pool/mem_pool.h | 60 ++++++ 6 files changed, 282 insertions(+), 161 deletions(-) create mode 100644 src/lib/utils/mem_pool/info.txt create mode 100644 src/lib/utils/mem_pool/mem_pool.cpp create mode 100644 src/lib/utils/mem_pool/mem_pool.h diff --git a/src/lib/utils/locking_allocator/info.txt b/src/lib/utils/locking_allocator/info.txt index 7dc3c059d8..5d7a2ba83e 100644 --- a/src/lib/utils/locking_allocator/info.txt +++ b/src/lib/utils/locking_allocator/info.txt @@ -6,3 +6,7 @@ LOCKING_ALLOCATOR -> 20131128 posix1 virtual_lock + + +mem_pool + diff --git a/src/lib/utils/locking_allocator/locking_allocator.cpp b/src/lib/utils/locking_allocator/locking_allocator.cpp index e457a203c8..ba301adfb7 100644 --- a/src/lib/utils/locking_allocator/locking_allocator.cpp +++ b/src/lib/utils/locking_allocator/locking_allocator.cpp @@ -7,114 +7,20 @@ #include #include -#include -#include -#include -#include -#include +#include namespace Botan { -namespace { - -inline bool ptr_in_pool(const void* pool_ptr, size_t poolsize, - const void* buf_ptr, size_t bufsize) - { - const uintptr_t pool = reinterpret_cast(pool_ptr); - const uintptr_t buf = reinterpret_cast(buf_ptr); - return (buf >= pool) && (buf + bufsize <= pool + poolsize); - } - -inline size_t padding_for_alignment(size_t offset, size_t desired_alignment) - { - size_t mod = offset % desired_alignment; - if(mod == 0) - return 0; // already right on - return desired_alignment - mod; - } - -} - void* mlock_allocator::allocate(size_t num_elems, size_t elem_size) { if(!m_pool) return nullptr; const size_t n = num_elems * elem_size; - const size_t alignment = 16; - if(n / elem_size != num_elems) return nullptr; // overflow! - if(n > m_poolsize) - return nullptr; - if(n < BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION || n > BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION) - return nullptr; - - lock_guard_type lock(m_mutex); - - auto best_fit = m_freelist.end(); - - for(auto i = m_freelist.begin(); i != m_freelist.end(); ++i) - { - // If we have a perfect fit, use it immediately - if(i->second == n && (i->first % alignment) == 0) - { - const size_t offset = i->first; - m_freelist.erase(i); - clear_mem(m_pool + offset, n); - - BOTAN_ASSERT((reinterpret_cast(m_pool) + offset) % alignment == 0, - "Returning correctly aligned pointer"); - - return m_pool + offset; - } - - - if(((best_fit == m_freelist.end()) || (best_fit->second > i->second)) && - (i->second >= (n + padding_for_alignment(i->first, alignment)))) - { - best_fit = i; - } - } - - if(best_fit != m_freelist.end()) - { - const size_t offset = best_fit->first; - - const size_t alignment_padding = padding_for_alignment(offset, alignment); - - best_fit->first += n + alignment_padding; - best_fit->second -= n + alignment_padding; - - // Need to realign, split the block - if(alignment_padding) - { - /* - If we used the entire block except for small piece used for - alignment at the beginning, so just update the entry already - in place (as it is in the correct location), rather than - deleting the empty range and inserting the new one in the - same location. - */ - if(best_fit->second == 0) - { - best_fit->first = offset; - best_fit->second = alignment_padding; - } - else - m_freelist.insert(best_fit, std::make_pair(offset, alignment_padding)); - } - - clear_mem(m_pool + offset + alignment_padding, n); - - BOTAN_ASSERT((reinterpret_cast(m_pool) + offset + alignment_padding) % alignment == 0, - "Returning correctly aligned pointer"); - - return m_pool + offset + alignment_padding; - } - - return nullptr; + return m_pool->allocate(n); } bool mlock_allocator::deallocate(void* p, size_t num_elems, size_t elem_size) BOTAN_NOEXCEPT @@ -131,73 +37,26 @@ bool mlock_allocator::deallocate(void* p, size_t num_elems, size_t elem_size) BO if(n / elem_size != num_elems) return false; - if(!ptr_in_pool(m_pool, m_poolsize, p, n)) - return false; - - std::memset(p, 0, n); - - lock_guard_type lock(m_mutex); - - const size_t start = static_cast(p) - m_pool; - - auto comp = [](std::pair x, std::pair y){ return x.first < y.first; }; - - auto i = std::lower_bound(m_freelist.begin(), m_freelist.end(), - std::make_pair(start, 0), comp); - - // try to merge with later block - if(i != m_freelist.end() && start + n == i->first) - { - i->first = start; - i->second += n; - n = 0; - } - - // try to merge with previous block - if(i != m_freelist.begin()) - { - auto prev = std::prev(i); - - if(prev->first + prev->second == start) - { - if(n) - { - prev->second += n; - n = 0; - } - else - { - // merge adjoining - prev->second += i->second; - m_freelist.erase(i); - } - } - } - - if(n != 0) // no merge possible? - m_freelist.insert(i, std::make_pair(start, n)); - - return true; + return m_pool->deallocate(p, n); } mlock_allocator::mlock_allocator() { const size_t mem_to_lock = OS::get_memory_locking_limit(); - /* - TODO: split into multiple single page allocations to - help ASLR and guard pages to help reduce the damage of - a wild reads or write by the application. - */ - if(mem_to_lock) { - m_pool = static_cast(OS::allocate_locked_pages(mem_to_lock)); + m_locked_pages = static_cast(OS::allocate_locked_pages(mem_to_lock)); - if(m_pool != nullptr) + if(m_locked_pages) { - m_poolsize = mem_to_lock; - m_freelist.push_back(std::make_pair(0, m_poolsize)); + m_locked_pages_size = mem_to_lock; + m_pool.reset(new Memory_Pool(m_locked_pages, + m_locked_pages_size, + OS::system_page_size(), + BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION, + BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION, + 4)); } } } @@ -206,9 +65,9 @@ mlock_allocator::~mlock_allocator() { if(m_pool) { - secure_scrub_memory(m_pool, m_poolsize); - OS::free_locked_pages(m_pool, m_poolsize); - m_pool = nullptr; + m_pool.reset(); + // OS::free_locked_pages scrubs the memory before free + OS::free_locked_pages(m_locked_pages, m_locked_pages_size); } } diff --git a/src/lib/utils/locking_allocator/locking_allocator.h b/src/lib/utils/locking_allocator/locking_allocator.h index e9299c120c..1a140f130a 100644 --- a/src/lib/utils/locking_allocator/locking_allocator.h +++ b/src/lib/utils/locking_allocator/locking_allocator.h @@ -10,10 +10,12 @@ #include #include -#include +#include namespace Botan { +class Memory_Pool; + class BOTAN_PUBLIC_API(2,0) mlock_allocator final { public: @@ -32,10 +34,9 @@ class BOTAN_PUBLIC_API(2,0) mlock_allocator final ~mlock_allocator(); - mutex_type m_mutex; - std::vector> m_freelist; - uint8_t* m_pool = nullptr; - size_t m_poolsize = 0; + std::unique_ptr m_pool; + uint8_t* m_locked_pages = nullptr; + size_t m_locked_pages_size = 0; }; } diff --git a/src/lib/utils/mem_pool/info.txt b/src/lib/utils/mem_pool/info.txt new file mode 100644 index 0000000000..a8a5a53e1b --- /dev/null +++ b/src/lib/utils/mem_pool/info.txt @@ -0,0 +1,7 @@ + +MEM_POOL -> 20180309 + + + +mem_pool.h + diff --git a/src/lib/utils/mem_pool/mem_pool.cpp b/src/lib/utils/mem_pool/mem_pool.cpp new file mode 100644 index 0000000000..d253433838 --- /dev/null +++ b/src/lib/utils/mem_pool/mem_pool.cpp @@ -0,0 +1,190 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include +#include +#include + +namespace Botan { + +namespace { + +inline bool ptr_in_pool(const void* pool_ptr, size_t poolsize, + const void* buf_ptr, size_t bufsize) + { + const uintptr_t pool = reinterpret_cast(pool_ptr); + const uintptr_t buf = reinterpret_cast(buf_ptr); + return (buf >= pool) && (buf + bufsize <= pool + poolsize); + } + +inline size_t padding_for_alignment(size_t n, size_t alignment) + { + const size_t mod = n % alignment; + if(mod == 0) + return 0; + return alignment - mod; + } + +} + +Memory_Pool::Memory_Pool(uint8_t* pool, + size_t pool_size, + size_t page_size, + size_t min_alloc, + size_t max_alloc, + uint8_t align_bit) : + m_page_size(page_size), + m_min_alloc(min_alloc), + m_max_alloc(max_alloc), + m_align_bit(align_bit) + { + if(pool == nullptr) + throw Invalid_Argument("Memory_Pool pool was null"); + + if(m_min_alloc > m_max_alloc) + throw Invalid_Argument("Memory_Pool min_alloc > max_alloc"); + + if(m_align_bit > 6) + throw Invalid_Argument("Memory_Pool invalid align_bit"); + + // This is basically just to verify that the range is valid + clear_mem(pool, pool_size); + + m_pool = pool; + m_pool_size = pool_size; + m_freelist.push_back(std::make_pair(0, m_pool_size)); + } + +void* Memory_Pool::allocate(size_t req) + { + const size_t alignment = (1 << m_align_bit); + + if(req > m_pool_size) + return nullptr; + if(req < m_min_alloc || req > m_max_alloc) + return nullptr; + + lock_guard_type lock(m_mutex); + + auto best_fit = m_freelist.end(); + + for(auto i = m_freelist.begin(); i != m_freelist.end(); ++i) + { + // If we have a perfect fit, use it immediately + if(i->second == req && (i->first % alignment) == 0) + { + const size_t offset = i->first; + m_freelist.erase(i); + clear_mem(m_pool + offset, req); + + BOTAN_ASSERT((reinterpret_cast(m_pool) + offset) % alignment == 0, + "Returning correctly aligned pointer"); + + return m_pool + offset; + } + + + if(((best_fit == m_freelist.end()) || (best_fit->second > i->second)) && + (i->second >= (req + padding_for_alignment(i->first, alignment)))) + { + best_fit = i; + } + } + + if(best_fit != m_freelist.end()) + { + const size_t offset = best_fit->first; + + const size_t alignment_padding = padding_for_alignment(offset, alignment); + + best_fit->first += req + alignment_padding; + best_fit->second -= req + alignment_padding; + + // Need to realign, split the block + if(alignment_padding) + { + /* + If we used the entire block except for small piece used for + alignment at the beginning, so just update the entry already + in place (as it is in the correct location), rather than + deleting the empty range and inserting the new one in the + same location. + */ + if(best_fit->second == 0) + { + best_fit->first = offset; + best_fit->second = alignment_padding; + } + else + m_freelist.insert(best_fit, std::make_pair(offset, alignment_padding)); + } + + clear_mem(m_pool + offset + alignment_padding, req); + + BOTAN_ASSERT((reinterpret_cast(m_pool) + offset + alignment_padding) % alignment == 0, + "Returning correctly aligned pointer"); + + return m_pool + offset + alignment_padding; + } + + return nullptr; + } + +bool Memory_Pool::deallocate(void* p, size_t n) BOTAN_NOEXCEPT + { + if(!ptr_in_pool(m_pool, m_pool_size, p, n)) + return false; + + std::memset(p, 0, n); + + lock_guard_type lock(m_mutex); + + const size_t start = static_cast(p) - m_pool; + + auto comp = [](std::pair x, std::pair y){ return x.first < y.first; }; + + auto i = std::lower_bound(m_freelist.begin(), m_freelist.end(), + std::make_pair(start, 0), comp); + + // try to merge with later block + if(i != m_freelist.end() && start + n == i->first) + { + i->first = start; + i->second += n; + n = 0; + } + + // try to merge with previous block + if(i != m_freelist.begin()) + { + auto prev = std::prev(i); + + if(prev->first + prev->second == start) + { + if(n) + { + prev->second += n; + n = 0; + } + else + { + // merge adjoining + prev->second += i->second; + m_freelist.erase(i); + } + } + } + + if(n != 0) // no merge possible? + m_freelist.insert(i, std::make_pair(start, n)); + + return true; + } + +} diff --git a/src/lib/utils/mem_pool/mem_pool.h b/src/lib/utils/mem_pool/mem_pool.h new file mode 100644 index 0000000000..4189638648 --- /dev/null +++ b/src/lib/utils/mem_pool/mem_pool.h @@ -0,0 +1,60 @@ +/* +* (C) 2018 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_MEM_POOL_H_ +#define BOTAN_MEM_POOL_H_ + +#include +#include +#include + +namespace Botan { + +class Memory_Pool final + { + public: + /** + * Initialize a memory pool. The memory is not owned by *this, + * it must be freed by the caller. + * @param pool the pool + * @param pool_size size of pool + * @param page_size some nominal page size (does not need to match + * the system page size) + * @param min_allocation return null for allocs for smaller amounts + * @param max_allocation return null for allocs of larger amounts + * @param align_bit align all returned memory to (1<> m_freelist; + uint8_t* m_pool = nullptr; + size_t m_pool_size = 0; + }; + +} + +#endif From 0f871cb0f77cf0113a2f1598007fa9a76f5ece6c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 10:08:50 -0500 Subject: [PATCH 0818/1008] Fix cpu clock ratio [ci skip] --- src/cli/speed.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index e331354c95..a991633e78 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -700,6 +700,8 @@ class Speed final : public Command if(m_clock_cycle_ratio < 0.0 || m_clock_cycle_ratio > 1.0) throw CLI_Usage_Error("Unlikely CPU clock ratio of " + clock_ratio); + m_clock_cycle_ratio = 1.0 / m_clock_cycle_ratio; + if(m_clock_speed != 0 && Botan::OS::get_processor_timestamp() != 0) { error_output() << "The --cpu-clock-speed option is only intended to be used on " From 3ecffa3916ec6a0c72a0b2eaa580de05eb4474f7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 10:36:17 -0500 Subject: [PATCH 0819/1008] Don't default to PSS signatures Breaks with anything but RSA keys GH #1480 --- src/cli/x509.cpp | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index 9a059d7990..021316d786 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -46,6 +46,8 @@ class Sign_Cert final : public Command Botan::X509_Certificate ca_cert(get_arg("ca_cert")); std::unique_ptr key; const std::string pass = get_arg("ca-key-pass"); + const std::string emsa = get_arg("emsa"); + const std::string hash = get_arg("hash"); if(!pass.empty()) { @@ -61,8 +63,11 @@ class Sign_Cert final : public Command throw CLI_Error("Failed to load key from " + get_arg("ca_key")); } - Botan::X509_CA ca(ca_cert, *key, - {{"padding",get_arg_or("emsa", "EMSA4")}}, get_arg("hash"), rng()); + std::map options; + if(emsa.empty() == false) + options["padding"] = emsa; + + Botan::X509_CA ca(ca_cert, *key, options, hash, rng()); Botan::PKCS10_Request req(get_arg("pkcs10_req")); @@ -255,7 +260,11 @@ class Gen_Self_Signed final : public Command opts.organization = get_arg("organization"); opts.email = get_arg("email"); opts.dns = get_arg("dns"); - opts.set_padding_scheme(get_arg_or("emsa", "EMSA4")); + + std::string emsa = get_arg("emsa"); + + if(emsa.empty() == false) + opts.set_padding_scheme(emsa); if(flag_set("ca")) { @@ -302,7 +311,11 @@ class Generate_PKCS10 final : public Command opts.country = get_arg("country"); opts.organization = get_arg("organization"); opts.email = get_arg("email"); - opts.set_padding_scheme(get_arg_or("emsa", "EMSA4")); + + std::string emsa = get_arg("emsa"); + + if(emsa.empty() == false) + opts.set_padding_scheme(emsa); Botan::PKCS10_Request req = Botan::X509::create_cert_req(opts, *key, get_arg("hash"), rng()); From acecc97cbe1feead8c437b2fd49b80065d7cbe41 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 9 Mar 2018 17:48:31 -0500 Subject: [PATCH 0820/1008] Fix header for getentropy on macOS Re #1481 --- src/lib/entropy/getentropy/getentropy.cpp | 6 +++++- src/scripts/ci_build.py | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/entropy/getentropy/getentropy.cpp b/src/lib/entropy/getentropy/getentropy.cpp index e578a4ed59..15bd8abe87 100644 --- a/src/lib/entropy/getentropy/getentropy.cpp +++ b/src/lib/entropy/getentropy/getentropy.cpp @@ -7,7 +7,11 @@ #include -#include +#if defined(BOTAN_TARGET_OS_IS_DARWIN) + #include +#else + #include +#endif namespace Botan { diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index dfb65d629f..5560ced51f 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -170,6 +170,8 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro if target_os == 'osx': # Test Boost on OS X flags += ['--with-boost'] + # Travis has 10.12 as default image + flags += ['--with-os-features=getentropy'] elif target_os == 'linux': flags += ['--with-lzma'] From e0c2aeb7f331182d055a737da7cef3ffe8545c7b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 10:26:31 -0500 Subject: [PATCH 0821/1008] Add missing overrides [ci skip] --- src/lib/misc/fpe_fe1/fpe_fe1.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h index 5d8ea9d372..8f987fd654 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.h +++ b/src/lib/misc/fpe_fe1/fpe_fe1.h @@ -27,9 +27,9 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm Key_Length_Specification key_spec() const override; - std::string name() const; + std::string name() const override; - void clear(); + void clear() override; BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; From 30de6dc7179ca21e3cbca55b48b23bcac0f45f25 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 09:46:30 -0500 Subject: [PATCH 0822/1008] Lookup EC curves via name instead of OID --- src/tests/unit_ecdsa.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 081b686e6e..5880bda592 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -122,7 +122,7 @@ Test::Result test_sign_then_ver() { Test::Result result("ECDSA Unit"); - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars); Botan::PK_Signer signer(ecdsa, Test::rng(), "EMSA1(SHA-256)"); @@ -145,7 +145,7 @@ Test::Result test_ec_sign() try { - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::ECDSA_PrivateKey priv_key(Test::rng(), dom_pars); Botan::PK_Signer signer(priv_key, Test::rng(), "EMSA1(SHA-224)"); Botan::PK_Verifier verifier(priv_key, "EMSA1(SHA-224)"); @@ -199,7 +199,7 @@ Test::Result test_ecdsa_create_save_load() try { - Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); + Botan::EC_Group dom_pars("secp160r1"); Botan::ECDSA_PrivateKey key(Test::rng(), dom_pars); Botan::PK_Signer signer(key, Test::rng(), "EMSA1(SHA-256)"); From ea0f46dfcab59938fc863ca8d01552392c3c5a34 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 09:46:52 -0500 Subject: [PATCH 0823/1008] Default to encoding ECC public keys as uncompressed. GH #1480 --- src/lib/pubkey/ecc_key/ecc_key.cpp | 13 ++++++++++++- src/lib/pubkey/ecc_key/ecc_key.h | 14 ++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 4b591ff568..07122964eb 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -68,7 +68,18 @@ AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const std::vector EC_PublicKey::public_key_bits() const { - return unlock(EC2OSP(public_point(), PointGFp::COMPRESSED)); + //return public_point().encode(point_format()); + return unlock(EC2OSP(public_point(), point_format())); + } + +void EC_PublicKey::set_point_encoding(PointGFp::Compression_Type enc) + { + if(enc != PointGFp::COMPRESSED && + enc != PointGFp::UNCOMPRESSED && + enc != PointGFp::HYBRID) + throw Invalid_Argument("Invalid point encoding for EC_PublicKey"); + + m_point_encoding = enc; } void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index 427be56ef8..4e4e623b22 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -77,6 +77,12 @@ class BOTAN_PUBLIC_API(2,0) EC_PublicKey : public virtual Public_Key */ void set_parameter_encoding(EC_Group_Encoding enc); + /** + * Set the point encoding method to be used when encoding this key. + * @param enc the encoding to use + */ + void set_point_encoding(PointGFp::Compression_Type enc); + /** * Return the DER encoding of this keys domain in whatever format * is preset for this particular key @@ -91,6 +97,13 @@ class BOTAN_PUBLIC_API(2,0) EC_PublicKey : public virtual Public_Key EC_Group_Encoding domain_format() const { return m_domain_encoding; } + /** + * Get the point encoding method to be used when encoding this key. + * @result the encoding to use + */ + PointGFp::Compression_Type point_format() const + { return m_point_encoding; } + size_t key_length() const override; size_t estimated_strength() const override; @@ -101,6 +114,7 @@ class BOTAN_PUBLIC_API(2,0) EC_PublicKey : public virtual Public_Key EC_Group m_domain_params; PointGFp m_public_key; EC_Group_Encoding m_domain_encoding; + PointGFp::Compression_Type m_point_encoding = PointGFp::UNCOMPRESSED; }; /** From 9141f982c7679a27a265a84ba34d9695017883c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 10:24:25 -0500 Subject: [PATCH 0824/1008] Add PointGFp::encode as replacement for EC2OSP Literally every single call to EC2OSP is converting the returned secure_vector to a std::vector. Which makes sense since private points are not really a thing in any protocol I know of. --- src/cli/speed.cpp | 4 +-- src/lib/prov/bearssl/bearssl_ec.cpp | 4 +-- src/lib/prov/openssl/openssl_ec.cpp | 4 +-- src/lib/prov/pkcs11/p11_ecc_key.cpp | 2 +- src/lib/prov/pkcs11/p11_ecdh.h | 2 +- src/lib/pubkey/ec_group/ec_group.cpp | 2 +- src/lib/pubkey/ec_group/point_gfp.cpp | 48 +++++++++++---------------- src/lib/pubkey/ec_group/point_gfp.h | 29 +++++++++++----- src/lib/pubkey/ecc_key/ecc_key.cpp | 3 +- src/lib/pubkey/ecdh/ecdh.h | 6 ++-- src/lib/pubkey/ecies/ecies.cpp | 5 ++- src/tests/test_ecies.cpp | 3 +- src/tests/test_pkcs11_high_level.cpp | 33 ++++++++++++------ src/tests/unit_ecc.cpp | 16 ++++----- 14 files changed, 87 insertions(+), 74 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index a991633e78..fb47581eb3 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1344,8 +1344,8 @@ class Speed final : public Command { const Botan::BigInt k(rng(), 256); const Botan::PointGFp p = group.get_base_point() * k; - const Botan::secure_vector os_cmp = Botan::EC2OSP(p, Botan::PointGFp::COMPRESSED); - const Botan::secure_vector os_uncmp = Botan::EC2OSP(p, Botan::PointGFp::UNCOMPRESSED); + const std::vector os_cmp = p.encode(Botan::PointGFp::COMPRESSED); + const std::vector os_uncmp = p.encode(Botan::PointGFp::UNCOMPRESSED); uncmp_timer->run([&]() { group.OS2ECP(os_uncmp); }); cmp_timer->run([&]() { group.OS2ECP(os_cmp); }); diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp index 29ff1b5ad9..23f5660436 100644 --- a/src/lib/prov/bearssl/bearssl_ec.cpp +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -92,7 +92,7 @@ class BearSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification if (m_hf == nullptr) throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); - m_q_buf = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); + m_q_buf = ecdsa.public_point().encode(PointGFp::UNCOMPRESSED); m_key.qlen = m_q_buf.size(); m_key.q = m_q_buf.data(); @@ -123,7 +123,7 @@ class BearSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification private: br_ec_public_key m_key; std::unique_ptr m_hf; - secure_vector m_q_buf; + std::vector m_q_buf; const br_hash_class *m_hash; size_t m_order_bits; }; diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index 90b5e2023e..c61f83d024 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -56,7 +56,7 @@ secure_vector PKCS8_for_openssl(const EC_PrivateKey& ec) .raw_bytes(ec.domain().DER_encode(EC_DOMPAR_ENC_OID)) .end_cons() .start_cons(ASN1_Tag(1), PRIVATE) - .encode(EC2OSP(pub_key, PointGFp::UNCOMPRESSED), BIT_STRING) + .encode(pub_key.encode(PointGFp::UNCOMPRESSED), BIT_STRING) .end_cons() .end_cons() .get_contents(); @@ -147,7 +147,7 @@ class OpenSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification_w if(!::EC_KEY_set_group(m_ossl_ec.get(), grp.get())) throw OpenSSL_Error("EC_KEY_set_group"); - const secure_vector enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); + const std::vector enc = ecdsa.public_point().encode(PointGFp::UNCOMPRESSED); const uint8_t* enc_ptr = enc.data(); EC_KEY* key_ptr = m_ossl_ec.get(); if(!::o2i_ECPublicKey(&key_ptr, &enc_ptr, enc.size())) diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp index d5a9a2b76c..2bcf41a2c8 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.cpp +++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp @@ -111,7 +111,7 @@ size_t PKCS11_EC_PrivateKey::key_length() const std::vector PKCS11_EC_PrivateKey::public_key_bits() const { - return unlock(EC2OSP(public_point(), PointGFp::COMPRESSED)); + return public_point().encode(PointGFp::COMPRESSED); } size_t PKCS11_EC_PrivateKey::estimated_strength() const diff --git a/src/lib/prov/pkcs11/p11_ecdh.h b/src/lib/prov/pkcs11/p11_ecdh.h index 203e5ea5f1..bbef9a3e5b 100644 --- a/src/lib/prov/pkcs11/p11_ecdh.h +++ b/src/lib/prov/pkcs11/p11_ecdh.h @@ -95,7 +95,7 @@ class BOTAN_PUBLIC_API(2,0) PKCS11_ECDH_PrivateKey final : public virtual PKCS11 inline std::vector public_value() const override { - return unlock(EC2OSP(public_point(), PointGFp::UNCOMPRESSED)); + return public_point().encode(PointGFp::UNCOMPRESSED); } /// @return the exported ECDH private key diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 5fb79c9237..ccf1969d22 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -528,7 +528,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const .encode(BigInt::encode_1363(get_b(), p_bytes), OCTET_STRING) .end_cons() - .encode(EC2OSP(get_base_point(), PointGFp::UNCOMPRESSED), OCTET_STRING) + .encode(get_base_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING) .encode(get_order()) .encode(get_cofactor()) .end_cons() diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 8f1093418d..7974f8d79b 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -618,50 +618,42 @@ bool PointGFp::operator==(const PointGFp& other) const } // encoding and decoding -secure_vector EC2OSP(const PointGFp& point, uint8_t format) +std::vector PointGFp::encode(PointGFp::Compression_Type format) const { - if(point.is_zero()) - return secure_vector(1); // single 0 byte + if(is_zero()) + return std::vector(1); // single 0 byte - const size_t p_bytes = point.get_curve().get_p().bytes(); + const size_t p_bytes = m_curve.get_p().bytes(); - BigInt x = point.get_affine_x(); - BigInt y = point.get_affine_y(); + const BigInt x = get_affine_x(); + const BigInt y = get_affine_y(); - secure_vector bX = BigInt::encode_1363(x, p_bytes); - secure_vector bY = BigInt::encode_1363(y, p_bytes); + std::vector result; if(format == PointGFp::UNCOMPRESSED) { - secure_vector result; - result.push_back(0x04); - - result += bX; - result += bY; - - return result; + result.resize(1 + 2*p_bytes); + result[0] = 0x04; + BigInt::encode_1363(&result[1], p_bytes, x); + BigInt::encode_1363(&result[1+p_bytes], p_bytes, y); } else if(format == PointGFp::COMPRESSED) { - secure_vector result; - result.push_back(0x02 | static_cast(y.get_bit(0))); - - result += bX; - - return result; + result.resize(1 + p_bytes); + result[0] = 0x02 | static_cast(y.get_bit(0)); + BigInt::encode_1363(&result[1], p_bytes, x); } else if(format == PointGFp::HYBRID) { - secure_vector result; - result.push_back(0x06 | static_cast(y.get_bit(0))); - - result += bX; - result += bY; - - return result; + result.resize(1 + 2*p_bytes); + result[0] = 0x06 | static_cast(y.get_bit(0)); + BigInt::encode_1363(&result[1], p_bytes, x); + BigInt::encode_1363(&result[1+p_bytes], p_bytes, y); } else throw Invalid_Argument("EC2OSP illegal point encoding"); + + return result; } namespace { diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index 6f2e34f27c..81e34c6346 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -98,6 +98,12 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y); + /** + * EC2OSP - elliptic curve to octet string primitive + * @param format which format to encode using + */ + std::vector encode(PointGFp::Compression_Type format) const; + /** * += Operator * @param rhs the PointGFp to add to the local value @@ -130,12 +136,6 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final return *this; } - /** - * Return base curve of this point - * @result the curve over GF(p) of this point - */ - const CurveGFp& get_curve() const { return m_curve; } - /** * get affine x coordinate * @result affine x coordinate @@ -199,7 +199,7 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final /** * Point addition - mixed J+A - * @param other affine point to add + * @param other affine point to add - assumed to be affine! * @param workspace temp space, at least WORKSPACE_SIZE elements */ void add_affine(const PointGFp& other, std::vector& workspace); @@ -226,6 +226,14 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ PointGFp zero() const { return PointGFp(m_curve); } + /** + * Return base curve of this point + * @result the curve over GF(p) of this point + * + * You should not need to use this + */ + const CurveGFp& get_curve() const { return m_curve; } + private: CurveGFp m_curve; BigInt m_coord_x, m_coord_y, m_coord_z; @@ -281,7 +289,12 @@ inline PointGFp operator*(const PointGFp& point, const BigInt& scalar) } // encoding and decoding -secure_vector BOTAN_PUBLIC_API(2,0) EC2OSP(const PointGFp& point, uint8_t format); +inline secure_vector BOTAN_DEPRECATED("Use PointGFp::encode") + EC2OSP(const PointGFp& point, uint8_t format) + { + std::vector enc = point.encode(static_cast(format)); + return secure_vector(enc.begin(), enc.end()); + } PointGFp BOTAN_PUBLIC_API(2,0) OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp& curve); diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 07122964eb..5f752fe5be 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -68,8 +68,7 @@ AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const std::vector EC_PublicKey::public_key_bits() const { - //return public_point().encode(point_format()); - return unlock(EC2OSP(public_point(), point_format())); + return public_point().encode(point_format()); } void EC_PublicKey::set_point_encoding(PointGFp::Compression_Type enc) diff --git a/src/lib/pubkey/ecdh/ecdh.h b/src/lib/pubkey/ecdh/ecdh.h index d967c749fe..f88955ac40 100644 --- a/src/lib/pubkey/ecdh/ecdh.h +++ b/src/lib/pubkey/ecdh/ecdh.h @@ -48,13 +48,13 @@ class BOTAN_PUBLIC_API(2,0) ECDH_PublicKey : public virtual EC_PublicKey * @return public point value */ std::vector public_value() const - { return unlock(EC2OSP(public_point(), PointGFp::UNCOMPRESSED)); } + { return public_point().encode(PointGFp::UNCOMPRESSED); } /** * @return public point value */ - std::vector public_value(PointGFp::Compression_Type type) const - { return unlock(EC2OSP(public_point(), static_cast(type))); } + std::vector public_value(PointGFp::Compression_Type format) const + { return public_point().encode(format); } protected: ECDH_PublicKey() = default; diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 06d5cfeee7..8bc4e2600d 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -168,7 +168,7 @@ SymmetricKey ECIES_KA_Operation::derive_secret(const std::vector& eph_p } // ISO 18033: encryption step f / decryption step h - secure_vector other_public_key_bin = EC2OSP(other_point, static_cast(m_params.compression_type())); + std::vector other_public_key_bin = other_point.encode(m_params.compression_type()); // Note: the argument `m_params.secret_length()` passed for `key_len` will only be used by providers because // "Raw" is passed to the `PK_Key_Agreement` if the implementation of botan is used. const SymmetricKey peh = m_ka.derive_key(m_params.domain().get_order().bytes(), other_public_key_bin.data(), other_public_key_bin.size()); @@ -247,8 +247,7 @@ ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, { // ISO 18033: step d // convert only if necessary; m_eph_public_key_bin has been initialized with the uncompressed format - m_eph_public_key_bin = unlock(EC2OSP(m_params.domain().OS2ECP(m_eph_public_key_bin), - static_cast(ecies_params.compression_type()))); + m_eph_public_key_bin = m_params.domain().OS2ECP(m_eph_public_key_bin).encode(ecies_params.compression_type()); } } diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp index 2ce931bae3..911d0c3a39 100644 --- a/src/tests/test_ecies.cpp +++ b/src/tests/test_ecies.cpp @@ -137,8 +137,7 @@ class ECIES_ISO_Tests final : public Text_Based_Test // (ephemeral) keys of alice const Botan::ECDH_PrivateKey eph_private_key(Test::rng(), domain, r); const Botan::PointGFp eph_public_key_point = eph_private_key.public_point(); - const std::vector eph_public_key_bin = Botan::unlock( - Botan::EC2OSP(eph_public_key_point, compression_type)); + const std::vector eph_public_key_bin = eph_public_key_point.encode(compression_type); result.test_eq("encoded (ephemeral) public key", eph_public_key_bin, c0); // test secret derivation: ISO 18033 test vectors use KDF1 from ISO 18033 diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index e89715189b..b8ed97a546 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -980,9 +980,12 @@ Test::Result test_ecdsa_pubkey_import() ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); + const std::vector enc_point = DER_Encoder().encode( + priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). + get_contents_unlocked(); + // import to card - EC_PublicKeyImportProperties props(priv_key.DER_domain(), DER_Encoder().encode(EC2OSP(priv_key.public_point(), - PointGFp::UNCOMPRESSED), OCTET_STRING).get_contents_unlocked()); + EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); props.set_token(true); props.set_verify(true); props.set_private(false); @@ -1008,9 +1011,12 @@ Test::Result test_ecdsa_pubkey_export() ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); + const std::vector enc_point = DER_Encoder().encode( + priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). + get_contents_unlocked(); + // import to card - EC_PublicKeyImportProperties props(priv_key.DER_domain(), DER_Encoder().encode(EC2OSP(priv_key.public_point(), - PointGFp::UNCOMPRESSED), OCTET_STRING).get_contents_unlocked()); + EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); props.set_token(true); props.set_verify(true); props.set_private(false); @@ -1216,9 +1222,12 @@ Test::Result test_ecdh_pubkey_import() ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); + const std::vector enc_point = DER_Encoder().encode( + priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). + get_contents_unlocked(); + // import to card - EC_PublicKeyImportProperties props(priv_key.DER_domain(), DER_Encoder().encode(EC2OSP(priv_key.public_point(), - PointGFp::UNCOMPRESSED), OCTET_STRING).get_contents_unlocked()); + EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); props.set_token(true); props.set_private(false); props.set_derive(true); @@ -1244,9 +1253,12 @@ Test::Result test_ecdh_pubkey_export() ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); + const std::vector enc_point = DER_Encoder().encode( + priv_key.public_point().encode(PointGFp::UNCOMPRESSED), OCTET_STRING). + get_contents_unlocked(); + // import to card - EC_PublicKeyImportProperties props(priv_key.DER_domain(), DER_Encoder().encode(EC2OSP(priv_key.public_point(), - PointGFp::UNCOMPRESSED), OCTET_STRING).get_contents_unlocked()); + EC_PublicKeyImportProperties props(priv_key.DER_domain(), enc_point); props.set_token(true); props.set_derive(true); props.set_private(false); @@ -1332,9 +1344,8 @@ Test::Result test_ecdh_derive() Botan::PK_Key_Agreement ka(keypair.second, Test::rng(), "Raw"); Botan::PK_Key_Agreement kb(keypair2.second, Test::rng(), "Raw"); - Botan::SymmetricKey alice_key = ka.derive_key(32, unlock(EC2OSP(keypair2.first.public_point(), - PointGFp::UNCOMPRESSED))); - Botan::SymmetricKey bob_key = kb.derive_key(32, unlock(EC2OSP(keypair.first.public_point(), PointGFp::UNCOMPRESSED))); + Botan::SymmetricKey alice_key = ka.derive_key(32, keypair2.first.public_point().encode(PointGFp::UNCOMPRESSED)); + Botan::SymmetricKey bob_key = kb.derive_key(32, keypair.first.public_point().encode(PointGFp::UNCOMPRESSED)); bool eq = alice_key == bob_key; result.test_eq("same secret key derived", eq, true); diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index cbff3ff4fb..f3a1634352 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -429,13 +429,13 @@ Test::Result test_zeropoint_enc_dec() Botan::PointGFp p = secp160r1.zero_point(); result.confirm("zero point is zero", p.is_zero()); - std::vector sv_p = unlock(EC2OSP(p, Botan::PointGFp::UNCOMPRESSED)); + std::vector sv_p = p.encode(Botan::PointGFp::UNCOMPRESSED); result.test_eq("encoded/decode rt works", secp160r1.OS2ECP(sv_p), p); - sv_p = unlock(EC2OSP(p, Botan::PointGFp::COMPRESSED)); + sv_p = p.encode(Botan::PointGFp::COMPRESSED); result.test_eq("encoded/decode compressed rt works", secp160r1.OS2ECP(sv_p), p); - sv_p = unlock(EC2OSP(p, Botan::PointGFp::HYBRID)); + sv_p = p.encode(Botan::PointGFp::HYBRID); result.test_eq("encoded/decode hybrid rt works", secp160r1.OS2ECP(sv_p), p); return result; } @@ -572,7 +572,7 @@ Test::Result test_enc_dec_compressed_160() const Botan::PointGFp p = secp160r1.OS2ECP(G_comp); - std::vector sv_result = unlock(Botan::EC2OSP(p, Botan::PointGFp::COMPRESSED)); + std::vector sv_result = p.encode(Botan::PointGFp::COMPRESSED); result.test_eq("result", sv_result, G_comp); return result; @@ -588,7 +588,7 @@ Test::Result test_enc_dec_compressed_256() const std::vector sv_G_secp_comp = Botan::hex_decode(G_secp_comp); Botan::PointGFp p_G = group.OS2ECP(sv_G_secp_comp); - std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::COMPRESSED)); + std::vector sv_result = p_G.encode(Botan::PointGFp::COMPRESSED); result.test_eq("compressed_256", sv_result, sv_G_secp_comp); return result; @@ -619,7 +619,7 @@ Test::Result test_enc_dec_uncompressed_112() const std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); Botan::PointGFp p_G = group.OS2ECP(sv_G_secp_uncomp); - std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::UNCOMPRESSED)); + std::vector sv_result = p_G.encode(Botan::PointGFp::UNCOMPRESSED); result.test_eq("uncompressed_112", sv_result, sv_G_secp_uncomp); return result; @@ -640,7 +640,7 @@ Test::Result test_enc_dec_uncompressed_521() Botan::PointGFp p_G = group.OS2ECP(sv_G_secp_uncomp); - std::vector sv_result = unlock(EC2OSP(p_G, Botan::PointGFp::UNCOMPRESSED)); + std::vector sv_result = p_G.encode(Botan::PointGFp::UNCOMPRESSED); result.test_eq("expected", sv_result, sv_G_secp_uncomp); return result; @@ -654,7 +654,7 @@ Test::Result test_gfp_store_restore() Botan::EC_Group dom_pars("secp160r1"); Botan::PointGFp p = dom_pars.get_base_point(); - std::vector sv_mes = unlock(EC2OSP(p, Botan::PointGFp::COMPRESSED)); + std::vector sv_mes = p.encode(Botan::PointGFp::COMPRESSED); Botan::PointGFp new_p = dom_pars.OS2ECP(sv_mes); result.test_eq("original and restored points are same", p, new_p); From a6bc9cee3d154982b13990083a7ee3fcad5a31a3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 10:27:07 -0500 Subject: [PATCH 0825/1008] Update news --- news.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/news.rst b/news.rst index f958c72d0f..df99382d1f 100644 --- a/news.rst +++ b/news.rst @@ -26,6 +26,11 @@ Version 2.5.0, Not Yet Released * Add support for POWER8 AES instructions (GH #1459 #1393 #1206) +* The default encoding of ECC public keys has changed from compressed + to uncompressed point representation. This improves compatability with + some common software packages including Golang's standard library. + (GH #1480) + * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454) From 74bb4187ba262e2c778218ca75ad9e21014fbdaf Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 11:26:23 -0500 Subject: [PATCH 0826/1008] Rename point_format to point_encoding Matches setter --- src/lib/pubkey/ecc_key/ecc_key.cpp | 2 +- src/lib/pubkey/ecc_key/ecc_key.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 5f752fe5be..7b00d32092 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -68,7 +68,7 @@ AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const std::vector EC_PublicKey::public_key_bits() const { - return public_point().encode(point_format()); + return public_point().encode(point_encoding()); } void EC_PublicKey::set_point_encoding(PointGFp::Compression_Type enc) diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index 4e4e623b22..ec2b5f9be3 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -101,7 +101,7 @@ class BOTAN_PUBLIC_API(2,0) EC_PublicKey : public virtual Public_Key * Get the point encoding method to be used when encoding this key. * @result the encoding to use */ - PointGFp::Compression_Type point_format() const + PointGFp::Compression_Type point_encoding() const { return m_point_encoding; } size_t key_length() const override; From f17a41e2dcb2f0f1330b48b2c45b501d13328afd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 11:26:48 -0500 Subject: [PATCH 0827/1008] Add a test of ECC encoding options --- src/tests/unit_ecdsa.cpp | 47 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 5880bda592..f91c1b3456 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -262,6 +262,52 @@ Test::Result test_unusual_curve() return result; } +Test::Result test_encoding_options() + { + Test::Result result("ECDSA Unit"); + + Botan::EC_Group group("secp256r1"); + Botan::ECDSA_PrivateKey key(Test::rng(), group); + + result.confirm("Default encoding is uncompressed", + key.point_encoding() == Botan::PointGFp::UNCOMPRESSED); + + const std::vector enc_uncompressed = key.public_key_bits(); + + key.set_point_encoding(Botan::PointGFp::COMPRESSED); + + result.confirm("set_point_encoding works", + key.point_encoding() == Botan::PointGFp::COMPRESSED); + + const std::vector enc_compressed = key.public_key_bits(); + + result.test_lt("Comprssed points are smaller", + enc_compressed.size(), enc_uncompressed.size()); + + size_t size_diff = enc_uncompressed.size() - enc_compressed.size(); + + result.test_gte("Compressed points smaller by group size", + size_diff, 32); + + key.set_point_encoding(Botan::PointGFp::HYBRID); + + result.confirm("set_point_encoding works", + key.point_encoding() == Botan::PointGFp::HYBRID); + + const std::vector enc_hybrid = key.public_key_bits(); + + result.test_eq("Hybrid point same size as uncompressed", + enc_uncompressed.size(), enc_hybrid.size()); + + auto invalid_format = static_cast(99); + + result.test_throws("Invalid point format throws", + "Invalid argument Invalid point encoding for EC_PublicKey", + [&] { key.set_point_encoding(invalid_format); }); + + return result; + } + #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) Test::Result test_read_pkcs8() @@ -435,6 +481,7 @@ class ECDSA_Unit_Tests final : public Test results.push_back(test_ecdsa_create_save_load()); results.push_back(test_unusual_curve()); results.push_back(test_curve_registry()); + results.push_back(test_encoding_options()); return results; } }; From 6ae002ebd3a5f648860e932604b6e63ca7201011 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 11:32:42 -0500 Subject: [PATCH 0828/1008] Avoid warning in threefish.h Causes a warning in amalgamation which is bad news --- src/lib/block/threefish_512/threefish.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/lib/block/threefish_512/threefish.h b/src/lib/block/threefish_512/threefish.h index 2c2a2750f4..6b21e9fdd6 100644 --- a/src/lib/block/threefish_512/threefish.h +++ b/src/lib/block/threefish_512/threefish.h @@ -8,12 +8,6 @@ #ifndef BOTAN_THREEFISH_H_ #define BOTAN_THREEFISH_H_ -#if defined(__GNUC__) - #warning "botan/threefish.h is deprecated" -#elif defined(_MSC_VER) - #pragma message ("botan/threefish.h is deprecated") -#endif - #include #endif From c8dd2559c28e7499d809c90b1f71e8f691d72150 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 11:33:25 -0500 Subject: [PATCH 0829/1008] Revert "Use move to avoid needless some needless copies" This reverts commit 5185c2aaa8bf9556556e4507869042a71eaba6c0. Clang says warning: moving a temporary object prevents copy elision [-Wpessimizing-move] --- src/lib/pubkey/ec_group/point_gfp.cpp | 32 +++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 8f1093418d..c71a6cffe8 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -375,22 +375,22 @@ PointGFp multi_exponentiate(const PointGFp& x, const BigInt& z1, const PointGFp y3(y2.plus(y, ws)); const PointGFp M[16] = { - x.zero(), // 0000 - x, // 0001 - x2, // 0010 - x3, // 0011 - y, // 0100 - std::move(y.plus(x, ws)), // 0101 - std::move(y.plus(x2, ws)), // 0110 - std::move(y.plus(x3, ws)), // 0111 - y2, // 1000 - std::move(y2.plus(x, ws)), // 1001 - std::move(y2.plus(x2, ws)), // 1010 - std::move(y2.plus(x3, ws)), // 1011 - y3, // 1100 - std::move(y3.plus(x, ws)), // 1101 - std::move(y3.plus(x2, ws)), // 1110 - std::move(y3.plus(x3, ws)), // 1111 + x.zero(), // 0000 + x, // 0001 + x2, // 0010 + x3, // 0011 + y, // 0100 + y.plus(x, ws), // 0101 + y.plus(x2, ws), // 0110 + y.plus(x3, ws), // 0111 + y2, // 1000 + y2.plus(x, ws), // 1001 + y2.plus(x2, ws), // 1010 + y2.plus(x3, ws), // 1011 + y3, // 1100 + y3.plus(x, ws), // 1101 + y3.plus(x2, ws), // 1110 + y3.plus(x3, ws), // 1111 }; PointGFp H = x.zero(); From 336e62209ea12222f3bd800132282ef757371517 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 12:22:26 -0500 Subject: [PATCH 0830/1008] Add some helper functions for checking for Comba sizes --- src/lib/math/mp/mp_karat.cpp | 42 +++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 6cf41503d1..6fb2176687 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -248,6 +248,23 @@ size_t karatsuba_size(size_t z_size, size_t x_size, size_t x_sw) return 0; } +template +inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, + size_t y_sw, size_t y_size, + size_t z_size) + { + return (x_sw <= SZ && x_size >= SZ && + y_sw <= SZ && y_size >= SZ && + z_size >= 2*SZ); + } + +template +inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, + size_t z_size) + { + return (x_sw <= SZ && x_size >= SZ && z_size >= 2*SZ); + } + } void bigint_mul(word z[], size_t z_size, @@ -265,28 +282,23 @@ void bigint_mul(word z[], size_t z_size, { bigint_linmul3(z, x, x_sw, y[0]); } - else if(x_sw <= 4 && x_size >= 4 && - y_sw <= 4 && y_size >= 4 && z_size >= 8) + else if(sized_for_comba_mul<4>(x_sw, x_size, y_sw, y_size, z_size)) { bigint_comba_mul4(z, x, y); } - else if(x_sw <= 6 && x_size >= 6 && - y_sw <= 6 && y_size >= 6 && z_size >= 12) + else if(sized_for_comba_mul<6>(x_sw, x_size, y_sw, y_size, z_size)) { bigint_comba_mul6(z, x, y); } - else if(x_sw <= 8 && x_size >= 8 && - y_sw <= 8 && y_size >= 8 && z_size >= 16) + else if(sized_for_comba_mul<8>(x_sw, x_size, y_sw, y_size, z_size)) { bigint_comba_mul8(z, x, y); } - else if(x_sw <= 9 && x_size >= 9 && - y_sw <= 9 && y_size >= 9 && z_size >= 18) + else if(sized_for_comba_mul<9>(x_sw, x_size, y_sw, y_size, z_size)) { bigint_comba_mul9(z, x, y); } - else if(x_sw <= 16 && x_size >= 16 && - y_sw <= 16 && y_size >= 16 && z_size >= 32) + else if(sized_for_comba_mul<16>(x_sw, x_size, y_sw, y_size, z_size)) { bigint_comba_mul16(z, x, y); } @@ -320,23 +332,23 @@ void bigint_sqr(word z[], size_t z_size, { bigint_linmul3(z, x, x_sw, x[0]); } - else if(x_sw <= 4 && x_size >= 4 && z_size >= 8) + else if(sized_for_comba_sqr<4>(x_sw, x_size, z_size)) { bigint_comba_sqr4(z, x); } - else if(x_sw <= 6 && x_size >= 6 && z_size >= 12) + else if(sized_for_comba_sqr<6>(x_sw, x_size, z_size)) { bigint_comba_sqr6(z, x); } - else if(x_sw <= 8 && x_size >= 8 && z_size >= 16) + else if(sized_for_comba_sqr<8>(x_sw, x_size, z_size)) { bigint_comba_sqr8(z, x); } - else if(x_sw <= 9 && x_size >= 9 && z_size >= 18) + else if(sized_for_comba_sqr<9>(x_sw, x_size, z_size)) { bigint_comba_sqr9(z, x); } - else if(x_sw <= 16 && x_size >= 16 && z_size >= 32) + else if(sized_for_comba_sqr<16>(x_sw, x_size, z_size)) { bigint_comba_sqr16(z, x); } From 6ca68bf12fb255eaf10e0b5078c74ccd7872ba76 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 12:23:56 -0500 Subject: [PATCH 0831/1008] Update news --- news.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news.rst b/news.rst index df99382d1f..b3a9ac4d14 100644 --- a/news.rst +++ b/news.rst @@ -29,7 +29,7 @@ Version 2.5.0, Not Yet Released * The default encoding of ECC public keys has changed from compressed to uncompressed point representation. This improves compatability with some common software packages including Golang's standard library. - (GH #1480) + (GH #1480 #1483) * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values From 01af2e317638bf5515717ad389618fbd9ee0512e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 13:08:49 -0500 Subject: [PATCH 0832/1008] Readme tweaks --- readme.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.rst b/readme.rst index 7997d0a48b..3fcbcf074c 100644 --- a/readme.rst +++ b/readme.rst @@ -68,7 +68,7 @@ external build systems, see the manual for details. :target: https://codecov.io/github/randombit/botan :alt: Code coverage report -.. image:: https://sonarcloud.io/api/badges/gate?key=botan +.. image:: https://sonarcloud.io/api/project_badges/measure?project=botan&metric=ncloc :target: https://sonarcloud.io/dashboard/index/botan :alt: Sonarcloud analysis @@ -182,7 +182,7 @@ Other Useful Things * HOTP and TOTP algorithms * Format preserving encryption scheme FE1 * Threshold secret sharing -* RFC 3394 AES key wrap +* NIST key wrapping Recommended Algorithms ---------------------------------------- From 920001cae022190bc86ec818ab4af0ac7513777c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 13:40:43 -0500 Subject: [PATCH 0833/1008] Reduce exponent size here Triggers for RSA exponents which improves RSA verify time by ~10% --- src/lib/math/numbertheory/pow_mod.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/math/numbertheory/pow_mod.cpp b/src/lib/math/numbertheory/pow_mod.cpp index 1a03767b80..00917a5f91 100644 --- a/src/lib/math/numbertheory/pow_mod.cpp +++ b/src/lib/math/numbertheory/pow_mod.cpp @@ -107,7 +107,7 @@ size_t Power_Mod::window_bits(size_t exp_bits, size_t, { 539, 6 }, { 197, 4 }, { 70, 3 }, - { 25, 2 }, + { 17, 2 }, { 0, 0 } }; From afe4ae0f83b7207873afac760cb3c32ed40ce4c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 15:01:09 -0500 Subject: [PATCH 0834/1008] Minor tweaks for coverage --- src/lib/block/cascade/cascade.cpp | 9 +++++---- src/lib/modes/aead/gcm/gcm.cpp | 3 +-- src/tests/test_modes.cpp | 5 +++++ 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/lib/block/cascade/cascade.cpp b/src/lib/block/cascade/cascade.cpp index e54d3e5b53..6607fd5b27 100644 --- a/src/lib/block/cascade/cascade.cpp +++ b/src/lib/block/cascade/cascade.cpp @@ -58,7 +58,7 @@ namespace { size_t euclids_algorithm(size_t a, size_t b) { - while(b != 0) // gcd + while(b != 0) { size_t t = b; b = a % b; @@ -73,7 +73,7 @@ size_t block_size_for_cascade(size_t bs, size_t bs2) if(bs == bs2) return bs; - size_t gcd = euclids_algorithm(bs, bs2); + const size_t gcd = euclids_algorithm(bs, bs2); return (bs * bs2) / gcd; } @@ -85,8 +85,9 @@ Cascade_Cipher::Cascade_Cipher(BlockCipher* c1, BlockCipher* c2) : { m_block = block_size_for_cascade(c1->block_size(), c2->block_size()); - if(block_size() % c1->block_size() || block_size() % c2->block_size()) - throw Internal_Error("Failure in " + name() + " constructor"); + BOTAN_ASSERT(m_block % c1->block_size() == 0 && + m_block % c2->block_size() == 0, + "Combined block size is a multiple of each ciphers block"); } } diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index dfaffedb73..b0240eb7ff 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -86,8 +86,7 @@ void GCM_Mode::set_associated_data(const uint8_t ad[], size_t ad_len) void GCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { - if(!valid_nonce_length(nonce_len)) - throw Invalid_IV_Length(name(), nonce_len); + // any size is valid for GCM nonce secure_vector y0(GCM_BS); diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index d707f44194..89b2018731 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -78,6 +78,11 @@ class Cipher_Mode_Tests final : public Text_Based_Test result.test_gte("enc buffer sizes ok", enc->update_granularity(), enc->minimum_final_size()); result.test_gte("dec buffer sizes ok", dec->update_granularity(), dec->minimum_final_size()); + result.confirm("default nonce size is allowed", + enc->valid_nonce_length(enc->default_nonce_length())); + result.confirm("default nonce size is allowed", + dec->valid_nonce_length(dec->default_nonce_length())); + // Test that disallowed nonce sizes result in an exception const size_t large_nonce_size = 65000; result.test_eq("Large nonce not allowed", enc->valid_nonce_length(large_nonce_size), false); From 5a062118ef5e4c508caa67fc8c3a38a7e1db069f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 15:42:41 -0500 Subject: [PATCH 0835/1008] Split Python tests out of botan2.py No reason to ship these to the end user --- src/python/botan2.py | 258 +----------------------------------- src/scripts/ci_build.py | 10 +- src/scripts/install.py | 5 +- src/scripts/test_python.py | 265 +++++++++++++++++++++++++++++++++++++ 4 files changed, 277 insertions(+), 261 deletions(-) create mode 100644 src/scripts/test_python.py diff --git a/src/python/botan2.py b/src/python/botan2.py index 700719496f..07f4b0d012 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -18,7 +18,7 @@ import sys from ctypes import CDLL, POINTER, byref, c_void_p, c_size_t, c_uint32, c_char, c_char_p, create_string_buffer -from binascii import hexlify, unhexlify, b2a_base64 +from binascii import hexlify from datetime import datetime import time @@ -93,12 +93,9 @@ def _ctype_bufout(buf): else: return buf.raw -def hex_encode(buf): +def _hex_encode(buf): return hexlify(buf).decode('ascii') -def hex_decode(buf): - return unhexlify(buf.encode('ascii')) - # # Versions # @@ -404,7 +401,7 @@ def fingerprint(self, hash_algorithm='SHA-256'): buf_len = c_size_t(n) botan.botan_pubkey_fingerprint(self.pubkey, _ctype_str(hash_algorithm), buf, byref(buf_len)) - return hex_encode(buf[0:buf_len.value]) + return _hex_encode(buf[0:buf_len.value]) class private_key(object): # pylint: disable=invalid-name def __init__(self, alg, param, rng_instance): @@ -716,252 +713,3 @@ def subject_dn(self, key, index): c_void_p, c_char_p, c_size_t, POINTER(c_char), POINTER(c_size_t)] return _call_fn_returning_string( 0, lambda b, bl: botan.botan_x509_cert_get_subject_dn(self.x509_cert, _ctype_str(key), index, b, bl)) - - -# -# Tests and examples -# -def test(): - - def test_version(): - - print("\n%s" % version_string()) - print("v%d.%d.%d\n" % (version_major(), version_minor(), version_patch())) - print("\nPython %s\n" % sys.version.replace('\n', ' ')) - - def test_kdf(): - print("KDF2(SHA-1) %s" % - hex_encode(kdf('KDF2(SHA-1)', hex_decode('701F3480DFE95F57941F804B1B2413EF'), 7, - hex_decode('55A4E9DD5F4CA2EF82'), hex_decode('')))) - - def test_pbkdf(): - print("PBKDF2(SHA-1) %s" % - hex_encode(pbkdf('PBKDF2(SHA-1)', '', 32, 10000, hex_decode('0001020304050607'))[2])) - print("good output %s\n" % - '59B2B1143B4CB1059EC58D9722FB1C72471E0D85C6F7543BA5228526375B0127') - - (salt, iterations, psk) = pbkdf_timed('PBKDF2(SHA-256)', 'xyz', 32, 200) - - print("PBKDF2(SHA-256) x=timed, y=iterated; salt = %s (len=%d) #iterations = %d\n" % - (hex_encode(salt), len(salt), iterations)) - - print('x %s' % hex_encode(psk)) - print('y %s\n' % (hex_encode(pbkdf('PBKDF2(SHA-256)', 'xyz', 32, iterations, salt)[2]))) - - def test_bcrypt(): - print("Testing Bcrypt...") - r = rng() - phash = bcrypt('testing', r) - print("bcrypt returned %s (%d bytes)" % (hex_encode(phash), len(phash))) - print("validating the hash produced: %r" % (check_bcrypt('testing', phash))) - print("\n") - - def test_hmac(): - - hmac = message_authentication_code('HMAC(SHA-256)') - hmac.set_key(hex_decode('0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20')) - hmac.update(hex_decode('616263')) - - hmac_vec = hex_decode('A21B1F5D4CF4F73A4DD939750F7A066A7F98CC131CB16A6692759021CFAB8181') - hmac_output = hmac.final() - - if hmac_output != hmac_vec: - print("Bad HMAC:\t%s" % hex_encode(hmac_output)) - print("vs good: \t%s" % hex_encode(hmac_vec)) - else: - print("HMAC output correct: %s\n" % hex_encode(hmac_output)) - - def test_rng(): - user_rng = rng("user") - - print("rng output:\n\t%s\n\t%s\n\t%s\n" % - (hex_encode(user_rng.get(42)), - hex_encode(user_rng.get(13)), - hex_encode(user_rng.get(9)))) - - def test_hash(): - md5 = hash_function('MD5') - assert md5.output_length() == 16 - md5.update('h') - md5.update('i') - h1 = md5.final() - print("md5 hash: %s (%s)\n" % (hex_encode(h1), '49f68a5c8493ec2c0bf489821c21fc3b')) - - md5.update(hex_decode('f468025b')) - h2 = md5.final() - print("md5 hash: %s (%s)\n" % (hex_encode(h2), '47efd2be302a937775e93dea281b6751')) - - def test_cipher(): - for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305']: - enc = cipher(mode, encrypt=True) - - (kmin, kmax) = enc.key_length() - print("%s: default nonce=%d update_size=%d key_min=%d key_max=%d" % - (mode, enc.default_nonce_length(), enc.update_granularity(), kmin, kmax)) - iv = rng().get(enc.default_nonce_length()) - key = rng().get(kmax) - pt = rng().get(21) - - print(" plaintext %s (%d)" % (hex_encode(pt), len(pt))) - - enc.set_key(key) - enc.start(iv) - - update_result = enc.update('') - assert not update_result - - ct = enc.finish(pt) - print(" ciphertext %s (%d)" % (hex_encode(ct), len(ct))) - - dec = cipher(mode, encrypt=False) - dec.set_key(key) - dec.start(iv) - decrypted = dec.finish(ct) - - print(" decrypted %s (%d)\n" % (hex_encode(decrypted), len(decrypted))) - - - def test_mceliece(): - mce_priv = private_key('mce', [2960, 57], rng()) - mce_pub = mce_priv.get_public_key() - - mce_plaintext = 'mce plaintext' - mce_ad = 'mce AD' - mce_ciphertext = mceies_encrypt(mce_pub, rng(), 'ChaCha20Poly1305', mce_plaintext, mce_ad) - - print("mceies len(pt)=%d len(ct)=%d" % (len(mce_plaintext), len(mce_ciphertext))) - - mce_decrypt = mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad) - print(" mceies plaintext \'%s\' (%d)" % (mce_plaintext, len(mce_plaintext))) - - # Since mceies_decrypt() returns bytes in Python3, the following line - # needs .decode('utf-8') to convert mce_decrypt from bytes to a - # text string (Unicode). - # You don't need to add .decode() if - # (a) your expected output is bytes rather than a text string, or - # (b) you are using Python2 rather than Python3. - print(" mceies decrypted \'%s\' (%d)" % (mce_decrypt.decode('utf-8'), len(mce_decrypt))) - - print("mce_pub %s/SHA-1 fingerprint: %s\nEstimated strength %s bits (len %d)\n" % ( - mce_pub.algo_name(), mce_pub.fingerprint("SHA-1"), - mce_pub.estimated_strength(), len(mce_pub.encoding()) - )) - - def test_rsa(): - rsapriv = private_key('rsa', 1536, rng()) - rsapub = rsapriv.get_public_key() - - print("rsapub %s SHA-1 fingerprint: %s estimated strength %d (len %d)" % ( - rsapub.algo_name(), rsapub.fingerprint("SHA-1"), - rsapub.estimated_strength(), len(rsapub.encoding()) - )) - - dec = pk_op_decrypt(rsapriv, "EME1(SHA-256)") - enc = pk_op_encrypt(rsapub, "EME1(SHA-256)") - - sys_rng = rng() - symkey = sys_rng.get(32) - ctext = enc.encrypt(symkey, sys_rng) - print("ptext \'%s\' (%d)" % (hex_encode(symkey), len(symkey))) - print("ctext \'%s\' (%d)" % (hex_encode(ctext), len(ctext))) - print("decrypt \'%s\' (%d)\n" % (hex_encode(dec.decrypt(ctext)), - len(dec.decrypt(ctext)))) - - signer = pk_op_sign(rsapriv, 'EMSA4(SHA-384)') - - signer.update('messa') - signer.update('ge') - sig = signer.finish(rng()) - - print("EMSA4(SHA-384) signature: %s" % hex_encode(sig)) - - verify = pk_op_verify(rsapub, 'EMSA4(SHA-384)') - - verify.update('mess') - verify.update('age') - print("good sig accepted? %s" % verify.check_signature(sig)) - - verify.update('mess of things') - verify.update('age') - print("bad sig accepted? %s" % verify.check_signature(sig)) - - verify.update('message') - print("good sig accepted? %s\n" % verify.check_signature(sig)) - - def test_dh(): - a_rng = rng('user') - b_rng = rng('user') - - for dh_grp in ['secp256r1', 'curve25519']: - dh_kdf = 'KDF2(SHA-384)'.encode('utf-8') - a_dh_priv = private_key('ecdh', dh_grp, rng()) - b_dh_priv = private_key('ecdh', dh_grp, rng()) - - a_dh = pk_op_key_agreement(a_dh_priv, dh_kdf) - b_dh = pk_op_key_agreement(b_dh_priv, dh_kdf) - - a_dh_pub = a_dh.public_value() - b_dh_pub = b_dh.public_value() - - a_salt = a_rng.get(8) - b_salt = b_rng.get(8) - - print("ecdh %s pubs:\n %s (salt %s)\n %s (salt %s)\n" % - (dh_grp, - hex_encode(a_dh_pub), hex_encode(a_salt), - hex_encode(b_dh_pub), hex_encode(b_salt))) - - a_key = a_dh.agree(b_dh_pub, 32, a_salt + b_salt) - b_key = b_dh.agree(a_dh_pub, 32, a_salt + b_salt) - - print("ecdh %s shared:\n %s\n %s\n" % - (dh_grp, hex_encode(a_key), hex_encode(b_key))) - - def test_certs(): - cert = x509_cert(filename="src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt") - print("CSCA (Germany) Certificate\nDetails:") - print("SHA-1 fingerprint: %s" % cert.fingerprint("SHA-1")) - print("Expected: 32:42:1C:C3:EC:54:D7:E9:43:EC:51:F0:19:23:BD:85:1D:F2:1B:B9") - - print("Not before: %s" % cert.time_starts()) - print("Not after: %s" % cert.time_expires()) - - print("Serial number: %s" % hex_encode(cert.serial_number())) - print("Authority Key ID: %s" % hex_encode(cert.authority_key_id())) - print("Subject Key ID: %s" % hex_encode(cert.subject_key_id())) - print("Public key bits:\n%s\n" % b2a_base64(cert.subject_public_key_bits())) - - pubkey = cert.subject_public_key() - print("Public key algo: %s" % pubkey.algo_name()) - print("Public key strength: %s" % pubkey.estimated_strength() + " bits") - - dn_fields = ("Name", "Email", "Organization", "Organizational Unit", "Country") - for field in dn_fields: - try: - print("%s: %s" % (field, cert.subject_dn(field, 0))) - except BotanException: - print("Field: %s not found in certificate" % field) - - print(cert.to_string()) - - test_version() - test_kdf() - test_pbkdf() - test_bcrypt() - test_hmac() - test_rng() - test_hash() - test_cipher() - test_mceliece() - test_rsa() - test_dh() - test_certs() - - -def main(args=None): - if args is None: - args = sys.argv - test() - -if __name__ == '__main__': - sys.exit(main()) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 5560ced51f..a9a6afbdfb 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -213,6 +213,7 @@ def run_cmd(cmd, root_dir): cmd = [os.path.expandvars(elem) for elem in cmd] sub_env = os.environ.copy() sub_env['LD_LIBRARY_PATH'] = root_dir + sub_env['PYTHONPATH'] = os.path.join(root_dir, 'src/python') redirect_stdout = None if len(cmd) > 3 and cmd[-2] == '>': @@ -376,6 +377,7 @@ def main(args=None): 'src/scripts/build_docs.py', 'src/scripts/website.py', 'src/scripts/bench.py', + 'src/scripts/test_python.py', 'src/scripts/python_unittests.py', 'src/scripts/python_unittests_unix.py'] @@ -436,14 +438,14 @@ def main(args=None): os.path.join(root_dir, 'src/scripts/cli_tests.py'), botan_exe]) - botan_py = os.path.join(root_dir, 'src/python/botan2.py') + python_tests = os.path.join(root_dir, 'src/scripts/test_python.py') if target in ['shared', 'coverage']: if use_python2: - cmds.append(['python2', botan_py]) + cmds.append(['python2', '-b', python_tests]) if use_python3: - cmds.append(['python3', botan_py]) + cmds.append(['python3', '-b', python_tests]) if target in ['shared', 'static', 'bsi', 'nist']: cmds.append(make_cmd + ['install']) @@ -480,7 +482,7 @@ def main(args=None): if have_prog('coverage'): cmds.append(['coverage', 'run', '--branch', '--rcfile', os.path.join(root_dir, 'src/configs/coverage.rc'), - botan_py]) + python_tests]) if have_prog('codecov'): # If codecov exists assume we are on Travis and report to codecov.io diff --git a/src/scripts/install.py b/src/scripts/install.py index 243d58eda7..03a15ba3e9 100755 --- a/src/scripts/install.py +++ b/src/scripts/install.py @@ -236,8 +236,9 @@ def copy_executable(src, dst): makedirs(prepend_destdir(py_lib_path)) py_dir = cfg['python_dir'] - for py in os.listdir(py_dir): - copy_file(os.path.join(py_dir, py), prepend_destdir(os.path.join(py_lib_path, py))) + + copy_file(os.path.join(py_dir, 'botan2.py'), + prepend_destdir(os.path.join(py_lib_path, 'botan2.py'))) if cfg['with_documentation']: target_doc_dir = os.path.join(options.prefix, options.docdir, diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py new file mode 100644 index 0000000000..aad6b212b1 --- /dev/null +++ b/src/scripts/test_python.py @@ -0,0 +1,265 @@ +#!/usr/bin/env python + +""" +(C) 2015,2017,2018 Jack Lloyd + +Botan is released under the Simplified BSD License (see license.txt) +""" + +import botan2 +import sys +import binascii + +def hex_encode(buf): + return binascii.hexlify(buf).decode('ascii') + +def hex_decode(buf): + return binascii.unhexlify(buf.encode('ascii')) + +def test(): + + def test_version(): + + print("\n%s" % botan2.version_string()) + print("v%d.%d.%d\n" % (botan2.version_major(), botan2.version_minor(), botan2.version_patch())) + print("\nPython %s\n" % sys.version.replace('\n', ' ')) + + def test_kdf(): + print("KDF2(SHA-1) %s" % + hex_encode(botan2.kdf('KDF2(SHA-1)', + hex_decode('701F3480DFE95F57941F804B1B2413EF'), 7, + hex_decode('55A4E9DD5F4CA2EF82'), hex_decode('')))) + + def test_pbkdf(): + print("PBKDF2(SHA-1) %s" % + hex_encode(botan2.pbkdf('PBKDF2(SHA-1)', '', 32, 10000, hex_decode('0001020304050607'))[2])) + print("good output %s\n" % + '59B2B1143B4CB1059EC58D9722FB1C72471E0D85C6F7543BA5228526375B0127') + + (salt, iterations, psk) = botan2.pbkdf_timed('PBKDF2(SHA-256)', 'xyz', 32, 200) + + print("PBKDF2(SHA-256) x=timed, y=iterated; salt = %s (len=%d) #iterations = %d\n" % + (hex_encode(salt), len(salt), iterations)) + + print('x %s' % hex_encode(psk)) + print('y %s\n' % (hex_encode(botan2.pbkdf('PBKDF2(SHA-256)', 'xyz', 32, iterations, salt)[2]))) + + def test_bcrypt(): + print("Testing Bcrypt...") + r = botan2.rng() + phash = botan2.bcrypt('testing', r) + print("bcrypt returned %s (%d bytes)" % (hex_encode(phash), len(phash))) + print("validating the hash produced: %r" % (botan2.check_bcrypt('testing', phash))) + print("\n") + + def test_hmac(): + + hmac = botan2.message_authentication_code('HMAC(SHA-256)') + hmac.set_key(hex_decode('0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20')) + hmac.update(hex_decode('616263')) + + hmac_vec = hex_decode('A21B1F5D4CF4F73A4DD939750F7A066A7F98CC131CB16A6692759021CFAB8181') + hmac_output = hmac.final() + + if hmac_output != hmac_vec: + print("Bad HMAC:\t%s" % hex_encode(hmac_output)) + print("vs good: \t%s" % hex_encode(hmac_vec)) + else: + print("HMAC output correct: %s\n" % hex_encode(hmac_output)) + + def test_rng(): + user_rng = botan2.rng("user") + + print("rng output:\n\t%s\n\t%s\n\t%s\n" % + (hex_encode(user_rng.get(42)), + hex_encode(user_rng.get(13)), + hex_encode(user_rng.get(9)))) + + def test_hash(): + md5 = botan2.hash_function('MD5') + assert md5.output_length() == 16 + md5.update('h') + md5.update('i') + h1 = md5.final() + print("md5 hash: %s (%s)\n" % (hex_encode(h1), '49f68a5c8493ec2c0bf489821c21fc3b')) + + md5.update(hex_decode('f468025b')) + h2 = md5.final() + print("md5 hash: %s (%s)\n" % (hex_encode(h2), '47efd2be302a937775e93dea281b6751')) + + def test_cipher(): + for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305']: + enc = botan2.cipher(mode, encrypt=True) + + (kmin, kmax) = enc.key_length() + print("%s: default nonce=%d update_size=%d key_min=%d key_max=%d" % + (mode, enc.default_nonce_length(), enc.update_granularity(), kmin, kmax)) + + rng = botan2.rng() + iv = rng.get(enc.default_nonce_length()) + key = rng.get(kmax) + pt = rng.get(21) + + print(" plaintext %s (%d)" % (hex_encode(pt), len(pt))) + + enc.set_key(key) + enc.start(iv) + + update_result = enc.update('') + assert not update_result + + ct = enc.finish(pt) + print(" ciphertext %s (%d)" % (hex_encode(ct), len(ct))) + + dec = botan2.cipher(mode, encrypt=False) + dec.set_key(key) + dec.start(iv) + decrypted = dec.finish(ct) + + print(" decrypted %s (%d)\n" % (hex_encode(decrypted), len(decrypted))) + + + def test_mceliece(): + mce_priv = botan2.private_key('mce', [2960, 57], botan2.rng()) + mce_pub = mce_priv.get_public_key() + + mce_plaintext = 'mce plaintext' + mce_ad = 'mce AD' + mce_ciphertext = botan2.mceies_encrypt(mce_pub, botan2.rng(), 'ChaCha20Poly1305', mce_plaintext, mce_ad) + + print("mceies len(pt)=%d len(ct)=%d" % (len(mce_plaintext), len(mce_ciphertext))) + + mce_decrypt = botan2.mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad) + print(" mceies plaintext \'%s\' (%d)" % (mce_plaintext, len(mce_plaintext))) + + # Since mceies_decrypt() returns bytes in Python3, the following line + # needs .decode('utf-8') to convert mce_decrypt from bytes to a + # text string (Unicode). + # You don't need to add .decode() if + # (a) your expected output is bytes rather than a text string, or + # (b) you are using Python2 rather than Python3. + print(" mceies decrypted \'%s\' (%d)" % (mce_decrypt.decode('utf-8'), len(mce_decrypt))) + + print("mce_pub %s/SHA-1 fingerprint: %s\nEstimated strength %s bits (len %d)\n" % ( + mce_pub.algo_name(), mce_pub.fingerprint("SHA-1"), + mce_pub.estimated_strength(), len(mce_pub.encoding()) + )) + + def test_rsa(): + rsapriv = botan2.private_key('rsa', 1536, botan2.rng()) + rsapub = rsapriv.get_public_key() + + print("rsapub %s SHA-1 fingerprint: %s estimated strength %d (len %d)" % ( + rsapub.algo_name(), rsapub.fingerprint("SHA-1"), + rsapub.estimated_strength(), len(rsapub.encoding()) + )) + + dec = botan2.pk_op_decrypt(rsapriv, "EME1(SHA-256)") + enc = botan2.pk_op_encrypt(rsapub, "EME1(SHA-256)") + + sys_rng = botan2.rng() + symkey = sys_rng.get(32) + ctext = enc.encrypt(symkey, sys_rng) + print("ptext \'%s\' (%d)" % (hex_encode(symkey), len(symkey))) + print("ctext \'%s\' (%d)" % (hex_encode(ctext), len(ctext))) + print("decrypt \'%s\' (%d)\n" % (hex_encode(dec.decrypt(ctext)), + len(dec.decrypt(ctext)))) + + signer = botan2.pk_op_sign(rsapriv, 'EMSA4(SHA-384)') + + signer.update('messa') + signer.update('ge') + sig = signer.finish(botan2.rng()) + + print("EMSA4(SHA-384) signature: %s" % hex_encode(sig)) + + verify = botan2.pk_op_verify(rsapub, 'EMSA4(SHA-384)') + + verify.update('mess') + verify.update('age') + print("good sig accepted? %s" % verify.check_signature(sig)) + + verify.update('mess of things') + verify.update('age') + print("bad sig accepted? %s" % verify.check_signature(sig)) + + verify.update('message') + print("good sig accepted? %s\n" % verify.check_signature(sig)) + + def test_dh(): + a_rng = botan2.rng('user') + b_rng = botan2.rng('user') + + for dh_grp in ['secp256r1', 'curve25519']: + dh_kdf = 'KDF2(SHA-384)'.encode('utf-8') + a_dh_priv = botan2.private_key('ecdh', dh_grp, botan2.rng()) + b_dh_priv = botan2.private_key('ecdh', dh_grp, botan2.rng()) + + a_dh = botan2.pk_op_key_agreement(a_dh_priv, dh_kdf) + b_dh = botan2.pk_op_key_agreement(b_dh_priv, dh_kdf) + + a_dh_pub = a_dh.public_value() + b_dh_pub = b_dh.public_value() + + a_salt = a_rng.get(8) + b_salt = b_rng.get(8) + + print("ecdh %s pubs:\n %s (salt %s)\n %s (salt %s)\n" % + (dh_grp, + hex_encode(a_dh_pub), hex_encode(a_salt), + hex_encode(b_dh_pub), hex_encode(b_salt))) + + a_key = a_dh.agree(b_dh_pub, 32, a_salt + b_salt) + b_key = b_dh.agree(a_dh_pub, 32, a_salt + b_salt) + + print("ecdh %s shared:\n %s\n %s\n" % + (dh_grp, hex_encode(a_key), hex_encode(b_key))) + + def test_certs(): + cert = botan2.x509_cert(filename="src/tests/data/x509/ecc/CSCA.CSCA.csca-germany.1.crt") + print("CSCA (Germany) Certificate\nDetails:") + print("SHA-1 fingerprint: %s" % cert.fingerprint("SHA-1")) + print("Expected: 32:42:1C:C3:EC:54:D7:E9:43:EC:51:F0:19:23:BD:85:1D:F2:1B:B9") + + print("Not before: %s" % cert.time_starts()) + print("Not after: %s" % cert.time_expires()) + + print("Serial number: %s" % hex_encode(cert.serial_number())) + print("Authority Key ID: %s" % hex_encode(cert.authority_key_id())) + print("Subject Key ID: %s" % hex_encode(cert.subject_key_id())) + print("Public key bits:\n%s\n" % binascii.b2a_base64(cert.subject_public_key_bits())) + + pubkey = cert.subject_public_key() + print("Public key algo: %s" % pubkey.algo_name()) + print("Public key strength: %s" % pubkey.estimated_strength() + " bits") + + dn_fields = ("Name", "Email", "Organization", "Organizational Unit", "Country") + for field in dn_fields: + try: + print("%s: %s" % (field, cert.subject_dn(field, 0))) + except BotanException: + print("Field: %s not found in certificate" % field) + + print(cert.to_string()) + + test_version() + test_kdf() + test_pbkdf() + test_bcrypt() + test_hmac() + test_rng() + test_hash() + test_cipher() + test_mceliece() + test_rsa() + test_dh() + test_certs() + + +def main(args=None): + if args is None: + args = sys.argv + test() + +if __name__ == '__main__': + sys.exit(main()) From 21634bbeb35cea89b9f41f7e39e1e651406c5a9f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 16:57:16 -0500 Subject: [PATCH 0836/1008] Make lint happy [ci skip] --- src/scripts/test_python.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py index aad6b212b1..d3e6cafd76 100644 --- a/src/scripts/test_python.py +++ b/src/scripts/test_python.py @@ -6,9 +6,9 @@ Botan is released under the Simplified BSD License (see license.txt) """ -import botan2 import sys import binascii +import botan2 def hex_encode(buf): return binascii.hexlify(buf).decode('ascii') @@ -237,7 +237,7 @@ def test_certs(): for field in dn_fields: try: print("%s: %s" % (field, cert.subject_dn(field, 0))) - except BotanException: + except botan2.BotanException: print("Field: %s not found in certificate" % field) print(cert.to_string()) From 7f6b26e934b9a6015d9bf1fa236d8409ae59cf9f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 17:26:04 -0500 Subject: [PATCH 0837/1008] Add new CLI test script --- src/cli/cli_rng.cpp | 4 +- src/scripts/ci_build.py | 11 +- src/scripts/test_cli.py | 252 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 261 insertions(+), 6 deletions(-) create mode 100755 src/scripts/test_cli.py diff --git a/src/cli/cli_rng.cpp b/src/cli/cli_rng.cpp index 1e3ecb1415..78af51314d 100644 --- a/src/cli/cli_rng.cpp +++ b/src/cli/cli_rng.cpp @@ -66,11 +66,11 @@ cli_make_rng(const std::string& rng_type, const std::string& hex_drbg_seed) } #endif -#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_AUTO_RNG_HMAC) +#if defined(BOTAN_HAS_HMAC_DRBG) && defined(BOTAN_HAS_SHA2_32) if(rng_type == "drbg") { std::unique_ptr mac = - Botan::MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC); + Botan::MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); std::unique_ptr rng(new Botan::HMAC_DRBG(std::move(mac))); rng->add_entropy(drbg_seed.data(), drbg_seed.size()); diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index a9a6afbdfb..4fcdac9973 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -378,6 +378,7 @@ def main(args=None): 'src/scripts/website.py', 'src/scripts/bench.py', 'src/scripts/test_python.py', + 'src/scripts/test_cli.py', 'src/scripts/python_unittests.py', 'src/scripts/python_unittests_unix.py'] @@ -432,11 +433,13 @@ def main(args=None): os.path.join(root_dir, 'fuzzer_corpus'), os.path.join(root_dir, 'build/fuzzer')]) - if target in ['static', 'shared'] and options.os != 'windows': + if target in ['shared', 'coverage'] and options.os != 'windows': botan_exe = os.path.join(root_dir, 'botan-cli.exe' if options.os == 'windows' else 'botan') - cmds.append([py_interp, - os.path.join(root_dir, 'src/scripts/cli_tests.py'), - botan_exe]) + + test_scripts = ['cli_tests.py', 'test_cli.py'] + for script in test_scripts: + cmds.append([py_interp, os.path.join(root_dir, 'src/scripts', script), + botan_exe]) python_tests = os.path.join(root_dir, 'src/scripts/test_python.py') diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py new file mode 100755 index 0000000000..c3fe43c1a0 --- /dev/null +++ b/src/scripts/test_cli.py @@ -0,0 +1,252 @@ +#!/usr/bin/python + +import subprocess +import sys +import os +import logging +import optparse # pylint: disable=deprecated-module +import time +import shutil +import tempfile + +# pylint: disable=global-statement + +CLI_PATH = None +TESTS_RUN = 0 +TESTS_FAILED = 0 + +class TestLogHandler(logging.StreamHandler, object): + def emit(self, record): + # Do the default stuff first + super(TestLogHandler, self).emit(record) + if record.levelno >= logging.ERROR: + global TESTS_FAILED + TESTS_FAILED += 1 + +def setup_logging(options): + if options.verbose: + log_level = logging.DEBUG + elif options.quiet: + log_level = logging.WARNING + else: + log_level = logging.INFO + + lh = TestLogHandler(sys.stdout) + lh.setFormatter(logging.Formatter('%(levelname) 7s: %(message)s')) + logging.getLogger().addHandler(lh) + logging.getLogger().setLevel(log_level) + + +def test_cli(cmd, cmd_options, expected_output=None, cmd_input=None): + global TESTS_RUN + global TESTS_FAILED + + TESTS_RUN += 1 + + logging.debug("Running %s %s", cmd, cmd_options) + + fixed_drbg_seed = "802" * 32 + + if type(cmd_options) == str: + cmd_options = cmd_options.split(' ') + + drbg_options = ['--rng-type=drbg', '--drbg-seed=' + fixed_drbg_seed] + cmdline = [CLI_PATH, cmd] + drbg_options + cmd_options + + stdout = None + stderr = None + + if cmd_input is None: + proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + (stdout, stderr) = proc.communicate() + else: + proc = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + (stdout, stderr) = proc.communicate(cmd_input.encode()) + + if stderr: + logging.error("Got output on stderr %s", stderr) + + output = stdout.decode('ascii').strip() + + if expected_output != None: + if output != expected_output: + logging.error("Got unexpected output running cmd %s %s - %s", cmd, cmd_options, output) + + return output + +def cli_is_prime_tests(): + test_cli("is_prime", "5", "5 is probably prime") + test_cli("is_prime", "9", "9 is composite") + test_cli("is_prime", "548950623407687320763", "548950623407687320763 is probably prime") + +def cli_gen_prime_tests(): + test_cli("gen_prime", "64", "15568813029901363223") + test_cli("gen_prime", "128", "287193909494025008847286845478788769439") + +def cli_factor_tests(): + test_cli("factor", "97", "97: 97") + test_cli("factor", "9753893489562389", "9753893489562389: 21433 455087644733") + test_cli("factor", "12019502040659149507", "12019502040659149507: 3298628633 3643787579") + +def cli_mod_inverse_tests(): + test_cli("mod_inverse", "97 802", "339") + test_cli("mod_inverse", "98 802", "0") + +def cli_base64_tests(): + test_cli("base64_enc", "-", "YmVlcyE=", "bees!") + test_cli("base64_dec", "-", "bees!", "YmVlcyE=") + +def cli_hex_tests(): + test_cli("hex_enc", "-", "6265657321", "bees!") + test_cli("hex_dec", "-", "bees!", "6265657321") + +def cli_hash_tests(): + test_cli("hash", "--algo=SHA-256", + "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 -", "") + + test_cli("hash", "--algo=SHA-256", + "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD -", "abc") + +def cli_bcrypt_tests(): + test_cli("gen_bcrypt", "--work-factor=4 s3kr1t", + "$2a$04$0.8G7o08XYwvBBWA3l0WUujtwoGZgGDzVSN8fNkNqXikcK4A3lHPS") + + test_cli("check_bcrypt", "s3kr1t $2a$04$gHX4Qg7pDSJuXiPXnmt8leyb.FFzX1Bv4rXwIj2cPSakJ8zNnhIka", + "Password is valid") + + test_cli("check_bcrypt", "santa $2a$04$gHX4Qg7pDSJuXiPXnmt8leyb.FFzX1Bv4rXwIj2cPSakJ8zNnhIka", + "Password is NOT valid") + +def cli_gen_dl_group_tests(): + + pem = """-----BEGIN X9.42 DH PARAMETERS----- +MIIBJAKBgwS7QodscwdpuPdbHL7YeFP7yRjdqWovbwD+/zSd2OMswe82XnawKsSq +FSCVAfsG75CBRZ2krSY8X/7zuIh8yoAPs87ZIQJmKJem/MdII7zndfnec+klKtHo +FX2mOFzmndWJBXv4fwWLHEGIoeCamveL2+q1M8sakNicI7U2vUkX30CxAoGDArnH +im+KLvXXL4uR97V/yDVx/Vf0Eu8Bqxkx6jFMiabzc4mhCJ+MHh2nH3U67PLAnTgR +zCQcHevoOKd/ODychEHWwqP26aKCaRUS1DLq8U/qPL7L2pTMLYu27THt7HvKfA0D +mMo6OGy9uFpJkaLVypD+LKEY/Bc540iRFQcW63ngpo0CFjgPiPatvmWssQw2AuZ9 +mFvAZ/8wal0= +-----END X9.42 DH PARAMETERS-----""" + + test_cli("gen_dl_group", "--pbits=1043", pem) + +def cli_key_tests(): + + pem = """-----BEGIN PRIVATE KEY----- +MD4CAQAwEAYHKoZIzj0CAQYFK4EEAAoEJzAlAgEBBCDYD4j2rb5lrLEMNgLmfZhb +wGf/MGbgPebBLmozAANENw== +-----END PRIVATE KEY-----""" + + tmp_dir = tempfile.mkdtemp(prefix='botan_cli') + + priv_key = os.path.join(tmp_dir, 'priv.pem') + pub_key = os.path.join(tmp_dir, 'pub.pem') + ca_cert = os.path.join(tmp_dir, 'ca.crt') + crt_req = os.path.join(tmp_dir, 'crt.req') + user_cert = os.path.join(tmp_dir, 'user.crt') + + test_cli("keygen", ["--algo=ECDSA", "--params=secp256k1"], pem) + + test_cli("keygen", ["--algo=ECDSA", "--params=secp256r1", "--output=" + priv_key], "") + + test_cli("pkcs8", "--pub-out --output=%s %s" % (pub_key, priv_key), "") + + valid_sig = "xd3J9jtTBWFWA9ceVGYpmEB0A1DmOoxHRF7FpYW2ng/GYEH/HYljIfYzu/L5iTK6XfVePxeMr6ubCYCD9vFGIw==" + + test_cli("sign", "%s %s" % (priv_key, priv_key), valid_sig) + + test_cli("verify", [pub_key, priv_key, '-'], + "Signature is valid", valid_sig) + + test_cli("verify", [pub_key, priv_key, '-'], + "Signature is invalid", + valid_sig.replace("W", "Z")) + + test_cli("gen_self_signed", "%s CA --ca --country=VT --dns=ca.example --hash=SHA-384 --output=%s" % (priv_key, ca_cert), "") + + test_cli("cert_verify", ca_cert, "Certificate did not validate - Cannot establish trust") + + test_cli("gen_pkcs10", "%s User --output=%s" % (priv_key, crt_req)) + + test_cli("sign_cert", "%s %s %s --output=%s" % (ca_cert, priv_key, crt_req, user_cert)) + + test_cli("cert_verify", [user_cert, ca_cert], + "Certificate passes validation checks") + + test_cli("cert_verify", user_cert, + "Certificate did not validate - Certificate issuer not found") + + shutil.rmtree(tmp_dir) + +def cli_rng_tests(): + test_cli("rng", "10", "D80F88F6ADBE65ACB10C") + test_cli("rng", "16", "D80F88F6ADBE65ACB10C3602E67D985B") + test_cli("rng", "10 6", "D80F88F6ADBE65ACB10C\n1B119CC068AF") + +def cli_ec_group_info_tests(): + + # pylint: disable=line-too-long + secp256r1_info = """P = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF +A = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC +B = 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B +G = 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296,4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5""" + + secp256r1_pem = """-----BEGIN EC PARAMETERS----- +MIHgAgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// +/////zBEBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6 +k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsEQQRrF9Hy4SxCR/i85uVjpEDydwN9 +gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA +/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQE= +-----END EC PARAMETERS-----""" + + test_cli("ec_group_info", "secp256r1", secp256r1_info) + test_cli("ec_group_info", "--pem secp256r1", secp256r1_pem) + +def main(args=None): + if args is None: + args = sys.argv + + parser = optparse.OptionParser( + formatter=optparse.IndentedHelpFormatter(max_help_position=50)) + + parser.add_option('--verbose', action='store_true', default=False) + parser.add_option('--quiet', action='store_true', default=False) + + (options, args) = parser.parse_args(args) + + setup_logging(options) + + if len(args) != 2: + logging.error("Usage: ./cli_tests.py path_to_botan_cli") + return 1 + + if os.access(args[1], os.X_OK) != True: + logging.error("Could not access/execute %s", args[1]) + return 2 + + global CLI_PATH + CLI_PATH = args[1] + + start_time = time.time() + cli_is_prime_tests() + cli_factor_tests() + cli_mod_inverse_tests() + cli_base64_tests() + cli_hex_tests() + cli_gen_prime_tests() + cli_hash_tests() + cli_rng_tests() + cli_bcrypt_tests() + cli_gen_dl_group_tests() + cli_ec_group_info_tests() + cli_key_tests() + end_time = time.time() + + print("Ran %d tests with %d failures in %.02f seconds" % ( + TESTS_RUN, TESTS_FAILED, end_time - start_time)) + + return 0 + +if __name__ == '__main__': + sys.exit(main()) From 5d66546778498c4b9eb5849ad0847eeff2805766 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 18:21:48 -0500 Subject: [PATCH 0838/1008] Fix error in FPE_FE1 An implementation mistake led to choosing a >= b when the original paper assumes a <= b. Add a boolean to control which version is used. Increase the default FE1 rounds to 5 for a safety factor. GH #500 --- doc/manual/fpe.rst | 19 ++++++++++------ src/cli/speed.cpp | 2 +- src/lib/misc/fpe_fe1/fpe_fe1.cpp | 37 +++++++++++++++++--------------- src/lib/misc/fpe_fe1/fpe_fe1.h | 33 +++++++++++++++++++++++++++- src/tests/data/fpe_fe1.vec | 6 ++++++ 5 files changed, 71 insertions(+), 26 deletions(-) diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst index 56a8399309..caa2eb916d 100644 --- a/doc/manual/fpe.rst +++ b/doc/manual/fpe.rst @@ -30,13 +30,18 @@ The interfaces for FE1 are defined in the header ``fpe_fe1.h``: .. cpp:class:: FPE_FE1 - .. cpp:function:: FPE_FE1(const BigInt& n, size_t rounds = 3, std::string mac_algo = "HMAC(SHA-256)") - - Initialize an FPE operation to encrypt/decrypt integers less than *n*. It - is expected that *n* is trially factorable into small integers. - - The default rounds and mac algorithm match the original FPE implementation - first available in version 1.9.17. + .. cpp:function:: FPE_FE1(const BigInt& n, size_t rounds = 5, \ + bool compat_mode = false, \ + std::string mac_algo = "HMAC(SHA-256)"); + + Initialize an FPE operation to encrypt/decrypt integers less + than *n*. It is expected that *n* is trially factorable into + small integers. Common usage would be n to be a power of 10. + + Note that the default parameters to this constructor are + **incompatible** with the ``fe1_encrypt`` and ``fe1_decrypt`` + function originally added in 1.9.17. For compatability, use + 3 rounds and set ``compat_mode`` to true. .. cpp:function:: BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index fb47581eb3..90ddafbdfa 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1372,7 +1372,7 @@ class Speed final : public Command Botan::BigInt x = 1; - Botan::FPE_FE1 fpe_fe1(n, 3, "HMAC(SHA-256)"); + Botan::FPE_FE1 fpe_fe1(n); fpe_fe1.set_key(key); while(enc_timer->under(runtime)) diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.cpp b/src/lib/misc/fpe_fe1/fpe_fe1.cpp index d06264413e..0ec36363f1 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.cpp +++ b/src/lib/misc/fpe_fe1/fpe_fe1.cpp @@ -51,8 +51,6 @@ void factor(BigInt n, BigInt& a, BigInt& b) if(a > b) std::swap(a, b); a *= n; - if(a < b) - std::swap(a, b); if(a <= 1 || b <= 1) throw Exception("Could not factor n for use in FPE"); @@ -60,9 +58,15 @@ void factor(BigInt n, BigInt& a, BigInt& b) } -FPE_FE1::FPE_FE1(const BigInt& n, size_t rounds, const std::string& mac_algo) : +FPE_FE1::FPE_FE1(const BigInt& n, + size_t rounds, + bool compat_mode, + const std::string& mac_algo) : m_rounds(rounds) { + if(m_rounds < 3) + throw Invalid_Argument("FPE_FE1 rounds too small"); + m_mac = MessageAuthenticationCode::create_or_throw(mac_algo); m_n_bytes = BigInt::encode(n); @@ -72,19 +76,18 @@ FPE_FE1::FPE_FE1(const BigInt& n, size_t rounds, const std::string& mac_algo) : factor(n, m_a, m_b); - mod_a.reset(new Modular_Reducer(m_a)); - - /* - * According to a paper by Rogaway, Bellare, etc, the min safe number - * of rounds to use for FPE is 2+log_a(b). If a >= b then log_a(b) <= 1 - * so 3 rounds is safe. The FPE factorization routine should always - * return a >= b, so just confirm that and return 3. - */ - if(m_a < m_b) - throw Internal_Error("FPE rounds: a < b"); + if(compat_mode) + { + if(m_a < m_b) + std::swap(m_a, m_b); + } + else + { + if(m_a > m_b) + std::swap(m_a, m_b); + } - if(m_rounds < 3) - throw Invalid_Argument("FPE_FE1 rounds too small"); + mod_a.reset(new Modular_Reducer(m_a)); } FPE_FE1::~FPE_FE1() @@ -197,7 +200,7 @@ BigInt fe1_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, const std::vector& tweak) { - FPE_FE1 fpe(n, 3, "HMAC(SHA-256)"); + FPE_FE1 fpe(n, 3, true, "HMAC(SHA-256)"); fpe.set_key(key); return fpe.encrypt(X, tweak.data(), tweak.size()); } @@ -206,7 +209,7 @@ BigInt fe1_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, const std::vector& tweak) { - FPE_FE1 fpe(n, 3, "HMAC(SHA-256)"); + FPE_FE1 fpe(n, 3, true, "HMAC(SHA-256)"); fpe.set_key(key); return fpe.decrypt(X, tweak.data(), tweak.size()); } diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h index 8f987fd654..e823a5d3c8 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.h +++ b/src/lib/misc/fpe_fe1/fpe_fe1.h @@ -16,11 +16,26 @@ namespace Botan { class Modular_Reducer; class MessageAuthenticationCode; +/** +* Format Preserving Encryption using the scheme FE1 from the paper +* "Format-Preserving Encryption" by Bellare, Rogaway, et al +* (https://eprint.iacr.org/2009/251) +*/ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm { public: + + /** + * @param n the modulus. All plaintext and ciphertext values must be + * less than this. + * @param rounds the number of rounds to use. Must be at least 3. + * @param compat_mode An error in versions before 2.5.0 chose incorrect + * values for a and b. Set compat_mode to true to select this version. + * @param mac_algo the PRF to use as the encryption function + */ FPE_FE1(const BigInt& n, - size_t rounds = 3, + size_t rounds = 5, + bool compat_mode = false, const std::string& mac_algo = "HMAC(SHA-256)"); ~FPE_FE1(); @@ -31,8 +46,18 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm void clear() override; + /** + * Encrypt X from and onto the group Z_n using key and tweak + * @param x the plaintext to encrypt <= n + * @param tweak will modify the ciphertext + */ BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; + /** + * Decrypt X from and onto the group Z_n using key and tweak + * @param x the ciphertext to encrypt <= n + * @param tweak must match the value used to encrypt + */ BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; BigInt encrypt(const BigInt& x, uint64_t tweak) const; @@ -67,6 +92,9 @@ namespace FPE { * @param X the plaintext as a BigInt * @param key a random key * @param tweak will modify the ciphertext (think of as an IV) +* +* @warning This function is hardcoded to use only 3 rounds which +* may be insecure for some values of n. Prefer FPE_FE1 class */ BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, @@ -78,6 +106,9 @@ BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X, * @param X the ciphertext as a BigInt * @param key is the key used for encryption * @param tweak the same tweak used for encryption +* +* @warning This function is hardcoded to use only 3 rounds which +* may be insecure for some values of n. Prefer FPE_FE1 class */ BigInt BOTAN_PUBLIC_API(2,0) fe1_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, diff --git a/src/tests/data/fpe_fe1.vec b/src/tests/data/fpe_fe1.vec index ba67207441..b431b9c682 100644 --- a/src/tests/data/fpe_fe1.vec +++ b/src/tests/data/fpe_fe1.vec @@ -19,6 +19,12 @@ Out = 935673214 Key = 00112233445566778899AABBCCDDEEFF Tweak = 0123456789 +Mod = 1000000000 +In = 8765310 +Out = 258898741 +Key = 00112233445566778899AABBCCDDEEFF +Tweak = 0123456789 + Mod = 100000000000 In = 8765309 Out = 1082083628 From 425b1fd10b6eda9ce89a948ede9935d8c6604dc0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 18:30:22 -0500 Subject: [PATCH 0839/1008] Lint fixes [ci skip] --- src/scripts/test_cli.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index c3fe43c1a0..48f2e9b438 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -47,7 +47,7 @@ def test_cli(cmd, cmd_options, expected_output=None, cmd_input=None): fixed_drbg_seed = "802" * 32 - if type(cmd_options) == str: + if isinstance(cmd_options, str): cmd_options = cmd_options.split(' ') drbg_options = ['--rng-type=drbg', '--drbg-seed=' + fixed_drbg_seed] @@ -163,7 +163,10 @@ def cli_key_tests(): "Signature is invalid", valid_sig.replace("W", "Z")) - test_cli("gen_self_signed", "%s CA --ca --country=VT --dns=ca.example --hash=SHA-384 --output=%s" % (priv_key, ca_cert), "") + test_cli("gen_self_signed", + [priv_key, "CA", "--ca", "--country=VT", + "--dns=ca.example", "--hash=SHA-384", "--output="+ca_cert], + "") test_cli("cert_verify", ca_cert, "Certificate did not validate - Cannot establish trust") From ec1fefc10c0961796825a03ffa7578011441d0c2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 18:44:36 -0500 Subject: [PATCH 0840/1008] FPE doc updates [ci skip] --- doc/manual/fpe.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst index caa2eb916d..efb85be60f 100644 --- a/doc/manual/fpe.rst +++ b/doc/manual/fpe.rst @@ -22,7 +22,9 @@ might encrypt. For instance, a 16 digit credit card number consists of a 15 digit code plus a 1 digit checksum. So to encrypt a credit card number, you first remove the checksum, encrypt the 15 digit value modulo 10\ :sup:`15`, and then calculate what the checksum is for the -new (ciphertext) number. +new (ciphertext) number. Or, if you were encrypting words in a +dictionary, you could rank the words by their lexicographical order, +and choose the modulus to be the number of words in the dictionary. The interfaces for FE1 are defined in the header ``fpe_fe1.h``: @@ -32,7 +34,7 @@ The interfaces for FE1 are defined in the header ``fpe_fe1.h``: .. cpp:function:: FPE_FE1(const BigInt& n, size_t rounds = 5, \ bool compat_mode = false, \ - std::string mac_algo = "HMAC(SHA-256)"); + std::string mac_algo = "HMAC(SHA-256)") Initialize an FPE operation to encrypt/decrypt integers less than *n*. It is expected that *n* is trially factorable into @@ -74,6 +76,9 @@ These are the original interface to FE1, first added in 1.9.17. However because they do the entire setup cost for each operation, they are significantly slower than the class-based API presented above. +.. warning:: These functions are hardcoded to use 3 rounds, which may be + insufficient depending on the chosen modulus. + .. cpp:function:: BigInt FPE::fe1_encrypt(const BigInt& n, const BigInt& X, \ const SymmetricKey& key, const std::vector& tweak) From 7716c614db6637f692ea6217fecfcbdcd7dc2839 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 19:30:08 -0500 Subject: [PATCH 0841/1008] More CLI tests --- src/scripts/test_cli.py | 90 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 88 insertions(+), 2 deletions(-) diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 48f2e9b438..03651c4f12 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -8,6 +8,7 @@ import time import shutil import tempfile +import re # pylint: disable=global-statement @@ -47,11 +48,15 @@ def test_cli(cmd, cmd_options, expected_output=None, cmd_input=None): fixed_drbg_seed = "802" * 32 + opt_list = [] + if isinstance(cmd_options, str): - cmd_options = cmd_options.split(' ') + opt_list = cmd_options.split(' ') + elif isinstance(cmd_options, list): + opt_list = cmd_options drbg_options = ['--rng-type=drbg', '--drbg-seed=' + fixed_drbg_seed] - cmdline = [CLI_PATH, cmd] + drbg_options + cmd_options + cmdline = [CLI_PATH, cmd] + drbg_options + opt_list stdout = None stderr = None @@ -74,6 +79,13 @@ def test_cli(cmd, cmd_options, expected_output=None, cmd_input=None): return output +def cli_help_tests(): + output = test_cli("help", None, None) + + # Maybe test format somehow?? + if len(output) < 500: + logging.error("Help output seems very short") + def cli_is_prime_tests(): test_cli("is_prime", "5", "5 is probably prime") test_cli("is_prime", "9", "9 is composite") @@ -182,6 +194,16 @@ def cli_key_tests(): shutil.rmtree(tmp_dir) +def cli_psk_db_tests(): + tmp_dir = tempfile.mkdtemp(prefix='botan_cli') + + psk_db = os.path.join(tmp_dir, 'psk.db') + db_key = "909"*32 + + test_cli("psk_set", [psk_db, db_key, "name", "val"], "") + + shutil.rmtree(tmp_dir) + def cli_rng_tests(): test_cli("rng", "10", "D80F88F6ADBE65ACB10C") test_cli("rng", "16", "D80F88F6ADBE65ACB10C3602E67D985B") @@ -206,6 +228,64 @@ def cli_ec_group_info_tests(): test_cli("ec_group_info", "secp256r1", secp256r1_info) test_cli("ec_group_info", "--pem secp256r1", secp256r1_pem) +def cli_cc_enc_tests(): + test_cli("cc_encrypt", ["8028028028028029", "pass"], "4308989841607208") + test_cli("cc_decrypt", ["4308989841607208", "pass"], "8028028028028027") + +def cli_timing_test_tests(): + + timing_tests = ["bleichenbacher", "manger", + "ecdsa", "ecc_mul", "inverse_mod", + "lucky13sec3", "lucky13sec4sha1", + "lucky13sec4sha256", "lucky13sec4sha384"] + + output_re = re.compile('[0-9]+;[0-9];[0-9]+') + + for suite in timing_tests: + output = test_cli("timing_test", [suite, "--measurement-runs=16", "--warmup-runs=3"], None).split('\n') + + for line in output: + if output_re.match(line) is None: + logging.error("Unexpected output in timing_test %s: %s", suite, line) + +def cli_tls_ciphersuite_tests(): + policies = ['default', 'suiteb', 'strict', 'all'] + + versions = ['tls1.0', 'tls1.1', 'tls1.2'] + + ciphersuite_re = re.compile('^[A-Z0-9_]+$') + + for policy in policies: + for version in versions: + + if policy in ['suiteb', 'strict'] and version != 'tls1.2': + continue + + output = test_cli("tls_ciphers", ["--version=" + version, "--policy=" + policy], None).split('\n') + + for line in output: + if ciphersuite_re.match(line) == None: + logging.error("Unexpected ciphersuite line %s", line) + +def cli_speed_tests(): + output = test_cli("speed", ["--msec=1", "--buf-size=64,512", "AES-128"], None).split('\n') + + if len(output) != 4: + logging.error("Unexpected number of lines for AES-128 speed test") + + format_re = re.compile(r'^AES-128 .* buffer size [0-9]+ bytes: [0-9]+\.[0-9]+ MiB\/sec .*\([0-9]+\.[0-9]+ MiB in [0-9]+\.[0-9]+ ms\)') + for line in output: + if format_re.match(line) is None: + logging.error("Unexpected line %s", line) + + output = test_cli("speed", ["--msec=5", "ECDSA", "ECDH"], None).split('\n') + + # ECDSA-secp256r1 106 keygen/sec; 9.35 ms/op 37489733 cycles/op (1 op in 9 ms) + format_re = re.compile(r'^.* [0-9]+ ([a-z ]+)/sec; [0-9]+\.[0-9]+ ms/op .*\([0-9]+ (op|ops) in [0-9]+ ms\)') + for line in output: + if format_re.match(line) is None: + logging.error("Unexpected line %s", line) + def main(args=None): if args is None: args = sys.argv @@ -232,6 +312,7 @@ def main(args=None): CLI_PATH = args[1] start_time = time.time() + cli_help_tests() cli_is_prime_tests() cli_factor_tests() cli_mod_inverse_tests() @@ -244,6 +325,11 @@ def main(args=None): cli_gen_dl_group_tests() cli_ec_group_info_tests() cli_key_tests() + cli_cc_enc_tests() + cli_timing_test_tests() + cli_speed_tests() + cli_tls_ciphersuite_tests() + #cli_psk_db_tests() end_time = time.time() print("Ran %d tests with %d failures in %.02f seconds" % ( From 3f8f440e91b950c2d682f5648a86f55fcb9cdc57 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 10 Mar 2018 20:11:45 -0500 Subject: [PATCH 0842/1008] Lint fixes --- src/scripts/test_cli.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 03651c4f12..10c1d820d8 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -264,7 +264,7 @@ def cli_tls_ciphersuite_tests(): output = test_cli("tls_ciphers", ["--version=" + version, "--policy=" + policy], None).split('\n') for line in output: - if ciphersuite_re.match(line) == None: + if ciphersuite_re.match(line) is None: logging.error("Unexpected ciphersuite line %s", line) def cli_speed_tests(): @@ -273,6 +273,7 @@ def cli_speed_tests(): if len(output) != 4: logging.error("Unexpected number of lines for AES-128 speed test") + # pylint: disable=line-too-long format_re = re.compile(r'^AES-128 .* buffer size [0-9]+ bytes: [0-9]+\.[0-9]+ MiB\/sec .*\([0-9]+\.[0-9]+ MiB in [0-9]+\.[0-9]+ ms\)') for line in output: if format_re.match(line) is None: From 69f3cf822bf53dd53f6c8b8f36cef226b973609d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 11 Mar 2018 06:48:45 -0400 Subject: [PATCH 0843/1008] Fix missing comma - unintended string contatentation --- src/cli/speed.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 90ddafbdfa..80228bcd85 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -654,7 +654,7 @@ class Speed final : public Command "HMAC(SHA-256)", /* Misc */ - "random_prime" + "random_prime", /* pubkey */ "RSA", From 67bff936c1b44baf534007cb210a86dff0690a0f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 11 Mar 2018 06:49:05 -0400 Subject: [PATCH 0844/1008] Remove bogus comment GH #500 --- src/lib/misc/fpe_fe1/fpe_fe1.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.cpp b/src/lib/misc/fpe_fe1/fpe_fe1.cpp index 0ec36363f1..8cd79401cf 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.cpp +++ b/src/lib/misc/fpe_fe1/fpe_fe1.cpp @@ -22,9 +22,6 @@ const size_t MAX_N_BYTES = 128/8; * Factor n into a and b which are as close together as possible. * Assumes n is composed mostly of small factors which is the case for * typical uses of FPE (typically, n is a power of 10) -* -* Want a >= b since the safe number of rounds is 2+log_a(b); if a >= b -* then this is always 3 */ void factor(BigInt n, BigInt& a, BigInt& b) { From 88b65c609f1db6e6df2efca9143a6d03b4eeb291 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 11 Mar 2018 07:01:45 -0400 Subject: [PATCH 0845/1008] Further cli tests --- src/scripts/test_cli.py | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 10c1d820d8..329a512955 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -75,7 +75,10 @@ def test_cli(cmd, cmd_options, expected_output=None, cmd_input=None): if expected_output != None: if output != expected_output: - logging.error("Got unexpected output running cmd %s %s - %s", cmd, cmd_options, output) + logging.error("Got unexpected output running cmd %s %s", cmd, cmd_options) + logging.info("Output lengths %d vs expected %d", len(output), len(expected_output)) + logging.info("Got %s", output) + logging.info("Exp %s", expected_output) return output @@ -267,6 +270,23 @@ def cli_tls_ciphersuite_tests(): if ciphersuite_re.match(line) is None: logging.error("Unexpected ciphersuite line %s", line) +def cli_asn1_tests(): + input_pem = """-----BEGIN BLOB----- +MCACAQUTBnN0cmluZzEGAQH/AgFjBAUAAAAAAAMEAP///w== +-----END BLOB------ +""" + + expected = """d= 0, l= 32: SEQUENCE + d= 1, l= 1: INTEGER 05 + d= 1, l= 6: PRINTABLE STRING string + d= 1, l= 6: SET + d= 2, l= 1: BOOLEAN true + d= 2, l= 1: INTEGER 63 + d= 1, l= 5: OCTET STRING 0000000000 + d= 1, l= 4: BIT STRING FFFFFF""" + + test_cli("asn1print", "--pem -", expected, input_pem) + def cli_speed_tests(): output = test_cli("speed", ["--msec=1", "--buf-size=64,512", "AES-128"], None).split('\n') @@ -279,10 +299,23 @@ def cli_speed_tests(): if format_re.match(line) is None: logging.error("Unexpected line %s", line) - output = test_cli("speed", ["--msec=5", "ECDSA", "ECDH"], None).split('\n') + output = test_cli("speed", ["--msec=1", "ChaCha20", "SHA-256", "HMAC(SHA-256)"], None).split('\n') + + # pylint: disable=line-too-long + format_re = re.compile(r'^.* buffer size [0-9]+ bytes: [0-9]+\.[0-9]+ MiB\/sec .*\([0-9]+\.[0-9]+ MiB in [0-9]+\.[0-9]+ ms\)') + for line in output: + if format_re.match(line) is None: + logging.error("Unexpected line %s", line) + + + pk_algos = ["ECDSA", "ECDH", "SM2", "ECKCDSA", "ECGDSA", + "DH", "DSA", "ElGamal", "Ed25519", "Curve25519", + "NEWHOPE", "McEliece"] + + output = test_cli("speed", ["--msec=5"] + pk_algos, None).split('\n') # ECDSA-secp256r1 106 keygen/sec; 9.35 ms/op 37489733 cycles/op (1 op in 9 ms) - format_re = re.compile(r'^.* [0-9]+ ([a-z ]+)/sec; [0-9]+\.[0-9]+ ms/op .*\([0-9]+ (op|ops) in [0-9]+ ms\)') + format_re = re.compile(r'^.* [0-9]+ ([A-Za-z ]+)/sec; [0-9]+\.[0-9]+ ms/op .*\([0-9]+ (op|ops) in [0-9]+ ms\)') for line in output: if format_re.match(line) is None: logging.error("Unexpected line %s", line) @@ -328,6 +361,7 @@ def main(args=None): cli_key_tests() cli_cc_enc_tests() cli_timing_test_tests() + cli_asn1_tests() cli_speed_tests() cli_tls_ciphersuite_tests() #cli_psk_db_tests() From 86b497e821569ce2eb061720524d982c83b90b97 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 12 Mar 2018 06:41:08 -0400 Subject: [PATCH 0846/1008] Tweaks to force_all_affine --- src/lib/pubkey/ec_group/point_gfp.cpp | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 47ca0527da..587b2a8428 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -463,18 +463,16 @@ void PointGFp::force_all_affine(std::vector& points) secure_vector ws; - std::vector c; - - c.push_back(points[0].m_coord_z); - - BigInt rep_1 = 1; - const CurveGFp& curve = points[0].m_curve; + BigInt rep_1 = 1; curve.to_rep(rep_1, ws); + std::vector c(points.size()); + c[0] = points[0].m_coord_z; + for(size_t i = 1; i != points.size(); ++i) { - c.push_back(curve.mul_to_tmp(c[i-1], points[i].m_coord_z, ws)); + curve.mul(c[i], c[i-1], points[i].m_coord_z, ws); } BigInt s_inv = curve.invert_element(c[c.size()-1], ws); From deb54a47d76a2de8bb9d1faae8f13a31429ba489 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 13 Mar 2018 12:33:25 -0400 Subject: [PATCH 0847/1008] Allow passing workspace to Montgomery_Int Improves DH and RSA by 5-15% depending on param sizes. At larger sizes (3072+) doesn't make much difference since the cost of allocation is relatively small compared to the work. --- src/lib/math/numbertheory/monty.cpp | 138 +++++++++++++++++++----- src/lib/math/numbertheory/monty.h | 31 ++++-- src/lib/math/numbertheory/monty_exp.cpp | 5 +- 3 files changed, 140 insertions(+), 34 deletions(-) diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp index 76575a88c1..6ab847ead9 100644 --- a/src/lib/math/numbertheory/monty.cpp +++ b/src/lib/math/numbertheory/monty.cpp @@ -32,10 +32,13 @@ BigInt Montgomery_Params::inv_mod_p(const BigInt& x) const return ct_inverse_mod_odd_modulus(x, p()); } -BigInt Montgomery_Params::redc(const BigInt& x) const +BigInt Montgomery_Params::redc(const BigInt& x, secure_vector& ws) const { const size_t output_size = 2*m_p_words + 2; - std::vector ws(output_size); + + if(ws.size() < output_size) + ws.resize(output_size); + BigInt z = x; z.grow_to(output_size); @@ -43,14 +46,17 @@ BigInt Montgomery_Params::redc(const BigInt& x) const m_p.data(), m_p_words, m_p_dash, ws.data(), ws.size()); - secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); return z; } -BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y) const +BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y, + secure_vector& ws) const { const size_t output_size = 2*m_p_words + 2; - std::vector ws(output_size); + + if(ws.size() < output_size) + ws.resize(output_size); + BigInt z(BigInt::Positive, output_size); bigint_mul(z.mutable_data(), z.size(), x.data(), x.size(), x.sig_words(), @@ -61,14 +67,16 @@ BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y) const m_p.data(), m_p_words, m_p_dash, ws.data(), ws.size()); - secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); return z; } -BigInt Montgomery_Params::mul(const BigInt& x, const secure_vector& y) const +BigInt Montgomery_Params::mul(const BigInt& x, + const secure_vector& y, + secure_vector& ws) const { const size_t output_size = 2*m_p_words + 2; - std::vector ws(output_size); + if(ws.size() < output_size) + ws.resize(output_size); BigInt z(BigInt::Positive, output_size); bigint_mul(z.mutable_data(), z.size(), @@ -80,14 +88,42 @@ BigInt Montgomery_Params::mul(const BigInt& x, const secure_vector& y) con m_p.data(), m_p_words, m_p_dash, ws.data(), ws.size()); - secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); return z; } -BigInt Montgomery_Params::sqr(const BigInt& x) const +void Montgomery_Params::mul_by(BigInt& x, + const secure_vector& y, + secure_vector& ws) const { const size_t output_size = 2*m_p_words + 2; - std::vector ws(output_size); + + if(ws.size() < 2*output_size) + ws.resize(2*output_size); + + word* z_data = &ws[0]; + word* ws_data = &ws[output_size]; + + bigint_mul(z_data, output_size, + x.data(), x.size(), x.sig_words(), + y.data(), y.size(), y.size(), + ws_data, output_size); + + bigint_monty_redc(z_data, + m_p.data(), m_p_words, m_p_dash, + ws_data, output_size); + + if(x.size() < output_size) + x.grow_to(output_size); + copy_mem(x.mutable_data(), z_data, output_size); + } + +BigInt Montgomery_Params::sqr(const BigInt& x, secure_vector& ws) const + { + const size_t output_size = 2*m_p_words + 2; + + if(ws.size() < output_size) + ws.resize(output_size); + BigInt z(BigInt::Positive, output_size); bigint_sqr(z.mutable_data(), z.size(), @@ -98,16 +134,48 @@ BigInt Montgomery_Params::sqr(const BigInt& x) const m_p.data(), m_p_words, m_p_dash, ws.data(), ws.size()); - secure_scrub_memory(ws.data(), ws.size() * sizeof(word)); return z; } +void Montgomery_Params::square_this(BigInt& x, + secure_vector& ws) const + { + const size_t output_size = 2*m_p_words + 2; + + if(ws.size() < 2*output_size) + ws.resize(2*output_size); + + word* z_data = &ws[0]; + word* ws_data = &ws[output_size]; + + bigint_sqr(z_data, output_size, + x.data(), x.size(), x.sig_words(), + ws_data, output_size); + + bigint_monty_redc(z_data, + m_p.data(), m_p_words, m_p_dash, + ws_data, output_size); + + if(x.size() < output_size) + x.grow_to(output_size); + copy_mem(x.mutable_data(), z_data, output_size); + } + Montgomery_Int::Montgomery_Int(const std::shared_ptr params, const BigInt& v, bool redc_needed) : - m_params(params), - m_v(redc_needed ? m_params->mul(v % m_params->p(), m_params->R2()) : v) - {} + m_params(params) + { + if(redc_needed == false) + { + m_v = v; + } + else + { + secure_vector ws; + m_v = m_params->mul(v % m_params->p(), m_params->R2(), ws); + } + } void Montgomery_Int::fix_size() { @@ -154,7 +222,8 @@ bool Montgomery_Int::is_zero() const BigInt Montgomery_Int::value() const { - return m_params->redc(m_v); + secure_vector ws; + return m_params->redc(m_v, ws); } Montgomery_Int Montgomery_Int::operator+(const Montgomery_Int& other) const @@ -191,36 +260,53 @@ Montgomery_Int& Montgomery_Int::operator-=(const Montgomery_Int& other) Montgomery_Int Montgomery_Int::operator*(const Montgomery_Int& other) const { - return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v), false); + secure_vector ws; + return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v, ws), false); } -Montgomery_Int& Montgomery_Int::operator*=(const Montgomery_Int& other) +Montgomery_Int& Montgomery_Int::mul_by(const Montgomery_Int& other, + secure_vector& ws) { - m_v = m_params->mul(m_v, other.m_v); + m_v = m_params->mul(m_v, other.m_v, ws); return (*this); } -Montgomery_Int& Montgomery_Int::operator*=(const secure_vector& other) +Montgomery_Int& Montgomery_Int::mul_by(const secure_vector& other, + secure_vector& ws) { - m_v = m_params->mul(m_v, other); + m_params->mul_by(m_v, other, ws); + //m_v = m_params->mul(m_v, other, ws); return (*this); } -Montgomery_Int& Montgomery_Int::square_this() +Montgomery_Int& Montgomery_Int::operator*=(const Montgomery_Int& other) + { + secure_vector ws; + return mul_by(other, ws); + } + +Montgomery_Int& Montgomery_Int::operator*=(const secure_vector& other) + { + secure_vector ws; + return mul_by(other, ws); + } + +Montgomery_Int& Montgomery_Int::square_this(secure_vector& ws) { - m_v = m_params->sqr(m_v); + m_params->square_this(m_v, ws); return (*this); } -Montgomery_Int Montgomery_Int::square() const +Montgomery_Int Montgomery_Int::square(secure_vector& ws) const { - const BigInt v = m_params->sqr(m_v); + const BigInt v = m_params->sqr(m_v, ws); return Montgomery_Int(m_params, v, false); } Montgomery_Int Montgomery_Int::multiplicative_inverse() const { - const BigInt iv = m_params->mul(m_params->inv_mod_p(m_v), m_params->R3()); + secure_vector ws; + const BigInt iv = m_params->mul(m_params->inv_mod_p(m_v), m_params->R3(), ws); return Montgomery_Int(m_params, iv, false); } diff --git a/src/lib/math/numbertheory/monty.h b/src/lib/math/numbertheory/monty.h index ea08789e10..137e0b9679 100644 --- a/src/lib/math/numbertheory/monty.h +++ b/src/lib/math/numbertheory/monty.h @@ -68,9 +68,15 @@ class Montgomery_Int final Montgomery_Int& operator*=(const secure_vector& other); - Montgomery_Int square() const; + Montgomery_Int& mul_by(const Montgomery_Int& other, + secure_vector& ws); - Montgomery_Int& square_this(); + Montgomery_Int& mul_by(const secure_vector& other, + secure_vector& ws); + + Montgomery_Int square(secure_vector& ws) const; + + Montgomery_Int& square_this(secure_vector& ws); Montgomery_Int multiplicative_inverse() const; @@ -110,13 +116,26 @@ class Montgomery_Params final size_t p_words() const { return m_p_words; } - BigInt redc(const BigInt& x) const; + BigInt redc(const BigInt& x, + secure_vector& ws) const; + + BigInt mul(const BigInt& x, + const BigInt& y, + secure_vector& ws) const; + + BigInt mul(const BigInt& x, + const secure_vector& y, + secure_vector& ws) const; - BigInt mul(const BigInt& x, const BigInt& y) const; + void mul_by(BigInt& x, + const secure_vector& y, + secure_vector& ws) const; - BigInt mul(const BigInt& x, const secure_vector& y) const; + BigInt sqr(const BigInt& x, + secure_vector& ws) const; - BigInt sqr(const BigInt& x) const; + void square_this(BigInt& x, + secure_vector& ws) const; BigInt inv_mod_p(const BigInt& x) const; diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 6b7af3b09a..6576860448 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -92,19 +92,20 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) cons Montgomery_Int x(m_params, m_params->R1(), false); secure_vector e_bits(m_params->p_words()); + secure_vector ws; for(size_t i = exp_nibbles; i > 0; --i) { for(size_t j = 0; j != m_window_bits; ++j) { - x.square_this(); + x.square_this(ws); } const uint32_t nibble = scalar.get_substring(m_window_bits*(i-1), m_window_bits); const_time_lookup(e_bits, m_g, nibble); - x *= e_bits; + x.mul_by(e_bits, ws); } return x.value(); From e3c05e70379f2ba593724a072aa3d6404eebbe81 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 06:43:49 -0400 Subject: [PATCH 0848/1008] Improve memory handling for PointGFp --- src/lib/math/bigint/bigint.h | 5 -- src/lib/math/mp/mp_karat.cpp | 2 + src/lib/math/mp/mp_monty.cpp | 2 +- src/lib/pubkey/ec_group/curve_gfp.cpp | 32 ++++----- src/lib/pubkey/ec_group/curve_gfp.h | 4 ++ src/lib/pubkey/ec_group/point_gfp.cpp | 97 +++++++++++++++------------ src/lib/pubkey/ec_group/point_gfp.h | 9 ++- src/lib/pubkey/ec_group/point_mul.cpp | 4 +- 8 files changed, 86 insertions(+), 69 deletions(-) diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index c397a7659b..ba17d7ede4 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -383,11 +383,6 @@ class BOTAN_PUBLIC_API(2,0) BigInt final m_reg[i] = w; } - void ensure_capacity(size_t sz) - { - m_reg.reserve(sz); - } - /** * Tests if the sign of the integer is negative * @result true, iff the integer has a negative sign diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index 6fb2176687..e460aaac94 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -326,6 +326,8 @@ void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size) { + clear_mem(z, z_size); + BOTAN_ASSERT(z_size/2 >= x_sw, "Output size is sufficient"); if(x_sw == 1) diff --git a/src/lib/math/mp/mp_monty.cpp b/src/lib/math/mp/mp_monty.cpp index 1994752975..5a28526ff4 100644 --- a/src/lib/math/mp/mp_monty.cpp +++ b/src/lib/math/mp/mp_monty.cpp @@ -109,7 +109,7 @@ void bigint_monty_redc(word z[], ws[2*p_size+1] = word_sub(ws[p_size], 0, &borrow); CT::conditional_copy_mem(borrow, z, ws, ws + (p_size + 1), (p_size + 1)); - clear_mem(z + p_size + 1, z_size - p_size - 1); + clear_mem(z + p_size, z_size - p_size - 2); CT::unpoison(z, z_size); CT::unpoison(p, p_size); diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index e17812ca4d..131f69c70b 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -50,6 +50,8 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr size_t get_p_words() const override { return m_p_words; } + size_t get_ws_size() const override { return 2*m_p_words + 4; } + BigInt invert_element(const BigInt& x, secure_vector& ws) const override; void to_curve_rep(BigInt& x, secure_vector& ws) const override; @@ -102,12 +104,12 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, return; } - const size_t output_size = 2*m_p_words + 2; - ws.resize(2*(m_p_words+2)); + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); + const size_t output_size = 2*m_p_words + 2; if(z.size() < output_size) z.grow_to(output_size); - z.clear(); bigint_mul(z.mutable_data(), z.size(), x.data(), x.size(), x.sig_words(), @@ -131,13 +133,13 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, const size_t x_sw = x.sig_words(); BOTAN_ASSERT(x_sw <= m_p_words, "Input in range"); - const size_t output_size = 2*m_p_words + 2; + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); - ws.resize(2*(m_p_words+2)); + const size_t output_size = 2*m_p_words + 2; if(z.size() < output_size) z.grow_to(output_size); - z.clear(); bigint_sqr(z.mutable_data(), z.size(), x.data(), x.size(), x_sw, @@ -162,6 +164,8 @@ class CurveGFp_NIST : public CurveGFp_Repr size_t get_p_words() const override { return m_p_words; } + size_t get_ws_size() const override { return 2*m_p_words + 4; } + const BigInt& get_a_rep() const override { return m_a; } const BigInt& get_b_rep() const override { return m_b; } @@ -205,14 +209,12 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, return; } - const size_t p_words = get_p_words(); - const size_t output_size = 2*p_words + 2; - - ws.resize(2*(p_words+2)); + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); + const size_t output_size = 2*m_p_words + 2; if(z.size() < output_size) z.grow_to(output_size); - z.clear(); bigint_mul(z.mutable_data(), z.size(), x.data(), x.size(), x.sig_words(), @@ -231,14 +233,12 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, return; } - const size_t p_words = get_p_words(); - const size_t output_size = 2*p_words + 2; - - ws.resize(2*(p_words+2)); + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); + const size_t output_size = 2*m_p_words + 2; if(z.size() < output_size) z.grow_to(output_size); - z.clear(); bigint_sqr(z.mutable_data(), output_size, x.data(), x.size(), x.sig_words(), diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index d9649474bf..2c2d9e6197 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -26,6 +26,8 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr virtual size_t get_p_words() const = 0; + virtual size_t get_ws_size() const = 0; + virtual bool is_one(const BigInt& x) const = 0; /* @@ -96,6 +98,8 @@ class BOTAN_UNSTABLE_API CurveGFp final size_t get_p_words() const { return m_repr->get_p_words(); } + size_t get_ws_size() const { return m_repr->get_ws_size(); } + const BigInt& get_a_rep() const { return m_repr->get_a_rep(); } const BigInt& get_b_rep() const { return m_repr->get_b_rep(); } diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 587b2a8428..6b22f4d01a 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -20,7 +20,7 @@ PointGFp::PointGFp(const CurveGFp& curve) : m_coord_y(1), m_coord_z(0) { - secure_vector monty_ws; + secure_vector monty_ws(m_curve.get_ws_size()); m_curve.to_rep(m_coord_x, monty_ws); m_curve.to_rep(m_coord_y, monty_ws); m_curve.to_rep(m_coord_z, monty_ws); @@ -37,13 +37,19 @@ PointGFp::PointGFp(const CurveGFp& curve, const BigInt& x, const BigInt& y) : if(y <= 0 || y >= curve.get_p()) throw Invalid_Argument("Invalid PointGFp affine y"); - secure_vector monty_ws; + secure_vector monty_ws(m_curve.get_ws_size()); m_curve.to_rep(m_coord_x, monty_ws); m_curve.to_rep(m_coord_y, monty_ws); m_curve.to_rep(m_coord_z, monty_ws); } void PointGFp::randomize_repr(RandomNumberGenerator& rng) + { + secure_vector ws(m_curve.get_ws_size()); + randomize_repr(rng, ws); + } + +void PointGFp::randomize_repr(RandomNumberGenerator& rng, secure_vector& ws) { if(BOTAN_POINTGFP_RANDOMIZE_BLINDING_BITS > 1) { @@ -51,18 +57,31 @@ void PointGFp::randomize_repr(RandomNumberGenerator& rng) while(mask.is_zero()) mask.randomize(rng, BOTAN_POINTGFP_RANDOMIZE_BLINDING_BITS, false); - secure_vector monty_ws; - - m_curve.to_rep(mask, monty_ws); - const BigInt mask2 = m_curve.mul_to_tmp(mask, mask, monty_ws); - const BigInt mask3 = m_curve.mul_to_tmp(mask2, mask, monty_ws); + //m_curve.to_rep(mask, ws); + const BigInt mask2 = m_curve.sqr_to_tmp(mask, ws); + const BigInt mask3 = m_curve.mul_to_tmp(mask2, mask, ws); - m_coord_x = m_curve.mul_to_tmp(m_coord_x, mask2, monty_ws); - m_coord_y = m_curve.mul_to_tmp(m_coord_y, mask3, monty_ws); - m_coord_z = m_curve.mul_to_tmp(m_coord_z, mask, monty_ws); + m_coord_x = m_curve.mul_to_tmp(m_coord_x, mask2, ws); + m_coord_y = m_curve.mul_to_tmp(m_coord_y, mask3, ws); + m_coord_z = m_curve.mul_to_tmp(m_coord_z, mask, ws); } } +namespace { + +inline void resize_ws(std::vector& ws_bn, size_t cap_size) + { + BOTAN_ASSERT(ws_bn.size() >= PointGFp::WORKSPACE_SIZE, + "Expected size for PointGFp workspace"); + + for(size_t i = 0; i != ws_bn.size(); ++i) + if(ws_bn[i].size() < cap_size) + ws_bn[i].get_word_vector().resize(cap_size); + } + + +} + void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) { if(rhs.is_zero()) @@ -78,14 +97,7 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) //BOTAN_ASSERT(rhs.is_affine(), "PointGFp::add_affine requires arg be affine point"); - const BigInt& p = m_curve.get_p(); - - const size_t cap_size = 2*m_curve.get_p_words() + 2; - - BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); - - for(size_t i = 0; i != ws_bn.size(); ++i) - ws_bn[i].ensure_capacity(cap_size); + resize_ws(ws_bn, m_curve.get_ws_size()); secure_vector& ws = ws_bn[0].get_word_vector(); @@ -100,6 +112,8 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) simplified with Z2 = 1 */ + const BigInt& p = m_curve.get_p(); + m_curve.sqr(T3, m_coord_z, ws); // z1^2 m_curve.mul(T4, rhs.m_coord_x, T3, ws); // x2*z1^2 @@ -172,14 +186,7 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) return; } - const BigInt& p = m_curve.get_p(); - - const size_t cap_size = 2*m_curve.get_p_words() + 2; - - BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); - - for(size_t i = 0; i != ws_bn.size(); ++i) - ws_bn[i].ensure_capacity(cap_size); + resize_ws(ws_bn, m_curve.get_ws_size()); secure_vector& ws = ws_bn[0].get_word_vector(); @@ -194,6 +201,8 @@ void PointGFp::add(const PointGFp& rhs, std::vector& ws_bn) https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 */ + const BigInt& p = m_curve.get_p(); + m_curve.sqr(T0, rhs.m_coord_z, ws); // z2^2 m_curve.mul(T1, m_coord_x, T0, ws); // x1*z2^2 m_curve.mul(T3, rhs.m_coord_z, T0, ws); // z2^3 @@ -268,13 +277,7 @@ void PointGFp::mult2(std::vector& ws_bn) return; } - const size_t cap_size = 2*m_curve.get_p_words() + 2; - - BOTAN_ASSERT(ws_bn.size() >= WORKSPACE_SIZE, "Expected size for PointGFp::add workspace"); - for(size_t i = 0; i != ws_bn.size(); ++i) - ws_bn[i].ensure_capacity(cap_size); - - const BigInt& p = m_curve.get_p(); + resize_ws(ws_bn, m_curve.get_ws_size()); secure_vector& ws = ws_bn[0].get_word_vector(); BigInt& T0 = ws_bn[1]; @@ -286,6 +289,7 @@ void PointGFp::mult2(std::vector& ws_bn) /* https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-1986-cc */ + const BigInt& p = m_curve.get_p(); m_curve.sqr(T0, m_coord_y, ws); @@ -443,7 +447,8 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) } //static -void PointGFp::force_all_affine(std::vector& points) +void PointGFp::force_all_affine(std::vector& points, + secure_vector& ws) { if(points.size() <= 1) { @@ -461,9 +466,11 @@ void PointGFp::force_all_affine(std::vector& points) TODO is it really necessary to save all k points in c? */ - secure_vector ws; - const CurveGFp& curve = points[0].m_curve; + + if(ws.size() < curve.get_ws_size()) + ws.resize(curve.get_ws_size()); + BigInt rep_1 = 1; curve.to_rep(rep_1, ws); @@ -477,23 +484,25 @@ void PointGFp::force_all_affine(std::vector& points) BigInt s_inv = curve.invert_element(c[c.size()-1], ws); + BigInt z_inv, z2_inv, z3_inv; + for(size_t i = points.size() - 1; i != 0; i--) { PointGFp& point = points[i]; - const BigInt z_inv = curve.mul_to_tmp(s_inv, c[i-1], ws); + curve.mul(z_inv, s_inv, c[i-1], ws); s_inv = curve.mul_to_tmp(s_inv, point.m_coord_z, ws); - const BigInt z2_inv = curve.sqr_to_tmp(z_inv, ws); - const BigInt z3_inv = curve.mul_to_tmp(z_inv, z2_inv, ws); + curve.sqr(z2_inv, z_inv, ws); + curve.mul(z3_inv, z2_inv, z_inv, ws); point.m_coord_x = curve.mul_to_tmp(point.m_coord_x, z2_inv, ws); point.m_coord_y = curve.mul_to_tmp(point.m_coord_y, z3_inv, ws); point.m_coord_z = rep_1; } - const BigInt z2_inv = curve.sqr_to_tmp(s_inv, ws); - const BigInt z3_inv = curve.mul_to_tmp(s_inv, z2_inv, ws); + curve.sqr(z2_inv, s_inv, ws); + curve.mul(z3_inv, z2_inv, s_inv, ws); points[0].m_coord_x = curve.mul_to_tmp(points[0].m_coord_x, z2_inv, ws); points[0].m_coord_y = curve.mul_to_tmp(points[0].m_coord_y, z3_inv, ws); points[0].m_coord_z = rep_1; @@ -530,11 +539,11 @@ BigInt PointGFp::get_affine_x() const if(is_affine()) return m_curve.from_rep(m_coord_x, monty_ws); - const BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); - const BigInt z2_inv = m_curve.invert_element(z2, monty_ws); + BigInt z2 = m_curve.sqr_to_tmp(m_coord_z, monty_ws); + z2 = m_curve.invert_element(z2, monty_ws); BigInt r; - m_curve.mul(r, m_coord_x, z2_inv, monty_ws); + m_curve.mul(r, m_coord_x, z2, monty_ws); m_curve.from_rep(r, monty_ws); return r; } diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index 81e34c6346..20018fa2fe 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -156,7 +156,8 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final /** * Force all points on the list to affine coordinates */ - static void force_all_affine(std::vector& points); + static void force_all_affine(std::vector& points, + secure_vector& ws); bool is_affine() const; @@ -186,6 +187,12 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ void randomize_repr(RandomNumberGenerator& rng); + /** + * Randomize the point representation + * The actual value (get_affine_x, get_affine_y) does not change + */ + void randomize_repr(RandomNumberGenerator& rng, secure_vector& ws); + /** * Equality operator */ diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 51d083ad28..bd9b0ca82f 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -53,7 +53,7 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b m_T[i].mult2(ws); } - PointGFp::force_all_affine(m_T); + PointGFp::force_all_affine(m_T, ws[0].get_word_vector()); } PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, @@ -83,7 +83,7 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, //if(i % 4 == 3) if(i == 4) { - R.randomize_repr(rng); + R.randomize_repr(rng, ws[0].get_word_vector()); } if(scalar.get_bit(i)) From 072f30e4e6ba0d5006a5e900ee28677e6354206c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 06:48:22 -0400 Subject: [PATCH 0849/1008] Avoid creating a temp here --- src/lib/pubkey/ec_group/curve_gfp.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index 131f69c70b..d841437f35 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -100,7 +100,7 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, { if(x.is_zero() || y.is_zero()) { - z = 0; + z.clear(); return; } @@ -126,7 +126,7 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, { if(x.is_zero()) { - z = 0; + z.clear(); return; } @@ -205,7 +205,7 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, { if(x.is_zero() || y.is_zero()) { - z = 0; + z.clear(); return; } @@ -229,7 +229,7 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, { if(x.is_zero()) { - z = 0; + z.clear(); return; } From ea0ce769791640e883ec4b7f73dcbce4b0399783 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 07:08:10 -0400 Subject: [PATCH 0850/1008] Assume CurveGFp inputs are at most p words long Lets us avoid calling sig_words much of the time. Improves ECDSA 5-7% --- src/lib/pubkey/ec_group/curve_gfp.cpp | 40 ++++++++++++++++++--------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index d841437f35..b57b8d3ef6 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -89,10 +89,18 @@ void CurveGFp_Montgomery::to_curve_rep(BigInt& x, secure_vector& ws) const curve_mul(x, tx, m_r2, ws); } -void CurveGFp_Montgomery::from_curve_rep(BigInt& x, secure_vector& ws) const +void CurveGFp_Montgomery::from_curve_rep(BigInt& z, secure_vector& ws) const { - const BigInt tx = x; - curve_mul(x, tx, 1, ws); + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); + + const size_t output_size = 2*m_p_words + 2; + if(z.size() < output_size) + z.grow_to(output_size); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); } void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, @@ -111,9 +119,12 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, if(z.size() < output_size) z.grow_to(output_size); + const size_t x_words = (x.size() >= m_p_words) ? m_p_words : x.sig_words(); + const size_t y_words = (y.size() >= m_p_words) ? m_p_words : y.sig_words(); + bigint_mul(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), + x.data(), x.size(), x_words, + y.data(), y.size(), y_words, ws.data(), ws.size()); bigint_monty_redc(z.mutable_data(), @@ -130,19 +141,17 @@ void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, return; } - const size_t x_sw = x.sig_words(); - BOTAN_ASSERT(x_sw <= m_p_words, "Input in range"); - if(ws.size() < get_ws_size()) ws.resize(get_ws_size()); const size_t output_size = 2*m_p_words + 2; - if(z.size() < output_size) z.grow_to(output_size); + const size_t x_words = (x.size() >= m_p_words) ? m_p_words : x.sig_words(); + bigint_sqr(z.mutable_data(), z.size(), - x.data(), x.size(), x_sw, + x.data(), x.size(), x_words, ws.data(), ws.size()); bigint_monty_redc(z.mutable_data(), @@ -216,9 +225,12 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, if(z.size() < output_size) z.grow_to(output_size); + const size_t x_words = (x.size() >= m_p_words) ? m_p_words : x.sig_words(); + const size_t y_words = (y.size() >= m_p_words) ? m_p_words : y.sig_words(); + bigint_mul(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), + x.data(), x.size(), x_words, + y.data(), y.size(), y_words, ws.data(), ws.size()); this->redc(z, ws); @@ -240,8 +252,10 @@ void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, if(z.size() < output_size) z.grow_to(output_size); + const size_t x_words = (x.size() >= m_p_words) ? m_p_words : x.sig_words(); + bigint_sqr(z.mutable_data(), output_size, - x.data(), x.size(), x.sig_words(), + x.data(), x.size(), x_words, ws.data(), ws.size()); this->redc(z, ws); From e4487e872877cb13a03974f741744eff847de801 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 08:03:28 -0400 Subject: [PATCH 0851/1008] Add a facility for debug-mode assertions When we want to check something but it is to expensive to do so in normal builds. --- configure.py | 1 + src/build-data/buildh.in | 4 ++++ src/lib/math/numbertheory/monty.cpp | 10 +++++++--- src/lib/pubkey/ec_group/curve_gfp.cpp | 3 +++ src/lib/pubkey/ec_group/point_gfp.cpp | 4 ++-- src/lib/pubkey/ec_group/point_mul.cpp | 4 ++++ src/lib/utils/assert.h | 23 +++++++++++++++++------ 7 files changed, 38 insertions(+), 11 deletions(-) diff --git a/configure.py b/configure.py index 2082025197..678a43e644 100755 --- a/configure.py +++ b/configure.py @@ -1872,6 +1872,7 @@ def join_with_build_dir(path): 'with_valgrind': options.with_valgrind, 'with_openmp': options.with_openmp, + 'with_debug_asserts': options.debug_mode, 'mod_list': sorted([m.basename for m in modules]) } diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index fcdd8e6d6e..b2bc0ea4bf 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -75,6 +75,10 @@ #define BOTAN_TARGET_HAS_OPENMP %{endif} +%{if with_debug_asserts} +#define BOTAN_ENABLE_DEBUG_ASSERTS +%{endif} + /* * Module availability definitions */ diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp index 6ab847ead9..503141ada6 100644 --- a/src/lib/math/numbertheory/monty.cpp +++ b/src/lib/math/numbertheory/monty.cpp @@ -126,8 +126,13 @@ BigInt Montgomery_Params::sqr(const BigInt& x, secure_vector& ws) const BigInt z(BigInt::Positive, output_size); + // assume x.sig_words() is at most p_words + BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words); + + const size_t x_words = (x.size() >= m_p_words) ? m_p_words : x.sig_words(); + bigint_sqr(z.mutable_data(), z.size(), - x.data(), x.size(), x.sig_words(), + x.data(), x.size(), x_words, ws.data(), ws.size()); bigint_monty_redc(z.mutable_data(), @@ -299,8 +304,7 @@ Montgomery_Int& Montgomery_Int::square_this(secure_vector& ws) Montgomery_Int Montgomery_Int::square(secure_vector& ws) const { - const BigInt v = m_params->sqr(m_v, ws); - return Montgomery_Int(m_params, v, false); + return Montgomery_Int(m_params, m_params->sqr(m_v, ws), false); } Montgomery_Int Montgomery_Int::multiplicative_inverse() const diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index b57b8d3ef6..fba9a419c4 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -119,6 +119,9 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, if(z.size() < output_size) z.grow_to(output_size); + BOTAN_DEBUG_ASSERT(x.sig_words() <= m_p_words); + BOTAN_DEBUG_ASSERT(y.sig_words() <= m_p_words); + const size_t x_words = (x.size() >= m_p_words) ? m_p_words : x.sig_words(); const size_t y_words = (y.size() >= m_p_words) ? m_p_words : y.sig_words(); diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 6b22f4d01a..51cb7d1535 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -423,7 +423,7 @@ PointGFp multi_exponentiate(const PointGFp& x, const BigInt& z1, PointGFp operator*(const BigInt& scalar, const PointGFp& point) { - //BOTAN_ASSERT(point.on_the_curve(), "Input is on the curve"); + BOTAN_DEBUG_ASSERT(point.on_the_curve()); const size_t scalar_bits = scalar.bits(); @@ -441,7 +441,7 @@ PointGFp operator*(const BigInt& scalar, const PointGFp& point) if(scalar.is_negative()) R[0].negate(); - //BOTAN_ASSERT(R[0].on_the_curve(), "Output is on the curve"); + BOTAN_DEBUG_ASSERT(R[0].on_the_curve()); return R[0]; } diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index bd9b0ca82f..7b36d3fedb 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -90,6 +90,8 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, R.add_affine(m_T[i], ws); } + BOTAN_DEBUG_ASSERT(R.on_the_curve()); + return R; } @@ -160,6 +162,8 @@ PointGFp PointGFp_Var_Point_Precompute::mul(const BigInt& k, } } + BOTAN_DEBUG_ASSERT(R.on_the_curve()); + return R; } diff --git a/src/lib/utils/assert.h b/src/lib/utils/assert.h index 8211ec262c..d23558cd03 100644 --- a/src/lib/utils/assert.h +++ b/src/lib/utils/assert.h @@ -1,6 +1,6 @@ /* * Runtime assertion checking -* (C) 2010 Jack Lloyd +* (C) 2010,2018 Jack Lloyd * 2017 Simon Warta (Kullo GmbH) * * Botan is released under the Simplified BSD License (see license.txt) @@ -17,11 +17,12 @@ namespace Botan { /** * Called when an assertion fails */ -BOTAN_NORETURN void BOTAN_PUBLIC_API(2,0) assertion_failure(const char* expr_str, - const char* assertion_made, - const char* func, - const char* file, - int line); +BOTAN_NORETURN void BOTAN_PUBLIC_API(2,0) + assertion_failure(const char* expr_str, + const char* assertion_made, + const char* func, + const char* file, + int line); /** * Make an assertion @@ -88,6 +89,16 @@ BOTAN_NORETURN void BOTAN_PUBLIC_API(2,0) assertion_failure(const char* expr_str __LINE__); \ } while(0) +#if defined(BOTAN_ENABLE_DEBUG_ASSERTS) + +#define BOTAN_DEBUG_ASSERT(expr) BOTAN_ASSERT_NOMSG(expr) + +#else + +#define BOTAN_DEBUG_ASSERT(expr) do {} while(0) + +#endif + /** * Mark variable as unused. Takes between 1 and 9 arguments and marks all as unused, * e.g. BOTAN_UNUSED(a); or BOTAN_UNUSED(x, y, z); From cf03866d0c9648b92501e4de2ca62e28ff19af3b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 08:44:24 -0400 Subject: [PATCH 0852/1008] Disable optimizations with coverage builds Seems to be causing problems with lcov --- src/scripts/ci_build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 4fcdac9973..986e3e3817 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -89,7 +89,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro test_cmd = None if target == 'coverage': - flags += ['--with-coverage-info'] + flags += ['--with-coverage-info', '--no-optimization'] if target == 'valgrind': flags += ['--with-valgrind'] test_prefix = ['valgrind', '--error-exitcode=9', '-v', '--leak-check=full', '--show-reachable=yes'] From ea829d5904eeeca3be9a326a25a801526dbb5f7c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 08:44:01 -0400 Subject: [PATCH 0853/1008] Support custom DN entries GH #1490 --- src/lib/asn1/asn1_str.h | 5 +++ src/lib/x509/x509_dn.cpp | 93 ++++++++++++++++------------------------ src/lib/x509/x509_dn.h | 30 +++++++------ src/tests/unit_x509.cpp | 86 +++++++++++++++++++++++++++++++++++-- 4 files changed, 143 insertions(+), 71 deletions(-) diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index 77e2fc145d..9a571561c8 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -26,6 +26,8 @@ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object const std::string& value() const { return m_utf8_str; } + bool empty() const { return m_utf8_str.empty(); } + std::string BOTAN_DEPRECATED("Use value() to get UTF-8 string instead") iso_8859() const; @@ -35,6 +37,9 @@ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object */ static bool is_string_type(ASN1_Tag tag); + bool operator==(const ASN1_String& other) const + { return value() == other.value(); } + explicit ASN1_String(const std::string& utf8 = ""); ASN1_String(const std::string& utf8, ASN1_Tag tag); private: diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index d07344aae9..faeb4543c4 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -40,24 +40,30 @@ X509_DN::X509_DN(const std::multimap& args) void X509_DN::add_attribute(const std::string& type, const std::string& str) { - OID oid = OIDS::lookup(type); - add_attribute(oid, str); + add_attribute(OIDS::lookup(type), str); + } + +void X509_DN::add_attribute(const OID& oid, const std::string& str) + { + add_attribute(oid, ASN1_String(str)); } /* * Add an attribute to a X509_DN */ -void X509_DN::add_attribute(const OID& oid, const std::string& str) +void X509_DN::add_attribute(const OID& oid, const ASN1_String& str) { if(str.empty()) return; auto range = m_dn_info.equal_range(oid); for(auto i = range.first; i != range.second; ++i) - if(i->second.value() == str) + { + if(i->second == str) return; + } - multimap_insert(m_dn_info, oid, ASN1_String(str)); + multimap_insert(m_dn_info, oid, str); m_dn_bits.clear(); } @@ -91,7 +97,11 @@ std::multimap X509_DN::contents() const bool X509_DN::has_field(const std::string& attr) const { - const OID oid = OIDS::lookup(deref_info_field(attr)); + return has_field(OIDS::lookup(deref_info_field(attr))); + } + +bool X509_DN::has_field(const OID& oid) const + { auto range = m_dn_info.equal_range(oid); return (range.first != range.second); } @@ -99,12 +109,16 @@ bool X509_DN::has_field(const std::string& attr) const std::string X509_DN::get_first_attribute(const std::string& attr) const { const OID oid = OIDS::lookup(deref_info_field(attr)); + return get_first_attribute(oid).value(); + } +ASN1_String X509_DN::get_first_attribute(const OID& oid) const + { auto i = m_dn_info.lower_bound(oid); if(i != m_dn_info.end() && i->first == oid) - return i->second.value(); + return i->second; - return ""; + return ASN1_String(); } /* @@ -122,11 +136,6 @@ std::vector X509_DN::get_attribute(const std::string& attr) const return values; } -const std::vector& X509_DN::get_bits() const - { - return m_dn_bits; - } - /* * Deref aliases in a subject/issuer info request */ @@ -201,58 +210,32 @@ bool operator<(const X509_DN& dn1, const X509_DN& dn2) return false; } -namespace { - -/* -* DER encode a RelativeDistinguishedName -*/ -void do_ava(DER_Encoder& encoder, - const std::multimap& dn_info, - ASN1_Tag string_type, const std::string& oid_str, - bool must_exist = false) - { - const OID oid = OIDS::lookup(oid_str); - const bool exists = (dn_info.find(oid) != dn_info.end()); - - if(!exists && must_exist) - throw Encoding_Error("X509_DN: No entry for " + oid_str); - if(!exists) return; - - auto range = dn_info.equal_range(oid); - - for(auto i = range.first; i != range.second; ++i) - { - encoder.start_cons(SET) - .start_cons(SEQUENCE) - .encode(oid) - .encode(ASN1_String(i->second, string_type)) - .end_cons() - .end_cons(); - } - } - -} - /* * DER encode a DistinguishedName */ void X509_DN::encode_into(DER_Encoder& der) const { - auto dn_info = get_attributes(); - der.start_cons(SEQUENCE); if(!m_dn_bits.empty()) + { + /* + If we decoded this from somewhere, encode it back exactly as + we recieved it + */ der.raw_bytes(m_dn_bits); + } else { - do_ava(der, dn_info, PRINTABLE_STRING, "X520.Country"); - do_ava(der, dn_info, DIRECTORY_STRING, "X520.State"); - do_ava(der, dn_info, DIRECTORY_STRING, "X520.Locality"); - do_ava(der, dn_info, DIRECTORY_STRING, "X520.Organization"); - do_ava(der, dn_info, DIRECTORY_STRING, "X520.OrganizationalUnit"); - do_ava(der, dn_info, DIRECTORY_STRING, "X520.CommonName"); - do_ava(der, dn_info, PRINTABLE_STRING, "X520.SerialNumber"); + for(auto dn : m_dn_info) + { + der.start_cons(SET) + .start_cons(SEQUENCE) + .encode(dn.first) + .encode(dn.second) + .end_cons() + .end_cons(); + } } der.end_cons(); @@ -285,7 +268,7 @@ void X509_DN::decode_from(BER_Decoder& source) .decode(str) .end_cons(); - add_attribute(oid, str.value()); + add_attribute(oid, str); } } diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h index 88117a110d..c08bf9e7e0 100644 --- a/src/lib/x509/x509_dn.h +++ b/src/lib/x509/x509_dn.h @@ -1,6 +1,6 @@ /* * X.509 Distinguished Name -* (C) 1999-2010 Jack Lloyd +* (C) 1999-2010,2018 Jack Lloyd * (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) @@ -23,12 +23,27 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object { public: + X509_DN() = default; + explicit X509_DN(const std::multimap& vals); + explicit X509_DN(const std::multimap& vals); + void encode_into(class DER_Encoder&) const override; void decode_from(class BER_Decoder&) override; + const std::multimap& dn_info() const { return m_dn_info; } + + bool has_field(const OID& oid) const; + ASN1_String get_first_attribute(const OID& oid) const; + + /* + * Return the BER encoded data, if any + */ + const std::vector& get_bits() const { return m_dn_bits; } + + bool empty() const { return m_dn_info.empty(); } + bool has_field(const std::string& attr) const; std::vector get_attribute(const std::string& attr) const; - std::string get_first_attribute(const std::string& attr) const; std::multimap get_attributes() const; @@ -36,6 +51,7 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object void add_attribute(const std::string& key, const std::string& val); void add_attribute(const OID& oid, const std::string& val); + void add_attribute(const OID& oid, const ASN1_String& val); static std::string deref_info_field(const std::string& key); @@ -48,16 +64,6 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object */ static size_t lookup_ub(const OID& oid); - /* - * Return the BER encoded data, if any - */ - const std::vector& get_bits() const; - - bool empty() const { return m_dn_info.empty(); } - - X509_DN() = default; - explicit X509_DN(const std::multimap& vals); - explicit X509_DN(const std::multimap& vals); private: std::multimap m_dn_info; std::vector m_dn_bits; diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 94fa953922..cfb84c51a5 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -1208,6 +1208,73 @@ class String_Extension final : public Botan::Certificate_Extension std::string m_contents; }; +Test::Result test_custom_dn_attr(const Botan::Private_Key& ca_key, + const std::string& sig_algo, + const std::string& sig_padding = "", + const std::string& hash_fn = "SHA-256") + { + Test::Result result("X509 Custom DN"); + + /* Create the self-signed cert */ + Botan::X509_Certificate ca_cert = + Botan::X509::create_self_signed_cert(ca_opts(sig_padding), ca_key, hash_fn, Test::rng()); + + /* Create the CA object */ + Botan::X509_CA ca(ca_cert, ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); + + std::unique_ptr user_key(make_a_private_key(sig_algo)); + + Botan::X509_DN subject_dn; + + const Botan::OID attr1(Botan::OID("1.3.6.1.4.1.25258.9.1.1")); + const Botan::OID attr2(Botan::OID("1.3.6.1.4.1.25258.9.1.2")); + const Botan::ASN1_String val1("Custom Attr 1", Botan::PRINTABLE_STRING); + const Botan::ASN1_String val2("12345", Botan::UTF8_STRING); + + subject_dn.add_attribute(attr1, val1); + subject_dn.add_attribute(attr2, val2); + + Botan::Extensions extensions; + + Botan::PKCS10_Request req = + Botan::PKCS10_Request::create(*user_key, + subject_dn, + extensions, + hash_fn, + Test::rng(), + sig_padding); + + Botan::X509_DN req_dn = req.subject_dn(); + + result.test_eq("Expected number of DN entries", req_dn.dn_info().size(), 2); + + Botan::ASN1_String req_val1 = req_dn.get_first_attribute(attr1); + Botan::ASN1_String req_val2 = req_dn.get_first_attribute(attr2); + result.confirm("Attr1 matches encoded", req_val1 == val1); + result.confirm("Attr2 matches encoded", req_val2 == val2); + result.confirm("Attr1 tag matches encoded", req_val1.tagging() == val1.tagging()); + result.confirm("Attr2 tag matches encoded", req_val2.tagging() == val2.tagging()); + + Botan::X509_Time not_before("100301123001Z", Botan::UTC_TIME); + Botan::X509_Time not_after("300301123001Z", Botan::UTC_TIME); + + auto cert = ca.sign_request(req, Test::rng(), not_before, not_after); + + Botan::X509_DN cert_dn = cert.subject_dn(); + + result.test_eq("Expected number of DN entries", cert_dn.dn_info().size(), 2); + + Botan::ASN1_String cert_val1 = cert_dn.get_first_attribute(attr1); + Botan::ASN1_String cert_val2 = cert_dn.get_first_attribute(attr2); + result.confirm("Attr1 matches encoded", cert_val1 == val1); + result.confirm("Attr2 matches encoded", cert_val2 == val2); + result.confirm("Attr1 tag matches encoded", cert_val1.tagging() == val1.tagging()); + result.confirm("Attr2 tag matches encoded", cert_val2.tagging() == val2.tagging()); + + return result; + } + + Test::Result test_x509_extensions(const Botan::Private_Key& ca_key, const std::string& sig_algo, const std::string& sig_padding = "", @@ -1319,14 +1386,14 @@ Test::Result test_hashes(const Botan::Private_Key& key, { "Test Issuer/US/Botan Project/Testing", "Test Subject/US/Botan Project/Testing", - "E2407027922619C0673E0AA59A9CD3673730C36A39F891BCE0806D1DD225A937", - "42A63CB4FCCA81AC6D14D5E209B3156E033B90FF1007216927EA9324BA4EF2DB" + "ACB4F373004A56A983A23EB8F60FA4706312B5DB90FD978574FE7ACC84E093A5", + "87039231C2205B74B6F1F3830A66272C0B41F71894B03AC3150221766D95267B", }, { "Test Subject/US/Botan Project/Testing", "Test Issuer/US/Botan Project/Testing", - "42A63CB4FCCA81AC6D14D5E209B3156E033B90FF1007216927EA9324BA4EF2DB", - "E2407027922619C0673E0AA59A9CD3673730C36A39F891BCE0806D1DD225A937" + "87039231C2205B74B6F1F3830A66272C0B41F71894B03AC3150221766D95267B", + "ACB4F373004A56A983A23EB8F60FA4706312B5DB90FD978574FE7ACC84E093A5", } }; @@ -1433,6 +1500,17 @@ class X509_Cert_Unit_Tests final : public Test extensions_result.test_failure("test_extensions " + algo, e.what()); } results.push_back(extensions_result); + + Test::Result custom_dn_result("X509 Custom DN"); + try + { + custom_dn_result.merge(test_custom_dn_attr(*key, algo, padding_scheme)); + } + catch(std::exception& e) + { + custom_dn_result.test_failure("test_custom_dn_attr " + algo, e.what()); + } + results.push_back(custom_dn_result); } } From d72530334942db2f67cf909cb4a726061ef87003 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 09:13:28 -0400 Subject: [PATCH 0854/1008] Address review comments --- src/lib/x509/x509_dn.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index faeb4543c4..64c1c9a08b 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -221,13 +221,13 @@ void X509_DN::encode_into(DER_Encoder& der) const { /* If we decoded this from somewhere, encode it back exactly as - we recieved it + we received it */ der.raw_bytes(m_dn_bits); } else { - for(auto dn : m_dn_info) + for(const auto& dn : m_dn_info) { der.start_cons(SET) .start_cons(SEQUENCE) From 7a645fd781d70855019bed278ffa80d726962be5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 08:11:24 -0400 Subject: [PATCH 0855/1008] Allow the caller to specify the serial number of a generated cert GH #1489 --- src/lib/x509/x509_ca.cpp | 67 +++++++++++++++++++++++++++++++++------- src/lib/x509/x509_ca.h | 41 ++++++++++++++++++++++++ src/tests/unit_x509.cpp | 7 ++++- 3 files changed, 102 insertions(+), 13 deletions(-) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 294a564d56..19eec12108 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -72,13 +72,11 @@ X509_CA::~X509_CA() /* for unique_ptr */ } -/* -* Sign a PKCS #10 certificate request -*/ -X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, - RandomNumberGenerator& rng, - const X509_Time& not_before, - const X509_Time& not_after) const +namespace { + +Extensions choose_extensions(const PKCS10_Request& req, + const X509_Certificate& ca_cert, + const std::string& hash_fn) { Key_Constraints constraints; if(req.is_CA()) @@ -103,8 +101,8 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions.replace(new Cert_Extension::Key_Usage(constraints), true); } - extensions.replace(new Cert_Extension::Authority_Key_ID(m_ca_cert.subject_key_id())); - extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key(), m_hash_fn)); + extensions.replace(new Cert_Extension::Authority_Key_ID(ca_cert.subject_key_id())); + extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key(), hash_fn)); extensions.replace( new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); @@ -112,6 +110,36 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions.replace( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); + return extensions; + } + +} + +X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, + const BigInt& serial_number, + const X509_Time& not_before, + const X509_Time& not_after) const + { + auto extensions = choose_extensions(req, m_ca_cert, m_hash_fn); + + return make_cert(m_signer.get(), rng, serial_number, + m_ca_sig_algo, req.raw_public_key(), + not_before, not_after, + m_ca_cert.subject_dn(), req.subject_dn(), + extensions); + } + +/* +* Sign a PKCS #10 certificate request +*/ +X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, + const X509_Time& not_before, + const X509_Time& not_after) const + { + auto extensions = choose_extensions(req, m_ca_cert, m_hash_fn); + return make_cert(m_signer.get(), rng, m_ca_sig_algo, req.raw_public_key(), not_before, not_after, @@ -119,11 +147,29 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions); } +X509_Certificate X509_CA::make_cert(PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& sig_algo, + const std::vector& pub_key, + const X509_Time& not_before, + const X509_Time& not_after, + const X509_DN& issuer_dn, + const X509_DN& subject_dn, + const Extensions& extensions) + { + const size_t SERIAL_BITS = 128; + BigInt serial_no(rng, SERIAL_BITS); + + return make_cert(signer, rng, serial_no, sig_algo, pub_key, + not_before, not_after, issuer_dn, subject_dn, extensions); + } + /* * Create a new certificate */ X509_Certificate X509_CA::make_cert(PK_Signer* signer, RandomNumberGenerator& rng, + const BigInt& serial_no, const AlgorithmIdentifier& sig_algo, const std::vector& pub_key, const X509_Time& not_before, @@ -133,9 +179,6 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const Extensions& extensions) { const size_t X509_CERT_VERSION = 3; - const size_t SERIAL_BITS = 128; - - BigInt serial_no(rng, SERIAL_BITS); // clang-format off return X509_Certificate(X509_Object::make_signed( diff --git a/src/lib/x509/x509_ca.h b/src/lib/x509/x509_ca.h index bc5323e5bc..c8ffab69d5 100644 --- a/src/lib/x509/x509_ca.h +++ b/src/lib/x509/x509_ca.h @@ -18,6 +18,7 @@ namespace Botan { +class BigInt; class Private_Key; class PKCS10_Request; class PK_Signer; @@ -41,6 +42,21 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final const X509_Time& not_before, const X509_Time& not_after) const; + /** + * Sign a PKCS#10 Request. + * @param req the request to sign + * @param rng the rng to use + * @param serial_number the serial number the cert will be assigned. + * @param not_before the starting time for the certificate + * @param not_after the expiration time for the certificate + * @return resulting certificate + */ + X509_Certificate sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, + const BigInt& serial_number, + const X509_Time& not_before, + const X509_Time& not_after) const; + /** * Get the certificate of this CA. * @return CA certificate @@ -120,6 +136,31 @@ class BOTAN_PUBLIC_API(2,0) X509_CA final const X509_DN& subject_dn, const Extensions& extensions); + /** + * Interface for creating new certificates + * @param signer a signing object + * @param rng a random number generator + * @param serial_number the serial number the cert will be assigned + * @param sig_algo the signature algorithm identifier + * @param pub_key the serialized public key + * @param not_before the start time of the certificate + * @param not_after the end time of the certificate + * @param issuer_dn the DN of the issuer + * @param subject_dn the DN of the subject + * @param extensions an optional list of certificate extensions + * @returns newly minted certificate + */ + static X509_Certificate make_cert(PK_Signer* signer, + RandomNumberGenerator& rng, + const BigInt& serial_number, + const AlgorithmIdentifier& sig_algo, + const std::vector& pub_key, + const X509_Time& not_before, + const X509_Time& not_after, + const X509_DN& issuer_dn, + const X509_DN& subject_dn, + const Extensions& extensions); + /** * Create a new CA object. * @param ca_certificate the certificate of the CA diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 94fa953922..1a5a6a2cee 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -692,12 +692,17 @@ Test::Result test_x509_cert(const Botan::Private_Key& ca_key, /* Create the CA object */ Botan::X509_CA ca(ca_cert, ca_key, {{"padding",sig_padding}}, hash_fn, Test::rng()); + const BigInt user1_serial = 99; + /* Sign the requests to create the certs */ Botan::X509_Certificate user1_cert = - ca.sign_request(user1_req, Test::rng(), + ca.sign_request(user1_req, Test::rng(), user1_serial, from_date(2008, 01, 01), from_date(2033, 01, 01)); + result.test_eq("User1 serial size matches expected", user1_cert.serial_number().size(), 1); + result.test_eq("User1 serial matches expected", user1_cert.serial_number().at(0), size_t(99)); + Botan::X509_Certificate user2_cert = ca.sign_request(user2_req, Test::rng(), from_date(2008, 01, 01), From c594226ef70a129521386edd7946d741e36f5e70 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 12:24:14 -0400 Subject: [PATCH 0856/1008] Revert cf0386 No optimization builds don't work either because they hit the exec timeout. Try just carrying on even if lcov exits with error status. --- src/scripts/ci_build.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index 986e3e3817..97b7a1cf93 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -89,7 +89,7 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, ro test_cmd = None if target == 'coverage': - flags += ['--with-coverage-info', '--no-optimization'] + flags += ['--with-coverage-info'] if target == 'valgrind': flags += ['--with-valgrind'] test_prefix = ['valgrind', '--error-exitcode=9', '-v', '--leak-check=full', '--show-reachable=yes'] @@ -229,7 +229,9 @@ def run_cmd(cmd, root_dir): if proc.returncode != 0: print("Command failed with error code %d" % (proc.returncode)) - sys.exit(proc.returncode) + + if cmd[0] not in ['lcov']: + sys.exit(proc.returncode) def parse_args(args): """ From 792a2bebf8fd1a4b5813680131267b77d06f6b98 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 13:57:07 -0400 Subject: [PATCH 0857/1008] Update news --- news.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/news.rst b/news.rst index b3a9ac4d14..c667ec9db8 100644 --- a/news.rst +++ b/news.rst @@ -31,6 +31,11 @@ Version 2.5.0, Not Yet Released some common software packages including Golang's standard library. (GH #1480 #1483) +* It is now possible to create DNs with custom components. (GH #1490 #1492) + +* It is now possible to specify the serial number of created certificates, + instead of using the default 128-bit random integer. (GH #1489 #1491) + * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454) From ba8a26f17d921a2c8f757d68aade966beb9ef5f4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 18:58:00 -0400 Subject: [PATCH 0858/1008] Use RtlGenRandom instead of CryptoAPI --- configure.py | 23 ++++--- doc/manual/deprecated.rst | 2 + doc/os.rst | 7 +-- news.rst | 2 + src/build-data/os/mingw.txt | 2 +- src/build-data/os/windows.txt | 2 +- src/build-data/os/winphone.txt | 1 - src/lib/rng/system_rng/info.txt | 11 ++-- src/lib/rng/system_rng/system_rng.cpp | 91 ++++++--------------------- src/lib/utils/dyn_load/dyn_load.cpp | 2 +- 10 files changed, 49 insertions(+), 94 deletions(-) diff --git a/configure.py b/configure.py index 678a43e644..5799e62010 100755 --- a/configure.py +++ b/configure.py @@ -659,7 +659,7 @@ def py_var(group): return group.replace(':', '_') lexer = shlex.shlex(open(infofile), infofile, posix=True) - lexer.wordchars += '|:.<>/,-!+*' # handle various funky chars in info.txt + lexer.wordchars += ':.<>/,-!?+*' # handle various funky chars in info.txt groups = allowed_groups + allowed_maps for group in groups: @@ -937,11 +937,20 @@ def supported_compiler(ccinfo, cc_min_version): return supported_isa_flags(ccinfo, arch) and supported_compiler(ccinfo, cc_min_version) - def dependencies(self): + def dependencies(self, osinfo): # base is an implicit dep for all submodules - deps = self.requires + ['base'] + deps = ['base'] if self.parent_module != None: deps.append(self.parent_module) + + for req in self.requires: + if req.find('?') != -1: + (cond, dep) = req.split('?') + if osinfo is None or cond in osinfo.target_features: + deps.append(dep) + else: + deps.append(req) + return deps def dependencies_exist(self, modules): @@ -950,9 +959,9 @@ def dependencies_exist(self, modules): about any that do not """ - all_deps = [s.split('|') for s in self.dependencies()] + missing = [s for s in self.dependencies(None) if s not in modules] - for missing in [s for s in flatten(all_deps) if s not in modules]: + if missing: logging.error("Module '%s', dep of '%s', does not exist" % ( missing, self.basename)) @@ -1572,7 +1581,7 @@ def _isa_specific_flags(src): if src in module_that_owns: module = module_that_owns[src] isas = module.need_isa - if 'simd' in module.dependencies(): + if 'simd' in module.dependencies(osinfo): isas.append('simd') return cc.get_isa_specific_flags(isas, arch) @@ -2072,7 +2081,7 @@ def resolve_dependencies(available_modules, dependency_table, module, loaded_mod def _modules_dependency_table(self): out = {} for modname in self._modules: - out[modname] = self._modules[modname].dependencies() + out[modname] = self._modules[modname].dependencies(self._osinfo) return out def _resolve_dependencies_for_all_modules(self): diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 05e83e4ed1..c91730cf32 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -36,6 +36,8 @@ in the source. - Platform support for Google Native Client +- Platform support for Windows Phone + - Support for PathScale and HP compilers - TLS: 3DES and SEED ciphersuites diff --git a/doc/os.rst b/doc/os.rst index 2d869138b5..a4edd564bb 100644 --- a/doc/os.rst +++ b/doc/os.rst @@ -34,9 +34,7 @@ A summary of OS features as defined in ``src/build-data/os``. :header: "Feature", "a", "a", "c", "d", "d", "f", "h", "h", "h", "i", "i", "l", "l", "m", "n", "n", "o", "q", "s", "w", "w" "arc4random", " ", " ", " ", "X", "X", "X", " ", " ", " ", " ", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", " " - "clock_gettime", "X", "X", " ", " ", "X", "X", " ", "X", " ", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " - "cryptgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " - "crypto_ng", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" + "clock_gettime", "X", "X", " ", " ", "X", "X", "X", "X", "X", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "dev_random", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "explicit_bzero", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " "filesystem", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", "X", "X", " ", "X", "X", "X", "X", "X", "X" @@ -44,9 +42,10 @@ A summary of OS features as defined in ``src/build-data/os``. "getentropy", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " "posix1", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "proc_fs", "X", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " " + "rtlgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " "rtlsecurezeromemory", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" "security_framework", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " " - "sockets", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", " ", "X", "X", "X", "X", "X", "X" + "sockets", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "stl_filesystem_msvc", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " " "threads", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", "X", "X", "X", "X", "X", "X", "X" "virtual_lock", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " diff --git a/news.rst b/news.rst index c667ec9db8..792ce616c9 100644 --- a/news.rst +++ b/news.rst @@ -86,6 +86,8 @@ Version 2.5.0, Not Yet Released is still maintained by the original author at https://github.com/OlivierJG/botansqlite3 +* Support for Windows Phone is deprecated. + Version 2.4.0, 2018-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index b74aa2d491..bbe17e0840 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -16,7 +16,7 @@ mingw32.* win32 -cryptgenrandom +rtlgenrandom virtual_lock threads diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index 500013897b..db6245a83d 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -19,7 +19,7 @@ doc_dir docs win32 winsock2 -cryptgenrandom +rtlgenrandom rtlsecurezeromemory virtual_lock diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt index bc0179c125..fdeae6783e 100644 --- a/src/build-data/os/winphone.txt +++ b/src/build-data/os/winphone.txt @@ -11,7 +11,6 @@ doc_dir docs win32 winsock2 -crypto_ng rtlsecurezeromemory threads diff --git a/src/lib/rng/system_rng/info.txt b/src/lib/rng/system_rng/info.txt index 8f25bf84c4..4dc5be7587 100644 --- a/src/lib/rng/system_rng/info.txt +++ b/src/lib/rng/system_rng/info.txt @@ -5,12 +5,9 @@ SYSTEM_RNG -> 20141202 dev_random,posix1 arc4random -crypto_ng -cryptgenrandom +rtlgenrandom - -windows -> advapi32.lib -winphone -> bcrypt.lib -mingw -> advapi32 - + +rtlgenrandom?dyn_load + diff --git a/src/lib/rng/system_rng/system_rng.cpp b/src/lib/rng/system_rng/system_rng.cpp index cec3deab18..32dabbe9f6 100644 --- a/src/lib/rng/system_rng/system_rng.cpp +++ b/src/lib/rng/system_rng/system_rng.cpp @@ -1,25 +1,22 @@ /* * System RNG -* (C) 2014,2015,2017 Jack Lloyd +* (C) 2014,2015,2017,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include -#if defined(BOTAN_TARGET_OS_HAS_CRYPTGENRANDOM) - #define NOMINMAX 1 - #define _WINSOCKAPI_ // stop windows.h including winsock.h - #include - #include - -#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG) - #include +#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM) + #include + #define NOMINMAX 1 + #define _WINSOCKAPI_ // stop windows.h including winsock.h + #include #elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM) #include -#else +#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM) #include #include #include @@ -31,82 +28,32 @@ namespace Botan { namespace { -#if defined(BOTAN_TARGET_OS_HAS_CRYPTGENRANDOM) +#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM) class System_RNG_Impl final : public RandomNumberGenerator { public: - System_RNG_Impl() - { - if(!CryptAcquireContext(&m_prov, nullptr, nullptr, - BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE, CRYPT_VERIFYCONTEXT)) - throw Exception("System_RNG failed to acquire crypto provider"); - } - - ~System_RNG_Impl() + System_RNG_Impl() : m_advapi("advapi32.dll") { - ::CryptReleaseContext(m_prov, 0); + // This throws if the function is not found + m_rtlgenrandom = m_advapi.resolve("SystemFunction036"); } void randomize(uint8_t buf[], size_t len) override { - ::CryptGenRandom(m_prov, static_cast(len), buf); - } - - void add_entropy(const uint8_t in[], size_t length) override - { - /* - There is no explicit ConsumeRandom, but all values provided in - the call are incorporated into the state. - */ - std::vector buf(in, in + length); - ::CryptGenRandom(m_prov, static_cast(buf.size()), buf.data()); + if(m_rtlgenrandom(buf, len) == false) + throw Exception("RtlGenRandom failed"); } + void add_entropy(const uint8_t[], size_t) override { /* ignored */ } bool is_seeded() const override { return true; } void clear() override { /* not possible */ } - std::string name() const override { return "cryptoapi"; } + std::string name() const override { return "RtlGenRandom"; } private: - HCRYPTPROV m_prov; - }; + typedef BOOL (*RtlGenRandom_f)(PVOID, ULONG); -#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG) - -class System_RNG_Impl final : public RandomNumberGenerator - { - public: - System_RNG_Impl() - { - NTSTATUS ret = ::BCryptOpenAlgorithmProvider(&m_prov, - BCRYPT_RNG_ALGORITHM, - MS_PRIMITIVE_PROVIDER, 0); - if(ret != STATUS_SUCCESS) - throw Exception("System_RNG failed to acquire crypto provider"); - } - - ~System_RNG_Impl() - { - ::BCryptCloseAlgorithmProvider(m_prov, 0); - } - - void randomize(uint8_t buf[], size_t len) override - { - ::BCryptGenRandom(m_prov, static_cast(buf), static_cast(len), 0); - } - - void add_entropy(const uint8_t in[], size_t length) override - { - /* - There is a flag BCRYPT_RNG_USE_ENTROPY_IN_BUFFER to provide - entropy inputs, but it is ignored in Windows 8 and later. - */ - } - - bool is_seeded() const override { return true; } - void clear() override { /* not possible */ } - std::string name() const override { return "crypto_ng"; } - private: - BCRYPT_ALG_HANDLE m_handle; + Dynamically_Loaded_Library m_advapi; + RtlGenRandom_f m_rtlgenrandom; }; #elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM) @@ -127,7 +74,7 @@ class System_RNG_Impl final : public RandomNumberGenerator std::string name() const override { return "arc4random"; } }; -#else +#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM) // Read a random device diff --git a/src/lib/utils/dyn_load/dyn_load.cpp b/src/lib/utils/dyn_load/dyn_load.cpp index b7f2649ef8..1bbcffbdb5 100644 --- a/src/lib/utils/dyn_load/dyn_load.cpp +++ b/src/lib/utils/dyn_load/dyn_load.cpp @@ -71,7 +71,7 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol) if(!addr) throw Exception("Failed to resolve symbol " + symbol + - " in " + m_lib_name); + " in " + m_lib_name); return addr; } From cfdb729661c6ea3f6fcbbfdc09cf86d0e7cc127c Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 19:06:02 -0400 Subject: [PATCH 0859/1008] Remove PROV_TYPE from build.h --- src/build-data/buildh.in | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index b2bc0ea4bf..d42e85ac42 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -153,6 +153,7 @@ */ #define BOTAN_RNG_DEFAULT_RESEED_INTERVAL 1024 #define BOTAN_RNG_RESEED_POLL_BITS 256 + #define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10) #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50) @@ -174,14 +175,6 @@ * These control the RNG used by the system RNG interface */ #define BOTAN_SYSTEM_RNG_DEVICE "/dev/urandom" -#define BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE PROV_RSA_FULL - -/* -* These paramaters control how many bytes to read from the system -* PRNG, and how long to block if applicable. -* -* Timeout is ignored on Windows as CryptGenRandom doesn't block -*/ #define BOTAN_SYSTEM_RNG_POLL_DEVICES { "/dev/urandom", "/dev/random", "/dev/srandom" } /* @@ -192,10 +185,14 @@ */ #define BOTAN_ENTROPY_PROC_FS_PATH "/proc" +/* +* These paramaters control how many bytes to read from the system +* PRNG, and how long to block if applicable. The timeout only applies +* to reading /dev/urandom and company. +*/ #define BOTAN_SYSTEM_RNG_POLL_REQUEST 64 #define BOTAN_SYSTEM_RNG_POLL_TIMEOUT_MS 20 - /* How many times to read from the RDRAND/RDSEED RNGs. Each read generates 32 bits of output From 84f54b95b2698d71f4f1e6dc333812694bab3903 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Mar 2018 21:17:06 -0400 Subject: [PATCH 0860/1008] Some additional operations on Montgomery_Int Needed for #1432 --- src/lib/math/numbertheory/monty.cpp | 32 +++++++++++++++++++++++++++++ src/lib/math/numbertheory/monty.h | 13 ++++++++++++ 2 files changed, 45 insertions(+) diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp index 503141ada6..41c01abb11 100644 --- a/src/lib/math/numbertheory/monty.cpp +++ b/src/lib/math/numbertheory/monty.cpp @@ -27,6 +27,25 @@ Montgomery_Params::Montgomery_Params(const BigInt& p, m_r3 = mod_p.multiply(m_r1, m_r2); } +Montgomery_Params::Montgomery_Params(const BigInt& p) + { + + if(p.is_negative() || p.is_even()) + throw Invalid_Argument("Montgomery_Params invalid modulus"); + + m_p = p; + m_p_words = m_p.sig_words(); + m_p_dash = monty_inverse(m_p.word_at(0)); + + const BigInt r = BigInt::power_of_2(m_p_words * BOTAN_MP_WORD_BITS); + + Modular_Reducer mod_p(p); + + m_r1 = mod_p.reduce(r); + m_r2 = mod_p.square(m_r1); + m_r3 = mod_p.multiply(m_r1, m_r2); + } + BigInt Montgomery_Params::inv_mod_p(const BigInt& x) const { return ct_inverse_mod_odd_modulus(x, p()); @@ -182,6 +201,19 @@ Montgomery_Int::Montgomery_Int(const std::shared_ptr pa } } +Montgomery_Int::Montgomery_Int(std::shared_ptr params, + const uint8_t bits[], size_t len, + bool redc_needed) : + m_params(params), + m_v(bits, len) + { + if(redc_needed) + { + secure_vector ws; + m_v = m_params->mul(m_v % m_params->p(), m_params->R2(), ws); + } + } + void Montgomery_Int::fix_size() { const size_t p_words = m_params->p_words(); diff --git a/src/lib/math/numbertheory/monty.h b/src/lib/math/numbertheory/monty.h index 137e0b9679..499a4ac918 100644 --- a/src/lib/math/numbertheory/monty.h +++ b/src/lib/math/numbertheory/monty.h @@ -33,6 +33,13 @@ class Montgomery_Int final const BigInt& v, bool redc_needed = true); + /** + * Create a Montgomery_Int + */ + Montgomery_Int(std::shared_ptr params, + const uint8_t bits[], size_t len, + bool redc_needed = true); + bool operator==(const Montgomery_Int& other) const; bool operator!=(const Montgomery_Int& other) const { return (m_v != other.m_v); } @@ -107,6 +114,12 @@ class Montgomery_Params final */ Montgomery_Params(const BigInt& p, const Modular_Reducer& mod_p); + /** + * Initialize a set of Montgomery reduction parameters. These values + * can be shared by all values in a specific Montgomery domain. + */ + Montgomery_Params(const BigInt& p); + const BigInt& p() const { return m_p; } const BigInt& R1() const { return m_r1; } const BigInt& R2() const { return m_r2; } From 16355dfa26222c761b2b35c50e780ad518ccaf3f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 11:15:26 -0400 Subject: [PATCH 0861/1008] Put ISA enabling flags after CXXFLAGS to override as needed See GH #1495 --- src/build-data/makefile.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/build-data/makefile.in b/src/build-data/makefile.in index 994963112a..2039ade4eb 100644 --- a/src/build-data/makefile.in +++ b/src/build-data/makefile.in @@ -114,22 +114,22 @@ fuzzer_corpus_zip: fuzzer_corpus %{for lib_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(SO_OBJ_FLAGS) $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) $(SO_OBJ_FLAGS) $(BUILD_FLAGS) %{isa_flags} %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{endfor} %{for cli_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) $(BUILD_FLAGS) %{isa_flags} %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{endfor} %{for test_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) $(BUILD_FLAGS) %{isa_flags} %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{endfor} %{for fuzzer_build_info} %{obj}: %{src} - $(CXX) %{isa_flags} $(BUILD_FLAGS) %{include_paths} %{dash_c} %{src} %{dash_o}$@ + $(CXX) $(BUILD_FLAGS) %{isa_flags} %{include_paths} %{dash_c} %{src} %{dash_o}$@ %{exe}: %{obj} $(LIBRARIES) $(EXE_LINK_CMD) %{obj} $(EXE_LINKS_TO) %{fuzzer_lib} %{output_to_exe}$@ From 680ac534d5365b7d503340b712df83d3ea8c991f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 12:42:45 -0400 Subject: [PATCH 0862/1008] Add Montgomery multiexponentiation --- src/lib/math/numbertheory/monty.cpp | 6 ++ src/lib/math/numbertheory/monty.h | 3 + src/lib/math/numbertheory/monty_exp.cpp | 77 +++++++++++++++++++++++++ src/lib/math/numbertheory/monty_exp.h | 9 +++ 4 files changed, 95 insertions(+) diff --git a/src/lib/math/numbertheory/monty.cpp b/src/lib/math/numbertheory/monty.cpp index 41c01abb11..33d15de5be 100644 --- a/src/lib/math/numbertheory/monty.cpp +++ b/src/lib/math/numbertheory/monty.cpp @@ -301,6 +301,12 @@ Montgomery_Int Montgomery_Int::operator*(const Montgomery_Int& other) const return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v, ws), false); } +Montgomery_Int Montgomery_Int::mul(const Montgomery_Int& other, + secure_vector& ws) const + { + return Montgomery_Int(m_params, m_params->mul(m_v, other.m_v, ws), false); + } + Montgomery_Int& Montgomery_Int::mul_by(const Montgomery_Int& other, secure_vector& ws) { diff --git a/src/lib/math/numbertheory/monty.h b/src/lib/math/numbertheory/monty.h index 499a4ac918..9f369f1a5e 100644 --- a/src/lib/math/numbertheory/monty.h +++ b/src/lib/math/numbertheory/monty.h @@ -75,6 +75,9 @@ class Montgomery_Int final Montgomery_Int& operator*=(const secure_vector& other); + Montgomery_Int mul(const Montgomery_Int& other, + secure_vector& ws) const; + Montgomery_Int& mul_by(const Montgomery_Int& other, secure_vector& ws); diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 6576860448..6f70ef7c64 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -8,6 +8,7 @@ #include #include +#include #include #include #include @@ -125,5 +126,81 @@ BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, return precomputed_state.exponentiation(k); } +BigInt monty_multi_exp(std::shared_ptr params_p, + const BigInt& x_bn, + const BigInt& z1, + const BigInt& y_bn, + const BigInt& z2) + { + if(z1.is_negative() || z2.is_negative()) + throw Invalid_Argument("multi_exponentiate exponents must be positive"); + + const size_t z_bits = round_up(std::max(z1.bits(), z2.bits()), 2); + + secure_vector ws; + + const Montgomery_Int one(params_p, params_p->R1(), false); + //const Montgomery_Int one(params_p, 1); + + const Montgomery_Int x1(params_p, x_bn); + const Montgomery_Int x2 = x1.square(ws); + const Montgomery_Int x3 = x2.mul(x1, ws); + + const Montgomery_Int y1(params_p, y_bn); + const Montgomery_Int y2 = y1.square(ws); + const Montgomery_Int y3 = y2.mul(y1, ws); + + const Montgomery_Int y1x1 = y1.mul(x1, ws); + const Montgomery_Int y1x2 = y1.mul(x2, ws); + const Montgomery_Int y1x3 = y1.mul(x3, ws); + + const Montgomery_Int y2x1 = y2.mul(x1, ws); + const Montgomery_Int y2x2 = y2.mul(x2, ws); + const Montgomery_Int y2x3 = y2.mul(x3, ws); + + const Montgomery_Int y3x1 = y3.mul(x1, ws); + const Montgomery_Int y3x2 = y3.mul(x2, ws); + const Montgomery_Int y3x3 = y3.mul(x3, ws); + + const Montgomery_Int* M[16] = { + &one, + &x1, // 0001 + &x2, // 0010 + &x3, // 0011 + &y1, // 0100 + &y1x1, + &y1x2, + &y1x3, + &y2, // 1000 + &y2x1, + &y2x2, + &y2x3, + &y3, // 1100 + &y3x1, + &y3x2, + &y3x3 + }; + + Montgomery_Int H = one; + + for(size_t i = 0; i != z_bits; i += 2) + { + if(i > 0) + { + H.square_this(ws); + H.square_this(ws); + } + + const uint8_t z1_b = z1.get_substring(z_bits - i - 2, 2); + const uint8_t z2_b = z2.get_substring(z_bits - i - 2, 2); + + const uint8_t z12 = (4*z2_b) + z1_b; + + H.mul_by(*M[z12], ws); + } + + return H.value(); + } + } diff --git a/src/lib/math/numbertheory/monty_exp.h b/src/lib/math/numbertheory/monty_exp.h index 8c644d221e..6eeec8bb4d 100644 --- a/src/lib/math/numbertheory/monty_exp.h +++ b/src/lib/math/numbertheory/monty_exp.h @@ -32,6 +32,15 @@ monty_precompute(std::shared_ptr params_p, BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, const BigInt& k); +/** +* Return (x^z1 * y^z2) % p +*/ +BigInt monty_multi_exp(std::shared_ptr params_p, + const BigInt& x, + const BigInt& z1, + const BigInt& y, + const BigInt& z2); + } #endif From e11d00a6cb0abb3e29fd1eff4654208a4c423a50 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 12:43:50 -0400 Subject: [PATCH 0863/1008] Add multiexponentation interface to DL_Group --- src/lib/pubkey/dl_group/dl_group.cpp | 8 ++++++++ src/lib/pubkey/dl_group/dl_group.h | 12 +++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index ff8ba37276..9bd9d2462f 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -45,6 +45,9 @@ class DL_Group_Data final return m_mod_p.multiply(x, y); } + std::shared_ptr monty_params() const + { return m_monty_params; } + size_t p_bits() const { return m_p_bits; } size_t p_bytes() const { return (m_p_bits + 7) / 8; } @@ -422,6 +425,11 @@ BigInt DL_Group::multiply_mod_p(const BigInt& x, const BigInt& y) const return data().multiply_mod_p(x, y); } +BigInt DL_Group::multi_exponentiate(const BigInt& x, const BigInt& y, const BigInt& z) const + { + return monty_multi_exp(data().monty_params(), get_g(), x, y, z); + } + BigInt DL_Group::power_g_p(const BigInt& x) const { return data().power_g_p(x); diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index a3dcfbdf07..14ef3c0880 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -166,13 +166,13 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final */ std::vector DER_encode(Format format) const; - /* + /** * Reduce an integer modulo p * @return x % p */ BigInt mod_p(const BigInt& x) const; - /* + /** * Multiply and reduce an integer modulo p * @return (x*y) % p */ @@ -180,12 +180,18 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final BigInt inverse_mod_p(const BigInt& x) const; - /* + /** * Modular exponentiation * @return (g^x) % p */ BigInt power_g_p(const BigInt& x) const; + /** + * Multi-exponentiate + * Return (g^x * y^z) % p + */ + BigInt multi_exponentiate(const BigInt& x, const BigInt& y, const BigInt& z) const; + /** * Return the size of p in bits * Same as get_p().bits() From 8824c2d9f1b15406ae0a800dc5af5f6ce6b60b68 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 12:44:00 -0400 Subject: [PATCH 0864/1008] Avoid using threads in DSA operations For DSA signing using a thread turned out to be purely a pessimization. The single threaded code is faster even on a 4-core machine running Linux (which has very fast thread creation). It would likely be much worse on a single core machine or an OS with slower thread primitives. For DSA verification, use Montgomery multi-exponentiation instead. --- src/lib/pubkey/dsa/dsa.cpp | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index f1d412013e..9249cd0d5b 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -18,10 +18,6 @@ #include #endif -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - #include -#endif - namespace Botan { /* @@ -121,16 +117,8 @@ DSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, const BigInt k = BigInt::random_integer(rng, 1, q); #endif -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - auto future_r = std::async(std::launch::async, - [&]() { return m_mod_q.reduce(m_group.power_g_p(k)); }); - - BigInt s = inverse_mod(k, q); - const BigInt r = future_r.get(); -#else BigInt s = inverse_mod(k, q); const BigInt r = m_mod_q.reduce(m_group.power_g_p(k)); -#endif s = m_mod_q.multiply(s, mul_add(m_x, r, i)); @@ -152,7 +140,6 @@ class DSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA PK_Ops::Verification_with_EMSA(emsa), m_group(dsa.get_group()), m_y(dsa.get_y()), - m_powermod_y_p(m_y, dsa.group_p()), m_mod_q(dsa.group_q()) {} @@ -166,7 +153,6 @@ class DSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA const DL_Group m_group; const BigInt& m_y; - Fixed_Base_Power_Mod m_powermod_y_p; Modular_Reducer m_mod_q; }; @@ -188,18 +174,10 @@ bool DSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, s = inverse_mod(s, q); -#if defined(BOTAN_TARGET_OS_HAS_THREADS) - auto future_s_i = std::async(std::launch::async, - [&]() { return m_group.power_g_p(m_mod_q.multiply(s, i)); }); - - BigInt s_r = m_powermod_y_p(m_mod_q.multiply(s, r)); - BigInt s_i = future_s_i.get(); -#else - BigInt s_r = m_powermod_y_p(m_mod_q.multiply(s, r)); - BigInt s_i = m_group.power_g_p(m_mod_q.multiply(s, i)); -#endif + const BigInt sr = m_mod_q.multiply(s, r); + const BigInt si = m_mod_q.multiply(s, i); - s = m_group.multiply_mod_p(s_i, s_r); + s = m_group.multi_exponentiate(si, m_y, sr); return (m_mod_q.reduce(s) == r); } From 934e2db586832c38f5f0e21ce19dbd5e0ce175b5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 12:56:27 -0400 Subject: [PATCH 0865/1008] Update news --- news.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/news.rst b/news.rst index 792ce616c9..30ae55427e 100644 --- a/news.rst +++ b/news.rst @@ -13,6 +13,8 @@ Version 2.5.0, Not Yet Released * Implement product scanning Montgomery reduction, which improves Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH #1472) +* DSA signing and verification performance has improved by 30-50%. + * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) @@ -40,6 +42,9 @@ Version 2.5.0, Not Yet Released fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454) +* On Windows platforms RtlGenRandom is now used in preference to CryptoAPI + or CryptoNG libraries. (GH #1494) + * Make it possible for PKCS10 requests to include custom extensions. This also makes it possible to use muliple SubjectAlternativeNames of a single type in a request, which was previously not possible. (GH #1429 #1428) From ab87904caa2c7c734da59facea39862e909316e3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 15:29:56 -0400 Subject: [PATCH 0866/1008] In Python module support loading via libbotan-2.so.X soname Needed for distros that ship the main library symlink in the dev package. GH #1497 --- src/python/botan2.py | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/python/botan2.py b/src/python/botan2.py index 07f4b0d012..85bf532352 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -17,7 +17,7 @@ """ import sys -from ctypes import CDLL, POINTER, byref, c_void_p, c_size_t, c_uint32, c_char, c_char_p, create_string_buffer +from ctypes import CDLL, POINTER, byref, c_void_p, c_size_t, c_uint32, c_int, c_char, c_char_p, create_string_buffer from binascii import hexlify from datetime import datetime import time @@ -33,13 +33,28 @@ class BotanException(Exception): # # Module initialization # -if sys.platform == 'darwin': - botan = CDLL('libbotan-2.dylib') # pylint: disable=invalid-name -else: - botan = CDLL('libbotan-2.so') # pylint: disable=invalid-name -if botan.botan_ffi_supports_api(20151015) is False: - raise BotanException("The Botan library does not support the FFI API expected by this version of the Python module") +def load_botan_dll(expected_version): + + possible_dll_names = ['libbotan-2.dylib', 'libbotan-2.so'] + \ + ['libbotan-2.so.%d' % (v) for v in reversed(range(0, 16))] + + for dll_name in possible_dll_names: + try: + dll = CDLL(dll_name) + dll.botan_ffi_supports_api.argtypes = [c_uint32] + dll.botan_ffi_supports_api.restype = c_int + if dll.botan_ffi_supports_api(expected_version) == 1: + return dll + except OSError: + pass + + return None + +botan = load_botan_dll(20150515) # pylint: disable=invalid-name + +if botan is None: + raise BotanException("Could not find a usable Botan shared object library") # # Internal utilities From 5a0598bde3edf9d0a597ad1414722ee8d9cf226f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 15 Mar 2018 17:20:43 -0400 Subject: [PATCH 0867/1008] Fix incorrect return value check --- src/python/botan2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/python/botan2.py b/src/python/botan2.py index 85bf532352..0b591b039e 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -44,7 +44,7 @@ def load_botan_dll(expected_version): dll = CDLL(dll_name) dll.botan_ffi_supports_api.argtypes = [c_uint32] dll.botan_ffi_supports_api.restype = c_int - if dll.botan_ffi_supports_api(expected_version) == 1: + if dll.botan_ffi_supports_api(expected_version) == 0: return dll except OSError: pass From f787047f33d073036883b609d293656510ce8b16 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 16 Mar 2018 12:00:19 -0400 Subject: [PATCH 0868/1008] Add basecase_sqr function Just a simple adaption of the n^2 multiply algorithm, so no performance impact. However makes the difference between squaring and multiply easier to see when profiling. --- src/lib/math/mp/mp_karat.cpp | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/src/lib/math/mp/mp_karat.cpp b/src/lib/math/mp/mp_karat.cpp index e460aaac94..7322b1c4b9 100644 --- a/src/lib/math/mp/mp_karat.cpp +++ b/src/lib/math/mp/mp_karat.cpp @@ -48,6 +48,32 @@ void basecase_mul(word z[], size_t z_size, } } +void basecase_sqr(word z[], size_t z_size, + const word x[], size_t x_size) + { + if(z_size < 2*x_size) + throw Invalid_Argument("basecase_sqr z_size too small"); + + const size_t x_size_8 = x_size - (x_size % 8); + + clear_mem(z, z_size); + + for(size_t i = 0; i != x_size; ++i) + { + const word x_i = x[i]; + + word carry = 0; + + for(size_t j = 0; j != x_size_8; j += 8) + carry = word8_madd3(z + i + j, x + j, x_i, carry); + + for(size_t j = x_size_8; j != x_size; ++j) + z[i+j] = word_madd3(x[j], x_i, z[i+j], &carry); + + z[x_size+i] = carry; + } + } + /* * Karatsuba Multiplication Operation */ @@ -133,7 +159,7 @@ void karatsuba_sqr(word z[], const word x[], size_t N, word workspace[]) else if(N == 16) return bigint_comba_sqr16(z, x); else - return basecase_mul(z, 2*N, x, N, x, N); + return basecase_sqr(z, 2*N, x, N); } const size_t N2 = N / 2; @@ -356,7 +382,7 @@ void bigint_sqr(word z[], size_t z_size, } else if(x_size < KARATSUBA_SQUARE_THRESHOLD || !workspace) { - basecase_mul(z, z_size, x, x_sw, x, x_sw); + basecase_sqr(z, z_size, x, x_sw); } else { @@ -365,7 +391,7 @@ void bigint_sqr(word z[], size_t z_size, if(N && z_size >= 2*N && ws_size >= 2*N) karatsuba_sqr(z, x, N, workspace); else - basecase_mul(z, z_size, x, x_sw, x, x_sw); + basecase_sqr(z, z_size, x, x_sw); } } From 6c8ffb4d2ee1f762804fc8d6a90a3d1761462503 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 16 Mar 2018 12:01:01 -0400 Subject: [PATCH 0869/1008] Catch exceptions by reference not value Fixes a new warning in GCC 8 --- src/lib/kdf/prf_tls/prf_tls.cpp | 2 +- src/lib/pk_pad/emsa1/emsa1.cpp | 28 +++++++++++----------------- src/lib/pubkey/ec_group/ec_group.cpp | 2 +- src/lib/tls/tls_record.cpp | 2 +- src/tests/test_cryptobox.cpp | 4 ++-- src/tests/test_keywrap.cpp | 2 +- src/tests/test_utils.cpp | 2 +- 7 files changed, 18 insertions(+), 24 deletions(-) diff --git a/src/lib/kdf/prf_tls/prf_tls.cpp b/src/lib/kdf/prf_tls/prf_tls.cpp index 69383e98e0..d914df77e8 100644 --- a/src/lib/kdf/prf_tls/prf_tls.cpp +++ b/src/lib/kdf/prf_tls/prf_tls.cpp @@ -29,7 +29,7 @@ void P_hash(uint8_t out[], size_t out_len, { mac.set_key(secret, secret_len); } - catch(Invalid_Key_Length) + catch(Invalid_Key_Length&) { throw Internal_Error("The premaster secret of " + std::to_string(secret_len) + diff --git a/src/lib/pk_pad/emsa1/emsa1.cpp b/src/lib/pk_pad/emsa1/emsa1.cpp index b4391b48d4..66d8ec8520 100644 --- a/src/lib/pk_pad/emsa1/emsa1.cpp +++ b/src/lib/pk_pad/emsa1/emsa1.cpp @@ -77,29 +77,23 @@ bool EMSA1::verify(const secure_vector& input, const secure_vector& raw, size_t key_bits) { - try { - if(raw.size() != m_hash->output_length()) - throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + if(raw.size() != m_hash->output_length()) + return false; - // Call emsa1_encoding to handle any required bit shifting - const secure_vector our_coding = emsa1_encoding(raw, key_bits); + // Call emsa1_encoding to handle any required bit shifting + const secure_vector our_coding = emsa1_encoding(raw, key_bits); - if(our_coding.size() < input.size()) - return false; + if(our_coding.size() < input.size()) + return false; - const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above + const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above - // If our encoding is longer, all the bytes in it must be zero - for(size_t i = 0; i != offset; ++i) - if(our_coding[i] != 0) + // If our encoding is longer, all the bytes in it must be zero + for(size_t i = 0; i != offset; ++i) + if(our_coding[i] != 0) return false; - return constant_time_compare(input.data(), &our_coding[offset], input.size()); - } - catch(Invalid_Argument) - { - return false; - } + return constant_time_compare(input.data(), &our_coding[offset], input.size()); } AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key, diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index ccf1969d22..50a4d85c70 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -319,7 +319,7 @@ EC_Group::EC_Group(const std::string& str) if(oid.empty() == false) m_data = ec_group_data().lookup(oid); } - catch(Invalid_OID) + catch(Invalid_OID&) { } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 8c86ef3c70..8997c319ae 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -476,7 +476,7 @@ size_t read_dtls_record(secure_vector& readbuf, *rec.get_type(), *cs); } - catch(std::exception) + catch(std::exception&) { readbuf.clear(); *rec.get_type() = NO_RECORD; diff --git a/src/tests/test_cryptobox.cpp b/src/tests/test_cryptobox.cpp index 6d1d22314d..5e7fcf08ad 100644 --- a/src/tests/test_cryptobox.cpp +++ b/src/tests/test_cryptobox.cpp @@ -52,11 +52,11 @@ class Cryptobox_Tests final : public Test Botan::CryptoBox::decrypt(corrupted, password); result.test_failure("Decrypted corrupted cryptobox message"); } - catch(Botan::Decoding_Error) + catch(Botan::Decoding_Error&) { result.test_success("Rejected corrupted cryptobox message"); } - catch(Botan::Invalid_Argument) + catch(Botan::Invalid_Argument&) { result.test_success("Rejected corrupted cryptobox message"); } diff --git a/src/tests/test_keywrap.cpp b/src/tests/test_keywrap.cpp index a5b216562b..de63d8067a 100644 --- a/src/tests/test_keywrap.cpp +++ b/src/tests/test_keywrap.cpp @@ -160,7 +160,7 @@ class NIST_Keywrap_Invalid_Tests final : public Text_Based_Test result.test_failure("Was able to unwrap invalid keywrap input"); } - catch(Botan::Integrity_Failure) + catch(Botan::Integrity_Failure&) { result.test_success("Rejected invalid input"); } diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index c17acac57a..5f3502ebaa 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -51,7 +51,7 @@ class Utility_Function_Tests final : public Text_Based_Test Botan::round_up(x, 0); result.test_failure("round_up did not reject invalid input"); } - catch(std::exception) {} + catch(std::exception&) {} } else if(algo == "round_down") { From 0ebad384ee8f5933b76438724394e66a668c4dfc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 16 Mar 2018 12:47:13 -0400 Subject: [PATCH 0870/1008] Avoid a problematic construct for AltiVec byteswap Seems to cause problems with GCC 8 on ppc64le. GH #1498 --- src/lib/utils/simd/simd_32.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/lib/utils/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index 304ac72e1b..d1f3b8510b 100644 --- a/src/lib/utils/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h @@ -583,9 +583,14 @@ class SIMD_4x32 final #elif defined(BOTAN_SIMD_USE_ALTIVEC) - __vector unsigned char perm = vec_lvsl(0, static_cast(nullptr)); - perm = vec_xor(perm, vec_splat_u8(3)); - return SIMD_4x32(vec_perm(m_vmx, m_vmx, perm)); + union { + __vector unsigned int V; + uint32_t R[4]; + } vec; + + vec.V = m_vmx; + bswap_4(vec.R); + return SIMD_4x32(vec.V); #elif defined(BOTAN_SIMD_USE_NEON) From b19cc5cd3cd650494ccc8073514d8ce48683650e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 17 Mar 2018 11:54:52 -0400 Subject: [PATCH 0871/1008] Avoid calling run() on SIMD tests if SIMD instructions not available. Problem is the same flag that enables the intrinsics also gives the compiler a free hand to emit same instructions for everything including function preambles. So on systems without SSE2/NEON/etc, even jumping to the test briefly causes a crash because GCC emits SIMD instructions for things other than our intrinsics. GH #1495 --- src/tests/test_runner.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 321a1e1da9..65206b4f15 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -10,6 +10,7 @@ #include #include #include +#include namespace Botan_Tests { @@ -249,7 +250,11 @@ size_t Test_Runner::run_tests(const std::vector& tests_to_run, try { - if(Test* test = Test::get_test(test_name)) + if(test_name == "simd_32" && Botan::CPUID::has_simd_32() == false) + { + results.push_back(Test::Result::Note(test_name, "SIMD not available on this platform")); + } + else if(Test* test = Test::get_test(test_name)) { std::vector test_results = test->run(); results.insert(results.end(), test_results.begin(), test_results.end()); From 4b6b6912cc5c0381790a2232b5580e32689f28a2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 17 Mar 2018 12:27:20 -0400 Subject: [PATCH 0872/1008] Update news --- news.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/news.rst b/news.rst index 30ae55427e..b663fbd602 100644 --- a/news.rst +++ b/news.rst @@ -70,6 +70,13 @@ Version 2.5.0, Not Yet Released * Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392) +* Resolve an issue that would cause a crash in the tests if they were run on + a machine without SSE2/NEON/VMX instructions. (GH #1495) + +* The Python module now tries to load DLLs from a list of names and + uses the first one which successfully loads and indicates it + supports the desired API level. (GH #1497) + * Various minor optimizations for SHA-3 (GH #1433 #1434) * The output of ``botan --help`` has been improved (GH #1387) From 6b7f910932edf6c0b97a25b70ccb268020975a12 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 17 Mar 2018 12:27:48 -0400 Subject: [PATCH 0873/1008] Avoid unused arg warning in PowerPC CPUID code --- src/lib/utils/cpuid/cpuid_ppc.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/utils/cpuid/cpuid_ppc.cpp b/src/lib/utils/cpuid/cpuid_ppc.cpp index d73912b86a..43b6847852 100644 --- a/src/lib/utils/cpuid/cpuid_ppc.cpp +++ b/src/lib/utils/cpuid/cpuid_ppc.cpp @@ -35,6 +35,8 @@ namespace Botan { */ uint64_t CPUID::detect_cpu_features(size_t* cache_line_size) { + BOTAN_UNUSED(cache_line_size); + #if defined(BOTAN_TARGET_OS_IS_DARWIN) || defined(BOTAN_TARGET_OS_IS_OPENBSD) // On Darwin/OS X and OpenBSD, use sysctl From 004fd08a07452c6cf45fa96071a246ec2e30fcf4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 17 Mar 2018 12:28:06 -0400 Subject: [PATCH 0874/1008] Avoid creating stringstream unless needed in version check --- src/lib/utils/version.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/utils/version.cpp b/src/lib/utils/version.cpp index d04856d37b..ccf83bf6cb 100644 --- a/src/lib/utils/version.cpp +++ b/src/lib/utils/version.cpp @@ -77,16 +77,16 @@ std::string runtime_version_check(uint32_t major, uint32_t minor, uint32_t patch) { - std::ostringstream oss; - if(major != version_major() || minor != version_minor() || patch != version_patch()) { + std::ostringstream oss; oss << "Warning: linked version (" << short_version_string() << ")" << " does not match version built against " << "(" << major << '.' << minor << '.' << patch << ")\n"; + return oss.str(); } - return oss.str(); + return ""; } } From 7e82d498da8a9da71f02a9d110c33c419cdc9b10 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 17 Mar 2018 12:28:32 -0400 Subject: [PATCH 0875/1008] Fix CPUID::has_cpuid_bit It would return true if any bits were set instead of if all the bits were set. It is only currently called with a single bit but that might change in the future. --- src/lib/utils/cpuid/cpuid.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/utils/cpuid/cpuid.h b/src/lib/utils/cpuid/cpuid.h index f37063a998..4c0f1668bc 100644 --- a/src/lib/utils/cpuid/cpuid.h +++ b/src/lib/utils/cpuid/cpuid.h @@ -278,7 +278,9 @@ class BOTAN_PUBLIC_API(2,1) CPUID final { if(g_processor_features == 0) initialize(); - return ((g_processor_features & static_cast(elem)) != 0); + + const uint64_t elem64 = static_cast(elem); + return ((g_processor_features & elem64) == elem64); } static std::vector bit_from_string(const std::string& tok); From c500d34e8679bd06e01ce6d1ca5467cc7e0e8d0e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 17 Mar 2018 12:39:48 -0400 Subject: [PATCH 0876/1008] Fix warning in new pylint It doesn't like slicing using a ctypes integer as index: Slice index is not an int, None, or instance with __index__ --- src/python/botan2.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/python/botan2.py b/src/python/botan2.py index 0b591b039e..18125a4b61 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -73,7 +73,7 @@ def _call_fn_returning_vec(guess, fn): raise BotanException("Call failed: %d" % (rc)) assert buf_len.value <= len(buf) - return buf.raw[0:buf_len.value] + return buf.raw[0:int(buf_len.value)] def _call_fn_returning_string(guess, fn): # Assumes that anything called with this is returning plain ASCII strings @@ -319,7 +319,7 @@ def _update(self, txt, final): # buffering not supported yet assert inp_consumed.value == inp_sz.value - return out.raw[0:out_written.value] + return out.raw[0:int(out_written.value)] def update(self, txt): return self._update(txt, False) @@ -341,7 +341,7 @@ def bcrypt(passwd, rng_instance, work_factor=10): rng_instance.rng, c_size_t(work_factor), flags) if rc != 0: raise BotanException('botan bcrypt failed, error %s' % (rc)) - b = out.raw[0:out_len.value-1] + b = out.raw[0:int(out_len.value)-1] if b[-1] == '\x00': b = b[:-1] return b @@ -379,7 +379,7 @@ def kdf(algo, secret, out_len, salt, label): out_sz = c_size_t(out_len) botan.botan_kdf(_ctype_str(algo), out_buf, out_sz, secret, len(secret), salt, len(salt), label, len(label)) - return out_buf.raw[0:out_sz.value] + return out_buf.raw[0:int(out_sz.value)] # # Public and private keys @@ -416,7 +416,7 @@ def fingerprint(self, hash_algorithm='SHA-256'): buf_len = c_size_t(n) botan.botan_pubkey_fingerprint(self.pubkey, _ctype_str(hash_algorithm), buf, byref(buf_len)) - return _hex_encode(buf[0:buf_len.value]) + return _hex_encode(buf[0:int(buf_len.value)]) class private_key(object): # pylint: disable=invalid-name def __init__(self, alg, param, rng_instance): @@ -463,7 +463,7 @@ def export(self): if rc != 0: buf = create_string_buffer(buf_len.value) botan.botan_privkey_export(self.privkey, buf, byref(buf_len)) - return buf[0:buf_len.value] + return buf[0:int(buf_len.value)] class pk_op_encrypt(object): # pylint: disable=invalid-name def __init__(self, key, padding): @@ -493,7 +493,7 @@ def encrypt(self, msg, rng_instance): # ll = c_size_t(ll) botan.botan_pk_op_encrypt(self.op, rng_instance.rng, outbuf, byref(outbuf_sz), msg, ll) #print("encrypt: outbuf_sz.value=%d" % outbuf_sz.value) - return outbuf.raw[0:outbuf_sz.value] + return outbuf.raw[0:int(outbuf_sz.value)] class pk_op_decrypt(object): # pylint: disable=invalid-name @@ -518,7 +518,7 @@ def decrypt(self, msg): outbuf = create_string_buffer(outbuf_sz.value) ll = len(msg) botan.botan_pk_op_decrypt(self.op, outbuf, byref(outbuf_sz), _ctype_bits(msg), ll) - return outbuf.raw[0:outbuf_sz.value] + return outbuf.raw[0:int(outbuf_sz.value)] class pk_op_sign(object): # pylint: disable=invalid-name def __init__(self, key, padding): @@ -542,7 +542,7 @@ def finish(self, rng_instance): outbuf_sz = c_size_t(4096) #?!?! outbuf = create_string_buffer(outbuf_sz.value) botan.botan_pk_op_sign_finish(self.op, rng_instance.rng, outbuf, byref(outbuf_sz)) - return outbuf.raw[0:outbuf_sz.value] + return outbuf.raw[0:int(outbuf_sz.value)] class pk_op_verify(object): # pylint: disable=invalid-name def __init__(self, key, padding): From 5fbf9b47d581a61702088d57213c0ee44c3fc1af Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Mar 2018 10:33:52 -0400 Subject: [PATCH 0877/1008] Avoid code that triggers problems under GCC 8 GH #1498 --- src/lib/utils/simd/simd_32.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index d1f3b8510b..d7316ee012 100644 --- a/src/lib/utils/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h @@ -590,7 +590,7 @@ class SIMD_4x32 final vec.V = m_vmx; bswap_4(vec.R); - return SIMD_4x32(vec.V); + return SIMD_4x32(vec.R[0], vec.R[1], vec.R[2], vec.R[3]); #elif defined(BOTAN_SIMD_USE_NEON) From 67652aed9d0240dfee628a9a67f204d468df90d4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 18 Mar 2018 11:10:23 -0400 Subject: [PATCH 0878/1008] Fix --disable-{neon,sse2,altivec} for simd_32 users Using --disable-neon was not effective because simd_32 users had special logic that would still enable it. --- configure.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/configure.py b/configure.py index 5799e62010..ec2f4abdb8 100755 --- a/configure.py +++ b/configure.py @@ -1105,12 +1105,14 @@ def isa_flags_for(self, isa, arch): return self.isa_flags[arch_isa] return None - def get_isa_specific_flags(self, isas, arch): + def get_isa_specific_flags(self, isas, arch, options): flags = set() def simd32_impl(): for simd_isa in ['sse2', 'altivec', 'neon']: - if simd_isa in arch.isa_extensions and self.isa_flags_for(simd_isa, arch.basename): + if simd_isa in arch.isa_extensions and \ + simd_isa not in options.disable_intrinsics and \ + self.isa_flags_for(simd_isa, arch.basename): return simd_isa return None @@ -1563,7 +1565,7 @@ def remove_dups(parts): name = name.replace('.cpp', obj_suffix) yield os.path.join(obj_dir, name) -def generate_build_info(build_paths, modules, cc, arch, osinfo): +def generate_build_info(build_paths, modules, cc, arch, osinfo, options): # pylint: disable=too-many-locals # first create a map of src_file->owning module @@ -1576,7 +1578,7 @@ def generate_build_info(build_paths, modules, cc, arch, osinfo): def _isa_specific_flags(src): if os.path.basename(src) == 'test_simd.cpp': - return cc.get_isa_specific_flags(['simd'], arch) + return cc.get_isa_specific_flags(['simd'], arch, options) if src in module_that_owns: module = module_that_owns[src] @@ -1584,11 +1586,11 @@ def _isa_specific_flags(src): if 'simd' in module.dependencies(osinfo): isas.append('simd') - return cc.get_isa_specific_flags(isas, arch) + return cc.get_isa_specific_flags(isas, arch, options) if src.startswith('botan_all_'): isas = src.replace('botan_all_', '').replace('.cpp', '').split('_') - return cc.get_isa_specific_flags(isas, arch) + return cc.get_isa_specific_flags(isas, arch, options) return '' @@ -2914,7 +2916,7 @@ def link_headers(headers, visibility, directory): build_paths.lib_sources = amalg_cpp_files template_vars['generated_files'] = ' '.join(amalg_cpp_files + amalg_headers) - template_vars.update(generate_build_info(build_paths, using_mods, cc, arch, osinfo)) + template_vars.update(generate_build_info(build_paths, using_mods, cc, arch, osinfo, options)) with open(os.path.join(build_paths.build_dir, 'build_config.json'), 'w') as f: json.dump(template_vars, f, sort_keys=True, indent=2) From 8f70c83e0c5322e071686e9f6d862d7a7b6f16f8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 10:00:40 -0400 Subject: [PATCH 0879/1008] Add back Coverity badge [ci skip] --- readme.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/readme.rst b/readme.rst index 3fcbcf074c..3641a22d71 100644 --- a/readme.rst +++ b/readme.rst @@ -68,6 +68,10 @@ external build systems, see the manual for details. :target: https://codecov.io/github/randombit/botan :alt: Code coverage report +.. image:: https://scan.coverity.com/projects/624/badge.svg + :target: https://scan.coverity.com/projects/624 + :alt: Coverity results + .. image:: https://sonarcloud.io/api/project_badges/measure?project=botan&metric=ncloc :target: https://sonarcloud.io/dashboard/index/botan :alt: Sonarcloud analysis From 74447948b5a767ca038049f97ebd0bcf020e0760 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 10:33:04 -0400 Subject: [PATCH 0880/1008] Avoid throwing out of destructor This can't really happen but could in Coverity's mind. --- src/cli/speed.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 80228bcd85..01e41e3239 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -163,7 +163,11 @@ class Timer final } ~Timer_Scope() { - m_timer.stop(); + try + { + m_timer.stop(); + } + catch(...) {} } private: Timer& m_timer; From d76d6711cf61c6b690d8c0fa7d69616c2645ce52 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 12:33:06 -0400 Subject: [PATCH 0881/1008] Use a better algorithm for base point multiplies Nothing very clever, just store P^i,2*P^i,3*P^i in a table so we can do two bits of the scalar at a time. Improves ECDSA sign by 20-30% --- news.rst | 2 +- src/lib/pubkey/ec_group/point_mul.cpp | 33 +++++++++++++++++++-------- src/lib/pubkey/ec_group/point_mul.h | 1 + 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/news.rst b/news.rst index b663fbd602..6fb14a128c 100644 --- a/news.rst +++ b/news.rst @@ -6,7 +6,7 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) -* Many optimizations in ECC operations. ECDSA signatures are 6-8 times faster. +* Many optimizations in ECC operations. ECDSA signatures are 8-10 times faster. ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times faster. (GH #1457 #1478) diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 7b36d3fedb..487fb9884d 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -43,14 +43,24 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b * the size of the prime modulus. In all cases they are at most 1 bit * longer. The +1 compensates for this. */ - const size_t T_bits = p_bits + PointGFp_SCALAR_BLINDING_BITS + 1; + m_T_bits = round_up(p_bits + PointGFp_SCALAR_BLINDING_BITS + 1, 2); - m_T.push_back(base); + m_T.resize(3*m_T_bits); - for(size_t i = 1; i != T_bits; ++i) + m_T[0] = base; + m_T[1] = m_T[0]; + m_T[1].mult2(ws); + m_T[2] = m_T[1]; + m_T[2].add(m_T[0], ws); + + for(size_t i = 1; i != m_T_bits; ++i) { - m_T.push_back(m_T[i-1]); - m_T[i].mult2(ws); + m_T[3*i+0] = m_T[3*i - 2]; + m_T[3*i+0].mult2(ws); + m_T[3*i+1] = m_T[3*i+0]; + m_T[3*i+1].mult2(ws); + m_T[3*i+2] = m_T[3*i+1]; + m_T[3*i+2].add(m_T[3*i+0], ws); } PointGFp::force_all_affine(m_T, ws[0].get_word_vector()); @@ -70,7 +80,7 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, const size_t scalar_bits = scalar.bits(); - BOTAN_ASSERT(scalar_bits <= m_T.size(), + BOTAN_ASSERT(scalar_bits <= m_T_bits, "Precomputed sufficient values for scalar mult"); PointGFp R = m_T[0].zero(); @@ -78,16 +88,19 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, if(ws.size() < PointGFp::WORKSPACE_SIZE) ws.resize(PointGFp::WORKSPACE_SIZE); - for(size_t i = 0; i != scalar_bits; ++i) + size_t windows = round_up(scalar_bits, 2) / 2; + + for(size_t i = 0; i != windows; ++i) { - //if(i % 4 == 3) if(i == 4) { R.randomize_repr(rng, ws[0].get_word_vector()); } - if(scalar.get_bit(i)) - R.add_affine(m_T[i], ws); + const uint32_t w = scalar.get_substring(2*i, 2); + + if(w > 0) + R.add_affine(m_T[3*i + w - 1], ws); } BOTAN_DEBUG_ASSERT(R.on_the_curve()); diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h index 97fd326a28..b6e9da3b9b 100644 --- a/src/lib/pubkey/ec_group/point_mul.h +++ b/src/lib/pubkey/ec_group/point_mul.h @@ -23,6 +23,7 @@ class PointGFp_Base_Point_Precompute const BigInt& group_order, std::vector& ws) const; private: + size_t m_T_bits; std::vector m_T; }; From 65e5f15c61c5ed5c41e1bed4c831ae7269f13066 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 15:15:57 -0400 Subject: [PATCH 0882/1008] Avoid needless computation in base point multiply We computed twice as many values as were used. --- src/lib/pubkey/ec_group/curve_gfp.cpp | 24 ------------------------ src/lib/pubkey/ec_group/point_mul.cpp | 14 ++++++-------- src/lib/pubkey/ec_group/point_mul.h | 1 - 3 files changed, 6 insertions(+), 33 deletions(-) diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index fba9a419c4..a8fdb2906b 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -106,12 +106,6 @@ void CurveGFp_Montgomery::from_curve_rep(BigInt& z, secure_vector& ws) con void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { - if(x.is_zero() || y.is_zero()) - { - z.clear(); - return; - } - if(ws.size() < get_ws_size()) ws.resize(get_ws_size()); @@ -138,12 +132,6 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const { - if(x.is_zero()) - { - z.clear(); - return; - } - if(ws.size() < get_ws_size()) ws.resize(get_ws_size()); @@ -215,12 +203,6 @@ BigInt CurveGFp_NIST::invert_element(const BigInt& x, secure_vector& ws) c void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { - if(x.is_zero() || y.is_zero()) - { - z.clear(); - return; - } - if(ws.size() < get_ws_size()) ws.resize(get_ws_size()); @@ -242,12 +224,6 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const { - if(x.is_zero()) - { - z.clear(); - return; - } - if(ws.size() < get_ws_size()) ws.resize(get_ws_size()); diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 487fb9884d..7acb60b6a8 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -43,9 +43,9 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b * the size of the prime modulus. In all cases they are at most 1 bit * longer. The +1 compensates for this. */ - m_T_bits = round_up(p_bits + PointGFp_SCALAR_BLINDING_BITS + 1, 2); + const size_t T_bits = round_up(p_bits + PointGFp_SCALAR_BLINDING_BITS + 1, 2) / 2; - m_T.resize(3*m_T_bits); + m_T.resize(3*T_bits); m_T[0] = base; m_T[1] = m_T[0]; @@ -53,7 +53,7 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b m_T[2] = m_T[1]; m_T[2].add(m_T[0], ws); - for(size_t i = 1; i != m_T_bits; ++i) + for(size_t i = 1; i != T_bits; ++i) { m_T[3*i+0] = m_T[3*i - 2]; m_T[3*i+0].mult2(ws); @@ -78,17 +78,15 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, const BigInt mask(rng, PointGFp_SCALAR_BLINDING_BITS, false); const BigInt scalar = k + group_order * mask; - const size_t scalar_bits = scalar.bits(); + size_t windows = round_up(scalar.bits(), 2) / 2; - BOTAN_ASSERT(scalar_bits <= m_T_bits, + BOTAN_ASSERT(windows <= m_T.size() / 3, "Precomputed sufficient values for scalar mult"); - PointGFp R = m_T[0].zero(); - if(ws.size() < PointGFp::WORKSPACE_SIZE) ws.resize(PointGFp::WORKSPACE_SIZE); - size_t windows = round_up(scalar_bits, 2) / 2; + PointGFp R = m_T[0].zero(); for(size_t i = 0; i != windows; ++i) { diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h index b6e9da3b9b..97fd326a28 100644 --- a/src/lib/pubkey/ec_group/point_mul.h +++ b/src/lib/pubkey/ec_group/point_mul.h @@ -23,7 +23,6 @@ class PointGFp_Base_Point_Precompute const BigInt& group_order, std::vector& ws) const; private: - size_t m_T_bits; std::vector m_T; }; From 7f644c0e4274f7adadad624269a2bfec7b979fc4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 16:54:21 -0400 Subject: [PATCH 0883/1008] Cache additional values for PointGFp multi-exponentiation Improves ECDSA verification by ~10% --- src/lib/pubkey/ec_group/ec_group.cpp | 3 +- src/lib/pubkey/ec_group/point_gfp.cpp | 60 -------------------- src/lib/pubkey/ec_group/point_mul.cpp | 81 +++++++++++++++++++++++++++ src/lib/pubkey/ec_group/point_mul.h | 16 ++++++ src/lib/pubkey/ecdsa/ecdsa.cpp | 7 ++- 5 files changed, 103 insertions(+), 64 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 50a4d85c70..ed1a75b48f 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -473,7 +473,8 @@ PointGFp EC_Group::point(const BigInt& x, const BigInt& y) const PointGFp EC_Group::point_multiply(const BigInt& x, const PointGFp& pt, const BigInt& y) const { - return multi_exponentiate(get_base_point(), x, pt, y); + PointGFp_Multi_Point_Precompute xy_mul(get_base_point(), pt); + return xy_mul.multi_exp(x, y); } PointGFp EC_Group::blinded_base_point_multiply(const BigInt& k, diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 51cb7d1535..48ae91f3c5 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -361,66 +361,6 @@ PointGFp& PointGFp::operator*=(const BigInt& scalar) return *this; } -PointGFp multi_exponentiate(const PointGFp& x, const BigInt& z1, - const PointGFp& y, const BigInt& z2) - { - const size_t z_bits = round_up(std::max(z1.bits(), z2.bits()), 2); - - std::vector ws(PointGFp::WORKSPACE_SIZE); - - PointGFp x2 = x; - x2.mult2(ws); - - const PointGFp x3(x2.plus(x, ws)); - - PointGFp y2 = y; - y2.mult2(ws); - - const PointGFp y3(y2.plus(y, ws)); - - const PointGFp M[16] = { - x.zero(), // 0000 - x, // 0001 - x2, // 0010 - x3, // 0011 - y, // 0100 - y.plus(x, ws), // 0101 - y.plus(x2, ws), // 0110 - y.plus(x3, ws), // 0111 - y2, // 1000 - y2.plus(x, ws), // 1001 - y2.plus(x2, ws), // 1010 - y2.plus(x3, ws), // 1011 - y3, // 1100 - y3.plus(x, ws), // 1101 - y3.plus(x2, ws), // 1110 - y3.plus(x3, ws), // 1111 - }; - - PointGFp H = x.zero(); - - for(size_t i = 0; i != z_bits; i += 2) - { - if(i > 0) - { - H.mult2(ws); - H.mult2(ws); - } - - const uint8_t z1_b = z1.get_substring(z_bits - i - 2, 2); - const uint8_t z2_b = z2.get_substring(z_bits - i - 2, 2); - - const uint8_t z12 = (4*z2_b) + z1_b; - - H.add(M[z12], ws); - } - - if(z1.is_negative() != z2.is_negative()) - H.negate(); - - return H; - } - PointGFp operator*(const BigInt& scalar, const PointGFp& point) { BOTAN_DEBUG_ASSERT(point.on_the_curve()); diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index 7acb60b6a8..adddaaa37c 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -10,6 +10,13 @@ namespace Botan { +PointGFp multi_exponentiate(const PointGFp& x, const BigInt& z1, + const PointGFp& y, const BigInt& z2) + { + PointGFp_Multi_Point_Precompute xy_mul(x, y); + return xy_mul.multi_exp(z1, z2); + } + Blinded_Point_Multiply::Blinded_Point_Multiply(const PointGFp& base, const BigInt& order, size_t h) : @@ -178,4 +185,78 @@ PointGFp PointGFp_Var_Point_Precompute::mul(const BigInt& k, return R; } + +PointGFp_Multi_Point_Precompute::PointGFp_Multi_Point_Precompute(const PointGFp& x, + const PointGFp& y) + { + std::vector ws(PointGFp::WORKSPACE_SIZE); + + PointGFp x2 = x; + x2.mult2(ws); + + const PointGFp x3(x2.plus(x, ws)); + + PointGFp y2 = y; + y2.mult2(ws); + + const PointGFp y3(y2.plus(y, ws)); + + m_M.reserve(15); + + m_M.push_back(x); + m_M.push_back(x2); + m_M.push_back(x3); + + m_M.push_back(y); + m_M.push_back(y.plus(x, ws)); + m_M.push_back(y.plus(x2, ws)); + m_M.push_back(y.plus(x3, ws)); + + m_M.push_back(y2); + m_M.push_back(y2.plus(x, ws)); + m_M.push_back(y2.plus(x2, ws)); + m_M.push_back(y2.plus(x3, ws)); + + m_M.push_back(y3); + m_M.push_back(y3.plus(x, ws)); + m_M.push_back(y3.plus(x2, ws)); + m_M.push_back(y3.plus(x3, ws)); + + PointGFp::force_all_affine(m_M, ws[0].get_word_vector()); + } + +PointGFp PointGFp_Multi_Point_Precompute::multi_exp(const BigInt& z1, + const BigInt& z2) const + { + std::vector ws(PointGFp::WORKSPACE_SIZE); + + const size_t z_bits = round_up(std::max(z1.bits(), z2.bits()), 2); + + PointGFp H = m_M[0].zero(); + + for(size_t i = 0; i != z_bits; i += 2) + { + if(i > 0) + { + H.mult2(ws); + H.mult2(ws); + } + + const uint8_t z1_b = z1.get_substring(z_bits - i - 2, 2); + const uint8_t z2_b = z2.get_substring(z_bits - i - 2, 2); + + const uint8_t z12 = (4*z2_b) + z1_b; + + if(z12) + { + H.add_affine(m_M[z12-1], ws); + } + } + + if(z1.is_negative() != z2.is_negative()) + H.negate(); + + return H; + } + } diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h index 97fd326a28..9a19f90d41 100644 --- a/src/lib/pubkey/ec_group/point_mul.h +++ b/src/lib/pubkey/ec_group/point_mul.h @@ -42,6 +42,22 @@ class PointGFp_Var_Point_Precompute std::vector m_U; }; +class PointGFp_Multi_Point_Precompute + { + public: + PointGFp_Multi_Point_Precompute(const PointGFp& g1, + const PointGFp& g2); + + /* + * Return (g1*k1 + g2*k2) + * Not constant time, intended to use with public inputs + */ + PointGFp multi_exp(const BigInt& k1, + const BigInt& k2) const; + private: + std::vector m_M; + }; + } #endif diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index a2877f7fc6..6ff02e8c9f 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -10,6 +10,7 @@ #include #include +#include #include #include #include @@ -112,7 +113,7 @@ class ECDSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), m_group(ecdsa.domain()), - m_public_point(ecdsa.public_point()) + m_gy_mul(m_group.get_base_point(), ecdsa.public_point()) { } @@ -124,7 +125,7 @@ class ECDSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA const uint8_t sig[], size_t sig_len) override; private: const EC_Group m_group; - const PointGFp& m_public_point; + const PointGFp_Multi_Point_Precompute m_gy_mul; }; bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, @@ -145,7 +146,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, const BigInt u1 = m_group.multiply_mod_order(e, w); const BigInt u2 = m_group.multiply_mod_order(r, w); - const PointGFp R = m_group.point_multiply(u1, m_public_point, u2); + const PointGFp R = m_gy_mul.multi_exp(u1, u2); if(R.is_zero()) return false; From 21fe5f3ba2e8af09469ccf0b78ad11e1b7941c08 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 17:02:17 -0400 Subject: [PATCH 0884/1008] Add EC_Group::clear_registered_curve_data Needed for OSS-Fuzz (OOMing a lot) and maybe very occasionally useful in some weird application that has to deal with 100s of different curves. --- src/fuzzer/pkcs8.cpp | 7 +++++++ src/lib/pubkey/ec_group/ec_group.cpp | 14 ++++++++++++++ src/lib/pubkey/ec_group/ec_group.h | 2 ++ 3 files changed, 23 insertions(+) diff --git a/src/fuzzer/pkcs8.cpp b/src/fuzzer/pkcs8.cpp index 972532b3c0..2d004633d1 100644 --- a/src/fuzzer/pkcs8.cpp +++ b/src/fuzzer/pkcs8.cpp @@ -8,6 +8,7 @@ #include #include #include +#include void fuzz(const uint8_t in[], size_t len) { @@ -18,4 +19,10 @@ void fuzz(const uint8_t in[], size_t len) std::unique_ptr key(Botan::PKCS8::load_key(input, null_rng)); } catch(Botan::Exception& e) { } + + /* + * This avoids OOMs in OSS-Fuzz caused by storing precomputations + * for thousands of curves randomly generated by the fuzzer. + */ + Botan::EC_Group::clear_registered_curve_data(); } diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index ed1a75b48f..623c79cc8c 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -115,6 +115,14 @@ class EC_Group_Data_Map final public: EC_Group_Data_Map() {} + size_t clear() + { + lock_guard_type lock(m_mutex); + size_t count = m_registered_curves.size(); + m_registered_curves.clear(); + return count; + } + std::shared_ptr lookup(const OID& oid) { lock_guard_type lock(m_mutex); @@ -217,6 +225,12 @@ EC_Group_Data_Map& EC_Group::ec_group_data() return g_ec_data; } +//static +size_t EC_Group::clear_registered_curve_data() + { + return ec_group_data().clear(); + } + //static std::shared_ptr EC_Group::load_EC_group_info(const char* p_str, diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 47652e1b4a..32c115432c 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -312,6 +312,8 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final */ static std::shared_ptr EC_group_info(const OID& oid); + static size_t clear_registered_curve_data(); + private: static EC_Group_Data_Map& ec_group_data(); From 06b2ba179f548e830e673a0b2d749e6207f70ca9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 17:12:21 -0400 Subject: [PATCH 0885/1008] Remove use of ;; to end lines --- src/lib/asn1/asn1_print.cpp | 2 +- src/lib/math/numbertheory/monty_exp.cpp | 2 +- src/lib/math/numbertheory/nistp_redc.cpp | 2 +- src/lib/misc/srp6/srp6.cpp | 2 +- src/lib/x509/x509_ca.cpp | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index 13ae6d3877..cb223e1307 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -236,7 +236,7 @@ void ASN1_Formatter::decode(std::ostream& output, else { output << "Unknown ASN.1 tag class=" << static_cast(class_tag) - << " type=" << static_cast(type_tag) << "\n";; + << " type=" << static_cast(type_tag) << "\n"; } obj = decoder.get_next_object(); diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 6f70ef7c64..18fb6d0813 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -42,7 +42,7 @@ Montgomery_Exponentation_State::Montgomery_Exponentation_State(std::shared_ptrR1(), false));; + m_g.push_back(Montgomery_Int(m_params, m_params->R1(), false)); m_g.push_back(Montgomery_Int(m_params, g)); diff --git a/src/lib/math/numbertheory/nistp_redc.cpp b/src/lib/math/numbertheory/nistp_redc.cpp index 36135f891e..f2782038b7 100644 --- a/src/lib/math/numbertheory/nistp_redc.cpp +++ b/src/lib/math/numbertheory/nistp_redc.cpp @@ -70,7 +70,7 @@ void redc_p521(BigInt& x, secure_vector& ws) * Otherwise we must reduce if p is exactly 2^512-1 */ - word possibly_521 = MP_WORD_MAX;; + word possibly_521 = MP_WORD_MAX; for(size_t i = 0; i != p_full_words; ++i) possibly_521 &= x.word_at(i); diff --git a/src/lib/misc/srp6/srp6.cpp b/src/lib/misc/srp6/srp6.cpp index 213fdc533e..bf5c6ac934 100644 --- a/src/lib/misc/srp6/srp6.cpp +++ b/src/lib/misc/srp6/srp6.cpp @@ -137,7 +137,7 @@ BigInt SRP6_Server_Session::step1(const BigInt& v, const BigInt k = hash_seq(hash_id, m_p_bytes, p, g); - m_B = group.mod_p(v*k + group.power_g_p(m_b));; + m_B = group.mod_p(v*k + group.power_g_p(m_b)); return m_B; } diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 19eec12108..73eea4a95b 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -208,7 +208,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, .end_explicit() .end_cons() .get_contents() - ));; + )); // clang-format on } From a260a4f36ccaa1620455c976da55810bff77d5d7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 23:27:49 -0400 Subject: [PATCH 0886/1008] Support multiple DNS names through the command line interface --- src/cli/x509.cpp | 8 +++++--- src/lib/x509/x509self.cpp | 3 +++ src/lib/x509/x509self.h | 2 ++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index 021316d786..fef155c9f1 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -1,5 +1,5 @@ /* -* (C) 2010,2014,2015 Jack Lloyd +* (C) 2010,2014,2015,2018 Jack Lloyd * (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) @@ -17,6 +17,7 @@ #include #include #include +#include #if defined(BOTAN_HAS_OCSP) #include @@ -259,7 +260,7 @@ class Gen_Self_Signed final : public Command opts.country = get_arg("country"); opts.organization = get_arg("organization"); opts.email = get_arg("email"); - opts.dns = get_arg("dns"); + opts.more_dns = Botan::split_on(get_arg("dns"), ','); std::string emsa = get_arg("emsa"); @@ -284,7 +285,7 @@ class Generate_PKCS10 final : public Command public: Generate_PKCS10() : Command("gen_pkcs10 key CN --country= --organization= " - "--email= --key-pass= --hash=SHA-256 --emsa=") {} + "--email= --dns= --key-pass= --hash=SHA-256 --emsa=") {} std::string group() const override { @@ -311,6 +312,7 @@ class Generate_PKCS10 final : public Command opts.country = get_arg("country"); opts.organization = get_arg("organization"); opts.email = get_arg("email"); + opts.more_dns = Botan::split_on(get_arg("dns"), ','); std::string emsa = get_arg("emsa"); diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index 418fd85a45..78bbe8615b 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -33,6 +33,9 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip); subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), opts.xmpp, UTF8_STRING); + + for(auto dns : opts.more_dns) + subject_alt.add_attribute("DNS", dns); } } diff --git a/src/lib/x509/x509self.h b/src/lib/x509/x509self.h index 0cc12e98e0..7d061acbb3 100644 --- a/src/lib/x509/x509self.h +++ b/src/lib/x509/x509self.h @@ -79,6 +79,8 @@ class BOTAN_PUBLIC_API(2,0) X509_Cert_Options final */ std::string dns; + std::vector more_dns; + /** * the subject XMPP */ From b08f7beb877569fd94736c5a67b9e28fcdd968b6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 09:23:33 -0400 Subject: [PATCH 0887/1008] Nudge users to EC_Group::OS2ECP --- src/lib/pubkey/ec_group/point_gfp.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index 20018fa2fe..aa7e5b2c04 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -303,21 +303,27 @@ inline secure_vector BOTAN_DEPRECATED("Use PointGFp::encode") return secure_vector(enc.begin(), enc.end()); } +/** +* Perform point decoding +* Use EC_Group::OS2ECP instead +*/ PointGFp BOTAN_PUBLIC_API(2,0) OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp& curve); /** * Perform point decoding +* Use EC_Group::OS2ECP instead +* * @param data the encoded point * @param data_len length of data in bytes * @param curve_p the curve equation prime * @param curve_a the curve equation a parameter * @param curve_b the curve equation b parameter */ -std::pair BOTAN_PUBLIC_API(2,5) OS2ECP(const uint8_t data[], size_t data_len, - const BigInt& curve_p, - const BigInt& curve_a, - const BigInt& curve_b); +std::pair BOTAN_UNSTABLE_API OS2ECP(const uint8_t data[], size_t data_len, + const BigInt& curve_p, + const BigInt& curve_a, + const BigInt& curve_b); template PointGFp OS2ECP(const std::vector& data, const CurveGFp& curve) From 737f33c09a18500e044dca3e2ae13bd2c08bafdd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 19 Mar 2018 11:00:50 -0400 Subject: [PATCH 0888/1008] Store base point multiplies in a single std::vector Since the point is public all the values are also, so this reduces pressure on the mlock allocator and may (slightly) help perf through cache read-ahead. Downside is cache based side channels are slightly easier (vs the data being stored in discontigious vectors). But we shouldn't rely on that in any case. And having it be in an array makes a masked table lookup easier to arrange. --- src/lib/math/bigint/bigint.cpp | 11 +++++ src/lib/math/bigint/bigint.h | 6 +++ src/lib/pubkey/ec_group/curve_gfp.cpp | 66 ++++++++++++++++++++++++++- src/lib/pubkey/ec_group/curve_gfp.h | 12 +++++ src/lib/pubkey/ec_group/point_gfp.cpp | 37 +++++++++++---- src/lib/pubkey/ec_group/point_gfp.h | 8 ++++ src/lib/pubkey/ec_group/point_mul.cpp | 56 +++++++++++++++-------- src/lib/pubkey/ec_group/point_mul.h | 9 +++- 8 files changed, 175 insertions(+), 30 deletions(-) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index a722e0e4b5..a42707e073 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -118,6 +118,17 @@ int32_t BigInt::cmp(const BigInt& other, bool check_signs) const other.data(), other.sig_words()); } +void BigInt::encode_words(word out[], size_t size) const + { + const size_t words = sig_words(); + + if(words > size) + throw Encoding_Error("BigInt::encode_words value too large to encode"); + + clear_mem(out, size); + copy_mem(out, data(), words); + } + /* * Return bits {offset...offset+length} */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index ba17d7ede4..3f0eb8523d 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -536,6 +536,12 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ size_t encoded_size(Base base = Binary) const; + /** + * Place the value into out, zero-padding up to size words + * Throw if *this cannot be represented in size words + */ + void encode_words(word out[], size_t size) const; + /** * @param rng a random number generator * @param min the minimum value diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index a8fdb2906b..8953edba40 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -1,6 +1,6 @@ /* * Elliptic curves over GF(p) Montgomery Representation -* (C) 2014,2015 Jack Lloyd +* (C) 2014,2015,2018 Jack Lloyd * 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) @@ -61,6 +61,12 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr void curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const override; + void curve_mul_words(BigInt& z, + const word x_words[], + const size_t x_size, + const BigInt& y, + secure_vector& ws) const override; + void curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const override; private: @@ -129,6 +135,34 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, ws.data(), ws.size()); } +void CurveGFp_Montgomery::curve_mul_words(BigInt& z, + const word x_w[], + size_t x_size, + const BigInt& y, + secure_vector& ws) const + { + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); + + const size_t output_size = 2*m_p_words + 2; + if(z.size() < output_size) + z.grow_to(output_size); + + BOTAN_DEBUG_ASSERT(y.sig_words() <= m_p_words); + + const size_t x_words = (x_size >= m_p_words) ? m_p_words : x_size; + const size_t y_words = (y.size() >= m_p_words) ? m_p_words : y.sig_words(); + + bigint_mul(z.mutable_data(), z.size(), + x_w, x_size, x_words, + y.data(), y.size(), y_words, + ws.data(), ws.size()); + + bigint_monty_redc(z.mutable_data(), + m_p.data(), m_p_words, m_p_dash, + ws.data(), ws.size()); + } + void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const { @@ -183,6 +217,12 @@ class CurveGFp_NIST : public CurveGFp_Repr void curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const override; + void curve_mul_words(BigInt& z, + const word x_words[], + const size_t x_size, + const BigInt& y, + secure_vector& ws) const override; + void curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const override; private: @@ -221,6 +261,30 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y, this->redc(z, ws); } +void CurveGFp_NIST::curve_mul_words(BigInt& z, + const word x_w[], + size_t x_size, + const BigInt& y, + secure_vector& ws) const + { + if(ws.size() < get_ws_size()) + ws.resize(get_ws_size()); + + const size_t output_size = 2*m_p_words + 2; + if(z.size() < output_size) + z.grow_to(output_size); + + const size_t x_words = (x_size >= m_p_words) ? m_p_words : x_size; + const size_t y_words = (y.size() >= m_p_words) ? m_p_words : y.sig_words(); + + bigint_mul(z.mutable_data(), z.size(), + x_w, x_size, x_words, + y.data(), y.size(), y_words, + ws.data(), ws.size()); + + this->redc(z, ws); + } + void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const { diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index 2c2d9e6197..076922ceb3 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -49,6 +49,12 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr virtual void curve_mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const = 0; + virtual void curve_mul_words(BigInt& z, + const word x_words[], + const size_t x_size, + const BigInt& y, + secure_vector& ws) const = 0; + virtual void curve_sqr(BigInt& z, const BigInt& x, secure_vector& ws) const = 0; }; @@ -135,6 +141,12 @@ class BOTAN_UNSTABLE_API CurveGFp final m_repr->curve_mul(z, x, y, ws); } + void mul(BigInt& z, const word x_w[], size_t x_size, + const BigInt& y, secure_vector& ws) const + { + m_repr->curve_mul_words(z, x_w, x_size, y, ws); + } + void sqr(BigInt& z, const BigInt& x, secure_vector& ws) const { m_repr->curve_sqr(z, x, ws); diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 48ae91f3c5..acbda95d47 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -79,24 +79,43 @@ inline void resize_ws(std::vector& ws_bn, size_t cap_size) ws_bn[i].get_word_vector().resize(cap_size); } +inline bool all_zeros(const word x[], size_t len) + { + word z = 0; + for(size_t i = 0; i != len; ++i) + z |= x[i]; + return (z == 0); + } } -void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) +void PointGFp::add_affine(const PointGFp& rhs, std::vector& workspace) { - if(rhs.is_zero()) + BOTAN_DEBUG_ASSERT(rhs.is_affine()); + + const size_t p_words = m_curve.get_p_words(); + add_affine(rhs.m_coord_x.data(), std::min(p_words, rhs.m_coord_x.size()), + rhs.m_coord_y.data(), std::min(p_words, rhs.m_coord_y.size()), + workspace); + } + +void PointGFp::add_affine(const word x_words[], size_t x_size, + const word y_words[], size_t y_size, + std::vector& ws_bn) + { + if(all_zeros(x_words, x_size) && all_zeros(y_words, y_size)) return; if(is_zero()) { - m_coord_x = rhs.m_coord_x; - m_coord_y = rhs.m_coord_y; - m_coord_z = rhs.m_coord_z; + // FIXME avoid the copy here + m_coord_x = BigInt(x_words, x_size); + m_coord_y = BigInt(y_words, y_size); + m_coord_z = 1; + m_curve.to_rep(m_coord_z, ws_bn[0].get_word_vector()); return; } - //BOTAN_ASSERT(rhs.is_affine(), "PointGFp::add_affine requires arg be affine point"); - resize_ws(ws_bn, m_curve.get_ws_size()); secure_vector& ws = ws_bn[0].get_word_vector(); @@ -115,10 +134,10 @@ void PointGFp::add_affine(const PointGFp& rhs, std::vector& ws_bn) const BigInt& p = m_curve.get_p(); m_curve.sqr(T3, m_coord_z, ws); // z1^2 - m_curve.mul(T4, rhs.m_coord_x, T3, ws); // x2*z1^2 + m_curve.mul(T4, x_words, x_size, T3, ws); // x2*z1^2 m_curve.mul(T2, m_coord_z, T3, ws); // z1^3 - m_curve.mul(T0, rhs.m_coord_y, T2, ws); // y2*z1^3 + m_curve.mul(T0, y_words, y_size, T2, ws); // y2*z1^3 T4 -= m_coord_x; // x2*z1^2 - x1*z2^2 if(T4.is_negative()) diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index aa7e5b2c04..80c198c623 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -148,6 +148,10 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ BigInt get_affine_y() const; + const BigInt& get_x() const { return m_coord_x; } + const BigInt& get_y() const { return m_coord_y; } + const BigInt& get_z() const { return m_coord_z; } + /** * Force this point to affine coordinates */ @@ -211,6 +215,10 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ void add_affine(const PointGFp& other, std::vector& workspace); + void add_affine(const word x_words[], size_t x_size, + const word y_words[], size_t y_size, + std::vector& workspace); + /** * Point doubling * @param workspace temp space, at least WORKSPACE_SIZE elements diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index adddaaa37c..d42a5d5e80 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -38,8 +38,10 @@ PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar, return m_point_mul->mul(scalar, rng, m_order, m_ws); } - -PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& base) +PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& base) : + m_base_point(base), + m_p_words(base.get_curve().get_p().size()), + m_T_size(base.get_curve().get_p().bits() + PointGFp_SCALAR_BLINDING_BITS + 1) { std::vector ws(PointGFp::WORKSPACE_SIZE); @@ -52,25 +54,37 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b */ const size_t T_bits = round_up(p_bits + PointGFp_SCALAR_BLINDING_BITS + 1, 2) / 2; - m_T.resize(3*T_bits); + std::vector T(3*T_bits); + T.resize(3*T_bits); - m_T[0] = base; - m_T[1] = m_T[0]; - m_T[1].mult2(ws); - m_T[2] = m_T[1]; - m_T[2].add(m_T[0], ws); + T[0] = base; + T[1] = T[0]; + T[1].mult2(ws); + T[2] = T[1]; + T[2].add(T[0], ws); for(size_t i = 1; i != T_bits; ++i) { - m_T[3*i+0] = m_T[3*i - 2]; - m_T[3*i+0].mult2(ws); - m_T[3*i+1] = m_T[3*i+0]; - m_T[3*i+1].mult2(ws); - m_T[3*i+2] = m_T[3*i+1]; - m_T[3*i+2].add(m_T[3*i+0], ws); + T[3*i+0] = T[3*i - 2]; + T[3*i+0].mult2(ws); + T[3*i+1] = T[3*i+0]; + T[3*i+1].mult2(ws); + T[3*i+2] = T[3*i+1]; + T[3*i+2].add(T[3*i+0], ws); } - PointGFp::force_all_affine(m_T, ws[0].get_word_vector()); + PointGFp::force_all_affine(T, ws[0].get_word_vector()); + + m_W.resize(T.size() * 2 * m_p_words); + + word* p = &m_W[0]; + for(size_t i = 0; i != T.size(); ++i) + { + T[i].get_x().encode_words(p, m_p_words); + p += m_p_words; + T[i].get_y().encode_words(p, m_p_words); + p += m_p_words; + } } PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, @@ -87,14 +101,14 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, size_t windows = round_up(scalar.bits(), 2) / 2; - BOTAN_ASSERT(windows <= m_T.size() / 3, + BOTAN_ASSERT(windows <= m_W.size() / (3*2*m_p_words), "Precomputed sufficient values for scalar mult"); + PointGFp R = m_base_point.zero(); + if(ws.size() < PointGFp::WORKSPACE_SIZE) ws.resize(PointGFp::WORKSPACE_SIZE); - PointGFp R = m_T[0].zero(); - for(size_t i = 0; i != windows; ++i) { if(i == 4) @@ -105,7 +119,11 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, const uint32_t w = scalar.get_substring(2*i, 2); if(w > 0) - R.add_affine(m_T[3*i + w - 1], ws); + { + const size_t idx = (3*i + w - 1)*2*m_p_words; + R.add_affine(&m_W[idx], m_p_words, + &m_W[idx + m_p_words], m_p_words, ws); + } } BOTAN_DEBUG_ASSERT(R.on_the_curve()); diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h index 9a19f90d41..64672d9a4e 100644 --- a/src/lib/pubkey/ec_group/point_mul.h +++ b/src/lib/pubkey/ec_group/point_mul.h @@ -23,7 +23,14 @@ class PointGFp_Base_Point_Precompute const BigInt& group_order, std::vector& ws) const; private: - std::vector m_T; + const PointGFp& m_base_point; + const size_t m_p_words; + const size_t m_T_size; + + /* + * This is a table of T_size * 3*p_word words + */ + std::vector m_W; }; class PointGFp_Var_Point_Precompute From a54ba4ab24684c63557ece809de1f41adeaddf77 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 13:13:17 -0400 Subject: [PATCH 0889/1008] Support Ed25519 certificate format Able to create certificate chain and verify it with OpenSSL 1.1.1 --- src/lib/asn1/alg_id.h | 2 +- src/lib/x509/key_constraint.cpp | 4 +- src/lib/x509/x509_obj.cpp | 107 +++++++++++++++++++++----------- src/tests/unit_x509.cpp | 2 +- 4 files changed, 75 insertions(+), 40 deletions(-) diff --git a/src/lib/asn1/alg_id.h b/src/lib/asn1/alg_id.h index 22978b847f..dc9ca23986 100644 --- a/src/lib/asn1/alg_id.h +++ b/src/lib/asn1/alg_id.h @@ -21,7 +21,7 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) AlgorithmIdentifier final : public ASN1_Object { public: - enum Encoding_Option { USE_NULL_PARAM }; + enum Encoding_Option { USE_NULL_PARAM, USE_EMPTY_PARAM }; void encode_into(class DER_Encoder&) const override; void decode_from(class BER_Decoder&) override; diff --git a/src/lib/x509/key_constraint.cpp b/src/lib/x509/key_constraint.cpp index e27d2aff2f..dfadedac59 100644 --- a/src/lib/x509/key_constraint.cpp +++ b/src/lib/x509/key_constraint.cpp @@ -84,7 +84,9 @@ void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key, permitted |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT; } - if(name == "RSA" || name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "GOST-34.10") + if(name == "RSA" || name == "DSA" || + name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "GOST-34.10" || + name == "Ed25519") { permitted |= DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_CERT_SIGN | CRL_SIGN; } diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index 78413c1214..41cf74acc5 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -149,11 +149,12 @@ std::vector X509_Object::tbs_data() const std::string X509_Object::hash_used_for_signature() const { const OID& oid = m_sig_algo.get_oid(); - std::vector sig_info = split_on(OIDS::lookup(oid), '/'); + const std::vector sig_info = split_on(OIDS::lookup(oid), '/'); - if(sig_info.size() != 2) - throw Internal_Error("Invalid name format found for " + - oid.as_string()); + if(sig_info.size() == 1 && sig_info[0] == "Ed25519") + return "SHA-512"; + else if(sig_info.size() != 2) + throw Internal_Error("Invalid name format found for " + oid.as_string()); if(sig_info[1] == "EMSA4") { @@ -161,7 +162,7 @@ std::string X509_Object::hash_used_for_signature() const } else { - std::vector pad_and_hash = + const std::vector pad_and_hash = parse_algorithm_name(sig_info[1]); if(pad_and_hash.size() != 2) @@ -195,10 +196,17 @@ Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) const std::vector sig_info = split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); - if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) + if(sig_info.size() < 1 || sig_info.size() > 2 || sig_info[0] != pub_key.algo_name()) + return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; + + std::string padding; + if(sig_info.size() == 2) + padding = sig_info[1]; + else if(sig_info[0] == "Ed25519") + padding = "Pure"; + else return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; - std::string padding = sig_info[1]; const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; @@ -285,17 +293,14 @@ std::vector X509_Object::make_signed(PK_Signer* signer, .get_contents_unlocked(); } -/* -* Choose a signing format for the key -*/ -std::unique_ptr X509_Object::choose_sig_format(AlgorithmIdentifier& sig_algo, - const Private_Key& key, - RandomNumberGenerator& rng, - const std::string& hash_fn, - const std::string& padding_algo) +namespace { + +std::string choose_sig_algo(AlgorithmIdentifier& sig_algo, + const Private_Key& key, + const std::string& hash_fn, + const std::string& user_specified) { const std::string algo_name = key.algo_name(); - std::string padding; // check algo_name and set default @@ -312,43 +317,71 @@ std::unique_ptr X509_Object::choose_sig_format(AlgorithmIdentifier& s { padding = "EMSA1(" + hash_fn + ")"; } + else if(algo_name == "Ed25519") + { + padding = "Pure"; + } else { throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); } - if(padding_algo.empty() == false) + if(user_specified.empty() == false) { - padding = padding_algo; + padding = user_specified; } - // try to construct an EMSA object from the padding options or default - std::unique_ptr emsa = nullptr; - try - { - emsa.reset(get_emsa(padding)); - } - /* - * get_emsa will throw if opts contains {"padding",} but - * does not specify a hash function. - * Omitting it is valid since it needs to be identical to hash_fn. - * If it still throws, something happened that we cannot repair here, - * e.g. the algorithm/padding combination is not supported. - */ - catch(...) + if(padding != "Pure") { - emsa.reset(get_emsa(padding + "(" + hash_fn + ")")); + // try to construct an EMSA object from the padding options or default + std::unique_ptr emsa; + try + { + emsa.reset(get_emsa(padding)); + } + /* + * get_emsa will throw if opts contains {"padding",} but + * does not specify a hash function. + * Omitting it is valid since it needs to be identical to hash_fn. + * If it still throws, something happened that we cannot repair here, + * e.g. the algorithm/padding combination is not supported. + */ + catch(...) + { + emsa.reset(get_emsa(padding + "(" + hash_fn + ")")); + } + + if(!emsa) + { + throw Invalid_Argument("Could not parse padding scheme " + padding); + } + + sig_algo = emsa->config_for_x509(key, hash_fn); + return emsa->name(); } - if(emsa == nullptr) + else { - throw Invalid_Argument("Could not parse padding scheme " + padding); + sig_algo = AlgorithmIdentifier(OIDS::lookup("Ed25519"), AlgorithmIdentifier::USE_EMPTY_PARAM); + return "Pure"; } + } +} + +/* +* Choose a signing format for the key +*/ +std::unique_ptr X509_Object::choose_sig_format(AlgorithmIdentifier& sig_algo, + const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& hash_fn, + const std::string& padding_algo) + { const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363; - sig_algo = emsa->config_for_x509(key, hash_fn); + const std::string emsa = choose_sig_algo(sig_algo, key, hash_fn, padding_algo); - return std::unique_ptr(new PK_Signer(key, rng, emsa->name(), format)); + return std::unique_ptr(new PK_Signer(key, rng, emsa, format)); } } diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 485ae1c50f..fe8d3fbd75 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -1432,7 +1432,7 @@ class X509_Cert_Unit_Tests final : public Test { std::vector results; - const std::string sig_algos[] { "RSA", "DSA", "ECDSA", "ECGDSA", "ECKCDSA", "GOST-34.10" }; + const std::string sig_algos[] { "RSA", "DSA", "ECDSA", "ECGDSA", "ECKCDSA", "GOST-34.10", "Ed25519" }; for(const std::string& algo : sig_algos) { From c53f4fa8686a59f2360e4609f4fc9cdc66ce00d1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 15:59:38 -0400 Subject: [PATCH 0890/1008] Update news, todo --- doc/todo.rst | 1 + news.rst | 2 ++ 2 files changed, 3 insertions(+) diff --git a/doc/todo.rst b/doc/todo.rst index 1a76b3480f..9737200366 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -26,6 +26,7 @@ Ciphers, Hashes, PBKDF * PMAC * Extend Cascade_Cipher to support arbitrary number of ciphers * EME* tweakable block cipher (https://eprint.iacr.org/2004/125.pdf) +* FFX format preserving encryption (NIST 800-38G) Public Key Crypto, Math ---------------------------------------- diff --git a/news.rst b/news.rst index 6fb14a128c..16a23aebdf 100644 --- a/news.rst +++ b/news.rst @@ -6,6 +6,8 @@ Version 2.5.0, Not Yet Released * Add support for RSA-PSS signatures in TLS (GH #1285) +* Ed25519 certificates are now supported (GH #1501) + * Many optimizations in ECC operations. ECDSA signatures are 8-10 times faster. ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times faster. (GH #1457 #1478) From eb5bc1b1ea573c44efe58b18ed07a82db88029fb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 18:24:47 -0400 Subject: [PATCH 0891/1008] Update side channel doc --- doc/manual/side_channels.rst | 63 +++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 29 deletions(-) diff --git a/doc/manual/side_channels.rst b/doc/manual/side_channels.rst index 01d20a66d2..6d6bd74bbd 100644 --- a/doc/manual/side_channels.rst +++ b/doc/manual/side_channels.rst @@ -128,16 +128,20 @@ protocols ([InvalidCurve] [InvalidCurveTLS]). See point_gfp.cpp. ECC scalar multiply ---------------------- -There are two implementations of scalar multiply, PointGFp::operator* and the -class Blinded_Point_Multiply. The default scalar multiply uses the Montgomery -ladder. However it currently leaks the size of the scalar, because the loop -iterations are bounded by the scalar size. +There are several different implementations of ECC scalar multiplications which +depend on the API invoked. This include ``PointGFp::operator*``, +``EC_Group::blinded_base_point_multiply`` and +``EC_Group::blinded_var_point_multiply``. -Blinded_Point_Multiply (used by ECDH, ECDSA, etc) applies several additional -side channel countermeasures. The scalar is masked by a small multiple of the -group order (this is commonly called Coron's first countermeasure [CoronDpa]), -the size of the scalar mask is currently controlled by build.h value -BOTAN_POINTGFP_SCALAR_BLINDING_BITS which defaults to 20 bits. +The ``PointGFp::operator*`` implementation uses the Montgomery ladder, which is +fairly resistant to side channels. However it leaks the size of the scalar, +because the loop iterations are bounded by the scalar size. It should not be +used in cases when the scalar is a secret. + +Both ``blinded_base_point_multiply`` and ``blinded_var_point_multiply`` apply +side channel countermeasures. The scalar is masked by a multiple of the group +order (this is commonly called Coron's first countermeasure [CoronDpa]), +currently the multiplier is an 80 bit integer. Botan stores all ECC points in Jacobian representation. This form allows faster computation by representing points (x,y) as (X,Y,Z) where x=X/Z^2 and @@ -147,16 +151,17 @@ attacker from mounting attacks based on the input point remaining unchanged over multiple executions. This is commonly called Coron's third countermeasure, see again [CoronDpa]. -Currently Blinded_Point_Multiply uses one of two different algorithms, depending -on a build-time flag. If BOTAN_POINTGFP_BLINDED_MULTIPLY_USE_MONTGOMERY_LADDER -is set in build.h (default is for it *not* to be set), then a randomized -Montgomery ladder algorithm from [RandomMonty] is used. Otherwise, a simple -fixed window exponentiation is used; the current version leaks exponent bits -through memory index values. We rely on scalar blinding to reduce this -leakage. It would obviously be better for Blinded_Point_Multiply to converge on -a single side channel silent algorithm. +The base point multiplication algorithm is a comb-like technique which +precomputes ``P^i,(2*P)^i,(3*P)^i`` for all ``i`` in the range of valid scalars. +This means the scalar multiplication involves only point additions and no +doublings, which may help against attacks which rely on distinguishing between +point doublings and point additions. + +The variable point multiplication algorithm uses a simple fixed-window +exponentiation algorithm. Since this is normally invoked using untrusted points +(eg in ECDH key exchange) it randomizes all inputs. -See point_gfp.cpp. +See point_gfp.cpp and point_mul.cpp ECDH ---------------------- @@ -177,7 +182,7 @@ are performed using a constant time algorithm due to Niels Möller. x25519 ---------------------- -The x25519 code is independent of the main Weiserstrass form ECC code, instead +The x25519 code is independent of the main Weierstrass form ECC code, instead based on curve25519-donna-c64.c by Adam Langley. The code seems immune to cache based side channels. It does make use of integer multiplications; on some old CPUs these multiplications take variable time and might allow a side channel @@ -221,14 +226,14 @@ It is based on code by Mike Hamburg [VectorAes], see aes_ssse3.cpp. This same technique could be applied with NEON or AltiVec, and the paper suggests some optimizations for the AltiVec shuffle. -On all other processors, a class 4K table lookup version based on the original -Rijndael code is used. This approach relatively fast, but now known to be very -vulnerable to side channels. The implementation does make modifications in the -first and last rounds to reduce the cache signature, but these merely increase -the number of observations required. See [AesCacheColl] for one paper which -analyzes a number of implementations including Botan. Botan already follows both -of their suggested countermeasures, which increased the number of samples -required from 2**13 to the only slightly less pitiful 2**19 samples. +On all other processors, a table lookup version derived from the original +Rijndael code is used. This approach is relatively fast, but now known to be +very vulnerable to side channels. To reduce the side channel signature, it uses +only a 1K table (instead of 4 1K tables which is typical) and uses small tables +in the first and last rounds. See [AesCacheColl] for one paper which analyzes a +number of implementations including (an older version of) Botan. Botan already +follows both of their suggested countermeasures, which increased the number of +samples required from 2**13 to the only slightly less pitiful 2**19 samples. The Botan block cipher API already supports bitslicing implementations, so a const time 8x bitsliced AES could be integrated fairly easily. @@ -236,11 +241,11 @@ const time 8x bitsliced AES could be integrated fairly easily. GCM --------------------- -On platforms that support a carryless multiply instruction (recent x86 and ARM), +On platforms that support a carryless multiply instruction (ARMv8 and recent x86), GCM is fast and constant time. On all other platforms, GCM uses a slow but constant time algorithm. There is -also an SSSE3 variant of the same (still slow) algorithm. +also an SSSE3 variant of the same (still relatively slow) algorithm. OCB ----------------------- From 8a7559e4f8ad179802ef482131faa5dfc0a074ad Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 17:01:50 -0400 Subject: [PATCH 0892/1008] Add some helpers for handling carries in Ed25519 --- src/lib/pubkey/ed25519/ed25519_fe.cpp | 724 +++++++++------------- src/lib/pubkey/ed25519/ed25519_internal.h | 34 + src/lib/pubkey/ed25519/sc_muladd.cpp | 373 ++++------- src/lib/pubkey/ed25519/sc_reduce.cpp | 253 +++----- 4 files changed, 491 insertions(+), 893 deletions(-) diff --git a/src/lib/pubkey/ed25519/ed25519_fe.cpp b/src/lib/pubkey/ed25519/ed25519_fe.cpp index 5aa515e9ba..bea9c504b7 100644 --- a/src/lib/pubkey/ed25519/ed25519_fe.cpp +++ b/src/lib/pubkey/ed25519/ed25519_fe.cpp @@ -114,142 +114,144 @@ With tighter constraints on inputs can squeeze carries into int32. //static FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) { - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; + const int32_t f0 = f[0]; + const int32_t f1 = f[1]; + const int32_t f2 = f[2]; + const int32_t f3 = f[3]; + const int32_t f4 = f[4]; + const int32_t f5 = f[5]; + const int32_t f6 = f[6]; + const int32_t f7 = f[7]; + const int32_t f8 = f[8]; + const int32_t f9 = f[9]; + + const int32_t g0 = g[0]; + const int32_t g1 = g[1]; + const int32_t g2 = g[2]; + const int32_t g3 = g[3]; + const int32_t g4 = g[4]; + const int32_t g5 = g[5]; + const int32_t g6 = g[6]; + const int32_t g7 = g[7]; + const int32_t g8 = g[8]; + const int32_t g9 = g[9]; + + const int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ + const int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ + const int32_t g3_19 = 19 * g3; + const int32_t g4_19 = 19 * g4; + const int32_t g5_19 = 19 * g5; + const int32_t g6_19 = 19 * g6; + const int32_t g7_19 = 19 * g7; + const int32_t g8_19 = 19 * g8; + const int32_t g9_19 = 19 * g9; + const int32_t f1_2 = 2 * f1; + const int32_t f3_2 = 2 * f3; + const int32_t f5_2 = 2 * f5; + const int32_t f7_2 = 2 * f7; + const int32_t f9_2 = 2 * f9; + + const int64_t f0g0 = f0 * static_cast(g0); + const int64_t f0g1 = f0 * static_cast(g1); + const int64_t f0g2 = f0 * static_cast(g2); + const int64_t f0g3 = f0 * static_cast(g3); + const int64_t f0g4 = f0 * static_cast(g4); + const int64_t f0g5 = f0 * static_cast(g5); + const int64_t f0g6 = f0 * static_cast(g6); + const int64_t f0g7 = f0 * static_cast(g7); + const int64_t f0g8 = f0 * static_cast(g8); + const int64_t f0g9 = f0 * static_cast(g9); + const int64_t f1g0 = f1 * static_cast(g0); + const int64_t f1g1_2 = f1_2 * static_cast(g1); + const int64_t f1g2 = f1 * static_cast(g2); + const int64_t f1g3_2 = f1_2 * static_cast(g3); + const int64_t f1g4 = f1 * static_cast(g4); + const int64_t f1g5_2 = f1_2 * static_cast(g5); + const int64_t f1g6 = f1 * static_cast(g6); + const int64_t f1g7_2 = f1_2 * static_cast(g7); + const int64_t f1g8 = f1 * static_cast(g8); + const int64_t f1g9_38 = f1_2 * static_cast(g9_19); + const int64_t f2g0 = f2 * static_cast(g0); + const int64_t f2g1 = f2 * static_cast(g1); + const int64_t f2g2 = f2 * static_cast(g2); + const int64_t f2g3 = f2 * static_cast(g3); + const int64_t f2g4 = f2 * static_cast(g4); + const int64_t f2g5 = f2 * static_cast(g5); + const int64_t f2g6 = f2 * static_cast(g6); + const int64_t f2g7 = f2 * static_cast(g7); + const int64_t f2g8_19 = f2 * static_cast(g8_19); + const int64_t f2g9_19 = f2 * static_cast(g9_19); + const int64_t f3g0 = f3 * static_cast(g0); + const int64_t f3g1_2 = f3_2 * static_cast(g1); + const int64_t f3g2 = f3 * static_cast(g2); + const int64_t f3g3_2 = f3_2 * static_cast(g3); + const int64_t f3g4 = f3 * static_cast(g4); + const int64_t f3g5_2 = f3_2 * static_cast(g5); + const int64_t f3g6 = f3 * static_cast(g6); + const int64_t f3g7_38 = f3_2 * static_cast(g7_19); + const int64_t f3g8_19 = f3 * static_cast(g8_19); + const int64_t f3g9_38 = f3_2 * static_cast(g9_19); + const int64_t f4g0 = f4 * static_cast(g0); + const int64_t f4g1 = f4 * static_cast(g1); + const int64_t f4g2 = f4 * static_cast(g2); + const int64_t f4g3 = f4 * static_cast(g3); + const int64_t f4g4 = f4 * static_cast(g4); + const int64_t f4g5 = f4 * static_cast(g5); + const int64_t f4g6_19 = f4 * static_cast(g6_19); + const int64_t f4g7_19 = f4 * static_cast(g7_19); + const int64_t f4g8_19 = f4 * static_cast(g8_19); + const int64_t f4g9_19 = f4 * static_cast(g9_19); + const int64_t f5g0 = f5 * static_cast(g0); + const int64_t f5g1_2 = f5_2 * static_cast(g1); + const int64_t f5g2 = f5 * static_cast(g2); + const int64_t f5g3_2 = f5_2 * static_cast(g3); + const int64_t f5g4 = f5 * static_cast(g4); + const int64_t f5g5_38 = f5_2 * static_cast(g5_19); + const int64_t f5g6_19 = f5 * static_cast(g6_19); + const int64_t f5g7_38 = f5_2 * static_cast(g7_19); + const int64_t f5g8_19 = f5 * static_cast(g8_19); + const int64_t f5g9_38 = f5_2 * static_cast(g9_19); + const int64_t f6g0 = f6 * static_cast(g0); + const int64_t f6g1 = f6 * static_cast(g1); + const int64_t f6g2 = f6 * static_cast(g2); + const int64_t f6g3 = f6 * static_cast(g3); + const int64_t f6g4_19 = f6 * static_cast(g4_19); + const int64_t f6g5_19 = f6 * static_cast(g5_19); + const int64_t f6g6_19 = f6 * static_cast(g6_19); + const int64_t f6g7_19 = f6 * static_cast(g7_19); + const int64_t f6g8_19 = f6 * static_cast(g8_19); + const int64_t f6g9_19 = f6 * static_cast(g9_19); + const int64_t f7g0 = f7 * static_cast(g0); + const int64_t f7g1_2 = f7_2 * static_cast(g1); + const int64_t f7g2 = f7 * static_cast(g2); + const int64_t f7g3_38 = f7_2 * static_cast(g3_19); + const int64_t f7g4_19 = f7 * static_cast(g4_19); + const int64_t f7g5_38 = f7_2 * static_cast(g5_19); + const int64_t f7g6_19 = f7 * static_cast(g6_19); + const int64_t f7g7_38 = f7_2 * static_cast(g7_19); + const int64_t f7g8_19 = f7 * static_cast(g8_19); + const int64_t f7g9_38 = f7_2 * static_cast(g9_19); + const int64_t f8g0 = f8 * static_cast(g0); + const int64_t f8g1 = f8 * static_cast(g1); + const int64_t f8g2_19 = f8 * static_cast(g2_19); + const int64_t f8g3_19 = f8 * static_cast(g3_19); + const int64_t f8g4_19 = f8 * static_cast(g4_19); + const int64_t f8g5_19 = f8 * static_cast(g5_19); + const int64_t f8g6_19 = f8 * static_cast(g6_19); + const int64_t f8g7_19 = f8 * static_cast(g7_19); + const int64_t f8g8_19 = f8 * static_cast(g8_19); + const int64_t f8g9_19 = f8 * static_cast(g9_19); + const int64_t f9g0 = f9 * static_cast(g0); + const int64_t f9g1_38 = f9_2 * static_cast(g1_19); + const int64_t f9g2_19 = f9 * static_cast(g2_19); + const int64_t f9g3_38 = f9_2 * static_cast(g3_19); + const int64_t f9g4_19 = f9 * static_cast(g4_19); + const int64_t f9g5_38 = f9_2 * static_cast(g5_19); + const int64_t f9g6_19 = f9 * static_cast(g6_19); + const int64_t f9g7_38 = f9_2 * static_cast(g7_19); + const int64_t f9g8_19 = f9 * static_cast(g8_19); + const int64_t f9g9_38 = f9_2 * static_cast(g9_19); - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - - int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ - int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ - int32_t g3_19 = 19 * g3; - int32_t g4_19 = 19 * g4; - int32_t g5_19 = 19 * g5; - int32_t g6_19 = 19 * g6; - int32_t g7_19 = 19 * g7; - int32_t g8_19 = 19 * g8; - int32_t g9_19 = 19 * g9; - int32_t f1_2 = 2 * f1; - int32_t f3_2 = 2 * f3; - int32_t f5_2 = 2 * f5; - int32_t f7_2 = 2 * f7; - int32_t f9_2 = 2 * f9; - int64_t f0g0 = f0 * static_cast(g0); - int64_t f0g1 = f0 * static_cast(g1); - int64_t f0g2 = f0 * static_cast(g2); - int64_t f0g3 = f0 * static_cast(g3); - int64_t f0g4 = f0 * static_cast(g4); - int64_t f0g5 = f0 * static_cast(g5); - int64_t f0g6 = f0 * static_cast(g6); - int64_t f0g7 = f0 * static_cast(g7); - int64_t f0g8 = f0 * static_cast(g8); - int64_t f0g9 = f0 * static_cast(g9); - int64_t f1g0 = f1 * static_cast(g0); - int64_t f1g1_2 = f1_2 * static_cast(g1); - int64_t f1g2 = f1 * static_cast(g2); - int64_t f1g3_2 = f1_2 * static_cast(g3); - int64_t f1g4 = f1 * static_cast(g4); - int64_t f1g5_2 = f1_2 * static_cast(g5); - int64_t f1g6 = f1 * static_cast(g6); - int64_t f1g7_2 = f1_2 * static_cast(g7); - int64_t f1g8 = f1 * static_cast(g8); - int64_t f1g9_38 = f1_2 * static_cast(g9_19); - int64_t f2g0 = f2 * static_cast(g0); - int64_t f2g1 = f2 * static_cast(g1); - int64_t f2g2 = f2 * static_cast(g2); - int64_t f2g3 = f2 * static_cast(g3); - int64_t f2g4 = f2 * static_cast(g4); - int64_t f2g5 = f2 * static_cast(g5); - int64_t f2g6 = f2 * static_cast(g6); - int64_t f2g7 = f2 * static_cast(g7); - int64_t f2g8_19 = f2 * static_cast(g8_19); - int64_t f2g9_19 = f2 * static_cast(g9_19); - int64_t f3g0 = f3 * static_cast(g0); - int64_t f3g1_2 = f3_2 * static_cast(g1); - int64_t f3g2 = f3 * static_cast(g2); - int64_t f3g3_2 = f3_2 * static_cast(g3); - int64_t f3g4 = f3 * static_cast(g4); - int64_t f3g5_2 = f3_2 * static_cast(g5); - int64_t f3g6 = f3 * static_cast(g6); - int64_t f3g7_38 = f3_2 * static_cast(g7_19); - int64_t f3g8_19 = f3 * static_cast(g8_19); - int64_t f3g9_38 = f3_2 * static_cast(g9_19); - int64_t f4g0 = f4 * static_cast(g0); - int64_t f4g1 = f4 * static_cast(g1); - int64_t f4g2 = f4 * static_cast(g2); - int64_t f4g3 = f4 * static_cast(g3); - int64_t f4g4 = f4 * static_cast(g4); - int64_t f4g5 = f4 * static_cast(g5); - int64_t f4g6_19 = f4 * static_cast(g6_19); - int64_t f4g7_19 = f4 * static_cast(g7_19); - int64_t f4g8_19 = f4 * static_cast(g8_19); - int64_t f4g9_19 = f4 * static_cast(g9_19); - int64_t f5g0 = f5 * static_cast(g0); - int64_t f5g1_2 = f5_2 * static_cast(g1); - int64_t f5g2 = f5 * static_cast(g2); - int64_t f5g3_2 = f5_2 * static_cast(g3); - int64_t f5g4 = f5 * static_cast(g4); - int64_t f5g5_38 = f5_2 * static_cast(g5_19); - int64_t f5g6_19 = f5 * static_cast(g6_19); - int64_t f5g7_38 = f5_2 * static_cast(g7_19); - int64_t f5g8_19 = f5 * static_cast(g8_19); - int64_t f5g9_38 = f5_2 * static_cast(g9_19); - int64_t f6g0 = f6 * static_cast(g0); - int64_t f6g1 = f6 * static_cast(g1); - int64_t f6g2 = f6 * static_cast(g2); - int64_t f6g3 = f6 * static_cast(g3); - int64_t f6g4_19 = f6 * static_cast(g4_19); - int64_t f6g5_19 = f6 * static_cast(g5_19); - int64_t f6g6_19 = f6 * static_cast(g6_19); - int64_t f6g7_19 = f6 * static_cast(g7_19); - int64_t f6g8_19 = f6 * static_cast(g8_19); - int64_t f6g9_19 = f6 * static_cast(g9_19); - int64_t f7g0 = f7 * static_cast(g0); - int64_t f7g1_2 = f7_2 * static_cast(g1); - int64_t f7g2 = f7 * static_cast(g2); - int64_t f7g3_38 = f7_2 * static_cast(g3_19); - int64_t f7g4_19 = f7 * static_cast(g4_19); - int64_t f7g5_38 = f7_2 * static_cast(g5_19); - int64_t f7g6_19 = f7 * static_cast(g6_19); - int64_t f7g7_38 = f7_2 * static_cast(g7_19); - int64_t f7g8_19 = f7 * static_cast(g8_19); - int64_t f7g9_38 = f7_2 * static_cast(g9_19); - int64_t f8g0 = f8 * static_cast(g0); - int64_t f8g1 = f8 * static_cast(g1); - int64_t f8g2_19 = f8 * static_cast(g2_19); - int64_t f8g3_19 = f8 * static_cast(g3_19); - int64_t f8g4_19 = f8 * static_cast(g4_19); - int64_t f8g5_19 = f8 * static_cast(g5_19); - int64_t f8g6_19 = f8 * static_cast(g6_19); - int64_t f8g7_19 = f8 * static_cast(g7_19); - int64_t f8g8_19 = f8 * static_cast(g8_19); - int64_t f8g9_19 = f8 * static_cast(g9_19); - int64_t f9g0 = f9 * static_cast(g0); - int64_t f9g1_38 = f9_2 * static_cast(g1_19); - int64_t f9g2_19 = f9 * static_cast(g2_19); - int64_t f9g3_38 = f9_2 * static_cast(g3_19); - int64_t f9g4_19 = f9 * static_cast(g4_19); - int64_t f9g5_38 = f9_2 * static_cast(g5_19); - int64_t f9g6_19 = f9 * static_cast(g6_19); - int64_t f9g7_38 = f9_2 * static_cast(g7_19); - int64_t f9g8_19 = f9 * static_cast(g8_19); - int64_t f9g9_38 = f9_2 * static_cast(g9_19); int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; @@ -260,16 +262,6 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19; int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38; int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) @@ -277,74 +269,49 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ - const int64_t X24 = (1 << 24); - const int64_t X25 = (1 << 25); - const int64_t X26 = (1 << 26); + carry<26>(h0, h1); + carry<26>(h4, h5); - carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; - carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; /* |h0| <= 2^25 */ /* |h4| <= 2^25 */ /* |h1| <= 1.71*2^59 */ /* |h5| <= 1.71*2^59 */ - carry1 = (h1 + X24) >> 25; - h2 += carry1; - h1 -= carry1 * X25; - carry5 = (h5 + X24) >> 25; - h6 += carry5; - h5 -= carry5 * X25; + carry<25>(h1, h2); + carry<25>(h5, h6); + /* |h1| <= 2^24; from now on fits into int32 */ /* |h5| <= 2^24; from now on fits into int32 */ /* |h2| <= 1.41*2^60 */ /* |h6| <= 1.41*2^60 */ - carry2 = (h2 + X25) >> 26; - h3 += carry2; - h2 -= carry2 * X26; - carry6 = (h6 + X25) >> 26; - h7 += carry6; - h6 -= carry6 * X26; + carry<26>(h2, h3); + carry<26>(h6, h7); /* |h2| <= 2^25; from now on fits into int32 unchanged */ /* |h6| <= 2^25; from now on fits into int32 unchanged */ /* |h3| <= 1.71*2^59 */ /* |h7| <= 1.71*2^59 */ - carry3 = (h3 + X24) >> 25; - h4 += carry3; - h3 -= carry3 * X25; - carry7 = (h7 + X24) >> 25; - h8 += carry7; - h7 -= carry7 * X25; + carry<25>(h3, h4); + carry<25>(h7, h8); /* |h3| <= 2^24; from now on fits into int32 unchanged */ /* |h7| <= 2^24; from now on fits into int32 unchanged */ /* |h4| <= 1.72*2^34 */ /* |h8| <= 1.41*2^60 */ - carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; - carry8 = (h8 + X25) >> 26; - h9 += carry8; - h8 -= carry8 * X26; + carry<26>(h4, h5); + carry<26>(h8, h9); /* |h4| <= 2^25; from now on fits into int32 unchanged */ /* |h8| <= 2^25; from now on fits into int32 unchanged */ /* |h5| <= 1.01*2^24 */ /* |h9| <= 1.71*2^59 */ - carry9 = (h9 + X24) >> 25; - h0 += carry9 * 19; - h9 -= carry9 * X25; + carry<25, 19>(h9, h0); + /* |h9| <= 2^24; from now on fits into int32 unchanged */ /* |h0| <= 1.1*2^39 */ - carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; + carry<26>(h0, h1); /* |h0| <= 2^25; from now on fits into int32 unchanged */ /* |h1| <= 1.01*2^24 */ @@ -369,10 +336,6 @@ See fe_mul.c for discussion of implementation strategy. //static FE_25519 FE_25519::sqr_iter(const FE_25519& f, size_t iter) { - const int64_t X24 = (1 << 24); - const int64_t X25 = (1 << 25); - const int64_t X26 = (1 << 26); - int32_t f0 = f[0]; int32_t f1 = f[1]; int32_t f2 = f[2]; @@ -467,58 +430,20 @@ FE_25519 FE_25519::sqr_iter(const FE_25519& f, size_t iter) int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; - carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; - - carry1 = (h1 + X24) >> 25; - h2 += carry1; - h1 -= carry1 * X25; - carry5 = (h5 + X24) >> 25; - h6 += carry5; - h5 -= carry5 * X25; - - carry2 = (h2 + X25) >> 26; - h3 += carry2; - h2 -= carry2 * X26; - carry6 = (h6 + X25) >> 26; - h7 += carry6; - h6 -= carry6 * X26; - - carry3 = (h3 + X24) >> 25; - h4 += carry3; - h3 -= carry3 * X25; - carry7 = (h7 + X24) >> 25; - h8 += carry7; - h7 -= carry7 * X25; - - carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; - carry8 = (h8 + X25) >> 26; - h9 += carry8; - h8 -= carry8 * X26; - - carry9 = (h9 + X24) >> 25; - h0 += carry9 * 19; - h9 -= carry9 * X25; - carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; + carry<26>(h0, h1); + carry<26>(h4, h5); + carry<25>(h1, h2); + carry<25>(h5, h6); + carry<26>(h2, h3); + carry<26>(h6, h7); + + carry<25>(h3, h4); + carry<25>(h7, h8); + + carry<26>(h4, h5); + carry<26>(h8, h9); + carry<25,19>(h9, h0); + carry<26>(h0, h1); f0 = h0; f1 = h1; @@ -553,88 +478,85 @@ See fe_mul.c for discussion of implementation strategy. //static FE_25519 FE_25519::sqr2(const FE_25519& f) { - const int64_t X24 = (1 << 24); - const int64_t X25 = (1 << 25); - const int64_t X26 = (1 << 26); + const int32_t f0 = f[0]; + const int32_t f1 = f[1]; + const int32_t f2 = f[2]; + const int32_t f3 = f[3]; + const int32_t f4 = f[4]; + const int32_t f5 = f[5]; + const int32_t f6 = f[6]; + const int32_t f7 = f[7]; + const int32_t f8 = f[8]; + const int32_t f9 = f[9]; + const int32_t f0_2 = 2 * f0; + const int32_t f1_2 = 2 * f1; + const int32_t f2_2 = 2 * f2; + const int32_t f3_2 = 2 * f3; + const int32_t f4_2 = 2 * f4; + const int32_t f5_2 = 2 * f5; + const int32_t f6_2 = 2 * f6; + const int32_t f7_2 = 2 * f7; + const int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + const int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + const int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + const int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + const int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + const int64_t f0f0 = f0 * static_cast(f0); + const int64_t f0f1_2 = f0_2 * static_cast(f1); + const int64_t f0f2_2 = f0_2 * static_cast(f2); + const int64_t f0f3_2 = f0_2 * static_cast(f3); + const int64_t f0f4_2 = f0_2 * static_cast(f4); + const int64_t f0f5_2 = f0_2 * static_cast(f5); + const int64_t f0f6_2 = f0_2 * static_cast(f6); + const int64_t f0f7_2 = f0_2 * static_cast(f7); + const int64_t f0f8_2 = f0_2 * static_cast(f8); + const int64_t f0f9_2 = f0_2 * static_cast(f9); + const int64_t f1f1_2 = f1_2 * static_cast(f1); + const int64_t f1f2_2 = f1_2 * static_cast(f2); + const int64_t f1f3_4 = f1_2 * static_cast(f3_2); + const int64_t f1f4_2 = f1_2 * static_cast(f4); + const int64_t f1f5_4 = f1_2 * static_cast(f5_2); + const int64_t f1f6_2 = f1_2 * static_cast(f6); + const int64_t f1f7_4 = f1_2 * static_cast(f7_2); + const int64_t f1f8_2 = f1_2 * static_cast(f8); + const int64_t f1f9_76 = f1_2 * static_cast(f9_38); + const int64_t f2f2 = f2 * static_cast(f2); + const int64_t f2f3_2 = f2_2 * static_cast(f3); + const int64_t f2f4_2 = f2_2 * static_cast(f4); + const int64_t f2f5_2 = f2_2 * static_cast(f5); + const int64_t f2f6_2 = f2_2 * static_cast(f6); + const int64_t f2f7_2 = f2_2 * static_cast(f7); + const int64_t f2f8_38 = f2_2 * static_cast(f8_19); + const int64_t f2f9_38 = f2 * static_cast(f9_38); + const int64_t f3f3_2 = f3_2 * static_cast(f3); + const int64_t f3f4_2 = f3_2 * static_cast(f4); + const int64_t f3f5_4 = f3_2 * static_cast(f5_2); + const int64_t f3f6_2 = f3_2 * static_cast(f6); + const int64_t f3f7_76 = f3_2 * static_cast(f7_38); + const int64_t f3f8_38 = f3_2 * static_cast(f8_19); + const int64_t f3f9_76 = f3_2 * static_cast(f9_38); + const int64_t f4f4 = f4 * static_cast(f4); + const int64_t f4f5_2 = f4_2 * static_cast(f5); + const int64_t f4f6_38 = f4_2 * static_cast(f6_19); + const int64_t f4f7_38 = f4 * static_cast(f7_38); + const int64_t f4f8_38 = f4_2 * static_cast(f8_19); + const int64_t f4f9_38 = f4 * static_cast(f9_38); + const int64_t f5f5_38 = f5 * static_cast(f5_38); + const int64_t f5f6_38 = f5_2 * static_cast(f6_19); + const int64_t f5f7_76 = f5_2 * static_cast(f7_38); + const int64_t f5f8_38 = f5_2 * static_cast(f8_19); + const int64_t f5f9_76 = f5_2 * static_cast(f9_38); + const int64_t f6f6_19 = f6 * static_cast(f6_19); + const int64_t f6f7_38 = f6 * static_cast(f7_38); + const int64_t f6f8_38 = f6_2 * static_cast(f8_19); + const int64_t f6f9_38 = f6 * static_cast(f9_38); + const int64_t f7f7_38 = f7 * static_cast(f7_38); + const int64_t f7f8_38 = f7_2 * static_cast(f8_19); + const int64_t f7f9_76 = f7_2 * static_cast(f9_38); + const int64_t f8f8_19 = f8 * static_cast(f8_19); + const int64_t f8f9_38 = f8 * static_cast(f9_38); + const int64_t f9f9_38 = f9 * static_cast(f9_38); - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * static_cast(f0); - int64_t f0f1_2 = f0_2 * static_cast(f1); - int64_t f0f2_2 = f0_2 * static_cast(f2); - int64_t f0f3_2 = f0_2 * static_cast(f3); - int64_t f0f4_2 = f0_2 * static_cast(f4); - int64_t f0f5_2 = f0_2 * static_cast(f5); - int64_t f0f6_2 = f0_2 * static_cast(f6); - int64_t f0f7_2 = f0_2 * static_cast(f7); - int64_t f0f8_2 = f0_2 * static_cast(f8); - int64_t f0f9_2 = f0_2 * static_cast(f9); - int64_t f1f1_2 = f1_2 * static_cast(f1); - int64_t f1f2_2 = f1_2 * static_cast(f2); - int64_t f1f3_4 = f1_2 * static_cast(f3_2); - int64_t f1f4_2 = f1_2 * static_cast(f4); - int64_t f1f5_4 = f1_2 * static_cast(f5_2); - int64_t f1f6_2 = f1_2 * static_cast(f6); - int64_t f1f7_4 = f1_2 * static_cast(f7_2); - int64_t f1f8_2 = f1_2 * static_cast(f8); - int64_t f1f9_76 = f1_2 * static_cast(f9_38); - int64_t f2f2 = f2 * static_cast(f2); - int64_t f2f3_2 = f2_2 * static_cast(f3); - int64_t f2f4_2 = f2_2 * static_cast(f4); - int64_t f2f5_2 = f2_2 * static_cast(f5); - int64_t f2f6_2 = f2_2 * static_cast(f6); - int64_t f2f7_2 = f2_2 * static_cast(f7); - int64_t f2f8_38 = f2_2 * static_cast(f8_19); - int64_t f2f9_38 = f2 * static_cast(f9_38); - int64_t f3f3_2 = f3_2 * static_cast(f3); - int64_t f3f4_2 = f3_2 * static_cast(f4); - int64_t f3f5_4 = f3_2 * static_cast(f5_2); - int64_t f3f6_2 = f3_2 * static_cast(f6); - int64_t f3f7_76 = f3_2 * static_cast(f7_38); - int64_t f3f8_38 = f3_2 * static_cast(f8_19); - int64_t f3f9_76 = f3_2 * static_cast(f9_38); - int64_t f4f4 = f4 * static_cast(f4); - int64_t f4f5_2 = f4_2 * static_cast(f5); - int64_t f4f6_38 = f4_2 * static_cast(f6_19); - int64_t f4f7_38 = f4 * static_cast(f7_38); - int64_t f4f8_38 = f4_2 * static_cast(f8_19); - int64_t f4f9_38 = f4 * static_cast(f9_38); - int64_t f5f5_38 = f5 * static_cast(f5_38); - int64_t f5f6_38 = f5_2 * static_cast(f6_19); - int64_t f5f7_76 = f5_2 * static_cast(f7_38); - int64_t f5f8_38 = f5_2 * static_cast(f8_19); - int64_t f5f9_76 = f5_2 * static_cast(f9_38); - int64_t f6f6_19 = f6 * static_cast(f6_19); - int64_t f6f7_38 = f6 * static_cast(f7_38); - int64_t f6f8_38 = f6_2 * static_cast(f8_19); - int64_t f6f9_38 = f6 * static_cast(f9_38); - int64_t f7f7_38 = f7 * static_cast(f7_38); - int64_t f7f8_38 = f7_2 * static_cast(f8_19); - int64_t f7f9_76 = f7_2 * static_cast(f9_38); - int64_t f8f8_19 = f8 * static_cast(f8_19); - int64_t f8f9_38 = f8 * static_cast(f9_38); - int64_t f9f9_38 = f9 * static_cast(f9_38); int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; @@ -645,16 +567,6 @@ FE_25519 FE_25519::sqr2(const FE_25519& f) int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; h0 += h0; h1 += h1; @@ -667,48 +579,21 @@ FE_25519 FE_25519::sqr2(const FE_25519& f) h8 += h8; h9 += h9; - carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; - carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; - - carry1 = (h1 + X24) >> 25; - h2 += carry1; - h1 -= carry1 * X25; - carry5 = (h5 + X24) >> 25; - h6 += carry5; - h5 -= carry5 * X25; - - carry2 = (h2 + X25) >> 26; - h3 += carry2; - h2 -= carry2 * X26; - carry6 = (h6 + X25) >> 26; - h7 += carry6; - h6 -= carry6 * X26; - - carry3 = (h3 + X24) >> 25; - h4 += carry3; - h3 -= carry3 * X25; - carry7 = (h7 + X24) >> 25; - h8 += carry7; - h7 -= carry7 * X25; - - carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; - carry8 = (h8 + X25) >> 26; - h9 += carry8; - h8 -= carry8 * X26; - - carry9 = (h9 + X24) >> 25; - h0 += carry9 * 19; - h9 -= carry9 * X25; + carry<26>(h0, h1); + carry<26>(h4, h5); + + carry<25>(h1, h2); + carry<25>(h5, h6); + + carry<26>(h2, h3); + carry<26>(h6, h7); - carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; + carry<25>(h3, h4); + carry<25>(h7, h8); + carry<26>(h4, h5); + carry<26>(h8, h9); + carry<25,19>(h9, h0); + carry<26>(h0, h1); return FE_25519(h0, h1, h2, h3, h4, h5, h6, h7, h8, h9); } @@ -719,10 +604,6 @@ Ignores top bit of h. void FE_25519::from_bytes(const uint8_t s[32]) { - const int64_t X24 = (1 << 24); - const int64_t X25 = (1 << 25); - const int64_t X26 = (1 << 26); - int64_t h0 = load_4(s); int64_t h1 = load_3(s + 4) << 6; int64_t h2 = load_3(s + 7) << 5; @@ -734,37 +615,17 @@ void FE_25519::from_bytes(const uint8_t s[32]) int64_t h8 = load_3(s + 26) << 4; int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2; - const int64_t carry9 = (h9 + X24) >> 25; - h0 += carry9 * 19; - h9 -= carry9 * X25; - const int64_t carry1 = (h1 + X24) >> 25; - h2 += carry1; - h1 -= carry1 * X25; - const int64_t carry3 = (h3 + X24) >> 25; - h4 += carry3; - h3 -= carry3 * X25; - const int64_t carry5 = (h5 + X24) >> 25; - h6 += carry5; - h5 -= carry5 * X25; - const int64_t carry7 = (h7 + X24) >> 25; - h8 += carry7; - h7 -= carry7 * X25; - - const int64_t carry0 = (h0 + X25) >> 26; - h1 += carry0; - h0 -= carry0 * X26; - const int64_t carry2 = (h2 + X25) >> 26; - h3 += carry2; - h2 -= carry2 * X26; - const int64_t carry4 = (h4 + X25) >> 26; - h5 += carry4; - h4 -= carry4 * X26; - const int64_t carry6 = (h6 + X25) >> 26; - h7 += carry6; - h6 -= carry6 * X26; - const int64_t carry8 = (h8 + X25) >> 26; - h9 += carry8; - h8 -= carry8 * X26; + carry<25,19>(h9, h0); + carry<25>(h1, h2); + carry<25>(h3, h4); + carry<25>(h5, h6); + carry<25>(h7, h8); + + carry<26>(h0, h1); + carry<26>(h2, h3); + carry<26>(h4, h5); + carry<26>(h6, h7); + carry<26>(h8, h9); m_fe[0] = h0; m_fe[1] = h1; @@ -819,16 +680,6 @@ void FE_25519::to_bytes(uint8_t s[32]) const int32_t h8 = m_fe[8]; int32_t h9 = m_fe[9]; int32_t q; - int32_t carry0; - int32_t carry1; - int32_t carry2; - int32_t carry3; - int32_t carry4; - int32_t carry5; - int32_t carry6; - int32_t carry7; - int32_t carry8; - int32_t carry9; q = (19 * h9 + ((static_cast(1) << 24))) >> 25; q = (h0 + q) >> 26; @@ -846,34 +697,17 @@ void FE_25519::to_bytes(uint8_t s[32]) const h0 += 19 * q; /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ - carry0 = h0 >> 26; - h1 += carry0; - h0 -= carry0 * X26; - carry1 = h1 >> 25; - h2 += carry1; - h1 -= carry1 * X25; - carry2 = h2 >> 26; - h3 += carry2; - h2 -= carry2 * X26; - carry3 = h3 >> 25; - h4 += carry3; - h3 -= carry3 * X25; - carry4 = h4 >> 26; - h5 += carry4; - h4 -= carry4 * X26; - carry5 = h5 >> 25; - h6 += carry5; - h5 -= carry5 * X25; - carry6 = h6 >> 26; - h7 += carry6; - h6 -= carry6 * X26; - carry7 = h7 >> 25; - h8 += carry7; - h7 -= carry7 * X25; - carry8 = h8 >> 26; - h9 += carry8; - h8 -= carry8 * X26; - carry9 = h9 >> 25; + carry0<26>(h0, h1); + carry0<25>(h1, h2); + carry0<26>(h2, h3); + carry0<25>(h3, h4); + carry0<26>(h4, h5); + carry0<25>(h5, h6); + carry0<26>(h6, h7); + carry0<25>(h7, h8); + carry0<26>(h8, h9); + + int32_t carry9 = h9 >> 25; h9 -= carry9 * X25; /* h10 = carry9 */ diff --git a/src/lib/pubkey/ed25519/ed25519_internal.h b/src/lib/pubkey/ed25519/ed25519_internal.h index cb75e85404..0efeee6d7c 100644 --- a/src/lib/pubkey/ed25519/ed25519_internal.h +++ b/src/lib/pubkey/ed25519/ed25519_internal.h @@ -28,6 +28,40 @@ inline uint64_t load_4(const uint8_t* in) return load_le(in, 0); } +template +inline void carry(int64_t& h0, int64_t& h1) + { + static_assert(S > 0 && S < 64, "Shift in range"); + + const int64_t X1 = (static_cast(1) << S); + const int64_t X2 = (static_cast(1) << (S - 1)); + int64_t c = (h0 + X2) >> S; + h1 += c * MUL; + h0 -= c * X1; + } + +template +inline void carry0(int64_t& h0, int64_t& h1) + { + static_assert(S > 0 && S < 64, "Shift in range"); + + const int64_t X1 = (static_cast(1) << S); + int64_t c = h0 >> S; + h1 += c; + h0 -= c * X1; + } + +template +inline void carry0(int32_t& h0, int32_t& h1) + { + static_assert(S > 0 && S < 32, "Shift in range"); + + const int32_t X1 = (static_cast(1) << S); + int32_t c = h0 >> S; + h1 += c; + h0 -= c * X1; + } + /* ge means group element. diff --git a/src/lib/pubkey/ed25519/sc_muladd.cpp b/src/lib/pubkey/ed25519/sc_muladd.cpp index 83863eeb4c..948fdcc86e 100644 --- a/src/lib/pubkey/ed25519/sc_muladd.cpp +++ b/src/lib/pubkey/ed25519/sc_muladd.cpp @@ -28,41 +28,43 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) const int64_t X20 = (1 << 20); const int64_t X21 = (1 << 21); - int64_t a0 = 2097151 & load_3(a); - int64_t a1 = 2097151 & (load_4(a + 2) >> 5); - int64_t a2 = 2097151 & (load_3(a + 5) >> 2); - int64_t a3 = 2097151 & (load_4(a + 7) >> 7); - int64_t a4 = 2097151 & (load_4(a + 10) >> 4); - int64_t a5 = 2097151 & (load_3(a + 13) >> 1); - int64_t a6 = 2097151 & (load_4(a + 15) >> 6); - int64_t a7 = 2097151 & (load_3(a + 18) >> 3); - int64_t a8 = 2097151 & load_3(a + 21); - int64_t a9 = 2097151 & (load_4(a + 23) >> 5); - int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + const int32_t MASK = 0x1fffff; + + int64_t a0 = MASK & load_3(a); + int64_t a1 = MASK & (load_4(a + 2) >> 5); + int64_t a2 = MASK & (load_3(a + 5) >> 2); + int64_t a3 = MASK & (load_4(a + 7) >> 7); + int64_t a4 = MASK & (load_4(a + 10) >> 4); + int64_t a5 = MASK & (load_3(a + 13) >> 1); + int64_t a6 = MASK & (load_4(a + 15) >> 6); + int64_t a7 = MASK & (load_3(a + 18) >> 3); + int64_t a8 = MASK & load_3(a + 21); + int64_t a9 = MASK & (load_4(a + 23) >> 5); + int64_t a10 = MASK & (load_3(a + 26) >> 2); int64_t a11 = (load_4(a + 28) >> 7); - int64_t b0 = 2097151 & load_3(b); - int64_t b1 = 2097151 & (load_4(b + 2) >> 5); - int64_t b2 = 2097151 & (load_3(b + 5) >> 2); - int64_t b3 = 2097151 & (load_4(b + 7) >> 7); - int64_t b4 = 2097151 & (load_4(b + 10) >> 4); - int64_t b5 = 2097151 & (load_3(b + 13) >> 1); - int64_t b6 = 2097151 & (load_4(b + 15) >> 6); - int64_t b7 = 2097151 & (load_3(b + 18) >> 3); - int64_t b8 = 2097151 & load_3(b + 21); - int64_t b9 = 2097151 & (load_4(b + 23) >> 5); - int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b0 = MASK & load_3(b); + int64_t b1 = MASK & (load_4(b + 2) >> 5); + int64_t b2 = MASK & (load_3(b + 5) >> 2); + int64_t b3 = MASK & (load_4(b + 7) >> 7); + int64_t b4 = MASK & (load_4(b + 10) >> 4); + int64_t b5 = MASK & (load_3(b + 13) >> 1); + int64_t b6 = MASK & (load_4(b + 15) >> 6); + int64_t b7 = MASK & (load_3(b + 18) >> 3); + int64_t b8 = MASK & load_3(b + 21); + int64_t b9 = MASK & (load_4(b + 23) >> 5); + int64_t b10 = MASK & (load_3(b + 26) >> 2); int64_t b11 = (load_4(b + 28) >> 7); - int64_t c0 = 2097151 & load_3(c); - int64_t c1 = 2097151 & (load_4(c + 2) >> 5); - int64_t c2 = 2097151 & (load_3(c + 5) >> 2); - int64_t c3 = 2097151 & (load_4(c + 7) >> 7); - int64_t c4 = 2097151 & (load_4(c + 10) >> 4); - int64_t c5 = 2097151 & (load_3(c + 13) >> 1); - int64_t c6 = 2097151 & (load_4(c + 15) >> 6); - int64_t c7 = 2097151 & (load_3(c + 18) >> 3); - int64_t c8 = 2097151 & load_3(c + 21); - int64_t c9 = 2097151 & (load_4(c + 23) >> 5); - int64_t c10 = 2097151 & (load_3(c + 26) >> 2); + int64_t c0 = MASK & load_3(c); + int64_t c1 = MASK & (load_4(c + 2) >> 5); + int64_t c2 = MASK & (load_3(c + 5) >> 2); + int64_t c3 = MASK & (load_4(c + 7) >> 7); + int64_t c4 = MASK & (load_4(c + 10) >> 4); + int64_t c5 = MASK & (load_3(c + 13) >> 1); + int64_t c6 = MASK & (load_4(c + 15) >> 6); + int64_t c7 = MASK & (load_3(c + 18) >> 3); + int64_t c8 = MASK & load_3(c + 21); + int64_t c9 = MASK & (load_4(c + 23) >> 5); + int64_t c10 = MASK & (load_3(c + 26) >> 2); int64_t c11 = (load_4(c + 28) >> 7); int64_t s0; int64_t s1; @@ -88,29 +90,6 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) int64_t s21; int64_t s22; int64_t s23; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - int64_t carry10; - int64_t carry11; - int64_t carry12; - int64_t carry13; - int64_t carry14; - int64_t carry15; - int64_t carry16; - int64_t carry17; - int64_t carry18; - int64_t carry19; - int64_t carry20; - int64_t carry21; - int64_t carry22; s0 = c0 + a0*b0; s1 = c1 + a0*b1 + a1*b0; @@ -137,76 +116,30 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s22 = a11*b11; s23 = 0; - carry0 = (s0 + X20) >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry2 = (s2 + X20) >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry4 = (s4 + X20) >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry6 = (s6 + X20) >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry8 = (s8 + X20) >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry10 = (s10 + X20) >> 21; - s11 += carry10; - s10 -= carry10 * X21; - carry12 = (s12 + X20) >> 21; - s13 += carry12; - s12 -= carry12 * X21; - carry14 = (s14 + X20) >> 21; - s15 += carry14; - s14 -= carry14 * X21; - carry16 = (s16 + X20) >> 21; - s17 += carry16; - s16 -= carry16 * X21; - carry18 = (s18 + X20) >> 21; - s19 += carry18; - s18 -= carry18 * X21; - carry20 = (s20 + X20) >> 21; - s21 += carry20; - s20 -= carry20 * X21; - carry22 = (s22 + X20) >> 21; - s23 += carry22; - s22 -= carry22 * X21; - - carry1 = (s1 + X20) >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry3 = (s3 + X20) >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry5 = (s5 + X20) >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry7 = (s7 + X20) >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry9 = (s9 + X20) >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry11 = (s11 + X20) >> 21; - s12 += carry11; - s11 -= carry11 * X21; - carry13 = (s13 + X20) >> 21; - s14 += carry13; - s13 -= carry13 * X21; - carry15 = (s15 + X20) >> 21; - s16 += carry15; - s15 -= carry15 * X21; - carry17 = (s17 + X20) >> 21; - s18 += carry17; - s17 -= carry17 * X21; - carry19 = (s19 + X20) >> 21; - s20 += carry19; - s19 -= carry19 * X21; - carry21 = (s21 + X20) >> 21; - s22 += carry21; - s21 -= carry21 * X21; + carry<21>(s0, s1); + carry<21>(s2, s3); + carry<21>(s4, s5); + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + carry<21>(s12, s13); + carry<21>(s14, s15); + carry<21>(s16, s17); + carry<21>(s18, s19); + carry<21>(s20, s21); + carry<21>(s22, s23); + + carry<21>(s1, s2); + carry<21>(s3, s4); + carry<21>(s5, s6); + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); + carry<21>(s13, s14); + carry<21>(s15, s16); + carry<21>(s17, s18); + carry<21>(s19, s20); + carry<21>(s21, s22); s11 += s23 * 666643; s12 += s23 * 470296; @@ -256,40 +189,18 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s11 -= s18 * 683901; s18 = 0; - carry6 = (s6 + X20) >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry8 = (s8 + X20) >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry10 = (s10 + X20) >> 21; - s11 += carry10; - s10 -= carry10 * X21; - carry12 = (s12 + X20) >> 21; - s13 += carry12; - s12 -= carry12 * X21; - carry14 = (s14 + X20) >> 21; - s15 += carry14; - s14 -= carry14 * X21; - carry16 = (s16 + X20) >> 21; - s17 += carry16; - s16 -= carry16 * X21; - - carry7 = (s7 + X20) >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry9 = (s9 + X20) >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry11 = (s11 + X20) >> 21; - s12 += carry11; - s11 -= carry11 * X21; - carry13 = (s13 + X20) >> 21; - s14 += carry13; - s13 -= carry13 * X21; - carry15 = (s15 + X20) >> 21; - s16 += carry15; - s15 -= carry15 * X21; + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + carry<21>(s12, s13); + carry<21>(s14, s15); + carry<21>(s16, s17); + + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); + carry<21>(s13, s14); + carry<21>(s15, s16); s5 += s17 * 666643; s6 += s17 * 470296; @@ -339,43 +250,19 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s5 -= s12 * 683901; s12 = 0; - carry0 = (s0 + X20) >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry2 = (s2 + X20) >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry4 = (s4 + X20) >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry6 = (s6 + X20) >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry8 = (s8 + X20) >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry10 = (s10 + X20) >> 21; - s11 += carry10; - s10 -= carry10 * X21; - - carry1 = (s1 + X20) >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry3 = (s3 + X20) >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry5 = (s5 + X20) >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry7 = (s7 + X20) >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry9 = (s9 + X20) >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry11 = (s11 + X20) >> 21; - s12 += carry11; - s11 -= carry11 * X21; + carry<21>(s0, s1); + carry<21>(s2, s3); + carry<21>(s4, s5); + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + + carry<21>(s1, s2); + carry<21>(s3, s4); + carry<21>(s5, s6); + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); s0 += s12 * 666643; s1 += s12 * 470296; @@ -385,42 +272,18 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s5 -= s12 * 683901; s12 = 0; - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * X21; - carry11 = s11 >> 21; - s12 += carry11; - s11 -= carry11 * X21; + carry<21>(s0, s1); + carry<21>(s1, s2); + carry<21>(s2, s3); + carry<21>(s3, s4); + carry<21>(s4, s5); + carry<21>(s5, s6); + carry<21>(s6, s7); + carry<21>(s7, s8); + carry<21>(s8, s9); + carry<21>(s9, s10); + carry<21>(s10, s11); + carry0<21>(s11, s12); s0 += s12 * 666643; s1 += s12 * 470296; @@ -430,39 +293,17 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) s5 -= s12 * 683901; s12 = 0; - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * X21; + carry0<21>(s0, s1); + carry0<21>(s1, s2); + carry0<21>(s2, s3); + carry0<21>(s3, s4); + carry0<21>(s4, s5); + carry0<21>(s5, s6); + carry0<21>(s6, s7); + carry0<21>(s7, s8); + carry0<21>(s8, s9); + carry0<21>(s9, s10); + carry0<21>(s10, s11); s[0] = s0 >> 0; s[1] = s0 >> 8; diff --git a/src/lib/pubkey/ed25519/sc_reduce.cpp b/src/lib/pubkey/ed25519/sc_reduce.cpp index 5765c7dace..ec8f949550 100644 --- a/src/lib/pubkey/ed25519/sc_reduce.cpp +++ b/src/lib/pubkey/ed25519/sc_reduce.cpp @@ -24,51 +24,32 @@ namespace Botan { void sc_reduce(uint8_t* s) { - const int64_t X20 = (1 << 20); - const int64_t X21 = (1 << 21); - - - int64_t s0 = 2097151 & load_3(s); - int64_t s1 = 2097151 & (load_4(s + 2) >> 5); - int64_t s2 = 2097151 & (load_3(s + 5) >> 2); - int64_t s3 = 2097151 & (load_4(s + 7) >> 7); - int64_t s4 = 2097151 & (load_4(s + 10) >> 4); - int64_t s5 = 2097151 & (load_3(s + 13) >> 1); - int64_t s6 = 2097151 & (load_4(s + 15) >> 6); - int64_t s7 = 2097151 & (load_3(s + 18) >> 3); - int64_t s8 = 2097151 & load_3(s + 21); - int64_t s9 = 2097151 & (load_4(s + 23) >> 5); - int64_t s10 = 2097151 & (load_3(s + 26) >> 2); - int64_t s11 = 2097151 & (load_4(s + 28) >> 7); - int64_t s12 = 2097151 & (load_4(s + 31) >> 4); - int64_t s13 = 2097151 & (load_3(s + 34) >> 1); - int64_t s14 = 2097151 & (load_4(s + 36) >> 6); - int64_t s15 = 2097151 & (load_3(s + 39) >> 3); - int64_t s16 = 2097151 & load_3(s + 42); - int64_t s17 = 2097151 & (load_4(s + 44) >> 5); - int64_t s18 = 2097151 & (load_3(s + 47) >> 2); - int64_t s19 = 2097151 & (load_4(s + 49) >> 7); - int64_t s20 = 2097151 & (load_4(s + 52) >> 4); - int64_t s21 = 2097151 & (load_3(s + 55) >> 1); - int64_t s22 = 2097151 & (load_4(s + 57) >> 6); + const uint32_t MASK = 0x1fffff; + + int64_t s0 = MASK & load_3(s); + int64_t s1 = MASK & (load_4(s + 2) >> 5); + int64_t s2 = MASK & (load_3(s + 5) >> 2); + int64_t s3 = MASK & (load_4(s + 7) >> 7); + int64_t s4 = MASK & (load_4(s + 10) >> 4); + int64_t s5 = MASK & (load_3(s + 13) >> 1); + int64_t s6 = MASK & (load_4(s + 15) >> 6); + int64_t s7 = MASK & (load_3(s + 18) >> 3); + int64_t s8 = MASK & load_3(s + 21); + int64_t s9 = MASK & (load_4(s + 23) >> 5); + int64_t s10 = MASK & (load_3(s + 26) >> 2); + int64_t s11 = MASK & (load_4(s + 28) >> 7); + int64_t s12 = MASK & (load_4(s + 31) >> 4); + int64_t s13 = MASK & (load_3(s + 34) >> 1); + int64_t s14 = MASK & (load_4(s + 36) >> 6); + int64_t s15 = MASK & (load_3(s + 39) >> 3); + int64_t s16 = MASK & load_3(s + 42); + int64_t s17 = MASK & (load_4(s + 44) >> 5); + int64_t s18 = MASK & (load_3(s + 47) >> 2); + int64_t s19 = MASK & (load_4(s + 49) >> 7); + int64_t s20 = MASK & (load_4(s + 52) >> 4); + int64_t s21 = MASK & (load_3(s + 55) >> 1); + int64_t s22 = MASK & (load_4(s + 57) >> 6); int64_t s23 = (load_4(s + 60) >> 3); - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - int64_t carry10; - int64_t carry11; - int64_t carry12; - int64_t carry13; - int64_t carry14; - int64_t carry15; - int64_t carry16; s11 += s23 * 666643; s12 += s23 * 470296; @@ -118,40 +99,18 @@ void sc_reduce(uint8_t* s) s11 -= s18 * 683901; s18 = 0; - carry6 = (s6 + X20) >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry8 = (s8 + X20) >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry10 = (s10 + X20) >> 21; - s11 += carry10; - s10 -= carry10 * X21; - carry12 = (s12 + X20) >> 21; - s13 += carry12; - s12 -= carry12 * X21; - carry14 = (s14 + X20) >> 21; - s15 += carry14; - s14 -= carry14 * X21; - carry16 = (s16 + X20) >> 21; - s17 += carry16; - s16 -= carry16 * X21; + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); + carry<21>(s12, s13); + carry<21>(s14, s15); + carry<21>(s16, s17); - carry7 = (s7 + X20) >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry9 = (s9 + X20) >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry11 = (s11 + X20) >> 21; - s12 += carry11; - s11 -= carry11 * X21; - carry13 = (s13 + X20) >> 21; - s14 += carry13; - s13 -= carry13 * X21; - carry15 = (s15 + X20) >> 21; - s16 += carry15; - s15 -= carry15 * X21; + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); + carry<21>(s13, s14); + carry<21>(s15, s16); s5 += s17 * 666643; s6 += s17 * 470296; @@ -201,43 +160,19 @@ void sc_reduce(uint8_t* s) s5 -= s12 * 683901; s12 = 0; - carry0 = (s0 + X20) >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry2 = (s2 + X20) >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry4 = (s4 + X20) >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry6 = (s6 + X20) >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry8 = (s8 + X20) >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry10 = (s10 + X20) >> 21; - s11 += carry10; - s10 -= carry10 * X21; + carry<21>(s0, s1); + carry<21>(s2, s3); + carry<21>(s4, s5); + carry<21>(s6, s7); + carry<21>(s8, s9); + carry<21>(s10, s11); - carry1 = (s1 + X20) >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry3 = (s3 + X20) >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry5 = (s5 + X20) >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry7 = (s7 + X20) >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry9 = (s9 + X20) >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry11 = (s11 + X20) >> 21; - s12 += carry11; - s11 -= carry11 * X21; + carry<21>(s1, s2); + carry<21>(s3, s4); + carry<21>(s5, s6); + carry<21>(s7, s8); + carry<21>(s9, s10); + carry<21>(s11, s12); s0 += s12 * 666643; s1 += s12 * 470296; @@ -247,42 +182,18 @@ void sc_reduce(uint8_t* s) s5 -= s12 * 683901; s12 = 0; - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * X21; - carry11 = s11 >> 21; - s12 += carry11; - s11 -= carry11 * X21; + carry<21>(s0, s1); + carry<21>(s1, s2); + carry<21>(s2, s3); + carry<21>(s3, s4); + carry<21>(s4, s5); + carry<21>(s5, s6); + carry<21>(s6, s7); + carry<21>(s7, s8); + carry<21>(s8, s9); + carry<21>(s9, s10); + carry<21>(s10, s11); + carry0<21>(s11, s12); s0 += s12 * 666643; s1 += s12 * 470296; @@ -292,39 +203,17 @@ void sc_reduce(uint8_t* s) s5 -= s12 * 683901; s12 = 0; - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * X21; - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * X21; - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * X21; - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * X21; - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * X21; - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * X21; - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * X21; - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * X21; - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * X21; - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * X21; - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * X21; + carry0<21>(s0, s1); + carry0<21>(s1, s2); + carry0<21>(s2, s3); + carry0<21>(s3, s4); + carry0<21>(s4, s5); + carry0<21>(s5, s6); + carry0<21>(s6, s7); + carry0<21>(s7, s8); + carry0<21>(s8, s9); + carry0<21>(s9, s10); + carry0<21>(s10, s11); s[0] = s0 >> 0; s[1] = s0 >> 8; From c22fc530382acb28c3d747baf5eef8f44059182a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 17:18:00 -0400 Subject: [PATCH 0893/1008] Add another Ed25519 helper to save a few hundred redundant lines No impact on performance. --- src/lib/pubkey/ed25519/ed25519_internal.h | 17 ++ src/lib/pubkey/ed25519/sc_muladd.cpp | 268 ++++++---------------- src/lib/pubkey/ed25519/sc_reduce.cpp | 122 ++-------- 3 files changed, 106 insertions(+), 301 deletions(-) diff --git a/src/lib/pubkey/ed25519/ed25519_internal.h b/src/lib/pubkey/ed25519/ed25519_internal.h index 0efeee6d7c..cb67a43fd2 100644 --- a/src/lib/pubkey/ed25519/ed25519_internal.h +++ b/src/lib/pubkey/ed25519/ed25519_internal.h @@ -62,6 +62,23 @@ inline void carry0(int32_t& h0, int32_t& h1) h0 -= c * X1; } +inline void redc_mul(int64_t& s1, + int64_t& s2, + int64_t& s3, + int64_t& s4, + int64_t& s5, + int64_t& s6, + int64_t& X) + { + s1 += X * 666643; + s2 += X * 470296; + s3 += X * 654183; + s4 -= X * 997805; + s5 += X * 136657; + s6 -= X * 683901; + X = 0; + } + /* ge means group element. diff --git a/src/lib/pubkey/ed25519/sc_muladd.cpp b/src/lib/pubkey/ed25519/sc_muladd.cpp index 948fdcc86e..e8d3a0cd53 100644 --- a/src/lib/pubkey/ed25519/sc_muladd.cpp +++ b/src/lib/pubkey/ed25519/sc_muladd.cpp @@ -30,91 +30,67 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) const int32_t MASK = 0x1fffff; - int64_t a0 = MASK & load_3(a); - int64_t a1 = MASK & (load_4(a + 2) >> 5); - int64_t a2 = MASK & (load_3(a + 5) >> 2); - int64_t a3 = MASK & (load_4(a + 7) >> 7); - int64_t a4 = MASK & (load_4(a + 10) >> 4); - int64_t a5 = MASK & (load_3(a + 13) >> 1); - int64_t a6 = MASK & (load_4(a + 15) >> 6); - int64_t a7 = MASK & (load_3(a + 18) >> 3); - int64_t a8 = MASK & load_3(a + 21); - int64_t a9 = MASK & (load_4(a + 23) >> 5); - int64_t a10 = MASK & (load_3(a + 26) >> 2); - int64_t a11 = (load_4(a + 28) >> 7); - int64_t b0 = MASK & load_3(b); - int64_t b1 = MASK & (load_4(b + 2) >> 5); - int64_t b2 = MASK & (load_3(b + 5) >> 2); - int64_t b3 = MASK & (load_4(b + 7) >> 7); - int64_t b4 = MASK & (load_4(b + 10) >> 4); - int64_t b5 = MASK & (load_3(b + 13) >> 1); - int64_t b6 = MASK & (load_4(b + 15) >> 6); - int64_t b7 = MASK & (load_3(b + 18) >> 3); - int64_t b8 = MASK & load_3(b + 21); - int64_t b9 = MASK & (load_4(b + 23) >> 5); - int64_t b10 = MASK & (load_3(b + 26) >> 2); - int64_t b11 = (load_4(b + 28) >> 7); - int64_t c0 = MASK & load_3(c); - int64_t c1 = MASK & (load_4(c + 2) >> 5); - int64_t c2 = MASK & (load_3(c + 5) >> 2); - int64_t c3 = MASK & (load_4(c + 7) >> 7); - int64_t c4 = MASK & (load_4(c + 10) >> 4); - int64_t c5 = MASK & (load_3(c + 13) >> 1); - int64_t c6 = MASK & (load_4(c + 15) >> 6); - int64_t c7 = MASK & (load_3(c + 18) >> 3); - int64_t c8 = MASK & load_3(c + 21); - int64_t c9 = MASK & (load_4(c + 23) >> 5); - int64_t c10 = MASK & (load_3(c + 26) >> 2); - int64_t c11 = (load_4(c + 28) >> 7); - int64_t s0; - int64_t s1; - int64_t s2; - int64_t s3; - int64_t s4; - int64_t s5; - int64_t s6; - int64_t s7; - int64_t s8; - int64_t s9; - int64_t s10; - int64_t s11; - int64_t s12; - int64_t s13; - int64_t s14; - int64_t s15; - int64_t s16; - int64_t s17; - int64_t s18; - int64_t s19; - int64_t s20; - int64_t s21; - int64_t s22; - int64_t s23; - - s0 = c0 + a0*b0; - s1 = c1 + a0*b1 + a1*b0; - s2 = c2 + a0*b2 + a1*b1 + a2*b0; - s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0; - s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0; - s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0; - s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0; - s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0; - s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0; - s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0; - s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0; - s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0; - s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1; - s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2; - s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3; - s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4; - s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5; - s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6; - s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7; - s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8; - s20 = a9*b11 + a10*b10 + a11*b9; - s21 = a10*b11 + a11*b10; - s22 = a11*b11; - s23 = 0; + const int64_t a0 = MASK & load_3(a); + const int64_t a1 = MASK & (load_4(a + 2) >> 5); + const int64_t a2 = MASK & (load_3(a + 5) >> 2); + const int64_t a3 = MASK & (load_4(a + 7) >> 7); + const int64_t a4 = MASK & (load_4(a + 10) >> 4); + const int64_t a5 = MASK & (load_3(a + 13) >> 1); + const int64_t a6 = MASK & (load_4(a + 15) >> 6); + const int64_t a7 = MASK & (load_3(a + 18) >> 3); + const int64_t a8 = MASK & load_3(a + 21); + const int64_t a9 = MASK & (load_4(a + 23) >> 5); + const int64_t a10 = MASK & (load_3(a + 26) >> 2); + const int64_t a11 = (load_4(a + 28) >> 7); + const int64_t b0 = MASK & load_3(b); + const int64_t b1 = MASK & (load_4(b + 2) >> 5); + const int64_t b2 = MASK & (load_3(b + 5) >> 2); + const int64_t b3 = MASK & (load_4(b + 7) >> 7); + const int64_t b4 = MASK & (load_4(b + 10) >> 4); + const int64_t b5 = MASK & (load_3(b + 13) >> 1); + const int64_t b6 = MASK & (load_4(b + 15) >> 6); + const int64_t b7 = MASK & (load_3(b + 18) >> 3); + const int64_t b8 = MASK & load_3(b + 21); + const int64_t b9 = MASK & (load_4(b + 23) >> 5); + const int64_t b10 = MASK & (load_3(b + 26) >> 2); + const int64_t b11 = (load_4(b + 28) >> 7); + const int64_t c0 = MASK & load_3(c); + const int64_t c1 = MASK & (load_4(c + 2) >> 5); + const int64_t c2 = MASK & (load_3(c + 5) >> 2); + const int64_t c3 = MASK & (load_4(c + 7) >> 7); + const int64_t c4 = MASK & (load_4(c + 10) >> 4); + const int64_t c5 = MASK & (load_3(c + 13) >> 1); + const int64_t c6 = MASK & (load_4(c + 15) >> 6); + const int64_t c7 = MASK & (load_3(c + 18) >> 3); + const int64_t c8 = MASK & load_3(c + 21); + const int64_t c9 = MASK & (load_4(c + 23) >> 5); + const int64_t c10 = MASK & (load_3(c + 26) >> 2); + const int64_t c11 = (load_4(c + 28) >> 7); + + int64_t s0 = c0 + a0*b0; + int64_t s1 = c1 + a0*b1 + a1*b0; + int64_t s2 = c2 + a0*b2 + a1*b1 + a2*b0; + int64_t s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0; + int64_t s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0; + int64_t s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0; + int64_t s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0; + int64_t s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0; + int64_t s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0; + int64_t s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0; + int64_t s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0; + int64_t s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0; + int64_t s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1; + int64_t s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2; + int64_t s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3; + int64_t s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4; + int64_t s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5; + int64_t s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6; + int64_t s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7; + int64_t s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8; + int64_t s20 = a9*b11 + a10*b10 + a11*b9; + int64_t s21 = a10*b11 + a11*b10; + int64_t s22 = a11*b11; + int64_t s23 = 0; carry<21>(s0, s1); carry<21>(s2, s3); @@ -141,53 +117,12 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) carry<21>(s19, s20); carry<21>(s21, s22); - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - s23 = 0; - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - s22 = 0; - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - s21 = 0; - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - s20 = 0; - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - s19 = 0; - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - s18 = 0; + redc_mul(s11, s12, s13, s14, s15, s16, s23); + redc_mul(s10, s11, s12, s13, s14, s15, s22); + redc_mul( s9, s10, s11, s12, s13, s14, s21); + redc_mul( s8, s9, s10, s11, s12, s13, s20); + redc_mul( s7, s8, s9, s10, s11, s12, s19); + redc_mul( s6, s7, s8, s9, s10, s11, s18); carry<21>(s6, s7); carry<21>(s8, s9); @@ -202,53 +137,12 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) carry<21>(s13, s14); carry<21>(s15, s16); - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + redc_mul(s5, s6, s7, s8, s9, s10, s17); + redc_mul(s4, s5, s6, s7, s8, s9, s16); + redc_mul(s3, s4, s5, s6, s7, s8, s15); + redc_mul(s2, s3, s4, s5, s6, s7, s14); + redc_mul(s1, s2, s3, s4, s5, s6, s13); + redc_mul(s0, s1, s2, s3, s4, s5, s12); carry<21>(s0, s1); carry<21>(s2, s3); @@ -264,13 +158,7 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) carry<21>(s9, s10); carry<21>(s11, s12); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + redc_mul(s0, s1, s2, s3, s4, s5, s12); carry<21>(s0, s1); carry<21>(s1, s2); @@ -285,13 +173,7 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) carry<21>(s10, s11); carry0<21>(s11, s12); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + redc_mul(s0, s1, s2, s3, s4, s5, s12); carry0<21>(s0, s1); carry0<21>(s1, s2); diff --git a/src/lib/pubkey/ed25519/sc_reduce.cpp b/src/lib/pubkey/ed25519/sc_reduce.cpp index ec8f949550..b9d0f95272 100644 --- a/src/lib/pubkey/ed25519/sc_reduce.cpp +++ b/src/lib/pubkey/ed25519/sc_reduce.cpp @@ -51,53 +51,12 @@ void sc_reduce(uint8_t* s) int64_t s22 = MASK & (load_4(s + 57) >> 6); int64_t s23 = (load_4(s + 60) >> 3); - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - s23 = 0; - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - s22 = 0; - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - s21 = 0; - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - s20 = 0; - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - s19 = 0; - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - s18 = 0; + redc_mul(s11, s12, s13, s14, s15, s16, s23); + redc_mul(s10, s11, s12, s13, s14, s15, s22); + redc_mul( s9, s10, s11, s12, s13, s14, s21); + redc_mul( s8, s9, s10, s11, s12, s13, s20); + redc_mul( s7, s8, s9, s10, s11, s12, s19); + redc_mul( s6, s7, s8, s9, s10, s11, s18); carry<21>(s6, s7); carry<21>(s8, s9); @@ -112,53 +71,12 @@ void sc_reduce(uint8_t* s) carry<21>(s13, s14); carry<21>(s15, s16); - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + redc_mul(s5, s6, s7, s8, s9, s10, s17); + redc_mul(s4, s5, s6, s7, s8, s9, s16); + redc_mul(s3, s4, s5, s6, s7, s8, s15); + redc_mul(s2, s3, s4, s5, s6, s7, s14); + redc_mul(s1, s2, s3, s4, s5, s6, s13); + redc_mul(s0, s1, s2, s3, s4, s5, s12); carry<21>(s0, s1); carry<21>(s2, s3); @@ -174,13 +92,7 @@ void sc_reduce(uint8_t* s) carry<21>(s9, s10); carry<21>(s11, s12); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + redc_mul(s0, s1, s2, s3, s4, s5, s12); carry<21>(s0, s1); carry<21>(s1, s2); @@ -195,13 +107,7 @@ void sc_reduce(uint8_t* s) carry<21>(s10, s11); carry0<21>(s11, s12); - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; + redc_mul(s0, s1, s2, s3, s4, s5, s12); carry0<21>(s0, s1); carry0<21>(s1, s2); From 66e92c60eb5dff1b32995b2692594f8708c5c029 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 02:52:11 -0400 Subject: [PATCH 0894/1008] Simplify a common case BigInt constructor --- src/lib/math/bigint/bigint.cpp | 5 +++++ src/lib/math/bigint/bigint.h | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index a42707e073..694c7afaba 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -80,6 +80,11 @@ BigInt::BigInt(const std::string& str) else set_sign(Positive); } +BigInt::BigInt(const uint8_t input[], size_t length) + { + binary_decode(input, length); + } + /* * Construct a BigInt from an encoded BigInt */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 3f0eb8523d..56b907d805 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -70,13 +70,20 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ explicit BigInt(const std::string& str); + /** + * Create a BigInt from an integer in a byte array + * @param buf the byte array holding the value + * @param length size of buf + */ + BigInt(const uint8_t buf[], size_t length); + /** * Create a BigInt from an integer in a byte array * @param buf the byte array holding the value * @param length size of buf * @param base is the number base of the integer in buf */ - BigInt(const uint8_t buf[], size_t length, Base base = Binary); + BigInt(const uint8_t buf[], size_t length, Base base); /** * Create a BigInt from an array of words From 230ec136952ce4077b988302e940518a8f5454f2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 03:39:26 -0400 Subject: [PATCH 0895/1008] Remove unused variables [ci skip] --- src/lib/pubkey/ed25519/ed25519_fe.cpp | 1 - src/lib/pubkey/ed25519/sc_muladd.cpp | 3 --- 2 files changed, 4 deletions(-) diff --git a/src/lib/pubkey/ed25519/ed25519_fe.cpp b/src/lib/pubkey/ed25519/ed25519_fe.cpp index bea9c504b7..3eef1bb80e 100644 --- a/src/lib/pubkey/ed25519/ed25519_fe.cpp +++ b/src/lib/pubkey/ed25519/ed25519_fe.cpp @@ -667,7 +667,6 @@ so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q. void FE_25519::to_bytes(uint8_t s[32]) const { const int64_t X25 = (1 << 25); - const int64_t X26 = (1 << 26); int32_t h0 = m_fe[0]; int32_t h1 = m_fe[1]; diff --git a/src/lib/pubkey/ed25519/sc_muladd.cpp b/src/lib/pubkey/ed25519/sc_muladd.cpp index e8d3a0cd53..8a95c652d8 100644 --- a/src/lib/pubkey/ed25519/sc_muladd.cpp +++ b/src/lib/pubkey/ed25519/sc_muladd.cpp @@ -25,9 +25,6 @@ namespace Botan { void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) { - const int64_t X20 = (1 << 20); - const int64_t X21 = (1 << 21); - const int32_t MASK = 0x1fffff; const int64_t a0 = MASK & load_3(a); From ad66550111bac3f64fdf3eef4c630a9eb09be321 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 12:15:35 -0400 Subject: [PATCH 0896/1008] Shift ECDSA inputs to match OpenSSL behavior See also GH #986 --- src/lib/math/bigint/bigint.cpp | 12 ++++++ src/lib/math/bigint/bigint.h | 9 +++++ src/lib/pubkey/ecdsa/ecdsa.cpp | 4 +- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 4 +- src/tests/data/pubkey/ecdsa_verify.vec | 56 ++++++++++++++++++++++++++ src/tests/test_ecdsa.cpp | 33 +++++++++++++++ 6 files changed, 114 insertions(+), 4 deletions(-) create mode 100644 src/tests/data/pubkey/ecdsa_verify.vec diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index 694c7afaba..fd967e66ee 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -93,6 +93,18 @@ BigInt::BigInt(const uint8_t input[], size_t length, Base base) *this = decode(input, length, base); } +BigInt::BigInt(const uint8_t buf[], size_t length, size_t max_bits) + { + const size_t max_bytes = std::min(length, (max_bits + 7) / 8); + *this = decode(buf, max_bytes); + + const size_t b = this->bits(); + if(b > max_bits) + { + *this >>= (b - max_bits); + } + } + /* * Construct a BigInt from an encoded BigInt */ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 56b907d805..3d6626e4df 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -85,6 +85,15 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ BigInt(const uint8_t buf[], size_t length, Base base); + /** + * Create a BigInt from an integer in a byte array + * @param buf the byte array holding the value + * @param length size of buf + * @param max_bits if the resulting integer is more than max_bits, + * it will be shifted so it is at most max_bits in length. + */ + BigInt(const uint8_t buf[], size_t length, size_t max_bits); + /** * Create a BigInt from an array of words * @param words the words diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 6ff02e8c9f..f356931892 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -81,7 +81,7 @@ secure_vector ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) { - const BigInt m(msg, msg_len); + BigInt m(msg, msg_len, m_group.get_order_bits()); #if defined(BOTAN_HAS_RFC6979_GENERATOR) const BigInt k = generate_rfc6979_nonce(m_x, m_group.get_order(), m, m_rfc6979_hash); @@ -134,7 +134,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, if(sig_len != m_group.get_order_bytes() * 2) return false; - const BigInt e(msg, msg_len); + const BigInt e(msg, msg_len, m_group.get_order_bits()); const BigInt r(sig, sig_len / 2); const BigInt s(sig + sig_len / 2, sig_len / 2); diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index db790b0d1a..12962d18ce 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -57,7 +57,7 @@ secure_vector ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) { - const BigInt m(msg, msg_len); + const BigInt m(msg, msg_len, m_group.get_order_bits()); BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); @@ -107,7 +107,7 @@ bool ECGDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, if(sig_len != m_group.get_order_bytes() * 2) return false; - const BigInt e(msg, msg_len); + const BigInt e(msg, msg_len, m_group.get_order_bits()); const BigInt r(sig, sig_len / 2); const BigInt s(sig + sig_len / 2, sig_len / 2); diff --git a/src/tests/data/pubkey/ecdsa_verify.vec b/src/tests/data/pubkey/ecdsa_verify.vec new file mode 100644 index 0000000000..2bdf3299ba --- /dev/null +++ b/src/tests/data/pubkey/ecdsa_verify.vec @@ -0,0 +1,56 @@ + +# These were generated with OpenSSL + +Group = secp256k1 +Px = 0xF3F8BB913AA68589A2C8C607A877AB05252ADBD963E1BE846DDEB8456942AEDC +Py = 0xA2ED51F08CA3EF3DAC0A7504613D54CD539FC1B3CBC92453CD704B6A2D012B2C +Msg = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Signature = E30F2E6A0F705F4FB5F8501BA79C7C0D3FAC847F1AD70B873E9797B17B89B39081F1A4457589F30D76AB9F89E748A68C8A94C30FE0BAC8FB5C0B54EA70BF6D2F + +Group = secp256r1 +Px = 0x89F5662F5D9DE780184E3A2E1D170D6D30FF28F03E030C9CA99F3DB670E5DBB8 +Py = 0xEDDB57C7ACA9711D3CF67A2699792F76EE15A8129449D8A450D371CEFF2E00C7 +Msg = 3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E +Signature = 2AC979EB6C7502A49CACC0995A2B9C50192F334B742573767ADD6DCB01343D50F444D29AFCA529A0A96467DAA5E881B1C60C73273E099DF7C910BD4EED0502D6 + +Group = secp256r1 +Px = 0x927EC4F595E5F7CE4F7F5DBB981C5FB23F40513B20FBC6B64896EBE8987AEF99 +Py = 0xD0D24752AB3E2204AB45A29D3FC9A57C5C880206EC5B62E6BD452F783D58882D +Msg = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Signature = 04EB3913B651D9862E06B606B3525E4813AAA4AF9E8D0BBE187CE8F460F53A60082442D68B83398B45FFBBB4B633EB241C1BF03D1D81768222C2FB9C3617CA0C + +Group = secp256r1 +Px = 0xE3E8AA2F7E352ABADC60710055BB5F21FB3CF0BE4C7492F6A31FE9BBCD4C416F +Py = 0x7FBF10AFF223B58A967A02D88BDAB88E8605811A382966917F97D58B13987E08 +Msg = FFFEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0DFDEDDDCDBDAD9D8 +Signature = B3E288B55C8FD2450CB5F610349C2B00B67BE086483DED5AF18CB78961EA68A78876C2E4BAAD502DDEE54557F32C3DCFB4EE7A808190B407ACA8506551D71713 + +Group = secp256r1 +Px = 0x317AD241D0B8A1E3E60D72AE1C939E9BEFABA6863C6E654A4228ACEACB282BE7 +Py = 0x67F9E2B18D669E8C7E7FAD633E23328F542FE27BF18A2B060AF133ECE0658A00 +Msg = 80FEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0DFDEDDDCDBDAD9D8 +Signature = FAD3B78EBBCB9BA3A2C0B7A7BBDA87A808E06F274741C00E0CF912FF7D82803190C858FCD9E1F018D51B8C6BAA37F490B2368C89BBD72CE06E9EAA24F428DD43 + +Group = secp256r1 +Px = 0x2F1FAAAC824241DD8B3EDEBB9A2E9CA3021A982D1420A2AE72BA77600BF112FF +Py = 0xC1A501E6D6292F0623619F535A3B9AD3EA3755B5FC7403C296E8773EB712A907 +Msg = 40FEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0DFDEDDDCDBDAD9D8 +Signature = C9912615CC72B56FBC7BABB148F19B1EA7B250825D0CF7C0CAD1236097640F4FA7C010DA8E3650DD122F7C3A06C71615E457C9F43634269C2A2F4844B3B420AC + +Group = secp256r1 +Px = 0x91F04AEE0048A1C4D4EEF4F37AE0154CC96A902BDBADE7268BC6D038F1D4B7B8 +Py = 0xE62928361EE169531D90390355DF7DFAFA63428C28F7CBB22FA9A59FD9A4793C +Msg = 01FEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0DFDEDDDCDBDAD9D8 +Signature = A8816FA8E2F0C8289F58A6CE2E88CDE0E215E53D98A3B04278E696A5696A568AAB06D266C25347810EC5116AB6D5122A1723B1F3612432316C381E15AB69BC1B + +Group = secp256r1 +Px = 0x3C21E4A41B2ED5652E438A84D321B744FF916EE23DC0B0044D11688D84D23C5A +Py = 0xEE3EBD4F6D35DDA2967B481B94548DB7A5EFF82B8CC0B41F4DA3CD0346F11D0 +Msg = 02FEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0DFDEDDDCDBDAD9D8 +Signature = 459F4445D7649A60586E7D49EACA681D1473FD41FBAF7C44583EEE9408E267E19C5E01B7729175F378DF3F9753B4EC6B9277FEC08A2D039B0CF369C61D9FD9C3 + +Group = secp256r1 +Px = 0x6564C83962A17949120C5E0E65290527A02CC7B635A829B33C083A09AAF67A12 +Py = 0xBFECD7CD5956512DF2A051356B2DF592D93C739128828405E1F37F84B7E27CF9 +Msg = 04FEFDFCFBFAF9F8F7F6F5F4F3F2F1F0EFEEEDECEBEAE9E8E7E6E5E4E3E2E1E0DFDEDDDCDBDAD9D8 +Signature = 264A27F175848F0A110B2E7B03886B94777FB5ECBE2E8CD674AE196A6C80D8FFC8B5C6C00EACB1C76A3BAD03F8FFD4B58784BF35E104E721FF8F3F81AC9E6E91 diff --git a/src/tests/test_ecdsa.cpp b/src/tests/test_ecdsa.cpp index 2105250cb9..331a1dcaf1 100644 --- a/src/tests/test_ecdsa.cpp +++ b/src/tests/test_ecdsa.cpp @@ -21,6 +21,38 @@ namespace { #if defined(BOTAN_HAS_ECDSA) +class ECDSA_Verification_Tests final : public PK_Signature_Verification_Test + { + public: + ECDSA_Verification_Tests() : PK_Signature_Verification_Test( + "ECDSA", + "pubkey/ecdsa_verify.vec", + "Group,Px,Py,Hash,Msg,Signature") {} + + bool clear_between_callbacks() const override + { + return false; + } + + std::unique_ptr load_public_key(const VarMap& vars) override + { + const std::string group_id = get_req_str(vars, "Group"); + const BigInt px = get_req_bn(vars, "Px"); + const BigInt py = get_req_bn(vars, "Py"); + Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + + const Botan::PointGFp public_point = group.point(px, py); + + std::unique_ptr key(new Botan::ECDSA_PublicKey(group, public_point)); + return key; + } + + std::string default_padding(const VarMap&) const override + { + return "Raw"; + } + }; + class ECDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { public: @@ -121,6 +153,7 @@ class ECDSA_Invalid_Key_Tests final : public Text_Based_Test } }; +BOTAN_REGISTER_TEST("ecdsa_verify", ECDSA_Verification_Tests); BOTAN_REGISTER_TEST("ecdsa_sign", ECDSA_Signature_KAT_Tests); BOTAN_REGISTER_TEST("ecdsa_keygen", ECDSA_Keygen_Tests); BOTAN_REGISTER_TEST("ecdsa_invalid", ECDSA_Invalid_Key_Tests); From 6868990a0c854c33bc2daf0edd4135eab7fedc34 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 03:31:08 -0400 Subject: [PATCH 0897/1008] Change DSA behavior similarly --- src/lib/pubkey/dsa/dsa.cpp | 4 ++-- src/tests/data/pubkey/dsa_verify.vec | 16 ++++++++++++++ src/tests/test_dsa.cpp | 33 ++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 src/tests/data/pubkey/dsa_verify.vec diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 9249cd0d5b..982e1b9313 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -105,7 +105,7 @@ DSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, { const BigInt& q = m_group.get_q(); - BigInt i(msg, msg_len); + BigInt i(msg, msg_len, q.bits()); while(i >= q) i -= q; @@ -167,7 +167,7 @@ bool DSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, BigInt r(sig, q_bytes); BigInt s(sig + q_bytes, q_bytes); - BigInt i(msg, msg_len); + BigInt i(msg, msg_len, q.bits()); if(r <= 0 || r >= q || s <= 0 || s >= q) return false; diff --git a/src/tests/data/pubkey/dsa_verify.vec b/src/tests/data/pubkey/dsa_verify.vec new file mode 100644 index 0000000000..6bf24f20d8 --- /dev/null +++ b/src/tests/data/pubkey/dsa_verify.vec @@ -0,0 +1,16 @@ + +# Generated by OpenSSL + +P = 0xE6793D8A212FE151FE077D76183388C201521FFFF76B966AEBA9F7FC94ADEEF752933897ED8E599C94C705AFD111BA33B36329FDC5090E918F28C59BA06943492A1381DE0A4D90603DFE705B6A89D6099CDD2E9581E82BF34957EB048C178E2468DF8B443E58081FE04B78DD2AB98E2BD939F3EC348D612D9622F6B8D9CD0C5F +Q = 0xF8AF4EF46D9A0881BD01C70F969870B05580F499 +G = 0x9427DC62CBF9461FBF58D415D9A33974A15AA30114D93A54D5E06BEE6C34AF19D2E70FA763CA0A361B6F4F47A0E8773FF2624AC6D973A316ECC10DE18218AD7BBFFECBAF01A4840D40D42B59F6BDB5E722127597B24B495E93BC7E500497FDBC17319A8C8DBBFA711FA0898BCCAB3F83C3BCFCBDE5E18C23B9573D3DD24BFDB5 +Y = 0xCEA7C9120EB8D8BC17CBE015CAD32FC349140C7018AF2445C6686BBBB2E57205FE7412A40E196D57CF5AC924855AD25B79C6140CFE2DECE79B907C37CF9A74EAEF9597B73D55655B30843B9025C2EDD1531C11480971DD55B7462A23DE611CE0BE7A3FE82FD4B0C65FAA4445B894212406AC608ED05AD2B3C2986EFA1B8CD580 +Msg = FFFDFBF9F7F5F3F1EFEDEBE9E7E5E3E1DFDDDBD9 +Signature = 3DB343DC58ACDEBF815F85D0E55FBDEDA326BEA6107F10F3A2CB1FBFAFB3324B3FC6076FE298AC9E + +P = 0xB7F3ECDFCF8C3DB00C4F007CB59F7CA7B0083671D09D1CCAD7ACAACF0A5D6881AABA9686EEB879C5E8480441EBBFBCBAB4E0F4829C43938E06E954F988284187 +Q = 0xE10EC91ADBF217B6D7B3677ABB266A1E6D85CA17 +G = 0x24CC4D8AD70AE84ACD19181943C9EAB408CC9153E426F55CCCF6037A93E1B2B2A3BDE0516A1AF3186404D43C029374430AA4FE46520509904115A293E5A5193E +Y = 0x259476F6FDC576ECDA5BDE2D4441030E52BC77F0121F74BDDD91EB4749D0E77DB34C249742DFCF80D097360BA19BB5801B1B6C83636E8B4B9AA8BF93FAAA53EF +Msg = FFFDFBF9F7F5F3F1EFEDEBE9E7E5E3E1DFDDDBD9 +Signature = BA031AB679E9A96EA5D929C609C861702E658D0DD8247C0EF439DF3DF8126F0122F0D5AD6796E014 diff --git a/src/tests/test_dsa.cpp b/src/tests/test_dsa.cpp index b76c78a580..c0b2508c00 100644 --- a/src/tests/test_dsa.cpp +++ b/src/tests/test_dsa.cpp @@ -55,6 +55,38 @@ class DSA_KAT_Tests final : public PK_Signature_Generation_Test } }; +class DSA_Verification_Tests final : public PK_Signature_Verification_Test + { + public: + DSA_Verification_Tests() : PK_Signature_Verification_Test( + "DSA", + "pubkey/dsa_verify.vec", + "P,Q,G,Y,Msg,Signature") {} + + bool clear_between_callbacks() const override + { + return false; + } + + std::unique_ptr load_public_key(const VarMap& vars) override + { + const Botan::BigInt p = get_req_bn(vars, "P"); + const Botan::BigInt q = get_req_bn(vars, "Q"); + const Botan::BigInt g = get_req_bn(vars, "G"); + const Botan::BigInt y = get_req_bn(vars, "Y"); + + const Botan::DL_Group grp(p, q, g); + + std::unique_ptr key(new Botan::DSA_PublicKey(grp, y)); + return key; + } + + std::string default_padding(const VarMap&) const override + { + return "Raw"; + } + }; + class DSA_Keygen_Tests final : public PK_Key_Generation_Test { public: @@ -69,6 +101,7 @@ class DSA_Keygen_Tests final : public PK_Key_Generation_Test }; BOTAN_REGISTER_TEST("dsa_sign", DSA_KAT_Tests); +BOTAN_REGISTER_TEST("dsa_verify", DSA_Verification_Tests); BOTAN_REGISTER_TEST("dsa_keygen", DSA_Keygen_Tests); #endif From 6c1c00f6942ca9a3f0de5fc8f719f017caa38da2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 20 Mar 2018 09:54:09 -0400 Subject: [PATCH 0898/1008] Add option to specify the MSVC runtime Fixes GH #210 --- configure.py | 55 +++++++++++++++++++++++++++++--------- src/build-data/cc/msvc.txt | 7 +++-- 2 files changed, 47 insertions(+), 15 deletions(-) diff --git a/configure.py b/configure.py index ec2f4abdb8..5df583c038 100755 --- a/configure.py +++ b/configure.py @@ -321,6 +321,9 @@ def process_command_line(args): # pylint: disable=too-many-locals target_group.add_option('--ar-command', dest='ar_command', metavar='AR', default=None, help='set path to static archive creator') + target_group.add_option('--msvc-runtime', metavar='RT', default=None, + help='specify MSVC runtime (MT, MD, MTd, MDd)') + target_group.add_option('--with-endian', metavar='ORDER', default=None, help='override byte order guess') @@ -430,6 +433,10 @@ def process_command_line(args): # pylint: disable=too-many-locals default='%d.%d' % (sys.version_info[0], sys.version_info[1]), help='where to install botan2.py (def %default)') + build_group.add_option('--disable-cc-tests', dest='enable_cc_tests', + default=True, action='store_false', + help=optparse.SUPPRESS_HELP) + build_group.add_option('--with-valgrind', help='use valgrind API', dest='with_valgrind', action='store_true', default=False) @@ -1149,6 +1156,8 @@ def gen_visibility_attribute(self, options): return '' def mach_abi_link_flags(self, options, with_debug_info=None): + #pylint: disable=too-many-branches + """ Return the machine specific ABI flags """ @@ -1157,10 +1166,14 @@ def mach_abi_link_flags(self, options, with_debug_info=None): with_debug_info = options.with_debug_info def mach_abi_groups(): - if with_debug_info and 'all-debug' in self.mach_abi_linking: - yield 'all-debug' - elif 'all' in self.mach_abi_linking: - yield 'all' + + yield 'all' + + if options.msvc_runtime is None: + if with_debug_info: + yield 'rt-debug' + else: + yield 'rt' for all_except in [s for s in self.mach_abi_linking.keys() if s.startswith('all!')]: exceptions = all_except[4:].split(',') @@ -1172,9 +1185,13 @@ def mach_abi_groups(): abi_link = list() for what in mach_abi_groups(): - flag = self.mach_abi_linking.get(what) - if flag != None and flag != '' and flag not in abi_link: - abi_link.append(flag) + if what in self.mach_abi_linking: + flag = self.mach_abi_linking.get(what) + if flag != None and flag != '' and flag not in abi_link: + abi_link.append(flag) + + if options.msvc_runtime: + abi_link.append("/" + options.msvc_runtime) if options.with_stack_protector and self.stack_protector_flags != '': abi_link.append(self.stack_protector_flags) @@ -1833,6 +1850,8 @@ def join_with_build_dir(path): 'cc_compile_opt_flags': cc.cc_compile_flags(options, False, True), 'cc_compile_debug_flags': cc.cc_compile_flags(options, True, False), + + # These are for CMake 'cxx_abi_opt_flags': cc.mach_abi_link_flags(options, False), 'cxx_abi_debug_flags': cc.mach_abi_link_flags(options, True), @@ -2783,9 +2802,16 @@ def validate_options(options, info_os, info_cc, available_module_policies): if options.arch not in ['x86_64', 'x86_32']: raise UserError("Bakefile only supports x86 targets") - # Warnings + # Warnings if options.os == 'windows' and options.compiler != 'msvc': - logging.warning('The windows target is oriented towards MSVC; maybe you want cygwin or mingw') + logging.warning('The windows target is oriented towards MSVC; maybe you want --os=cygwin or --os=mingw') + + if options.msvc_runtime: + if options.compiler != 'msvc': + raise UserError("Makes no sense to specify MSVC runtime for %s" % (options.compiler)) + + if options.msvc_runtime not in ['MT', 'MD', 'MTd', 'MDd']: + logging.warning("MSVC runtime option '%s' not known", (options.msvc_runtime)) def run_compiler_preproc(options, ccinfo, source_file, default_return, extra_flags=None): if extra_flags is None: @@ -3030,12 +3056,15 @@ def main(argv): arch = info_arch[options.arch] osinfo = info_os[options.os] module_policy = info_module_policies[options.module_policy] if options.module_policy else None - cc_min_version = options.cc_min_version or calculate_cc_min_version(options, cc, source_paths) - cc_arch = check_compiler_arch(options, cc, info_arch, source_paths) + if options.enable_cc_tests: + cc_min_version = options.cc_min_version or calculate_cc_min_version(options, cc, source_paths) + cc_arch = check_compiler_arch(options, cc, info_arch, source_paths) - if cc_arch is not None and cc_arch != options.arch: - logging.warning("Configured target is %s but compiler probe indicates %s", options.arch, cc_arch) + if cc_arch is not None and cc_arch != options.arch: + logging.warning("Configured target is %s but compiler probe indicates %s", options.arch, cc_arch) + else: + cc_min_version = options.cc_min_version or "0.0" logging.info('Target is %s:%s-%s-%s' % ( options.compiler, cc_min_version, options.os, options.arch)) diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 98b392da75..ed32a3c3cd 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -58,6 +58,9 @@ default-debug -> "$(LINKER) /DEBUG" -all -> "/MD /bigobj" -all-debug -> "/MDd /bigobj" +all -> "/bigobj" + +# These can be overridden with --msvc-runtime option +rt -> "/MD" +rt-debug -> "/MDd" From 62592cd4e2f2fabd3b8a1c1c21cf9d85456642c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 05:47:42 -0400 Subject: [PATCH 0899/1008] Update news --- news.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/news.rst b/news.rst index 16a23aebdf..3843228235 100644 --- a/news.rst +++ b/news.rst @@ -30,6 +30,8 @@ Version 2.5.0, Not Yet Released * Add support for POWER8 AES instructions (GH #1459 #1393 #1206) +* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502 #986) + * The default encoding of ECC public keys has changed from compressed to uncompressed point representation. This improves compatability with some common software packages including Golang's standard library. @@ -90,6 +92,8 @@ Version 2.5.0, Not Yet Released * Use feature flags to enable/disable system specific code (GH #1378) +* Add --msvc-runtime option to allow using static runtime (GH #1499 #210) + * The threefish module has been renamed threefish_512 since that is the algorithm it provides. (GH #1477) From e7689444a0ef4ab5c252235968d84acf6685819a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Mar 2018 18:28:03 -0500 Subject: [PATCH 0900/1008] Mixed mode OAEP --- src/lib/pk_pad/eme_oaep/info.txt | 2 +- src/lib/pk_pad/eme_oaep/oaep.cpp | 22 +++++++++++++++------- src/lib/pk_pad/eme_oaep/oaep.h | 13 +++++++++++-- 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/src/lib/pk_pad/eme_oaep/info.txt b/src/lib/pk_pad/eme_oaep/info.txt index 0ec01eb326..cabe23fb85 100644 --- a/src/lib/pk_pad/eme_oaep/info.txt +++ b/src/lib/pk_pad/eme_oaep/info.txt @@ -1,5 +1,5 @@ -EME_OAEP -> 20140118 +EME_OAEP -> 20180305 diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp index 5e567d0c23..f528dd1349 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.cpp +++ b/src/lib/pk_pad/eme_oaep/oaep.cpp @@ -1,6 +1,6 @@ /* * OAEP -* (C) 1999-2010,2015 Jack Lloyd +* (C) 1999-2010,2015,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -35,11 +35,11 @@ secure_vector OAEP::pad(const uint8_t in[], size_t in_length, out[out.size() - in_length - 1] = 0x01; buffer_insert(out, out.size() - in_length, in, in_length); - mgf1_mask(*m_hash, + mgf1_mask(*m_mgf1_hash, out.data(), m_Phash.size(), &out[m_Phash.size()], out.size() - m_Phash.size()); - mgf1_mask(*m_hash, + mgf1_mask(*m_mgf1_hash, &out[m_Phash.size()], out.size() - m_Phash.size(), out.data(), m_Phash.size()); @@ -80,11 +80,11 @@ secure_vector OAEP::unpad(uint8_t& valid_mask, const size_t hlen = m_Phash.size(); - mgf1_mask(*m_hash, + mgf1_mask(*m_mgf1_hash, &input[hlen], input.size() - hlen, input.data(), hlen); - mgf1_mask(*m_hash, + mgf1_mask(*m_mgf1_hash, input.data(), hlen, &input[hlen], input.size() - hlen); @@ -136,9 +136,17 @@ size_t OAEP::maximum_input_size(size_t keybits) const /* * OAEP Constructor */ -OAEP::OAEP(HashFunction* hash, const std::string& P) : m_hash(hash) +OAEP::OAEP(HashFunction* hash, const std::string& P) : m_mgf1_hash(hash) { - m_Phash = m_hash->process(P); + m_Phash = m_mgf1_hash->process(P); + } + +OAEP::OAEP(HashFunction* hash, + HashFunction* mgf1_hash, + const std::string& P) : m_mgf1_hash(mgf1_hash) + { + std::unique_ptr phash(hash); // takes ownership + m_Phash = phash->process(P); } } diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h index 4afa9e13ee..461d24f86a 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.h +++ b/src/lib/pk_pad/eme_oaep/oaep.h @@ -1,6 +1,6 @@ /* * OAEP -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -27,6 +27,15 @@ class BOTAN_PUBLIC_API(2,0) OAEP final : public EME * @param P an optional label. Normally empty. */ OAEP(HashFunction* hash, const std::string& P = ""); + + /** + * @param hash function to use for hashing (takes ownership) + * @param mgf1_hash function to use for MGF1 (takes ownership) + * @param P an optional label. Normally empty. + */ + OAEP(HashFunction* hash, + HashFunction* mgf1_hash, + const std::string& P = ""); private: secure_vector pad(const uint8_t in[], size_t in_length, @@ -38,7 +47,7 @@ class BOTAN_PUBLIC_API(2,0) OAEP final : public EME size_t in_len) const override; secure_vector m_Phash; - std::unique_ptr m_hash; + std::unique_ptr m_mgf1_hash; }; } From 29bbabad6e833a2b0047a41fe8bed8960b8e1116 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 06:45:06 -0400 Subject: [PATCH 0901/1008] Support "mixed" OAEP hashes Test vectors from pyca/cryptography Fixes GH #109 --- src/lib/pk_pad/eme.cpp | 19 +++++- src/tests/data/pubkey/rsa_decrypt.vec | 98 +++++++++++++++++++++++++++ src/tests/test_pubkey.cpp | 45 +++++++++++- src/tests/test_pubkey.h | 20 ++++++ src/tests/test_rsa.cpp | 25 +++++++ 5 files changed, 204 insertions(+), 3 deletions(-) create mode 100644 src/tests/data/pubkey/rsa_decrypt.vec diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp index aa62f4196f..23c4445069 100644 --- a/src/lib/pk_pad/eme.cpp +++ b/src/lib/pk_pad/eme.cpp @@ -8,6 +8,7 @@ #include #include #include +#include #if defined(BOTAN_HAS_EME_OAEP) #include @@ -42,12 +43,26 @@ EME* get_eme(const std::string& algo_spec) req.algo_name() == "EME-OAEP" || req.algo_name() == "EME1") { - if(req.arg_count() == 1 || - (req.arg_count() == 2 && req.arg(1) == "MGF1")) + if(req.arg_count() == 1 ||(req.arg_count() == 2 && req.arg(1) == "MGF1")) { if(auto hash = HashFunction::create(req.arg(0))) return new OAEP(hash.release()); } + else if(req.arg_count() == 2) + { + auto mgf_params = parse_algorithm_name(req.arg(1)); + + if(mgf_params.size() == 2 && mgf_params[0] == "MGF1") + { + auto hash = HashFunction::create(req.arg(0)); + auto mgf1_hash = HashFunction::create(mgf_params[1]); + + if(hash && mgf1_hash) + { + return new OAEP(hash.release(), mgf1_hash.release()); + } + } + } } #endif diff --git a/src/tests/data/pubkey/rsa_decrypt.vec b/src/tests/data/pubkey/rsa_decrypt.vec new file mode 100644 index 0000000000..9af5e4b5b4 --- /dev/null +++ b/src/tests/data/pubkey/rsa_decrypt.vec @@ -0,0 +1,98 @@ + +# From pyca/cryptography + +[OAEP(SHA-256,MGF1(SHA-1))] +E = 0x10001 +P = 0xff9e0292f5409327e7facc2ac663d1727f7002a9186d5f21c1e63c190a39da43c928fd023c80ecbf1ed90810626d1b01ef78f10c784534d0479c36a780514e95cef3e6af9764265a7d7950950d318bc4b37b5b0ba8beb84c6b696e1ca40f3334885ad79b615b7ff473346d65a277d5c8b242d5cda4c58ade65a89da26d45e591 +Q = 0xcea44faca82077997e45d4c03e313cf123291da1baee2164d9842e20287d02596b0fa4471af95cc9526870e4c265654eae30d79196448b1804ccf0135a4d06f477f3bb9effed0697f345f4470ef566a44424f708fa86f901846acdea28a60180fa7446877912fc369e90b882e24d8697329bdbf44e003d5eba6cc2fde71622d7 + +Ciphertext = bedcb1a91fd19cf7722f800f62fe5aa1d1477bec1f6c9b46c4c08679684a8d104c1069292d0d6869880ddf0a1b2fae77fc7d4f0aa9def102709ac47e43eff79bf83b7a6e65ea4a2c36dbdd85d873041e39b971f17e34f1b40b22c29eba07d4972c62019719505d61214a577fc0a6071f5149e34fc94eac5ca48799fb17aafcdbf7ef3978f48974c3ad8e7bb2c960bb7421dcc16ee46e8af90b4856a9d702097f85b774af1814f0dcae9a597d10e68f92caffb9f58fce8627692e19f7ec9eddb587ab2c17bc952fb791297895c6d08c11503c80bdbfbf8a866f3d22cfc1efecec0a43e16504485271a176ab63846e55afa5e78ab6c86a4bf2e13ab9daec1e42c2 +Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + + +Ciphertext = 73b866949ece69781f20ce20cd7e8db494599fd5512b71f10dd8f629ca508312a2511e211b9bf0faf9c77df1f460e549c6f0ab4c10de3cb0d9b854c347cc7379b029c08a9304a664028c18bf170513d86f3dd4bc56ea0a8b2f80033c5bda198eef4558f4f6b96cc7d28a0f32c3c723180378a25c11ff400a843a767115975d607c7744f2f2fe5900954e4dda778a18e781b04a4c47d6877b64c860a1d929860db7aca91c6f2143279bc76751460a619d1befe8a88a584b227dd4a076517431162ecf3f8fc6fb178a9400e580815ac1f29f4a6fbec080468ec0c7c088ecda1029481e701c8d1a2482e880e80e07d25bd52d9e1dd4aa7e37fe5e85640db4035107 +Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + +Ciphertext = 659f2777a6e4c0d30f88efdd58633a6a90e8fc13dcf8df000bba4dcacf0cf9249a3b94c598455eb7c8b50bd708ed40d7ce9faab7b55b51a3aef9380ccfb325a9ca78ae1453acce8ba6bbf716d4720d4d92ec45e620786b99fe8bd0e2bd0f72a073813753260596a603e62ab27a48dacf4119a4a4e386e08884eac02053b857cedb48109e79418fe98de8cf922e9233401925450c4a4a81372a0020d73c92de9c8bc6fc01231c52db9395b36ab618a2fc9027bce245ad551b2fc1df7a7f6c602f5d814ac1e5abbacd7f8a7c03eb6dbd54baf9361823803d429b584e73912b663355e604f61bbdc6a586c2345db1c52b6ccb9f1f0b1085188c66f77d5865633a0f +Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + +Ciphertext = 2271fcd65aadd30522fdafffbcdad8fac41fad4b38ed616ffcd5fa3e636a8082e858b94320706603f1cdfa5a6e1ed64ca652d1667a516494771edc58f7f3f832ab0a7a8ace440fa9de740b650576442b03427d1313c21e51f712a035454cb49fa1c5a939832418ac067a80d4d58d66f0bafcaf847db304a75ca828cc031b8b148f189287a59925b861dbe0bbc02770c65fcb5ee8e57c5f1cf67367b3e1f3641e7b825667f234641ae59baacb1b6e23ee7464ead85089596f24b2577bbff4ae5934cd49d636c6a922af867067b16b155bd7e65f4d4ec0d7e9f9fb2ac1cd613daf00645e646bf530a3d8f13127dcf2894572ee1cbb8ad76a46121837eb002ac8c2 +Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + +Ciphertext = a1f127d2ccc597fdd072bd80433373cbe72aa7cd096ae63fc928033cbabaf6c5b380e1496dc550253cdf3389c26d6e926e44da5851538ea7ff58bea06206b08cb98af1d2cd20e6dd5ffb967a49e4d5d6d7169fb842f6a892fe04858ef3447bc24771a4093562011360cd9fd4f5c40d1a94fbdc8eb14be7c4a23d9af1d0c18217fb8cddb28d815767695d196e64b8484debe7f667b5d1f2217be31cd957b9046db1826fe7b7f66eaafca4f93dc26e99b3b9941e52c277d618f10ca458a85ab05d8a919032fe2ab215600ae55e8fda74781745744bc875282e84affe8966390318bd85e70d9145a26a4b77c2271ab15e1315758159e04377521f2ad0bd0e69014a +Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802 + +Ciphertext = b8b49bfd9406d36631ff734c7c58c74779b311f13b3079c27c3f4cfccccf3ef33e8e01592d382ee8bf281c52999d9d9d0095e66bc469f82aff29931d2a5a36278dcf011e9620342e77a9e4b0509bad0ae816abc6d15c371f8200da1c217ae3c8540be0c45b54410e8a3de95f3637cca7be5d9ac6c948e54968722ce1375b09a6d42efabe50e007cbec401e8869c8830e27bc32059986c63978f65b17f6e4fa2310b0f35ed80e5c0d538fa7d197ab07f4fde928ab3cdb19e10e34fbf8b8ddf968161447938cdbad89bd258187e4379b5b6ab0b373231cb8cdabacd5a6e2ce89103141394b06c2b22597c389687ca380352c6eb007acf013a4cb02933ea6b82b65 +Msg = 26521050844271 + +[OAEP(SHA-512,MGF1(SHA-1))] +E = 0x10001 +P = 0xdff7f39ab9d93b17acd1fe7dc56dc4f2c8884712f7b3742d2ac831f7ea8789e61eeac8dcd7445d09ac349cebf394fe5380cd6c7d91354ebbd64f61ab26ed08d8eb2d820fab23f9e05186c864209d1383f91121db260c5b05438a88ba2749d7fc14f45fb9624674e5221b765c90805d649b9e34648325476b17557330f6694ab7 +Q = 0xd652c384f17808663cafa22028db596c586d831c9867cb86c1c608978652e744bd154c2ba67dfbf05529988dc28307a70339ce4692948e25becb6f7b595133e5fba04c22aeaed9e7db90a5fd0ce8c600170f5e771ae36e5b9c07d61752ded1aee17435dfc7846ab837093f95cc428d9be27689e42a5eb280c9aac0416d79a7e5 + +Ciphertext = 43b9da9b62e232b20877dc7ee2326d0edfe6006591d87454d5af96e393b49fa74d18eea299fb60c7234a913b0f346b68da0e3e15cc30bf11003a3727758ce76f7bb18fe50d3216b0f20872dd325981c6fdd760567be95d699c72f632481a9369596409bb34af4bfa506e2d6e09a95017e78b37f93110ab97f236908e6c9933b1085b9d5e6e599bdac949d7d488ab9aa7f03c986f34a71cfbb8ca1a8df82d558abd024fc45450624b6bfca7dd1eb40afc2830d6948ccc9f63ac49cd841ca90e560e6fd5d0f3a580736546f3818442b7dae14dc07ac20d92b425412d403ffcd3d9aed3ea09833c01bac246691523c55e3f22da6eb1dd28c953d7ea5c9c9e5d7bea +Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + +Ciphertext = 590448a55e0f867f4d0bae3551a145a499bec42fd965bd7e0816a974d2a23c00c24b291a96d43fdf0ee2f89b7517927c829ff8543cee98661c354d1e653edbb26c0f24ea8769ec98f62f90c96604e9a4835b4520e830d1280bfd7306cd5c21fe26e43611e8b7e9a5c9daf6e9f8e4aabf4da00862ba5901d3913c4b738f51df578886606f7454f004dc4f7bf3a42dc95e0da3095e9d7647e5f502c079ab176603b16aaab253fe9c0467313be3dd866b25777440fbbbfb4a095fb1f2449c15406e433f701561ca617185a3467a88ef433a48f5619d8501d41a61ffae0ee0ec4fb4f538bcb3b446c63ee9f1c393a07ec4202b3e5d61d38074d1d2516cb66cdc646f +Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + +Ciphertext = 418e519bfbbf1e13c08f7a56d9338af40ce06493662c64cd20d5a9dfec4c97ca527ff07f499d5afd8dc0788f6ee9d015fd18b8f4a296a82a6c11e8e6d4f3dd347ea94c63330125c1cc57607d4b6ddb03d7776b83bd36b3c03c49562cdfd1e30a46e962f162ce242a0130b6e84a7628a8f7af1aae69860b420be873ab22f285998a9ff2cd8252d33314e52dac39219c71b23785914a1469db79d5fc32a0465a7a88cbfaf611735056c636ea3a30cab77dd7ea2c0b7d7602cd5e017a101cdb77b21730730f81b1affe9f5cfacef24c684986d0c9d7ef010fec828854b36b0fa8b4b7c70294a4c37a2fea592f4476a7197fe2de56ca67b9830c3387b58dce4b24c0 +Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + +Ciphertext = ade0f43d1920f8e3a055b1e2eb0615bcd9b6f1803cae79b14277fec28cb659b28a352e4af71dd960ebed948079874dd1041fe1896b86270d727a47d385e7e2eaca5cbb6163f81144463de3058d0a77928c5b373d8d65c800342e63d1166874f3b0903f9d29f5049aabe55d3e7e37e8191f38a57fcc709e92b0bcdbfdc0d4f8068970143d694da1f0e7e7c0e0e9e1ffeb835d5b43944ea01ce7f3409a3abd1794a526bbb756e26884cb1596a077732c0904837b4acb4fa35b8ee7941168ab1d936eb17339ff00b727642a4f55d0b91ac1b4f688215956f2552b1088629abbdf946a58b5bd842452ac167544635a1b5084dc09b3e3d516f3e74b087bf1241ad7a2 +Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + +Ciphertext = 25496cd16bee5f4dc2ca91b08e32f307c07894874b486f904176325e2e041a3db8ea6175190d69bd9789ecbc7c5876e7f2bf9b89fb203508bf05f4afbacecd8715bbd44edb0a706f53e8566beec0fc7838a9e8ffa2a8f98be9d2fc0542a1a260972239f86de8d219dfc29ba431c2aa80e133dad15806c0874c4841dfb871c0474f58430547bcc0aafb17f90588ec7076eb1bc5edfe5ac3058aedb2ebc32ca6ceb1b6aeffb757f812c128b2feb07c1a87afb475369ebeca04892735e054c6f5467cb9fb3d2e0782778dc1daf133a0b59139520fe1b54645a5bd340ab1817c5bf7fa374af8c6eade24fb158ac0f8f688ce0649ae6528998f9add28748c9e88f1e9 +Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802 + +Ciphertext = 238ba2288b3f1f9da5b16ca4ab5ea7348f918140fb767cc3a8df93b7d03f0a1cd86cdabee00ad147e329d10ff932de9aa2fa5359b96c96d349749af1e70302bbe6aaa5892ca58c3051393f9a793db5beca2e15c84972c5b3206581b781e3e3517953cd90394f29d7a383cb20ad59d34836c12900647534fbf32f57aa3b639523a548230210da4e2ef288d3269ae8173cdf8eec745bf6cd741b009411afd17e8717a638a128fcd5001cc85a6a2c9fead7759352f14a6c2773d94327fbe3bbb717388fc17cab477da0afa9ee9d5d8a5b94fbf415045e975fa9fe1b05a326643d41ff19150c59a2724f529876550b8473949f3153fe687bd5e3e0b0b2e5ed44bb95 +Msg = 26521050844271 + +[OAEP(SHA-256,MGF1(SHA-512))] +E = 0x10001 +P = 0xde5a73cab864a56c34b0e1a50c141ef82f0eab6bfdd5189956883d8f0c34f3c163b99a85818cc240761dac1d66ffb79947f7ad20cdd7f4606e0a927622a70956d2c0ac627531a8121717d9346a5e85804599cf25435a85898754c15f9ec81d35e7b59371a30351415387c96640b933be4e7fb74dac19070eba884c3e1dbe5d2b +Q = 0xd5d67f750047dd3649465ed4ad373221232b72e9f8ee72dc262e639fbf1749cd22f75991fd9cc15ccc66def601f93483fa7a6ff1ac1141b510eed1002e6350d5f360382ded0e66fbcad54f69ffb69ebc1d0f47b3bb6f95bf63ec5f3f9ec13ca4dbd20c6da8f8a76d18eef4bce3daf4773dd60a3d9da6d973ceee2706a136844b + +Ciphertext = b4986d79525e3de8d0cd90bbd76668e935d8e730f8fb1d0246ad9c3cc7fd4e9f5418141321359daebf35622142664f6b74716605adf042cf46b7588ee4d7fb5277122347d32d4dc5e3c9501dbb54cf23341e3d02e415dc7e8aecfff07b0cbee8985502f68477c3d5c24722b8984891a33ac9a2d9fe64c338ad35f040e5457846f0746708fd73bf2f32d9b4d680ebfea854a43c7d01d927c89283b021ad01d6ea7b546bdbf05bc10d0034386e544926d350d4899532e78736562f72e891039f52a7d9a1ebbce568517b694475b90ab729f38df5bbde3f17c97afdf9a23841145d02fdc3560149e5ec104813822885867af283bea064c40953b4b66fea26e66b5f +Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + +Ciphertext = a9168d0c3067d390617046263be2d50baea6a4ad09f781f0c054374b38ecc20a1f56576dcead79e073869340b0a04ccee6c5dc2e633da90b4e309e09f74ef3ed3a5ac0ba23fbf8663c66a52d980596f7e09e771c8b7b3a649f0d0a67a2cee2f82770e6dd99c9bb8399bb7b537ccd2f210fe61c4186d7af36b0c01ee7f74743dc07215083b4de6eb53eb97f95e7d3af7d6bfa6eaec42b18262d5a5ffe98c1d9913e757c6fc7f353a44e128c23a0b53d678410fd14cd12faf8aba5d187f20cb7adfd222ed977ef8d509a4720d486b23c4d33c891281ce9bcbc10a87f167f5eb722e45cf944b976430462640bb788904ac81ac6b63c3171b38f2533b3fbb83e735e +Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + +Ciphertext = 76370f425ebfb6d8695ea282eb4843933243a8afd4664ad2f08a0e33b0aeb790637547a7fa3dc4ec3709a26b2976fd14212df884cd6b13d836f2d3b2e754a61032ce3ac6bc65252c2bcac39418c5752b65575c9b3761835e6ce00eda2666db24eda332a7c336b17efe7dd335a652f33532da2f2022dec5daca010b024be2f5b0246ea6c847842baa16545e831c526f6d39caad0bb90be41b6949d6df0b0cd4378cba2d267206d8fb11823be38a38867600d26079023c7a599728aba450a6a11a3f0142e4dfdcbc478bd0db73dcf417e0472f72ba7db8ac906d2ae9d57ccba4ab311d1bf89a9609ba551cdf5a59f99bdabd3252443aefd3ff5893084c2a56ad4b +Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + +Ciphertext = 77d6c435963981f55849ccdf319a09dc51c66de72a29e3875e5e32be3c576f903d801d0bd5fa2782caabb32200c07bfd0d4471f84aa2f892dc3111e5f5ccde6b34bffa46f20c0c815f349dfc581e330d19e01e4e306206c63c889e803501f13044a8e2ef149173b44a726f37ba557da38b4234cbfcd7283d250266ddefcf2979e062e1d005c7d0a202927ddfaa7810a1b427b2d487c5561b9afe36c950226a8b9c4cf5da09567ac56d6f299de0ef2545f21aa5480f48c6b4d607c724e50afbedf696e2c2ecccbad6c04a72e04eec5812f1cc0c408fd2bf0c99e1060134bc7702aef15a6579026107b22a042f5ebcad6f27d105a1e2062a26e8d8dcfe92e1441c +Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + +Ciphertext = 6ea02e093471b25b501755ed81aacf2d66e334542ac7bebda689bc67e1f7314f58ce3e86b5a9618d6f7cca834482698a0a533026b55bc7e626d5048b2d2bd9802e247b73d9bace8bae450a2e6fc49d94d50ebb1b5779f66e7175e551913d82a1541a3715378ef9ddec52360150508f2ff189353fb6574977c1ed42aa1f265a919444a0c5ed7c60c1d8eac8e96ad748c43c5099d7884f564ee15147409a45b7b46895b985787b5aea49a86b34db0e86e56f8645c70ad8edc134a079512324952dd9e8b4f904f86e9b963bf2fa399223e69f147f2b5e41b359fb5372283e3843b7e6c04741b22f15df7f6d3fd76b8ffc9926c04fa636421b9182166ee0eb5b7877 +Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802 + +Ciphertext = b284b2eead8c689ce69b91ba2af9e266e69af7b8b74f6b6d4f19607b4450f108260f51d4a5318c795e533383d03d56341d5266e5b1826e3d053323f6a6bd4bf0b6e751f65a996e1066644a2291648946bce3e882cd28fbbd0cf8df97a03b2a0a9f5952ee4e9c2c2d02f44be1a65505e833331dedad4eeffac8db8d08546fffd9d12c3c881a03d47870fc8a78ce70483dbd4cae266348448da0d4a2e64ea60a1f2d9f8a0d63cb773a1d1c6f7099ae2d2a4fc1131191c23459838666e41fa49cb20ae97201e4b4cc4fdf4c87cdec986238fc097024ce8fb7777ae081a3a8fdbd1d986a8582e42204ca62efc87e2b734b1443635fc0004fdfb6616fce21471b84ae +Msg = 26521050844271 + +[OAEP(SHA-224,MGF1(SHA-256))] + +E = 0x10001 +P = 0xf5acfed65a3d3a5a8e94bd3bb9bc12e40206f0c1c34d0d0b23f93c0ba30a846d1eb44cb4d7d63a969dccb5a9a0f625af031a3047a6560cfc5208f4e46149585db17e36ac691cfcc0c929f54ece2eab4cea721eb6b37f04dd8ec4335b12594a99664d52a141d0246a8a578af8b5d09d40c32801589877995d7fbf26800fbfa135 +Q = 0xe338648147d0ed99bfa43ef764fcbe517e5b2a1e5e1d4d69ce75e36a23e96bdb94cc615a5410890c5878ce222fbf0b312689abed40906fe1825edbb5d70cbb54ceefcd8981745a45264ba71d0ed78fad35818ec3a3c31a226ba62aa154b305483b099368d421ff5931f0804ed271196588c6a22cd5ac7546f04175f53a949fa9 + +Ciphertext = 9f875db7a85ddd48b41d10eb4e54fc9995333f96b6873b53fdef61f7fa1eb447722de6d98db629e1a257d231c96c7fbf1db55ed92b939236edc7a9cc04dbbba4977c5b3a15be249d6c4a983c63f75362b5ad4948fed751854dc295a0718f28f07e7d49d14f3e4a875df59987df25f345be02422827d326d58ad1fe8e2c1e9bd38bd3de329198ff819c84c8a9515de0238b5c627299597d4dd239bfd67ed24b98f902ee2d878fbade42c96ebeaafbbd3004a94ef949b640118600673b4841db2269434a6893f5d131ced87ace50d4fc67090f5f19c17acc632e55acf4dd3ea833a30ced04e6939ba2a08cf9e0088b12e3f68d95f988abe582c02d2ac80e4a50c0 +Msg = 6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 + +Ciphertext = a33526c11d6c1a4b97625154e41b594392e50548f3e266381732b4a4d1b6cc5464b91fbe849847328f19d5a3fafc1c038936da9ee95d5153345b307ba5380fa574abde9b354cfb736063ccb87339a4972ca4780861e90c6409a81fe09404b05c9afdf7728f4133f309e5089c3e7b2e134cfca5fc739a801fe195eabf9aad50d1c7f7bee4de9c9e01f8d2a0320e619447ca154a3557a42894bdec940de6182e85df625b7946ee304450ab80a13f2881b7ede0f996862b0a554515793e405f553863d85fbceee3b3e4e591eaa1060130ff2c790e7877c87ec62674959c73328c6d35c368c475f121c91ebf558b47c77f5c684ac2ba24b778dd03e93fb803542acd +Msg = 750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 + +Ciphertext = 5081a1888b13f7affedb056d0b76afce7720b33c1bca45515f030ac3b0b2ed061448f4e26f04134bfbfa16e5c009a8c5d057e635c0e9079cafb93440f161bb1b7e825f170d2c6a2579e58dac2cd5aa71374ab728a9d84be5a9fadb35d458fa68fcf6f80f0251d93d4c3cbafd95a67e1f5ac6eefc6748d2747e940f8f6d2641859168aaee77e38059b1b86e108e525aa140b460b00f6e5bf4fae106019e2e4d9950276240645f18384cd7b0e8eb79a8b7e4c62e76c4c062c823d39e55809ea9d099e8349b133b6878168d216daa37f0254d3b57bb54645180936feee9eaeca643df6bdde81bea2e77b96f000ab647bace02be4d3792ac76ff4ec975ff2ee97be1 +Msg = d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 + +Ciphertext = 030b8b0c6367a4e19e2f4c61bf3af17ec6f4f71c5791c2c413f8d2d5df1540d60bb0f04329a4e155866098480e91681806d3747adbf4f632aa871f89d049ab691efa75d1a48255c836a47fd6e7f005aa25cc74b3d0abf9dcb6b84528d3e78e565bcfc438f8799a52207171dfd61c646f0cbd0f4ce3bbe69f4bd4328bb253d19061ca3b1a4efc3929aa139020af8b417fe1de2de6e5708748e7c4061eb2649090787f7423747ef90b2395bea8faaa147a4b8da5182fb0702dc99611ec9cf7d18c7cb7ecd209d09f4b5a649a744849475429d42f360ea366a9c25194df01104bbde977006c1178b8d278347c5275ba0818284208b502f7d3fb5cfccef46559ce85 +Msg = 52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 + +Ciphertext = 04cf931efdef42a0e998c292785518614a511a878361674f1163af4c49f8b0d5015f718697cb52793884b2eaefe209dc3e492ab52b1c6a083eca89231c4b279f9a40e9a325327deb15c90fba118bfc14f704c67162dbd6c5137df83d8cbeea3658d6091c9a6cd173fc4f61f9d4f7de7f8b59d631204aa533e28d1b2ffe79dd9f1e893f64246a59b25ffea69e19b85eeb746e4a6a6675bb9f0bc921c407f09bd28dee9ea82de98ab299cfa1d0ec0b8d9ef58c282fa619e56ce2ae024e2eb3838ae22a324dd4af67002e47ed85d075016690c43512840cb864d572f850c793fb6f3f9557e6485a3cfb3850ef7a5b84d0d9049282eb58e5bd48e6cb4ca1ac3dc61e +Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802 + +Ciphertext = 9230e0034ae35f8e3d182d3b354cbc3a35a0d5c6ef4f2160f54dce86f9def8218d9f670d43900a4192ef1420a48968d7df7e157a533e3d839471ff0f2d523b8a5b2f4c3e69be7986d910f77886d1b6bb314d05b940ea2cee1ab4735d303af6e6f6ec442facc604654eeeb37b380bf2813376665a7ca31d8251a7af7d71fcd74311cc4ee99d4525983abcb3929f3c25051f23e06be5dff023e4359e2e574dbe1fc6ac6d5290ab4324b7ad9f99dfa2fcebb07ef35a578b2bab98c4d7108a24ef11c45bc78a141ee8ad7aaf91aa1f9da27ead96efe8241f7752337b8a2b03de84df8f18b9316fdafbe6472a7c61fde7621e8dbf8c268d8be8b3e8b645d82785b9ce +Msg = 26521050844271 + + diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index 666650969d..722056b2f7 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -250,7 +250,7 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string& pad_hdr, const Va const std::vector ciphertext = get_req_bin(vars, "Ciphertext"); const std::string padding = choose_padding(vars, pad_hdr); - Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " decryption"); + Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " encryption"); std::unique_ptr privkey = load_private_key(vars); @@ -344,6 +344,49 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string& pad_hdr, const Va return result; } +Test::Result +PK_Decryption_Test::run_one_test(const std::string& pad_hdr, const VarMap& vars) + { + const std::vector plaintext = get_req_bin(vars, "Msg"); + const std::vector ciphertext = get_req_bin(vars, "Ciphertext"); + const std::string padding = choose_padding(vars, pad_hdr); + + Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " decryption"); + + std::unique_ptr privkey = load_private_key(vars); + + std::vector> decryptors; + + for(auto const& dec_provider : possible_providers(algo_name())) + { + std::unique_ptr decryptor; + + try + { + decryptor.reset(new Botan::PK_Decryptor_EME(*privkey, Test::rng(), padding, dec_provider)); + } + catch(Botan::Lookup_Error&) + { + continue; + } + + Botan::secure_vector decrypted; + try + { + decrypted = decryptor->decrypt(ciphertext); + } + catch(Botan::Exception& e) + { + result.test_failure("Failed to decrypt KAT ciphertext", e.what()); + } + + result.test_eq(dec_provider, "decryption of KAT", decrypted, plaintext); + check_invalid_ciphertexts(result, *decryptor, plaintext, ciphertext); + } + + return result; + } + Test::Result PK_KEM_Test::run_one_test(const std::string&, const VarMap& vars) { const std::vector K = get_req_bin(vars, "K"); diff --git a/src/tests/test_pubkey.h b/src/tests/test_pubkey.h index d43909f145..2fde5de3cc 100644 --- a/src/tests/test_pubkey.h +++ b/src/tests/test_pubkey.h @@ -125,6 +125,26 @@ class PK_Encryption_Decryption_Test : public PK_Test Test::Result run_one_test(const std::string& header, const VarMap& vars) override final; }; +class PK_Decryption_Test : public PK_Test + { + public: + PK_Decryption_Test(const std::string& algo, + const std::string& test_src, + const std::string& required_keys, + const std::string& optional_keys = "") + : PK_Test(algo, test_src, required_keys, optional_keys) {} + + virtual std::unique_ptr load_private_key(const VarMap& vars) = 0; + + std::string default_padding(const VarMap&) const override + { + return "Raw"; + } + + private: + Test::Result run_one_test(const std::string& header, const VarMap& vars) override final; + }; + class PK_Key_Agreement_Test : public PK_Test { public: diff --git a/src/tests/test_rsa.cpp b/src/tests/test_rsa.cpp index 8ce81b728c..dffb1c7273 100644 --- a/src/tests/test_rsa.cpp +++ b/src/tests/test_rsa.cpp @@ -39,6 +39,30 @@ class RSA_ES_KAT_Tests final : public PK_Encryption_Decryption_Test } }; +class RSA_Decryption_KAT_Tests final : public PK_Decryption_Test + { + public: + RSA_Decryption_KAT_Tests() : + PK_Decryption_Test("RSA", + "pubkey/rsa_decrypt.vec", + "E,P,Q,Ciphertext,Msg") {} + + bool clear_between_callbacks() const override + { + return false; + } + + std::unique_ptr load_private_key(const VarMap& vars) override + { + const BigInt p = get_req_bn(vars, "P"); + const BigInt q = get_req_bn(vars, "Q"); + const BigInt e = get_req_bn(vars, "E"); + + std::unique_ptr key(new Botan::RSA_PrivateKey(p, q, e)); + return key; + } + }; + class RSA_KEM_Tests final : public PK_KEM_Test { public: @@ -301,6 +325,7 @@ class RSA_Blinding_Tests final : public Test }; BOTAN_REGISTER_TEST("rsa_encrypt", RSA_ES_KAT_Tests); +BOTAN_REGISTER_TEST("rsa_decrypt", RSA_Decryption_KAT_Tests); BOTAN_REGISTER_TEST("rsa_sign", RSA_Signature_KAT_Tests); BOTAN_REGISTER_TEST("rsa_pss", RSA_PSS_KAT_Tests); BOTAN_REGISTER_TEST("rsa_pss_raw", RSA_PSS_Raw_KAT_Tests); From 9a35a05781688838b9bf951471c86363deba36cd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 07:14:21 -0400 Subject: [PATCH 0902/1008] Avoid Padding= directive in test files prefer header Removes a lot of duplicates and generally easier to read. --- src/tests/data/pubkey/rsa_invalid.vec | 272 +++------------ src/tests/data/pubkey/rsa_verify.vec | 482 ++++++++++---------------- src/tests/data/pubkey/rsaes.vec | 51 +-- src/tests/test_rsa.cpp | 9 +- 4 files changed, 234 insertions(+), 580 deletions(-) diff --git a/src/tests/data/pubkey/rsa_invalid.vec b/src/tests/data/pubkey/rsa_invalid.vec index 92007d1b69..62d21cc8bf 100644 --- a/src/tests/data/pubkey/rsa_invalid.vec +++ b/src/tests/data/pubkey/rsa_invalid.vec @@ -2,7 +2,7 @@ # Data from Google's Wycheproof RSA signature verification tests # The valid signature is tested in rsa_verify.vec -Padding = EMSA_PKCS1(SHA-256) +[EMSA_PKCS1(SHA-256)] E = 65537 N = 0xAB9014DC47D44B6D260FC1FEF9AB022042FD9566E9D7B60C54100CB6E1D4EDC98590467D0502C17FCE69D00AC5EFB40B2CB167D8A44AB93D73C4D0F109FB5A26C2F8823236FF517CF84412E173679CFAE42E043B6FEC81F9D984B562517E6FEBE1F72295DBC3FDFC19D3240AA75515563F31DAD83563F3A315ACF9A0B351A23F Msg = 54657374 @@ -155,1351 +155,1171 @@ InvalidSignature = ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4e # Combinations selected:Mod Size 1024 with SHA-1(Salt len: 20); SHA-224(Salt len: 20); SHA-256(Salt len: 20); SHA-384(Salt len: 20); SHA-512(Salt len: 20);; Mod Size 2048 with SHA-1(Salt len: 20); SHA-224(Salt len: 28); SHA-256(Salt len: 32); SHA-384(Salt len: 48); SHA-512(Salt len: 64);; Mod Size 3072 with SHA-1(Salt len: 0); SHA-224(Salt len: 0); SHA-256(Salt len: 0); SHA-384(Salt len: 24); SHA-512(Salt len: 0); # Generated on Wed May 18 13:42:19 2011 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = f0b83b8facf6698d564bad334fe494aba3eea42f3cfc378455a989c4317e0f610c160a67527f5d010fe49b3fa6696516c757f3a99b79f0c641c68bb47e3fcb2cb01b22a5042246d5e9573c74c5d9b543e60b9e4dbbf3f36c44e0d410c750da3cc510abd12ca5cc0fceebb75912fc2e38e953cea30432e77e45408b607377e599 InvalidSignature = 7973359908f1cb2f7eb31e19f7655e8117261e17c43c8ce5b12bb861b541fea168e077b41cf11a95ef7a80edf5f5903987e59d4b9f115cdb3b6394eb0dcb6f5869be0f896087bec612093965ba020449eca36ea74acffe1eb9f42e4ef03247cccbf99557073ad99a144172669e49296980c9aeb5fc7fa64660a680c320edb20d -Padding = EMSA4(SHA-1) E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = a4ceb81c341237facdf5c8dab1f5fdd725985939df0b623cbb08f714affce42d016ab4b7b78ac7625037a466b1088fc762bc5fd7fadb8afcd89a82b314ff44d5b5472d1a258510dbe28b871c750d86c9a8043640f451001039a3e700b29a1c54272dcc4b64493decebba1902e64f0a665f39867cb3b5ed0044ebd1036f159430 InvalidSignature = c12ad0a80b116cd65a8c81aadd81f05bde5d6adc60e4deffa3d7c68ed8df5314c98b70979c4ce5f9e1c3f0e52fab15725c4f22dc0c4b182a1d7cd81dc24f54e768dd2518a6cee3952922e653b8feaa32745f92ea01907aa4ff2c5f64ed9bad461e2825eafdc31158fafd38afb39fa10f5f833faca076c8771cabe406be6df648 -Padding = EMSA4(SHA-1) E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = ada7d6e417da2c55aba768f60df46b73496cc07866c7d2193f4c5c728e94228a4a90df7e33ce7edbabf78c4bc79dee74a633cf1d015ddd92046bb54a5c1f9bc892b76fbf9727dc79a0a7d379336d386082bcdb0df91da90813ed2421711710542d236ff06c70b0f932bd24ca7beeb1fe870dca9175909e4313da903df504e8f7 InvalidSignature = dd45ac85aa560159b2b9890cd61b8c082bb02b55529afec05e7f3fc1d73e30a09e0a7a422c20c074bd25c1271924a94d7576d99125d9200e0190979dd4238db8bdd286eba5d3e46a48fa2b18e43d7926aca3312eaa93970797c20c7e12a64c47858d1deabe5260620f01ee528d63e073f90f5044ea92804f3c1500cc2b958289 -Padding = EMSA4(SHA-1) E = 0xc35377 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = 68a53131f6499d299801d88d6dc311a138934f1f58a5057efac2e6738decfab97645f20e052db97ea8ab4be35f0ecaad70d4cfdf5ccafe5a1175dd5e61b1e64eb398dab3f9a55984e219b0a5509ef2ad0c2b4aecb9278fad06d119b828dfd31b8865922ab8f9a5c5ac15aed927bdb0297361684f5504e1fd409e4389c9bfeba9 InvalidSignature = e955264d644003b69f39f955150a7f42b629081b5c13787c7a9e2c988089b5e550ad4bc14e7e71c441ddb69afad39c56f811327e25270443cc0976adc9ff392a9e1dbff48fd9adbf6263be6e78d7b95feffbaa2879ba8b75e67a97aaad39d9211e5610ee369777d3f8ffe373f9d7d2984d209a9399cc1e105ffff0baaadbdd25 -Padding = EMSA4(SHA-1) E = 0x90c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = 340eff60922f2d65152cde96f5729fddc554434d9aa32b596f7fc543c86c53d796a9ee585bbdcabb8e52bb134146f84d0100201dfe007a386cba81c428a5a00c9f8f3a79ec33edbe400d1852876d9a2348cbdd89cd5a147885dfc0fba6c479dd1668eba98cba1fd6f306fc3b0f0f0dc9625d847851d87f8283968bd08af266b1 InvalidSignature = 4d744a1aad0c4d76512902eef63753ec58ec3f5e23f91889fd6705bb111db9c688587c320b52e65939c69f2296d9a4c01bc450513486f86a861e706abe25b40a8e3f517ab58e99ffaf6b8c4efbf44ddfa9150349baf5daf0af17cecbbd99d0f5af871ed8b10095b4a0d14d3c8c4ecdf9e52d361d21694dbd9bae7fa395714d9a -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = f0b83b8facf6698d564bad334fe494aba3eea42f3cfc378455a989c4317e0f610c160a67527f5d010fe49b3fa6696516c757f3a99b79f0c641c68bb47e3fcb2cb01b22a5042246d5e9573c74c5d9b543e60b9e4dbbf3f36c44e0d410c750da3cc510abd12ca5cc0fceebb75912fc2e38e953cea30432e77e45408b607377e599 InvalidSignature = 6b5a094e74c5c34ceffaa51dbb15f02689e1c45b620e926f85882800dd4662c9412f1e6a54388b51a58a7d3791c6ca6acdf03ecece746e5e3189ebdf5c958ec0233758f126e4455957b7f6450f65f61f1202f569e1c95e36207916b7bd22f530debc965dd5ee543d80e14b19341221b294d2f4acf846a63705a9479b49fde460 -Padding = EMSA4(SHA-224) E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = a4ceb81c341237facdf5c8dab1f5fdd725985939df0b623cbb08f714affce42d016ab4b7b78ac7625037a466b1088fc762bc5fd7fadb8afcd89a82b314ff44d5b5472d1a258510dbe28b871c750d86c9a8043640f451001039a3e700b29a1c54272dcc4b64493decebba1902e64f0a665f39867cb3b5ed0044ebd1036f159430 InvalidSignature = 1db247c271a11b2d41205d1abafd433be26e273563f636a3a46191fefe2aceac656a9e91cd58df247a4feda14b006e6871896f1f3fd84a4c91e85a82d88314011b85b3e0432c07fc5f16b0d10fc56e2823bee8746f1ad6cf4cc4603bf1046c98e36cd373d7955ec37d86916bb4cb5ed4d43a5a12720ab9ab7f18a17ce927a286 -Padding = EMSA4(SHA-224) E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = ada7d6e417da2c55aba768f60df46b73496cc07866c7d2193f4c5c728e94228a4a90df7e33ce7edbabf78c4bc79dee74a633cf1d015ddd92046bb54a5c1f9bc892b76fbf9727dc79a0a7d379336d386082bcdb0df91da90813ed2421711710542d236ff06c70b0f932bd24ca7beeb1fe870dca9175909e4313da903df504e8f7 InvalidSignature = 468a0a4d9887dc8de86672bf5888ab473fc58cd681de1dd4b9fc46eeb32b184cf25877be736696aaa86e9707e6afe57ea1f9ea493e5f72473d7c5e77710e15e325eeac1a1c0a82199fb14f3f090703e9f14d0b0acd556bb4c242eccbec203664d8c903bb90210aab8f61c1de2391cb77f93c8cf6f5e3d1fb621c4109d5d089d4 -Padding = EMSA4(SHA-224) E = 0xe887c5 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = 68a53131f6499d299801d88d6dc311a138934f1f58a5057efac2e6738decfab97645f20e052db97ea8ab4be35f0ecaad70d4cfdf5ccafe5a1175dd5e61b1e64eb398dab3f9a55984e219b0a5509ef2ad0c2b4aecb9278fad06d119b828dfd31b8865922ab8f9a5c5ac15aed927bdb0297361684f5504e1fd409e4389c9bfeba9 InvalidSignature = 03999476730932d46eaa5205f422de58c5d517a2d15fd449404c52ce7f0a3636a323aa681d79bffac60e8d9fbd6e62e299368cf8dedc3c1631d347cdd518e0a18b7e146ff913f191c0e772fc3e50a4424845d23d7e10e038f9fcee9e9a2fe4907ee597e3c589000644d65cfee60115dbafd9a8348df03435224e1f99d04ceafb -Padding = EMSA4(SHA-224) E = 0x6a3db1 N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 Msg = b3e512b4ff753fcf01b6e6d830915f93cb99fbdfca3697f3140371e8f2743a78c4bc6c05f3eedddc266295bcb95adc926be598875604d63c250ca754814b2d34cceef506122287043c7a3cf3879150ed35f0386483323664da662a1849b4ab90334456c1455b66ceabc78686847ee32d9382847f3707def29dd8a33c34f7dc15 InvalidSignature = 5432923b53dc8ad5df6a5db2b04506b42afbf29e31086fb3aa7b7b7a041940466a6535da54329c1aa5cfd328d4cb622398bb572354eabb3c1a59953c7881d1b1603a3f0c5ce845dda3bcf509c9c7b7f61fb310ae50101d08062eb2b894d12602ec28e7533251c0987e4a290e5affd0083b2216f26a55a732432268bcd1982ef6 -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 14ccaca3e4e313a960023ce1ea1335a9b29b47bdd7463466cfc7bdef08de6759cfba7f5072825c5da12fe45c1a9c523186e036b79ddbbcf9910f32a5aab1c5bd2d008b9083d6c7e9977d688680c3d2cb6051e1b88c382b19edcd86fca6b7cb68f646d94c6007dcb60a95cf4564b13fe1099552a9ea86092da9a9c2de431701c3 InvalidSignature = 93e0eab6ad774d35fbf94f2226072c7b6dd9edb54377ab7d8c8f8c1f125b62536334d953d3c610ff9aaf04b1962cf30ec213a6022ddbdbdad67084db957853a4d35eb644e1dcf8ff82b26a74738271b2394b5a063de453ae5c0968034dc7ca12f9d1c11ac213e801794a00eec5d3ca9469a47ba7b932259be0aaf13d41302c05 -Padding = EMSA4(SHA-256) E = 0x67109f N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = e5494be79aa11936c226d26f260c2a8baa36c7a4d2a9eb068640528812a15e1d716f71a6cbc29a0a3cd47589d7fd4c4debe1824284e8322835ee13e7153c9f2208b7740e4058fa8503dc4656aebd3ee0fa60fedf7e907b85752b66cdc21b540c31881bc8004c7fce9ea80e7fb235486b5f1d0321c68a0e44cd5f15e21f27c402 InvalidSignature = 983e58dd64d1dc369a71485a497f9242a527bb285e5039e88f997a30fbdd32f3022c453218e22f0180c3f753bc0d6e3d695ebde88e8963571adb68510c1e40d84ac83785cea9ef84bdd3957e98d718c7a97b22f692dfa9d1273a97ce9446794fd193ec3d9354caad1b7bfcddf82505f8a963f7759d108b7a67a57aa7cce3c84b -Padding = EMSA4(SHA-256) E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 3620220deb2101077555298267995366d834f856ac0cb687151af5d3581bca09d5881c8842c9050c37a67ac7effe2fb44dbbb5281d05e5aa9db682043b0e1a9aa1a92dfbefad92b64748156f8f5a6531726e2e06a8ef82c578997d2c7b2d292ea2699f8e7a376fadaf2542a1d015be865135aa19d6325383afa92e729edfbe6e InvalidSignature = 3e9d528a7bdbb9d1083384e67441712645c2aade8ca32c8c5632ec2708b6b9877dc4cf4803b6cbe533fc58db7ab01019ae879cf746dbca08ef39affbd600562ae99613d76183554e712e90fdd4b37a0092a3ddb3bf2835e6fc6ee12e7b355ac006e8e5725d8773d856360bbef7a896fc66594b1a4f7ecbd13ed2c02b76511feb -Padding = EMSA4(SHA-256) E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 75d462568edb867e996ef0197de4685fe3528225985d2053364c38970162d85b0f6a67f5ac932d1efc7e16a6e296b26621a08175c1926e9fb5a99912bab6595b82b9829112b0e3d069b113e962376e58dbba5a771782cff161bc1678f2ced0bb15e83b9289dbb17c272f714cc46fa21f59c8959162d34b3183ae373271514463 InvalidSignature = 97828f3a8b864a95c19b617aaa5744cb09c3c37758349e398169e2e8344eba663f9dc871f744b52b3f15d07875ae8706e7bb849e0828e6c9228cf43e742fd2c233f2b31a67365a12f0ebc2d9d3369232c6939cb9e6e80b18443820773ff796d2d77d633f1e240a2e62625ca6e85e85105a9b9beff0c6d86a112f1e9aaa551c88 -Padding = EMSA4(SHA-256) E = 0x183a77 N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b Msg = 372c9d4b73d3d7527d991817dac22792b1a2926824a8a30fe09b9033f324f259df8d78c3ecc8dd93c2b31733369ad2f365fd1cf4ff946246e6919b4df825c36928458bd5d4ae4fd0532748fbcd0603034ff5117f1ef6011c4ca58bf78abd0e4a3dde3d4bd48e1451587d1239440da2089811dad129d567da3b60c8fa51f5bb45 InvalidSignature = 7ea27bfe422507d9f40f5200ba8b68d92147611c63825aa1aecb3268893388be452de5c3f9c6d224d5633913d5f27a33b669550c5653315fdefb6032ca50f781e789f148f2642aa479aac4f85454425e570cb0cba2a1a8586178a48127897003be424eb86d87a2c5c95627dc4407f4800536567337d88d1df3b369b176a21c6e -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 78b8e34e3d1026e88148aff5a05d5b6ff747113148cf47665fa1c842f6a2b4f0d783c8cb4097dfd08be1b9530e72fcf241f278c81e7cafe3ceaf95f7810194539e57d3151cd3b89a2fedac3928c61e3196b8cadfb2323b35fac38e671b747ae7145b8d94996db82fb5940e0eb402c91440c48ee0ca9af2452c063cfa8ca36c93 InvalidSignature = 697f7422aa7bb453c6b7e5c3c1f5a44d4631ceb0b9a9e77a0ffffdadcbd50d8f69a2fe23ef495191dbc4df75605198af429807393efce5d0742c6cd65ea4f6e60fb9de39faf141f6b9f2339bfdd95677de6ac7856b183ca7c2e19fcfefa916858e7e41de93257e8771e361d056d5c96557c655e1da2d4906798cc4b93509b0af -Padding = EMSA4(SHA-384) E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 8ae68ad40631981d0cb68428c642fabc658ddffc1761e4a436fe5c90bfbe4b7e07f5bf14a91b6325c32d5130625028293ab85e7c9bc8d850a07ab808aa0277100cae33d608114a16fb60275bd41c5cc3caf1f1024fdffca93f9772a95e283d1201da8f210b5a757a1b18afb204eebf107e0240951bed79397c1d3278c477c60d InvalidSignature = 7c17bf8aaeafb9c97966d905205b1f007a1379e5fea9418bd6decab846bc4d430de0315c5b2195ea62900b34b7d37cd6dde7e37d9361073942976215e7183e4dc876d69e1eca9cc3786d2e9922b71333ae3f0cacbe173a6346c152273556b6bdd1afb7fe01fcda772362fe20be34bd4c8ed9b16cbcd3db910a0d89a1859a2539 -Padding = EMSA4(SHA-384) E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 5ec0479f0010f6f12a707ab52bc4ba883f29ea19617d02d660216fc535fd08af94c54384c17ba9fba53687792121e734a2c6be98f68d67ea5e7f502be450f43fee9d094e1472fa6b2f0f9773b2ec0c383efa0fdf702c5e87fe36692c02954bca95cfffc5a0fcd188ef85126c872c10dc3a4c46b87862cff668cd218f37d2f799 InvalidSignature = 7202f1ed02d85d82b574b06fa3de38a0d19b80a612f470f22b4eb8a032c15be565bcfc7e9780d35f1aa11a312339554ec51e690287ad57acff359fdbe7cdfabf9770e9b33343cd8aeb8b2ddaaffd1d2308ec9fa28e5dc26abfee5c5e8470adf13380e7aefef727a78dffaf32bee251ca8bab4dd375d2a9e6c470943bdb58028e -Padding = EMSA4(SHA-384) E = 0x35c661 N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = 3de862f4efd8bda0f2f8254f730e5a8d5baeab4382a6c5371f99c9d684e9a13208da934744f5168282abe584723b53231fd6deb122000681153960a84bdde601be499174493f2a77188c5dd45ce70fad431df1be276b55e3062b41da32b4c249497b8303687e9e879ce2b2ca99da3636afcc0df2f9af5a64d8b895f49f35df13 InvalidSignature = 26068d35b77ed46848c6006fa718c92ea035464018403019929daa2fb8af505ea81e7b0c1ffeebd614d006fc6c445febc27a562ac6bae807a52d2268690d26b1510c9c1bcafb16626212832b1c5f8a24630c16849e6c5dae23d2af780f34095ebc298a0cdfc3dab0a853148b74b676baa2b23bbac4c64b7354c3f0e5c901fc09 -Padding = EMSA4(SHA-384) E = 0xc78d0b N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f Msg = bf087ce3582a9462c3706a2eb7cafae1b9b79c0185138977af309b428a29546c4973223d64b5e1b03edaa2230464ab52d803bf862f669f0a7751d0dffef09fb00f6b63085eba02c3a5bbb6c3908111e4d7ef3f31a9868c58517c255b140e23895817c5ad0ce0fd85433a2f7522ca357dfda5a669bd1d584785da231e952ce8dd InvalidSignature = 17cbcaab779fdd6aeac8f0b90fbfe96b6d7231fdb550f2caea85eb9911121d7a0e956cf11414bb111d1d0b05b1404d480d6eccc65c0d301207ebc1b150247809f4cba9ee3b5f759c59602b1e63594ccd374d509a7c135a68c6013ed73ddf68cba5ea31087af451832411dca910fbc2aaab286b3a9c95b1655ab872e8c2766d0a -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = ca69f73a1e17310789a65561639b2b054aaed69622c4fb345b1d255172cf68c0bb73450f5d1ece179e930ad161b69b6cec449e9cefc2d334c2b3fef7ef0e8dabf0ef7a703a8d73507a6c39171ed446651781b201dd9c5770b4ea34c72f440fbdf2475e04bb4c68daa49aa8dba2db721952cdd96ef53acf11b82a8e683a57371d InvalidSignature = b8459c62f5dc848a47e73837c3fb1b5b96c6cedc1cd0e08d5bccb8a0fe4e43ee03180a9457a8db53c16ab994e959bc59d29d3b15749a8e9cf43cbe81d13c3b2e0d55198e0776ddd2915e25f59b17e914888e10809016afa90fe24d6bf9aef635f291f6df2a80b777db31783ffd7148d078ee82ff15b4b83298c728fcfe80f58b -Padding = EMSA4(SHA-512) E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = aaa280f51dfd88d1e7c7f08834ca69d75e4743996295858e950b3c5c922013d377d1247551430e36d4aa48805069b57ae07b788ae5110919b27c8896894e52bdc7bcd3195b479bc77c9cb37e9cb831cc974f0aa2316f2813bf61bc5924d0d619ff2c33e82351550d4864d98800fe0654ec8da2ea2ff70906238080ad4bedc66f InvalidSignature = 570c0eecf611c34433df2f79b602ab96459bfd22a27b4acd07584dad4957af8c322ae98c376312c6b9330e50546a148734219636dd44de74106663e576ea85f8e02d9d03818f42134fc90c78fe94f06c4367e5a6c11357bc3abfd313c40a25986c083210a066985da3653eaf4581912f5396e5bd15eedc2d7fb9bb076ef85c14 -Padding = EMSA4(SHA-512) E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = 512dcdc30e9ae2b6e44a773eaffe62b10050dd2a12de22d100aa385d36c10cd7251bc3a03cc34fb513374032e912dd1550e874452772eed3c9eba67f84b97c7e4d50257ab154c5db0ffdbf4505c0cb61282c4ae1f812d7be13e81fc4a86ff2512f949a5a57946bae40649b7feb50541eefe208066d05051c456a49358a2b97d9 InvalidSignature = b19f58f4374cc02135eb3aae5303dfd5e54b68ca90daf44e2ffb4dcb65ad49eba624688b7c18987177573ad4299c8cae53fd2ce2aae3515d033673155f1e5849b874f6bb28f691a0b920aadc7cfd5218fa2bbe60513df35f50bf8afa968c7f3a821ed9f185f23d020598d745be5dfa74b4ab25029bd47000637a2868438a6cb6 -Padding = EMSA4(SHA-512) E = 0x7b8267 N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = aae7e01a6e1a1070fb04dbaf97684bd0252aff01eb0715f899844d8887246a723fdedc7d3bce9dc9f02b59600b79d10efa008173ae7c80569f16a93c1193f83996cc3607d55ed95589a22661cde098c996bf859f8100ffbbcf6cf955ad0baad3b99737dfc3308cbdd0518adb650368aa025153adecfb58d02f6f84fae4f44ae5 InvalidSignature = 2935b15fc9d8f8dacf912f828cad15c50e66745e08107bb23c419d7b177940716c04774898be1db3b175daa1cd1014900e7ec64705a1a145789bc3a7a5d2bb5a5956cf66a55b258913193aa44d29a731c33f1b7f04cb9dbc55f351a12ad77796502876fdfe47330d501c52fc87c5fc9d114756ba496a3742d5eb38f8835367c9 -Padding = EMSA4(SHA-512) E = 0x54128d N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 Msg = 0c5f5fa28397254fc62d7e2cb124b769873cdfe37f66713d7f7a3432272c6029113d020a57eea15156ba2261b244e91a9b8f41ad4e6dfeafde3a616d34c93b80549f55a1e35f10bee686494dcd587fe0b01b38f9d882a020816c7434decf1eff5eee220c2ed3b8bdfff9ba980949c1e250478c6f268ea1b8f17a362e2e2451ce InvalidSignature = 2596aabc2978bd62da57c486172a2cf433eb145835059fc035bd42886500156eca00554a989d19b6bcc4f640eb7cb5cb634dae38f59b015a01ffea0504847c643d525b910f61c2718f4cbb076e8af82183661d6c7e06dddfe1579ca2d6dc7e3e056b0ff6e6806fdf419e984018e2a1126820fbe966c52f9d8295a2a9cc9d0e0e -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = a4dd2d68a6ccaa4d2218c34c89fa1b8b37ea9a61fa121269d10222d5f3a55b051374a259e3e9d543d737b2a02b38f44827a7bee3a28f3dffc5038a601110cd97a3f0a8d7b780d3036cf5030bc7ca1179f9fc5847e57a5ff4ddd7b8d7ac4327b2dab9078a2b7aeab669b980376398ba4736532e34cbbbbe6fa1e774e0cd26b17d InvalidSignature = 97a9b907731d605e40d7df6a8c813e3ff319a02074a966782fc2ef7937d0e9710e4473cf0703c23de5a1d238aaf38f6c5882725fa386a92f50c213b25385bd1d6b481708959677f7263bb8766049c3a24022180ac7db049edc37f19c1cf1e613a6d295190fa86b8f52b52e989507ea1368637cf6147de89eb9d840d5a2fc23e4 -Padding = EMSA4(SHA-1) E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 8e1451587d1239440da2089811dad129d567da3b60c8fa51f5bb4544e0f5ec936f165efa3edcb346b7974b67daddb2c73a7ec7da48ba1ef7d4b2a266d11d7fba593c3f60f11032790dca14e5d783eaa02c2d2d52e7ca2a2163dca9ca3b1ccdf0546e3bb41e157e851623ab399034405db35c52cac55ee879a91fa299a55a9ede InvalidSignature = 9003fc803fabb16ea2318a36e3e00b8a0d91c882b3cf11ac778e445cb5189b920e7689b865f1a323fb28bdeca4effd085de9611021ae95558db37bde3ce4326a1c931a60afdf03c3cb5a43465242f82a6b27352e1fa75af4e7bc1a93e81b2f3fc07a4312174b8888e4fbaafbb204880f3188e3e739223a57bc9583e6f125f597 -Padding = EMSA4(SHA-1) E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 6bc3cf22b29b88757a39072df815b59e7a4f01079344a7c8786032cfaa33bf54d5c605c6f82f9205c76357d14e4c6783d61bfcfa0ce0bbd9605739f0ac05bdf716844882371cd2317d93d727cd4512be6d77897922e8c93b95a973b6fb2ff725f5a7a03eb589d16263708e18bf293db90709ae6d1b845a55dffce80ae1d7f647 InvalidSignature = 1a73d7d3cd4dff2de010d2ab176ee64db3adf4b1fd07cf37caf19bd223d6c343e7ef75b14603ad9e0a52b853516cb43f262552d2e25f72c2c3119f0ff5b516dc8dab8417f4aa2a85b812e8600b7cfbdd217db95e9f889cb648e865215289d88813af6c562b48ab0a2a12c18c7ff927d020329cd53635ac5e7c1c7fb6a9139566 -Padding = EMSA4(SHA-1) E = 0xa4822d N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 63215755a54b4a68ef26d1cc120c6b5a963cebe706dd6e6c8f409065ca66e076d5c29154a83f72e3a685209c7378793206025575ff1371763ae6aceca48576d64d8f8562bf39c90e8f93a30d310d52ec1039ae75ded218d429feb1f830d0ca3cf4119c4792403930cfd7c3e6f5d0dcd0de685db04e234bcd86100751154ec4f0 InvalidSignature = 3cdefbd51d9d74dcb34cdd5dcb6aa2329c38b72bef3fc30c5559e564fea7df8edde691f7793fb37e4ee8e363884493e21010e67c2b1310297a967dc852f94f1121456c6d83afc935586927cf1b5a1a927a221a05b133dbf775797c112dcece11232566b64e27bbaaddef31ad704f8b12d0e41571671de1e0fdea873a02cae156 -Padding = EMSA4(SHA-1) E = 0xcb82f3 N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d Msg = 361f28f34dbee24034e03367b6b8d34df3738ca3a86b9ebcb09e639bcb5e2f519f4a7a86fc7c41556404a95dcb95e6149b7f5b5ffbdd026051100f8f056cd00d8930d83596bc5c73b8fedd590c2e07ef48bbda4bfd850762194c9d1eb068e4b1fcbb8928a2e5fc4336b6178402e90086030f509035c9756a113a556f53bc33e4 InvalidSignature = 5b594ac8b973c6fb485d17268619b26c9948ff142284487a2ba1ab3e65d12af9e589f8fc0f583bc1136a2744be1f325f43e0b604a20c229996471ac2ab69860439a57adf60257945f4197e57b7c6711057a695f13d4b44f04d7c2bb87bd492fb0c03006c184628bade5c168fcaaba94fcfbe0911cf7e0b514aa975922e4a93a0 -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = bc8e2a0b7a699afd26236facc6780b4ccfde98a8f30b86c23bb73ab955a304f02fda526dc537247f3727c0a41eb0a7a920b3c713c26ef2be7e448fc416c190a027d9a4940170ad48b62074b371369b3e09fdd427d6405124c40a7c4aa5b0e72ccc118647d71d1c9ecc94f3a16810d053b34626acd8898a3c34906712ad78f3dc InvalidSignature = 70c2b47c69e68df4ea95dcb48bb3609b98805340d4336d544fa5d628af72583ae86a28c043c5aeab389cd7c23f2e164ea32ea83b5557cdf1421e4ed72d27ebc6e645e4743771dca252726cc6015ed165182c90e972f6c6be11c81c1f68083f58ea100ffa61aa0d7aa83fb4bc7df237dff22dc03093b65d78eba1e57d4344798d -Padding = EMSA4(SHA-224) E = 0xc9c009 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 370bc75902d814961b5d55a3ca12334f31df07648182a82c6d308033df7fe64fea83a8de0137e64f661f27e4e42ca6b5c1e0edf9efb2a58182b4ad85677369a3521f5d25f8ecfa837fb7b72832ed64797aa9bb14091c395559322c1f55720cd956270eb650bdf73a4e6d2efa1b1d16a342819a3d39870ab1daf22589124477f8 InvalidSignature = 3e18333b801bea1045458e538142886d338017f2d8e35147382668c8a68596bc2ac5bd7f781ac756e5cad5114b4373bee0758fb1b3a9a5d59d6e5345187797b9b08a9ca87cb039b36923e8be48f6839c00a165836f761c4afaef61da4b4f64c426c78ce22be51774ffe67cc1609160e0369cb894f036642be789875b8e8e33cb -Padding = EMSA4(SHA-224) E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 5d85ba30feae44c6de674c4ea2495d3cbe892394f46f18fe1a0a601d1d23f01d466ff68bbc08756a4b1e308363eacafc64e42b2c183626ae817058b4d67d539ec8d6fccc09f531b00f0daf2716f833096471e0fed083e19485414f8f04b855816822929aee5dbec0b49b91e2c15ae08a46970ab2233e92d9ade60d56afbb3feb InvalidSignature = 1b5f06f3c6969fdec39025d409faf8a800ac771d5bb821cb8ebe5343dfeb93dd741ebd881dbd02d029cc5e76381b451aa6e2effd2a1eb0291f002e3cc4909cd78ec5356b11756cdd06db3f74eaf18ba49f93f7fbf56880123eabf41bc1f9695675a491b140944b737df538bd7da904f72f469c890d05d858d145d59ba152aa19 -Padding = EMSA4(SHA-224) E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 70bab1b9866237e8f5609aebad3662f5a64677221a3aeffff2a3254d7ee00b026842c191eb6e666b40022ec6597bb49dd25692f82575306d1dc5d9e78d1e14a6416a3187350a228605758c81a5221e3f52a922b0c8255176b6dceca56f2208c7e27a2a24ccff13402c02dda4f8f547e10e874ed36d11fd23a531850f8cb4906e InvalidSignature = 1e43dc1fbe0363e626d5448f3670a100ba199095d3d8a81944ec33c269ca5e2df4256dc5749b2add1accaaca0c3bef0a901fe895baca9eaf1e521ea015dc4c2bbd334a0d86a5ad65789adeda378a34d25b11d731f3950581f99a9aa385f2d6391cd7402406ae72962fa438cf12d9aeec557cd8aa34ef483ee3aedc1737d748a6 -Padding = EMSA4(SHA-224) E = 0x412b89 N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 Msg = 5623af60bc0fd288d83dff1c0a212b5182b5b7134a6e949c876fac46fcfe7d9dcf3407b990f8e9cb772ec7f5ed2bee5f4e6c3b87ee8839d85a64897fe0a6877a516c2af1053d2cca20406b7814ab9013677feeaeb773ade5fb2d27b50bb892916333e0b123c6e3ae5bdbb54c868a579654549831ad1538eaf2344e91861de70a InvalidSignature = b1705a416781943f623d7e766fe1824bbabf15760f3288280d36208d6eea1fe8d638a9a5a7095845cd1870459a7f05023950756d01b630b1dae3818383c5f5a78b264f191bdb28735f350839ae58490b5fc13ba6794a9500b956782fb013c28726bccb0b19489e7244eef84b9262c603851be1b885c63c4d1b012e1a87aa30cc -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0x4065a7 N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 9299311456fe2ddffb3d231e14afdb0e3c906ff1fc554f04ef3f87b023314504c3bf9563f387707afcc4f575a920f673f1cab637d5c9f1208c901d5bded2f057ce9722797b90741248a7f18e3bdb74eea34b6a78fe90d9ac1950a27b791003b4fa4a5fbfb6c0428d280fa0cf92875d669b3a121b3d530f91deaa9c77bd958502 InvalidSignature = 70d2c3138dd7a07fe22e8e3d2335e0a2c0cef949373f53d4d242e4027c154574f6d18014252cc10ab02ec1ccdcd3dc6f7c3d131346e76edf38ad66f36fec73e93df7f548ed7ba1759fced7b15c8cef2875822a6ea5b215a5cca0009fdb64f622eb1d9e27df411c3a1b916511dfd51da873d14a15b6d87553a2546ee15327ffe1 -Padding = EMSA4(SHA-256) E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = ca2932d61c66292bb02e7e64a1c6b40438e4fb91af640ceb3a3c55dc48b256ef05cd4b8624090b27dd4e30173123782a75206bd90ea13e957ac2f85b9087d389085ae5f03dbbff2a3233d62dd38960217e39816fc222e71b677f3353ae185948d9ba493ceee4cfdcb9c3b7d1106036925b19857c534ecf24095c4dec2acfb0d4 InvalidSignature = ac59e4b969236d714c59cc4218a7cc02cb31d86aa24741ebab2b02deeafc350c9d533c8eb3d9a5f53317a634eeeb05e0d6d292fc52aa3b5469168b8cc79b2ddcfe9be2c42adf62dcbc568387422851f334a20b2994b47fa43615cf5eec6eed3a9954d7716526bd96d26118aa85e23c6c82278539874324822b5975c1370a70d5 -Padding = EMSA4(SHA-256) E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 1d4b556abc81b293c22fadd2b48f26da8699c9f56c8184a6ed813e8d39d8c68cbc130928f38b89327f2f0aa678838ed303e984bc27203dbfdc0a9f7465b21dd8e08de7ab1c005d16aa23ca9137c54f0419b01d2c272de741cecb98d6615d4100b14255badee918886c93555b995b4fb5ee74fb0d15b36c75ea4d8f7ad4e1184c InvalidSignature = 425e7ab27d14c8e05f82c9dbc8e660e0f0622db0426a741ef7876b749ff467f0e58043f1664de21881f63c0809527abf401038ca92000ca0c0f6d22d630c995fab4d2661258fd506cd77189d88c4541278cb5a3e0ac54e7dfa431c4700f99157da16e4f87b925368f537362dbffa9dbaec7524de3a1b1d9824ce339788779a15 -Padding = EMSA4(SHA-256) E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 99331af1b3c7f0f9426b4e3d9b30d371f7762e171c02e13b39514561112bcfbc5b7b91a0695d043a0979047fa9901c62be54044a667d68c34b19eb73cb236c5157588811194660e2daa69c5c22ebb0b4a11b5d33cdde7be6cdd5f796962c18fa5473062c0ba98c5a7e9a1dbe506c15d0697442ba9b4ea30c852c6fb1b86e5922 InvalidSignature = 04dc5d566e302f6f1fbc45e4fd136449c399519bc02a212e1df8778d8fbf166a72314260ced82b30950a342b1cfb81574ce652bb781f6c0119a1ae2021cad521887916378c848dbc573c3c7b8cb4f9421d4d79cbf3fe69cf78a0da68c7e704c19b8b9716e415e2c3f8c8533abe3590c3d25f2ee7a5cc46e0bab7492d52db0d4e -Padding = EMSA4(SHA-256) E = 0xbd23bd N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 Msg = 6be1036d728dea34e224ad9218dbbd012cb9175b25f819576cae945081ad2249eda7ba2f7896815d9b5ae36638a4e30e8914af99579e78496c3280224a9c75f01da9fd8bef8b925a1b7e901604ac8cd0064ee836ad15a41225c87713f22e1fd0e12ef50a3f35c43148d8db2ae2bb61508cb1e9b9912446ba81b8a1ade12bc9f1 InvalidSignature = c93724236f58ae9eb0f9c6b4d9326bb17cb53b2433c2b13d8402ec0b4455d7e1ca8d5ffde7d57bf5d7152de6abe3336ddf781b849fa821ec8079d9ef7c9272c91ff24908f79a9a62e88d8fdafe3aa67dcb1759ef54cab03f5644fda4debf537ce6c14cb2d35cc276c9dee09adb0ef29c3ed15189295de153bb20b08c80e7d348 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0x53722d N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 40d5b6a7c87573de1cd1960a16abed930b5591fffe17bc7114d1da7048e1e3ea6047e7792007ebe4bdcff3e995da603a1c147cc51a7f543814d5c6c5076fda235d6556d519f78cae552c7795eeb806867e23b8d98a2869c7fd5c6c2ad510d9841d7728431b0cff43ca2e49958b0d887f17ca6cc3b8daa424b9acf4271a8b8817 InvalidSignature = 09e22f6503b81ee8e29e0b6c969b0ab7dbde242245d806ff55891541429a85fe05ca8d21be824bb985ec0aa98d9263d83f8f3ce35f5fb67969e0e77014d9b20936c37348b337fff3433bab7fafcbc429a341371048138bc0726a19b7a4e3c765e89660400e2cd7e1154039fdd8c7d8f0b897f442e5c9bd04d49e1116937a2045 -Padding = EMSA4(SHA-384) E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 628acb4da4fb0c0b2a632800b3d4f47bdfbb3ceee7c211f48af460924b22c9bdd986ad1dcfa789119d7c83f3c6d4439d4df6042c6984eb0480a597145362f95b775166aa0471eaac9156e0255f86bf77d422376a2bc97d2c6bb9e3979537abb322321d7cac23d7e5ec37651ce4b011105d88fc3194586e7631796ba5786987cf InvalidSignature = 5b9cf3df0c0717027ad0acf508fc0ff4d11ffed402e355675431b8fd44e308944ace9cd66a790ea66f25ddcaa43a65b50304da9d83b7702fd3e9e65d8ec2d73c9669ddbad51814a01a0a306442ae736ffa87fa8bc38cd1484dce14c5474b578ea26d98b47da09efe294f1664c9d9a41f23d8be9aaf3c68c475d793b6c6f8a311 -Padding = EMSA4(SHA-384) E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 1d39ede43551c1527056d10ad3c7ecac54574d9a989e7b4f010d6df2e827f22a27ee5035db9c2b346894a9c9bd98d4e4d93c40da8d9bedb884486ed682884bafe9bea5ef812618ce78c6e69da8a2519e19304819c70b46aca5eb78e3e1d51e096a8f333db05750c8abd4cead1e4d2b821d19ae7fcd574ed56bdfd1408f7831e0 InvalidSignature = 8a547641db63e40de38a4a9aea327ee84d158e974329a15ce2478d2792fdcdac0d0abb6b61ac8f9bec9acb780298be56975c476ceb125e394b3d16562b03e92fa5f392c72ffcc0b3ebfd67a4c6b80f5652a59bcfc170a7f46c214c099ff287de1cdbbb3e410ac8d27d72c2c5357005a8262f322308bed50c3b67960e5fe0d980 -Padding = EMSA4(SHA-384) E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = 26f567e1af866ce7a2dc22e0a2596df4c60d343f4a91b5d485321b021b5252d6740c1ae06d175a3a4dedb7c7fa2c66b96d3c3e56633212fb55f43d61ab9e7e1f2d250770ba3bd0373c723140dba3b0c9719118413ecacb4fdece5816777350b837885618feb976e557b2b8d4ad88f42cbc54e788452187d8060894aae99970a8 InvalidSignature = b7a051f79fee95c69277cf8eadc867497f28bd9f66df38de5bfee5828de89d9b5bc3ac72579c86abc405b36f5d7ea26b4fdb88dbfbcdc8b756c80b8d0ccadd8e33ea5b5e4bbb9e8a45ce61b4dbc61f855f864d46a2599e1ec5d45901f0e273907a220c00863ee69c74cd8e07f29dda0ed6d519af8c926c2b2b648ea1e9ea06b3 -Padding = EMSA4(SHA-384) E = 0xfb045b N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f Msg = ea567b6c6c27320893fb1b63817714739f7169e43e069bc47de660806cf3ea0f710b6c6deb21db4b1693f2052fb778d4d8b7c545bda083e978b5b24eb209ee2f8b4df5e83ce6642cfb43c1fa206dbecd85dfbc1432998fe13a7081e5e0a8999cfec41dc5a89d55150cb2922c9cbf6fc870915739e51847158bbed52c3ef772be InvalidSignature = 0b9e0437a57b4a927e26bddb19a0736ce67ecb210e79f2467a00113bbb773be9da3a1071c0837dcce41abcebc59f5387adf9402e50ed6cf884ad007c12c16e7a97323c150d7acd7a456348fa803d4fdbaa4c9648724d2e68afd18f9b0d4247502b71578afa6d25335565a47b9780687d1997e30ab5ca2e60cb00de5b4a6b757e -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 541b21710c8956949458f4daac99d96f59886119deb5ee78e861c88c092b287767ec8f84b6df5c6963059ec912c727fd4bdee21470706618f37bca93c577bb521237cd692b110f78c43ee22c5f830b080811066543ab9db74306ba135c757aeebbc68228556696491dcc680a7a15ad17f8ec76133eadbedc40ca3f11b56d8bd2 InvalidSignature = 286dafd4c04495f875456be6adcc9109def4903bdf2972abdef455aac0f814bd71144a0cdc87406d4b08de70aeed47073b70b8cc9332b7965d586af2ac4112bc07680aa9641beaea7f5e1e7e6cda80e5958ce7487e388aad7d3027e769ac6be260deb48f7eaea1f30e411088c684d5291618421212ba18461f87371fd171b25b -Padding = EMSA4(SHA-512) E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = de1bc34f15b473167a95e1d754f43d94e8109d9c9fc341ba64561bac4e9a8ed67f3477384c396a9e9efb3e169722cba779fef240c41bdeef9f168a5379b08354f021f011f2afcf1a227e81e07daa896a3d939149fd78adcd1f48e4796bb4edb5f88936c3503d2bf4cfc7b41c4cb4ff43fc78819d920237bdab9332056acf5261 InvalidSignature = 1c6399bf074dab80478afd8cd35b217b9f4f7d10f871dcace4bc47c7afdd37da23b9475c7990f883e95db6e4d0254306ba9e95ca847ef6dec86c6084ae78440c2308f2061a8111bc4df3ee133fcc00dedcf8a30bf5adc7979d37dacba566c22996c06ab107f2bc7a0c05bda7eef7742b4abaebb442c11eb41a9f32f57f1698ff -Padding = EMSA4(SHA-512) E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 810fcfc108d1c958f62f7a243aaa72420befba69dbfb68278682716dd092bf4e0e74830423d3cd34ae1f5a738234ac08573760f3bfc1bd2f5b4089354e9a20c1f213c7d8ca703d0ab85c93f5700c3e0a2d1f6b94a3c892f5342e4e3366136cb495b44146e5f141637baeceb2ed794ed0f66d80516f5610027a1669710147cab0 InvalidSignature = 525206937a5a77259ef4249350f89d92c1c63137e4b191812a35b53a7cb5cca52b5f697fd302e39a9024b009ff6357d998b2416993cb72c5c836b5ba7de736bc8d07020cf9360f7655443a0282c93beb40bb46a4f5ef7b76590433dbde9914d9b9c455f9353da45cd4192feb8cdce2cd46741682162955ac6db834a42d2f92b5 -Padding = EMSA4(SHA-512) E = 0xd8c34d N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 44faf422f16b794a9763181c52dbf3066e43ca91d724142ed0044e33e88a93212ae26d289563ebedcc6ff38a0e9bdad6671032e82832e3d6967f7ec2dfb9cd185247af11ced9227c7b4ba2bdb9ccb216563fb82504e10dae0a2c559b39fc0c4122f162e58614497f0ebdccbd3cb4a24ba2960352527aba3f95d57cc5e09b7825 InvalidSignature = 13db3ff9ab38305903f54095045fd95e687a79e764311af09b3c6a265176099c3547187832a0b0d318b0ce9c58b20b67fbf0a8fdb05a656edb46128aa45e1caff3c60a920c2a500ea0c8cf5eb4bcd9a0fcb5acf7ee33268d351aec6551a73b9f9b10f3c9c0214ab549a71a7e248840b09257be2fe15dcbf5766d13f2ef762c97 -Padding = EMSA4(SHA-512) E = 0x7afd43 N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 Msg = 83c53e873e548de19a44fa2d46d1db3377b21c0196fb92eb35428cd14800aba0923bf41b5d6224dc6e79439538757c9c50ea2ca721e339d4e111a5ecc42963e86f8769b4af1706346b757685d753b485eb1c8f9514d6009d294dbb51a06e04b302f1c4d99c3bdcf17882b9828b3228f5308f6c53d59c8f50f43cf5894698370a InvalidSignature = 3c0a78c3f98cf8ec68834879eef97b990a69c670b3cf987d2836263e0b5c33d9207e7521c6794258500a586e309aeadd641ff98f4c55a8d9c925e4bdffce15a31c31a0751db6f99c8945beebb259207e4ddcea646e96c57f565f08e87cf83a6e7c1e54dfb4eba57193b8c066a2c5085874446df40e401def7cbab9390c130c52 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = 541b21710c8956949458f4daac99d96f59886119deb5ee78e861c88c092b287767ec8f84b6df5c6963059ec912c727fd4bdee21470706618f37bca93c577bb521237cd692b110f78c43ee22c5f830b080811066543ab9db74306ba135c757aeebbc68228556696491dcc680a7a15ad17f8ec76133eadbedc40ca3f11b56d8bd2 InvalidSignature = 80e1846ad50ec6ac9937be11c1d589041fc970344d5997ac3d9f6ed5735392bd5dc3dc626f5b6e49842d79c9cce21527808d8c3bd30048e1f07567c84eed704a8f201ce840efb08e3c860d15db421ab4998f4acb43280e8445ed25b32b6e62ef7b47270e94cfeff31603e609a99814369d2eefeeb88c5bc5a4a8121ecbf37900 -Padding = EMSA4(SHA-1) E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = de1bc34f15b473167a95e1d754f43d94e8109d9c9fc341ba64561bac4e9a8ed67f3477384c396a9e9efb3e169722cba779fef240c41bdeef9f168a5379b08354f021f011f2afcf1a227e81e07daa896a3d939149fd78adcd1f48e4796bb4edb5f88936c3503d2bf4cfc7b41c4cb4ff43fc78819d920237bdab9332056acf5261 InvalidSignature = 06e5620bd595f0e1a70aa5d73bafea42eac2a131120919903ad4259d9b2a744d71d22fc2ab36dc1c6cb0d7e9e77335a433b5c4ea285180cd551214022be3d4a145b371f3760c0d0135972b95eb593e283e04c7578d1dd9f38f3f0aed08bcb60f80593aef3b14155ac0eb98d54705f24ba75958215e308949b62f4545e48ed938 -Padding = EMSA4(SHA-1) E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = 810fcfc108d1c958f62f7a243aaa72420befba69dbfb68278682716dd092bf4e0e74830423d3cd34ae1f5a738234ac08573760f3bfc1bd2f5b4089354e9a20c1f213c7d8ca703d0ab85c93f5700c3e0a2d1f6b94a3c892f5342e4e3366136cb495b44146e5f141637baeceb2ed794ed0f66d80516f5610027a1669710147cab0 InvalidSignature = 0c18050560c400fe3bc390fff314aecfc926d45d5dc310d1a80ecdcd237d2e97a2a3283c99bc49baaa147bbb82f0e4834f2da7d9ca29bc36fe43033adc0e56bdd1756664241b16664a52d6383cf545f3ecd25be6d450bf82330c1fc020d4f89945186e5347f657aa8cb364bddad0c33f7d94b652197432108dedaa186338d290 -Padding = EMSA4(SHA-1) E = 0xd64215 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = de225e04afc5701bc2c40ac3a9b972fcf04db86353a08db32dec588c346587736463231b39c2a8e22189139f31cb3c9b17cb66dd506315ab9ba7204dadc506142630859bc4fd694dd68da327f46c9abfee79c68602477a4a52c401ff9518edbe0cd0ac0eb73c5c63ca15e0e45b6334715d9efde5d11465983b8a25295326e37a InvalidSignature = 0a2d99a4416e30969e2e6c5cf94603dc1f94936974753ef5513df8e5dc6ae6768ff5b2ba3231e51b45da4dd90233fd136d59e56a2a96c886b1edafbae485c9b6084c88fd09d691c2ebb157f4f71b2f3cbf9290123acf50e4d697bba9b0022f618627a2646ead3b93067ccba82a4b43f8755a5393e5433a00398df0837d5457ae -Padding = EMSA4(SHA-1) E = 0xbbb2f9 N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b Msg = d4fac2af4fa7a3934afc123e9f3dd0be328c0cd6ca67d6a31f72d67f34773e26e6abfd18c533363e24e6f0cf6c550f75b60883ac980bbf6b3eaa6c07bd785f54a596c90dd531ae76944d993fddc18dacf9833ef3542681e689a102d1bf5235a638438f5727abf584c2b87556998b34ab2685a773a5c1065926e1fea7e00ea763 InvalidSignature = 5782dbf7e801d74532c088c294b69811a6e37e1d2969fadb7b7b18073bcd59172a1a2b4d19eea6c2abbeaddaa80d88a4b21be6abebd040151bd0f258c11ee06bd81db342170f7b68f0716cd1eeedcaee764fff9023d1fa6a8371946b789673c7debbfe9ce63fde4f233f476e80ecbf95920ef19bb22bdb006e4fc9bdb556aede -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 0aa54f40506682881b5ecb5301199929f9fcce361428134b6ba26e2655b016f3de8686137521d01be574342087c2f132b54b5b26812a2e99a77e2231c1c8bf26ba947301855ce2a40fa97d8b727b56516beb32760e0fe05fb81eca9e46d4ca7484183f94e8dd5f2a8146cf1c2a0d719003257dae229ed3a785ca8ff64b9edee6 InvalidSignature = c8e2f3ae12071b49736553ef634fee2fcd61e4018fdb452d663c3b07432cf1f00e3e59b016663052d92b6311c2ccd3aee1ad5993b2d4660fa79ba5e8bc5df304e1abc9bf06848c487b81e7536e5f13e1db8125941a168fec73fa3c3e8551da2444cb0bfeee2ab9ede128eab718f373e56348500dd4cee900f9ac561b03d5248e -Padding = EMSA4(SHA-224) E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 17e9517428239fcf87fa7f461e833d45b9282a255daa9451dc67f5a8a6d96b23e26068b8bd41ab7e02ee6f11ec88e23838a2d8c57d48c1bdc03fd8b9438f9e8c9f3f87261260f3b91a4d5f1a4330dd693dc8c1f4316a9e59554671ebbfec1b57770f1588cf885fc7f79db927cc841620f1234e7a211a136cc3032606bff8cacc InvalidSignature = bd83d910364d07022f775c679110bfbfff38f00f29f984b9f951b440ae9c09477128dcfb0dc6da7c0f214e4c79a73314d7fddcef277781a70ceefd81bab2f9ded7baef76308cdbfa0d2a0244cfefb7c90d61c1f8fa557ebcecfd481a8e7faca060df6af93486acec7608474514b39ae002eb7f2e4a95ba1799ca4700cf92461f -Padding = EMSA4(SHA-224) E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 6335ac2fe053d75f7e288705ae77431bcf2e0e29973de9bbb5a89a12b4dbac1a233fb79cf30ae1b5205ba5879486d32e48acd8f5ac9040ca49a579f0a46cdaf466fce3e2bbe2c7b8f82c271b80c12149e8f4894f5958767c36d50115fffb494a7697bb69008490524dc4962b3bcf3455f82ba89e673d94b8c65fb9ea8d330205 InvalidSignature = 8324e0f771e2425b09a6be4945bafcc30f21f6c85cb105ff76009c7c79a8cf6908de6952fa9226123e145186df7c57ca40819a5ef42556bf521771979a5d32f743772693d0c6ee9055f3f613f79f91f46ef8a0817f39bf75d89fde5a62c377d0da29c6418641591c37abd0314bd8ed8f25d4cea6ee00802ab5efd0f683a85f50 -Padding = EMSA4(SHA-224) E = 0xb4c049 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = bd550157371c4ec71c10cc7cb467ae6b6ee3759c82efb9ded6ea26b91fc3c5a448c67c7817b5d9250e1b0ba38fdd312c4412d8a9be14be6a5cd7dc196f7aa4f19b1c882b81f1bbb99a953b3766a00f1fc77acd3ca7716061e108085a5f92a22380002a58bcf87eed8a27651f81d7cfaabec45f3d872b262b2d25b263373347a2 InvalidSignature = 9cad4b858d9670d68592544e11e6ffe849051f7d5a5732aa20c2b3d6f8c9648e52a45aa02fc27a4f3614c27d1f9eda37477d2e9f5a323e3ca10998f13d56ca0b46b0a4214ab31f124f81e6448f790d027895b401a11a7f75a82cc06f5417eb82511f5674a36187b2bc3d122f992fa2a85ec2bcf91bcb386e5320dd502e3c9dcd -Padding = EMSA4(SHA-224) E = 0x6ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 36337dcd88c66f37c4e3e8a05123aa0e2c65afe538cb190ad6066c49b6d4fbf4edc6a0cd4747b026deda2e47eba33f10dd29dee0a85ad1b560d0dc940652342ba29e36b59165591e219862675be2d74d2076b525780a650b2623ed3b809464bf7d41a84b10295365b4a4eac848e8580b1ed29b7e4fe4be55518a0708cba171f9 InvalidSignature = 148a9f6732c77152223c8f38ead0016ec9cff52302fcca9b4b99ce1f1f093276ac2235a82a6197301ef73f63989600a160cbaaf830a2e4cbd0872bdfd2fbedc2f0afa66c5cdf9cae8062f31d97b4b6647f59bf04a9f1bfe2c55ac4e49142659a3529550be59fffd8669cfdca9e58895caea6676edb17a709e5ba4f01b4343fde -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 91b07ffc7a0f56dfd81fe53414f6fc57ae6538492f218cf75f2021bfb746603019414d11bfb216a5728deb2efcc211b0df1d32f7476af8db3ededac31fb235684d119edc243477ca30ccc0ff9da03029ef7784dff43818e2f650b4a33454a80594e71b6392dfa0d57ca30aafe1d7824b473cd6091cd11493ef3f5866e073e28e InvalidSignature = 59811c0f93c7407546a19bf0dccf244b1529c1db5b8a6feb9e4182f4c2974810a97dc85f621a4ae43e45dab7af4fba76412dddfe380785edb2e24493670aaaa9a782f5effb7124bc60f254fd25b11b125584952d32e1db39567e82bd34eeb1eafd3ceac1554b368f61d77762ae3e672c053d20a3af591b9bd27441e7977c0fef -Padding = EMSA4(SHA-256) E = 0x6e7fdf N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = b1913763b5afa5045396ec7a4dd1fc472e92ced0dbf79abc6b8d499d38132dd23680f0ac8447cacf41d9f7dba16b694c40faba9fb68d64b76bbb347ead6cfccfffe48994b4fdd42bbdb37c0fc0e674b46a5cf9b20506c8264d848d557fea9e93b4c5e9646d592ce06f2d645cd1ca874653bf7551f1e82cd2b8f03c6ad9157ce6 InvalidSignature = 411df9bc426d5bf6ca6e12c564ffaa52b1770cc96bc670e9726759b1bef233a7b6ad24d79545eb78f3a1318881bf65e886563918521350e125b957eabea89d0e487f7b963767bf1725c6a4c6544c734600669699ec2b7fae5a01433dae3c148d5824031209c754fcfb0a2d9702bbcf17bf35cf9f07b73ea6a732c3531a229471 -Padding = EMSA4(SHA-256) E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 58b262cd0a0859381541e24340169e9bd8b3dddd52c5644e31d56ecb2bd4f00387f721e3c9c53a52916e7a1fc15e6e37de126f1cb92a6c924ec0ea9cecf948a696d94804aa5ccb9bc0c2dcded52af0fda9626c5865fe683a81a7b3c4e5b617274e02de17f4f5947c6ae60f6ac5a2ad53004cdd7b9f68e1ad9332d22d5e34e4ed InvalidSignature = 56ea3c128c5d3c6342c45a8eb5275a518ba00aa2a6e177fd855abbf35386835773299af0809c049c48ab18b50ede9cf2d84650dc33b75d11e6e607c5e05d3052c0cb513ab62114cf9d850a1117ae655a3e5b54149b7089aea33d38bf673d04868ee314e858d981a31967178471ed93d350590fafa337deff21c0468aefa4bca2 -Padding = EMSA4(SHA-256) E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 45b73d8ab4f335e03c0154e92e467bd390f817285b83f64de72b594fa3f34ade09be2f9ad1b5a08e65e876fa963824568d744b9304c288a4b641913d13ec80db39c26e04202444d0147ecea86929114e6a90df1d9292a893ff28930c2348cdd0bd0921500707caad3109857a0fe1eac30f94fb4e6dbbfe20aa2988433acedbc7 InvalidSignature = 66090f92daa94f0d03bc2cee8b21140d5eec31bf90d096ff8e3f23bb29662cc36925e1db46e9c91de5bccb209f9dd9d7ec8e3f0496dcc72191238327eeedd19c40325f74e04636457485c6bab62d1a75c78dc8e841d1f2dc33afffa9acb7a44ad4bd5a0038ee2fec8c5d2e060fff412e88f4dd25bb90e2a3f46a6e378be209d4 -Padding = EMSA4(SHA-256) E = 0xffc8ff N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf Msg = 61bd546bc549b962a8868d7ec803b95674a812b4593cd33e98294a561b84d13e2848008036e2218d00f3e4a4d95155f53f4f0a07b23ea157c7336a42780b6024bead5ec2628f8fe50f7c2748ad9450b4ea94676a195769c1409da8106c0cc3ce4874d4f8ee57ebb3fda9bc33ecd494db9eff92a6369013c52cef6e8aa18de284 InvalidSignature = 1ca0b712162c8f1ef2c443d7caab390e844e0859d337dfa4c42f17afff26fea832ab4d7bf1154ccbb88f7220bc0fb6980506d39b8f8126acb1cb56369f799164ac9ab702074677abf3d6eea003072b49f70f3a9d11bf3cdbf5f4b6adae5c5b6cb4b75af5e1a8865fc1bd9b09ea35a5274c4e3d62afa575bf85bdb4d87725ee84 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = a5e2ce04a27a898b29d3f51c2cdfcfda59674975a94f4796361ccd7e4cb3b8eac263ad398b2650d08824b6bea0791c9c1338d9b70bb0917275eeace50e8306cac187e89a30dd38f391b9ec3dbb60c48d802f39c93edfb10eb107f44e0be2e33e4753686fba26a9baeb9981e2a41b3075495351f369640d3293708f016b5bb70c InvalidSignature = bef3928d30828d0f473d1bcadb04c4bc636362f82bfed5a3f5caf3fa1d50fcff15ceaabfde593f997315b1163c03f80c5f668e32edf24cb4b9f0ea069f9cba9ee4c234cb3044222310046bdb4cdf003033de6a483ffd36f01b1bf205fd79b58394f477d4eb88f6e4e2b2d3aaf56a9a44c1f5a377ecd755dc71812e205e0cbbb5 -Padding = EMSA4(SHA-384) E = 0x59c0d7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = a8a186db7f996a09a652fa6c82eae8be7886d7e75ef46dc2308faa240563781b419283730bf74a7f020877162b016bdb2e3f1ec1c3e926cf67d6152153ab0830ae447d5302566585ed527b68198cd38a6d9cb6e78504adb06014dc4b590b919b597f1d814affe3a3cff6ae6c32d248549e6648618e8d2bed8511a6ab00cb3be5 InvalidSignature = a5f4ea68ef0aeb4b95f166f500ad95ed68e876743add1cd884c92e8c1e5dff02e3c5631e244efd8708150e1bc1f848d338bccd7d3c74099bc4e88618349fc3e51b50c311eeece26f21b63fb3d20ac52f4f20889f148bafe24ffb5a5e913b83849445e163c4b0777e78cb1420848936953a58b73d61a74ff9e195fe9c8a989f79 -Padding = EMSA4(SHA-384) E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = b47e91f13b8cbabb48637ddbf28ad8a44c9c823df2932403e146c6298c3187a12c759240571f4d1dd4add43aaecfa566876a9d612fe223427599a3163db33ecad31dbf4b7fcdd1eb5a4b70075f709ee6c56d57e58d10c6d15743b99579d65315527e0059dc1daeee81433b8930f529eeafae991033a4777a2e4cf2ed68202f4b InvalidSignature = 6cb1e5a178a8f5331e7b93ade2ec62e75613f5b93b1c82a3c13f0d950ed14f1f679cdb0c3d11d431005f4152e7f19347f0daa308652aff6d7d2c162b6486cbe8588ee1e8d3a6e8a5cef12ac61c1f69ef88ca70c8c600820075fe844a6e4d003e722586684566b17b51438df5e9ee2a5272add516430beac83704ccfe9f3e32c7 -Padding = EMSA4(SHA-384) E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = f5ab2af81fa31cd0c85348d948475b195bd3a5b26c4b7ab71376d83edc4149b74ab10b7c1b1b6fa9ce977f2d63b2e321626306591e4174393bf287ca6ee7420d84467d90a628423edb05787bce6cbe71d2f89aa4237fd3cd6e8c1be59410f180ac54c65c47325f3af7857aec12deb4b0b379aabc026f5f1ab52cdeb6d72420b6 InvalidSignature = e1c4ae4f01ae882268b35f11cec2b112816063506ef8d1934ed7f3ad76b7a12a663fb965321886fe7eaf05abeba8bb57e44c9937ecf0515862246f737abaa80a127ba32e78e650d236653d36426589e728387f1adb8001b9f69007d5b2d504ef5c534526a60f6b53d006c7ed0230a7ec9c09d80eb22a7bdb07f354a0292c0e22 -Padding = EMSA4(SHA-384) E = 0xd4bcf7 N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb Msg = 31aea9d1beb7bc4f5fc7f5a49f8968654fdf7c2d32c84199fa87039773021fe1ff6815c44216df261ebc81c7e2bbe2c7bed2da697bfa8c16688ef6a598afc6d94ae76f2ba90c7dcab66825e182162118a0afbb5dda2727e423f1156ccd6a87c5fc74e08f5b613e440d140a79e762ce60dcbe4692b816b90b12f889767bf90aac InvalidSignature = 103aa0873b0d2045b0867c084fa7e253c0119c91ad3c8144156b61f36fcda4a5578f515bf70167a1aca05b8fd168287bba88558932d54b218e822bb8c657067955c78ef3f97f3fc73d1c9ad93c31123cd519a17a82c4afd2bf915907433be789b302a9cb7cef11e93c07d35961ad827971221a0a3b26eb74445e6ea0db338b8e -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 537427fc226d46bebf3264621d7aa97b5686a277ee579f745c1e5955c6f4d8150dcb945c09a4db50160372aecfa07f191960a6b2648373e82d1ff892c7cdb73b5ca2c2bc2f61201123ee73658106d86ff62e0f01dbe9dcdeb92eaccd0d197ceb48e1f7451a0adea6f0dcadaebc137c24f4d8238dddf0a1fe0934bf2e1e41f0cf InvalidSignature = 4ac98f889b20bec85506523c1f6603ef0acea62d294e4f769b3a4be02091c246b186d23e5f22cfee7c3864f19f414c2760b30a725de04ed2bcc93cf871adfc94ac9a1282cca0d3670ea27a7ebc146d3981c6a705fbc7738f96adadf5411b44eb1c41ac19fac996a35a79ad34ec1d6d10ab062bb59d92bd9cdad7500864c6721c -Padding = EMSA4(SHA-512) E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 3151fcca24364d0fe8733e86e2a6806c6c935a3c27249dcf92aedac8dc76d22ff7742e5cee57711778c92afdcdf36e26b8448504ee6ee48e9eb25b9e495e9098d494ac4ddc4c541f499cdb652638b611b0353090ac125ff1fef8564a78419c57f038dd65951fe06e8377b986947b407579eec1a60a16f540db0931921027deb4 InvalidSignature = 9875f7bb194c63b53a38a06524b2d1300f1b3db33bcbbc6fafed33ed7f49ab2bfb0a4a085bd4e43e43515519aec4f05578bfd9639eeed5c57f4eff0f0fcb4bc1d21ff0d18a671b39808b72b26651c93515ce97358b850840a7fe4c513a05476ee447e464183793f92aeb1a34b8560f590e541c7ebb504f6fa839db5b59a92faf -Padding = EMSA4(SHA-512) E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 390fb4adb6b1b14c59872d1584b5d1e2378fae4a3efe1923a725b9457944de91a3dc14323314f923c85b4bf14a4f45c3d8dd2c9702aa25ce39b249eb8330fb9874bd79ea59bbb2e5b6f45843f37f357152e4c2db247ff6693d2a5c49a51668f090fa0b5b9070859b0a9b7b90e70e49f58be9999c0b4535fb9ad319e845bfcda1 InvalidSignature = 5df6894b07078bda9a4b3da89c7e92d98d66d3e67381adfb8e1a2ce8cf572069a42d1ebd39cef5bceb399c8e0823d25b594dfaa8bcb270a9281384b62341e91bcd9b25252dec25aee0c71085fc21cad423f65e144eec0d3e9a700b8bf7e92ac06e33ccc70f2bbec5f7e355fe444abb0acef58cf978e10a4a953a6ef0d48214c5 -Padding = EMSA4(SHA-512) E = 0xc1ddcd N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 83d4b9b338fda00d34270963c6f35c854ed58ea8fcc7ffb8da3fa3f00d5e61a7586ab86de17ea8563880d0969554d44e614f01a6f8ef341caec9f71c10c2eed06c82723993267b7fdd35c3856ed628c1b840524b41719733a6231b18e1fc3cf6c7052d40d45de02f2b2f2a59d9e122855a8ecabe5eb7f1a6cd35570d087213c2 InvalidSignature = 02908246b1501dba9daf82750fddb095f66ef66e8b26fea97ccdb120a7c9f5ae0faec977b37d2a7c3c4873fe98139d85e2daa02bc9df1213f78c5417552cddf3844952a4295a6babd59822a824fd3404296532a2e8dd004244bf95ad2282319ac07e31afabc092c25bebd23d29d748e60cd6f8c5fc0f365390169b3a8da1e38e -Padding = EMSA4(SHA-512) E = 0xebb1eb N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b Msg = 3150fcd0fee48e6e623e34a588a99cb5c202bd0ad8bfc863a0305b33ce05f8470e11b7aa504d37c66320dacbc6dd3255bb8eb6499cf0baff72be9ea7c43245e5adcac8bf31486cb9d1fcd23e5d456e420a563a26c536acdcc60ae54b67972bf5370399d74adb1590d45b83c6f6e938c6d8e2b26af8998640c29d99e8603b93be InvalidSignature = 73e59071308a443d194c43ba89bc5700e0932699b8923a2a8491db20433d90c80289265cfce1cf419b83873bc5adadf42dd26d367819ddfd5110c31e7c1fc7b86f94e782c55023e21694cf05eb08eee9838cb35081847c7472840ece7252c2404d66f173f6c6c74db5f9d247d93f1ed077f37e574804a7dce99c03f393149fb4 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0x645c29 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 6c0e15a99f9948d41980d7a37a327eb280c70a6b7b9f6bce01460b6ee29b5ebc5e32bb8896f66ac54113fe8da013e465b4463dc1ae68e9cba77ee4609101d65b6e3ee517c0fdce2f40613488d20f3892b99249ca07ff3d8458d4a1e7c0264e3902fc3d5d03f69d997e32229df86f9fc1f773d78f6fab91817d12ea0b5753efdc InvalidSignature = 573cbed450f945f56497273fc3c1731d6198067ffa30047e38d1e6afe0aa643ae051b6a19ed64ec81a7621045492cfe8ad18c98e58b6238bc77c24186290dd990926a9fa6ce06eb0891db942c07b44fd00457cf277b12dafd0d636766456254b02087d0e05253f1fec4cdcfd65885340b6c6ee46bea267aab3895cca4ac8dddf15ce1157603f272551c47d792709e94a894b236bebda73af22d840c34d59e5ebfac5ab3f52cfa43398dc14113f45f5ea5c1f1539dbb7cf70bd632931fac73c26bd28b9301338a22aec43b8f7564736543af56198f962fc30369b50caef1eda10806fa70dae5c072f7f4ed1fc21e89d7986aeda084b5c4b8e51a2d9275ecb38b1 -Padding = EMSA4(SHA-1) E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 064206831cd415425cdaeb49ee727dc90e74917f55a723883a340877d85ad1a5f264f2c834d824c7bbf207cdd8500c9d11ef922569564f55e211f2313f6106250e321a99e64d1fc6eecf11c89edadaf4ca8a736bdc2b4cef61a9eef6c747dffd6494c51fbb9ccfe6fb5b5161c977ae773f2e7b7a358ce100bfe243eef67521d5 InvalidSignature = 385b551fca5e32d9e3ddb5dca31464b14cc4303688c173a43e13a8f036a9c9184d5573122398ccfc5f5eef01c3a0b29d25aca8e388f6cb84720bd6bdf32da681d431b6de9feadb4631ae7fb1e2aec9a30b99f82e620246357c4588b0b975c0a3f6797b71dfa741dd0150f9b614685accbb7609a5c511be4d522631c3f9c84e308c6e7034fdfd78da43eac1d45983c653eb57677d71309588cd18b6223024c2289c8ff5bc62cc7143de19c446e56c0e95245e84899972832beeaea36e5010e9bd7df8ca0bf464bdfea13ac4ea1e57ffe8f7f65a5e66bdccba127f08fbb808d4b9a7288b7f3f2a42233de496833cec587f360e135a7051a0a9fd24d9bbdf0fa10c -Padding = EMSA4(SHA-1) E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 624ef431a1c81e279c7f3e37609ee57c27c44333ceaa3e7a8905c658d6ae62feaf000f4c04814b9768c56daa0b90370ae83bae7f3f5929cf469aa9cd1cef6892feeeb50bbd79feb46f9a2fa265b23bc75ed3f772fa6a2f157221f44b85033319b6e18c74b4f560041ac62c28584b163af153c614e82577d374634edbfb34ea1b InvalidSignature = 3162cc1bb742edb6bb18211dc80a5fb1ab196487117080580c2f28059c64fb5aeddf40d98b2cf95024f8dd9c1698f06572f7f1682b67868749d33bcb678a3dffb9e4bde290d256c7090212844ff279906291002bff161b30e256b7e57a65f5c89273956a0a92e1482a90dc8fb2707cb3b64497c6ed40bf89c5b73de759a8a40e2f95943aaf6ba80946704f9171eec6d68c11f4158bc29141bc1b31d8ccfc62e9f4221dcc4451fb4c1619765aa230cb3c487bc9a055f61360e9c42e938f16e38fa4257443b0939c7d5506c4652c750f22788f6db34b0df54c8bb1ed75650f7434779041abe1b70c403933beefb3d22892849e00206d01ed74fe1376128a41e19e -Padding = EMSA4(SHA-1) E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 6305a7c4512d7d903eae65dc8e629c81060da681eaef9240659a7ff12a025f4e5cd3fb8cac07388ec1b79859dc3103c8bc4cc880bff8df274b1971d16c9699bbbeac6d3c8e8938f83c160a57e31473363c6a8bdcc0bd352f0d42a5278bd020844f3a03bc40db07387872c3bfed3173335010f77b35671fc075bc25dcd0d97b0f InvalidSignature = 40e1afa3895d938a9738791578a343c96095db0e72025dc2f80fc94a64143425abd96b9a3b5d039a5645c2fc6e70bef64a3deafd9eb6dec041c49e04f86d038a61719364d4f3599f13a8ba047c2f88a9638c75176ec15b26b3b37530441a120e8431ceca4c63c592789a1db9bab49959d593b273823bbab46b5178a8d1a79e7f93c03bb0468d5f64e5a0f5c607f38d4106022e4eeddb34ed457dca40a4f25fd9cb68d497b42d961091e4a06e6ad70a2b76caa8e267d54f8ea9aee85d4f8fa510b5ea8ac9b458eb0556566e8a71145a733897e0098dcb540dc4247a0f5f8b1e9735a636a4561e96141e33d3beb629eb90613c0d23f8330d3ceefb11e19518d219 -Padding = EMSA4(SHA-1) E = 0x593d67 N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 Msg = 1c9c81544661aab0ec7f6296572cd608cca51f55b4c47c48fad5df9fb5a6acbe07ddbda5448ea920570d463d62016c03a5bafc61a1c521657dbdd6afa863a924c0f1bee7b3ac168524b9116f103132aeb17823d2a2caf92b4516b83c62101a6d10828c00d9e27a46192acc13a7e4b16fb7849b8efffb8b0319898e3029d38701 InvalidSignature = 7a5da603b9e8af2fe8787abf9496c27324fe31e2967cc6451898587da67c337cf03cea8a528465649f76da77ed4b23b956be317ae3929aeb0664ad06a6bd83a9228c7a31f14fe54b879b8019e4622af59d31c7e4924ebe0d6260ff83013f2f684dd34671cdbbb9b9937f5d8cbc13d222e3809a757d4168d7210039fc4edde9fb23e27363848664ba10a750a7c3f3e06559303762acff5c1524b369f5fc8b0768c4c465a88720cdbba36ab49cbd6a95d4cf15c45084a84d7f88ab61d1546cbe1d56ffb29e9ef80115f67c8a962a31c6d4ca742ace4b53667ff9bf44f7a1da87648153e26080560bfe82204bdee00a7db0b14be0c00eb29a4e9311f620cb81e314 -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = c9a121fa15bffefb864fe3cfc2b1bf775886be3ff5151c40daee3c288dccf43ecfc02ba0cf8ca7cf9d4d206ee15e9947cd78f08f501eb36b8d3835b38bfee1f52e17cfbd66029513a6b66046988543e80f46ce1a3db3e30a2610c5b9540e7202ccee33d842e971cf89d0cadd4df0646204388167229e54238cbe14c450c44e6c InvalidSignature = 7d081b0e38d73256476358c013908f3497810ac4bd5d76252f3ef440c5742ea552ef5348eccf6ef13afdf616288dbbf05a5b25e66a8745d9ddf66639ca89366e28062529e80b655b0268e922c8d77eb8ceee830fa14c15238dc1442dfdaffbf92436c794c24f6104374bf131616bcf4cca12608cee203e7eb0eba04556a0a0ac3dea9fa39dac8082e39f9a739955e036d0636008f5c3c4f823a5e6e5229fde6b94f986520de9b9a77ca34ccc0236762c77e33e105a9346553dc0e4469d3929ec38e8813a551af26b0f7d9dbb12d40b7d9fe195948e1ea1245362b01faeb4157605a9ab5158a7bc4df644f12121b03ee22e9f23fa5f40067b333b865bf3e41244 -Padding = EMSA4(SHA-224) E = 0xeaf989 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = cd69ac8d1c46f54d46cc9aff98e078521357a36177b91392a0459abe15351993df43f437976bc32ec3f34b7e63a9ac11c66cdb5aa2ed533c64b70827c56d9d849e53d653fd10501278b370e1c1f399e57bbba2ea4ce6874c34475e171dec8d6db3a33b2875be04c10c14f171dc48a795da4ede579d2a158bb7fb84d745395317 InvalidSignature = 5725c1ac60b2d610977fae6c52a94155d687d575aa2f5cee817dbf77e1ed692266c0ff14a2105b343dcbb075c43ee6a839a64bd1d151d3801e62f9d76c8d94787c29d1e88ca2ea7f23d7ffe1aac3d5072f556a8087516df5dff9fcde5b0e849d08f1b42707d2cda2eac462bc8810737e03d47dc8240db73c3ccf7106886f8ae9c4c36473493cb5242e2d70bd5c36be35ce1e5aa5286d6439b247fb64ba06af222b133f05d39e6a44a1ad6ad567b9e0b5655486af0b9cfef1d714f311dfcd983bd90674f964f64243be02feb3a202cd5f945505826fda112bba3e5b837bdcb9e974953ee7b1ad7a6e21a0a64268d52eaba083c6719632c21e6615fe4395ce3f53 -Padding = EMSA4(SHA-224) E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = 23708e055e891826f8011b1f48a1c7ad24b5d008f9c91ec31ab1c5f358cc3793d389b927102913a04bc78c800e96153e026bc5ec067b85177e650defed730fa7c71cb11f80ce41c1e9eb24a9bc121008759f7cca6475547601fbf0567f6447d9a4346035d7ff0a507b74cde17b9b20d2265bdcea3e3ff1a84b7a5872352849ef InvalidSignature = a8cbf34ffefba916abf4961a6a1032c01bc4aeb8278ba42a18f4f67fdfeab49ebb05cc289aba475a9667649c6ecf6a8ca17ad81f17d5109807c2b260ac440e134e55ee429213cb8e8a2314e7049019fe95ba36e3ec1ed1e77108e4fd84abee28423996e3fbba3d38b285a055d6390d3d8f5b21415e6874ab37423efea5726d47bbfed125494a2164eab12394f89843f8d8a5bd3bf05b31b598e4caa0ad2a8cad4826d238e4ab8d005379f100f97398d896684b08753c89863c224d65a475443d51a91ed668cac691ea7030aa737c3eeeb9db33cff17ce9a8e399bb2b3cdcf2444567398db196fc86ba76114dbd13096cabd692b083fea1c7a94e6564c2e8c093 -Padding = EMSA4(SHA-224) E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = 0af6365d6065dfc44795d87a8119fb44cb8223e0fb26e1eb4b207102f598ec280045be67592f5bba25ba2e2b56e0d2397cbe857cde52da8cca83ae1e29615c7056af35e8319f2af86fdccc4434cd7707e319c9b2356659d78867a6467a154e76b73c81260f3ab443cc039a0d42695076a79bd8ca25ebc8952ed443c2103b2900 InvalidSignature = 3b32dab565d2f0a5ac267ba8fd4c381f5b0c40f20c19f0dc7b236232a8bdb55c1c33f13f4f74266d7628767763582bb0fb526263e2a4521e09a3207ee5fd7cfdcdac85ccffe3e1048f590dadc19035bf2f3b5b954e8c783f6bd3e99d98930aea8eced5e3119331be1d606410d16d0e5ef069179cd6b513b94b36c1cfe6ad64ad285e818b58c4c89bf9330c4bcec96d08ba21a35cd4851da1f405d928df3fcfeb85108171bb4ae5b0310193bd8b5b861983b7a2483ba6bccfbf2d6e15bac1e2f2f8363c6154546744e301fd2661ebb3a29030d269c8954ace992b075c63ac12a992eed4956cb2a48495d82c47fa68e66740d38a80caa69190b19730ed7d72835b -Padding = EMSA4(SHA-224) E = 0xb29bc5 N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 Msg = 4cde2a6d9ecfdefa3c631c95aa9933634ae12668db8b53a03f80524b8130208816cb7d2563b492b68033d7e43c6a3408618a67f93946a521508884d77c6318e91b4a5c779c7fd40841cd71d7227ab56e767817760edba9ce2290f8da504b341ee2c1910b5018ec18059bb21566b3febc1112018a6232a7cd3cfe77fd06cfbc4f InvalidSignature = 4151dbee3d483d20b57b51d80bd2d382fc85575fa031582a88a135b2615c0a079bb08c2cb7ba6020c35706aadfb6bc35d69ce4df0b2e5fca1ea62a807e9765501571d6d123ae114afc19b26ba4b5db1b0522859d2269117059651053b9d72cc253c90285652a7e3094dce3eb5c9ef5fbf35eb268e3b8fe693c2bfc4bbb8682d709a12f3038fd04629bc48ae13ee91112741dab717c58856cc4215eedaeedd57edb2926085ebc05d15038f0deba90b00e18e710e64d31ff563a1ac88ecf9cadca2845babe9dd26771f0a629976fe13ba14f7c9ca37b98bb3a9d96ca9d72273da78ff3b17f6d7aa2645c42e3251e9161c958bd6f10d20f08fe2437aa79d73f9081 -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = 7518c85b67e7aef7f26bf006899faef76e076f0c6c946e5dc9c83521771a6d298a9cf5adefdb314b5a07a54d8054c22b879fff50ba552c218291033c918401fd611a7447dddad4815e0f56ded825bfe256557622a385de4b4a69e265c1efd259e2da6db19aac3fa0e5ca2d42fadb4e24c271fc078feb2be10b9afa256f228844 InvalidSignature = 992d48b21bb3d2219b44e8fcc8633cf3aeb591de90f4386496ac7ecd284cb63d7dff81a50b8c4fed9f2ef737692ea6be05248ca138947b49b4e7f3cce6640e049ac2154c40f57e22fa14f97e7a9507e1dc98b206ce6ea0e180039199d1be0a15d1f5093a459e5101aaca2a23cb1f59cad2f1fb99dc956b9d4344bad2c1121d63b915004acbfc7ac60ac9a7b0b1c6812b30bfe087f7f0c7d1625f9c4f458515e11478e3604aa39d14d08bea30b01fcd6189e6f9b701d360e4714d45556b29815c8d8fa8e46e10749ba5e8d445a4c0f487e70ab5890b7ccc1651282a54e87e7db4bb2f7d4a671e71c43c55cf6486416f171d1955037474d06a71dd078767848e5d -Padding = EMSA4(SHA-256) E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = a3bf44cae8aa8347fd07d84a33eec5dbbdd7b6431368887c988c4be779c5473dd8c33ec82a35f1d3dddfe55f3eed67179b87ce86a4a50088172538fe9d1b06c6ef6897eb3c8e3618cfc21353ed4343e7fceb09a2eb035441cd5c8829c79b81582dd5d69ae85c5a001bd8e98e069961342a2bee00ad2b8b91015ac5cfc1f0c2d9 InvalidSignature = 877f20eed60f8ce286108a5dde9b6828b37e3fbdb08fe153e591513897440f21f81214598fba08ea077394ba8c2a44aa4f0d8f3a5fbaec3dc69b3bddfbe28397c90adf35d08ea771c7aaa31eb06413c1c62b77618af940f4c71859fa4384d29b48e5cfc941d69bf0a3804d2008e758742b8ed68754bc71d231623d181347c36833a7d7160f742a37ce7d432d748e514aa7d8156b50c532151390d086cdcf9d59f122c6d97f4ccb737289f7b00a237cb6b4aae6ba79d41ff73d019a26b59ade04c967356e2aad52f115357ffb7676f190db38dcfc98666e5b258559c8c85fa32942cbcb99d757e8847e56a1687b3302415698708191b136d923349b02fe38b6be -Padding = EMSA4(SHA-256) E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = e1c46c309b6366fb4d56ac08c9393cee9a7c95bbe7b7c0e79a3d9187c0f42bc33364c28a770da585e3fe7b4901a3ccd037dfc42aa65a3470521ddafa835ce2d16c92ac670bd4d086505e608781736dc4dd64cc5080ee19e586c8fd1d737dade5d378b32f1d5df1e8dda0e32a125024b2d53334943c18782d7e69825a580093e7 InvalidSignature = 8ed1f28fd16d45d416a21554e104c006fd7868e5895e8b99831ae0938135b543610df64a8c3574d08118bfe396f9a5609a8dbda21b9a8530ff0ba90e629d6abe30d2c1b590600db971fcda80e6eaa84017e209b9bd3b641f3c81d5d27f842bec8019790ed99a0e5db4aedc1c070b047c19410cbc56e9a0ff12d8f6e5d7371b1011ecfecf7be7a74f94403590a52f95238dd69e0b5f4c1fcde97ecfdb1acc3803e59ad8b3088b2bc509e3dd12d40d875625dc8362c579176799c75e4fadcdb392c68f401f68d854e46377f084c081f9d83743039f6934722e30ef3f0226bc841d79a4eb68c5cccbb6ae0e9200444e50ff0d0953047ef955d2d39a70c3b837c5f4 -Padding = EMSA4(SHA-256) E = 0x10e43f N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = 925d59f953cb3ffb6d5a3a55c079cb1083997536e33d7c8aed50ed76aebcde459938f79229613200c70dde2ceddceae08c10608aab9e30ec51842f14a65e5f8f553471da3497881927ec400b4207ef3e2dfc2b7fcd318c9520b8b22f69dc8a1a8efaceb7be93cbad569e67db062362913005dcff902018ed22937fad405fe84e InvalidSignature = 62b07f6d1b8f13651d7f22ce2ce01061090029db5af7dcecfeafef20621dd9e254a0fb914f76a3d79662257489cb8122708583d30778791a77da83c7bea81140c61e4d0484806e20fb85f24d1bbf774ef2ed38809c9b14f2a58c6e8649b760baa901544522ed94bd405c77201d07c8d12864a8d1e97a4d322c29994b214fc83c2ecd5c955b9bdec424e7ca5a1325ec0aae4ab0c202b980a2187f096aaaaa5e85550ebd325799f4f30ef2ead07e79c7a475667f5965e6b50269513659ab5962a391c43cbc3a3da34c0fdd1546c40ea7e2eb5352ce6a06ce6a6385ca0ddd5d162c137836df9ea1f89cfa00c3eb1671a43bd625526f3b6ba8e48a7a2d56fb4f01c6 -Padding = EMSA4(SHA-256) E = 0x3c6cd1 N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b Msg = 08d3ac24a595da811cc9bba78828f1452ff390ae653f22d1ad91ef6b22aa7b7b15a44ff7f83efcbd7a755eccf4541eb4040c7a4b774749a26dba3937b7f95c6c8490e3383d4f291dade5f35a65b1f6615fd4998be18bfd0ba4bc3a2136ceec909dbeef513d6f6689fc4202b9a3e78134877374d76ab246f49cbe7a8f65d034cd InvalidSignature = 72ea7d669ac699a149c13aa168eb3e148f590bbc0424951f1c3144c541915573ecf05cabb5275488c98d0ebe55b1f1af49ef8cc72cf00e849897c6afa53833caf9ffc00eb84cfe55b8277e93a6ac3e04b111c9d07ad62082ca32854c40de1e0956a18f8460438484403abb91e6fad12b28f114157f1b6ef563d2fa438ccb8a16aa3afe6ec5e98365c30d9a355e7e14b039bbdecf59f91248d0f1e317d2e3c819096ed68cf98361d7f9310b354f4f45e2f7c4dfb82c218cd438f3174a6f017f0f148a71c40ad5b7e2c8081ddbaeaa764d601bb2e075eb3618aabaa4b5060022c6d23ef072643686a759227daef0331b28ee76da4ab3b5ad5dda8991b9937d1a59 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0xcbb343 N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = 329b4257ece34ecc0185031b0bc665c9c87ac66ec01a8c69281734d2076e97b0977d6c6cee140f86ddd0818719a4af3798b9f70f3e78e8f1b9e54917aa2e5d4a05836654ba2968b795ca2f9f621093165672fb77aa4d20258936147c2c8f8208445837f59848e1c7ef1c174c30309acec84cdb8c4cc0bd6c5fb39bead7b88d54 InvalidSignature = bc7b0631f92c7dfb0e3e8694650bdc73623d0356ad2897aad8eca32ef4531263f3219e0af3ef2fa3b8a3eb878b3f9c293c634263bab59b1dbdee04afc3fe39dd8bcf22a0052e6a081d3b68399294c8c6aab199beefc49706eb3436d95bd3e655d21cbb0fb3488052df8819594ab0f9138fc5ad4e9e3521425e375684d94dd74b9a3a7a858aa1023e967502a38b67ed3b8b8f6086427e8c8b4ca608c4b394fc8dfb818daaec3d4f10e77f51d80c0a103569dc28814a80eca64100d9fce5d6b9081f871bf8aae624f1786151290c86dfac7643b21c74f4f5313bf8b7693dabe4c816d7d309ce27f4b08b59d6a26795a9c2278ffa2185a1af12257a5a6de57c1a41 -Padding = EMSA4(SHA-384) E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = 3cbc49d73addbe2875dde779689a363e42cf88b3e13ab520fcfe655ba246268fe32bbc3dcdd8b8809aeb4d95271f5e9aa828db969bdf4ebafa9fb1e7b5ef83705f611b2027ba3b7f0b52e85148be796015adef7b901084bff97e87151ed666fc16260d8932cb6eab31da61b4b3bfaf15f1246969aa157fb661618defc543f8bd InvalidSignature = 37c9ca333ade423c46419ea16c5d79f56165a03bd5c674fa0127500a1bd7f5c2d21547d7bb45f558b3b986624c8eaef4db101e4092dda2b4fe48811ef7fa694c1384f460087f81cac1861425e44b86bc2fd825eea94b645afa4afca29f632edce048aea9e1365185a60821e4385de7d7435ec00d307d477b2e6a6e3cde0f340c71d2c59624a7ac8cfb838f68b436c403ab3b45f9a19a0a14ea8f47407b7e25e51a498a902ed8eefe9c493421421695a6d17a9cd5b76efad7b39b8d584cc2902c03422f06af528c6bc65bcebd8876b5f4d1ebb68ce22af5de05105837c15f5ff5c4d41ed8019d6a0448c94675e192a51d5eade91d2237ed57773cf3b37ba3da71 -Padding = EMSA4(SHA-384) E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = 59632917bcef9eaa6edb1bb6013bef9e5d285fe212c49b44ed78f129ca804141a8aab16a035aa1d25ed2e25c1fb022469fb8ab0882d44e7f4459994a158c5175e7651c54c5937db266bf052c0215c8d764010f2941364c16c8f553797a8cc6b63c1dd19daaa01892af2beeeb5271c89ad38af10cf7f27f51a0d3857ca0878a4d InvalidSignature = 77a69f4fbd9456eb8cb973e2623d8ea83df850f3c7bc7c8f976728f11b2daa6204ec45e15cd36dcdba5d88bcdeca490bf488a32d12be8c93d9fc63d2a91fcbd79b4bed113dd98bf5b93673a1c143828f47935aeeada7938c65717fb8b370cf649134f6fde56602ba7d6f890ba166d3fe1c51e7471c98b661a6022d7d1d0caa5be5d140e94e70cd1478b9b33622ad69559e27cd6878925cf07f37f5dbd1ae457eea785053d06e2e4d010fd885b897f743ec09c2b06f774407123ac30cd91f81080845f885062fa4be9da31f4e6f626c61a7fefbc123e8b7b80978682b773b5537b2366d1118f506464d27db3991fc2af283abbed6d0c552120f82f906c38c2e0b -Padding = EMSA4(SHA-384) E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = b9403622a632794f7cd74fbba93aaa64c8d91b63144fe7ba23305c4cd135652d7a995d1c6cc2214e9b24696e976358e1bcb7514ea8950d5ef38ceac01a6d8671bbae8d3a0810cf7a76809625b53b360de536e56007bdcd72b15a60bd06f8ec27e6486f836264ac5973b37eeaeb0c6d6fab1e7fa2170f507fc763654c7f20bed7 InvalidSignature = 81511a0c2eb37d5c6fe2c214c55d6b0e5fcea17242d5a5a9eb4568ac1f0af9b8912498ead877ca43cf9e19c743c3d8ea6f4e67301de53ebb81a1a3eaff67d72e450ffc6646b6b45ce8826957b9afbb13f571c38852c3eb384f6a595538ebf467414f3522471147f2ccb347284d0873018bf6329f33e0b49f4e86338b423a1027a6c4718187d19281aa896a286b6c89622e4cbf4cc6cf4c3ad4443516aec8708006dcbca5f42c9b943fc8cdcee23d9099edf61185635b53ad4d8853d8a511cdc50e189cc8929dfd32f9dcdcf2754adcc19b855f41d25620b65090180ece407427e9ab602a38f1f289eaf3299db856cc5bbda17de17a74bace89913813d147d9ac -Padding = EMSA4(SHA-384) E = 0x24f1bf N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd Msg = a95ece434121269f4bf036395e54718c9b3b247de3534fe147b7b540bfcd2fd81f6e45e54848ff209b81f986b49db65a54a2366d9e7acb9d8798289c88dfbbf395bf3d4653a187d98685a753c8e933c281eddde013b6489555101abc4357532af497ddecccf263d1f242672904008fcb0a65405da9ce6ecf9a65b3295afe9e87 InvalidSignature = c878b4b14526efdfdb99f7287c0e871ef6c0aa7b4d2ee29299a782c8391ecdbbb60b8aeaab5343dffe7ade8af07156c45b16842775cab5201b3403dbd6bf0769ab5533d4c40deddb1eecfd8a46b933627d0d25893f0338e6dabb2a778649ebb2193a9d7c99d069c6c209b4436eda411184d99be0f80e3b293b5ede00f58ec4922fe8e1c6de04e58fd443d1cd96fcc9ca4bfc23343532a3eb840fd5c197e7795f2e3982a928e602b1e8f5cca7ea20da049eda313b1ee8d4b1a8e7960e4cfb5b16082ba73060f73c02716324658d3f00a3ff0a78dcbae103d5048e75669053645156f6640d4f6d1645d02e772dd8e70fe8866cad5ec2878ea6fc5c47530bf9eaf0 -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0xeac839 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 9c3d5d23d2746d15d616bebf3cf720c6e6012a71cae22002f5021a47d0b8636ca3bd201357e132a680fc5dec9b28a9db932d08ae8b3d3a37d7e2ee754b342a69b94fec26b50412289bcf77e6d4095faa545f15a16783d22eae21e18464150174e6db0b837347d440307655d56f0409db307f9773e81cb19282a93c9ca4c3b135 InvalidSignature = 98657fd8163967fa7d263bd45bb890035adbcdd1645fd48b28febfb9b4e15172540e38b7c2f673c40a205fd40b08b60b4b81ed6e236cdf08f0d6b11f50dc74c60dc466ac372e0f467883aa9a398f4aeef87b040e14a51502dd467e8e8dd89812dfaf6b1dc1c2f6c28448af084590c05aec499dd3b148e66f3d71cf75e239db6d21f4074b8bd9a6bde5ca668634bd47953276ff2d0ebbe01afcfe0e381903736d6a6c672a45fba4ee326e342dc5925169517c5f57e9290724576a225ba89cb4dd091f4e6513be10dd4181855bb4045d6ef6437c16d3b5589ef9d6836682711c7d66025ae37b525580f0dfcf3db7fe57d7c6b15777cc41600307e58a1721b6f7bc -Padding = EMSA4(SHA-512) E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 7759420c8d1a39ba0e3e1681d9b757fcf30cb40d844f4a71224ff998520e0bb44c761611ff4723a455540fe6b8ef32e3d5a23f8da0206b57987ad2ff4c9616ab1ede493847350dcf1b2ff9b98e813f74f8b68c0615243091501f7f28416c77e174f8a32b6cca3e62e7379ca16455c6d8e3b2651eec45e148d2a4c9ba3978767d InvalidSignature = 91ce8e921f85de845b9bf7503dc65a328224d15b23e8ea65dc3da6d804fbef196c305e0fba059a7d842c8c0f580860cce77652d4dc779073d6a3b0a92bf2dd3ec6c0618da1485036fd594bd962f7b5a1c61d53f1626912c7e312aa83eb4326288a52437c7387916bcb11084a40c219c84cab2ff66e83143f858647f2dc914da0c7858ba39aa8ad8147ea5c9c52069eb2b2ca941d8a5023748dc401e7664500846c85cadf0287e39b8b8b46794a82bfffa752960ab3b9eaa02530b5903c24aefa108f10aee35b6a8a3cdf8795a182e5c04ed36bb68c18785623b42f0979fff319112e1514cee51db437ee32289f61ded61186c6ed44ad722d18d556821f888221 -Padding = EMSA4(SHA-512) E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 864f4f5890a03653d08daa83d9e2992fab3393b7ee152d6f7b8ea3ad1ec9c1219a0e0365eef2fbd5d7cbf3a19667d421f3fe46688264191b2583e484d209ebe2975e4603dbd94015e633febaa43c615aa5cc2cbd69fd6ad9db970ae81bcccdbe8026625adebdcfbb04ad12f589c70883c9878fdf2a46e750a4b15f03807a2d5e InvalidSignature = 245fda2e66d2bab102d0da4098d751650f5ef4738d14dabe866c782009ead9d6d05d43ac0a3014a382d62ac971ee19798f3b8ef49f9bc247fa07b368ac2d0e8a4fb210af5acd87b6b512e135861b30103403304732a10b75c9a149552d1ccf0f9912968c6431398b7d48dff48cc7cb7184e76a0ab94ac9a6b0035b91b3eeb2d1326ebddfc13250224538c143fc0dfa3995926415a658db8e6691504050a1a30e34b21af8d12707bc4454f174385cd84c729e2ddfc5cc9178812059b5da4a1a605a2a81642ccc1bc5cf953965f705673b12c5b46ac8c1a03c1001ae4df1c39cc83cb54b10cb7d33cd5108033c268ceeebba6c6ada92882f46562dc658d3525574 -Padding = EMSA4(SHA-512) E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 71abf895e56ba8f6ae8d0e9e6690c09c759270a73db8c1aa95d05980793537fbfff3472c8d2c34de4abb7e64d216cc952e798314034197d50996a2dcbf4c33485e0b68910baebf0e50ea29bacd3060372bd47b13526ec04bdc81b90dc95a8ac2743b814cc5b9ef8ca9633628bfa4248b55eb7f2d9208e114f4dac69bfe27e472 InvalidSignature = 243c570cd1bd85522e64817361cbb949c83876d7a3609513aebf506fc06750ba38e820232c98acbe00ffa50b36c538560069fd13992ca0df7d9f6d956b883334f1c3af8a74adeed5be15b033d85b207be2fe600a9902d699ccef1f4a8d588672c446401eb390d174d572b918f9b349e2e704775300023850a534cd14e0046e385181d345a01dbd230c7965fffd71d4e9f9bd274d2ef46c556c7332121362e71706c39f08919efa3a4f2f142150c8cef4b30ef788f6fffc2ed2aca0262eba873a251795845da526b78e2b24d66f21d40d5fcbe5542a7553a9178be5a9805bb53579bd108cff733b37640789318db620a6a94444e9203923ae325500b676b14798 -Padding = EMSA4(SHA-512) E = 0x8d8853 N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb Msg = 4b648de2e390677ce1727191498b76d2d2438d0ceddf3db502ade5c5fd815bc70965d42f9b8d04eeb38986445fbe7dd580177c00d0f8a36c24740be3efbf656408e6dd73adbd45b4c7196fb86f40da17b29e91bf91ba518b4c68ea18e13fe7d4cf4d71571f0a71f7a58bf59684f8d5bff04096f2380b8e3b03f14909d9e92c3e InvalidSignature = 277fe81a1540341c9c04fb5d3c8f70c1e72f87fa7d04b93ee54d56d1184c141ec4e125e2e5cfd0acff1055c76697a1c3079c371cce0bd84ee4437bfa1806aa76df2955935331915fff879d87c7372e75e5e8fecc906f9d34a5adc0b75409a87fb6411e2990cd237ac8223f7223444f5d527a115c85b9ba10287f3e825e1dc58eb37c8a9ca055155ff6a5aaa6565690dceef6f647729d071cdd9f0688c7fee8f9293abe658d0e1ef855c86a28d8d0f8f82f72173186353080b84f142f965907377178fc1ea00819d81afc2474becf79e1e3b70c7c2a8407d50795c3131bb6df78720c31b2f8c43f705464d8982043c45f04e339aa1c6f4e26aa7092b3e6261299 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = db14289f5550b770ac30ad0aa53124753741e4a49c7f1f54a8435f375a5ebc52b1a352a3c0a6f20805c3185cf7621de3de7aaee8e7547da478923662c16fb5e1944876fa765c4d82f6d057723df63045e7ce66a211cd2e3bb3de56f531a77b492c0d7cea9efa2ea8265d5294a073c465f946f51a41739ae1022fa638d18c7652 InvalidSignature = aa194ead943a93e90f29a3e853f0a4d44b4dce8b55d7fdb1de01d2d47bcb18b6e6e81996c5bbb94c66cb276cf3f3b35494cdc229278ce444a001f61669b57a59755b88142e50337a8653e2a413a7aa1602d6dbd56d989c2195ffe82e91fe0b081ac9157a0cec6bfaf770c10c971a76d11940c889eb9e959f14f41d0b765babc655480b3f32d4ce3d660a134a2b34bfae2f40968ce313db34e0138bee57c01652a90f91fbf6f0052db494c514df087d76acc769a3e220c394763468194bdcc7262103a8a73ab621b0562d2d164c8ee1a00f0cc4f784042c144e3d36b8c300c74a1b368f569057da0f77b33daed667c1154119f68672000d25517046947a8fe644 -Padding = EMSA4(SHA-1) E = 0x1fba25 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = 0709dcc9ffda89add8fc52fa355e059f570a0ca433f02c10c8e5730bafeb6b40f4b39485246011bea78ea2fe5093d2f033047276b77c458fec98fd7e1e466629aa40e2bf10d3159d4ae5e1735c3695a22de661e995380e41b795eb0591d40b56d1b8adbeeabafc136809f99f80d0b57decb7c346f6acedeed2e326e8301bc091 InvalidSignature = 15b86cc61cca52c9dddf9d8ec4efb7dbb8a7f02a4012d896fc127cb1fc383c304c8859cdb07478719d3554e65b306166924d11c1a14d85699ae60a33f601f7a24b4e518c406de3cbf92bde58926d9d93b21c76e1dbff98d5677562769e6514efa4bbc40e12d191f54a33dc1c9361eb1ff03613555e873fcf40fe6349e10d188d0d1d043078e02ff8f1c736cd7090961fde243c15694c0d76b0cd1e6633538c265f21b41cd11708613b62b11808d1f74d927c351a63c8c4f18f5930f39fca55850a787301b2e4eab0f94f5734cba5e0eb76bce60d673fad4c513012b4e57a8b2c2837e0b6355a9a5c15774b0db8636a7b8ab28c36c05832a42ce697ec58447ab7 -Padding = EMSA4(SHA-1) E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = 95529308ed9bec98a8719b3fdd942ae81c6646210efc7dcc59754617c48a42af9c67c13156b988e27509d29faf4894174bab0537cdb95ee6d5a2def345d2124ba2c65370bd1e902692f44e70706decba5a8d2c58ae50ef2f04f640b2599e94116d1650ac69f28ccec5db1798692abb3b12b6c26bf8e9b810ae1a733e49165167 InvalidSignature = 93c5b49a3055f234442d6e4562c99d2233a8198291adc95e65bb76d320203a1a4d7921393cfa03aeaa9c31e6272b5192e3058e54dc5cdc7f467af1b073e6d492f614448368a0cb0338f8e37088e080eb2f6684a1f5cdc24ed7b4e8c62ce9e62e06361c21ad07fb78d853d16b6ecb84c6a158bf6c24bc484d6aa5abd48fb7eb2264faa361caeaeec78a2cdfcdc6011487dcf3682c5e07f0640d1d88e09baf838a5671719032aa1772fd0ec75d61047477015548aa7896e60a297a27a627976050fa6c7978e582b3be3afd708bfcde276b2b3f9c188f4b36d3eca90707fef76c367483aea08b6dda88d1b85bef098d191b1a687d322edcb1fb5cd860749f69d8eb -Padding = EMSA4(SHA-1) E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = d42084ee99cec1a57097b804c48e454b6390dbf2796f18eabf509d26f0521c5a7d71b20381a978a7f75e555e2bfb16916edac0020e64240c8579b52df11297c1c424f810bdc8a38b179ad253005e44fb4cea908f6b40b9d598fa02d254eb04901303fd1f35736bda3712daeb2bfffa126588f4a2784bfecc619b2e1f01268b50 InvalidSignature = 493d0c02c087149d5f597e97709c55f6aa70defbbb862055b31dfef2cd3fb1debe9fa9dea81d7986ec7e5073092c93afd19ea34a268f9e3c4fc8114c4215c8092d60eedf26620e2a79c70de5caf85a7a256d4903e4f224b602758cddb457357b14136b5b3d7583d0d6c9e426161852df57ef547b286797e1f2f7f6666f6d333d46ec59a7bd17adc444b66369f4be27400c4142cd53eef28b6d9fecacea6b2f2d5741a68d89d8de8e56cbfce25d228b6861c641250a264c182b61025b5840aebb92e694d4e5c14f009ebe856d274872390212a1f672f74d2462678f5a416de1cafc3df240d667397870f2da461bdc4c7f2aa10cec20e207de1fbbb9b52429518c -Padding = EMSA4(SHA-1) E = 0x5f8d03 N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 Msg = 978a26632c48c15a2cd0c7aa5b3122630eb304c228037a6b489144f34137e4a1cb1bf57678d6be6ae9d607f941002bdeda9a6f1f376992493a16a6fd97d71eab894b279ec4a53c39aa0cf480c1421fda65841214bab23faae5b009427c0cd67a3ae165e3f8fb624dd83b3746c43d26dd173994ac9927a815b12715cbd61f3494 InvalidSignature = 3075ce37cae7c511a64b3bc91e2146dd2fef25f4955f36848a18a93a0fe5a16a2d1d6d793c832198ca457dc53ea65757775437efa9b7a05cb1f5cab3c800474639a333d22930aad70a3435d2446a4e3cc38d61167004b8b1426a2810e698153dbc4847e45aa98425746ab43a24f919ee841842893dceacd96f705aeda8f8591f27f0108ab4e36a570054a0498ce2c2ade3d457733890e280c236a4931fa8fb708cf2c8ab202b0ef09e35ad425073d2c0ba6970c5c45912d0c2b12011a9d9fb131a4d7c35d17bf7fbb232f4fe69cef8779a2031aa428ce4e2a93479e318573fba4326719dc8ac3a86412d4cd8ee4fa58282d4f6acc3581198eb7284da3f5bfb92 -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = dc0d4efdc94cbf64aba6f146d6ed0498804ff9a6d32167fa41db6f7f1863f1e6568e0049bee4940e2ba37f0f2507a3f7b2c961ef6ee5557bdea1409e02cb4545294259e309b8f5580fb50d17f4df4688917a64abf42b01ffb30185a280b552b9fe313f12d4504808ffe584a76cfe5711c66ae8208d78d54d680226d1bcaa800a InvalidSignature = 8ca41de999fad3704a730c9541430332719127a589218401dcbf2e5a8c863027d4cf3533cd633dc8c394c5b9915b5483c351e3ed2622babb66458afab9f102366cc7e0b34dcad351431571df42b6ef28b05c5a575a813f9e44b49e8aca9d1b129711a1fe318788bb1c349c8bb6fdcd5a6c0e97e1085118b28c2c9d06b35aa833855e181e41d726935d587390d816e377718aef9d05e5db52e0ed50dd3963cfac3996d660ea2f150f0a1aa1731e7ab91d0a6c0fb9d5f15103483a313ae765c09fd6758ff796d4c0ee197b3cdbf35ef71b60b33faa4400657b2bf910010afef34b080c29cd9f579d86f5895823d8e353da50b64c68acfdca4ab279393588c6b5ad -Padding = EMSA4(SHA-224) E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = 17fcb20e72096d78a07c5d090a29dc437bbcaf6584948be11fd5d71092b8b42596263b60b986058401d3f18ad2f121971141462c8a731e9c8f9b3bc4e28705f6d6500236b03055a95393854a1d7180df0cdae02c25d36c661660e2ea1ae2f42f1da390f921b064d0e0e7a2b1b2500003b2b104cc1c5c7e25fa4c56ec007087b8 InvalidSignature = 63b99f6a1c8956f79494c9dd30fd1b0a6b7d761226c2f1ec44bb23a3e225a7780ffd19f99f951799145cf429a78e99a9f9444d3f56c5d3bba3489840cce156a12056fedf211e8a5ca2f60f27dae0888d06328773956e87c36731c094aec645eb8934b0f6bdba17ab1b5cfe3e6ca66628b018574fc0ee4c8bc7a257266f7b53a0a152dc9ec640c844c0580685b3f0d54884e0c3cfdf4056fad1e279dc219ff1429b8dfa436069b6b3d3f600544b80144cc3fc062b3e9c15d864a6e91ecab424d320d39ae7544f34b8a69b1ca4e3688870c6d1d2593997b6f00baf7268c76d10ab4d2ff013ef3d65a9e8c28e199bc1a402a0aa71cdc03f72e70f64b967411e997a -Padding = EMSA4(SHA-224) E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = 2aea505ee5eafc92db8ebe83a69a9a320d433ea7cee6e5409bfa7b48624402cbd14934a91a096aeaf3eabc51e1f36a34b73a7b8b59a0a346c6bb6ae456148b4140939aaf5e37ea49350aae8430555e072c105dbd399cd8289fb5f1f820a21ddc7daeca983cdc4658a7d7dc431828405474ab2d65f6444c8d2ece58ac49548044 InvalidSignature = 7a3c88d70e8b6b4e219d36092d2be71a3c552e4ebe60b97550ae55f4e31086e9bc952c21f1744ddb889269eb68eaa32af69c493b40d48ec87e458dd1a23837b2588441ad74f34906cdecaf8307a236b03cdd26bd6e3b90646807c4aa184701a259356c62aeab3c32a51b8cc7b1721db8b591e945aeec05aca5c45b054f0658cb3102eedb7919c657554e2a2ea7a074bbe0d2ec7aa7782f9d4dcd1346c36bc7a2c7ce5682fc98b27f03121a5f72e91b7f5816bba8dd0dd271a1881ce4445be719f11e8bcdb56363c001895039064593742c6e52bacf993c07509f9d1b32956757098ef3f7974e6546f9cceb9b83256c01134639afc7f69012fb997123a5342d5d -Padding = EMSA4(SHA-224) E = 0xce5fd9 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = ada0410f05b7cf29a83853cf604d9aaa0500d631feae43c104b90bef287e681d1887084b9e01b5306970358910a16fb254e0d073a66ced1ce9286ad478931a2e6bfa67fd16edf56ad3ef8243027111964d02477f31c0153eb912978c8d993c302c6328cd7662d6fe6d1d02a43ca6c67f79cc03fca791024effdf5bc07076164a InvalidSignature = 65523c77ea6db320cd0a7446cdbfbe998d603db4ab460f1725c494ea7bebca929cf6cd7e450f606249afe326ae09e6b0f5249cfd9d73eee00739d969cf35a2eade7f31c541bbd4b6632fef95f1a1ca0d90fdb0c4870bb97c2fb92d1ae09cb700ceb2e633c6e08a7c43e7f5ffe77a2293e959b280d9d6b37716e85e214f8d0f3cd719a3ebe652d62d9fbec1a5dbce479119e4028f68d26122d2eb44d9546f5a71df22dd03e3f9db6c470c8d9b96b460cdf9ac2c948d7ec1999a9b6d965e4e8b5ce40f643ed3124f2fc6501b2c7dd4802df3a18245fdef253d27fcda8f8cdace6af41d4d4fc314ef336881047ce5abe0ab699a9f1c89533baf45bc7bf9b2eff6e4 -Padding = EMSA4(SHA-224) E = 0xb62585 N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af Msg = 8ec0381566ab63122b5c86430e98681f333d7a27aa6e6625a1f0eab6d8d4e7065557b5db5806bad591263bf49152715a7f66e0520c9ce492a8f58dbdf7dbac2c7e042eeea399a90dd498351306777dcd610a164f39a60f384187c938fb6f08cf73904b572dac59445c7b1dab544db30142f0c3261bd40ea1d26d462eced92376 InvalidSignature = 46f71aafa2017f6103d036ca3b4adfb81eb25fee2ccebff2f49dd9ec7f7a3bf75b927819b68452a2e8c2a08e960c44d695b1e443babb4a271699319f2ae805e1bcb721482e004f2a281015682638673f5759f6bbde92171fe5f1017e6e9d06403bfda82d63d2f31f597d2bf8ce512a0e6c9cb3afcc7ab658bdc238da5980d175b2a7616aac43b317272ce3779a56da46ae1ca73666843e06b7d2108e3b3dab6a19d1486227abe853573effcec8cf4a7bf9ce07b6c617017877b5c839618d595227af594649b408a42399bb80f4f7e872c2ebd394d105ab64ae6047180ef16a6db3b2226c48947ba2e029a3da43f2af4d35aaad42f7909d11017edf506e066a07 -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = c3232d8060a3e3f8687dc05d8879004bf5c3a7030336bacaf4d9ae8c0daa21c5f09bc8a225dba963fa568a038d7fa91b274dad04cb83dd3b0f35900a2b88e46550b9b3133b61c30e09f73d2b4d9661fd600077f7f8e409d2fc5c4f2e97baeb7c8c84d71bc9bd9bc13e66c31def4590bb48e5ee27b1dea6556356d5407ac89dd2 InvalidSignature = 21bfdd610a56fb8b3fba9f3841e7ab9cb2b91d16c7bc3ebacc266271e05eadb6d209a043a29d542b57ad832a3ed03933088abd7b56b86fcc295a95fa66e27f5b9b2c919b82d4165e2bc42b9e46eebdc7cddb29888281250e6954190f8e13b6d9ed6906e8d603520deeeb5cfe4f7e932c88ec1ee2dc9b971a0288bd71a45ce6037d8d7ef2325ecaa573c57ec753916fbb6335e9ab5cb695ec0579b511074a6cac3b21584e5e4532621451641a4a09491c77555972a5d42a627f50ffd490c79e32c855aef0e2859c933321341731e796b2ed4c6c50a98a3f3c6995bb6bd53e52c531b15d042061186677f9158eeaabcf302626c8ee639685c832cf3bc4357cbca7 -Padding = EMSA4(SHA-256) E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = 0d8235883f37654b35d3566174cf731b5b22a54ac15718f9d8e2415c57b42003d80dc2537e920b37dc9fb21312de8dfa39190f20024c0f9299ffca24d0d22cab795a4b6d132b35d6aa36eb6df856ad06d0257838bd14ce11e6bbb509346d0235b710d7bd462b6b90664109566e5e5ca7e8efe97a39d6dde085be09f2cdac2b07 InvalidSignature = 6530d456e14269bf37a95ab7b2ca4f534a47135052665a2b64e9eff970a9566ff0304029d2844d5649e643212aaa7f1f9103bd5288b1bebb7797cd8df3393373852cfc7001a4257499fbc92444609e0afea095927ebb773b7b666962faf0686a8b173f446fa562e82be1467111ecc38697103cdc1e700890b60104eb35575d25b9565098544a2e26003b3150c9a579c534a44bd0c1569b58d871d6a5af51b5ecf3cb2b0650793ac95a44596f86723c31ce4b3b1365dd61d2bbadf394b16f734608dddf991595acfd0aba42a12095966bc005c67b60776ba104c9681efd38d2e91fd3995588d9ce244c6bdfffb8e0086837946c35627a09a2f83b325af71f474b -Padding = EMSA4(SHA-256) E = 0xbaa86b N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = 84b1e3cd7c5d6011c581302e03489fd37aefc841bad659fc81d796c6ddd6a1cd9199f824bada3f70b29b40e435ba306fc2c53333440f233af2048d6474b9fda447c87c6c625a56661a85216543d9fa9b9835120c5ddf6a4242d4da438b5d58c06ee3778fbc042e5cc4e7db9b75cc87c0c2e76cb34b6eb47e39f1844969ea3989 InvalidSignature = 1864eb619e358d7e0340b582288e3290d5f8caf1b6831bfe5978f4ea56d15762247bfcec56e2a44fe11507e5eb6fda0706b7287b09ea770d577cdf660c523a76e2e70952177f0260cdba51efca71148e069ae6540f5c4722a4b4db6336168eea86612b6b4ecf8b5b2e1adf3d4f79c3894c617ae0ba56a930c658f0f55c0e5f2719b4b52b7785c30489ca13c9799ded9144404409f284c41530fe35967c2d844dcb1d2d80c10a985164466ced3a4d74573b175ce7288418b39962d4a34cfbdd43ba5a6b73af0f9ef55946b61bc7d5c0af9ab0e99bc0842edfedfc91e213f021842ccc785cd73a5f85d8aa8371c80151b836651020e71c524f92d3c654fef0b37a -Padding = EMSA4(SHA-256) E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = fcef065e293ecd29ab52046c68c6e940aa0e2d5fce5d4a2b40c516f2a7a198705c301b95218282891098dbeed1c73765105db8532e87ebe53772585115b1585f03df272944853a1e143dd34ddf18d2e1b13ecee7eed464584323cf53dcf6b9aad74351a0f90e9ef1a08b1313f98363bc73f897a4740c5d8c4a1fa37f64386458 InvalidSignature = 00acfc93e41faf5004cbcc252da290b9cf66b56a6a4849c572461d3212cc4cf1021eb96e8651475fac7dc87faf3a5b52923123378c18cb83906d1ee6e53502bf0e89ce66f3cf5a4b7cafa13f2d97f99498c0052fcd640570e5e1dacdc66e24c2a54f02bed338a26748fd17c07bfee5492c4dbe4dfe111932e3153394721b0556a440788a2bcefaa2765ade916653f4aac20d5ea587fde0fdc255dc32c5aa52b05e3ac2db4d7c3a8b02ee1733fd300801d1bb8e8613386f3deef8dd497bfe803523491ab88553db60b03d29c55ff52e71c546873cb1b52bea1853c8f0070d1776545557becb6a11310acfe1be060deb53d16f0dcbc396c1d30e03c4c069c3ad48 -Padding = EMSA4(SHA-256) E = 0x33e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = 79220b8d86942a13861560882a66fb4c5c926a661b74ad2586790a0636a802d9d1df8320dc5f5fb8d18afdbb72ec4fa45c7903b4df15fe950d5a063e1195be16c311d85c799986c61f3831688a436ed809992e903d2a34932bb6cd5490d7bbd374427209024a878697a66559197342308a7d51c0ddba39670817c7105a77df58 InvalidSignature = 54835466397784e6229228ea1e462b37d77757ba17a6624fbd3279408e89fddab2234f5ee20b56cc7095dcee3cf033e4b04cebb9771997e3b9f50ddea290080888fb406cf1af4b2d14c12be788cbbc6454c52276bf64ac3b3158049cc78986e38413bb09d408f04e8234228a9403eb901d6f2fb21887996fb228c292a2aa99fe8456172145939606eba9cfaae694e5fe824ffc3a5547195e24af5039aa1f1dcac9a9cf54c51099f82cb1a5aacd8c9419d1c7ce880366f1276fae7b9e1848e9ceaa7ef7244e5cb788f524bb50231ef4d81e14d59d3f884dbff575e953a145fc45f7661025e1f6fd95874eba803de03b5fb0a8f5eabdc739fbb91c45ad1c29128f -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0xcfdb6f N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = d5f5d567512a899c0168240b319e6abcd8b92a8d6e20b9d3ff80a0447ecf92155b8ba15f5743b1c798592c5ef806f7c6a39ea597e116eb0030c354b2966436f93563e52c205826486dcfe7d88c4b2d18d78b4d59690b5fa734cef0aa4e5bf7ca8c060a965270d267a951bd409275f2f99b058a9daf08fd103229daf54ebbbcce InvalidSignature = 672403ce06f1ab0ea42fd043666e4623299fcefead6cd204599102fc8d543d3bc93342fcaa1262d52e6ff344febda6faa57119ee7418cb78a893aeb245f618c072214e9740abfab998a0896a1c9066a823dd62b5ddf9e9fbd7bd6b68437eef595e90e725180b3cb12301a989cb78ea2dd48730521caf4b2754679c4df2d8e2c12b8c8e55f1327fc6624d85555558fad198db6973ab155deb56cbcfcd44d8a61f90400dd3760b19aaba4dc167742bfe1da0d9ce20036c284729e16b8aff5b6ac3121fbae8cd55fc0779fd0ef7b382c85db88b2ae79270b1110875923b2d72d8ed7d37e2bdf5396b158a89fd1ae95c146737db028ad6cbeb0ed43edd421197d23a -Padding = EMSA4(SHA-384) E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 6ba3f34bde03e48259723bd599464274df4de2b6f3bfc3b06970b507234a4f0217fbd5e352eb5f783d7138ed204685e4e43a27c71d25e25d4821be9c50f6adbf58d66f98b44bb326386d7f6ab658d177c2dd87c9b8787cd70182f4eb91a83a32b49c870f0b0a26b5d1ced6f56364705400a0c961cd9fda461cfd1e9ced483c84 InvalidSignature = 236f23de25bb3694f5ad9f09224f5ec1e78cd7f371ec50097327026fa53b1689a95eaf54738cb75e5abba87a964d32817fd5071febd84d60c7b11d95e33a7f90f22259bcafb9425cc1a79305a00a1b8ecfc3bfab326b6463ee57d1e435db91f45cf4edad0f9ee50dbe42130cfd1bc424906deab4906571688d1a514d98dd074139d57304c0c2d8a87ef5f8766486da8df827f9e0c81fe3465ea52d1984d738b9fe9368a0d05384e9cb298330671f65fe52062a0d3c4af210ad471bd5ddf9d72787f40ede3b77297c1d3a5b29ccadc574e9001bef89e4ac093986bbdf048d7b63bcc072a3cde800eda63bfa8e068fff4cb9f15b5f98c255fcde6d46f139e4d30b -Padding = EMSA4(SHA-384) E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 599d4ceb774e4906332eaa216b2fe8e1fa52506f381baa87c34319cc80ac425fdc9ab0af581f779344d71896cad6a5912fdf268056d63a8e867802726c4a3afe64cfa9f5f4febc1e99f36e96c7e56a6a2b58746533940527d05535777bc4dedb76a6ff6554d45ecfbbeb72cb69447f94752703c9d73b517b2b417c85b202761b InvalidSignature = 0745457af52fca56abd808f094951d3eecab89ec10b74dd49d51a9241c3b85972755a1f80bda2cc96cda7cfd549eec820bd2f99920ebef1d10722918adca8d408c3c883d7c257b117842420afbce88159c7ac4f4bf27f039c24c19dd275643d0ead111d5f04912571cd3a7d40e3f83c32b44762eb6d2e2de22ac006643c498ce55f6116463336cfcfd0ccdab250e9931fde68c9796e05b012adfb76359491f26f69ca9d06b43843a4976f2b017643e6cb80b8dba2a01f1b01231ace075ab31d40319b30ad738f62d2b8a1f43ff1bf67f83330fad67f94a39c2c51db23aa775aa43b708ef25c9c62eb565606e4f5002ab15b00dfa829c99e3dd96b454c7448174 -Padding = EMSA4(SHA-384) E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 73a125e5705e14e15f2446fe326f563785bcde93d2ee46abe4efd9668e9a1e089cd9656b0a0aa08b74a87449ce279068551f3edcc5ad3744cd17bcb5c0aee2b98df92e97f10f61d5eb4595fc7109899b610e3a8ebaaab3800c7c25af2d513aef2e48a7f28d3501c6ac44d19f82dfead791d1fa3318ab606889663dde3d4bceb3 InvalidSignature = 7a7a4e5b349a06dfdbc9ab958d5fb70b650b1eb2f7eb43cfdd7508062efc9ada3ec0739ad95b2066009f760c8c5030e909189f36b0f7756a67a69a38d2db57d0708a4a2e295b165411b2ebce13723bdd9194afb288452d49c585cfaa3148f5f5464145d2d673cb1803b6ade6003a9f25bf27325f8bc4b883ec7cad37eeecde9ea1a62d0b30da841e2446706e72ac2588948b15fd9ce09ecaf105bee8bea71622e2c58ffb9eae9bce35e9caea8ccc7e0c8593128a6656267ed088bc26347b7b249ac45e06f68034b6d39a4e2eba8c6f5c878450654bf36e5e73468413510e7b50d0e63de67cd7ba35d4f2afca5b460cc7277f04faf2fb03fd7c8995c2fc9b7e6c -Padding = EMSA4(SHA-384) E = 0x646e91 N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 Msg = 86843b3170034a9f8ea79a39657a5e7460c50ef75c800dad690c8818cf25a1e85012cdccad1e7a886c4cf648d7478c334898f044a41bdd5526b4fc7d5e3e089c79c43034c2f4bc7b69d0f4ae83a73da7534486b2c865e29d466f760eaa5f961988042b12b66c58a00f9c5d137183bbf8083199eacf4566ab53a4c073bb719487 InvalidSignature = 45dd07f00a1727f2e992cf0fdaff0c233e6a6866128416456fcd2db6030a4f3cd216db9c4cc2bc7440e06081595e9c51f3c81af68166f6b9cfc0ba4491bf1835b1c946d69d0a6b8c39e1eca84a3bf91f7a299cecc1d98e6fa2ec56cd01ffa04d37423933d746295ce669cd8974caed44f45b88cd7eaffbfcbc70353a3b45c53895edb4e6b19a65564ea3ed404506a4b8dced831c2174995b4455797dd2fa3430f575c6ee80b7d74149746b415ffa6613fc8404ae9e5625e1b8e2b74125b341bd1cd8ce2e87c06114f162fe464d299aee6ed0fe70cb4de523c5b0e10f1f8996f3fdfc9379c3267c268cf29823af84fa756b99ee42f4e0ab8b691e5145f43e38e2 -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = bdd8719841159aba3f353440ef98efa92cc503da8d00745bd12094c3809bc971cfe3907dc4f5c2ee9c2e172e6a61e8bb0028391e1277f62199777d3d76915d5258c85d9bdf4dc1e0024dc8edae0e7944af3a9f0fd47b13584e47397c5afecddd2032e0d8da451df7383a516703c52bac02a440931a325168b83ad16a7409a27c InvalidSignature = 2e7b28803bbf9d58be8219ace68c020a42a4b42e59c2c2e0faf56ca17f7c6f3a427688f124481308e249e4d579f576dae5743bae68b349f4d04bfc21d60a969b965827a67025bd8220603763cde90a42b4308f2c84bc2c4c8fd5de0efda349e9cad1f47140d01fd27021ddfe16873067213636ad961cc85d79a87231e1019ac4bedf9630e2c31f4b413d98ffeee53fd46ca6d62449e86fe7692b59feb18bd9296291d1bda77bb9c7cbf15bce21aff1c6f1ed9cc95a87378b13eed54d7b54835160f88f7ec710c87eec07c2239b7001bcd4a8428a1a274d1c78d89c2153c46f4ec997df9a19838813cef1381dcaf97bccac39739a3142aad21a966da1be5c471c -Padding = EMSA4(SHA-512) E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 3858011a054c52e3b659066f55f219dd58464bfb22b8c55dcc90ffac24f0e141f60929f28b8e0c2c7069204378ae790504cd1295820b6f77343381e73388ca6fb3ffc2b888ab78a1ea797c8e751dfd02734c2f715e2cef4fa109aa6d9f497b85f6a29314058ade67acefe4f95229edfc2d2d6836bd038d0e9a7a42e7701a3bac InvalidSignature = 311e1025e0a8820a5ddc4f632628bac218baa94fb32c709ff70db3ecb3a1957e31513fdbcf15d83927f5840584af5ed90b350833f50cbeb718b12c56fc260b41ef627776bf1c0a67f39be26cb0045e6c2b60216338a085cd867bc5d9e744a27ff77baea199eeb669a2e0096256d081b2313f3b79ed180712ef56a0b549eb299b96029fd93e4f68bee5a0e6c8ee44ddbb06b8843fd4365cbabb229d2f8f2a9881974adb406e6ffb39eba8f20da38b558d0069f45f91c85debf6872a4ff36d5a79284050faf42b78b1770b176c88b7fabaca9111e511dc73a2bacb30abc3a841bb5b0f0b844e756dbfd3f5db458c47861df00b085a06e07ab4e788a080483ccbe4 -Padding = EMSA4(SHA-512) E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 6883a018b48af70d2875a7f5cbb5a303d7338b6d76f988c3cd2f787f394a4bddd880aced4c7fe4e6bb5efcbd1ad422f6aca84fbbc568262bd45e1ef4a0c0e324d227fa3cb442a48638cc06a93cbb867b0cbb781629dafa2e49851ca29eb345505b60d22e753dff97a6a60be2b8d49739005450a829b7cd75338cbab0ba8b370a InvalidSignature = 15be3fb200858d24ddb7586470ffe706eb299da157880a68aae79ff20aa92eca298eec75ac4ada285ecabb10479fa593ee72c585aba707f45599de0dc792c6e3390da5729ae5506100b31c617ee12445093a7593bbcd0e5a155fb9a41cf332c9d65b0d8f077fb417f027eaf728c5c326bddd7be7bf3e69a165c57759337105b94623ee203641ed2bf58f1907e3413b00e08d54a10bb645175449f02da9366b11952364c0328fff018723c30625836a0cdc7a13c220428d03efd625fce63f022b59508fc68ed4d16294111fc391052705ec115da4ead8caf5c50af586ba4dbe1b29d04452f947b5fe9e16a798f5d00094dfe2ba910e6449bd52d3f938c045ca9b -Padding = EMSA4(SHA-512) E = 0x34ddb5 N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 20075fe0b26832c234a861a77078a8e9a42be3862ac4d0d058541566a68385620e6c9fd4b9ae5770d7bf1a83cf840c2c981f94c866091aae8a600f1d93822e72bada029e7dfaa9d889ead78fddc01ea32d716cd484e7d57b2e549278d5c54a6beafa91274775af6312d1a2b3e45566b72ac97392cc88889e0dd7a75fb37560b5 InvalidSignature = 9166e91b18c8518760131ea0eeecc443023b61148a1d42030ed09d509d4c02cd0068142fdbc6e56073a68f5a942c0c93a7f90882f160522ea005f4afd34453c8c1b1d3a4e5204d0f9b797bc00b84d0dd96e311394f089567e45ecd0c795be010e7fb24e46a2842e8c7dae9d2c760fa09e20a29a623e6c53e3c436d809032b99ac4a81e63ba95a356f86a62dd6abbb0aac1d0759e44ccbfe225f5d206aba8dc7261daa9451ee1ba04de1172ad80c08f0709d2012ad8ffc8c5152508bc1e18ab53cde79ca50da9eee9b3b5229d38015f7e18f03612ad6270727be16fec06a5d9230ece777ff6936a3ae8f3a631e3e13f930256c3903d963ece49c5a10b5a6da47a -Padding = EMSA4(SHA-512) E = 0x452b3f N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 Msg = 46c4bea2eae66ba40f3a6223a28a9756d7c980ea6e4976e2342e5fa1cc238a45af4bda37727a270048a6e15fc798f698efe7f60e682776140b5eb201a4b77682f67b3e35003c9c737f54da6db48ee07a672259af2ce712b1e5c4a2c788675033233a31c31d9391a3be2c9475f1d21da34961eff443ef135ecb48791c019be200 InvalidSignature = 85f33d22d92f3e4f31c5fc0f17df916ec770903445f73536bef61966918efd0b380b9933d2864dfa10f5613d8a232412e5b3db44717eb576fc180891800c5d11597d2d09e477d0392740d700408f3482da6f8d9bac4da6faa220ca3cfd2287f5ed8654bb8dc8ac45e09e52e93bc78d8cb4e08d76e15cfa78c51852c93d31d64417c29aa7e22411746c280e3e275f71c4742faa0cece8e540d1b8bc393db120fc14244a2577650b514c73dd1e5391da76aaad375f56a3cb4e0ca942bbbb542213b5a38445cde0dd9eed4f7515c6c58251dc94c25f7dd929d714b2060da252584af84b82013f924fa91700d92523d69c96e0b0f68203a977affa92574cb241c0c4 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0x89e29d N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 70b6c465d2899b32b736c17af293c562a096d03c5dbe7e08b8aeec3be41c13c0b0e9543db8915397ddc609b8f4581590bb585359117db02066c63d81706182b21fcc14c3d43a6a23ce38ec67e4904d477a6e1be9aec19463d2e4bc7b1f7eacb0a7a72d7f8c4c85df70d4910e2c03148fc51f4f749c52d2d9e45091b159393ac5 InvalidSignature = a231e220538d59cdaf54f6eae7c96f83a3d95b55be54989c1a20ce18f7ffa760ba26879120a2e617b560bd083662d9e95636f1a639f7db31f4dd74ddd891ee6365d5ead006a746a90457cbd4a1b7e9c5df710c81454f68bfe8421cf4468facd85413fc3db970a7a0682ff1377e942c5e5ed4b6b31de3f63a05a8a26f365a355f021380684179aa99996de99e7cc22a5a370c3fff56647f33d1bd1b2948cac297bd622289c1797f2de3be4598593ca4748eb8f74d0b7199a763eb1801d60d09f28bad1ca1b6a3244a7bbf9a1270eceaed2324f604134f404b6caf3c969daabef4e294fcf1603e0813fe20b88aa36b534ad6e79d1967ab2ff4e70b672c642fce46 -Padding = EMSA4(SHA-1) E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 47091ec16155b1e4aaac582b5f255e06483ed8844621dcb92c26ee62cf98bbcc61bc0af1fa0fefe478d0417089be4ffc0623cfb2831117e124ec909fb22867b2ed5485b12458c26604fb5577aea88f450c71ca1564549c6e2dbd50c1224d965096da794807b79230f5357b87f46987a90130b0f31271d127f1a21612498eb06c InvalidSignature = b31a3134c6ff700b8c9390f1ede010a1404d0f297ff5d322dbc3e3e9be541f1aa4667aab8eb59138bdcd1d4e064e9a284c503db86bde9d270d417d3c98d1bfe67cbbbbf7af4021879e02609573070f6c5d5930e65d871d72197e57acc9fb69d09b9d41324959c291cf49c581f49681c3ce6e3d22f0c27aa5b1ca3979c930587280415ac38ca66ba295ab5b8b78b4cdf719c81c8b762935be3845124a5506815adf7d289ad030962a4b16cd53376888a266e35deb0012612731b8c284cff2e71c8d09b2c7b2294881d4b7df459608778dd31af8eb74dd587c687c1a3548c0aaa003867db053add678f6c1500f9f9a5132c410f77219b1cfb7302365eb6fc194e3 -Padding = EMSA4(SHA-1) E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 36af136c05bbc41ee57e94a1be10cc6e33555225797e1c2d6ad3ea9bd5b0355619ce6278f2c43cf792cea184f4cc7bb36d8ef35d844ee143037e86f34ec57df0f444ef0d841d071aa236a5c2593a57b4b3e185018772ebc593864c0aca0e65e9ef9721f263cd0bcf3c3e0823966146b82ed770da2df024fe4171a6a8f295d68b InvalidSignature = 7f3715dba789c233996dabefac36c3d860c9dbe64e58f940d5d3eaafc668cf9761e2341d9bf28a3c3ad67071fa2d875a440df5faa250a89cd9c9eaa5cbde311589d4a443c4148909d6cf69ca0b150d7ce46e7e50128b942d896f9fd536e311e569415b40e405c3d36c89464006305842f9e9ac24bc9a543ebc693cdc99dc1ea4d88b3387ac8ec899a8b7471259bf1d62fb1f15e6fb29a08b30696c4d07e27517bca5bfd22c3b1c7c37d0b5b24b4a796ef4d6589f9b8a0a481db4fc66b44adba4d83bf1cff377ead44109476d71f34a8ac63303b3bfeea171aadac84c0ccd59addb5aa923213422d58d914b65a1705fb884e56ef51472aed15050bee268720c55 -Padding = EMSA4(SHA-1) E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = f5353bc971efc542fe9df930db581a158f541d68c465153b58c2ef1bb20a5f3852841ac6acab46a237ea2e39c1a43ba60577201a7fc254817f64c5627dc7cb07ac1e5adfd1ea7d2056c3ffb09a556b468ca938cd78a63d0921d76b7c0f6eba8b2a8964dd88b5520484b0d35f1074943e4c70cd485719b81a64a147311106160a InvalidSignature = 5f9603f7e564519597548787a74e66635267d3cbf5c26dd9df7ac1069a712bae0c1ddc1523d1751610ae85b1f59192674a46bd727bbf0af902f204c7eba4c6fdae5f84c0d16ed0b8c000517b446473fbdc07c74af0ac6a66ac648c1397c42bb9a74db27dc5605c62e40e5eee1c9021eaa30a76523a35e6ecf513379c0e6e2dd2fa38611e91007f82a3b37d84a6fbaf936286f195e8064e172e8bbbc22d4c15548d0e39b1eff14d1b0ba75c4e1d0acd16fb8566742091ddeb637aa2767e5bd859f145c135cd60257a8c84ef587dafca0d97425a1016d6dc8c3f7eaaaf8d74fe42fbb64958bd00adf03db43920d9831ac49dec2cf534d3cce2dcae9a102a608c5f -Padding = EMSA4(SHA-1) E = 0x2db7c7 N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff Msg = 1bb027c0e5d654997de7dc160b71e063582c0819ec8ec76d779ae1a86ff92bd7fb4b92c310bf5f23d9e1ba115db46cbb5c01e95b79ee8d699fd2260e9d48b3dd13836bbe92e1012affc2279e389a5149fa45bb08039bad957345fefc78cfd74e2afdb998b463c116b5302ba5e64b1677fca1860ad0bdaf5bbd99715749b31f92 InvalidSignature = 9d406f9da2fd0e203c0943427dfe1074258b288266dd3d85b1ac5f104d50f303f3442cad82b9de40188e972a0895d91db3d5a8b9588da7f63bfa99d79f98a03a3bab502a7c269a9b85d9d57cff86908e7d04f5ac2757e6492cdb3f76ea9e5fd8c9b38bf0828ace69ec8ebc796f0cb9df24714a1603fccc04195512194705ce2144f636ef56600df40d6f472570ccdd57bbe0b550c1378202185c871d03fe22dc0b265910f63cb89bc34b4d71eb4379ff32c6e8aec0079315b896cf015eff9799fcd285cafc50d15b8b35b0216c535df9b5b39067273037444fb4ce65967ade4df30d3aedcdee30a7497013055bf63b6271d30b10566d2a767f3574f9c2446ecf -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = 2e90050655247289b29aa75e121c7c129ec0fc935dff0b42fa684c49c895412f035fb4aa594e56b4a853a7e00aba15ef0f5a689e490f5dc30e6a919879a6a157b2de90076f7e6995bbf82526f7b8ceac1e59e5b74d19028f828aba7fa38bc573c37760c6a29cf15572efead8e1fdef7253253b866f0540cdde328da54f2cf5ac InvalidSignature = bbf53543a9dc4a94401880f3906d0c33a64337feee11dfdec2ef8d2e6eacad082438f9bb7549a9fd26c53231a6ed6dcaa88cf1e5ec87305425ffb3ca103e825546b53b379d8ef5a1f36b998620ef909a6306ed091fa28fed1ca6459a5884cafa1ab74086f7589d7476f8cfa2b4b91368301357110e48863a2b452b6d76b3073253ea495dd6c9978bec851e4c635a37e6dcf714d09d3836e87193405e60db2612d4502a685e6671eb03fe43b12993e8ae1c965a1f2559d3566e6d69cdec42ccd5a3046fd106e156de5f68adba7d664af89728775b9ac9ec89e8ec1185ea282f8f97d72ca8cb0dd739386d0cf6caa06a4c074a270863baafa918526aa54c11cd67 -Padding = EMSA4(SHA-224) E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = 1ffbddc2a2c8bb9fe7a45e4d5532711f07eb17f5676425a8fecf8ea88ac51fe351436ce9b6f20a4e0aabfe50a43a76ba3462b709542257cc6037ac5188e2847d23eb16fc46e6399b96b5d4f15a4e9645d5bfe7acd26f1e7280a6f4bb804f386a3dfdc5427c2db24b34cbc8789ff7398691088e2709d1e26005244e309b95a472 InvalidSignature = 82fbd5a6d937fa94eff1c0d9abccd9223bc63a600023b18c3be059d1e73fa62f1538ddf45643dff89a2d8f0410c10761933cb2d8d702a4b6582fe349481dfd185f79a36f52a7ce776de58dad1edaf032edfeb7c16540eca64bc5df622c05dd629be3404b9b4d263ecf706c364b0bc7b14dd0346b8d2515f81b1f50ef8871ac11ed33973b992deeb601b2f34af381e1d74091b6ac5d7b209d728bbe17046f21692af8948b3bb194349dcafb2a580a5ec120af999a3eced9c1edd2e81ce75cee9f1636351a04028a5d615cd992c467b607c1d929db0c884f1fd0688107bfec2428adc9d3b40b13d9f4f240893a5477f1de626130fbac9af3ba9207bc857fd206c2 -Padding = EMSA4(SHA-224) E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = ebcc2ba94d3b4e302a8ce315cee44fb966cdbf2820d06a4c8c461660486bdda6dcb4315de3631eee6c58cf669f2a5428a476a2e4c077dbc3c1d7d0e49dc5c50c5648749920d354b8c6191ad84a22805fcc9f469bac7b77fbf3b2ee7fef66186d1e30fc464eb478f80178cd5516f65ec4a6efb4362d03c65cea7f771888766131 InvalidSignature = a2a119edb1f0e2c961fb423717be75cb4f9a944316ce35cc7eadde725add5022ee9e09ab57a784c13bb6f9a42ee82379ffac286cb44ef43576b69ed532a67c3a32f256acad415278fb3a9b331695915a70e7ed56b428cb1328cbeb2ac6a7ad62ba529bc8e4211676b77b882897261fb61c0356b3f12b2583a0e90009185c48466ce5363ea3b011b3f5bf5e5f48099d376e5b3f9184847b2d6fe737fbfb7a9aff128dae37d4bdd133eef084f9dc964655583be8595515268c5d8e91198ef9464093b8c156173fd19ee0a28661bcbdb5c163e1be9064c925813a7d18e43c6eb8a3dedefc82df4544663780c580572a08e607f21235d327f989847df98d1715c1cc -Padding = EMSA4(SHA-224) E = 0xf71807 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = ecaff1782bac0b38041634cc60fec76f9a24158791bd0f88fc734616feae166afb121df6a949f24c6a02143cd939213ca2b9490e98e0019c01a3fc2734d157a0679c1456c255c9d2b87799ff96e7648f5c7a3b99cdb81787c2e0ca2fc32c3540d855bce09d5af793957eaa5fc08ff82e706ed37358ccb710e6329878d3441910 InvalidSignature = 14d88e528c39ffa8e3e1d60e24159bf03e6e768740442360d19070b036448264496ae1fabf81b37042cad4420e495cc74b8fe4b28c09d07df1bd55cf88aa24262ec49f9f9285c02a33c64d86bdeca15843c9c65a6745f6bf7a8216295642232c305b183eb5d6b0ac0e37309481f194c66828ee14f6a626daa91c6f628ea134d27ba7e96c4146dbcac99b34fa708a82c51c1d669f93dadfe926cff24c25775567d94f06c61110676a651655e67f3fd8d20ef0884e112638113f06002454e3b88971758e74e56d70bdd6b3884aa633968a45bf1750fcc203623f59b01460f350f2bfd36d9280c1b9eb99b7655ec2fbcafc1ac568361ab3de1c18cf99aa6ba3032a -Padding = EMSA4(SHA-224) E = 0xf3e453 N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 Msg = a3069d04fc7ee84fd9eec56da26a0ca4130e7a8fefe1051ff3ff6ddf09f8147cbf730f84f7177d6ee0ab17db257b091b64fe01f3e1b7859d7c598911e02e4183feb9342dba9b924ee3b3c773698950f5caedcdc3cedb586174a216312c450bf246223386abd1cef8cb4ffbbdd65c883a2f2109871e162773c5233bc855061cd0 InvalidSignature = 1bdb6149e68a7cd3a03c9c8157eaec117dda194131006faf90e3e52f9ba4fd5181740fb59343ebafd2792ab4c04ffb3221548b203b8173afc77e59922734960e2e8986c598a872bd47312435001cc8d2d9123b010e09420a28fc66ef6957c319fcfb0d770bb155ab2ff3b13b634b91a9c0bdc183a639ecfbc2f326865e4ecbd0a15ec595e2c15ee96cee8154c96e0c5f4296c5d16821e79da890c0bab335424c7c5e856381194279266d0f13a4c608792f2e42ede2e1aa05b71862570a39780a490b4e66011f10a27176699c169b2878d7e97b416647dd798ac885c614d925549731be52e059e194a2384e9686d0f372a6cf338bdf13fd4525f4d56068a8fca8 -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = ba85e1f4f9203ba8d3eef645d7923e10c614080149cc5ec6e282f70b23d30bf91ed665fc1c00baca924539a1508063cffc151d78bfd504943e220037cc531c15dd5a9545bea330458440d13f43444a8a806c7174e805753f42097269a28c4231df56975648d246229327e6a716a49a493a612b7c2c235acfd581742a0d452653 InvalidSignature = 90bb73e761dafdac0b38e4ada5deb5f713ffcbe119ee7af2152ffb3664ed8b7dc11815fdd39f398050ef8d901f836945a89dd0c71ace4b60979ca7e426f676ef3653d7f5045afbf7f38af3eefea2bb2a34ebad8ba029874995d24e98926faffcc79f110ba8f9de35b48829197634f0d842a8ef0dedda72807df0676e08c6b8f76124ae2994151c0379c21dcf3ee33297d8b13eaa74511ec7edf8058dea5d5ee4a6d6701d0700aed62ebe6d69dea7d0b79d01fb5fedb4e291542592e977fd13ad1d49d3c9cea4abaaf003764ad0d3cfd75cae41fdd740e6c17b36831a8f88fd8f9432f45d2bd529291c58215c221d546d71e78a4a4787630af5692a43e1c83af7 -Padding = EMSA4(SHA-256) E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = 284748185ce9e8eb0f872623d43950277e53f59b362f9b40ca2db01548f7c3c3cc0af4379672a9915fd4833dedb2915fe6ebc375e281a138c39f3cc249db65f6e1b81e1dbe6f4ecd2befb90f20222ec013720238108cbe2a0c6315cb77781937105aae10fd683e681bdeaee193109112aef09c2dead65adf4d812178f959454c InvalidSignature = 49193eb45d4d355537d9bdf3bd2bf0fad9d7e33241172d231dea6ca7c9d7bd2bc3ed85285bf01bf379da0db4fc04cb7e53cbbb38695fd689bb73f818bd4e3fbc042013f8e002beb92847dd0d5fee9867cfa3fcf76f3f648cc36f4a67e295aff914f796cc0cabfd4396fc6cf171f468361ad6ecef2023b0a23884880a17ada5372c7cda32cc1e3b986451219d7a171e6c6d5608c3dbe55403b4b42f6eb3f87948d0d72f51de963ed80033b42b5e7ba76c6fc5f74b9a5249b60bb507dc86ad53f5b9b710652a2486a3cded83e447a4c114c4dccabddc51787c19687548c4ff157d887c7886b19ff85543c7f8340a6fee320ba49e02c463c8bbe10d45805c67cb6b -Padding = EMSA4(SHA-256) E = 0x5bb217 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = a3c2ec4c47f444bec34c15ff25f2f811fa94f9a5bf05a5de982a6458451609695174a8a68c25a7a9bc2b181290c646ccd5dc8e92ec9e71b17c69e70f64eaf56cf48681e85cf966c5643dc46f5ead99b9596a966a98fe2bf8433fe5935b76f965f3c121199eb6a69a2449be1d79f01961ef05b735aa6bfc3c547406ed13023edd InvalidSignature = 039c1de64720207c408ea9889471fda297c7b3828e46831ca5ee60a938ba13a7ac524cc394d5ea12d89c2cecfb06ddcc6d86994ebfaf84eb91f39ec470898d89cbc55a12dc47e7be7e0f389dd12c5e59a32d5ca6a37a3e6456fbb8c8c8101725cc3d529f5d1be12de765750e5ee632e43031656442ab0e49f9471cae87dec5751130a2622ecaeba85ef337fa31c472d6a9696231123db350f5a390c8d7ce1f1a839a4c674aee4e7af60ef62e689117fe645e4c322f20373b9fd75dc8606e70d659094f2d2c98108c6c32576adda57ac0b30c47dff442b0901448c68aa1afee4879eddd84d9f2f954971249d87811219e433f3d0d5adff57133d0e9c12f82deec -Padding = EMSA4(SHA-256) E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = a14e35290344465d6d2f43688a663ee418f80f13e1dbee22ed4641aff65bb28a1c0985b8da3128be39070c1c43bcb417bb5a0cbb0beffb217eed3beeafd1691c420358fdd1fdab7c29b0a3a7b723356a3d5e609dc986bd42e8495807177dbe137a0357fed1f2f621a7f1af11cce5e96606cdb3c104e95c0d93223d0415a6daf5 InvalidSignature = 93775fe8676f4e6ed580f3db99e0697e15f8e0ad168a9321cfd004e6d0bd555bda6483f51b1df63ad78f28a3638e70d230c5e654eb4c86c2c1889a06e28e2a640210523b90fe14019d03d0a3b14c7608614fd88a84ba2c68f7c0e01f9502269382367a07f2d90ee53e15abcd584c56de4602f7573f493e41670026fefaa6e12c615d19d1b2ba25cd0f48b6ab20a8bf809dd15ad9172bc8823302993b51f0ae5f89e5c05ee0dfd91f8926abe7fc64c7694613a996be5728ba3c6a4d2387331c5d3b21377f9734b587fba180577aa6cbba1f4a2483e4e46a5d7c355b4088063d32a10c99bc654677eb08a9b57ad40d88d378a8111678e8dc60be3c789a0639c056 -Padding = EMSA4(SHA-256) E = 0xa54611 N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 Msg = 555400784d0566105b91dca7f4f0849d832d51f0a3c7d3b9925651fae271199672d014a19dae9ddab1719376a38dad2001a60e3d27f51a74b6ec876e421db7da4b5845b56f13dec8dd0f52720d39eaa7afcffd39e1c3be56a4645853913b3da7c833ba3b2afed0e1c8b33f219abce33c75ef436b37fb68684506eb2f37945206 InvalidSignature = 6dbc3049603abc4677bfce12929bcca60bff5350809ce3f98259ddb72967faa076bf02206c9bfcecdae3421c66f2eaf846b4effbb5e6d774e000c1f1f7c1cf409b98f5e0ca13cb2dbc5b1692c6bf7e54a743e4b24c53451387f277aa66e16da87246d3ab7ba1fc5ab1a9029546098d12d1a45293860e2c8f4838148c89921467285b0f6c916f3b0bcab98dd01120055ad1acf9ce18a2f276eb15aa6f9a0fe05652aec728f831063fe6c7985ce3be11377703f76b4904d292598abac7be35bd1409dd7096fdc851abd2b20a1883f4f915309ecf507ce76dc9a75b36394c6f1fa6685857538ff3b847affb483a670969ff59c8de0391ce73bf1e85601d6bce92c1 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0xa26a2b N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = fbf1f99265060ab82e3cf1a3cb86ea71748f05c4d69e79c209bd3b61c11acfe1c8ad5f9aac1b0af7b5db7ec31997c9a373d56ce472d6b177cebe3f3a81f6ec7a33cfd2b5f668a5a433d14478e4708d6504a4765d44a9591e00bc906e717f42a5249e7c6dabb384c692676a4d95dadfbd0f464ab6b6df19bd86fd5585fb7c7a6c InvalidSignature = 89e152374ee953c4d9e69e29c3100f0168eb71d0f5ad31f6eeb52ab6caa465ac028b81478947fe08765d77dc9d4e75bbe2cfd14f25124e42f7bcff6512193cfe3ef9dffbf07020cc5e4ab0b0c44fcc4b2bc8285f16fe08be89b432fde26b0498c9ad46be8bca8e1354c39b571a8e30f07aec84a1fc9d1a8e239d79223a6af22b4abfe36ac108291503a4f557a7bae28b25ceed47fd5b81182cf391ea409de7ba1eb2b404d4468eb2b47c2930845e2e9199fff4f0c838e3bd5f3a0bc798fd6fa4be5e962070cb45d01a84170638fe2234e8df928777213a87be0adee56b8ae514cc05c5d52f872416b1ea2112e76c364ce82ca33027e0fd1f8c0424276659c08c -Padding = EMSA4(SHA-384) E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = f2280564177a0b97e8089b77d7d0cc8ed54849a90d44a7dcd319f5c6d70394169fc4494e348e90c81b2333f6863b1cedcc26672517b2bc7a5c4fdc77917179d41a364b3d844960567506b4fbe3df01cc85fed8e9872bf1fa82f1c073abfc48164bc634b96f732449e0f9450f55832432e818c47dc777ee632c46c8408f6ca9e2 InvalidSignature = 7f65da249423b1406aebe4ca1253075588b101d47207acc5dfb7198dd45548ee71ffbc1bce87e7befd256ae20250208c451bb3a4dabe87c0dd67601ce21a49b1fe723b224d02c7304876e5b2f6804f76d1d57fea8edb951b536c372929863cca988380373af61402e746f71103a9d012d0db121c4e2f636e44b6457d16d12e8b493bdec5d05fd311b502e56ae99071d9bc62dcae68b27f8db50d030963e2dab44e4215be69694a55bb113a8c43d3c2412af0ba055ca740ca628a6254add0e0cc51593cd9a283cc70303caaf8e543ac71bae196f208cd4c9373e2810c94029da46b78b421d6aa8bb00bd83c474534bbaf9629f53bd2df3346200631f7cb9ed4a6 -Padding = EMSA4(SHA-384) E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = 55c50839aa7d0321a6a85cc3f55ba7f6643bc6a18a8faf73ae9a70d4e527701b7b65f70194f5f0551342eef2bb116eef94595c159154d8966fd639fbe0de525fe96af5db8990b6419bcbf10dfd930f98f230048fc5cf1ca4b0d6f883fb75d308687d0bafcf76dc4c06ec6efc0309125b4569c8f7702906053741b4537e147b7e InvalidSignature = 0b853828fa2089ce0d1955d52b20424748a4b227b56c557ad63782471cd0462295cadd808c5250ed2f11e7d2754c8734fa9d13c8b96496eefa515f3f127869bf42fc8c6bd0ea0247863b9c56747d15b16da322064f7cb723e2eacb4457c241b3f84a63b7bc307dbdd63b4d755b9b4a6c0b7590e5c1c7c5dbf9ba61eabfc29a21944ca6166e56e01a42a94b5d8b898c0fd073b03ea998f35e26289454012e62bb58222fe9a03c9b0a562b9b16602c7794ba835245a1401b8e3ae28e00541cb7a9aa8335de46d063739e8c71999b65f7c8fec3701a46bf3c60139b5b780bdd08c679117e14136c84c93fe403efbf346213ef4c85bcf3e2dfd44a6b616009ff47b4 -Padding = EMSA4(SHA-384) E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = 71ff5c8bd950fa414c774075da8ef7a1a58165bf4fb7670cb1f5c00cd07fb1ce0c80ca719babffe73623fef91298c08b12b35e223bb527a3685bef5e3f04a94a63153992eb9d83511435c89a322b32bceddfadc4a96cf943468bfd510ab55fd1db8851f7b26cae084c764561238d75bb9ccbfaad82250672b34f93ed19daf8ea InvalidSignature = 77b82998fac61f387b1a3264bd695ea3fff605bdcaf4c2d3a57f87f3f425134b16711c7812ef1a6c7a5d191fed835b90769883da3e7dbc81e141e3a477cee00b1283e80dca67998835ef33480caeb10f5eb02374cc38129156197e81ffdf36a09e4c22ba30adf9760c441b9691925a2233138f93bb0283be4affec35094f9866e1de3ba4a7c3ebacf88abdd8a1034e968d104235a805c372daeb7b7844ff292bf1e02f3fe8912a28d92e0724f285410161f4fc8c9ff8e0ae91feafb890de775f874de9c8fd990fe77c21525d55f882c432060da56561811cb7fa2a7ba4ad907faa5453d1c2a8834eeeb7400f17445d59a3344fa64db8ee9e97020c5158def04a -Padding = EMSA4(SHA-384) E = 0xb2b5c1 N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 Msg = cb254c69cb296eae328fafd8354396594c74e8f9ee4783289bcc8a922031c2f517353c2fade0359ca8713a9ea899907dace6d272d982dcfe771de8803d28f707ce44736583fa12856bacfdfe90cb32e77c4b26eefc54afa4243b221b93b0b8b3f9393731d6dfce118426401e7743453fc48a2d94e026c6c1aa0c808aac32cfa1 InvalidSignature = bab31e3b71988cd3f2a772cd0e33b9db6d7aea6b6b99f631a0259ddfe9489bc662d9c6c9e03916592f212bd4e9619148dcea0b58b475c72dff8815aa3f274ad19d19126d67dc6d120e985ce16a3aeb64aadd785657fc0370c701ffebf71d83260ccdd9da04a8f29a69a01c3a9a6d2bd942c44d5cb91fcb44af60a2b8e2c94cabc23ca04ec6d3005a82cbe06546c38d4fedfc56d549c785a2e23b04ae0135b03a17d63ea504c51a0d129c172ba2ecea5dc6b8db4cec7b7a4d021da03ebe8cf6cce67b8e032b4ce780136afb144e5d8019e7916932ba87c7d9c963c0f51d62c873af41396d87877ca5ae888ea7d322faa79345080fb9d2e6dd98b7b219b6662114 -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = e74ded82964ff874c9e10540c9f1dedaccb376b882e61f33eb5afd316bafbb01205f7c8673ff1598edc179a74d3e74a1d7729d16ee08869be5d8356c13afd855254eb4d2b8b55f7528a12f88a253f2f48193df61d7f5cd9f495ba34421bb10979e227cad8ef93ed21f880f2bf3b8be99721d26df64335e08bfe82f03bd5bcb91 InvalidSignature = 23cfae518dad78ff6540e64f54ecb571ae4fa33fcc57732d8555cd25b44b46f46eeb109f91af7d08c89e16f4cf6aa119cd9633515c55ab3fad64c8932417ca945be3e26028b752bca8851567da6408e211df8fa215a8ec07fb6faac5cff26d174a1b5b7fec9ab12c128489c4ccaea60c1347b8451bce07ccc9c21e90c2e5dcbea4a292c16d60ba66ca4e5ffd6c9cc3b8ce4ebe39df418573e0e9f42ae09875a11050a434538790c5c700b5adbbf700db2a93f3e5ac4c570f8543f0a1c1d664f29d161b064a0892db495b68da2454eb983db0fb3defb0f688b67c8506c20dc7997e0bb51854a85af613a3b9a0ca3e746f3d8393b62106c58f8ececb502824c478 -Padding = EMSA4(SHA-512) E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = d122c9b539021a26f4e66a823f29791780a879da291b1858dea5baf0daa906408fe0a5dd8ca84647a49fe61c4d714e8b46eedd0c7d60874e2f1b1e715155d0762f38f2f45336fc0ca89dd49edf6b4fbd1263f561a760045c78eab8903007ca5ef85336625453425d4707bc72bebe83962c2e494271c4966a003910b34166fbe1 InvalidSignature = 57619bb864865b005fae1cb334fc5e60a23cb148e722a781b1da7e822b849b93fc502927ce9d72bf8d2f809ca6afaaf268133a7820ccb1e6c5e8a7252f67f41c8c67f97d19c718b15c32a2fd4a98c69ea535b37d6a1c884409603c80e1aac8ca32c48ad5481ab56a02526a8f37b884f15585a4989f0a7c7f3afb20718f143c4d49fdafdd33944445d39bf857f8c03e4132b1a00d52064f60172b44b67919610f2b69fdb7a51b69087915f76a2a0896fe53103c81c27d00b8c805b42d2adbd31b21d1773bc1f96b3d5f9352f224cf1ab93c18cef97134fb3cafbda7b8e4c301981ac4027486d74d1308c234f84a13cdf0e505d02c3f1f2b8e9984d6b2fdbe0400 -Padding = EMSA4(SHA-512) E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = fa0e2ee8d953ee3589be814638512966d3d5e1b4ca874079170f9fb87db17e070dc7249eef6f86ae5f816af4f6c4cc8d2b61810c19971aca83b10b7d15350d0cec5fc0a259cd9502e27ceb1a8af378da53beeb46001ecfca1fffb3ce472a888b9fbc4a1d9fd7e3d91b974ce07d48f5f452d6678b08842822f5e1ded49cf9b82b InvalidSignature = 2fba3258af60a9c026bacaaba33076b21789358f63d709e4b2374c7e010a3f13d77d71aa6a70a116eda22a652706ede6234e71bb688c32697087a0c12c422e98cd6ea530ad7adf9e293c5eda311578cf0cd6b2cb32c9342f5e2e2f3fd8b27fd8b9bd7beffac03adf6148e72d9775c27ef90aa232f49bed02af05a0d1567817116a9abc0b81ffb02816ec6bac841e559fbdd7c2e41df9e4b66f76729fefc844d6dd6a879441fb212d4c065ebe6af9365fb2ff053433aca778d3a667c901dfd7dc35bc2518640a79aaeca1270646464ca55b872017a51cff49b56b53f70324168da72b0b5a297b790c89b1f71fa7937eb1e514d77f33284765b66608010c324013 -Padding = EMSA4(SHA-512) E = 0xaf8e8f N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = e25750b83c69e4e14cd31a1f366d7f97134201535b3601fe9deca9e874e68051b6ee3be3eeb5d7800dbbe43e5c6e24b0b5965468f3f04ab9a71940c20dae70a73eb2e122a630803bb9217253e28fa967bcfbb59385fdddd5d02a6f14793a5461de6be77c4c20089ab8ce6b65b01836459139ccdef9a3e3da7fe5dde8a2d25504 InvalidSignature = 5c3ff26414d2af68f316f7646fe4740d571d7d08a4553c250b6abf0187c2ccf16ede3ba33acf57e28b20ecfcd0c77815d280c08ef4bc76aeba9012939bb53a5c932ccada6323d8de5b00439032b0fb57c77e64423a50d480d9364356e0b3b841cc8a61bbff8f235aa8247c4df7ac1a31faa85a855c76109cc0a8baff6b46feffa65ad576eb2ecf1713baef88cbf8a9d939558f95677e749045a06b8da3fddca07b8c6e25499c8d2dc6f2e152b75a9a85af85db7c84152291bb03a6ecd65a1a0209d8291cca9db5648acebeae1faeaf488c49183b0433d74833812ddd35ca6b483a9f24845f10c11a18152c9d3c8ce5209ec4d8c10c5960cc5889950428e557e3 -Padding = EMSA4(SHA-512) E = 0xfd7a0b N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 Msg = 2288961b2d0b66e75dfe4079804a7f99cd9735db1bb50721513a3f611e6d1ca8ea636c5f0c685dce3da191de4cef70231415c219ac1e7daeddf9db01d967b06a2917fbbae80ebbc42f4d041cd0ae511e47101c32edb3ac4f6fe52fbe7fdf0821c9ea6ab329c626d11b4bc1ba7351ca934ece6aae483e3d0bef48601f789eccd5 InvalidSignature = 394ecbdd1159193f00fcabfe13f1ebad7d74c0fa954dfe2fcea5203b54c93e02960490f51c155da452cb451aa012f15f27c9ed603014eb88b714cd3232b0b08caad1e18f80cfb81345a18c4419b88a429a4f69c72149e96acb7f4463deca7105938d51f2a9169297e2462dcf4eac45208bc509cc3e85feac0e51b3bb32974ee82fbd23b3e2dc06da6e7f64f917d00befb181b264101de55cd90a86e0fdb27b3e9e8ffb458b39b1718e20da779408de3abc05f98e196f5f92f4dc22b34a39c28aaed5d44ba5fc8a50fbcc355bbeada239bb664f2d8e32fd53a0f8a0ca081276c32cb61c74fa9523b1d3f6a795dacab8363680ef62a2a964f66e3f5c0ef5d663d0 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = 348d8253c3fd1e0175f263081c025ed1d2f48d7498d39f733d417ca7820e857a7b091d573816685fa581525eaf92d4fda8627339edec0913c667c7898dd47bc613d30f963fba521cf8e8fcc74557ec82b371b32bf8255647d53950f441e2d71ec39260f6201165a036cf662c28792ec8bbca573400a41076345f1ecee46121ec InvalidSignature = 7247182f6a34684402028eb1f0ff8ad0f16343265ee6c6f7cc8b18f2ef9d30e778c9ae49bdaaee7fa1d4dc17ea4a1a11a63d29ef17035fa41215fda41d36edc7a0a672649c3b05ca07d09644503abf99df6c7c31f516369044322029c7ba5d7220be8fe46a0a03068b7a8f1a145d0aa0aaccc4405fabadef36354ee749f59c26a0f7e0bcafeca1ecc272c2c83738b63f8ba2c6d1553b1b326de49dfeaab0f50c344ba311c5842f093ef8b906fd5e163180484e9517c363217e9057a933f5c21029c00bb1a93698e417d33b19583d3dc4774f381e434e4a2c35dbd3f3829f4da9c0d18a702f54d73f201dfae3c298007ee87bd2d017b8aa9411c2081ec04ba3bde24cde89cf743fa7f627c7420e4a212662bb160fa5cbc93b7b7585c53a4d93dd18124851b95bf00db240a0850a89bb1d291944947c0d8206d6c509b7b27d8f38a339eccd3641b291dd569bbd3bed6cc18f57890113ca5f3aea7af7b35880fdc0e157f941946e742ab61b5a9de3e18a5575680a869fdee02bec97a726d99d0703 -Padding = EMSA4(SHA-1) E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = 07dd79fa6d610e1c9f3c64a2b92d1254b066531136df0ac3ddf003927e1f7c58dc37e455859ae225f9d799ee0e7f2bde93357bd53405385e9df717e4e3e35f231f86abdc5cd6ebcdb393ade0b41f9ba3088f44f855021f0e6231cc8f7c489e1b18f557f6b9be32fd149727df72b46a89579c35e2617fc7b972c9adfb12f7402a InvalidSignature = bafbff970e29b56aded354a1403ca86d9dca586afe5f7e268dd12a1915803714b37b5b329fb262df320b7e4ff2a078947eb7e114408bc432b41c899f9f7aa45927763c969b819321cb6a048520a3ce64d66e63c81ef4a48ed269f4108d392a1429877252a589ca0fb22f70088a23d01ef81a65e0dad9e7ae9dfa09c42e2843e7551aaac914e1fd436b811a28b78803f1ba34c7ea254d1d37a33217413a0890856297f81a6172bd6f147f3c6ad818324e5d6e36370c2a52301180b8a3a8b7141119ca6e8b5bd71a77d11c513de82ae3e4186757cfed3ddf17b345e6af808e3b0a6338782c253185c51ed855fb9a03c1c1895ba444fcb691e6578a54fb927b20564e328f175bf593663e38ea5b92ec8f856dca9c42c3ed11e93fae960dc2b0384007292ac2385d12ea05dea3c2a60d5fe3e6de6e8886b1b1258c35be13ff1ddd7e3734923d05eb93bd9035c8b936df2b8c3688a045829d4203bcd178fe1cc9a5724368b9148841f173805b88e505cb5d516946bbb17385607e14347dc5fd98d172 -Padding = EMSA4(SHA-1) E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = b61eabe9eb62740c500b32e9b049a0652b4a87317e68289f85a1dab5fe47f4818ff8edab0bd1c251f1df980e35d6a35c4306461d428a7c7495c376d9a805866de98f3b8a14c1ce9fb489bc3be71fb56761f2b539b3e271a6cdaff498c2b18a40cccaddae909a5e9fa3f1e6964c8a9d2e8cf61cae5bd6cede354d9c19d5b5c9a4 InvalidSignature = 09b573ed2be213b3e1ad49ab1fcebc2be8cbd30556a3c9ac4eafdffacee20b7c5b19fe84c66cdf57c0ff081643484d5e5ec904de4ed87d7cbdd8e9897ffcade1b0a260f7cec47212e1dd29cbda97c195d0f47ad0e7f8e836c9f870f2e77d8648f517bfe15f1885084a28ae1bb2ac7377274d2be8748b28fff31140887a317ba4983e0b3c94d4c0360e658161c011f18751ca061be384bf09d3f6b8da459d432081fdb22db78483e69df8f37813faaf31a9c766e16fcb8f4a77d18f8a1ee8de88180b9f15d0894ff2a8b2a5f6f9438c605e181fb5807f9dc635dbb34aa5380feb004e16f49b3b9abf5e9e241d66c5e4dd2dcd4c67ff3340e4b1dcf20e070c18bc9f4972b7cc7f8543564fde3b3598ae177e7a97e3371aeff0df98b1852330befe8ef5473f8e5210360922a5431a2914448e2c7db973d6289515eb3c6053a77aa3276c71f8e2692bb2ff86f48fee9db1960203fbbd7259eec3230ba46d4e3caf2c1178fb4f62e516d86af4e92036f7d08a8e512d933221d0fbf520bb904c7c5b64 -Padding = EMSA4(SHA-1) E = 0x0a673f N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = e594d640dc2fb4d4d9523ea171c95dfc7aa2348ccce403a1487e4bc7197e339c3a832ade3875cec83a730c9f3e0d8988a5b4419cf26e6f3ecfcfacac51245ad57cf1436b0a9e7e38686d93b502afded9c038392fd010d52ba76b69be42db8f28b2c56a0ed7128dcc6c26180c43162498d215626cef30fe10d83cca24760c983c InvalidSignature = 8565680f9957f0dcb540c1cb61bb07f58bcdef54265047d60e438e01f4bd2b589cc067a40515949808b31e9c22042bbfd369610a45850d15d52670666377dcac674a959f1ab50c5f980d8886c062f553450768041af741e3ff8a151dcc37ede167d69fbda25cd17ee649b72e5a0812dc696cb1ec996b0ea9d1cd59680fa9560c3e80851544d8b970e0f638e162e2385f7f4acd701d528e62842611c1ba68d0b5c4ff273976d36787c837d65f355c186417b6c15934ab6e8f9e7d030add664c191ef81852d85bdf1552c267e40cdc2dd6136851024babdb701428a8ce79aeab9d4332a1e1699731f9d43799b5365536bad860eb5b756f2aed6fe6aad16cf4270f76eb631e1b1dd6bc100111a909da6700ce7f917385bba5d9974987728d6bdede768876e241d2bf23de0f3028d52848f15abe06a93dd616ba95724347043a300c09902bca9fdede9a7d29f25afbc9b0e9077b508164792713278eee448000629b1158d2cc65c6ff06ea9a2e95c2874e2c7e2bf872f319c2627e538f9f7434f6ce -Padding = EMSA4(SHA-1) E = 0x0c9c31 N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd Msg = eaf989927d18e789a4c2c889fcf5c21df332e46e2182a365dcb7171006f468472a6f838fc776113eecb0a9e005a644daf581f24d6515cc3d5b1f2af30ecb169ff97a00422ec1b3cbedb587807566d8a01aa9b847981be191a762ed02cfb6ca267ea168745802b478ce58ca32f23d66b989319c236299caa9e707ca07f2bc6c22 InvalidSignature = a5db83aa5318aaa5ed79b8e2f70652e8a7f03edb1280efd24abcdbda7f794f592ba71db3494c2013463a235358c468d0b722b797b51b05ef6d1463203c882be3f2f25bf4918a04049e2a52d6930208839cf3de4b2072671da8ce0d288c9b19ac91b436da8c7d4ce87ca560f16cb759fadfafcf4bface1fcf2d0930ec120b3fef647b1772d3af810a67e3c359f977d9b16ebdd2786d411910c8eb72458eb94017904cc8da37d0dc56b8c7468e7dc88721e66c3a5cbfd729c4506dfcf2bff3206907562b9f8e7536b3ce6d9d607062fdcb06dae044691d40f51758fc0db46fcc07f1a4ced544396698256da55d6aece5b64b72a77d41fa0ee34f998ea3bfc5f79348f46b1b3ced4d35daa3a4ef656d3f039da9d312f36ec8976e5ec1ea2945938232fcf6c47ce1d8683cd49f2b736f6976158c65061326f868fdf87afde1ec7e0fbdaa7c2788acefcbc85d3644e2f9636e470f00afbd86054807d956df0890ca3ac1897cff7f68decc11b975ec4fbf470d30d14f0a88bd1b4f1638596fc54ec9ef -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = c94473f37b3e8fbb10fb2cb105ced77e753b9c4eea71797673151359f641a88cc8cd45387bcd39c0f75ac9a4cc9625a6c7ea9b2bc4920be3c25c9bac3dacabb4b8c40cde99426c6839ea15ca3ca6d8e11ecb434c0f9e1b1701170696ffe58794c0b12fae7ca712f9fe3379ebfb08d678a267fd7b749e905856cfbbdfe4f22274 InvalidSignature = 7b2ba5d847b87118e2c09ad023e2cc5e6f4e0170ba9e02d3c068adf1fd00976b6288f316171d776349dc3570ec1a6950e47094331449a79e74d8699a5397941261d98d6bd5e1f4ee631361b0aaa5e01d25ef71e47d740865592eee53f290a6c419a2153fb7cb373cdaf22cbe638d49492c2cb267be0762995b9756e32dd43675a8029f19f237960334fed8de1bcab36cd091c202bd391c753b7fbd8062b31ba8ddf360f3420d0c99a746fb1bee1ae0ce033794c22c32d8ea8136022647cc90f99a895baa362cbebf294866f3d942a53c789919ff4b846fa1c1d48202c7689f1efaa52036921df7ec58e0b6cb9a5225d89eda78545d6b117fdbc1c726850f73e735d57b8a7355ba6d6ff3c8efeb49a29b85c92d95edddb04914b1c1550e38614804105313660e94c5decc0a5627e0071e13843b7d63a4544a1330a377effc531fdb12d3e9951c4d2c229a1240628d17fb3a7cb410d1b01c827e6672f4fc34b650c3a0f42a1c0d743a1797623c2778a49482d52f37a70d81de36eb6dd9e23b2576 -Padding = EMSA4(SHA-224) E = 0xa4bd05 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = bd1449b44548889ecd191d0a43cdffa7e4bbfd95a51946d5d20f2efef50f2f31f9692e4e8f1a0068d1e52d7725a6f44d65e28fcc3da2b855d4826b83ae05ee1ad12b0f3a2646add923097970a7e2fef3258adf0705da607047e028c86a3246778c8271dfd27394d70aab8a5b8f2925816dd976afc666480c7550ee34f03e3f30 InvalidSignature = 22c2fb8742e325e8e59f449ad6fb8b531e05efa5d87cae928a030924bf34029cd25d2794c42c987520d521a2def57c62d5a00b9540b792fd04088b82053fd5fc7d76d3b912086ac718cc9b19b03e27c3311aaadbc19602a5b4c1321b4f7217c5717bb48de800872ad322c9948682794f25a89b3a7600c36f9d460f0bb2186b5a9a049b04c38e9259a9bf8566ccfe462211607a81cad72f3aa2468909b723c67bd5af913fcea3717c33ee8ab529154dc549ba12506227c957b80788a0d7b630e7d735deaa847ab5dc9de4dd90ce57645d1dfc147d5c2c051597fec2697508bac577aff5dc1a43eec3c7b014f027a1640047d42b4ab59709722bf5bc703566abe2e2aad6e9cf9e850247ed40563ad54296ffe84cb2f8ba31386e8b821a2ac29347ce710ac31939bf01ebd3b7b12b107caec9ee01d78cc80721fa75143cae00b7854e64953580213c46900d9837b523fb204cde1048d02e08dd00ba0e505151840f02cccca387440d007a5452ab6bb741bebafc0bf3c78eb1b895e25da60533bbc2 -Padding = EMSA4(SHA-224) E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = 105741337cb19262c78a1bcbc04349775ec4f32f55c18fe1eb3ca645084c85bf8d1c3688e736ae09e4024887c5897205947fa666b8819dd3c69bbf5c9a0ddde2a74f22348b524778e60907cd6d28d32e3a2cc699669bdb71da8d5e22626ba00304f7ef808f8cc57876a740e4dfa7d2baf8d13a118a97b385d01a6bdd89ed36eb InvalidSignature = 96ed1422c5acf21998993a4d30cee4897d490c8de002f6fbbc3bad70e6c44cfd2232841becbf2cfae42df1f1d91fcfba8b81f19d3fa3364b569e444f6f18dd860beb641920b7c565217ce181b637709bf9a6121feccd49f59675cad5d7b27956f142aed71c962cd23865281622d22429f288338b095524b397030353f590dc11a4cb9810cc247a0c8a816b41683a64651b1c60be462d80e5cbcf025fd0181cf61c2d9a63eacc2de0dd5637193598120b8c6d60b6c6f1228735fd18a4fe3f8f63ecdb33924eb7b809bb66c458d4b73106b6a23a7fc685df3978ba9cc1e2371288f0195b6d73239fbde260bd92ab838f0bb80735665a68ca5e426678fa6ba2f29a9374dd7bed51f3413fa074965e56f3687db310c0b3c69e3f37386ad5e6de25f3faae6212b3549d87e39a6cc9dccee9ea1c8469704f79e88089b3c1d3232adeb99bc0c0a2b34094ddb3006cfadf826e1e2a6aa2a3cbee334bc4f5fd019fcf8eb61b0db6e38e611744515c58619d46a39afde9677189066f55e4f78c39debf7e59 -Padding = EMSA4(SHA-224) E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = 6ac31acfb46bc42fbd13c38fc2cf6751b2a6333d3e4f8f6a3338bd6207cd0e81b1f6569ebee19deea20317244c5957ddfdf4bf3c59b43bd1bf542fc0d6a6ad1f6820ec9f7498f56f7e4ca05d2a25bf3f093d9991b39e9a5f164d48660d877976354ac31afc17357bfaf7448285bc083d7f89a984739414dce02bf29bd5f5da4d InvalidSignature = 122cadf51e1f0984907c382090aaa972b6dfcee9559e01d96a212a716f23a10163903441d4ba5004b42e26fb31ca4814212c0936cd3c1100f2e5fdff1fbe177ce0ef0f8cc522b85d5871415fe255917944d20618c4bcbe2cd53b9c46f84e3f18b50aa697bbd8b7282107516af44b9661a86efbae960749514fb39ad06329011ffb94c8e2a1e63a4b49280f3b92cf3add5f1ded63e1b436cb2dfda4bb6b3831c9f352544bd7988495362ba5cc7a9c6059f11d0f7ba99b537974a0d24b8bb6014a98a6122d8f2b6979f91d3f0bec9bfd7c0d10f8b25e432557feb9f955cbb5fca7f63b8157e0f1be7604a0efdde294289fb46a732f636b2b0b33f5be9bce3f2f76b186c5a177458ebbb8a46314e37e2841eb53759d3b4636d91e9d1c814b06d761d4e483a55e5c54507d3f03063c53ccaf57c73f1ef98bc60b7c25b015f6a3bfe81a36b32bcc2ae828da985dd869af8cba37444cc79eb3c80f6e81bcf793c2d08bcdd3e8191002278d23153a8ce90c10e825d545a249dbae6013fa3470eca9b13f -Padding = EMSA4(SHA-224) E = 0x16b265 N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 Msg = 979e87fd762d8f044553a56d47d7c262d04789024fed71fb8bff265b2d162da37fe1c71d731b1970e7ba8972276a6b3db439dd854494ef290972080736cf8515c05ca2ae61759e29e3531ab09b83c34f3496304cae1b0db7a5ca7a41d702ae52e176e05549236757c18520d0aa0a10c0d8c74afe956913cde86f45b11797f181 InvalidSignature = 5a48fe3dbcfdf6b995f849d775ac51e56cde0f0b41c9aca3b035350f3aec027021b3337e4e21653448027ccbd6c83f6036dbfb028212afed26ca99c729081ce742005aee6cc22046f75a6674a4f1f3c1403553c4027137fb27b3804c0c72320d3ef0ef3afe783582947eec01f57a0131cef6781529758e332b162226ff6e347771a4d0a6f8a7244955deb552b976408730153d9008468c13d824111a1f162450c25c365e923ed055b30f747997e49bb5b8af283448b05e1e265366b94de3f55d135c063d45b4a9261fd1b77e295791b8c77ff5feaa146d7c474ef25257b7ce2413a4c0fc422d7f9395f6af256a3c6f5dfbe902ef5f4411034c1e5482d399bb6d462d8e42668715067ead9ad9b6609517ba64c70b3362e2a82abc61710b01132adf39c1a76726d667ac5553baeae28fd36026da0c04fdcd19104b968cf56492229a760509eb615b36a5d0bebddce3071b8dec3a0cc30d887202eedcd12327c798bfa92a0366664e01580840e58a63664c3878afc8fd101f010d8333c725a91cc0 -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0xfe3079 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = e49f585eeccf2bf7265641fb8c0f94c717e2ff1d9045aecaa302d285353b991bf7ac5dc93b311ce9078828d268571ff909711e5c04553220f8f80f785cc405ca13e02f0d40b2ee765ba295538521663718eabe5783888c345519077a9751a1285fc236f2a25a8ae44a2df247887451c86cd646d7b3e7a44ee0ef23538eec557f InvalidSignature = 4e85f68a5b06b06a17d0f3f27b3a5a119e7db02abc2d9b4afc698220da11524a885f33cd7a10ae89c98b027b69224acef4713a1463f168c8bef551ef8fedb219b6ad0b3e99d6216643e58a51bb2ae93bbef769614914eab137c1993b149171b8633f4a318f69772996ef7dc3f7748f3756d58ecdc3937632717fb40cb7ed6e5c72e172ac58ec01f4e32fffc445b60f98a628fc1b0fa4cfb6686deb125950b862f347e9eb8120fb2b5aa23d6d86eaf1edebeb133793541c4dbea0f14a9f74733da4ed11d1274d464e09a5780843d6750bace0e97029308287dd396efa0f32628171fc5ec20d3c82619b784e4cdb66cbdb28cdd263a46a3ec63e1cad7659dc3b33801432d2b5b5e10a770083b933a805a9c76cc26c912f952cec5fd8413a8c1adaee80149fa19855315075825292db24de325fa6bf3b4c06652fc8320def4236c088dd5ae43315e03672fb999c354ef61ac380b1b1c96d711fc777e345ccb94536355a321466eedcf2355dd51f688023d6b599390f3aff6201369d8103af926c83 -Padding = EMSA4(SHA-256) E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = 4621b17cd9f5b623fe73b5fe280ce9ac840805608acd6e41d55ea71132220c0df7e7c4159626f10d71882983f0aa2a92d11dc906c0b22cc028f4395d48f54e12894e33da0f614dd48ee114e65f95c7a7d3585e7cc765c00178d136aa99591faaa35ee6136d2e323ffc855c709c5426b32fc0aa0ac66e90c96efe84414dd5e79c InvalidSignature = b60a4dd629d6030fe6522f6b754f0e751de4b2552c607efccb2f90da91787583b6fc51bcb60ab21938a48ca6ab3ef8ab75b56abb9df1faa4dbd84b412066f3f92bff778a89f7df4f55317cbc40a780fb87f0c844c2d64e232474a3e931c168b330866579685c51a5937a2e80ea2c6ed00fe123f14bbef55c9774bd620e1e821e0128cf49dab6f8853c08801c8a00919a6c013c3a83f999c66a5cb49c91865df60db8be813bc3d8b35d85d79cf01abed2f60f60edc97153780c0c12fe45e5e487fd959393079dbee5af46c0a7c4214fab75c5b5ddd6f0288669e0a9be33f4b5782524e838315cc031d97beb1596026f129a21e961dde6bc34c492f3026af7f503b8ff87b7775619f8d1e17f972c85940affbb64d3310fb9f74d9d16aeb077b8b997b18020eb992ab61322847fe6cb62f73d0abd81633ac5c5be6519ddbc9334bb56449bdf96930d65d8061db8911d4ed6a59ae8d2276d04596a388e752cf99cbd395b837e7c5aee278a7c4b43c78d3d74c88f49cbc8d816f53cca156927fb92d4 -Padding = EMSA4(SHA-256) E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = 7867b65ed982ed6cdd2d061157be90f85bcd580350f1253145cba5c58946a8a5751c8c008d9df833c8acceee2b0a5a929cd7d0def655f5cb59f01cb4c47b54bae5bde0672f2ce7922ef86d82174b8256a4d0b9a31e72dc60bb66deff2b6b11dd6e5099dce8b7214eb71acd16440b6f0918c0fd9bf2ce43b71635d5eee79d48d4 InvalidSignature = 0a617081dd9794c937e4c7163e2865439558d41e688b230c20a1ea71846643b8321d77cad582ec9a70f40d7a8ed9f722c5b9012f436c7a617ded2ad18643457b6fd33035fc2a2cbd52f3da4158015e01fab55b4e26e2de9602101ddb86e8d2aeb89bf4006933a11b5fbce2bd09e31fda18a82ec405910dd3d1cf1e465c176872da3db1c2b3089b48e768ef155ad5f56417497a648ed0427d45ecdd038d3cc8c87ce99a92f08c7641f7fa39ceb4ec83ece0994ac6848bb6efb4e79327145e5396b10faa1ac3a63ecd4a4a2c9cba946b0e5f185b2cd1a04293ee46393d374db8be0a849377eb11067ead3b76e514551d484d5c51544a1d0da96c17b5b2ef953dcdc1c6d592030e468eb8186a5bf660b71da5d982bc5424cf1a4f8ce952bc763b4eaadb2a3f787c8af01df2f43db5e0ad711824acece2d99d5bf9fdee0fdf1fdd370ec791a946a4b6af20b277479a838776e9c09230c36325b8c8ef84db282fe89ced24b0d7869b5d246fb3c60fcb261309897714e870195b9beed0b265800fc6e6 -Padding = EMSA4(SHA-256) E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = 4d36eb2c3ad233436923e580faddb45ad35967108be8d99a876745df6213c028929f07d549847b4f9a996a3ddde390fb54aede470fdc7a3e0c7e0688a3a125cf216a3b75b4667586871b0aeb2de3c0e143fab1aa51d54f82f2b5a6d5357de1af42c01074411f28d177d24bf2b2844af6e86469a01b79624f7f35ac30df4efcb2 InvalidSignature = 8138922fd1a87333f1316e207e5851af65f27d9f5cda0f7b7cab0054a2deab0a5c246f1834b8fa0a9ae755b6add3b6dd93c694fa49bea28a5635e56d9841d283320e7a6f9812c102a60fc2505a081ee3849f815191b9d7a6c41db67aa1a053f22d1514226aad3922cb0b5be7dc86d6cd5daf28bada179fbeda50372bcee5fd8b567ca1826b081cc0e6cf58cd7ed935c6922b924bedd7e4f3d48f1995a56bb1d8aff5505ea97c56cdcbaa8e93254e8c6a39db1276c6f53a6551f162f403182b4bca892a6cf527c4f96296b2ce17ffdfa0347d5290940d81ed99a3e8b00e859dc0bcb83e90e9cd9a5b64cb9db1f3f01d26d08835ffdfe4053d9c7920963b07fb199e5c01d44d4182586104850213f8ca60c0081e62b5fecbad7eced93c35a1374d27b67150ddfb44ac68f6aa00b55e38e681b456e60655261d8dae047d67a4ee2c55ecf213571da1df549a4889ea3a285b5b2fe0707d74d470c7ece3a21526f5d4af7085dd11e6af405152a05110fcd6aa06ce93f1d2baba3ed5db73293f977ef1 -Padding = EMSA4(SHA-256) E = 0x73b193 N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b Msg = e2a92b143c8a006cee8afebb663119745d26f4ffacaa535c6165d30a1265d9277164c8d8214977ebc8f2e2bb66311f54e51494d8f16a6822098237a8d6360aa6bc288679b04c634849a720ea1956f5043dd10a723371e6e9ec302ada22b17f99ec80cdbe909aaecc9830221028a884cc8ee5bc951bc8b7fa31f614669edc2048 InvalidSignature = c81ac394f82cb27d75950759224b1787f87225ae5549be13dc1f74326eb668e5e09d03e03ecf039fd08dc301e70bd07992b20a2757b5766bf622052d69fbfbfaca964da33af71c8787eba9ed5caf1bf86e48587d26b21f9f1be601246e1d9cdcea9af7796ae30dd6bcbf1b25734f89e86ae9051c7a2cf3730914406f1541beed812ac6c9e18cfd5bf265523360018860141bcfc51c89ef879636ae2d7f7e41e31337f7afc3e201c6805a76af89dc9ea77413be1f1338e845e9d16cf86e5e04a52d8b579421296fa702ad07ecbfa0237ac996ee2e91eeac8ef48902a76c947b501e265c4b3fbd0c516a0416ea13c79b7e5d5b9435aef3f371d38ff9df8fdded2f265b27da5a84fe5443635e260807db9a1551387e6c9c596498d280d9170daa62954ed32b14d044980eca76a8db63483d8c4cbfa669ec140e7c4a304cc15e468d96fff34d77692581b10e7d25ef075d652758f50e9ac4cf9848466388051518cf93e183f910a4f503fbeb654f4b9424dbadf61d2d50f60f8f02b4ea0e7bc3b398 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = 643e40f3636d706e1337bcce6818c10a104fcf06ed87f859c8b667534446f43f1073f5e561f45653a0ddecdd5fc40663922245d2fcfdaeede7c4fe4e187b3da70217964e3a2c66f92bc593c60b931f7e0e4bfd1ad94923863979e0a615777097a1f5ce37d55ec9e71eb85a8f53cf35e3ea909ee56cb37eab269db6632284b394 InvalidSignature = 4b1264459b5d4066370a09c8e2047911d542e800c0ffc3276bb2d88c74cd16591c0c1c85ac44e08c74849c2d8fc287f5e4c33ebc7bf781fa0e89b4d7ad8e0a0e4e450c02e48cea826f19a96a9873407d131375e99fa2ad744ddb3972f3ef5e3a5bc7a6dc8701c93821bfb31adca2e6cc8f9fd375290b991e5519efba5fcaeec5eea24b671a6c23b6ae4e203c0d0d27553946d1b2fe55b43fba5d321f0ddc07ec9cf72aa8633f8f666428a637fb2b10e7fe9bb81f24c5b5750036d6898d18ebc358a63803ec2b67f516b36321b343f960a1b8db943ac0440c006391dd64e09f6bc3c1d2e2e2cba781a161f0aad3415a5b03addf637060cf0211a02094a1f7b07d443a7ec958abfe74436330a2a8c7c7ec86f91bffa9c35e1e8d3683307e33f226f9645ea66ab59ece99a0496698ecb8926e4772b307110f64f8fc02ba7076d288d4fc1481259ccbb7eb35afce0269f279f68433017622130f62e91851d14bb7e6bb648c00be485fea37bce55ed78575fe12ac3137df34722c0f2e992628c525a1 -Padding = EMSA4(SHA-384) E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = dcf645e2201c3144ccded7cdf843326481ff3105019a5308fdcf74a66033e7b92817c4c360ae83324e73cae2edc584e49ed4337e1ac18772ab012f839c03ef36ed12f3d64c7c63ba41f437cba9354d4065e8b8ac53c85c3b7d04b83891e402d392b07922cccef7650d2ac58e12dbb4014003699895f6f9eadd9fb6cd29204819 InvalidSignature = 0e7a238a1eeb14ed0aeef74bc58feed30afaabd466b13d91b72283a694b785d9a31552b60217d9721197409318097335961d234c9cb6a86bdcb72d6da21951c70461858907336f52e82e7d44074980373a5bacd08768ab9665624c8df9f09363daa823948b4b6887a69ab7eb15d4afcffaf8a1499ab12de74fabbc7c93ec60f66b783d8395fdf95fc3b417222882c91b40d249165f5b60b29da2320d2cc3af8a1c148af334c404d9fc248034888fcde6ac99411995f6ee8a1479def7857307b0b40498a56e64929c81d14a7a91477935a37311e30600d418dc07d6af4cd200ae88d5ba69b2e96bcf993d105a18a1f7e8a56b372961ebd729a76c15e4297ae4bcdb5ef2e7242e30ab9dc13442440310de6bdca48b98d67bbb2ab07822b3a9d5345b4509bb3a82c387f354f4cb19bfda50cb88149f0cf4d8a668458309676c4c7a1ae950ef5a5830b4c1d0592ccc875a46828e617608023f1db249e9cc13e8c0a28b0395465e5870b96d68ef2e254393b04bfea234ea3fa46c6d53d3c5d51640d1 -Padding = EMSA4(SHA-384) E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = f5e7010e4829c855dd6c3c84f57a50cfbe5b3c9fd4c9229e07e4f10d5f278a5e5d9b21ff844ae67418f7e5a8260c2b85c4d42bc29aea60fca1f233092b861e89247312bd9726169d7361322490338befed26cf063cbad3faa0127b30b5eedb7cd1d99bf189a4a0f87712e8a03bd5b635c0b9f014c120c5bd8bae922a04450760 InvalidSignature = 5f231b5b8e5804698ac2931b612c7087462f296502f7cfb95d8547c813004ddc1c01de04ab900a2606db31f98bad9d43d6ce858d7413f6ca48df1214c348725507d86b19314aad2be754a91ba551e156707a991e93f4e49e66fc82ad34d1f36ceaba9b781df4b277f62f5072652ae60a6525f6b28a77e144edcd4f596dffc9cfc6ab235ac406c7d5fe3d364e6c4df5e2e50c0e9931f3ab47fb41bbd0ae196f938168f52f3ca4c6290968306044c236792953a2e84e2a2738f296c032d7a0699849177cc6495b27258820f8476c4b09e85e30515bb9bfb2eea6bb04d90f6561f5bc5123df8e6d276feae3f66367c4481b1f72b38f51529972d9259dbbdbb2f04b028d439520c72abda8f04d7b277831591d2d6b6398fe15fc5cfd0b854f4effa0a77e39c1e596a466e2b184c499e2b15aacc5f6bd4c74a58e346bf6f5aed5343c300c8f71545d95d2276d54de2b6e23aeb8f5247fa6713e0e528e35cea82148ac4c72a654380dff36e4ff0f2b0a14dc271e87fa711e915855efed24eec15700fb -Padding = EMSA4(SHA-384) E = 0x9ea299 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = 961d11d02fea2179ead83fa51684e5f4a2b804a898e2a3b6e8c4c91c676c9e761767cdcca9322caf40f19f8478633a1fa716a59463d7c549446d9850ea8761f442f20692060fb6ab8385ce369f33fe3b1a69a89d14578838d0c59a2bb7053877a02683ca4e6b05953afb956493da7a6f8418d36cb54936a814359756d5d06b27 InvalidSignature = 28e4ee2583d359cc91cf56aacc9a9fc560ee09842fc4fd66433f383b67f4356167c799e6446ec0939691a78947c072c1b071ab15c4c4de6d124550139d6b61c0c8370b725a9a06704592975d57fd3d8b3d1867d5d69a0b5580316f211f10ec4bab68a2dfd99cfc31cd3c5c2b87eac54ec482a60ad2b0cb1fe62676e5405459a6c010c1b9e81caba0a82043423adca1cce0037e444572b092c5eb060b020937948ac798b41c55a183af7ff1c118ed778a140acf7f17894ec6d39de22871ee0bf2fc97071a9662663e62609b184b9e78841f0df34963b228b4b13e5a059ed1f113f14ab65fb95d79a904f4d9c47d619a37b2170ab2d41daf64c39117ae5cfc94a79d055b63485c7681eb4aa4e3c044e98b95fcdebb9bc24c907635c77333acda3d5c1fb9c79ef99910b889a1c7eed7953c07ae9d234c3fa53d627b7fd89b5321c2e8c3f9038fa8391095ddaff9b9ca533e42554c83abf026974a82c95c6d55c842b2a39df9c5faf50d29fef5d148017c42bf41e7de2073dcd5d8a6f7029a19dddc -Padding = EMSA4(SHA-384) E = 0x147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = 00d76dc429af281012cb92d5f7c2fafcaa73ce043fecfa01088b70e5c46208ff13e08bc12dae0ac6d4d87514872d699ef9e8480dc1908fbf531c64102f5b6fd95893eb370869fd8ea20044cde865b1f36e2b99d24e5208121e6e597a1f04036bb738b6ad22a5a76f648d288882327b03f183e8db4ffb0d0351c776a9fd276dbc InvalidSignature = 619652bcc22cac5046e8eac8694e0ccda00a7ff1afbab00ef5e971a700499b64eabe6f80102687861e7b8466ca32eaaa87e9a0d143f75dd7fde50b0195a035d4db443045416caa3d51410c66137ecc63e6d0568f76769045ecd66a3512b246dfd296397aa41623f4ff67a67b42b9ff692dd4b9e4595aafe2e7166eb02fb3d13be0f22f5b6c716ee0bffc8ec3567e14775f98ef1f0a6b96fe092be0a6d243ff668045d42a72173c702fd0e19c23093497ccee3ecd7c1f9afc876906b498f85c3b3c0a88dd5988a9e6186d3fe635fd7313bde1aeba873901f10f30ccc2d6f91dcaf64a6d9a95028b1236e9b5af2404f4c224388ef39801eb4b50902925741d3ee50a4d309f920f1e823bebac39312243f66a3f0648db6411612e6c881b4e44920c7f19d7fe5970e1508f2d6cf662d313560a5219973e66bc54bbdc7e05ae3b46fa7c70e5af4d4e379a34fb6794b7d83c3edabf36a080b3020beceeeeeb948d36d157b3e2d27e79f8a9b2dfd413655fb71e68080924a7fe8401538a3e90fb1cdd83 -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 4d44665e0e2987cf7dd1e9d6200151f500ea3b85a24f72fb38e5dd6919ff9c486f6a54742f96c6784ff7a70c33ababdc685de48b94694af8ad419bc06a0f6504f79c606ced70026b813b4ec5fc73ed4f6b3f7ff697943303379d959e6561a8904fa0354d2ffd62317d63860a62a13cd77157b7cf921655a53ec3760bf23c8e75 InvalidSignature = 4f48e51a041e40a029d586cb7afd7ec11031f86d7bee58fc13a9227dd209f1d7becf3209cd43055e93165f04f23276d46b0b64669b88c2ba54ad6bcb5e9da81810014e140ed0a14234b1fc0fa4cfa4f258a7b5cf73a336534f37580a3830875f3119092e4854fa80d87833f7e9627ab51e056a8deff3a451e8aad78335816b53ae0d899b0607403bf08e8c32e1cf0baa8fe0d78d1b8d72f85f17c1c5b8870cec499497b42de982408fbadbe3b45a13b4b5371ce2a4d9600b7d14011625cbe73a79313954f4f3ec0b3bf6dc945297325e3aaf5bc89a27670f5b2536a54caea3bc6641ae628a9a4da61de749661a93b6ae68722d10d7902b391f9e9ebf3ab9c186017b52eac6fd442a256fe7c9500165e3c7a402aa0174e6b6f35e4e12e35a9d429b21f6cc98eba73c80ed8ac33acd79488e620b274923e78ce5d91a6196ca59054fa77cd67e0d3fc04d71b94b0cda5478f1b3d69150f40927c1ab392036583609d8efda3fe48643ef2f75f1164ea7f25589b5bbb560c9a042408f85944ca08f92 -Padding = EMSA4(SHA-512) E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 1abca8d81cc98a5d5020e95080b5fce59ffe70dcff544802c49de7fa99286b3da1d83d60b085e696bc9f25758e143efdbd7494d6dd547ad9f4f047d22d14a884d13c3bee72fa59cd6a98336284fe2075f8d7359a9df017b35ae00db6ddee59b1902fc90bc9ef890c42523b9fc83b4957376d7ab1a5f1c499deb7622f118026ca InvalidSignature = 85e15765a401c10d86acf3a05fab14e05487b793569ae680f77d20c25b1763d184634fa0b01d979dce9d803670d7f9f6adcd59476fb1c8c3aae512f94a9ccf6e573aee6a28c0dcfd2dae8522685f03ecec8c045036d1cb054a086454a28326d5319bc7004bc87c7566a56852558f583a38a4e7e7be7981dcf3ec41c12345f845409792ed87b3f1b8fc89c288a2968e73273a36f2b67258fc67e888608566a23a6a5645328f1edd8c105993b486eb3335232212a1dcfd5da40fb3902fd2cfa86e8588eb3c40df8d9edf3c41934ce91b50c0d5ca1a3840ca40e3c841b39520cb5e5654af3961ec9408d22edb345027eea7119dd552656342e316c60c5f5da028308b031bacc74d1fdd6907bc6944fb856082cb14f12cb509ca4efb516ed0c60896771b478442026913e61a32611dde1a8807f2e1cb76d0c0c69c705beb8fe713e848cc03b1ef8965267cfc3ebd43f0001b33b9e9ad418ee0d592f184d202331d4b51a96a17b014d47138f28caa39d9dfbda60894956d0c043e4292877f044b55a2 -Padding = EMSA4(SHA-512) E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 2085e8b946d2059752f8f0fee528e7c4cc0ac1fa24532c1ec29a3a92d2681c4dbd8e2dd151bb325d1c4ddf6318689e3c8e458d1b34cdc5409867e26ec20ec09e15a682f57790d9f4b27c83ef197e11c06e65eebc03489de620614263a51e642ef076f10d017a82c4dc2ce1882f93c9b6350fecc5daeb3a7a2031615ac1c29065 InvalidSignature = 65bd57d4a37495d54eec7f6321f7101a4643d9432a2afc8eaa147fb29e7ab1106eb31a6ea7ae3b48e40de63cc368e7a6df4c998259c59ce40b8ac2f8763bee9192417d2020cbe179bba8aee9be8971466f5e53b3f82004ab6aa529d08545bd894435d8dceeb3a8e905916bbdb015bff65e9e792a88e1c8449f411edacba504cd0730605dc83fee64f8dd17f577075694402f1862790d9629f9fa8ac3ab4ee341dd3979eb1715c4f742fbd89ba3b90565ea4587438562493f611d5ac9989fd405a01d23b13469a2a7a85b0047483a665ce3899a412107cacc11087cb2607ba9d04091c418247242cd8d819ae17e49a21bc4f966ac3d37d2a61a8bfeede0f2ef2da3aa32bc38abb6a16a4475e9672c4aaa31d2e8277f3dd9663f3960f16c01998d50a99bcc681ea02b137555af2cdd28ea43281588066bc55c8f7aab45dedfa2f6befb5b13911cb9cec2b3fb07bc00b2dacaff8237201d3ebeac575083011624b4be018379514dec97209faa29b1f93fda75f0770f3c73e700a2e48453067c909e -Padding = EMSA4(SHA-512) E = 0xa45b6b N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = a589c8788c959961fef98694bbfeffce5d69071899ad969ac25f3cb48eea084b1d84a8613761d1e9d626e2d9e4a0c48045b6141a189c84a23a4a7ee70c2d0be2771cf4472d8d275a31095b0499ddf7269313302da6a072e73adf02955b3ee141ba38f351f483605d178a3b3e631d62674d67a579ca212a11c9060fe40187520f InvalidSignature = 062418750845d3291e633e47406480e32fa2980275f2e4ac79d284ad83ed11190e7b85bfd6ed9bcff63345582fccd88a578941abb987d2dcb549a0ac2ed5fe7ce8257bb1e6288155fff3dc9bc1140f2777a84575986360d076605e655c9d73f9bf010a437eb7b280d6108374ce8da4c702f66a9d1d01b141c6a698729d0fcdb0631b21578dded721ef5c490812266cf6f01270a8c6c2f08466c9b3c626c0f1edeb5b4fb32e958a4a388c6c6e73b53a506137354358bd00bbd2058c9c12790410a45f4348754844b357c4e17fb38c8cac87a6be3cd06a08943db0e8b867d473e7d3581ed2a32d25d7b45eecf8fea10d0ade1c888591c71fc86abd1446fadca2881de87a6d05566c5000c1e075b0c1c5481ffb6e982a3f8f44fa8ad0b6a92f1cdedd9c38d326a6efad9d0359a69af42034b7a4ac388f9c7d356edf4d6e4550addecc7192242b3b1fc4164602919d3411ed43e2b394867bf840ea61750bac4f1b72d28af35eb0b3aaf6eed654d1de883240c0e2234ea2ddf6f8934cdcacea802e26 -Padding = EMSA4(SHA-512) E = 0x08a649 N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 Msg = 70a4a898028568699ccd8a53288a747851884db2971ab17aa116a909d422dabc242efcbd2a428ee0777ac8cb294fd25abc17334222cf8cf4151986c4ac81094a2c04af0821d3784eae54bf5b226a6cc5cbf66c1b0f9e5ec8b8cd8f3a90fa29442e2ea7c10fc08c7be963554b3b64ac81292cde85870c8fbf343aadb5a916a273 InvalidSignature = 078843b04c9855e60b0965970e3485a8517033efb57b773150483e7d79a549d217159fc194c78d1d7eb872ade231d1c95dafcb7d5292d7b113a99567f492cd846f88cdc1d035a04ae6a5ef28a8673387a2479c3e0c5a1204bf13602b49097fd4bec16284566c36e45ea3963567f36daee1ee86697137cb258258b5c318926fed505cd6784ccc95de4edc2034e64521276f9055824479b4abd51a7315e81e204dc00f4b077f26ea0a7256bcfb0edf88624c4e3a059914b75ddfcf945c5620eb6b06b3011e4babc26857bdd9bb065dfde515c37eaa6ad83590537566680ad1d776067827288c80497b76c489cb39762dc1997faa41086b1e377d3c9cb29e4599dea3b123d850463ed20087fa744a5481a4537a6252aea0bc18b2bc962deb589ae53a88239eac7e7906f4b16e68c0e7de2478c4e4da869008a65455c691547b16a9d964fe0faaac4abb22309e0753408e22a8668c0e96681f0fedf3adebd7c3c6ea0b452e07a6d94d9437e8b03e7b26203aff7c1706b58a20568642a8719b9838f0 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = c6542c0b67da9dee6338cdc0ff704346fa13de2c65be53a4b5e5dd5017cf2f6203e2ae021421ddf017f3186a622686506733498688c4f79a2d734ea614d52378e9b79cf117a79fabddb78adea47d2585905ed5bc550d126d4c4e1a2bc600e75ea05a5fa11775cc68de0a8be66e7e082e9e1bea9873a18a6639fdaaa7d258645c InvalidSignature = 4bbed79b3dfd054836d6b9af30b0cb202eea9d5a038c5a2ce9dd68bd22ad74050bf6f95634c28955b539a3dfbe80a4444ae2aba1cfc4f337abfabf55b65a89ba6a5fcbef5b62a4bae5b4c51a22953e89b71f4eb8469966e51f1b2d232e4de3d0ede3d929ce1e90abf16a4f89cd4b102c48afae0e039ef8f36c0c20513f0a79c209f29747757aae8380993cc1d427c8902507e038cc5c2496102b2d1ff0b7f717dd8f083cf313b82f9a4415dd03603b73d926c677f1cab07dfac0f8305d53eea8a8cb789da3dd34230f592334619f487d7ee85b099f98d4f557dbcf1f23944e73e9a3b762c82e1f45477c91507cfa8ee11a944c7de8dd0c0e786daeff11275085c8e2d2f4fcb9973a62c5b9de61368b517b029164d0f6c2e07a3fdefbc082275f5e726ccb1bf084650e46157caf8130fcc902f49926c36c8cce92db6a3072ec7a4fc7acb16bd7703b936f9ba1db295ea70efe3c5b9aa0515e7dcc2f4a02a96d69591f3cc3c64267e4926e094b84f800155d1fff6b686a71ed9abf5295bccc8783 -Padding = EMSA4(SHA-1) E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = c6cec990476cd20d445e83a5ba7ce48e1b4215baa2d13efbe436c86ba9efce0bf9abceaa7a52a509f945ba3c46e77953455c033a429123de857c859126a522b023e5ff83b06d1764ce0b95241fa947aaf91750ddb90a1dc55a649aec46b5a50b6b02c3e292c61168ec377e24eeca38db5ff9646bb04412f78b767044ae293d63 InvalidSignature = 363c8a8e3f251f7c86cf53a34e9da296b478bdd9ff3bcf36921ae36bdaafbd73cc22013fae7d3b0ab840db28cddcf0c122eca5610b1640a5d4658672c2323ceea32609196be2ffcf40488576065cd022c0e2cc22e6103cf93610df661657c3ccbc0357d0ceebb85d8a2b28c6a45b5eed1703a14e1dd28e244882a8101da1e5b9ebd9d10df36ec4576a1cdefa89bd5390957a0d9d72873a9fdf46b67b4f2773f5971052170c71b9aa409e75ca5cc2f0cbc97a8918817be164a820f90a618acf0c5aea19e23c6e5d78465f60ee706c8bf78d38ce3ce4b204db5e3ee35c4dc3cf5d6cfc1d0b17b65b97bf227937540aca0c0b5d2ee7f5fa2ae4fc0a592d9b97f524a7468910e7c1d843b8fecfc48f7e2b5355cdfc7d5359ddf065031730915e41126b7dca03161b45493d641d50276cc1ab05c2f2abef4761e0a99b7f34f35d5621f2cbf8490c61d035af3c40d473192977dd7bce01bda6fab5d363afc5d2e2cdccd6721a6469d68e5523b7d6c30a9b91363dd2e90ef7c51c001f956d7dab72ac5a -Padding = EMSA4(SHA-1) E = 0x4f19b7 N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = d5054ab2c2e4fbef568b1f7d08a38770ea0b6bb589276900157bcb06c27809ed6d958e0083a2bfa81f593a9772375b47688a05a388ca9f041d2c5c5e9375c0bc230c60e9b354e970f73863c7dd08b7c828836f605a35be8bd803c080490402283f9245d519a17f312850237510bea2db711f3255c70fce7f8f257ed2acccd81b InvalidSignature = 093d399dd290391ef02593ae52e54d5533006b650730fba61170c31fc6d0e2c53751faa31d904f4a96348ad8f36ffe8892b846eecdcc85ac1a739978707fb2b4ffa98106fa2e55953911140fcdf41ddb1450ced819ecc4d723b842a88b4fd9b5a506d8a0f5bd6b629d1a2871766556889326d1c9222c98062ef6903427f13d5c55066b5693e85d749961c53304895e2343fe953fd30d4e8e93c952438c2a83b8590f3242fe561ccc2d4dc393d2442bb57c54276813cbc3317a6e93141c32a240572e52c6eb400e8869005148f66c7b04391e285605133cf8ea5e809777ba22323506ae5ece5f9a55d812766ff3c9d784a979eea3391d47fa97304b719ab7210f1b1be7ca9846cba4b3fdfbbef0127efc2b1f6acb0827b0bf48058cd26d21344ef9a3d34f62484db350e9268048fa096415f833e97114590c7f1f073b562be552cfc2168a186e941b70e8f3fce84dd437fca3cfb191ffc174194d1f448c9270b846f253923c00f73932a038bf97fb47c3ea8bfa39bb2070fdd50a13649f06ad0a -Padding = EMSA4(SHA-1) E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = 02abc5271d55129fdbf1fddf59f4b99d904915bae196adb2f0c06237b6b10919d259606920f246de8d892b772abac5627fbb041d219c49db87ccd32919e079d18a909fff680263a2f14c17152934f4ff29390c78bad8816d2208f5453e0741c4d1586a301c0dd1b3af42a9017eeaae3a37ce1412d3d2be2f6c7ab1d34eaec8ba InvalidSignature = 70a50b8a4349e57d7c23f990d33d0b1cc5074aaf462529102a1010575dc25fe90a34414ad4f3bf8e203af8fbfb68a8d10db1bd240052c23a4015fb2ed9760f8aa1bf13a0765f907c51037095b2537fa0e72901b76a945fb6094aeb316554218505c53b4aafec448eefb53d0dc4b8175a07f241d64e31d848cc3526e7ff6421971995d143fd3b201f2933e323ba7a1ce81a49c94e45c6ddf3f5cccc2473edd7511d5cec51aad62c4ca0366b487c8691bf2aed919611e7792fbb8013f4a11d15508890a7f1bec10a182d23f187e3f5642868f7a4d237d944eeb0ec3e8a045812fd31625978eb7052df5f1a26d885049b2fc74064ac9486e2f40179d6ea6c0a68a49ad384fde8a37f98a37f96b494651f136d2addc2a3d73ea694436762c02189953f9365a19a488b79458884079e8a94d09250fe8fea7ecba1777cf44289b38fd2e556958ff7170d36b04f7cb76053a73c78cfefaec345728ab66aaf62e7467101ff66b643db74a10d9844dbb3475f280d0a85302c459c67d9879ad44649101304 -Padding = EMSA4(SHA-1) E = 0xfd157d N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed Msg = 6c0b6d2266a246feda6fa5cee22c2f33ed9d643c1f6824d9f327719225bc7678cfe4c85cd210ed4077701b0b5650418177a74c71b8eda3306e2ef3474f5d326990eadea84a9686e822878c932997298e01f2b16c42e019e21bdfb67b3df5478df444366c97df1bdd23dc82ce23abee44d3a61e9484e88ed642634197b52dbece InvalidSignature = 06eb0d95a988e9433b48167603df82c4f951740ce47671cc3374f97a1f168fe834c3bb88874f06800e9094578f472b99fad53282ea8964d2a890e50d1ab4c61d91be1a2c734845cc47e637c89d8e9de430bf3872561a91183edf79740ce9abbdd3c91d418f86dd560fed0cee7b6042faa0d8bbca105cbde474f091ff3688be6cc76ce7b4add80fd7aca06b77de4d0412f78245c422906fb36e2afd7f1cc66729483262e4f459dcdafe2e217bf07ac96c0b33dc98c6f2e20231454bd261692a06ca2204a1bf67b39fb6c8a7f86dfdfbbb1448af119419d12a9e95d237a8abe0513aeb7e157a4d884ce29a37c97f07fc38b14b12101dde27d416df512cd6ff2c7c10a4e724c523c78be5c2d4e6a55060828e2c62ed4766c4354c27c2f776bcd97049c63cf017ff787fbf4724150a86501e32a3a187cdcb79dd81a4bd7a516279bb2abe28f42ee1fdc8ec69341cbf1ddf67592197b2c2ca9a3f031ea1150da24ece48f6a13e6452c2721adcedfeffe5aa7804b682a34c7f0f19a14860ffecbecf12 -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = de53ae1c40bb05a44519e74e9389cb49f1c5523fabf9ccd038d2fe401bd8236c07ff300346785cf25ccde020e72dfb5cc9053a9489d0f647f72f1e3c0f3c3775201ba05f2ed31b4b945c8921edfaf55335c9d4112c988bbcfbfa329c1a9b98d571d18797be73499636ee6aba6f95c0177d39a91f5cfa94168e5cc3c7049e4f76 InvalidSignature = c9ad9f25b354162889ad72cdb4f4c5bc67a4b96fa69082aaaa0f909ddea77cf2e20614bed058bc2acf435811bce36c8a30ce05bb861356cd79553077c69e665b2ff6908a083c271483c5d7fc670592f2dbf8100c4e5e1854920ffb11f635bb4db239198f405bdf1c91fc69e9e92a6565ee56c9a72668e0c116793cedf6e2e36b60d22a5993851dd99e6ea0ab1efb70637e648f2162ba9ed07a5d1acdc396a86552b3c7dccb61592c321616a9fbc61262bf0b8ea67fd823915bec5e37096fc3202df2f1f44b48ff99a7cf0caa2b20e5693ee2627d4fd11069c59fd7257d1983c06e66bfc230f21a4884ce536d0025674c2f9227b1db75ac07478c3971fdd6f039fe9b27e6b8cb4ffeb1ff4b23b75af8b4036ef26e36a22e6248c8c1ef879c2b886e830140a9c11c95000e70727c4b7c5d3abfdf664cb9d59c579bd2a1c1ce24e5d446645a728b692b30620aeaceb5ba230f2316882a0436881bb3fc3c25291db297eeec590c6d9ebdcd7f52bd79ccd80ff0b2f30979a9111adb165fb701b9050c -Padding = EMSA4(SHA-224) E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = f3946c8f52f20ac9a630dee2da5956e1ea487215f66a78fc97c5e9637339b3cf0f06a81ce58f2f64b75e3a22226778977691cb6dc572fc9b3a5aae88ac94907373e8d7127b64ec79975d613e17b02adb9c4d0a532bf74b198145b22da6edb288c541e0ba3bfaa7d2ee353d7ee0bbd5730485170f5080cd3d138ddf9a89cc81d6 InvalidSignature = 280e4db5a0f01dbafe7d3cc64c1e76769a7fa877dc4d26c9e0d5cc9782119c8d9662ad25d6ae59fb990391bb1d3b5947809ecea7887cc99a47aa7275cadfef9f82161f7a3054923fa825cf16bd189b41c75d348c4d457ef7ed989c100c10ee008df13ddf6ef9d52bc537f86105976d47188a289fbae6231cefc1f7dcd92865df4588ada4eea069ecb1bff0b5910ad7fd02879caf4c61b9fa9ec03dbd93d61ccc8b5296508ac655d2df9ee68d3a0a1ed43eb7e77674286e4fd74c5f8ffeb9c21a6971a64e92e164b0708c092e2f6fd6edad762642416b7a98339deea10d9d0a0b3b4d191b75dcc3816ff61e377c03b29e883a99b6bb9871950be37bf921b0989bc7ee9e01b1c3b2fd8b428684e0b5409e432f6df104aa0f76d38a8b3bfe715322c7fa59c113b77436cfb5bb799baffdfc74aecb38b139c0937669daf7dc4f1c490d7a8e17c867ad834d6105319f6ed99e3173198ca7635762f277bf76be3bd5d605dc02d01abb2b3a36bd247c0ce3c84efb56b0b6b671e865fdddbdf27b402f0d -Padding = EMSA4(SHA-224) E = 0xb98e6f N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = f3328c688ab764f3f497a8b5403683408dc7a888cd043a39c922ea4d66045fdd26afda37f1fe1a3216967dbe8d1d69bf7fa7ea1c07719c123bd2cccf666eda3c98ade11a616c9a50d9f27e83e3252be8b3fd09568e3a2da0d1527e2135ae16985115eb376169aef64591f32dcdb6936233b24e5fe9c5b588958a486c5b2adb9a InvalidSignature = c8a5f44532aaab2c8d64485004e0e1cadb033d4b4c456a01f9a0f217fd7fcdcc0ecd6b788cf3c7db5e39012540ef2d692f04ba77da29b34d6c817dfb45e0a47ba5da8e7d96f5f929aaf85222d2baf9e7dc8756dae01f7881c99efaff21e0dbe554ef9127e6b30681cc21c1cd9d7525279f793eeed2926f18060c1fcc3538c63515dbd8ca6607cac1f65ca8a3ff9ef92b7a3ef68a5ecab366085677e7134b7c32b99a3056dbb8b7cc617e3d3a6d1a42e5aee5d24632919dccf6826677be8633819c27da66f0eeb3048cff202c42407a74469c114d496270e3574c5a516257986a234c1c6e48e868df31b6f2e6352a1d838ec8b582174e4a493a47a17c3ee0be12de201a9d60df89a9db145094d04f9637026d3a64d022b02b052e3e0cee55f73b729b09f6cd7f84f7abc1a357cc1e10b5a6cea2486aa8fdb0d36cdad9b60be1c6dfbd646c003647f57071cf6791f1e5e386ba876ce1afafe636456647d4794a0b932e8f4d600f85a2e6a485e9700844a1354fb6211eec8a25aae2ae91944e375c -Padding = EMSA4(SHA-224) E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = 783379f295b2bb2e1dae5115b34c991854a517403a1c741d00f0c700080d146a1a2812c34d0a324f2b2cdc5f1085fcc4d3a0bd89a8f194e24569815f44489265c933a8df64867d3139ebe66d5e2c56ca8445a452dabe0eda2e377d3755450bafce7cc2aea2cda6ba8e13f6a964e8b012afbd5301962ae8ef038243f104ab872f InvalidSignature = 330d94974270835358e4ad6a73a3b1686782706b5fcad43d7e5f66d61b7a3baa859fb58fb3aca262d4751d1fa766128f961b3a3380c83d3f9e250810b304417f6477446d288f07713682e3c9f476329df75db1e4ff0432c3f1a7b341348899288c056120a3a3844d1efee7e1427ffb533cb1d453cf308654499f26e16500d2ba52e94bd0c2b91e4f0fd747d73e04a81665d1e9e8a7e2b1ebcf91dd85043e20846908b2ab26a8f01a8a3662fa413046c68704d139616a4835223b04221e3fadf5a06e0b1eee722298e287932dc676a5038efb6c6035d1e064bd0255361a74e4f8efaa754a27fd0385b54ca4a4ff16422f427ef482393b1df05ce03fd30d82419a78dcc988e4dd2083bf97ae09c26a2b52a10de44dcf9ecba2b24803e93ad9e3660cdf00b1f65bc59b8a831461f92a263fae7278c1e421c80186251d33b7ebc14fece0135f39b3f9c8631e49e2069e1675c724c542b803398e97975c89b7a92649b790b1fdcbc1cde0fe5dccc6b82058067eb227fd6c60bab33a8c5ea0afee1617 -Padding = EMSA4(SHA-224) E = 0x8c6e57 N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 Msg = 1fada40d53af0011403e97c01556c2228c6199fa27625c9eb973120529716f2273f6fb70ef8771cfd60f658e028c2ac9f509f3f51dcc38b957d05cffb1768c4c7477ea4c621debb23cb3fd3f873a6e1f905d897caea7024ec7f494701525e8f92a18b9c932d836627910a7fa2dc654ce6445a2b8605b800412c50180dee84ad2 InvalidSignature = 4824ebeea84b2e2a5044c5ba673be3122e744ccb4c431aa01a70214f371ed9b4aa65cf6311d844f0eaa02ac85952b480422f57aadb3be1e3abd83790637bba5b16da395d7d748a572d495287c9273aa090c395dfe35f581f230f9313b551e03746f3830c7cc0949c5b0d1dbdd9a87d315a8e62c5e4fddcf377730012e223279c2550043d550a6ca67fc3f0905ac71e35b596cba990e183ec0839f3c39846a10fc2f9a5a5868d224b1cc6ffccdf6e86f571bcdcfdd5f1cf5a48d3354c78ced64d212f62b8d0f439782e52cd32f500c8bbb71ee84432d0b81aebbb183a3c716d41ce0b0c31d198f96c813d8f0a3ff89294ab6546577119602c7424e933b99f7990a88d1ab6a8de43ca838527f49b610666e0985ed691e5d0f04c0f75ecd3623617999673a30487257a49db23de7b92c25f22bdc2cc167f20396098e924b2316a5152d67780580a77d886cc0abe4b17cf3a318b8e92fbbdd83e99a39cbb3b74c72dec839ea47f534235b1aa7ab5e7063e54cba623a2ccb730ac6f68e35a9bbad990 -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = c66e28557124273e4a1fdf519ad9fb646e761b648fec6c9ab4667b2df7eb4be8863aa53e9bf9af8bae0fc09de94f7373dc56fa4472b6b5c4235403a26c0e59557ca1911831ca843342acda7dbe72211fb5351d9a34205f0c77d219af5b0331a2126b94ec1adfcdbe70bed6f8018b2eef61db2b6dbf7292fa19a9655aac13fc57 InvalidSignature = 89fb67fcf9eb4bc9c6ee9713ce1aab7dbe72b9c2f92bee7295521e2c9b1380b04df669f2a8cc06fe94d3843c64d4b4ecef511524951544b2d6a0770543bf45166fdef8cfff91d9b95217f1453ff353d9241d3d755b805a1e2ef9980782afdf3a9f3074f460dafebcf939b90e11e870f39b3d8221dda98c3b0d26ff5b953a4445bd4e63d915bde34f0ac8ba13b604e3bd5370142610064a12217a82e9f33f7e5e92d9a46d6bfdff3868923fc86d30d722e4f6d2e03cc08631f7f13a319278ee76ec014214983b011b5fd862fe189e84ea67499717a406df4d0bcb56b312f035be828f0380331503dee9b303a4f96bd687dd36fbc43c53a65496766ac2e0d6eda7e415be87abee1283998d56b1c54cc5f9bcb08c0a59c070c072ba260950c7500868808da6a7c0ef773e3d2e6d06a686cec36bc34a8ef7f24d26756e485dfa4b71db26174db3ef1ea61e15255579e63cb164eb6eed538c87ac43f7df50bf1ab83f2a85e753ad6e3611d36f2137801e03fdbf58d8e1416c008cbd7c49e0a44859d1 -Padding = EMSA4(SHA-256) E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = d69fc30f760dd6025878a1ba227e9be2a73cc19466bf386f53bb34eadb8018e72229df8c8f17ba4e8a9efa4e84fd31e93894948a3151a4c38d6c0e9d0054cf2c1ce99b66cfeb80352db2c7ca6f201b353cd5ed3228a116467b3fbe0b33407dc84c45c1453e7170dec81eced5eccfa0ed3b6692345298d620a59d0edd7b2c6ce6 InvalidSignature = 3000b858d0217705959e33771853c39faca2f07db5600ab6b937c014433c030197a7e7834374c5c0ea66bee8e5e90e7454601e9fc994076758c8a06157c0f23332a9f36eeddf0779664a20c6db9ee884fbe8f845bb608d06cc027d572a0625d0fd548bed10ca9ffed8bacb67e6ded629cbdfc37b4f03e9a56407441d485eb26473ebdf120c4dad7a727c8fb254fd927b1fdfd1f76860f2e0106405f248d950950f87420900277ecbe5a2c7b77f7789da11ddc5b77ba7b6d8ce600e967d9abfd5648fd4040172416508e871785529fc3acd8d55ab05c5a761e2bf77c4f63438edb7dff5770e13efe4dd1e5ee625a751ed75b4e37850655a3d6096fb71ad2dae705a64dd41c84d1ed2b2980f5d80d35f6b7a4bc537b24a0a45200be4bdb71f1936c4665fefefda47752a383ba6ebb3b767c5c76b8adc0cc31f5dc9c17dc67467ae649442bbb9aa2af633f9a7559dc531658429f630a3b4cfeef84f8768554422905fbe86a6a4fb41a477907c4a51a8f0dd5d9b459ec4aa698f2e4d34c9358b85e1 -Padding = EMSA4(SHA-256) E = 0xe24d7d N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = fa0c34ce3cf0cf6e48488b2b8671a94ded157501c6e728adb3930d81eff4e34fd788839caa22c2f78ddf9989d25b83ee79252743f7703780370b9808df93c37fd4e76bdc00dc60bf5332b30407c71b98290b978b55b45567c1b3d3c17c66440df80f35b7c785706fa22920c4af1c37f404af0d02671b490a577305d251d62da1 InvalidSignature = 60b39a9806dc82244820a8221985f08a775fadc715fac22e856abeae07223b0f7093d3d835e41a4cc1fcd239d129879f70e94014b5c46aa2919f3e13706979aa32172cada7f326423035adccb6096ca44e2f09146b38642605ebee531ca81badb5f5977c01ec2015ee7cb9f7ce12e0a3f586baba7c37e5bbc21e02bf887f672bd1eb17a7c785ad9020a22410068b879a0143b735b5ec44d224f0a095e239dd18d84d99eec82a2d5c3bcef4648772e337dc7b99bcc98bc33ad13ba1ddf36a43dc83aa29f4118db6b0899cd3a8f016fd0c456e80a654a86e0239c8a1e76d0293bf7f880e6ba3b2de37f6f2a6faf551f91ca685d3b26398b734de2599466a896c829a4949483c04cb168d0ae8721cd91b48780f495cf8093b52dfcec7b81370904195617df9b13ae1f06672690124a45c2c34cae84dea3d4db663303af2abb591db41c14ff93a491c008c0fcc1b8c3a00dbf3b0a7796579dc1c2279985b1231c9d2a10c46eb513c8b29797d7aea50b72224bed04e707ad81dc033c54849f0b7cc48 -Padding = EMSA4(SHA-256) E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = 9b7687dcef6ff9aa5af4570ef50b98f09d6baf4bec99187a6751b0b3f927c9d1a16e7e56675944b09460c2bb22e5e3887218295d3d1844fccd5be3286d4fca661e4124018b7f1b503fb9a73b16ada3fcf1042623ae7610dd5835e3759a89d51b7ab723e54428a713c3c7ad97b7ab03d584f64fa728fda5a46fa959a26a1d1279 InvalidSignature = 6b784ee0a868b7dba298549130204a5245f830a89388dc8d320203fca4f8a1acf33777a43e1b0bc00a6d7ffa6fc1fdd78f4b2edd65c28a2b3932388900a0b5b76b44cb78458b2adf23a19c978620050dd0b8fbeca50e8cb1559a85ef0cd11ca38264d381414b6b1c63e16ea415173895430f1b1f42ab1b0280a31d981c402aeef3e890a936d6b182e83383ba75b27a1799353dfa37faa7986f4dbdb14da99ef18787bac6832464235660b6669eb74a41a9260023115d97bcd14f8707b619b0ae1401a8502a818cc1625646ec58f76e529ceada77b25a5a9e328991b0aae5e8d0ea06c357c28b63f101cb90d0b5d0d9d8cdd606d91cb0b7cfdfd33cc5e4268b78b84827e87debfc38a70c9b86e7be02462a62bef66664162216b2ca06ac1b8f52785d3115e08008d8c44a77a4221af3df45ceab9c6744427a9a8d019a4ddda659c0a5d3bd7401e09d143bbd6e3867a22a26bb09551b91488be53f561b1e80fc2ad649d043b6aae138737d0c6d7e7e38be7c263a536278c6910fd9414f43e858b1 -Padding = EMSA4(SHA-256) E = 0xefabb9 N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f Msg = 7ad9bf1f36f9897d2844872e582ab3513cdbcdb437ba01eb610ec49f8bfbff297eb26f5f84e44bae2a7c286a438d1b6130891db65fb5b3ed12d9ce42623cef3f83cf908d49a9c00bebb30d1d08a5a647e731c1fa037d3badc7d77e3096a5a83d0e9aea518e302db9f552fcf0ad589e28e93982272afce15408709e122f1d714c InvalidSignature = 177e1c38251b8e9b406597ed90d09f666cbcd89f6863811fe7ef2df91a5333930052bf51c35aab93c77b4b6f8dd31b01e055303bfacdceae9c3a1b9af278100c11ed167acfe272c030dc358cae5780fcec0f6bc581e0c3b0b45a7272aa92707659c2b818709e2ef9ae2efd6b841cc82267f384cc8c87f66909dda9ce58e2e7c35e68c0c43973e9fe024642f04ba2b25d6dc956bee6dac19391f5a2bd5ecc64afd1c25af65ad8b4189aeded9e496a73e62e648cb1ff789d01c1610db96564b2b8fb42846ddbb1073f1edf6b807dc9635bc247628726e7d428562a48e4399846660eeccf851a47b7bd1dacc9bef14e3d0bdf7b22c7047955380dc3a1ef6ddfd9533a0bb0f511811ca3488076a4896a95127028dcd23829987680829d80d68c98be2a7dcd7c891fba6e46e4f99d4966c9d7db1975b60b4fbc1252c93a96f0919d5a4177bd578bcad8656ad596b173414eaa135c462cd5e1f783fc96da55bd41123e58b892618dc5919e4bca146fed14bbd54601635e69000b506044da3aab706848 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 6c2956c024c46d04fe8190d0383885e367b0485a0512aec52c9d48809f9c8a410a952ced8bc4d1b070c7e74c439bceb104c73ccfb5d7e0a81c0c45a9c452fa3a4572f094c58923d2bfb97c4b031ef620fe0401113c5724952b5ae529229cede8a129685cdbfdab9471be197681aa4757dfce5ec9a278c1b4e3f0f0a9c163ad72 InvalidSignature = 1d096e665bdd8042e8f4ad8710042a3e0f26f95ac00e285e1bef437622dd6f3341a2a1840a09f680c982fba7a69e14e5e1b0d199751863996843696fe4eb46875b2ca707937b36bcd9da782039345424863af7275e002b25f913c60e56814ca4fa2b32769340dce790bc7b1d2c479a4ecaadd87869f62605e2302cc2bafacea33205c943c6bd60aba0cab77e67e220c615007479705df8bf41cc164d39e09b8ad34c4bf7b542bdf74b91e53f7ce30b9e9d29a1660c1a2051168927e422bdb9a8255db120adce8385507d0631392b62548bcf40527c265c174ed19ad00d9f4ced6c9a2f620f6d9b1f0bb605650e03baa4da21eb4feac20034f64b16c3c03b1a35f890c8dffb6540dc892dd3aa8942c88e3733173b9ba931bff106020bf3cd9f797ba14e9231efc45b54acc2aabf4caa189ec42493801000016b85b42c8ae0b40495ae3a530712bdf5d33f09660903b1605cf62a8be3773556f25d08c0a9d557229cfdb289618ea3dbf3390f9f916daf6b7cf909b541a72691b6f9b7f56becc8c9 -Padding = EMSA4(SHA-384) E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = d17e77c2ae30cbc6e50616bfa30d7c59b961fe99e559e5b653ff642b63c3790aad701493435e7b0535eaedb45b23855c4ec662b5b86d0547ce03fa801a7bbb047ec1d14476f13c529dc815f4735872f75dff8ac5ed991a3a64f507b4758644694c5bf6fecf51d6552488d7a673130ad1edf4bef20d47eb361dbdd1eefd4cdce2 InvalidSignature = 1739c5a5949f984829c5baee380da556de5b3fb39deeacbbbaf1409828c92df1d00149aa41195fb6fac035df1e9ee276df3d508928240bf0932a2f9224fc5aabc4f9ed4c413309c993536c8cd0d0551555a9ea8797a6f7ab60eada0a969f3687ef75669bff8d597aec3f8d868dacd1ddbe5f819817a8093f63a4127ae39e8dfd70c38fd1e56c8bb742ad9b85d61764c391050467d18d78ede56bb0f598823531a64a4d33ebda0a0882775a52ead6c404913e0ba876684321132069e420a8cb44b1f7b5d0ae431016eeb137c9a78a701936d5b7879f3f9a1d679860949b8d266c3676f46617add4bd8ad742d95aaf4dbbe6e123898240d123ce5c804bf448904945a928a897baa37aaca37ab1fc53f7c0f2a7de496edf5377dce9ed73f8321ab09083057c44529f65ff0846cda76c11f579ca00e4ad4e768ae3e19a7ad0a3876a0996bb829d03e9736d63e886bd2f9857d3280f1898b51be9d95e66a479faa76bab6bc991edde71a715846ed20d76cbf16e4e4fdcf6e91136350c8388a4db005e -Padding = EMSA4(SHA-384) E = 0xeb8f15 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 5c5ff1160746c63bedd787e27cdd9f581f2286c7aa3d42aaf8ab2e84d221fad21321f33e0acc841520f7fdfbbb8094de62e2aa2821084f392f5f0714ce2fce58732b5b732747a2122dc99cdbe5a34a5ff000f84a951dbfdd635a4d9f1891e94fc2a6b11c245f26195b76ebebc2edcac412a2f896ce239a80dec3878d79ee509d InvalidSignature = 824b73c9a5008b6bfeec6696ce8c3560d2da11f6dde2f8bec7b1d447820171d46f88654b30be09bd7496739c86cc393cf06496c7cc203cdb739a0b7abb5bf82d043bcda57b6a4f2d2c03f813cf01c4e68e2a2ea5a2199ed1798c017749e35cff02d0daf19521ab65234ac7f4a2e904ce4f7c2d559537ec161b6ac5895677ee9a3ad1e89330a02557845601ee76e5c4086d8a25bf49b27d7f23bcef3fa74ff1fe752069245528f9b3e5774591d855477bdd7df7b76258f3c654840ce0c9adfc4e8de5c20cf619e7b7ff6e9d3d4c6503551b38134d47c6a944afb84302db1ac48b54f980819393142c23cc6bd4bd3ab519d42d9bfc9be75df722aa6336d341d9703874e41ae2899248a939b57339d6ae6431513d6aeddb91accbe990491c0c1c06af81167993eee641ca06a1fa6ecedfea2162edef08db09adcc235eabc7f511c8aad8cb0f9f9601e400a258afc1b249b47130474747ec710c26e0528595c968f8076354b0ba5f422d417302d47572cb2394d373c17096edfa8b4ebe2d74a9c8ac -Padding = EMSA4(SHA-384) E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 6a798995eaee88b861274398cff6d0411e6995d5fa4fb92fe2f7d8c57f3bfbd335bdc7b6f971f495625c0147029b2671f6a68befbcd6b77645254b774b36f046e5958e7b593fbf99316583ed916d35b9c73abd9224ad08070a6bb58347e11175a18646adb260cf09f7ca2f522374e361b9ab9586d9db922a5a527eb21a4647a7 InvalidSignature = 62f35bc627d3cc3e8ff8c9405295f967d95abb90ff3bbffb536f4a14d05d6ea88dc092a05a46847baa76837383e9527bb267ed8db2fe4a94d47dfcd8e23eda67f75a4fc9e276dd3006b0cb5ac21ca483a8020b4df3485c5fd6495577d29d32c6d4429b042f3be4675cb56ed5d3178aece1e8c938106e5b8c1111f2265f6204fc7ab87860301a1b15577c605a0be4931048753762d7d4c2cfbf3e873ed63b2ad9669971a32be0c8246b862cd882ebec164adaf79e37b3b07c9ca193887f370573f2fb9dcd9b3c9a0a155d5d622e1196216474fa2a0982dab39e01d6654ee4b36817bf5f0eb0ef0c65b7dbe1dfd6a6524df99895ffbc264b93bdf61502b7e2c9bcd63e7133c611f5ea7e3218d001aeab09d891c045cfdcdcc049e5cefdeabd617af83c96e29a90133d29e4a2e6dffb370bbb64ffee31e3a6bf9225df8fcc0c0ccc7606b3dcfd883c3950c80648049673cc65f0e443edb63b26bda9b554b2996960c7ddeabe849e871199fb54566913a7992f007b54fa8aefc7f95561cc030e80b8 -Padding = EMSA4(SHA-384) E = 0xdf0ff7 N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 Msg = 1470f2d65fd72258e662671936f46a2af03f6000847eeac83d673afa7e5b78314be1643a0a523c6a8bd6e035478e34fde513c6280320b175328bc190427ad7e4c1d38fb0bef4215dd2a5850f624adb7a1e5e09f7cd1ca6d64d7f17f6d56df7947e2fbd61022598d7c3b89ecc0f8f2648a20672946cdc9293952b8455bf9ea0ea InvalidSignature = 99a58b0398830437da35a7689255de79718f66c91cb07f9dcb33293194f1dacbbba05013e8df993f06654c45462b3723c59c269df07a5ca742fda3236ff32bd98be7cc2e2e7d5c7f88f409b2a0b9ee85bbe33d0e84823fe6ae1b4e38292075d0315959806254773175de32162b66c7c68ae0a4eee7b1e947f20359a83513e3bafc365933d32557551b9d3fba183736201decd6a1e1616f18c6264db3e905f36f98c4818b6fa54051e95feada6c642ea1a3fcfee595a172ea05ab7051001a55958c3a733e69161b441fa1c97ddb07f9d73da7273fda4e4b3a0e5a96c2d0e462348ed05fd5a23a52bc6e08a73e6b7c595db42bf36e2fea5120b605ce1e8503f34b676354f8f861f6185d1aedd915d07f978366da1a7d2e4a220c43babb4d60d2a543f0406fbd205b8c6a759374e8f17c5c49efc0c0a2f327eb0c0c681483af84c88eed6da33e222fc8937ce9026e8533950b684bcfcc7c450ae5cd750a737f718c201d33625a95a4dd37de920ba97af7dedd961d0e8f5b61f9007013ebdad61044 -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = aafe2e086cd97ad052b192e43eb18861ed6e2a27cf6e7d7f16e767020dc8acb6acfd1c7969ef0aa3504bffe75605b07aeb9c2e77ce9f5d832570a7adcd48f197ef7bcedbd4fef3a8fa26ecac67b20d373d0caa9d8fcc8bdc737e9a7e58a5dfc19a00aef6540b1f2776c9bffc17c185df0c46085fb9fceed22798a83f57e75d7b InvalidSignature = 2b6dcd7b7b261f67e950ce9ccafa8675e2cb70f971917d557bfe8fe87f81f4370a04e0b05bcb96e599483c18c3a4ab39dbd1b74098461fcd050139fc8ed16a62ab95c3aba51e23e03ad615990450bbc60bab43c1b8f4b965b0d6ba86b0600cb360acde39b9958e12700ae7a9236efff9ac5f43a44f7ba0110b4ea1dd9993a5b6fc5e748ea2e4085db6fd486061a56925d705f3ab1340149d7133c02075330f9e8ba591b361da737a69c5a5ff7267eedd23c1a5cd450c339dc93f72c6fdba6dba2efd896f1436b8840422c15b932ab9699296596250097aba06f69e6c5a3e4337e9c7a52cc3d80ad07eec1591d5270f32e6cbf633cbc37924c041696c2ee60463087d0d29346e2c3f8eb86021dd8b37b5bc3fa3078afb5105aa6b648fd6b73a3defbd4f35e14276891b5c6f9fa1394b9a0ef14cc1a6227c7bf682bda835f8b6b6d8e9c8ea7c0d5ca3213427f8dd8c91c0096d5c64df2f8e0484bbee604d41b009fe43262083edd5479df5a491034452df9f5111623d87413b50ddbe7c5b0e948f -Padding = EMSA4(SHA-512) E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = 32aabc83e58c61f89b6812528be8e61b9e9d381526e6fa36cd144bf1cbcb4cb75dab30be72309301a7d70d88758306e9a91ecc0f1583e23a869c9c47f6c7e832027f6fd99e38dd02078a7ca0f99208522396bf2dd8e7b7bb070c74436d1cba4b096ca05cd06ae605a3c988227edf935ff24b38f7d5da1fc238acfe6e9992690c InvalidSignature = 61a6f61268a512a0304fc5bd13cb236d7415793cc35593f0d523296c9d7ecdb8209165757ec37db671cbd2de9ffb35aa24262a8cd7d60f52975ea64162beb6a14b0c6379fd11c246098f01b32fd46cf5f23356fddb33a7ca2690d92c70f5dc87dff321bb0b33b5e3fa7254954d45ec8deab369807683f07c6e03853c3482841aec307e53eb798b23c31f2570cee10340becae99e980d12f5d95298a09e3c4d3e9d557e3811a125aa41e8c9051aa0930441a5ceec751e1d73a37373b15cfd142b65164fb923b05b55f8d643a38648d54186b5c21fb785ab7f899b3615c8a003d4a37651238ff0e4a598661a79739005f7755ffea700a70bae33b0ec8c3b63064aca6ba4ac029e2d7964193f187ea84f964900acb3700e72ae6e40ab2af3886bc5a1b935959e95c338f9948a749c8e2d8abb91deef6b89fb21877b4a84a27402d98718e32ee051655e78533e928ad45f9adaaf3b12d9bf987955cb68ce67ffc7abb8670b80abb91d7e41ed85672fb8ee2aa54cf1e642839c7199b251bc1a887e06 -Padding = EMSA4(SHA-512) E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = 1a943837eb6a0bfc1f7ff310c143ef836d6c2ddf59eb2bb9941e1c8590478dafdf3d48e73a6178bcc7d40f6c9ce765fa7fd32182efab5dca698e0519e421804c9e3c93261ae482e8697a7821aa3128c8cdc6b5889c6bcf5bfb04205a6e95e6d4ddfbe19d94db6fa88ed9f6d8f30a8214dfabaf9a6513ca95d4e633f1388c056e InvalidSignature = 1f105915ef819f8a2464f76f02f389a2a299dc8a0a5ed7028681a6414e3b75efb80c06d8a64cbd843afa275e49b57b320ea1c65b776db4bb41dce07dd7f4afb653e3e0b814d678c481a83e74e18ec1f6b2933470c98e7e5b12ba594a9412a52393165cc2d570724b9280d20795b0a4eea2025bbb02bee259b842d1f8e315dd94857855b37dfd498c64035de39435a17235d45233e4637b7b6d3fdf295ccfb82133ef2d97d8b1edf12e4ab4ec12950180e80f2f2e43acc2942e34b15bf70515be21004e2f5b4f2e272cafe84cdef2941036a23ee99fb141f6fb70d8c09b461b503632bafe36a9a61ce7a148e4d3e29468c1a47b174c2befdf47b00d2a271699cb723fb0833ca94fae4d1b5c3633f4ab1277f16ff4ebededba2eae21f1b545ae74384d85d0cd5567e3d8e7cd89d03df9834ff544b21dd0b99d9dc35cfdfc9c116903316225e303198f18bcba8b8480a586f452bfa4d57ae7d6768dd72ccb96849805291bf9d03052895cc6367ce97fef83363e8e8e6123b14a9be0698ff42e6222 -Padding = EMSA4(SHA-512) E = 0x098ffb N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = 0b03b1950e6974afd60ed2ef4d40b3274e825b24c327a4df0a208af79e13ed5ff3ad9354a1386d93c5701bc8a492b14992b7bc04136080b73f52845f6ba451f205167650c0a4cf77f15b07f7396c5ca7657fa29592498b43956125109a4fa4f40ae66270b3d524c523789f6554f43ba78f8216be8a0b4cecd4f676f3723e70cd InvalidSignature = 5cfef1fe1cb83d283a0f55ff2a3005b5c0b6626696de1b2e4033b6fbd69ab4990bd5d696d82b4418d7a996ff4c47dda4031bea00bc24d7cf866295668b340664c0479b9084001ed293cfa845cc4c7f57b0279c47fbc9f8702ae11e1cf6daa9e2c73e80b4fd14987b08ae56d77ab30a1a223d9220b7e1a43d3d2a5bd83833167074756f9513a2b74c6458c5e74c25ca56165a10eccaee5443e1e370c44714c3d9a3bfe653d8222dd633c3128eceead38f36f4141657f5edbd469a5ff0733828e6c4cd35d50c8903ff5d70136a83e7186135069d962ebafc9d0280553ac62d221e116f77734e20914536dc5e367d8d3188f3f4e45d80970c606461321a4136ea0365324d989a1beb81600afe219cd18429a0931e15475e6d35e04b1dfa2aa605fd3dd98345f57109528d45d60239e50442889fb8fbdc3c61c9c6c40ea0e531ea1e09a20216ea87d4c5d7f16669b46be9665308532328e62d2c50028c0ebba52b14d66a4bd0849a5413a0a7fbd770015ec0e38215898c1662a0d1a5eddfafe67c0e -Padding = EMSA4(SHA-512) E = 0x49be93 N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 Msg = cfecd702ac5ea7606bd75b26b2746b7b5db330e92085a40e6ea56a949a270e633d548d14d7b518a9b96e157c22ce6776a823ef81d9d3524023a8fdfdf16c67e317b6966d7003e51ec5080473f147401643e1055424aba1d1fa834a7a4ce563bc26b9fbf3bf6f9726594e31f1690980c2f8947a4949351829bcde59f4f2ba8956 InvalidSignature = 1b94c923251a32c3cfe4dbfbc78e577aa9953d6f47e38a8d3e844a985d60eabd69696f968d5a9f476baf15b2d1b1febc95a2dd133a870b14d67a3cae49b3d473afc3ace7f0b2884da88494c426b9adcd1b40d5efc409622788faec52a6825a1325e922bde9d1be6de33e1ac05ad9ac5d222980696226fbbe191581b030a82219c951c25114ea4412b53aa411a107927c03084b986ecacc7c2f36df1817228060737c58bfc3823f7d16630949b186c195cc34f1bc829dcafdc6c735affc008412b96e9f279474e515fbfc598886fbf622e5367235c4617daca77f2cd1d5644ce32cd2a7104501391685ad7cd82e0d21bf085f58dd3cb1d11005f2adb0e9f962b65526cb39fe1f34acc2d1932bea55bded8690826c8fe817511a850e7aa8fedb9b1a83cb2b05b58b302c0b9feadf2621c1412c789d2ca5dec04d028797781843c19c4b8e7ecfaf14dd46fe4c4375a9138fb058e47bcfdcf18c563a0d54170283c8bb2f0ed2b801e28afebebcce9e1f9b707bd1fd67a534db9d9ac61087415d2b1d -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = cde63c4c124da95b23a8323a5db03714557615226da75815a50f2cb4b45d15c65826e032ea2cda6535df3ff48824f5820a567ae54e8a1c8427186803be57e423e1a701e39eb54bec11fae32b7a852fc092fbd01720dcd454c7072df5228162b2137285a8577065b75e0004295a5a4c94976dfd010a23ea4d2ce665d00963f83d InvalidSignature = 6ea308d95a963e1fd18edbd6829400071e0f144571219f6909024064b28f72a8c0d6969bdfb705ce06b36c0a9d65a5c9331cc146d5f2c2eb96226c5a09957a945461a74aa20e966334741f4244311e2ac70f0329cc622864cdf614631c1e2e545564a682ff11dae5f8dfc3fc1428a2f028ab3f957cf970cd22e1f16e8e42f5ba879bc5c26c37aab6fe2b3f5b9f842c158515611c41e25bdb2e20962d794ebe1d626a4d36c07b63354ff9c333bba44129fa3210d0a0e10453efa17e053ca12513e0803c206a90edabe604f633a1d722363a2dbfa9b6b8862f5e2f40cf57f5c668af65fb7292c58c6750a6630159259c26a8ead1e4ac6dfffd96234978f15b9c9d80fe21b6ce9aa1a85a7f84f1954044bc13b42e181a323f2f9a4e1d7272c8731d14651d5302ecad25d7f1231b3f686690e69c3883614d8b85b6568b788d874ed737aaee11a11d7f9a8c67479662c77308318fe8bd5ceaf447f9592396ec3261f2b91ee25b54dffc269a9e7f965dc00d586da77d1a40469e68b0ef5d4f660c935f -Padding = EMSA4(SHA-1) E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = f676f3723e70cdcbc7609cc1f2f3e4216feaf83d52d6b2d7691f6741cd4b1ac3b87df03d963ce40d5f76bc3323c53cb3e7f0993bafb53106dcc67800b811362b5044f0418291a39b56afb951922135a388ba319833618ae48212da0ff425a6d465d3d9c828f6713c55107963648f37b8fb4fa69a05612739040b73b6a80fd486 InvalidSignature = 6a2a7ff14c4028a67401ae18a6e3450913afd048f363607be81edf187790a4aaa57eeff802050bcdd6c4bfb921df1a24d62763e1aee6f8878bfbc70c26eb9f270bc898753f5583d5c5b40ac32e7c4de0ffb073c076d5e750b2c0b0754a7491bea420a329ae68f5c5190c74a75b7db61c84f2e017deb4ea5d9452679a54b5b7db1ff66c7d7a929cc3d78357ca68e39d75f1e92d32cad5bc11080b054044ed5fc351afa53b294165510cca83dbd91843297d9249ccfa692b82d75345823086d9234f5e2e0dfcc6fa194868c04050e6e80425a71529ad672c6e3b32f6fd606cd84ead5de2512cd09891cac69def77d09cddd0e2a6383d1b60ae831c05be4ee5836e1810f60ad16bdc253fe39e1fe10205ab6dbccd2971d7c2807411742358d7162d95dcbca5a8924213113197424260ac81cd999ef505de9ac531ce803026c9e9805ac84e0d6c94f51f79ea750ab29b384059843b22aab802443df06bfa1adcb6aafa5fa267a7bc230bb26de37973d6d5cbae0b7a258ac96cbaab35de8d418dd7f5 -Padding = EMSA4(SHA-1) E = 0xe22ca1 N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = 51ec15201bc61b8d9553c9cd3e64b3ee762865243508afc9fccf40a20c0e7664d7bf7576b42877f9d60263067fdba03671b92b68a600e7be409535e9c344c5a7825fac8957a8b6fa9771fd7d4502ba36863b5cac557bd7cd78c03f33b30f95a53b16e1e16d108098c0e9c0bbf9a2aaf59ef81f79ac4027fd8c96850644368f67 InvalidSignature = 71721988738850d97a12fa89245a87cf3b032da83b7561c60e55473c5dd8a8d3085de931afcee9a401f46d227370b31dceca0231d4b13aaf293f0f2bfd742a996b655b7e363110c57bebe9b86ee9f460afc2988940cfd56c3e4b30c6dc990089e525b77fbb633bb89d38aae143eb6dc6e3388b01f7ccf51637f0955cc3808fa8a9a61290a82c5f163c4b10fbd1abef65f85e8fe8184ca9b0bee0ce173a6af19865ca32a2a9a0d7cedcd4989b32c5472e57d025ec5106bda37fbd2d7b69c0528ebd8120bc9d3dfc08018cb0107cab8bb70a277e58c9ccc7a5f6c92fe791d68384f3fc5ea315e37c02fa83c019b59060bf0fb2d033b8f5d3a7e2549f5aea22d8cb323bcd4f0c3d9a9d5c1ea256241a22c3311358fdf04f23c1313335159ed156bbcce4671bde5e78e1e6ff11339bc64d699ef36826940064db7580df64448764e84dea828d0757d533d62617f5db658810a092fc2ed35b9e08d45f85e6720f58f290442ecd44ebd0aef1db6bd1c76fd81e674b1f9226ab143b765618fb243bdfd4 -Padding = EMSA4(SHA-1) E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = 2f7ab138cf776750162edc63c3b5dbe311ab9fee2ed4e51aee034572c13dc1bce31b9ffed2707440052c8292db804351d24346a7f9953a51a8c249a56e69a7d34bdd6a6b1fcb9c1f631d8ecb171f70b2fbe01f0a02dc3ebc04d78865b30c64a0d087ba879fd0067798c9ab145fd9898df64ad12232f018e36b0cabba786f23ab InvalidSignature = 765c62cd7e50bbbc4d7731e53fb468df256b53bf41a49c8950339f25a4a8ce8a6b31672e1ee72da84195fc3c679ce107dfc76dbe858ec2671d7a54f23d2e57aeca984c4973f79358dd445ac0575624b6252bf48ed74f7081cb29e2da05aca46749d4977173be27331cef847dc7ec7748eaa0a903643f45f69a61602112c412a46c2541dbce865cb30e87a4002de44aa9cef0b06b9a1220ddcf3cbec46fabb0216920d787c0ebaeb6823f11180de58e6cbb4b432391af394b5936e6132530dda9f13a5d8914b2f4c097b01046a60311371c678e6a04b0fc2eb03227686f67503dcded15873d57e9e8008d07fbf4bab4273f61bdfd93181e3b0c37ebe146226ba1730a731a01eda193eca6ae77c9085d74195a3e8b8036dcce07250d99d60a1c6a6f3c02abcc902e26f37bdc979f82312131d0d00264f798ad09e7dceb29e0994d527e15442b877656621427757f507799453559037804ad147ccea6fceb522c6ddbe8d90b0d45c80cb5e155068daf7043c6b37e7e17c49a22f7ea0421c8062a81 -Padding = EMSA4(SHA-1) E = 0x6a996b N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 Msg = eff93ee57b47accf61e80d26313a106abbdbb1397577bcc221de8c7da95a191a4e3f32b701c306551110e98d0798557fcfa92f0c18414c45fc233422e42a2678a6de5c25f1458f8debfcbe4b18852c207ee3a82f0764106d26bf1853bd5e48d63ffd44981274506037d113c82caa9b3511b2a20c0b891023e6d9c176fe9e871c InvalidSignature = 78f7ca725ce380711afccd67be0156c7e5aa8b8f981c802ef0456000b749c0e10e8a87a99b0abad80425b5a142bfed87bd8672701808435e8f06e28b3547a943fafe99d13fd543d56876ed0857f85ba1c939fd98e90f4b8ad864d4aa47fa4c509f73ccec5f7461e049ac06ee8d52cb64b2b1fa941801648f2ddd5a371202ee74b5b0f95313eef842701dddcf83c2a6114675ca1eecdf564a6e5a3c44c34cfbb34d1683859259d42e94c133543fc84aa4a8a3b0b98ae355314bb774d7ba6cc5bd24faaea141276e8331a68f0b4a6a5e5ccb50d78028bd9dcfeee34dc7134f7ee2f94f3be443c0dc6156bdf5225cb489e7e70acc37f35e09668649b5942a683dab9e6215ff075ccd6c3f0be3a43aca525843477a20289b03e5f4f17e12af80158191eff3e1b7f4bfabcd8d681db7050153a9beb739ffb48cd977fac9d4ed74b0c85bc5b446b3b7c5824f84e58a8e41cde59e0ed3642607a897e600742f3727deab18f6d051c0e4c092b6667b247dcc78e1a00bd12f8d9e47fbbaa9edf6911e7d94 -Padding = EMSA4(SHA-224) +[EMSA4(SHA-224)] E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = ed55f2cd9db6bbe81dfcd809973b5c0262f804a9cce01d2d17baa1aac19aa4fa0957eecfae40eafefa0bbf1eff0ebc5221b2f963d4243b12a74d19ac82055dde2b83adcb0f186b5c401ed9d7ba2b81b4ea8ad4ac71eb111225596866586d60285ec176ea49a806a9f71c6f5d4ff873cfc768dcab299d65d698c5d701ce3a737f InvalidSignature = 1ba90dc10ff5825cd6042dbfbfd6bc48ed77e1a7e2e6ef0a002484e21a38ae123111dca0b9e34f6d8fd547ee0da1d44f18b84edb71923d07e67ddb8ad0aa44336551248db0200310016a81372d5906295342a84d9747123bc7eefe47a8543b849b13bffb9c9a292aa5ae809f09ce36867e584aaf8b32524dff72db7849d1ef7b22efc1475e67ea6606c8e0f4c96f7acc8a745a47a13c0030eb23a68b664c12387a3ab8e438545009dd2824f1c1494e064e5d400fa4d81ad3e024e4491e7521b410cdbbc6955d3ca11b928a68da56ab7346beabf14b2663b45d62903a046d3ca1707c33014da7e757ca5aed8fe94f7aed8c586ffffd5287c8d63b6cfa0b41f5cd1c66b0c56bbc293463933fe3ee5097876cb4e34f23008a3647f446046f1b75e4caff3a3172a58429562c0e51571aff92b927c38585ce81be9d41395ddabbb6be7f17ee8903a6d824dcc3cccab72a9c3af12d5e7185eeefeb01a1513fc9996504f6857723eef630a1d993ae22ae308a955bc01045631f26308014d8daf1e0cc32 -Padding = EMSA4(SHA-224) E = 0xe324c1 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = 7046b5c4ed235e49275f2c98490a3e6bfbb72a0b2b30e4ae0d68e20460b17d0df42f9b2d698d8b8239ee3075f927628fdb2b918f78c6abb9cc8f40708218e5077267d6d569aadf8728267cbaaf713fcabbe172e48d44fe63edd18b596f5fe96bf5d5aee375e22100fcee5790f3509cc1a2c11535f210a354771809e6adf052e1 InvalidSignature = 9f26df018bd94829168a13fe22ad206da944831f09c2dd828d3677a1b4c436400687499a710eb2aee5a4823ee0d1acded86de2ecf51d2b32408b7a0cd8811ffdfbc044139569527befbf52b244e919e4a2a22d2405576b72b4d2b44731a57ae4d34d618194193e1de8b72d141c7805b46e9b46d404462f50df48279302e47b090efe543039071aa8f7b3a5a62eafa8f98ed681cb0f11b018e2b5d6bb1a634ae242269b6dac07f1d1db4e8216a2ee91aeba2c13501fc3fcc02e6dda680506efe6cfed1b5c6efbe096f25d1c98725435004854aaf75fe0ce9138b5ac5027f36dcf8220c6868a74b7d89ff26193e00fbeb581f0173fa5578ea7884520b33767f5b060b823843e715050fb569e0630e183cbb8ecc404b02e33ee48f552eca84a2c0160fd6ec008dcdd7ac0ece42bd3fd3287069e195122662f09616a1245d331edef4c11cf2f9c2231ac079e6604b3ea2893ea1f511cb2e1f2d790fd009a18251bee4edb52393592f590edff2c8d315d20286d99d82520c34378d7f46f34fb20d2a5 -Padding = EMSA4(SHA-224) E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = 2dd8a30ce4d971718b9c3a1fa33512f0677cc1959abdb2e682b10c7735ad1e6c131a008e9425779e44b71ae90ba8b31cb230e85aa39e1b8cf04c8ef897d2cb16057a439ed8f435e6e94bd16b8a189ead0cf6194185359f21cfd38c46d4a7a57909e0b36639ae71f2843fa8cea7ed994c7eb69b72c7ec054e282d4e887496733e InvalidSignature = 9aa4039c0c5a617c1ba2d6f71362ca1ee76f6605ded0b51e881a5eb800297b4d74de776851355cb744e3f7976b379b54a56f5cf705b9e080924acf12d74e064e3a4571432096c63b9be3301cc2c8d91591dbdde6457ec79aab96b9a9132f7feea63fb5bcfa192bd126a0ed82b0f3779c17a5769733bd06185950f3adc8bb62981c33c81e40a6fc5c87a2733a938054b0db4fa79b63b822c0b69cdf53676bebdaa8889b181b0760b7cb11c8c1c89095f8fd76c4ee02f5d0a4143895431de8b538efc6160e0f3ef8d3f2e1fdc7cc72a568934905c2ca598e36482113b8592849dc21943f5b3025091a22bbd3b8ebdf2e966bdcea2350bc2ea59413abebb6b2cc332f3dbef652cd90e85f860d843f2459c431dece9c432ea5b6d7f361eb851ad5b03667c7134f9cdf27f575f4b093693f35ea7f2d7491a597302e2347c182dd0b07401175bcd625dc66449ebc201441fc132d1a5d5eab92ebb759f9931c28039434ca7cf249c9c7994aeac06c55111a73a8d2d27912ce9219142ff1daac82431a3c -Padding = EMSA4(SHA-224) E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = 5707c0d7c2a388eb7bd51616c0f33a7197f4dcd9b7cbf7e8a5f4e6231d4cdf75b325bdddba9a026365201c502c5ee79e713f74ae6445093924206889277f54e9db26525a8d40ad878bf7bcfb8543679239ffe82d5042cfaa82ec4914017fa116153107b6033f914034837f7f9349c333375fc1c0426b53240981102b75f5cee6 InvalidSignature = 01cdf5e7f2702e03c7b98e8fde047b8a7df698ce37a51e3931b6b8caac44278d216326644d28cec12a63b8e58359856317a6a5c7ddbf32fa264feddda83540979d68dc4ea92d75dfeb073f0550712979030a23de1c39e28f4abf7064cb0ee1ea19f1c1694747a53de50caee9f346c24089389f6c37519c7509fe4922fe510b31399dec4e079c0808dd4bde6e713d2e58a6b54dd11b6ed8796dc793265f1edab0a2e5dede076ce9a93e112ba3e2e761c8d530871f14fd17a5fb582946fc40e951b2f35651cc9bfaf8a46d82d7e025a4f1f86b9805c9a23178539885288c873e102c4cf500c612db01f6e6a6b9c7239a0f0ddb6f4700fa526336a8e2a1851c08291bbed4e01ff0bf5e9d3278bfa88a21e8f78b360d31ecfa3fef98a61aeede752e93bdfacfb5e7a82c3e25759a9921b96f94cee537e127bbae2dcc4ae6a8cc93416160f59a3582cfb94d914d42ff8c68be2c91c5fdca7946130821df910b64862fcd14fe72fe31d35b0504eb387915cdb19d64a7c330c1811950a1cad3977f9ea8 -Padding = EMSA4(SHA-224) E = 0x026a07 N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 Msg = dbf8391b3592af32c893b92301064edea2ef6c38b976ad33d3481a806d3b4342ab3190154d3ed24fde0d1d862e7fda52039618530c92237616595875821c379df738bad4545ae5dae9e79fcfe69bc0f613706bb8c2c19eec03af075516c41a6c26d66060342e125c51eae60810a029523b440e6ec54c461b0011d02910791338 InvalidSignature = 24488702f736a23bbddc56d6472b083d92a76be7e51ff787153f3cddd8d0ba1b7ba56685f678a159f8e63dc611ad4fd1ed9d86e597672f6a11c5cda9f55f027053f1596448da8233d2a19b0a4de8d179403b9773517c0a26dcf00637a90f0832cd3918d35fe8e1293176dac33f6a0a562adfafcc97d7cdf862d338599d8bf94fcccc58b0aeb6542e9d6c65d2909e5b258f32f17231a274f53024751b871cce290a976ed98cc394a5cc5b5b6f5c6bf0ae9a21e2be3d1d12f30a295d84cd8a686fcf61883037ceb0007d1a443eba92f6105d1b282c326a3cee65c45b5fc53dd13909dfa97ddb46f8c6889c03776deb2f0220e5f2e86b6407dc1935352a13086e1301d2a9e015cf3ded7360bfd5b0eb29367c69f1fd2226c5cc869cd03e08a689396f1cdc332a4e4b150c700a9795d32e356391f2696d4f8f3ebd6c817a3920f243c4eacd373c6acaeb9ebeeddb06457ba31ac3ee06cc681041fd0354edf9098b2aba6d9e766b15383b274a88f2ad864c7bc15c912fbccb81ae90411c07e2571cca -Padding = EMSA4(SHA-256) +[EMSA4(SHA-256)] E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = 9fe9f933b93d5c2ab2f681086efb04090c809727697da534e65f35266cfd10b2adcd261cac582e4d7feb8d2653907914b23c5ee4014a80d94d28e3fc475168b48c7b38962a11657e60e3cfdfa61d4557ed75ed8728a9e6210b292b421310bb03c659f74b3c504be7de4610dc6e89b1fb48940db7e7821d34aac9d7a0d82452c6 InvalidSignature = 4311cc3ccb4a2215d64184a22d0910e2f32931be4e1751b85746c5eb69c2a388d6cfe8f0f7d492085e2debbcdcad65ed588103df67099d5c9aa6c7940e777f9141f6d00f2c30c749228656cc473dc26c3bcbae8b46b9752a29cd0de51023e442752dc6493981089ec6a000bb53ccfc7f48eb320302aeb13ec9ca31446a3991cf78406a6d7d3591d8bcbb643480084e663edda49cb7549d42108383a813ef4709135dc9be769d8573ba947382d63e817c4ca51d6672b1a061ccfb1362723b35d18eaf713c86c9b8fc38485864bedf5d4376575025b046a803280c20fcb2e243b39c5ddd52c2961dd7dccbad7d0daec3575ec564ef268b9d0b5f4fd1decef2ad8f22af11169b471b602ecfa961d5f59df6103bb73c75557b93019dd0ad4ab1ce9c1ba466e01aeaa5beca934a4ba25f5dd3290b211855ae55e730245534889bff626bf53cddc2e8163f117c4d2309db4771f06fd326af015cd46036b457ef1da7b6064497e322644897966bbb99f98e04a91a7240f12559ac4446a1445f1e378b21 -Padding = EMSA4(SHA-256) E = 0xe6f03f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = e62f04e5d82cd16ea4cf1b3e74e5882a52a0929a9b3d9547b1e32642f1cfa739e5ae18f6ba4a3028f469ad6660f2e8714a52acb9f11e482338fae30a9eb9108470c6a3e63ec2c28a8b6e3fcfc8cc2562848190bcdd7ec2ec3adf74973c136a3df13e4abd4bdbae1cd1a6788295b9668566f5e6aa46a32b291f5b80f1b125dcec InvalidSignature = 8f20b434b6952a0647610122d5f836965ef69c2717f288c226b1c1d87d5313daed259fce61850a70781244954402a0c210d1cac134cad6cdeaa670cc7e4f682cc26b2108eee4aea7abd8477e5f52f6ee539d9e1799580db1c3fa5b7ba018c16bc3dfcc67b8ca016d5c26554422a74593e0e056a239fa731ab3e780aafa711a762e174b487f95194f902bc7186fc77839e2885ac0db328c71f4060eb8ef7cafe109cdc8e4acb5c21bc964feec80474daf737ea08562888b4296f041581ccde0a2fd61455f6bf56986dc0506f4e6f6b55b4b0e7ece521ee8265a0e63fa87419032c28cf0536cae35d0ed9941027ea680c0785a96d075de14f2a09f36ffa406a954f7d3654a78a968002bad6cc6639fe8fc0ea7da6aa900aebe136368ea8c3417f20af01a0ea5ea485416d577931f9f942d1c6a440c1d6f2edd5631fead4c21f71297e0d8ed753be4100e5f8d6d7acf7030eb264b4edf13c1a5b9c12280cfb5fffc7d691bbb781f5acc4b55f64cf28fb8ea764d79ddad4a0a59e562e45093ac7ad8 -Padding = EMSA4(SHA-256) E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = 5df6c2f15c25e0d72a7ecd6aa3b480949f979945db38f4b8364e7ef720d847a14f04d9ebb350c9e5adef8bff7c6e8acbf89778048296e3d03b5a0a42743eee2366e9acf223720929cdc84fc2065258faa7d2e855b58f40e291b3efc06ef2ece1086ce20e94d5cb2bf2d3c0bd2aa70fa916108f3e5c6c3076a021d679f73b6863 InvalidSignature = 44444dee1f63274ae503afa3c982b96eb60fa8beb0d4146b48473f816946274004d0cea30c1b70d1291caa38012f848815d33e105bdbf2840a1f847cbc353fb8a7688db9e27f9ed3ec0c649aa7650f102374936dcffccc5848953f7dcac50974bd760c4931308c7583b76510eaa1311d14ee4d8cd7403df1b0b7e97aa7acf6279e4849e404217b8fe072207b1af48a154ca91316a1957f25e82bf30468a75c51fc7031253f492e75bbb656bd291110fda322052324bff373b493c713bce00276854802a46fe05f4952d6e80efb1e12a9d6122a554a6a73225586fa690ae4e809b74999317e6fbe1229177bbbf8760f7cadd715fd1296664005150bb38663a890a765bb4646f4b383aeb1c7702fa2092299471df682732df8835737d3ab842ec83c3f2021aa6a618325fa36b4ce34dc2a8a40d5bdc95ba621af1ae7e3f65a61d61c7e0c8e42fe0ed054f3e68f8f8f64a21f7931abe603e13094b9730c1dc8be5918c7386dbfb436570cdc2a3e5e4ae1c937a654eef7354273c4002ca6c79ec273 -Padding = EMSA4(SHA-256) E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = da1721b3190694d873daae06b0108945c693ed88ef850c8cff3d7003f58c31f2d0456b58a4fcef10ec0d39f822e1a3538d6cd86c5bfa8a7def2c68ce7c3d4a21d38aaf4e79526a2bfdba98ae8814d556b660b0c6a4135cb44b18a8010c1530298befd5dec1906cf04de8b3700b318915e8785edef559e8f9ba0a17e4cc9b4cd2 InvalidSignature = 509d9b9af57ce731263300032280ae4bc353189a6d25b50b66834b2a9e7626937578c82f33c0369803a2b97d71093e79e656d56bea286a6c31276ea3796d0684a30eec606665b829c82621bc6274e93b4f1add1be8d7ceb66da8f1f6eb7b9493669925a8b3dc0c21a4d6cc19840b71a0b312f911a328c7e58735cec47303065e6fb01457b3d97b93814cb6ae6f42b3733d2101159b08bd33403e22b9f0a288ec02d386a59c4ddddf9c83c3154ebfbb81914373b91fc187dff00d93b8ba344aed763362c67a623c1b90e7d6b781f3688254c8a013976cfef38f8cb947e7704ed5d6cf4b2480a956c0be551e986b5a054ab59b2e9b979062fa6ae9f8204e09a5962a8af893215646b91aaa2743df1745449a30fd13785b2c4b839617d380b1aeeb4296908fe494a810a6cb80d723ce74716f89f7b50770b577dd5dd900529d6d67323094e8d46c60539c9c9dbf44801cec4082f6a73910ec452a2fada90f2832a3dff07fa1f0ffa1476994e20a335d69e671366c95a2cf4c16dd4043e57501184d -Padding = EMSA4(SHA-256) E = 0x2cc92f N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 Msg = 697e6ffd617d01d666fb1c069477d3a5b36b45a00ad2175e73e622a3b52e68b50db84dbe0ea40472ace247f1933b4befbd96f3124374449b73be194924c0177a4675e494bd0594a3708c64449c1dabc16f070d7dd256f293869d36ba72f3236c3b3c9c4716aa9ab3da83ddc55a24db63f146fda95e800a8cd20de3bd48d072d0 InvalidSignature = 359ac6731fdb0c3360c8c24311e48e84b2ad4d1b19041009e5fa2d6b94ddd87dc9be9206633fa87059d184dc583b9f24e6909fd5a533da78e1687b1c01e4c5a5d58de0aedba5d7b19b268957c9e79bb631bdbd423e3a267f9ba4a1266e2c3aa80929e5f7260ad9681af2eb2b8936596e3b1622e076b8a33dd86ded2b06060c8e74b1fd0f2ca88a8efa3c462b1227f8cecee0f77ef17606c218abfddc8cfdf990102524ecff3118f81b48adf286d6b21cb8dd815cc1235289ac15f6dbf420db9a608ff26667d7c80fd56124741bfcd47b42bdb0c17d66bf45b2f88d633e1954172ff808e7904db96d3396fb9f7d0da5742a937691fceb97894ac6774aa9daa7d18d889543cf3a7ad96d6a6e6feb4ee16900ad070ecbcd165bf82fd075046478c42fe8584023910c320901b22f3a4690597fc78b49cc2aca4e9b97bde0e69d62c9fe1ad07b5f0917e175d01f1fe5dbaf8abc3c71efbe0b55ea48f23601eaa5c70fdc841be8d1b89d01cb922e9ce4406747114fa05f55c73922fb28a42c2138a5c6 -Padding = EMSA4(SHA-384) +[EMSA4(SHA-384)] E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 6ec1913b9a55cfce3baa6a742498e6712109949f2e5e66fae70e01624090149d767ce89c46ed39ff5c2945db0e8422ba4a8154e3cd3b9fdc96031a2e9b4b8568bac3dc66f2c12cd3d3e6a6ed33fff2882329c6562239b665905a4ee965f85e3c22dd9523089a51538829b634fcd0fee494480f7f931f539ebb5bc41d05604622 InvalidSignature = 1fdb03e44e04d5823751c29f4404de6859ed5ad1fd7942c6387494327b3fccb98d662bd6311edc0bf49cb4d1014c6f2fed8b5238493bb4db23580f10763707414e3c87a663d664cae71bb00c2596b2515d711f1087125670e2c58f7ae57686f82da409c79718d942fa05545518055a256e007ef761d4acc33984a629ed548005acfd79e0cf151376798eadcf978729a3e18b9603b7693e1c923cb86b52199a360c88e9ec5303afa6e60e47f45719e93cf2e7a53530b9c9a2ab3b2c8b5d7d6d7971445c8a1494bc36363ad58a1c1f4bfb86534cd84be778ff4ef4a410a73c9d0ea327d30548977f2337a74641ace92c749ecd54af207c4bc29d446eddc173934bcd3e998da643261275b1556063dd5c1821c43cf2bef36eef66e514d72462043fac5d568d1be6d57e49f40f30be88c7b4389cec090ed954f48fe48aa26ba39dd739c2d0097fd31330344351a3e941bd633952ce99039e31056097d00aef49218c2589212b44bdb12b6edb68c784b8f789f370999f71eed9c04d6dd2d4d0723d2e -Padding = EMSA4(SHA-384) E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 89008623eb2864cc6d698bd707adce222f5e7f02f128282d42017bd892678c1ca0e93e9e92e9fb6f45a0a931e263d97cb2244180333b6ceb6b67b00d7c0f613979ce446f782f4639e8b56ed3251f118e4ae9457647169733332d012de38216f4bbb680dec481acf2ffafc404f969de22a0b6732f554212ce425d5582ee461513 InvalidSignature = 52c068fd97c371bf7ad059310286d099e9e1486d6bdd9aa324a51019afbc5b502f1b9f2fecb23560b7a414d0e9e6fca69f4cacdb5228728c77e7659139ba2de38fd74b98f7d70ab4cf61655b84be1473db8b29563f2ad053a89369bb58588874d8d49dac78a42c0ab78d5dc739901b9106dda53c670c2e0ef47a45522af0e3ea7d584c6d1b782469cb7e86b0df2ea67d50ac4dd491e5248974bbc3caa5523da1809f93656706b72f9d7d17ca19d3ee4ca5942f9f5da16db8c25aaf911d85b6c30066d42b7cc6bf33672323177994b95932c224a87a3b15c7a74bead04ca432e933ca26af1677e3fcd67c3ad3196aed8319bfda468b753db289f6009972fe0ac34e7cc2c0c9833534a88e79a6ba7177ccfee0012f174e7e63e63b8e9f6bd24133b2685843ac90aa83ef81b421a202758ba48cd95c46b52192bfa52242bb65a00a21e72f73a5a8f3100c5f8d5fcbc4a5d3ab17a2bd7cefc23126f93cddbf575f22e03c7b7c2e5086992f712bdbfd155b07d05970d8e56c8da399defe061a563036 -Padding = EMSA4(SHA-384) E = 0x2fcbdd N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 6cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f1d85 InvalidSignature = 8fde6a6c314b86ef918ae2d2adf68f85e330a8a1e3486bb3003fab3a52017096ebe000a4a7e8d05df6fafcf4b01940f5e322b7c64a7fb5949a6eb356e905c96c6abd9ef18b4ea9fcc3836dbf6b24979b9e6fa6785e09db540c079a0e97d3adecf6158de9750df9598ae8e7085140328c50beb09ff37e10f7fb11691316db255b6e9be021bec7b0a967589f63d6dd7a43aa0901cc83b8a8954542a41284f2fc381cb5a6eb3625099c911bcbb421b35a70ef5275f2744ead1813873f1d0333060d9cf2ffcee888335b0aed2428362358f7d1aab34fffc11f27ab3cfb8b5390e7dfde1fdd33f2a8b8171d865bf40a8df783e216112b4d416b31f33cdd8c905133557b074cffaa14c73c087e6990c9bb7a36998459e4758ab07c85d260849c0be374a99f3b8b23b97fa5c9dd6206ed21e2bc54fc256e080856c3599772b00c4c5799daedb1a6674625029da3e17ce73365675c5f3a71398f4a0c4f609d4f4016f554cb2424e19c35ca2b0649a210edcb6eca7ac2b31ffff175b25d77b26933e52787 -Padding = EMSA4(SHA-384) E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = 4621b17cd9f5b623fe73b5fe280ce9ac840805608acd6e41d55ea71132220c0df7e7c4159626f10d71882983f0aa2a92d11dc906c0b22cc028f4395d48f54e12894e33da0f614dd48ee114e65f95c7a7d3585e7cc765c00178d136aa99591faaa35ee6136d2e323ffc855c709c5426b32fc0aa0ac66e90c96efe84414dd5e79c InvalidSignature = 33bb9affe18723767ee34d8e40982c735099ef1806d8720e71d16fc2d6617a8cf301e992b6c5fc567aa971285cdb372c1934eccb1e83a6597011ad091aefc40db52a7cce970e3e2eee817a727beb9e5d137e64606279c36341c4a7e7488cea8c69af8a3e8497fcbd7679462a1aa15ae4b0d8ea321d4f7c54c75dadc64318cc99533297d9f5bdf4882e64ede175f32cd20081f996c52f288bd56dbc63fdbba190f1167081c95e37c0dbaad3506009660a3fd10d992a2968bfda881cec2cad19ddd852ab579abad0a9cf43c10b1758867dc0f25317d630fd154caf9a4b057d2abcd933748c7d87686c7661dab7b5990f32708183e494b243b862f4255ae02e2d2bfbf00f13d7cc2be7e1f16c43c94b500898de9afc7d4aa8cbb56a4128ec0159a1568c0ebdb819f49ca06b0f0686dfd920d6eff0a3a5e1d913d4ed44f9da20572c132965a958a139207e8900cba4d6b1157a57a4414011b412888cd1935c01e630410607db7852c174dc32b6312d22f541c453ccc07f7689113013c367f4889a7e -Padding = EMSA4(SHA-384) E = 0xe59685 N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 Msg = aa4a6da9f73b58f5326d587572aed18ed9a79f3dbc6959510349d2d8d3eee6d76ba8733e4c03a51a9d9d770dcd3476fb7a03c807924f6ebeb83dc691e9e654895fadc136b5d124e94d3e8123efa98f4cb2dbbfa8204d798895f6a9bde8617a524d02617b7aca5ec809f97f9e1e34a5e849d78a0aae8c0316631d83431986e19b InvalidSignature = 950e4924b04152a1bfe6f36351d637ac802b08344c250118aaa7e8c414f39f559761d458b7744d952edf9851197b2465c46aafa827ea0610f85fadd7b41418b04c1e335fa084fdc84782e1f51f90df0eef306d9b9361a1e610244fc5dc609a9f82f670521f63b3b3ed8e1a48a630c55dc9f73f16bf49478d8410434dc0da78ef840a4bfba56d5770d084c90d7ffd198a802c8b90a8700b96a0f2f50c994af7d44b3e9eabf9c7b5d9d6b7da0d64b623293b5b7e2108d7085fe7f70b29b98c3bd575df131da4b78a50dfb6392d0f37295908170d4475d7702ea3abce584efbd4b4e37ab760c1641548a79eb7f27c69eb4c78113bc0c22ec2d2a9a244ee6fee9aaf57f71aa9dda726bc0dd580673ff2c69922dde0b4ebb92653fd324077040fa00a280454ea879147937ed1f53ce26422f4677e0125cd49c2bcb9a88767e0e67ca51f6472de6cf32c7b0ab7bea63253d8fa031a938621a026a92384bae79594a8c9bddfb06fa9c58c5a4a5776cf65b1f5d346da7deab2154e45440b0405d1052405 -Padding = EMSA4(SHA-512) +[EMSA4(SHA-512)] E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = 31e3e05d7a984db4da8696db9bdefba791358c70fdd8330db060f4ff748674eda738b85129ec30707934f48f1a924d643c8e77cb9807a5ba9cc74677c85a8708581f19ec239f3408c31edce4f6706317440e2f00e269bdb7d77ee6435dab610e8ac18a962f5a6164016dd642f61f44a9f2dc3b79a3a782eca9ae5ccdfb220be5 InvalidSignature = 4fc3232b033b22a8406ab979cf0bb66175b523285eb8425d2e80113b2bd28f8f364a6487304650789c3ec0f2e1ecbd0c919ae8d46c604534aee503dda653ed94582c93abf67417412080871e193faca2ab5be8944663415475f3fcf6086592418b6b845d5f6281943b19dd68c0a3526b39d8d225a97c5705b7b9d2afffdc2351dd95dee2eace1aaa8bd9643fab8e764d6a7c66499f74c944f10afbfdbd901b385388696d536fc9ca5b68b933784f646773e99ec2bf312883fdeb9ecc3d6e46094d87802cf11deb8e8293ec1ba76711a4b49db5d2a443324783cd4fa001b92a46f7aae084bddb30af4d23c6ec6faa9003def5dd59d00c225ba1212ad0b58fec5b251200ae135345ef141106d3265d9e8019a426f652b91ec32c8658869aa10044997f22f24fa101d088379d60d64830f7948a0bfe1c348b90b28dee91bc501556cc1dac0d050fbdd2efef2538fa4f182d7908ff754ab84c238d16a9b10b0140e7298b026b4830ce14f3caf9e72daf32a6a785360816c70989834691133c7a918a -Padding = EMSA4(SHA-512) E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = 691c263b523e54312dad47dddcce9bfb7275a61a9ab5fd0736f73a89454afd4e0afa31266b64916f97086ad0ebe0a22b17f1f9cc7c1f8fe7d945a7412785aa2dc1dd6fbac8fbb92bc65301a7916e7632738543dc874e10386616cb100310a857d4ed665f33acd54d03b495c9962020face5a0ab183eb88e42591305fa392ffb6 InvalidSignature = 0c42f7dfb0a5b5d439d505310f148a0721670d81c806bb50bec20d941dbdfa12980b2326984169ca4a3943ececd9b1527dccedcaefeb5cf739e0112ab9410396e3692163fe2a74fb8d530c8d805575e101b4ddfcfd7f14a8ed95074a516a1ccb0190345a79ae0e83934cf09cd1617ca471e10de6bf512ccb5cbf9a87ffb65f032422dece63dfc0247f54c9752b2e966c904cc203362d3f680fda66b17f761571b2984cece2f4575064b47d78afe8d683554da1f132e8bf707f850f97310cafafdf374835188983bcdb3493ec1479aa26fe12b504a32a8e9b31a1fc821fdcc8b7a2c6405d189cf7f644e5f47bed54c0f1b03ceac14b19f13a25ccf4c779a052989a9e966dcacf29ee5efe93e1dcd5fee4521faac968652353e5ad9e0ff2d4622e98cf7fde4800ef00981d76dfdb953ea9c599a1c07611876d11ce94e9a421cfef3aec08145703c2e6a878112959696ea54effd9c3819d0f6fc6d722a26ba044d16cc93359e4b6df565b43c354abd105a638aa1e1d6cc7fc9300165c57b41cdbe2 -Padding = EMSA4(SHA-512) E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = be0f5c666c1d2c480ab93ab82e2c7d5d347ab87e9937ff72a59b77574dd95d0757ad4a48bf34b5435a01b938b96d186f502e8172d72c0e79f19011260c1d107288c30ee81b710c11742cd02f1e5ee52da870e3d7039af1472bfa879f09e479fe997a31ac487c3b98a061080526a6eb8083666815e32baec29b04622c0ed79e91 InvalidSignature = 64e703378e5e73cbe26a01ea4b21e926501266d634a83b2542985d3405202f38504917cd42363969d5f65bc7a1db79dd1f91c49407be518aa77843d14fbe7ee49715ef4457c32eec47f03020209b761ef1be6a12f489030ae585214a7a9429e60618eedf82eab01e3d7b39de7e220540812e1b6d0b88d200699c17387c1deb893c3012f4a340bb86fb353825f772efc4afa625784aeba437d2cf4a09e1dccb7e224385b03a40be52557005ed9023c0aec390f551de23d590cacb7c3b5efeb6c878b44524613bf5293fd5cce9e486c2552be609993dd15582df09aff677813ff5d2c2a8c55460912107818b29ed76601ad999902a461b06c85da91376893b9dfbcd8d50e135ba39a4c1daf2c610f0efc8717842d40caf59bd2f51fef7962d1a936a3a31705febaaedf94083748f2f3cf3fd2ed498490b8e6b20823f7ab78c8fbf518945d426cdca11e4b3e6a8e5c15bb3f932d60e0eceea2c3e6bc72255a4ff248203b02e268794b09cbfe4891b3383ff7e845c26a01fc9c4ecacd267ab186a4c -Padding = EMSA4(SHA-512) E = 0x453aad N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = dd1ac9357850544f391febbba214bc7b034f30e99b2229ee00db8974c1ddf31e49f6d53606eca6e7cb596cac73b98208c8c29878a3f4fba6547017df430d3ac7d8a99a4b99bd9ad8923449cafa7e2b2813e03d8e520e336ac0fb046ba0f0a83752dc205d77ebb88a565989ff7f894142ad512714f19859a40d2458021eadc7d6 InvalidSignature = 087210ce149329791f3509b67df8ce6fd0f75b86500780f9b16f451b8179d8aa69bf64416ac5c7cfc0695a775fa30aa6183fac051642e4e8383e8a2dfd8a93523e1de54478489caf0b35efab456123b771db81c734ddd3545c971b5a85663c9dae8970fc15752b843e3ab11d1a660cb8d4f63ba5a0c8ad3e7e2f21f7d70c5cf9753607698022e7f379dcd5fa5c4d7c66a71efd3f845567c360f704bd3679633310066a20050c056c8ac025f7721573a94dc91dab73c4f9b4d74ec24114d35b806562ccab94d598e46d2e915282a6b84eb9d545304dbc72f67957b6391a3b4e779a8db79d2f69316b28046b41c6f7a3fa1756d85e6c74f45a86aa17b2ba0d57d5548fdeafd33c9b8308d12c49ba913fa1d01178b83b7c99abcba31b3b92a014343ee67dbbb15d63f165495973fbd7769346f4b4a82a573a0ad36a8ba55de22bf595d368c3807d22828bc5da051a5ae469729e0d3f1fc9ce94d1d754703ee90fc9a7683ad88a2392241cf508fb6dc485652b8d8bf6dbdea987ecdf71948345d771 -Padding = EMSA4(SHA-512) E = 0xb3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = bf8cec246224e055e794d2f3f3fb3b1f77982a3f8f2544f4aa66094dec01593ad090364312f5cb79ccedadaddfe962e1941920fc83c9d6c2b4f0710205065811cb173878bc1607ea0d734379d7ef7b09bfb01104d6903e4fbebb567d0f794e43f8487b2c2a2e9c8ef14d1bbda4b8907e408587bf5024838510ef4325d10143b7 diff --git a/src/tests/data/pubkey/rsa_verify.vec b/src/tests/data/pubkey/rsa_verify.vec index bafb02b68d..fab7b999aa 100644 --- a/src/tests/data/pubkey/rsa_verify.vec +++ b/src/tests/data/pubkey/rsa_verify.vec @@ -1,192 +1,171 @@ +[Raw] E = 65537 N = 21294014927258304131040781115311862039488366453689673368700944513219763245673890697163631224238156125681871046912423252139958373673494842188327924075935021260823595479029869879301695218333300648958044759453090135302355875509854237140262345417466491045027237599382640606853811387812108430679944770972979218579912175629350561572866081828240542091504962510426591897021132609200583624897090266070827112815075415286361167712707065872906100580924648432056365602321172274687165761180171037735321703513069879499292378605702720368464285730865976993373285171622065557888622229864086839106896951917341016022559721964253271897757 Msg = 0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0068656C6C6F20776F726C64 Signature = A88A260DF63E7241BFB42C05F50B5FF470CEB7B4E47353C94C0EBF620309841FCD84FFA08B164411CA9D2066FA02D8223AC19250212409E241446C22C9B85B2338E6C8545E722427FB6798EAD8488106B01F15EE3E8574C85DCCFD407FAAD4F705D397551E4BF32CE484DE76514DBF805B5361CB3B1B221FE3AD12734E8542D4B4D53962D0B0A80B11DC789EC08B050F28CB75363B8BD1F545839953271DB7340C749C3B979C0A11C46E9D590446C8D3B75907B3F0B3F164A8F72D302B383B2BD1248E9D86EAEBEBCB0623FAEA616CDE51CFFE5BE3D0BF140F053B05B6A17B6A4F7B733F0042DC9AF4EA737031DB170EB5F691859B5EDA13C82B8EE69D7B2732 -Padding = EMSA4(SHA-1) +[EMSA4(SHA-1)] E = 65537 N = 119893703092484949505910087939224352570887943368162884254100835299677466992252964282958222122904137439852217811402556822825785524431976342366635228201325453615333815480375932228941159089934430428976301906105572009268593836870380845342944983495040828580470076501247572469467215357554733094411503190958365925843 Msg = B841D0374D3C86E67B67BDF00B Signature = 1060A74E3EF067A9B17754500B16B8C9F6B3B453FB290C71FCAE779DD37A6B9A24A45D1560DF5E4BC31143E6197AB15684236D8FE578E022495897F70451FD902BFA5703947EDFF0B63BF1140C63AE1C8D369A87B192E8BF6A3D486E909C3979703806010367CA0E0026F8920EA766B7E3759E23954D0EC2F746E6046FC14758 -Padding = EMSA4(SHA-1) E = 65537 N = 119893703092484949505910087939224352570887943368162884254100835299677466992252964282958222122904137439852217811402556822825785524431976342366635228201325453615333815480375932228941159089934430428976301906105572009268593836870380845342944983495040828580470076501247572469467215357554733094411503190958365925843 Msg = 0F1D14F9 Signature = 7D4F2EE63FF4B46A09EBB8F9E2F58B4634234B890F7270FDF3454CD2EEAF1BACAC3516BB5D0F678365E5226034032D6AD49069ED9C7B8BE471BFC6D9BBE3327CBA545675212A5552948524E52567FCE84D9D211191AAB864153C08DFC7576703C21FB9315578A0F1C167FF4D2B810578DC98FBC1235A4CD62ED89BD092C31C00 -Padding = EMSA4(SHA-1) E = 65537 N = 117873507567337895619658208679670925101378539654498066355113315112059799053003859776302497045938816878795017034893432557427285474379889211548804214301617169867599046479911599286664540733604522194941039104579220235811693184040720386906708801580081293183820229901159859136387878000483153929553556411647637914977 Msg = AEAD5A03023E17D894226CB2C7C77D5D4341E8BF7F1453140D58B427B40B0B18A9 Signature = 27ABB6E27D9DBA0F9E5DB3607BF04E20112150A779EAF67D4AA76D50A6060F7003BB33BE5A580789E567C3768AF938BDBADE712F7344B72655118636095EA8D697888B9382BF3030D56A685079980A992A9BED3AF0DC81AE4316AF31681A3BDD78CC4E83FD3C227A9984C261ADF36D201AA417243A28BA47488BD81CB1DA63A4 -Padding = EMSA4(SHA-1) E = 65537 N = 119893703092484949505910087939224352570887943368162884254100835299677466992252964282958222122904137439852217811402556822825785524431976342366635228201325453615333815480375932228941159089934430428976301906105572009268593836870380845342944983495040828580470076501247572469467215357554733094411503190958365925843 Msg = 6A4BAEE539612920ECB3075EF6C31BD7EEA01F43 Signature = 36F7211C290577ED0CF54007551BA65943C388BF2AE58F12E8BF7B6E7339348F2534E7515232D0AD72AD8F6EA173FA3D21DE13D392DE10C457DDA7C569AAAE170C8806A3ACA457461EFBAA7EC870947ABE2D5A91821B9254EA34A74E95E7648ED98A7ACD2300D4FC88C8B968E0AE68DF9BFF849E53AF03A2E12965C1453AAFC4 -Padding = EMSA4(SHA-1) E = 65537 N = 142827179040201930130129453963840750538620744427112921609232633077545705669555537375335626346255551646557899683797424190277107859970432546267654200388915589143829977650215992006588223561006749124827885807954027706624977201425591213477691544644089252839017126048324124185680925726240972874426438277384617501237 Msg = 0F50 Signature = 707E1B680D4D7E2CD102ED7AF2B63AE63CAD9266476418F330FB739FD052A7774A0182624E81C3AD14C12BA5BA1D99315217D84EA1FAABF4A90E7CFF1987535146D4944AE27E2C84F313E5E5A22C5B86A88333DBBC4D17425F180C6B0F4BFD3E9F03DE21B422EC125DA6FF2835A93CEBED8C1283568E04BB634CAC410D144B91 -Padding = EMSA4(SHA-1) E = 65537 N = 117873507567337895619658208679670925101378539654498066355113315112059799053003859776302497045938816878795017034893432557427285474379889211548804214301617169867599046479911599286664540733604522194941039104579220235811693184040720386906708801580081293183820229901159859136387878000483153929553556411647637914977 Msg = 5C3DB99915C8F7EEACB045ECBB7C35C06D4ED5A96AA9025A49093B70D7C2EDD485930D18DEB57C0282563F2B07FBA63245FDC773CF851985475DFB4F6FA335BE1B4C2C28A294E84E50172AA585B382BE1E1038FBD02F2BD37691D85A18346AD04CC81948698FF248CFAF33E222EA8B5FCAEC0E5AA8F753521EC47BCB756E05CF95E4365E06A69BB6C99A34A62939B478AC1209FFACC49BA4027749801D4A9F583395B34340 Signature = 9705B191BE8BD52D3E6CA1743DACDA5EDC1C7665B6EBC769A5983BB74D2F52C79F94954DC8CAB9A44FB3B387A0FF2843311CDA640DC39BA975518B511DF87064B17709804D707DA08A315F14D24CF6385310A62D7F6C47689B66C4A12F449FC95796F1821EA6838DE2941D0725B55EC860CB553B36878C2BA3994DCD0A8992FF -Padding = EMSA4(SHA-1) E = 65537 N = 142827179040201930130129453963840750538620744427112921609232633077545705669555537375335626346255551646557899683797424190277107859970432546267654200388915589143829977650215992006588223561006749124827885807954027706624977201425591213477691544644089252839017126048324124185680925726240972874426438277384617501237 Msg = F1FE75913B7A152626C287B1287B6ED4A04EB546950C0414B2D7AAF82DF8F255E08E20A2CACD2399C4304FD9F77B9CF8B2A244C15ABC25DCFE1B144F2B125AF791B05877E11BEAF3ECC75FC9 Signature = 87337D2D71F36C4452216459D55586634D755C84D9D8F80D058E029A1CB61A6D4819E3993B623AF90FF915AC585AE6088DF7565A2A205D6282252EA0863A7F12F07A06189F2E2C4EC6B27EBDF3955ADC7C85B803C612D44B9EA5D5FC0B7F15D8AC704D83DEC3D8F84808C2AA5F984FD06D1456B4EF875C33A7346051514DCECC -Padding = EMSA4(SHA-1) E = 65537 N = 142827179040201930130129453963840750538620744427112921609232633077545705669555537375335626346255551646557899683797424190277107859970432546267654200388915589143829977650215992006588223561006749124827885807954027706624977201425591213477691544644089252839017126048324124185680925726240972874426438277384617501237 Msg = 04F7B2C9BEEE7F00FD42C651A3492E6F61816AB3B0903477CFB49B2DDE8AB64D898019C6C937FE653A92C1BD992A3304F357 Signature = 14949A71A7AF9EC4364DDF90E5A7C4283F8FEF7DD3A544FFA4B1BCEC5FEA6C214FE7C9105393E72D308CA0994F6F900479219439B8FDC850E15404C024AB757BF7DDF35B0CEC668AEAAAB5039EC81F739C160DD57B26ACDECE905F608AB0396F9DE8F99A53F765D37FB625C8E90C68B4E5B32AEF48C0FDA39B7314FCE942A9E9 -Padding = EMSA4(SHA-1) E = 65537 N = 117873507567337895619658208679670925101378539654498066355113315112059799053003859776302497045938816878795017034893432557427285474379889211548804214301617169867599046479911599286664540733604522194941039104579220235811693184040720386906708801580081293183820229901159859136387878000483153929553556411647637914977 Msg = 71D2C0843ACA68C291953E66 Signature = 4C22BC81446B062A561D9A922E959036E7763B0803DD84168C48AC51DBE79A129D017E22BF9DA19996C09BE7369C4F0808ACC2E708DFF48AA2AD41EF78F5F97B914FFE079BE9F9D30E67049BA28BEE714FE622A18A3524FC7E58ED7C451714F14718F4475814B6D9A6590845D9CF6FEA2DCD313CFD580B47D5BEF6960CB0E463 -Padding = EMSA4(SHA-1) E = 65537 N = 118325216784138576928663205991913551509467682454344354700845118251718322925715329792999462630555914469943870869734614072789281058584985975285521715988924664768201330923551590045084966763856526589357351321070058281808367878672484954643315491816159591677428680677150214756146555087873428967903226383610237192289 Msg = 9D5116B54CBA7970742B66BE6924D122A1D7E570F037DA06B29A2B34175C8F9428D1E8E908EF492892AFD6B08019EED0123F32B74D04324DDB98171ADE66347C1FFB56BD1B05E1CECE2ADD838BD95CDEB74E36A51B69F2602322593462182437AF357BB63EF748F45CDDB66BE5357E9701C8B21C6613857432CB99C91CDFCB7254D087B361CCF05E77AF961F023E83416D9FF539A572A5C89117FE1506AF66335321A0CB7BF096DA0590D2E79FA60DD7A38B9DF2D352673F5A31A873111E3C8D Signature = A73BC3BD89ADF92FF2B8EE3B5430849301C322074696BD58FCA3D0C113BC9CD79D6D822FCE31ABF1C276C1272D045E5FD92BAE9FBC07EE54742D3342A2B03E8547B1DC94E86C5D08A13708780952498CE3EF3B07710E5777683C9630821248A9D38BEC8AB7C77DF1CA6E695F0289443C13A8A4834D97CE6DCBB6782A70F866B1 -Padding = EMSA4(SHA-1) E = 65537 N = 117873507567337895619658208679670925101378539654498066355113315112059799053003859776302497045938816878795017034893432557427285474379889211548804214301617169867599046479911599286664540733604522194941039104579220235811693184040720386906708801580081293183820229901159859136387878000483153929553556411647637914977 Msg = 75352B85B47E73B18E8CD9608354ACCA4DF8E2B73313C681A8119D6578CAF8F9A52EB4710B97D334D2CD49C365BC0E0BB89D63CEBE3EC62055E7948C9DF696B406EAB60881B0371F5AE092D0A43ED9AD307D026B2CB6477AF5ACC32919D470C39C9BAA71B0FA78F8687BF762C399407BB39C59727AF3B61DF3EA486E473D4CC8D67805E8810F Signature = 7F51B49FA57C4EC7AC72A90C9EBB51F6E21E3B6EE67E6DE32119AC9FCF97FB1909F74491CDE182ECBED994B66EEC44AC817A8F620444BB6520A3A223BE4AFA78B50F11C057FA4F4835D55283157F5C8AE60A2A46D0CB9D4BE3411FD3505F0FAC5202ED1C0629575B59001488B30E9F12E738F2B388C7EF8A82684CBA43115010 -Padding = EMSA4(SHA-1) E = 65537 N = 117873507567337895619658208679670925101378539654498066355113315112059799053003859776302497045938816878795017034893432557427285474379889211548804214301617169867599046479911599286664540733604522194941039104579220235811693184040720386906708801580081293183820229901159859136387878000483153929553556411647637914977 Msg = DA40B3B401DEED4DBCC3848CC729C8B5FD169A140914C40FEB752E2D3F2F7EFAA97CE26BABE4099BDBBAA522BB09DB37A1D06CB53A3BF7D621 Signature = 328E325D4F95D0013019B97F5936EBB347F1E5B01A559560518C1C47DC04434392BD2168DA08668E4EEA9A06A5CED7C9076BF7CAC667503FE6B7903953958BABB31EE9B29E356274F7136F35F5224A1BF50F3663D002B6220C3EA8572C1368D11D3C6DD6E1F3D700811257EF8B46246C2A6A975C08DEA782003F5CD45703FD22 -Padding = EMSA4(SHA-1) E = 65537 N = 119893703092484949505910087939224352570887943368162884254100835299677466992252964282958222122904137439852217811402556822825785524431976342366635228201325453615333815480375932228941159089934430428976301906105572009268593836870380845342944983495040828580470076501247572469467215357554733094411503190958365925843 Msg = 1C79CF64CCAA6C913ABAA5A555558BC251 Signature = 0C9485139F787BB6EFBF23783CEC74A53DFF16937FA6E76BF120D15ACF87D8480B7EACED7B44ACD2A87C92A3F5AB185B81664AE248C7557C2766656C05A5D206DD110E0E97F4F63364BB396F8431ECA2352FF84B4DB5F54FFAB155768624489FD6E7C40282D1F9D85674D21E01571FD24423461F3D04D9595C43BFEB8EC586E3 -Padding = EMSA4(SHA-1) E = 65537 N = 117873507567337895619658208679670925101378539654498066355113315112059799053003859776302497045938816878795017034893432557427285474379889211548804214301617169867599046479911599286664540733604522194941039104579220235811693184040720386906708801580081293183820229901159859136387878000483153929553556411647637914977 Msg = 3096922A62DABF6B98A4480D2F86629D1992FFE1545869DCE5E69F810EB793C5ABFFAEE2EEB846644C8BE8E31942BA16FE51B7988F355999CFFBA28CFB9DDB1B5F4919790B7E63E37F00289C6CD42F56F7520A2DDA73AEA4BCB2D10053AB9720B201D52AAE450BF22AF2C4E3AC Signature = 43F583905ED6D2D53045C60E472FC1FED12EBD88C190EE810F9576E262F3881FBF006211DD5943A48BAC7FF21C4317BC28E4968C98FF6E0F94C055FB104555C1E7B533F9DDC49D200CAA8C2F62C5EDC6A9E9E76290DDEBF38BAEC88EEF8B32B3DE804FF19627C04B13261CE2EF2101619CA1D6BDF3C5C7DEDCF21E18726081CE -Padding = EMSA4(SHA-224) +[PSSR(SHA-224)] E = 65537 N = 1119428424680318589795586141715055386037310539168633265412442840203765459121933347087296271503409502653361538704886463270098037299029844742790141591500136266254978458765667228024346681193517777869473504834168226149066540740737368233 Msg = 7072696F6E636F7270 Signature = B7530DA7632263B5AA4B0DC9FCBC3BCDF8B44EE2B4BECFD90BDEC108F50EBE325BE6F4EC8900BA1C345F2B6F59FB625C3D99BC6F04D99704144B05C2ACDD61927D3EBD886650E933774DF72EED0A5A3AA2810C17B56F877D989AF3A469950D0B -Padding = EMSA4(SHA-224) E = 65537 N = 142174165576626153607372698256305864594569560870673901094361474985698454475214485624030333494656951630915262404286478231307463911538888475540467821962421907280313609332673779512118006700905686743737304610222644814866475509553933039345450808232667589081836829812676481228393243702748665205665654871209739761413 Msg = 7072696F6E636F7270 Signature = B4816EA318CD92A64FBCF77C4E42E283534B2C500652DF6D88FF24130EB5C84350E9F52E4822BF60D7C4AE4FA11C811A7A0B4DF93C0215BC9B3D04337BC044E1994959D67E0E33121C9CDE1C50699B6C00966160F51C606334E15EBF60FBB8C76EFBBBA51460C75D30DE0F47863A1020885F5A4DF8AAA397C03AA409833380B1 -Padding = EMSA4(SHA-224) E = 65537 N = 164630263456117000015160044780495067044400405934160102582785618595264737952704698446678826348962937504290398007242147250281882539141663012582798644838997102553201425043459343724571036706353816116380999797810738720665186291265346946839405585633428066468495857110767903684090495610399584127282529381812835202843 Msg = 7072696F6E636F7270 Signature = 4FAF0FB7EEBB26B9BA778D092B42CEECBBA36B4DBBBE35C6B383439F23F2062642CB3D091BA77C4E1C46280E85C8C40A24FCEF5CDC9F4E383A54B19BB3BCD8B5DC28070CD5FFCA1525F6A655CE672EF96438F375E6483ACEB338180B24FAD3E4F67B58E246D0BCE09DFEDF5249F30517DA52FDE9340EE69B1B1316B81C2E2E1E -Padding = EMSA4(SHA-224) E = 65537 N = 2355338321894907982973449118532423046219855162684189584952364211024673239817984981221497833678417989141255985955373046108907439361208943134690142558869693319622720590693426934116543610706035829016468114721654712491555448755290947614168151367749236215414971936091383086872819572125926710274100720750822329346281157144216251301323577911043671958085809035421923499439374332063412011968019314606534545270261694061177194156135267601999819371566580234100693210082572199 Msg = 7072696F6E636F7270 Signature = EB6106EBBC6F7F29B503E7AED4CF9FD01F75F2C11433DE73188AC19A9A41D59F995107AD9F8B657B0718226245A4C149E352BF5D129F53971E30A4DE702876528EA67A8EBFD096396B7229BA9D6DA710DB37613F5FB1F3993B391741CE8E11EE0C324E3F33CFBEB78DB0F270B0C0CC7D3497F8594EC262D88EF9E03EBFD9E26ECE0921006C521A4B1B41D75BD79B5534B183893A18FE183DCCD1506B22E0E7FEF53E56B74870B62EDD262AA45F3FA9CBFC18045A549D5E202D2D20E08322799D -Padding = EMSA4(SHA-256) +[PSSR(SHA-256)] E = 65537 N = 959053819830657172479959445338239092546325203345907250825111845392833871445800392409753005065793320051134954211866734053526672830216705155840103275419514948544834171669678800877679307554229024265360880082897478182110972147307503999 Msg = 7072696F6E636F7270 Signature = 73F68238B7F19889120893C903258DBE620171982CAD9D155892CDEFECB3C153224D8A94BFD13B4691A4D51175756186AE4F689B6A1A1432EA255C0E8DD844E9C055397090C110C632EB6E24BA5ACA380239D399BF010E1451293DB948D4274C -Padding = EMSA4(SHA-256) E = 65537 N = 137126460274256653495503845615308970580703338943888033622233416638897981837645329990830646815644138206816666356100904616855829630528272075841659577079660881561538319561195872899967484040091088853712853721738321400822852813349942750220659315350946835604178720157749806025740852968661234681914747446252028384687 Msg = 7072696F6E636F7270 Signature = 3CFA8F2D410D5BE87DA2B644BD6615CE3588C7E4B261F05C18673F24CB570355A7F5D41BBF62F859BC0CDD5300CCA3DBF2B2AF13DDF455DD6D919811836B22BD4280EFAD24DF30EA185D7357C89599CF0C08A22F4D03162295379E842215DEBEA0DA0AE985F355AF392DD0F9F8A6A1F2827AF781630C5D2A2B917C5544B3206C -Padding = EMSA4(SHA-256) E = 65537 N = 126006263967583916685699969820130107481805287310155583856753083161341066900427337638894279209853492976803801580045932978846612143886893466294502409849740589461924621064167764049479934551356205760630996888983236964271640321672661343631339668444656679188756786625965068033966005693955734364699441283621584593211 Msg = 7072696F6E636F7270 Signature = 417D26DAAC12A39FEDA2C17EA2ED932AF9544DA11E6BB84B0E9D4758A57FBD9878457171DE72B888EF7AF40183EE7FDF81044512232D7199C11CF52A53CDE62022352EA747292FB3187EE51B2A17E9AF8DABA658DB6C4A5E4F07A5CF2E9203295E59B1916F526C1EF8F84F72CBA70065EFF5D4BA0467CB77165BAC3ACE21462D -Padding = EMSA4(SHA-256) E = 65537 N = 1535994647682156830025146305682101430588289375419325461493523175508757972443324873545542328575190898826304246979581796262102498557618669521756543193269936823644479735896765838890964884124308327752058628049476464897754887083569303596310112393952040793116800877055887644586747764213582584023175952242678031352275706621766526669304089776603910618106590459512947849911677482670963369198089945159909074168533868121597987806983779179387965117313926634389182597522052737 Msg = 7072696F6E636F7270 Signature = 7BBB18C1CA207CE639E323DF26B14475CD407995EC612F6D53ECEE977D4400E4BFC198ADF8B40BFE27363241A1F9541F01677AAD98F87E93998935146A8F77E7FFBD3DE59A2E22E5766409733F06EA2993620A27122B71C4D9DE755E70C703B4EC6AF5F314E0F720B656FDA93E2B3EE9A1688D711174E0D72D0D486DE36DCE1F9DA031EA46FBD6156B1E7A65A25B42696C9ACCD453D8E467313DA76F70DB225D3C44E133E65E8BCC177D065F53BB81AF13076AB0695AD2205040CD9B4DF851FD -Padding = EMSA4(RIPEMD-160) +[PSSR(RIPEMD-160)] E = 65537 N = 1135212553663584107314884133903187560403335585911952823156526296864447161004392018898893032642166251226831665007577277923094954883708599671228168609227001559862376751252578968570215347155172780962891797718925202798410837303642875271 Msg = 7072696F6E636F7270 Signature = B24136372B7716310F83846719F61CB4F86B11855BE752E85AE6DE9CAAD99746693B255666DFEB8C4A709C93A9DD1B2A08A9BE75831DA000AFA7D6230212C40F0DA59AB8B6291D1CC1DBA24D86D92FC318F764E905E0BE2CCE73E074498A7DC6 -Padding = EMSA4(RIPEMD-160) E = 65537 N = 94613803059245341252497110282782662925799518731465926298638967391150899050152239186296389621503521594231856243228621541185833920341908796798487566480908668936175536078268049764050980212141375485417177323511561382225676330608341652891466096188553609446126690072281497793677143342992312930024319534872689932413 Msg = 7072696F6E636F7270 Signature = 0795B1835ED3412E4EF2DA7DF692D04E959D5204331C6CA3D978F48F319A79B3A1A51CB584E56B0572853527B1C2F99CA3390C91E006466AAD7628A0FA48887397A865F864D6921575CCF186D3FA569EAF9137EB626A9FB920466FC042AE9B6FB6B8D7EEB4F8193E7DC175B9093FA3E49FBE4D6D472F3F38289A755933234C46 -Padding = EMSA4(RIPEMD-160) E = 65537 N = 166491552086320183954109117201818925417708116521858997163635089758714667741158710546579775119315514403338381116959375892471167456748571789122139698283057392753591412506812322815960183332817324693008323699161200640504727783703125815414659382732082432311164083612050255705351127025931627573927283095843563154197 Msg = 7072696F6E636F7270 Signature = 375AC6A2B3CC508CDE09109C1FA52980098EA989C2021CC19D74097A7D67B07F599F3FA0C65B02BDA6FCCBA9219D33A1F07219B616C30B1D455311726FE2470F63B86A02DE283391272D85B77C6D834ACE4246B692E1B4B512D5E72F3192142E765E38553CD3FCA435D129C7543F777997D8715A2CBE2B15A5659CDC67DA72F5 -Padding = EMSA4(RIPEMD-160) E = 65537 N = 1701550760793421862543562289931026945394881781447262972888516885584876436247030582756068401883540332824266791335242161375224480335226475621762011038836557438486994223355586125107160686772929148665772020114806515137374005081042904112745447320291689531965352389072090097529696081399233391439242320144394058920893342027979668204812408099791474966507368371676137037366817304246182026179444421945259005812216012619671229384439063712942602208902904719453381421672196363 Msg = 7072696F6E636F7270 Signature = 32631E346368C620BAF6FA5475F04B56FB60BA5CA67D1E3E22805ED5910ECEE71777FE19827983151E88AA1F9E57E96FDC536CE2F927AA3B34A94441E72FB498A649864488D976A0A4AB7B6490451A4F4712A3AF3587579A791CF8CB18EA4AD388B5C34F6BF54E9CB0F4AC5EA21EA2AA42A2266EA755D5EFFC02FD41C583E1CBDA53C1821BB79FB392D68A4524B0F65EBB64FF6656C52BF54D5774DF2D916C9B793E206E0D5351D7B4D18DE3CA4CCFA8F7A3ABFB36048C9297F7512B3FDA70F7 #ISO-9796-2 vectors taken from Bouncy Castle -Padding = ISO_9796_DS2(RIPEMD-160,imp) +[ISO_9796_DS2(RIPEMD-160,imp)] E = 17 N = 125242242467304226980818040029626771449089399969616333381049941622953718673240322529328207020354780888067722576207206966012991943446137640922660671107037754599453565985942582513009492907982173446675216454634592761000191710251638590123948630732326307922952494464857505415177402322499891218582307842351942219477 Msg = Signature = 8df6d3e7d4381ee36ec8ec7c1067db3b28da9e06a31b16ebb30c004dcd7a7904a799445d57b4fe90fb697b1e747c38436edaf64584b61dd1c4ced18f4098a0cf0a50953daf56e18284f42826e00e8bd009003e475904da186acfe79c578af3b093a32d0f8ae8ec46853e803ec2b6cf09d8066d3d84e2862853b8a6d9ec66b9ec -Padding = ISO_9796_DS3(SHA-1,exp) +[ISO_9796_DS3(SHA-1,exp)] E = 17 N = 125242242467304226980818040029626771449089399969616333381049941622953718673240322529328207020354780888067722576207206966012991943446137640922660671107037754599453565985942582513009492907982173446675216454634592761000191710251638590123948630732326307922952494464857505415177402322499891218582307842351942219477 Msg = 6162636462636465636465666465666765666768666768696768696A68696A6B696A6B6C6A6B6C6D6B6C6D6E6C6D6E6F6D6E6F706E6F70716F70717270717273 Signature = 2486dd61e560e661511db92f41045a87cbbb78ce577d28da533bc15fdf9cbc2748311a5faa6501270b46414ba3549de34160c1ef18eff339eeeae2c53f7ed4a5fddc19c5b3f5c391e8efb5548555d478f0698ec351f6a4974c9c74f0a0eba9fc03db9253f41f02ffc5f03cb9d1973946993aa3f831aa1d9e73a783e67bf7695d -Padding = ISO_9796_DS2(RIPEMD-160,exp) +[ISO_9796_DS2(RIPEMD-160,exp)] E = 17 N = 125242242467304226980818040029626771449089399969616333381049941622953718673240322529328207020354780888067722576207206966012991943446137640922660671107037754599453565985942582513009492907982173446675216454634592761000191710251638590123948630732326307922952494464857505415177402322499891218582307842351942219477 Msg = FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA98 Signature = 3d853e02ccea35ac803227458aaf5c964387e20390a476419e853ed415b3ad2ad750d19b4e4667597c1863ea2b0aa35fdbb4de589c4663583674e2c8d15d07daa54ff389ae96d78cceb2b5a50b649362357042b2c40d780361b7f6f089c7e27e92d21db1b3e3d368582e3dfdcf0312f727743c09c5c2cb3c0552b78db71be278 -Padding = ISO_9796_DS3(RIPEMD-160,imp) +[ISO_9796_DS3(RIPEMD-160,imp)] E = 17 N = 125242242467304226980818040029626771449089399969616333381049941622953718673240322529328207020354780888067722576207206966012991943446137640922660671107037754599453565985942582513009492907982173446675216454634592761000191710251638590123948630732326307922952494464857505415177402322499891218582307842351942219477 Msg = 6162636462636465636465666465666765666768666768696768696A68696A6B696A6B6C6A6B6C6D6B6C6D6E6C6D6E6F6D6E6F706E6F70716F707172707172737172737472737475737475767475767775767778767778797778797A78797A61797A61627A6162636162636462636465 Signature = 5cf8d66c115143929ce7b568c14fef2faf5fad18b19d94b128be1f49dcc2168d51777fc23e448f84b0253b99fe735f2102314533b754b1ebf08a29085e9392fb6f4550be8948e7b9a55060b74a87d57aa6d82475176d2f7776d873afc4349cdf207a90304469f6256d83274bb698c6dabe9b209b8e6100f14d1ce290eaca175b # The 'valid' case from Wycheproof RSA signature tests -Padding = EMSA_PKCS1(SHA-256) +[EMSA_PKCS1(SHA-256)] E = 65537 N = 0xAB9014DC47D44B6D260FC1FEF9AB022042FD9566E9D7B60C54100CB6E1D4EDC98590467D0502C17FCE69D00AC5EFB40B2CB167D8A44AB93D73C4D0F109FB5A26C2F8823236FF517CF84412E173679CFAE42E043B6FEC81F9D984B562517E6FEBE1F72295DBC3FDFC19D3240AA75515563F31DAD83563F3A315ACF9A0B351A23F Msg = 54657374 @@ -198,634 +177,535 @@ Signature = 68ea71ee1911687eb54b3d19cedcfd44719d0b24accccc59bdafd84e4eba48ef0be7 # Combinations selected:Mod Size 1024 with SHA-1(Salt len: 20); SHA-224(Salt len: 20); SHA-256(Salt len: 20); SHA-384(Salt len: 20); SHA-512(Salt len: 20);; Mod Size 2048 with SHA-1(Salt len: 20); SHA-224(Salt len: 28); SHA-256(Salt len: 32); SHA-384(Salt len: 48); SHA-512(Salt len: 64);; Mod Size 3072 with SHA-1(Salt len: 0); SHA-224(Salt len: 0); SHA-256(Salt len: 0); SHA-384(Salt len: 24); SHA-512(Salt len: 0); # Generated on Wed May 18 13:42:19 2011 -Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090c6d3 +[PSSR(SHA-1)] +E = 0x000090c6d3 N = 0xec996bc93e81094436fd5fc2eef511782eb40fe60cc6f27f24bc8728d686537f1caa82cfcfa5c323604b6918d7cd0318d98395c855c7c7ada6fc447f192283cdc81e7291e232336019d4dac12356b93a349883cd2c0a7d2eae9715f1cc6dd657cea5cb2c46ce6468794b326b33f1bff61a00fa72931345ca6768365e1eb906dd Msg = a4daf4621676917e28493a585d9baffca3755e77e1f18e3ccfb3dec60ab8ee7e684f5cde8864f2d7ae041d70ce1ea1b1e7878cbf93416848dbfdb5214fde972e5780cb83c439dfc8aa9fa3e2724adbd02bdb36d2213c84d1b12a23fb5bf1baae19772a97ef7cc21bc420b3f570a6c321167745f9b46a489ff8420f9a5679c1c4 Signature = 319c62984acd52423e59a17d27d4eca7722703b054a71a1ee5f7a218b6f4a274632eaf8ef2a577a7e8a7f654b8deb1ec9b1e529cf93459cc8af4c6df6fffabc3edded0c421604ea2aae35836b05fd9de7abd78540d45fd6d0ea714733a3427b00d9d6404db8ede4a27932b47d88243eefcbffe1e55841823def30c57de7562cf -Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a3db1 -N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 -Msg = c728846980d2461db29343acbaa0e69e8a7ac11456cedcc190994d37178f0964acbefa5ca56f5259e54d1eff0bc91ee5eabcd4523a4edb448c187ab784857923427e33472146ed25a4a2664ead3eaf5ff04c3dcca86e3ddc88d627f5f5ab961a72af57b25c20c08bd7dc431e08c843158571250a09f4ab926d1c7d7ad3cb0950 -Signature = 46acca5782d216e2f3d6f874a38b49b35c1e7a26626c9ad8af2c88a0e1d89495c02e1c476b3c8c86b0c6267683a16b3513d6ae5061a8c0557bd3cf0155df16369364da81bbf9f6d856b65add3290f5a7dc6e975812d1e680f7f24650d5c3f15ce90836b47db064b6494a68b95539eb2d5909bb033999c423ab14964a64c42efb +E = 0x0000a4822d +N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d +Msg = 6509048df94c808fcd84fcf16aa7e6735f95f111884c72d8905c0af9b59c861ccb1a03f68458561eeeb5ab1c3d296bc3cb3564c25d1a2475a84aa501141c309fbfc37b38c5811533bf18038b8982ac2449e1f25facb9a2ec735d0edf2fa7f80648ecb27a442f847546954e63d5196e3cdf81e410fe91b4e4f97e8cbc8ea6a7f9 +Signature = 7632ab719f25cf1d3baaaaacaa3fd102e519e0e2b6b153aad715a71582a5d36990dbbf807f9a71fe0390ddbff757de055399673a1fc0ca3e1e577ab380061875d5a3a60da90ca74eb437aa73910f128fb014a2b2cd0194e6a40f6a2f2697e2688f899e685f28b43f523d59f55b9050f8b7f11ea5960d9aa03fc5c94321c5a732 -Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000183a77 -N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b -Msg = 0b95962764ca7454c8212a4407782e6174248c5898db391d28d2a42f35228f1da3701d49dccd2cecc5dbe45af23190881601adcbbdf841e23d666f37e99f476289a1e3ef07f7af616bdd087609a409adf958a106c8a1e9096de7b5097fb96aaaa5700fa14d0fa6bba16ebc21b6983fda07719091239cd999a29ba12e5d389dfe -Signature = 7287a0b4db04c8c795018cf818a170b152309ee195cb239d22c70eb248e1db54dcf0c0f6c8a311bd07c7051218e53c41e94d0c67707d0a69f5bd9cd1abc5e01cdbe70d4abc75a8536bad424d94ce160d71104b89d920fbdddf8da741178bbbf315c3e9fa9cfdaacd41a55a86eb143c1fce55f0bac0b5e08c9dffdad05485031d +E = 0x0000d64215 +N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b +Msg = 60e8b840316f75535b1171f6ea36c7ea71ba2e1607e7201f90a03b3a3edee73e576139fe389f17d59a019d82144ec036e16731ece43684f9e9e192e42e431c77229cb1166c87d1502f2d52b48cb903e6690c90f271b1a5df5c13568871edbfa74903e733d510ebeca3ff58345c5dd820920f11cfb840cafa729e4fcd10c617f5 +Signature = 500d43a05b3083bf9720d59e24856d8429d95fddf3caea9968d30962e14473b60017ad57f07086bb0f3ded5aaeb2b5034ecd541f64e7bd40bdd25dbfb0b1d46fc69c79a8f833ee3c758033f3a48a5d79ab0fdbedd726491880d5a13e6a545021125a0fd695b0d266f9e527237e119083c4b175abd8391ca0bd26cb84249bf1f0 -Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035c661 -N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f -Msg = aab88ff728c8f829841a14e56194bbf278d69f88317a81b4749aa5fdbc9383486e09bff96a2c5b5bdf392c4263438aef43334c33170ef4d89a76263cb9745f3fea74e35fbf91f722bb1351b56436cdd2992e61e6266753749611a9b449dce281c600e37251813446c1b16c858cf6ea6424cdc6e9860f07510f7417af925574d5 -Signature = 657296e902331b8030a72920c6c16b22ea65fe18e7e10b7cdbb8a44ef0f4c66f3e9c22f8f35e4184b420ad3f1bdbc1d6a65e6230abca8a9bee10887833dae15a84bf09a4542389c685fd33e7385c6001b49aa108f2272a46a832bbadc067ff06b09b2f5f40c81cc2acac03311a3945f7a9f2ea81213ba9ba626d6a7ed49f17dd +E = 0x00593d67 +N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 +Msg = 7a884d5e7edc74c10c44418e47ec7d7dd66db0012dfc8a200ee181824f2cbcc8dda3301f01fe0914e2574baa4cdcb9a9afc7f63a6b90eab14a6067aa4eca0c57aeb66a181b9d664c47fcde68a80290467a8c37bf0354f67b1a65fa08ead35c2af4a8447253215412441b44f0e5c8c9f93da6bcb87db2782785d984c5aaaf72e8 +Signature = 8103b5648993736624556e994e052f6fb9b7dad36bbb845bf788a31c325f02c6f13971900c08948f448438472230ea69a6002f52417b53e1d32954d96dd35443ccd459b98d4c211c2277b54b36310cbff6da97298cd6ef261a7b4f7027ee11b97081cc710a7a3bc65714e1c69cb37bc844023691ec9f704d57357eebec21a27f6e624f46d35d88a64cfded5c5fbce3e97e71bad21f8d09f07de8afcb73e5d165999ce7fabc8fba8100fc7efa85acd447afb593b97b8e86ad24c1b93e2266d9cd433331c6c9395e1a7a4431ec46d57d53a37afbc985db7e4ee32d34da6da2727b930fe6ce8d7429bc04ba4877760d73fd1ee9c8e22478737c73405136a4e3d5d2 -Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b8267 -N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 -Msg = b80271b3ef26efb5b0ca8e809b61fdd209337ac23fbaa349e84c8900c2fb072b97ba52f76fc1d00004322e1676fcad4140ffbc026b72ccdc01826013c53c63b421adbfd560482b1e1d884489fbd6e06597ac9fa1bbfbc347d5ca4147a72017763f25e1d62a84a718e513fa5f94b63f47f6814a26991c2f924a6c5423d06fcb79 -Signature = 2db61ebaca89ecde29a2895f21d61220300f01d117337ba992e0e5a65d6c4a6bd537f6f74e64db2ea45c8892114d2d5450d9b9eb38dece3dadcbe91123a9ef8288e000bd3fc1e140d2499a7fdf44f3382e71d4def1baa6e40d8b70334906f895055295b8f37c779969975c11b79e2184321a883e1abcbc100273187ed1480a70 +E = 0x005f8d03 +N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 +Msg = 4f9a34e96e649f8928a7c58a0c84d1bbbee1a4c84a69c95db7d4ab8ee06905777fc19b1f8bcd28a3c41b97908c547590f80aa74927b05882d2ea36872508decfcdcc94dd53743864a8f475ae01843c3ee45a71b583b9e4f24a2a827db40acd26624489e96e60b815fdbdc9ae131a0d0fac5b6ad3088a53f6461df7383477b9c2 +Signature = 890bce2539c7bc657983af81cff87ec799771438f6dcf417e01ee056270a0ddf6095fcb94bac89626101a34209c1bbe3d3bd301b3e8a7303cb7d5fe193b0d6422e1feb6eb1ea8f1f37b29089b54633fcabf23a28c9ca422de4f7851f292ddfda0d550673961b72cf2dad77b3b66c9f3bbab643e80c569a6f651be3c6496caf72478cd437fc85a57a1cdc78d8029b76a804d04013f16cd6b469c69e29d07409aca30c719c8659454fbd9da60a9f62165247db74d18799eba33508667d1b645268ba39d74d7d954bb41d607fb7820960687b022320e6c9a3853c2fae535bddd915347405f525c8ab40edbc9b7fc6c62d2373c0cc7edfcc4c956615cc08d49a4273 -Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a4822d -N = 0xcef7d8f114854a2a681fe6ef600351b20a9d992010319590ea20f4152565098aed46b75330cac1da85652398402dd9bfa04f4e6c63f3cb6a30ee169b243a5ea0757646a47dc51db6af86adaf9b700044978da876d49863601d0c4ce7629decdb7485df787c68e250fdfae9d77251a315f127a93dfb024c040e274ec658e2c19d -Msg = 6509048df94c808fcd84fcf16aa7e6735f95f111884c72d8905c0af9b59c861ccb1a03f68458561eeeb5ab1c3d296bc3cb3564c25d1a2475a84aa501141c309fbfc37b38c5811533bf18038b8982ac2449e1f25facb9a2ec735d0edf2fa7f80648ecb27a442f847546954e63d5196e3cdf81e410fe91b4e4f97e8cbc8ea6a7f9 -Signature = 7632ab719f25cf1d3baaaaacaa3fd102e519e0e2b6b153aad715a71582a5d36990dbbf807f9a71fe0390ddbff757de055399673a1fc0ca3e1e577ab380061875d5a3a60da90ca74eb437aa73910f128fb014a2b2cd0194e6a40f6a2f2697e2688f899e685f28b43f523d59f55b9050f8b7f11ea5960d9aa03fc5c94321c5a732 +E = 0x002db7c7 +N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff +Msg = 36724717ec13584b5ae5c9816118a0f5596e1d37a88af088936baa875434720d6c2ef9553a0fb060cd7d3897f7ce19b3a212b8da6753830a5d1b6fbb2f37a4c072bb766f35469801d9878c3c23005e4f8f0a92fde71a5bfd15420ea136fbd5b7ef21a8ad043f79f8260dafb50d37d691c76095e75067e02962e96e818e076eb8 +Signature = 748b86aa568fd9db1c804ff3921350353a4e68f32a06066bbbb3933e630fb57db6ae097d26e167e9e7a7e594d30e5cf183347b691bb991e6249ea9f3b6b3ee9830b57e208b4f69b861febe5bf2a56c0f886ca715fc790e0112348436af22f56aaed69b9854ac1b4cdfb84fbe29a3faa7df9570e71950fff8d9c6d5138cb4ae7c6aa58e616a858ebc367a3b2fa813a95956bdf75d4db0d1ca3704fcd49a234fb6f0e9c5d17e220905c860da62eeecdfdd9beeccb3a43e86f5afd98e3003d523cd491897d3629c39ccd15f154554c369e6f03bd0afb92e5612d87418ef1844e812b12f718cedace11d61871f6337f6063aa41f542cd3b9fff2ddd8c42a9c9be792 -Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000412b89 -N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 -Msg = b2ca1c4b7d1a56595f8fe90c3e460b151c08ef26ebce3c9ea384bf68930e5c20f4894b78c4d381dbd24d6b5015dfe2a0413d5cbb9c695f580e7a3cdc789bf97d47568fa74913569ebfdbbd66b3623ee08c459135df9020778883bc86fa968e31d3ba509eb4e2bdec4fc24516c1d6061b23a7f85c5b4a67453829a72fbf060385 -Signature = 435ae89ed7ad4138aa8b19245dff3153b82971b6ad38233d39d34e9e388da6155e1c353575f74eecbabf1db03821dd38fe6047bf5027360f991abd890de235a0c1b545b5487d0ded6c4557c7ef74e12524534dd666804b861d4a778e42969a32295b63d1d70a105287b0ac75494e2dff1094a42118ec8d9b4ab28ee5cf746eaa +E = 0x00000000a673f +N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd +Msg = 744a128d95416147b635c3ad244f885c5440759bc98dc446382a6d0ceb4ba4db6377a39741dea91267ec43395a1eca8bea152dd016e9f0072abf75a02a9e7beb737ee4d1a0a2bbc2ab2875ee54df77b8c758d96779406a1f53ecf4111236c1eeee885da179369e3dcb11e234dc3998cb313202cabb3a3878fcda71c66bbc7ecb +Signature = 2874dcd9997e8f60ed51f9c47246cf5d919cc2368ab2b5d6078ff80c78e36dbc9722c94c0788858cd5e46150c9734df75fc9da2ab6bfdb1c6cd7ea6a181489e5a7c4b499733e9663784e1c87cb79f90d830eccec4824f4f2565d885d31fe0897173ee3ae61d19488375ac3917652ae66fe56e683be86d7a8445e62ab134f3cb1cffc931fc04689fa317fab58c150a94a555e023088d410b316c4e79c1c57f90ab86199c26555b34d44397e11e9f9161984317ef5d5c489b501a1885ecd25a994583c263b2f2c415b7ba7faf237bf58471dbfadbdf09bcb0de1d095b5aeb3f20af46113bbf9638c138a2ba78683b69c8652ab401c3beb2bb06ddedbe61dcf398578fe4c958465aa1bc430140b68f0ce34e4c964b541e6d66825011a4bc367d95338fe6256c29fba249d98a1ae0e4db55fce67775f2cde1d8661b7753f5c5b3a476e7a2c94941e74fffeb41a8a3d38e2a8c3d9bf373c7a511411e211bd4381ff30d36ae66fd29c55345ac6b8fd07d0b91135fc6c190861aad1b2d5448bff181e7e -Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd23bd -N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 -Msg = 9872df5b9025393394ae1b59030765ba60af6cea40fcfa1867b397422ed607a528bd147804688ed9b5148f08d10c03d337c26851f51ed3d369163418a67fdac018233a036c13eca3aa3ff61fa4434d2a9484995b017c3926e252870b06ae5d0db3cbd8668ece5b79ba56d70844544aa7bf1d86712bbd34f91c8e1884180a9775 -Signature = cc7a427ab109f85f16832c04bba7a0eebfcf4e236c7507b337fa9e1d437d89c908685a5bafda8e26e4c1027a841c809ea0693749c2461c834aa0a2344a2a332dc3a3440d895087278562a7e91114a052599de0aef06787aac8963b8ed2a97db088b808f0b91c17c91e24448b38fcee4cf0c76f4aafa0c61f380c97afc4dd49e1 +E = 0x0000000fd157d +N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed +Msg = ab73de454dec96f7e9435a968b1ec3a7b5ca806cb1384c0726461de1ea409e4d17a7e06961314c45a610dd48c7778ccfb75b0b16d177b55c6f92c642b804c775b9774d8cb8ebe334c4fd458a9168cfc883cc342409ae73f52cc0071868635e92ba6b8d76fa22420a6b8ffa2591f874db42a5655c00e76d1a86594a2aa1664ced +Signature = 518da26aaed8f7d3ae91b2556e71586e97adedde3f4ff3e641892c19d5a5419c96214ed32f9095960ccadf7464af214c964fca23df2adc194049ff1f7685136a2a7e033f297b224086547e8169b115ea7796b6b0aaf4d949de198f9404acdb2a1d229db9e05080af35910e805efd6151e632e28a057de7ba7b01fb1f4ae8e3091a720eb7dc2ca1e2d7705195feb9d74a58afdfb3530d988df70adef2d474ae1e33c9c2b762a7222748e6b9aef284c543dfd8fec4474af4298f1372d9ed79e9f920210d7b8c43abc0a22acb6bcbc75607c53af746517ebc5fd1f8a560d64595ac7d07066222c355b211fd4891b8ca3b92b00019d32c4a9b80f2cc52bd70219cc473baec785349dfdb0214b01ee7e1c618d8c851de0c3c8a9d3c20557492355eb9068163e241ab9f335a2036f0471424d8ea5e80d0bc951fc75087d5128c13ba022d8b9cc02a54992bbef119a34b652c707c2f6d362b30b2e0065ef5177f6b3d3b15d0117f82c54b2ad62b26ba8d9958c2227afcadff47e5e77ae7755db69f6689 -Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb045b -N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f -Msg = 489a093a195392c15b4ab965677d572888209e061834592ae55b7562daebc1d1db41f2e4f058ea87a69a3a98b2f5e59bd83267b00b82f5c3d65a0703fa81149559689c8912b96c0dee321ee0fbb4df0a769775cbee4180d1a7f7ffad3df2178889b61012c89fa1bcfabd6d2789e2cddc2bf8d03d099880bc21d9674ae9665212 -Signature = 71fd89c20c030e2f1d32c9b3241f008daa2502d220a9ee24dfb937d6d0a91172c686ebe146a0b4aa881042f0645c65f3241edcaf3e6e5e2eeb1196bcafdbecd04bdec6d84aa6800b344a93c0e2243d6450adb68bba8168ac8fe713cdcf63956e502c04a5ef05ae603fa38b3ad50156598de70f740e35e5a175a6f045106a05f5 +E = 0x00000006a996b +N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 +Msg = 6f8c5ab0de743f69bfebc93d28425330dfb2845b644e738731350ffa400cbf91ceac450f5f17e8b502b1d213d6adb71dcdc5b781b02e863863cbca5b6ba1c439ad8b33a6782e7596c630f0eabfa5b0897fca51b319f62092dccd7d12d5b784f39491ec1d33a22e3395d0ea6aec13879c7e2b1b98a88e8abd23a5f1c7863745e8 +Signature = 75ca1d0f756cb322ef458d0421af9aa6d0425c52864322129c63ae30e442e03342369283ca78ef95a29a2f58615847bc9a0f73d6ec8213d6863c30b84d56ea31684e6ad27b09a96bd8bb39b5aef2b25d40d3a7e1d47b3bfd6edd5170a84e669b7d5f7e81810280e41089ff7e4bce718b79d116c9ced7dc1e7ed6256a4ae480e9ef3e3af95de3ab5dbeccb5a36e60840b646ad418ed71c548fd68439e8098e63e55b3593a453cf87e9b8d7ceaea8cd8145173a6b36bf4c6d8b7e7231d3391440227ca8388d573b34e4838cd7e0a4402c45bf58c16120b6093686309c0cfabcf7e2f15de230289f59f5f9cf12841c75815b2da9c7d4f76998134d8df282e2a42cceb28d4f29740434422b1a8e7ffc1ef42383c4a31073421b034f709f6192308367d4f7283d068d4f128fa6574a2a305ec7033368923918ace1776cba31bde0bcaa833b5a9bcada359b26157487fbe01bd94169de91a1c45d928ef69de1f91b231b0b43e8d827d4f08ba15cca460525a03c4e381a44c1fac3515bb3d61a8d520c1 -Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8c34d -N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 -Msg = 56f35f42516bfca0dc1d2d727a4fb6bb2bcfba68417c2beb6f07852723fbbc8c15fb7283204b6e0c52934aa53fdf6b6f9ae9378c069b81cb29d04887025ba2cc7d4af3bc456c6231da108ea4e3107c4ec50ed58c74fe4e888ae4671696df58dcb66748b668d3c1599d1e61360fead2a1d5c5fc3234ac786bb9cd489c8491c604 -Signature = 2ce4a58678ab5a9def663e03397756e4e6e345199657e2526c8515ef5c705d3db2775a28c2c65599dd786682170e36d502242837e688fc6020a4239ec7380765724645e97f4795fd0e50c257eb5c5b2f4332f6219231b44b3f5bb4605f45b901dae7af47300bb29478ff22b7405a383b20874564def9f3b470ce46ac6e560d83 +[PSSR(SHA-224)] +E = 0x00006a3db1 +N = 0xf650d9f361cf9cf7c1e99b028f392d545b5dc5999a09d22913a106412adca99b3686b3f8ef5178d1bb9b1504503a5f866b563a58c7dc42d8c8537503be0c181d6d050d47a869bf7830f3c85f0e5fcc910deffe1d914ae2f8d77e66e444c579e99770043af2c7f7d89458730e716f80ed5800f8f9751f6f59bde63b6515c96fa3 +Msg = c728846980d2461db29343acbaa0e69e8a7ac11456cedcc190994d37178f0964acbefa5ca56f5259e54d1eff0bc91ee5eabcd4523a4edb448c187ab784857923427e33472146ed25a4a2664ead3eaf5ff04c3dcca86e3ddc88d627f5f5ab961a72af57b25c20c08bd7dc431e08c843158571250a09f4ab926d1c7d7ad3cb0950 +Signature = 46acca5782d216e2f3d6f874a38b49b35c1e7a26626c9ad8af2c88a0e1d89495c02e1c476b3c8c86b0c6267683a16b3513d6ae5061a8c0557bd3cf0155df16369364da81bbf9f6d856b65add3290f5a7dc6e975812d1e680f7f24650d5c3f15ce90836b47db064b6494a68b95539eb2d5909bb033999c423ab14964a64c42efb -Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d64215 -N = 0xab2781536ef9ff9714f72313939513eb7c4570b7cbb1f8928576f7c9f7fdde20f5ba770c0c5a7e7857c54335e167a78bf06cea5cd2a1bfafdcfd673a7cee4a2fca01b60c3dfd78527bd1b147dd01426b7f1fb6ab34876f922dce3bbfc60d4522b6ccbf080aa72c688c0a4214d44b371008ed235902d3af3373d20ec2f631720b -Msg = 60e8b840316f75535b1171f6ea36c7ea71ba2e1607e7201f90a03b3a3edee73e576139fe389f17d59a019d82144ec036e16731ece43684f9e9e192e42e431c77229cb1166c87d1502f2d52b48cb903e6690c90f271b1a5df5c13568871edbfa74903e733d510ebeca3ff58345c5dd820920f11cfb840cafa729e4fcd10c617f5 -Signature = 500d43a05b3083bf9720d59e24856d8429d95fddf3caea9968d30962e14473b60017ad57f07086bb0f3ded5aaeb2b5034ecd541f64e7bd40bdd25dbfb0b1d46fc69c79a8f833ee3c758033f3a48a5d79ab0fdbedd726491880d5a13e6a545021125a0fd695b0d266f9e527237e119083c4b175abd8391ca0bd26cb84249bf1f0 +E = 0x0000412b89 +N = 0xd7147d934176601d8dc64f372838bb46bceb7ed10e6dbd3100a46340d889b8e5ba3d69fbce0f4c9fa2b4df614a14fd0503dc04d6ee671cc6283d4d37410b6d0a74cc39b3d83728ca561c99d920e80f1d971e927456dab06cb9bb8600f540091f96d3605a8bde99e01cd977aaee7dcca20c328af04366bd5975c623785839a355 +Msg = b2ca1c4b7d1a56595f8fe90c3e460b151c08ef26ebce3c9ea384bf68930e5c20f4894b78c4d381dbd24d6b5015dfe2a0413d5cbb9c695f580e7a3cdc789bf97d47568fa74913569ebfdbbd66b3623ee08c459135df9020778883bc86fa968e31d3ba509eb4e2bdec4fc24516c1d6061b23a7f85c5b4a67453829a72fbf060385 +Signature = 435ae89ed7ad4138aa8b19245dff3153b82971b6ad38233d39d34e9e388da6155e1c353575f74eecbabf1db03821dd38fe6047bf5027360f991abd890de235a0c1b545b5487d0ded6c4557c7ef74e12524534dd666804b861d4a778e42969a32295b63d1d70a105287b0ac75494e2dff1094a42118ec8d9b4ab28ee5cf746eaa -Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ba2f3 +E = 0x00006ba2f3 N = 0xdda48fef7ea12b75d0446ac178e988cbfcb7da998c00ba51a5529cd97cc47f03772e1686fa5c43bb9ea4a62726e95889011439cce1e4b3be4efdb0f1fedd03549ec4d5c93fd6f4fb0219dfbd4b43f1b38428e2bde0cd562a999c77f2e5394d1bc1f375d63af7bfc73571b8c777966bb0fc75ec8167c46972b7844e981b90e2ed Msg = 7490b77f604083c6c88c5571a98ab96a8ea932b9b3457eb269791c6dbc350c775490d6c7995fcdf41b0695a5308ee348dff88407fcd1a1f7950741938dfb0f6a87d75e1405226a6ad192e0f79d21a1a9e662c3cc1e16d93909fb75cb68e4eb13d50e574deeb2e192b5d73f4f376a7cf56c90f8f25f3bb1e18efcc0fd941827dc Signature = 7434621457f9841573fefc0be82779d44c687d15ab75a6f284bf86b1e0a31647b0a8f5aa8d8a8aa216647f7ba802724406b18ee473724e2fa9ede3cae83130487cec4145ec00d4ae5e0542f2a1a7be491e59bad6e05d0422e87e98ba5ce9ceefe43c5a96a94f260035d7e7131dacbdbdf7beb0a10e8883ff272884c602ce11bd -Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffc8ff -N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf -Msg = 343d565d85c1a326570cc4062d617711e00c7178ef5b52aa16ead8bf222353170306593e2326ba13f6f4b62ad3406e6e02fd990b1645788b7c9d0c3e557986e08103ff76fc1869796e93c636fdcf9875666798594c40aa87d0ca118a6182df77d5bcb0ccb99f989ee6715af45515db6e35d1d62a3a55d0e737f94f6bef474723 -Signature = 1ee5c565d81347bfe222945008daa3923e88e273d537b4f993197f8e2cceb60f477cd53a63950b9c0aa03d559fbe940a506be4e9d8a8f5335ddd514483a79e81e24388e31c90ca6906be6c314df7904d6a7961832c2175edfe0f41412bc042d646edf6897979ce0cf0f30cb36ae22fab36ca815ac5288ba7b3b49fc109aac798 +E = 0x00b29bc5 +N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 +Msg = 7ced8a54c8e35ef5c87d03ee6357b658e2e528eda55ad30f14c88d0cd9895ea04ddf8fbb2fd703859c73cb9f3b07f4acb9e4a311753465f87c25c09bb74a0ebf633e8b7ec28aac4a10c8b22fb9098058c975a9d5a431ce9cf78627cdee3f5f3aa852a526e8c3004d0dc6e22544240164fcdf62c29a19b6006e32ea29e631fa18 +Signature = 8c074bae48454875aefa2b7ea090d11d8860d7cbee5ee4c3ed02cb45aadb0b4516872b0e4521789d503b4e70092ca2a0c7a88efb7d74c63ce8dffcf06995af7c9567a8df05a01b243c5f3edcfa3922d06967bec9d0faad2c84486dd38602a416ef253e4a28f74ca290e4d743accccd204d8b136dd197e7a2f25a2707f339c6ba444c19bc047dff0584c479ab07c2ae68f219c3c430f19cae3f711c0efab8d09f85ab66ae948c357db67078a359b9c746d2d66b31486c83765ab097b540b5e6f626c9111a295855dff5c2acea102f6a29b9569909dad0d4c79a941a3e71b3137dc68ae2296b6f8175bfab205432e409be9075d12580b5c14924dd53c3d44745d7 -Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d4bcf7 -N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb -Msg = e302eccdfddf1455a17fd2870f737f23902fd1d8ab6cafc39bca443301ba53afd79bca3aa52399d5f701c4460ec0b718d6efdbe3187f66cdf16c775183a0623fea1448047138ec2c0695c125ecb04846b032980f5e473eb3f44448d3178c9d8d05b490b5cbe5b462b882f1ad110bd7b5064233e7e58ce07c8e99e0422747aba0 -Signature = 032678e9feed45edf12af67a5fda9d1941f2942512adf95b04804eba5ccf01f0b37bf9e6a2e01b482ac1afec7684ac896b0d8c4149338e3936422cc7058114faf4dbbf7bf3c330f3f1e8e16a4bb755ce1dce34fee376b6c58e352f88e6ec8f60c5319d45fa01d46d7fa5fd2eb7ac453d1b3d34c17e2c9cf3b851be7b734c733f +E = 0x00ce5fd9 +N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af +Msg = 7a27b3080a30aa2ad290a71e7668133943e04af91676a0f37996a20c106a9eec34f365b0dd594fdfc57f80a0cadb6a2a9485937b798d984d9d9273465e90f96feffaa6e742099dd92c53ebabc49f0c780cf8b0c1d300bf5fd9879abc355ca443f463011503e89dfe4f3370a72a5d010df1622931eb761a12759d9fd85c76a652 +Signature = 085c5953fbdf2078040447ebf7e351fa0516a403067570eeb072d5a2601db2e550399eb8d1f5a5d35174468490a1ce554422d0966bcc3dc42d8ecaa4a3805d2d642c9279a4a30673cf495a15fcfdf04d408631a72acc94ff85c8002bc084f5d35c6a2baa6734e6c411e1b89d4be6aacd6f4277b37b179b503e023e95babb1e4254b702703903e3157ed1ff8b7f8edd498bf95b50ba4b10f244738e259315a74fb479c2accb01634a856b3415b880a2441ab6f9f5f810248c0b1a74316600f013a85d52a870f8c926680a45f8f7fc117e6298c878667b1059280bc52e129c6ae51f96c0eb3348aef9c4c8039e7684294cec1392ca1d9f1d1a67822ea936e360ab -Padding = EMSA4(SHA-512) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebb1eb -N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b -Msg = 5b546a186eb7af3e5c1270c3b97904efbd1189b79b17d9e10f24ba6936af5524a3d3eaa3af52c15a10db6401ae880b3bb2ab5876dfca441225e85ac57306233eceeae108a01f7fb2523dc92d1c6bd9751c21d173a633d023dc0b1ef27e35aa6a0322b710e825d28d48c2070dad2854e526fc5e789958635b5b1470b7fe44d4ef -Signature = 52119892d0cf2f9d556c9119979ed9d9e49cfcb4d634b951e7dbea750f97c1bcd2b713cde92ae5cb91979711aff3891aed1f514265d0ee7273630fdcde3818cd5ce63494604a89dcc9745d0fff9bfcfdada043ba2e669c9a51121fdc0a7adeaf132476815afb47440f3e47d6508f021938596e61be6a982561855c29447f89ab +E = 0x00f3e453 +N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 +Msg = 0380169fd5b1da966bc268e6c705dd0d05716455d6464f9b30f06655442e7ed4b1734ec6f78d7ffe2e840278f8c5a697b47feab2f44e0fcf311772aebe33190afbcf8c1bcb92e65f48812b9ab520dc1cb3dac942b8a3273fbedce21c387735fe4a5b77a8390a384021818c56e660a7226c4aaa0d0b8fbd743d085ea89a43f839 +Signature = 329eb5bce7e499c789504948fc2a7d71bc5ed2ff9c408e523d97bbed7756024f587cf4875f5849e7571015a2abe6547cee2af4a01ec0b81eb8144315aa316dfba35b6763701484bb081596d250d8548fa2fc562e12e823bfa58c31a66e914307ff886caae281eeed9232b68fe47164a87c0cd2333cf69d416212af17f2aaf869b22d4525456d29b437802348c258e7778774a9f88451452519cfeb36c8c95a6edeb7b0d472981e34f4aa31eea1e7e13cac78cceb2133fa29e03507b400154fafb55f6a86c85d4b8fc467caee0c75e5402bde718d3773a3273e59c1f1f3a9c6d57f0b46902cd346e9f2aaa20b85811340107c5c9745d73abf4a74ed3a35ee8b47 -Padding = EMSA4(SHA-1) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000593d67 -N = 0xc4b9ea11f21cd93c01f56c4219db7d2e52581a6c968705c06588c036b6f51a27de43ba0006d6e54d9ee20dd8bc1c4787b4c45e9545cf98c7872100f6c3492f5c3f1ce2d28caf10fa611cc4a4ec94543fbb872ef0fc8bb9558360960e4e386874d3beef4e9662e8779304e8d09bfc290a6fc19e9908e8eb49336ef02224107bd74de231f2610d76fa834baad342e87f5ffbd56ee8b459702425109af864401b713cd9e96a01137a860c3079e13704d3328003136631062b198be8d644ed99a0c62f94cf7971a0f2875592f35e362abcf2845a11ee98e5f01a515abd0d03646da28123b45cea4cbfd7de9bc399fd9f05349a2d0386516f70f5c9a9970d3231ff73 -Msg = 7a884d5e7edc74c10c44418e47ec7d7dd66db0012dfc8a200ee181824f2cbcc8dda3301f01fe0914e2574baa4cdcb9a9afc7f63a6b90eab14a6067aa4eca0c57aeb66a181b9d664c47fcde68a80290467a8c37bf0354f67b1a65fa08ead35c2af4a8447253215412441b44f0e5c8c9f93da6bcb87db2782785d984c5aaaf72e8 -Signature = 8103b5648993736624556e994e052f6fb9b7dad36bbb845bf788a31c325f02c6f13971900c08948f448438472230ea69a6002f52417b53e1d32954d96dd35443ccd459b98d4c211c2277b54b36310cbff6da97298cd6ef261a7b4f7027ee11b97081cc710a7a3bc65714e1c69cb37bc844023691ec9f704d57357eebec21a27f6e624f46d35d88a64cfded5c5fbce3e97e71bad21f8d09f07de8afcb73e5d165999ce7fabc8fba8100fc7efa85acd447afb593b97b8e86ad24c1b93e2266d9cd433331c6c9395e1a7a4431ec46d57d53a37afbc985db7e4ee32d34da6da2727b930fe6ce8d7429bc04ba4877760d73fd1ee9c8e22478737c73405136a4e3d5d2 +E = 0x00000008c6e57 +N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 +Msg = e883d8559b04cb610d3000d6af8887d72bd68e293fb7d5ddcc5762302a7c75afbfc6be9fd035ce9b96ebcc7f9533698529c315ae623e746411fd0b5d230f40c22e7e81914ad4c34022de2ea34bb0160fd4e92ec01e39f878ed208069c0f84a555e3589f4b2ec9196d8928f09780778bd53d23f261baf4b628847281ca83e7db0 +Signature = b0e596b45e09da386bacde6ec9c44e8a3aa54ad2d413c941bfa077de7b3838afeea98eb018ed40be73f5f8d617a212bc9eca171781c6ec837769d587450f17cb6a1bf594a620dcd254e0909a9ffac9814fdd4953b885cff3f099ef243206dc3f7c127325ea0bba1ea3341aaffcbadfee4845ebb55e3ad97e78bf41ca41eab4e784b6095be635ba7aadc5b58d702aa80fce64ff6252cda383557c37afa78148879e0dedc6d3828e8e8fabace3885f9f55ae887c44e935386a3d961fa7be2babd8716edb5dbbc0e587ba06a78e3492c6c029813a0dbead055c8d75573d70c3db7a087c8fdbd8c8da35ac2dc15f6e8f21df1e9f25d84b9ba186b3f3c8ecad13eacd98b18cb8ca2e312f1f7c7a719b184a524b003f22e4c504b2c085c85ffb1c035fc0717d1928922964bb837ce9ce4171cfbf09b6580281f7f8c0dfe0008ec4708352b47a0d812dbfce18fc564c6d1b0d5756848b08772c33c9a0052e1d50b4d9cba51e81d75ed097b6c29a0dd6ed5fdb2cf417eb0c1e09cfeac75149a38268821a -Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b29bc5 -N = 0xacfdfb1dcb1459b489cd4a8c9fab64a7da4f044bef1c506f0872e9476f3357abda509d9fb1db6a4f5306c40c058826253171cfedbc160776a48ec35b655bb9963286b6aece1c77dff987a0aae9720ba035dda67f317101bd3cd4e6caac867a8c38b87067938e96e72df1875f94e43e4c06f7a86a1dbe07836ee69763eee29bc13ca906d7740c29e651872a9ec7c6237f7c8290bb0800a030b323d09e7c903751d21a224266f9d6c94c17a4c0cd8175ea67b9d9020f2b3f31a96206084cddb2acef70b11ae25a46c4f6817c4813466d7cac76b27927145bd499ff87f22a946b688e980a00a3d54c72ab9c2c88a55a3ea4c6784068673532737cbe4799e98bd711 -Msg = 7ced8a54c8e35ef5c87d03ee6357b658e2e528eda55ad30f14c88d0cd9895ea04ddf8fbb2fd703859c73cb9f3b07f4acb9e4a311753465f87c25c09bb74a0ebf633e8b7ec28aac4a10c8b22fb9098058c975a9d5a431ce9cf78627cdee3f5f3aa852a526e8c3004d0dc6e22544240164fcdf62c29a19b6006e32ea29e631fa18 -Signature = 8c074bae48454875aefa2b7ea090d11d8860d7cbee5ee4c3ed02cb45aadb0b4516872b0e4521789d503b4e70092ca2a0c7a88efb7d74c63ce8dffcf06995af7c9567a8df05a01b243c5f3edcfa3922d06967bec9d0faad2c84486dd38602a416ef253e4a28f74ca290e4d743accccd204d8b136dd197e7a2f25a2707f339c6ba444c19bc047dff0584c479ab07c2ae68f219c3c430f19cae3f711c0efab8d09f85ab66ae948c357db67078a359b9c746d2d66b31486c83765ab097b540b5e6f626c9111a295855dff5c2acea102f6a29b9569909dad0d4c79a941a3e71b3137dc68ae2296b6f8175bfab205432e409be9075d12580b5c14924dd53c3d44745d7 +E = 0x0000000026a07 +N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 +Msg = e28b42777e68da66c97814b91025c3c4e31310e1c500c97027effc1b9885c55f36b364476895927bcf9a167a79e6932458f4a47bf3802aaa5ca4e547624142d507a0748d3559c65eac7430323fcf287340bfbacd39fadb36dcb5fb2c3d09d93e3f9b9bce4c7c1e154a4e8b68caa92bb982bd7c60fd38841c916a655492a632a3 +Signature = 7cf8440fa34025c9811aec02028bb2b7f3674aa29e755b8850b43e0ef297e08925745003740417be744ed2d69189dcffbf76026db75a5210c48f55b894e58b467e415275564e9e919f924b3272ac21aa152b865303975d9c3dc7e0c1fffeb60bb0e7d1e1fc159d85f69bbd19555326f010b3583c145989ff0b37e22f156ea4b67f31b918d263b337d4d505c03bc09109cd563a3b83ab3d9eddbe83c1eab35f2f861bcc8aefacc53d919f9f3d92fba06b52b11bd91adf5f91c883ace20c528a6210d89878ca1495a44dba51e8544300649db46e2a7e5d05c165ca7f684097540264fde41ff4fc9cad42b2a669b9cdd17b168e730a4de41fc0ea8faa07eaf0ff64b3279b2bae262e78ce317fdaba6c2f8693296e2a2b74d5418b5fc7e2d847b5be7595c69bd7c4e0a4367325411d50273ba1708d773fa07209f92ba4d89aafa46a6583412aba1fab691ee1ee0994e65ccbb8f31ca1e3b405636a24648e024b3e523be241919511e044adb3dfdb56836c6cf9f07090b5d1f729ad1d38f3c07eed85 -Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010e43f -N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b -Msg = e002377affb04f0fe4598de9d92d31d6c786040d5776976556a2cfc55e54a1dcb3cb1b126bd6a4bed2a184990ccea773fcc79d246553e6c64f686d21ad4152673cafec22aeb40f6a084e8a5b4991f4c64cf8a927effd0fd775e71e8329e41fdd4457b3911173187b4f09a817d79ea2397fc12dfe3d9c9a0290c8ead31b6690a6 -Signature = 4f9b425c2058460e4ab2f5c96384da2327fd29150f01955a76b4efe956af06dc08779a374ee4607eab61a93adc5608f4ec36e47f2a0f754e8ff839a8a19b1db1e884ea4cf348cd455069eb87afd53645b44e28a0a56808f5031da5ba9112768dfbfca44ebe63a0c0572b731d66122fb71609be1480faa4e4f75e43955159d70f081e2a32fbb19a48b9f162cf6b2fb445d2d6994bc58910a26b5943477803cdaaa1bd74b0da0a5d053d8b1dc593091db5388383c26079f344e2aea600d0e324164b450f7b9b465111b7265f3b1b063089ae7e2623fc0fda8052cf4bf3379102fbf71d7c98e8258664ceed637d20f95ff0111881e650ce61f251d9c3a629ef222d +E = 0x000000016b265 +N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 +Msg = 68b59f9de0146fa3a964bf399cabcbb685145fc727e8f70a81b925d850e13362d52b09ffd8cf52c4eda4db56f6913bfce944b9f8d4276a181e909a880f396dea92efc6a83a8e6889842c5c835c9592d1e2f8cb456ddfb5ded064589ddda2b295286b9e420e39fb1bf566096ad49f165cf7965b54fcf72185229e28c0c307488a +Signature = 0f49851133f72670c3aac857def0e20b2c3199cbf04fdb2360afd48a5f4a6d371cd77167e87f34daad9035afa520688f0705931f987f0a9d33dbb7d89a0cd4b286cef04c07b8a5b521ab7881d8a06b914cf416311e5dbc77637a8dd5752f114b3fe65e03130c603ea641252e1efda9cff7477054552174bb211e556eb27e5d9548a63545c01939e63568aac7295c87583578a4a46cb4a53f3e830ae9d09ba135800a97668d9844229b7e7c38e7df08bc9bc7f2ebbe462a43d224c9de34b386e67280350bd9f8ca05859519e07210cfcd1d3983b1d75aaeb9b9fed2d378f8ab233e501353dc8c35e7b573dd041924029bc7efc6a02aff08e2bfb1650da656c0073a04acfd2f3a09b4c41c857622d7bc42b81596157e61a2b8f6174f94af672de4b59e77d805fe5e62987afd740d34ae1e35b8c1b682996935258cf627b6cf85efb758f2d08507047f0aeba1127eae29fe00ca8738562eca3d55084b8c011bce7baffd902921b9e0de583f8979b97d93065f266a7eb546899127b8c287403decdd -Padding = EMSA4(SHA-384) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024f1bf -N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd -Msg = f991a40a6c3cda01f1a2fed01ca0cf425588a071205eb997a147fa205f3ec10448090e53f56be512309cf445b3f6764d33f157749d5199c7a09ef6246bd5c793b85d24d9093c4d4b318b48e11727cc8bb7aa5ec8699aba7466e074e1887bdf2a51752ec42f16d956fe5943cbcf9c99a5e89bfd940c9fe447fcf3bc823d98d371 -Signature = 6b42514e88d93079d158336897dc34b450e424d61f6ddcf86fe8c9a368ae8a22c4ee4084c978b5169379da10ae6a6ae8cd80028e198cd0a8db532cd78a409f53baf7d231b545835b0dc06d594d76868d986889419a959268fd321bbc8bad5e800e452fe1a1a2a5a851d542494473deb425171a2f37ffc4cf0600a8d561b20f777407bbef1b596f92e518c0929e8bd52b015c2718d14443a56056f65015515673deef32ae5399ae71f97873ec1508f8c41d6a66a13017685134e5425c4b580a7f6986c26fb272f0ed215d6698dcec9e7c5258173b295b3611869254a538945de952dedf291837df0d7a205e1b76b01140df4edce3afe7245d46ee3b292bb117b1 +[PSSR(SHA-256)] +E = 0x0000183a77 +N = 0xbf15c7a344db52c3da4c73bbe1aa9e43a24cc3ccdfa6dcb994e29846401f3d5ec9138756487def58d4bc5082baa8e93c840405d36ef37f59594d01f0665edb27cee3b6b647437405652cf809200597b0de806ea9ae20799400fe24bb3496d92e65ab5718c61ea24e302b2414f4a6ac1c99a4177de0f83882d638c46c95e2412b +Msg = 0b95962764ca7454c8212a4407782e6174248c5898db391d28d2a42f35228f1da3701d49dccd2cecc5dbe45af23190881601adcbbdf841e23d666f37e99f476289a1e3ef07f7af616bdd087609a409adf958a106c8a1e9096de7b5097fb96aaaa5700fa14d0fa6bba16ebc21b6983fda07719091239cd999a29ba12e5d389dfe +Signature = 7287a0b4db04c8c795018cf818a170b152309ee195cb239d22c70eb248e1db54dcf0c0f6c8a311bd07c7051218e53c41e94d0c67707d0a69f5bd9cd1abc5e01cdbe70d4abc75a8536bad424d94ce160d71104b89d920fbdddf8da741178bbbf315c3e9fa9cfdaacd41a55a86eb143c1fce55f0bac0b5e08c9dffdad05485031d -Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008d8853 -N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb -Msg = 7811a407fe653ad2343d83c0499fc11e2951ef0a4791a3cd9a06396be5f72e783cbbca2cc47002babaf09cdeb70194b532ccbfd24691ae8eb598d59f2e6becedcb4296a1debf417eeddb4d74fb217072091a597ddd0893ff02d6ad61105098db2e90508bd4b8bec5d6e7deab9e651dfdb8210532955e1bc788a908d7150ef8ec -Signature = 3ad1f0faa9a36586154a382a1f2c10e819dc318a68be35f54f95401b0ef2ba5cc895f0d6bde28c8d3b364f60de03ce75a7af29e5807c1eec4cd70624756e2631eb46af010ca8cf93ee7d86a4af3ced5dd2a8a41c1feee6b4572070873939ae7a2ce75193945937461d0064eeba07760c495c5c70bdb04d89951de3f96525f8e44612493d490731e7ef7679a24b0b1e2b24c8003c2f94114e4193d6e54c0af9e870530b008530210ac0b0e4c7c79f379384e1bb319b5f2a0b622517ae5d27f0eaaf7958cb0b41849126075092e86e7e7be5eeacef9a8e3ec595432ef619858fe0d0517871b8b495c01af6f18d4e6d250dbd19280ef4f8a37d1b59a48fa41b831d +E = 0x0000bd23bd +N = 0xd40e4a247dddd8dc32a70a38d287f3fa23aa016b77c8e8e1a98c2f60967a2b7a38f8614066031fb6eba697c367e3430cd8d924bc9eec28529266f690d538ebb4b0381b8966e7224e3c526122afd181d6e3bb6145a5a28d46dd36c1f1da823e0ff38b439c7638b44a127b072543f18192efde9cb381b2e98f4f5fe854e3391275 +Msg = 9872df5b9025393394ae1b59030765ba60af6cea40fcfa1867b397422ed607a528bd147804688ed9b5148f08d10c03d337c26851f51ed3d369163418a67fdac018233a036c13eca3aa3ff61fa4434d2a9484995b017c3926e252870b06ae5d0db3cbd8668ece5b79ba56d70844544aa7bf1d86712bbd34f91c8e1884180a9775 +Signature = cc7a427ab109f85f16832c04bba7a0eebfcf4e236c7507b337fa9e1d437d89c908685a5bafda8e26e4c1027a841c809ea0693749c2461c834aa0a2344a2a332dc3a3440d895087278562a7e91114a052599de0aef06787aac8963b8ed2a97db088b808f0b91c17c91e24448b38fcee4cf0c76f4aafa0c61f380c97afc4dd49e1 -Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f8d03 -N = 0xcd2cbe024059e2c019529e157684eb1e2cf415a71b002cc643668da85f752ef64cd8cacff6bb79e246f7b8f731c9f5cedc2a879302b51273c83f81f9a377d3e450bb4f4662ce01a010a6e68b66fee35b62d9861cabe56f6d262cadbeb44a58145a0f977966ab74f662674fd92f165eab397e1a2829aa2a7b9cf7c4af5db31119741d416308f3cb5aaebbcb5309e50820e7e1482b9b3a918653d9cfda6ed1122488f435dd54a418e922147be2f6586bb9b759c66b01d0045757302ca3835a68a67f36b33738ba9f8c87b909fe1ca5e5bad207cd0273ccc3b44a6185d32b065b64e2bd42b6c61f08b268b2b7e91ced5962e3a7d553fde91b77eecbeb9ba63e0db5 -Msg = 4f9a34e96e649f8928a7c58a0c84d1bbbee1a4c84a69c95db7d4ab8ee06905777fc19b1f8bcd28a3c41b97908c547590f80aa74927b05882d2ea36872508decfcdcc94dd53743864a8f475ae01843c3ee45a71b583b9e4f24a2a827db40acd26624489e96e60b815fdbdc9ae131a0d0fac5b6ad3088a53f6461df7383477b9c2 -Signature = 890bce2539c7bc657983af81cff87ec799771438f6dcf417e01ee056270a0ddf6095fcb94bac89626101a34209c1bbe3d3bd301b3e8a7303cb7d5fe193b0d6422e1feb6eb1ea8f1f37b29089b54633fcabf23a28c9ca422de4f7851f292ddfda0d550673961b72cf2dad77b3b66c9f3bbab643e80c569a6f651be3c6496caf72478cd437fc85a57a1cdc78d8029b76a804d04013f16cd6b469c69e29d07409aca30c719c8659454fbd9da60a9f62165247db74d18799eba33508667d1b645268ba39d74d7d954bb41d607fb7820960687b022320e6c9a3853c2fae535bddd915347405f525c8ab40edbc9b7fc6c62d2373c0cc7edfcc4c956615cc08d49a4273 +E = 0x0000ffc8ff +N = 0x8b72cf259d853597bc0c4b79f21061a3ae12f6e8eb5bde829633ef207aa282fb47bd574a4c6983ffe5687d1e4ede14db5ceb326717af8985c7778888521b4a431b1643b80df1f039601b4d5d8773f91c19239be3709d625174e05e946dd29d4cd58e9aef28946c8811dd1fdd84f9eb2176902ef2a710bb76494c65c37559dfdf +Msg = 343d565d85c1a326570cc4062d617711e00c7178ef5b52aa16ead8bf222353170306593e2326ba13f6f4b62ad3406e6e02fd990b1645788b7c9d0c3e557986e08103ff76fc1869796e93c636fdcf9875666798594c40aa87d0ca118a6182df77d5bcb0ccb99f989ee6715af45515db6e35d1d62a3a55d0e737f94f6bef474723 +Signature = 1ee5c565d81347bfe222945008daa3923e88e273d537b4f993197f8e2cceb60f477cd53a63950b9c0aa03d559fbe940a506be4e9d8a8f5335ddd514483a79e81e24388e31c90ca6906be6c314df7904d6a7961832c2175edfe0f41412bc042d646edf6897979ce0cf0f30cb36ae22fab36ca815ac5288ba7b3b49fc109aac798 -Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce5fd9 -N = 0x9e88e71138328da718c664b03685764881aa0145e8b23d2fe8cff47658334196ba8df505a8002d7692434625cfd29130ca11efa90102ac5690b083585ea3bcdaba216eabf0ce83e831db6b74c91105afb5edb4935691c656e24e3e4a6cd20d0a8cfb61f5509a08364b1db31a93eaaad4db58670bf7e8c8b259474f3d58a94c0ee7fd7c173e0f2ab7946dac5fa81c6046035a494fd430d0ed6719f21eccb57d09654a8ff28104eb8db4f56329324692509e8352127fe7ce230dca3bdb074063488f8282a70c1397a2ac18dffaddfd97c884421a7b3116b5936013bfd3d47f008c0864ea14f2141e57b753020044462b114ab05f121c7c5c4ecde64d0d0f9b58af -Msg = 7a27b3080a30aa2ad290a71e7668133943e04af91676a0f37996a20c106a9eec34f365b0dd594fdfc57f80a0cadb6a2a9485937b798d984d9d9273465e90f96feffaa6e742099dd92c53ebabc49f0c780cf8b0c1d300bf5fd9879abc355ca443f463011503e89dfe4f3370a72a5d010df1622931eb761a12759d9fd85c76a652 -Signature = 085c5953fbdf2078040447ebf7e351fa0516a403067570eeb072d5a2601db2e550399eb8d1f5a5d35174468490a1ce554422d0966bcc3dc42d8ecaa4a3805d2d642c9279a4a30673cf495a15fcfdf04d408631a72acc94ff85c8002bc084f5d35c6a2baa6734e6c411e1b89d4be6aacd6f4277b37b179b503e023e95babb1e4254b702703903e3157ed1ff8b7f8edd498bf95b50ba4b10f244738e259315a74fb479c2accb01634a856b3415b880a2441ab6f9f5f810248c0b1a74316600f013a85d52a870f8c926680a45f8f7fc117e6298c878667b1059280bc52e129c6ae51f96c0eb3348aef9c4c8039e7684294cec1392ca1d9f1d1a67822ea936e360ab +E = 0x0010e43f +N = 0xa47d04e7cacdba4ea26eca8a4c6e14563c2ce03b623b768c0d49868a57121301dbf783d82f4c055e73960e70550187d0af62ac3496f0a3d9103c2eb7919a72752fa7ce8c688d81e3aee99468887a15288afbb7acb845b7c522b5c64e678fcd3d22feb84b44272700be527d2b2025a3f83c2383bf6a39cf5b4e48b3cf2f56eef0dfff18555e31037b915248694876f3047814415164f2c660881e694b58c28038a032ad25634aad7b39171dee368e3d59bfb7299e4601d4587e68caaf8db457b75af42fc0cf1ae7caced286d77fac6cedb03ad94f1433d2c94d08e60bc1fdef0543cd2951e765b38230fdd18de5d2ca627ddc032fe05bbd2ff21e2db1c2f94d8b +Msg = e002377affb04f0fe4598de9d92d31d6c786040d5776976556a2cfc55e54a1dcb3cb1b126bd6a4bed2a184990ccea773fcc79d246553e6c64f686d21ad4152673cafec22aeb40f6a084e8a5b4991f4c64cf8a927effd0fd775e71e8329e41fdd4457b3911173187b4f09a817d79ea2397fc12dfe3d9c9a0290c8ead31b6690a6 +Signature = 4f9b425c2058460e4ab2f5c96384da2327fd29150f01955a76b4efe956af06dc08779a374ee4607eab61a93adc5608f4ec36e47f2a0f754e8ff839a8a19b1db1e884ea4cf348cd455069eb87afd53645b44e28a0a56808f5031da5ba9112768dfbfca44ebe63a0c0572b731d66122fb71609be1480faa4e4f75e43955159d70f081e2a32fbb19a48b9f162cf6b2fb445d2d6994bc58910a26b5943477803cdaaa1bd74b0da0a5d053d8b1dc593091db5388383c26079f344e2aea600d0e324164b450f7b9b465111b7265f3b1b063089ae7e2623fc0fda8052cf4bf3379102fbf71d7c98e8258664ceed637d20f95ff0111881e650ce61f251d9c3a629ef222d -Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033e58f +E = 0x0033e58f N = 0x9c003978e1f71731e2d1128e1be81bd6c99cd3251672b9c4186497243b17ce523ab113bd4fe397178e6fb5f3090b0680e42cfe78b3928c22da53ef43595b1c5792a2794f86622bc4a997932dc20df9cc429b5010e18d73c71796df877fb66e72d372081260fe7760d46ff916ac74292ee6e1659c2480a22c9522bdfa1beaa71ae2a5581eb0045bbfb7b1d687553cf3cfb061bd2e811e6085d9e4849f30735bb95b34ae40aef5a5eb399331704907b67094b8f418deb76b6ff419031a5b2cbc7b64487b49d418d67747f1609040f08adc42b1b0724869d838bb932511a580ac9d872d5a053f3b61b3f51c43fb2b3d510a696a9068e093eea0670e55e58571904f Msg = a6a2c5c8718c64105fab8d44fc69d334273aa71e7475d924ce625cfc61944aeab77927eb202f6a33589939da64b375d3bd22f61db010183d053676ebdf3af50ce33c05e09cac237d1e5ea27ceae0acf2120b84a29ed80d702d759019e098ba227314e40eadaa98d4fb215090589880796f1cd7130476c2a6904633ee2b56a014 Signature = 8ec5b4e7671975686b72eb3930f77ef3622119d0b2ae0618fa52c7410519c4f846c986001d3d82844ae4c13e99dee463448a498a652e9b725ddeb6323b83d5521637be0dee7b224c50dcaf6c7b9a2d26f9b0aad81ac6e4651f241d7a860b51c96ebfc3df978c5373b7846d3139f509dc16726f712c0e61af620b2c6db0955d0ae9cd4760bb9de6151e04bfa19df4d5aca2576f91ee7aba9eb446fee77c604faa5af87536f22fa6e239e898de906642fc6594be9328571b35a3a8420ac697ef993016f78def8a17d13698cc4c1876ee1006d814dc60161214a8f8b6f2a345c8b0c0fc645873b6bf9d2fbace2246f643a6d3a2e0b88929623a2e2a73823f6e325a -Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000646e91 -N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 -Msg = f3169de46af85cb510fbb4cf9c0aada9f875301ceafbc818f428a59679e1e6cd203d18a97e96f979efe082e8c43a252ea4c354872caf42e4d99aede1281b5cf8fb9d25f43f6a33a8cc09c6e08ccabb98e09f0e6c3f2d9d5021232f811bcbb4bc4bdfcfadf69d91aa701d88a13ce3f84f75b168b36c9e60c3936c725d9a177780 -Signature = 47b74ab96c333f1b60313998e9bdf5e313534c96c2f7b139f4fdc8295c8e53a1ae275b235a6931c69690ba8f1cd5bf9d3e1a6f8a23c9f026a592ddcfe35dc498ebef292ed49a87b4813ddcf04cfae8aaa6978f629ff58f24960985a452a09439a3aa027668055ac5900d62f5f584f8bdfaaa72489792fc32b6adc9d289dcbf5bb9a278ada1392b42a4e5b9714a1c3af00f937962477fe72b820dd4fce5cd2e25e6a56081d6119df474b7b7586b801680c4ecf9d067f584d79a9cd0f451aa90644096bf9e80bd469727ad7b7ceeb9cba63de2abd423ea96675d8fef64130e357a5d2f67da0fa528fb3ddbe2fd553033e517533c6d1c301c094ce0899bcbbcd4f2 +E = 0xa54611 +N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 +Msg = dc4c136c805849fe77b4b381e4c6b22a3ff69947a9b5aa6b7cbe42cb279c50e8396d0b6ebbe5e55cc396ba66466e4e982e81f63bac0895fcd0aaca4b57fb6802c4432747b28099b368ae5fb4ae459c2fdf04aa6a40ed0c2a9091a418e08d2669a555cdbe0c304d498d840832c35484397b071d9c0b6bf73be5f937fa6b5b7367 +Signature = 723f89429e5f8443defd528d57798d67548279cd169d185a0052e09472e1b37c313250136b2a5f8910e31229363515ad674ca9489d6c7ca7974277ba323110c152f664a79cfdb3453d4cfa6edd124f81384daae9b06f24f3599884e13db024393b5e211ca352149521eb37d29902de0c4392b44bcdf79d2f3792cc0a7edc3995aff9629719507a2bb35eaf2be9a88b74551a068e6e556d78f1662f0a78cc29be00acf9af7ba491940b8a731a3af7003654f15205c6171d009a015b68d423166e971cfce113bf2c7edae6af28a500d43e2f3bcb3b8dbe940eb0f8bb1a077bbfeac4cd20dbfe058605c31b3d1be79aaf1d051e27daab45597ac2838763e49caebe -Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000452b3f -N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 -Msg = 25e9e6c39ee6f5c455d81f868713362929cd68ae87300aac2bae94440095ec56b7e3e7f56a5b0d197fd89c94d0e2d048087f6296504b4e1a2ccbda959fffd42a96361bce842661fa493c2ea25831286b19de93198c5114463020ba5a23fd3eb78a8b8a34337179cd79acde996829c7fc2293031d816ae19afe553b7bd2b9b365 -Signature = 2e0b30ae35777c9f951b22740fccb88fdfa94e7d139c9eb105be1a1ce542f6efdf4eb3d1ab0b2342f8e354a0878e31f0bdec1eb67ed19491a086065af7e5188ed0b95e0dc88812f66d6c726fd672e03652432f85a9fe4766a7c315c0c695fc37c45ff5441d3177c4181f01c243ad3c9614e4c6f4f8b879ca8167a7790aca6b34c74936cba58e64cc4e32ffc8ad6c09c48ac59f1eb18dd11871ffccae98c465abd5885bddf59dcec5ddb31ce4ecd86bf6af207373a912b2717e726ce9ff555f3502e8cb83e287cf0f7c938cd4b26f075fd50e4127555ade94c974a4cf604ea5c5d9e94ce91fcb9a2bfc8743c06e69ca41ef029881c3d64078cc6311c694dee627 +E = 0x000000073b193 +N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b +Msg = 0897d40e7c0f2dfc07b0c7fddaf5fd8fcc6af9c1fdc17bebb923d59c9fc43bd402ba39738f0f85f23015f75131f9d650a29b55e2fc9d5ddf07bb8df9fa5a80f1e4634e0b4c5155bf148939b1a4ea29e344a66429c850fcde7336dad616f0039378391abcfafe25ca7bb594057af07faf7a322f7fab01e051c63cc51b39af4d23 +Signature = 8ebed002d4f54de5898a5f2e69d770ed5a5ce1d45ad6dd9ce5f1179d1c46daa4d0394e21a99d803358d9abfd23bb53166394f997b909e675662066324ca1f2b731deba170525c4ee8fa752d2d7f201b10219489f5784e399d916302fd4b7adf88490df876501c46742a93cfb3aaab9602e65d7e60d7c4ceadb7eb67e421d180323a6d38f38b9f999213ebfccc7e04f060fbdb7c210206522b494e199e98c6c24e457f8696644fdcaebc1b9031c818322c29d135e1172fa0fdf7be1007dabcaab4966332e7ea1456b6ce879cd910c9110104fc7d3dcab076f2bd182bb8327a863254570cdf2ab38e0cda31779deaad616e3437ed659d74e5a4e045a70133890b81bc4f24ab6da67a2ee0ce15baba337d091cb5a1c44da690f81145b0252a6549bbb20cd5cc47afec755eb37fed55a9a33d36557424503d805a0a120b76941f4150d89342d7a7fa3a2b08c515e6f68429cf7afd1a3fce0f428351a6f9eda3ab24a7ef591994c21fbf1001f99239e88340f9b359ec72e8a212a1920e6cf993ff848 -Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002db7c7 -N = 0xe3db9f81f57c99898c867221eb20449ed8b05c1c7d6d0388cd5bc691b84cbf9301b52b60f34be1ea5be12b87cc185d92451037ac2b2f79d1bc43d0736108b1eac5f5a52b4037825385df38966d15562cebd09d27c8fdd3c9bb09c0b3d77b0c05a1fc40b1d9d26bcc8ad35b321ad5866f500bb9196237a4f4f2f282f9091fe99e39c37b862dfc8a22ec487d6e36be1ef8276629b60d845d92524e97d6d52689924ff354a594ccafe9087f5ec6a988c2dae41d2a400d2c8c039e3d77ce5450ccd826468fcfe65718d292e7765f0185df94d5fa79c1e99a8b4f823b19475c6004c62c0f7db056fbe167df368ab8019d58b89d7d3790d427844684b147f962ae37ff -Msg = 36724717ec13584b5ae5c9816118a0f5596e1d37a88af088936baa875434720d6c2ef9553a0fb060cd7d3897f7ce19b3a212b8da6753830a5d1b6fbb2f37a4c072bb766f35469801d9878c3c23005e4f8f0a92fde71a5bfd15420ea136fbd5b7ef21a8ad043f79f8260dafb50d37d691c76095e75067e02962e96e818e076eb8 -Signature = 748b86aa568fd9db1c804ff3921350353a4e68f32a06066bbbb3933e630fb57db6ae097d26e167e9e7a7e594d30e5cf183347b691bb991e6249ea9f3b6b3ee9830b57e208b4f69b861febe5bf2a56c0f886ca715fc790e0112348436af22f56aaed69b9854ac1b4cdfb84fbe29a3faa7df9570e71950fff8d9c6d5138cb4ae7c6aa58e616a858ebc367a3b2fa813a95956bdf75d4db0d1ca3704fcd49a234fb6f0e9c5d17e220905c860da62eeecdfdd9beeccb3a43e86f5afd98e3003d523cd491897d3629c39ccd15f154554c369e6f03bd0afb92e5612d87418ef1844e812b12f718cedace11d61871f6337f6063aa41f542cd3b9fff2ddd8c42a9c9be792 +E = 0x0000000efabb9 +N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f +Msg = 3abd43f1d741ddf0b752dd94197ab656288ff465e5dbccec6179f8932f02c248196a5e3f12247c376c8d1e004b87a73a5a64355fbc0731044645255beb91cdfd77d970e681ab70c19a9c2167cbead7a23f6043363c7aff2258ca6723e99aab7abdd322ef0b1ee116aa488dd181eb6d163f4bc3f24c7e5dceffd067f211658347 +Signature = 4740115f251b35cfe19d3816cc1fbf02b9a4d9470dc62b41cdb72284c30fffd34e7057559a73b44ac49fa7285f3e9a680bf1949562a47f01bfc55eb7bda9e291c9a5ce1a5d7b619590c0e1bd36943fa41b9cc9b2a3a742c2942c53ec3e45c77176e4bf32b7101ab4b05a996a21fe12921841f8f0fad1e71bdeff5a7f53e8766367311a98b9d8618a6198aa1662e587332c24283f9ecf2bb2d825f597d18256ce9c5864f1ffca37c4ec8df4f945cf22c974f5ef3dbb9f170b3978bddcc91b13b9e8550bfcdb74ac7349d531e1e3280fc005ac34c03608993b7876caf27c8bd5a97306292082f77d9144005bcd1046f27303185b6a7cac539f1e05805ee8d0772f37acc3e7fa0920171c19ec9266c4dd6d9e51766c4433a2831c3e5fb7d84341624ea9a25e1a2eb27ef2c7e8de491d94d8a8a31919bdd7cdf6073a1d88f452ff8d15e57cf6504a81843c24351c61a373b73acd84c76de916f290e0e9bdf51d8ffa63f867af587b5c759111671079ea28846466cc33df7683639d018337ebe13cb8 -Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3e453 -N = 0xbc97958f980fc043630735e36aef0f278be381655bc6a4940864e6925d31ff1c9392ac5fa44b06af295818f03948a117bc7f0fe8f2f5dc0c1cbd9d1819913f13c0765f41c17a62a9fa70422578c86305c0e67c56b2d555fcc12a84c45ca00502b692d8790a26bb73a8f2df1fa44cf910ca45e8ea2c665a9b6d266c2c4c6075c55e686511683cf75bbca9573e8b79f01583d57bb21b6e8f46215962b9b3cb1e57ea56221f6ab61cf33f969babe3b5a1a98a76387144cd617751ffa012d8e7d1471b264c274228e2bcd549468a57316f392c75625435ddbe7dd3dc40544f4a9bb9cf5385b255ba57769897203a7a3d0f2808e05492b69a58483f5fc396e6523da3 -Msg = 0380169fd5b1da966bc268e6c705dd0d05716455d6464f9b30f06655442e7ed4b1734ec6f78d7ffe2e840278f8c5a697b47feab2f44e0fcf311772aebe33190afbcf8c1bcb92e65f48812b9ab520dc1cb3dac942b8a3273fbedce21c387735fe4a5b77a8390a384021818c56e660a7226c4aaa0d0b8fbd743d085ea89a43f839 -Signature = 329eb5bce7e499c789504948fc2a7d71bc5ed2ff9c408e523d97bbed7756024f587cf4875f5849e7571015a2abe6547cee2af4a01ec0b81eb8144315aa316dfba35b6763701484bb081596d250d8548fa2fc562e12e823bfa58c31a66e914307ff886caae281eeed9232b68fe47164a87c0cd2333cf69d416212af17f2aaf869b22d4525456d29b437802348c258e7778774a9f88451452519cfeb36c8c95a6edeb7b0d472981e34f4aa31eea1e7e13cac78cceb2133fa29e03507b400154fafb55f6a86c85d4b8fc467caee0c75e5402bde718d3773a3273e59c1f1f3a9c6d57f0b46902cd346e9f2aaa20b85811340107c5c9745d73abf4a74ed3a35ee8b47 +E = 0x00000002cc92f +N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 +Msg = d1acd4a6035f23bfe67006132a1cd474ef58c0113670f53c95eee57030bddd92e48edd77c57ba8a7cbea1760c8b5b2de9d8881daae8a2051933f128611ad574a48bd417b2de583cb3b048bc2668d120751e8f1dbc01536e650937736668066856501a6ba24e4ddb39f840b42eced1a757141b61b555b5e8334b1bb87177f31c9 +Signature = 55613f64331abd971e822cc3d972f67e782b6af81aac0b80e2f6324da6d9f33c46f8b7e24c94deee7e98525aaf4ca6843753df3d444e1e0540f9c196ffbbcb4fca7aad4ba94288f911650e3caf6dd22f87923fa4b12e2d6b115f2fe773af2563cc760de88cfa6e16878dd9c07f0d45b10a224d1a7ee1d26ffadfd38b78004a2045b35d9cb9fccdc715668a7401db7adef109ebcaafc5269d377c1e8f7d4292459c801a93c4d07ef477f87175aa35e002a03c2051985fcb6963e9bf96e28e55eb52a3554475f9095f24a9e422fa84b60590e8b8d6ec91dcf6a584cc8a934e551befeedc0f0f48dadf293f0f9260ee22d72ea46e271045b66516b2bebeed52722aec5f084085f8faa689308bc13fa5b9e5b0aadf2766258e01d4b8ddbe0d328aa112237ec10b115be83fae8a0113f8890edab79d0463c9ec6e2db4504693535dcf7695f84425e9f7b73e4f18bc072f5131989b0cdb07f496f15e562d07f0711cf979f1aa4d140d9783efd6f96c41fe5fb79e5d5d689dd5a705f1ff837754031a39 -Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a54611 -N = 0xa6754738bdf94dbc846ceb937a3896e747d5c6222453a83f6c86310e5819129613f9857d5e4a06bc5d927bdb011d23d8219549ced82c20592bdc419deb67fe43da87fcdfd01ac1acb07e513170c45d1e058fb56d8cb090a7f2565381785c4478362b253d47e056053516be15f448878d01c9dac06be45957882ccffc5ddaf06bc131c866349668de950e9121b134e5ae1c29815473a20028b9b7ea64d9dd8253a518b766dea714f7b37185a1d707a21cfa526a7d76f55119af728626b77e5b66328c2b37ec78be56380a4cd3900fe6a757f21b5728d31e5f1344aca933042b99240f89dc09e76a03678b402780bf64813c339e79893a3355674ff4807b200775 -Msg = dc4c136c805849fe77b4b381e4c6b22a3ff69947a9b5aa6b7cbe42cb279c50e8396d0b6ebbe5e55cc396ba66466e4e982e81f63bac0895fcd0aaca4b57fb6802c4432747b28099b368ae5fb4ae459c2fdf04aa6a40ed0c2a9091a418e08d2669a555cdbe0c304d498d840832c35484397b071d9c0b6bf73be5f937fa6b5b7367 -Signature = 723f89429e5f8443defd528d57798d67548279cd169d185a0052e09472e1b37c313250136b2a5f8910e31229363515ad674ca9489d6c7ca7974277ba323110c152f664a79cfdb3453d4cfa6edd124f81384daae9b06f24f3599884e13db024393b5e211ca352149521eb37d29902de0c4392b44bcdf79d2f3792cc0a7edc3995aff9629719507a2bb35eaf2be9a88b74551a068e6e556d78f1662f0a78cc29be00acf9af7ba491940b8a731a3af7003654f15205c6171d009a015b68d423166e971cfce113bf2c7edae6af28a500d43e2f3bcb3b8dbe940eb0f8bb1a077bbfeac4cd20dbfe058605c31b3d1be79aaf1d051e27daab45597ac2838763e49caebe +[PSSR(SHA-384)] +E = 0x000035c661 +N = 0x8b71c2bcb324a3fc23d292fb4f18cab5140d521013361a07071bc788859cbba33fc226b2cef9c1b3663d307acd3e4d8eb7acff63d048495a2d61fbeb617a42c4f424a347673173902cd1cb11780003e715662d195996fbff55f6b9feb54a18197e6848aa8baa15fa020cc54e72ec976d766ed63ee4e00071a11e29d7baf30e3f +Msg = aab88ff728c8f829841a14e56194bbf278d69f88317a81b4749aa5fdbc9383486e09bff96a2c5b5bdf392c4263438aef43334c33170ef4d89a76263cb9745f3fea74e35fbf91f722bb1351b56436cdd2992e61e6266753749611a9b449dce281c600e37251813446c1b16c858cf6ea6424cdc6e9860f07510f7417af925574d5 +Signature = 657296e902331b8030a72920c6c16b22ea65fe18e7e10b7cdbb8a44ef0f4c66f3e9c22f8f35e4184b420ad3f1bdbc1d6a65e6230abca8a9bee10887833dae15a84bf09a4542389c685fd33e7385c6001b49aa108f2272a46a832bbadc067ff06b09b2f5f40c81cc2acac03311a3945f7a9f2ea81213ba9ba626d6a7ed49f17dd -Padding = EMSA4(SHA-384) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b2b5c1 -N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 -Msg = e4ceaf62ba10e317e1001d8a6a008843880790159597ffaf56ef666d8081bf747ba650fd6591d3f15a81d3b7f33b59490cb8c88ecb1b06e4dee6dcfb036ca0eace8a117ca79282cb12883b1133911cba91a883be1a93702d6715e70c4266965f65e0b88785fb39ce8f7b1b4132e818be9d3f894d8ae786b37be64f454355eafb -Signature = c269b61d34cb9814934aa8d2eac38f5d941d7b69e1e0cdebea5f275f9fc4a94007cfde1b33a0f9cec3d2b60c6b6675d8a91e7a3251d78c31943524ba75824cff10dee098205f0c84d0f941bf1098785597a88c10058f2c857f85e53a205de7cedc10ad3f1d2abe3cf7c61382c14eeb6d7b409f690f9690fe9b72eb84619fc1f95a8fab7bf9a35248d7e1c89559798c0958a75b85fcaf143b41c3a23864a548026d57209ef64c2d6d61bf9ac15257a531b10fcc06fa97fd6e3fe1a882bce6fd2b8eb5a6267835dd8eb0b5e3e21350f6650de66d27c719980e98ed96006115caf94c061fd3669dc64653843853269b1b6df0515cf67f3161024ab3cd99a4ff5f16 +E = 0x0000fb045b +N = 0xcfc4fc3458c4e37c95a3d489a332e08e4019e477c85645c0fe24e25b6fbb2b24dc123ddf9f3220ba965dda6c97856b4821b3f7052453cd6ec8410f9fcb47cd2f4359d896092f8c944b9517c046adedc002219936da1276ca2e7cf43b344d96cf31313fd766f5e84af1d36afd6a46c45c140841579d1dee3907414118e382855f +Msg = 489a093a195392c15b4ab965677d572888209e061834592ae55b7562daebc1d1db41f2e4f058ea87a69a3a98b2f5e59bd83267b00b82f5c3d65a0703fa81149559689c8912b96c0dee321ee0fbb4df0a769775cbee4180d1a7f7ffad3df2178889b61012c89fa1bcfabd6d2789e2cddc2bf8d03d099880bc21d9674ae9665212 +Signature = 71fd89c20c030e2f1d32c9b3241f008daa2502d220a9ee24dfb937d6d0a91172c686ebe146a0b4aa881042f0645c65f3241edcaf3e6e5e2eeb1196bcafdbecd04bdec6d84aa6800b344a93c0e2243d6450adb68bba8168ac8fe713cdcf63956e502c04a5ef05ae603fa38b3ad50156598de70f740e35e5a175a6f045106a05f5 -Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af8e8f -N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 -Msg = 19dc8b8a9da18dcb3cdcd54fe19fb766a8635ede3904bf27550dcfb5ae36f4a6fc2bbaa54d8fc80e9c411252a6de509ef987aeb74ee4c5291868caa05dd70596c506852ef1e313600db46457a9a49317c47bce632aad4fde01968d709e04b4eb9df653ef30a3550bb7be332491f9681b32c824aa7667448f351e82ed18c4e9ef -Signature = 694678413019405b4650f73897387df0a9a0744c345e52c02dbbc7d0083c71e0304d0d8cb47e08ac78ca34bcac209679671a036e1262285bddcf8d65082d8f49db6637bc2711f2ffcbebc84b0a96f581bd2de0e53ca24c715e416cb4f4da2eb4a4d0df893895910cfa4c346ee002f35792cfc066f25f048934b911dc748ecc88f709ba96f320b3f4ac84b740d7ecd32af63a833612a6b153e06f082e25b195fb0498e57c0e284ae03fdb27124f3af34b468ec03c8f9e2e4182a8d0d18f10221f79c13715be8ca77ce322f81f7555a57fe2e759f280d2a095d33ccc89ae1629b6386014df1215bc21cd8385548b1a149f57f2cf8487a6867a1bce842240050763 +E = 0x0000d4bcf7 +N = 0xecd6bfa6bdfd753f6f856db12da04af254dbf26e56623f86c06031bdd60124544ceb56e4dbec53740d231459ad3767bd202f857e88e4d767f04574329aa51c414f4d4c52edd021850cb1b6a4bdc11be1ab63b9da3ea1e80db05eb8bb4f1e801fbe4b7a9d53226dcb8a4cc6fb954a6c44802011ea4745c75ba6d82b50e3243aeb +Msg = e302eccdfddf1455a17fd2870f737f23902fd1d8ab6cafc39bca443301ba53afd79bca3aa52399d5f701c4460ec0b718d6efdbe3187f66cdf16c775183a0623fea1448047138ec2c0695c125ecb04846b032980f5e473eb3f44448d3178c9d8d05b490b5cbe5b462b882f1ad110bd7b5064233e7e58ce07c8e99e0422747aba0 +Signature = 032678e9feed45edf12af67a5fda9d1941f2942512adf95b04804eba5ccf01f0b37bf9e6a2e01b482ac1afec7684ac896b0d8c4149338e3936422cc7058114faf4dbbf7bf3c330f3f1e8e16a4bb755ce1dce34fee376b6c58e352f88e6ec8f60c5319d45fa01d46d7fa5fd2eb7ac453d1b3d34c17e2c9cf3b851be7b734c733f -Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a673f -N = 0xfa15594057e21dfd0b41c921627809dd454b519cc1c4ea39883814f9cdeff4a184d10f641a5ced9a80de1623ee7f86567d953256f48dd68ccb2e8362173aeaab3f11182425924334f9b92092c0fdf1e3b4c17b5efbc0269a7d839683470112c425c4d77b8835e6a307d0189223894d74d809ddba7260fa22cf3eae11e58cb94bf61cff8faae7cf17643cacd709725814ec9c365366b3a721161d8c2092681520a23e888dc0fecdcbe61f0cf27f3ae99ebab6a459331cfb3626fcd34eb124adf5ad5cf6ab5af05e0956391cc6debbbd0d6270b8412f330d469c41b26bc0f261b9aaaf4178b55b21af6ba12dcec1b9c58e9eaf9747e37cf50878110aec5630fe3dd77217c35e55c48896207a8586354d058dd7028a386e474b7c736283c45662c4810f56c6d0ec8586397d499d59c0e0a8d640c25bb91f3fd2cc74801f2526f78ae49f42b279a1687b9a8e965b49fe10a2360852000f440117b84dd8cbb793c27f124ff88535a25ecf925d464efae566f81c8f43d23b646296c087fb56589ecebd -Msg = 744a128d95416147b635c3ad244f885c5440759bc98dc446382a6d0ceb4ba4db6377a39741dea91267ec43395a1eca8bea152dd016e9f0072abf75a02a9e7beb737ee4d1a0a2bbc2ab2875ee54df77b8c758d96779406a1f53ecf4111236c1eeee885da179369e3dcb11e234dc3998cb313202cabb3a3878fcda71c66bbc7ecb -Signature = 2874dcd9997e8f60ed51f9c47246cf5d919cc2368ab2b5d6078ff80c78e36dbc9722c94c0788858cd5e46150c9734df75fc9da2ab6bfdb1c6cd7ea6a181489e5a7c4b499733e9663784e1c87cb79f90d830eccec4824f4f2565d885d31fe0897173ee3ae61d19488375ac3917652ae66fe56e683be86d7a8445e62ab134f3cb1cffc931fc04689fa317fab58c150a94a555e023088d410b316c4e79c1c57f90ab86199c26555b34d44397e11e9f9161984317ef5d5c489b501a1885ecd25a994583c263b2f2c415b7ba7faf237bf58471dbfadbdf09bcb0de1d095b5aeb3f20af46113bbf9638c138a2ba78683b69c8652ab401c3beb2bb06ddedbe61dcf398578fe4c958465aa1bc430140b68f0ce34e4c964b541e6d66825011a4bc367d95338fe6256c29fba249d98a1ae0e4db55fce67775f2cde1d8661b7753f5c5b3a476e7a2c94941e74fffeb41a8a3d38e2a8c3d9bf373c7a511411e211bd4381ff30d36ae66fd29c55345ac6b8fd07d0b91135fc6c190861aad1b2d5448bff181e7e +E = 0x0024f1bf +N = 0xcb59aae30883db678ea7b2a5e7009799066f060757525166030714a25e808482e752f04f78611b3509d6005b411530c9ada4d8fbddc85f9db3d209eccc6cf0cae9aeb902e96688d2547974b7eb3323eeaa2257cf8d5c7c97f5176e2cfd29e19d0487380e3e64338c73bd592d52e9dbcc9606ed5835758c1a112c6a004256b5c4338322695df2ba573be0e79a7b9f9afd497dd38eed39f05f88d7d399d1e984d048067596ad1847ce51221babf51873bad2d81fa91cf3d9fd307e3ebd41fc49a8b3252ed7a71fd2357330bef2f1f89f2c80f740567e2ae8d168e56f007e8fefa33d2eb92b7d830a4f978ffe842ef0697db50602b19642afc50ac1f837e476c0fd +Msg = f991a40a6c3cda01f1a2fed01ca0cf425588a071205eb997a147fa205f3ec10448090e53f56be512309cf445b3f6764d33f157749d5199c7a09ef6246bd5c793b85d24d9093c4d4b318b48e11727cc8bb7aa5ec8699aba7466e074e1887bdf2a51752ec42f16d956fe5943cbcf9c99a5e89bfd940c9fe447fcf3bc823d98d371 +Signature = 6b42514e88d93079d158336897dc34b450e424d61f6ddcf86fe8c9a368ae8a22c4ee4084c978b5169379da10ae6a6ae8cd80028e198cd0a8db532cd78a409f53baf7d231b545835b0dc06d594d76868d986889419a959268fd321bbc8bad5e800e452fe1a1a2a5a851d542494473deb425171a2f37ffc4cf0600a8d561b20f777407bbef1b596f92e518c0929e8bd52b015c2718d14443a56056f65015515673deef32ae5399ae71f97873ec1508f8c41d6a66a13017685134e5425c4b580a7f6986c26fb272f0ed215d6698dcec9e7c5258173b295b3611869254a538945de952dedf291837df0d7a205e1b76b01140df4edce3afe7245d46ee3b292bb117b1 -Padding = EMSA4(SHA-224) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000016b265 -N = 0x9881b3fb6c99a115da60ade6d178008b7e6db8f79fe34fb7e6f7d2fb96a24350dbe35fc9a9742c6d3deede1ee6c04cfcca1f1ce9f1d7c53dda87b149dbc7ac4644e2eb57f211bf883ca006098e0f871155c6c1f9c88df9768c61581e0b5016aa57177438396be35edbc31002cb2bb766c9b9786a81358e5dff52b9073fb7f9714600c0b1dd060ffa1455fc926d30329925bde76cd68a58896de4719eba84529f76de312e9681cc252ebd4c42b51614b172cdc67a5144e7bee75050f7efb904d52b8c084242c3545269cc1193691981670e0816cb82e39c4541bcc7f5fcd27e46df00e7e73946da7a6f8a7026d89d951a8bc8010132862aa0ab872534372a2f3d10d3edbbf852a43ec06a93b3495289619bf899c10027dc2b06daac43342e3200a1f002ad53acc537772f1485d3b517f4686bf27ba47183df94a8cbd9a5bb0659bbbe43beb2eb05d29a23813b0e6ca8e7228b9ce3fe0de7bda5a0c56e9a5ad4e5e4622896c6f3e0269d69bbf0cc1ffc82278ff55168f485dca669868b97f4a003 -Msg = 68b59f9de0146fa3a964bf399cabcbb685145fc727e8f70a81b925d850e13362d52b09ffd8cf52c4eda4db56f6913bfce944b9f8d4276a181e909a880f396dea92efc6a83a8e6889842c5c835c9592d1e2f8cb456ddfb5ded064589ddda2b295286b9e420e39fb1bf566096ad49f165cf7965b54fcf72185229e28c0c307488a -Signature = 0f49851133f72670c3aac857def0e20b2c3199cbf04fdb2360afd48a5f4a6d371cd77167e87f34daad9035afa520688f0705931f987f0a9d33dbb7d89a0cd4b286cef04c07b8a5b521ab7881d8a06b914cf416311e5dbc77637a8dd5752f114b3fe65e03130c603ea641252e1efda9cff7477054552174bb211e556eb27e5d9548a63545c01939e63568aac7295c87583578a4a46cb4a53f3e830ae9d09ba135800a97668d9844229b7e7c38e7df08bc9bc7f2ebbe462a43d224c9de34b386e67280350bd9f8ca05859519e07210cfcd1d3983b1d75aaeb9b9fed2d378f8ab233e501353dc8c35e7b573dd041924029bc7efc6a02aff08e2bfb1650da656c0073a04acfd2f3a09b4c41c857622d7bc42b81596157e61a2b8f6174f94af672de4b59e77d805fe5e62987afd740d34ae1e35b8c1b682996935258cf627b6cf85efb758f2d08507047f0aeba1127eae29fe00ca8738562eca3d55084b8c011bce7baffd902921b9e0de583f8979b97d93065f266a7eb546899127b8c287403decdd +E = 0x646e91 +N = 0x95a31458ca41cf7a280fd060660fbecec18b6242b72cf99d8039a890ce07aa5acf432d9b400160374b3626a46c6107cdf51f1e8b519ac26ef169cd75d3c5e43267ff391dd0a93730c39c166fb77c4c5409c19ea252bfc8e990d873368607c8ce032bc0a6968a0a6a5a918d49d35a3fab9a3e69632816026d433d65bf765cda3738e8c12f43e869089296b36ee84704dadc37db62fd18f380ef76334d882809881d6a6dc8a8f49c4595cca6f85e9dd8ad616cd984a27f4938fb9aacfca473f1a4f00b0db47b471f04b4170ea909cced5960d4a3d269de9ad4b2a63e8ab712f1f0f7c3e9ad471e15bcef3614eb4dce291eae0785ccf2399b16b51a84d1df8ab395 +Msg = f3169de46af85cb510fbb4cf9c0aada9f875301ceafbc818f428a59679e1e6cd203d18a97e96f979efe082e8c43a252ea4c354872caf42e4d99aede1281b5cf8fb9d25f43f6a33a8cc09c6e08ccabb98e09f0e6c3f2d9d5021232f811bcbb4bc4bdfcfadf69d91aa701d88a13ce3f84f75b168b36c9e60c3936c725d9a177780 +Signature = 47b74ab96c333f1b60313998e9bdf5e313534c96c2f7b139f4fdc8295c8e53a1ae275b235a6931c69690ba8f1cd5bf9d3e1a6f8a23c9f026a592ddcfe35dc498ebef292ed49a87b4813ddcf04cfae8aaa6978f629ff58f24960985a452a09439a3aa027668055ac5900d62f5f584f8bdfaaa72489792fc32b6adc9d289dcbf5bb9a278ada1392b42a4e5b9714a1c3af00f937962477fe72b820dd4fce5cd2e25e6a56081d6119df474b7b7586b801680c4ecf9d067f584d79a9cd0f451aa90644096bf9e80bd469727ad7b7ceeb9cba63de2abd423ea96675d8fef64130e357a5d2f67da0fa528fb3ddbe2fd553033e517533c6d1c301c094ce0899bcbbcd4f2 -Padding = EMSA4(SHA-256) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073b193 -N = 0xce4924ff470fb99d17f66595561a74ded22092d1dc27122ae15ca8cac4bfae11daa9e37a941430dd1b81aaf472f320835ee2fe744c83f1320882a8a02316ceb375f5c4909232bb2c6520b249c88be4f47b8b86fdd93678c69e64f50089e907a5504fdd43f0cad24aaa9e317ef2ecade3b5c1fd31f3c327d70a0e2d4867e6fe3f26272e8b6a3cce17843e359b82eb7a4cad8c42460179cb6c07fa252efaec428fd5cae5208b298b255109026e21272424ec0c52e1e5f72c5ab06f5d2a05e77c193b647ec948bb844e0c2ef1307f53cb800d4f55523d86038bb9e21099a861b6b9bcc969e5dddbdf7171b37d616381b78c3b22ef66510b2765d9617556b175599879d8558100ad90b830e87ad460a22108baa5ed0f2ba9dfc05167f8ab61fc9f8ae01603f9dd5e66ce1e642b604bca9294b57fb7c0d83f054bacf4454c298a272c44bc718f54605b91e0bfafd772aebaf3828846c93018f98e315708d50be8401eb9a8778dcbd0d6db9370860411b004cd37fbb8b5df87edee7aae949fff34607b -Msg = 0897d40e7c0f2dfc07b0c7fddaf5fd8fcc6af9c1fdc17bebb923d59c9fc43bd402ba39738f0f85f23015f75131f9d650a29b55e2fc9d5ddf07bb8df9fa5a80f1e4634e0b4c5155bf148939b1a4ea29e344a66429c850fcde7336dad616f0039378391abcfafe25ca7bb594057af07faf7a322f7fab01e051c63cc51b39af4d23 -Signature = 8ebed002d4f54de5898a5f2e69d770ed5a5ce1d45ad6dd9ce5f1179d1c46daa4d0394e21a99d803358d9abfd23bb53166394f997b909e675662066324ca1f2b731deba170525c4ee8fa752d2d7f201b10219489f5784e399d916302fd4b7adf88490df876501c46742a93cfb3aaab9602e65d7e60d7c4ceadb7eb67e421d180323a6d38f38b9f999213ebfccc7e04f060fbdb7c210206522b494e199e98c6c24e457f8696644fdcaebc1b9031c818322c29d135e1172fa0fdf7be1007dabcaab4966332e7ea1456b6ce879cd910c9110104fc7d3dcab076f2bd182bb8327a863254570cdf2ab38e0cda31779deaad616e3437ed659d74e5a4e045a70133890b81bc4f24ab6da67a2ee0ce15baba337d091cb5a1c44da690f81145b0252a6549bbb20cd5cc47afec755eb37fed55a9a33d36557424503d805a0a120b76941f4150d89342d7a7fa3a2b08c515e6f68429cf7afd1a3fce0f428351a6f9eda3ab24a7ef591994c21fbf1001f99239e88340f9b359ec72e8a212a1920e6cf993ff848 +E = 0xb2b5c1 +N = 0xc5c92cfbb60bff3e7f9499847e869a4bc37250994789c2958ac2f6a168bce2a1915d38725d8596cbcddbd463c2a46a52561a551f8f49d527eecfbef5589030891d9d90090fb35e43e8620c7fed4a056cd1c4a56e6134433030fe8027d1819c09638e43e359c7c389ccd1986457ff5e21673808cb436608d550d62120d9bdabac419cd6249fec945f10711874f10267c66320c701da90d7354b23e1646b89b22cea44d9e67c706ffc04a57927a5c9157cb049b1090e0f86d6cdaff29570cc629fef0646f9e5f8a7dc67c24052a34b91ab08b2e83b141cd0c098e35cbbb9fd408e7e107932128f6eb58e604764a7fe00acecb9b03203a24c9a760ca0d8a5886023 +Msg = e4ceaf62ba10e317e1001d8a6a008843880790159597ffaf56ef666d8081bf747ba650fd6591d3f15a81d3b7f33b59490cb8c88ecb1b06e4dee6dcfb036ca0eace8a117ca79282cb12883b1133911cba91a883be1a93702d6715e70c4266965f65e0b88785fb39ce8f7b1b4132e818be9d3f894d8ae786b37be64f454355eafb +Signature = c269b61d34cb9814934aa8d2eac38f5d941d7b69e1e0cdebea5f275f9fc4a94007cfde1b33a0f9cec3d2b60c6b6675d8a91e7a3251d78c31943524ba75824cff10dee098205f0c84d0f941bf1098785597a88c10058f2c857f85e53a205de7cedc10ad3f1d2abe3cf7c61382c14eeb6d7b409f690f9690fe9b72eb84619fc1f95a8fab7bf9a35248d7e1c89559798c0958a75b85fcaf143b41c3a23864a548026d57209ef64c2d6d61bf9ac15257a531b10fcc06fa97fd6e3fe1a882bce6fd2b8eb5a6267835dd8eb0b5e3e21350f6650de66d27c719980e98ed96006115caf94c061fd3669dc64653843853269b1b6df0515cf67f3161024ab3cd99a4ff5f16 -Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000147e73 +E = 0x0000000147e73 N = 0xb125fc054e1b9db3b98212f53840690607c110bf31e18871fdfa13046496a2e73b3204f33bf8350f841ba94f511cbb2f40587b147a820fd166213968e8fff9fa4be4718a672f4e9321455c56d5e4e09d4f8b2c690718bc46108de269857bb4145c86cc75a4bd55f972285e4054b9fd13927574e63690958177784b39b17083bdafdd3ab8d327dbb9da93fc5cf9375205566242bb30246254ddf04c526f9141006fbaffc268bd2fe9aaa19581bb1c19e77264b08670ff3fe2b543f47a7af95bbe94b99300889b8ff07b2a44d5e9e229e33133b58bc7d2b8eb92a3bb6c035f8891d3165284e9ced25d6ef19a8135d06ab889f7627318cb043c89d90667cb92d1318880107ed9b866b10fa9af2225a987827e866c981f0c4424740fa71697ba9933a91c0d1fe83efd8e7d6c8287de72811da7fb4fcbad42637f0df47482119a07af9cccc993537cefe7892054bc2ce20021e9e37f391ee57b66c40dac49a346a54e6416f4e40af67b7190d65f497febd7d54f148fbc4850cd7de200cbfab53d05fb Msg = d55869d6623971fa7c90b597b40354195106fc488a46bbcdf84812f14a4d4ca93b7a0dd0c1352eb387d2c8d29e6f8fe5701c621ef54020ae2938bc8abd40946f0c97fe2352de24ff18c113aaf3da0e276ed2281245ca1226d4f93103ce96f32e32f8645a7bfcfce618a7bba61b0c79e6357077ace2ad393ee1d498e4e71613ef Signature = 9c2d846eacd75c81b7cadbbb0667f58ec2158c64ddbbc2af078082aea4047e30a59e74c3b5a58be9553253a7d8bd4e527a0daac1bf03f3bf7ce5cd8d20443eee2ee89a78c0692c08e3c452aa48b5aa76b31e00518e435fe8e7858229891ea0c16529ab09e3801b07f3ffbbc54bd821714ee90788d61f60a819d00ff40914e7aadcc596bae30253f495adf49ddfec4532b824e8866e39406c0021914f267e424ffc589440bd847baebf346608978bab8ab4795199ec755ac6151bf9466c5b085812eeda9f16b4dc22fef2908231bfc31211293374ce6f7d681959455c4cf0b6660895dc128a5bdc8445a0811f2e372123e5a21fc0638da5f26ae270930d2e096c6aa2178a4d84040e3de195cdbcd6940cbac0df96ae273a232a4c5a3fc2a2bb7e7b12e9c49d95ea2458cc7cf23ceaa2c8ce423327de1ffaf6ea6413a8843316418c2ae714fcd07f75c0e557c71229c137e0160eba1c29f2098245a8623ab1e05612485d0764448b2149ba1931513dd31b7ceea80549c26ef166d0e3aeecf7bf61 -Padding = EMSA4(SHA-512) -E = 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a649 -N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 -Msg = cc21593a6a0f737e2970b7c07984b070d761726296a07e24e056e68ff846b29cc1548179843d74dcee86479858b2c16e4cb84f2544b4ecdcb4dd43a04bb7183a768ae44a2712bf9ad47883acc2812f958306890ebea408c92eb4f001ed7dbf55f3a9c8d6d9f61e5fe32eb3253e59c18e863169478cd69b9155c335db66016f96 -Signature = 0aa572a6845b870b8909a683bb7e6e7616f77beff28746116d8bc4b7335546b51e8006ed0fc9a0d66f63ce0b9ebf792d7efd4305d7624d545400a5fd6a06b78f174b86803f7cd1cc93e3a97286f0ea590e40ff26195aa219fe1510a016785223606d9311a16c59a8fe4a6da6ecd0c1d7775039290c2aaa17ed1eb1b54374f7e572db13cca3a638575f8004aa54a2fa98422fc07e43ad3a20dd93001493442677d883914dc74ec1cbebbbd3d2b6bad4666d91457b69b46a1a61f21298f1a67942ec86c876322dd366ed167814e9c8fc9040c5b4b7a859bbd880cb6bc241b9e327ce779e0783b1cf445e0b2f5771b3f5822a1364391c154dc506fff1fb9d9a35f80199a6b30b4b92b92619a40e21aea19284015863c44866c61ed904a7ad19ee04d966c0aae390636243565581ff20bd6e3cfb6e31f5afba964b311dc2d023a21998c8dd50ca453699190bd467429e2f88ace29c4d1da4da61aac1eda2380230aa8dbb63c75a3c1ec04da3a1f880c9c747acdb74a8395af58f5f044015ccaf6e94 +E = 0x0000000df0ff7 +N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 +Msg = 5e91f67cbbbfdfaab386b3ecf5f02aaa92d48ba0a6f06f913b37c73a6a6c2086c3f02600f0d9678d94435a5b79eba015ebfa89595f1eda6b59dfce2b8c315a444245b5a7fea518386080c3c64a4240414168eb271693b240c5db1a8b9d658278a138ac572f4c7911dfe4f416ae1e92965cc9b9f412767e7848d2b344e6332189 +Signature = 56f14f6bf965b67d83b1401c8b23f4355c0f9c0d1db670f23c89086ec627df88fba5affc742661b0362728f83c447474348ee700ad8d58fa48e4a65a1d5bdbee40da7576d3b5c7071fbc9d9f98f083a9ad9a1397cf023abb81b2b0998db238a053fc4303c057ea27c542013e5cfab46bccfec5abaa3887f18eaf2878a114e5c2ef6957f4297a7b6ab006920b2c4b0ec53ceb8539c6143245bb357abebdcd699219e5a617848ff3eedb931373d3ec38a067685848c21be6f787f609b482363bf162b7df1db2f579041bf8349c34b88e48a7dabf178a3fff29dca6af55c45b4f94b24c68fde29f25f258cb3c44c8abb460c4276a5467e8547dff71f9ddf806d884f34451cb5adecdf854ddc8004fdb0bd301f36218ac78c37f05000dec91248c16fb8fa24d60b0b224638721f54e87137125bc815b2adab635b596890288fac155b613785cbf52582f81159212230bbd7d9de687b890d409ae477a61f089a174d4dc7b90bd4974d0b79b2e828d35c853bcbc46cba6a3a31b95d631af2af2051fa6 -Padding = EMSA4(SHA-1) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fd157d -N = 0x96410d900ffe9a71d348c210c0dda7ee43f92e8a31ad876255dc540ff239c236b998ef9375e695992aba77861bf8f1cd966e3af1f9ca874618d35ecb494982f7c05df134f5ce5853d410e670e0972efcce2fb14b2ea6974d4802ddfb5915d23752480f5def2e4a858543918d5fb47e837e5f6564abba60745d0ed710b713dea6b4302a6b56376679435ecd62b9a03c5c7ccea920fa64715c0b554b5108abc20583c1c87c81e20b0ccded165e581791bad0760140540a8c18b0a1adef5e9cda29fb959652cf68b5da128484e0c837c6cc017a7741edb301891e01fc28b8bebb1167d07c2993877a62a8bf82471e7130416fd825e5deeee26bf9e3e5b9d4c8869240fc2ea09ab7547668deff741b9dadc6304c467ca896794af09a1f22eadccd526c2eecb7a3138d78d8a12b0afc2132fdf5ac6299433dcb72ad40a183d21bbf5e3fab66b1b961016d9bb5af818ee381653c3c7216e308bfd19ad0224051e4b569bb27471b9303eb9c0d4a0f684dd86b1cc91d13c025aee06c97ba89e02b0bc6ed -Msg = ab73de454dec96f7e9435a968b1ec3a7b5ca806cb1384c0726461de1ea409e4d17a7e06961314c45a610dd48c7778ccfb75b0b16d177b55c6f92c642b804c775b9774d8cb8ebe334c4fd458a9168cfc883cc342409ae73f52cc0071868635e92ba6b8d76fa22420a6b8ffa2591f874db42a5655c00e76d1a86594a2aa1664ced -Signature = 518da26aaed8f7d3ae91b2556e71586e97adedde3f4ff3e641892c19d5a5419c96214ed32f9095960ccadf7464af214c964fca23df2adc194049ff1f7685136a2a7e033f297b224086547e8169b115ea7796b6b0aaf4d949de198f9404acdb2a1d229db9e05080af35910e805efd6151e632e28a057de7ba7b01fb1f4ae8e3091a720eb7dc2ca1e2d7705195feb9d74a58afdfb3530d988df70adef2d474ae1e33c9c2b762a7222748e6b9aef284c543dfd8fec4474af4298f1372d9ed79e9f920210d7b8c43abc0a22acb6bcbc75607c53af746517ebc5fd1f8a560d64595ac7d07066222c355b211fd4891b8ca3b92b00019d32c4a9b80f2cc52bd70219cc473baec785349dfdb0214b01ee7e1c618d8c851de0c3c8a9d3c20557492355eb9068163e241ab9f335a2036f0471424d8ea5e80d0bc951fc75087d5128c13ba022d8b9cc02a54992bbef119a34b652c707c2f6d362b30b2e0065ef5177f6b3d3b15d0117f82c54b2ad62b26ba8d9958c2227afcadff47e5e77ae7755db69f6689 +E = 0x0000000e59685 +N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 +Msg = f6f47d4bd1da9f9fe5b02b1867a323fb96c9d6b14c650f25d3668c6ef930b1ae679f7e3a2e49bffba30482146da9cec4dc17928e7d7adc98ebcd4b52e79dc757ab106f987c27d3b77f4064b1cddf29c0c9adb380b2c15250741f89fbc47ec0986b4f39aee2fa459c206bb838b0cd9ab706951fcd13c3d91417642db2b75c0437 +Signature = 5592798437c8c3a7f2d02b41891b25d9b81c8bd63a7e539477a9a995f19438af7cad25645ec908d3fc00ff47a7d2142241241a90ba742eeff3b28889b80209d30e3a610007e646954bc78ec5c8016421ebe7bbabc7f65aa029105c2c1f12fedfcc9d57864c5526018543c9de3fac3ab80fd9c7cfde719c79a63f94f813f86911e21b6de23aae07e77f13905af8f118b53bfb5c7c64225f2f12d0f16b82d6c18450df655176b1f4b804af1cf266640f7b855e2b63dad7ee4ebca63c450b66790c1845c484fb2bcd73eede97b8b722a96387cfe4f2fdcd50e35b4e7de29bc28094d7915f0a56673d668858ef90a58fa76993ba3861d73c10a8d37a88190ac4a99589279b31d156750c275b025e7866e69e796c037629c4d154b0f0435a99af8847d6cbae073b01965e7ae3a0ff3123d81e0ec03858824a3cac04a9c34e95989fd5c82d89ff40aa3cae21e04c68d344eed7bdd61ca92ef1c42ae40b92a66c55e41c0d8802acc4d226d0d684fbb2f7370751babb974c3dd3dfcd6e348a2c22e006e8 -Padding = EMSA4(SHA-224) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c6e57 -N = 0xd636bd164a6ba07108e2c93f58e061657bc5cd2dfe1a72e75b33adbdef50bcbd74ff0f6f074dfb0f9f25879d1bd6cff2d8bf354dd37f89c638921071af961ffab7559189bc18cc8a8e2a1867721eb914077503adbf08986272034bb1dba9333a886962cf19a8580b25463b0d71d3d41d0bd74c4f77da0bbd85204aabbc01506737503b3b99e0203658136cb8ab0cb62929b7c3be4eb03c947c85faac147bb148086fd59a130e545520c50e2841fbc0734b1ba6f98514cae15d7ea3ec4415fb20b7fb1eaca5db849d286414ef718f3d20dd68dfd440e042f84732afdd0f02f98f925a0f264cd37c67620285ca59be9e138a836730e87ecd754c7fb28ae75f8e24e6d14e41ba339bc801459d2b76d8928f12e8fb7dd3314fe4640f99f6dccb0e16be09b796d791ea0ec92301891a2f702bb6de46ef69b484449e23ae8cd247e7ce10bf3be855daae033d640e8dfc0e6f12abcd6e0479b29439d99ab135aea06178174a1b7048ada5645182fac8e018584fa4250e6aeb4317454e86598fc4fae0b3 -Msg = e883d8559b04cb610d3000d6af8887d72bd68e293fb7d5ddcc5762302a7c75afbfc6be9fd035ce9b96ebcc7f9533698529c315ae623e746411fd0b5d230f40c22e7e81914ad4c34022de2ea34bb0160fd4e92ec01e39f878ed208069c0f84a555e3589f4b2ec9196d8928f09780778bd53d23f261baf4b628847281ca83e7db0 -Signature = b0e596b45e09da386bacde6ec9c44e8a3aa54ad2d413c941bfa077de7b3838afeea98eb018ed40be73f5f8d617a212bc9eca171781c6ec837769d587450f17cb6a1bf594a620dcd254e0909a9ffac9814fdd4953b885cff3f099ef243206dc3f7c127325ea0bba1ea3341aaffcbadfee4845ebb55e3ad97e78bf41ca41eab4e784b6095be635ba7aadc5b58d702aa80fce64ff6252cda383557c37afa78148879e0dedc6d3828e8e8fabace3885f9f55ae887c44e935386a3d961fa7be2babd8716edb5dbbc0e587ba06a78e3492c6c029813a0dbead055c8d75573d70c3db7a087c8fdbd8c8da35ac2dc15f6e8f21df1e9f25d84b9ba186b3f3c8ecad13eacd98b18cb8ca2e312f1f7c7a719b184a524b003f22e4c504b2c085c85ffb1c035fc0717d1928922964bb837ce9ce4171cfbf09b6580281f7f8c0dfe0008ec4708352b47a0d812dbfce18fc564c6d1b0d5756848b08772c33c9a0052e1d50b4d9cba51e81d75ed097b6c29a0dd6ed5fdb2cf417eb0c1e09cfeac75149a38268821a +[PSSR(SHA-512)] +E = 0x00007b8267 +N = 0xdab9c7d28a2b1e4995c12bcae3c9f580a2dd5372441888dc83aae5b515ebce3b95786c43b5811ebaee6ad90bff9e55ae1edccfc0fcafb4cfc43743749307ec0c36886c88a174d0156a2f88a25a5c594c558bf1a947335b1ab02e77bfeee5ab0cc25455819397f74d30ca31074d4612d9d928b66477ddf7b83c0cf4ee279c9071 +Msg = b80271b3ef26efb5b0ca8e809b61fdd209337ac23fbaa349e84c8900c2fb072b97ba52f76fc1d00004322e1676fcad4140ffbc026b72ccdc01826013c53c63b421adbfd560482b1e1d884489fbd6e06597ac9fa1bbfbc347d5ca4147a72017763f25e1d62a84a718e513fa5f94b63f47f6814a26991c2f924a6c5423d06fcb79 +Signature = 2db61ebaca89ecde29a2895f21d61220300f01d117337ba992e0e5a65d6c4a6bd537f6f74e64db2ea45c8892114d2d5450d9b9eb38dece3dadcbe91123a9ef8288e000bd3fc1e140d2499a7fdf44f3382e71d4def1baa6e40d8b70334906f895055295b8f37c779969975c11b79e2184321a883e1abcbc100273187ed1480a70 -Padding = EMSA4(SHA-256) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000efabb9 -N = 0x9c213ea373631f572e5e46225b95a0f5ea8ab0a5ec7090a3b0181c5906dc22fd1bd73d11471242a2ed1824e601017f5b5354b92fdb43d4da00a82427d05366a4d552c40d69d200485d5d5db83cf523e61a834b40ccd401087fbb93d81dbed7b2ee2381a1241ac68f2afc02157ee0c73cc66c02a6c6eb2dc35145ae55d7708412a3410f204c492376d6315cedf253af91f31dcab34f72c206ad81e800509864fe9255d046ac25dbdf4954d2350324722e73c1f25d089f87542ad907fb37eceaefb330f4325e97f5eabc04096a8fabba978589e355445d9543274c1c38ff849ba8c2911f07030634c132ccaf4e4f57a5ad9244f5df0ee25af8ef2fc7b29fdf7cc18404e20efaaffa451ec41ab838d594906ff2cad52dcbd0e9a68ef7b06c253710e1318d09ad07012767a89124177df50d1684679e14306889d9a7ac5143d4861b7d6ae77992efa73e0aba9da0ad9a6888bc804dbd07bc26a8a5dfbd292a0efa96867fdb92e845c36e3433cf292e0e31662480257fcf466f7f65d814bb3e33992f -Msg = 3abd43f1d741ddf0b752dd94197ab656288ff465e5dbccec6179f8932f02c248196a5e3f12247c376c8d1e004b87a73a5a64355fbc0731044645255beb91cdfd77d970e681ab70c19a9c2167cbead7a23f6043363c7aff2258ca6723e99aab7abdd322ef0b1ee116aa488dd181eb6d163f4bc3f24c7e5dceffd067f211658347 -Signature = 4740115f251b35cfe19d3816cc1fbf02b9a4d9470dc62b41cdb72284c30fffd34e7057559a73b44ac49fa7285f3e9a680bf1949562a47f01bfc55eb7bda9e291c9a5ce1a5d7b619590c0e1bd36943fa41b9cc9b2a3a742c2942c53ec3e45c77176e4bf32b7101ab4b05a996a21fe12921841f8f0fad1e71bdeff5a7f53e8766367311a98b9d8618a6198aa1662e587332c24283f9ecf2bb2d825f597d18256ce9c5864f1ffca37c4ec8df4f945cf22c974f5ef3dbb9f170b3978bddcc91b13b9e8550bfcdb74ac7349d531e1e3280fc005ac34c03608993b7876caf27c8bd5a97306292082f77d9144005bcd1046f27303185b6a7cac539f1e05805ee8d0772f37acc3e7fa0920171c19ec9266c4dd6d9e51766c4433a2831c3e5fb7d84341624ea9a25e1a2eb27ef2c7e8de491d94d8a8a31919bdd7cdf6073a1d88f452ff8d15e57cf6504a81843c24351c61a373b73acd84c76de916f290e0e9bdf51d8ffa63f867af587b5c759111671079ea28846466cc33df7683639d018337ebe13cb8 +E = 0x0000d8c34d +N = 0x881b4401521ea4b72e57a9e3ad152536b2cc0375c5930e9699b8bfc3d16b8c1c3b37de3847438203b6664ee1b00fc7bcd03ec3c240a2cef3f367d8269bdb65cdf4bfbfc56e8fd82cc93ff90c91ce78c402da1c59037997baf56d27abfbfe9d0731b8def029501df0d83bf0fd2234344ec4daee7759969ceb5e24cc00bc12a437 +Msg = 56f35f42516bfca0dc1d2d727a4fb6bb2bcfba68417c2beb6f07852723fbbc8c15fb7283204b6e0c52934aa53fdf6b6f9ae9378c069b81cb29d04887025ba2cc7d4af3bc456c6231da108ea4e3107c4ec50ed58c74fe4e888ae4671696df58dcb66748b668d3c1599d1e61360fead2a1d5c5fc3234ac786bb9cd489c8491c604 +Signature = 2ce4a58678ab5a9def663e03397756e4e6e345199657e2526c8515ef5c705d3db2775a28c2c65599dd786682170e36d502242837e688fc6020a4239ec7380765724645e97f4795fd0e50c257eb5c5b2f4332f6219231b44b3f5bb4605f45b901dae7af47300bb29478ff22b7405a383b20874564def9f3b470ce46ac6e560d83 -Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000df0ff7 -N = 0x9e428342d2e3633965aecb89b0ed65c619c47fadb9a9017fc18c3d1837e5f6b4d0fddbf05bdb00b659bac9645f02c78f05e62d0cf57b977345eff5df2066e0eb2ae3af57ca3d0fb0f6a475fc36dfc6e5870b3ac5d850e2849fc32c9b16ac3b68d2f815e8c44d1418cf51f860356b8d409f20210cb01c2cc7e109ba76f6c43f2096876d4500012d8ed7dc1c35d24eae1ecf406ce3ec92606623adb8b9e17c3677c1fdef1a54d9442a9d990c0733f03b31633b11fcfa8c9f2b1114f307a811657e33d285093f4653b3ea1eadb28a792c835f975896996bbf029d1f688ad2e0b978888b07c3a12303fed92bf3fc6db29837ddc7c71292abaed99f3a0d7e60b15d9f2cd08d15318d70d35a7b7ff2fddb22d89cf261b8ba64242ba4616a93ddce2015977421d25f1b3825155746bc13f92a6097f7f66e919505af07706008378597af3e70c7fda3e9c99a763aab19ba3f459b12e8c1ae404d5091d802ae0dfd6b3619b97d3d964daf1de600b7446f8a7bfb3f4956a6d1fe967089bebdcc9b4ac7b905 -Msg = 5e91f67cbbbfdfaab386b3ecf5f02aaa92d48ba0a6f06f913b37c73a6a6c2086c3f02600f0d9678d94435a5b79eba015ebfa89595f1eda6b59dfce2b8c315a444245b5a7fea518386080c3c64a4240414168eb271693b240c5db1a8b9d658278a138ac572f4c7911dfe4f416ae1e92965cc9b9f412767e7848d2b344e6332189 -Signature = 56f14f6bf965b67d83b1401c8b23f4355c0f9c0d1db670f23c89086ec627df88fba5affc742661b0362728f83c447474348ee700ad8d58fa48e4a65a1d5bdbee40da7576d3b5c7071fbc9d9f98f083a9ad9a1397cf023abb81b2b0998db238a053fc4303c057ea27c542013e5cfab46bccfec5abaa3887f18eaf2878a114e5c2ef6957f4297a7b6ab006920b2c4b0ec53ceb8539c6143245bb357abebdcd699219e5a617848ff3eedb931373d3ec38a067685848c21be6f787f609b482363bf162b7df1db2f579041bf8349c34b88e48a7dabf178a3fff29dca6af55c45b4f94b24c68fde29f25f258cb3c44c8abb460c4276a5467e8547dff71f9ddf806d884f34451cb5adecdf854ddc8004fdb0bd301f36218ac78c37f05000dec91248c16fb8fa24d60b0b224638721f54e87137125bc815b2adab635b596890288fac155b613785cbf52582f81159212230bbd7d9de687b890d409ae477a61f089a174d4dc7b90bd4974d0b79b2e828d35c853bcbc46cba6a3a31b95d631af2af2051fa6 +E = 0x0000ebb1eb +N = 0xb0ec8da8b8d87c94443202a94262afd545d9187d5c45111e7b246da630b1aab516133d6d9c8dbc98ac27d09843f452063f2f577c997e56da01f3861e123c842ace49ec71622c3d6cf54d13bb542d9a55a0be0fd79a65c4f72f1539026cae2e48026e3282e24a8c31e3e699deabd41d31461f6a7bd59978dc189077d46f9ee27b +Msg = 5b546a186eb7af3e5c1270c3b97904efbd1189b79b17d9e10f24ba6936af5524a3d3eaa3af52c15a10db6401ae880b3bb2ab5876dfca441225e85ac57306233eceeae108a01f7fb2523dc92d1c6bd9751c21d173a633d023dc0b1ef27e35aa6a0322b710e825d28d48c2070dad2854e526fc5e789958635b5b1470b7fe44d4ef +Signature = 52119892d0cf2f9d556c9119979ed9d9e49cfcb4d634b951e7dbea750f97c1bcd2b713cde92ae5cb91979711aff3891aed1f514265d0ee7273630fdcde3818cd5ce63494604a89dcc9745d0fff9bfcfdada043ba2e669c9a51121fdc0a7adeaf132476815afb47440f3e47d6508f021938596e61be6a982561855c29447f89ab -Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ffb -N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 -Msg = dddb05cb9bf10c14e7dd1e9f3b3d2b329a17f31676281011d2783794a432bb347db3525e6be11c471fbee1234b3d9b974e543470135290953673ce3a69b1cb5717dee85947f00e17c29cef0778268eb2207701651f70752aab7e74f6306e6324f2834f22f5c6e96b1a9eceb58aa00c6b57a8e25d6129c8b777c1af2fbf118a83 -Signature = 11107c6da7a76dba8ce8de3d5c90c6bccaf33fb9a7ec4d40a97fbcdebaf6e65c095b67dfa171c54a3364a6ded718e1bebbb497d15f1de133b58297e08c1b200f8466579cb8e9c3dbe5f724282e5bb28570a41d8d35ad6e131eb2a1d329d8b08d10faf76fdbe74217a276936b1593b1d3a11891d18641c0bee0c37e68bf75add9e7dcf3b9b4413fa3ec90676038161f68fe3af64d69a16fc22c8ea7c06f86bcbba6679b6fa45858c87ec2da8896920dfd77fd16d953e984624203cc2178d220fa47ba9a6ddbe759db3dc4224c7ccb09b29e200722a745d3329209323a082a3f7a2c624b4053fa42183dd22b7f49c4569f8c3d49515753b993ef8122c36985e96a3289af8d6e22934bbcf7551b1570923158d1b554c13f4fe08faff4898be92f6e66ff74a80b13703e0d2665db715c559e68bead6f6b7593f02efbd68c676256ae8695a51dab90e32986697f4ede076628176ca6b651918d749fd01a16a87adaad4aae93b8c05d92565ec68217aaab967623da3e5a5095642cc17d730a6d959cfa +E = 0x008d8853 +N = 0xa677525e1a69546a96dc7b112350d5e4864f0f82e999a714fa9f43ac681517d3975910c2d806bb3ee6dbf5dba1d969b38889e113c2da76eef4412a60cbd89faf35b2bdcb0de36a2cb762cd8f2f29aed9982a9ab60886cc8fbfee9b2ae09c88161e9159d4fc833adc4f80e4bf629d5a9551acce7a3938630c2bf9956097642e3bc60ac6522017841b65c7a25197865e697753b08169853681911443a2b25f1b7c4696f946155b2664b67b40878d3b45c3e0d7034d5b5ee6f5ba8fb3cae7797e85789902cf8f9f86ed3ef25ae0736178aae260fe875bfef5bcde9ec05f11e18fc7375edcd4a5533618e6f991dd48aa3062e6031e291dfcdc6e7fc14ec60e539fcb +Msg = 7811a407fe653ad2343d83c0499fc11e2951ef0a4791a3cd9a06396be5f72e783cbbca2cc47002babaf09cdeb70194b532ccbfd24691ae8eb598d59f2e6becedcb4296a1debf417eeddb4d74fb217072091a597ddd0893ff02d6ad61105098db2e90508bd4b8bec5d6e7deab9e651dfdb8210532955e1bc788a908d7150ef8ec +Signature = 3ad1f0faa9a36586154a382a1f2c10e819dc318a68be35f54f95401b0ef2ba5cc895f0d6bde28c8d3b364f60de03ce75a7af29e5807c1eec4cd70624756e2631eb46af010ca8cf93ee7d86a4af3ced5dd2a8a41c1feee6b4572070873939ae7a2ce75193945937461d0064eeba07760c495c5c70bdb04d89951de3f96525f8e44612493d490731e7ef7679a24b0b1e2b24c8003c2f94114e4193d6e54c0af9e870530b008530210ac0b0e4c7c79f379384e1bb319b5f2a0b622517ae5d27f0eaaf7958cb0b41849126075092e86e7e7be5eeacef9a8e3ec595432ef619858fe0d0517871b8b495c01af6f18d4e6d250dbd19280ef4f8a37d1b59a48fa41b831d -Padding = EMSA4(SHA-1) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a996b -N = 0x9004e5334381fb90f60926f3281e51d363671c87bc10554aff5f3b4391d894a94866de27900bf627d468dcf19a826dc399c0580883c945688f3795522193b0887f5eb29bb7be2b6ab48abb2e86b8a3cc6dbd2aa3522c0fa6f6493679a25b1933de78282b00fb5e6dbc58246a26805eb61cbacf492ffee3a21b829e3b776dc814b0e1527565f713d8f761fd58b9ca1f20b79d798f627b77a1ed7d53dd17f429a738e3e4e86cc4da308c60e55b77f2d180e96f2da0ae282831d5ab523cbf2aac900f6c304366738710152efa1094232dba6d405381223f3c687dedd2d856caab657ad0a1d7a67f01fffe6903f173faf1476b8ca656d4d9af713b4f80860be5e79ac3bf1b507f46a19bb67a90b273a0f0d416c479c8d75c6c99943ce774928fddedc00c06d7acc68ea15828de379ef436ecceec8bb22ea984eb1af01dc3efbaefd031030abff09bc464235f407c8a9033796d87bb6373ba6eb6ee143a79703a8130b8e29bcad3970c69001d80b4dac9e30fc616ad9bcc215fc20109aa7788234099 -Msg = 6f8c5ab0de743f69bfebc93d28425330dfb2845b644e738731350ffa400cbf91ceac450f5f17e8b502b1d213d6adb71dcdc5b781b02e863863cbca5b6ba1c439ad8b33a6782e7596c630f0eabfa5b0897fca51b319f62092dccd7d12d5b784f39491ec1d33a22e3395d0ea6aec13879c7e2b1b98a88e8abd23a5f1c7863745e8 -Signature = 75ca1d0f756cb322ef458d0421af9aa6d0425c52864322129c63ae30e442e03342369283ca78ef95a29a2f58615847bc9a0f73d6ec8213d6863c30b84d56ea31684e6ad27b09a96bd8bb39b5aef2b25d40d3a7e1d47b3bfd6edd5170a84e669b7d5f7e81810280e41089ff7e4bce718b79d116c9ced7dc1e7ed6256a4ae480e9ef3e3af95de3ab5dbeccb5a36e60840b646ad418ed71c548fd68439e8098e63e55b3593a453cf87e9b8d7ceaea8cd8145173a6b36bf4c6d8b7e7231d3391440227ca8388d573b34e4838cd7e0a4402c45bf58c16120b6093686309c0cfabcf7e2f15de230289f59f5f9cf12841c75815b2da9c7d4f76998134d8df282e2a42cceb28d4f29740434422b1a8e7ffc1ef42383c4a31073421b034f709f6192308367d4f7283d068d4f128fa6574a2a305ec7033368923918ace1776cba31bde0bcaa833b5a9bcada359b26157487fbe01bd94169de91a1c45d928ef69de1f91b231b0b43e8d827d4f08ba15cca460525a03c4e381a44c1fac3515bb3d61a8d520c1 +E = 0x00452b3f +N = 0xa93cbcd5c69a8e24b6be4f078652e6c8bf6d516b1316e842d5c8e757e387243c4905b37a66a30967ebc6ed6da56f690f60bec090652ee1926526a78317d41cdff392111fba8a6a91109953fe102c8a51e56b3b6f8087dc53e38d57ac31cd7bbc46f6d14bdf488852db296de27200d11dcd067d776af73c10cd044636aa4d9ea5609c75691aa164eb8abe0f187c0286dfa4d1f5f4332e7664c3c572671b757667e221cc2f0a3944926331ef73bcfc58d1ef8595a2bffd240f2397c4bcb69826ec26fadb3a154e58e86fea883d516d21cde6c162ab55fad9c52df547ef0e6b946d368daa97585084e43a32e029908910c6f99b4131c3961d0543fd583608e8a3e3 +Msg = 25e9e6c39ee6f5c455d81f868713362929cd68ae87300aac2bae94440095ec56b7e3e7f56a5b0d197fd89c94d0e2d048087f6296504b4e1a2ccbda959fffd42a96361bce842661fa493c2ea25831286b19de93198c5114463020ba5a23fd3eb78a8b8a34337179cd79acde996829c7fc2293031d816ae19afe553b7bd2b9b365 +Signature = 2e0b30ae35777c9f951b22740fccb88fdfa94e7d139c9eb105be1a1ce542f6efdf4eb3d1ab0b2342f8e354a0878e31f0bdec1eb67ed19491a086065af7e5188ed0b95e0dc88812f66d6c726fd672e03652432f85a9fe4766a7c315c0c695fc37c45ff5441d3177c4181f01c243ad3c9614e4c6f4f8b879ca8167a7790aca6b34c74936cba58e64cc4e32ffc8ad6c09c48ac59f1eb18dd11871ffccae98c465abd5885bddf59dcec5ddb31ce4ecd86bf6af207373a912b2717e726ce9ff555f3502e8cb83e287cf0f7c938cd4b26f075fd50e4127555ade94c974a4cf604ea5c5d9e94ce91fcb9a2bfc8743c06e69ca41ef029881c3d64078cc6311c694dee627 -Padding = EMSA4(SHA-224) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026a07 -N = 0xa5ca328ec852ed50cd50ff2e2aa25a99905b8d8dcc6aa2f2ae651da27e21e60dcec641be2f850f603dd15c763b1f7868dfe49392cbf0ed1410b151c501a627994efcae1a332ccf0d37b966a99f4d6b72659cd9044a72b97ac3e00e1b752bca194066c60dbb870e8205b0078551a41bc7a36424dcebeb26e55618f9b27c630a7c0f5bd23f5175621867e100f63d8c07d9392c5638576b66bb4bc89682c66ecef97f378595ecf10406fcb75450bdd7ff558d9eb2e76ad4fb7c92fe5a946cc95bd14f81f7fb7e6ba15fcd5c73b5ff41588a5c8acf1ed1dcae4dde453411ec26fe8faa3640dff3e153ba39c766c9f99c05a023bf45a19b30889d710c3fb528fbc147fea1699bc38d3e41d11bb1faab7d9e850f0c2b0893b5fe3a2039e6d8d90f280faed4d7fd34dd2a886b7a0bf8889bd75976d4ce412b7301e88eaa8e1e9bac6d0a351e7c8391b744035f2dc1b8cbde6f99484770b81828d6e1fab40a7e0d69ed798de7c2f80ac750c8243af4b2d4986223d9a33a34dd2d6c36b624545f6411d3a7 -Msg = e28b42777e68da66c97814b91025c3c4e31310e1c500c97027effc1b9885c55f36b364476895927bcf9a167a79e6932458f4a47bf3802aaa5ca4e547624142d507a0748d3559c65eac7430323fcf287340bfbacd39fadb36dcb5fb2c3d09d93e3f9b9bce4c7c1e154a4e8b68caa92bb982bd7c60fd38841c916a655492a632a3 -Signature = 7cf8440fa34025c9811aec02028bb2b7f3674aa29e755b8850b43e0ef297e08925745003740417be744ed2d69189dcffbf76026db75a5210c48f55b894e58b467e415275564e9e919f924b3272ac21aa152b865303975d9c3dc7e0c1fffeb60bb0e7d1e1fc159d85f69bbd19555326f010b3583c145989ff0b37e22f156ea4b67f31b918d263b337d4d505c03bc09109cd563a3b83ab3d9eddbe83c1eab35f2f861bcc8aefacc53d919f9f3d92fba06b52b11bd91adf5f91c883ace20c528a6210d89878ca1495a44dba51e8544300649db46e2a7e5d05c165ca7f684097540264fde41ff4fc9cad42b2a669b9cdd17b168e730a4de41fc0ea8faa07eaf0ff64b3279b2bae262e78ce317fdaba6c2f8693296e2a2b74d5418b5fc7e2d847b5be7595c69bd7c4e0a4367325411d50273ba1708d773fa07209f92ba4d89aafa46a6583412aba1fab691ee1ee0994e65ccbb8f31ca1e3b405636a24648e024b3e523be241919511e044adb3dfdb56836c6cf9f07090b5d1f729ad1d38f3c07eed85 +E = 0xaf8e8f +N = 0x9d19bc62c9c1989df660e259e9c3b1fb805cff7546d2ea5a479d29ccc4e18f1ffc4f78a9af924e04001850d3c56a91c8738f047ae12c89fab3dec2ed1dd7a207ae635f587c101fbd2c542e86726f7f72aa47497162dffad87eb321426e8929afaedf4a94c132ffb2966c22aaca737550feada9f92c07c2095739c3ee524be18c1a34dfbd2e210868c7c25a2fa222c65353dd28008ceb10a570206a59d2a23b22cfd9f38daa0db78c4843bfe1ed1a366dc128ab4d5dd45a28586ca4c8b0ffdd90759028ae29eab9c56cb0da94ec13d3d9fa69333c6065f3ec4c6392259e1c2f761eed8f8aca57354c76c2a0aa6b9045e5182a95ebd332494d642ef07c1e3617d7 +Msg = 19dc8b8a9da18dcb3cdcd54fe19fb766a8635ede3904bf27550dcfb5ae36f4a6fc2bbaa54d8fc80e9c411252a6de509ef987aeb74ee4c5291868caa05dd70596c506852ef1e313600db46457a9a49317c47bce632aad4fde01968d709e04b4eb9df653ef30a3550bb7be332491f9681b32c824aa7667448f351e82ed18c4e9ef +Signature = 694678413019405b4650f73897387df0a9a0744c345e52c02dbbc7d0083c71e0304d0d8cb47e08ac78ca34bcac209679671a036e1262285bddcf8d65082d8f49db6637bc2711f2ffcbebc84b0a96f581bd2de0e53ca24c715e416cb4f4da2eb4a4d0df893895910cfa4c346ee002f35792cfc066f25f048934b911dc748ecc88f709ba96f320b3f4ac84b740d7ecd32af63a833612a6b153e06f082e25b195fb0498e57c0e284ae03fdb27124f3af34b468ec03c8f9e2e4182a8d0d18f10221f79c13715be8ca77ce322f81f7555a57fe2e759f280d2a095d33ccc89ae1629b6386014df1215bc21cd8385548b1a149f57f2cf8487a6867a1bce842240050763 -Padding = EMSA4(SHA-256) -E = 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002cc92f -N = 0xcd6141e4c8dc6997fc65300a6e2c746f391022f15661231a832be966aa498e678777766944db54a599cd6ddbdaf7533f429e6e1197b7eb061913f50b09be04ab70b1b702fce9ada279ea8089677a37701e64190f243dfabe7cc254f08a6143c9c589ac4a90881c0d2b62e98013e92d049ee9ca11a425ad450ec5a699ae17672d86efde3fbc81203f2b500ef41746b9e9af2642b30cbf75e7889e500836d6dd32bcc5d8b69021b764a591d6850776cddf0b7240c75dda9e2d197f2cd9c6787b16445b55eaeccdfdd17fb72d7fe5189aa1a2a6ad06b4f2bfc8f6c91c3a2a80a83a3113e0b420b70654d6a5075d38d9a12d1e0fddd2cb23b7f3ef949991bf49048dc40020dcf042caf00883363591dd6a90789ac212a0ced95fb40bcadaac2c97ee7ff302c37cf2aa7298311db85a2d4d1b9f037023c21bf2e9b9abecc780a70cf2a54002634272d7dcf25ee4c7dbb04437f30f50bdcf4962d432484a5dab7b60b31d8025b984c821fadbf2b623f2f92a6531dce11a1f252e603016078f3986e081 -Msg = d1acd4a6035f23bfe67006132a1cd474ef58c0113670f53c95eee57030bddd92e48edd77c57ba8a7cbea1760c8b5b2de9d8881daae8a2051933f128611ad574a48bd417b2de583cb3b048bc2668d120751e8f1dbc01536e650937736668066856501a6ba24e4ddb39f840b42eced1a757141b61b555b5e8334b1bb87177f31c9 -Signature = 55613f64331abd971e822cc3d972f67e782b6af81aac0b80e2f6324da6d9f33c46f8b7e24c94deee7e98525aaf4ca6843753df3d444e1e0540f9c196ffbbcb4fca7aad4ba94288f911650e3caf6dd22f87923fa4b12e2d6b115f2fe773af2563cc760de88cfa6e16878dd9c07f0d45b10a224d1a7ee1d26ffadfd38b78004a2045b35d9cb9fccdc715668a7401db7adef109ebcaafc5269d377c1e8f7d4292459c801a93c4d07ef477f87175aa35e002a03c2051985fcb6963e9bf96e28e55eb52a3554475f9095f24a9e422fa84b60590e8b8d6ec91dcf6a584cc8a934e551befeedc0f0f48dadf293f0f9260ee22d72ea46e271045b66516b2bebeed52722aec5f084085f8faa689308bc13fa5b9e5b0aadf2766258e01d4b8ddbe0d328aa112237ec10b115be83fae8a0113f8890edab79d0463c9ec6e2db4504693535dcf7695f84425e9f7b73e4f18bc072f5131989b0cdb07f496f15e562d07f0711cf979f1aa4d140d9783efd6f96c41fe5fb79e5d5d689dd5a705f1ff837754031a39 +E = 0x000000008a649 +N = 0x99a5c8d094a5f917034667a0408b7ecfcaacc3f9784444e21773c3461ec355f0d0f52a5db0568a71d388696788ef66ae7340c6b28dbf925fe83557986575f79cca69217221397ed5808a26f7e7e714c93235f914d45c4a9af4619b20f511ad644bd3412dfdf0ff717f7aac746f310bfa9a141ac3dbf01c1fc74febd197938419c262293505c35f402f9053ad13c51a5960ecde55ec829e953f941af733e58705913767e7a7200d1d09e7e7e2d269fa29a558bb16304b059f13f4ca560a8101fe3720b4a779ec126427326caa132a3d3611d7dbc50336fac789ec406b397e1e36d7daf9b624bf639c82b859288747690c730c980b2f5a239dd95ad5389a2ec90c5778604713710383ae55d4d28c06d4ac26f0d1231f1d6762c8e0d918118156bc637760daea184746b8dcf6f61db274a7ddceaa074937ababad4549b97ab992494a807208abd789823f5d75c4b994089c8072cfc254e0d8202fd896476e96ad9d309a0e8e7301282f07eb2ae8edefb7dbbe13b96e8b4024c6b84de0a05e150285 +Msg = cc21593a6a0f737e2970b7c07984b070d761726296a07e24e056e68ff846b29cc1548179843d74dcee86479858b2c16e4cb84f2544b4ecdcb4dd43a04bb7183a768ae44a2712bf9ad47883acc2812f958306890ebea408c92eb4f001ed7dbf55f3a9c8d6d9f61e5fe32eb3253e59c18e863169478cd69b9155c335db66016f96 +Signature = 0aa572a6845b870b8909a683bb7e6e7616f77beff28746116d8bc4b7335546b51e8006ed0fc9a0d66f63ce0b9ebf792d7efd4305d7624d545400a5fd6a06b78f174b86803f7cd1cc93e3a97286f0ea590e40ff26195aa219fe1510a016785223606d9311a16c59a8fe4a6da6ecd0c1d7775039290c2aaa17ed1eb1b54374f7e572db13cca3a638575f8004aa54a2fa98422fc07e43ad3a20dd93001493442677d883914dc74ec1cbebbbd3d2b6bad4666d91457b69b46a1a61f21298f1a67942ec86c876322dd366ed167814e9c8fc9040c5b4b7a859bbd880cb6bc241b9e327ce779e0783b1cf445e0b2f5771b3f5822a1364391c154dc506fff1fb9d9a35f80199a6b30b4b92b92619a40e21aea19284015863c44866c61ed904a7ad19ee04d966c0aae390636243565581ff20bd6e3cfb6e31f5afba964b311dc2d023a21998c8dd50ca453699190bd467429e2f88ace29c4d1da4da61aac1eda2380230aa8dbb63c75a3c1ec04da3a1f880c9c747acdb74a8395af58f5f044015ccaf6e94 -Padding = EMSA4(SHA-384) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e59685 -N = 0xa458e38be5e581c433d88dfe24e7e1bd0713bde19fd7dcd794b4fc97ac6546fe7874ab10783407221aa6a526de912097761a1f0a10166cb368f5af6a60a944493173f9d9e04a9061109131de32ddb21f06c571ea83aa42d9c172d0ccb79fd0bc421dca68179ab6329d0af92b8d2caadeeff6c0a46a6bccdbdc46e7afdfb6dd8b1c20695837cff9a153b5ad8b6fc0344006c3916aad0f6f19d84fe8b93bd6627331283c090a7096af3139c714fa1045ce449ac953d7068db92ecd2b687b0902509cb5ac0bcd16c9751afc847d0164f5add3c038efb41e7ba5fdf8567446aea2c9d7252320e5503ff0ff236871541c2590a5d4c1ba9a315f885d732fbe15c2f5bd5d70b158fc33e30a44b25cf56ff600003369a935c2e017a3984593b2beaaf9af0e6a5c9d19bde051ef1fc5bcd63391488f410e8a97cda45bdd9233e8401b5f5fea4b55d091605700a903615c5f8b6c18281b5f3d77b85f087822ae5ea14ca26795504abd011f42de239f3170afda6ddf17f69470d46034aae629f8ae2f9d0d61 -Msg = f6f47d4bd1da9f9fe5b02b1867a323fb96c9d6b14c650f25d3668c6ef930b1ae679f7e3a2e49bffba30482146da9cec4dc17928e7d7adc98ebcd4b52e79dc757ab106f987c27d3b77f4064b1cddf29c0c9adb380b2c15250741f89fbc47ec0986b4f39aee2fa459c206bb838b0cd9ab706951fcd13c3d91417642db2b75c0437 -Signature = 5592798437c8c3a7f2d02b41891b25d9b81c8bd63a7e539477a9a995f19438af7cad25645ec908d3fc00ff47a7d2142241241a90ba742eeff3b28889b80209d30e3a610007e646954bc78ec5c8016421ebe7bbabc7f65aa029105c2c1f12fedfcc9d57864c5526018543c9de3fac3ab80fd9c7cfde719c79a63f94f813f86911e21b6de23aae07e77f13905af8f118b53bfb5c7c64225f2f12d0f16b82d6c18450df655176b1f4b804af1cf266640f7b855e2b63dad7ee4ebca63c450b66790c1845c484fb2bcd73eede97b8b722a96387cfe4f2fdcd50e35b4e7de29bc28094d7915f0a56673d668858ef90a58fa76993ba3861d73c10a8d37a88190ac4a99589279b31d156750c275b025e7866e69e796c037629c4d154b0f0435a99af8847d6cbae073b01965e7ae3a0ff3123d81e0ec03858824a3cac04a9c34e95989fd5c82d89ff40aa3cae21e04c68d344eed7bdd61ca92ef1c42ae40b92a66c55e41c0d8802acc4d226d0d684fbb2f7370751babb974c3dd3dfcd6e348a2c22e006e8 +E = 0x0000000098ffb +N = 0xb43d4a446de45aa8f336b93a4c5923f3a5386ef8dd1e94c42300de0880e9bd0828fb32e36e4c50cbf666037a8f2e05f45773896c10aea975b3dbf4c4cdfc24a038c5c06d361baf84c38fc22c03a36b9dce38e090111d9c1323d7a77d3e04b713faf740965a9e1883ee3775489ab514ce480786f9eb741c60ab896a9d6eae3a53ed9268768c21f79e30759e0b01ab7fa224ea8229c293780058f258e9226d7374ac425ef1d2b6e06e5b263df0c6d66c00ed26cbf246a5af0a0163336886ef8d929b37749a08f0ec1db05973a8afc81778b6cc9106f92b1453f1528697b1dc8dd0b255e801060fe179b2d10a9c4c3e13f3c56fa6d55166f6461af4aaf4f4168fd5ea6dadedaa3f9f1de4de993d8844357c0af79a090ecc80570c641545beb42a1248a52de612f2e0f8834496331a7354f7eb91a1943b5cb3b6cf198451735fb554922f04f009a52a15d99369adc2e46b09bb871f4f3ec1905acd792b8c81a3d74b316ff9d20b93f48817ae618677dc9451f582ec9995f44552f4244953cde83f11 +Msg = dddb05cb9bf10c14e7dd1e9f3b3d2b329a17f31676281011d2783794a432bb347db3525e6be11c471fbee1234b3d9b974e543470135290953673ce3a69b1cb5717dee85947f00e17c29cef0778268eb2207701651f70752aab7e74f6306e6324f2834f22f5c6e96b1a9eceb58aa00c6b57a8e25d6129c8b777c1af2fbf118a83 +Signature = 11107c6da7a76dba8ce8de3d5c90c6bccaf33fb9a7ec4d40a97fbcdebaf6e65c095b67dfa171c54a3364a6ded718e1bebbb497d15f1de133b58297e08c1b200f8466579cb8e9c3dbe5f724282e5bb28570a41d8d35ad6e131eb2a1d329d8b08d10faf76fdbe74217a276936b1593b1d3a11891d18641c0bee0c37e68bf75add9e7dcf3b9b4413fa3ec90676038161f68fe3af64d69a16fc22c8ea7c06f86bcbba6679b6fa45858c87ec2da8896920dfd77fd16d953e984624203cc2178d220fa47ba9a6ddbe759db3dc4224c7ccb09b29e200722a745d3329209323a082a3f7a2c624b4053fa42183dd22b7f49c4569f8c3d49515753b993ef8122c36985e96a3289af8d6e22934bbcf7551b1570923158d1b554c13f4fe08faff4898be92f6e66ff74a80b13703e0d2665db715c559e68bead6f6b7593f02efbd68c676256ae8695a51dab90e32986697f4ede076628176ca6b651918d749fd01a16a87adaad4aae93b8c05d92565ec68217aaab967623da3e5a5095642cc17d730a6d959cfa -Padding = EMSA4(SHA-512) -E = 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b3f57f +E = 0x0000000b3f57f N = 0xa3f2235ad2053b4c83fa38f8284ed805421621fe98845fb01b689f5b82b32511b6d16173e7b40a66a3a999c189beb9e06822150ac8be677186370c823b5277d909de07564e281cca2f13873d9d07b7bd85a2b9ac66f4ce4f5e38b8e9eebec04c8caf311e375d69e80851d559b8e90e85ba6b96476790f727c25aa8163062ec8543fcc7759be62c7768ecc37f340bb06102762bf0441ca1aa2c7a81bf37dc8b27439d3abba93812c9bb44fe4d6a94baae709379f5ce5d0c8f81d00086b9caa3026819588f491b525807899cdab33d8e992150d2b105d3aab615217c6a3d740831c7dc76faabd9c9b9817ead0b494566de1433fff5ba4604c6b8446f6fc35e746aff84ff8bd7500410d10e82bf4c9036489de47dee9a327a5c4510d8561321b91d55559a4cba85e0c361767084b25217e8a63c4e151a1e88689feecffd16fa0a65ae41d2babca99cf1b959c3c076c0f75974146f2cc494126fbecad4217b9aaa00f169fa512527ff5a0b50da46d6be870ecef2af7a1e6c4556f6f7a0a00b9f47cb Msg = be2f3e1dc8a3711570401bd535185426944d094e8481a12a438de07d54760c88c99d4fdbbe355d6a26fa56e3ca20ee3f8e8acb98f63d2f3aea14d6fcb6b522d155c3759aef56de3ea0a8f9fd7b111001cf358636a87c765c99c2975bb95063d6ec0b780264ec3eb967b0caca52d10294deb402d3a224bfb9d9ffea41662f18c0 Signature = 787cdd6e1d4fdf9a0d9f965eb85725232a9efcc12abfa1ef25a81e0983111d9000d494fc7d3201eb3bba327302727f7086147a755b4827030c7276536f425593ab2e9127a149e754de7ad77f8c2043267db49f8a35031d83f13d140d5df4d424b47454041a23b92ff6818e749d65d01fc50bebf69152f3f5fcb4873b1036219e22b1e74f8368c8c501ce65f2c929d90a8ec899630e802547a7ca6ef18ab3cb3eb4a691ee68aebeaf1b9c055ad12218039cf480cd8d294332c5e16ebbe6af11f8f4bf49f9b4ed2f511126ae780a3b784be8f4426abd17f8600074483f2af3b71a8964c6e0fa00049a1d940d34cc08839e0c59253d99e90d17871d489674695663626166d36ff91d8c2299a2f051eae2d60e8ed0bc3fac1e490b470c12f3d697f6fbfd880de2e90e9fcbd485fa3393198372fb01e4cec5c15917ecdd42e57c43ecf55a8c0ecbdcef1bce4e36d96d46b112570b53f82f3d2064b08ac78613670a28ea69d79c717eb1c294090dbd561fa6e504d09d265724e37a2dc6f445f6f528c9 # from RSA: ftp://ftp.rsa.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip -Padding = EMSA4(SHA-1) +[PSSR(SHA-1)] E = 0x010001 N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 Msg = cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0 Signature = 9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 Msg = 851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e Signature = 3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 Msg = a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470 Signature = 666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 Msg = bc656747fa9eafb3f0 Signature = 4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 Msg = b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4 Signature = 1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137 Msg = 10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73 Signature = 2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 Msg = daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360 Signature = 014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 Msg = e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe Signature = 010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 Msg = 52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1 Signature = 007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 Msg = a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff Signature = 009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 Msg = 86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f Signature = 00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9 Msg = 049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1 Signature = 00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6 # THIS TEST FAILS -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 Msg = 594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057 Signature = 0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 Msg = 8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451 Signature = 02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 Msg = 1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051 Signature = 0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 Msg = 8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec Signature = 0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 Msg = fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64 Signature = 021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443 Msg = efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb Signature = 012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 Msg = 9fb03b827c8217d9 Signature = 0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 Msg = 0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f Signature = 049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 Msg = 288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca Signature = 03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 Msg = 6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee Signature = 0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 Msg = e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73 Signature = 022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705 Msg = afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50 Signature = 00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 Msg = 30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29 Signature = 0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 Msg = e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469 Signature = 08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 Msg = 8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b Signature = 05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 Msg = 328c659e0a6437433cceb73c14 Signature = 0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 Msg = f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e Signature = 0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507 Msg = c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282 Signature = 02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 Msg = 0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c Signature = 04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 Msg = 2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715 Signature = 0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 Msg = 0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41 Signature = 086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 Msg = 337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf Signature = 0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 Msg = 84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73 Signature = 02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1 Msg = 9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183 Signature = 0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 Msg = 9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9 Signature = 187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 Msg = 8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3 Signature = 10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 Msg = 808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9 Signature = 2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 Msg = f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c Signature = 32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 Msg = 45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032 Signature = 07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3 Msg = 2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf Signature = 18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f Msg = 81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb Signature = 0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f Msg = e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08 Signature = 2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f Msg = e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7 Signature = 2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f Msg = dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8 Signature = 1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f Msg = 04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef Signature = 33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee -Padding = EMSA4(SHA-1) E = 0x010001 N = 0x495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f Msg = 0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd Signature = 1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b Msg = a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5 Signature = 586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b Msg = c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e Signature = 80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b Msg = 0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594 Signature = 484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b Msg = 1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8 Signature = 84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b Msg = 1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341 Signature = 82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xe6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b Msg = 88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797 Signature = a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 Msg = 883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609 Signature = 82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 Msg = dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac Signature = 14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3 -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 Msg = 48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db Signature = 6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 Msg = 0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a Signature = 34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 Msg = f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916 Signature = 7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc -Padding = EMSA4(SHA-1) E = 0x010001 N = 0xa5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05 Msg = 25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7 diff --git a/src/tests/data/pubkey/rsaes.vec b/src/tests/data/pubkey/rsaes.vec index 7fdcc55081..41f210d014 100644 --- a/src/tests/data/pubkey/rsaes.vec +++ b/src/tests/data/pubkey/rsaes.vec @@ -1,4 +1,5 @@ +[Raw] E = 0x3ED19 P = 0xD987D71CC924C479D30CD88570A626E15F0862A9A138874F7016684216984215 Q = 0xC5660F33AB35E41CB10A30D3A58354ADB5CC3243342C22E1A5BCCB79C391A533 @@ -449,11 +450,11 @@ Q = 9884316625114045938135045530849401940672007534262087527452976426413821057236 Msg = 35068206D5C287A47F95BD8ECD11E557D86EDDC993FCAD94F03D86C1BC97E2B268E637ED1A6B0EE459214E0F61099B74469AD36A3A37217182C42B0C48A4B413 Ciphertext = 261D5A9298BE592400EE703BC27C2A16761F6C855607D9AA62A9B36307FC51006EEE06E59C55C9606FFBCF8DF74A98B5C9FBD17F0D7ABB867B4A7CB8DD5DC15D +[OAEP(SHA-1)] E = 3 P = 13382703241232033579067245875944151729789989814112534336160941721231954473486436706919526807249646763617103882578575850541499816829940318031851338680577043 Q = 13125264856842772189945745184313539520638397121792884775317257486086623091835930470769837093366916043447359999537079307756936671459051755793135700239676017 Msg = B2207519BAFEA1FFA5561CE47F903CE59DA9FE82DA7D4C867A92F28F180D -Padding = EME1(SHA-1) Nonce = FC0DBB14EEF2D2FBD6D75C7D920D96F5057C45DA Ciphertext = C1659606D25D6D3274B0380373D8F0F740EECFBE0E7C5AF20F22ADFE54063E0DB5AA23737992C216A66550E8B0D1730684588B1CA0FEAC63680A7EAC2EB6DD73EA5B2DFDFE2A41C47D28027E9400FD71A2A8109271993C629A39A9B006AA11ABE798FCB1297BCA3B42CE1BFCE817928DC3BDD7661BFB2CFEA5B1C2D02B48B821 @@ -461,7 +462,6 @@ E = 65537 P = 109540052440968042921698045789892582895744443681665759042409080417548762872287 Q = 94989729539940729337205201522386254048733728973529732517382043774386971448673 Msg = A3208DF23DFB014D257B4C3D7238A857AD -Padding = EME1(SHA-1) Nonce = 0E151CD5DD9014F9BCE7BB3500D1E3A7EF3F36F8 Ciphertext = 374FCFFE225903D58CE988FC469AF9B6D660A90A48FFB7DCE207888D871587D50494260231664CB03C18A427B04BED666770B503B6EF08632A00D9D03888B1A0 @@ -469,7 +469,6 @@ E = 65537 P = 376875813744188336444254174392754065258358977261789553032476304099885095852003 Q = 182334861951888732447921403146116780447120952951306907382383467026688268692707 Msg = 8F6B78A9F0D0F35BEFD38B -Padding = EME1(SHA-1) Nonce = 25D6DBAA5DEA01099646C5DD25589A10C414B6AE Ciphertext = 0091AA69E80C2690C78B99D5BB71002BDF019B12CC6ED5F7ADB0D2AF7284D1E2FE14E372C71FEBBCE91309D7D18EC979DACCFE11799E31BEFF9B4D25D2B9DEF8DD @@ -477,7 +476,6 @@ E = 65537 P = 790816078197252280582277651690857309244386891300287548104691844141717560847863 Q = 359413696455144150319265705408667411425393190887560590834611438719516684915919 Msg = E729D4D596553F96AF -Padding = EME1(SHA-1) Nonce = 36FBC9529B999745EF9F19DF5A7C4E783013C661 Ciphertext = 02A9176EF95FD74880B641C1E67367F3780B59456EBBDC05A4B6EEC3D3F8B8EDE063DD1E2300E24CFABF475C8F3BCCF987C043A9A839976ED7B3995752EB3A746B @@ -485,7 +483,6 @@ E = 65539 P = 3107302076066166751801914578908051910822149056108712362311484904220784347261423 Q = 1574224726761151474032574427980951789950105943472706068767361609602582513548893 Msg = 45A04558B8 -Padding = EME1(SHA-1) Nonce = 6587ECBA1C8A7BA7C2A8B4DAE9D4076D85CAA2FE Ciphertext = 011F8E0F8A7FAF157D2C5938B137AE3A8A2158F9784E1F09E205A7C7C71505E7D50DB8E967B1CC637EDB766B12570328B7C7832DAE3F79C25D14F26DF0729F726C80 @@ -493,7 +490,6 @@ E = 11 P = 35120983107766812261428279712000613031111015598796266433322360120215673403061167800630780537321394553476917072410979 Q = 30743741671817967446027282741120369010107722245487842291067113270554532228419162492541831898534812103299456964505753 Msg = F5BF1834145D40D0A09D6331204035F76EB7DC981734E09CD1D755B46484675A447F8E58DDCE287D6B8CAE8BCCE3833A9A5F -Padding = EME1(SHA-1) Nonce = C91DFAC04EBDD389B0A172520B3D189C6E19FDFB Ciphertext = 75CBD6ABBDDA5A8DF4470955E212778FD872B0816E659C42F9D796A48ED86EAEFFAE39EB4D25A218A5EB6252DAC6A73DA23B35D967286C673FC9A603AC9B2803A8F75BAA72A22A3601FC0A1AD9923CF8A75B749126E2C98BD3AEB4EE2FE3452F @@ -501,7 +497,6 @@ E = 0x10001 P = 0xD32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D Q = 0xCC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77 Msg = 6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34 -Padding = EME1(SHA-1) Nonce = 18B776EA21069D69776A33E96BAD48E1DDA0A5EF Ciphertext = 354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A @@ -509,7 +504,6 @@ E = 0x10001 P = 0xD32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D Q = 0xCC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77 Msg = D94AE0832E6445CE42331CB06D531A82B1DB4BAAD30F746DC916DF24D4E3C2451FFF59A6423EB0E1D02D4FE646CF699DFD818C6E97B051 -Padding = EME1(SHA-1) Nonce = 2514DF4695755A67B288EAF4905C36EEC66FD2FD Ciphertext = 423736ED035F6026AF276C35C0B3741B365E5F76CA091B4E8C29E2F0BEFEE603595AA8322D602D2E625E95EB81B2F1C9724E822ECA76DB8618CF09C5343503A4360835B5903BC637E3879FB05E0EF32685D5AEC5067CD7CC96FE4B2670B6EAC3066B1FCF5686B68589AAFB7D629B02D8F8625CA3833624D4800FB081B1CF94EB @@ -517,7 +511,6 @@ E = 0x10001 P = 0xD32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D Q = 0xCC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77 Msg = 26521050844271 -Padding = EME1(SHA-1) Nonce = E4EC0982C2336F3A677F6A356174EB0CE887ABC2 Ciphertext = 42CEE2617B1ECEA4DB3F4829386FBD61DAFBF038E180D837C96366DF24C097B4AB0FAC6BDF590D821C9F10642E681AD05B8D78B378C0F46CE2FAD63F74E0AD3DF06B075D7EB5F5636F8D403B9059CA761B5C62BB52AA45002EA70BAACE08DED243B9D8CBD62A68ADE265832B56564E43A6FA42ED199A099769742DF1539E8255 @@ -525,7 +518,6 @@ E = 0x10001 P = 0x0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43 Q = 0x012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7 Msg = 8FF00CAA605C702830634D9A6C3D42C652B58CF1D92FEC570BEEE7 -Padding = EME1(SHA-1) Nonce = 8C407B5EC2899E5099C53E8CE793BF94E71B1782 Ciphertext = 0181AF8922B9FCB4D79D92EBE19815992FC0C1439D8BCD491398A0F4AD3A329A5BD9385560DB532683C8B7DA04E4B12AED6AACDF471C34C9CDA891ADDCC2DF3456653AA6382E9AE59B54455257EB099D562BBE10453F2B6D13C59C02E10F1F8ABB5DA0D0570932DACF2D0901DB729D0FEFCC054E70968EA540C81B04BCAEFE720E @@ -533,7 +525,6 @@ E = 0x10001 P = 0x0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43 Q = 0x012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7 Msg = A7EB2A5036931D27D4E891326D99692FFADDA9BF7EFD3E34E622C4ADC085F721DFE885072C78A203B151739BE540FA8C153A10F00A -Padding = EME1(SHA-1) Nonce = 9A7B3B0E708BD96F8190ECAB4FB9B2B3805A8156 Ciphertext = 00A4578CBC176318A638FBA7D01DF15746AF44D4F6CD96D7E7C495CBF425B09C649D32BF886DA48FBAF989A2117187CAFB1FB580317690E3CCD446920B7AF82B31DB5804D87D01514ACBFA9156E782F867F6BED9449E0E9A2C09BCECC6AA087636965E34B3EC766F2FE2E43018A2FDDEB140616A0E9D82E5331024EE0652FC7641 @@ -541,7 +532,6 @@ E = 0x10001 P = 0x0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43 Q = 0x012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7 Msg = 2EF2B066F854C33F3BDCBB5994A435E73D6C6C -Padding = EME1(SHA-1) Nonce = EB3CEBBC4ADC16BB48E88C8AEC0E34AF7F427FD3 Ciphertext = 00EBC5F5FDA77CFDAD3C83641A9025E77D72D8A6FB33A810F5950F8D74C73E8D931E8634D86AB1246256AE07B6005B71B7F2FB98351218331CE69B8FFBDC9DA08BBC9C704F876DEB9DF9FC2EC065CAD87F9090B07ACC17AA7F997B27ACA48806E897F771D95141FE4526D8A5301B678627EFAB707FD40FBEBD6E792A25613E7AEC @@ -549,7 +539,6 @@ E = 0x10001 P = 0x0159DBDE04A33EF06FB608B80B190F4D3E22BCC13AC8E4A081033ABFA416EDB0B338AA08B57309EA5A5240E7DC6E54378C69414C31D97DDB1F406DB3769CC41A43 Q = 0x012B652F30403B38B40995FD6FF41A1ACC8ADA70373236B7202D39B2EE30CFB46DB09511F6F307CC61CC21606C18A75B8A62F822DF031BA0DF0DAFD5506F568BD7 Msg = 2D -Padding = EME1(SHA-1) Nonce = B600CF3C2E506D7F16778C910D3A8B003EEE61D5 Ciphertext = 018759FF1DF63B2792410562314416A8AEAF2AC634B46F940AB82D64DBF165EEE33011DA749D4BAB6E2FCD18129C9E49277D8453112B429A222A8471B070993998E758861C4D3F6D749D91C4290D332C7A4AB3F7EA35FF3A07D497C955FF0FFC95006B62C6D296810D9BFAB024196C7934012C2DF978EF299ABA239940CBA10245 @@ -557,7 +546,6 @@ E = 0x10001 P = 0x01BF01D216D73595CF0270C2BEB78D40A0D8447D31DA919A983F7EEA781B77D85FE371B3E9373E7B69217D3150A02D8958DE7FAD9D555160958B4454127E0E7EAF Q = 0x018D3399658166DB3829816D7B295416759E9C91987F5B2D8AECD63B04B48BD7B2FCF229BB7F8A6DC88BA13DD2E39AD55B6D1A06160708F9700BE80B8FD3744CE7 Msg = 087820B569E8FA8D -Padding = EME1(SHA-1) Nonce = 8CED6B196290805790E909074015E6A20B0C4894 Ciphertext = 026A0485D96AEBD96B4382085099B962E6A2BDEC3D90C8DB625E14372DE85E2D5B7BAAB65C8FAF91BB5504FB495AFCE5C988B3F6A52E20E1D6CBD3566C5CD1F2B8318BB542CC0EA25C4AAB9932AFA20760EADDEC784396A07EA0EF24D4E6F4D37E5052A7A31E146AA480A111BBE926401307E00F410033842B6D82FE5CE4DFAE80 @@ -565,7 +553,6 @@ E = 0x10001 P = 0x01BF01D216D73595CF0270C2BEB78D40A0D8447D31DA919A983F7EEA781B77D85FE371B3E9373E7B69217D3150A02D8958DE7FAD9D555160958B4454127E0E7EAF Q = 0x018D3399658166DB3829816D7B295416759E9C91987F5B2D8AECD63B04B48BD7B2FCF229BB7F8A6DC88BA13DD2E39AD55B6D1A06160708F9700BE80B8FD3744CE7 Msg = 6CC641B6B61E6F963974DAD23A9013284EF1 -Padding = EME1(SHA-1) Nonce = 6E2979F52D6814A57D83B090054888F119A5B9A3 Ciphertext = 02994C62AFD76F498BA1FD2CF642857FCA81F4373CB08F1CBAEE6F025C3B512B42C3E8779113476648039DBE0493F9246292FAC28950600E7C0F32EDF9C81B9DEC45C3BDE0CC8D8847590169907B7DC5991CEB29BB0714D613D96DF0F12EC5D8D3507C8EE7AE78DD83F216FA61DE100363ACA48A7E914AE9F42DDFBE943B09D9A0 @@ -573,7 +560,6 @@ E = 0x10001 P = 0x027458C19EC1636919E736C9AF25D609A51B8F561D19C6BF6943DD1EE1AB8A4A3F232100BD40B88DECC6BA235548B6EF792A11C9DE823D0A7922C7095B6EBA5701 Q = 0x0210EE9B33AB61716E27D251BD465F4B35A1A232E2DA00901C294BF22350CE490D099F642B5375612DB63BA1F20386492BF04D34B3C22BCEB909D13441B53B5139 Msg = 4A86609534EE434A6CBCA3F7E962E76D455E3264C19F605F6E5FF6137C65C56D7FB344CD52BC93374F3D166C9F0C6F9C506BAD19330972D2 -Padding = EME1(SHA-1) Nonce = 1CAC19CE993DEF55F98203F6852896C95CCCA1F3 Ciphertext = 04CCE19614845E094152A3FE18E54E3330C44E5EFBC64AE16886CB1869014CC5781B1F8F9E045384D0112A135CA0D12E9C88A8E4063416DEAAE3844F60D6E96FE155145F4525B9A34431CA3766180F70E15A5E5D8E8B1A516FF870609F13F896935CED188279A58ED13D07114277D75C6568607E0AB092FD803A223E4A8EE0B1A8 @@ -581,7 +567,6 @@ E = 0x10001 P = 0x027458C19EC1636919E736C9AF25D609A51B8F561D19C6BF6943DD1EE1AB8A4A3F232100BD40B88DECC6BA235548B6EF792A11C9DE823D0A7922C7095B6EBA5701 Q = 0x0210EE9B33AB61716E27D251BD465F4B35A1A232E2DA00901C294BF22350CE490D099F642B5375612DB63BA1F20386492BF04D34B3C22BCEB909D13441B53B5139 Msg = B0ADC4F3FE11DA59CE992773D9059943C03046497EE9D9F9A06DF1166DB46D98F58D27EC074C02EEE6CBE2449C8B9FC5080C5C3F4433092512EC46AA793743C8 -Padding = EME1(SHA-1) Nonce = F545D5897585E3DB71AA0CB8DA76C51D032AE963 Ciphertext = 0097B698C6165645B303486FBF5A2A4479C0EE85889B541A6F0B858D6B6597B13B854EB4F839AF03399A80D79BDA6578C841F90D645715B280D37143992DD186C80B949B775CAE97370E4EC97443136C6DA484E970FFDB1323A20847821D3B18381DE13BB49AAEA66530C4A4B8271F3EAE172CD366E07E6636F1019D2A28AED15E @@ -589,7 +574,6 @@ E = 0x10001 P = 0x03B0D3962F6D17549CBFCA11294348DCF0E7E39F8C2BC6824F2164B606D687860DAE1E632393CFEDF513228229069E2F60E4ACD7E633A436063F82385F48993707 Q = 0x02E4C32E2F517269B7072309F00C0E31365F7CE28B236B82912DF239ABF39572CF0ED604B02982E53564C52D6A05397DE5C052A2FDDC141EF7189836346AEB331F Msg = AF71A901E3A61D3132F0FC1FDB474F9EA6579257FFC24D164170145B3DBDE8 -Padding = EME1(SHA-1) Nonce = 44C92E283F77B9499C603D963660C87D2F939461 Ciphertext = 036046A4A47D9ED3BA9A89139C105038EB7492B05A5D68BFD53ACCFF4597F7A68651B47B4A4627D927E485EED7B4566420E8B409879E5D606EAE251D22A5DF799F7920BFC117B992572A53B1263146BCEA03385CC5E853C9A101C8C3E1BDA31A519807496C6CB5E5EFB408823A352B8FA0661FB664EFADD593DEB99FFF5ED000E5 @@ -597,7 +581,6 @@ E = 0x10001 P = 0x03B0D3962F6D17549CBFCA11294348DCF0E7E39F8C2BC6824F2164B606D687860DAE1E632393CFEDF513228229069E2F60E4ACD7E633A436063F82385F48993707 Q = 0x02E4C32E2F517269B7072309F00C0E31365F7CE28B236B82912DF239ABF39572CF0ED604B02982E53564C52D6A05397DE5C052A2FDDC141EF7189836346AEB331F Msg = 15C5B9EE1185 -Padding = EME1(SHA-1) Nonce = 49FA45D3A78DD10DFD577399D1EB00AF7EED5513 Ciphertext = 0812B76768EBCB642D040258E5F4441A018521BD96687E6C5E899FCD6C17588FF59A82CC8AE03A4B45B31299AF1788C329F7DCD285F8CF4CED82606B97612671A45BEDCA133442144D1617D114F802857F0F9D739751C57A3F9EE400912C61E2E6992BE031A43DD48FA6BA14EEF7C422B5EDC4E7AFA04FDD38F402D1C8BB719ABF @@ -605,7 +588,6 @@ E = 0x10001 P = 0x04A6CE8B7358DFA69BDCF742617005AFB5385F5F3A58A24EF74A22A8C05CB7CC38EBD4CC9D9A9D789A62CD0F60F0CB941D3423C9692EFA4FE3ADFF290C4749A38B Q = 0x0404C9A803371FEDB4C5BE39F3C00B009E5E08A63BE1E40035CDACA5011CC701CF7EEBCB99F0FFE17CFD0A4BF7BEFD2DD536AC946DB797FDBC4ABE8F29349B91ED Msg = 684E3038C5C041F7 -Padding = EME1(SHA-1) Nonce = 3BBC3BD6637DFE12846901029BF5B0C07103439C Ciphertext = 008E7A67CACFB5C4E24BEC7DEE149117F19598CE8C45808FEF88C608FF9CD6E695263B9A3C0AD4B8BA4C95238E96A8422B8535629C8D5382374479AD13FA39974B242F9A759EEAF9C83AD5A8CA18940A0162BA755876DF263F4BD50C6525C56090267C1F0E09CE0899A0CF359E88120ABD9BF893445B3CAE77D3607359AE9A52F8 @@ -613,7 +595,6 @@ E = 0x10001 P = 0x04A6CE8B7358DFA69BDCF742617005AFB5385F5F3A58A24EF74A22A8C05CB7CC38EBD4CC9D9A9D789A62CD0F60F0CB941D3423C9692EFA4FE3ADFF290C4749A38B Q = 0x0404C9A803371FEDB4C5BE39F3C00B009E5E08A63BE1E40035CDACA5011CC701CF7EEBCB99F0FFE17CFD0A4BF7BEFD2DD536AC946DB797FDBC4ABE8F29349B91ED Msg = 4046CA8BAA3347CA27F49E0D81F9CC1D71BE9BA517D4 -Padding = EME1(SHA-1) Nonce = DD0F6CFE415E88E5A469A51FBBA6DFD40ADB4384 Ciphertext = 0630EEBCD2856C24F798806E41F9E67345EDA9CEDA386ACC9FACAEA1EEED06ACE583709718D9D169FADF414D5C76F92996833EF305B75B1E4B95F662A20FAEDC3BAE0C4827A8BF8A88EDBD57EC203A27A841F02E43A615BAB1A8CAC0701DE34DEBDEF62A088089B55EC36EA7522FD3EC8D06B6A073E6DF833153BC0AEFD93BD1A3 @@ -621,7 +602,6 @@ E = 0x10001 P = 0x0749262C111CD470EC2566E6B3732FC09329469AA19071D3B9C01906514C6F1D26BAA14BEAB0971C8B7E611A4F79009D6FEA776928CA25285B0DE3643D1A3F8C71 Q = 0x06BC1E50E96C02BF636E9EEA8B899BBEBF7651DE77DD474C3E9BC23BAD8182B61904C7D97DFBEBFB1E00108878B6E67E415391D67942C2B2BF9B4435F88B0CB023 Msg = 47AAE909 -Padding = EME1(SHA-1) Nonce = 43DD09A07FF4CAC71CAA4632EE5E1C1DAEE4CD8F Ciphertext = 1688E4CE7794BBA6CB7014169ECD559CEDE2A30B56A52B68D9FE18CF1973EF97B2A03153951C755F6294AA49ADBDB55845AB6875FB3986C93ECF927962840D282F9E54CE8B690F7C0CB8BBD73440D9571D1B16CD9260F9EAB4783CC482E5223DC60973871783EC27B0AE0FD47732CBC286A173FC92B00FB4BA6824647CD93C85C1 @@ -629,7 +609,6 @@ E = 0x10001 P = 0x0749262C111CD470EC2566E6B3732FC09329469AA19071D3B9C01906514C6F1D26BAA14BEAB0971C8B7E611A4F79009D6FEA776928CA25285B0DE3643D1A3F8C71 Q = 0x06BC1E50E96C02BF636E9EEA8B899BBEBF7651DE77DD474C3E9BC23BAD8182B61904C7D97DFBEBFB1E00108878B6E67E415391D67942C2B2BF9B4435F88B0CB023 Msg = D4738623DF223AA43843DF8467534C41D013E0C803C624E263666B239BDE40A5F29AEB8DE79E3DAA61DD0370F49BD4B013834B98212AEF6B1C5EE373B3CB -Padding = EME1(SHA-1) Nonce = 7866314A6AD6F2B250A35941DB28F5864B585859 Ciphertext = 0AB14C373AEB7D4328D0AAAD8C094D88B9EB098B95F21054A29082522BE7C27A312878B637917E3D819E6C3C568DB5D843802B06D51D9E98A2BE0BF40C031423B00EDFBFF8320EFB9171BD2044653A4CB9C5122F6C65E83CDA2EC3C126027A9C1A56BA874D0FEA23F380B82CF240B8CF540004758C4C77D934157A74F3FC12BFAC @@ -637,7 +616,6 @@ E = 0x10001 P = 0x0A02EF8448D9FAD8BBD0D004C8C2AA9751EF9721C1B0D03236A54B0DF947CBAED5A255EE9E8E20D491EA1723FE094704A9762E88AFD16EBB5994412CA966DC4F9F Q = 0x092D362E7ED3A0BFD9E9FD0E6C0301B6DF29159CF50CC83B9B0CF4D6EEA71A61E002B46E0AE9F2DE62D25B5D7452D498B81C9AC6FC58593D4C3FB4F5D72DFBB0A9 Msg = 050B755E5E6880F7B9E9D692A74C37AAE449B31BFEA6DEFF83747A897F6C2C825BB1ADBF850A3C96994B5DE5B33CBC7D4A17913A7967 -Padding = EME1(SHA-1) Nonce = 7706FFCA1ECFB1EBEE2A55E5C6E24CD2797A4125 Ciphertext = 09B3683D8A2EB0FB295B62ED1FB9290B714457B7825319F4647872AF889B30409472020AD12912BF19B11D4819F49614824FFD84D09C0A17E7D17309D12919790410AA2995699F6A86DBE3242B5ACC23AF45691080D6B1AE810FB3E3057087F0970092CE00BE9562FF4053B6262CE0CAA93E13723D2E3A5BA075D45F0D61B54B61 @@ -645,7 +623,6 @@ E = 0x10001 P = 0x0A02EF8448D9FAD8BBD0D004C8C2AA9751EF9721C1B0D03236A54B0DF947CBAED5A255EE9E8E20D491EA1723FE094704A9762E88AFD16EBB5994412CA966DC4F9F Q = 0x092D362E7ED3A0BFD9E9FD0E6C0301B6DF29159CF50CC83B9B0CF4D6EEA71A61E002B46E0AE9F2DE62D25B5D7452D498B81C9AC6FC58593D4C3FB4F5D72DFBB0A9 Msg = 8604AC56328C1AB5AD917861 -Padding = EME1(SHA-1) Nonce = EE06209073CCA026BB264E5185BF8C68B7739F86 Ciphertext = 4BC89130A5B2DABB7C2FCF90EB5D0EAF9E681B7146A38F3173A3D9CFEC52EA9E0A41932E648A9D69344C50DA763F51A03C95762131E8052254DCD2248CBA40FD31667786CE05A2B7B531AC9DAC9ED584A59B677C1A8AED8C5D15D68C05569E2BE780BF7DB638FD2BFD2A85AB276860F3777338FCA989FFD743D13EE08E0CA9893F @@ -653,7 +630,6 @@ E = 0x10001 P = 0xFC8D6C04BEC4EB9A8192CA7900CBE536E2E8B519DECF33B2459798C6909DF4F176DB7D23190FC72B8865A718AF895F1BCD9145298027423B605E70A47CF58390A8C3E88FC8C48E8B32E3DA210DFBE3E881EA5674B6A348C21E93F9E55EA65EFD Q = 0xD200D45E788AACEA606A401D0460F87DD5C1027E12DC1A0D7586E8939D9CF789B40F51AC0442961DE7D21CC21E05C83155C1F2AA9193387CFDF956CB48D153BA270406F9BBBA537D4987D9E2F9942D7A14CBFFFEA74FECDDA928D23E259F5EE1 Msg = F735FD55BA92592C3B52B8F9C4F69AAA1CBEF8FE88ADD095595412467F9CF4EC0B896C59EDA16210E7549C8ABB10CDBC21A12EC9B6B5B8FD2F10399EB6 -Padding = EME1(SHA-1) Nonce = 8EC965F134A3EC9931E92A1CA0DC8169D5EA705C Ciphertext = 267BCD118ACAB1FC8BA81C85D73003CB8610FA55C1D97DA8D48A7C7F06896A4DB751AA284255B9D36AD65F37653D829F1B37F97B8001942545B2FC2C55A7376CA7A1BE4B1760C8E05A33E5AA2526B8D98E317088E7834C755B2A59B12631A182C05D5D43AB1779264F8456F515CE57DFDF512D5493DAB7B7338DC4B7D78DB9C091AC3BAF537A69FC7F549D979F0EFF9A94FDA4169BD4D1D19A69C99E33C3B55490D501B39B1EDAE118FF6793A153261584D3A5F39F6E682E3D17C8CD1261FA72 @@ -661,7 +637,6 @@ E = 0x10001 P = 0xFC8D6C04BEC4EB9A8192CA7900CBE536E2E8B519DECF33B2459798C6909DF4F176DB7D23190FC72B8865A718AF895F1BCD9145298027423B605E70A47CF58390A8C3E88FC8C48E8B32E3DA210DFBE3E881EA5674B6A348C21E93F9E55EA65EFD Q = 0xD200D45E788AACEA606A401D0460F87DD5C1027E12DC1A0D7586E8939D9CF789B40F51AC0442961DE7D21CC21E05C83155C1F2AA9193387CFDF956CB48D153BA270406F9BBBA537D4987D9E2F9942D7A14CBFFFEA74FECDDA928D23E259F5EE1 Msg = 53E6E8C729D6F9C319DD317E74B0DB8E4CCCA25F3C8305746E137AC63A63EF3739E7B595ABB96E8D55E54F7BD41AB433378FFB911D -Padding = EME1(SHA-1) Nonce = FCBC421402E9ECABC6082AFA40BA5F26522C840E Ciphertext = 232AFBC927FA08C2F6A27B87D4A5CB09C07DC26FAE73D73A90558839F4FD66D281B87EC734BCE237BA166698ED829106A7DE6942CD6CDCE78FED8D2E4D81428E66490D036264CEF92AF941D3E35055FE3981E14D29CBB9A4F67473063BAEC79A1179F5A17C9C1832F2838FD7D5E59BB9659D56DCE8A019EDEF1BB3ACCC697CC6CC7A778F60A064C7F6F5D529C6210262E003DE583E81E3167B89971FB8C0E15D44FFFEF89B53D8D64DD797D159B56D2B08EA5307EA12C241BD58D4EE278A1F2E @@ -669,7 +644,6 @@ E = 0x10001 P = 0xECF5AECD1E5515FFFACBD75A2816C6EBF49018CDFB4638E185D66A7396B6F8090F8018C7FD95CC34B857DC17F0CC6516BB1346AB4D582CADAD7B4103352387B70338D084047C9D9539B6496204B3DD6EA442499207BEC01F964287FF6336C3984658336846F56E46861881C10233D2176BF15A5E96DDC780BC868AA77D3CE769 Q = 0xBC46C464FC6AC4CA783B0EB08A3C841B772F7E9B2F28BABD588AE885E1A0C61E4858A0FB25AC299990F35BE85164C259BA1175CDD7192707135184992B6C29B746DD0D2CABE142835F7D148CC161524B4A09946D48B828473F1CE76B6CB6886C345C03E05F41D51B5C3A90A3F24073C7D74A4FE25D9CF21C75960F3FC3863183 Msg = BCDD190DA3B7D300DF9A06E22CAAE2A75F10C91FF667B7C16BDE8B53064A2649A94045C9 -Padding = EME1(SHA-1) Nonce = 5CACA6A0F764161A9684F85D92B6E0EF37CA8B65 Ciphertext = 6318E9FB5C0D05E5307E1683436E903293AC4642358AAA223D7163013ABA87E2DFDA8E60C6860E29A1E92686163EA0B9175F329CA3B131A1EDD3A77759A8B97BAD6A4F8F4396F28CF6F39CA58112E48160D6E203DAA5856F3ACA5FFED577AF499408E3DFD233E3E604DBE34A9C4C9082DE65527CAC6331D29DC80E0508A0FA7122E7F329F6CCA5CFA34D4D1DA417805457E008BEC549E478FF9E12A763C477D15BBB78F5B69BD57830FC2C4ED686D79BC72A95D85F88134C6B0AFE56A8CCFBC855828BB339BD17909CF1D70DE3335AE07039093E606D655365DE6550B872CD6DE1D440EE031B61945F629AD8A353B0D40939E96A3C450D2A8D5EEE9F678093C8 @@ -677,7 +651,6 @@ E = 0x5 P = 0xC7FBA2CB9FB24C6034C9E239E9350080AC8B9CB2DC8D428C5A1DA727671796791021093809F5F79052ACACA1EC1ED7E019818D8B2D417E8FC60812EE1A67992B Q = 0xFD06033468C106ADBCAA26AC4B6BD24CF4919EA5EEB99458D6E3C758ED606D639AA3D3B0BC36CFCAEC3507AD0280BF6E9F9C3EBCF41A0B33A95CC6EEBBDD57EF Msg = 7730307421 -Padding = EME1(SHA-1) Nonce = 67C6697351FF4AEC29CDBAABF2FBE3467CC254F8 Ciphertext = 1A025CC4A2C1B8488760786162C62EC677F6546F329D84E6EE0DA11379573D1792526104BF637DE57807C4394C492919021DD81ADECE3530D8D2BC1802EC2E88A46C9C5E8FF11E34D7476530B7E11DE0236992DE29335549447122326366419901CA2F27E4A996512BDC650D76280A54D1DE2BE17D6E59EE1D156745036D8DC5 @@ -685,7 +658,6 @@ E = 0x11 P = 0xEECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599 Q = 0xC97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503 Msg = D436E99569FD32A7C8A05BBC90D32C49 -Padding = EME1(SHA-1) Nonce = AAFD12F659CAE63489B479E5076DDEC2F06CB58F Ciphertext = 1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955 @@ -693,7 +665,6 @@ E = 0x11 P = 0xC078DF95FFF0FC15570627120760AE74601094E47D0C879075B1F1A3EC33B2553490AB1484E588C18A62A166876C5FD1F9790C265CD5ECB5ADA8BE03D5ACE4DF Q = 0xCDECBA049D6379CAF66158D85E5A1CA40ECFB849E832109B6E018DBE5F2DC8D863DDC8DF00D93BBAD5AA1EEEF896AEF694D253C11B806547D8F3621F6C0B7041 Msg = 7730307421 -Padding = EME1(SHA-1) Nonce = 67C6697351FF4AEC29CDBAABF2FBE3467CC254F8 Ciphertext = 40BD2CCDFEB88BDBF6AE80EE37045142EEBA60D51063335F6145BD30223A1635D18C4E67FAD80D158BFA711A6BBCCCE8980A171027083D2D4E6B7DA2C465ADDBD1F44350C51A9E03D808EB5784F0A3602B7E23903CE4530DF3D45829375E11137FCD639874F71E68742B9C145D21ADF4C4C8416B54AC4A01B25AB4CF1570CFBD @@ -701,7 +672,6 @@ E = 0x13 P = 0xC975657B7786E7335EA9B72E0DFE6FA895F5F7CE9E559CED9E6C9960ECECFCC1EC9D515BD14849E798B4D699F7C2898B6C256A63EA5F33D2FD77A51232B722A3 Q = 0xD502E40CEA5B850C45E3BDE7E05EF0B13F4AE0DE9D93FCE969E5A119191785A63E5C181BD0CB3F440A1B519B3961B2FB519A8526BF29A3DA6DAC68261F70149B Msg = 7730307421 -Padding = EME1(SHA-1) Nonce = 67C6697351FF4AEC29CDBAABF2FBE3467CC254F8 Ciphertext = 4B4B2F855CE4E8D5675589DE93335E31C1EC3ADA263855252DF49BD4836DBF293E07BE72C537B9C7685B38F7C838E067BC9172DF032C1F7AE337310A41A5F103B00E662E3F78E04C234825A3DA6D31CC84D591EF5E8FE970ECC2C0B23E28046325D88534EC256FED8C501034F8017C771983A07EB60E396F97418AD903282B59 @@ -709,7 +679,6 @@ E = 0x67 P = 0xBEDC7B14D1A21178D999DAAF657792371C8E55D29DA042030BBCAF411D36FDD2F2A1F79DBEF6B61AF19A750562ED9C7A73386929951C9D330789504FB322C99B Q = 0xDA9ACA1C011181903DD4C24863408D49E4E134283CE92C65C842B753FBFBA4634024837D6C1C17C18254BD8CA696F85BFCEB2578BD41B2584F2F47D6B12C18F7 Msg = 7730307421 -Padding = EME1(SHA-1) Nonce = 67C6697351FF4AEC29CDBAABF2FBE3467CC254F8 Ciphertext = 11C86DA2269774A6F24161A81B25D913B1A8C9F7332D066F96AE896221BF0B3063C2254FF1B082721C18BE2BC3F0B1E0CEC028D8CEF7C762E985A6C327ECEE036070B9BCA0E6E41EF72B8404C7874CBA08E2D05612D69D11DD14C1EA42E605A292AB1C5A19C2F0EF39441225C783BC573775A28857F8AEFFF4C7748C164C8A79 @@ -717,7 +686,6 @@ E = 0xFFFB P = 0xC7479D7196291025D82523AC1840AAF09C3FF8844A444A9FED1C63996FD34566B75FB997746D175CB1B253C470AF4CBC5A0EB9969A85EF32A12C75053B8D7681 Q = 0xEC73649E669157A56375BEC8AA903491543605C6A55AA7E4C804A0A8854C136356485CF4595B5922FF408E2A364F19F8BA82D658CD179118227BAC50046802B1 Msg = 4B704138870B4D862914C2DEFB90810C845571168EA5178B -Padding = EME1(SHA-1) Nonce = 67C6697351FF4AEC29CDBAABF2FBE3467CC254F8 Ciphertext = 6BE76FF2B2C419CDAE62FD76AE165D0096E4FDD44C8936F8D906DD1F9D9323FF76C58C78E2E8A37828C40DCFF7906149BD6EE12A2E23D2AFEFF4BA5536674B64459410580DA9B4EA1400563A24967E0A0CB1D49B40AF76D0E34CD27158AC364726E7B5F10E3C155EFBD7936CE68CBA669D06DE721969E580F05F3B798C7821C0 @@ -725,7 +693,6 @@ E = 0x11 P = 0xFAEC2B060722051B29D1A7E1D3E060CE3CCBCB29CCFC68819F26BB7566B7C5BBD02C16C5A99E7F8EC22AA7050175DEA2C6C8939A24FBFD9015DA5C33C9E13985F6E788E3BB02771A4B273B4C9D376E8204E469EE1433CE4ADEE78FF6B0B96445673D5A0CB10156647B5F0418CC47A3469C6D0027D6AAEBC402D2DDBA1DA5B693 Q = 0xD4795D21407AB236151E75957B45907F27BCFCDC38A0D9E322B1F2810FADA35961527F1834B1909BDAFDD8D6B779C60694E36380BA45CFC786FD28C8310AEE6230432FBA0996E87D22F7792D101EA4C171AAE38956762E3EDB2DCC8919BA0269F9CDE6B3D95F6D9EC93D22D118FCC837B2EE5990D6E84CB181D3416FCFFA9A23 Msg = 7730307421 -Padding = EME1(SHA-1) Nonce = 67C6697351FF4AEC29CDBAABF2FBE3467CC254F8 Ciphertext = 67114A6F725F764D578FFB44F36CEB3A2B51CDEB1183AEA7201337DF4D2F9A0E7DADE80202AD35BE2C5A209E493D31437189B95C86B53EE4B849536F94782E0335E1501978588A525192001D2D1B1C521A31F94ADC1A3119D50E07318246D35261F44EB0C2677F0E358E486A82E2B971996C926474F3199A4686ABAE7AFE130FBF419FDB7B92CB69D8FCB7FD1536234C9B82409474F9968BF16CFBDFBB57EA34C01436A684B8C521A435462CB6A6EBDB5DA4D97AAD2662738810DBC40C2616D3241D47085D53D92518BB24D26B2D7E8404ABE334E6C4848DEE793F0EB6B61ACAD0BAAFB220CB2C9ECBCF9667ACA41661B21E0A68E187DCBB39C3D7C5C31A7771 @@ -733,7 +700,6 @@ E = 0x10001 P = 0xD32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D Q = 0xCC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77 Msg = 54657374206F6620454D453120286F75745B305D3D3D6F75745B315D3D3D3029 -Padding = EME1(SHA-1) Nonce = 55BF28124E5DCC8B92E4419464AAD74B9D489259 Ciphertext = 21154AF8EAAB2063615CE16397CB0AE8FA55C94D8DB6A1738F90CE17B1F2B77C57A5E2B7D892FCE8715B950070C2AEDCC6972A5B06BB20607D948FE755E24EBC408456375121DB3A0205F45030DC840EBFF0ED359449B670B3AB77B9E8167658DD73AE971C6B131F77C3A5143974393A2121F2F457146C7AA22DD56A7EEE86EB @@ -741,7 +707,6 @@ E = 0x10001 P = 0xD32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D Q = 0xCC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77 Msg = 454D45313A20286F75745B302C312C325D3D3D3029 -Padding = EME1(SHA-1) Nonce = 825B0D7E7CCA6E1DE021437268D678C0CB8427D2 Ciphertext = 039FB7DCBC3ED3DC57BF06055A269E47C00119FBF1F55FEF6E4174F9859C1BBEFC40B0A73E128FC5DF5DC6DA3C292BD13E428CB90A181983FA2383B092375B1B66FB2263174CD75266AD03B1DA49FC5BF69ED911017ACB87FA405DC118E8EE6926C7ADE4392802C8CBD26D7534B8347F9C6C40F7CB776857F45EFF31D6D17CA5 @@ -749,15 +714,14 @@ E = 0x10001 P = 0xD32737E7267FFE1341B2D5C0D150A81B586FB3132BED2F8D5262864A9CB9F30AF38BE448598D413A172EFB802C21ACF1C11C520C2F26A471DCAD212EAC7CA39D Q = 0xCC8853D1D54DA630FAC004F471F281C7B8982D8224A490EDBEB33D3E3D5CC93C4765703D1DD791642F1F116A0DD852BE2419B2AF72BFE9A030E860B0288B5D77 Msg = 454D45313A20286F75745B302C312C325D3D3D3029 -Padding = EME1(SHA-1) Nonce = 20A708C1E55F288CFAE84EE6A521D3268234673B Ciphertext = 80960E4DF6DBD44A685EF7175BDCC12A53EC5DB0C8CD2866D72C120274D0F52588A71E97B449B65A9E0D36AF3A6C3437440163444EA9CC03C26FC52596576B5467CAFB8F171A2156135FD8CE93F7BA2E1418A4646E977DE60B19F1E7140B28EFC241AB3068FD4F0B70332962F253D67B6FC41D60806D0E6B62A81C759C24F405 +[EME-PKCS1-v1_5] E = 3 P = 107871498844327805426477824655913535708145675560929640834074979129981634822447 Q = 89025645474364653597761935180174384298516593224911600154441707984529187725989 Msg = A7AAF7FC80A74D35A163A575173A094DB366949207150DBFFF1D0B9DB01A43 -Padding = EME-PKCS1-v1_5 Nonce = 77BA577E606EF4A69F7C66726923ECDAB4EFF065BCAB972AD9EEF7478C09 Ciphertext = AF1F80B3057046EDE4EB139FE4954141350325E0D8291D1431F73FB601F57DA605D986965EC3B141E7BD467108EC29003C7F56315E11FA89708588B7A562A738 @@ -765,7 +729,6 @@ E = 3 P = 114913762053528544202764484541371154239375052605890158602955949263867389449259 Q = 109894687290635208773391023636177155382452771657661462197086870923571791872877 Msg = 6ECA65B7FDB0986062B70E8C68171DCAF736 -Padding = EME-PKCS1-v1_5 Nonce = A83BC3A6BA075EDE453B7338CEE83BB8F5AE8B5968E3A99462181DC4E73F943B66E433F43D0E8E6F08DA14 Ciphertext = 1346A7E48F0ED39B333041451A0A293DBD8E1C906B21200A1AAC228DB8C9FC0A9A24DD2B434E2279051106BD625AE24DD1554704E57EC48D659AA3E9515D2B41 @@ -773,7 +736,6 @@ E = 65537 P = 103793652692889479604145227844656792682532170216948642476032852015926228384007 Q = 89173446269849294012890923025703856055134132864455765240993724031379489933153 Msg = 64E8425A6B898502A081B6B78A0546F4BF2DEB85E187ED -Padding = EME-PKCS1-v1_5 Nonce = 57893B2A6A4AA7863785AB8FFA68E81F3239BDA659E704833319DF5E3377AEC911AA90F205B1 Ciphertext = 871A94A51ED756EAD36EE976354D2D6DE467CA5B8C9D198FAFA6D5B24BFA674A20F89CF53B85F75F7E17481E212F2BF543AEC428B841C79E3E36CFD75BB7CA8D @@ -781,7 +743,6 @@ E = 65535 P = 432415771007597974957624156178799318860712283353308003447560475843063611184519 Q = 206256750182932457424055216578408364078987340514950324865789593945099777798567 Msg = 1548C7CEC500A26A59D493176E3B6ECECDC23FFBC485D75E4E20C978AD14F9C25CC19021C1328B1A061E317559A04326628222 -Padding = EME-PKCS1-v1_5 Nonce = 66832C587BB0FC43A7380A Ciphertext = 022092438BAB2CF4A6C50D71EE39419E2E11C9E9644E0B9C2221EF81098FE3188E9BE0E6E27C02A742571C0BD757C6B7F2160DCFA9A734AB6E90BDB0EF27DCD567 @@ -789,7 +750,6 @@ E = 0x5 P = 0xDA8D6D0AE1B959B8A446CE3807F195BC6737491490206535AC8F85E5D6E5C18F Q = 0xF74FE3F3CFC5BDF517A50A887676E7CC2D20C509758B7657ACAB73DFDD581D07 Msg = 426C696E672D426C696E672E -Padding = EME-PKCS1-v1_5 Nonce = C66FF974AC57FF20D15AADF04D472ECF48F945F50945822FDA962591C160072AAFAC9AB61302ABAD458A2528D610C73DCD Ciphertext = 11F10A948BAE2ED28555EE8B36028C8AE3001E8AE76DA4567A59DD59EE8B490E54617009CF6E346360BE39E22B432DD7B50F0C41BEB1A6DF655E486FD5D822AA @@ -797,7 +757,6 @@ E = 0xC3E9 P = 0xB90114E3BA96AD3076C08F63255E07A6BA0F46C0EC9332EB9081EA81100FFF2ED3F886DB2DE1CE4F01ABD44D477DA8E61B66C65A9FB666B1CA8F79FC7B3EF25F Q = 0xE67921A8F5C8C04169E8CCEDE6EE147CB3B1E139BFA6CB6789E24238CBBA10AD522B4BBA6F3B3138C7B038856F01C3735B2B61FDB18A47DB57D5B4B5B52B6E77 Msg = 426C696E672D426C696E672E -Padding = EME-PKCS1-v1_5 Nonce = 8D4557C36F53ECB344131ADE3F85684BD10DCE1B84BB9B95A8AAF565D73283C446251D7FAFAF6C84FB216C627EEBEBD0F38C0E4C2849BB5FD95E453C9F4729E8B54E0AA5700EA7ED197A0A64DA43AA33A0D232ED403F2DD5C519FD070242DBA46FAA023D4FCA255AABB85A9AEC28DB83A6 Ciphertext = 9642171747FA6A731DF3D17AE28EC0AA0FB8E4046CDC0170335610B1FEBA96738E4A7FB6BD7761A035B41161696A2270AD429C09980005307A6F154B65F6CCAE0C7C9CC1FC2E61BB52B5AE4AB41618023B673201D14C83DFADFDCB21BC7EF65FCB497A7625E324F1ABE70B045D465051C4668A02B5F38F25606FACFAF62296FD @@ -805,7 +764,6 @@ E = 0x11 P = 0xF233C84BB80BD0BCA772A629AFAE474650A81C10B863747364DF21776B1ED91939FE9011E45B6C317F7C913F1A2E9395797C2E778FB97A0B1F57AEF663213557 Q = 0xFB5B0E26BDD59E3494998727361831FDEC1715C0DB65E0FFF318A2BE9B33993B76984F868CA9179807F29C1DE6C5489C1D43C76BBB7959BBF85922016BCECC43 Msg = 4C65742773206F7665727468726F772074686520676F7665726E6D656E742120286D616B65207375726520746F20656E6372797074207374756666206C696B65207468617429 -Padding = EME-PKCS1-v1_5 Nonce = 2D76481668E437FBFD3DF446DF2BC5F7F0EAA857CB913E739D5CDB6042D32ACDBD332E5A99EDD3B4B210FC2937440EF8EDA3EEDE33D7B7 Ciphertext = 7B8F8AAC5BBC997CD4A1DE682FBB96AC8E80C6FC2102B1E7926D9AAD97BC10A46F981BE12F8F1B51F9A9E1F8D8B7AED9CC42F2AC0420368341D994D94207176679B5F2187FB6BD8F962B678CC379009D0A82ABB9933093371B71C6CDECEED957EE08962B0A94C7DCF40325E5CE38C61C81D327AAE5E140F345597EE7774B8A11 @@ -813,7 +771,6 @@ E = 0x1300D P = 0xE8E314B7ECD4CEDE513D6E229A3A3A0E1D0DAF974ABDA9997E1978972FD0863AFFD6259861CFC26F136DEBD1ED9CB227E091823C21DD79B57E8ECF67B9293113 Q = 0xCE47F1506E6DDA70A95A6EC56E34B9F3F929D15C92DD4AC537162C6E3BD6C4EBFD3C51D08BA61216685A333062EBABA4B5E647C81550C7FBE132A1D48D7EF00D Msg = 486F7720646F2049206C6F766520746865653F20204D7920616363756D756C61746F72206F766572666C6F77732E -Padding = EME-PKCS1-v1_5 Nonce = 25B8D6560A33737B64EE77A02D5A3BA53F0F165468CCB98E7DBC6DFFA4C29033A209E8B6821A3A7CF9EE89C02B42CD25F62FAFCE56B80E703897A3299F78520BA251DAC421CC5A0B52E0E4B15FBB1E Ciphertext = 5A188A2132B9331B1072BCEA281DAE53070C0AAB0722D583BC7FE767BC85443B5E36286AC568246781792CE04FCEA86D26124F14F3E8ADB69CF1E8A0A1D86E3E0AC0F141C18CCA5F1B8228AC2996E81938B6593F37A603A41128D4CC0D45361042B5F86539BDBAC1B1867E4FE351F599E955B452F675B0945093FE8310A70C9F @@ -821,7 +778,6 @@ E = 0x13271 P = 0xD4AA40364C695FC262073498EAE363EAE585720A8AA211D37CC2BB74ABDAE7A8B6D9C55D5D8E3A0E4D3B39D57D543E8A17F697FBBD45E32EC53B9240188F7EF5 Q = 0xD4420A0041902AFD838833F2EF3AD89AFCF3EF66CA5B20036692BDC45FF861B20BE756CE35DCEC97A7BDD28DBBC09315E5B7E0249E61772436CA728C7639A8B5 Msg = 5768617465766572206F63637572732066726F6D206C6F766520697320616C77617973206265796F6E6420676F6F6420616E64206576696C2E -Padding = EME-PKCS1-v1_5 Nonce = 25C23B57F9C9E9A3A2C08F3320214F5365B1A70417F5A6AFDAEFDCF76D4CCA563D9F9625E2BA783733DE9691108973AF66BDE07A7E8854035B972387BEEA4DBD4A2081CF Ciphertext = 985B3B945917B229B8274441C174B1748627F6A83986AAE295745694174928AF8D6E3D309A8FDEB57F3BFB73AF2B776D13278028E7A7CFDD3F489AD3A46B2045409683AABDD1C01CDF60ED850D4C918608ABC5B58C9BE3A438DB0D6D6B9C1019C9498E17233D5092165471B0A1DAECE0A68104539FB85C51648176E8B7AEC1B4 @@ -829,6 +785,5 @@ E = 0x1A11 P = 0x32A4716E0F397B9340565530800F691F9E457C2C5F8ABF0A8F62971B89B43584EFCD7EF66765E8BF6B84163D914364F855DF8F6C82DD49BEF76EDB1397257215 Q = 0x360C8C90CA0B2216B342A9681EEF05BB8CF8DE2AB8F0997C97738AA32B88B956D94515E35FE96238974AE8A8F0164E0FBE25C1161D7A1E9D170B821FEAD5A3CD Msg = 4772617669746174696F6E2063616E6E6F742062652068656C6420726573706F6E7369626C6520666F722070656F706C652066616C6C696E6720696E206C6F76652E20202D2D20416C626572742045696E737465696E -Padding = EME-PKCS1-v1_5 Nonce = DADE975E4B9FCE8E3010EB1568FFDF1BCDED9A454796A0DFA6F793093A2FBE25813FC6EADC4225 Ciphertext = 06DE6646853E49A067C85492FCA580E49D286981CCFDC4E13B5642489CC19E803A69116BC2D75CD005B768F3FE7AA780BF7E5A2A3EA53085619946DB4B3E9DB7592A8D060CDF185B3AB2C1BD551587EA8AC3745FEF60D945387B27C2001CF7A9EAE9A086AA58B769A59CC4D09BCF9E100ED630EE44889F341C8DCCF52F003CF1 diff --git a/src/tests/test_rsa.cpp b/src/tests/test_rsa.cpp index 8ce81b728c..9dfde7e149 100644 --- a/src/tests/test_rsa.cpp +++ b/src/tests/test_rsa.cpp @@ -26,7 +26,7 @@ class RSA_ES_KAT_Tests final : public PK_Encryption_Decryption_Test "RSA", "pubkey/rsaes.vec", "E,P,Q,Msg,Ciphertext", - "Padding,Nonce") {} + "Nonce") {} std::unique_ptr load_private_key(const VarMap& vars) override { @@ -68,7 +68,7 @@ class RSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test "RSA", "pubkey/rsa_sig.vec", "E,P,Q,Msg,Signature", - "Padding,Nonce") {} + "Nonce") {} std::string default_padding(const VarMap&) const override { @@ -159,8 +159,7 @@ class RSA_Signature_Verify_Tests final : public PK_Signature_Verification_Test : PK_Signature_Verification_Test( "RSA", "pubkey/rsa_verify.vec", - "E,N,Msg,Signature", - "Padding") {} + "E,N,Msg,Signature") {} std::string default_padding(const VarMap&) const override { @@ -184,7 +183,7 @@ class RSA_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerifica : PK_Signature_NonVerification_Test( "RSA", "pubkey/rsa_invalid.vec", - "Padding,E,N,Msg,InvalidSignature") {} + "E,N,Msg,InvalidSignature") {} std::string default_padding(const VarMap&) const override { From 13e4658b07f95bef8b48d93c74be25f2d6afde7d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 07:19:33 -0400 Subject: [PATCH 0903/1008] Throw Lookup_Error here for benefit of tests --- src/lib/pubkey/rsa/rsa.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index e1c3e49db5..aa315aabf6 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -422,7 +422,7 @@ RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, * to the normal version. */ if(provider == "openssl") - throw Exception("OpenSSL RSA provider rejected key:", e.what()); + throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what())); } } #endif @@ -476,7 +476,7 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, catch(Exception& e) { if(provider == "openssl") - throw Exception("OpenSSL RSA provider rejected key:", e.what()); + throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what())); } } #endif From 931d57093e7dd482ea5eccf609857f9ea090dbd2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 08:09:05 -0400 Subject: [PATCH 0904/1008] Store elements of a DN as a vector This allows retreiving the original ordering which is required for DN string encoding as defined in RFC 4514 Fixes #336 --- src/lib/x509/x509_dn.cpp | 87 ++++++++++++++++------------------------ src/lib/x509/x509_dn.h | 31 ++++++++++---- 2 files changed, 59 insertions(+), 59 deletions(-) diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index 64c1c9a08b..4220c289a7 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -1,6 +1,6 @@ /* * X509_DN -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -16,24 +16,6 @@ namespace Botan { -/* -* Create an X509_DN -*/ -X509_DN::X509_DN(const std::multimap& args) - { - for(auto i = args.begin(); i != args.end(); ++i) - add_attribute(i->first, i->second); - } - -/* -* Create an X509_DN -*/ -X509_DN::X509_DN(const std::multimap& args) - { - for(auto i = args.begin(); i != args.end(); ++i) - add_attribute(OIDS::lookup(i->first), i->second); - } - /* * Add an attribute to a X509_DN */ @@ -43,11 +25,6 @@ void X509_DN::add_attribute(const std::string& type, add_attribute(OIDS::lookup(type), str); } -void X509_DN::add_attribute(const OID& oid, const std::string& str) - { - add_attribute(oid, ASN1_String(str)); - } - /* * Add an attribute to a X509_DN */ @@ -56,14 +33,7 @@ void X509_DN::add_attribute(const OID& oid, const ASN1_String& str) if(str.empty()) return; - auto range = m_dn_info.equal_range(oid); - for(auto i = range.first; i != range.second; ++i) - { - if(i->second == str) - return; - } - - multimap_insert(m_dn_info, oid, str); + m_rdn.push_back(std::make_pair(oid, str)); m_dn_bits.clear(); } @@ -73,8 +43,9 @@ void X509_DN::add_attribute(const OID& oid, const ASN1_String& str) std::multimap X509_DN::get_attributes() const { std::multimap retval; - for(auto i = m_dn_info.begin(); i != m_dn_info.end(); ++i) - multimap_insert(retval, i->first, i->second.value()); + + for(auto& i : m_rdn) + multimap_insert(retval, i.first, i.second.value()); return retval; } @@ -84,13 +55,14 @@ std::multimap X509_DN::get_attributes() const std::multimap X509_DN::contents() const { std::multimap retval; - for(auto i = m_dn_info.begin(); i != m_dn_info.end(); ++i) + + for(auto& i : m_rdn) { - std::string str_value = OIDS::oid2str(i->first); + std::string str_value = OIDS::oid2str(i.first); if(str_value.empty()) - str_value = i->first.as_string(); - multimap_insert(retval, str_value, i->second.value()); + str_value = i.first.as_string(); + multimap_insert(retval, str_value, i.second.value()); } return retval; } @@ -102,8 +74,13 @@ bool X509_DN::has_field(const std::string& attr) const bool X509_DN::has_field(const OID& oid) const { - auto range = m_dn_info.equal_range(oid); - return (range.first != range.second); + for(auto& i : m_rdn) + { + if(i.first == oid) + return true; + } + + return false; } std::string X509_DN::get_first_attribute(const std::string& attr) const @@ -114,9 +91,13 @@ std::string X509_DN::get_first_attribute(const std::string& attr) const ASN1_String X509_DN::get_first_attribute(const OID& oid) const { - auto i = m_dn_info.lower_bound(oid); - if(i != m_dn_info.end() && i->first == oid) - return i->second; + for(auto& i : m_rdn) + { + if(i.first == oid) + { + return i.second; + } + } return ASN1_String(); } @@ -128,11 +109,16 @@ std::vector X509_DN::get_attribute(const std::string& attr) const { const OID oid = OIDS::lookup(deref_info_field(attr)); - auto range = m_dn_info.equal_range(oid); - std::vector values; - for(auto i = range.first; i != range.second; ++i) - values.push_back(i->second.value()); + + for(auto& i : m_rdn) + { + if(i.first == oid) + { + values.push_back(i.second.value()); + } + } + return values; } @@ -227,7 +213,7 @@ void X509_DN::encode_into(DER_Encoder& der) const } else { - for(const auto& dn : m_dn_info) + for(const auto& dn : m_rdn) { der.start_cons(SET) .start_cons(SEQUENCE) @@ -263,10 +249,7 @@ void X509_DN::decode_from(BER_Decoder& source) OID oid; ASN1_String str; - rdn.start_cons(SEQUENCE) - .decode(oid) - .decode(str) - .end_cons(); + rdn.start_cons(SEQUENCE).decode(oid).decode(str).end_cons(); add_attribute(oid, str); } diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h index c08bf9e7e0..e6302e9614 100644 --- a/src/lib/x509/x509_dn.h +++ b/src/lib/x509/x509_dn.h @@ -12,6 +12,7 @@ #include #include #include +#include #include #include @@ -24,14 +25,22 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object { public: X509_DN() = default; - explicit X509_DN(const std::multimap& vals); - explicit X509_DN(const std::multimap& vals); + + explicit X509_DN(const std::multimap& args) + { + for(auto i : args) + add_attribute(i.first, i.second); + } + + explicit X509_DN(const std::multimap& args) + { + for(auto i : args) + add_attribute(i.first, i.second); + } void encode_into(class DER_Encoder&) const override; void decode_from(class BER_Decoder&) override; - const std::multimap& dn_info() const { return m_dn_info; } - bool has_field(const OID& oid) const; ASN1_String get_first_attribute(const OID& oid) const; @@ -40,17 +49,25 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object */ const std::vector& get_bits() const { return m_dn_bits; } - bool empty() const { return m_dn_info.empty(); } + bool empty() const { return m_rdn.empty(); } + + const std::vector>& dn_info() const { return m_rdn; } bool has_field(const std::string& attr) const; std::vector get_attribute(const std::string& attr) const; std::string get_first_attribute(const std::string& attr) const; std::multimap get_attributes() const; + std::multimap contents() const; void add_attribute(const std::string& key, const std::string& val); - void add_attribute(const OID& oid, const std::string& val); + + void add_attribute(const OID& oid, const std::string& val) + { + add_attribute(oid, ASN1_String(val)); + } + void add_attribute(const OID& oid, const ASN1_String& val); static std::string deref_info_field(const std::string& key); @@ -65,7 +82,7 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object static size_t lookup_ub(const OID& oid); private: - std::multimap m_dn_info; + std::vector> m_rdn; std::vector m_dn_bits; }; From e2a0236d3c00b2a80ad22b8239e9752fb08f777e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 08:30:50 -0400 Subject: [PATCH 0905/1008] Avoid creating a map from a DN when not required --- src/lib/asn1/asn1_str.h | 2 ++ src/lib/x509/name_constraint.cpp | 4 ++-- src/lib/x509/x509_dn.cpp | 18 +++++++++++------- src/lib/x509/x509_dn.h | 7 +++---- src/lib/x509/x509path.cpp | 3 ++- 5 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/lib/asn1/asn1_str.h b/src/lib/asn1/asn1_str.h index 9a571561c8..41dbd005c5 100644 --- a/src/lib/asn1/asn1_str.h +++ b/src/lib/asn1/asn1_str.h @@ -26,6 +26,8 @@ class BOTAN_PUBLIC_API(2,0) ASN1_String final : public ASN1_Object const std::string& value() const { return m_utf8_str; } + size_t size() const { return value().size(); } + bool empty() const { return m_utf8_str.empty(); } std::string BOTAN_DEPRECATED("Use value() to get UTF-8 string instead") diff --git a/src/lib/x509/name_constraint.cpp b/src/lib/x509/name_constraint.cpp index 888291557e..b64e04d29d 100644 --- a/src/lib/x509/name_constraint.cpp +++ b/src/lib/x509/name_constraint.cpp @@ -190,14 +190,14 @@ bool GeneralName::matches_dn(const std::string& nam) const bool ret = true; size_t trys = 0; - for(const std::pair& c: my_dn.get_attributes()) + for(const auto& c: my_dn.dn_info()) { auto i = attr.equal_range(c.first); if(i.first != i.second) { trys += 1; - ret = ret && (i.first->second == c.second); + ret = ret && (i.first->second == c.second.value()); } } diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index 4220c289a7..9eb509daba 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -260,8 +260,13 @@ void X509_DN::decode_from(BER_Decoder& source) namespace { -std::string to_short_form(const std::string& long_id) +std::string to_short_form(const OID& oid) { + const std::string long_id = OIDS::oid2str(oid); + + if(long_id.empty()) + return oid.to_string(); + if(long_id == "X520.CommonName") return "CN"; @@ -281,13 +286,12 @@ std::string to_short_form(const std::string& long_id) std::ostream& operator<<(std::ostream& out, const X509_DN& dn) { - std::multimap contents = dn.contents(); + auto info = dn.dn_info(); - for(std::multimap::const_iterator i = contents.begin(); - i != contents.end(); ++i) + for(size_t i = 0; i != info.size(); ++i) { - out << to_short_form(i->first) << "=\""; - for(char c: i->second) + out << to_short_form(info[i].first) << "=\""; + for(char c : info[i].second.value()) { if(c == '\\' || c == '\"') { @@ -297,7 +301,7 @@ std::ostream& operator<<(std::ostream& out, const X509_DN& dn) } out << "\""; - if(std::next(i) != contents.end()) + if(i + 1 < info.size()) { out << ","; } diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h index e6302e9614..9d8beb0bf1 100644 --- a/src/lib/x509/x509_dn.h +++ b/src/lib/x509/x509_dn.h @@ -53,14 +53,13 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object const std::vector>& dn_info() const { return m_rdn; } + std::multimap get_attributes() const; + std::multimap contents() const; + bool has_field(const std::string& attr) const; std::vector get_attribute(const std::string& attr) const; std::string get_first_attribute(const std::string& attr) const; - std::multimap get_attributes() const; - - std::multimap contents() const; - void add_attribute(const std::string& key, const std::string& val); void add_attribute(const OID& oid, const std::string& val) diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index f703bf028c..e73fe12b60 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -92,7 +92,8 @@ PKIX::check_chain(const std::vector>& ce } // Check the subject's DN components' length - for(const auto& dn_pair : subject->subject_dn().get_attributes()) + + for(const auto& dn_pair : subject->subject_dn().dn_info()) { const size_t dn_ub = X509_DN::lookup_ub(dn_pair.first); // dn_pair = From b03c5da8b56606f7b4df8122d8bd7914760dba32 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 10:54:06 -0400 Subject: [PATCH 0906/1008] Remove bogus -1 from DSA key generation GH #222 --- src/lib/pubkey/dsa/dsa.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 982e1b9313..a3a6b9a523 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -39,7 +39,7 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, m_group = grp; if(x_arg == 0) - m_x = BigInt::random_integer(rng, 2, group_q() - 1); + m_x = BigInt::random_integer(rng, 2, group_q()); else m_x = x_arg; From 574f44727d386984cf87a1161cec135209091650 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 11:00:21 -0400 Subject: [PATCH 0907/1008] Add EC_Group::random_scalar --- src/lib/pubkey/ec_group/ec_group.cpp | 5 +++++ src/lib/pubkey/ec_group/ec_group.h | 5 +++++ src/lib/pubkey/ecc_key/ecc_key.cpp | 2 +- src/lib/pubkey/ecdsa/ecdsa.cpp | 2 +- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 2 +- src/lib/pubkey/eckcdsa/eckcdsa.cpp | 2 +- src/lib/pubkey/sm2/sm2.cpp | 2 +- src/lib/pubkey/sm2/sm2_enc.cpp | 2 +- 8 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 623c79cc8c..45aef6c2fb 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -505,6 +505,11 @@ BigInt EC_Group::blinded_base_point_multiply_x(const BigInt& k, return data().blinded_base_point_multiply(k, rng, ws).get_affine_x(); } +BigInt EC_Group::random_scalar(RandomNumberGenerator& rng) const + { + return BigInt::random_integer(rng, 1, get_order()); + } + PointGFp EC_Group::blinded_var_point_multiply(const PointGFp& point, const BigInt& k, RandomNumberGenerator& rng, diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 32c115432c..031e5cc34e 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -272,6 +272,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final RandomNumberGenerator& rng, std::vector& ws) const; + /** + * Return a random scalar ie an integer in [1,order) + */ + BigInt random_scalar(RandomNumberGenerator& rng) const; + /** * Return the zero (or infinite) point on this curve */ diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 7b00d32092..7c46a2fa0e 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -122,7 +122,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, if(x == 0) { - m_private_key = BigInt::random_integer(rng, 1, order); + m_private_key = ec_group.random_scalar(rng); } else { diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index f356931892..03f5e57ab6 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -86,7 +86,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, #if defined(BOTAN_HAS_RFC6979_GENERATOR) const BigInt k = generate_rfc6979_nonce(m_x, m_group.get_order(), m, m_rfc6979_hash); #else - const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt k = m_group.random_scalar(rng); #endif const BigInt k_inv = inverse_mod(k, m_group.get_order()); diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index 12962d18ce..062bb524d9 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -59,7 +59,7 @@ ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, { const BigInt m(msg, msg_len, m_group.get_order_bits()); - BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt k = m_group.random_scalar(rng); const BigInt r = m_group.mod_order( m_group.blinded_base_point_multiply_x(k, rng, m_ws)); diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index f9d9b2f608..f16fb027ed 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -76,7 +76,7 @@ secure_vector ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t, RandomNumberGenerator& rng) { - const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt k = m_group.random_scalar(rng); const BigInt k_times_P_x = m_group.blinded_base_point_multiply_x(k, rng, m_ws); secure_vector to_be_hashed(k_times_P_x.bytes()); diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index cec9eaa383..4b5610c85b 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -114,7 +114,7 @@ SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { const BigInt e = BigInt::decode(m_hash->final()); - const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt k = m_group.random_scalar(rng); const BigInt r = m_group.mod_order( m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e); diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index 4a6aa2b6eb..e3553d5b38 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -67,7 +67,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption const size_t p_bytes = m_group.get_p_bytes(); - const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt k = m_group.random_scalar(rng); const PointGFp C1 = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt x1 = C1.get_affine_x(); From 3a9704c41a14d02a70d31be0e3288c591e547f08 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 21 Mar 2018 12:11:12 -0400 Subject: [PATCH 0908/1008] Revamp GOST-34.10 tests Use an official vector (from RFC 5832), support arbitrary curves since GOST likes those for testing. --- src/lib/pubkey/gost_3410/gost_3410.cpp | 7 +--- src/tests/data/pubkey/gost_3410_sign.vec | 29 ++++++------- src/tests/data/pubkey/gost_3410_verify.vec | 28 ++++++------- src/tests/test_gost_3410.cpp | 47 +++++++++++++++++----- 4 files changed, 66 insertions(+), 45 deletions(-) diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 4e2df4cb87..0fcca1b8d7 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -119,12 +119,7 @@ secure_vector GOST_3410_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) { - BigInt k; - - do - { - k.randomize(rng, m_group.get_order_bits() - 1); - } while(k >= m_group.get_order()); + const BigInt k = m_group.random_scalar(rng); BigInt e = decode_le(msg, msg_len); diff --git a/src/tests/data/pubkey/gost_3410_sign.vec b/src/tests/data/pubkey/gost_3410_sign.vec index 25d5155b7c..67599a7ecf 100644 --- a/src/tests/data/pubkey/gost_3410_sign.vec +++ b/src/tests/data/pubkey/gost_3410_sign.vec @@ -1,17 +1,18 @@ -# These values were generated by Botan and have not been tested against any -# other implementation. +# Test from RFC 5283 + +P = 0x8000000000000000000000000000000000000000000000000000000000000431 +A = 0x7 +B = 0x5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E +Order = 0x8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3 +Cofactor = 1 +Gx = 2 +Gy = 0x8E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8 +X = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 + +Hash = Raw +Nonce = 77105C9B20BCD3122823C8CF6FCC7B956DE33814E95B7FE64FED924594DCEAB3 +Msg = E53E042B67E6EC678E2E02B12A0352CE1FC6EEE0529CC088119AD872B3C1FB2D +Signature = 01456C64BA4642A1653C235A98A60249BCD6D3F746B631DF928014F6C5BF9C4041AA28D2F1AB148280CD9ED56FEDA41974053554A42767B83AD043FD39DC0493 -Group = gost_256A -Privkey = 0xFE406F383A54127453AED406FA9A3B610B28F89FC918C07A5A75289E97B3A991 -Hash = GOST-34.11 -Msg = ABCD -Nonce = 3E0A6097034780CCF32885B870F84B0AA20138BE94A1AA1F77F8997CAC25C58E -Signature = 60053488E6936975A4913083FE16A0CF620FA75732B563AB65B82D37A825BE7D0965C38281A01D23FA5F5D332B339EB2602A564563C005335269A2E811520563 -Group = gost_256A -Privkey = 0xFDCE35FFFF3AEF1C3AB247F31D733490B4029E699FC2D1C24B2F7C526CBC1445 -Hash = GOST-34.11 -Msg = 33C466741BB472998A27E26E7F77EBF3 -Nonce = 6844F464FA0147FB7D798137680FBA6EA2E709814E3A8B70EFC26F446DE9F94B -Signature = 5E39519E12B5208B3A0A1A1CDD44E2629F0F76A51DFED8484A8B67A2E46D5B871AFADA58E26D1FE08AB4D2E67BF0FF8508870B417D6EA1224FA98B3165D8A032 diff --git a/src/tests/data/pubkey/gost_3410_verify.vec b/src/tests/data/pubkey/gost_3410_verify.vec index 5348467a64..65e2dcd2c6 100644 --- a/src/tests/data/pubkey/gost_3410_verify.vec +++ b/src/tests/data/pubkey/gost_3410_verify.vec @@ -1,18 +1,16 @@ -Group = gost_256A -Pubkey = 0400B6F1D75EF48902B0C2302F52CCC71233EC55B903061673AAA586A2B5864048EA2675E8FD8DB1FEDFC7DD40E3CF3A319EE3130E0BE9FDF994B625BC1885F271 -Hash = GOST-34.11 -Msg = -Signature = FE406F383A54127453AED406FA9A3B610B28F89FC918C07A5A75289E97B3A991AA3CB0563295A3E281BA368DF8471DE0A4150B3CFCEA575D8A9CC9779035EC36 +# Test value derived from RFC 5832 -Group = gost_256A -Pubkey = 04BFE0BA366BE575E45C5BBA339C51ACD75D517008A9D3169E3CCEA6EF08046DA74312382D835BEEA1C561A75AFCAFDA0F75A4E5D9787F9DB2870A032AC1D90465 -Hash = GOST-34.11 -Msg = -Signature = F3AFCBE1398DDC01F0A9E4B45397F3ACD8F343399BD2805FB6293E9CB871123AB7AB61F33E0B70166C355963BB80B8F6DF54F7F6A43872295CD42B6ACF7DF678 +P = 0x8000000000000000000000000000000000000000000000000000000000000431 +A = 0x7 +B = 0x5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E +Order = 0x8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3 +Cofactor = 1 +Gx = 2 +Gy = 0x8E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8 +Px = 0x7F2B49E270DB6D90D8595BEC458B50C58585BA1D4E9B788F6689DBD8E56FD80B +Py = 0x26F1B489D6701DD185C8413A977B3CBBAF64D1C593D26627DFFB101A87FF77DA -Group = gost_256A -Pubkey = 03773DC3F032886D56439A9F17490B680570043F757252C1F60819D6C30DBF1469 -Hash = GOST-34.11 -Msg = 00010C0300000E1070DBD880386D4380E954076578616D706C65036E65740003777777076578616D706C65036E6574000001000100000E100004C0000201 -Signature = 66ED09C0A6C97E22CB4E66BCA61D2082FDF6924F3A717C43B531B2D43FEE76DBB0F490A7901B009CCDF87252EBE1790A9AB1A6A444DBACA3E264AF21D18B5E83 +Hash = Raw +Msg = E53E042B67E6EC678E2E02B12A0352CE1FC6EEE0529CC088119AD872B3C1FB2D +Signature = 01456C64BA4642A1653C235A98A60249BCD6D3F746B631DF928014F6C5BF9C4041AA28D2F1AB148280CD9ED56FEDA41974053554A42767B83AD043FD39DC0493 diff --git a/src/tests/test_gost_3410.cpp b/src/tests/test_gost_3410.cpp index fe9e91f586..f5b2e1ec89 100644 --- a/src/tests/test_gost_3410.cpp +++ b/src/tests/test_gost_3410.cpp @@ -24,13 +24,24 @@ class GOST_3410_2001_Verification_Tests final : public PK_Signature_Verification GOST_3410_2001_Verification_Tests() : PK_Signature_Verification_Test( "GOST 34.10-2001", "pubkey/gost_3410_verify.vec", - "Group,Pubkey,Hash,Msg,Signature") {} + "P,A,B,Gx,Gy,Order,Cofactor,Px,Py,Hash,Msg,Signature") {} std::unique_ptr load_public_key(const VarMap& vars) override { - const std::string group_id = get_req_str(vars, "Group"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); - const Botan::PointGFp public_point = group.OS2ECP(get_req_bin(vars, "Pubkey")); + const BigInt p = get_req_bn(vars, "P"); + const BigInt a = get_req_bn(vars, "A"); + const BigInt b = get_req_bn(vars, "B"); + const BigInt Gx = get_req_bn(vars, "Gx"); + const BigInt Gy = get_req_bn(vars, "Gy"); + const BigInt order = get_req_bn(vars, "Order"); + const BigInt cofactor = get_req_bn(vars, "Cofactor"); + + const BigInt Px = get_req_bn(vars, "Px"); + const BigInt Py = get_req_bn(vars, "Py"); + + Botan::EC_Group group(p, a, b, Gx, Gy, order, cofactor); + + const Botan::PointGFp public_point = group.point(Px, Py); std::unique_ptr key(new Botan::GOST_3410_PublicKey(group, public_point)); return key; @@ -38,7 +49,10 @@ class GOST_3410_2001_Verification_Tests final : public PK_Signature_Verification std::string default_padding(const VarMap& vars) const override { - return "EMSA1(" + get_req_str(vars, "Hash") + ")"; + const std::string hash = get_req_str(vars, "Hash"); + if(hash == "Raw") + return hash; + return "EMSA1(" + hash + ")"; } }; @@ -48,13 +62,23 @@ class GOST_3410_2001_Signature_Tests final : public PK_Signature_Generation_Test GOST_3410_2001_Signature_Tests() : PK_Signature_Generation_Test( "GOST 34.10-2001", "pubkey/gost_3410_sign.vec", - "Group,Privkey,Hash,Nonce,Msg,Signature") {} + "P,A,B,Gx,Gy,Order,X,Cofactor,Hash,Nonce,Msg,Signature") {} std::unique_ptr load_private_key(const VarMap& vars) override { - const std::string group_id = get_req_str(vars, "Group"); - const BigInt x = get_req_bn(vars, "Privkey"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + const BigInt p = get_req_bn(vars, "P"); + const BigInt a = get_req_bn(vars, "A"); + const BigInt b = get_req_bn(vars, "B"); + const BigInt Gx = get_req_bn(vars, "Gx"); + const BigInt Gy = get_req_bn(vars, "Gy"); + const BigInt order = get_req_bn(vars, "Order"); + const BigInt cofactor = get_req_bn(vars, "Cofactor"); + + const BigInt x = get_req_bn(vars, "X"); + + const Botan::OID oid("1.3.6.1.4.1.25258.2"); + + Botan::EC_Group group(p, a, b, Gx, Gy, order, cofactor, oid); std::unique_ptr key(new Botan::GOST_3410_PrivateKey(Test::rng(), group, x)); return key; @@ -62,7 +86,10 @@ class GOST_3410_2001_Signature_Tests final : public PK_Signature_Generation_Test std::string default_padding(const VarMap& vars) const override { - return "EMSA1(" + get_req_str(vars, "Hash") + ")"; + const std::string hash = get_req_str(vars, "Hash"); + if(hash == "Raw") + return hash; + return "EMSA1(" + hash + ")"; } Botan::RandomNumberGenerator* test_rng(const std::vector& nonce) const override From 1b835026fb365fdd0761d0817045b9e31d1ee404 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 22 Mar 2018 11:40:17 +0100 Subject: [PATCH 0909/1008] Cleanup some code style warnings in show_dependencies.py --- src/scripts/show_dependencies.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/scripts/show_dependencies.py b/src/scripts/show_dependencies.py index 937626a864..ca8b9e962c 100755 --- a/src/scripts/show_dependencies.py +++ b/src/scripts/show_dependencies.py @@ -6,7 +6,7 @@ Requires graphviz from pip when graphical output is selected: https://pypi.python.org/pypi/graphviz -(C) 2015 Simon Warta (Kullo GmbH) +(C) 2015,2018 Simon Warta (Kullo GmbH) Botan is released under the Simplified BSD License (see license.txt) """ @@ -141,7 +141,7 @@ def add_dependency(): card = cartinality(all_dependencies) # print(card) if card == last_card: - break; + break last_card = card add_dependency() @@ -168,11 +168,13 @@ def remove_indirect_dependencies(): card = cartinality(direct_dependencies) # print(card) if card == last_card: - break; + break last_card = card remove_indirect_dependencies() def openfile(f): + # pylint: disable=no-member + # os.startfile is available on Windows only if sys.platform.startswith('linux'): subprocess.call(["xdg-open", f]) else: @@ -208,4 +210,3 @@ def openfile(f): if args.verbose: print("Opening " + filename + " ...") openfile(filename) - From 245b68195d7fe80aab83fe44017fa611e0d5a7ae Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 22 Mar 2018 11:40:46 +0100 Subject: [PATCH 0910/1008] Fix call to ModuleInfo.dependencies in show_dependencies.py --- src/scripts/show_dependencies.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/scripts/show_dependencies.py b/src/scripts/show_dependencies.py index ca8b9e962c..9185b88059 100755 --- a/src/scripts/show_dependencies.py +++ b/src/scripts/show_dependencies.py @@ -88,7 +88,7 @@ def paths(t, path = [], level=0): modules.append(module) if args.verbose: print(module.basename) - print("\t" + str(set(module.dependencies()))) + print("\t" + str(set(module.dependencies(None)))) if args.verbose: print(str(len(modules)) + " modules:") @@ -108,7 +108,7 @@ def cartinality(depdict): direct_dependencies = dict() for module in modules: - lst = module.dependencies() + lst = module.dependencies(None) registered_dependencies[module.basename] = set(lst) - set([module.basename]) # Get all_dependencies from registered_dependencies From a6a538144917eb64492a90734a09879cbe2ae8ab Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 22 Mar 2018 11:48:35 +0100 Subject: [PATCH 0911/1008] Default to horizontal dot graph --- src/scripts/show_dependencies.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/scripts/show_dependencies.py b/src/scripts/show_dependencies.py index 9185b88059..edf2d91e01 100755 --- a/src/scripts/show_dependencies.py +++ b/src/scripts/show_dependencies.py @@ -43,7 +43,7 @@ parser.add_argument('--engine', nargs='?', choices=["fdp", "dot"], - default="fdp", + default="dot", help='The graph engine (drawing mode only)') parser.add_argument('--all', dest='all', action='store_const', const=True, default=False, @@ -198,6 +198,7 @@ def openfile(f): tmpdir = tempfile.mkdtemp(prefix="botan-") g2 = gv.Digraph(format=args.format, engine=args.engine) + g2.attr('graph', rankdir='RL') # draw horizontally for key in direct_dependencies: g2.node(key) for dep in direct_dependencies[key]: From 651b55e84a27c7feaef5799612ee6011d3ece26d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Mar 2018 10:57:47 -0400 Subject: [PATCH 0912/1008] Add back mul/sqr to CurveGFp [ci skip] These were available in 2.4 and while users "shouldn't" be using CurveGFp, it is an exposed API. --- src/lib/pubkey/ec_group/curve_gfp.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index 076922ceb3..d92283b118 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -152,6 +152,16 @@ class BOTAN_UNSTABLE_API CurveGFp final m_repr->curve_sqr(z, x, ws); } + BigInt mul(const BigInt& x, const BigInt& y, secure_vector& ws) const + { + return mul_to_tmp(x, y, ws); + } + + BigInt sqr(const BigInt& x, secure_vector& ws) const + { + return sqr_to_tmp(x, ws); + } + BigInt mul_to_tmp(const BigInt& x, const BigInt& y, secure_vector& ws) const { BigInt z; From 461b11afbd8e8af795e3327592c9338c7f07458b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Mar 2018 11:05:07 -0400 Subject: [PATCH 0913/1008] Improve modular inverse speed tests Test several random prime sizes --- src/cli/speed.cpp | 64 ++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 34 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 01e41e3239..00f8086e34 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1488,50 +1488,46 @@ class Speed final : public Command void bench_inverse_mod(const std::chrono::milliseconds runtime) { - Botan::BigInt p; - p.set_bit(521); - p--; - std::unique_ptr invmod_timer = make_timer("inverse_euclid"); - std::unique_ptr monty_timer = make_timer("montgomery_inverse"); - std::unique_ptr ct_invmod_timer = make_timer("ct_inverse_mod"); - std::unique_ptr powm_timer = make_timer("exponentiation"); + for(size_t bits : { 256, 384, 512 }) + { + const Botan::BigInt p = Botan::random_prime(rng(), bits); - Botan::Fixed_Exponent_Power_Mod powm_p(p - 2, p); + const std::string bit_str = std::to_string(bits); - while(invmod_timer->under(runtime)) - { - const Botan::BigInt x(rng(), p.bits() - 1); + std::unique_ptr invmod_timer = make_timer("binext-" + bit_str); + std::unique_ptr monty_timer = make_timer("monty-" + bit_str); + std::unique_ptr ct_invmod_timer = make_timer("ct-" + bit_str); + std::unique_ptr powm_timer = make_timer("powm-" + bit_str); - const Botan::BigInt x_inv1 = invmod_timer->run([&] - { - return Botan::inverse_euclid(x + p, p); - }); + Botan::Fixed_Exponent_Power_Mod powm_p(p - 2, p); - const Botan::BigInt x_inv2 = monty_timer->run([&] + while(invmod_timer->under(runtime)) { - return Botan::normalized_montgomery_inverse(x, p); - }); + const Botan::BigInt x(rng(), p.bits() - 1); - const Botan::BigInt x_inv3 = ct_invmod_timer->run([&] - { - return Botan::ct_inverse_mod_odd_modulus(x, p); - }); + const Botan::BigInt x_inv1 = invmod_timer->run( + [&] { return Botan::inverse_euclid(x, p); }); - const Botan::BigInt x_inv4 = powm_timer->run([&] - { - return powm_p(x); - }); + const Botan::BigInt x_inv2 = monty_timer->run( + [&] { return Botan::normalized_montgomery_inverse(x, p); }); - BOTAN_ASSERT_EQUAL(x_inv1, x_inv2, "Same result"); - BOTAN_ASSERT_EQUAL(x_inv1, x_inv3, "Same result"); - BOTAN_ASSERT_EQUAL(x_inv1, x_inv4, "Same result"); - } + const Botan::BigInt x_inv3 = ct_invmod_timer->run( + [&] { return Botan::ct_inverse_mod_odd_modulus(x, p); }); + + const Botan::BigInt x_inv4 = powm_timer->run( + [&] { return powm_p(x); }); - record_result(invmod_timer); - record_result(monty_timer); - record_result(ct_invmod_timer); - record_result(powm_timer); + BOTAN_ASSERT_EQUAL(x_inv1, x_inv2, "Same result"); + BOTAN_ASSERT_EQUAL(x_inv1, x_inv3, "Same result"); + BOTAN_ASSERT_EQUAL(x_inv1, x_inv4, "Same result"); + } + + record_result(invmod_timer); + record_result(monty_timer); + record_result(ct_invmod_timer); + record_result(powm_timer); + } } void bench_random_prime(const std::chrono::milliseconds runtime) From 6ca983e6c392ac75ac62701a1c7190564c738285 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Mar 2018 11:10:00 -0400 Subject: [PATCH 0914/1008] Tiny optimization in Montgomery inverse --- src/lib/math/numbertheory/numthry.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index 3a0914bd49..4ba2965369 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -128,7 +128,7 @@ size_t almost_montgomery_inverse(BigInt& result, if(r >= p) { - r = r - p; + r -= p; } result = p - r; From b85bab68f917339e406ba64fe3468d681699bca8 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 22 Mar 2018 11:12:12 -0400 Subject: [PATCH 0915/1008] Add warning comment --- src/lib/pubkey/ec_group/curve_gfp.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index d92283b118..8a83a9c417 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -61,6 +61,12 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr /** * This class represents an elliptic curve over GF(p) +* +* There should not be any reason for applications to use this type. +* If you need EC primitives use the interfaces EC_Group and PointGFp +* +* It is likely this class will be removed entirely in a future major +* release. */ class BOTAN_UNSTABLE_API CurveGFp final { From 5debb2d1f78cfe8d5496f5ed553b2d75643fe048 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 24 Mar 2018 05:12:19 -0400 Subject: [PATCH 0916/1008] Fix some corner cases for small values in power_mod --- src/lib/math/numbertheory/numthry.cpp | 16 +++++++++++++++- src/tests/test_bigint.cpp | 4 ++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index 4ba2965369..76d7936bc4 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -157,6 +157,8 @@ BigInt ct_inverse_mod_odd_modulus(const BigInt& n, const BigInt& mod) throw Invalid_Argument("ct_inverse_mod_odd_modulus: arguments must be non-negative"); if(mod < 3 || mod.is_even()) throw Invalid_Argument("Bad modulus to ct_inverse_mod_odd_modulus"); + if(n >= mod) + throw Invalid_Argument("ct_inverse_mod_odd_modulus n >= mod not supported"); /* This uses a modular inversion algorithm designed by Niels Möller @@ -284,7 +286,7 @@ BigInt inverse_mod(const BigInt& n, const BigInt& mod) if(n.is_zero() || (n.is_even() && mod.is_even())) return 0; // fast fail checks - if(mod.is_odd()) + if(mod.is_odd() && n < mod) return ct_inverse_mod_odd_modulus(n, mod); return inverse_euclid(n, mod); @@ -386,6 +388,18 @@ word monty_inverse(word input) */ BigInt power_mod(const BigInt& base, const BigInt& exp, const BigInt& mod) { + if(mod.is_negative() || mod == 1) + { + return 0; + } + + if(base.is_zero() || mod.is_zero()) + { + if(exp.is_zero()) + return 1; + return 0; + } + Power_Mod pow_mod(mod); /* diff --git a/src/tests/test_bigint.cpp b/src/tests/test_bigint.cpp index 9e3d718741..a0012819d2 100644 --- a/src/tests/test_bigint.cpp +++ b/src/tests/test_bigint.cpp @@ -603,7 +603,7 @@ class BigInt_InvMod_Test final : public Text_Based_Test const Botan::BigInt mod = get_req_bn(vars, "Modulus"); const Botan::BigInt expected = get_req_bn(vars, "Output"); - const Botan::BigInt a_inv = Botan::inverse_mod(a, mod); + const Botan::BigInt a_inv = Botan::inverse_euclid(a, mod); result.test_eq("inverse_mod", a_inv, expected); @@ -612,7 +612,7 @@ class BigInt_InvMod_Test final : public Text_Based_Test result.test_eq("inverse ok", (a * a_inv) % mod, 1); } - if(mod.is_odd()) + if(mod.is_odd() && a < mod) { result.test_eq("ct_inverse_odd_modulus", ct_inverse_mod_odd_modulus(a, mod), From 66cac5ea380133c38285d83b25f8010ed3cf8314 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 24 Mar 2018 05:17:39 -0400 Subject: [PATCH 0917/1008] Bypass self-signed check in X509_Certificate if AKID and SKID are set If they are they must be either equal (self-signed) or not equal (self-issued). This allows skipping the verification which reduces startup overhead eg when reading the system certificate store. On my systems's cert store it saves about 1/3 of the signature checks. --- src/lib/x509/x509cert.cpp | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 7a49e479fa..8d74d614e2 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -279,24 +279,29 @@ std::unique_ptr parse_x509_cert_body(const X509_Object& o // Check for self-signed vs self-issued certificates if(data->m_subject_dn == data->m_issuer_dn) { - data->m_self_signed = false; - - try + if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false) { - std::unique_ptr pub_key(X509::load_key(data->m_subject_public_key_bits_seq)); + data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id); + } + else + { + try + { + std::unique_ptr pub_key(X509::load_key(data->m_subject_public_key_bits_seq)); - Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); + Certificate_Status_Code sig_status = obj.verify_signature(*pub_key); - if(sig_status == Certificate_Status_Code::OK || - sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) + if(sig_status == Certificate_Status_Code::OK || + sig_status == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) + { + data->m_self_signed = true; + } + } + catch(...) { - data->m_self_signed = true; + // ignore errors here to allow parsing to continue } } - catch(...) - { - // ignore errors here to allow parsing to continue - } } std::unique_ptr sha1(HashFunction::create("SHA-1")); From 8cbcc468ee8a1767f091b7aa73ab3a3b08bde253 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 24 Mar 2018 05:41:26 -0400 Subject: [PATCH 0918/1008] Extend Certificate_Store_In_Memory to load just a single cert from file --- src/lib/x509/certstor.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp index 904e322b1f..2356a70c6c 100644 --- a/src/lib/x509/certstor.cpp +++ b/src/lib/x509/certstor.cpp @@ -182,19 +182,25 @@ Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir) return; std::vector maybe_certs = get_files_recursive(dir); + + if(maybe_certs.empty()) + { + maybe_certs.push_back(dir); + } + for(auto&& cert_file : maybe_certs) { try - { + { DataSource_Stream src(cert_file, true); while(!src.end_of_data()) { try { - m_certs.push_back(std::make_shared(src)); + m_certs.push_back(std::make_shared(src)); } catch(std::exception&) - { + { // stop searching for other certificate at first exception break; } From 04729be983f3090595f92c2d4752081487ea7c4d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 24 Mar 2018 05:42:20 -0400 Subject: [PATCH 0919/1008] Add some options to tls_client cli to control trusted CAs --- src/cli/credentials.h | 24 ++++++++++++++++++------ src/cli/tls_client.cpp | 19 ++++++++++--------- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/src/cli/credentials.h b/src/cli/credentials.h index 3b46c239c1..da21dd8429 100644 --- a/src/cli/credentials.h +++ b/src/cli/credentials.h @@ -29,9 +29,24 @@ inline bool value_exists(const std::vector& vec, class Basic_Credentials_Manager : public Botan::Credentials_Manager { public: - Basic_Credentials_Manager() + Basic_Credentials_Manager(bool use_system_store, + const std::string& ca_paths) { - load_certstores(); + std::vector paths; + + if(ca_paths.empty() == false) + paths.push_back(ca_paths); + + if(use_system_store) + { + paths.push_back("/etc/ssl/certs"); + paths.push_back("/usr/share/ca-certificates"); + } + + if(paths.empty() == false) + { + load_certstores(paths); + } } Basic_Credentials_Manager(Botan::RandomNumberGenerator& rng, @@ -59,13 +74,10 @@ class Basic_Credentials_Manager : public Botan::Credentials_Manager m_creds.push_back(cert); } - void load_certstores() + void load_certstores(const std::vector& paths) { try { - // TODO: make path configurable - const std::vector paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" }; - for(auto const& path : paths) { std::shared_ptr cs(new Botan::Certificate_Store_In_Memory(path)); diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index f3fe0c266d..55be7e6711 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -37,6 +37,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks TLS_Client() : Command("tls_client host --port=443 --print-certs --policy= " "--tls1.0 --tls1.1 --tls1.2 " + "--skip-system-cert-store --trusted-cas= " "--session-db= --session-db-pass= --next-protocols= --type=tcp") { init_sockets(); @@ -64,6 +65,13 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks std::unique_ptr session_mgr; const std::string sessions_db = get_arg("session-db"); + const std::string host = get_arg("host"); + const uint16_t port = get_arg_sz("port"); + const std::string transport = get_arg("type"); + const std::string next_protos = get_arg("next-protocols"); + std::string policy_file = get_arg("policy"); + const bool use_system_cert_store = flag_set("skip-system-cert-store") == false; + const std::string trusted_CAs = get_arg("trusted-cas"); if(!sessions_db.empty()) { @@ -80,8 +88,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng())); } - std::string policy_file = get_arg("policy"); - std::unique_ptr policy; if(policy_file.size() > 0) @@ -100,13 +106,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks policy.reset(new Botan::TLS::Policy); } - Basic_Credentials_Manager creds; - - const std::string host = get_arg("host"); - const uint16_t port = get_arg_sz("port"); - const std::string transport = get_arg("type"); - const std::string next_protos = get_arg("next-protocols"); - if(transport != "tcp" && transport != "udp") { throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS"); @@ -140,6 +139,8 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks hostname = host; } + Basic_Credentials_Manager creds(use_system_cert_store, trusted_CAs); + Botan::TLS::Client client(*this, *session_mgr, creds, *policy, rng(), Botan::TLS::Server_Information(hostname, port), version, protocols_to_offer); From a2b2f94d3190bee6e296718cd1d39f6425b77ab0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Mar 2018 15:55:47 -0400 Subject: [PATCH 0920/1008] In Barrett avoid creating an unnecessary temp --- src/lib/math/numbertheory/reducer.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp index e9db7753b4..9dbcfb9a34 100644 --- a/src/lib/math/numbertheory/reducer.cpp +++ b/src/lib/math/numbertheory/reducer.cpp @@ -62,10 +62,10 @@ BigInt Modular_Reducer::reduce(const BigInt& x) const t1.reduce_below(m_modulus, ws); - if(x.is_positive()) - return t1; - else - return (m_modulus - t1); + if(x.is_negative()) + t1.rev_sub(m_modulus.data(), m_modulus.size(), ws); + + return t1; } else { From 61fd8717d3f966b9e4831be4c6509d7e7eca8829 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Mar 2018 16:00:21 -0400 Subject: [PATCH 0921/1008] Handle some corner cases in ECC mult For blinded_base_point_multiply_x if result is point at inifinity (eg due to k == group_order) return 0 instead of throwing. For base point multiply, reduce k mod order before masking otherwise the combination of k + mask might exceed our precomputed table. --- src/lib/pubkey/ec_group/ec_group.cpp | 8 ++++++-- src/lib/pubkey/ec_group/point_mul.cpp | 9 +++++++-- src/lib/pubkey/ec_group/point_mul.h | 7 ++++++- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 45aef6c2fb..1fb762e4b8 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -39,7 +39,7 @@ class EC_Group_Data final m_order(order), m_cofactor(cofactor), m_mod_order(order), - m_base_mult(m_base_point), + m_base_mult(m_base_point, m_mod_order), m_oid(oid), m_p_bits(p.bits()), m_order_bits(order.bits()), @@ -502,7 +502,11 @@ BigInt EC_Group::blinded_base_point_multiply_x(const BigInt& k, RandomNumberGenerator& rng, std::vector& ws) const { - return data().blinded_base_point_multiply(k, rng, ws).get_affine_x(); + const PointGFp pt = data().blinded_base_point_multiply(k, rng, ws); + + if(pt.is_zero()) + return 0; + return pt.get_affine_x(); } BigInt EC_Group::random_scalar(RandomNumberGenerator& rng) const diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index d42a5d5e80..d052b837c4 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -6,6 +6,7 @@ #include #include +#include #include namespace Botan { @@ -38,8 +39,10 @@ PointGFp Blinded_Point_Multiply::blinded_multiply(const BigInt& scalar, return m_point_mul->mul(scalar, rng, m_order, m_ws); } -PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& base) : +PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& base, + const Modular_Reducer& mod_order) : m_base_point(base), + m_mod_order(mod_order), m_p_words(base.get_curve().get_p().size()), m_T_size(base.get_curve().get_p().bits() + PointGFp_SCALAR_BLINDING_BITS + 1) { @@ -97,7 +100,9 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, // Choose a small mask m and use k' = k + m*order (Coron's 1st countermeasure) const BigInt mask(rng, PointGFp_SCALAR_BLINDING_BITS, false); - const BigInt scalar = k + group_order * mask; + + // Instead of reducing k mod group order should we alter the mask size?? + const BigInt scalar = m_mod_order.reduce(k) + group_order * mask; size_t windows = round_up(scalar.bits(), 2) / 2; diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h index 64672d9a4e..cfce05d5c7 100644 --- a/src/lib/pubkey/ec_group/point_mul.h +++ b/src/lib/pubkey/ec_group/point_mul.h @@ -11,12 +11,15 @@ namespace Botan { +class Modular_Reducer; + static const size_t PointGFp_SCALAR_BLINDING_BITS = 80; class PointGFp_Base_Point_Precompute { public: - PointGFp_Base_Point_Precompute(const PointGFp& base_point); + PointGFp_Base_Point_Precompute(const PointGFp& base_point, + const Modular_Reducer& mod_order); PointGFp mul(const BigInt& k, RandomNumberGenerator& rng, @@ -24,6 +27,8 @@ class PointGFp_Base_Point_Precompute std::vector& ws) const; private: const PointGFp& m_base_point; + const Modular_Reducer& m_mod_order; + const size_t m_p_words; const size_t m_T_size; From 0e8280ce89a4150ed09fae3f03584cce8c405951 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Mar 2018 16:53:19 -0400 Subject: [PATCH 0922/1008] Deprecated declarations should be error in maintainer mode Users get nervous on seeing these during compilation. --- src/build-data/cc/clang.txt | 2 +- src/build-data/cc/gcc.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 97e2d4c2f6..508551eefb 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -5,7 +5,7 @@ binary_name clang++ lang_flags "-std=c++11 -D_REENTRANT" warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual" -maintainer_warning_flags "-Wunreachable-code -Wdocumentation -Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unreachable-code -Wno-error=deprecated-declarations" +maintainer_warning_flags "-Wunreachable-code -Wdocumentation -Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unreachable-code" optimization_flags "-O3" size_optimization_flags "-Os" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 3d7eb98fef..5bcb838c99 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -7,7 +7,7 @@ lang_flags "-std=c++11 -D_REENTRANT" # This should only contain flags which are included in GCC 4.8 warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" -maintainer_warning_flags "-Wstrict-overflow=5 -Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=strict-overflow -Wno-error=deprecated-declarations" +maintainer_warning_flags "-Wstrict-overflow=5 -Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=strict-overflow" optimization_flags "-O3" size_optimization_flags "-Os" From 6747faa63553d80276fd6eb54523ddbc38153eaa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Mar 2018 17:07:48 -0400 Subject: [PATCH 0923/1008] Fix sanitizer issue in DL_Group tests Out of range enum --- src/tests/test_dl_group.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 99724a7fb7..2644d5e1ac 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -47,7 +47,7 @@ class DL_Group_Tests final : public Test result.test_throws("Bad generator param", "Invalid argument DL_Group unknown PrimeType", []() { - auto invalid_type = static_cast(666); + auto invalid_type = static_cast(9); Botan::DL_Group dl(Test::rng(), invalid_type, 1024); }); From f1c44e92bcc00d814a48876405fcb87bac9f11c0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 26 Mar 2018 17:50:04 -0400 Subject: [PATCH 0924/1008] Add back posix_mlock flag We need a distinct flag for this because Haiku is mostly POSIX but does not support mlock. --- src/build-data/os/aix.txt | 1 + src/build-data/os/android.txt | 3 ++- src/build-data/os/darwin.txt | 1 + src/build-data/os/dragonfly.txt | 1 + src/build-data/os/freebsd.txt | 1 + src/build-data/os/hpux.txt | 1 + src/build-data/os/hurd.txt | 1 + src/build-data/os/ios.txt | 1 + src/build-data/os/linux.txt | 1 + src/build-data/os/netbsd.txt | 1 + src/build-data/os/openbsd.txt | 1 + src/build-data/os/qnx.txt | 1 + src/build-data/os/solaris.txt | 1 + src/lib/utils/os_utils.cpp | 6 ++++++ 14 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/build-data/os/aix.txt b/src/build-data/os/aix.txt index caf94fdd4e..be5a8717e5 100644 --- a/src/build-data/os/aix.txt +++ b/src/build-data/os/aix.txt @@ -5,6 +5,7 @@ use_stack_protector no posix1 +posix_mlock clock_gettime dev_random proc_fs diff --git a/src/build-data/os/android.txt b/src/build-data/os/android.txt index b45287b548..3b0b0c09a6 100644 --- a/src/build-data/os/android.txt +++ b/src/build-data/os/android.txt @@ -3,9 +3,10 @@ soname_suffix "so" posix1 +posix_mlock +clock_gettime dev_random -clock_gettime # getauxval is available in Android NDK for min API 18 and in Crystax NDK # for all min API levels. Use --without-os-feature=getauxval to disable diff --git a/src/build-data/os/darwin.txt b/src/build-data/os/darwin.txt index e32a5c4c6c..056d535e7c 100644 --- a/src/build-data/os/darwin.txt +++ b/src/build-data/os/darwin.txt @@ -11,6 +11,7 @@ doc_dir doc posix1 +posix_mlock arc4random dev_random security_framework diff --git a/src/build-data/os/dragonfly.txt b/src/build-data/os/dragonfly.txt index 257b2ef6b5..6cf7949488 100644 --- a/src/build-data/os/dragonfly.txt +++ b/src/build-data/os/dragonfly.txt @@ -3,6 +3,7 @@ soname_suffix "so" posix1 +posix_mlock clock_gettime proc_fs dev_random diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt index 4de44a318f..2ff60844a7 100644 --- a/src/build-data/os/freebsd.txt +++ b/src/build-data/os/freebsd.txt @@ -3,6 +3,7 @@ soname_suffix "so" posix1 +posix_mlock clock_gettime dev_random arc4random diff --git a/src/build-data/os/hpux.txt b/src/build-data/os/hpux.txt index 112ad1ea30..f9a74f639c 100644 --- a/src/build-data/os/hpux.txt +++ b/src/build-data/os/hpux.txt @@ -4,6 +4,7 @@ soname_suffix "so" posix1 +posix_mlock clock_gettime dev_random diff --git a/src/build-data/os/hurd.txt b/src/build-data/os/hurd.txt index 29ca47490f..6d12c9a489 100644 --- a/src/build-data/os/hurd.txt +++ b/src/build-data/os/hurd.txt @@ -3,6 +3,7 @@ soname_suffix "so" posix1 +posix_mlock dev_random clock_gettime diff --git a/src/build-data/os/ios.txt b/src/build-data/os/ios.txt index a5ffab6960..0e3eb7c4b0 100644 --- a/src/build-data/os/ios.txt +++ b/src/build-data/os/ios.txt @@ -7,6 +7,7 @@ doc_dir doc posix1 +posix_mlock arc4random sockets diff --git a/src/build-data/os/linux.txt b/src/build-data/os/linux.txt index 7029adbefb..6f4f3d6443 100644 --- a/src/build-data/os/linux.txt +++ b/src/build-data/os/linux.txt @@ -3,6 +3,7 @@ soname_suffix "so" posix1 +posix_mlock dev_random proc_fs diff --git a/src/build-data/os/netbsd.txt b/src/build-data/os/netbsd.txt index 4de44a318f..2ff60844a7 100644 --- a/src/build-data/os/netbsd.txt +++ b/src/build-data/os/netbsd.txt @@ -3,6 +3,7 @@ soname_suffix "so" posix1 +posix_mlock clock_gettime dev_random arc4random diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt index 9c6c8b7079..5ba148e660 100644 --- a/src/build-data/os/openbsd.txt +++ b/src/build-data/os/openbsd.txt @@ -5,6 +5,7 @@ soname_pattern_patch "lib{libname}.so.{abi_rev}.{version_minor}" posix1 +posix_mlock clock_gettime dev_random arc4random diff --git a/src/build-data/os/qnx.txt b/src/build-data/os/qnx.txt index 70810d2d95..1cf671ce7d 100644 --- a/src/build-data/os/qnx.txt +++ b/src/build-data/os/qnx.txt @@ -2,6 +2,7 @@ soname_suffix "so" posix1 +posix_mlock clock_gettime dev_random diff --git a/src/build-data/os/solaris.txt b/src/build-data/os/solaris.txt index f2bfca6164..c729f6aa1e 100644 --- a/src/build-data/os/solaris.txt +++ b/src/build-data/os/solaris.txt @@ -3,6 +3,7 @@ soname_suffix "so" posix1 +posix_mlock clock_gettime dev_random proc_fs diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index f2813b323b..c7f04a8554 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -325,11 +325,13 @@ void* OS::allocate_locked_pages(size_t length) ::madvise(ptr, length, MADV_DONTDUMP); #endif +#if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) if(::mlock(ptr, length) != 0) { ::munmap(ptr, length); return nullptr; // failed to lock } +#endif ::memset(ptr, 0, length); @@ -361,7 +363,11 @@ void OS::free_locked_pages(void* ptr, size_t length) #if defined(BOTAN_TARGET_OS_HAS_POSIX1) secure_scrub_memory(ptr, length); + +#if defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) ::munlock(ptr, length); +#endif + ::munmap(ptr, length); #elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) secure_scrub_memory(ptr, length); From 2344c35f3ccd199e07df164f706782557ea25bcb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 09:23:30 -0400 Subject: [PATCH 0925/1008] Support other list args in argument parser --- src/cli/argparse.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/cli/argparse.h b/src/cli/argparse.h index 1b61d86760..bd8c50689a 100644 --- a/src/cli/argparse.h +++ b/src/cli/argparse.h @@ -96,11 +96,10 @@ size_t Argument_Parser::get_arg_sz(const std::string& opt_name) const std::vector Argument_Parser::get_arg_list(const std::string& what) const { - if(what != m_spec_rest) - { - throw CLI_Error("Unexpected list name '" + what + "'"); - } - return m_user_rest; + if(what == m_spec_rest) + return m_user_rest; + + return Botan::split_on(get_arg(what), ','); } void Argument_Parser::parse_args(const std::vector& params) From 22b18895974835be9a7562c556c7c7fc2489a6c9 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 10:45:15 -0400 Subject: [PATCH 0926/1008] Add --enable-sanitizers= flag to specify which sanitizers to use Allows adding support for MSan with Clang and UBsan with GCC --- configure.py | 42 ++++++++++++++++++++++++++----------- doc/manual/fuzzing.rst | 5 ++++- src/build-data/cc/clang.txt | 11 ++++++++-- src/build-data/cc/gcc.txt | 10 +++++---- 4 files changed, 49 insertions(+), 19 deletions(-) diff --git a/configure.py b/configure.py index 5df583c038..99240effcf 100755 --- a/configure.py +++ b/configure.py @@ -354,6 +354,9 @@ def process_command_line(args): # pylint: disable=too-many-locals build_group.add_option('--with-sanitizers', action='store_true', default=False, dest='with_sanitizers', help='enable ASan/UBSan checks') + build_group.add_option('--enable-sanitizers', metavar='SAN', default='', + help='enable specific sanitizers') + build_group.add_option('--with-stack-protector', dest='with_stack_protector', action='store_false', default=None, help=optparse.SUPPRESS_HELP) @@ -1042,7 +1045,8 @@ def __init__(self, infofile): lex = lex_me_harder( infofile, [], - ['cpu_flags', 'so_link_commands', 'binary_link_commands', 'mach_abi_linking', 'isa_flags'], + ['cpu_flags', 'so_link_commands', 'binary_link_commands', + 'mach_abi_linking', 'isa_flags', 'sanitizers'], { 'binary_name': None, 'linker_name': None, @@ -1059,7 +1063,6 @@ def __init__(self, infofile): 'optimization_flags': '', 'size_optimization_flags': '', 'coverage_flags': '', - 'sanitizer_flags': '', 'stack_protector_flags': '', 'shared_flags': '', 'lang_flags': '', @@ -1095,7 +1098,7 @@ def __init__(self, infofile): self.output_to_exe = lex.output_to_exe self.output_to_object = lex.output_to_object self.preproc_flags = lex.preproc_flags - self.sanitizer_flags = lex.sanitizer_flags + self.sanitizers = lex.sanitizers self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags self.so_link_commands = lex.so_link_commands @@ -1183,33 +1186,48 @@ def mach_abi_groups(): yield options.os yield options.cpu - abi_link = list() + abi_link = set() for what in mach_abi_groups(): if what in self.mach_abi_linking: flag = self.mach_abi_linking.get(what) if flag != None and flag != '' and flag not in abi_link: - abi_link.append(flag) + abi_link.add(flag) if options.msvc_runtime: - abi_link.append("/" + options.msvc_runtime) + abi_link.add("/" + options.msvc_runtime) if options.with_stack_protector and self.stack_protector_flags != '': - abi_link.append(self.stack_protector_flags) + abi_link.add(self.stack_protector_flags) if options.with_coverage_info: if self.coverage_flags == '': raise UserError('No coverage handling for %s' % (self.basename)) - abi_link.append(self.coverage_flags) + abi_link.add(self.coverage_flags) - if options.with_sanitizers: - if self.sanitizer_flags == '': + if options.with_sanitizers or options.enable_sanitizers != '': + if not self.sanitizers: raise UserError('No sanitizer handling for %s' % (self.basename)) - abi_link.append(self.sanitizer_flags) + + default_san = self.sanitizers['default'].split(',') + + if options.enable_sanitizers: + san = options.enable_sanitizers.split(',') + else: + san = default_san + + for s in san: + if s not in self.sanitizers: + raise UserError('No flags defined for sanitizer %s in %s' % (s, self.basename)) + + if s == 'default': + abi_link.update([self.sanitizers[s] for s in default_san]) + else: + abi_link.add(self.sanitizers[s]) if options.with_openmp: if 'openmp' not in self.mach_abi_linking: raise UserError('No support for OpenMP for %s' % (self.basename)) - abi_link.append(self.mach_abi_linking['openmp']) + abi_link.add(self.mach_abi_linking['openmp']) abi_flags = ' '.join(sorted(abi_link)) diff --git a/doc/manual/fuzzing.rst b/doc/manual/fuzzing.rst index 8260582d69..9435536fed 100644 --- a/doc/manual/fuzzing.rst +++ b/doc/manual/fuzzing.rst @@ -19,9 +19,12 @@ need to compile libFuzzer:: Then build the fuzzers:: $ ./configure.py --cc=clang --build-fuzzer=libfuzzer --unsafe-fuzzer-mode \ - --cc-abi-flags='-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined' + --enable-sanitizers=coverage,address,undefined $ make fuzzers +Enabling 'coverage' sanitizer flags is required for libFuzzer to work. +Address sanitizer and undefined sanitizer are optional. + The fuzzer binaries will be in `build/fuzzer`. Simply pick one and run it, optionally also passing a directory containing corpus inputs. diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 508551eefb..817a0610c1 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -9,8 +9,15 @@ maintainer_warning_flags "-Wunreachable-code -Wdocumentation -Qunused-arguments optimization_flags "-O3" size_optimization_flags "-Os" -#sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" -sanitizer_flags "-fsanitize=address,undefined" + + +default -> address,undefined + +address -> "-fsanitize=address" +undefined -> "-fsanitize=undefined -fno-sanitize-recover=undefined" +coverage -> "-fsanitize-coverage=edge,indirect-calls,8bit-counters" +memory -> "-fsanitize=memory" + shared_flags "-fPIC" coverage_flags "--coverage" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 5bcb838c99..7aeb390e1c 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -16,11 +16,13 @@ shared_flags "-fPIC" coverage_flags "--coverage" stack_protector_flags "-fstack-protector" -# GCC 4.8 -sanitizer_flags "-D_GLIBCXX_DEBUG -fsanitize=address" + +default -> iterator,address -# GCC 4.9 and later -#sanitizer_flags "-D_GLIBCXX_DEBUG -fsanitize=address,undefined -fno-sanitize-recover=undefined" +iterator -> "-D_GLIBCXX_DEBUG" +address -> "-fsanitize=address" +undefined -> "-fsanitize=undefined -fno-sanitize-recover=undefined" + visibility_build_flags "-fvisibility=hidden" visibility_attribute '__attribute__((visibility("default")))' From ab7029471d353c6a3d7c2e6e560449f0cd995cec Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 10:59:09 -0400 Subject: [PATCH 0927/1008] Update docs --- doc/contributing.rst | 6 ++++-- doc/manual/fuzzing.rst | 5 ++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/contributing.rst b/doc/contributing.rst index bdb3a5ac2a..6674cd0abf 100644 --- a/doc/contributing.rst +++ b/doc/contributing.rst @@ -120,8 +120,10 @@ If you don't already use it for all your C/C++ development, install ``ccache`` now and configure a large cache on a fast disk. It allows for very quick rebuilds by caching the compiler output. -Use ``--with-sanitizers`` to enable ASan. UBSan has to be added separately -with ``--cc-abi-flags`` at the moment as GCC 4.8 does not have UBSan. +Use ``--enable-sanitizers=`` flag to enable various sanitizer checks. +Supported values including "address" and "undefined" for GCC and +Clang. GCC also supports "iterator" (checked iterators), and Clang +supports "memory" (MSan) and "coverage" (for fuzzing). Copyright Notice ======================================== diff --git a/doc/manual/fuzzing.rst b/doc/manual/fuzzing.rst index 9435536fed..ac9227e941 100644 --- a/doc/manual/fuzzing.rst +++ b/doc/manual/fuzzing.rst @@ -41,9 +41,8 @@ To fuzz with AFL (http://lcamtuf.coredump.cx/afl/):: $ ./configure.py --with-sanitizers --build-fuzzer=afl --unsafe-fuzzer-mode --cc-bin=afl-g++ $ make fuzzers -For AFL, `--with-sanitizers` is optional. - -You can also use `afl-clang-fast++` or `afl-clang++`. +For AFL sanitizers are optional. You can also use `afl-clang-fast++` +or `afl-clang++`, be sure to set `--cc=clang` also. The fuzzer binaries will be in `build/fuzzer`. To run them you need to run under `afl-fuzz`:: From 9b091ed48e222832ef5ada71fb65247761363d6a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 12:09:55 -0400 Subject: [PATCH 0928/1008] Fix timing_test cli with minimized builds --- src/cli/timing_tests.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 48dcbce1e5..d9e0cbc43d 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -19,6 +19,8 @@ #include "cli.h" #include +#include +#include #include #include @@ -43,8 +45,8 @@ #endif #if defined(BOTAN_HAS_ECDSA) + #include #include - #include #endif namespace Botan_CLI { From eaa8e1593481518e33f83340bf0a05d2669f3b21 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 11:26:27 -0400 Subject: [PATCH 0929/1008] Add a reproducer for OSS-Fuzz 7156 --- src/tests/data/pubkey/ed25519_verify.vec | 7 +++++++ src/tests/test_ed25519.cpp | 20 ++++++++++++++++++++ src/tests/test_pubkey.cpp | 17 +++++++++++++++-- 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 src/tests/data/pubkey/ed25519_verify.vec diff --git a/src/tests/data/pubkey/ed25519_verify.vec b/src/tests/data/pubkey/ed25519_verify.vec new file mode 100644 index 0000000000..ad918969cf --- /dev/null +++ b/src/tests/data/pubkey/ed25519_verify.vec @@ -0,0 +1,7 @@ +[Pure] + +# OSS-Fuzz #7156 +Pubkey = 29A5670182010000000000002007643AE1720EF35AA223252F021A68F707511A +Msg = 30820143A0030201020209009C28A1A9B4502044300506032B65703045310B30090603550406130241553113301106035504080C0A536F6D652D53746174653121301F060355040A0C18496E7465726E6574205769646769747320507479204C7464301E170D3134303432333233323135375A170D3134303532333233323135375A3045310B30090603550406130241553113301106035504080C0A536F6D652D53746174653121301F060355040A0C18496E7465726E6574205769646769747320507479204C7464302A300506032B657003210029A5670182010000000000002007643AE1720EF35AA223252F021A68F707511AA350304E301D060362E3E704160414A29B7B795F9F24ADAFDDA87A40F526963D7FFBB5301F0603555F2304183016821421EC7B795F9F1F000000A87AC0F53D7FB5963FFB300C0603551DAA040530030101FF +Valid = 0 +Signature = 6EFA4FC58BA3BCF7C51598710C8D7182857E28C06D8C310BB5090603550406132020202020202020202020202020202020202020202020202020202020202016 diff --git a/src/tests/test_ed25519.cpp b/src/tests/test_ed25519.cpp index e052e92791..c822fb3203 100644 --- a/src/tests/test_ed25519.cpp +++ b/src/tests/test_ed25519.cpp @@ -20,6 +20,25 @@ namespace { #if defined(BOTAN_HAS_ED25519) +class Ed25519_Verification_Tests : public PK_Signature_Verification_Test + { + public: + Ed25519_Verification_Tests() : PK_Signature_Verification_Test( + "Ed25519", + "pubkey/ed25519_verify.vec", + "Pubkey,Msg,Signature", "Valid") {} + + std::unique_ptr load_public_key(const VarMap& vars) override + { + const std::vector pubkey = get_req_bin(vars, "Pubkey"); + + std::unique_ptr key(new Botan::Ed25519_PublicKey(pubkey)); + + return std::unique_ptr(key.release()); + + } + }; + class Ed25519_Signature_Tests final : public PK_Signature_Generation_Test { public: @@ -82,6 +101,7 @@ class Ed25519_Curdle_Format_Tests final : public Test } }; +BOTAN_REGISTER_TEST("ed25519_verify", Ed25519_Verification_Tests); BOTAN_REGISTER_TEST("ed25519_sign", Ed25519_Signature_Tests); BOTAN_REGISTER_TEST("ed25519_curdle", Ed25519_Curdle_Format_Tests); diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index 722056b2f7..2d4113c6de 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -191,6 +191,8 @@ PK_Signature_Verification_Test::run_one_test(const std::string& pad_hdr, const V const std::vector signature = get_req_bin(vars, "Signature"); const std::string padding = choose_padding(vars, pad_hdr); + const bool expected_valid = (get_opt_sz(vars, "Valid", 1) == 1); + std::unique_ptr pubkey = load_public_key(vars); Test::Result result(algo_name() + "/" + padding + " signature verification"); @@ -202,13 +204,24 @@ PK_Signature_Verification_Test::run_one_test(const std::string& pad_hdr, const V try { verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider)); - result.test_eq("correct signature valid", verifier->verify_message(message, signature), true); - check_invalid_signatures(result, *verifier, message, signature); } catch(Botan::Lookup_Error&) { result.test_note("Skipping verifying with " + verify_provider); } + + if(verifier) + { + const bool verified = verifier->verify_message(message, signature); + + if(expected_valid) + { + result.test_eq("correct signature valid", verified, true); + check_invalid_signatures(result, *verifier, message, signature); + } + else + result.test_eq("incorrect signature invalid", verified, false); + } } return result; From 15478bc16dfbf2ddb6f9a7614039015569c8680d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 12:42:26 -0400 Subject: [PATCH 0930/1008] Fix carry bugs introduced in 8a7559e4f8ad --- src/lib/pubkey/ed25519/sc_muladd.cpp | 22 +++++++++++----------- src/lib/pubkey/ed25519/sc_reduce.cpp | 23 ++++++++++++----------- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/src/lib/pubkey/ed25519/sc_muladd.cpp b/src/lib/pubkey/ed25519/sc_muladd.cpp index 8a95c652d8..711118ceb6 100644 --- a/src/lib/pubkey/ed25519/sc_muladd.cpp +++ b/src/lib/pubkey/ed25519/sc_muladd.cpp @@ -157,17 +157,17 @@ void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c) redc_mul(s0, s1, s2, s3, s4, s5, s12); - carry<21>(s0, s1); - carry<21>(s1, s2); - carry<21>(s2, s3); - carry<21>(s3, s4); - carry<21>(s4, s5); - carry<21>(s5, s6); - carry<21>(s6, s7); - carry<21>(s7, s8); - carry<21>(s8, s9); - carry<21>(s9, s10); - carry<21>(s10, s11); + carry0<21>(s0, s1); + carry0<21>(s1, s2); + carry0<21>(s2, s3); + carry0<21>(s3, s4); + carry0<21>(s4, s5); + carry0<21>(s5, s6); + carry0<21>(s6, s7); + carry0<21>(s7, s8); + carry0<21>(s8, s9); + carry0<21>(s9, s10); + carry0<21>(s10, s11); carry0<21>(s11, s12); redc_mul(s0, s1, s2, s3, s4, s5, s12); diff --git a/src/lib/pubkey/ed25519/sc_reduce.cpp b/src/lib/pubkey/ed25519/sc_reduce.cpp index b9d0f95272..250e603e4a 100644 --- a/src/lib/pubkey/ed25519/sc_reduce.cpp +++ b/src/lib/pubkey/ed25519/sc_reduce.cpp @@ -94,17 +94,17 @@ void sc_reduce(uint8_t* s) redc_mul(s0, s1, s2, s3, s4, s5, s12); - carry<21>(s0, s1); - carry<21>(s1, s2); - carry<21>(s2, s3); - carry<21>(s3, s4); - carry<21>(s4, s5); - carry<21>(s5, s6); - carry<21>(s6, s7); - carry<21>(s7, s8); - carry<21>(s8, s9); - carry<21>(s9, s10); - carry<21>(s10, s11); + carry0<21>(s0, s1); + carry0<21>(s1, s2); + carry0<21>(s2, s3); + carry0<21>(s3, s4); + carry0<21>(s4, s5); + carry0<21>(s5, s6); + carry0<21>(s6, s7); + carry0<21>(s7, s8); + carry0<21>(s8, s9); + carry0<21>(s9, s10); + carry0<21>(s10, s11); carry0<21>(s11, s12); redc_mul(s0, s1, s2, s3, s4, s5, s12); @@ -120,6 +120,7 @@ void sc_reduce(uint8_t* s) carry0<21>(s8, s9); carry0<21>(s9, s10); carry0<21>(s10, s11); + carry0<21>(s11, s12); s[0] = s0 >> 0; s[1] = s0 >> 8; From 899f108970483f8741073c3a7c48bfb71e5c9b27 Mon Sep 17 00:00:00 2001 From: Never Date: Fri, 23 Mar 2018 20:09:56 +0100 Subject: [PATCH 0931/1008] add tls-custom-curve documentation + examples --- doc/manual/tls.rst | 400 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 394 insertions(+), 6 deletions(-) diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index a412454489..e83fdcb243 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -149,6 +149,16 @@ information about the connection. Optional logging for an debug value. (Not currently used) + .. cpp:function:: std::string tls_decode_group_param(TLS::Group_Params group_param) + + Optional. Called by the server when a client hello includes a list of supported groups in the + supported_groups extension and by the client when decoding the server key exchange including the selected curve identifier. + The function should return the name of the DH group or elliptic curve the passed + TLS group identifier should be mapped to. Therefore this callback enables the use of custom + elliptic curves or DH groups in TLS, if both client and server map the custom identifiers correctly. + Please note that it is required to allow the group TLS identifier in + in the used :cpp:class:`TLS::Policy`. + Versions from 1.11.0 to 1.11.30 did not have ``TLS::Callbacks`` and instead used independent std::functions to pass the various callback functions. This interface is currently still included but is deprecated and will be removed @@ -900,13 +910,18 @@ policy settings from a file. DSA authentication is deprecated and will be removed in a future release. - .. cpp:function:: std::vector allowed_ecc_curves() const + .. cpp:function:: std::vector key_exchange_groups() const - Return a list of ECC curves we are willing to use, in order of preference. + Return a list of ECC curve and DH group TLS identifiers we are willing to use, in order of preference. The default ordering puts the best performing ECC first. - Default: "x25519", "secp256r1", "secp521r1", "secp384r1", - "brainpool256r1", "brainpool384r1", "brainpool512r1" + Default: + Group_Params::X25519, Group_Params::SECP256R1, + Group_Params::SECP521R1, Group_Params::SECP384R1, + Group_Params::BRAINPOOL256R1, Group_Params::BRAINPOOL384R1, + Group_Params::BRAINPOOL512R1, Group_Params::FFDHE_2048, + Group_Params::FFDHE_3072, Group_Params::FFDHE_4096, + Group_Params::FFDHE_6144, Group_Params::FFDHE_8192 No other values are currently defined. @@ -994,10 +1009,10 @@ policy settings from a file. Default: true - .. cpp:function:: std::string dh_group() const + .. cpp:function:: Group_Params default_dh_group() const For ephemeral Diffie-Hellman key exchange, the server sends a - group parameter. Return a string specifying the group parameter a + group parameter. Return the 2 Byte TLS group identifier specifying the group parameter a server should use. Default: 2048 bit IETF IPsec group ("modp/ietf/2048") @@ -1154,3 +1169,376 @@ The ``TLS::Protocol_Version`` class represents a specific version: Returns the latest version of the DTLS protocol known to the library (currently DTLS v1.2) + +TLS Custom Curves +---------------------------------------- + +The supported_groups TLS extension is used in the client hello to advertise a list of supported elliptic curves +and DH groups. The server subsequently selects one of the groups, which is supported by both endpoints. +The groups are represented by their TLS identifier. This 2 Byte identifier is standardized for commonly used groups and curves. +In addition, the standard reserves the identifiers 0xFE00 to 0xFEFF for custom groups or curves. + +Using non standardized custom curves is however not recommended and can be a serious risk if an +insecure curve is used. Still, it might be desired in some scenarios to use custom curves or groups in the TLS handshake. + +To use custom curves with the Botan :cpp:class:`TLS::Client` or :cpp:class:`TLS::Server` the following additional adjustments have to be implemented +as shown in the following code examples. + +1. Registration of the custom curve +2. Implementation TLS callback ``tls_decode_group_param`` +3. Adjustment of the TLS policy by allowing the custom curve + +Client Code Example +^^^^^^^^^^^^ +.. code-block:: cpp + + #include + #include + #include + #include + #include + #include + + #include + #include + + + /** + * @brief Callbacks invoked by TLS::Channel. + * + * Botan::TLS::Callbacks is an abstract class. + * For improved readability, only the functions that are mandatory + * to implement are listed here. See src/lib/tls/tls_callbacks.h. + */ + class Callbacks : public Botan::TLS::Callbacks + { + public: + void tls_emit_data(const uint8_t data[], size_t size) override + { + // send data to tls server, e.g., using BSD sockets or boost asio + } + + void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) override + { + // process full TLS record received by tls server, e.g., + // by passing it to the application + } + + void tls_alert(Botan::TLS::Alert alert) override + { + // handle a tls alert received from the tls server + } + + bool tls_session_established(const Botan::TLS::Session& session) override + { + // the session with the tls server was established + // return false to prevent the session from being cached, true to + // cache the session in the configured session manager + return false; + } + std::string tls_decode_group_param(Botan::TLS::Group_Params group_param) override + { + // handle TLS group identifier decoding and return name as string + // return empty string to indicate decoding failure + + switch(static_cast(group_param)) + { + case 0xFE00: + return "testcurve1102"; + default: + //decode non-custom groups + return Botan::TLS::Callbacks::tls_decode_group_param(group_param); + } + } + }; + + /** + * @brief Credentials storage for the tls client. + * + * It returns a list of trusted CA certificates from a local directory. + * TLS client authentication is disabled. See src/lib/tls/credentials_manager.h. + */ + class Client_Credentials : public Botan::Credentials_Manager + { + public: + std::vector trusted_certificate_authorities( + const std::string& type, + const std::string& context) override + { + // return a list of certificates of CAs we trust for tls server certificates, + // e.g., all the certificates in the local directory "cas" + return { new Botan::Certificate_Store_In_Memory("cas") }; + } + + std::vector cert_chain( + const std::vector& cert_key_types, + const std::string& type, + const std::string& context) override + { + // when using tls client authentication (optional), return + // a certificate chain being sent to the tls server, + // else an empty list + return std::vector(); + } + + Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert, + const std::string& type, + const std::string& context) override + { + // when returning a chain in cert_chain(), return the private key + // associated with the leaf certificate here + return nullptr; + } + }; + + class Client_Policy : public Botan::TLS::Strict_Policy + { + public: + std::vector key_exchange_groups() const override + { + // modified strict policy to allow our custom curves + return + { + static_cast(0xFE00) + }; + } + }; + + int main() + { + // prepare rng + Botan::AutoSeeded_RNG rng; + + // prepare custom curve + + // prepare curve parameters + const Botan::BigInt p("0x92309a3e88b94312f36891a2055725bb35ab51af96b3a651d39321b7bbb8c51575a76768c9b6b323"); + const Botan::BigInt a("0x4f30b8e311f6b2dce62078d70b35dacb96aa84b758ab5a8dff0c9f7a2a1ff466c19988aa0acdde69"); + const Botan::BigInt b("0x9045A513CFFF9AE1F1CC84039D852D240344A1D5C9DB203C844089F855C387823EB6FCDDF49C909C"); + + const Botan::BigInt x("0x9120f3779a31296cefcb5a5a08831f1a6d438ad5a3f2ce60585ac19c74eebdc65cadb96bb92622c7"); + const Botan::BigInt y("0x836db8251c152dfee071b72c6b06c5387d82f1b5c30c5a5b65ee9429aa2687e8426d5d61276a4ede"); + const Botan::BigInt order("0x248c268fa22e50c4bcda24688155c96ecd6ad46be5c82d7a6be6e7068cb5d1ca72b2e07e8b90d853"); + + const Botan::BigInt cofactor(4); + + const Botan::OID oid("1.2.3.1"); + + // create EC_Group object to register the curve + Botan::EC_Group testcurve1102(p, a, b, x, y, order, cofactor, oid); + + if(!testcurve1102.verify_group(rng)) + { + // Warning: if verify_group returns false the curve parameters are insecure + } + + // register name to specified oid + Botan::OIDS::add_oid(oid, "testcurve1102"); + + // prepare all the parameters + Callbacks callbacks; + Botan::TLS::Session_Manager_In_Memory session_mgr(rng); + Client_Credentials creds; + Client_Policy policy; + + // open the tls connection + Botan::TLS::Client client(callbacks, + session_mgr, + creds, + policy, + rng, + Botan::TLS::Server_Information("botan.randombit.net", 443), + Botan::TLS::Protocol_Version::TLS_V12); + + + while(!client.is_closed()) + { + // read data received from the tls server, e.g., using BSD sockets or boost asio + // ... + + // send data to the tls server using client.send_data() + + } + } + +Server Code Example +^^^^^^^^^^^^ +.. code-block:: cpp + + #include + #include + #include + #include + #include + #include + #include + #include + + #include + #include + + #include + + /** + * @brief Callbacks invoked by TLS::Channel. + * + * Botan::TLS::Callbacks is an abstract class. + * For improved readability, only the functions that are mandatory + * to implement are listed here. See src/lib/tls/tls_callbacks.h. + */ + class Callbacks : public Botan::TLS::Callbacks + { + public: + void tls_emit_data(const uint8_t data[], size_t size) override + { + // send data to tls client, e.g., using BSD sockets or boost asio + } + + void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) override + { + // process full TLS record received by tls client, e.g., + // by passing it to the application + } + + void tls_alert(Botan::TLS::Alert alert) override + { + // handle a tls alert received from the tls server + } + + bool tls_session_established(const Botan::TLS::Session& session) override + { + // the session with the tls client was established + // return false to prevent the session from being cached, true to + // cache the session in the configured session manager + return false; + } + + std::string tls_decode_group_param(Botan::TLS::Group_Params group_param) override + { + // handle TLS group identifier decoding and return name as string + // return empty string to indicate decoding failure + + switch(static_cast(group_param)) + { + case 0xFE00: + return "testcurve1102"; + default: + //decode non-custom groups + return Botan::TLS::Callbacks::tls_decode_group_param(group_param); + } + } + }; + + /** + * @brief Credentials storage for the tls server. + * + * It returns a certificate and the associated private key to + * authenticate the tls server to the client. + * TLS client authentication is not requested. + * See src/lib/tls/credentials_manager.h. + */ + class Server_Credentials : public Botan::Credentials_Manager + { + public: + Server_Credentials() : m_key(Botan::PKCS8::load_key("botan.randombit.net.key") + { + } + + std::vector trusted_certificate_authorities( + const std::string& type, + const std::string& context) override + { + // if client authentication is required, this function + // shall return a list of certificates of CAs we trust + // for tls client certificates, otherwise return an empty list + return std::vector(); + } + + std::vector cert_chain( + const std::vector& cert_key_types, + const std::string& type, + const std::string& context) override + { + // return the certificate chain being sent to the tls client + // e.g., the certificate file "botan.randombit.net.crt" + return { Botan::X509_Certificate("botan.randombit.net.crt") }; + } + + Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert, + const std::string& type, + const std::string& context) override + { + // return the private key associated with the leaf certificate, + // in this case the one associated with "botan.randombit.net.crt" + return m_key.get(); + } + + private: + std::unique_ptr m_key; + }; + + class Server_Policy : public Botan::TLS::Strict_Policy + { + public: + std::vector key_exchange_groups() const override + { + // modified strict policy to allow our custom curves + return + { + static_cast(0xFE00) + }; + } + }; + + int main() + { + + // prepare rng + Botan::AutoSeeded_RNG rng; + + // prepare custom curve + + // prepare curve parameters + const Botan::BigInt p("0x92309a3e88b94312f36891a2055725bb35ab51af96b3a651d39321b7bbb8c51575a76768c9b6b323"); + const Botan::BigInt a("0x4f30b8e311f6b2dce62078d70b35dacb96aa84b758ab5a8dff0c9f7a2a1ff466c19988aa0acdde69"); + const Botan::BigInt b("0x9045A513CFFF9AE1F1CC84039D852D240344A1D5C9DB203C844089F855C387823EB6FCDDF49C909C"); + + const Botan::BigInt x("0x9120f3779a31296cefcb5a5a08831f1a6d438ad5a3f2ce60585ac19c74eebdc65cadb96bb92622c7"); + const Botan::BigInt y("0x836db8251c152dfee071b72c6b06c5387d82f1b5c30c5a5b65ee9429aa2687e8426d5d61276a4ede"); + const Botan::BigInt order("0x248c268fa22e50c4bcda24688155c96ecd6ad46be5c82d7a6be6e7068cb5d1ca72b2e07e8b90d853"); + + const Botan::BigInt cofactor(4); + + const Botan::OID oid("1.2.3.1"); + + // create EC_Group object to register the curve + Botan::EC_Group testcurve1102(p, a, b, x, y, order, cofactor, oid); + + if(!testcurve1102.verify_group(rng)) + { + // Warning: if verify_group returns false the curve parameters are insecure + } + + // register name to specified oid + Botan::OIDS::add_oid(oid, "testcurve1102"); + + // prepare all the parameters + Callbacks callbacks; + Botan::TLS::Session_Manager_In_Memory session_mgr(rng); + Server_Credentials creds; + Server_Policy policy; + + // accept tls connection from client + Botan::TLS::Server server(callbacks, + session_mgr, + creds, + policy, + rng); + + // read data received from the tls client, e.g., using BSD sockets or boost asio + // and pass it to server.received_data(). + // ... + + // send data to the tls client using server.send_data() + // ... + } From a5e308ee0b45f3b5cb01e97ffc8ab78b13664be9 Mon Sep 17 00:00:00 2001 From: Never Date: Tue, 27 Mar 2018 19:19:32 +0200 Subject: [PATCH 0932/1008] updated tls client/server docs --- doc/manual/tls.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index e83fdcb243..82e44d6d1d 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -400,7 +400,7 @@ The full code for a TLS client using BSD sockets is in `src/cli/tls_client.cpp` class Client_Credentials : public Botan::Credentials_Manager { public: - std::vector trusted_certificate_authorities( + std::vector trusted_certificate_authorities( const std::string& type, const std::string& context) override { @@ -409,7 +409,7 @@ The full code for a TLS client using BSD sockets is in `src/cli/tls_client.cpp` return { new Botan::Certificate_Store_In_Memory("cas") }; } - std::vector cert_chain( + std::vector cert_chain( const std::vector& cert_key_types, const std::string& type, const std::string& context) override @@ -551,11 +551,11 @@ The full code for a TLS server using asio is in `src/cli/tls_proxy.cpp`. class Server_Credentials : public Botan::Credentials_Manager { public: - Server_Credentials() : m_key(Botan::X509::load_key("botan.randombit.net.key")) + Server_Credentials() : m_key(Botan::PKCS8::load_key("botan.randombit.net.key")) { } - std::vector trusted_certificate_authorities( + std::vector trusted_certificate_authorities( const std::string& type, const std::string& context) override { @@ -565,7 +565,7 @@ The full code for a TLS server using asio is in `src/cli/tls_proxy.cpp`. return std::vector(); } - std::vector cert_chain( + std::vector cert_chain( const std::vector& cert_key_types, const std::string& type, const std::string& context) override From 043db1e5c93abea4d8dff20ca3e562c244f1fad6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 27 Mar 2018 14:23:52 -0400 Subject: [PATCH 0933/1008] Fix headers for mini builds --- src/cli/timing_tests.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index d9e0cbc43d..fbea2a8ca4 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -19,13 +19,19 @@ #include "cli.h" #include -#include -#include #include #include #include +#if defined(BOTAN_HAS_BIGINT) + #include +#endif + +#if defined(BOTAN_HAS_NUMBERTHEORY) + #include +#endif + #if defined(BOTAN_HAS_SYSTEM_RNG) #include #endif From 95754e2618e2264ce9eb7c6eae493576b097b90f Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Wed, 28 Mar 2018 00:40:04 +0200 Subject: [PATCH 0934/1008] Adds sanitizer support for the xlC compiler - Option "--with-sanitizers" sets compiler flag "-qcheck=all" - Alternatively "--enable-sanitizers" can be set to either "address" which translates to "-qcheck=bounds:stackclobber:unset" or "undefined" which sets the flags "-qcheck=nullptr:divzero". The flags are explained here: https://www.ibm.com/support/knowledgecenter/SSGH2K_13.1.2/com.ibm.xlc131.aix.doc/compiler_ref/opt_check.html Currently compiling with "--with-sanitizers" or "--enable-sanitizers=undefined" will cause compilation to fail because of a "possible division by 0" in `Botan::bigint_divop`. This seems to be a false positive, before the division occurrs an Invalid_Argument exception will be thrown. --- src/build-data/cc/xlc.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/build-data/cc/xlc.txt b/src/build-data/cc/xlc.txt index 0ab45242a1..8762aecd15 100644 --- a/src/build-data/cc/xlc.txt +++ b/src/build-data/cc/xlc.txt @@ -13,3 +13,9 @@ altivec -> "-qaltivec" default -> "$(CXX) -qmkshrobj" + + +default -> "-qcheck=all" +address -> "-qcheck=bounds:stackclobber:unset" +undefined -> "-qcheck=nullptr:divzero" + From 5b7cb0d19d7ffe97712c39aaf2f861a2504442aa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 03:25:59 -0400 Subject: [PATCH 0935/1008] Update TLS docs re new APIs for 2.5 [ci skip] --- doc/manual/credentials_manager.rst | 13 ++++++++++++- doc/manual/tls.rst | 16 ++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/doc/manual/credentials_manager.rst b/doc/manual/credentials_manager.rst index e694f7efd0..169e5ab8e6 100644 --- a/doc/manual/credentials_manager.rst +++ b/doc/manual/credentials_manager.rst @@ -29,12 +29,23 @@ implementation. The default implementation returns an empty list. + .. cpp:function:: std::vector find_cert_chain( \ + const std::vector& cert_key_types, \ + const std::vector& acceptable_CAs, \ + const std::string& type, \ + const std::string& context) + + Return the certificate chain to use to identify ourselves. The + ``acceptable_CAs`` parameter gives a list of CAs the peer trusts. + This may be empty. + .. cpp:function:: std::vector cert_chain( \ const std::vector& cert_key_types, \ const std::string& type, \ const std::string& context) - Return the certificate chain to use to identify ourselves + Return the certificate chain to use to identify ourselves. Starting in + 2.5, prefer ``find_cert_chain`` which additionally provides the CA list. .. cpp:function:: std::vector cert_chain_single_type( \ const std::string& cert_key_type, \ diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index a412454489..551d1e6c72 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -137,6 +137,22 @@ information about the connection. This callback is optional, and can be used to inspect all handshake messages while the session establishment occurs. + .. cpp:function:: void tls_modify_extensions(Extensions& extn, Connection_Side which_side) + + This callback is optional, and can be used to modify extensions before they + are sent to the peer. For example this enables adding a custom extension, + or replacing or removing an extension set by the library. + + .. cpp:function:: void tls_examine_extensions(const Extensions& extn, Connection_Side which_side) + + This callback is optional, and can be used to examine extensions sent by + the peer. + + .. std::string tls_decode_group_param(Group_Params group_param) + + This callback is optional. It can be used to support custom group ids for + ECDH and DH key exchange. + .. cpp:function:: void tls_log_error(const char* msg) Optional logging for an error message. (Not currently used) From cda33965bcf2ea73c4157ed97c3745ac027fd7c4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 03:57:43 -0400 Subject: [PATCH 0936/1008] Fix some Doxygen errors --- src/build-data/botan.doxy.in | 1 + src/lib/math/bigint/bigint.h | 3 ++- src/lib/math/mp/mp_core.h | 1 + src/lib/misc/fpe_fe1/fpe_fe1.h | 2 ++ src/lib/pubkey/ec_group/point_gfp.h | 12 ++++++++++++ 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/build-data/botan.doxy.in b/src/build-data/botan.doxy.in index 4065ad7a1c..11315a5c4f 100644 --- a/src/build-data/botan.doxy.in +++ b/src/build-data/botan.doxy.in @@ -152,6 +152,7 @@ INCLUDE_FILE_PATTERNS = PREDEFINED = BOTAN_HAS_AES_SSSE3 \ BOTAN_HAS_AES_NI \ BOTAN_HAS_AES_ARMV8 \ + BOTAN_HAS_AES_POWER8 \ BOTAN_HAS_IDEA_SSE2 \ BOTAN_HAS_NOEKEON_SIMD \ BOTAN_HAS_SERPENT_SIMD \ diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 3d6626e4df..cb518e7279 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -253,7 +253,8 @@ class BOTAN_PUBLIC_API(2,0) BigInt final /** * Set *this to y - *this - * @param y the BigInt to subtract from + * @param y the BigInt to subtract from as a sequence of words + * @param y_size length of y in words * @param ws a temp workspace */ BigInt& rev_sub(const word y[], size_t y_size, secure_vector& ws); diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h index 5142401975..a2c39bafa2 100644 --- a/src/lib/math/mp/mp_core.h +++ b/src/lib/math/mp/mp_core.h @@ -125,6 +125,7 @@ void bigint_linmul3(word z[], const word x[], size_t x_size, word y); * @param p_size size of p * @param p_dash Montgomery value * @param workspace array of at least 2*(p_size+1) words +* @param ws_size size of workspace in words */ void bigint_monty_redc(word z[], const word p[], size_t p_size, diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h index e823a5d3c8..d9f760f0da 100644 --- a/src/lib/misc/fpe_fe1/fpe_fe1.h +++ b/src/lib/misc/fpe_fe1/fpe_fe1.h @@ -50,6 +50,7 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm * Encrypt X from and onto the group Z_n using key and tweak * @param x the plaintext to encrypt <= n * @param tweak will modify the ciphertext + * @param tweak_len length of tweak */ BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; @@ -57,6 +58,7 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm * Decrypt X from and onto the group Z_n using key and tweak * @param x the ciphertext to encrypt <= n * @param tweak must match the value used to encrypt + * @param tweak_len length of tweak */ BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const; diff --git a/src/lib/pubkey/ec_group/point_gfp.h b/src/lib/pubkey/ec_group/point_gfp.h index 80c198c623..2a9948fde1 100644 --- a/src/lib/pubkey/ec_group/point_gfp.h +++ b/src/lib/pubkey/ec_group/point_gfp.h @@ -204,6 +204,7 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final /** * Point addition + * @param other the point to add to *this * @param workspace temp space, at least WORKSPACE_SIZE elements */ void add(const PointGFp& other, std::vector& workspace); @@ -215,6 +216,15 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final */ void add_affine(const PointGFp& other, std::vector& workspace); + /** + * Point addition - mixed J+A. Array version. + * + * @param x_words the words of the x coordinate of the other point + * @param x_size size of x_words + * @param y_words the words of the y coordinate of the other point + * @param y_size size of y_words + * @param workspace temp space, at least WORKSPACE_SIZE elements + */ void add_affine(const word x_words[], size_t x_size, const word y_words[], size_t y_size, std::vector& workspace); @@ -227,7 +237,9 @@ class BOTAN_PUBLIC_API(2,0) PointGFp final /** * Point addition + * @param other the point to add to *this * @param workspace temp space, at least WORKSPACE_SIZE elements + * @return other plus *this */ PointGFp plus(const PointGFp& other, std::vector& workspace) const { From fb816bf68736dfea82eec4ecdbb8170fb9a37bbb Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 03:57:59 -0400 Subject: [PATCH 0937/1008] Update news --- news.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 3843228235..489fbb7a62 100644 --- a/news.rst +++ b/news.rst @@ -92,7 +92,11 @@ Version 2.5.0, Not Yet Released * Use feature flags to enable/disable system specific code (GH #1378) -* Add --msvc-runtime option to allow using static runtime (GH #1499 #210) +* Add ``--msvc-runtime`` option to allow using static runtime (GH #1499 #210) + +* Add --enable-sanitizers= option to allow specifying which sanitizers to + enable. The existing ``--with-sanitizers`` option just enables some default + set which is known to work with the minimum required compiler versions. * The threefish module has been renamed threefish_512 since that is the algorithm it provides. (GH #1477) From 5be6acad588462e29379008dd0e3b7d8f178579b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 04:54:09 -0400 Subject: [PATCH 0938/1008] Avoid another problem with AltiVec This caused test failures on ppc64 (big-endian) with GCC 7.2 --- src/lib/utils/simd/simd_32.h | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/src/lib/utils/simd/simd_32.h b/src/lib/utils/simd/simd_32.h index d7316ee012..8e6ac3639c 100644 --- a/src/lib/utils/simd/simd_32.h +++ b/src/lib/utils/simd/simd_32.h @@ -134,14 +134,10 @@ class SIMD_4x32 final return SIMD_4x32(_mm_loadu_si128(reinterpret_cast(in))); #elif defined(BOTAN_SIMD_USE_ALTIVEC) - union { - __vector unsigned int V; - uint32_t R[4]; - } vec; - - Botan::load_le(vec.R, static_cast(in), 4); + uint32_t R[4]; + Botan::load_le(R, static_cast(in), 4); + return SIMD_4x32(R); - return SIMD_4x32(vec.V); #elif defined(BOTAN_SIMD_USE_NEON) uint32_t in32[4]; @@ -170,14 +166,9 @@ class SIMD_4x32 final #elif defined(BOTAN_SIMD_USE_ALTIVEC) - union { - __vector unsigned int V; - uint32_t R[4]; - } vec; - - Botan::load_be(vec.R, static_cast(in), 4); - - return SIMD_4x32(vec.V); + uint32_t R[4]; + Botan::load_be(R, static_cast(in), 4); + return SIMD_4x32(R); #elif defined(BOTAN_SIMD_USE_NEON) From 43fea40ca861505d070dc31854db41065228cbf7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 06:10:50 -0400 Subject: [PATCH 0939/1008] Add support for XLC symbol visibility attributes [ci skip] --- src/build-data/cc/xlc.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/build-data/cc/xlc.txt b/src/build-data/cc/xlc.txt index 8762aecd15..fa3bb85f0b 100644 --- a/src/build-data/cc/xlc.txt +++ b/src/build-data/cc/xlc.txt @@ -6,6 +6,9 @@ optimization_flags "-O2" lang_flags "-std=c++11" +visibility_build_flags "-fvisibility=hidden" +visibility_attribute '__attribute__((visibility("default")))' + altivec -> "-qaltivec" From 52de4a3a3de858952e6601f045679ed0fad6a262 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 06:37:19 -0400 Subject: [PATCH 0940/1008] Remove duplicate doc for tls_decode_group_param --- doc/manual/tls.rst | 5 ----- 1 file changed, 5 deletions(-) diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index aadc0353a4..3587558c71 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -148,11 +148,6 @@ information about the connection. This callback is optional, and can be used to examine extensions sent by the peer. - .. std::string tls_decode_group_param(Group_Params group_param) - - This callback is optional. It can be used to support custom group ids for - ECDH and DH key exchange. - .. cpp:function:: void tls_log_error(const char* msg) Optional logging for an error message. (Not currently used) From 94aab66b934474dc7191f5c17601b9e58f1a7895 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 07:45:44 -0400 Subject: [PATCH 0941/1008] Mark off some completed todos --- doc/todo.rst | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/doc/todo.rst b/doc/todo.rst index 9737200366..122bfa9286 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -40,14 +40,9 @@ Public Key Crypto, Math * X448 and Ed448 * FHMQV * Use GLV decomposition to speed up secp256k1 operations -* Support mixed hashes and non-empty param strings in OAEP +* Optimize ECC point doubling for a=-3 and a=0 curves * wNAF ECC point multiply * Recover ECDSA public key from signature/message pair (GH #664) -* Fast new implementations/algorithms for ECC point operations, - Montgomery multiplication, multi-exponentiation, ... -* Some PK operations, especially RSA, have extensive computations per - operation setup but many of the computed values depend only on the - key and could be shared across operation objects. Utility Functions ------------------ @@ -70,7 +65,7 @@ External Providers, Hardware Support * /dev/crypto provider (ciphers, hashes) * Windows CryptoAPI provider (ciphers, hashes, RSA) * Apple CommonCrypto -* POWER8 crypto extensions (AES, SHA-2) +* POWER8 crypto extensions (SHA-2, GCM) * Better TPM support: NVRAM, PCR measurements, sealing * Intel SGX support @@ -105,11 +100,11 @@ PKIX * OCSP responder logic * X.509 attribute certificates (RFC 5755) * Support generating/verifying XMSS certificates -* Roughtime client (https://roughtime.googlesource.com/roughtime/) New Protocols / Formats ---------------------------------------- +* Roughtime client (https://roughtime.googlesource.com/roughtime/) * PKCS7 / Cryptographic Message Syntax * PKCS12 / PFX * NaCl compatible cryptobox functions From 0787c4b05b1bba7276846839a4b372539ee370ec Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 07:54:22 -0400 Subject: [PATCH 0942/1008] Minor DH optimization Saves 30k-170k cycles depending on param size. --- src/lib/pubkey/dh/dh.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index b8b09ec3ff..fc1e6236a1 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -105,14 +105,16 @@ class DH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF secure_vector DH_KA_Operation::raw_agree(const uint8_t w[], size_t w_len) { - BigInt input = BigInt::decode(w, w_len); + BigInt x = BigInt::decode(w, w_len); - if(input <= 1 || input >= m_p - 1) + if(x <= 1 || x >= m_p - 1) throw Invalid_Argument("DH agreement - invalid key provided"); - BigInt r = m_blinder.unblind(m_powermod_x_p(m_blinder.blind(input))); + x = m_blinder.blind(x); + x = m_powermod_x_p(x); + x = m_blinder.unblind(x); - return BigInt::encode_1363(r, m_p.bytes()); + return BigInt::encode_1363(x, m_p.bytes()); } } From a0833f827f96a82db6be1466b3fd382fda615dbc Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 14:24:35 -0400 Subject: [PATCH 0943/1008] Improve test of cycle counter to avoid bogus failures GH #1515 --- src/tests/test_os_utils.cpp | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/src/tests/test_os_utils.cpp b/src/tests/test_os_utils.cpp index 1c159ca75a..83f3fda004 100644 --- a/src/tests/test_os_utils.cpp +++ b/src/tests/test_os_utils.cpp @@ -66,29 +66,22 @@ class OS_Utils_Tests final : public Test Test::Result test_get_processor_timestamp() { - // TODO better tests Test::Result result("OS::get_processor_timestamp"); const uint64_t proc_ts1 = Botan::OS::get_processor_timestamp(); - // do something that consumes a little time - volatile int x = 11; - while(x < 65535) - { - x *= 2; - x -= 10; - } - - uint64_t proc_ts2 = Botan::OS::get_processor_timestamp(); - if(proc_ts1 == 0) { + const uint64_t proc_ts2 = Botan::OS::get_processor_timestamp(); result.test_is_eq("Disabled processor timestamp stays at zero", proc_ts1, proc_ts2); + return result; } - else - { - result.confirm("Processor timestamp does not duplicate", proc_ts1 != proc_ts2); - } + + size_t counts = 0; + while(Botan::OS::get_processor_timestamp() == proc_ts1) + ++counts; + + result.test_lt("CPU cycle counter eventually changes value", counts, 10); return result; } From 632392451b2965764fd094cb5195cabc98f2a4b5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 15:58:09 -0400 Subject: [PATCH 0944/1008] Prevent test loop from being potentially unbounded [ci skip] Shouldn't happen but conceivably might on broken hardware or emulator. --- src/tests/test_os_utils.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_os_utils.cpp b/src/tests/test_os_utils.cpp index 83f3fda004..f198f8837b 100644 --- a/src/tests/test_os_utils.cpp +++ b/src/tests/test_os_utils.cpp @@ -78,7 +78,7 @@ class OS_Utils_Tests final : public Test } size_t counts = 0; - while(Botan::OS::get_processor_timestamp() == proc_ts1) + while(counts < 100 && (Botan::OS::get_processor_timestamp() == proc_ts1)) ++counts; result.test_lt("CPU cycle counter eventually changes value", counts, 10); From d422423dcdc6b8735d7072f328c83dd382953a3a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 28 Mar 2018 18:27:06 -0400 Subject: [PATCH 0945/1008] Add new test option --abort-on-first-fail Calls std::abort the first time a test fails. Not for general consumption but sometimes very useful when tracking down a tricky bug. --- src/tests/main.cpp | 5 +++-- src/tests/test_runner.cpp | 2 ++ src/tests/test_runner.h | 1 + src/tests/test_tests.cpp | 45 ++++++++++++++++++++------------------- src/tests/tests.cpp | 8 +++++++ src/tests/tests.h | 6 +++++- 6 files changed, 42 insertions(+), 25 deletions(-) diff --git a/src/tests/main.cpp b/src/tests/main.cpp index 7ed5390012..f4ee76b570 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -59,7 +59,7 @@ int main(int argc, char* argv[]) try { const std::string arg_spec = - "botan-test --data-dir= --pkcs11-lib= --provider= --log-success " + "botan-test --data-dir= --pkcs11-lib= --provider= --log-success --abort-on-first-fail " "--verbose --help --run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " "*suites"; @@ -78,6 +78,7 @@ int main(int argc, char* argv[]) const std::string provider = parser.get_arg("provider"); const std::string drbg_seed = parser.get_arg("drbg-seed"); + const bool abort_on_first_fail = parser.flag_set("abort-on-first-fail"); const bool log_success = parser.flag_set("log-success"); const bool run_long_tests = parser.flag_set("run-long-tests"); const bool run_online_tests = parser.flag_set("run-online-tests"); @@ -96,7 +97,7 @@ int main(int argc, char* argv[]) return tests.run(suites, data_dir, pkcs11_lib, provider, log_success, run_online_tests, run_long_tests, - drbg_seed, test_runs); + abort_on_first_fail, drbg_seed, test_runs); } catch(std::exception& e) { diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 65206b4f15..d8491ab73a 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -93,6 +93,7 @@ int Test_Runner::run(const std::vector& requested_tests, bool log_success, bool run_online_tests, bool run_long_tests, + bool abort_on_first_fail, const std::string& drbg_seed, size_t runs) { @@ -180,6 +181,7 @@ int Test_Runner::run(const std::vector& requested_tests, Botan_Tests::Test::set_test_options(log_success, run_online_tests, run_long_tests, + abort_on_first_fail, data_dir, pkcs11_lib, pf); diff --git a/src/tests/test_runner.h b/src/tests/test_runner.h index a314fdb6b8..5ae986bc9b 100644 --- a/src/tests/test_runner.h +++ b/src/tests/test_runner.h @@ -25,6 +25,7 @@ class Test_Runner final bool log_success, bool run_online_tests, bool run_long_tests, + bool abort_on_first_fail, const std::string& drbg_seed, size_t runs); diff --git a/src/tests/test_tests.cpp b/src/tests/test_tests.cpp index 63509d3f05..52db0679a4 100644 --- a/src/tests/test_tests.cpp +++ b/src/tests/test_tests.cpp @@ -30,131 +30,132 @@ class Test_Tests final : public Test Test::Result result("Test Framework"); // Test a few success corner cases first + const std::string testcase_name = "Failing Test"; result.test_throws("throws pi", []() { throw 3.14159; }); // Test expected failure cases { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_throws("doesn't throw", []() { }); verify_failure("test_throws", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_failure("explicitly reported failure", std::vector()); verify_failure("explicit failure", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_failure("explicitly reported failure", "test error"); verify_failure("explicit failure", result, test_result); } { - verify_failure("explicit failure", result, Test::Result::Failure("test", "failure")); + verify_failure("explicit failure", result, Test::Result::Failure(testcase_name, "failure")); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); std::vector vec1(5), vec2(3, 9); test_result.test_eq("test vectors equal", vec1, vec2); verify_failure("test vectors equal", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); std::vector vec1(5), vec2(5); test_result.test_ne("test vectors not equal", vec1, vec2); verify_failure("test vectors equal", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); std::vector vec1(5), vec2(5); test_result.test_ne("test arrays not equal", vec1.data(), vec1.size(), vec2.data(), vec2.size()); verify_failure("test vectors equal", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); size_t x = 5, y = 6; test_result.test_eq("test ints equal", x, y); verify_failure("test ints equal", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); size_t x = 5, y = 5; test_result.test_ne("test ints not equal", x, y); verify_failure("test ints not equal", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_is_nonempty("empty", ""); verify_failure("test_is_nonempty", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_lt("not less", 5, 5); verify_failure("test_lt", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_lte("not lte", 6, 5); verify_failure("test_lte", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_gte("not gte", 5, 6); verify_failure("test_gte", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_ne("string ne", "foo", "foo"); verify_failure("test_ne", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_rc_ok("test_func", -1); verify_failure("test_rc_ok", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_rc("test_func", 0, 5); verify_failure("test_rc", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_rc_fail("test_func", "testing", 0); verify_failure("test_rc_fail", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_throws("test_throws", "expected msg", []() { throw std::runtime_error("not the message"); }); verify_failure("test_throws", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_throws("test_throws", "expected msg", []() { throw "not even a std::exception"; }); verify_failure("test_throws", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); test_result.test_throws("test_throws", "expected msg", []() { ; }); verify_failure("test_throws", result, test_result); @@ -162,14 +163,14 @@ class Test_Tests final : public Test #if defined(BOTAN_HAS_BIGINT) { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); Botan::BigInt x = 5, y = 6; test_result.test_eq("test ints equal", x, y); verify_failure("test ints equal", result, test_result); } { - Test::Result test_result("Testcase"); + Test::Result test_result(testcase_name); Botan::BigInt x = 5, y = 5; test_result.test_ne("test ints not equal", x, y); verify_failure("test ints not equal", result, test_result); diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index e4ed5e8963..2aa1a9d75e 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -159,6 +159,11 @@ void Test::Result::test_failure(const std::string& what, const uint8_t buf[], si bool Test::Result::test_failure(const std::string& err) { m_fail_log.push_back(err); + + if(m_who != "Failing Test" && m_abort_on_first_fail) + { + std::abort(); + } return false; } @@ -553,6 +558,7 @@ std::string Test::m_data_dir; bool Test::m_log_success = false; bool Test::m_run_online_tests = false; bool Test::m_run_long_tests = false; +bool Test::m_abort_on_first_fail = false; std::string Test::m_pkcs11_lib; Botan_Tests::Provider_Filter Test::m_provider_filter; @@ -560,6 +566,7 @@ Botan_Tests::Provider_Filter Test::m_provider_filter; void Test::set_test_options(bool log_success, bool run_online, bool run_long, + bool abort_on_first_fail, const std::string& data_dir, const std::string& pkcs11_lib, const Botan_Tests::Provider_Filter& pf) @@ -568,6 +575,7 @@ void Test::set_test_options(bool log_success, m_log_success = log_success; m_run_online_tests = run_online; m_run_long_tests = run_long; + m_abort_on_first_fail = abort_on_first_fail; m_pkcs11_lib = pkcs11_lib; m_provider_filter = pf; } diff --git a/src/tests/tests.h b/src/tests/tests.h index fa5dc34b6d..fd7daca171 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -408,6 +408,7 @@ class Test static void set_test_options(bool log_success, bool run_online_tests, bool run_long_tests, + bool abort_on_first_fail, const std::string& data_dir, const std::string& pkcs11_lib, const Botan_Tests::Provider_Filter& pf); @@ -432,7 +433,10 @@ class Test private: static std::string m_data_dir; static std::unique_ptr m_test_rng; - static bool m_log_success, m_run_online_tests, m_run_long_tests; + static bool m_log_success; + static bool m_run_online_tests; + static bool m_run_long_tests; + static bool m_abort_on_first_fail; static std::string m_pkcs11_lib; static Botan_Tests::Provider_Filter m_provider_filter; }; From aa0ed952869769dbf4c21e33566397f93f00e2e5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 29 Mar 2018 16:59:14 -0400 Subject: [PATCH 0946/1008] Fix test when EMSA1 not compiled in [ci skip] --- src/tests/unit_x509.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index fe8d3fbd75..0cb88e5775 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -550,6 +550,8 @@ Test::Result test_x509_authority_info_access_extension() test_result.test_eq("CA certificate signature algorithm (explicit)", Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); +#if defined(BOTAN_HAS_EMSA1) + // Try to set a padding scheme that is not supported for signing with the given key type opt.set_padding_scheme("EMSA1"); try @@ -563,6 +565,8 @@ Test::Result test_x509_authority_info_access_extension() sk->algo_name(), e.what(), "Invalid argument Encoding scheme with canonical name EMSA1 not supported for signature algorithm RSA"); } +#endif + test_result.test_eq("CA certificate signature algorithm (explicit)", Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); From dfc6b6ad819395828426c172b8ba2f5d53dda508 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 29 Mar 2018 18:21:35 -0400 Subject: [PATCH 0947/1008] Search for either rst2man or rst2man.py Since distros differ on what name to install this as. Fixes GH #1516 --- src/scripts/build_docs.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/scripts/build_docs.py b/src/scripts/build_docs.py index 0912ea1cf7..3cc59c07c6 100755 --- a/src/scripts/build_docs.py +++ b/src/scripts/build_docs.py @@ -30,6 +30,16 @@ def get_concurrency(): except ImportError: return def_concurrency +def have_prog(prog): + """ + Check if some named program exists in the path + """ + for path in os.environ['PATH'].split(os.pathsep): + exe_file = os.path.join(path, prog) + if os.path.exists(exe_file) and os.access(exe_file, os.X_OK): + return True + return False + def touch(fname): try: os.utime(fname, None) @@ -164,8 +174,17 @@ def main(args=None): # otherwise just copy it cmds.append(['cp', manual_src, manual_output]) + def find_rst2man(): + possible_names = ['rst2man', 'rst2man.py'] + + for name in possible_names: + if have_prog(name): + return name + + raise Exception("Was configured with rst2man but could not be located in PATH") + if with_rst2man: - cmds.append(['rst2man', + cmds.append([find_rst2man(), os.path.join(cfg['build_dir'], 'botan.rst'), os.path.join(cfg['build_dir'], 'botan.1')]) From eaac9648a401f62fa96f7cda0587a084ee6ac80b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 29 Mar 2018 12:41:57 -0400 Subject: [PATCH 0948/1008] Fix bugs in wildcard matching We would incorrectly accept invalid matches for example b*.example.net could match foobar.example.net Introduced in 289cc25709b08 --- doc/security.rst | 13 +++ src/lib/utils/parsing.cpp | 184 ++++++++++++++++++++--------------- src/tests/data/hostnames.vec | 70 +++++++++++++ src/tests/test_utils.cpp | 2 +- 4 files changed, 191 insertions(+), 78 deletions(-) diff --git a/doc/security.rst b/doc/security.rst index a36173bc20..238c318fce 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -15,6 +15,19 @@ mail please use:: This key can be found in the file ``doc/pgpkey.txt`` or online at https://keybase.io/jacklloyd and on most PGP keyservers. +2018 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* 2018-03-29 (CVE-2018-9127): Invalid wildcard match + + RFC 6125 wildcard matching was incorrectly implemented, so that a wildcard + certificate such as "b*.domain.com" would match any hosts "*b*.domain.com" + instead of just server names beginning with 'b'. The host and certificate + would still have to be in the same domain name. Reported by Fabian Weißberg of + Rohde and Schwarz Cybersecurity. + + Bug introduced in 2.2.0, fixed in 2.5.0 + 2017 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/lib/utils/parsing.cpp b/src/lib/utils/parsing.cpp index 9517cc6734..cfae0cb708 100644 --- a/src/lib/utils/parsing.cpp +++ b/src/lib/utils/parsing.cpp @@ -1,6 +1,6 @@ /* * Various string utils and parsing functions -* (C) 1999-2007,2013,2014,2015 Jack Lloyd +* (C) 1999-2007,2013,2014,2015,2018 Jack Lloyd * (C) 2015 Simon Warta (Kullo GmbH) * (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity * @@ -11,6 +11,8 @@ #include #include #include +#include +#include #include #include @@ -338,110 +340,138 @@ std::string replace_char(const std::string& str, char from_char, char to_char) return out; } -bool host_wildcard_match(const std::string& issued, const std::string& host) +namespace { + +std::string tolower_string(const std::string& in) { - if(issued == host) + std::string s = in; + for(size_t i = 0; i != s.size(); ++i) { - return true; + if(std::isalpha(static_cast(s[i]))) + s[i] = std::tolower(static_cast(s[i])); } + return s; + } + +} + +bool host_wildcard_match(const std::string& issued_, const std::string& host_) + { + const std::string issued = tolower_string(issued_); + const std::string host = tolower_string(host_); + + if(host.empty() || issued.empty()) + return false; + + /* + If there are embedded nulls in your issued name + Well I feel bad for you son + */ + if(std::count(issued.begin(), issued.end(), char(0)) > 0) + return false; - size_t stars = 0; - for(char c : issued) + // If more than one wildcard, then issued name is invalid + const size_t stars = std::count(issued.begin(), issued.end(), '*'); + if(stars > 1) + return false; + + // '*' is not a valid character in DNS names so should not appear on the host side + if(std::count(host.begin(), host.end(), '*') != 0) + return false; + + // Similarly a DNS name can't end in . + if(host[host.size() - 1] == '.') + return false; + + // And a host can't have an empty name component, so reject that + if(host.find("..") != std::string::npos) + return false; + + // Exact match: accept + if(issued == host) { - if(c == '*') - stars += 1; + return true; } - if(stars > 1) + /* + Otherwise it might be a wildcard + + If the issued size is strictly longer than the hostname size it + couldn't possibly be a match, even if the issued value is a + wildcard. The only exception is when the wildcard ends up empty + (eg www.example.com matches www*.example.com) + */ + if(issued.size() > host.size() + 1) { return false; } - // first try to match the base, then the left-most label - // which can contain exactly one wildcard at any position - if(issued.size() > 2) + // If no * at all then not a wildcard, and so not a match + if(stars != 1) { - size_t host_i = host.find('.'); - if(host_i == std::string::npos || host_i == host.size() - 1) - { - return false; - } - - size_t issued_i = issued.find('.'); - if(issued_i == std::string::npos || issued_i == issued.size() - 1) - { - return false; - } + return false; + } - const std::string host_base = host.substr(host_i + 1); - const std::string issued_base = issued.substr(issued_i + 1); + /* + Now walk through the issued string, making sure every character + matches. When we come to the (singular) '*', jump forward in the + hostname by the cooresponding amount. We know exactly how much + space the wildcard takes because it must be exactly `len(host) - + len(issued) + 1 chars`. - // if anything but the left-most label doesn't equal, - // we are already out here - if(host_base != issued_base) - { - return false; - } + We also verify that the '*' comes in the leftmost component, and + doesn't skip over any '.' in the hostname. + */ + size_t dots_seen = 0; + size_t host_idx = 0; - // compare the left-most labels - std::string host_prefix = host.substr(0, host_i); + for(size_t i = 0; i != issued.size(); ++i) + { + dots_seen += (issued[i] == '.'); - if(host_prefix.empty()) + if(issued[i] == '*') { - return false; - } + // Fail: wildcard can only come in leftmost component + if(dots_seen > 0) + { + return false; + } - const std::string issued_prefix = issued.substr(0, issued_i); + /* + Since there is only one * we know the tail of the issued and + hostname must be an exact match. In this case advance host_idx + to match. + */ + const size_t advance = (host.size() - issued.size() + 1); - // if split_on would work on strings with less than 2 items, - // the if/else block would not be necessary - if(issued_prefix == "*") - { - return true; - } + if(host_idx + advance > host.size()) // shouldn't happen + return false; - std::vector p; + // Can't be any intervening .s that we would have skipped + if(std::count(host.begin() + host_idx, + host.begin() + host_idx + advance, '.') != 0) + return false; - if(issued_prefix[0] == '*') - { - p = std::vector{"", issued_prefix.substr(1, issued_prefix.size())}; - } - else if(issued_prefix[issued_prefix.size()-1] == '*') - { - p = std::vector{issued_prefix.substr(0, issued_prefix.size() - 1), ""}; + host_idx += advance; } else { - p = split_on(issued_prefix, '*'); - } - - if(p.size() != 2) - { - return false; - } - - // match anything before and after the wildcard character - const std::string first = p[0]; - const std::string last = p[1]; + if(issued[i] != host[host_idx]) + { + return false; + } - if(host_prefix.substr(0, first.size()) == first) - { - host_prefix.erase(0, first.size()); - } - - // nothing to match anymore - if(last.empty()) - { - return true; + host_idx += 1; } + } - if(host_prefix.size() >= last.size() && - host_prefix.substr(host_prefix.size() - last.size(), last.size()) == last) - { - return true; - } + // Wildcard issued name must have at least 3 components + if(dots_seen < 2) + { + return false; } - return false; + return true; } + } diff --git a/src/tests/data/hostnames.vec b/src/tests/data/hostnames.vec index 91296d2d88..56433af7bf 100644 --- a/src/tests/data/hostnames.vec +++ b/src/tests/data/hostnames.vec @@ -40,7 +40,68 @@ Hostname = test.www.example.com Issued = *www.example.com Hostname = www.example.com +Issued = fluf*z.example.net +Hostname = flufbaz.example.net + +Issued = example.com +Hostname = EXAMPLE.com + +Issued = example.com +Hostname = EXAMPLE.COM + +Issued = *.example.COM +Hostname = a.EXAMPLE.com + +Issued = b*z.example.net +Hostname = bz.example.net + [Invalid] +Issued = +Hostname = empty.com + +Issued = empty.com +Hostname = + +Issued = +Hostname = + +Issued = * +Hostname = * + +Issued = * +Hostname = a + +Issued = *.com +Hostname = a.com + +Issued = *.com +Hostname = x.a.com + +# We reject hostnames with .. +Issued = a*..com +Hostname = aninvalidhostname..com + +Issued = f.*.com +Hostname = f.a.com + +Issued = ample.com +Hostname = example.com + +Issued = example.com +Hostname = ample.com + +Issued = b*z.example.net +Hostname = foobaz.example.net + +Issued = b*z.example.net +Hostname = z.example.net + +Issued = flufb*z.example.net +Hostname = foobaz.example.net + +Issued = b*z.example.net +Hostname = baz.example.com + Issued = example.com Hostname = www.example.com @@ -50,6 +111,9 @@ Hostname = example.com Issued = bar.*.example.net Hostname = bar.foo.example.net +Issued = bar.*.example.net +Hostname = bar..example.net + Issued = *.example.com Hostname = bar.foo.example.com @@ -59,6 +123,12 @@ Hostname = example.com Issued = foo*foo.example.com Hostname = foo.example.com +Issued = foo.exa*ple.com +Hostname = foo.example.com + +Issued = exa*ple.com +Hostname = example.com + Issued = **.example.com Hostname = foo.example.com diff --git a/src/tests/test_utils.cpp b/src/tests/test_utils.cpp index 5f3502ebaa..ee5f06187d 100644 --- a/src/tests/test_utils.cpp +++ b/src/tests/test_utils.cpp @@ -531,7 +531,7 @@ class Hostname_Tests final : public Text_Based_Test Test::Result run_one_test(const std::string& type, const VarMap& vars) override { - Test::Result result("Hostname"); + Test::Result result("Hostname Matching"); const std::string issued = get_req_str(vars, "Issued"); const std::string hostname = get_req_str(vars, "Hostname"); From bdf71b1f83e227f104f39fcf472ebaa155d98cf1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 10:08:22 -0400 Subject: [PATCH 0949/1008] Export TLS::Extension Needed to avoid UbSan issue --- src/lib/tls/tls_extensions.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index f87c07f2e9..ce7e2e94b3 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -47,7 +47,7 @@ enum Handshake_Extension_Type { /** * Base class representing a TLS extension of some kind */ -class Extension +class BOTAN_UNSTABLE_API Extension { public: /** From 07f70fafc38ef0956d4cd9176d6f8c578aedd07e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 10:10:38 -0400 Subject: [PATCH 0950/1008] Add --avoid-undefined option GH #1518 --- src/tests/main.cpp | 9 ++++++--- src/tests/test_dl_group.cpp | 15 +++++++++------ src/tests/test_ffi.cpp | 13 ++++++++----- src/tests/test_runner.cpp | 2 ++ src/tests/test_runner.h | 1 + src/tests/tests.cpp | 9 +++++++++ src/tests/tests.h | 3 +++ src/tests/unit_ecdsa.cpp | 11 +++++++---- 8 files changed, 45 insertions(+), 18 deletions(-) diff --git a/src/tests/main.cpp b/src/tests/main.cpp index f4ee76b570..f8aa2fe083 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -59,8 +59,9 @@ int main(int argc, char* argv[]) try { const std::string arg_spec = - "botan-test --data-dir= --pkcs11-lib= --provider= --log-success --abort-on-first-fail " - "--verbose --help --run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " + "botan-test --verbose --help --data-dir= --pkcs11-lib= --provider= " + "--log-success --abort-on-first-fail --avoid-undefined " + "--run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " "*suites"; Botan_CLI::Argument_Parser parser(arg_spec); @@ -82,6 +83,7 @@ int main(int argc, char* argv[]) const bool log_success = parser.flag_set("log-success"); const bool run_long_tests = parser.flag_set("run-long-tests"); const bool run_online_tests = parser.flag_set("run-online-tests"); + const bool avoid_undefined = parser.flag_set("avoid-undefined"); const size_t test_runs = parser.get_arg_sz("test-runs"); const std::vector suites = parser.get_arg_list("suites"); @@ -97,7 +99,8 @@ int main(int argc, char* argv[]) return tests.run(suites, data_dir, pkcs11_lib, provider, log_success, run_online_tests, run_long_tests, - abort_on_first_fail, drbg_seed, test_runs); + abort_on_first_fail, avoid_undefined, + drbg_seed, test_runs); } catch(std::exception& e) { diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 2644d5e1ac..10a7e3bc6a 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -44,12 +44,15 @@ class DL_Group_Tests final : public Test "DL_Group uninitialized", []() { Botan::DL_Group dl; dl.get_p(); }); - result.test_throws("Bad generator param", - "Invalid argument DL_Group unknown PrimeType", - []() { - auto invalid_type = static_cast(9); - Botan::DL_Group dl(Test::rng(), invalid_type, 1024); - }); + if(Test::avoid_undefined_behavior() == false) + { + result.test_throws("Bad generator param", + "Invalid argument DL_Group unknown PrimeType", + []() { + auto invalid_type = static_cast(9); + Botan::DL_Group dl(Test::rng(), invalid_type, 1024); + }); + } return result; } diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 1eb7969235..58b9852a07 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -842,11 +842,14 @@ class FFI_Unit_Tests final : public Test // delete of null is ok/ignored TEST_FFI_RC(0, botan_hash_destroy, (nullptr)); - // Confirm that botan_x_destroy checks the argument type - botan_mp_t mp; - botan_mp_init(&mp); - TEST_FFI_RC(BOTAN_FFI_ERROR_INVALID_OBJECT, botan_hash_destroy, (reinterpret_cast(mp))); - TEST_FFI_RC(0, botan_mp_destroy, (mp)); + if(Test::avoid_undefined_behavior() == false) + { + // Confirm that botan_x_destroy checks the argument type + botan_mp_t mp; + botan_mp_init(&mp); + TEST_FFI_RC(BOTAN_FFI_ERROR_INVALID_OBJECT, botan_hash_destroy, (reinterpret_cast(mp))); + TEST_FFI_RC(0, botan_mp_destroy, (mp)); + } return result; } diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index d8491ab73a..9b4e14a7af 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -94,6 +94,7 @@ int Test_Runner::run(const std::vector& requested_tests, bool run_online_tests, bool run_long_tests, bool abort_on_first_fail, + bool avoid_undefined, const std::string& drbg_seed, size_t runs) { @@ -182,6 +183,7 @@ int Test_Runner::run(const std::vector& requested_tests, run_online_tests, run_long_tests, abort_on_first_fail, + avoid_undefined, data_dir, pkcs11_lib, pf); diff --git a/src/tests/test_runner.h b/src/tests/test_runner.h index 5ae986bc9b..76d669fc59 100644 --- a/src/tests/test_runner.h +++ b/src/tests/test_runner.h @@ -26,6 +26,7 @@ class Test_Runner final bool run_online_tests, bool run_long_tests, bool abort_on_first_fail, + bool avoid_undefined, const std::string& drbg_seed, size_t runs); diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index 2aa1a9d75e..a22b1bb0c4 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -559,6 +559,7 @@ bool Test::m_log_success = false; bool Test::m_run_online_tests = false; bool Test::m_run_long_tests = false; bool Test::m_abort_on_first_fail = false; +bool Test::m_avoid_undefined = false; std::string Test::m_pkcs11_lib; Botan_Tests::Provider_Filter Test::m_provider_filter; @@ -567,6 +568,7 @@ void Test::set_test_options(bool log_success, bool run_online, bool run_long, bool abort_on_first_fail, + bool avoid_undefined, const std::string& data_dir, const std::string& pkcs11_lib, const Botan_Tests::Provider_Filter& pf) @@ -576,6 +578,7 @@ void Test::set_test_options(bool log_success, m_run_online_tests = run_online; m_run_long_tests = run_long; m_abort_on_first_fail = abort_on_first_fail; + m_avoid_undefined = avoid_undefined; m_pkcs11_lib = pkcs11_lib; m_provider_filter = pf; } @@ -604,6 +607,12 @@ bool Test::log_success() return m_log_success; } +//static +bool Test::avoid_undefined_behavior() + { + return m_avoid_undefined; + } + //static bool Test::run_online_tests() { diff --git a/src/tests/tests.h b/src/tests/tests.h index fd7daca171..ea5be0a957 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -409,12 +409,14 @@ class Test bool run_online_tests, bool run_long_tests, bool abort_on_first_fail, + bool avoid_undefined, const std::string& data_dir, const std::string& pkcs11_lib, const Botan_Tests::Provider_Filter& pf); static void set_test_rng(std::unique_ptr rng); + static bool avoid_undefined_behavior(); static bool log_success(); static bool run_online_tests(); static bool run_long_tests(); @@ -437,6 +439,7 @@ class Test static bool m_run_online_tests; static bool m_run_long_tests; static bool m_abort_on_first_fail; + static bool m_avoid_undefined; static std::string m_pkcs11_lib; static Botan_Tests::Provider_Filter m_provider_filter; }; diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index f91c1b3456..016906e661 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -299,11 +299,14 @@ Test::Result test_encoding_options() result.test_eq("Hybrid point same size as uncompressed", enc_uncompressed.size(), enc_hybrid.size()); - auto invalid_format = static_cast(99); + if(Test::avoid_undefined_behavior() == false) + { + auto invalid_format = static_cast(99); - result.test_throws("Invalid point format throws", - "Invalid argument Invalid point encoding for EC_PublicKey", - [&] { key.set_point_encoding(invalid_format); }); + result.test_throws("Invalid point format throws", + "Invalid argument Invalid point encoding for EC_PublicKey", + [&] { key.set_point_encoding(invalid_format); }); + } return result; } From 3ea4f2c68a108f5cb8af85ba9f3b1588c636be62 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 10:36:32 -0400 Subject: [PATCH 0951/1008] Skip OCSP softfail check here since OCSP doesn't work without threads GH #1518 --- src/tests/test_x509_path.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index db74d62080..50b5f3cf46 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -146,9 +146,11 @@ class X509test_Path_Validation_Tests final : public Test // certificate verification succeed even if no OCSP URL (softfail) result.confirm("test success", path_result.successful_validation()); result.test_eq("test " + filename, path_result.result_string(), "Verified"); +#if defined(BOTAN_TARGET_OS_HAS_THREADS) // if softfail, there is warnings result.confirm("test warnings", !path_result.no_warnings()); result.test_eq("test warnings string", path_result.warnings_string(), "[0] OCSP URL not available"); +#endif result.end_timer(); results.push_back(result); } From 7a1af62edab489cb583b531d6d13416ae5a71271 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 11:28:07 -0400 Subject: [PATCH 0952/1008] Update news --- news.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/news.rst b/news.rst index 489fbb7a62..a72a606769 100644 --- a/news.rst +++ b/news.rst @@ -4,6 +4,10 @@ Release Notes Version 2.5.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Fix error in certificate wildcard matching (CVE-2018-9127), where a + wildcard cert for ``b*.example.com`` would be accepted as a match for + any host with name ``*b*.example.com`` (GH #1519) + * Add support for RSA-PSS signatures in TLS (GH #1285) * Ed25519 certificates are now supported (GH #1501) @@ -98,6 +102,9 @@ Version 2.5.0, Not Yet Released enable. The existing ``--with-sanitizers`` option just enables some default set which is known to work with the minimum required compiler versions. +* Use either ``rst2man`` or ``rst2man.py`` for generating man page as + distributions differ on where this program is installed (GH #1516) + * The threefish module has been renamed threefish_512 since that is the algorithm it provides. (GH #1477) From 3bd115f8531dc543337ef8051eadc16b328d4228 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 11:42:28 -0400 Subject: [PATCH 0953/1008] Latest Ubuntu has Botan 2.x now --- doc/todo.rst | 5 ----- 1 file changed, 5 deletions(-) diff --git a/doc/todo.rst b/doc/todo.rst index 122bfa9286..c508dd3de3 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -188,8 +188,3 @@ Documentation * X.509 certs, path validation * Specific docs covering one major topic (RSA, ECDSA, AES/GCM, ...) * Some howto style docs (setting up CA, ...) - -Packaging ------------- - -* Create a PPA for Ubuntu From 800aa946af6d64ba76616b075153107fe47669a7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 12:32:58 -0400 Subject: [PATCH 0954/1008] Fix problems with failure to build in various configurations --- src/cli/timing_tests.cpp | 6 +++++- src/lib/misc/cryptobox/info.txt | 1 + src/lib/prov/openssl/info.txt | 3 +++ src/lib/pubkey/dlies/info.txt | 2 +- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index fbea2a8ca4..ab34f99a56 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -32,6 +32,10 @@ #include #endif +#if defined(BOTAN_HAS_EC_GROUP) + #include +#endif + #if defined(BOTAN_HAS_SYSTEM_RNG) #include #endif @@ -299,7 +303,7 @@ ticks ECDSA_Timing_Test::measure_critical_function(std::vector input) #endif -#if defined(BOTAN_HAS_EC_CURVE_GFP) +#if defined(BOTAN_HAS_EC_GROUP) class ECC_Mul_Timing_Test final : public Timing_Test { diff --git a/src/lib/misc/cryptobox/info.txt b/src/lib/misc/cryptobox/info.txt index 21f0ce0a3d..770076a402 100644 --- a/src/lib/misc/cryptobox/info.txt +++ b/src/lib/misc/cryptobox/info.txt @@ -6,6 +6,7 @@ CRYPTO_BOX -> 20131128 base64 ctr hmac +modes pbkdf2 pem serpent diff --git a/src/lib/prov/openssl/info.txt b/src/lib/prov/openssl/info.txt index cecfaca567..043ade6141 100644 --- a/src/lib/prov/openssl/info.txt +++ b/src/lib/prov/openssl/info.txt @@ -14,5 +14,8 @@ windows -> libeay32.lib +block +stream +modes pubkey diff --git a/src/lib/pubkey/dlies/info.txt b/src/lib/pubkey/dlies/info.txt index ef14958e24..80c0466f46 100644 --- a/src/lib/pubkey/dlies/info.txt +++ b/src/lib/pubkey/dlies/info.txt @@ -6,5 +6,5 @@ DLIES -> 20160713 dh kdf mac -block +modes From 4b791c13d0c8604f0f02be092c3b77043a39b4f3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 1 Apr 2018 10:02:02 -0400 Subject: [PATCH 0955/1008] Fix build --- src/cli/timing_tests.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index ab34f99a56..f3ecdc0340 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -545,7 +545,7 @@ std::unique_ptr Timing_Test_Command::lookup_timing_test(const std:: } #endif -#if defined(BOTAN_HAS_EC_CURVE_GFP) +#if defined(BOTAN_HAS_EC_GROUP) if(test_type == "ecc_mul") { return std::unique_ptr(new ECC_Mul_Timing_Test("brainpool512r1")); From 575fdeab778669b83e5c5cc37f584a3cdef554f1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 1 Apr 2018 10:07:44 -0400 Subject: [PATCH 0956/1008] Fix validation tests - test certs had expired GH #1521 --- src/tests/test_x509_path.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 50b5f3cf46..60e3b4eba5 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -305,6 +305,8 @@ std::vector Extended_Path_Validation_Tests::run() std::map expected = read_results(Test::data_file("x509/extended/expected.txt")); + auto validation_time = Botan::calendar_point(2017,9,1,9,30,33).to_std_timepoint(); + for(auto i = expected.begin(); i != expected.end(); ++i) { const std::string test_name = i->first; @@ -340,7 +342,10 @@ std::vector Extended_Path_Validation_Tests::run() Botan::Path_Validation_Result validation_result = Botan::x509_path_validate(end_user, restrictions, - store); + store, + "", + Botan::Usage_Type::UNSPECIFIED, + validation_time); result.test_eq(test_name + " path validation result", validation_result.result_string(), From cc10d01f7f9cfa4d4507419363e1c2266d01b046 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 1 Apr 2018 10:25:00 -0400 Subject: [PATCH 0957/1008] Fix some tests that would fail after 2033 GH #1521 --- src/tests/test_x509_path.cpp | 7 +++++- src/tests/unit_x509.cpp | 46 +++++++++++++++++++----------------- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/src/tests/test_x509_path.cpp b/src/tests/test_x509_path.cpp index 60e3b4eba5..43ecb81e0b 100644 --- a/src/tests/test_x509_path.cpp +++ b/src/tests/test_x509_path.cpp @@ -215,6 +215,8 @@ std::vector NIST_Path_Validation_Tests::run() const Botan::X509_Certificate root_cert(nist_test_dir + "/root.crt"); const Botan::X509_CRL root_crl(nist_test_dir + "/root.crl"); + const auto validation_time = Botan::calendar_point(2018,4,1,9,30,33).to_std_timepoint(); + for(auto i = expected.begin(); i != expected.end(); ++i) { Test::Result result("NIST path validation"); @@ -264,7 +266,10 @@ std::vector NIST_Path_Validation_Tests::run() Botan::Path_Validation_Result validation_result = Botan::x509_path_validate(end_user, restrictions, - store); + store, + "", + Botan::Usage_Type::UNSPECIFIED, + validation_time); result.test_eq(test_name + " path validation result", validation_result.result_string(), diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 0cb88e5775..265f426af3 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -31,7 +31,9 @@ namespace { Botan::X509_Time from_date(const int y, const int m, const int d) { - Botan::calendar_point t(y, m, d, 0, 0, 0); + const size_t this_year = Botan::calendar_value(std::chrono::system_clock::now()).get_year(); + + Botan::calendar_point t(this_year + y, m, d, 0, 0, 0); return Botan::X509_Time(t.to_std_timepoint()); } @@ -570,8 +572,8 @@ Test::Result test_x509_authority_info_access_extension() test_result.test_eq("CA certificate signature algorithm (explicit)", Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); - const auto not_before = Botan::calendar_point(2017, 1, 1, 1, 1, 1).to_std_timepoint(); - const auto not_after = Botan::calendar_point(2037, 12, 25, 1, 1, 1).to_std_timepoint(); + const Botan::X509_Time not_before = from_date(-1, 1, 1); + const Botan::X509_Time not_after = from_date(2, 1, 2); // Prepare a signing request for the end certificate Botan::X509_Cert_Options req_opt("endpoint"); @@ -594,17 +596,17 @@ Test::Result test_x509_authority_info_access_extension() // Create X509 CA object: its signer will use the padding scheme from the CA certificate, i.e. EMSA3 Botan::X509_CA ca_def(ca_cert_def, (*sk), "SHA-512", Test::rng()); - Botan::X509_Certificate end_cert_emsa3 = ca_def.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + Botan::X509_Certificate end_cert_emsa3 = ca_def.sign_request(end_req, Test::rng(), not_before, not_after); test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa3.signature_algorithm().oid), "RSA/EMSA3(SHA-512)"); // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is different from the CA certificate's scheme Botan::X509_CA ca_diff(ca_cert_def, (*sk), {{"padding","EMSA-PSS"}}, "SHA-512", Test::rng()); - Botan::X509_Certificate end_cert_diff_emsa4 = ca_diff.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + Botan::X509_Certificate end_cert_diff_emsa4 = ca_diff.sign_request(end_req, Test::rng(), not_before, not_after); test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_diff_emsa4.signature_algorithm().oid), "RSA/EMSA4"); // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is identical to the CA certificate's scheme Botan::X509_CA ca_exp(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-512,MGF1,64)"}},"SHA-512", Test::rng()); - Botan::X509_Certificate end_cert_emsa4= ca_exp.sign_request(end_req, Test::rng(), Botan::X509_Time(not_before), Botan::X509_Time(not_after)); + Botan::X509_Certificate end_cert_emsa4= ca_exp.sign_request(end_req, Test::rng(), not_before, not_after); test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa4.signature_algorithm().oid), "RSA/EMSA4"); // Check CRL signature algorithm @@ -701,16 +703,16 @@ Test::Result test_x509_cert(const Botan::Private_Key& ca_key, /* Sign the requests to create the certs */ Botan::X509_Certificate user1_cert = ca.sign_request(user1_req, Test::rng(), user1_serial, - from_date(2008, 01, 01), - from_date(2033, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); result.test_eq("User1 serial size matches expected", user1_cert.serial_number().size(), 1); result.test_eq("User1 serial matches expected", user1_cert.serial_number().at(0), size_t(99)); Botan::X509_Certificate user2_cert = ca.sign_request(user2_req, Test::rng(), - from_date(2008, 01, 01), - from_date(2033, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); // user#1 creates a self-signed cert on the side const auto user1_ss_cert = @@ -730,8 +732,8 @@ Test::Result test_x509_cert(const Botan::Private_Key& ca_key, Botan::X509_Certificate user1_cert_differ = ca.sign_request(user1_req, Test::rng(), - from_date(2008, 01, 01), - from_date(2032, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); result.test_eq("certificate differs", user1_cert == user1_cert_differ, false); @@ -857,8 +859,8 @@ Test::Result test_usage(const Botan::Private_Key& ca_key, const Botan::X509_Certificate user1_cert = ca.sign_request( user1_req, Test::rng(), - from_date(2008, 01, 01), - from_date(2033, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); // cert only allows digitalSignature, but we check for both digitalSignature and cRLSign result.test_eq("key usage cRLSign not allowed", @@ -879,8 +881,8 @@ Test::Result test_usage(const Botan::Private_Key& ca_key, const Botan::X509_Certificate mult_usage_cert = ca.sign_request( mult_usage_req, Test::rng(), - from_date(2008, 01, 01), - from_date(2033, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); // cert allows multiple usages, so each one of them as well as both together should be allowed result.confirm("key usage multiple digitalSignature allowed", @@ -895,8 +897,8 @@ Test::Result test_usage(const Botan::Private_Key& ca_key, const Botan::X509_Certificate no_usage_cert = ca.sign_request(no_usage_req, Test::rng(), - from_date(2008, 01, 01), - from_date(2033, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); // cert allows every usage result.confirm("key usage digitalSignature allowed", no_usage_cert.allowed_usage(Key_Constraints::DIGITAL_SIGNATURE)); @@ -932,7 +934,7 @@ Test::Result test_self_issued(const Botan::Private_Key& ca_key, const Botan::PKCS10_Request self_issued_req = Botan::X509::create_cert_req(opts, *user_key, hash_fn, Test::rng()); const Botan::X509_Certificate self_issued_cert = ca.sign_request( - self_issued_req, Test::rng(), from_date(2008, 01, 01), from_date(2033, 01, 01)); + self_issued_req, Test::rng(), from_date(-1, 01, 01), from_date(2, 01, 01)); // check that this chain can can be verified successfully const Botan::Certificate_Store_In_Memory trusted(ca.ca_certificate()); @@ -1340,8 +1342,8 @@ Test::Result test_x509_extensions(const Botan::Private_Key& ca_key, /* Create a CA-signed certificate */ const Botan::X509_Certificate ca_signed_cert = ca.sign_request(user_req, Test::rng(), - from_date(2008, 01, 01), - from_date(2033, 01, 01)); + from_date(-1, 01, 01), + from_date(2, 01, 01)); // check if known Key_Usage extension is present in CA-signed cert result.confirm("Extensions::extension_set true for Key_Usage", ca_signed_cert.v3_extensions().extension_set(ku_oid)); @@ -1421,7 +1423,7 @@ Test::Result test_hashes(const Botan::Private_Key& key, const Botan::PKCS10_Request req = Botan::X509::create_cert_req(a.subject, key, hash_fn, Test::rng()); const Botan::X509_Certificate subject_cert = - ca.sign_request(req, Test::rng(), from_date(2008, 01, 01), from_date(2033, 01, 01)); + ca.sign_request(req, Test::rng(), from_date(-1, 01, 01), from_date(2, 01, 01)); result.test_eq(a.subject, Botan::hex_encode(subject_cert.raw_issuer_dn_sha256()), a.issuer_hash); result.test_eq(a.subject, Botan::hex_encode(subject_cert.raw_subject_dn_sha256()), a.subject_hash); From 982fce377c4be28a067dad9422b8e791a74a9c93 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 1 Apr 2018 11:38:02 -0400 Subject: [PATCH 0958/1008] Update tls_client fuzzer to skip validation results Currently OSS-Fuzz stops cold at receiving the certificate message since the odds of libFuzzer forging an RSA signature are not high. --- src/fuzzer/tls_client.cpp | 68 ++++++++++++++++++++++++++++++--------- 1 file changed, 53 insertions(+), 15 deletions(-) diff --git a/src/fuzzer/tls_client.cpp b/src/fuzzer/tls_client.cpp index 197e97928f..2ccd709617 100644 --- a/src/fuzzer/tls_client.cpp +++ b/src/fuzzer/tls_client.cpp @@ -18,32 +18,70 @@ class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager } }; +class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks + { + public: + void tls_emit_data(const uint8_t[], size_t) override + { + // discard + } + + void tls_record_received(uint64_t, const uint8_t[], size_t) override + { + // ignore peer data + } + + void tls_alert(Botan::TLS::Alert) override + { + // ignore alert + } + + bool tls_session_established(const Botan::TLS::Session&) + { + return true; // cache it + } + + void tls_verify_cert_chain( + const std::vector& cert_chain, + const std::vector>& ocsp_responses, + const std::vector& trusted_roots, + Botan::Usage_Type usage, + const std::string& hostname, + const Botan::TLS::Policy& policy) override + { + try + { + // try to validate to exercise those code paths + Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, + trusted_roots, usage, hostname, policy); + } + catch(...) + { + // ignore validation result + } + } + + }; + void fuzz(const uint8_t in[], size_t len) { if(len == 0) return; - auto dev_null = [](const uint8_t[], size_t) {}; - - auto ignore_alerts = [](Botan::TLS::Alert, const uint8_t[], size_t) {}; - auto ignore_hs = [](const Botan::TLS::Session&) { abort(); return true; }; - Botan::TLS::Session_Manager_Noop session_manager; Botan::TLS::Policy policy; Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12; Botan::TLS::Server_Information info("server.name", 443); + Fuzzer_TLS_Client_Callbacks callbacks; Fuzzer_TLS_Client_Creds creds; - Botan::TLS::Client client(dev_null, - dev_null, - ignore_alerts, - ignore_hs, - session_manager, - creds, - policy, - fuzzer_rng(), - info, - client_offer); + Botan::TLS::Client client(callbacks, + session_manager, + creds, + policy, + fuzzer_rng(), + info, + client_offer); try { From c74410c9928dc56e33dd37feb1dadf8b740c9c44 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 1 Apr 2018 11:43:27 -0400 Subject: [PATCH 0959/1008] Modify tls_server fuzzer to use callbacks interface, skip validation --- src/fuzzer/tls_server.cpp | 88 ++++++++++++++++++++++++++++----------- 1 file changed, 63 insertions(+), 25 deletions(-) diff --git a/src/fuzzer/tls_server.cpp b/src/fuzzer/tls_server.cpp index 55cbc11f90..a985da5a6b 100644 --- a/src/fuzzer/tls_server.cpp +++ b/src/fuzzer/tls_server.cpp @@ -109,44 +109,82 @@ class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager std::unique_ptr m_rsa_key; }; -void fuzz(const uint8_t in[], size_t len) +class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks { - if(len == 0) - return; + public: + void tls_emit_data(const uint8_t[], size_t) override + { + // discard + } + + void tls_record_received(uint64_t, const uint8_t[], size_t) override + { + // ignore peer data + } + + void tls_alert(Botan::TLS::Alert) override + { + // ignore alert + } + + bool tls_session_established(const Botan::TLS::Session&) + { + return true; // cache it + } + + std::string tls_server_choose_app_protocol(const std::vector& client_protos) override + { + if(client_protos.size() > 1) + return client_protos[0]; + else + return "fuzzy"; + } - auto dev_null = [](const uint8_t[], size_t) {}; + void tls_verify_cert_chain( + const std::vector& cert_chain, + const std::vector>& ocsp_responses, + const std::vector& trusted_roots, + Botan::Usage_Type usage, + const std::string& hostname, + const Botan::TLS::Policy& policy) override + { + try + { + // try to validate to exercise those code paths + Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, + trusted_roots, usage, hostname, policy); + } + catch(...) + { + // ignore validation result + } + } - auto ignore_alerts = [](Botan::TLS::Alert, const uint8_t[], size_t) {}; - auto ignore_hs = [](const Botan::TLS::Session&) { return true; }; + }; + +void fuzz(const uint8_t in[], size_t len) + { + if(len <= 1) + return; Botan::TLS::Session_Manager_Noop session_manager; Botan::TLS::Policy policy; Botan::TLS::Server_Information info("server.name", 443); Fuzzer_TLS_Server_Creds creds; + Fuzzer_TLS_Server_Callbacks callbacks; - auto next_proto_fn = [](const std::vector& protos) -> std::string { - if(protos.size() > 1) - return protos[0]; - else - return "fuzzed"; - }; - - const bool is_datagram = (len % 2 == 0); + const bool is_datagram = in[0] & 1; - Botan::TLS::Server server(dev_null, - dev_null, - ignore_alerts, - ignore_hs, - session_manager, - creds, - policy, - fuzzer_rng(), - next_proto_fn, - is_datagram); + Botan::TLS::Server server(callbacks, + session_manager, + creds, + policy, + fuzzer_rng(), + is_datagram); try { - server.received_data(in, len); + server.received_data(in + 1, len - 1); } catch(std::exception& e) { From 13529b9ea346604fca00ff186195ee0a0e3b5ca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Mon, 26 Mar 2018 09:33:13 +0200 Subject: [PATCH 0960/1008] Support passing an OAEP label in EME name TPM 1.2 expects passing the owner and SRK secret encrypted with the public endorsement key. For asymmetric encryption, the TPM 1.2 uses OAEP with the label "TCPA". --- src/lib/pk_pad/eme.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp index 23c4445069..5164157f76 100644 --- a/src/lib/pk_pad/eme.cpp +++ b/src/lib/pk_pad/eme.cpp @@ -43,12 +43,13 @@ EME* get_eme(const std::string& algo_spec) req.algo_name() == "EME-OAEP" || req.algo_name() == "EME1") { - if(req.arg_count() == 1 ||(req.arg_count() == 2 && req.arg(1) == "MGF1")) + if(req.arg_count() == 1 || + ((req.arg_count() == 2 || req.arg_count() == 3) && req.arg(1) == "MGF1")) { if(auto hash = HashFunction::create(req.arg(0))) - return new OAEP(hash.release()); + return new OAEP(hash.release(), req.arg(2, "")); } - else if(req.arg_count() == 2) + else if(req.arg_count() == 2 || req.arg_count() == 3) { auto mgf_params = parse_algorithm_name(req.arg(1)); @@ -59,7 +60,7 @@ EME* get_eme(const std::string& algo_spec) if(hash && mgf1_hash) { - return new OAEP(hash.release(), mgf1_hash.release()); + return new OAEP(hash.release(), mgf1_hash.release(), req.arg(2, "")); } } } From c94c227a71e8a0dd2c2796deb0b4f8aa921ea07b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Mon, 2 Apr 2018 09:04:30 +0200 Subject: [PATCH 0961/1008] Add a test vector for OAEP label --- src/tests/data/pubkey/rsa_decrypt.vec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/tests/data/pubkey/rsa_decrypt.vec b/src/tests/data/pubkey/rsa_decrypt.vec index 9af5e4b5b4..b702b63104 100644 --- a/src/tests/data/pubkey/rsa_decrypt.vec +++ b/src/tests/data/pubkey/rsa_decrypt.vec @@ -95,4 +95,11 @@ Msg = 8da89fd9e5f974a29feffb462b49180f6cf9e802 Ciphertext = 9230e0034ae35f8e3d182d3b354cbc3a35a0d5c6ef4f2160f54dce86f9def8218d9f670d43900a4192ef1420a48968d7df7e157a533e3d839471ff0f2d523b8a5b2f4c3e69be7986d910f77886d1b6bb314d05b940ea2cee1ab4735d303af6e6f6ec442facc604654eeeb37b380bf2813376665a7ca31d8251a7af7d71fcd74311cc4ee99d4525983abcb3929f3c25051f23e06be5dff023e4359e2e574dbe1fc6ac6d5290ab4324b7ad9f99dfa2fcebb07ef35a578b2bab98c4d7108a24ef11c45bc78a141ee8ad7aaf91aa1f9da27ead96efe8241f7752337b8a2b03de84df8f18b9316fdafbe6472a7c61fde7621e8dbf8c268d8be8b3e8b645d82785b9ce Msg = 26521050844271 +[OAEP(SHA-512,MGF1(SHA-512),TCPA)] +E = 0x010001 +P = 0x00e138af11ccf541325933cbedf53e8a96e5e15b70780d9aded44a07ad22fca082b35b70a70394d67d7153040bf9ec9cf7c3cfb1c632cca02a531b47fbbf8009277fb665172f5e120234bf14a7116bb4a36a22fa0b9f43dd4ca0242732258f01eb10e89fe85f2c022f768db8d809870d8c909f63d5f07f913cb2b39b46d86f7b65 +Q = 0x00da40db13075051666cf0c810ccbf8fa3712d82235747115af316169bd92dd0f463f17dc4e0578cb659e3ba428de7e319d04736ddd6fe7d9ddd63964821b25f011ecc7435997186513fd18c0dc049b96fbee1de6376414c582f16d0d477f8a9ccfccdbf882abd568d57c6a8118a5721722ceca1064267218adf1fabcbc22ee555 + +Ciphertext = 2c0427880d39bcdc613f0d5861933ff7cfc9363fd2d51b001f6871e55bc980ca6d75ab2d0fd5c6b5d5faa5c3c6f5926af019ef0de0d3d050a743740702426970ec01c47881f7f87a04ae189183fced48bff326086c819cd6b84b062e97b514ebc0c3b189e2a3bd909682646c7cfe5a169efc7d264ea79547b595f9daf3cf38ff770562416dbcc91efd39eb0285fd83cf43c3d8352f73a19052c453673a6680625be6851c648daa49d1d1411a73fd236577627caf62ca4359916e3daba2f3cc67d76851194c24ff27a0f74a118629d7d85c13a30aeb8be8d45760306a083f4d8e16fa4bf419c1b93c63cc63cb763cfe1935a63c8f0c4f70a96f8c91d0272b55a3 +Msg = 48656c6c6f20576f726c64da \ No newline at end of file From c1e5b7193c493ec3d8946fadeb89c05c912b10c5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 2 Apr 2018 09:32:36 -0400 Subject: [PATCH 0962/1008] Update for 2.5.0 release --- news.rst | 2 +- readme.rst | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/news.rst b/news.rst index a72a606769..306fd78f51 100644 --- a/news.rst +++ b/news.rst @@ -1,7 +1,7 @@ Release Notes ======================================== -Version 2.5.0, Not Yet Released +Version 2.5.0, 2018-04-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Fix error in certificate wildcard matching (CVE-2018-9127), where a diff --git a/readme.rst b/readme.rst index 3641a22d71..3357c3a678 100644 --- a/readme.rst +++ b/readme.rst @@ -105,9 +105,9 @@ MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a quarterly basis. The latest 2.x release is -`2.4.0 `_ -`(sig) `_ -released on 2018-01-08 +`2.5.0 `_ +`(sig) `_ +released on 2018-04-02 Old Release ---------------------------------------- From bed02f39a71adc3c19e240a2589192b762cb6fc7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 31 Mar 2018 10:31:26 -0400 Subject: [PATCH 0963/1008] Add Test_Options class --- src/tests/main.cpp | 32 ++++++------- src/tests/test_runner.cpp | 41 +++++------------ src/tests/test_runner.h | 14 ++---- src/tests/tests.cpp | 95 +++++++------------------------------- src/tests/tests.h | 96 ++++++++++++++++++++++++++++----------- 5 files changed, 115 insertions(+), 163 deletions(-) diff --git a/src/tests/main.cpp b/src/tests/main.cpp index f8aa2fe083..5cf4e4fe32 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -74,22 +74,21 @@ int main(int argc, char* argv[]) return 0; } - const std::string data_dir = parser.get_arg_or("data-dir", "src/tests/data"); - const std::string pkcs11_lib = parser.get_arg("pkcs11-lib"); - const std::string provider = parser.get_arg("provider"); - const std::string drbg_seed = parser.get_arg("drbg-seed"); - - const bool abort_on_first_fail = parser.flag_set("abort-on-first-fail"); - const bool log_success = parser.flag_set("log-success"); - const bool run_long_tests = parser.flag_set("run-long-tests"); - const bool run_online_tests = parser.flag_set("run-online-tests"); - const bool avoid_undefined = parser.flag_set("avoid-undefined"); - const size_t test_runs = parser.get_arg_sz("test-runs"); - - const std::vector suites = parser.get_arg_list("suites"); + const Botan_Tests::Test_Options opts( + parser.get_arg_list("suites"), + parser.get_arg_or("data-dir", "src/tests/data"), + parser.get_arg("pkcs11-lib"), + parser.get_arg("provider"), + parser.get_arg("drbg-seed"), + parser.get_arg_sz("test-runs"), + parser.flag_set("log-success"), + parser.flag_set("run-online-tests"), + parser.flag_set("run-long-tests"), + parser.flag_set("abort-on-first-fail"), + parser.flag_set("avoid-undefined")); #if defined(BOTAN_HAS_OPENSSL) - if(provider.empty() || provider == "openssl") + if(opts.provider().empty() || opts.provider() == "openssl") { ::ERR_load_crypto_strings(); } @@ -97,10 +96,7 @@ int main(int argc, char* argv[]) Botan_Tests::Test_Runner tests(std::cout); - return tests.run(suites, data_dir, pkcs11_lib, provider, - log_success, run_online_tests, run_long_tests, - abort_on_first_fail, avoid_undefined, - drbg_seed, test_runs); + return tests.run(opts); } catch(std::exception& e) { diff --git a/src/tests/test_runner.cpp b/src/tests/test_runner.cpp index 9b4e14a7af..2816d386d2 100644 --- a/src/tests/test_runner.cpp +++ b/src/tests/test_runner.cpp @@ -86,19 +86,9 @@ class Testsuite_RNG final : public Botan::RandomNumberGenerator } -int Test_Runner::run(const std::vector& requested_tests, - const std::string& data_dir, - const std::string& pkcs11_lib, - const std::string& provider, - bool log_success, - bool run_online_tests, - bool run_long_tests, - bool abort_on_first_fail, - bool avoid_undefined, - const std::string& drbg_seed, - size_t runs) +int Test_Runner::run(const Test_Options& opts) { - std::vector req = requested_tests; + std::vector req = opts.requested_tests(); if(req.empty()) { @@ -113,7 +103,7 @@ int Test_Runner::run(const std::vector& requested_tests, std::set all_others = Botan_Tests::Test::registered_tests(); - if(pkcs11_lib.empty()) + if(opts.pkcs11_lib().empty()) { // do not run pkcs11 tests by default unless pkcs11-lib set for(std::set::iterator iter = all_others.begin(); iter != all_others.end();) @@ -157,19 +147,17 @@ int Test_Runner::run(const std::vector& requested_tests, output() << "Testing " << Botan::version_string() << "\n"; output() << "Starting tests"; - if(!pkcs11_lib.empty()) + if(!opts.pkcs11_lib().empty()) { - output() << " pkcs11 library:" << pkcs11_lib; + output() << " pkcs11 library:" << opts.pkcs11_lib(); } - Botan_Tests::Provider_Filter pf; - if(!provider.empty()) + if(!opts.provider().empty()) { - output() << " provider:" << provider; - pf.set(provider); + output() << " provider:" << opts.provider(); } - std::vector seed = Botan::hex_decode(drbg_seed); + std::vector seed = Botan::hex_decode(opts.drbg_seed()); if(seed.empty()) { const uint64_t ts = Botan_Tests::Test::timestamp(); @@ -179,23 +167,16 @@ int Test_Runner::run(const std::vector& requested_tests, output() << " drbg_seed:" << Botan::hex_encode(seed) << "\n"; - Botan_Tests::Test::set_test_options(log_success, - run_online_tests, - run_long_tests, - abort_on_first_fail, - avoid_undefined, - data_dir, - pkcs11_lib, - pf); + Botan_Tests::Test::set_test_options(opts); - for(size_t i = 0; i != runs; ++i) + for(size_t i = 0; i != opts.test_runs(); ++i) { std::unique_ptr rng = std::unique_ptr(new Testsuite_RNG(seed, i)); Botan_Tests::Test::set_test_rng(std::move(rng)); - const size_t failed = run_tests(req, i, runs); + const size_t failed = run_tests(req, i, opts.test_runs()); if(failed > 0) return failed; } diff --git a/src/tests/test_runner.h b/src/tests/test_runner.h index 76d669fc59..0bde5cc4fe 100644 --- a/src/tests/test_runner.h +++ b/src/tests/test_runner.h @@ -13,22 +13,14 @@ namespace Botan_Tests { +class Test_Options; + class Test_Runner final { public: Test_Runner(std::ostream& out); - int run(const std::vector& requested_tests, - const std::string& data_dir, - const std::string& pkcs11_lib, - const std::string& provider, - bool log_success, - bool run_online_tests, - bool run_long_tests, - bool abort_on_first_fail, - bool avoid_undefined, - const std::string& drbg_seed, - size_t runs); + int run(const Test_Options& options); private: std::ostream& output() const { return m_output; } diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index a22b1bb0c4..01fc25f327 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -160,7 +160,7 @@ bool Test::Result::test_failure(const std::string& err) { m_fail_log.push_back(err); - if(m_who != "Failing Test" && m_abort_on_first_fail) + if(m_who != "Failing Test" && Test::abort_on_first_fail()) { std::abort(); } @@ -463,22 +463,6 @@ std::string Test::Result::result_string(bool verbose) const return report.str(); } -std::vector Provider_Filter::filter(const std::vector& in) const - { - if(m_provider.empty()) - { - return in; - } - for(auto&& provider : in) - { - if(provider == m_provider) - { - return std::vector { provider }; - } - } - return std::vector {}; - } - // static Test:: functions //static std::map>& Test::global_registry() @@ -553,34 +537,14 @@ std::vector Test::read_binary_data_file(const std::string& path) } // static member variables of Test + +Test_Options Test::m_opts; std::unique_ptr Test::m_test_rng; -std::string Test::m_data_dir; -bool Test::m_log_success = false; -bool Test::m_run_online_tests = false; -bool Test::m_run_long_tests = false; -bool Test::m_abort_on_first_fail = false; -bool Test::m_avoid_undefined = false; -std::string Test::m_pkcs11_lib; -Botan_Tests::Provider_Filter Test::m_provider_filter; //static -void Test::set_test_options(bool log_success, - bool run_online, - bool run_long, - bool abort_on_first_fail, - bool avoid_undefined, - const std::string& data_dir, - const std::string& pkcs11_lib, - const Botan_Tests::Provider_Filter& pf) +void Test::set_test_options(const Test_Options& opts) { - m_data_dir = data_dir; - m_log_success = log_success; - m_run_online_tests = run_online; - m_run_long_tests = run_long; - m_abort_on_first_fail = abort_on_first_fail; - m_avoid_undefined = avoid_undefined; - m_pkcs11_lib = pkcs11_lib; - m_provider_filter = pf; + m_opts = opts; } //static @@ -595,46 +559,21 @@ std::string Test::data_file(const std::string& what) return Test::data_dir() + "/" + what; } -//static -const std::string& Test::data_dir() - { - return m_data_dir; - } - -//static -bool Test::log_success() - { - return m_log_success; - } - -//static -bool Test::avoid_undefined_behavior() - { - return m_avoid_undefined; - } - -//static -bool Test::run_online_tests() - { - return m_run_online_tests; - } - -//static -bool Test::run_long_tests() - { - return m_run_long_tests; - } - -//static -std::string Test::pkcs11_lib() - { - return m_pkcs11_lib; - } - //static std::vector Test::provider_filter(const std::vector& in) { - return m_provider_filter.filter(in); + if(m_opts.provider().empty()) + { + return in; + } + for(auto&& provider : in) + { + if(provider == m_opts.provider()) + { + return std::vector { provider }; + } + } + return std::vector {}; } //static diff --git a/src/tests/tests.h b/src/tests/tests.h index ea5be0a957..0c63797fa5 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -47,13 +47,70 @@ class Test_Error final : public Botan::Exception explicit Test_Error(const std::string& what) : Exception("Test error", what) {} }; -class Provider_Filter final +class Test_Options { public: - void set(const std::string& provider) { m_provider = provider; } - std::vector filter(const std::vector&) const; + Test_Options() = default; + + Test_Options(const std::vector& requested_tests, + const std::string& data_dir, + const std::string& pkcs11_lib, + const std::string& provider, + const std::string& drbg_seed, + size_t test_runs, + bool log_success, + bool run_online_tests, + bool run_long_tests, + bool abort_on_first_fail, + bool avoid_undefined) : + m_requested_tests(requested_tests), + m_data_dir(data_dir), + m_pkcs11_lib(pkcs11_lib), + m_provider(provider), + m_drbg_seed(drbg_seed), + m_test_runs(test_runs), + m_log_success(log_success), + m_run_online_tests(run_online_tests), + m_run_long_tests(run_long_tests), + m_abort_on_first_fail(abort_on_first_fail), + m_avoid_undefined(avoid_undefined) + {} + + const std::vector& requested_tests() const + { return m_requested_tests; } + + const std::string& data_dir() const { return m_data_dir; } + + const std::string& pkcs11_lib() const { return m_pkcs11_lib; } + + const std::string& provider() const { return m_provider; } + + const std::string& drbg_seed() const { return m_drbg_seed; } + + size_t test_runs() const { return m_test_runs; } + + bool log_success() const { return m_log_success; } + + bool run_online_tests() const { return m_run_online_tests; } + + bool run_long_tests() const { return m_run_long_tests; } + + bool abort_on_first_fail() const { return m_abort_on_first_fail; } + + bool avoid_undefined_behavior() const { return m_avoid_undefined; } + private: + std::vector m_requested_tests; + std::string m_data_dir; + std::string m_pkcs11_lib; std::string m_provider; + std::string m_drbg_seed; + size_t m_test_runs; + bool m_log_success; + bool m_run_online_tests; + bool m_run_long_tests; + bool m_abort_on_first_fail; + bool m_avoid_undefined; }; /* @@ -405,25 +462,19 @@ class Test return r; } - static void set_test_options(bool log_success, - bool run_online_tests, - bool run_long_tests, - bool abort_on_first_fail, - bool avoid_undefined, - const std::string& data_dir, - const std::string& pkcs11_lib, - const Botan_Tests::Provider_Filter& pf); + static void set_test_options(const Test_Options& opts); static void set_test_rng(std::unique_ptr rng); - static bool avoid_undefined_behavior(); - static bool log_success(); - static bool run_online_tests(); - static bool run_long_tests(); - static std::string pkcs11_lib(); - static std::vector provider_filter(const std::vector&); + static bool avoid_undefined_behavior() { return m_opts.avoid_undefined_behavior(); } + static bool log_success() { return m_opts.log_success(); } + static bool run_online_tests() { return m_opts.run_online_tests(); } + static bool run_long_tests() { return m_opts.run_long_tests(); } + static bool abort_on_first_fail() { return m_opts.abort_on_first_fail(); } + static const std::string& data_dir() { return m_opts.data_dir(); } + static const std::string& pkcs11_lib() { return m_opts.pkcs11_lib(); } - static const std::string& data_dir(); + static std::vector provider_filter(const std::vector& providers); static std::string read_data_file(const std::string& path); static std::vector read_binary_data_file(const std::string& path); @@ -433,15 +484,8 @@ class Test static uint64_t timestamp(); // nanoseconds arbitrary epoch private: - static std::string m_data_dir; + static Test_Options m_opts; static std::unique_ptr m_test_rng; - static bool m_log_success; - static bool m_run_online_tests; - static bool m_run_long_tests; - static bool m_abort_on_first_fail; - static bool m_avoid_undefined; - static std::string m_pkcs11_lib; - static Botan_Tests::Provider_Filter m_provider_filter; }; /* From bc3074dccb934ed709d9e70597e0fd1665d98cb1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 3 Apr 2018 15:34:34 -0400 Subject: [PATCH 0964/1008] Fix quoting --- news.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/news.rst b/news.rst index 306fd78f51..5879b2c73f 100644 --- a/news.rst +++ b/news.rst @@ -63,7 +63,7 @@ Version 2.5.0, 2018-04-02 * Add DSA and ElGamal keygen functions to FFI (#1426) -* Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402) +* Add ``Pipe::prepend_filter`` to replace deprecated ``Pipe::prepend`` (GH #1402) * Fix a memory leak in the OpenSSL block cipher integration, introduced in 2.2.0 @@ -72,7 +72,7 @@ Version 2.5.0, 2018-04-02 standard prime generation (like for RSA keys) to be slower than necessary. (GH #1413 #1411) -* Correct the return value of PK_Encryptor::maximum_input_size which +* Correct the return value of ``PK_Encryptor::maximum_input_size`` which reported a much too small value (GH #1410) * Remove use of CPU specific optimization flags, instead the user should set @@ -98,7 +98,7 @@ Version 2.5.0, 2018-04-02 * Add ``--msvc-runtime`` option to allow using static runtime (GH #1499 #210) -* Add --enable-sanitizers= option to allow specifying which sanitizers to +* Add ``--enable-sanitizers=`` option to allow specifying which sanitizers to enable. The existing ``--with-sanitizers`` option just enables some default set which is known to work with the minimum required compiler versions. From 9be58ff38919065ce72c8959aae2b5b905a75be3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 3 Apr 2018 16:17:01 -0400 Subject: [PATCH 0965/1008] Run ECC unit tests across all groups where applicable Many of these were generic tests and not really tied to secp160r1 in any meaningful way. --- src/tests/unit_ecc.cpp | 427 ++++++++++++++------------------------- src/tests/unit_ecdsa.cpp | 40 +--- 2 files changed, 154 insertions(+), 313 deletions(-) diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index f3a1634352..6ec9be3e81 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -1,7 +1,7 @@ /* * (C) 2007 Falko Strenzke * 2007 Manuel Hartl -* 2009,2015 Jack Lloyd +* 2009,2015,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -84,10 +84,9 @@ Botan::PointGFp create_random_point(Botan::RandomNumberGenerator& rng, const Botan::EC_Group& group) { const Botan::BigInt& p = group.get_p(); + const Botan::Modular_Reducer mod_p(p); - Botan::Modular_Reducer mod_p(p); - - while(true) + for(;;) { const Botan::BigInt x = Botan::BigInt::random_integer(rng, 1, p); const Botan::BigInt x3 = mod_p.multiply(x, mod_p.square(x)); @@ -98,8 +97,7 @@ Botan::PointGFp create_random_point(Botan::RandomNumberGenerator& rng, if(sqrt_y > 1) { BOTAN_ASSERT_EQUAL(mod_p.square(sqrt_y), y, "Square root is correct"); - Botan::PointGFp point = group.point(x, sqrt_y); - return point; + return group.point(x, sqrt_y); } } } @@ -113,8 +111,7 @@ class ECC_Randomized_Tests final : public Test std::vector ECC_Randomized_Tests::run() { std::vector results; - std::set named_groups = Botan::EC_Group::known_named_groups(); - for(auto const& group_name : named_groups) + for(const std::string& group_name : Botan::EC_Group::known_named_groups()) { Test::Result result("ECC randomized " + group_name); @@ -122,13 +119,9 @@ std::vector ECC_Randomized_Tests::run() Botan::EC_Group group(group_name); - const Botan::PointGFp& base_point = group.get_base_point(); + const Botan::PointGFp& pt = create_random_point(Test::rng(), group); const Botan::BigInt& group_order = group.get_order(); - const Botan::PointGFp inf = base_point * group_order; - result.test_eq("infinite order correct", inf.is_zero(), true); - result.test_eq("infinity on the curve", inf.on_the_curve(), true); - std::vector blind_ws; try @@ -140,13 +133,13 @@ std::vector ECC_Randomized_Tests::run() const Botan::BigInt b = Botan::BigInt::random_integer(Test::rng(), 2, group_order); const Botan::BigInt c = a + b; - const Botan::PointGFp P = base_point * a; - const Botan::PointGFp Q = base_point * b; - const Botan::PointGFp R = base_point * c; + const Botan::PointGFp P = pt * a; + const Botan::PointGFp Q = pt * b; + const Botan::PointGFp R = pt * c; - Botan::PointGFp P1 = group.blinded_base_point_multiply(a, Test::rng(), blind_ws); - Botan::PointGFp Q1 = group.blinded_base_point_multiply(b, Test::rng(), blind_ws); - Botan::PointGFp R1 = group.blinded_base_point_multiply(c, Test::rng(), blind_ws); + Botan::PointGFp P1 = group.blinded_var_point_multiply(pt, a, Test::rng(), blind_ws); + Botan::PointGFp Q1 = group.blinded_var_point_multiply(pt, b, Test::rng(), blind_ws); + Botan::PointGFp R1 = group.blinded_var_point_multiply(pt, c, Test::rng(), blind_ws); Botan::PointGFp A1 = P + Q; Botan::PointGFp A2 = Q + P; @@ -280,26 +273,145 @@ class NIST_Curve_Reduction_Tests final : public Test BOTAN_REGISTER_TEST("nist_redc", NIST_Curve_Reduction_Tests); -Test::Result test_groups() +class EC_Group_Tests : public Test { - Test::Result result("ECC Unit"); - std::set named_groups = Botan::EC_Group::known_named_groups(); - for(auto const& group_name : named_groups) - { - const Botan::EC_Group group(group_name); - result.confirm("EC_Group is known", !group.get_curve_oid().empty()); - result.test_eq("EC_Group has correct bit size", group.get_p().bits(), group.get_p_bits()); - result.test_eq("EC_Group has byte size", group.get_p().bytes(), group.get_p_bytes()); + public: + std::vector run() override + { + std::vector results; - bool a_is_minus_3 = group.a_is_minus_3(); + for(const std::string& group_name : Botan::EC_Group::known_named_groups()) + { + Test::Result result("EC_Group " + group_name); - if(a_is_minus_3) - result.test_eq("Group A equals -3", group.get_a(), group.get_p() - 3); - else - result.test_ne("Group " + group_name + " A does not equal -3", group.get_a(), group.get_p() - 3); - } - return result; - } + const Botan::EC_Group group(group_name); + + result.confirm("EC_Group is known", !group.get_curve_oid().empty()); + result.test_eq("EC_Group has correct bit size", group.get_p().bits(), group.get_p_bits()); + result.test_eq("EC_Group has byte size", group.get_p().bytes(), group.get_p_bytes()); + + const auto pt_mult_by_order = group.get_base_point() * group.get_order(); + result.confirm("Multiplying point by the order results in zero point", pt_mult_by_order.is_zero()); + + if(group.a_is_minus_3()) + result.test_eq("Group A equals -3", group.get_a(), group.get_p() - 3); + else + result.test_ne("Group " + group_name + " A does not equal -3", group.get_a(), group.get_p() - 3); + + // get a valid point + Botan::PointGFp p = group.get_base_point() * Test::rng().next_nonzero_byte(); + + // get a copy + Botan::PointGFp q = p; + + p.randomize_repr(Test::rng()); + q.randomize_repr(Test::rng()); + + result.test_eq("affine x after copy", p.get_affine_x(), q.get_affine_x()); + result.test_eq("affine y after copy", p.get_affine_y(), q.get_affine_y()); + + q.force_affine(); + + result.test_eq("affine x after copy", p.get_affine_x(), q.get_affine_x()); + result.test_eq("affine y after copy", p.get_affine_y(), q.get_affine_y()); + + test_ser_der(result, group); + test_basic_math(result, group); + test_point_swap(result, group); + test_zeropoint(result, group); + + results.push_back(result); + } + + return results; + } + private: + + void test_ser_der(Test::Result& result, const Botan::EC_Group& group) + { + // generate point + const Botan::PointGFp pt = create_random_point(Test::rng(), group); + const Botan::PointGFp zero = group.zero_point(); + + for(auto scheme : { Botan::PointGFp::UNCOMPRESSED, + Botan::PointGFp::COMPRESSED, + Botan::PointGFp::HYBRID }) + { + result.test_eq("encoded/decode rt works", group.OS2ECP(pt.encode(scheme)), pt); + result.test_eq("encoded/decode rt works", group.OS2ECP(zero.encode(scheme)), zero); + } + } + + void test_basic_math(Test::Result& result, const Botan::EC_Group& group) + { + const Botan::PointGFp& G = group.get_base_point(); + + Botan::PointGFp p1 = G * 2; + p1 += G; + + result.test_eq("point addition", p1, G * 3); + + p1 -= G * 2; + + result.test_eq("point subtraction", p1, G); + } + + void test_point_swap(Test::Result& result, const Botan::EC_Group& group) + { + Botan::PointGFp a(create_random_point(Test::rng(), group)); + Botan::PointGFp b(create_random_point(Test::rng(), group)); + b *= Botan::BigInt(Test::rng(), 20); + + Botan::PointGFp c(a); + Botan::PointGFp d(b); + + d.swap(c); + result.test_eq("swap correct", a, d); + result.test_eq("swap correct", b, c); + } + + void test_zeropoint(Test::Result& result, const Botan::EC_Group& group) + { + const Botan::PointGFp zero = group.zero_point(); + const Botan::PointGFp p1 = group.get_base_point() * 2; + + result.confirm("point is on the curve", p1.on_the_curve()); + result.confirm("point is not zero", !p1.is_zero()); + + Botan::PointGFp p2 = p1; + p2 -= p1; + + result.confirm("p - q with q = p results in zero", p2.is_zero()); + + const Botan::PointGFp minus_p1 = -p1; + result.confirm("point is on the curve", minus_p1.on_the_curve()); + const Botan::PointGFp shouldBeZero = p1 + minus_p1; + result.confirm("point is on the curve", shouldBeZero.on_the_curve()); + result.confirm("point is zero", shouldBeZero.is_zero()); + + result.test_eq("minus point x", minus_p1.get_affine_x(), p1.get_affine_x()); + result.test_eq("minus point y", minus_p1.get_affine_y(), group.get_p() - p1.get_affine_y()); + + result.confirm("zero point is zero", zero.is_zero()); + result.confirm("zero point is on the curve", zero.on_the_curve()); + result.test_eq("addition of zero does nothing", p1, p1 + zero); + result.test_eq("addition of zero does nothing", p1, zero + p1); + result.test_eq("addition of zero does nothing", p1, p1 - zero); + result.confirm("zero times anything is the zero point", (zero * 39193).is_zero()); + + for(auto scheme : { Botan::PointGFp::UNCOMPRESSED, + Botan::PointGFp::COMPRESSED, + Botan::PointGFp::HYBRID }) + { + const std::vector v = zero.encode(scheme); + result.test_eq("encoded/decode rt works", group.OS2ECP(v), zero); + } + } + + + }; + +BOTAN_REGISTER_TEST("ec_group", EC_Group_Tests); Test::Result test_decoding_with_seed() { @@ -349,25 +461,6 @@ Version 0.3; Section 2.1.2 -------- */ -Test::Result test_point_transformation() - { - Test::Result result("ECC Unit"); - - // get a valid point - Botan::EC_Group dom_pars("secp160r1"); - Botan::PointGFp p = dom_pars.get_base_point() * Test::rng().next_nonzero_byte(); - - // get a copy - Botan::PointGFp q = p; - - p.randomize_repr(Test::rng()); - q.randomize_repr(Test::rng()); - - result.test_eq("affine x after copy", p.get_affine_x(), q.get_affine_x()); - result.test_eq("affine y after copy", p.get_affine_y(), q.get_affine_y()); - return result; - } - Test::Result test_point_mult() { Test::Result result("ECC Unit"); @@ -402,109 +495,6 @@ Test::Result test_point_negative() return result; } -Test::Result test_zeropoint() - { - Test::Result result("ECC Unit"); - - Botan::EC_Group secp160r1("secp160r1"); - - Botan::PointGFp p1 = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), - Botan::BigInt("1373093393927139016463695321221277758035357890939")); - - result.confirm("point is on the curve", p1.on_the_curve()); - - Botan::PointGFp p2 = p1; - p1 -= p2; - - result.confirm("p - q with q = p results in zero", p1.is_zero()); - return result; - } - -Test::Result test_zeropoint_enc_dec() - { - Test::Result result("ECC Unit"); - - Botan::EC_Group secp160r1("secp160r1"); - - Botan::PointGFp p = secp160r1.zero_point(); - result.confirm("zero point is zero", p.is_zero()); - - std::vector sv_p = p.encode(Botan::PointGFp::UNCOMPRESSED); - result.test_eq("encoded/decode rt works", secp160r1.OS2ECP(sv_p), p); - - sv_p = p.encode(Botan::PointGFp::COMPRESSED); - result.test_eq("encoded/decode compressed rt works", secp160r1.OS2ECP(sv_p), p); - - sv_p = p.encode(Botan::PointGFp::HYBRID); - result.test_eq("encoded/decode hybrid rt works", secp160r1.OS2ECP(sv_p), p); - return result; - } - -Test::Result test_calc_with_zeropoint() - { - Test::Result result("ECC Unit"); - - Botan::EC_Group secp160r1("secp160r1"); - - Botan::PointGFp p = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), - Botan::BigInt("1373093393927139016463695321221277758035357890939")); - - result.confirm("point is on the curve", p.on_the_curve()); - result.confirm("point is not zero", !p.is_zero()); - - Botan::PointGFp zero = secp160r1.zero_point(); - result.confirm("zero point is zero", zero.is_zero()); - - Botan::PointGFp res = p + zero; - result.test_eq("point + 0 equals the point", p, res); - - res = p - zero; - result.test_eq("point - 0 equals the point", p, res); - - res = zero * 32432243; - result.confirm("point * 0 is the zero point", res.is_zero()); - return result; - } - -Test::Result test_add_point() - { - Test::Result result("ECC Unit"); - - // precalculation - Botan::EC_Group secp160r1("secp160r1"); - const Botan::PointGFp& p_G = secp160r1.get_base_point(); - - Botan::PointGFp p0 = p_G; - Botan::PointGFp p1 = p_G * 2; - - p1 += p0; - - Botan::PointGFp expected = secp160r1.point(Botan::BigInt("704859595002530890444080436569091156047721708633"), - Botan::BigInt("1147993098458695153857594941635310323215433166682")); - - result.test_eq("point addition", p1, expected); - return result; - } - -Test::Result test_sub_point() - { - Test::Result result("ECC Unit"); - - Botan::EC_Group secp160r1("secp160r1"); - const Botan::PointGFp& p_G = secp160r1.get_base_point(); - - Botan::PointGFp p0 = p_G; - Botan::PointGFp p1 = p_G * 2; - - p1 -= p0; - - Botan::PointGFp expected = secp160r1.point(Botan::BigInt("425826231723888350446541592701409065913635568770"), - Botan::BigInt("203520114162904107873991457957346892027982641970")); - - result.test_eq("point subtraction", p1, expected); - return result; - } - Test::Result test_mult_point() { Test::Result result("ECC Unit"); @@ -646,115 +636,6 @@ Test::Result test_enc_dec_uncompressed_521() return result; } -Test::Result test_gfp_store_restore() - { - Test::Result result("ECC Unit"); - - // generate point - Botan::EC_Group dom_pars("secp160r1"); - Botan::PointGFp p = dom_pars.get_base_point(); - - std::vector sv_mes = p.encode(Botan::PointGFp::COMPRESSED); - Botan::PointGFp new_p = dom_pars.OS2ECP(sv_mes); - - result.test_eq("original and restored points are same", p, new_p); - return result; - } - -Test::Result test_more_zeropoint() - { - Test::Result result("ECC Unit"); - - // by Falko - - Botan::EC_Group secp160r1("secp160r1"); - - Botan::PointGFp p1 = secp160r1.point(Botan::BigInt("16984103820118642236896513183038186009872590470"), - Botan::BigInt("1373093393927139016463695321221277758035357890939")); - - result.confirm("point is on the curve", p1.on_the_curve()); - Botan::PointGFp minus_p1 = -p1; - result.confirm("point is on the curve", minus_p1.on_the_curve()); - Botan::PointGFp shouldBeZero = p1 + minus_p1; - result.confirm("point is on the curve", shouldBeZero.on_the_curve()); - result.confirm("point is zero", shouldBeZero.is_zero()); - - Botan::BigInt y1 = p1.get_affine_y(); - y1 = secp160r1.get_p() - y1; - - result.test_eq("minus point x", minus_p1.get_affine_x(), p1.get_affine_x()); - result.test_eq("minus point y", minus_p1.get_affine_y(), y1); - - Botan::PointGFp zero = secp160r1.zero_point(); - result.confirm("zero point is on the curve", zero.on_the_curve()); - result.test_eq("addition of zero does nothing", p1, p1 + zero); - - return result; - } - -Test::Result test_mult_by_order() - { - Test::Result result("ECC Unit"); - - // generate point - Botan::EC_Group dom_pars("secp160r1"); - Botan::PointGFp p = dom_pars.get_base_point(); - Botan::PointGFp shouldBeZero = p * dom_pars.get_order(); - - result.confirm("G * order = 0", shouldBeZero.is_zero()); - return result; - } - -Test::Result test_point_swap() - { - Test::Result result("ECC Unit"); - - Botan::EC_Group dom_pars("secp160r1"); - - Botan::PointGFp a(create_random_point(Test::rng(), dom_pars)); - Botan::PointGFp b(create_random_point(Test::rng(), dom_pars)); - b *= Botan::BigInt(Test::rng(), 20); - - Botan::PointGFp c(a); - Botan::PointGFp d(b); - - d.swap(c); - result.test_eq("swap correct", a, d); - result.test_eq("swap correct", b, c); - - return result; - } - -/** -* This test verifies that the side channel attack resistant multiplication function -* yields the same result as the normal (insecure) multiplication via operator*= -*/ -Test::Result test_mult_sec_mass() - { - Test::Result result("ECC Unit"); - - Botan::EC_Group dom_pars("secp160r1"); - for(int i = 0; i < 50; i++) - { - try - { - Botan::PointGFp a(create_random_point(Test::rng(), dom_pars)); - Botan::BigInt scal(Botan::BigInt(Test::rng(), 40)); - Botan::PointGFp b = a * scal; - Botan::PointGFp c(a); - - c *= scal; - result.test_eq("same result", b, c); - } - catch(std::exception& e) - { - result.test_failure("mult_sec_mass", e.what()); - } - } - - return result; - } - Test::Result test_ecc_registration() { Test::Result result("ECC registration"); @@ -787,28 +668,16 @@ class ECC_Unit_Tests final : public Test { std::vector results; - results.push_back(test_groups()); results.push_back(test_coordinates()); results.push_back(test_decoding_with_seed()); - results.push_back(test_point_transformation()); results.push_back(test_point_mult()); results.push_back(test_point_negative()); - results.push_back(test_zeropoint()); - results.push_back(test_zeropoint_enc_dec()); - results.push_back(test_calc_with_zeropoint()); - results.push_back(test_add_point()); - results.push_back(test_sub_point()); results.push_back(test_mult_point()); results.push_back(test_basic_operations()); results.push_back(test_enc_dec_compressed_160()); results.push_back(test_enc_dec_compressed_256()); results.push_back(test_enc_dec_uncompressed_112()); results.push_back(test_enc_dec_uncompressed_521()); - results.push_back(test_gfp_store_restore()); - results.push_back(test_more_zeropoint()); - results.push_back(test_mult_by_order()); - results.push_back(test_point_swap()); - results.push_back(test_mult_sec_mass()); results.push_back(test_ecc_registration()); return results; diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 016906e661..dc2a43af5f 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -403,54 +403,26 @@ Test::Result test_ecc_key_with_rfc5915_parameters() Test::Result test_curve_registry() { - const std::vector oids = - { - "1.3.132.0.8", - "1.2.840.10045.3.1.1", - "1.2.840.10045.3.1.2", - "1.2.840.10045.3.1.3", - "1.2.840.10045.3.1.4", - "1.2.840.10045.3.1.5", - "1.2.840.10045.3.1.6", - "1.2.840.10045.3.1.7", - "1.3.132.0.9", - "1.3.132.0.30", - "1.3.132.0.31", - "1.3.132.0.32", - "1.3.132.0.33", - "1.3.132.0.10", - "1.3.132.0.34", - "1.3.132.0.35", - "1.3.36.3.3.2.8.1.1.1", - "1.3.36.3.3.2.8.1.1.3", - "1.3.36.3.3.2.8.1.1.5", - "1.3.36.3.3.2.8.1.1.7", - "1.3.36.3.3.2.8.1.1.9", - "1.3.36.3.3.2.8.1.1.11", - "1.3.36.3.3.2.8.1.1.13", - }; - Test::Result result("ECDSA Unit"); - for(auto const& oid_str : oids) + for(const std::string& group_name : Botan::EC_Group::known_named_groups()) { try { - Botan::OID oid(oid_str); - Botan::EC_Group dom_pars(oid); - Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars); + Botan::EC_Group group(group_name); + Botan::ECDSA_PrivateKey ecdsa(Test::rng(), group); Botan::PK_Signer signer(ecdsa, Test::rng(), "EMSA1(SHA-256)"); Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)"); - auto msg = Botan::hex_decode("12345678901234567890abcdef12"); - std::vector sig = signer.sign_message(msg, Test::rng()); + const std::vector msg = Botan::hex_decode("12345678901234567890abcdef12"); + const std::vector sig = signer.sign_message(msg, Test::rng()); result.confirm("verified signature", verifier.verify_message(msg, sig)); } catch(Botan::Invalid_Argument& e) { - result.test_failure("testing " + oid_str + ": " + e.what()); + result.test_failure("testing " + group_name + ": " + e.what()); } } From 99c5424243f54153fdb6c27126b5c9bec757d592 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 3 Apr 2018 16:35:37 -0400 Subject: [PATCH 0966/1008] Fix quoting --- doc/security.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/security.rst b/doc/security.rst index 238c318fce..d0b9504f3e 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -21,8 +21,8 @@ https://keybase.io/jacklloyd and on most PGP keyservers. * 2018-03-29 (CVE-2018-9127): Invalid wildcard match RFC 6125 wildcard matching was incorrectly implemented, so that a wildcard - certificate such as "b*.domain.com" would match any hosts "*b*.domain.com" - instead of just server names beginning with 'b'. The host and certificate + certificate such as ``b*.domain.com`` would match any hosts ``*b*.domain.com`` + instead of just server names beginning with ``b``. The host and certificate would still have to be in the same domain name. Reported by Fabian Weißberg of Rohde and Schwarz Cybersecurity. From 2a65ff7893e673db33d90401cf7051a2ceae448d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 11:37:11 -0400 Subject: [PATCH 0967/1008] Tweak how RSA private operations are performed Improves perf by about 15% --- src/lib/pubkey/rsa/rsa.cpp | 69 ++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 25 deletions(-) diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index aa315aabf6..bdfafaf07c 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -1,6 +1,6 @@ /* * RSA -* (C) 1999-2010,2015,2016 Jack Lloyd +* (C) 1999-2010,2015,2016,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -14,6 +14,8 @@ #include #include #include +#include +#include #if defined(BOTAN_HAS_OPENSSL) #include @@ -191,26 +193,27 @@ namespace { class RSA_Private_Operation { protected: - size_t get_max_input_bits() const { return (m_n.bits() - 1); } + size_t get_max_input_bits() const { return (m_mod_bits - 1); } explicit RSA_Private_Operation(const RSA_PrivateKey& rsa, RandomNumberGenerator& rng) : - m_n(rsa.get_n()), - m_q(rsa.get_q()), - m_c(rsa.get_c()), - m_powermod_e_n(rsa.get_e(), rsa.get_n()), - m_powermod_d1_p(rsa.get_d1(), rsa.get_p()), - m_powermod_d2_q(rsa.get_d2(), rsa.get_q()), - m_mod_p(rsa.get_p()), - m_blinder(m_n, + m_key(rsa), + m_mod_p(m_key.get_p()), + m_mod_q(m_key.get_q()), + m_monty_p(std::make_shared(m_key.get_p(), m_mod_p)), + m_monty_q(std::make_shared(m_key.get_q(), m_mod_q)), + m_powermod_e_n(m_key.get_e(), m_key.get_n()), + m_blinder(m_key.get_n(), rng, [this](const BigInt& k) { return m_powermod_e_n(k); }, - [this](const BigInt& k) { return inverse_mod(k, m_n); }) + [this](const BigInt& k) { return inverse_mod(k, m_key.get_n()); }), + m_mod_bytes(m_key.get_n().bytes()), + m_mod_bits(m_key.get_n().bits()) { } BigInt blinded_private_op(const BigInt& m) const { - if(m >= m_n) + if(m >= m_key.get_n()) throw Invalid_Argument("RSA private op - input is too large"); return m_blinder.unblind(private_op(m_blinder.blind(m))); @@ -218,26 +221,42 @@ class RSA_Private_Operation BigInt private_op(const BigInt& m) const { + const size_t powm_window = 4; + #if defined(BOTAN_TARGET_OS_HAS_THREADS) - auto future_j1 = std::async(std::launch::async, std::ref(m_powermod_d1_p), m); - BigInt j2 = m_powermod_d2_q(m); + auto future_j1 = std::async(std::launch::async, [this, &m]() { + auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window); + return monty_execute(*powm_d1_p, m_key.get_d1()); + }); + + auto powm_d2_q = monty_precompute(m_monty_q, m, powm_window); + BigInt j2 = monty_execute(*powm_d2_q, m_key.get_d2()); BigInt j1 = future_j1.get(); #else - BigInt j1 = m_powermod_d1_p(m); - BigInt j2 = m_powermod_d2_q(m); + auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window); + auto powm_d2_q = monty_precompute(m_monty_q, m, powm_window); + + BigInt j1 = monty_execute(*powm_d1_p, m_key.get_d1()); + BigInt j2 = monty_execute(*powm_d2_q, m_key.get_d2()); #endif - j1 = m_mod_p.reduce(sub_mul(j1, j2, m_c)); + j1 = m_mod_p.reduce(sub_mul(j1, j2, m_key.get_c())); - return mul_add(j1, m_q, j2); + return mul_add(j1, m_key.get_q(), j2); } - const BigInt& m_n; - const BigInt& m_q; - const BigInt& m_c; - Fixed_Exponent_Power_Mod m_powermod_e_n, m_powermod_d1_p, m_powermod_d2_q; + const RSA_PrivateKey& m_key; + + // TODO these could all be computed once and stored in the key object Modular_Reducer m_mod_p; + Modular_Reducer m_mod_q; + std::shared_ptr m_monty_p; + std::shared_ptr m_monty_q; + + Fixed_Exponent_Power_Mod m_powermod_e_n; Blinder m_blinder; + size_t m_mod_bytes; + size_t m_mod_bits; }; class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA, @@ -260,7 +279,7 @@ class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA, const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); BOTAN_ASSERT(m == c, "RSA sign consistency check"); - return BigInt::encode_1363(x, m_n.bytes()); + return BigInt::encode_1363(x, m_mod_bytes); } }; @@ -281,7 +300,7 @@ class RSA_Decryption_Operation final : public PK_Ops::Decryption_with_EME, const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); BOTAN_ASSERT(m == c, "RSA decrypt consistency check"); - return BigInt::encode_1363(x, m_n.bytes()); + return BigInt::encode_1363(x, m_mod_bytes); } }; @@ -304,7 +323,7 @@ class RSA_KEM_Decryption_Operation final : public PK_Ops::KEM_Decryption_with_KD const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); BOTAN_ASSERT(m == c, "RSA KEM consistency check"); - return BigInt::encode_1363(x, m_n.bytes()); + return BigInt::encode_1363(x, m_mod_bytes); } }; From db65873a56c75373280c61417332a4d1c466a494 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 11:46:01 -0400 Subject: [PATCH 0968/1008] Add RSA exponent blinding Additional paranoia never hurt. --- src/lib/pubkey/blinding.h | 2 ++ src/lib/pubkey/rsa/rsa.cpp | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/src/lib/pubkey/blinding.h b/src/lib/pubkey/blinding.h index 1c3fb14448..1bdd235f0f 100644 --- a/src/lib/pubkey/blinding.h +++ b/src/lib/pubkey/blinding.h @@ -58,6 +58,8 @@ class BOTAN_PUBLIC_API(2,0) Blinder final Blinder& operator=(const Blinder&) = delete; + RandomNumberGenerator& rng() const { return m_rng; } + private: BigInt blinding_nonce() const; diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index bdfafaf07c..1cd4a15d30 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -222,22 +222,29 @@ class RSA_Private_Operation BigInt private_op(const BigInt& m) const { const size_t powm_window = 4; + const size_t exp_blinding_bits = 64; + + const BigInt d1_mask(m_blinder.rng(), exp_blinding_bits); + const BigInt d2_mask(m_blinder.rng(), exp_blinding_bits); + + const BigInt masked_d1 = m_key.get_d1() + (d1_mask * (m_key.get_p() - 1)); + const BigInt masked_d2 = m_key.get_d2() + (d2_mask * (m_key.get_q() - 1)); #if defined(BOTAN_TARGET_OS_HAS_THREADS) - auto future_j1 = std::async(std::launch::async, [this, &m]() { + auto future_j1 = std::async(std::launch::async, [this, &m, &masked_d1]() { auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window); - return monty_execute(*powm_d1_p, m_key.get_d1()); + return monty_execute(*powm_d1_p, masked_d1); }); auto powm_d2_q = monty_precompute(m_monty_q, m, powm_window); - BigInt j2 = monty_execute(*powm_d2_q, m_key.get_d2()); + BigInt j2 = monty_execute(*powm_d2_q, masked_d2); BigInt j1 = future_j1.get(); #else auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window); auto powm_d2_q = monty_precompute(m_monty_q, m, powm_window); - BigInt j1 = monty_execute(*powm_d1_p, m_key.get_d1()); - BigInt j2 = monty_execute(*powm_d2_q, m_key.get_d2()); + BigInt j1 = monty_execute(*powm_d1_p, masked_d1); + BigInt j2 = monty_execute(*powm_d2_q, masked_d2); #endif j1 = m_mod_p.reduce(sub_mul(j1, j2, m_key.get_c())); From c2d4eefafed4aad95f501fa932ab67699db2c5a5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 11:53:36 -0400 Subject: [PATCH 0969/1008] Update side channel doc, and update RSA blinding test It needs to account for bits taking from the blinding RNG for exponent blinding. --- doc/manual/side_channels.rst | 6 +++++- src/tests/test_rsa.cpp | 13 ++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/doc/manual/side_channels.rst b/doc/manual/side_channels.rst index 6d6bd74bbd..cf5f260039 100644 --- a/doc/manual/side_channels.rst +++ b/doc/manual/side_channels.rst @@ -13,13 +13,17 @@ RSA ---------------------- Blinding is always used to protect private key operations (there is no way to -turn it off). As an optimization, instead of choosing a new random mask and +turn it off). Both base blinding and exponent blinding are used. + +For base blinding, as an optimization, instead of choosing a new random mask and inverse with each decryption, both the mask and its inverse are simply squared to choose the next blinding factor. This is much faster than computing a fresh value each time, and the additional relation is thought to provide only minimal useful information for an attacker. Every BOTAN_BLINDING_REINIT_INTERVAL (default 32) operations, a new starting point is chosen. +Exponent blinding uses new values for each signature. + RSA signing uses the CRT optimization, which is much faster but vulnerable to trivial fault attacks [RsaFault] which can result in the key being entirely compromised. To protect against this (or any other computational error which diff --git a/src/tests/test_rsa.cpp b/src/tests/test_rsa.cpp index 652d5cafd2..88c086812d 100644 --- a/src/tests/test_rsa.cpp +++ b/src/tests/test_rsa.cpp @@ -288,9 +288,16 @@ class RSA_Blinding_Tests final : public Test Botan::PK_Encryptor_EME encryptor(rsa, Test::rng(), "Raw"); // don't try this at home - // test blinding reinit interval - // Seed Fixed_Output_RNG only with enough bytes for the initial blinder initialization - Botan_Tests::Fixed_Output_RNG fixed_rng(Botan::unlock(Test::rng().random_vec(rsa.get_n().bytes()))); + /* + Test blinding reinit interval + + Seed Fixed_Output_RNG only with enough bytes for the initial + blinder initialization plus the exponent blinding bits which + is 2*64 bits per operation. + */ + const size_t rng_bytes = rsa.get_n().bytes() + (2*8*BOTAN_BLINDING_REINIT_INTERVAL); + + Botan_Tests::Fixed_Output_RNG fixed_rng(Botan::unlock(Test::rng().random_vec(rng_bytes))); Botan::PK_Decryptor_EME decryptor(rsa, fixed_rng, "Raw", "base"); for(size_t i = 1; i <= BOTAN_BLINDING_REINIT_INTERVAL ; ++i) From f1d4e126bf929a3ed2a509059d054f8aaef865f0 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 13:21:06 -0400 Subject: [PATCH 0970/1008] Work around a bug in MSVC lambda handling --- src/lib/pubkey/rsa/rsa.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 1cd4a15d30..fd95f187f3 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -231,7 +231,7 @@ class RSA_Private_Operation const BigInt masked_d2 = m_key.get_d2() + (d2_mask * (m_key.get_q() - 1)); #if defined(BOTAN_TARGET_OS_HAS_THREADS) - auto future_j1 = std::async(std::launch::async, [this, &m, &masked_d1]() { + auto future_j1 = std::async(std::launch::async, [this, &m, &masked_d1, powm_window]() { auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window); return monty_execute(*powm_d1_p, masked_d1); }); From 4216b96b2eb68ca9371e0452b0111e033f64f2d2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 15:07:29 -0400 Subject: [PATCH 0971/1008] Move version.txt to src/build-data It is not useful for end-users so don't put it in the top level. --- configure.py | 2 +- version.txt => src/build-data/version.txt | 0 src/configs/sphinx/conf.py | 2 +- src/scripts/dist.py | 3 ++- 4 files changed, 4 insertions(+), 3 deletions(-) rename version.txt => src/build-data/version.txt (100%) diff --git a/configure.py b/configure.py index 99240effcf..8bc18bbba0 100755 --- a/configure.py +++ b/configure.py @@ -89,7 +89,7 @@ class Version(object): def get_data(): if not Version.data: root_dir = os.path.dirname(os.path.realpath(__file__)) - Version.data = parse_version_file(os.path.join(root_dir, 'version.txt')) + Version.data = parse_version_file(os.path.join(root_dir, 'src/build-data/version.txt')) return Version.data @staticmethod diff --git a/version.txt b/src/build-data/version.txt similarity index 100% rename from version.txt rename to src/build-data/version.txt diff --git a/src/configs/sphinx/conf.py b/src/configs/sphinx/conf.py index 0534a9fa2c..92fb78ba71 100644 --- a/src/configs/sphinx/conf.py +++ b/src/configs/sphinx/conf.py @@ -38,7 +38,7 @@ def parse_version_file(version_path): results[key] = val return results -version_info = parse_version_file('../../../version.txt') +version_info = parse_version_file('../../build-data/version.txt') version_major = version_info['release_major'] version_minor = version_info['release_minor'] diff --git a/src/scripts/dist.py b/src/scripts/dist.py index 2586af5609..d12ce8d05e 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -357,7 +357,8 @@ def output_name(): version_file = None - for possible_version_file in ['version.txt', 'botan_version.py']: + # location of file with version information has moved over time + for possible_version_file in ['src/build-data/version.txt', 'version.txt', 'botan_version.py']: full_path = os.path.join(output_basename, possible_version_file) if os.access(full_path, os.R_OK): version_file = full_path From 67633e52bf4837b35fe95ec0befb9df8262fe1a2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 15:07:53 -0400 Subject: [PATCH 0972/1008] Add DL_Group::monty_params_p to get Montgomery params --- src/lib/pubkey/dl_group/dl_group.cpp | 9 +++++++-- src/lib/pubkey/dl_group/dl_group.h | 6 ++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 9bd9d2462f..7a35c63626 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -45,7 +45,7 @@ class DL_Group_Data final return m_mod_p.multiply(x, y); } - std::shared_ptr monty_params() const + std::shared_ptr monty_params_p() const { return m_monty_params; } size_t p_bits() const { return m_p_bits; } @@ -394,6 +394,11 @@ const BigInt& DL_Group::get_q() const return data().q(); } +std::shared_ptr DL_Group::monty_params_p() const + { + return data().monty_params_p(); + } + size_t DL_Group::p_bits() const { return data().p_bits(); @@ -427,7 +432,7 @@ BigInt DL_Group::multiply_mod_p(const BigInt& x, const BigInt& y) const BigInt DL_Group::multi_exponentiate(const BigInt& x, const BigInt& y, const BigInt& z) const { - return monty_multi_exp(data().monty_params(), get_g(), x, y, z); + return monty_multi_exp(data().monty_params_p(), get_g(), x, y, z); } BigInt DL_Group::power_g_p(const BigInt& x) const diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 14ef3c0880..921b4060e5 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -12,6 +12,7 @@ namespace Botan { +class Montgomery_Params; class DL_Group_Data; /** @@ -192,6 +193,11 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final */ BigInt multi_exponentiate(const BigInt& x, const BigInt& y, const BigInt& z) const; + /** + * Return parameters for Montgomery reduction/exponentiation mod p + */ + std::shared_ptr monty_params_p() const; + /** * Return the size of p in bits * Same as get_p().bits() From 066fc339e32c30fde138129875e5357f60720656 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 15:09:24 -0400 Subject: [PATCH 0973/1008] Bump version to 2.6.0-pre --- news.rst | 9 +++++++++ src/build-data/version.txt | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 5879b2c73f..f7385ae248 100644 --- a/news.rst +++ b/news.rst @@ -1,6 +1,15 @@ Release Notes ======================================== +Version 2.6.0, Not Yet Released +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for OAEP labels (GH #1508) + +* RSA signing optimizations, about 15% faster (GH #1523) + +* Add exponent blinding to RSA (GH #1523) + Version 2.5.0, 2018-04-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/build-data/version.txt b/src/build-data/version.txt index c0f34a598a..5363563ea5 100644 --- a/src/build-data/version.txt +++ b/src/build-data/version.txt @@ -1,6 +1,6 @@ release_major = 2 -release_minor = 5 +release_minor = 6 release_patch = 0 release_so_abi_rev = 5 From 30f1500361b899ff436610781329ba0726d07746 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 4 Apr 2018 15:11:42 -0400 Subject: [PATCH 0974/1008] Fix ReST formatting --- doc/manual/tls.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 3587558c71..1d620fabd4 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -1200,7 +1200,8 @@ as shown in the following code examples. 3. Adjustment of the TLS policy by allowing the custom curve Client Code Example -^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^ + .. code-block:: cpp #include @@ -1373,7 +1374,8 @@ Client Code Example } Server Code Example -^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^ + .. code-block:: cpp #include From 6c5d9ef3c49658cbf4096e04905e3c0debb9d096 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Apr 2018 11:03:48 -0400 Subject: [PATCH 0975/1008] Split up asm constructs to avoid miscompilation The constraints were invalid as they missed the clobber of a/d registers. This caused miscompilation when using GCC -fno-plt option. GH #1524 --- src/lib/math/mp/mp_asmi.h | 79 ++++++++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 30 deletions(-) diff --git a/src/lib/math/mp/mp_asmi.h b/src/lib/math/mp/mp_asmi.h index 0cbce3053a..1b332811f8 100644 --- a/src/lib/math/mp/mp_asmi.h +++ b/src/lib/math/mp/mp_asmi.h @@ -717,29 +717,37 @@ inline word word8_madd3(word z[8], const word x[8], word y, word carry) inline void word3_muladd(word* w2, word* w1, word* w0, word x, word y) { #if defined(BOTAN_MP_USE_X86_32_ASM) - asm( - ASM("mull %[y]") + word z0 = 0, z1 = 0; - ASM("addl %[x],%[w0]") - ASM("adcl %[y],%[w1]") - ASM("adcl $0,%[w2]") + asm ("mull %[y]" + : "=a"(z0),"=d"(z1) + : "a"(x), [y]"rm"(y) + : "cc"); - : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) - : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) - : "cc"); + asm(ASM("addl %[z0],%[w0]") + ASM("adcl %[z1],%[w1]") + ASM("adcl $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); #elif defined(BOTAN_MP_USE_X86_64_ASM) - asm( - ASM("mulq %[y]") + word z0 = 0, z1 = 0; - ASM("addq %[x],%[w0]") - ASM("adcq %[y],%[w1]") - ASM("adcq $0,%[w2]") + asm ("mulq %[y]" + : "=a"(z0),"=d"(z1) + : "a"(x), [y]"rm"(y) + : "cc"); - : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) - : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) - : "cc"); + asm(ASM("addq %[z0],%[w0]") + ASM("adcq %[z1],%[w1]") + ASM("adcq $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); #else word carry = *w0; @@ -792,36 +800,47 @@ inline void word3_add(word* w2, word* w1, word* w0, word x) inline void word3_muladd_2(word* w2, word* w1, word* w0, word x, word y) { #if defined(BOTAN_MP_USE_X86_32_ASM) - asm( - ASM("mull %[y]") - ASM("addl %[x],%[w0]") - ASM("adcl %[y],%[w1]") + word z0 = 0, z1 = 0; + + asm ("mull %[y]" + : "=a"(z0),"=d"(z1) + : "a"(x), [y]"rm"(y) + : "cc"); + + asm( + ASM("addl %[z0],%[w0]") + ASM("adcl %[z1],%[w1]") ASM("adcl $0,%[w2]") - ASM("addl %[x],%[w0]") - ASM("adcl %[y],%[w1]") + ASM("addl %[z0],%[w0]") + ASM("adcl %[z1],%[w1]") ASM("adcl $0,%[w2]") : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) - : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) + : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2) : "cc"); #elif defined(BOTAN_MP_USE_X86_64_ASM) - asm( - ASM("mulq %[y]") + word z0 = 0, z1 = 0; - ASM("addq %[x],%[w0]") - ASM("adcq %[y],%[w1]") + asm ("mulq %[y]" + : "=a"(z0),"=d"(z1) + : "a"(x), [y]"rm"(y) + : "cc"); + + asm( + ASM("addq %[z0],%[w0]") + ASM("adcq %[z1],%[w1]") ASM("adcq $0,%[w2]") - ASM("addq %[x],%[w0]") - ASM("adcq %[y],%[w1]") + ASM("addq %[z0],%[w0]") + ASM("adcq %[z1],%[w1]") ASM("adcq $0,%[w2]") : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) - : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) + : [z0]"r"(z0), [z1]"r"(z1), "0"(*w0), "1"(*w1), "2"(*w2) : "cc"); #else From e137dcb349a4c2e7fda71ed539361bbdefedebd1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Apr 2018 11:21:05 -0400 Subject: [PATCH 0976/1008] Add --provider option to sign command --- src/cli/pubkey.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 3c84829d8f..5a8cfcf44b 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -144,7 +144,7 @@ BOTAN_REGISTER_COMMAND("fingerprint", PK_Fingerprint); class PK_Sign final : public Command { public: - PK_Sign() : Command("sign --der-format --passphrase= --hash=SHA-256 --emsa= key file") {} + PK_Sign() : Command("sign --der-format --passphrase= --hash=SHA-256 --emsa= --provider= key file") {} std::string group() const override { @@ -175,7 +175,9 @@ class PK_Sign final : public Command const Botan::Signature_Format format = flag_set("der-format") ? Botan::DER_SEQUENCE : Botan::IEEE_1363; - Botan::PK_Signer signer(*key, rng(), sig_padding, format); + const std::string provider = get_arg("provider"); + + Botan::PK_Signer signer(*key, rng(), sig_padding, format, provider); auto onData = [&signer](const uint8_t b[], size_t l) { From 0fe2273728ca637ff0d57cd80274bf7c541d1dbd Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Apr 2018 11:21:16 -0400 Subject: [PATCH 0977/1008] Fix bug in CLI, and fix bug in CLI tests The tests were detecting the problem and failing, but just returned zero in any case so CI did not fail. Also fix some CLI bugs that caused failures if OpenSSL was enabled. --- src/cli/timing_tests.cpp | 6 +++--- src/scripts/test_cli.py | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index f3ecdc0340..41f622bd5b 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -32,7 +32,7 @@ #include #endif -#if defined(BOTAN_HAS_EC_GROUP) +#if defined(BOTAN_HAS_ECC_GROUP) #include #endif @@ -303,7 +303,7 @@ ticks ECDSA_Timing_Test::measure_critical_function(std::vector input) #endif -#if defined(BOTAN_HAS_EC_GROUP) +#if defined(BOTAN_HAS_ECC_GROUP) class ECC_Mul_Timing_Test final : public Timing_Test { @@ -545,7 +545,7 @@ std::unique_ptr Timing_Test_Command::lookup_timing_test(const std:: } #endif -#if defined(BOTAN_HAS_EC_GROUP) +#if defined(BOTAN_HAS_ECC_GROUP) if(test_type == "ecc_mul") { return std::unique_ptr(new ECC_Mul_Timing_Test("brainpool512r1")); diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 329a512955..ea5808e7c5 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -169,7 +169,7 @@ def cli_key_tests(): valid_sig = "xd3J9jtTBWFWA9ceVGYpmEB0A1DmOoxHRF7FpYW2ng/GYEH/HYljIfYzu/L5iTK6XfVePxeMr6ubCYCD9vFGIw==" - test_cli("sign", "%s %s" % (priv_key, priv_key), valid_sig) + test_cli("sign", "--provider=base %s %s" % (priv_key, priv_key), valid_sig) test_cli("verify", [pub_key, priv_key, '-'], "Signature is valid", valid_sig) @@ -290,7 +290,7 @@ def cli_asn1_tests(): def cli_speed_tests(): output = test_cli("speed", ["--msec=1", "--buf-size=64,512", "AES-128"], None).split('\n') - if len(output) != 4: + if len(output) % 4 != 0: logging.error("Unexpected number of lines for AES-128 speed test") # pylint: disable=line-too-long @@ -370,6 +370,8 @@ def main(args=None): print("Ran %d tests with %d failures in %.02f seconds" % ( TESTS_RUN, TESTS_FAILED, end_time - start_time)) + if TESTS_FAILED > 0: + return 1 return 0 if __name__ == '__main__': From ba5ac0eddfa4ba4ac818de69c6b54200ee86699a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Apr 2018 13:50:20 -0400 Subject: [PATCH 0978/1008] Update news [ci skip] --- news.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news.rst b/news.rst index f7385ae248..12f2c2a116 100644 --- a/news.rst +++ b/news.rst @@ -10,6 +10,9 @@ Version 2.6.0, Not Yet Released * Add exponent blinding to RSA (GH #1523) +* Fix a bug in inline asm that caused incorrect computations when + compiled with GCC's `-fno-plt` option. (GH #1524) + Version 2.5.0, 2018-04-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From fb7071404471bcd1961ee2d3bf49e0d7fce6bf88 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Apr 2018 13:58:01 -0400 Subject: [PATCH 0979/1008] Add pk_workfactor CLI and refactor workfactor estimator functions No reason to duplicate the NFS workfactor estimator twice --- src/cli/pubkey.cpp | 34 ++++++++++++++++++++++++++++++++++ src/lib/pubkey/workfactor.cpp | 31 +++++++++++++++++++------------ 2 files changed, 53 insertions(+), 12 deletions(-) diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 5a8cfcf44b..3af91b722a 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -17,6 +17,7 @@ #include #include #include +#include #if defined(BOTAN_HAS_DL_GROUP) #include @@ -392,6 +393,39 @@ class DL_Group_Info final : public Command BOTAN_REGISTER_COMMAND("dl_group_info", DL_Group_Info); +class PK_Workfactor final : public Command + { + public: + PK_Workfactor() : Command("pk_workfactor --type=rsa bits") {} + + std::string group() const override + { + return "pubkey"; + } + + std::string description() const override + { + return "Provide estimate of strength of public key based on size"; + } + + void go() override + { + const size_t bits = get_arg_sz("bits"); + const std::string type = get_arg("type"); + + if(type == "rsa") + output() << Botan::if_work_factor(bits) << "\n"; + else if(type == "dl") + output() << Botan::dl_work_factor(bits) << "\n"; + else if(type == "dl_exp") + output() << Botan::dl_exponent_size(bits) << "\n"; + else + throw CLI_Usage_Error("Unknown type for pk_workfactor"); + } + }; + +BOTAN_REGISTER_COMMAND("pk_workfactor", PK_Workfactor); + class Gen_DL_Group final : public Command { public: diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp index 8be64bef32..71604c06bb 100644 --- a/src/lib/pubkey/workfactor.cpp +++ b/src/lib/pubkey/workfactor.cpp @@ -16,21 +16,32 @@ size_t ecp_work_factor(size_t bits) return bits / 2; } -size_t if_work_factor(size_t bits) - { - // RFC 3766: k * e^((1.92 + o(1)) * cubrt(ln(n) * (ln(ln(n)))^2)) - // It estimates k at .02 and o(1) to be effectively zero for sizes of interest - const double k = .02; +namespace { - // approximates natural logarithm of p +size_t nfs_workfactor(size_t bits, double k) + { + // approximates natural logarithm of integer of given bitsize const double log2_e = std::log2(std::exp(1)); const double log_p = bits / log2_e; - const double est = 1.92 * std::pow(log_p * std::log(log_p) * std::log(log_p), 1.0/3.0); + const double log_log_p = std::log(log_p); + // RFC 3766: k * e^((1.92 + o(1)) * cubrt(ln(n) * (ln(ln(n)))^2)) + const double est = 1.92 * std::pow(log_p * log_log_p * log_log_p, 1.0/3.0); + + // return log2 of the workfactor return static_cast(std::log2(k) + log2_e * est); } +} + +size_t if_work_factor(size_t bits) + { + // RFC 3766 estimates k at .02 and o(1) to be effectively zero for sizes of interest + + return nfs_workfactor(bits, .02); + } + size_t dl_work_factor(size_t bits) { // Lacking better estimates... @@ -46,12 +57,8 @@ size_t dl_exponent_size(size_t bits) (this only matters for very small primes). */ const size_t MIN_WORKFACTOR = 64; - const double log2_e = std::log2(std::exp(1)); - const double log_p = bits / log2_e; - - const double strength = 1.92 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0); - return 2 * std::max(MIN_WORKFACTOR, static_cast(log2_e * strength)); + return 2 * std::max(MIN_WORKFACTOR, nfs_workfactor(bits, 1)); } } From 3d9abe39057ebb63205d7840ede7b62f820fa908 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Apr 2018 08:49:36 -0400 Subject: [PATCH 0980/1008] Add missing override annotations in fuzzers [ci skip] --- src/fuzzer/tls_client.cpp | 2 +- src/fuzzer/tls_server.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/fuzzer/tls_client.cpp b/src/fuzzer/tls_client.cpp index 2ccd709617..efcadac775 100644 --- a/src/fuzzer/tls_client.cpp +++ b/src/fuzzer/tls_client.cpp @@ -36,7 +36,7 @@ class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks // ignore alert } - bool tls_session_established(const Botan::TLS::Session&) + bool tls_session_established(const Botan::TLS::Session&) override { return true; // cache it } diff --git a/src/fuzzer/tls_server.cpp b/src/fuzzer/tls_server.cpp index a985da5a6b..0b414453fa 100644 --- a/src/fuzzer/tls_server.cpp +++ b/src/fuzzer/tls_server.cpp @@ -127,7 +127,7 @@ class Fuzzer_TLS_Server_Callbacks : public Botan::TLS::Callbacks // ignore alert } - bool tls_session_established(const Botan::TLS::Session&) + bool tls_session_established(const Botan::TLS::Session&) override { return true; // cache it } From 4292f41101bb86d528252d8395ffb93eb9fa3528 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 6 Apr 2018 12:46:49 -0400 Subject: [PATCH 0981/1008] Fix quoting [ci skip] --- news.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 12f2c2a116..01a9dba989 100644 --- a/news.rst +++ b/news.rst @@ -11,7 +11,7 @@ Version 2.6.0, Not Yet Released * Add exponent blinding to RSA (GH #1523) * Fix a bug in inline asm that caused incorrect computations when - compiled with GCC's `-fno-plt` option. (GH #1524) + compiled with GCC's ``-fno-plt`` option. (GH #1524) Version 2.5.0, 2018-04-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 4476c07bae00dc2cec5183878d81b3e53ff3b97e Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Fri, 6 Apr 2018 20:20:35 +0200 Subject: [PATCH 0982/1008] Make tests pass by default in UBSAN mode - Adds macros to check if botan was compiled with a certain sanitizers. - Automatically excludes the tests that are intended to provoke undefined behaviour from the test bench, when botan is compiled with UBSAN. - Changes option `--avoid-undefined` to `--no-avoid-undefined` so the failing tests can be explicitly activated when needed. --- configure.py | 5 +++++ src/build-data/buildh.in | 4 ++++ src/tests/main.cpp | 4 ++-- src/tests/test_dl_group.cpp | 7 +++++-- src/tests/test_ffi.cpp | 6 +++++- src/tests/tests.h | 10 +++++----- src/tests/unit_ecdsa.cpp | 6 +++++- 7 files changed, 31 insertions(+), 11 deletions(-) diff --git a/configure.py b/configure.py index 8bc18bbba0..986081279d 100755 --- a/configure.py +++ b/configure.py @@ -1099,6 +1099,7 @@ def __init__(self, infofile): self.output_to_object = lex.output_to_object self.preproc_flags = lex.preproc_flags self.sanitizers = lex.sanitizers + self.sanitizer_types = [] self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags self.so_link_commands = lex.so_link_commands @@ -1224,6 +1225,8 @@ def mach_abi_groups(): else: abi_link.add(self.sanitizers[s]) + self.sanitizer_types = san + if options.with_openmp: if 'openmp' not in self.mach_abi_linking: raise UserError('No support for OpenMP for %s' % (self.basename)) @@ -1866,6 +1869,8 @@ def join_with_build_dir(path): 'linker': cc.linker_name or '$(CXX)', 'make_supports_phony': cc.basename != 'msvc', + 'sanitizer_types' : sorted(cc.sanitizer_types), + 'cc_compile_opt_flags': cc.cc_compile_flags(options, False, True), 'cc_compile_debug_flags': cc.cc_compile_flags(options, True, False), diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index d42e85ac42..807b6f4797 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -52,6 +52,10 @@ #define BOTAN_BUILD_COMPILER_IS_%{cc_macro} +%{for sanitizer_types} +#define BOTAN_HAS_SANITIZER_%{i|upper} +%{endfor} + #define BOTAN_TARGET_ARCH_IS_%{arch|upper} %{if endian} #define BOTAN_TARGET_CPU_IS_%{endian|upper}_ENDIAN diff --git a/src/tests/main.cpp b/src/tests/main.cpp index 5cf4e4fe32..0e0360783f 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -60,7 +60,7 @@ int main(int argc, char* argv[]) { const std::string arg_spec = "botan-test --verbose --help --data-dir= --pkcs11-lib= --provider= " - "--log-success --abort-on-first-fail --avoid-undefined " + "--log-success --abort-on-first-fail --no-avoid-undefined " "--run-long-tests --run-online-tests --test-runs=1 --drbg-seed= " "*suites"; @@ -85,7 +85,7 @@ int main(int argc, char* argv[]) parser.flag_set("run-online-tests"), parser.flag_set("run-long-tests"), parser.flag_set("abort-on-first-fail"), - parser.flag_set("avoid-undefined")); + parser.flag_set("no-avoid-undefined")); #if defined(BOTAN_HAS_OPENSSL) if(opts.provider().empty() || opts.provider() == "openssl") diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index 10a7e3bc6a..c9e654bd7a 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -44,16 +44,19 @@ class DL_Group_Tests final : public Test "DL_Group uninitialized", []() { Botan::DL_Group dl; dl.get_p(); }); - if(Test::avoid_undefined_behavior() == false) +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) + if(Test::no_avoid_undefined_behavior()) { +#endif result.test_throws("Bad generator param", "Invalid argument DL_Group unknown PrimeType", []() { auto invalid_type = static_cast(9); Botan::DL_Group dl(Test::rng(), invalid_type, 1024); }); +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) } - +#endif return result; } diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 58b9852a07..0d831f2512 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -842,14 +842,18 @@ class FFI_Unit_Tests final : public Test // delete of null is ok/ignored TEST_FFI_RC(0, botan_hash_destroy, (nullptr)); - if(Test::avoid_undefined_behavior() == false) +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) + if(Test::no_avoid_undefined_behavior()) { +#endif // Confirm that botan_x_destroy checks the argument type botan_mp_t mp; botan_mp_init(&mp); TEST_FFI_RC(BOTAN_FFI_ERROR_INVALID_OBJECT, botan_hash_destroy, (reinterpret_cast(mp))); TEST_FFI_RC(0, botan_mp_destroy, (mp)); +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) } +#endif return result; } diff --git a/src/tests/tests.h b/src/tests/tests.h index 0c63797fa5..56aa4b8c50 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -62,7 +62,7 @@ class Test_Options bool run_online_tests, bool run_long_tests, bool abort_on_first_fail, - bool avoid_undefined) : + bool no_avoid_undefined) : m_requested_tests(requested_tests), m_data_dir(data_dir), m_pkcs11_lib(pkcs11_lib), @@ -73,7 +73,7 @@ class Test_Options m_run_online_tests(run_online_tests), m_run_long_tests(run_long_tests), m_abort_on_first_fail(abort_on_first_fail), - m_avoid_undefined(avoid_undefined) + m_no_avoid_undefined(no_avoid_undefined) {} const std::vector& requested_tests() const @@ -97,7 +97,7 @@ class Test_Options bool abort_on_first_fail() const { return m_abort_on_first_fail; } - bool avoid_undefined_behavior() const { return m_avoid_undefined; } + bool no_avoid_undefined_behavior() const { return m_no_avoid_undefined; } private: std::vector m_requested_tests; @@ -110,7 +110,7 @@ class Test_Options bool m_run_online_tests; bool m_run_long_tests; bool m_abort_on_first_fail; - bool m_avoid_undefined; + bool m_no_avoid_undefined; }; /* @@ -466,7 +466,7 @@ class Test static void set_test_rng(std::unique_ptr rng); - static bool avoid_undefined_behavior() { return m_opts.avoid_undefined_behavior(); } + static bool no_avoid_undefined_behavior() { return m_opts.no_avoid_undefined_behavior(); } static bool log_success() { return m_opts.log_success(); } static bool run_online_tests() { return m_opts.run_online_tests(); } static bool run_long_tests() { return m_opts.run_long_tests(); } diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index dc2a43af5f..f94f445ee4 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -299,14 +299,18 @@ Test::Result test_encoding_options() result.test_eq("Hybrid point same size as uncompressed", enc_uncompressed.size(), enc_hybrid.size()); - if(Test::avoid_undefined_behavior() == false) +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) + if(Test::no_avoid_undefined_behavior()) { +#endif auto invalid_format = static_cast(99); result.test_throws("Invalid point format throws", "Invalid argument Invalid point encoding for EC_PublicKey", [&] { key.set_point_encoding(invalid_format); }); +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) } +#endif return result; } From 7df69ab04ba5f2944ac3135b444c3b103aaa3f80 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 7 Apr 2018 09:45:01 -0400 Subject: [PATCH 0983/1008] Add defensive assert to buffer_insert Otherwise an integer overflow bug elsewhere could turn into a heap overflow. --- src/lib/base/secmem.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/base/secmem.h b/src/lib/base/secmem.h index 9449d015e7..12ea55a3b6 100644 --- a/src/lib/base/secmem.h +++ b/src/lib/base/secmem.h @@ -105,6 +105,7 @@ size_t buffer_insert(std::vector& buf, const T input[], size_t input_length) { + BOTAN_ASSERT_NOMSG(buf_offset <= buf.size()); const size_t to_copy = std::min(input_length, buf.size() - buf_offset); if(to_copy > 0) { @@ -118,6 +119,7 @@ size_t buffer_insert(std::vector& buf, size_t buf_offset, const std::vector& input) { + BOTAN_ASSERT_NOMSG(buf_offset <= buf.size()); const size_t to_copy = std::min(input.size(), buf.size() - buf_offset); if(to_copy > 0) { From a96d1ca450a9cadea8157f3295a970af1f16a58f Mon Sep 17 00:00:00 2001 From: Matthias Gierlings Date: Sat, 7 Apr 2018 17:47:11 +0200 Subject: [PATCH 0984/1008] Moves UBSAN macros from test files to Test_Options To keep the code more readable change the behavior of `Test_Options::no_avoid_undefined_behavior()`, instead of the conditionals inside the tests. `Test_Options::no_avoid_undefined_behavior()` will always return `true` if UBSAN is inactive. This way all tests, including those that cause undefined behaviour, will run. Once botan is compiled with UBSAN those tests will be automatically skipped unless the `--no-avoid-undefined` is passed to the test-bench. --- src/tests/test_dl_group.cpp | 5 +---- src/tests/test_ffi.cpp | 4 ---- src/tests/tests.h | 9 ++++++++- src/tests/unit_ecdsa.cpp | 4 ---- 4 files changed, 9 insertions(+), 13 deletions(-) diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp index c9e654bd7a..064cb2221a 100644 --- a/src/tests/test_dl_group.cpp +++ b/src/tests/test_dl_group.cpp @@ -44,19 +44,16 @@ class DL_Group_Tests final : public Test "DL_Group uninitialized", []() { Botan::DL_Group dl; dl.get_p(); }); -#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) if(Test::no_avoid_undefined_behavior()) { -#endif result.test_throws("Bad generator param", "Invalid argument DL_Group unknown PrimeType", []() { auto invalid_type = static_cast(9); Botan::DL_Group dl(Test::rng(), invalid_type, 1024); }); -#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) } -#endif + return result; } diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 0d831f2512..d5627a45f8 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -842,18 +842,14 @@ class FFI_Unit_Tests final : public Test // delete of null is ok/ignored TEST_FFI_RC(0, botan_hash_destroy, (nullptr)); -#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) if(Test::no_avoid_undefined_behavior()) { -#endif // Confirm that botan_x_destroy checks the argument type botan_mp_t mp; botan_mp_init(&mp); TEST_FFI_RC(BOTAN_FFI_ERROR_INVALID_OBJECT, botan_hash_destroy, (reinterpret_cast(mp))); TEST_FFI_RC(0, botan_mp_destroy, (mp)); -#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) } -#endif return result; } diff --git a/src/tests/tests.h b/src/tests/tests.h index 56aa4b8c50..8551e4e4d8 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -97,7 +97,14 @@ class Test_Options bool abort_on_first_fail() const { return m_abort_on_first_fail; } - bool no_avoid_undefined_behavior() const { return m_no_avoid_undefined; } + bool no_avoid_undefined_behavior() const + { +#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) + return m_no_avoid_undefined; +#else + return true; +#endif + } private: std::vector m_requested_tests; diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index f94f445ee4..e21d4764c2 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -299,18 +299,14 @@ Test::Result test_encoding_options() result.test_eq("Hybrid point same size as uncompressed", enc_uncompressed.size(), enc_hybrid.size()); -#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) if(Test::no_avoid_undefined_behavior()) { -#endif auto invalid_format = static_cast(99); result.test_throws("Invalid point format throws", "Invalid argument Invalid point encoding for EC_PublicKey", [&] { key.set_point_encoding(invalid_format); }); -#if defined(BOTAN_HAS_SANITIZER_UNDEFINED) } -#endif return result; } From 3657639abf776e78b35a961d646dd410a7fce492 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 7 Apr 2018 13:34:52 -0400 Subject: [PATCH 0985/1008] Add RAII versions of get_cipher_mode and get_aead See also #1526 --- src/cli/encryption.cpp | 2 +- src/cli/speed.cpp | 4 +- src/cli/timing_tests.cpp | 2 +- src/lib/ffi/ffi_cipher.cpp | 2 +- src/lib/filters/cipher_filter.h | 3 ++ src/lib/filters/key_filt.cpp | 6 +-- src/lib/misc/cryptobox/cryptobox.cpp | 4 +- src/lib/modes/aead/aead.cpp | 52 ++++++++++++++++---------- src/lib/modes/aead/aead.h | 27 +++++++++++++- src/lib/modes/cipher_mode.cpp | 55 +++++++++++++++++----------- src/lib/modes/cipher_mode.h | 44 +++++++++++++++++----- src/lib/pubkey/ecies/ecies.cpp | 7 +--- src/lib/pubkey/mceies/mceies.cpp | 8 +--- src/lib/pubkey/pbes2/pbes2.cpp | 4 +- src/lib/tls/tls_record.cpp | 3 +- src/lib/tls/tls_session.cpp | 4 +- src/tests/test_aead.cpp | 8 ++-- src/tests/test_dlies.cpp | 4 +- src/tests/test_filters.cpp | 4 +- src/tests/test_modes.cpp | 16 ++++---- 20 files changed, 163 insertions(+), 96 deletions(-) diff --git a/src/cli/encryption.cpp b/src/cli/encryption.cpp index c17b00dbb4..444877db57 100644 --- a/src/cli/encryption.cpp +++ b/src/cli/encryption.cpp @@ -44,7 +44,7 @@ do_crypt(const std::string &cipher, // TODO: implement streaming - std::unique_ptr processor(Botan::get_cipher_mode(cipher, direction)); + std::unique_ptr processor(Botan::Cipher_Mode::create(cipher, direction)); if(!processor) throw CLI_Error("Cipher algorithm not found"); diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 00f8086e34..afe75decc6 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -783,9 +783,9 @@ class Speed final : public Command } #endif #if defined(BOTAN_HAS_CIPHER_MODES) - else if(auto enc = Botan::get_cipher_mode(algo, Botan::ENCRYPTION)) + else if(auto enc = Botan::Cipher_Mode::create(algo, Botan::ENCRYPTION)) { - auto dec = Botan::get_cipher_mode(algo, Botan::DECRYPTION); + auto dec = Botan::Cipher_Mode::create_or_throw(algo, Botan::DECRYPTION); bench_cipher_mode(*enc, *dec, msec, buf_sizes); } #endif diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 41f622bd5b..31d5880119 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -217,7 +217,7 @@ std::vector Lucky13_Timing_Test::prepare_input(std::string input) const std::vector key(16); const std::vector iv(16); - std::unique_ptr enc(Botan::get_cipher_mode("AES-128/CBC/NoPadding", Botan::ENCRYPTION)); + std::unique_ptr enc(Botan::Cipher_Mode::create("AES-128/CBC/NoPadding", Botan::ENCRYPTION)); enc->set_key(key); enc->start(iv); Botan::secure_vector buf(input_vector.begin(), input_vector.end()); diff --git a/src/lib/ffi/ffi_cipher.cpp b/src/lib/ffi/ffi_cipher.cpp index ff73de6fbc..871cbd31f6 100644 --- a/src/lib/ffi/ffi_cipher.cpp +++ b/src/lib/ffi/ffi_cipher.cpp @@ -23,7 +23,7 @@ int botan_cipher_init(botan_cipher_t* cipher, const char* cipher_name, uint32_t return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { const bool encrypt_p = ((flags & BOTAN_CIPHER_INIT_FLAG_MASK_DIRECTION) == BOTAN_CIPHER_INIT_FLAG_ENCRYPT); const Botan::Cipher_Dir dir = encrypt_p ? Botan::ENCRYPTION : Botan::DECRYPTION; - std::unique_ptr mode(Botan::get_cipher_mode(cipher_name, dir)); + std::unique_ptr mode(Botan::Cipher_Mode::create(cipher_name, dir)); if(!mode) return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; *cipher = new botan_cipher_struct(mode.release()); diff --git a/src/lib/filters/cipher_filter.h b/src/lib/filters/cipher_filter.h index f0082be5bb..750385d152 100644 --- a/src/lib/filters/cipher_filter.h +++ b/src/lib/filters/cipher_filter.h @@ -23,6 +23,9 @@ class BOTAN_PUBLIC_API(2,0) Cipher_Mode_Filter final : public Keyed_Filter, public: explicit Cipher_Mode_Filter(Cipher_Mode* t); + explicit Cipher_Mode_Filter(std::unique_ptr t) : + Cipher_Mode_Filter(t.release()) {} + void set_iv(const InitializationVector& iv) override; void set_key(const SymmetricKey& key) override; diff --git a/src/lib/filters/key_filt.cpp b/src/lib/filters/key_filt.cpp index 0f6a67da92..b87a8c87f3 100644 --- a/src/lib/filters/key_filt.cpp +++ b/src/lib/filters/key_filt.cpp @@ -12,10 +12,8 @@ namespace Botan { Keyed_Filter* get_cipher(const std::string& algo_spec, Cipher_Dir direction) { - std::unique_ptr c(get_cipher_mode(algo_spec, direction)); - if(c) - return new Cipher_Mode_Filter(c.release()); - throw Algorithm_Not_Found(algo_spec); + std::unique_ptr c(Cipher_Mode::create_or_throw(algo_spec, direction)); + return new Cipher_Mode_Filter(c.release()); } Keyed_Filter* get_cipher(const std::string& algo_spec, diff --git a/src/lib/misc/cryptobox/cryptobox.cpp b/src/lib/misc/cryptobox/cryptobox.cpp index 5d2364871b..452d953088 100644 --- a/src/lib/misc/cryptobox/cryptobox.cpp +++ b/src/lib/misc/cryptobox/cryptobox.cpp @@ -76,7 +76,7 @@ std::string encrypt(const uint8_t input[], size_t input_len, const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN; // Now encrypt and authenticate - std::unique_ptr ctr(get_cipher_mode("Serpent/CTR-BE", ENCRYPTION)); + std::unique_ptr ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", ENCRYPTION); ctr->set_key(cipher_key, CIPHER_KEY_LEN); ctr->start(iv, CIPHER_IV_LEN); ctr->finish(out_buf, CRYPTOBOX_HEADER_LEN); @@ -142,7 +142,7 @@ decrypt_bin(const uint8_t input[], size_t input_len, if(!constant_time_compare(computed_mac.data(), box_mac, MAC_OUTPUT_LEN)) throw Decoding_Error("CryptoBox integrity failure"); - std::unique_ptr ctr(get_cipher_mode("Serpent/CTR-BE", DECRYPTION)); + std::unique_ptr ctr(Cipher_Mode::create_or_throw("Serpent/CTR-BE", DECRYPTION)); ctr->set_key(cipher_key, CIPHER_KEY_LEN); ctr->start(iv, CIPHER_IV_LEN); ctr->finish(ciphertext, CRYPTOBOX_HEADER_LEN); diff --git a/src/lib/modes/aead/aead.cpp b/src/lib/modes/aead/aead.cpp index e8885dc0ee..cd1db761dd 100644 --- a/src/lib/modes/aead/aead.cpp +++ b/src/lib/modes/aead/aead.cpp @@ -39,15 +39,27 @@ namespace Botan { -AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) +std::unique_ptr AEAD_Mode::create_or_throw(const std::string& algo, + Cipher_Dir dir, + const std::string& provider) + { + if(auto aead = AEAD_Mode::create(algo, dir, provider)) + return aead; + + throw Lookup_Error("AEAD", algo, provider); + } + +std::unique_ptr AEAD_Mode::create(const std::string& algo, + Cipher_Dir dir, + const std::string& provider) { #if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) if(algo == "ChaCha20Poly1305") { if(dir == ENCRYPTION) - return new ChaCha20Poly1305_Encryption; + return std::unique_ptr(new ChaCha20Poly1305_Encryption); else - return new ChaCha20Poly1305_Decryption; + return std::unique_ptr(new ChaCha20Poly1305_Decryption); } #endif @@ -59,7 +71,7 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) const std::vector mode_info = parse_algorithm_name(algo_parts[1]); if(mode_info.empty()) - return nullptr; + return std::unique_ptr(); std::ostringstream alg_args; @@ -71,7 +83,7 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) alg_args << ')'; const std::string mode_name = mode_info[0] + alg_args.str(); - return get_aead(mode_name, dir); + return AEAD_Mode::create(mode_name, dir); } #if defined(BOTAN_HAS_BLOCK_CIPHER) @@ -80,14 +92,14 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) if(req.arg_count() == 0) { - return nullptr; + return std::unique_ptr(); } - std::unique_ptr bc(BlockCipher::create(req.arg(0))); + std::unique_ptr bc(BlockCipher::create(req.arg(0), provider)); if(!bc) { - return nullptr; + return std::unique_ptr(); } #if defined(BOTAN_HAS_AEAD_CCM) @@ -96,9 +108,9 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) size_t tag_len = req.arg_as_integer(1, 16); size_t L_len = req.arg_as_integer(2, 3); if(dir == ENCRYPTION) - return new CCM_Encryption(bc.release(), tag_len, L_len); + return std::unique_ptr(new CCM_Encryption(bc.release(), tag_len, L_len)); else - return new CCM_Decryption(bc.release(), tag_len, L_len); + return std::unique_ptr(new CCM_Decryption(bc.release(), tag_len, L_len)); } #endif @@ -107,9 +119,9 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) { size_t tag_len = req.arg_as_integer(1, 16); if(dir == ENCRYPTION) - return new GCM_Encryption(bc.release(), tag_len); + return std::unique_ptr(new GCM_Encryption(bc.release(), tag_len)); else - return new GCM_Decryption(bc.release(), tag_len); + return std::unique_ptr(new GCM_Decryption(bc.release(), tag_len)); } #endif @@ -118,9 +130,9 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) { size_t tag_len = req.arg_as_integer(1, 16); if(dir == ENCRYPTION) - return new OCB_Encryption(bc.release(), tag_len); + return std::unique_ptr(new OCB_Encryption(bc.release(), tag_len)); else - return new OCB_Decryption(bc.release(), tag_len); + return std::unique_ptr(new OCB_Decryption(bc.release(), tag_len)); } #endif @@ -129,9 +141,9 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) { size_t tag_len = req.arg_as_integer(1, bc->block_size()); if(dir == ENCRYPTION) - return new EAX_Encryption(bc.release(), tag_len); + return std::unique_ptr(new EAX_Encryption(bc.release(), tag_len)); else - return new EAX_Decryption(bc.release(), tag_len); + return std::unique_ptr(new EAX_Decryption(bc.release(), tag_len)); } #endif @@ -139,15 +151,17 @@ AEAD_Mode* get_aead(const std::string& algo, Cipher_Dir dir) if(req.algo_name() == "SIV") { if(dir == ENCRYPTION) - return new SIV_Encryption(bc.release()); + return std::unique_ptr(new SIV_Encryption(bc.release())); else - return new SIV_Decryption(bc.release()); + return std::unique_ptr(new SIV_Decryption(bc.release())); } #endif #endif - return nullptr; + return std::unique_ptr(); } + + } diff --git a/src/lib/modes/aead/aead.h b/src/lib/modes/aead/aead.h index 18bc339f1e..4d4b60ce15 100644 --- a/src/lib/modes/aead/aead.h +++ b/src/lib/modes/aead/aead.h @@ -22,6 +22,28 @@ namespace Botan { class BOTAN_PUBLIC_API(2,0) AEAD_Mode : public Cipher_Mode { public: + /** + * Create an AEAD mode + * @param algo the algorithm to create + * @param direction specify if this should be an encryption or decryption AEAD + * @param provider optional specification for provider to use + * @return an AEAD mode or a null pointer if not available + */ + static std::unique_ptr create(const std::string& algo, + Cipher_Dir direction, + const std::string& provider = ""); + + /** + * Create an AEAD mode, or throw + * @param algo the algorithm to create + * @param direction specify if this should be an encryption or decryption AEAD + * @param provider optional specification for provider to use + * @return an AEAD mode, or throw an exception + */ + static std::unique_ptr create_or_throw(const std::string& algo, + Cipher_Dir direction, + const std::string& provider = ""); + bool authenticated() const override { return true; } /** @@ -82,7 +104,10 @@ class BOTAN_PUBLIC_API(2,0) AEAD_Mode : public Cipher_Mode * @param name AEAD name * @param direction ENCRYPTION or DECRYPTION */ -BOTAN_PUBLIC_API(2,0) AEAD_Mode* get_aead(const std::string& name, Cipher_Dir direction); +inline AEAD_Mode* get_aead(const std::string& name, Cipher_Dir direction) + { + return AEAD_Mode::create(name, direction, "").release(); + } } diff --git a/src/lib/modes/cipher_mode.cpp b/src/lib/modes/cipher_mode.cpp index 804713be7b..6d04d93b4e 100644 --- a/src/lib/modes/cipher_mode.cpp +++ b/src/lib/modes/cipher_mode.cpp @@ -37,29 +37,42 @@ namespace Botan { -Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, - const std::string& provider) +std::unique_ptr Cipher_Mode::create_or_throw(const std::string& algo, + Cipher_Dir direction, + const std::string& provider) + { + if(auto mode = Cipher_Mode::create(algo, direction, provider)) + return mode; + + throw Lookup_Error("Cipher mode", algo, provider); + } + +std::unique_ptr Cipher_Mode::create(const std::string& algo, + Cipher_Dir direction, + const std::string& provider) { #if defined(BOTAN_HAS_OPENSSL) if(provider.empty() || provider == "openssl") { - if(Cipher_Mode* bc = make_openssl_cipher_mode(algo, direction)) - return bc; + std::unique_ptr openssl_cipher(make_openssl_cipher_mode(algo, direction)); + + if(openssl_cipher) + return openssl_cipher; if(!provider.empty()) - return nullptr; + return std::unique_ptr(); } #endif #if defined(BOTAN_HAS_STREAM_CIPHER) if(auto sc = StreamCipher::create(algo)) { - return new Stream_Cipher_Mode(sc.release()); + return std::unique_ptr(new Stream_Cipher_Mode(sc.release())); } #endif #if defined(BOTAN_HAS_AEAD_MODES) - if(auto aead = get_aead(algo, direction)) + if(auto aead = AEAD_Mode::create(algo, direction)) { return aead; } @@ -72,7 +85,7 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, const std::vector mode_info = parse_algorithm_name(algo_parts[1]); if(mode_info.empty()) - return nullptr; + return std::unique_ptr(); std::ostringstream alg_args; @@ -84,7 +97,7 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, alg_args << ')'; const std::string mode_name = mode_info[0] + alg_args.str(); - return get_cipher_mode(mode_name, direction, provider); + return Cipher_Mode::create(mode_name, direction, provider); } #if defined(BOTAN_HAS_BLOCK_CIPHER) @@ -93,14 +106,14 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, if(spec.arg_count() == 0) { - return nullptr; + return std::unique_ptr(); } std::unique_ptr bc(BlockCipher::create(spec.arg(0), provider)); if(!bc) { - return nullptr; + return std::unique_ptr(); } #if defined(BOTAN_HAS_MODE_CBC) @@ -111,9 +124,9 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, if(padding == "CTS") { if(direction == ENCRYPTION) - return new CTS_Encryption(bc.release()); + return std::unique_ptr(new CTS_Encryption(bc.release())); else - return new CTS_Decryption(bc.release()); + return std::unique_ptr(new CTS_Decryption(bc.release())); } else { @@ -122,9 +135,9 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, if(pad) { if(direction == ENCRYPTION) - return new CBC_Encryption(bc.release(), pad.release()); + return std::unique_ptr(new CBC_Encryption(bc.release(), pad.release())); else - return new CBC_Decryption(bc.release(), pad.release()); + return std::unique_ptr(new CBC_Decryption(bc.release(), pad.release())); } } } @@ -134,9 +147,9 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, if(spec.algo_name() == "XTS") { if(direction == ENCRYPTION) - return new XTS_Encryption(bc.release()); + return std::unique_ptr(new XTS_Encryption(bc.release())); else - return new XTS_Decryption(bc.release()); + return std::unique_ptr(new XTS_Decryption(bc.release())); } #endif @@ -145,15 +158,15 @@ Cipher_Mode* get_cipher_mode(const std::string& algo, Cipher_Dir direction, { const size_t feedback_bits = spec.arg_as_integer(1, 8*bc->block_size()); if(direction == ENCRYPTION) - return new CFB_Encryption(bc.release(), feedback_bits); + return std::unique_ptr(new CFB_Encryption(bc.release(), feedback_bits)); else - return new CFB_Decryption(bc.release(), feedback_bits); + return std::unique_ptr(new CFB_Decryption(bc.release(), feedback_bits)); } #endif #endif - return nullptr; + return std::unique_ptr(); } //static @@ -163,7 +176,7 @@ std::vector Cipher_Mode::providers(const std::string& algo_spec) std::vector providers; for(auto&& prov : possible) { - std::unique_ptr mode(get_cipher_mode(algo_spec, ENCRYPTION, prov)); + std::unique_ptr mode = Cipher_Mode::create(algo_spec, ENCRYPTION, prov); if(mode) { providers.push_back(prov); // available diff --git a/src/lib/modes/cipher_mode.h b/src/lib/modes/cipher_mode.h index 7abfdac977..f67e737a43 100644 --- a/src/lib/modes/cipher_mode.h +++ b/src/lib/modes/cipher_mode.h @@ -17,6 +17,12 @@ namespace Botan { +/** +* The two possible directions for cipher filters, determining whether they +* actually perform encryption or decryption. +*/ +enum Cipher_Dir : int { ENCRYPTION, DECRYPTION }; + /** * Interface for cipher modes */ @@ -31,6 +37,28 @@ class BOTAN_PUBLIC_API(2,0) Cipher_Mode */ static std::vector providers(const std::string& algo_spec); + /** + * Create an AEAD mode + * @param algo the algorithm to create + * @param direction specify if this should be an encryption or decryption AEAD + * @param provider optional specification for provider to use + * @return an AEAD mode or a null pointer if not available + */ + static std::unique_ptr create(const std::string& algo, + Cipher_Dir direction, + const std::string& provider = ""); + + /** + * Create an AEAD mode, or throw + * @param algo the algorithm to create + * @param direction specify if this should be an encryption or decryption AEAD + * @param provider optional specification for provider to use + * @return an AEAD mode, or throw an exception + */ + static std::unique_ptr create_or_throw(const std::string& algo, + Cipher_Dir direction, + const std::string& provider = ""); + /* * Prepare for processing a message under the specified nonce */ @@ -211,22 +239,18 @@ class BOTAN_PUBLIC_API(2,0) Cipher_Mode virtual void key_schedule(const uint8_t key[], size_t length) = 0; }; -/** -* The two possible directions for cipher filters, determining whether they -* actually perform encryption or decryption. -*/ -enum Cipher_Dir : int { ENCRYPTION, DECRYPTION }; - /** * Get a cipher mode by name (eg "AES-128/CBC" or "Serpent/XTS") * @param algo_spec cipher name * @param direction ENCRYPTION or DECRYPTION * @param provider provider implementation to choose */ -BOTAN_PUBLIC_API(2,2) -Cipher_Mode* get_cipher_mode(const std::string& algo_spec, - Cipher_Dir direction, - const std::string& provider = ""); +inline Cipher_Mode* get_cipher_mode(const std::string& algo_spec, + Cipher_Dir direction, + const std::string& provider = "") + { + return Cipher_Mode::create(algo_spec, direction, provider).release(); + } } diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 8bc4e2600d..793cca2253 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -221,12 +221,7 @@ std::unique_ptr ECIES_System_Params::create_mac() con std::unique_ptr ECIES_System_Params::create_cipher(Botan::Cipher_Dir direction) const { - Cipher_Mode* cipher = get_cipher_mode(m_dem_spec, direction); - if(cipher == nullptr) - { - throw Algorithm_Not_Found(m_dem_spec); - } - return std::unique_ptr(cipher); + return Cipher_Mode::create_or_throw(m_dem_spec, direction); } diff --git a/src/lib/pubkey/mceies/mceies.cpp b/src/lib/pubkey/mceies/mceies.cpp index 3cdb9a6f8a..15706d4300 100644 --- a/src/lib/pubkey/mceies/mceies.cpp +++ b/src/lib/pubkey/mceies/mceies.cpp @@ -46,9 +46,7 @@ mceies_encrypt(const McEliece_PublicKey& pubkey, BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size"); - std::unique_ptr aead(get_aead(algo, ENCRYPTION)); - if(!aead) - throw Exception("mce_encrypt unable to create AEAD instance '" + algo + "'"); + std::unique_ptr aead = AEAD_Mode::create_or_throw(algo, ENCRYPTION); const size_t nonce_len = aead->default_nonce_length(); @@ -80,9 +78,7 @@ mceies_decrypt(const McEliece_PrivateKey& privkey, const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8; - std::unique_ptr aead(get_aead(algo, DECRYPTION)); - if(!aead) - throw Exception("Unable to create AEAD instance '" + algo + "'"); + std::unique_ptr aead = AEAD_Mode::create_or_throw(algo, DECRYPTION); const size_t nonce_len = aead->default_nonce_length(); diff --git a/src/lib/pubkey/pbes2/pbes2.cpp b/src/lib/pubkey/pbes2/pbes2.cpp index 65e2cb4297..e7bdf96ec7 100644 --- a/src/lib/pubkey/pbes2/pbes2.cpp +++ b/src/lib/pubkey/pbes2/pbes2.cpp @@ -77,7 +77,7 @@ pbes2_encrypt_shared(const secure_vector& key_bits, if(cipher_spec[1] != "CBC" && cipher_spec[1] != "GCM") throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher); - std::unique_ptr enc(get_cipher_mode(cipher, ENCRYPTION)); + std::unique_ptr enc = Cipher_Mode::create(cipher, ENCRYPTION); if(!enc) throw Decoding_Error("PBE-PKCS5 cannot encrypt no cipher " + cipher); @@ -208,7 +208,7 @@ pbes2_decrypt(const secure_vector& key_bits, std::unique_ptr pbkdf(get_pbkdf("PBKDF2(" + prf + ")")); - std::unique_ptr dec(get_cipher_mode(cipher, DECRYPTION)); + std::unique_ptr dec = Cipher_Mode::create(cipher, DECRYPTION); if(!dec) throw Decoding_Error("PBE-PKCS5 cannot decrypt no cipher " + cipher); diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 8997c319ae..ded3831d09 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -92,8 +92,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, } else { - m_aead.reset(get_aead(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION)); - BOTAN_ASSERT(m_aead, "Have AEAD"); + m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION); m_aead->set_key(cipher_key + mac_key); diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index f595101f24..85443949db 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -179,7 +179,7 @@ std::chrono::seconds Session::session_age() const std::vector Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const { - std::unique_ptr aead(get_aead("AES-256/GCM", ENCRYPTION)); + std::unique_ptr aead = AEAD_Mode::create_or_throw("AES-256/GCM", ENCRYPTION); const size_t nonce_len = aead->default_nonce_length(); const secure_vector nonce = rng.random_vec(nonce_len); @@ -202,7 +202,7 @@ Session Session::decrypt(const uint8_t in[], size_t in_len, const SymmetricKey& { try { - std::unique_ptr aead(get_aead("AES-256/GCM", DECRYPTION)); + std::unique_ptr aead = AEAD_Mode::create_or_throw("AES-256/GCM", ENCRYPTION); const size_t nonce_len = aead->default_nonce_length(); if(in_len < nonce_len + aead->tag_size()) diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp index 13d6ee3207..afd1693967 100644 --- a/src/tests/test_aead.cpp +++ b/src/tests/test_aead.cpp @@ -28,7 +28,7 @@ class AEAD_Tests final : public Text_Based_Test { Test::Result result(algo); - std::unique_ptr enc(Botan::get_aead(algo, Botan::ENCRYPTION)); + std::unique_ptr enc(Botan::AEAD_Mode::create(algo, Botan::ENCRYPTION)); result.test_eq("AEAD encrypt output_length is correct", enc->output_length(input.size()), expected.size()); @@ -142,7 +142,7 @@ class AEAD_Tests final : public Text_Based_Test { Test::Result result(algo); - std::unique_ptr dec(Botan::get_aead(algo, Botan::DECRYPTION)); + std::unique_ptr dec(Botan::AEAD_Mode::create(algo, Botan::DECRYPTION)); result.test_eq("AEAD decrypt output_length is correct", dec->output_length(input.size()), expected.size()); @@ -327,8 +327,8 @@ class AEAD_Tests final : public Text_Based_Test Test::Result result(algo); - std::unique_ptr enc(Botan::get_aead(algo, Botan::ENCRYPTION)); - std::unique_ptr dec(Botan::get_aead(algo, Botan::DECRYPTION)); + std::unique_ptr enc(Botan::AEAD_Mode::create(algo, Botan::ENCRYPTION)); + std::unique_ptr dec(Botan::AEAD_Mode::create(algo, Botan::DECRYPTION)); if(!enc || !dec) { diff --git a/src/tests/test_dlies.cpp b/src/tests/test_dlies.cpp index 4c9708052a..d3fb76498d 100644 --- a/src/tests/test_dlies.cpp +++ b/src/tests/test_dlies.cpp @@ -64,8 +64,8 @@ class DLIES_KAT_Tests final : public Text_Based_Test if(cipher_algo != "XOR") { - enc.reset(Botan::get_cipher_mode(cipher_algo, Botan::ENCRYPTION)); - dec.reset(Botan::get_cipher_mode(cipher_algo, Botan::DECRYPTION)); + enc = Botan::Cipher_Mode::create(cipher_algo, Botan::ENCRYPTION); + dec = Botan::Cipher_Mode::create(cipher_algo, Botan::DECRYPTION); if(!enc || !dec) { diff --git a/src/tests/test_filters.cpp b/src/tests/test_filters.cpp index c1bcf36031..71bcae14a4 100644 --- a/src/tests/test_filters.cpp +++ b/src/tests/test_filters.cpp @@ -423,7 +423,7 @@ class Filter_Tests final : public Test #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_MODE_CBC) && defined(BOTAN_HAS_CIPHER_MODE_PADDING) Botan::Cipher_Mode_Filter* cipher = - new Botan::Cipher_Mode_Filter(Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); + new Botan::Cipher_Mode_Filter(Botan::Cipher_Mode::create("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); result.test_eq("Cipher filter name", cipher->name(), "AES-128/CBC/PKCS7"); @@ -458,7 +458,7 @@ class Filter_Tests final : public Test result.test_eq("Ciphertext3", ciphertext3, "1241B9976F73051BCF809525D6E86C25"); Botan::Cipher_Mode_Filter* dec_cipher = - new Botan::Cipher_Mode_Filter(Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::DECRYPTION)); + new Botan::Cipher_Mode_Filter(Botan::Cipher_Mode::create("AES-128/CBC/PKCS7", Botan::DECRYPTION)); pipe.append(dec_cipher); dec_cipher->set_key(Botan::SymmetricKey("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")); dec_cipher->set_iv(Botan::InitializationVector("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB")); diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index 89b2018731..6cdcd73b0e 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -45,9 +45,9 @@ class Cipher_Mode_Tests final : public Text_Based_Test for(auto&& provider_ask : providers) { - std::unique_ptr enc(Botan::get_cipher_mode( + std::unique_ptr enc(Botan::Cipher_Mode::create( algo, Botan::ENCRYPTION, provider_ask)); - std::unique_ptr dec(Botan::get_cipher_mode( + std::unique_ptr dec(Botan::Cipher_Mode::create( algo, Botan::DECRYPTION, provider_ask)); if(!enc || !dec) @@ -198,9 +198,9 @@ class Cipher_Mode_IV_Carry_Tests final : public Test #if defined(BOTAN_HAS_MODE_CBC) && defined(BOTAN_HAS_AES) std::unique_ptr enc( - Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); + Botan::Cipher_Mode::create("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); std::unique_ptr dec( - Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::DECRYPTION)); + Botan::Cipher_Mode::create("AES-128/CBC/PKCS7", Botan::DECRYPTION)); const std::vector key(16, 0xAA); const std::vector iv(16, 0xAA); @@ -251,9 +251,9 @@ class Cipher_Mode_IV_Carry_Tests final : public Test Test::Result result("CFB IV carry"); #if defined(BOTAN_HAS_MODE_CFB) && defined(BOTAN_HAS_AES) std::unique_ptr enc( - Botan::get_cipher_mode("AES-128/CFB(8)", Botan::ENCRYPTION)); + Botan::Cipher_Mode::create("AES-128/CFB(8)", Botan::ENCRYPTION)); std::unique_ptr dec( - Botan::get_cipher_mode("AES-128/CFB(8)", Botan::DECRYPTION)); + Botan::Cipher_Mode::create("AES-128/CFB(8)", Botan::DECRYPTION)); const std::vector key(16, 0xAA); const std::vector iv(16, 0xAB); @@ -300,9 +300,9 @@ class Cipher_Mode_IV_Carry_Tests final : public Test #if defined(BOTAN_HAS_CTR_BE) && defined(BOTAN_HAS_AES) std::unique_ptr enc( - Botan::get_cipher_mode("AES-128/CTR-BE", Botan::ENCRYPTION)); + Botan::Cipher_Mode::create("AES-128/CTR-BE", Botan::ENCRYPTION)); std::unique_ptr dec( - Botan::get_cipher_mode("AES-128/CTR-BE", Botan::DECRYPTION)); + Botan::Cipher_Mode::create("AES-128/CTR-BE", Botan::DECRYPTION)); const std::vector key = Botan::hex_decode("2B7E151628AED2A6ABF7158809CF4F3C"); From bcca9c5b71e28f08787e2b130380e99f1c728245 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 7 Apr 2018 14:00:57 -0400 Subject: [PATCH 0986/1008] Update docs [ci skip] --- doc/manual/cipher_modes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/manual/cipher_modes.rst b/doc/manual/cipher_modes.rst index ffd36a218e..ca53a6ab52 100644 --- a/doc/manual/cipher_modes.rst +++ b/doc/manual/cipher_modes.rst @@ -95,7 +95,7 @@ with PKCS#7 padding. const std::string plaintext("Your great-grandfather gave this watch to your granddad for good luck. Unfortunately, Dane's luck wasn't as good as his old man's."); const std::vector key = Botan::hex_decode("2B7E151628AED2A6ABF7158809CF4F3C"); - std::unique_ptr enc(Botan::get_cipher_mode("AES-128/CBC/PKCS7", Botan::ENCRYPTION)); + std::unique_ptr enc = Botan::Cipher_Mode::create("AES-128/CBC/PKCS7", Botan::ENCRYPTION); enc->set_key(key); Botan::secure_vector pt(plaintext.data(), plaintext.data()+plaintext.length()); From 2d5644acddd2093c94fb22279836fe589a60a0f3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 7 Apr 2018 14:07:55 -0400 Subject: [PATCH 0987/1008] Work around unique_ptr conversion bug in older GCC --- src/lib/modes/cipher_mode.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/modes/cipher_mode.cpp b/src/lib/modes/cipher_mode.cpp index 6d04d93b4e..00d7a4db08 100644 --- a/src/lib/modes/cipher_mode.cpp +++ b/src/lib/modes/cipher_mode.cpp @@ -74,7 +74,7 @@ std::unique_ptr Cipher_Mode::create(const std::string& algo, #if defined(BOTAN_HAS_AEAD_MODES) if(auto aead = AEAD_Mode::create(algo, direction)) { - return aead; + return std::unique_ptr(aead.release()); } #endif From 65afee3f1220960c0049a7ec21a97c69c60bb68f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 7 Apr 2018 14:22:48 -0400 Subject: [PATCH 0988/1008] Add sanitizer-specific optimization flags --- configure.py | 17 ++++++++++++++++- src/build-data/cc/clang.txt | 1 + src/build-data/cc/gcc.txt | 5 +++-- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/configure.py b/configure.py index 986081279d..378e12c822 100755 --- a/configure.py +++ b/configure.py @@ -1045,7 +1045,7 @@ def __init__(self, infofile): lex = lex_me_harder( infofile, [], - ['cpu_flags', 'so_link_commands', 'binary_link_commands', + ['cpu_flags', 'cpu_flags_no_debug', 'so_link_commands', 'binary_link_commands', 'mach_abi_linking', 'isa_flags', 'sanitizers'], { 'binary_name': None, @@ -1062,6 +1062,7 @@ def __init__(self, infofile): 'debug_info_flags': '-g', 'optimization_flags': '', 'size_optimization_flags': '', + 'sanitizer_optimization_flags': '', 'coverage_flags': '', 'stack_protector_flags': '', 'shared_flags': '', @@ -1085,6 +1086,7 @@ def __init__(self, infofile): self.binary_link_commands = lex.binary_link_commands self.binary_name = lex.binary_name self.cpu_flags = lex.cpu_flags + self.cpu_flags_no_debug = lex.cpu_flags_no_debug self.compile_flags = lex.compile_flags self.coverage_flags = lex.coverage_flags self.debug_info_flags = lex.debug_info_flags @@ -1100,6 +1102,7 @@ def __init__(self, infofile): self.preproc_flags = lex.preproc_flags self.sanitizers = lex.sanitizers self.sanitizer_types = [] + self.sanitizer_optimization_flags = lex.sanitizer_optimization_flags self.shared_flags = lex.shared_flags self.size_optimization_flags = lex.size_optimization_flags self.so_link_commands = lex.so_link_commands @@ -1252,6 +1255,9 @@ def cc_lang_flags(self): def cc_compile_flags(self, options, with_debug_info=None, enable_optimizations=None): def gen_flags(with_debug_info, enable_optimizations): + + sanitizers_enabled = options.with_sanitizers or (len(options.enable_sanitizers) > 0) + if with_debug_info is None: with_debug_info = options.with_debug_info if enable_optimizations is None: @@ -1267,12 +1273,21 @@ def gen_flags(with_debug_info, enable_optimizations): else: logging.warning("No size optimization flags set for current compiler") yield self.optimization_flags + elif sanitizers_enabled and self.sanitizer_optimization_flags != '': + yield self.sanitizer_optimization_flags else: yield self.optimization_flags if options.arch in self.cpu_flags: yield self.cpu_flags[options.arch] + if options.arch in self.cpu_flags_no_debug: + + # Only enable these if no debug/sanitizer options enabled + + if not (options.debug_mode or sanitizers_enabled): + yield self.cpu_flags_no_debug[options.arch] + return (' '.join(gen_flags(with_debug_info, enable_optimizations))).strip() @staticmethod diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 817a0610c1..d8c0281917 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -8,6 +8,7 @@ warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-over maintainer_warning_flags "-Wunreachable-code -Wdocumentation -Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unreachable-code" optimization_flags "-O3" +sanitizer_optimization_flags "-O1 -fno-optimize-sibling-calls -fno-omit-frame-pointer" size_optimization_flags "-Os" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 7aeb390e1c..0b12e00bcf 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -10,6 +10,7 @@ warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wcast-align -Wmissing maintainer_warning_flags "-Wstrict-overflow=5 -Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=strict-overflow" optimization_flags "-O3" +sanitizer_optimization_flags "-O1 -fno-optimize-sibling-calls -fno-omit-frame-pointer" size_optimization_flags "-Os" shared_flags "-fPIC" @@ -69,10 +70,10 @@ arm32:neon -> "-mfpu=neon" arm64:neon -> "" - + x86_32 -> "-momit-leaf-frame-pointer" x86_64 -> "-momit-leaf-frame-pointer" - + # Flags set here are included at compile and link time From 6b128a8d6b615b2f3749a1d675ab449a9f61b2df Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 7 Apr 2018 14:25:49 -0400 Subject: [PATCH 0989/1008] Avoid a warning when building under Clang [ci skip] --- src/tests/tests.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/tests.h b/src/tests/tests.h index 8551e4e4d8..1ccf562bb0 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -102,6 +102,7 @@ class Test_Options #if defined(BOTAN_HAS_SANITIZER_UNDEFINED) return m_no_avoid_undefined; #else + BOTAN_UNUSED(m_no_avoid_undefined); return true; #endif } From c921a1bff2f267dd94f7e4aa8f30341e83d8d52f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 18:43:18 -0400 Subject: [PATCH 0990/1008] Convert comba script to Python3 --- src/lib/math/mp/mp_comba.cpp | 2 +- src/scripts/comba.py | 52 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/src/lib/math/mp/mp_comba.cpp b/src/lib/math/mp/mp_comba.cpp index 647cb68cda..5cbd70e562 100644 --- a/src/lib/math/mp/mp_comba.cpp +++ b/src/lib/math/mp/mp_comba.cpp @@ -1,7 +1,7 @@ /* * Comba Multiplication and Squaring * -* This file was automatically generated by ./src/scripts/comba.py on 2016-01-01 +* This file was automatically generated by ./src/scripts/comba.py on 2018-04-08 * * Botan is released under the Simplified BSD License (see license.txt) */ diff --git a/src/scripts/comba.py b/src/scripts/comba.py index 2fa95fb245..8cff76f8f2 100755 --- a/src/scripts/comba.py +++ b/src/scripts/comba.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2 +#!/usr/bin/python3 import sys import datetime @@ -12,10 +12,10 @@ def comba_indexes(N): indexes = [] - for i in xrange(0, 2*N): + for i in range(0, 2*N): x = [] - for j in xrange(max(0, i-N+1), min(N, i+1)): + for j in range(max(0, i-N+1), min(N, i+1)): x += [(j,i-j)] indexes += [sorted(x)] @@ -25,10 +25,10 @@ def comba_sqr_indexes(N): indexes = [] - for i in xrange(0, 2*N): + for i in range(0, 2*N): x = [] - for j in xrange(max(0, i-N+1), min(N, i+1)): + for j in range(max(0, i-N+1), min(N, i+1)): if j < i-j: x += [(j,i-j)] else: @@ -46,14 +46,14 @@ def comba_multiply_code(N): for (i,idx) in zip(range(0, len(indexes)), indexes): for pair in idx: - print " word3_muladd(&%s, &%s, &%s, x[%2d], y[%2d]);" % (w2, w1, w0, pair[0], pair[1]) + print(" word3_muladd(&%s, &%s, &%s, x[%2d], y[%2d]);" % (w2, w1, w0, pair[0], pair[1])) if i < 2*N-2: - print " z[%2d] = %s; %s = 0;\n" % (i, w0, w0) + print(" z[%2d] = %s; %s = 0;\n" % (i, w0, w0)) else: - print " z[%2d] = %s;" % (i, w0) + print(" z[%2d] = %s;" % (i, w0)) (w0,w1,w2) = (w1,w2,w0) - #print "z[%2d] = w0; w0 = w1; w1 = w2; w2 = 0;" % (i) + #print("z[%2d] = w0; w0 = w1; w1 = w2; w2 = 0;" % (i)) def comba_square_code(N): indexes = comba_sqr_indexes(N) @@ -65,14 +65,14 @@ def comba_square_code(N): for (rnd,idx) in zip(range(0, len(indexes)), indexes): for (i,pair) in zip(range(0, len(idx)), idx): if pair[0] == pair[1]: - print " word3_muladd (&%s, &%s, &%s, x[%2d], x[%2d]);" % (w2, w1, w0, pair[0], pair[1]) + print(" word3_muladd (&%s, &%s, &%s, x[%2d], x[%2d]);" % (w2, w1, w0, pair[0], pair[1])) elif i % 2 == 0: - print " word3_muladd_2(&%s, &%s, &%s, x[%2d], x[%2d]);" % (w2, w1, w0, pair[0], pair[1]) + print(" word3_muladd_2(&%s, &%s, &%s, x[%2d], x[%2d]);" % (w2, w1, w0, pair[0], pair[1])) if rnd < 2*N-2: - print " z[%2d] = %s; %s = 0;\n" % (rnd, w0, w0) + print(" z[%2d] = %s; %s = 0;\n" % (rnd, w0, w0)) else: - print " z[%2d] = %s;" % (rnd, w0) + print(" z[%2d] = %s;" % (rnd, w0)) (w0,w1,w2) = (w1,w2,w0) @@ -80,7 +80,7 @@ def main(args = None): if args is None: args = sys.argv - print """/* + print("""/* * Comba Multiplication and Squaring * * This file was automatically generated by %s on %s @@ -92,28 +92,28 @@ def main(args = None): #include namespace Botan { -""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d")) +""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"))) for n in [4,6,8,9,16]: - print "/*\n* Comba %dx%d Squaring\n*/" % (n, n) - print "void bigint_comba_sqr%d(word z[%d], const word x[%d])" % (n, 2*n, n) - print " {" - print " word w2 = 0, w1 = 0, w0 = 0;\n" + print("/*\n* Comba %dx%d Squaring\n*/" % (n, n)) + print("void bigint_comba_sqr%d(word z[%d], const word x[%d])" % (n, 2*n, n)) + print(" {") + print(" word w2 = 0, w1 = 0, w0 = 0;\n") comba_square_code(n) - print " }\n" + print(" }\n") - print "/*\n* Comba %dx%d Multiplication\n*/" % (n, n) - print "void bigint_comba_mul%d(word z[%d], const word x[%d], const word y[%d])" % (n, 2*n, n, n) - print " {" - print " word w2 = 0, w1 = 0, w0 = 0;\n" + print("/*\n* Comba %dx%d Multiplication\n*/" % (n, n)) + print("void bigint_comba_mul%d(word z[%d], const word x[%d], const word y[%d])" % (n, 2*n, n, n)) + print(" {") + print(" word w2 = 0, w1 = 0, w0 = 0;\n") comba_multiply_code(n) - print " }\n" + print(" }\n") - print "}" + print("}") if __name__ == '__main__': sys.exit(main()) From 0ca00cd6184a9c9e4d6a0dfc8a2488746ee22f23 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 19:21:35 -0400 Subject: [PATCH 0991/1008] Add BigInt::square plus a speed test for BigInt multiply --- src/cli/speed.cpp | 47 ++++++++++++++++++++++++++ src/lib/math/bigint/big_ops2.cpp | 16 +++++++++ src/lib/math/bigint/bigint.h | 6 ++++ src/lib/math/numbertheory/mp_numth.cpp | 11 ++---- 4 files changed, 72 insertions(+), 8 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index afe75decc6..b8397363fb 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -23,6 +23,10 @@ #include #include +#if defined(BOTAN_HAS_BIGINT) + #include +#endif + #if defined(BOTAN_HAS_BLOCK_CIPHER) #include #endif @@ -895,6 +899,13 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_BIGINT) + else if(algo == "mp_mul") + { + bench_mp_mul(msec); + } +#endif + #if defined(BOTAN_HAS_NUMBERTHEORY) else if(algo == "random_prime") { @@ -1428,6 +1439,42 @@ class Speed final : public Command } #endif +#if defined(BOTAN_HAS_BIGINT) + + void bench_mp_mul(const std::chrono::milliseconds runtime) + { + std::chrono::milliseconds runtime_per_size = runtime / 9; + for(size_t bits : { 256, 384, 512, 768, 1024, 1536, 2048, 3072, 4096 }) + { + std::unique_ptr mul_timer = make_timer("BigInt mul " + std::to_string(bits)); + std::unique_ptr sqr_timer = make_timer("BigInt sqr " + std::to_string(bits)); + + const Botan::BigInt y(rng(), bits); + Botan::secure_vector ws; + + while(mul_timer->under(runtime_per_size)) + { + Botan::BigInt x(rng(), bits); + + sqr_timer->start(); + x.square(ws); + sqr_timer->stop(); + + x.mask_bits(bits); + + mul_timer->start(); + x.mul(y, ws); + mul_timer->stop(); + } + + record_result(mul_timer); + record_result(sqr_timer); + } + + } + +#endif + #if defined(BOTAN_HAS_DL_GROUP) void bench_modexp(const std::chrono::milliseconds runtime) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index 9277834ba3..eea6a85904 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -177,6 +177,22 @@ BigInt& BigInt::mul(const BigInt& y, secure_vector& ws) return (*this); } +BigInt& BigInt::square(secure_vector& ws) + { + const size_t sw = sig_words(); + + secure_vector z(2*sw); + ws.resize(z.size()); + + bigint_sqr(z.data(), z.size(), + data(), size(), sw, + ws.data(), ws.size()); + + swap_reg(z); + + return (*this); + } + BigInt& BigInt::operator*=(word y) { if(y == 0) diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index cb518e7279..44177de96d 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -251,6 +251,12 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ BigInt& mul(const BigInt& y, secure_vector& ws); + /** + * Square value of *this + * @param ws a temp workspace + */ + BigInt& square(secure_vector& ws); + /** * Set *this to y - *this * @param y the BigInt to subtract from as a sequence of words diff --git a/src/lib/math/numbertheory/mp_numth.cpp b/src/lib/math/numbertheory/mp_numth.cpp index 5ad72cd478..eef6419965 100644 --- a/src/lib/math/numbertheory/mp_numth.cpp +++ b/src/lib/math/numbertheory/mp_numth.cpp @@ -18,14 +18,9 @@ namespace Botan { */ BigInt square(const BigInt& x) { - const size_t x_sw = x.sig_words(); - - BigInt z(BigInt::Positive, round_up(2*x_sw, 16)); - secure_vector workspace(z.size()); - - bigint_sqr(z.mutable_data(), z.size(), - x.data(), x.size(), x_sw, - workspace.data(), workspace.size()); + BigInt z = x; + secure_vector ws; + z.square(ws); return z; } From c792f9f514be46857dbef1edc765b616bc48c5de Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 19:35:03 -0400 Subject: [PATCH 0992/1008] Rename test data file to match the test name --- src/tests/data/{tls_cbc.vec => tls_cbc_padding.vec} | 0 src/tests/test_tls.cpp | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename src/tests/data/{tls_cbc.vec => tls_cbc_padding.vec} (100%) diff --git a/src/tests/data/tls_cbc.vec b/src/tests/data/tls_cbc_padding.vec similarity index 100% rename from src/tests/data/tls_cbc.vec rename to src/tests/data/tls_cbc_padding.vec diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index 728c137351..6b8fa28673 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -27,7 +27,7 @@ namespace Botan_Tests { class TLS_CBC_Padding_Tests final : public Text_Based_Test { public: - TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc.vec", "Record,Output") {} + TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc_padding.vec", "Record,Output") {} Test::Result run_one_test(const std::string&, const VarMap& vars) override { From e2202e1ee495053827266a00fe5870a1987ae141 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 20:19:17 -0400 Subject: [PATCH 0993/1008] Square is always positive --- src/lib/math/bigint/big_ops2.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/math/bigint/big_ops2.cpp b/src/lib/math/bigint/big_ops2.cpp index eea6a85904..212a44fa07 100644 --- a/src/lib/math/bigint/big_ops2.cpp +++ b/src/lib/math/bigint/big_ops2.cpp @@ -189,6 +189,7 @@ BigInt& BigInt::square(secure_vector& ws) ws.data(), ws.size()); swap_reg(z); + set_sign(BigInt::Positive); return (*this); } From 9fd92ffb4e3edd3e52b10409f90f87e0dd023d05 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 20:34:59 -0400 Subject: [PATCH 0994/1008] Fix interop bug in TLS server The connection would fail if the client advertised any signature algorithm we did not support (eg RSA/SHA-224) --- src/lib/tls/tls_algos.cpp | 29 +++++++++++++++++++++++++++++ src/lib/tls/tls_algos.h | 1 + src/lib/tls/tls_server.cpp | 3 +++ 3 files changed, 33 insertions(+) diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index db75bf14ec..9c3c2d9f89 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -259,6 +259,35 @@ const std::vector& all_signature_schemes() return all_schemes; } +bool signature_scheme_is_known(Signature_Scheme scheme) + { + switch(scheme) + { + case Signature_Scheme::RSA_PKCS1_SHA1: + case Signature_Scheme::RSA_PKCS1_SHA256: + case Signature_Scheme::RSA_PKCS1_SHA384: + case Signature_Scheme::RSA_PKCS1_SHA512: + case Signature_Scheme::RSA_PSS_SHA256: + case Signature_Scheme::RSA_PSS_SHA384: + case Signature_Scheme::RSA_PSS_SHA512: + + case Signature_Scheme::DSA_SHA1: + case Signature_Scheme::DSA_SHA256: + case Signature_Scheme::DSA_SHA384: + case Signature_Scheme::DSA_SHA512: + + case Signature_Scheme::ECDSA_SHA1: + case Signature_Scheme::ECDSA_SHA256: + case Signature_Scheme::ECDSA_SHA384: + case Signature_Scheme::ECDSA_SHA512: + return true; + + default: + return false; + } + + } + std::string signature_algorithm_of_scheme(Signature_Scheme scheme) { switch(scheme) diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h index e0b2dabc23..19612be2e2 100644 --- a/src/lib/tls/tls_algos.h +++ b/src/lib/tls/tls_algos.h @@ -109,6 +109,7 @@ enum class Signature_Scheme : uint16_t { BOTAN_UNSTABLE_API const std::vector& all_signature_schemes(); +bool signature_scheme_is_known(Signature_Scheme scheme); std::string BOTAN_UNSTABLE_API sig_scheme_to_string(Signature_Scheme scheme); std::string hash_function_of_scheme(Signature_Scheme scheme); std::string padding_string_for_scheme(Signature_Scheme scheme); diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index b4e74c7756..786932a1dc 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -225,6 +225,9 @@ uint16_t choose_ciphersuite( for(Signature_Scheme scheme : client_sig_methods) { + if(signature_scheme_is_known(scheme) == false) + continue; + if(signature_algorithm_of_scheme(scheme) == suite.sig_algo() && policy.allowed_signature_hash(hash_function_of_scheme(scheme))) { From 74a1cc41045099ebd293f09451a780685eafb8e6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 20:42:15 -0400 Subject: [PATCH 0995/1008] Update news --- news.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/news.rst b/news.rst index 01a9dba989..7b16d9d962 100644 --- a/news.rst +++ b/news.rst @@ -10,6 +10,12 @@ Version 2.6.0, Not Yet Released * Add exponent blinding to RSA (GH #1523) +* Add ``Cipher_Mode::create`` and ``AEAD_Mode::create`` (GH #1527) + +* Fix bug in TLS server introduced in 2.5 which caused connection to + fail if the client offered any signature algorithm not known to the + server (for example RSA/SHA-224). + * Fix a bug in inline asm that caused incorrect computations when compiled with GCC's ``-fno-plt`` option. (GH #1524) From ec222c99719c396a1f4756b2ca345dbbfbeb5ed5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 8 Apr 2018 20:13:08 -0400 Subject: [PATCH 0996/1008] Fix off by one when decoding TLS-CBC ciphertexts --- src/cli/timing_tests.cpp | 4 +- src/lib/tls/tls_cbc/tls_cbc.cpp | 17 +++-- src/lib/tls/tls_cbc/tls_cbc.h | 29 ++++---- src/lib/tls/tls_record.cpp | 11 ++-- src/tests/data/tls_cbc.vec | 50 ++++++++++++++ src/tests/test_tls.cpp | 113 ++++++++++++++++++++++++++++++++ 6 files changed, 196 insertions(+), 28 deletions(-) create mode 100644 src/tests/data/tls_cbc.vec diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index 31d5880119..5c0c504df2 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -200,7 +200,9 @@ class Lucky13_Timing_Test final : public Timing_Test Lucky13_Timing_Test(const std::string& mac_name, size_t mac_keylen) : m_mac_algo(mac_name) , m_mac_keylen(mac_keylen) - , m_dec("AES-128", 16, m_mac_algo, m_mac_keylen, true, false) {} + , m_dec(Botan::BlockCipher::create_or_throw("AES-128"), + Botan::MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_algo + ")"), + 16, m_mac_keylen, true, false) {} std::vector prepare_input(std::string input) override; ticks measure_critical_function(std::vector input) override; diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index ca80a3d3c7..a745a548bc 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -24,26 +24,25 @@ namespace TLS { * TLS_CBC_HMAC_AEAD_Mode Constructor */ TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir dir, - const std::string& cipher_name, + std::unique_ptr cipher, + std::unique_ptr mac, size_t cipher_keylen, - const std::string& mac_name, size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac) : - m_cipher_name(cipher_name), - m_mac_name(mac_name), + m_cipher_name(cipher->name()), + m_mac_name(mac->name()), m_cipher_keylen(cipher_keylen), m_mac_keylen(mac_keylen), m_use_encrypt_then_mac(use_encrypt_then_mac) { - m_mac = MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_name + ")"); - std::unique_ptr cipher = BlockCipher::create_or_throw(m_cipher_name); - - m_tag_size = m_mac->output_length(); + m_tag_size = mac->output_length(); m_block_size = cipher->block_size(); m_iv_size = use_explicit_iv ? m_block_size : 0; + m_mac = std::move(mac); + if(dir == ENCRYPTION) m_cbc.reset(new CBC_Encryption(cipher.release(), new Null_Padding)); else @@ -419,7 +418,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector& buffer, size_t (sending empty records, instead of 1/(n-1) splitting) */ - const uint16_t size_ok_mask = CT::is_lte(static_cast(tag_size() + pad_size), static_cast(record_len + 1)); + const uint16_t size_ok_mask = CT::is_lte(static_cast(tag_size() + pad_size), static_cast(record_len)); pad_size &= size_ok_mask; CT::unpoison(record_contents, record_len); diff --git a/src/lib/tls/tls_cbc/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index 012b9e51f1..c8a8081565 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h @@ -46,9 +46,9 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode protected: TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction, - const std::string& cipher_name, + std::unique_ptr cipher, + std::unique_ptr mac, size_t cipher_keylen, - const std::string& mac_name, size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac); @@ -104,16 +104,17 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AE public: /** */ - TLS_CBC_HMAC_AEAD_Encryption(const std::string& cipher_algo, - const size_t cipher_keylen, - const std::string& mac_algo, - const size_t mac_keylen, - bool use_explicit_iv, - bool use_encrypt_then_mac) : + TLS_CBC_HMAC_AEAD_Encryption( + std::unique_ptr cipher, + std::unique_ptr mac, + const size_t cipher_keylen, + const size_t mac_keylen, + bool use_explicit_iv, + bool use_encrypt_then_mac) : TLS_CBC_HMAC_AEAD_Mode(ENCRYPTION, - cipher_algo, + std::move(cipher), + std::move(mac), cipher_keylen, - mac_algo, mac_keylen, use_explicit_iv, use_encrypt_then_mac) @@ -138,16 +139,16 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AE public: /** */ - TLS_CBC_HMAC_AEAD_Decryption(const std::string& cipher_algo, + TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr cipher, + std::unique_ptr mac, const size_t cipher_keylen, - const std::string& mac_algo, const size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac) : TLS_CBC_HMAC_AEAD_Mode(DECRYPTION, - cipher_algo, + std::move(cipher), + std::move(mac), cipher_keylen, - mac_algo, mac_keylen, use_explicit_iv, use_encrypt_then_mac) diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index ded3831d09..1f564a6894 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -57,12 +57,15 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, { #if defined(BOTAN_HAS_TLS_CBC) // legacy CBC+HMAC mode + auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")"); + auto cipher = BlockCipher::create_or_throw(suite.cipher_algo()); + if(our_side) { m_aead.reset(new TLS_CBC_HMAC_AEAD_Encryption( - suite.cipher_algo(), + std::move(cipher), + std::move(mac), suite.cipher_keylen(), - suite.mac_algo(), suite.mac_keylen(), version.supports_explicit_cbc_ivs(), uses_encrypt_then_mac)); @@ -70,9 +73,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, else { m_aead.reset(new TLS_CBC_HMAC_AEAD_Decryption( - suite.cipher_algo(), + std::move(cipher), + std::move(mac), suite.cipher_keylen(), - suite.mac_algo(), suite.mac_keylen(), version.supports_explicit_cbc_ivs(), uses_encrypt_then_mac)); diff --git a/src/tests/data/tls_cbc.vec b/src/tests/data/tls_cbc.vec new file mode 100644 index 0000000000..7df3a13de4 --- /dev/null +++ b/src/tests/data/tls_cbc.vec @@ -0,0 +1,50 @@ + +MACsize = 16 +Blocksize = 16 +Record = 000000000000000000000000000000000F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F +Valid = 1 + +MACsize = 20 +Blocksize = 16 +Record = 00000000000000000000000000000000000000000B0B0B0B0B0B0B0B0B0B0B0B +Valid = 1 + +MACsize = 32 +Blocksize = 16 +Record = 00000000000000000000000000000000000000000000000000000000000000000F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F +Valid = 1 + +MACsize = 16 +Blocksize = 16 +Record = 000001000000000000000000000000000F0F0E0F0F0F0F0F0F0F0F0F0F0F0F0F +Valid = 0 + +MACsize = 16 +Blocksize = 16 +Record = 01000000000000000000000000000000010E0E0E0E0E0E0E0E0E0E0E0E0E0E0E +Valid = 1 + +MACsize = 16 +Blocksize = 16 +Record = 0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F +Valid = 0 + +MACsize = 20 +Blocksize = 16 +Record = 000000000000000000000000000000000000000C0C0C0C0C0C0C0C0C0C0C0C0C +Valid = 0 + +MACsize = 20 +Blocksize = 16 +Record = 0000000000000000000000000000001010101010101010101010101010101000 +Valid = 0 + +MACsize = 20 +Blocksize = 16 +Record = 0000000000000000000000000000111111111111111111111111111111110000 +Valid = 0 + +MACsize = 20 +Blocksize = 16 +Record = 0000000000000000000000000012121212121212121212121212121212000000 +Valid = 0 diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index 6b8fa28673..ece5ef2493 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -44,6 +44,119 @@ class TLS_CBC_Padding_Tests final : public Text_Based_Test BOTAN_REGISTER_TEST("tls_cbc_padding", TLS_CBC_Padding_Tests); +class TLS_CBC_Tests final : public Text_Based_Test + { + public: + + class ZeroMac : public Botan::MessageAuthenticationCode + { + public: + ZeroMac(size_t mac_len) : m_mac_len(mac_len) {} + + void clear() override {} + + std::string name() const override { return "ZeroMac"; } + size_t output_length() const override { return m_mac_len; } + + void add_data(const uint8_t[], size_t) override {} + + void final_result(uint8_t out[]) + { + std::memset(out, 0, m_mac_len); + } + + Botan::Key_Length_Specification key_spec() const override + { + return Botan::Key_Length_Specification(0, 0, 1); + } + + virtual MessageAuthenticationCode* clone() const override { return new ZeroMac(m_mac_len); } + + private: + void key_schedule(const uint8_t[], size_t) override {} + + size_t m_mac_len; + }; + + class Noop_Block_Cipher : public Botan::BlockCipher + { + public: + Noop_Block_Cipher(size_t bs) : m_bs(bs) {} + + void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override + { + std::memmove(out, in, blocks * m_bs); + } + + void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override + { + std::memmove(out, in, blocks * m_bs); + } + + size_t block_size() const override { return m_bs; } + void clear() override { } + std::string name() const override { return "noop"; } + + Botan::Key_Length_Specification key_spec() const override + { + return Botan::Key_Length_Specification(0, 0, 1); + } + + virtual BlockCipher* clone() const override { return new Noop_Block_Cipher(m_bs); } + private: + void key_schedule(const uint8_t[], size_t) override {} + + size_t m_bs; + }; + + TLS_CBC_Tests() : Text_Based_Test("tls_cbc.vec", "Blocksize,MACsize,Record,Valid") {} + + Test::Result run_one_test(const std::string&, const VarMap& vars) override + { + Test::Result result("TLS CBC"); + + const size_t block_size = get_req_sz(vars, "Blocksize"); + const size_t mac_len = get_req_sz(vars, "MACsize"); + const std::vector record = get_req_bin(vars, "Record"); + const bool is_valid = get_req_sz(vars, "Valid") == 1; + + // todo test permutations + bool explicit_iv = true; + bool encrypt_then_mac = false; + + Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption tls_cbc( + std::unique_ptr(new Noop_Block_Cipher(block_size)), + std::unique_ptr(new ZeroMac(mac_len)), + 0, 0, explicit_iv, encrypt_then_mac); + + tls_cbc.set_key(std::vector(0)); + std::vector ad(13); + tls_cbc.set_associated_data(ad.data(), ad.size()); + + Botan::secure_vector vec(record.begin(), record.end()); + + try + { + tls_cbc.finish(vec, 0); + if(is_valid) + result.test_success("Accepted valid TLS-CBC ciphertext"); + else + result.test_failure("Accepted invalid TLS-CBC ciphertext"); + } + catch(std::exception& e) + { + if(is_valid) + result.test_failure("Rejected valid TLS-CBC ciphertext"); + else + result.test_success("Accepted invalid TLS-CBC ciphertext"); + } + + return result; + } + }; + +BOTAN_REGISTER_TEST("tls_cbc", TLS_CBC_Tests); + #endif class Test_TLS_Alert_Strings : public Test From 4c8a0d01f573841ad74a4b17ec1afbde801ac6f6 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 08:29:13 -0400 Subject: [PATCH 0997/1008] Update news --- news.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/news.rst b/news.rst index 7b16d9d962..ca3ec86073 100644 --- a/news.rst +++ b/news.rst @@ -16,8 +16,8 @@ Version 2.6.0, Not Yet Released fail if the client offered any signature algorithm not known to the server (for example RSA/SHA-224). -* Fix a bug in inline asm that caused incorrect computations when - compiled with GCC's ``-fno-plt`` option. (GH #1524) +* Fix a bug in inline asm that would with GCC 7.3 cause incorrect + computations and an infinite loop during the tests. (GH #1524 #1529) Version 2.5.0, 2018-04-02 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 3aa5aabc3c134a50c90dad87caccee7d2532088e Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 09:40:06 -0400 Subject: [PATCH 0998/1008] Add a data file for RISC-V 64 Debian has a build target for this. --- src/build-data/arch/riscv64.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 src/build-data/arch/riscv64.txt diff --git a/src/build-data/arch/riscv64.txt b/src/build-data/arch/riscv64.txt new file mode 100644 index 0000000000..b9bc16939a --- /dev/null +++ b/src/build-data/arch/riscv64.txt @@ -0,0 +1 @@ +family riscv From 6cfe771a5ced6c87eda98bfdfcd0811490d45baa Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 13:06:56 -0400 Subject: [PATCH 0999/1008] Fix bug that broke session decryption (and thus resumption) Introduced in 3657639ab. Add a test that would have caught this --- src/lib/tls/tls_session.cpp | 2 +- src/tests/test_tls.cpp | 48 +++++++++++++++++++++++++++++++++++++ src/tests/unit_tls.cpp | 6 +++++ 3 files changed, 55 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index 85443949db..0f603454b5 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -202,7 +202,7 @@ Session Session::decrypt(const uint8_t in[], size_t in_len, const SymmetricKey& { try { - std::unique_ptr aead = AEAD_Mode::create_or_throw("AES-256/GCM", ENCRYPTION); + std::unique_ptr aead = AEAD_Mode::create_or_throw("AES-256/GCM", DECRYPTION); const size_t nonce_len = aead->default_nonce_length(); if(in_len < nonce_len + aead->tag_size()) diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index ece5ef2493..73400a9641 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -11,6 +11,8 @@ #if defined(BOTAN_HAS_TLS) #include #include + #include + #include #if defined(BOTAN_HAS_TLS_CBC) #include @@ -22,6 +24,52 @@ namespace Botan_Tests { #if defined(BOTAN_HAS_TLS) +class TLS_Session_Tests final : public Test + { + public: + std::vector run() override + { + Test::Result result("TLS::Session"); + + Botan::TLS::Session default_session; + + Botan::secure_vector default_der = default_session.DER_encode(); + + result.test_gte("Encoded default session has size", default_der.size(), 0); + + Botan::TLS::Session decoded_default(default_der.data(), default_der.size()); + + Botan::TLS::Session session(std::vector{0xAA, 0xBB}, + Botan::secure_vector{0xCC, 0xDD}, + Botan::TLS::Protocol_Version::TLS_V12, + 0xFE0F, + Botan::TLS::CLIENT, + true, + false, + std::vector(), + std::vector(), + Botan::TLS::Server_Information("server"), + "SRP username", + 0x0000); + + const Botan::SymmetricKey key("ABCDEF"); + std::vector ctext1 = session.encrypt(key, Test::rng()); + std::vector ctext2 = session.encrypt(key, Test::rng()); + + result.test_ne("TLS session encryption is non-determinsitic", + ctext1.data(), ctext1.size(), + ctext2.data(), ctext2.size()); + + Botan::TLS::Session dsession = Botan::TLS::Session::decrypt(ctext1.data(), ctext1.size(), key); + + result.test_eq("Decrypted session access works", dsession.srp_identifier(), "SRP username"); + + return {result}; + } + }; + +BOTAN_REGISTER_TEST("tls_session", TLS_Session_Tests); + #if defined(BOTAN_HAS_TLS_CBC) class TLS_CBC_Padding_Tests final : public Text_Based_Test diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 57d436ff4d..a26c6e9f74 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -704,6 +704,12 @@ class TLS_Unit_Tests final : public Test version, creds, policy, policy, rng, client_ses, server_ses, client_auth); test.go(); results.push_back(test.results()); + + TLS_Handshake_Test test_resumption( + version.to_string() + " " + test_descr, + version, creds, policy, policy, rng, client_ses, server_ses, client_auth); + test_resumption.go(); + results.push_back(test_resumption.results()); } } catch(std::exception& e) From 5b2570c0bd2888939b361a5cd546ddbcc248deb4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 15:38:34 -0400 Subject: [PATCH 1000/1008] Remove extra trailing ; --- src/cli/speed.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index b8397363fb..fdd62ce11b 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -714,7 +714,7 @@ class Speed final : public Command { error_output() << "The --cpu-clock-speed option is only intended to be used on " "platforms without access to a cycle counter.\n" - "Expected incorrect results\n\n";; + "Expected incorrect results\n\n"; } if(format == "table") From 69462a1145ffe553ae17c3a284baf58edb0fde63 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 16:04:05 -0400 Subject: [PATCH 1001/1008] Fix incorrect macro check --- src/tests/test_x509_dn.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/test_x509_dn.cpp b/src/tests/test_x509_dn.cpp index 74803909b9..378e7b1095 100644 --- a/src/tests/test_x509_dn.cpp +++ b/src/tests/test_x509_dn.cpp @@ -6,14 +6,14 @@ #include "tests.h" -#if defined(BOTAN_HAS_CERTIFICATES) +#if defined(BOTAN_HAS_X509_CERTIFICATES) #include #include #endif namespace Botan_Tests { -#if defined(BOTAN_HAS_CERTIFICATES) +#if defined(BOTAN_HAS_X509_CERTIFICATES) class X509_DN_Comparisons_Tests final : public Text_Based_Test { public: From ab9e44c7bc15c5405540abce201113ee747f2bd5 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 16:04:15 -0400 Subject: [PATCH 1002/1008] Remove redundant access specifier --- src/cli/tls_client.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 55be7e6711..c7bb134e23 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -401,7 +401,6 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks } } - private: int m_sockfd = -1; }; From 1e9752b8896e12707952fddaf7acd2c3c42c7df2 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 17:56:53 -0400 Subject: [PATCH 1003/1008] Add a Montgomery exponentiation that takes variable time In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more. --- news.rst | 3 ++- src/lib/math/numbertheory/monty_exp.cpp | 32 +++++++++++++++++++++++++ src/lib/math/numbertheory/monty_exp.h | 6 +++++ src/lib/pubkey/rsa/rsa.cpp | 21 ++++++++++------ 4 files changed, 54 insertions(+), 8 deletions(-) diff --git a/news.rst b/news.rst index ca3ec86073..73f6914629 100644 --- a/news.rst +++ b/news.rst @@ -6,7 +6,8 @@ Version 2.6.0, Not Yet Released * Add support for OAEP labels (GH #1508) -* RSA signing optimizations, about 15% faster (GH #1523) +* RSA signing is about 15% faster (GH #1523) and RSA verification is + about 50% faster. * Add exponent blinding to RSA (GH #1523) diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 18fb6d0813..4bf281fa9b 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -23,6 +23,8 @@ class Montgomery_Exponentation_State size_t window_bits); BigInt exponentiation(const BigInt& k) const; + + BigInt exponentiation_vartime(const BigInt& k) const; private: std::shared_ptr m_params; std::vector m_g; @@ -112,6 +114,30 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) cons return x.value(); } +BigInt Montgomery_Exponentation_State::exponentiation_vartime(const BigInt& scalar) const + { + const size_t exp_nibbles = (scalar.bits() + m_window_bits - 1) / m_window_bits; + + Montgomery_Int x(m_params, m_params->R1(), false); + + secure_vector ws; + + for(size_t i = exp_nibbles; i > 0; --i) + { + for(size_t j = 0; j != m_window_bits; ++j) + { + x.square_this(ws); + } + + const uint32_t nibble = scalar.get_substring(m_window_bits*(i-1), m_window_bits); + + if(nibble > 0) + x.mul_by(m_g[nibble], ws); + } + + return x.value(); + } + std::shared_ptr monty_precompute(std::shared_ptr params, const BigInt& g, @@ -126,6 +152,12 @@ BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, return precomputed_state.exponentiation(k); } +BigInt monty_execute_vartime(const Montgomery_Exponentation_State& precomputed_state, + const BigInt& k) + { + return precomputed_state.exponentiation_vartime(k); + } + BigInt monty_multi_exp(std::shared_ptr params_p, const BigInt& x_bn, const BigInt& z1, diff --git a/src/lib/math/numbertheory/monty_exp.h b/src/lib/math/numbertheory/monty_exp.h index 6eeec8bb4d..6eeb88e7f8 100644 --- a/src/lib/math/numbertheory/monty_exp.h +++ b/src/lib/math/numbertheory/monty_exp.h @@ -32,6 +32,12 @@ monty_precompute(std::shared_ptr params_p, BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, const BigInt& k); +/* +* Return g^x mod p taking variable time +*/ +BigInt monty_execute_vartime(const Montgomery_Exponentation_State& precomputed_state, + const BigInt& k); + /** * Return (x^z1 * y^z2) % p */ diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index fd95f187f3..69d7052dc5 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -341,7 +341,9 @@ class RSA_Public_Operation { public: explicit RSA_Public_Operation(const RSA_PublicKey& rsa) : - m_n(rsa.get_n()), m_powermod_e_n(rsa.get_e(), rsa.get_n()) + m_n(rsa.get_n()), + m_e(rsa.get_e()), + m_monty_n(std::make_shared(m_n)) {} size_t get_max_input_bits() const { return (m_n.bits() - 1); } @@ -351,17 +353,22 @@ class RSA_Public_Operation { if(m >= m_n) throw Invalid_Argument("RSA public op - input is too large"); - return m_powermod_e_n(m); + + const size_t powm_window = 1; + + auto powm_m_n = monty_precompute(m_monty_n, m, powm_window); + return monty_execute_vartime(*powm_m_n, m_e); } const BigInt& get_n() const { return m_n; } const BigInt& m_n; - Fixed_Exponent_Power_Mod m_powermod_e_n; + const BigInt& m_e; + std::shared_ptr m_monty_n; }; class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME, - private RSA_Public_Operation + private RSA_Public_Operation { public: @@ -374,7 +381,7 @@ class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME, size_t max_raw_input_bits() const override { return get_max_input_bits(); } secure_vector raw_encrypt(const uint8_t msg[], size_t msg_len, - RandomNumberGenerator&) override + RandomNumberGenerator&) override { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), m_n.bytes()); @@ -382,7 +389,7 @@ class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME, }; class RSA_Verify_Operation final : public PK_Ops::Verification_with_EMSA, - private RSA_Public_Operation + private RSA_Public_Operation { public: @@ -404,7 +411,7 @@ class RSA_Verify_Operation final : public PK_Ops::Verification_with_EMSA, }; class RSA_KEM_Encryption_Operation final : public PK_Ops::KEM_Encryption_with_KDF, - private RSA_Public_Operation + private RSA_Public_Operation { public: From 743b1e9ee9cfe05ccd72c42c46e989bbb3f600f3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 18:34:11 -0400 Subject: [PATCH 1004/1008] Add DL_Group::exponent_bits Just a useful helper --- src/lib/pubkey/dh/dh.cpp | 4 +--- src/lib/pubkey/dl_group/dl_group.cpp | 11 ++++++++++- src/lib/pubkey/dl_group/dl_group.h | 12 ++++++++++++ src/lib/pubkey/elgamal/elgamal.cpp | 5 ++--- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index fc1e6236a1..daa8765388 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -7,7 +7,6 @@ #include #include -#include #include #include @@ -41,8 +40,7 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, if(x_arg == 0) { - const BigInt& p = group_p(); - m_x.randomize(rng, dl_exponent_size(p.bits())); + m_x.randomize(rng, grp.exponent_bits()); } else { diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 7a35c63626..e3c7ac65bb 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -26,7 +26,8 @@ class DL_Group_Data final m_monty_params(std::make_shared(m_p, m_mod_p)), m_monty(monty_precompute(m_monty_params, m_g, /*window bits=*/4)), m_p_bits(p.bits()), - m_estimated_strength(dl_work_factor(m_p_bits)) + m_estimated_strength(dl_work_factor(m_p_bits)), + m_exponent_bits(dl_exponent_size(m_p_bits)) {} ~DL_Group_Data() = default; @@ -53,6 +54,8 @@ class DL_Group_Data final size_t estimated_strength() const { return m_estimated_strength; } + size_t exponent_bits() const { return m_exponent_bits; } + BigInt power_g_p(const BigInt& k) const { return monty_execute(*m_monty, k); } private: @@ -64,6 +67,7 @@ class DL_Group_Data final std::shared_ptr m_monty; size_t m_p_bits; size_t m_estimated_strength; + size_t m_exponent_bits; }; //static @@ -414,6 +418,11 @@ size_t DL_Group::estimated_strength() const return data().estimated_strength(); } +size_t DL_Group::exponent_bits() const + { + return data().exponent_bits(); + } + BigInt DL_Group::inverse_mod_p(const BigInt& x) const { // precompute?? diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 921b4060e5..1311510721 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -210,6 +210,18 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final */ size_t p_bytes() const; + /** + * Return size in bits of a secret exponent + * + * This attempts to balance between the attack costs of NFS + * (which depends on the size of the modulus) and Pollard's rho + * (which depends on the size of the exponent). + * + * It may vary over time for a particular group, if the attack + * costs change. + */ + size_t exponent_bits() const; + /** * Return an estimate of the strength of this group against * discrete logarithm attacks (eg NFS). Warning: since this only diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index e03fd0bb6e..5aeeabc6cf 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -10,7 +10,6 @@ #include #include #include -#include #include namespace Botan { @@ -35,7 +34,7 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, if(m_x.is_zero()) { - m_x.randomize(rng, dl_exponent_size(group_p().bits())); + m_x.randomize(rng, group.exponent_bits()); } m_y = m_group.power_g_p(m_x); @@ -101,7 +100,7 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len, if(m >= m_group.get_p()) throw Invalid_Argument("ElGamal encryption: Input is too large"); - const size_t k_bits = dl_exponent_size(m_group.p_bits()); + const size_t k_bits = m_group.exponent_bits(); const BigInt k(rng, k_bits); const BigInt a = m_group.power_g_p(k); From 99bffd403a87527acefc3b5517370dc5fc99b390 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 9 Apr 2018 19:59:09 -0400 Subject: [PATCH 1005/1008] Add missing override --- src/tests/test_tls.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index 73400a9641..7029192905 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -108,7 +108,7 @@ class TLS_CBC_Tests final : public Text_Based_Test void add_data(const uint8_t[], size_t) override {} - void final_result(uint8_t out[]) + void final_result(uint8_t out[]) override { std::memset(out, 0, m_mac_len); } From 7ea78896c75f4c45f26175931cd08a555974f29d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 10 Apr 2018 09:14:16 -0400 Subject: [PATCH 1006/1008] Add security advisory --- doc/security.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/doc/security.rst b/doc/security.rst index d0b9504f3e..8e661c0ad7 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -18,6 +18,17 @@ https://keybase.io/jacklloyd and on most PGP keyservers. 2018 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* 2018-04-10 (CVE-2018-9860): Memory overread in TLS CBC decryption + + An off by one error in TLS CBC decryption meant that for a particular + malformed ciphertext, the receiver would miscompute a length field and HMAC + exactly 64K bytes of data following the record buffer as if it was part of the + message. This cannot be used to leak information since the MAC comparison will + subsequently fail and the connection will be closed. However it might be used + for denial of service. Found by OSS-Fuzz. + + Bug introduced in 1.11.32, fixed in 2.6.0 + * 2018-03-29 (CVE-2018-9127): Invalid wildcard match RFC 6125 wildcard matching was incorrectly implemented, so that a wildcard From d7d080992372cf4fbd569cce1d8cd6aa7599fa0d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 10 Apr 2018 09:17:29 -0400 Subject: [PATCH 1007/1008] Update for 2.6.0 release --- news.rst | 8 +++++++- readme.rst | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/news.rst b/news.rst index 73f6914629..29eae9cffb 100644 --- a/news.rst +++ b/news.rst @@ -1,9 +1,15 @@ Release Notes ======================================== -Version 2.6.0, Not Yet Released +Version 2.6.0, 2018-04-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could + for a malformed ciphertext cause the decryptor to read and HMAC an + additional 64K bytes of data which is not part of the record. This + could cause a crash if the read went into unmapped memory. No + information leak or out of bounds write occurs. + * Add support for OAEP labels (GH #1508) * RSA signing is about 15% faster (GH #1523) and RSA verification is diff --git a/readme.rst b/readme.rst index 3357c3a678..e4189dacfd 100644 --- a/readme.rst +++ b/readme.rst @@ -105,9 +105,9 @@ MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a quarterly basis. The latest 2.x release is -`2.5.0 `_ -`(sig) `_ -released on 2018-04-02 +`2.6.0 `_ +`(sig) `_ +released on 2018-04-10 Old Release ---------------------------------------- From 0d45a3472ae218ae2a491edd49b595b9ba6ab0f3 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 10 Apr 2018 10:46:44 -0400 Subject: [PATCH 1008/1008] Bump version to 2.7.0 --- news.rst | 3 +++ src/build-data/version.txt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/news.rst b/news.rst index 29eae9cffb..69a7f2d07b 100644 --- a/news.rst +++ b/news.rst @@ -1,6 +1,9 @@ Release Notes ======================================== +Version 2.7.0, Not Yet Released +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + Version 2.6.0, 2018-04-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/build-data/version.txt b/src/build-data/version.txt index 5363563ea5..8c3f4ce52c 100644 --- a/src/build-data/version.txt +++ b/src/build-data/version.txt @@ -1,6 +1,6 @@ release_major = 2 -release_minor = 6 +release_minor = 7 release_patch = 0 release_so_abi_rev = 5